Fix: removed unusable warning in rekey module

2023-02-07 14:30:39 +01:00 · 2023-02-07 14:30:39 +01:00 · 77b69bb0a0
parent f0986ff7cb
commit 77b69bb0a0
7 changed files with 411 additions and 79 deletions
--- a/apps/rekey.nix
+++ b/apps/rekey.nix
@ -9,12 +9,7 @@ with nixpkgs.lib; let
  rekeyCommandForHost = hostName: hostAttrs: let
    masterIdentities = strings.concatMapStrings (x: "-i ${x} ") hostAttrs.config.rekey.masterIdentityPaths;

-    pubKeyStr = let
-      pubKey = hostAttrs.config.rekey.pubKey;
-    in
-      if isPath pubKey
-      then readFile pubKey
-      else pubKey;
+    pubKeyStr = hostAttrs.config.rekey.pubKey;
    secretPath = "/tmp/nix-rekey.d/${builtins.hashString "sha1" pubKeyStr}/";

    rekeyCommand = secretName: secretAttrs: let
--- a/configuration.nix
+++ b/configuration.nix
@ -28,7 +28,6 @@
  rekey.masterIdentityPaths = [./secrets/NIXOSc.key ./secrets/NIXOSa.key];

  rekey.pubKey = ./keys + "/${config.networking.hostName}.pub";
-  rekey.plugins = [pkgs.age-plugin-yubikey];

  networking.wireless.iwd.enable = true;
  rekey.secrets.eduroam = {
@ -88,24 +87,30 @@

  powerManagement.powertop.enable = true;

+  # Disable mutable Users, any option can only be set by the nix config
+  users.mutableUsers = false;
+
+  rekey.secrets.patrick.file = ./secrets/patrick.passwd.age;
  # Define a user account. Don't forget to set a password with ‘passwd’.
  users.users.patrick = {
    isNormalUser = true;
    uid = 1000;
    createHome = true;
-    extraGroups = ["wheel" "audio" "video" "input"]; # Enable ‘sudo’ for the user.
+    extraGroups = ["wheel" "audio" "video" "input"];
    group = "patrick";
    shell = pkgs.zsh;
+	passwordFile = config.rekey.secrets.patrick.path;
  };
  users.groups.patrick.gid = 1000;

+  rekey.secrets.root.file = ./secrets/root.passwd.age;
  users.users.root = {
-    initialPassword = "ctie";
    openssh.authorizedKeys.keys = [
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDZixkix0KfKuq7Q19whS5FQQg51/AJGB5BiNF/7h/LM"
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHxD4GOrwrBTG4/qQhm5hoSB2CP7W9g1LPWP11oLGOjQ"
    ];
    shell = pkgs.zsh;
+	passwordFile = config.rekey.secrets.root.path;
  };

  security.sudo.enable = false;
--- a/flake.lock
+++ b/flake.lock
@ -66,11 +66,11 @@
        "utils": "utils"
      },
      "locked": {
-        "lastModified": 1675462931,
-        "narHash": "sha256-JiOUSERBtA1lN/s9YTKGZoZ3XUicHDwr+C8swaPSh3M=",
+        "lastModified": 1675637696,
+        "narHash": "sha256-tilJS8zCS3PaDfVOfsBZ4zspuam8tc7IMZxtGa/K/uo=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "e2c1756e3ae001ca8696912016dd31cb1503ccf3",
+        "rev": "c43d4a3d6d9ef8ddbe2438362f5c775b4186000b",
        "type": "github"
      },
      "original": {
@ -81,11 +81,11 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1675362331,
-        "narHash": "sha256-VmcnKPj5gJLxWK7Bxlhg2LoQvhKRss7Ax+uoFjd3qKY=",
+        "lastModified": 1675545634,
+        "narHash": "sha256-TbQeQcM5TA/wIho6xtzG+inUfiGzUXi8ewwttiQWYJE=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "a100acd7bbf105915b0004427802286c37738fef",
+        "rev": "0591d6b57bfeb55dfeec99a671843337bc2c3323",
        "type": "github"
      },
      "original": {
--- a/modules/rekey-drv.nix
+++ b/modules/rekey-drv.nix
@ -1,18 +1,13 @@
 pkgs: config: (
+  # Derivation to copy the rekeyd secrets for tmp to the nix store
+  # Agenix will read them from the store for decryption
  pkgs.stdenv.mkDerivation rec {
    pname = "host-secrets";
    version = "1";
    description = "Rekeyed secrets for this host";
-    pubKeyStr = let
-      pubKey = config.rekey.pubKey;
-    in
-      if builtins.isPath pubKey
-      then builtins.readFile pubKey
-      else pubKey;
-
+    # Set all keys and secrets as input so the derivation gets rebuild if any of them change
+    pubKeyStr = config.rekey.pubKey;
    secretFiles = pkgs.lib.mapAttrsToList (_: x: x.file) config.rekey.secrets;
-    srcs = secretFiles;
-    sourceRoot = ".";

