.envrc

@@ -1,3 +1,2 @@
 use nix
 export SOPS_AGE_KEY_FILE="$(expand_path ./age.key)"
-export VAULT_ADDR="http://10.1.1.61:8200"

.gitignore

@@ -7,5 +7,3 @@ result*
 .github
 .profile
 .idea
-.secrets
-.op

flake.lock

@@ -264,16 +264,15 @@
         ]
       },
       "locked": {
-        "lastModified": 1726074731,
+        "lastModified": 1725897020,
-        "narHash": "sha256-FsJQbSW9MGndQr7xz49SHjculvRaJGeqBSOgQjHguBc=",
+        "narHash": "sha256-0mJ37QZpUz44d0uolv9XQKDHwxUwqslz5ZSgwbdxmlo=",
-        "owner": "ajgon",
+        "owner": "brumhard",
         "repo": "krewfile",
-        "rev": "05183df6874c2ce479987872083017d7c1ddb546",
+        "rev": "e7773854b19a4288df5502946ccec79c4af57adf",
         "type": "github"
       },
       "original": {
-        "owner": "ajgon",
+        "owner": "brumhard",
-        "ref": "feat/indexes",
         "repo": "krewfile",
         "type": "github"
       }
@@ -438,11 +437,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1725826545,
+        "lastModified": 1725407940,
-        "narHash": "sha256-L64N1rpLlXdc94H+F6scnrbuEu+utC03cDDVvvJGOME=",
+        "narHash": "sha256-tiN5Rlg/jiY0tyky+soJZoRzLKbPyIdlQ77xVgREDNM=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "f4c846aee8e1e29062aa8514d5e0ab270f4ec2f9",
+        "rev": "6f6c45b5134a8ee2e465164811e451dcb5ad86e3",
         "type": "github"
       },
       "original": {
@@ -530,11 +529,11 @@
     },
     "nixpkgs-unstable_2": {
       "locked": {
-        "lastModified": 1725634671,
+        "lastModified": 1725432240,
-        "narHash": "sha256-v3rIhsJBOMLR8e/RNWxr828tB+WywYIoajrZKFM+0Gg=",
+        "narHash": "sha256-+yj+xgsfZaErbfYM3T+QvEE2hU7UuE+Jf0fJCJ8uPS0=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "574d1eac1c200690e27b8eb4e24887f8df7ac27c",
+        "rev": "ad416d066ca1222956472ab7d0555a6946746a80",
         "type": "github"
       },
       "original": {

flake.nix

@@ -88,8 +88,7 @@
 
     # krewfile - Declarative krew plugin management
     krewfile = {
-      # url = "github:brumhard/krewfile";
+      url = "github:brumhard/krewfile";
-      url = "github:ajgon/krewfile?ref=feat/indexes";
       inputs.nixpkgs.follows = "nixpkgs";
     };
 

nixos/home/jahanson/global.nix

@@ -3,6 +3,7 @@ with config;
 {
   imports = [
     ../modules
+    inputs.krewfile.homeManagerModules.krewfile
   ];
 
   config = {
@@ -20,6 +21,15 @@ with config;
       EDITOR = "vim";
     };
 
+    programs.krewfile = {
+      enable = true;
+      krewPackage = pkgs.krew;
+      plugins = [
+        "resource-capacity"
+        "rook-ceph"
+      ];
+    };
+
     home = {
 
       # Install these packages for my user
@@ -94,6 +104,9 @@ with config;
         # nix tools
         nvd
 
+        # charmbracelet tools
+        gum
+        vhs
       ];
     };
   };

nixos/home/jahanson/workstation.nix

@@ -3,19 +3,8 @@ with config;
 {
   imports = [
     ./global.nix
-    inputs.krewfile.homeManagerModules.krewfile
   ];
 
-  # Krewfile management
-  programs.krewfile = {
-    enable = true;
-    krewPackage = pkgs.krew;
-    plugins = [
-      "resource-capacity"
-      "rook-ceph"
-    ];
-  };
-
   myHome = {
     programs.firefox.enable = true;
     programs.thunderbird.enable = true;
@@ -36,7 +25,7 @@ with config;
     packages = with pkgs;
       [
         #apps
-        unstable.vesktop
+        discord
         inputs.ghostty.packages.${pkgs.system}.default
         obsidian
         parsec-bin
@@ -52,7 +41,6 @@ with config;
         unstable.talosctl
         unstable.telegram-desktop
         unstable.tidal-hifi
-        unstable.vault
         vlc
 
