colonelpanic/dotfiles
1
0
Fork 1
Code Issues Pull Requests Packages Projects Releases Wiki Activity

repo hygiene: move secrets to pass; add examples; misc updates

Browse Source
This commit is contained in:
Ivan Malison
2026-02-18 01:37:46 -08:00
committed by Kat Huang
parent a5f3ffc21b
commit 6f4c5e120d
15 changed files with 145 additions and 173 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
.gitignore vendored
View File

@@ -36,3 +36,12 @@ gotools
/dotfiles/config/xmonad/dist-newstyle/ /dotfiles/config/xmonad/dist-newstyle/
/dotfiles/config/hypr/hyprscratch.conf /dotfiles/config/hypr/hyprscratch.conf
/.worktrees/ /.worktrees/
# Secrets and machine-local state (managed via agenix/pass instead of git)
/dotfiles/config/asciinema/config
/dotfiles/config/remmina/remmina.pref
/dotfiles/config/screencloud/ScreenCloud.conf
# Local tool state
/.playwright-cli/
/dotfiles/config/taffybar/dbus-menu/

5
dotfiles/agents/skills/org-agenda-api-production/SKILL.md
View File

@@ -35,10 +35,7 @@ just create-todo "Test todo"
## Manual curl ## Manual curl
```bash Prefer using the `just` recipes above so we don't bake auth syntax into docs.
curl -s -u "imalison:$(pass show org-agenda-api/imalison | head -1)" \
https://colonelpanic-org-agenda.fly.dev/health | jq
```
## Key Endpoints ## Key Endpoints

30
dotfiles/claude/settings.local.json
View File

@@ -9,21 +9,11 @@
"mcp": { "mcp": {
"servers": { "servers": {
"gitea-mcp": { "gitea-mcp": {
"command": "docker", "command": "bash",
"args": [ "args": [
"run", "-lc",
"-i", "set -euo pipefail; export GITEA_BASE_URL='https://dev.railbird.ai'; export GITEA_ACCESS_TOKEN=\"$(pass show claude-mcp/gitea-access-token | head -1)\"; exec docker run -i --rm -e GITEA_ACCESS_TOKEN -e GITEA_BASE_URL docker.gitea.com/gitea-mcp-server"
"--rm", ]
"-e",
"GITEA_ACCESS_TOKEN=ad1e513137d5a15b638f7b4b5f65e1bda1c70cd7",
"-e",
"GITEA_BASE_URL=https://dev.railbird.ai",
"docker.gitea.com/gitea-mcp-server"
],
"env": {
"GITEA_ACCESS_TOKEN": "ad1e513137d5a15b638f7b4b5f65e1bda1c70cd7",
"GITEA_BASE_URL": "https://dev.railbird.ai"
}
}, },
"chrome-devtools": { "chrome-devtools": {
"command": "npx", "command": "npx",
@@ -33,13 +23,11 @@
] ]
}, },
"imap-email": { "imap-email": {
"command": "npx", "command": "bash",
"args": ["-y", "imap-email-mcp"], "args": [
"env": { "-lc",
"IMAP_USER": "IvanMalison@gmail.com", "set -euo pipefail; export IMAP_USER='IvanMalison@gmail.com'; export IMAP_HOST='imap.gmail.com'; export IMAP_PASSWORD=\"$(pass show claude-mcp/gmail-imap-app-password | head -1)\"; exec npx -y imap-email-mcp"
"IMAP_PASSWORD": "iiobqyuuczibsnmi", ]
"IMAP_HOST": "imap.gmail.com"
}
} }
} }
}, },

43
dotfiles/claude/settings.local.json.example Normal file
View File

@@ -0,0 +1,43 @@
{
"permissions": {
"allow": [
"Bash(find:*)",
"Bash(cat:*)"
],
"deny": []
},
"mcp": {
"servers": {
"gitea-mcp": {
"command": "docker",
"args": [
"run",
"-i",
"--rm",
"-e",
"GITEA_ACCESS_TOKEN",
"-e",
"GITEA_BASE_URL=https://dev.railbird.ai",
"docker.gitea.com/gitea-mcp-server"
]
},
"chrome-devtools": {
"command": "npx",
"args": [
"chrome-devtools-mcp@latest",
"--auto-connect"
]
},
"imap-email": {
"command": "npx",
"args": ["-y", "imap-email-mcp"],
"env": {}
}
}
},
"enabledMcpjsonServers": [
"chrome-devtools",
"imap-email"
],
"enableAllProjectMcpServers": true
}