    dontMakeSourcesWriteable = true;
    dontUnpack = true;
@ -20,7 +15,8 @@ pkgs: config: (
    dontBuild = true;

    installPhase = ''
-      cp -r /tmp/nix-rekey.d/${builtins.hashString "sha1" pubKeyStr}/. $out
+      cp -r /tmp/nix-rekey.d/${builtins.hashString "sha1" pubKeyStr}/. $out \
+	  || { echo "Warning Secrets not available. Maybe you forgot to run 'nix run .#rekey' to rekey them?"; exit 1; }
    '';
  }
 )
--- a/modules/rekey.nix
+++ b/modules/rekey.nix
@ -11,6 +11,7 @@
    drv = import ./rekey-drv.nix pkgs config;
  in
    mkIf (config.rekey.secrets != {}) {
+	  # export all secrets to agenix with rewritten path from rekey
      age = {
        secrets = let
          secretPath = "${drv}/";
@ -18,16 +19,22 @@
        in
          mapAttrs (name: value: value // {file = newPath name;}) config.rekey.secrets;
      };
-      warnings = optional (! pathExists (removeSuffix ".drv" drv.drvPath)) ''
-           Rekeyed secrets not available.
-        Maybe you forgot to run "nix run '.#rekey'" to rekey them?
-      '';
+
+      # Warn if rekey has to been executed
+	  # use the drvPath to prevent nix from building the derivation in this step
+	  # drvPath is not outPath so this warning does not work
+	  # to fix it you would need some kind of way to access the outPath without evaluating the derivation
+      #warnings = optional ( ! pathExists (removeSuffix ".drv" drv.drvPath)) ''
+	  #  Path ${drv.drvPath}
+      #  Rekeyed secrets not available.
+      #  Maybe you forgot to run "nix run '.#rekey'" to rekey them?
+      #'';
    };

  options = with lib; {
    rekey.secrets = options.age.secrets;
    rekey.pubKey = mkOption {
-      type = types.either types.path types.str;
+      type = types.coercedTo types.path builtins.readFile types.str;
      description = ''
        The age public key set as a recipient when rekeying.
        either a path to a public key file or a string public key
@ -46,13 +53,5 @@
      '';
    };

-    rekey.plugins = mkOption {
-      type = types.listOf types.package;
-      default = [];
-      description = ''
-        A list of plugins that should be available in your path when rekeying.
-      '';
-      example = [pkgs.age-plugin-yubikey];
-    };
  };
 }
--- a/users/common/polybar.nix
+++ b/users/common/polybar.nix
@ -1,13 +1,59 @@
-{
-	config,
-	...
-}:
-let
+# Polybar config
+# Polybar is kinda weird in two regards:
+# 1. polybar allows a superkey and subkey to both have values eg:
+# a = "lel"
+# a.b = "lul"
+# since nix does not allow this you have to hardcode the key with a '-'
+# instead of using actual nix subkeys witt '.' eg:
+# a = "lel"
+# a-b = "lul"
+# 2. polybar allows integer keys. In nix these have to be quoted
+
+
+{config, ...}: let
  color = {
-	bground = ;
-	fground = ;
-in
-{
+    shade1 = "#311B92";
+    shade2 = "#4527A0";
+    shade3 = "#512DA8";
+    shade4 = "#5E35B1";
+    shade5 = "#673AB7";
+    shade6 = "#7E57C2";
+    shade7 = "#9575CD";
+    shade8 = "#B39DDB";
+
+    bground = "#1D1F28";
+    fground = "#f7f7f7";
+    borderbg = "#f7f7f7";
+    accent = "#5E35B1";
+    modulefg = "#f7f7f7";
+    modulefg-alt = "#f7f7f7";
+
+    trans = "#00000000";
+    white = "#FFFFFF";
+    black = "#000000";
+
+    # Material Colors
+    red = "#e53935";
+    pink = "#d81b60";
+    purple = "#8e24aa";
+    deep-purple = "#5e35b1";
+    indigo = "#3949ab";
+    blue = "#1e88e5";
+    light-blue = "#039be5";
+    cyan = "#00acc1";
+    teal = "#00897b";
+    green = "#43a047";
+    light-green = "#7cb342";
+    lime = "#c0ca33";
+    yellow = "#fdd835";
+    amber = "#ffb300";
+    orange = "#fb8c00";
+    deep-orange = "#f4511e";
+    brown = "#6d4c41";
+    grey = "#757575";
+    blue-gray = "#546e7a";
+  };
+in {
  services.polybar = {
    enable = true;
    settings = {
@ -17,24 +63,24 @@ in
        bottom = true;

