From 20b1809b0ce9ba4e2e6ff18a4cd21716d2d851c0 Mon Sep 17 00:00:00 2001 From: faukah Date: Mon, 8 Sep 2025 20:39:11 +0200 Subject: [PATCH 1/4] impermanence: fix secrets dir location --- modules/system/os/impermanence.mod.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/system/os/impermanence.mod.nix b/modules/system/os/impermanence.mod.nix index c50c9b4..0435a04 100644 --- a/modules/system/os/impermanence.mod.nix +++ b/modules/system/os/impermanence.mod.nix @@ -40,7 +40,7 @@ in "/var/lib/pipewire" "/var/lib/systemd/coredump" "/etc/secureboot" - "/run/secrets" + "/run/agenix" ]; users.cr = { From 95c6c3787bf6bcacdab1d470cb61e13469e05574 Mon Sep 17 00:00:00 2001 From: faukah Date: Mon, 8 Sep 2025 21:13:40 +0200 Subject: [PATCH 2/4] rbw: fix config --- secrets/rbw_config.age | Bin 427 -> 426 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/secrets/rbw_config.age b/secrets/rbw_config.age index e33d854549adae8423927da01d382a67eac767d9..8664ff8f5aecbcc597df1ae4eae50b2da0c56888 100644 GIT binary patch delta 392 zcmZ3@yoz~(PJLymQDudXubW|1X|hLwcVVWHzgbX_TR^^{zK5%iZ$VOcieb8mTYzO& zBv)ysc}S6&d1#SSMSy?4bB=#*x=TQMvbR^TWtLfGWUz5+k!gUJTb8-D1(&X!LUD11 zZfc5=si~o*Lb-p2xr?KMXF#NHW^QR!gi}eeVX?nkXnjGpMUhEpK%{qAj#s%!u7_zr zXntZvYHn^QSE5sXaH6GYN>X}mfU$XETA*>6equ>VcAB3{XrMu&e}uPDiBDmOK~<^+ zm#(g^f`@*NVQyMQk-2ZNiMc^Rnnj3Tutk+?x?fO{QAAX*UxcH3NM%WYW0H10*OX;C z(Pxh`nAE$ox3d2fIixrBliKy0df{Pjo~Ny!!qfl4;ahp_>di5)k4e{Ae`H``?C$!! zXuXu?2dn8%!Za9_Ci^^(Vfs@k*{1ViqjtP-z_U45orMqHQ#J09s#u-R=-*!4&-l3Z q*%Mh!;g8R9yS|-HSaV$A+BysNxyFy2Cf%I=&-iXb`N8n59`taB+}lX?B2iv6-Q%yJLlRv5&dGVMa!k zCzpFtL{6orMS*!#ad=LpWp+rio3^<}s!K&`Vt7$%ieF`RphvhzUO-q*IhU@TLUD11 zZfc5=si~o*Lb-p2xr?Jhu76%iaY$cYOrOwzmHeGOJKN1 zrBhO>TWVe)S6)a|g?X+=a*A`Yd$Lz>sF|ygQ(=;JVoGRQVS1)tWtpQ%rHOY^QNE7_ zm#(g^LUw3?p>LpPaEND>v5TLjvq@>9PnmI0QNBUCdx)2NQDTZ$ptnnSRfM50*UTS} zr51f!IiY^f(^u_mtXt+g9dLUR_r?EJ&i&f`6Z%3=bx$qN&{lD{Z+_@S(9?$-R&LMO z+Sp~2Rmdm5P~1`WgnPE0sr$a|1}0lp^A={OtMcFC)A#3SIlr}c?^(wco<6Pi2@cZN sr>~6blrcVaO=9~jkB82GpGUAae?Q~WmObzF3wefx2Rp?VGI8$)08wm~qyPW_ From c136519516d37ca1f22b4ba58d3fdb417fabe825 Mon Sep 17 00:00:00 2001 From: faukah Date: Mon, 8 Sep 2025 21:19:51 +0200 Subject: [PATCH 3/4] bitwarden: make rbw config user-owned --- modules/programs/gui/bitwarden.mod.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/modules/programs/gui/bitwarden.mod.nix b/modules/programs/gui/bitwarden.mod.nix index 9ab4529..fbbd0c0 100644 --- a/modules/programs/gui/bitwarden.mod.nix +++ b/modules/programs/gui/bitwarden.mod.nix @@ -62,7 +62,10 @@ let in { config = mkIf isGraphical { - age.secrets.rbwConfig.file = (self + "/secrets/rbw_config.age"); + age.secrets.rbwConfig = { + file = (self + "/secrets/rbw_config.age"); + owner = username; + }; hjem.users.${username}.xdg.config.files."rbw/config.json".source = config.age.secrets.rbwConfig.path; environment = { From 4056f7333ef34585d6b525a51ce7328160e25570 Mon Sep 17 00:00:00 2001 From: faukah Date: Mon, 8 Sep 2025 21:20:07 +0200 Subject: [PATCH 4/4] impermanence: fix secret mounting --- modules/system/os/impermanence.mod.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/modules/system/os/impermanence.mod.nix b/modules/system/os/impermanence.mod.nix index 0435a04..dd84971 100644 --- a/modules/system/os/impermanence.mod.nix +++ b/modules/system/os/impermanence.mod.nix @@ -25,6 +25,9 @@ in }; }; + age.secretsDir = "/persist/run/secrets"; + age.secretsMountPoint = "/persist/run/secret-generations"; + environment.persistence."/persist" = { enable = true; hideMounts = true; @@ -40,7 +43,7 @@ in "/var/lib/pipewire" "/var/lib/systemd/coredump" "/etc/secureboot" - "/run/agenix" + "/run/secrets" ]; users.cr = {