feat: keyring.nix

Use commit instead of version as git ref for the codchi driver
aformatik · Nov 22, 2024 · 9f6be1e · 9f6be1e
1 parent a410d0a
commit 9f6be1e
Show file tree

Hide file tree

Showing 6 changed files with 64 additions and 9 deletions.
diff --git a/codchi/src/consts.rs b/codchi/src/consts.rs
@@ -8,7 +8,7 @@ use std::{
 pub const APP_NAME: &str = "codchi";
 
 pub static GIT_BRANCH: &str = env!("CODCHI_GIT_BRANCH");
-pub static CODCHI_FLAKE_URL: &str = concat!("github:aformatik/codchi/", env!("CODCHI_GIT_BRANCH"));
+pub static CODCHI_FLAKE_URL: &str = concat!("github:aformatik/codchi/", env!("CODCHI_GIT_COMMIT"));
 
 pub const CONTAINER_STORE_NAME: &str = "codchistore";
 

diff --git a/codchi/src/platform/linux/mod.rs b/codchi/src/platform/linux/mod.rs
@@ -287,11 +287,43 @@ tail -f "{log_file}"
     }
 
     fn create_exec_cmd(&self, cmd: &[&str]) -> super::LinuxCommandBuilder {
-        let args = [&[consts::user::DEFAULT_NAME], cmd].concat();
-        let cmd = self.cmd().raw("su", &args);
+        // let args = [&[consts::user::DEFAULT_NAME], cmd].concat();
+        let cmd = if cmd.is_empty() {
+            self.cmd().raw(
+                "machinectl",
+                &[
+                    &[
+                        "shell",
+                        "-q",
+                        "-E",
+                        "DISPLAY",
+                        "-E",
+                        "XAUTHORITY",
+                        &format!("{}@", consts::user::DEFAULT_NAME),
+                    ],
+                    cmd,
+                ]
+                .concat(),
+            )
+        } else {
+            self.cmd().raw(
+                "machinectl",
+                &[
+                    "shell",
+                    "-q",
+                    "-E",
+                    "DISPLAY",
+                    "-E",
+                    "XAUTHORITY",
+                    &format!("{}@", consts::user::DEFAULT_NAME),
+                    "/bin/bash",
+                    "-c",
+                    &cmd.join(" "),
+                ],
+            )
+        };
 
-        cmd.with_cwd(consts::user::DEFAULT_HOME.clone())
-            .with_user(LinuxUser::Root)
+        cmd.with_user(LinuxUser::Root)
     }
 }
 

diff --git a/nix/container/pkgs/make-tarball.nix b/nix/container/pkgs/make-tarball.nix
@@ -48,16 +48,14 @@ let
       # Copy relative symlinks as is
       for f in $rel_links; do
         mkdir -p "$(dirname "$f")"
-        [ -e "$f" ] && rm -f "$f"
-        cp -af "$pkg/$f" "$f"
+        cp -af "$pkg/$f" "$f" || true # file might already exist
         echo "$f" >> .files
       done
 
       # Copy files and derefenrence absolute symlinks as is
       for f in $files; do
         mkdir -p "$(dirname "$f")"
-        [ -e "$f" ] && rm -f "$f"
-        cp -afL "$pkg/$f" "$f"
+        cp -afL "$pkg/$f" "$f" || true # file might already exist
         echo "$f" >> .files
       done
     done

diff --git a/nix/nixos/modules/default.nix b/nix/nixos/modules/default.nix
@@ -4,5 +4,6 @@
     ./recommended-config.nix
     ./java.nix
     ./docker.nix
+    ./keyring.nix
   ];
 }
diff --git a/nix/nixos/modules/keyring.nix b/nix/nixos/modules/keyring.nix
@@ -0,0 +1,23 @@
+{ config, lib, pkgs, ... }:
+let
+  cfg = config.codchi.keyring;
+in
+{
+  options.codchi.keyring = {
+    enable = lib.mkEnableOption "a keyring for applications like IntelliJ";
+  };
+
+  config = lib.mkIf cfg.enable {
+
+    services.gnome.gnome-keyring.enable = true;
+
+    systemd.user.services.gnome-keyring = {
+      wantedBy = [ "default.target" ];
+      serviceConfig = {
+        ExecStart =
+          "${pkgs.gnome.gnome-keyring}/bin/gnome-keyring-daemon  --start --foreground --components=pkcs11,secrets,ssh";
+        Restart = "on-abort";
+      };
+    };
+  };
+}
diff --git a/nix/nixos/modules/recommended-config.nix b/nix/nixos/modules/recommended-config.nix
@@ -7,6 +7,7 @@ in
     // { default = true; };
 
   config = mkIf config.codchi.enableRecommendedConfig {
+    codchi.keyring.enable = true;
     environment.systemPackages = with pkgs; [
       vim
       git