Update docker.io/1password/connect-sync Docker tag to v1.7.3

.forgejo/workflows/build.yaml

@@ -22,14 +22,7 @@ jobs:
       - name: Checkout repository
         uses: https://github.com/actions/checkout@v4
         with:
-          fetch-depth: 0
-      - name: Write ssh key
-        id: sshkey
-        uses: https://github.com/timheuer/base64-to-file@v1
-        with:
-          encodedString: "${{ secrets.SSH_USER }}"
-          fileName: id_ed25519
-          fileDir: ~/.ssh
+          fetch-depth: 0        
       - uses: https://github.com/cachix/cachix-action@v15
         if: ${{ !github.event.pull_request.head.repo.fork }}
         with:

.gitignore

@@ -4,3 +4,4 @@ age.key
 result*
 .direnv
 .kube
+.github

nixos/home/jahanson/global.nix

@@ -33,7 +33,6 @@ with config;
         p7zip
 
         # cli
-        _1password
         bat
         dbus
         direnv

nixos/home/jahanson/workstation.nix

@@ -5,19 +5,20 @@ with config;
     ./global.nix
   ];
 
-  myHome.programs.firefox.enable = true;
+  myHome = {
+    programs.firefox.enable = true;
+    shell = {
+      starship.enable = true;
+      fish.enable = true;
+      wezterm.enable = true;
+      atuind.enable = true;
 
-  myHome.shell = {
-    starship.enable = true;
-    fish.enable = true;
-    wezterm.enable = true;
-    atuind.enable = true;
-
-    git = {
-      enable = true;
-      username = "Joseph Hanson";
-      email = "joe@veri.dev";
-      signingKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIDSAmssproxG+KsVn2DfuteBAemHrmmAFzCtldpKl4J";
+      git = {
+        enable = true;
+        username = "Joseph Hanson";
+        email = "joe@veri.dev";
+        signingKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIDSAmssproxG+KsVn2DfuteBAemHrmmAFzCtldpKl4J";
+      };
     };
   };
 
@@ -26,7 +27,6 @@ with config;
     packages = with pkgs;
       [
         #apps
-        _1password-gui
         discord
         flameshot
         jetbrains.datagrip

nixos/hosts/gandalf/default.nix

@@ -84,6 +84,8 @@ in
       samba.extraConfig = import ./config/samba-config.nix { };
       resticBackup.local.enable = false;
       resticBackup.remote.enable = false;
+      resticBackup.local.noWarning = true;
+      resticBackup.remote.noWarning = true;
       # Borg
       borgbackup = {
         enable = true;

nixos/hosts/telchar/default.nix

@@ -46,5 +46,6 @@
   mySystem = {
     purpose = "Development";
     system.motd.networkInterfaces = [ "wlp1s0" ];
+    security._1password.enable = true;
   };
 }

nixos/hosts/telperion/default.nix

@@ -68,6 +68,8 @@
     system.motd.networkInterfaces = [ "enp2s0" "wlp3s0" ];
     system.resticBackup.local.enable = false;
     system.resticBackup.remote.enable = false;
+    system.resticBackup.local.noWarning = true;
+    system.resticBackup.remote.noWarning = true;
 
     services = {
       podman.enable = true;

nixos/modules/nixos/editor/default.nix

@@ -56,7 +56,7 @@ in
     # Enable vscode & addons
     environment.systemPackages = with pkgs; [
       (vscode-with-extensions.override {
-        vscode = unstable.vscode;
+        inherit (unstable) vscode;
         # Merge all the extension packages together.
         vscodeExtensions =
           vscodeCommunityExtensionsPackages ++ nixpkgsExtensionsPackages ++ marketplaceExtensionsPackages;

nixos/modules/nixos/security/1password/config/1password-startup.desktop

@@ -0,0 +1,10 @@
+[Desktop Entry]
+Name=1Password
+Exec=1password %U --silent
+Terminal=false
+Type=Application
+Icon=1password
+StartupWMClass=1Password
+Comment=Password manager and secure wallet
+MimeType=x-scheme-handler/onepassword;
+Categories=Office;

nixos/modules/nixos/security/1password/default.nix

@@ -0,0 +1,35 @@
+{ config, lib, ... }:
+with lib; let
+  cfg = config.mySystem.security._1password;
+  user = "jahanson";
+in
+{
+  options.mySystem.security._1password = {
+    enable = mkEnableOption "_1password";
+  };
+
+  config = mkIf cfg.enable {
+    programs = {
+      _1password.enable = true;
+      _1password-gui = {
+        enable = true;
+        polkitPolicyOwners = [ "${user}" ];
+      };
+    };
+
+    home-manager.users.${user} = {
+      home.file = {
+        ".config/autostart/1password-startup.desktop".source = ./config/1password-startup.desktop;
+      };
+    };
+
+    environment.etc = {
+      "1password/custom_allowed_browsers" = {
+        text = ''
+          vivaldi-bin
+        '';
+        mode = "0755";
+      };
+    };
+  };
+}

nixos/modules/nixos/security/default.nix

@@ -1,6 +1,7 @@
 { ... }:
 {
   imports = [
+    ./1password
     ./acme
   ];
 }

nixos/modules/nixos/services/bind/default.nix

@@ -26,7 +26,7 @@ in
     services.bind = {
       enable = true;
       inherit (cfg) package;
-      extraConfig = cfg.extraConfig;
+      inherit (cfg) extraConfig;
     };
 
