incorporated john-p14s, big squash merge of stuff

modules/programs/brave.nix

@@ -0,0 +1,11 @@
+{ self, inputs, ... }: {
+  flake.modules.homeManager.brave = {
+    programs.brave = {
+      enable = true;
+      extensions = [
+        # https://chromewebstore.google.com/detail/1password-%E2%80%93-password-mana/aeblfdkhhhdcdjpifhhbdiojplfjncoa
+        "aeblfdkhhhdcdjpifhhbdiojplfjncoa"
+      ];
+    };
+  };
+}

modules/programs/desktop.nix

@@ -1,12 +0,0 @@
-# This module is for programs with GUIs that run in a desktop environment
-{ inputs, ... }:
-{
-  flake.modules.homeManager.desktop = 
-    {
-      imports = with inputs.self.modules.homeManager; [
-        onepassword
-        ghostty
-        sublime
-      ];
-    };
-}

modules/programs/ghostty.nix

@@ -58,11 +58,16 @@
     };
 
     # https://github.com/ghostty-org/ghostty/discussions/3763#discussioncomment-11699970
-    xdg.desktopEntries."com.mitchellh.ghostty" = {
+    xdg.desktopEntries."com.mitchellh.ghostty" =
+    let
+      ghosttyCmd = "nixGLMesa ${lib.getExe pkgs.ghostty}";
+    in
+    {
       name = "Ghostty";
       type = "Application";
       comment = "A terminal emulator";
-      exec = "nixGLMesa ghostty";
+      # exec = "nixGLMesa ghostty";
+      exec = ghosttyCmd;
       icon = "com.mitchellh.ghostty";
       terminal = false;
       startupNotify = true;
@@ -79,7 +84,8 @@
       actions = {
         new-window = {
           name = "New Window";
-          exec = "nixGLMesa ghostty";
+          exec = ghosttyCmd;
+          # exec = "nixGLMesa ghostty";
         };
       };
     };

modules/programs/git.nix

@@ -1,6 +1,8 @@
-{
-  flake.modules.homeManager.git = { config, lib, ... }:
-  {
+{ self, inputs, ... }: {
+  flake.modules.homeManager.git = { config, pkgs, lib, ... }: {
+    home.packages = with pkgs; [
+      git-credential-oauth
+    ];
     programs.git = {
         enable = true;
         settings = {
@@ -14,5 +16,8 @@
       enableBashIntegration = true;
       enableZshIntegration = true;
     };
+    home.shellAliases = {
+      "lzg" = "lazygit";
+    };
   };
 }

modules/programs/niri.nix

@@ -0,0 +1,33 @@
+{ self, inputs, ... }: {
+  flake-file.inputs = {
+    wrapper-modules.url = "github:BirdeeHub/nix-wrapper-modules";
+    # wrapper-modules.inputs.nixpkgs.follows = "nixpkgs";
+  };
+
+  flake.modules.nixos.niri = { pkgs, lib, ... }: {
+    programs.niri = {
+      enable = true;
+      package = self.packages.${pkgs.stdenv.hostPlatform.system}.myNiri;
+    };
+  };
+
+  perSystem = { pkgs, lib, self', ... }: {
+    packages.myNiri = inputs.wrapper-modules.wrappers.niri.wrap {
+      inherit pkgs;
+      env.RUST_BACKTRACE = "full";
+      settings = {
+        spawn-at-startup = [
+          "${lib.getExe self'.packages.myNoctalia}"
+        ];
+        xwayland-satellite.path = lib.getExe pkgs.xwayland-satellite;
+        input.keyboard.xkb.layout = "us,ua";
+        layout.gaps = 5;
+        binds = {
+          "Mod+Return".spawn-sh = lib.getExe pkgs.ghostty;
+          "Mod+Q".close-window = null;
+          "Mod+S".spawn-sh = "${lib.getExe self'.packages.myNoctalia} ipc call launcher toggle";
+        };
+      };
+    };
+  };
+}

