commit c62545221cd0c24ed1f1702911ae26987419d2da Author: John Lancaster <32917998+jsl12@users.noreply.github.com> Date: Mon Feb 16 09:14:16 2026 -0600 initial commit diff --git a/.sops.yaml b/.sops.yaml new file mode 100644 index 0000000..b4a0edb --- /dev/null +++ b/.sops.yaml @@ -0,0 +1,14 @@ +keys: + - &john-p14s age1f6drjusg866yscj8029tk4yfpgecklrvezldm02ankm6h8nnwu5s2u6ahy + - &john-pc age1ykcs39e62pz3xu6cedg8ea685kv5d5qsrhgkndygzm8rx30xd5ys5t3qxt +creation_rules: + - path_regex: \.yaml$ + key_groups: + - age: + - *john-p14s + - *john-pc + - path_regex: \.json$ + key_groups: + - age: + - *john-p14s + - *john-pc diff --git a/flake.lock b/flake.lock new file mode 100644 index 0000000..0f944e7 --- /dev/null +++ b/flake.lock @@ -0,0 +1,207 @@ +{ + "nodes": { + "flake-file": { + "locked": { + "lastModified": 1771017549, + "narHash": "sha256-n68HeYEQJ67hMH2LPI0cERD2pkpNe5dyeOGg11uZ7rc=", + "owner": "vic", + "repo": "flake-file", + "rev": "9d89918faacdbd2ce26d0aa7298da0fecad8b437", + "type": "github" + }, + "original": { + "owner": "vic", + "repo": "flake-file", + "type": "github" + } + }, + "flake-parts": { + "inputs": { + "nixpkgs-lib": [ + "nixpkgs-lib" + ] + }, + "locked": { + "lastModified": 1769996383, + "narHash": "sha256-AnYjnFWgS49RlqX7LrC4uA+sCCDBj0Ry/WOJ5XWAsa0=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "57928607ea566b5db3ad13af0e57e921e6b12381", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-utils": { + "inputs": { + "systems": "systems" + }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "home-manager": { + "inputs": { + "nixpkgs": "nixpkgs" + }, + "locked": { + "lastModified": 1771102945, + "narHash": "sha256-e5NfW8NhC3qChR8bHVni/asrig/ZFzd1wzpq+cEE/tg=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "ff5e5d882c51f9a032479595cbab40fd04f56399", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, + "import-tree": { + "locked": { + "lastModified": 1771045967, + "narHash": "sha256-oYO4poyw0Sb/db2PigqugMlDwsvwLg6CSpFrMUWxA3Q=", + "owner": "vic", + "repo": "import-tree", + "rev": "c968d3b54d12cf5d9c13f16f7c545a06c9d1fde6", + "type": "github" + }, + "original": { + "owner": "vic", + "repo": "import-tree", + "type": "github" + } + }, + "nixgl": { + "inputs": { + "flake-utils": "flake-utils", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1762090880, + "narHash": "sha256-fbRQzIGPkjZa83MowjbD2ALaJf9y6KMDdJBQMKFeY/8=", + "owner": "nix-community", + "repo": "nixGL", + "rev": "b6105297e6f0cd041670c3e8628394d4ee247ed5", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixGL", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1770841267, + "narHash": "sha256-9xejG0KoqsoKEGp2kVbXRlEYtFFcDTHjidiuX8hGO44=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "ec7c70d12ce2fc37cb92aff673dcdca89d187bae", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_2": { + "locked": { + "lastModified": 