From 3c34e65b6893006ff89c50a57f238445c4f6b40f Mon Sep 17 00:00:00 2001
From: Till <till@ktiu.net>
Date: Mon, 19 Jan 2026 20:19:47 +0100
Subject: [PATCH] diesdas

---
 home/default.nix        |  1 -
 home/firefox.nix        |  6 +-----
 home/fish.nix           |  8 ++++++++
 home/mail/default.nix   |  6 +++---
 home/minimal.nix        | 36 ++++++++++++++++++++++++++++++++----
 home/password-store.nix | 18 ++++++++++++++----
 home/slim-desktop.nix   | 11 +++++++----
 ssh/till@nova.pub       |  1 -
 system/desktop.nix      | 22 ++++------------------
 system/gnome.nix        |  2 ++
 system/secrets.nix      | 11 +++++++++++
 system/yubikey.nix      |  9 +++++++++
 12 files changed, 91 insertions(+), 40 deletions(-)
 delete mode 100644 ssh/till@nova.pub
 create mode 100644 system/secrets.nix

diff --git a/home/default.nix b/home/default.nix
index 2065131..324a039 100644
--- a/home/default.nix
+++ b/home/default.nix
@@ -29,7 +29,6 @@
     nyxt
 
     # media
-    #bookworm
     anki-bin
     qbittorrent
     nicotine-plus
diff --git a/home/firefox.nix b/home/firefox.nix
index 529518a..8c7898b 100644
--- a/home/firefox.nix
+++ b/home/firefox.nix
@@ -3,11 +3,6 @@
 {
   programs.firefox = {
     enable = true;
-    # package = pkgs.firefox.override {
-    #   cfg = {
-    #     enableTridactylNative = true;
-    #   };
-    # };
     policies = {
       DisableFirefoxAccounts = true;
       DisablePocket = true;
@@ -42,6 +37,7 @@
           adaptive-tab-bar-colour
           auto-tab-discard
           keepassxc-browser
+          passff
           tampermonkey
           ublock-origin
           vimium
diff --git a/home/fish.nix b/home/fish.nix
index 8e20f03..f8c7d2b 100644
--- a/home/fish.nix
+++ b/home/fish.nix
@@ -23,6 +23,14 @@
         echo (set_color magenta)fish $version(set_color normal)
       end
 
+      function brief;
+        khal list today 1d --day-format=
+        echo ""
+        task rc.verbose=nothing rc.report.foo.columns:id,description.count rc.report.foo.sort:urgency- foo +READY limit:5
+        echo ""
+        tree --noreport -L 1 ~/desktop
+      end
+
       fzf --fish | source
 
       function startrloft --description 'Starts R with custom environment'
diff --git a/home/mail/default.nix b/home/mail/default.nix
index af5d2a5..0285349 100644
--- a/home/mail/default.nix
+++ b/home/mail/default.nix
@@ -36,7 +36,7 @@
         smtp.tls.useStartTls = true;
         userName = "tstraube";
         notmuch.enable = true;
-        passwordCommand = "secret-tool lookup server uni-frankfurt.de account tstraube";
+        passwordCommand = "pass uni/hrz";
         signature = {
           text = ''
             Dr. Till Straube (he/him)
@@ -114,7 +114,7 @@
             unset crypt_auto_smime
 
             unalternates *
-            alternates @t9e.me$
+            alternates @t9e.me$ @ktiu.net$
             set reverse_name
 
             set my_signature = ${
@@ -131,7 +131,7 @@
           enable = true;
           extraConfig.from = "*@t9e.me";
         };
-        passwordCommand = "secret-tool lookup server arielle.ktiu.net account till.straube@t9e.me";
+        passwordCommand = "pass mail/arielle.ktiu.net";
       };
 
       ktiu = {
diff --git a/home/minimal.nix b/home/minimal.nix
index 2066538..6d7ceca 100644
--- a/home/minimal.nix
+++ b/home/minimal.nix
@@ -16,14 +16,15 @@
 
