feat(homelab): add more aliases, setup ssh keys on yubikey

aliases/happly.sh

@@ -0,0 +1 @@
+helmfile apply -f ~/dotfiles/nix/homelab/helm "$@"

aliases/kapply.sh

@@ -0,0 +1 @@
+kubectl apply -k ~/dotfiles/nix/homelab/kustomize

nix/homelab/config.toml

@@ -102,7 +102,9 @@ extra_hosts = [
   "192.168.27.12 mc-rocket.privatedns.org",
   "192.168.27.12 mc-rocket-creative.privatedns.org",
   "192.168.27.12 mc-rocket-creative.duckdns.org",
-  "192.168.27.12 git.lucalise.ca"
+  "192.168.27.12 git.lucalise.ca",
+  "192.168.27.2 rufus",
+  "192.168.27.11 kube"
 ]
 
 [router]

nix/homelab/helm/helmfile.yaml

@@ -53,6 +53,8 @@ releases:
     values:
       - defaultSettings:
           defaultReplicaCount: 1
+      - defaultBackupStore:
+          backupTarget: nfs://192.168.27.2:/backup/longhorn
       - persistence:
           defaultClassReplicaCount: 1
 

nix/homelab/kustomize/media/qbittorrent.yaml

@@ -17,8 +17,6 @@ metadata:
   namespace: media
   labels:
     app: qbittorrent
-  annotations:
-    kubectl.kubernetes.io/default-container: qbittorrent
 spec:
   replicas: 1
   selector:
@@ -28,6 +26,8 @@ spec:
     metadata:
       labels:
         app: qbittorrent
+      annotations:
+        kubectl.kubernetes.io/default-container: qbittorrent
     spec:
       containers:
         - name: gluetun

nix/modules/commonPackages.nix

@@ -59,7 +59,6 @@
       sops
       yubikey-personalization
       yubikey-manager
-      gnupg
       (pass.withExtensions (exts: with exts; [ pass-import ]))
       python3
       jdt-language-server
@@ -86,11 +85,15 @@
     hardware.enableAllFirmware = true;
     programs.gnupg.agent = {
       enable = true;
-      enableSSHSupport = true;
+      enableSSHSupport = false;
       pinentryPackage = pkgs.pinentry-gtk2;
     };
     services.pcscd.enable = true;
-    services.udev.packages = with pkgs; [ yubikey-personalization ];
+    services.udev.packages = with pkgs; [
+      yubikey-personalization
+      yubikey-manager
+    ];
+    programs.ssh.startAgent = true;
 
     programs.neovim = lib.mkDefault {
       enable = true;

nix/users/luca/home.nix

@@ -23,6 +23,27 @@
     nodejs_22
     pnpm
   ];
+  systemd.user.services.ssh-add-keys = {
+    Unit = {
+      Description = "Load SSH keys from YubiKey";
+      After = [ "ssh-agent.service" ];
+      Requires = [ "ssh-agent.service" ];
+    };
+    Service = {
+      Type = "oneshot";
+      Environment = [
+        "SSH_AUTH_SOCK=%t/ssh-agent"
+        "SSH_ASKPASS=${pkgs.lxqt.lxqt-openssh-askpass}/bin/lxqt-openssh-askpass"
+        "SSH_ASKPASS_REQUIRE=prefer"
+        "DISPLAY=:0"
+      ];
+      ExecStart = "${pkgs.openssh}/bin/ssh-add -K";
+      RemainAfterExit = true;
+    };
+    Install = {
+      WantedBy = [ "default.target" ];
+    };
+  };
 
   home.stateVersion = "24.11";