From 7602cbf16aec1ec2d8320da7e7d043cdb5eb6793 Mon Sep 17 00:00:00 2001
From: natto1784 <singh.amneesh1784@gmail.com>
Date: Mon, 7 Jun 2021 10:05:51 +0530
Subject: [PATCH] Satori:added vault-agent, changed hardware config

---
 flake.nix                            |  1 +
 home/config/dwm/autostart.sh         |  2 --
 hosts/personal/satori/hardware.nix   | 39 ++++++++++++++--------------
 hosts/personal/satori/networking.nix |  2 +-
 hosts/personal/satori/services.nix   | 32 ++++++++++++++++++++---
 overlays/suckless/st.patch           | 13 ++++++++--
 6 files changed, 60 insertions(+), 29 deletions(-)

diff --git a/flake.nix b/flake.nix
index 12c3f95..c6a41c6 100644
--- a/flake.nix
+++ b/flake.nix
@@ -58,6 +58,7 @@
       Satori = nixpkgs.lib.nixosSystem {
         system = "x86_64-linux";
         modules = [ 
+          ./modules/vault-agent.nix
           ./hosts/personal/satori.nix
           inputs.agenix.nixosModules.age
           inputs.home-manager.nixosModules.home-manager
diff --git a/home/config/dwm/autostart.sh b/home/config/dwm/autostart.sh
index 8e8a877..2574bba 100755
--- a/home/config/dwm/autostart.sh
+++ b/home/config/dwm/autostart.sh
@@ -1,4 +1,2 @@
 #!/usr/bin/env bash
-picom --experimental-backends &
 ~/.dwm/bruhstatus.sh &
-feh --bg-scale ~/Downloads/stallman.jpg
diff --git a/hosts/personal/satori/hardware.nix b/hosts/personal/satori/hardware.nix
index ac537df..ecfb5b3 100644
--- a/hosts/personal/satori/hardware.nix
+++ b/hosts/personal/satori/hardware.nix
@@ -7,42 +7,41 @@
     ];
   
   fileSystems."/" =
-    { device = "/dev/disk/by-uuid/4c02ddf5-d00e-4d84-856f-c327ae44d047";
+    {
+      device = "/dev/disk/by-uuid/4c02ddf5-d00e-4d84-856f-c327ae44d047";
       fsType = "btrfs";
       options = ["compress-force=zstd:2"];
     };
 
