summaryrefslogtreecommitdiffstats
path: root/makefu/2configs
diff options
context:
space:
mode:
Diffstat (limited to 'makefu/2configs')
-rw-r--r--makefu/2configs/deployment/bureautomation/hass.nix88
-rw-r--r--makefu/2configs/deployment/google-muell.nix11
-rw-r--r--makefu/2configs/fs/single-partition-ext4.nix2
-rw-r--r--makefu/2configs/git/cgit-retiolum.nix1
-rw-r--r--makefu/2configs/hw/bluetooth.nix13
-rw-r--r--makefu/2configs/mail/mail.euer.nix47
-rw-r--r--makefu/2configs/mqtt.nix1
-rw-r--r--makefu/2configs/nginx/euer.mon.nix18
-rw-r--r--makefu/2configs/nginx/misa-felix-hochzeit.ml.nix2
-rw-r--r--makefu/2configs/remote-build/slave.nix5
-rw-r--r--makefu/2configs/retroshare.nix10
-rw-r--r--makefu/2configs/save-diskspace.nix4
-rw-r--r--makefu/2configs/share/gum-client.nix1
-rw-r--r--makefu/2configs/share/omo-timemachine.nix19
-rw-r--r--makefu/2configs/stats/external/weather2stats.nix38
-rw-r--r--makefu/2configs/stats/server.nix17
-rw-r--r--makefu/2configs/syncthing.nix10
-rw-r--r--makefu/2configs/tinc/retiolum.nix3
-rw-r--r--makefu/2configs/tools/core.nix4
-rw-r--r--makefu/2configs/tools/extra-gui.nix1
-rw-r--r--makefu/2configs/tools/media.nix7
-rw-r--r--makefu/2configs/tools/mobility.nix6
-rw-r--r--makefu/2configs/tools/secrets.nix12
-rw-r--r--makefu/2configs/zsh-user.nix2
24 files changed, 245 insertions, 77 deletions
diff --git a/makefu/2configs/deployment/bureautomation/hass.nix b/makefu/2configs/deployment/bureautomation/hass.nix
index d5793f886..4605e8933 100644
--- a/makefu/2configs/deployment/bureautomation/hass.nix
+++ b/makefu/2configs/deployment/bureautomation/hass.nix
@@ -1,48 +1,43 @@
{ pkgs, lib, ... }:
let
- tasmota_plug = name: topic: {
- platform = "mqtt";
- inherit name;
- state_topic = "/bam/${topic}/stat/POWER";
- command_topic = "/bam/${topic}/cmnd/POWER";
- availability_topic = "/bam/${topic}/tele/LWT";
- qos = 1;
- payload_on= "ON";
- payload_off= "OFF";
- payload_available= "Online";
- payload_not_available= "Offline";
- retain= false;
- };
+ tasmota_plug = name: topic:
+ { platform = "mqtt";
+ inherit name;
+ state_topic = "/bam/${topic}/stat/POWER1";
+ command_topic = "/bam/${topic}/cmnd/POWER1";
+ availability_topic = "/bam/${topic}/tele/LWT";
+ payload_on= "ON";
+ payload_off= "OFF";
+ payload_available= "Online";
+ payload_not_available= "Offline";
+ };
espeasy_dht22 = name: [
- {
- platform = "mqtt";
- device_class = "temperature";
- state_topic = "/bam/${name}/dht22/Temperature";
- availability_topic = "/bam/${name}/status/LWT";
- payload_available = "Connected";
- payload_not_available = "Connection Lost";
- }
- {
- platform = "mqtt";
- device_class = "humidity";
- state_topic = "/bam/${name}/dht22/Temperature";
- unit_of_measurement = "C";
- availability_topic = "/bam/${name}/status/LWT";
- payload_available = "Connected";
- payload_not_available = "Connection Lost";
- }];
- espeasy_ds18 = name: [
- {
- platform = "mqtt";
- device_class = "temperature";
- state_topic = "/bam/${name}/ds18/Temperature";
- availability_topic = "/bam/${name}/status/LWT";
- payload_available = "Connected";
- payload_not_available = "Connection Lost";
- }
- ];
+ { platform = "mqtt";
+ name = "${name} DHT22 Temperature";
+ device_class = "temperature";
+ state_topic = "/bam/${name}/dht22/Temperature";
+ availability_topic = "/bam/${name}/tele/LWT";
+ payload_available = "Online";
+ payload_not_available = "Offline";
+ }
+ { platform = "mqtt";
+ device_class = "humidity";