   xdg.userDirs = {
     enable = true;
+
+    desktop = "${config.home.homeDirectory}/desktop";
+    documents = "${config.home.homeDirectory}/misc";
     download = "${config.home.homeDirectory}/tmp";
     music = "${config.home.homeDirectory}/media/music";
     pictures = "${config.home.homeDirectory}/media/img";
-    videos = "${config.home.homeDirectory}/media/vid";
-    documents = "${config.home.homeDirectory}/misc";
-    templates = "${config.xdg.dataHome}/templates";
     publicShare = "${config.home.homeDirectory}/box";
-    desktop = null;
+    templates = "${config.xdg.dataHome}/templates";
+    videos = "${config.home.homeDirectory}/media/vid";
   };
 
   home.packages = with pkgs; [
@@ -71,4 +72,31 @@
     enable = true;
     settings.styles.theme = "default-light";
   };
+
+  programs.ssh.matchBlocks = {
+    geocom = {
+      hostname = "geocom.uni-frankfurt.de";
+      user = "till";
+      identityFile = "${config.home.homeDirectory}/.ssh/tstraube";
+    };
+  };
+
+  programs.gpg.settings = {
+
+    no-emit-version = true;
+    no-comments = true;
+
+    keyserver = "hkps://keys.openpgp.org/";
+    keyserver-options = [
+      "no-honor-keyserver-url"
+      "include-revoked"
+    ];
+
+    personal-cipher-preferences = "AES256 AES192 AES CAST5";
+    personal-digest-preferences = "SHA512 SHA384 SHA256 SHA224";
+    cert-digest-algo = "SHA512";
+    default-preference-list = "SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed";
+
+  };
+
 }
diff --git a/home/password-store.nix b/home/password-store.nix
index 3b92f54..d9ba727 100644
--- a/home/password-store.nix
+++ b/home/password-store.nix
@@ -1,14 +1,24 @@
 { config, pkgs, ... }:
 
 {
-  # services.gnome.gnome-keyring.enable = lib.mkForce false;
-  # services.gnome.gnome-keyring.enable = false;
-  services.pass-secret-service.enable = true;
 
   programs.password-store = {
     enable = true;
     settings = {
-      PASSWORD_STORE_DIR = "$XDG_DATA_HOME/crypto/password-store";
+      PASSWORD_STORE_DIR = "${config.xdg.dataHome}/crypto/password-store";
     };
   };
+
+  programs.firefox.nativeMessagingHosts = [
+    pkgs.passff-host
+  ];
+
+  services.pass-secret-service = {
+    enable = true;
+  };
+
+  home.packages = with pkgs; [
+    pinentry-all
+  ];
+
 }
diff --git a/home/slim-desktop.nix b/home/slim-desktop.nix
index bfe747b..f1cacda 100644
--- a/home/slim-desktop.nix
+++ b/home/slim-desktop.nix
@@ -11,6 +11,7 @@
 
   home.packages = with pkgs; [
 
+    aichat
     usbutils
     wl-clipboard
 
@@ -19,7 +20,7 @@
     notmuch
     w3m
     openssl
-    gnupg
+    # gnupg
     urlscan
     ripmime
 
@@ -50,11 +51,10 @@
     # media
     rhythmbox
     vlc
-
     appimage-run
 
     # secrets
-    libsecret
+    # libsecret
     keepassxc
     yubioath-flutter
 
@@ -70,9 +70,12 @@
   ];
 