1771177547, + "narHash": "sha256-erxy9meNKMaKpKQpl8KfhZsVY4EtR4eaHT94jY98Ty0=", + "rev": "ac055f38c798b0d87695240c7b761b82fc7e5bc2", + "type": "tarball", + "url": "https://releases.nixos.org/nixpkgs/nixpkgs-26.05pre946843.ac055f38c798/nixexprs.tar.xz" + }, + "original": { + "type": "tarball", + "url": "https://channels.nixos.org/nixpkgs-unstable/nixexprs.tar.xz" + } + }, + "root": { + "inputs": { + "flake-file": "flake-file", + "flake-parts": "flake-parts", + "home-manager": "home-manager", + "import-tree": "import-tree", + "nixgl": "nixgl", + "nixpkgs": "nixpkgs_2", + "nixpkgs-lib": [ + "nixpkgs" + ], + "sops-nix": "sops-nix", + "systems": "systems_2" + } + }, + "sops-nix": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1770683991, + "narHash": "sha256-xVfPvXDf9QN3Eh9dV+Lw6IkWG42KSuQ1u2260HKvpnc=", + "owner": "Mic92", + "repo": "sops-nix", + "rev": "8b89f44c2cc4581e402111d928869fe7ba9f7033", + "type": "github" + }, + "original": { + "owner": "Mic92", + "repo": "sops-nix", + "type": "github" + } + }, + "systems": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_2": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 0000000..c13f684 --- /dev/null +++ b/flake.nix @@ -0,0 +1,29 @@ +# DO-NOT-EDIT. This file was auto-generated using github:vic/flake-file. +# Use `nix run .#write-flake` to regenerate it. +{ + description = "A dendritic setup."; + + outputs = inputs: inputs.flake-parts.lib.mkFlake { inherit inputs; } (inputs.import-tree ./modules); + + inputs = { + flake-file.url = "github:vic/flake-file"; + flake-parts = { + inputs.nixpkgs-lib.follows = "nixpkgs-lib"; + url = "github:hercules-ci/flake-parts"; + }; + home-manager.url = "github:nix-community/home-manager"; + import-tree.url = "github:vic/import-tree"; + nixgl = { + inputs.nixpkgs.follows = "nixpkgs"; + url = "github:nix-community/nixGL"; + }; + nixpkgs.url = "https://channels.nixos.org/nixpkgs-unstable/nixexprs.tar.xz"; + nixpkgs-lib.follows = "nixpkgs"; + sops-nix = { + inputs.nixpkgs.follows = "nixpkgs"; + url = "github:Mic92/sops-nix"; + }; + systems.url = "github:nix-systems/default"; + }; + +} diff --git a/keys/personal b/keys/personal new file mode 100644 index 0000000..f79b391 --- /dev/null +++ b/keys/personal @@ -0,0 +1,3 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDIaHS9CLiDc6T1tja0fBwwv5qc6iwuckWN6w8MNo5yiR8LPWyrfueowNJkL4HMqu6OEuggtdybGw1Do4sW5o+toHCyWfZf3khI1l15opPXuVpD4CWED+SpJiZ0wBgRaCaWhfxLI+s4JOhjOO2OjiClPX3HfxIHyTpRiR78lOMcIieHSnzrAV2MatYKf6lL2ckOsIPwxo/OVM+1ljjX+HLq9IxGUCpWOnF4nF1rq3gKL2JUh2KsrgrzE3NB7EFuqKm8F0tF2rG3JjSvlwox0h06drKD02lpZWXPOBRlcyFDpNXymmc2bpG0S2Bbj5g+pqNBB0jO0h3kzWvYYqrtU/ElObg1cXhyi0PFOhhptlbhbK0Ao8B+pAbSZ661nMT3jpRWLVbnJrRFnXXdjX08r5eseQ3k4CFpv+g64n7yg3IMo9f8gA9P/hOexR+qu5AQ1Ad/tvkp6pPXnR/zsUnbe4p2A9MaNJm4E1zxbs5VGlXynNikXwDL+spkrnjwdfUULTk= john@JOHN-PC +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFn5ilhqaeDsOWSk7y29se2NvxGm8djlfL3RGLokj0q6 john@john-p14s +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDHh9SBuxU2dOJHnpGZAE4cwe0fXcTBBAx+JmRsmIX+Tk8zooeM32vbNxxSXiZNpBGH5wzHNb534dWexGGG3sOaONmcL7SCoPIvaAdnIn5VsiznerLrzppSbx3Qn8eyF97WAGCcOcIUNmTIDDx1m6zG762WQnoaUEy0Ul5IR7ET5GQxP3p5Qwx8yqfixKDwarvV421sUIxYt9gee31jS9jcI3MFd6EL57hWle95Z8BGpR/Q7sXDBTZQWMZauh5NPwLMZS7k3bHgxXZ7WNOw/J/yts1ckBbvIFJSRNnMuWD0oGnDTL6aivGi+Eiswp0fpKzYGzquB3/wr3VU4G1JcMM5 JuiceSSH \ No newline at end of file diff --git