+ name = "${name} DHT22 Humidity";
+ state_topic = "/bam/${name}/dht22/Humidity";
+ availability_topic = "/bam/${name}/tele/LWT";
+ payload_available = "Online";
+ payload_not_available = "Offline";
+ }];
+ espeasy_ds18 = name:
+ { platform = "mqtt";
+ name = "${name} DS18 Temperature";
+ state_topic = "/bam/${name}/ds18/Temperature";
+ availability_topic = "/bam/${name}/tele/LWT";
+ payload_available = "Online";
+ payload_not_available = "Offline";
+ };
in {
-
+ networking.firewall.allowedTCPPorts = [ 8123 ];
nixpkgs.config.permittedInsecurePackages = [
"homeassistant-0.65.5"
];
@@ -81,18 +76,19 @@ in {
(tasmota_plug "Pluggy" "plug4")
];
binary_sensor = [
- { # esp_easy
- platform = "mqtt";
+ { platform = "mqtt";
device_class = "motion";
+ name = "Motion";
state_topic = "/bam/easy2/movement/Switch";
payload_on = "1";
payload_off = "0";
- availability_topic = "/bam/easy2/status/LWT";
- payload_available = "Connected";
- payload_not_available = "Connection Lost";
+ availability_topic = "/bam/easy2/tele/LWT";
+ payload_available = "Online";
+ payload_not_available = "Offline";
}
];
sensor =
+ (espeasy_dht22 "easy1") ++
(espeasy_dht22 "easy2") ++
[ (espeasy_ds18 "easy3" )
{ platform = "luftdaten";
diff --git a/makefu/2configs/deployment/google-muell.nix b/makefu/2configs/deployment/google-muell.nix
index f23789ee5..235cc1546 100644
--- a/makefu/2configs/deployment/google-muell.nix
+++ b/makefu/2configs/deployment/google-muell.nix
@@ -5,7 +5,10 @@ let
home = "/var/lib/ampel";
sec = "${toString <secrets>}/google-muell.json";
ampelsec = "${home}/google-muell.json";
- esp = "192.168.1.23";
+ cred = "${toString <secrets>}/google-muell-creds.json";
+ # TODO: generate this credential file locally
+ ampelcred = "${home}/google-muell-creds.json";
+ esp = "192.168.8.204";
sleepval = "1800";
in {
users.users.ampel = {
@@ -21,10 +24,10 @@ in {
serviceConfig = {
User = "ampel";
ExecStartPre = pkgs.writeDash "copy-ampel-secrets" ''
- cp ${sec} ${ampelsec}
- chown ampel ${ampelsec}
+ install -m600 -o ampel ${sec} ${ampelsec}
+ install -m600 -o ampel ${cred} ${ampelcred}
'';
- ExecStart = "${pkg}/bin/google-muell --esp=${esp} --client-secrets=${ampelsec} --credential-path=${home}/google-muell-creds.json --sleepval=${sleepval}";
+ ExecStart = "${pkg}/bin/google-muell --esp=${esp} --client-secrets=${ampelsec} --credential-path=${ampelcred} --sleepval=${sleepval}";
PermissionsStartOnly = true;
Restart = "always";
RestartSec = 10;
diff --git a/makefu/2configs/fs/single-partition-ext4.nix b/makefu/2configs/fs/single-partition-ext4.nix
index 1970c949f..1655556a5 100644
--- a/makefu/2configs/fs/single-partition-ext4.nix
+++ b/makefu/2configs/fs/single-partition-ext4.nix
@@ -1,5 +1,7 @@
{config, ...}:
{
+ # fdisk /dev/sda
+ # mkfs.ext4 -L nixos /dev/sda1
boot.loader.grub.enable = assert config.boot.loader.grub.device != ""; true;
boot.loader.grub.version = 2;
diff --git a/makefu/2configs/git/cgit-retiolum.nix b/makefu/2configs/git/cgit-retiolum.nix
index 61182f6c3..1a7f3d987 100644
--- a/makefu/2configs/git/cgit-retiolum.nix
+++ b/makefu/2configs/git/cgit-retiolum.nix
@@ -31,6 +31,7 @@ let
ampel = { };
europastats = { };
arafetch = { };
+ disko = { };
init-stockholm = {
cgit.desc = "Init stuff for stockholm";
};
diff --git a/makefu/2configs/hw/bluetooth.nix b/makefu/2configs/hw/bluetooth.nix
index 85c3190ff..313ca0147 100644
--- a/makefu/2configs/hw/bluetooth.nix