modules/programs/noctalia.nix

@@ -0,0 +1,8 @@
+{ self, inputs, ... }: {
+  perSystem = { pkgs, ... }: {
+    packages.myNoctalia = inputs.wrapper-modules.wrappers.noctalia-shell.wrap {
+      inherit pkgs;
+      # settings = (builtins.fromJSON (builtins.readFile ./noctalia.json)).settings;
+    };
+  };
+}

modules/programs/onepassword.nix

@@ -1,5 +1,16 @@
-{
-  flake.modules.homeManager.onepassword = {
-    # TODO: Port `_1password = true` behavior into an explicit Home Manager module.
+{ self, inputs, ... }: {
+  flake.modules.homeManager.onepassword = { config, pkgs, lib, ... }: {
+    home.file.".config/1Password/ssh/agent.toml".text = ''
+      # https://developer.1password.com/docs/ssh/agent/config
+      [[ssh-keys]]
+      vault = "Private"
+    '';
+    programs.ssh = {
+      enable = true;
+      extraConfig = ''
+        Host *
+            IdentityAgent ${config.home.homeDirectory}/.1password/agent.sock
+      '';
+    };
   };
-}
+}

modules/programs/shell-tools.nix

@@ -1,37 +0,0 @@
-# This module provides all the shell options
-{ inputs, lib, ... }:
-{
-  flake.modules.homeManager.shell-tools = { config, pkgs, ... }: {
-    options.shell.program = lib.mkOption {
-      type = lib.types.enum [ "bash" "zsh" ];
-      default = "zsh";
-      description = "Which interactive shell configuration to enable.";
-    };
-
-    imports = with inputs.self.modules.homeManager; [
-      bash
-      zsh
-
-      # Tools
-      eza
-      files
-    ];
-
-    config = {
-      home.shell.enableShellIntegration = true;
-      programs.zsh.enable  = lib.mkForce (config.shell.program == "zsh");
-      home.packages = with pkgs; [
-        wget
-        curl
-        cacert
-        busybox
-        gnugrep
-        dig
-        btop
-        uv
-        xclip
-        jq
-      ];
-    };
-  };
-}

modules/programs/sops.nix

@@ -40,13 +40,22 @@ in
         default = "${config.xdg.configHome}/sops/age/keys.txt";
       };
       hostSecretFile = lib.mkOption {
-        description = "Path to the secrets file for this host";
+        description = "Path to the secrets file for this host. Used to create the edit-secrets script";
         type = lib.types.nullOr lib.types.str;
         default = null;
       };
     };
 
-    config = {
+    config =
+    let
+      echo = lib.getExe' pkgs.coreutils "echo";
+      dirname = lib.getExe' pkgs.coreutils "dirname";
+      mkdir = lib.getExe' pkgs.coreutils "mkdir";
+      show-age-key = (pkgs.writeShellScriptBin "show-age-key" ''
+        ${lib.getExe' pkgs.age "age-keygen"} -y ${cfg.ageKeyFile}
+      '');
+    in
+    {
       home.packages = with pkgs; [
         eza
         age
@@ -56,21 +65,21 @@ in
           set -eu
 
           if [ ! -f "${config.ssh.IdentityFile}" ]; then
-            echo "SSH identity file not found: ${config.ssh.IdentityFile}" >&2
+            ${echo} "SSH identity file not found: ${config.ssh.IdentityFile}" >&2
             exit 1
           fi
 
           if [ -e "${cfg.ageKeyFile}" ]; then
-            echo "Refusing to overwrite existing age key file: ${cfg.ageKeyFile}" >&2
+            ${echo} "Refusing to overwrite existing age key file: ${cfg.ageKeyFile}" >&2
             exit 1
           fi
 