        dpi = 96;
-				heigh = 22;
+        height = 22;

        background = color.bground;
        foreground = color.fground;

        font = {
-					0 = "FiraCode Nerd Font Mono:style=Medium:size=13";
-					1 = "";
-					2 = "Iosevka Nerd Font:style=Medium:size=16";
-					3 = "Font Awesome 5 Pro:style=Solid:size=13";
-					4 = "Font Awesome 5 Pro:style=Regular:size=13";
-					5 = "Font Awesome 5 Pro:style=Light:size=13";
+          "0" = "FiraCode Nerd Font Mono:style=Medium:size=13";
+          "1" = "";
+          "2" = "Iosevka Nerd Font:style=Medium:size=16";
+          "3" = "Font Awesome 5 Pro:style=Solid:size=13";
+          "4" = "Font Awesome 5 Pro:style=Regular:size=13";
+          "5" = "Font Awesome 5 Pro:style=Light:size=13";
        };

        modules = {
-					left = [ "icon" "left1" "title" "left2" ];
-					center = [ "workspaces" ];
-					right = [ "right5" "alsa" "right4" "battery" "right3" "network" "date" "right1" "keyboardswitcher" ];
+          left = ["icon" "left1" "title" "left2"];
+          center = ["workspaces"];
+          right = ["right5" "alsa" "right4" "battery" "right3" "network" "date" "right1" "keyboardswitcher"];
        };

        tray = {
@ -43,8 +89,299 @@ in
        };

        enable.ipc = true;
+      };
+      # _._._._._._._._._._._._._._._._._._._._._._
+      # Functional MODULES
+      # _._._._._._._._._._._._._._._._._._._._._._

+      "module/title" = {
+        type = "internal/xwindow";