   fileSystems."/boot/efi" =
-    { device = "/dev/disk/by-uuid/58B1-4631";
+    {
+      device = "/dev/disk/by-uuid/58B1-4631";
       fsType = "vfat";
     };
-  
-  fileSystems."/home" =
-   { device = "/dev/nvme0n1p6";
-     fsType = "ext4";
-   };
-
   fileSystems."/mnt/Stuff" = 
-  { device = "/dev/sda2";
-    fsType = "ntfs";
-    options = ["uid=natto" "gid=users" "umask=0022" "rw"];
-  };
-  fileSystems."/mnt/Games" = 
-  { device = "/dev/sda4";
+  {
+    device = "/dev/disk/by-uuid/843E68573E6843F0";
     fsType = "ntfs";
     options = ["uid=natto" "gid=users" "umask=0022" "rw"];
   };
   fileSystems."/mnt/Extra" = 
-  { device = "/dev/sda3";
+  { 
+    device = "/dev/disk/by-uuid/32EE9F63EE9F1DE3";
     fsType = "ntfs";
     options = ["uid=natto" "gid=users" "umask=0022" "rw"];
   };
-  fileSystems."/mnt/LinuxGames" = 
-  { device = "/dev/sda5";
-    fsType = "btrfs";
-    options = ["rw" "compress-force=zstd:2"];
+  fileSystems."/mnt/Games" = 
+  {
+    device = "/dev/disk/by-uuid/A4CC66B6CC668282";
+    fsType = "ntfs";
+    options = ["uid=natto" "gid=users" "umask=0022" "rw"];
   };
-
+  fileSystems."/mnt/Stuff2" =
+    {
+      device = "/dev/disk/by-uuid/e5be3621-8608-4ffe-bd33-5e6d22fef4ff";
+      fsType = "btrfs";
+      options = ["compress-force=zstd:1"];
+    };
   swapDevices = [ {device = "/dev/nvme0n1p7";} ];
   powerManagement = {
     enable = true;
diff --git a/hosts/personal/satori/networking.nix b/hosts/personal/satori/networking.nix
index 1f1f467..912de82 100644
--- a/hosts/personal/satori/networking.nix
+++ b/hosts/personal/satori/networking.nix
@@ -21,7 +21,7 @@
     wireguard.interfaces.wg0 = {
       ips = [ "10.55.0.3/32" ];
       listenPort = 17840;
-      privateKeyFile = "/var/secrets/wg";
+      privateKeyFile = "/var/secrets/wg.key";
       peers = [
         {
         #Oracle VM1
diff --git a/hosts/personal/satori/services.nix b/hosts/personal/satori/services.nix
index 0555088..c6f9dcf 100644
--- a/hosts/personal/satori/services.nix
+++ b/hosts/personal/satori/services.nix
@@ -24,11 +24,34 @@
       enable = true;
       permitRootLogin = "yes";
     };
- /*   vault = {
+    vault-agent = {
       enable = true;
-      storageBackend = "mysql";
-      storagePath = "/var/db";
-    };*/
+      settings = {
+        vault = {
+          address = "https://10.55.0.2:8800";
+          client_cert = "/var/vault/cert.pem";
+          client_key = "/var/vault/key.pem";
+        };
+        auto_auth = {
+          method = [
+            {
+              "cert" = {
+                name = "Satori";
+              };
+            }
+          ];
+        };
+        template = [
+          {
+            source = pkgs.writeText "wg.tpl" ''
+              {{ with secret "kv/systems/Satori/wg" }}{{ .Data.data.private }}{{ end }}
+            '';
+            destination = "/var/secrets/wg.key";
+          }
+        ];
+      };
+    };
+
   };
   systemd.services = {
     tor.wantedBy = lib.mkForce [];
@@ -38,4 +61,5 @@
     #printing.wantedBy = lib.mkForce [];
     #vault.wantedBy = lib.mkForce [];
   };
+  security.pki.certificateFiles = [ ../../../cert.pem ];
 }
diff --git a/overlays/suckless/st.patch b/overlays/suckless/st.patch
index 65dd150..150b631 100755
--- a/overlays/suckless/st.patch
+++ b/overlays/suckless/st.patch
@@ -1,5 +1,5 @@
 diff --color -u a/config.def.h b/config.def.h
---- a/config.def.h	2020-06-19 14:59:45.000000000 +0530
+--- a/config.def.h	2021-05-28 03:15:40.807354500 +0530
 +++ b/config.def.h	2021-05-21 05:21:13.476454500 +0530
 @@ -3,9 +3,10 @@
  /*
@@ -985,7 +985,7 @@ diff --color -u a/win.h b/win.h
  void xsetmode(int, unsigned int);
 diff --color -u a/x.c b/x.c
 --- a/x.c	2020-06-19 14:59:45.000000000 +0530
-+++ b/x.c	2021-05-21 05:20:09.551000300 +0530
++++ b/x.c	2021-06-05 02:08:06.403477337 +0530
 @@ -93,7 +93,7 @@
  	Window win;
  	Drawable buf;
@@ -1117,4 +1117,13 @@ diff --color -u a/x.c b/x.c
  xsettitle(char *p)
  {
  	XTextProperty prop;
+@@ -1595,6 +1675,8 @@
+ int
+ xstartdraw(void)
+ {
++	if (IS_SET(MODE_VISIBLE))
++		XCopyArea(xw.dpy, xw.win, xw.buf, dc.gc, 0, 0, win.w, win.h, 0, 0);
+ 	return IS_SET(MODE_VISIBLE);
+ }
+ 
 Only in b: x.c.orig