diff --git a/.sops.yaml b/.sops.yaml index 3898e97..3cde5b1 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -1,7 +1,7 @@ keys: - &primary age1sseqwwa7fc0ftry8njyuagdg28fkmtdwmj6m7p3etjsj83suee3shfzjyz creation_rules: - - path_regex: secrets/secrets.yaml$ + - path_regex: secrets.yaml$ key_groups: - age: - - *primary + - *primary diff --git a/configuration.nix b/configuration.nix index 1508ad7..1e822fd 100644 --- a/configuration.nix +++ b/configuration.nix @@ -127,6 +127,7 @@ # Bootloader boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; + boot.kernel.sysctl."kernel.yama.ptrace_scope" = lib.mkForce 0; # Nix nix.settings = { diff --git a/home/guz-lite/browser.nix b/home/guz-lite/browser.nix index 1a96692..e730d29 100644 --- a/home/guz-lite/browser.nix +++ b/home/guz-lite/browser.nix @@ -2,6 +2,7 @@ self, pkgs, lib, + config, ... }: { imports = [ diff --git a/home/guz/apps.nix b/home/guz/apps.nix index 6ae8bf1..8226721 100644 --- a/home/guz/apps.nix +++ b/home/guz/apps.nix @@ -42,6 +42,9 @@ # 3D modeling "net.blockbench.Blockbench" "org.blender.Blender" + + # For sites that are incompatible with qutebrowser + "io.gitlab.librewolf-community" ]; services.flatpak.overrides = { "net.blockbench.Blockbench" = {Context.sockets = ["x11"];}; @@ -65,6 +68,7 @@ lutris winePackages.waylandFull pcsx2 + mono # For city skylines mods # Social vesktop diff --git a/home/worm/default.nix b/home/worm/default.nix index b82ceef..96186c1 100644 --- a/home/worm/default.nix +++ b/home/worm/default.nix @@ -1,4 +1,9 @@ -{self, ...}: { +{ + self, + pkgs, + osConfig, + ... +}: { home.username = "guz"; home.homeDirectory = "/home/guz"; @@ -7,6 +12,9 @@ ]; devkit.enable = true; + devkit.git.wrapper = pkgs.writeShellScriptBin "git-script" '' + bash ${osConfig.sops.secrets."guz/git-script".path} "$@" + ''; # The *state version* indicates which default # settings are in effect and will therefore help avoid breaking diff --git a/modules/home-manager/devkit.nix b/modules/home-manager/devkit.nix index 8bde77d..efc67bb 100644 --- a/modules/home-manager/devkit.nix +++ b/modules/home-manager/devkit.nix @@ -17,6 +17,10 @@ in { type = with types; bool; default = cfg.enable; }; + git.wrapper = mkOption { + type = with types; nullOr package; + default = null; + }; lazygit.enable = mkOption { type = with types; bool; default = cfg.enable; @@ -107,7 +111,13 @@ in { enable = true; userEmail = "contact@guz.one"; userName = "Gustavo \"Guz\" L de Mello"; - package = config._devkit.packages.git; + package = + if isNull cfg.git.wrapper + then config._devkit.packages.git + else + pkgs.writeShellScriptBin "git" '' + ${lib.getExe cfg.git.wrapper} ${lib.getExe config._devkit.packages.git} "$@" + ''; }; ## Lazygit (Git TUI) diff --git a/secrets.nix b/secrets.nix index fba3abf..ca95af1 100644 --- a/secrets.nix +++ b/secrets.nix @@ -19,4 +19,7 @@ sops.secrets."guz/password" = { owner = config.users.users.guz.name; }; + sops.secrets."guz/git-script" = { + owner = config.users.users.guz.name; + }; } diff --git a/secrets.yaml b/secrets.yaml index ec94e6f..411c17e 100644 --- a/secrets.yaml +++ b/secrets.yaml @@ -1,24 +1,18 @@ -lat: ENC[AES256_GCM,data:jmQPcQFV,iv:k4+a7lA64yT9AJANcOQ4HDZzq8aL2Tga67BesqfnL3A=,tag:OjRTtL/BoDwDBWvWQUCt9Q==,type:str] -lon: ENC[AES256_GCM,data:Qn9Gi5LP7ve3kA==,iv:s3ZdJ6rfl03nzEes4BpGPIzUUq5yCOIBKbKhfznG0nw=,tag:uyvowjKDoTMtuApUVZA+ag==,type:str] guz: - password: ENC[AES256_GCM,data:ZJVZSAwEoYHlkrmxEV+0ohCDVoduhFNx1bz1dAzxJ1MgNHxsE89OGTfWVGmen9xK2auPcHIplOcHwgMDbaAXToB1uF47P3uAzQ==,iv:wGz8vLqU8IQUKOwPeBxLX7zUgJrlwJ5cGl8i2guvuXg=,tag:gEl97Pu7CiJ0i9aAwBeCjw==,type:str] + password: ENC[AES256_GCM,data:0D9a5w==,iv:+ahN7Y5rsJGCB6/sLgA11yt6YjPDIs1Q7qyTSBqp/No=,tag:pqnd/zAKu4ZFSsrInPPO5g==,type:str] + git-script: ENC[AES256_GCM,data:kVVGMnaIiUkVWG5dKdT+2Hq4+NBc2wCDkmLaAOnL3rsDmN7cPPYrskaTtoA3RJSuvYgGugh8WMncoF93DZyCFn/V2ZTVKz3JFKZySwTCXiZW1FyohwGXrj2gAjLRoGl0myYWQuW9DHSVCVNdamcd48Tyb4N9IlbSAxyP5U4CRgwdHRdbqXwjrj9h8N8lpww3ocibY2/lRN1PeuUaDzXG80kinESrmY75KFHBRdK9+kFAPhyopW/q21gVpzMUXs4qZTddkSgkMe35R4d97Bzjbpyadgko67aGv2m2fu488Wie4fo/PPkcChZuz4JfpSXmrN4OFyr8eEgK7qBQHo5PslZKVl1dmX+UVt8Si0tfqS1Q3w7F+4WyuZxA23n7esjMB0inyeeMYesWTaerWyP4xCdhqzLjQoGvPthBVxP1mUmw0+QDVEjXpnZZkOjyn+dmTjtIoTiK5j9h/4B7Bnx/QXrTy2c0gy1Wu/HVXn8NCJDYihn62XVIJnVtJbiHf7n4FILUHJBhP1Nb3+kgbVDd55/T5QupNdlUGqGcNxm96s4Ts/15Nl6ZEjS0uDYA9XiV8e0P2b59bCFCnxRJO8S4zHPc9S0Bo2cbBPJbQR7UcUrhmLdZZPtxa+c4u4iZiMnx1RRs/P5ctqJESfXxf9VYsTJ7ywNUT2nNa3AgM2hnY1P5L2MxcR6BW3hgFUFrI7O5TbovQezMrZADfa7aBNerI8kFggg0uFnYiCMKS0YXz2F+ZovDgjfRy2xEUWlueHEmco4QNGRUfYNv1fLx3PS+qIH0A3qzorsxbL0IFdTy+awBkuGW7wHZSKGFHXWCkha+/hrD74XcOEfjch3WKGcYeDBtQa7IB0LoJQ2Dpk0o9ocbcWd6mNMeZIPFloRAvKxt90B5UoHFL8SRRbUmaLNHMIVfG8Nohs6e5C6ALwGsPxv/dn9h3xzW7yU5q1CHS6+t3klKhhnGGq7KY60NfGGbE0HIspomJs3Z9vmOvIIJHL3nXBoX3smSXhxUkrOBB0kXE83B6MGtTPjuZLlko7xaCWMshnBen+YE+W89jNl66hl1TzvKjULxFRsYZKfagsQ+2eNdoZMbKH2Ka