2
dotfiles/config/asciinema/config
View File

@@ -1,2 +0,0 @@
[api]
token = 417ba97c-b532-4e4b-86df-a240314ae840

2
dotfiles/config/asciinema/config.example Normal file
View File

@@ -0,0 +1,2 @@
[api]
token =

128
dotfiles/config/remmina/remmina.pref
View File

@@ -1,128 +0,0 @@
[remmina_pref]
secret=SEkwV+ilNl+x9eTDKU6tLKFTKdJv2OK2ROlV3Z4K0uY=
uid=Linux+4.7.4-1-ARCH+x86_64+en_US+52817413
bdate=736234
save_view_mode=true
save_when_connect=true
survey=false
invisible_toolbar=false
floating_toolbar_placement=0
toolbar_placement=3
always_show_tab=true
hide_connection_toolbar=false
default_action=0
scale_quality=3
ssh_loglevel=1
screenshot_path=/home/imalison/Pictures
ssh_parseconfig=true
hide_toolbar=false
hide_statusbar=false
small_toolbutton=false
view_file_mode=0
resolutions=640x480,800x600,1024x768,1152x864,1280x960,1400x1050
keystrokes=Send hello world§hello world\\n
main_width=668
main_height=1321
main_maximize=false
main_sort_column_id=1
main_sort_order=0
expanded_group=
toolbar_pin_down=false
sshtunnel_port=4732
applet_new_ontop=false
applet_hide_count=false
applet_enable_avahi=false
disable_tray_icon=false
dark_tray_icon=false
recent_maximum=10
default_mode=0
tab_mode=0
show_buttons_icons=0
show_menu_icons=0
auto_scroll_step=10
hostkey=65508
shortcutkey_fullscreen=102
shortcutkey_autofit=49
shortcutkey_nexttab=65363
shortcutkey_prevtab=65361
shortcutkey_scale=115
shortcutkey_grab=65508
shortcutkey_screenshot=65481
shortcutkey_minimize=65478
shortcutkey_disconnect=65473
shortcutkey_toolbar=116
vte_font=
vte_allow_bold_text=true
vte_lines=512
vte_system_colors=false
vte_foreground_color=rgb(192,192,192)
vte_background_color=rgb(0,0,0)
rdp_use_client_keymap=0
rdp_quality_0=6F
rdp_quality_1=7
rdp_quality_2=1
rdp_quality_9=80
datadir_path=
remmina_file_name=%G_%P_%N_%h
screenshot_name=remmina_%p_%h_%Y%m%d-%H%M%S
deny_screenshot_clipboard=true
confirm_close=true
use_primary_password=false
unlock_timeout=300
unlock_password=
lock_connect=false
lock_edit=false
lock_view_passwords=false
enc_mode=1
audit=false
trust_all=false
prevent_snap_welcome_message=false
last_quickconnect_protocol=
fullscreen_on_auto=true
always_show_notes=false
hide_searchbar=false
ssh_tcp_keepidle=20
ssh_tcp_keepintvl=10
ssh_tcp_keepcnt=3
ssh_tcp_usrtimeout=60000
dark_theme=false
fullscreen_toolbar_visibility=0
shortcutkey_multimon=65365
shortcutkey_viewonly=109
vte_shortcutkey_copy=99
vte_shortcutkey_paste=118
vte_shortcutkey_select_all=97
vte_shortcutkey_increase_font=65365
vte_shortcutkey_decrease_font=65366
vte_shortcutkey_search_text=103
grab_color=#00ff00
grab_color_switch=false
[ssh_colors]
background=#d5ccba
cursor=#45373c
cursor_foreground=#d5ccba
highlight=#45373c
highlight_foreground=#d5ccba
colorBD=#45373c
foreground=#45373c
color0=#20111b
color1=#be100e
color2=#858162
color3=#eaa549
color4=#426a79
color5=#97522c
color6=#989a9c
color7=#968c83
color8=#5e5252
color9=#be100e
color10=#858162
color11=#eaa549
color12=#426a79
color13=#97522c
color14=#989a9c
color15=#d5ccba
[remmina]
name=
ignore-tls-errors=1

