From b04bd5e61e6b38be8ebd1eec298025eadc975073 Mon Sep 17 00:00:00 2001 From: Jelle Spreeuwenberg Date: Fri, 17 Apr 2026 01:26:38 +0200 Subject: [PATCH] fix: restore local-session HM routing and update shared sops key path --- .gitignore | 2 ++ modules/bundles.nix | 15 +++++++++++++++ modules/hosts/polaris/default.nix | 1 + modules/hosts/zenith/default.nix | 1 + modules/infra.nix | 2 +- modules/secrets/sops.nix | 6 ++++-- result | 1 + 7 files changed, 25 insertions(+), 3 deletions(-) create mode 120000 result diff --git a/.gitignore b/.gitignore index 2e0bac8..f05fb64 100644 --- a/.gitignore +++ b/.gitignore @@ -2,3 +2,5 @@ .claude/ .codex/ .opencode/ + +result/ diff --git a/modules/bundles.nix b/modules/bundles.nix index c18aeb1..f2d3677 100644 --- a/modules/bundles.nix +++ b/modules/bundles.nix @@ -24,6 +24,21 @@ ]; }; + lux.bundles._.local-session-user = { + includes = with lux; [ + nix + niri + clipboard + local-apps + pinentry + qbittorrent-client + vicinae + xdg + theme + noctalia + ]; + }; + lux.bundles._.development = { includes = with lux; [ git diff --git a/modules/hosts/polaris/default.nix b/modules/hosts/polaris/default.nix index 0cbef0a..58832bc 100644 --- a/modules/hosts/polaris/default.nix +++ b/modules/hosts/polaris/default.nix @@ -5,6 +5,7 @@ provides.kiri = { includes = with lux; [ + bundles._.local-session-user bitwarden email pim diff --git a/modules/hosts/zenith/default.nix b/modules/hosts/zenith/default.nix index 7463041..fb1a597 100644 --- a/modules/hosts/zenith/default.nix +++ b/modules/hosts/zenith/default.nix @@ -5,6 +5,7 @@ provides.kiri = { includes = with lux; [ + bundles._.local-session-user bitwarden email pim diff --git a/modules/infra.nix b/modules/infra.nix index 0a00d8a..eb59475 100644 --- a/modules/infra.nix +++ b/modules/infra.nix @@ -1,6 +1,6 @@ let serviceDomain = "jelles.net"; - adminKeyPath = "/var/lib/sops-nix/admin-key.txt"; + adminKeyPath = "/var/lib/sops/keys.txt"; sharedIdentity = { realName = "Jelle Spreeuwenberg"; diff --git a/modules/secrets/sops.nix b/modules/secrets/sops.nix index 608a59f..21c7508 100644 --- a/modules/secrets/sops.nix +++ b/modules/secrets/sops.nix @@ -8,6 +8,7 @@ in { host, ... }: let missingAdminUsers = lib.filter (userName: !(builtins.hasAttr userName host.users)) host.sopsAdminKeyUsers; + hasSharedAdminKey = host.sopsAdminKeyPath != null && host.sopsAdminKeyUsers != [ ]; adminKeyDir = if host.sopsAdminKeyPath == null then null else builtins.dirOf host.sopsAdminKeyPath; in { @@ -27,7 +28,7 @@ in }; }; - users.groups = lib.optionalAttrs (host.sopsAdminKeyUsers != [ ]) { + users.groups = lib.optionalAttrs hasSharedAdminKey { ${sopsReadersGroup} = { }; }; @@ -35,8 +36,9 @@ in extraGroups = [ sopsReadersGroup ]; }); - systemd.tmpfiles.rules = lib.optionals (adminKeyDir != null) [ + systemd.tmpfiles.rules = lib.optionals hasSharedAdminKey [ "d ${adminKeyDir} 0750 root ${sopsReadersGroup} -" + "z ${host.sopsAdminKeyPath} 0640 root ${sopsReadersGroup} -" ]; assertions = [ diff --git a/result b/result new file mode 120000 index 0000000..0cbb54e --- /dev/null +++ b/result @@ -0,0 +1 @@ +/nix/store/f04b5bwj62pi05mzg8lrrmq6wfr9i3hd-nixos-system-polaris-26.05.20260415.566acc0 \ No newline at end of file