+        format = "<label>";
+        format-background = color.shade2;
+        format-foreground = color.modulefg;
+        format-padding = "1";
+
+        label = "%title%";
+        label-maxlen = "30";
+
+        label-empty = "NixOS";
+        label-empty-foreground = "#707880";
+      };
+
+      "module/workspaces" = {
+        type = "internal/xworkspaces";
+
+        pin.workspaces = "true";
+        enable.click = "true";
+        enable.scroll = "true";
+
+        label.active = "  %{T1}%{T-}";
+        label.occupied = "%{T1}%{T-}";
+        label.urgent = "  %{T1}%{T-}";
+        label.empty = "   %{T1}%{T-}";
+
+        format = "<label.state>";
+
+        label.monitor = "%name%";
+        label.active-foreground = color.accent;
+        label.occupied-foreground = color.yellow;
+        label.urgent-foreground = color.red;
+        label.empty-foreground = color.modulefg.alt;
+
+        label.active-padding = "1";
+        label.urgent-padding = "1";
+        label.occupied-padding = "1";
+        label.empty-padding = "1";
+      };
+
+      "module/alsa" = {
+        type = "internal/pulseaudio";
+
+        format.volume = "<ramp.volume> <label.volume>";
+        format.volume-background = color.shade5;
+        format.volume-foreground = color.modulefg;
+        format.volume-padding = "1";
+
+        label.volume = "%percentage%%";
+
+        format.muted.prefix = "%{T1}婢%{T-}";
+        label.muted = " Mute";
+        format.muted.background = color.shade5;
+        format.muted.foreground = color.modulefg;
+        format.muted.padding = "1";
+
+        ramp.volume."0" = "%{T1}奄%{T-}";
+        ramp.volume."1" = "%{T1}奔%{T-}";
+        ramp.volume."2" = "%{T1}墳%{T-}";
+      };
+      "module/backlight" = {
+        type = "internal/xbacklight";
+
+        card = "intel_backlight";
+
+        format = "<ramp> <label>";
+        format-background = color.shade4;
+        format-foreground = color.modulefg;
+        format-padding = "1";
+
+        label = "%percentage%%";
+
+        ramp."0" = "";
+        ramp."1" = "";
+        ramp."2" = "";
+        ramp."3" = "";
+        ramp."4" = "";
+      };
+      "module/battery" = {
+        type = "internal/battery";
+
+        full.at = "99";
+
+        battery = "BAT0";
+        adapter = "ADP1";
+
+        poll.interval = "2";
+        time.format = "%H:%M";
+
+        format.charging = "<animation.charging> <label.charging>";
+        format.charging-background = color.shade4;
+        format.charging-foreground = color.modulefg;
+        format.charging-padding = "1";
+
+        format.discharging = "<ramp.capacity> <label.discharging>";
+        format.discharging-background = color.shade4;
+        format.discharging-foreground = color.modulefg;
+        format.discharging-padding = "1";
+
+        label.charging = "%percentage%%";
+        label.discharging = "%percentage%%";
+
+        label.full = "Fully Charged";
+        label.full-background = color.shade4;
+        label.full-foreground = color.modulefg;
+        label.full-padding = "1";
+
+        # Capacity ramp
+        ramp.capacity.font = "5";
+        ramp.capacity."0" = "  %{T1}warning%{T-}  ";
+        ramp.capacity."0-foreground" = "#000000";
+        ramp.capacity."0-background" = "#df2c00";
+        ramp.capacity."1" = "";
+        ramp.capacity."1-foreground" = "#df2c00";
+        ramp.capacity."2" = "";
+        ramp.capacity."2-foreground" = "#df4c00";
+        ramp.capacity."3" = "";
+        ramp.capacity."3-foreground" = "#df8c00";
+        ramp.capacity."4" = "";
+        ramp.capacity."4-foreground" = "#dfcc00";
+        ramp.capacity."5" = "";
+        ramp.capacity."5-foreground" = "#dfcc00";
+        ramp.capacity."6" = "";
+        ramp.capacity."7" = "";
+        ramp.capacity."8" = "";
+        ramp.capacity."9" = "";
+
+        animation.charging.font = "5";
+        animation.charging."0" = "";
+        animation.charging."1" = "";
+        animation.charging."2" = "";
+        animation.charging."3" = "";
+        animation.charging."4" = "";
+        animation.charging."5" = "";
+        animation.charging."6" = "";
+        animation.charging."7" = "";
+        animation.charging."8" = "";
+        animation.charging.framerate = "750";
+      };
+      "module/date" = {
+        type = "internal/date";
+
+        interval = "1.0";
+        format = "<label>";
+        format-background = color.shade2;
+        format-foreground = color.modulefg;