a/keys/secrets.yaml b/keys/secrets.yaml new file mode 100644 index 0000000..51dabd2 --- /dev/null +++ b/keys/secrets.yaml @@ -0,0 +1,28 @@ +restic_password: + john_ubuntu: ENC[AES256_GCM,data:Q4lUaFFDgoK9k4kQj7hSVKaFDGW0T+6V+OpFU5R528R3EKM7YJMgcFX+sK3mWl9XA4/6E1GeINpIqOpx+FP5Cf/8qt9sXBXCmXXSYdA4IH3RS6a1NkcIVjsTMvpn4q/fslCeYN4LB+r4pBGmdca105miqVun8J69cZGwjZ+wuxrMAP+mdnHdSUPycjNWJJzmEa3waQsygAi4A5cAN5sigOPBxe2pCTh/FEKoTgWmzHGJvcjrzuL6wNOpQrkMWwTsHCtbe9dyMP/fQpoBgYDT4W9Rd4XHhbrooje+g3x48EL1rkRIVVNRavpRUih/mjcdJGzzJ6jZmLLcc1f7SZIKZht7f+ZcdZl3rKQB+WanZgK/KAgKBRCrbIk2eeBZwkcRSw5kmGFU7x0azdIipJYj+3KHHQS5S2VW4j2tQG74xK3qaNJcSMjpKmdI1dHcPf0x2ILaDDV9Ts0H4GTOB2zO9iGy7x2tdPd4tugxxk5rr5rphTZL3lgUf0Ri/qMkJh9I8CsjUdvRycHeIEUZPmEVaIqJC2jrd2pBslis5VWD/6PHQBCob07d1fcpIYox4YXM3GcLg3OxiD8nZ7DTzGRMhciZtTKKWbBT8qzPud4ZQvDkT5l+XOpeM13wXFIMa13CwOzYeyWjycED0VQ/i3XRw9+9lg3cosfxaPdaFtv4MjV7Od62G/UJw3OxaQOHM2y24N+Q0pSBoTdDAFwDCH/kcqZji6ZrVTu4Rad8opcILJJcqC+pjegDvBtUdDz+G3/dFiS6m8RYIRb7qB5yEX/lCgzlECmRS2XP8uraNJ5NN8rtk0gdBtaI9/78YyAjLLGkjIcIR4uJA5buCZBR9jIdqf4f52fowbx18VPrwFXN2mYX6mPsKbDmaz0ILHq/I9n8bS/KM7gIQmTw/RAUwnmL4IRu8zHn6nmIqj6d8AkjYx7s6pG8OF8LgfhqZT7tdPKCd+n/HnYn1fZGSw26zHzPd4nKnVV1e3NYvX6CVwVycerGs9elOKtOI8GsrWYyXzJbfC+nWxbHKI/t6sxyzTBrHPR4r6l/CchQF+SfBs5aELKExe7h325qBB2y6EFdkbxTj1tPGqxttp9xJB1LUyNtwsEAkpD44JNqPxZCYHQbeVE3Oo3TYtRUSVWREc1WNIsfSG/anScYUhDEah9YyIdiG+O71QqegunusLoxmpF2rQtx7shtAvJV3skDBB0tFDoQyIV+yPo7kPV0D7Ig+Ba+mk5ASJrT9DXZ53Q2CCTLAuslU4MP7g22RX8rU3s2hFJq8m7wvMwpqa9Tr6O38i1wX4PhG1VRMM8EIlMQnLWWKmni6NbOYiRxFYJMioxH5SyE4ODQYXy5YIuLoRsX8VR6UqJ1GZb7sJf3M1aPOFOHzTN9hnziTRRe1KCMoBrAghrqhvL1VRr9X5PYMxnjBh6o0d5YTN0WOGD2iEVbCzqxFXcxQZBBp4KyNAAhFhGNw8WUp/rVoyCYn7+OEYFspY4FmGMTYhvxbq5LEptXeQgOP2ggBkqsw8sYP9oj1cb4kzBNv8M7nR9kM1EqvZpFV47phoTbBeMY4DZOJodkASFVM5/7ijWy/M9rtWMFMCXKURKkAQJRFADs0KqMJ5osnFFnubX7vKgK736XXF4+wIQuuHqEsYDZ90ftInxq8sYRnb2FZ0EV4yc8qqnz++fjwrAA5EV+zhL6l6hum1zL8JkUJ1ICKZ905If6nIeoul8MY3B1Cz4W+osN2Wtl8OeJ2t3iZx3wk/unVa8uDZH1owu47He68e2V8vpYxOaW4/hLyy/XuL5DukETrhRjC+7GbEaKaCwoA2UwAdqU,iv:N8ek+tp16WiZgjTDxXb0CRXH+MbLsl/oZ/OwcOoVRO0=,tag:uIzCSX0R/EObF/RdWxj64w==,type:str] +api: + gmail_client_secret: ENC[AES256_GCM,data:du2gEY5TQIwpUEvJKDWKY3noLRGeiKek4IMwPUusVx8NMys=,iv:hIYi1xQYf6+hDhK0pNprBYu6wXwRH2yOTwQg6pzQa0A=,tag:sqmQ5GCkKbHpIy2R+Y5G/A==,type:str] +sops: + age: + - recipient: age1f6drjusg866yscj8029tk4yfpgecklrvezldm02ankm6h8nnwu5s2u6ahy + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoWkxDSnlNT2Vua1ZXWC8r + SU9UMnhaVXVEVlZGL3dtYTBJSzNGbHVaSTJNCm9ZTFM3RndpRktUcWhwZk1Fc2dk + ZGtoWXdoOWVyK1F0YStSS3dsMkg2R28KLS0tIFkrdVFZNlVxRjhPaWdMZXl2elV3 + TVpyTzFsNFNmd3FNU0tlMnlTOHNTQWsKfKdN4epZokF74bCNr9+jxulZJFBQM83P + quMhl+H85My8jAsEeC9CW7y2jdNPJkfk9gHun4ozoW8U7o6y5RLfJg== + -----END AGE ENCRYPTED FILE----- + - recipient: age1ykcs39e62pz3xu6cedg8ea685kv5d5qsrhgkndygzm8rx30xd5ys5t3qxt + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSakZRUnkraWtId2h3eUhB + REpkUHhYMm1MSmtFU2pvd1BpQ0xRTTlCWkZJCkxrTm1sdDBqclJ3RHR6VkllOFpo + ZXRtS2lsazRDS2lyRnZmT3FTTjJ6WUUKLS0tIExxNlFoeDhHQ3l5a1VvUHNRWUdw + Mms2UEhFSU82UWR5Z1VvU25qenJUQm8KtQeZDIfJIczm1l8ql/WmVEf8KI9dg0vw + 