+++ b/makefu/2configs/hw/bluetooth.nix
@@ -29,11 +29,14 @@
# presumably a2dp Sink
# Enable profile:
## pacmd set-card-profile "$(pactl list cards short | egrep -o bluez_card[[:alnum:]._]+)" a2dp_sink
- hardware.bluetooth.extraConfig = '';
- [general]
- Enable=Source,Sink,Media,Socket
- '';
# connect via https://nixos.wiki/wiki/Bluetooth#Using_Bluetooth_headsets_with_PulseAudio
- hardware.bluetooth.enable = true;
+ hardware.bluetooth = {
+ enable = true;
+ powerOnBoot = false;
+ extraConfig = ''
+ [general]
+ Enable=Source,Sink,Media,Socket
+ '';
+ };
}
diff --git a/makefu/2configs/mail/mail.euer.nix b/makefu/2configs/mail/mail.euer.nix
new file mode 100644
index 000000000..f079d7f41
--- /dev/null
+++ b/makefu/2configs/mail/mail.euer.nix
@@ -0,0 +1,47 @@
+{ config, pkgs, ... }:
+{
+ imports = [
+ (builtins.fetchTarball "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/v2.1.4/nixos-mailserver-v2.1.4.tar.gz")
+ ];
+
+ mailserver = {
+ enable = true;
+ fqdn = "euer.eloop.org";
+ domains = [ "euer.eloop.org" ];
+ loginAccounts = {
+ "makefu@euer.eloop.org" = {
+ hashedPassword = "$6$5gFFAPnI/c/EHIx$3aHj64p5SX./C.MPb.eBmyLDRdWS1yaoV0s9r3Yexw4UO9URdUkBDgqT7F0Mjgt6.gyYaJ5E50h0Yg7iHtLWI/";
+ aliases = [ "root@euer.eloop.org" ];
+ catchAll = [ "euer.eloop.org" ];
+
+ };
+ };
+ certificateScheme = 3;
+
+ # Enable IMAP and POP3
+ enableImap = true;
+ enablePop3 = false;
+ enableImapSsl = true;
+ enablePop3Ssl = false;
+
+ # Enable the ManageSieve protocol
+ enableManageSieve = true;
+
+ virusScanning = false;
+
+ };
+
+ services.dovecot2.extraConfig = ''
+ ssl_dh = </var/lib/dhparams/dovecot.pem
+ '';
+ # workaround for DH creation
+ # security.dhparams = {
+ # enable = true;
+ # params = {
+ # dovecot = 2048;
+ # };
+ # };
+ # systemd.services.dovecot2.requires = [ "dhparams-gen-dovecot.service" ];
+ # systemd.services.dovecot2.after = [ "dhparams-gen-dovecot.service" ];
+}
+
diff --git a/makefu/2configs/mqtt.nix b/makefu/2configs/mqtt.nix
index 39c9fdfdd..c56521812 100644
--- a/makefu/2configs/mqtt.nix
+++ b/makefu/2configs/mqtt.nix
@@ -4,6 +4,7 @@
enable = true;
host = "0.0.0.0";
users = {};
+ # TODO: secure that shit
allowAnonymous = true;
};
}
diff --git a/makefu/2configs/nginx/euer.mon.nix b/makefu/2configs/nginx/euer.mon.nix
index c5a7e68af..765fef535 100644
--- a/makefu/2configs/nginx/euer.mon.nix
+++ b/makefu/2configs/nginx/euer.mon.nix
@@ -10,7 +10,12 @@ let
in {
services.nginx = {
enable = mkDefault true;
- virtualHosts."mon.euer.krebsco.de" = {
+ virtualHosts."mon.euer.krebsco.de" = let
+ # flesh_wrap
+ authFile = pkgs.writeText "influx.conf" ''
+ user:$apr1$ZG9oQCum$FhtIe/cl3jf8Sa4zq/BWd1
+ '';
+ in {
forceSSL = true;
enableACME = true;
locations."/" = {
@@ -21,6 +26,17 @@ in {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
'';
};
+ locations."/influxdb/" = {
+ proxyPass = "http://wbob.r:8086/";
+ extraConfig = ''
+ auth_basic "Needs Autherization to visit";
+ auth_basic_user_file ${authFile};
+ proxy_http_version 1.1;
+ proxy_set_header Host $http_host;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_redirect off;
+ '';
+ };
};
};
}
diff --git a/makefu/2configs/nginx/misa-felix-hochzeit.ml.nix b/makefu/2configs/nginx/misa-felix-hochzeit.ml.nix
index d0881a934..752612342 100644
--- a/makefu/2configs/nginx/misa-felix-hochzeit.ml.nix
+++ b/makefu/2configs/nginx/misa-felix-hochzeit.ml.nix
@@ -3,7 +3,7 @@
services.nginx = {
enable = lib.mkDefault true;