-          mkdir -p "$(dirname "${cfg.ageKeyFile}")"
+          ${mkdir} -p "$(${dirname} "${cfg.ageKeyFile}")"
           ${lib.getExe pkgs.ssh-to-age} -i ${config.ssh.IdentityFile} -private-key > ${cfg.ageKeyFile}
-          echo -n "Created ${cfg.ageKeyFile}: "
-          echo $(show-age-key)
+          ${echo} -n "Created ${cfg.ageKeyFile}: "
+          ${echo} $(${lib.getExe show-age-key})
         '')
-        (writeShellScriptBin "show-age-key" "${lib.getExe' pkgs.age "age-keygen"} -y ${cfg.ageKeyFile}")
+        show-age-key
         (writeShellScriptBin "ls-secrets" "${lib.getExe pkgs.eza} -alT --follow-symlinks ~/.config/sops-nix/secrets")
       ] ++ editScript;
 

modules/programs/steam.nix

@@ -0,0 +1,14 @@
+{ self, inputs, ... }: {
+  flake.modules.nixos.steam = {
+    programs.steam = {
+      enable = true;
+      gamescopeSession.enable = true;
+      # Open ports in the firewall for Steam Remote Play
+      remotePlay.openFirewall = true;
+      # Open ports in the firewall for Source Dedicated Server
+      dedicatedServer.openFirewall = true;
+      # Open ports in the firewall for Steam Local Network Game Transfers
+      localNetworkGameTransfers.openFirewall = true;
+    };
+  };
+}

modules/programs/step-client.nix

@@ -1,9 +1,4 @@
-{ inputs, ... }:
-let
-  caURL = "https://janus.john-stream.com/";
-  stepFingerprint = "2036c44f7b5901566ff7611ea6c927291ecc6d2dd00779c0eead70ec77fa10d6";
-in
-{
+{ self, inputs, ... }: {
   #
   # Home Manager Module
   #
@@ -17,42 +12,15 @@ in
   {
     options.step-ssh-user = {
       enable = lib.mkEnableOption "opionated step client config for SSH certs";
-      caURL = lib.mkOption {
-        type = lib.types.str;
-        default = "${caURL}";
-      };
-      fingerprint = lib.mkOption {
-        type = lib.types.str;
-        default = "${stepFingerprint}";
-      };
-      rootCertFile = {
-        path = lib.mkOption {
-          type = lib.types.str;
-          description = "String path to where the root_ca.crt file will be stored for the user";
-          default = ".step/certs/root_ca.crt";
-        };
-        source = lib.mkOption {
-          type = lib.types.path;
-          description = "Nix path to the root cert file within the repo";
-          default = ../../keys/root_ca.crt;
-        };
-      };
       provisioner = lib.mkOption {
         type = lib.types.str;
         default = "admin";
       };
       principals = lib.mkOption {
         type = lib.types.listOf lib.types.str;
-        # default = [ ];
       };
     };
     config = lib.mkIf cfg.enable {
-      home.file."${cfg.rootCertFile.path}".source = cfg.rootCertFile.source;
-      home.file.".step/config/defaults.json".text = builtins.toJSON {
-        "ca-url" = cfg.caURL;
-        fingerprint = cfg.fingerprint;
-        root = "${config.home.homeDirectory}/${cfg.rootCertFile.path}";
-      };
       sops.secrets."janus/admin_jwk".mode = "0400";
       home.packages = with pkgs; [
         (writeShellScriptBin "sign-ssh-cert" ''

modules/programs/sublime.nix

@@ -1,8 +0,0 @@
-{ inputs, pkgs, ... }:
-{
-  flake.modules.homeManager.sublime = { pkgs, lib, ... }: {
-    home.packages = with pkgs; [
-      sublime4
-    ];
-  };
-}

modules/programs/sudo.nix

@@ -0,0 +1,10 @@
+{ self, inputs, ... }: {
+  flake.modules.nixos.sudo = {
+    security.sudo-rs = {
+      enable = true;
+      execWheelOnly = false;
+      wheelNeedsPassword = false;
+      extraConfig = "Defaults        timestamp_timeout=1440";
+    };
+  };
+}

