calcite: drop tpm-ssh-agent and oidc-agent for now

2024-12-04 16:31:06 +08:00 · 2024-12-04 16:31:06 +08:00 · f260f7d847
commit f260f7d847
parent ad9c205fc5
3 changed files with 9 additions and 80 deletions
--- a/machines/calcite/configuration.nix
+++ b/machines/calcite/configuration.nix
@ -51,7 +51,6 @@ in
  };
  # services.gnome.gnome-keyring.enable = lib.mkForce false;
  security.pam.services.login.enableGnomeKeyring = lib.mkForce false;
  services.ssh-tpm-agent.enable = true;
  programs.ssh.agentPKCS11Whitelist = "${config.security.tpm2.pkcs11.package}/lib/libtpm_pkcs11.so";
@ -66,18 +65,6 @@ in
    };
  };
  programs.oidc-agent.enable = true;
  programs.oidc-agent.providers = [
    {
      issuer = "https://home.xinyang.life:9201";
      pubclient = {
        client_id = "xdXOt13JKxym1B1QcEncf2XDkLAexMBFwiT9j6EfhhHFJhs2KM9jbjTmf8JBXE69";
        client_secret = "UBntmLjC2yYCeHwsyj73Uwo9TAaecAetRwMw0xYcvNL9yRdLSUi0hUAHfvCHFeFh";
        scope = "openid offline_access profile email";
      };
    }
  ];
  programs.vim.enable = true;
  programs.vim.defaultEditor = true;
--- a/machines/calcite/network.nix
+++ b/machines/calcite/network.nix
@ -1,4 +1,9 @@
-{ config, pkgs, lib, ... }:
+{
  config,
  pkgs,
  lib,
  ...
 }:
 {
  imports = [ ];
@ -24,16 +29,9 @@
  services.dae.enable = true;
  services.dae.configFile = "/var/lib/dae/config.dae";
-  systemd.services.dae.after = lib.mkIf (config.networking.networkmanager.enable) [ "NetworkManager-wait-online.service" ];
+  systemd.services.dae.after = lib.mkIf (config.networking.networkmanager.enable) [
-
+    "NetworkManager-wait-online.service"
-  custom.sing-box = {
+  ];
    enable = false;
    configFile = {
      urlFile = config.sops.secrets.sing_box_url.path;
      hash = "6ca5bc8a16f8c413227690aceeee2c12c02cab09473c216b849af1e854b98588";
    };
    overrideSettings.experimental.clash_api.external_ui = "${config.nur.repos.linyinfeng.yacd}";
  };
  # Open ports in the firewall.
  networking.firewall.enable = true;
--- a/overlays/pkgs/oidc-agent/default.nix
+++ b/overlays/pkgs/oidc-agent/default.nix
@ -1,56 +0,0 @@
 {
  lib,
  stdenv,
  fetchFromGitHub,
  curl,
  webkitgtk,
  libmicrohttpd,
  libsecret,
  qrencode,
  libsodium,
  pkg-config,
  help2man,
 }:
 stdenv.mkDerivation rec {
  pname = "oidc-agent";
  version = "5.1.0";
  src = fetchFromGitHub {
    owner = "indigo-dc";
    repo = "oidc-agent";
    rev = "v${version}";
    sha256 = "sha256-cOK/rZ/jnyALLuhDM3+qvwwe4Fjkv8diQBkw7NfVo0c=";
  };
  buildInputs = [
    pkg-config
    help2man
  ];
  nativeBuildInputs = [
    curl
    webkitgtk
    libmicrohttpd
    libsecret
    qrencode
    libsodium
  ];
  enableParallelBuilding = true;
  installPhase = ''
    make -j $NIX_BUILD_CORES PREFIX=$out BIN_PATH=$out LIB_PATH=$out/lib \
         install_bin install_lib install_conf
  '';
  postFixup = ''
    # Override with patched binary to be used by help2man
    cp -r $out/bin/* bin
    make install_man PREFIX=$out
  '';
  meta = with lib; {
    description = "oidc-agent for managing OpenID Connect tokens on the command line";
    homepage = "https://github.com/indigo-dc/oidc-agent";
    maintainers = [ ];
    license = licenses.mit;
  };
 }