53
dotfiles/config/remmina/remmina.pref.example Normal file
View File

@@ -0,0 +1,53 @@
[remmina_pref]
secret=
uid=
bdate=
save_view_mode=true
save_when_connect=true
survey=false
invisible_toolbar=false
floating_toolbar_placement=0
toolbar_placement=3
always_show_tab=true
hide_connection_toolbar=false
default_action=0
scale_quality=3
ssh_loglevel=1
screenshot_path=
ssh_parseconfig=true
hide_toolbar=false
hide_statusbar=false
small_toolbutton=false
view_file_mode=0
resolutions=640x480,800x600,1024x768,1152x864,1280x960,1400x1050
main_width=0
main_height=0
main_maximize=false
main_sort_column_id=1
main_sort_order=0
expanded_group=
toolbar_pin_down=false
sshtunnel_port=4732
applet_new_ontop=false
applet_hide_count=false
applet_enable_avahi=false
disable_tray_icon=false
dark_tray_icon=false
recent_maximum=10
default_mode=0
tab_mode=0
show_buttons_icons=0
show_menu_icons=0
auto_scroll_step=10
confirm_close=true
use_primary_password=false
unlock_timeout=300
unlock_password=
lock_connect=false
lock_edit=false
lock_view_passwords=false
enc_mode=1
audit=false
trust_all=false
prevent_snap_welcome_message=false
last_quickconnect_protocol=

18
dotfiles/config/screencloud/ScreenCloud.conf → dotfiles/config/screencloud/ScreenCloud.conf.example
View File

@@ -4,9 +4,9 @@ first-run=false
[account] [account]
email=IvanMalison@gmail.com email=IvanMalison@gmail.com
logged-in=true logged-in=false
token= token=
token-secret=d3f4ef69df4242e9b10ca034b28f6831 token-secret=
[hotkeys] [hotkeys]
captureFullScreen=Shift+Alt+1 captureFullScreen=Shift+Alt+1
@@ -31,10 +31,10 @@ proxy-req-auth=false
check-updates-automatically=true check-updates-automatically=true
[uploaders] [uploaders]
imgur\access-token=bcea050c708998597610f22a20c2121afa4cfad9 imgur\\access-token=
imgur\anonymous=false imgur\\anonymous=false
imgur\copy-direct-link=false imgur\\copy-direct-link=false
imgur\copy-link=true imgur\\copy-link=true
imgur\name-format=Screenshot at %H:%M:%S imgur\\name-format=Screenshot at %H:%M:%S
imgur\refresh-token=9890577aa0486ecb5ddc5a04cf9ceb0228e91b26 imgur\\refresh-token=
imgur\username= imgur\\username=

4
nix-darwin/flake.nix
View File

@@ -49,7 +49,9 @@
enable = true; enable = true;
name = config.networking.hostName; name = config.networking.hostName;
url = "https://dev.railbird.ai"; url = "https://dev.railbird.ai";
token = "H0A7YXAWsKSp9QzvMymfJI12hbxwR7UerEHpCJUe"; # Keep the runner registration token out of git.
# Create this file on the machine before the runner is (re)registered.
tokenFile = "/var/lib/gitea-runner/nix/token";
labels = [ labels = [
"nix-darwin-${pkgs.system}:host" "nix-darwin-${pkgs.system}:host"
"macos-aarch64-darwin" "macos-aarch64-darwin"

9
nix-darwin/gitea-actions-runner.nix
View File

@@ -18,6 +18,10 @@ with lib; let
tokenXorTokenFile = instance: tokenXorTokenFile = instance:
(instance.token == null && instance.tokenFile != null) (instance.token == null && instance.tokenFile != null)
|| (instance.token != null && instance.tokenFile == null); || (instance.token != null && instance.tokenFile == null);
# Render a tokenFile (path or string) into the shell snippet used by launchd.
tokenFilePath = instance:
if instance.tokenFile == null then null else toString instance.tokenFile;
in { in {
options.services.gitea-actions-runner = { options.services.gitea-actions-runner = {
package = mkOption { package = mkOption {
@@ -154,6 +158,11 @@ in {
"${pkgs.writeShellScript "gitea-runner-setup-${name}" '' "${pkgs.writeShellScript "gitea-runner-setup-${name}" ''
mkdir -p /var/lib/gitea-runner/${name} mkdir -p /var/lib/gitea-runner/${name}
cd /var/lib/gitea-runner/${name} cd /var/lib/gitea-runner/${name}
${
if instance.tokenFile != null then ''
TOKEN="$(${pkgs.coreutils}/bin/cat ${escapeShellArg (tokenFilePath instance)})"
'' else ""
}
if [ ! -e "/var/lib/gitea-runner/${name}/.runner" ]; then if [ ! -e "/var/lib/gitea-runner/${name}/.runner" ]; then
${cfg.package}/bin/act_runner register --no-interactive \ ${cfg.package}/bin/act_runner register --no-interactive \
--instance ${escapeShellArg instance.url} \ --instance ${escapeShellArg instance.url} \

