enable keepassxc secret agent

disable gnome keyring enable ssh agent encrypt keepassxc config because it contains secret agent keys now remove alacritty config
2023-11-04 18:00:24 +01:00 · 2023-11-04 18:00:24 +01:00 · 17db8c152e
commit 17db8c152e
parent 0abb32ef30
7 changed files with 23 additions and 118 deletions
--- a/home-manager/alacritty/config.nix
+++ b/home-manager/alacritty/config.nix
@ -1,63 +0,0 @@
 pkgs: config:
 {
  # Gruvbox theme (https://github.com/alacritty/alacritty-theme/blob/master/themes/gruvbox_dark.yaml)
  colors = {
    primary = {
      background = "0x282828";
      foreground = "0xebdbb2";
    };
    normal = {
      black = "0x282828";
      red = "0xcc241d";
      green = "0x98971a";
      yellow = "0xd79921";
      blue = "0x458588";
      magenta = "0xb16286";
      cyan = "0x689d6a";
      white = "0xa89984";
    };
    bright = {
      black = "0x928374";
      red = "0xfb4934";
      green = "0xb8bb26";
      yellow = "0xfabd2f";
      blue = "0x83a598";
      magenta = "0xd3869b";
      cyan = "0x8ec07c";
      white = "0xebdbb2";
    };
  };
  font = {
    normal = {
      family = "Hack Nerd Font Mono";
      style = "Regular";
    };
    bold = {
      family = "Hack Nerd Font Mono";
      style = "Bold";
    };
    italic = {
      family = "Hack Nerd Font Mono";
      style = "Italic";
    };
    bold_italic = {
      family = "Hack Nerd Font Mono";
      style = "Bold Italic";
    };
  };
  shell = {
    program = "${pkgs.bash}/bin/bash";
    args = [
      "--login"
      "-c"
      "${config.programs.tmux.package}/bin/tmux"
    ];
  };
 }
--- a/home-manager/alacritty/default.nix
+++ b/home-manager/alacritty/default.nix
@ -1,9 +0,0 @@
 { pkgs, config, ... }:
 {
  config = {
    programs.alacritty = {
      enable = true;
      settings = import ./config.nix pkgs config;
    };
  };
 }
--- a/home-manager/keepassxc/config.nix
+++ b/home-manager/keepassxc/config.nix
@ -1,33 +0,0 @@
 {
 General = {
   ConfigVersion = 2;
 };
 Browser = {
   CustomProxyLocation = "";
   Enabled = true;
 };
 GUI = {
   MinimizeOnClose = true;
   MinimizeOnStartup = true;
   ShowExpiredEntriesOnDatabaseUnlock = false;
   ShowTrayIcon = true;
   TrayIconAppearance = "monochrome-light";
 };
 PasswordGenerator = {
   AdditionalChars = "";
   ExcludedChars = "";
 };
 SSHAgent = {
   Enabled = true;
 };
 Security = {
   ClearClipboardTimeout = 30;
   ClearSearch = false;
   EnableCopyOnDoubleClick = true;
 };
 }
--- a/home-manager/keepassxc/default.nix
+++ b/home-manager/keepassxc/default.nix
@ -1,8 +1,11 @@
-{ pkgs, lib, ...}:
+{ pkgs, config, ...}:
 {
  config = {
    home.packages = [ pkgs.keepassxc ];
-    xdg.configFile."keepassxc/keepassxc.ini".text = lib.generators.toINI {} (import ./config.nix);
+    homeage.file."keepassxc.ini" = {
      source = ../../secrets/keepassxc.ini.age;
      symlinks = [ "${config.xdg.configHome}/keepassxc/keepassxc.ini" ];
    };
  };
 }
--- a/nixos/default.nix
+++ b/nixos/default.nix
@ -1,4 +1,4 @@
-{ pkgs, config, ... }: {
+{ pkgs, config, lib, ... }: {
  imports = [
    ./hardware-configuration.nix
  ];
@ -10,6 +10,8 @@
  time.timeZone = "Europe/Amsterdam";
  i18n.defaultLocale = "en_US.UTF-8";
  services.gnome.gnome-keyring.enable = lib.mkForce false;
  services = {
    xserver = {
      enable = true;
@ -65,17 +67,21 @@
  system.stateVersion = "23.05";
-  programs.ssh.knownHosts = {
+  programs.ssh = {
-    dmz = {
+    startAgent = true;
      hostNames = ["*.dmz"];
      publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAX2IhgHNxC6JTvLu9cej+iWuG+uJFMXn4AiRro9533x";
      certAuthority = true;
    };
-    hypervisors = {
+    knownHosts = {
-      hostNames = ["*.hyp"];
+      dmz = {
-      publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFzRkH3d/KVJQouswY/DMpenWbDFVOnI3Vut0xR0e1tb";
+        hostNames = ["*.dmz"];
-      certAuthority = true;
+        publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAX2IhgHNxC6JTvLu9cej+iWuG+uJFMXn4AiRro9533x";
        certAuthority = true;
      };
      hypervisors = {
        hostNames = ["*.hyp"];
        publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFzRkH3d/KVJQouswY/DMpenWbDFVOnI3Vut0xR0e1tb";
        certAuthority = true;
      };
    };
  };
--- a/secrets/keepassxc.ini.age
+++ b/secrets/keepassxc.ini.age
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@ -14,4 +14,5 @@ in
  "common-pg-tfbackend.age".publicKeys = publicKeys;
  "ansible-vault-secret.age".publicKeys = publicKeys;
  "powerdns-api-key.json.age".publicKeys = publicKeys;
  "keepassxc.ini.age".publicKeys = publicKeys; # Secret agent causes private keys in config file.
 }