diff --git a/flake.lock b/flake.lock index f03c3b1c..b43acc70 100644 --- a/flake.lock +++ b/flake.lock @@ -298,11 +298,11 @@ "zon2nix": "zon2nix" }, "locked": { - "lastModified": 1750025427, - "narHash": "sha256-l8wuoeARto4Gd0NpLnQsav6oVOMHPO16eyO34WceP3A=", + "lastModified": 1750641332, + "narHash": "sha256-db1Hn5jTj7D85S2iSMjkMo4pyWt7aUSoyAAMnNepb44=", "owner": "ghostty-org", "repo": "ghostty", - "rev": "d0f116da3554c151c63fd3a11e90661cb8489359", + "rev": "3e79c4b7eaf7c875001fd028df5188d10a6246ee", "type": "github" }, "original": { @@ -428,11 +428,11 @@ ] }, "locked": { - "lastModified": 1750033262, - "narHash": "sha256-TcFN78w6kPspxpbPsxW/8vQ1GAtY8Y3mjBaC+oB8jo4=", + "lastModified": 1750614446, + "narHash": "sha256-6WH0aRFay79r775RuTqUcnoZNm6A4uHxU1sbcNIk63s=", "owner": "nix-community", "repo": "home-manager", - "rev": "66523b0efe93ce5b0ba96dcddcda15d36673c1f0", + "rev": "7c35504839f915abec86a96435b881ead7eb6a2b", "type": "github" }, "original": { @@ -507,11 +507,11 @@ ] }, "locked": { - "lastModified": 1749873626, - "narHash": "sha256-1Mc/D/1RwwmDKY59f4IpDBgcQttxffm+4o0m67lQ8hc=", + "lastModified": 1750618568, + "narHash": "sha256-w9EG5FOXrjXGfbqCcQg9x1lMnTwzNDW5BMXp8ddy15E=", "owner": "lnl7", "repo": "nix-darwin", - "rev": "2f140d6ac8840c6089163fb43ba95220c230f22b", + "rev": "1dd19f19e4b53a1fd2e8e738a08dd5fe635ec7e5", "type": "github" }, "original": { @@ -526,11 +526,11 @@ "nixpkgs": "nixpkgs_3" }, "locked": { - "lastModified": 1750075508, - "narHash": "sha256-9LWAshUNUej/A+OS+a4Hu4ICbIIeIWTe3l0i4klg1gg=", + "lastModified": 1750557776, + "narHash": "sha256-+BgqY5UK1moaknyb+yi6NOqx63e0lT7V6d2h6lhFQoQ=", "owner": "fufexan", "repo": "nix-gaming", - "rev": "1c993e08c87dd4cec93cd6fdb6b7131ba068bef9", + "rev": "6bdd014132028f025d53059a40ce9489c070ca27", "type": "github" }, "original": { @@ -577,11 +577,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1749832440, - "narHash": "sha256-lfxhuxAaHlYFGr8yOrAXZqdMt8PrFLzjVqH9v3lQaoY=", + "lastModified": 1750431636, + "narHash": "sha256-vnzzBDbCGvInmfn2ijC4HsIY/3W1CWbwS/YQoFgdgPg=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "db030f62a449568345372bd62ed8c5be4824fa49", + "rev": "1552a9f4513f3f0ceedcf90320e48d3d47165712", "type": "github" }, "original": { @@ -600,11 +600,11 @@ ] }, "locked": { - "lastModified": 1749694961, - "narHash": "sha256-JPuFvJU04AA6ikD86xFHNrDCYWOIKlcFadYfcbnEtW0=", + "lastModified": 1750300042, + "narHash": "sha256-2L+KFw/yBIirjPHIz9lKY4CE4ReTe2jaVM6m6c5DpDU=", "owner": "nixpak", "repo": "nixpak", - "rev": "28f628407a028e3dc00ccccdb354baa257d57e6a", + "rev": "52240e9b9218167e2edfc9a7c31f957d4dc8cd8e", "type": "github" }, "original": { @@ -630,11 +630,11 @@ }, "nixpkgs-darwin": { "locked": { - "lastModified": 1749903597, - "narHash": "sha256-jp0D4vzBcRKwNZwfY4BcWHemLGUs4JrS3X9w5k/JYDA=", + "lastModified": 1750386251, + "narHash": "sha256-1ovgdmuDYVo5OUC5NzdF+V4zx2uT8RtsgZahxidBTyw=", "owner": "nixos", "repo": "nixpkgs", - "rev": "41da1e3ea8e23e094e5e3eeb1e6b830468a7399e", + "rev": "076e8c6678d8c54204abcb4b1b14c366835a58bb", "type": "github" }, "original": { @@ -661,11 +661,11 @@ }, "nixpkgs-ollama": { "locked": { - "lastModified": 1749794982, - "narHash": "sha256-Kh9K4taXbVuaLC0IL+9HcfvxsSUx8dPB5s5weJcc9pc=", + "lastModified": 1750506804, + "narHash": "sha256-VLFNc4egNjovYVxDGyBYTrvVCgDYgENp5bVi9fPTDYc=", "owner": "nixos", "repo": "nixpkgs", - "rev": "ee930f9755f58096ac6e8ca94a1887e0534e2d81", + "rev": "4206c4cb56751df534751b058295ea61357bbbaa", "type": "github" }, "original": { @@ -693,11 +693,11 @@ }, "nixpkgs-stable_2": { "locked": { - "lastModified": 1749857119, - "narHash": "sha256-tG5xUn3hFaPpAHYIvr2F88b+ovcIO5k1HqajFy7ZFPM=", + "lastModified": 