feat(homelab): add more aliases, setup ssh keys on yubikey

2026-01-04 20:56:25 -08:00
parent 7b76ffd34f
commit b02a06faa7
7 changed files with 36 additions and 6 deletions
--- a/nix/homelab/config.toml
+++ b/nix/homelab/config.toml
@@ -102,7 +102,9 @@ extra_hosts = [
  "192.168.27.12 mc-rocket.privatedns.org",
  "192.168.27.12 mc-rocket-creative.privatedns.org",
  "192.168.27.12 mc-rocket-creative.duckdns.org",
-  "192.168.27.12 git.lucalise.ca"
+  "192.168.27.12 git.lucalise.ca",
+  "192.168.27.2 rufus",
+  "192.168.27.11 kube"
 ]

 [router]
--- a/nix/homelab/helm/helmfile.yaml
+++ b/nix/homelab/helm/helmfile.yaml
@@ -53,6 +53,8 @@ releases:
    values:
      - defaultSettings:
          defaultReplicaCount: 1
+      - defaultBackupStore:
+          backupTarget: nfs://192.168.27.2:/backup/longhorn
      - persistence:
          defaultClassReplicaCount: 1

--- a/nix/homelab/kustomize/media/qbittorrent.yaml
+++ b/nix/homelab/kustomize/media/qbittorrent.yaml
@@ -17,8 +17,6 @@ metadata:
  namespace: media
  labels:
    app: qbittorrent
-  annotations:
-    kubectl.kubernetes.io/default-container: qbittorrent
 spec:
  replicas: 1
  selector:
@@ -28,6 +26,8 @@ spec:
    metadata:
      labels:
        app: qbittorrent
+      annotations:
+        kubectl.kubernetes.io/default-container: qbittorrent
    spec:
      containers:
        - name: gluetun
--- a/nix/modules/commonPackages.nix
+++ b/nix/modules/commonPackages.nix
@@ -59,7 +59,6 @@
      sops
      yubikey-personalization
      yubikey-manager
-      gnupg
      (pass.withExtensions (exts: with exts; [ pass-import ]))
      python3
      jdt-language-server
@@ -86,11 +85,15 @@
    hardware.enableAllFirmware = true;
    programs.gnupg.agent = {
      enable = true;
-      enableSSHSupport = true;
+      enableSSHSupport = false;
      pinentryPackage = pkgs.pinentry-gtk2;
    };
    services.pcscd.enable = true;
-    services.udev.packages = with pkgs; [ yubikey-personalization ];
+    services.udev.packages = with pkgs; [
+      yubikey-personalization
+      yubikey-manager
+    ];
+    programs.ssh.startAgent = true;

    programs.neovim = lib.mkDefault {
      enable = true;
--- a/nix/users/luca/home.nix
+++ b/nix/users/luca/home.nix
@@ -23,6 +23,27 @@
    nodejs_22
    pnpm
  ];
+  systemd.user.services.ssh-add-keys = {
+    Unit = {
+      Description = "Load SSH keys from YubiKey";
+      After = [ "ssh-agent.service" ];
+      Requires = [ "ssh-agent.service" ];
+    };
+    Service = {
+      Type = "oneshot";
+      Environment = [
+        "SSH_AUTH_SOCK=%t/ssh-agent"
+        "SSH_ASKPASS=${pkgs.lxqt.lxqt-openssh-askpass}/bin/lxqt-openssh-askpass"
+        "SSH_ASKPASS_REQUIRE=prefer"
+        "DISPLAY=:0"
+      ];
+      ExecStart = "${pkgs.openssh}/bin/ssh-add -K";
+      RemainAfterExit = true;
+    };
+    Install = {
+      WantedBy = [ "default.target" ];
+    };
+  };

  home.stateVersion = "24.11";