virtualHosts."misa-felix-hochzeit.ml" = {
- serverAliases = [ "www.misa-felix-hochzeit.ml" "misa-felix.ml" "www.misa-felix.ml" ];
+ serverAliases = [ "misa-felix.ml" "www.misa-felix.ml" ];
forceSSL = true;
enableACME = true;
locations = {
diff --git a/makefu/2configs/remote-build/slave.nix b/makefu/2configs/remote-build/slave.nix
index b6e000a34..89121ffd6 100644
--- a/makefu/2configs/remote-build/slave.nix
+++ b/makefu/2configs/remote-build/slave.nix
@@ -1,11 +1,10 @@
-{
+{config,...}:{
nix.trustedUsers = [ "nixBuild" ];
users.users.nixBuild = {
name = "nixBuild";
useDefaultShell = true;
- # TODO: put this somewhere else
openssh.authorizedKeys.keys = [
- "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPlhb0TIBW9RN9T8Is4YRIc1RjOg+cxbZCaDjbM4zxrX nixBuild"
+ config.krebs.users.buildbotSlave.pubkey
];
};
}
diff --git a/makefu/2configs/retroshare.nix b/makefu/2configs/retroshare.nix
new file mode 100644
index 000000000..4d2fc6af9
--- /dev/null
+++ b/makefu/2configs/retroshare.nix
@@ -0,0 +1,10 @@
+{ pkgs, ... }:
+let
+ port = 9024;
+in {
+ users.users.makefu.packages = [
+ pkgs.retroshare
+ ];
+ networking.firewall.allowedTCPPorts = [ port ];
+ networking.firewall.allowedUDPPorts = [ port ];
+}
diff --git a/makefu/2configs/save-diskspace.nix b/makefu/2configs/save-diskspace.nix
index 4fd569768..b6725e730 100644
--- a/makefu/2configs/save-diskspace.nix
+++ b/makefu/2configs/save-diskspace.nix
@@ -4,8 +4,8 @@ _:
environment.noXlibs = true;
nix.gc.automatic = true;
nix.gc.dates = "03:10";
- programs.info.enable = false;
- programs.man.enable = false;
+ documentation.info.enable = false;
+ documentation.man.enable = false;
services.journald.extraConfig = "SystemMaxUse=50M";
services.nixosManual.enable = false;
}
diff --git a/makefu/2configs/share/gum-client.nix b/makefu/2configs/share/gum-client.nix
index be9ab026b..db2adfb1c 100644
--- a/makefu/2configs/share/gum-client.nix
+++ b/makefu/2configs/share/gum-client.nix
@@ -17,6 +17,7 @@ in {
"file_mode=0775"
"dir_mode=0775"
"uid=9001"
+ "vers=3"
];
};
diff --git a/makefu/2configs/share/omo-timemachine.nix b/makefu/2configs/share/omo-timemachine.nix
new file mode 100644
index 000000000..18cf0328e
--- /dev/null
+++ b/makefu/2configs/share/omo-timemachine.nix
@@ -0,0 +1,19 @@
+{ pkgs, ... }:
+{
+ services.samba = {
+ # support for timemachine in git
+ package = pkgs.sambaFull;
+ shares = {
+ time_machine = {
+ path = "/media/crypt3/backup/time_machine";
+ "valid users" = "misa";
+ public = "no";
+ writeable = "yes";
+ "force user" = "misa";
+ "fruit:aapl" = "yes";
+ "fruit:time machine" = "yes";
+ "vfs objects" = "catia fruit streams_xattr";
+ };
+ };
+ };
+}
diff --git a/makefu/2configs/stats/external/weather2stats.nix b/makefu/2configs/stats/external/weather2stats.nix
new file mode 100644
index 000000000..870db99a8
--- /dev/null
+++ b/makefu/2configs/stats/external/weather2stats.nix
@@ -0,0 +1,38 @@
+{ config, lib, pkgs, ... }:
+
+with import <stockholm/lib>;
+let
+ pkg = pkgs.stdenv.mkDerivation {
+ name = "aralast-master";
+ src = pkgs.fetchFromGitHub {
+ owner = "makefu";
+ repo = "aralast";
+ rev = "7121598";
+ sha256 = "0vw027c698h9b69ksid5p3pji9960hd7n9xi4arrax0vfkwryb4m";
+ };
+ installPhase = ''
+ install -m755 -D aralast.sh $out/bin/aralast
+ '';
+ };
+in {
+ systemd.services.aralast = {
+ description = "periodically fetch aramark";
+ path = [
+ pkgs.curl
+ pkgs.gnugrep
+ pkgs.gnused
+ ];
+ wantedBy = [ "multi-user.target" ];