1750400657, + "narHash": "sha256-3vkjFnxCOP6vm5Pm13wC/Zy6/VYgei/I/2DWgW4RFeA=", "owner": "nixos", "repo": "nixpkgs", - "rev": "5f4f306bea96741f1588ea4f450b2a2e29f42b98", + "rev": "b2485d56967598da068b5a6946dadda8bfcbcd37", "type": "github" }, "original": { @@ -709,11 +709,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1749794982, - "narHash": "sha256-Kh9K4taXbVuaLC0IL+9HcfvxsSUx8dPB5s5weJcc9pc=", + "lastModified": 1750506804, + "narHash": "sha256-VLFNc4egNjovYVxDGyBYTrvVCgDYgENp5bVi9fPTDYc=", "owner": "nixos", "repo": "nixpkgs", - "rev": "ee930f9755f58096ac6e8ca94a1887e0534e2d81", + "rev": "4206c4cb56751df534751b058295ea61357bbbaa", "type": "github" }, "original": { @@ -738,11 +738,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1749871736, - "narHash": "sha256-K9yBph93OLTNw02Q6e9CYFGrUhvEXnh45vrZqIRWfvQ=", + "lastModified": 1750386251, + "narHash": "sha256-1ovgdmuDYVo5OUC5NzdF+V4zx2uT8RtsgZahxidBTyw=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "6afe187897bef7933475e6af374c893f4c84a293", + "rev": "076e8c6678d8c54204abcb4b1b14c366835a58bb", "type": "github" }, "original": { @@ -754,11 +754,11 @@ }, "nixpkgs_4": { "locked": { - "lastModified": 1749794982, - "narHash": "sha256-Kh9K4taXbVuaLC0IL+9HcfvxsSUx8dPB5s5weJcc9pc=", + "lastModified": 1750506804, + "narHash": "sha256-VLFNc4egNjovYVxDGyBYTrvVCgDYgENp5bVi9fPTDYc=", "owner": "nixos", "repo": "nixpkgs", - "rev": "ee930f9755f58096ac6e8ca94a1887e0534e2d81", + "rev": "4206c4cb56751df534751b058295ea61357bbbaa", "type": "github" }, "original": { @@ -822,11 +822,11 @@ "nixpkgs": "nixpkgs_6" }, "locked": { - "lastModified": 1747880260, - "narHash": "sha256-qJSGFMB/bPCeX2TPWhrbe3AZhLbxEtm/HeUV2+rOO78=", + "lastModified": 1750521085, + "narHash": "sha256-LUFa9qQ6q6xjvMY+e3S8y0OgBW18T2qvFCJzwXJme9U=", "owner": "ryan4yin", "repo": "nur-packages", - "rev": "b64163d1bffff09b39a109d38163e6960c524c4f", + "rev": "3774a59e8ff3ecc620fbc133af7f41c82d302e6b", "type": "github" }, "original": { diff --git a/modules/nixos/desktop/misc.nix b/modules/nixos/desktop/misc.nix index 13696fa9..9c0dbe8e 100644 --- a/modules/nixos/desktop/misc.nix +++ b/modules/nixos/desktop/misc.nix @@ -35,10 +35,6 @@ }; programs = { - # The OpenSSH agent remembers private keys for you - # so that you don’t have to type in passphrases every time you make an SSH connection. - # Use `ssh-add` to add a key to the agent. - ssh.startAgent = true; # dconf is a low-level configuration system. dconf.enable = true; diff --git a/modules/nixos/desktop/security.nix b/modules/nixos/desktop/security.nix index ef3abe59..e2242562 100644 --- a/modules/nixos/desktop/security.nix +++ b/modules/nixos/desktop/security.nix @@ -6,7 +6,16 @@ # security with polkit security.polkit.enable = true; # security with gnome-kering - services.gnome.gnome-keyring.enable = true; + services.gnome = { + gnome-keyring.enable = true; + # Use gnome keyring's SSH Agent + # https://wiki.gnome.org/Projects/GnomeKeyring/Ssh + gcr-ssh-agent.enable = false; + }; + # The OpenSSH agent remembers private keys for you + # so that you don’t have to type in passphrases every time you make an SSH connection. + # Use `ssh-add` to add a key to the agent. + programs.ssh.startAgent = true; security.pam.services.greetd.enableGnomeKeyring = true; # gpg agent with pinentry diff --git a/utils.nu b/utils.nu index 8ce1a9f4..d1ec56b3 100644 --- a/utils.nu +++ b/utils.nu @@ -7,9 +7,9 @@ export def nixos-switch [ if "debug" == $mode { # show details via nix-output-monitor nom build $".#nixosConfigurations.($name).config.system.build.toplevel" --show-trace --verbose - nixos-rebuild switch --use-remote-sudo --flake $".#($name)" --show-trace --verbose + nixos-rebuild switch --sudo --flake $".#($name)" --show-trace --verbose } else { - nixos-rebuild switch --use-remote-sudo --flake $".#($name)" + nixos-rebuild switch --sudo --flake $".#($name)" } }