feat(homelab): add more aliases, setup ssh keys on yubikey

This commit is contained in:
2026-01-04 20:56:25 -08:00
parent 7b76ffd34f
commit b02a06faa7
7 changed files with 36 additions and 6 deletions

1
aliases/happly.sh Executable file
View File

@@ -0,0 +1 @@
helmfile apply -f ~/dotfiles/nix/homelab/helm "$@"

1
aliases/kapply.sh Executable file
View File

@@ -0,0 +1 @@
kubectl apply -k ~/dotfiles/nix/homelab/kustomize

View File

@@ -102,7 +102,9 @@ extra_hosts = [
"192.168.27.12 mc-rocket.privatedns.org", "192.168.27.12 mc-rocket.privatedns.org",
"192.168.27.12 mc-rocket-creative.privatedns.org", "192.168.27.12 mc-rocket-creative.privatedns.org",
"192.168.27.12 mc-rocket-creative.duckdns.org", "192.168.27.12 mc-rocket-creative.duckdns.org",
"192.168.27.12 git.lucalise.ca" "192.168.27.12 git.lucalise.ca",
"192.168.27.2 rufus",
"192.168.27.11 kube"
] ]
[router] [router]

View File

@@ -53,6 +53,8 @@ releases:
values: values:
- defaultSettings: - defaultSettings:
defaultReplicaCount: 1 defaultReplicaCount: 1
- defaultBackupStore:
backupTarget: nfs://192.168.27.2:/backup/longhorn
- persistence: - persistence:
defaultClassReplicaCount: 1 defaultClassReplicaCount: 1

View File

@@ -17,8 +17,6 @@ metadata:
namespace: media namespace: media
labels: labels:
app: qbittorrent app: qbittorrent
annotations:
kubectl.kubernetes.io/default-container: qbittorrent
spec: spec:
replicas: 1 replicas: 1
selector: selector:
@@ -28,6 +26,8 @@ spec:
metadata: metadata:
labels: labels:
app: qbittorrent app: qbittorrent
annotations:
kubectl.kubernetes.io/default-container: qbittorrent
spec: spec:
containers: containers:
- name: gluetun - name: gluetun

View File

@@ -59,7 +59,6 @@
sops sops
yubikey-personalization yubikey-personalization
yubikey-manager yubikey-manager
gnupg
(pass.withExtensions (exts: with exts; [ pass-import ])) (pass.withExtensions (exts: with exts; [ pass-import ]))
python3 python3
jdt-language-server jdt-language-server
@@ -86,11 +85,15 @@
hardware.enableAllFirmware = true; hardware.enableAllFirmware = true;
programs.gnupg.agent = { programs.gnupg.agent = {
enable = true; enable = true;
enableSSHSupport = true; enableSSHSupport = false;
pinentryPackage = pkgs.pinentry-gtk2; pinentryPackage = pkgs.pinentry-gtk2;
}; };
services.pcscd.enable = true; services.pcscd.enable = true;
services.udev.packages = with pkgs; [ yubikey-personalization ]; services.udev.packages = with pkgs; [
yubikey-personalization
yubikey-manager
];
programs.ssh.startAgent = true;
programs.neovim = lib.mkDefault { programs.neovim = lib.mkDefault {
enable = true; enable = true;

View File

@@ -23,6 +23,27 @@
nodejs_22 nodejs_22
pnpm pnpm
]; ];
systemd.user.services.ssh-add-keys = {
Unit = {
Description = "Load SSH keys from YubiKey";
After = [ "ssh-agent.service" ];
Requires = [ "ssh-agent.service" ];
};
Service = {
Type = "oneshot";
Environment = [
"SSH_AUTH_SOCK=%t/ssh-agent"
"SSH_ASKPASS=${pkgs.lxqt.lxqt-openssh-askpass}/bin/lxqt-openssh-askpass"
"SSH_ASKPASS_REQUIRE=prefer"
"DISPLAY=:0"
];
ExecStart = "${pkgs.openssh}/bin/ssh-add -K";
RemainAfterExit = true;
};
Install = {
WantedBy = [ "default.target" ];
};
};
home.stateVersion = "24.11"; home.stateVersion = "24.11";