   programs.taskwarrior = {
-    package = pkgs.taskwarrior3;
+
     enable = true;
+    package = pkgs.taskwarrior3;
+
     dataLocation = "${config.xdg.dataHome}/taskwarrior/tasks";
+
     colorTheme = "light-256";
     config = {
       report.list.columns = ["id" "depends.indicator" "priority" "project" "recur.indicator" "scheduled.countdown" "due" "until.age" "status.short" "description.count" "tags"];
diff --git a/ssh/till@nova.pub b/ssh/till@nova.pub
deleted file mode 100644
index 7acb080..0000000
--- a/ssh/till@nova.pub
+++ /dev/null
@@ -1 +0,0 @@
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDr1G6eXwR8t8k/2Vm1CX8ARt7q2GVPtX+xdOFqDonQy0yPai85s1Y+wkIivC9GvdyK1Q5EM2Vl7PKOvJxAJwwevgPTp6hsg9JOc2v0WNJ12p9a0NF2cXJwmgIVs2z0GTritJpO0VwWUdjI+RJORpTAkkMskEWB4IU/ub1nOUya2Hq7xvI9GcvnVoA7nWRs2X6VHHQLIbkrc9+a3MdGtJim1/yJ/CfiX/RueWZ8ANBpieUmgwjQJn6WYCCl/q2fId4vc/njtwmF/Tx5H4MxVCMpPmbbD7XAN04cXMpZOKKAHHbwM14SpslQFDPnfmF9f3BdEvTaxJOu7Fs8nE6XEJs+gUgY4lGQfaoPOKN7uyD/reVfqTwkvF7PzhiT7FEhPycpU5gNGyTka/o63xB3kCdlXhWBb3qmWB8E+0va0XdUj0STzjws3EtLLkoGJoXjp9UTQxqL31sxfPZQWQ7NmHne4/UR/R8xlv2Ul4VKBou8ZV6+5thsYo08JJiSbfnN9Ms= till@nova
diff --git a/system/desktop.nix b/system/desktop.nix
index 9c5e5a5..cffb32b 100644
--- a/system/desktop.nix
+++ b/system/desktop.nix
@@ -1,23 +1,16 @@
 { config, pkgs, ... }:
 
 {
-  imports =
-    [
-      ./interception-tools.nix
-    ];
-
-  # zramSwap.enable = true;
+  imports = [
+    ./interception-tools.nix
+    ./secrets.nix
+  ];
 
   boot.loader.systemd-boot.enable = true;
   boot.loader.efi.canTouchEfiVariables = true;
 
   networking.networkmanager.enable = true;
 
-  # networking.firewall = {
-  #   allowedTCPPorts = [ 4000 ];
-  # };
-
-
   i18n.extraLocaleSettings = {
     LC_TIME = "en_GB.UTF-8";
     LC_CTYPE = "de_DE.UTF-8";
@@ -41,11 +34,6 @@
 
   nixpkgs.config.allowUnfree = true;
 
-  programs.gnupg.agent = {
-    enable = true;
-    pinentryPackage = pkgs.pinentry-curses;
-  };
-
   environment.sessionVariables = {
     XDG_CONFIG_HOME = "$HOME/.config";
     XDG_CACHE_HOME = "$HOME/.cache";
@@ -69,8 +57,6 @@
     dbus.enable = true;
     flatpak.enable = true;
     fwupd.enable = true;
-    # mullvad-vpn.enable = true;
-    # mullvad-vpn.package = pkgs.mullvad-vpn;
     printing.enable = true;
     udisks2.enable = true;
   };
diff --git a/system/gnome.nix b/system/gnome.nix
index e866bb8..565bdff 100644
--- a/system/gnome.nix
+++ b/system/gnome.nix
@@ -25,6 +25,8 @@
 
   services.gnome.gnome-browser-connector.enable = true;
 
+  services.gnome.gnome-keyring.enable = lib.mkForce false;
+
   programs.kdeconnect = {
     enable = true;
     package = lib.mkForce pkgs.gnomeExtensions.gsconnect;
diff --git a/system/secrets.nix b/system/secrets.nix
new file mode 100644
index 0000000..88313b4
--- /dev/null
+++ b/system/secrets.nix
@@ -0,0 +1,11 @@
+{ config, pkgs, ... }:
+
+{
+
+  programs.gnupg.agent = {
+    enable = true;
+    pinentryPackage = pkgs.pinentry-gnome3;
+    enableSSHSupport = true;
+  };
+
+}
diff --git a/system/yubikey.nix b/system/yubikey.nix
index 1856e2f..cbe1417 100644
--- a/system/yubikey.nix
+++ b/system/yubikey.nix
@@ -1,6 +1,13 @@
 { config, pkgs, ... }:
 
 {
+
+  services.pcscd.enable = true;
+
+  environment.systemPackages = with pkgs; [
+    yubikey-personalization
+  ];
+
   services.udev = {
     packages = [ pkgs.yubikey-personalization ];
     # extraRules = ''
@@ -12,8 +19,10 @@
     #    RUN+="${pkgs.systemd}/bin/loginctl lock-sessions"
     # '';
   };
+
   security.pam.services = {
     login.u2fAuth = true;
     sudo.u2fAuth = true;
   };
+
 }