+ environment = {
+ INFLUX_HOST = "localhost";
+ INFLUX_PORT = "8086";
+ };
+ # every 10 seconds when the cantina is open
+ startAt = "Mon,Tue,Wed,Thu,Fri *-*-* 6,7,8,9,10,11,12,13,14,15:*:0,15,30,45";
+ serviceConfig = {
+ User = "nobody";
+ ExecStart = "${pkg}/bin/aralast";
+ PrivateTmp = true;
+ };
+ };
+}
diff --git a/makefu/2configs/stats/server.nix b/makefu/2configs/stats/server.nix
index 7548c733e..c8e768c99 100644
--- a/makefu/2configs/stats/server.nix
+++ b/makefu/2configs/stats/server.nix
@@ -2,11 +2,11 @@
with import <stockholm/lib>;
let
- irc-server = "rc.r";
+ irc-server = "irc.r";
irc-nick = "m-alarm";
collectd-port = 25826;
influx-port = 8086;
- grafana-port = 3000; # TODO nginx forward
+ grafana-port = 3000;
db = "collectd_db";
logging-interface = config.makefu.server.primary-itf;
in {
@@ -72,15 +72,16 @@ in {
iptables -A INPUT -i retiolum -p udp --dport ${toString collectd-port} -j ACCEPT
iptables -A INPUT -i retiolum -p tcp --dport ${toString influx-port} -j ACCEPT
iptables -A INPUT -i retiolum -p tcp --dport ${toString grafana-port} -j ACCEPT
- iptables -A INPUT -i ${logging-interface} -p udp --dport ${toString collectd-port} -j ACCEPT
- iptables -A INPUT -i ${logging-interface} -p tcp --dport ${toString influx-port} -j ACCEPT
- iptables -A INPUT -i ${logging-interface} -p tcp --dport ${toString grafana-port} -j ACCEPT
+ #iptables -A INPUT -i ${logging-interface} -p udp --dport ${toString collectd-port} -j ACCEPT
+ #iptables -A INPUT -i ${logging-interface} -p tcp --dport ${toString influx-port} -j ACCEPT
+ #iptables -A INPUT -i ${logging-interface} -p tcp --dport ${toString grafana-port} -j ACCEPT
ip6tables -A INPUT -i retiolum -p udp --dport ${toString collectd-port} -j ACCEPT
ip6tables -A INPUT -i retiolum -p tcp --dport ${toString influx-port} -j ACCEPT
ip6tables -A INPUT -i retiolum -p tcp --dport ${toString grafana-port} -j ACCEPT
- ip6tables -A INPUT -i ${logging-interface} -p udp --dport ${toString collectd-port} -j ACCEPT
- ip6tables -A INPUT -i ${logging-interface} -p tcp --dport ${toString influx-port} -j ACCEPT
- ip6tables -A INPUT -i ${logging-interface} -p tcp --dport ${toString grafana-port} -j ACCEPT
+ #ip6tables -A INPUT -i ${logging-interface} -p udp --dport ${toString collectd-port} -j ACCEPT
+ #ip6tables -A INPUT -i ${logging-interface} -p tcp --dport ${toString influx-port} -j ACCEPT
+ #ip6tables -A INPUT -i ${logging-interface} -p tcp --dport ${toString grafana-port} -j ACCEPT
'';
+ state = [ "/var/lib/grafana/data/grafana.db" ];
}
diff --git a/makefu/2configs/syncthing.nix b/makefu/2configs/syncthing.nix
index 6b758ea2d..bc7413a0a 100644
--- a/makefu/2configs/syncthing.nix
+++ b/makefu/2configs/syncthing.nix
@@ -1,11 +1,17 @@
-{...}:
+{ config, ... }:
with import <stockholm/lib>; {
services.syncthing = {
enable = true;
openDefaultPorts = true;
- useInotify = true;
group = "download";
};
users.extraGroups.download.gid = genid "download";
+ state = map (x: config.services.syncthing.dataDir + "/" + x) [
+ "key.pem"
+ "cert.pem"
+ "config.xml"
+ "https-cert.pem"
+ "https-key.pem"
+ ];
}
diff --git a/makefu/2configs/tinc/retiolum.nix b/makefu/2configs/tinc/retiolum.nix
index c55b94466..98abb2406 100644
--- a/makefu/2configs/tinc/retiolum.nix
+++ b/makefu/2configs/tinc/retiolum.nix
@@ -1,7 +1,8 @@
-_:
+{ pkgs, ... }:
{
imports = [
../binary-cache/lass.nix
];
krebs.tinc.retiolum.enable = true;
+ environment.systemPackages = [ pkgs.tinc ];
