kiri/lux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: restore local-session HM routing and update shared sops key path

Browse Source
This commit is contained in:
Jelle Spreeuwenberg
2026-04-17 01:26:38 +02:00
parent 9af07bedff
commit b04bd5e61e
7 changed files with 25 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored
View File

@@ -2,3 +2,5 @@
.claude/ .claude/
.codex/ .codex/
.opencode/ .opencode/
result/

15
modules/bundles.nix
View File

@@ -24,6 +24,21 @@
]; ];
}; };
lux.bundles._.local-session-user = {
includes = with lux; [
nix
niri
clipboard
local-apps
pinentry
qbittorrent-client
vicinae
xdg
theme
noctalia
];
};
lux.bundles._.development = { lux.bundles._.development = {
includes = with lux; [ includes = with lux; [
git git

1
modules/hosts/polaris/default.nix
View File

@@ -5,6 +5,7 @@
provides.kiri = { provides.kiri = {
includes = with lux; [ includes = with lux; [
bundles._.local-session-user
bitwarden bitwarden
email email
pim pim

1
modules/hosts/zenith/default.nix
View File

@@ -5,6 +5,7 @@
provides.kiri = { provides.kiri = {
includes = with lux; [ includes = with lux; [
bundles._.local-session-user
bitwarden bitwarden
email email
pim pim

2
modules/infra.nix
View File

@@ -1,6 +1,6 @@
let let
serviceDomain = "jelles.net"; serviceDomain = "jelles.net";
adminKeyPath = "/var/lib/sops-nix/admin-key.txt"; adminKeyPath = "/var/lib/sops/keys.txt";
sharedIdentity = { sharedIdentity = {
realName = "Jelle Spreeuwenberg"; realName = "Jelle Spreeuwenberg";

6
modules/secrets/sops.nix
View File

@@ -8,6 +8,7 @@ in
{ host, ... }: { host, ... }:
let let
missingAdminUsers = lib.filter (userName: !(builtins.hasAttr userName host.users)) host.sopsAdminKeyUsers; missingAdminUsers = lib.filter (userName: !(builtins.hasAttr userName host.users)) host.sopsAdminKeyUsers;
hasSharedAdminKey = host.sopsAdminKeyPath != null && host.sopsAdminKeyUsers != [ ];
adminKeyDir = if host.sopsAdminKeyPath == null then null else builtins.dirOf host.sopsAdminKeyPath; adminKeyDir = if host.sopsAdminKeyPath == null then null else builtins.dirOf host.sopsAdminKeyPath;
in in
{ {
@@ -27,7 +28,7 @@ in
}; };
}; };
users.groups = lib.optionalAttrs (host.sopsAdminKeyUsers != [ ]) { users.groups = lib.optionalAttrs hasSharedAdminKey {
${sopsReadersGroup} = { }; ${sopsReadersGroup} = { };
}; };
@@ -35,8 +36,9 @@ in
extraGroups = [ sopsReadersGroup ]; extraGroups = [ sopsReadersGroup ];
}); });
systemd.tmpfiles.rules = lib.optionals (adminKeyDir != null) [ systemd.tmpfiles.rules = lib.optionals hasSharedAdminKey [
"d ${adminKeyDir} 0750 root ${sopsReadersGroup} -" "d ${adminKeyDir} 0750 root ${sopsReadersGroup} -"
"z ${host.sopsAdminKeyPath} 0640 root ${sopsReadersGroup} -"
]; ];
assertions = [ assertions = [

1
result Symbolic link
View File

@@ -0,0 +1 @@
/nix/store/f04b5bwj62pi05mzg8lrrmq6wfr9i3hd-nixos-system-polaris-26.05.20260415.566acc0