     # Clean up journal files

nixos/modules/nixos/services/haproxy/default.nix

@@ -32,7 +32,7 @@ in
     services.haproxy = {
       enable = true;
       inherit (cfg) package;
-      config = cfg.config;
+      inherit (cfg) config;
     };
   };
 }

nixos/modules/nixos/services/restic/default.nix

@@ -7,6 +7,12 @@ in
   options.mySystem.system.resticBackup = {
     local = {
       enable = mkEnableOption "Local backups" // { default = true; };
+      noWarning = mkOption
+        {
+          type = types.bool;
+          description = "Disable warning for local backups";
+          default = false;
+        };
       location = mkOption
         {
           type = types.str;
@@ -16,6 +22,12 @@ in
     };
     remote = {
       enable = mkEnableOption "Remote backups" // { default = true; };
+      noWarning = mkOption
+        {
+          type = types.bool;
+          description = "Disable warning for remote backups";
+          default = false;
+        };
       location = mkOption
         {
           type = types.str;
@@ -34,8 +46,8 @@ in
 
     # Warn if backups are disable and machine isnt a dev box
     warnings = [
-      (mkIf (!cfg.local.enable && config.mySystem.purpose != "Development") "WARNING: Local backups are disabled for ${config.system.name}!")
-      (mkIf (!cfg.remote.enable && config.mySystem.purpose != "Development") "WARNING: Remote backups are disabled for ${config.system.name}!")
+      (mkIf (!cfg.local.noWarning && !cfg.local.enable && config.mySystem.purpose != "Development") "WARNING: Local backups are disabled for ${config.system.name}!")
+      (mkIf (!cfg.remote.noWarning && !cfg.remote.enable && config.mySystem.purpose != "Development") "WARNING: Remote backups are disabled for ${config.system.name}!")
     ];
 
     sops.secrets = mkIf (cfg.local.enable || cfg.remote.enable) {

nixos/modules/nixos/system/borg/default.nix

@@ -27,9 +27,9 @@ in
 
   config = lib.mkIf cfg.enable {
     services.borgbackup.jobs."borgbackup" = {
-      paths = cfg.paths;
-      exclude = cfg.exclude;
-      repo = cfg.repo;
+      inherit (cfg) paths;
+      inherit (cfg) exclude;
+      inherit (cfg) repo;
       encryption = {
         mode = "repokey-blake2";
         passCommand = "cat ${cfg.repoKeyPath}";

nixos/overlays/go/default.nix

@@ -2,7 +2,7 @@
 let
   finalVersion = "1.22.5";
 in
-(final: prev: {
+final: prev: {
   go_1_22 = prev.go_1_22.overrideAttrs (oldAttrs: { 
     version = finalVersion;
     src = prev.fetchurl {
@@ -10,4 +10,4 @@ in
       hash = "sha256-rJxyPyJJaa7mJLw0/TTJ4T8qIS11xxyAfeZEu0bhEvY=";
     };
   });
-})
+}

nixos/overlays/talosctl/default.nix

@@ -2,7 +2,7 @@
 let
   finalVersion = "1.7.5";
 in
-(final: prev: {
+final: prev: {
   talosctl = prev.talosctl.overrideAttrs (oldAttrs: { 
     version = finalVersion;
     src = prev.fetchFromGitHub {
@@ -16,4 +16,4 @@ in
       updateScript = ./update.sh;
     };
   });
-})
+}

nixos/overlays/warp-terminal/default.nix

@@ -2,12 +2,12 @@
 let 
   versions = lib.importJSON ./versions.json;
 in
-(final: prev: {
+final: prev: {
   warp-terminal = prev.warp-terminal.overrideAttrs (oldAttrs: { 
-    version = versions.linux.version;
+    inherit (versions.linux) version;
     src = prev.fetchurl {
       url = "https://releases.warp.dev/stable/v${versions.linux.version}/warp-terminal-v${versions.linux.version}-1-x86_64.pkg.tar.zst";
-      hash = versions.linux.hash;
+      inherit (versions.linux) hash;
     };
   });
-})
+}

shell.nix

@@ -17,15 +17,16 @@ pkgs.mkShell {
   NIX_CONFIG = "experimental-features = nix-command flakes";
 
   nativeBuildInputs = with pkgs; [
-    nix
-    home-manager
-    git
-    nil
-    nixpkgs-fmt
-    go-task
-    sops
-    pre-commit
-    gitleaks
     cachix
+    git
+    gitleaks
+    go-task
+    home-manager
+    nil
+    nix
+    nixpkgs-fmt
+    pre-commit
+    sops
+    statix
   ];
 }

statix.toml

@@ -0,0 +1,6 @@
+disabled = [
+    "empty_pattern"
+]
+nix_version = '2.4'
+ignore = ['.direnv']
+