}
diff --git a/makefu/2configs/tools/core.nix b/makefu/2configs/tools/core.nix
index 604288904..33e896d4c 100644
--- a/makefu/2configs/tools/core.nix
+++ b/makefu/2configs/tools/core.nix
@@ -3,9 +3,11 @@
# tools i use when actually working with the host.
# package version will now be maintained by nix-rebuild
#
-# essentially `nix-env -q` of the main user
{
environment.systemPackages = with pkgs; [
+ ( pkgs.writeScriptBin "unknow" ''#!/bin/sh
+${gnused}/bin/sed -i "''${1}d" ~/.ssh/known_hosts
+ '')
at_spi2_core
acpi
bc
diff --git a/makefu/2configs/tools/extra-gui.nix b/makefu/2configs/tools/extra-gui.nix
index 3d26cc574..1c28eeffd 100644
--- a/makefu/2configs/tools/extra-gui.nix
+++ b/makefu/2configs/tools/extra-gui.nix
@@ -6,6 +6,7 @@
gimp
inkscape
libreoffice
+ quodlibet
# skype
synergy
tdesktop
diff --git a/makefu/2configs/tools/media.nix b/makefu/2configs/tools/media.nix
index 35faaa29f..a61b6c88e 100644
--- a/makefu/2configs/tools/media.nix
+++ b/makefu/2configs/tools/media.nix
@@ -3,11 +3,14 @@
{
users.users.makefu.packages = with pkgs; [
kodi
- streamripper
- youtube-dl
calibre
vlc
mumble
mplayer
+ quodlibet
+
+ plowshare
+ streamripper
+ youtube-dl
];
}
diff --git a/makefu/2configs/tools/mobility.nix b/makefu/2configs/tools/mobility.nix
index 1993a5212..8a559dbbd 100644
--- a/makefu/2configs/tools/mobility.nix
+++ b/makefu/2configs/tools/mobility.nix
@@ -3,7 +3,11 @@
users.users.makefu.packages = with pkgs;[
go-mtpfs
mosh
+ sshfs
+ rclone
+ exfat
+ (pkgs.callPackage ./secrets.nix {})
];
- boot.extraModulePackages = [ config.boot.kernelPackages.exfat-nofuse ];
+ # boot.extraModulePackages = [ config.boot.kernelPackages.exfat-nofuse ];
}
diff --git a/makefu/2configs/tools/secrets.nix b/makefu/2configs/tools/secrets.nix
new file mode 100644
index 000000000..f88618cbc
--- /dev/null
+++ b/makefu/2configs/tools/secrets.nix
@@ -0,0 +1,12 @@
+{ pass, write, writeDash, ... }:
+
+write "secrets" {
+ "/bin/secrets".link = writeDash "brain" ''
+ PASSWORD_STORE_DIR=$HOME/.secrets-pass/ \
+ exec ${pass}/bin/pass $@
+ '';
+ "/bin/secretsmenu".link = writeDash "secretsmenu" ''
+ PASSWORD_STORE_DIR=$HOME/.secrets-pass/ \
+ exec ${pass}/bin/passmenu $@
+ '';
+}
diff --git a/makefu/2configs/zsh-user.nix b/makefu/2configs/zsh-user.nix
index 6be078f6a..23ae572da 100644
--- a/makefu/2configs/zsh-user.nix
+++ b/makefu/2configs/zsh-user.nix
@@ -68,6 +68,8 @@ in
compdef _pass brain
zstyle ':completion::complete:brain::' prefix "$HOME/brain"
+ compdef _pass secrets
+ zstyle ':completion::complete:secrets::' prefix "$HOME/.secrets-pass/"
# ctrl-x ctrl-e
autoload -U edit-command-line