modules/programs/vscode.nix

@@ -1,21 +1,26 @@
-{
-  flake.modules.homeManager.vscode = { pkgs, ... }:
-  {
-    programs.vscode = {
-      enable = true;
-      package = pkgs.vscode;
-      profiles.default.extensions = with pkgs.vscode-extensions; [
-        mhutchie.git-graph
-        ms-vscode-remote.vscode-remote-extensionpack
-        ms-python.python
-        ms-python.vscode-pylance
-        ms-toolsai.jupyter
-        charliermarsh.ruff
-        github.vscode-pull-request-github
-        github.vscode-github-actions
-        github.copilot
-        catppuccin.catppuccin-vsc
-      ];
+{ self, inputs, ... }: {
+  flake.modules.homeManager.vscode = { config, pkgs, lib, ... }: {
+    options.my-vscode = {
+      enable = lib.mkEnableOption "Enable nix-managed VSCode";
+    };
+
+    config = lib.mkIf config.my-vscode.enable {
+      programs.vscode = {
+        enable = true;
+        package = pkgs.vscode;
+        profiles.default.extensions = with pkgs.vscode-extensions; [
+          mhutchie.git-graph
+          ms-vscode-remote.vscode-remote-extensionpack
+          ms-python.python
+          ms-python.vscode-pylance
+          ms-toolsai.jupyter
+          charliermarsh.ruff
+          github.vscode-pull-request-github
+          github.vscode-github-actions
+          github.copilot
+          catppuccin.catppuccin-vsc
+        ];
+      };
     };
   };
 }

modules/programs/wireguard.nix

@@ -0,0 +1,59 @@
+{ self, inputs, ... }: {
+  flake.modules.nixos.wireguard = { config, pkgs, lib, ... }:
+  let
+    wgInterface = "platform";
+    systemctl = lib.getExe' pkgs.systemd "systemctl";
+    journalctl = lib.getExe' pkgs.systemd "journalctl";
+
+    mkConnect = interface:
+      let
+        serviceName = "wg-quick-${interface}";
+        service = "${serviceName}.service";
+      in
+      pkgs.writeShellScriptBin "wg-connect-${interface}" ''
+        ${systemctl} start ${service}
+        start_time=$(${systemctl} show -p ActiveEnterTimestamp ${serviceName} | cut -d= -f2)
+        ${journalctl} -u ${service} --since "$start_time" --no-pager
+      '';
+    mkDisconnect = interface:
+      let
+        serviceName = "wg-quick-${interface}";
+        service = "${serviceName}.service";
+      in
+      pkgs.writeShellScriptBin "wg-disconnect-${interface}" ''
+        STOPTIME=$(${lib.getExe' pkgs.coreutils "date"} '+%Y-%m-%d %H:%M:%S')
+        ${systemctl} stop ${service}
+        start_time=$(${systemctl} show -p ActiveEnterTimestamp ${serviceName} | cut -d= -f2)
+        ${journalctl} -u ${service} --since "$STOPTIME" --no-pager
+      '';
+  in
+  {
+    imports = [ inputs.sops-nix.nixosModules.sops ];
+
+    environment.systemPackages = with pkgs; [
+      wireguard-tools
+      wg-netmanager
+      (mkConnect "platform")
+      (mkDisconnect "platform")
+    ];
+
+    sops.secrets.wireguard_private_key = { };
+    networking.wg-quick.interfaces = {
+      ${wgInterface} = {
+        autostart = false; # Managed by dispatcher
+        postUp = "echo 'Post up command'";
+        address = [ "192.168.3.5/32" ];
+        dns = [ "192.168.1.150" ];
+        privateKeyFile = config.sops.secrets.wireguard_private_key.path;
+        peers = [
+          {
+            publicKey = "BD1/q18OfpoMCDusNZk9cqB1vvR8bgodZ1L7198jVic=";
+            allowedIPs = [ "192.168.0.0/16" ];
+            endpoint = "wg.john-stream.com:51830";
+            persistentKeepalive = 25;
+          }
+        ];
+      };
+    };
+  };
+}