+        format-padding = "1";
+        label = "%date% %time%";
+
+        # Normal date and time format
+        #date.alt = "%%{T5}%%{T-} %{F#808080}%Y.%m.%{F.}%d";
+        #time.alt = "%%{T5}%%{T-} %H:%M";
+
+        # Alternative date and time format
+        date = "%%{T5}%%{T-} %a, %d %{F#808080}%b %Y%{F.}";
+        time = "%%{T5}%%{T-} %H:%M:%S";
+      };
+
+      "module/powermenu" = {
+        type = "custom/text";
+        content = "%{T1}%{T-}";
+
+        expand.right = "false";
+
+        click.left = "/home/patrick/.config/rofi/powermenu/powermenu.sh";
+
+        content-background = color.shade1;
+        content-foreground = color.modulefg;
+        content-padding = "1";
+
+        label.open = "%{T1}%{T-}";
+        label.close = "%{T1}%{T-}";
+        label.separator = "|";
+      };
+
+      "module/network" = {
+        type = "internal/network";
+        interface = "wlan0";
+
+        interval = "1.0";
+        accumulate.stats = "true";
+        unknown.as.up = "true";
+
+        format-connected = "<ramp.signal> <label.connected>";
+        format-connected-background = color.shade3;
+        format-connected-foreground = color.modulefg;
+        format-connected-padding = "1";
+        label.connected = "%{F#808080}%ifname%%{F.} %{F#808080}%upspeed:8%   %downspeed:8% %{F.}";
+
+        format.disconnected = "<label.disconnected>";
+        format.disconnected-background = color.shade3;
+        format.disconnected-foreground = color.modulefg;
+        format.disconnected-padding = "1";
+
+        ramp.signal.font = "4";
+        ramp.signal."0" = "%{F#333}%{F. O.22}";
+        ramp.signal."1" = "%{F#333}%{F. O.22}";
+        ramp.signal."2" = "%{F#333}%{F. O.22}";
+        ramp.signal."3" = "%{F#333}%{F. O.22}";
+        ramp.signal."4" = "%{F#333}%{F. O.22}";
+      };
+      "module/keyboardswitcher" = {
+        type = "custom/menu";
+
+        expand.right = "true";
+
+        format.background = color.shade1;
+        format.foreground = color.modulefg;
+
+        label.open = "%{T3}  %{T-}";
+        label.close = " x ";
+        label.separator = " | ";
+
+        menu."0"."0" = "bone";
+        menu."0"."0-exec" = "/usr/bin/setxkbmap de bone";
+        menu."0"."1" = "neo";
+        menu."0"."1-exec" = "/usr/bin/setxkbmap de neo";
+        menu."0"."2" = "qwertz";
+        menu."0"."2-exec" = "/usr/bin/setxkbmap de";
+      };
+
+      # _._._._._._._._._._._._._._._._._._._._._._
+      # AESTHETIC MODULES
+      # _._._._._._._._._._._._._._._._._._._._._._
+
+      "module/left1" = {
+        type = "custom/text";
+        "content-background" = color.shade2;
+        "content-foreground" = color.shade1;
+        content = "%{T3}%{T-}";
+      };
+
+      "module/left2" = {
+        type = "custom/text";
+        "content-background" = color.bground;
+        "content-foreground" = color.shade2;
+        content = "%{T3}%{T-}";
+      };
+
+      "module/right1" = {
+        type = "custom/text";
+        "content-background" = color.shade2;
+        "content-foreground" = color.shade1;
+        content = "%{T3}%{T-}";
+      };
+
+      "module/right2" = {
+        type = custom/text;
+        "content-background" = color.shade3;
+        "content-foreground" = color.shade2;
+        content = "%{T3}%{T-}";
+      };
+
+      "module/right3" = {
+        type = "custom/text";
+        "content-background" = color.shade4;
+        "content-foreground" = color.shade3;
+        content = "%{T3}%{T-}";
+      };
+
+      "module/right4" = {
+        type = "custom/text";
+        "content-background" = color.shade5;
+        "content-foreground" = color.shade4;
+        content = "%{T3}%{T-}";
+      };
+
+      "module/right5" = {
+        type = "custom/text";
+        "content-background" = color.bground;
+        "content-foreground" = color.shade5;
+        content = "%{T3}%{T-}";
+      };
+
+      "module/right6" = {
+        type = "custom/text";
+        "content-background" = color.shade7;
+        "content-foreground" = color.shade6;
+        content = "%{T3}%{T-}";
+      };
+
+      "module/right7" = {
+        type = "custom/text";
+        "content-background" = color.bground;
+        "content-foreground" = color.shade7;
+        content = "%{T3}%{T-}";
+      };
    };
  };
 }
--- a/users/patrick.nix
+++ b/users/patrick.nix
@ -8,7 +8,7 @@
    common/herbstluftwm.nix
    common/autorandr.nix
    common/desktop.nix
-    # common/polybar.nix
+    #common/polybar.nix
    ./common
  ];