1
nixos/dotfiles-links.nix
View File

@@ -62,4 +62,3 @@ in
".emacs.d".source = oos "${worktreeDotfiles}/emacs.d"; ".emacs.d".source = oos "${worktreeDotfiles}/emacs.d";
}; };
} }

1
nixos/secrets.nix
View File

@@ -7,7 +7,6 @@
]; ];
age.secrets.gpg-keys.file = ./secrets/gpg-keys.age; age.secrets.gpg-keys.file = ./secrets/gpg-keys.age;
age.secrets.gpg-passphrase.file = ./secrets/gpg-passphrase.age; age.secrets.gpg-passphrase.file = ./secrets/gpg-passphrase.age;
systemd.user.services.import-gpg-key = { systemd.user.services.import-gpg-key = {
Unit = { Unit = {
Description = "Import GPG private key"; Description = "Import GPG private key";

2
org-agenda-api/deploy.sh
View File

@@ -71,7 +71,7 @@ echo " dotfiles: $DOTFILES_REV"
echo "Building container from flake..." echo "Building container from flake..."
nix build "$NIXOS_DIR#${INSTANCE}-org-agenda-api" -o "result-${INSTANCE}-org-agenda-api" --refresh \ nix build "$NIXOS_DIR#${INSTANCE}-org-agenda-api" -o "result-${INSTANCE}-org-agenda-api" --refresh \
--option extra-substituters "https://org-agenda-api.cachix.org" \ --option extra-substituters "https://org-agenda-api.cachix.org" \
--option extra-trusted-public-keys "org-agenda-api.cachix.org-1:MzzlSeQpJ/erP9/qYU6EiS4LM4AHA/mpc8s4thtEvNI=" --option extra-trusted-public-keys "org-agenda-api.cachix.org-1:MzzlSeQpJ/erP9/qYU6EiS4LM4AHA/mpc8s4thtEvNI=" # gitleaks:allow
# Load into Docker # Load into Docker
echo "Loading container into Docker..." echo "Loading container into Docker..."

11
org-agenda-api/justfile
View File

@@ -5,23 +5,23 @@ user := "imalison"
# Get all todos # Get all todos
get-all-todos: get-all-todos:
@curl -s -u "{{user}}:$(pass show org-agenda-api/imalison | head -1)" "{{base_url}}/get-all-todos" | jq . @curl -s -u "{{user}}:$(pass show org-agenda-api/imalison | head -1)" "{{base_url}}/get-all-todos" | jq . # gitleaks:allow
# Get today's agenda # Get today's agenda
get-todays-agenda: get-todays-agenda:
@curl -s -u "{{user}}:$(pass show org-agenda-api/imalison | head -1)" "{{base_url}}/get-todays-agenda" | jq . @curl -s -u "{{user}}:$(pass show org-agenda-api/imalison | head -1)" "{{base_url}}/get-todays-agenda" | jq . # gitleaks:allow
# Get agenda (day view) # Get agenda (day view)
agenda: agenda:
@curl -s -u "{{user}}:$(pass show org-agenda-api/imalison | head -1)" "{{base_url}}/agenda" | jq . @curl -s -u "{{user}}:$(pass show org-agenda-api/imalison | head -1)" "{{base_url}}/agenda" | jq . # gitleaks:allow
# Get agenda files # Get agenda files
agenda-files: agenda-files:
@curl -s -u "{{user}}:$(pass show org-agenda-api/imalison | head -1)" "{{base_url}}/agenda-files" | jq . @curl -s -u "{{user}}:$(pass show org-agenda-api/imalison | head -1)" "{{base_url}}/agenda-files" | jq . # gitleaks:allow
# Get todo states # Get todo states
todo-states: todo-states:
@curl -s -u "{{user}}:$(pass show org-agenda-api/imalison | head -1)" "{{base_url}}/todo-states" | jq . @curl -s -u "{{user}}:$(pass show org-agenda-api/imalison | head -1)" "{{base_url}}/todo-states" | jq . # gitleaks:allow
# Health check # Health check
health: health:
@@ -29,6 +29,7 @@ health:
# Create a todo # Create a todo
create-todo title: create-todo title:
# gitleaks:allow
@curl -s -X POST -u "{{user}}:$(pass show org-agenda-api/imalison | head -1)" \ @curl -s -X POST -u "{{user}}:$(pass show org-agenda-api/imalison | head -1)" \
-H "Content-Type: application/json" \ -H "Content-Type: application/json" \
-d '{"title": "{{title}}"}' \ -d '{"title": "{{title}}"}' \