From b02a06faa78a3719dbe74a58a418d34d5c468066 Mon Sep 17 00:00:00 2001 From: lucalise Date: Sun, 4 Jan 2026 20:56:25 -0800 Subject: [PATCH] feat(homelab): add more aliases, setup ssh keys on yubikey --- aliases/happly.sh | 1 + aliases/kapply.sh | 1 + nix/homelab/config.toml | 4 +++- nix/homelab/helm/helmfile.yaml | 2 ++ nix/homelab/kustomize/media/qbittorrent.yaml | 4 ++-- nix/modules/commonPackages.nix | 9 ++++++--- nix/users/luca/home.nix | 21 ++++++++++++++++++++ 7 files changed, 36 insertions(+), 6 deletions(-) create mode 100755 aliases/happly.sh create mode 100755 aliases/kapply.sh diff --git a/aliases/happly.sh b/aliases/happly.sh new file mode 100755 index 0000000..b3a50e4 --- /dev/null +++ b/aliases/happly.sh @@ -0,0 +1 @@ +helmfile apply -f ~/dotfiles/nix/homelab/helm "$@" diff --git a/aliases/kapply.sh b/aliases/kapply.sh new file mode 100755 index 0000000..d7cbdfb --- /dev/null +++ b/aliases/kapply.sh @@ -0,0 +1 @@ +kubectl apply -k ~/dotfiles/nix/homelab/kustomize diff --git a/nix/homelab/config.toml b/nix/homelab/config.toml index 8121660..35af01f 100644 --- a/nix/homelab/config.toml +++ b/nix/homelab/config.toml @@ -102,7 +102,9 @@ extra_hosts = [ "192.168.27.12 mc-rocket.privatedns.org", "192.168.27.12 mc-rocket-creative.privatedns.org", "192.168.27.12 mc-rocket-creative.duckdns.org", - "192.168.27.12 git.lucalise.ca" + "192.168.27.12 git.lucalise.ca", + "192.168.27.2 rufus", + "192.168.27.11 kube" ] [router] diff --git a/nix/homelab/helm/helmfile.yaml b/nix/homelab/helm/helmfile.yaml index 18a1e4e..2113de0 100644 --- a/nix/homelab/helm/helmfile.yaml +++ b/nix/homelab/helm/helmfile.yaml @@ -53,6 +53,8 @@ releases: values: - defaultSettings: defaultReplicaCount: 1 + - defaultBackupStore: + backupTarget: nfs://192.168.27.2:/backup/longhorn - persistence: defaultClassReplicaCount: 1 diff --git a/nix/homelab/kustomize/media/qbittorrent.yaml b/nix/homelab/kustomize/media/qbittorrent.yaml index f1efc72..ef92de5 100644 --- a/nix/homelab/kustomize/media/qbittorrent.yaml +++ b/nix/homelab/kustomize/media/qbittorrent.yaml @@ -17,8 +17,6 @@ metadata: namespace: media labels: app: qbittorrent - annotations: - kubectl.kubernetes.io/default-container: qbittorrent spec: replicas: 1 selector: @@ -28,6 +26,8 @@ spec: metadata: labels: app: qbittorrent + annotations: + kubectl.kubernetes.io/default-container: qbittorrent spec: containers: - name: gluetun diff --git a/nix/modules/commonPackages.nix b/nix/modules/commonPackages.nix index 65cdea3..29fa65c 100644 --- a/nix/modules/commonPackages.nix +++ b/nix/modules/commonPackages.nix @@ -59,7 +59,6 @@ sops yubikey-personalization yubikey-manager - gnupg (pass.withExtensions (exts: with exts; [ pass-import ])) python3 jdt-language-server @@ -86,11 +85,15 @@ hardware.enableAllFirmware = true; programs.gnupg.agent = { enable = true; - enableSSHSupport = true; + enableSSHSupport = false; pinentryPackage = pkgs.pinentry-gtk2; }; services.pcscd.enable = true; - services.udev.packages = with pkgs; [ yubikey-personalization ]; + services.udev.packages = with pkgs; [ + yubikey-personalization + yubikey-manager + ]; + programs.ssh.startAgent = true; programs.neovim = lib.mkDefault { enable = true; diff --git a/nix/users/luca/home.nix b/nix/users/luca/home.nix index b735fb8..c505b27 100644 --- a/nix/users/luca/home.nix +++ b/nix/users/luca/home.nix @@ -23,6 +23,27 @@ nodejs_22 pnpm ]; + systemd.user.services.ssh-add-keys = { + Unit = { + Description = "Load SSH keys from YubiKey"; + After = [ "ssh-agent.service" ]; + Requires = [ "ssh-agent.service" ]; + }; + Service = { + Type = "oneshot"; + Environment = [ + "SSH_AUTH_SOCK=%t/ssh-agent" + "SSH_ASKPASS=${pkgs.lxqt.lxqt-openssh-askpass}/bin/lxqt-openssh-askpass" + "SSH_ASKPASS_REQUIRE=prefer" + "DISPLAY=:0" + ]; + ExecStart = "${pkgs.openssh}/bin/ssh-add -K"; + RemainAfterExit = true; + }; + Install = { + WantedBy = [ "default.target" ]; + }; + }; home.stateVersion = "24.11";