         # cli

nixos/home/modules/programs/de/gnome/default.nix

@@ -26,7 +26,7 @@ with lib.hm.gvariant; {
       "org/gnome/shell" = {
         disabled-extensions = [ "apps-menu@gnome-shell-extensions.gcampax.github.com" "light-style@gnome-shell-extensions.gcampax.github.com" "places-menu@gnome-shell-extensions.gcampax.github.com" "drive-menu@gnome-shell-extensions.gcampax.github.com" "window-list@gnome-shell-extensions.gcampax.github.com" "workspace-indicator@gnome-shell-extensions.gcampax.github.com" ];
         enabled-extensions = [ "appindicatorsupport@rgcjonas.gmail.com" "caffeine@patapon.info" "dash-to-dock@micxgx.gmail.com" "gsconnect@andyholmes.github.io" "Vitals@CoreCoding.com" "sp-tray@sp-tray.esenliyim.github.com" ];
-        favorite-apps = [ "com.mitchellh.ghostty.desktop" "vivaldi-stable.desktop" "obsidian.desktop" "code.desktop" "vesktop.desktop" ];
+        favorite-apps = [ "com.mitchellh.ghostty.desktop" "vivaldi-stable.desktop" "obsidian.desktop" "code.desktop" "discord.desktop" ];
       };
       "org/gnome/nautilus/preferences" = {
         default-folder-viewer = "list-view";

nixos/hosts/telchar/default.nix

@@ -47,21 +47,11 @@
   # System settings and services.
   mySystem = {
     purpose = "Development";
-
-    # System config
     system = {
       motd.networkInterfaces = [ "wlp1s0" ];
       fingerprint-reader-on-laptop-lid.enable = true;
       borg.pika-backup.enable = true;
     };
-
-    # Services config
-    services = {
-      vault = {
-        enable = false;
-      };
-    };
-
     security._1password.enable = true;
     framework_wifi_swap.enable = true;
   };

nixos/modules/nixos/editor/vscode.nix

@@ -27,7 +27,6 @@ let
     "tyriar.sort-lines"
     "yzhang.markdown-all-in-one"
     "bmalehorn.vscode-fish"
-    "hashicorp.hcl"
     # "github.copilot-chat"
   ];
   # Nixpkgs Extensions. These are updated whenver they get around to it.

nixos/modules/nixos/services/default.nix

@@ -15,6 +15,5 @@
     ./reboot-required-check.nix
     ./restic
     ./sanoid
-    ./vault
   ];
 }

nixos/modules/nixos/services/vault/default.nix

@@ -1,30 +0,0 @@
-{ config, lib, pkgs, ... }:
-let
-  cfg = config.mySystem.services.vault;
-in
-{
-  options.mySystem.services.vault = {
-    enable = lib.mkEnableOption "vault";
-    address = lib.mkOption {
-      type = lib.types.str;
-      default = "127.0.0.1:8200";
-      description = "Address of the Vault server";
-      example = "127.0.0.1:8200";
-    };
-  };
-
-  config = lib.mkIf cfg.enable {
-    services.vault = {
-      enable = true;
-      package = pkgs.unstable.vault;
-      address = cfg.address;
-      dev = false;
-      storageBackend = "raft";
-      extraConfig = ''
-        api_addr = "http://127.0.0.1:8200"
-        cluster_addr = "http://127.0.0.1:8201"
-        ui = true
-      '';
-    };
-  };
-}

nixos/modules/nixos/services/vault/resources/vault-config.hcl

@@ -1,14 +0,0 @@
-listener "tcp" {
-    address = "0.0.0.0:8200"
-    tls_disable = true
-}
-
-storage "raft" {
-    path = "/var/lib/vault/data"
-    node_id = "node1"
-}
-
-disable_mlock = true
-api_addr = "http://localhost:8200"
-cluster_addr = "http://localhost:8201"
-ui = true

nixos/modules/nixos/system/fingerprint-reader-on-laptop-lid/default.nix

@@ -24,10 +24,10 @@ let
         grep -Fxq connected /sys/class/drm/card*-HDMI-*/status)
     then
       touch "$lock"
-      echo 0 > /dev/fingerprint_sensor/authorized
+      echo 0 > /sys/bus/usb/devices/5-4.1/authorized
     elif [ -f "$lock" ]
     then
-      echo 1 > /dev/fingerprint_sensor/authorized
+      echo 1 > /sys/bus/usb/devices/5-4.1/authorized
       rm "$lock"
     fi
   '';
@@ -38,20 +38,10 @@ in
   };
 
   config = lib.mkIf cfg.enable {
-    services = {
+    services.acpid = {
-      acpid = {
       enable = true;
       lidEventCommands = "${laptop-lid}";
     };
-      # Add udev rule to create symlink for fingerprint sensor
-      # when usb device 27c6:609c is connected or disconnected.
-      # Reason: hubs like caldigit re-orient the device number on each boot.
-      # May requires a reboot to take effect.
-      # or sudo udevadm control --reload-rules && sudo udevadm trigger
-      udev.extraRules = ''
-        SUBSYSTEM=="usb", ATTRS{idVendor}=="27c6", ATTRS{idProduct}=="609c", RUN+="/bin/sh -c 'ln -sf /sys$devpath /dev/fingerprint_sensor'"
-      '';
-    };
 
     # Disable fingerprint reader at login since you can't put in a password when fprintd is running.
     security.pam.services.login.fprintAuth = false;

nixos/profiles/role-dev.nix

@@ -21,13 +21,9 @@ with config;
     shfmt
     statix
 
-    # flake imports
+    # bind # for dns utils like named-checkconf
     inputs.nix-inspect.packages.${pkgs.system}.default
     inputs.talhelper.packages.${pkgs.system}.default
-
-    # charmbracelet tools
-    gum
-    vhs
   ];
 
   programs.direnv = {