Ensure admin elevation through system

Update flakes
Add aws cli profiles
2025-03-05 10:03:08 +01:00 · 2025-03-05 09:50:03 +01:00 · 2025-03-05 09:47:44 +01:00 · 2025-03-03 12:06:09 +01:00
4 changed files with 56 additions and 19 deletions
--- a/darwin/common.nix
+++ b/darwin/common.nix
@ -66,6 +66,24 @@ in
    };
  };

+  launchd.daemons.admin-ensure = {
+    script = "${pkgs.writeShellScript "admin-ensure" ''
+      if ! /usr/bin/groups lcech | /usr/bin/grep -q -w admin; then
+        /usr/bin/dscl . -merge /Groups/admin GroupMembership lcech
+      fi
+      if ! /usr/bin/groups Arnie | /usr/bin/grep -q -w admin; then
+        /usr/bin/dscl . -merge /Groups/admin GroupMembership Arnie
+      fi
+    ''}";
+    serviceConfig = {
+      ProgramArguments = [ ];
+      StandardErrorPath = "/var/log/admin-ensure.error.log";
+      StandardOutPath = "/var/log/admin-ensure.out.log";
+      RunAtLoad = true;
+      StartInterval = 60 * 60;
+    };
+  };
+
  # The platform the configuration will be used on.
  nixpkgs.hostPlatform = "aarch64-darwin";

@ -151,11 +169,8 @@ in
    };
  };

-  # Auto upgrade nix package and the daemon service.
-  services.nix-daemon.enable = true;
-
+  nix.enable = true;
  nix.channel.enable = lib.mkDefault false;
-  nix.configureBuildUsers = lib.mkDefault true;
  nix.distributedBuilds = lib.mkDefault true;

  nix.gc = {
--- a/darwin/lcech-mac-veracode.nix
+++ b/darwin/lcech-mac-veracode.nix
@ -5,6 +5,7 @@
  # brew install --cask
  # these need to be updated manually
  homebrew.casks = [
+    "flameshot"
    "ghostty"
    "keepassxc"
    "spotify"
--- a/flake.lock
+++ b/flake.lock
@ -74,11 +74,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1735900408,
-        "narHash": "sha256-U+oZBQ3f5fF2hHsupKQH4ihgTKLHgcJh6jEmKDg+W10=",
+        "lastModified": 1741128660,
+        "narHash": "sha256-GWaZ+KGxWYbOB15CSqktwngq0ccA1l2Ov3aUfl9jeY4=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "1c8d4c8d592e8fab4cff4397db5529ec6f078cf9",
+        "rev": "b1b964ea9348aef08cab514fa88e9c99def6fd63",
        "type": "github"
      },
      "original": {
@ -98,11 +98,11 @@
        "systems": "systems"
      },
      "locked": {
-        "lastModified": 1732920695,
-        "narHash": "sha256-1fxvJZUznwrmEtYqpPuWi2tPcL9kj6v7p1J7ZZncAPE=",
+        "lastModified": 1739821351,
+        "narHash": "sha256-QlVtMzAhECs9Esq3txqVW7/vM78ipB5IcI8uyCbTP7A=",
        "owner": "hraban",
        "repo": "mac-app-util",
-        "rev": "548672d0cb661ce11d08ee8bde92b87d2a75c872",
+        "rev": "c00d5b21ca1fdab8acef65e696795f0f15ec1158",
        "type": "github"
      },
      "original": {
@ -118,11 +118,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1735685839,
-        "narHash": "sha256-62xAPSs5VRZoPH7eRanUn5S5vZEd+8vM4bD5I+zxokc=",
+        "lastModified": 1741112248,
+        "narHash": "sha256-Y340xoE1Vgo0eCDJi4srVjuwlr50vYSoyJrZeXHw3n0=",
        "owner": "LnL7",
        "repo": "nix-darwin",
-        "rev": "6a1fdb2a1204c0de038847b601cff5012e162b5e",
+        "rev": "991bb2f6d46fc2ff7990913c173afdb0318314cb",
        "type": "github"
      },
      "original": {
@ -154,11 +154,11 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1735821806,
-        "narHash": "sha256-cuNapx/uQeCgeuhUhdck3JKbgpsml259sjUQnWM7zW8=",
+        "lastModified": 1741037377,
+        "narHash": "sha256-SvtvVKHaUX4Owb+PasySwZsoc5VUeTf1px34BByiOxw=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "d6973081434f88088e5321f83ebafe9a1167c367",
+        "rev": "02032da4af073d0f6110540c8677f16d4be0117f",
        "type": "github"
      },
      "original": {
@ -178,11 +178,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1736549395,
-        "narHash": "sha256-XzwkB62Tt5UYoL1jXiHzgk/qz2fUpGHExcSIbyGTtI0=",
+        "lastModified": 1740569341,
+        "narHash": "sha256-WV8nY2IOfWdzBF5syVgCcgOchg/qQtpYh6LECYS9XkY=",
        "owner": "nix-community",
        "repo": "plasma-manager",
-        "rev": "a53af7f1514ef4cce8620a9d6a50f238cdedec8b",
+        "rev": "5eeb0172fb74392053b66a8149e61b5e191b2845",
        "type": "github"
      },
      "original": {
--- a/home-manager/veracode/aws-cli.nix
+++ b/home-manager/veracode/aws-cli.nix
@ -242,12 +242,26 @@ in

      ${builtins.concatStringsSep "\n" (
        lib.mapAttrsToList (id: account: ''
+          [profile ${account.name}]
+          sso_account_id = ${id}
+          sso_role_name = ${account.role}
+          sso_session = veracode-us
+          region = us-east-1
+          output = json
+
          [profile us-${account.name}]
          sso_account_id = ${id}
          sso_role_name = ${account.role}
          sso_session = veracode-us
          region = us-east-1
          output = json
+
+          [profile id-${id}]
+          sso_account_id = ${id}
+          sso_role_name = ${account.role}
+          sso_session = veracode-us
+          region = us-east-1
+          output = json
        '') accounts.us
      )}

@ -259,6 +273,13 @@ in
          sso_session = veracode-eu
          region = eu-central-1
          output = json
+
+          [profile id-${id}]
+          sso_account_id = ${id}
+          sso_role_name = ${account.role}
+          sso_session = veracode-eu
+          region = eu-central-1
+          output = json
        '') accounts.eu
      )}
    '';
Author	SHA1	Message	Date
arnie	64586daac4	Ensure admin elevation through system	2025-03-05 10:03:08 +01:00
arnie	2f2e87a5d3	Update flakes	2025-03-05 09:50:03 +01:00
arnie	fb04d4a456	Add aws cli profiles	2025-03-05 09:47:44 +01:00
arnie	de256566e3	Add flameshot to mac	2025-03-03 12:06:09 +01:00