0X77W4nHob9q0DKqVEdf2ajM1rxGbliYnDA14eVGsQQG+ZZBsAiR2C7jHZ6R/48U9QtNmWQis9iwMQRfjcA8NPxYjyI6CMQ0YDujFyOtD8bshiipw0CcPgjDlDy7El0ywmiSoxN5uixMd2aZ+Ky+R0wMSH+4iv3KA4LWgPc7yXcLQ/Pr1qqqNLMLVlMc8l5fruLQG0OPn8Fbl9nmXJ/zBqWRT6XrN4Bmg8PvMe2t2dKQAZ50bLbw8u9LRWJj0qLIuMb18zj1dGx7CzxM6AsEZM0J9hWqlLWts4RpSE2UEVsIAEDDmvGolMasnscog1MqyWngWIY3iYC24fhyMwnCcVxmWtNHpaE7ny9iWW0OCqfVTnLmG6TVe1nULVk7A5WxwI/QvTiH0Oi7W9kSlJ/xpsvS4mA1AHG/oY+Ysy8Fz28G8SEPIIUpTNnnJfocGE3JTteM9e19AxgJenBY6Mjuc6VqhWDCuf74yAr6HP4YX2O9biDwO03wr1OMwapPMNToh/gEyTUmnZ4HHkjBerQTID6xGEvM0qj3s+oywj5VR42kaldlzTJooRsuW1lZjzxu6UIMNpnBTFqGeM7/dE56T2J9Lk9cmArVn6WWPCMYcknV6j5ocYeFdoLdExqXpBYfYPBSP6jjBRlJDEyzdRUCKUH4dZSVSoODDkZkK306N/fJVq9p6OwB8jFcDXWsQQ7M+4GXHxwlRp0F7PKkzQvmRvYyfW6r02iWdibNnUnahjIpp3wgRrScFAeRafZPZRDzufCo+jF+g==,iv:vWAu81yaHUfkJNTQVJQ0RwvDsSE6LEaxDGEHDXmstes=,tag:exTNWoILANH/iOAH8U/bPg==,type:str] sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] age: - recipient: age1sseqwwa7fc0ftry8njyuagdg28fkmtdwmj6m7p3etjsj83suee3shfzjyz enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBieTdSNVJ5NVBwczRUM3By - T01WWmxvQ2RBbzlaMG9oNVBDN21Rd2hsNnc4Ci9tdFhJbUNHK09WNUM5WDJKMUEz - Rm1pZXE0cVVQcHZoRjRESTFYQzJ5R28KLS0tIG1jZmpKVC9obUtneTIzWmlvK09l - Nm1UT1pUeWJhS1hhUWo4b3A1RElKNG8KIzbqwoCynolclZkZ3AiIkqpGjEBUZPo2 - h8Y3Rx2QASD6tg9jlxRqGtbXe+mNgcCNTt7cdOyhndQzzq/2GfbujA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqT3BmQmhTZ0hRYzYvUitP + NWdYaFJFblljZ2VNUHBGWE1WN082cGRwM1cwClgvcWlzTlpNSXM5N3pSZ0FLRXBU + QlpMeFAxcnlncExFdlRQd054TjZzN0kKLS0tIFlaczl6R2tMUFdDM1ZhWUlwVlg5 + TUIyZG5rVC9PM21RR1ZtaXhKUytyL2sKH49RFJJi94RFtbyJMYM2oLETQ3sgpXkJ + BFyQJClKlbE5In6XnvJ0PjXForr8tYFIZ2YG7/Y2jf/hXMtIHO/02g== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-04-10T16:19:17Z" - mac: ENC[AES256_GCM,data:R+AaVdTuE6tTO2UDDtscTl8e+3QpIxvfVOI3SLlZyeWxTgaZpyt+q14B/O5bcdvPRa4vymI9I94e3d15wnfINPLyKgW29fQcovO2k5i+OZXsLylIdVHyZfz4PSMGhSN/SHs86iFNHNEoc+UxtE0MSVfXBbWtIAMpoOEeTQDdIRA=,iv:bXL9dwjNmAl57qWeZTdQsT6gPSrUUzLVruMvqEze0JM=,tag:pXkkJO1KUStnErAg2BBnFA==,type:str] - pgp: [] + lastmodified: "2025-06-12T21:13:51Z" + mac: ENC[AES256_GCM,data:txH7fwffXLn/LYzYcLXC/+Etb9mshlueIMXuQKhmrB+G2z5kgk2LCVyTjlm2SnS5hBqsKzy8FxEozhFz5ykYoxwvjKOZLoVDnWMXHMjN/vjyq3MsY+5v1OtbEWyDXzGqHOTVaF/wXeKifxZnfFBJ0u6xzBBCH0Q2LVsExSC2W4I=,iv:9dThsWLNtnyvk9/hZFSlLIcIpUMwymTqteuRa+E2FjM=,tag:aE+KOS5iXJ3xClBbtKwm/A==,type:str] unencrypted_suffix: _unencrypted - version: 3.8.1 + version: 3.10.2