enable keepassxc secret agent

disable gnome keyring
enable ssh agent
encrypt keepassxc config because it contains secret agent keys now
remove alacritty config
This commit is contained in:
Pim Kunis 2023-11-04 18:00:24 +01:00
parent 0abb32ef30
commit 17db8c152e
7 changed files with 23 additions and 118 deletions

View file

@ -1,63 +0,0 @@
pkgs: config:
{
# Gruvbox theme (https://github.com/alacritty/alacritty-theme/blob/master/themes/gruvbox_dark.yaml)
colors = {
primary = {
background = "0x282828";
foreground = "0xebdbb2";
};
normal = {
black = "0x282828";
red = "0xcc241d";
green = "0x98971a";
yellow = "0xd79921";
blue = "0x458588";
magenta = "0xb16286";
cyan = "0x689d6a";
white = "0xa89984";
};
bright = {
black = "0x928374";
red = "0xfb4934";
green = "0xb8bb26";
yellow = "0xfabd2f";
blue = "0x83a598";
magenta = "0xd3869b";
cyan = "0x8ec07c";
white = "0xebdbb2";
};
};
font = {
normal = {
family = "Hack Nerd Font Mono";
style = "Regular";
};
bold = {
family = "Hack Nerd Font Mono";
style = "Bold";
};
italic = {
family = "Hack Nerd Font Mono";
style = "Italic";
};
bold_italic = {
family = "Hack Nerd Font Mono";
style = "Bold Italic";
};
};
shell = {
program = "${pkgs.bash}/bin/bash";
args = [
"--login"
"-c"
"${config.programs.tmux.package}/bin/tmux"
];
};
}

View file

@ -1,9 +0,0 @@
{ pkgs, config, ... }:
{
config = {
programs.alacritty = {
enable = true;
settings = import ./config.nix pkgs config;
};
};
}

View file

@ -1,33 +0,0 @@
{
General = {
ConfigVersion = 2;
};
Browser = {
CustomProxyLocation = "";
Enabled = true;
};
GUI = {
MinimizeOnClose = true;
MinimizeOnStartup = true;
ShowExpiredEntriesOnDatabaseUnlock = false;
ShowTrayIcon = true;
TrayIconAppearance = "monochrome-light";
};
PasswordGenerator = {
AdditionalChars = "";
ExcludedChars = "";
};
SSHAgent = {
Enabled = true;
};
Security = {
ClearClipboardTimeout = 30;
ClearSearch = false;
EnableCopyOnDoubleClick = true;
};
}

View file

@ -1,8 +1,11 @@
{ pkgs, lib, ...}: { pkgs, config, ...}:
{ {
config = { config = {
home.packages = [ pkgs.keepassxc ]; home.packages = [ pkgs.keepassxc ];
xdg.configFile."keepassxc/keepassxc.ini".text = lib.generators.toINI {} (import ./config.nix); homeage.file."keepassxc.ini" = {
source = ../../secrets/keepassxc.ini.age;
symlinks = [ "${config.xdg.configHome}/keepassxc/keepassxc.ini" ];
};
}; };
} }

View file

@ -1,4 +1,4 @@
{ pkgs, config, ... }: { { pkgs, config, lib, ... }: {
imports = [ imports = [
./hardware-configuration.nix ./hardware-configuration.nix
]; ];
@ -10,6 +10,8 @@
time.timeZone = "Europe/Amsterdam"; time.timeZone = "Europe/Amsterdam";
i18n.defaultLocale = "en_US.UTF-8"; i18n.defaultLocale = "en_US.UTF-8";
services.gnome.gnome-keyring.enable = lib.mkForce false;
services = { services = {
xserver = { xserver = {
enable = true; enable = true;
@ -65,7 +67,10 @@
system.stateVersion = "23.05"; system.stateVersion = "23.05";
programs.ssh.knownHosts = { programs.ssh = {
startAgent = true;
knownHosts = {
dmz = { dmz = {
hostNames = ["*.dmz"]; hostNames = ["*.dmz"];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAX2IhgHNxC6JTvLu9cej+iWuG+uJFMXn4AiRro9533x"; publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAX2IhgHNxC6JTvLu9cej+iWuG+uJFMXn4AiRro9533x";
@ -78,6 +83,7 @@
certAuthority = true; certAuthority = true;
}; };
}; };
};
security.sudo.extraConfig = '' security.sudo.extraConfig = ''
Defaults timestamp_timeout=30 Defaults timestamp_timeout=30

BIN
secrets/keepassxc.ini.age Normal file

Binary file not shown.

View file

@ -14,4 +14,5 @@ in
"common-pg-tfbackend.age".publicKeys = publicKeys; "common-pg-tfbackend.age".publicKeys = publicKeys;
"ansible-vault-secret.age".publicKeys = publicKeys; "ansible-vault-secret.age".publicKeys = publicKeys;
"powerdns-api-key.json.age".publicKeys = publicKeys; "powerdns-api-key.json.age".publicKeys = publicKeys;
"keepassxc.ini.age".publicKeys = publicKeys; # Secret agent causes private keys in config file.
} }