9rNSjtBkEttVd21zUSOziG4513abllE8NFTkAc1z3HacuXpHTBnd5A== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-08-03T17:03:22Z" + mac: ENC[AES256_GCM,data:c3rcMHTRxbnpQoW5eLn0X1aCL1v2ft05UTcHaCuGiCaF3b/loVjEQr30pepBgR07PSleTIi375Y0Rj8ik8Ot3j+Zl5BR32bEtqf6gcWwz6oSmeORDrJS15698d7/avJl82/EC0ZN77j+fcdkWZrCJHb47HGfRxKl9L5HbyWasA4=,iv:g3d3C571uYpTTFixYZg+ztg8jTdof1g6Hb5gtRvpRkk=,tag:8kAxrUwUVeWvpYjWMDE+AA==,type:str] + unencrypted_suffix: _unencrypted + version: 3.10.2 diff --git a/keys/work b/keys/work new file mode 100644 index 0000000..e69de29 diff --git a/modules/default.nix b/modules/default.nix new file mode 100644 index 0000000..747fe16 --- /dev/null +++ b/modules/default.nix @@ -0,0 +1,16 @@ +{ inputs, ... }: +{ + imports = [ + inputs.flake-file.flakeModules.dendritic + # inputs.flake-parts.flakeModules.modules + ]; + flake-file.description = "A dendritic setup."; + # flake-file.inputs = { + # flake-file.url = "github:vic/flake-file"; + # flake-parts.url = "github:hercules-ci/flake-parts"; + # nixpkgs.url = "github:nixos/nixpkgs/nixpkgs-unstable"; + # systems.url = "github:nix-systems/default"; + # }; + + systems = import inputs.systems; +} diff --git a/modules/home-manager/default.nix b/modules/home-manager/default.nix new file mode 100644 index 0000000..ba4df46 --- /dev/null +++ b/modules/home-manager/default.nix @@ -0,0 +1,30 @@ +{ inputs, ... }: +{ + imports = [ + inputs.home-manager.flakeModules.home-manager + ]; + flake-file.inputs = { + home-manager.url = "github:nix-community/home-manager"; + }; + + flake.homeModules.rebuild = { pkgs, lib, ... }: + let + nixBin = lib.getExe pkgs.nix; + flakeDir = "~/.config/home-manager/jsl-home"; + in + { + home.packages = with pkgs; [ + home-manager + (writeShellScriptBin "flake-parts-check" '' + cd ${flakeDir} + ${nixBin} run ".#write-flake" + ${nixBin} flake check + '') + (writeShellScriptBin "nhms" '' + cd ${flakeDir} + ${nixBin} run ".#write-flake" + ${lib.getExe home-manager} switch --impure --flake ${flakeDir} + '') + ]; + }; +} diff --git a/modules/home-manager/ghostty.nix b/modules/home-manager/ghostty.nix new file mode 100644 index 0000000..b3d8d14 --- /dev/null +++ b/modules/home-manager/ghostty.nix @@ -0,0 +1,84 @@ +{ inputs, ... }: +{ + flake-file.inputs = { + nixgl = { + url = "github:nix-community/nixGL"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + }; + + flake.homeModules.ghostty = { config, pkgs, lib, ... }: + { + home.sessionVariables = { + TERMINAL = "ghostty"; + }; + + targets.genericLinux.nixGL = { + packages = inputs.nixgl.packages.${pkgs.system}; + defaultWrapper = "mesa"; + installScripts = [ "mesa" ]; + }; + + programs.ghostty = { + enable = true; + enableZshIntegration = true; + package = config.lib.nixGL.wrap pkgs.ghostty; + settings = { + command = "TERM=xterm-256color ${lib.getExe pkgs.zsh}"; + font-size = 12; + font-family = "Source Code Pro"; + theme = "Catppuccin Mocha"; + copy-on-select = true; + shell-integration = "zsh"; + shell-integration-features = [ "no-title" "sudo" ]; + gtk-single-instance = true; + + window-padding-balance = true; + window-padding-x = 5; + window-padding-y = 5; + initial-window = true; + resize-overlay = "never"; + + keybind = [ + "ctrl+s>n=new_split:down" + "ctrl+t>n=new_tab" + "ctrl+t>1=goto_tab:1" + "ctrl+t>2=goto_tab:2" + "ctrl+t>3=goto_tab:3" + "ctrl+s>i=goto_split:up" + "ctrl+s>k=goto_split:down" + ]; + + window-height = 40; + window-width = 200; + }; + }; + + # https://github.com/ghostty-org/ghostty/discussions/3763#discussioncomment-11699970 + xdg.desktopEntries."com.mitchellh.ghostty" = { + name = "Ghostty"; + type = "Application"; + comment = "A terminal emulator"; + exec = "nixGLMesa ghostty"; + icon = "com.mitchellh.ghostty"; + terminal = false; + startupNotify = true; + categories = [ "System" "TerminalEmulator" ]; + settings = { + Keywords = "terminal;tty;pty;"; + X-GNOME-UsesNotifications = "true"; + X-TerminalArgExec = "-e"; + X-TerminalArgTitle = "--title="; + X-TerminalArgAppId = "--class="; + X-TerminalArgDir = "--working-directory="; + X-TerminalArgHold = "--wait-after-command"; + }; + actions = { + new-window = { + name = "New Window"; + exec = "nixGLMesa ghostty"; + }; + }; + }; + }; +} diff --git a/modules/home-manager/git.nix b/modules/home-manager/git.nix new file mode 100644 index 0000000..937d294 --- /dev/null +++ b/modules/home-manager/git.nix @@ -0,0 +1,13 @@ +{ + flake.homeModules.git = { config, lib, ... }: + { + programs.git = { + enable = true; + settings = { + credential.helper = "store --file ~/.git-credentials"; + init.defaultBranch = "main"; + push.autoSetupRemote = true; + }; + }; + }; +} diff --git a/modules/home-manager/scripts.nix b/modules/home-manager/scripts.nix new file mode 100644 index 0000000..e69de29 diff --git a/modules/home-manager/sops.nix b/modules/home-manager/sops.nix new file mode 100644 index 0000000..2696058 --- /dev/null +++ b/modules/home-manager/sops.nix @@ -0,0 +1,80 @@ +{ inputs, ... }: +let + inputs' = inputs; # save a reference before it's shadowed +in +{ + flake-file.inputs = { + # Adding sops-nix to the flake-file inputs causes it to get added to the inputs in flake.nix when it gets generated. + # This also makes the sops-nix module available + sops-nix.url = "github:Mic92/sops-nix"; + sops-nix.inputs.nixpkgs.follows = "nixpkgs"; + }; + + # Define the homeModules that are used by flake-parts + # https://flake.parts/options/home-manager.html#opt-flake.homeModules + flake.homeModules.sops = { inputs, config, pkgs, lib, ... }: + let + sopsBin = lib.getExe pkgs.sops; + sopsConfigPath = ../../.sops.yaml; + sopsSecretsPath = ../../keys/secrets.yaml; + ageKeyFile = "${config.xdg.configHome}/sops/age/keys.txt"; + in + { + home.packages = with pkgs; [ + eza + age + sops # This is necessary to make the sops binary available + ssh-to-age + (writeShellScriptBin "gen-age-key" '' + exec ${lib.getExe pkgs.ssh-to-age} -i ${config.sshIdentityFile} -private-key > ${ageKeyFile} + '') + (writeShellScriptBin "show-age-key" "exec ${lib.getExe pkgs.ssh-to-age} -i ${config.sshIdentityFile}.pub") + (writeShellScriptBin "edit-secrets" "exec ${sopsBin} --config ${sopsConfigPath} ${sopsSecretsPath}") + (writeShellScriptBin "ls-secrets" "exec ${lib.getExe pkgs.eza} -alT --follow-symlinks ~/.config/sops-nix/secrets") + ]; + + programs.zsh.shellAliases.sops = "exec ${sopsBin} --config ${sopsConfigPath}"; + + imports = [ + # This import makes the sops config attribute available below + inputs'.sops-nix.homeManagerModules.sops + ]; + + home.sessionVariables = { + GMAIL_CREDS_PATH = "${config.xdg.configHome}/sops-nix/gmail_api_credentials.json"; + }; + + # Option definitions for the sops home-manager module: + # https://github.com/Mic92/sops-nix/blob/master/modules/home-manager/sops.nix + sops = { + defaultSopsFile = "${sopsSecretsPath}"; + defaultSopsFormat = "yaml"; + + # Not sure any of these are necessary + age.sshKeyPaths = [ "${config.sshIdentityFile}" ]; + # age.keyFile = "${ageKeyFile}"; + age.generateKey = true; + + # secrets."api/gmail_client_secret" = { + # path = "${config.xdg.configHome}/resticprofile/dendrite.txt"; + # }; + + templates."gmail_creds" = { + path = "${config.xdg.configHome}/sops-nix/gmail_api_credentials.json"; + content = '' + { + "installed": { + "client_id": "499012320469-vtml6emu6bmujpsj9lud2b44jqu7h26j.apps.googleusercontent.com", + "project_id": "python-apis-423500", + "auth_uri": "https://accounts.google.com/o/oauth2/auth", + "token_uri": "https://oauth2.googleapis.com/token", + "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs", + "client_secret": "${config.sops.placeholder."api/gmail_client_secret"}", + "redirect_uris": [ "http://localhost" ] + } + } + ''; + }; + }; + }; +} diff --git a/modules/home-manager/ssh.nix b/modules/home-manager/ssh.nix new file mode 100644 index 0000000..386c06c --- /dev/null +++ b/modules/home-manager/ssh.nix @@ -0,0 +1,73 @@ +{inputs, ... }: +let + userName = "john"; +in +{ + flake.homeModules.ssh = { pkgs, config, lib, ... }: + { + options = { + sshIdentityFile = lib.mkOption { + # Intentionally not using a path type here because that will end up with the private key getting copied into the store + type = lib.types.str; + default = "${config.home.homeDirectory}/.ssh/id_ed25519"; + description = "Path to the SSH identity file."; + }; + }; + + # All this stuff has to be wrapped in a config attribute because of the presence of the options here? + config = let + identityFile = config.sshIdentityFile; + publicKeyFile = "${identityFile}.pub"; + certificateFile = "${identityFile}-cert.pub"; + userKnownHostsFile = "${config.home.homeDirectory}/.ssh/known_hosts"; + in { + home.packages = [ + (pkgs.writeShellScriptBin "sign-ssh-cert" '' + echo "Signing ${publicKeyFile}" + echo "Copy the Step-CA JWK Provisioner password from 1password" + step ssh certificate --sign \ + --principal root --principal ${userName} \ + --provisioner admin \ + ${userName} ${publicKeyFile} + '') + ]; + + programs.ssh = { + enable = true; + enableDefaultConfig = false; + extraConfig = '' + SetEnv TERM="xterm-256color" + IdentityAgent ~/.1password/agent.sock + ''; + + matchBlocks = { + "*" = { + user = "john"; + + compression = false; + serverAliveInterval = 0; + serverAliveCountMax = 3; + + identitiesOnly = true; + inherit identityFile certificateFile; + + hashKnownHosts = false; + userKnownHostsFile = "${userKnownHostsFile}"; + + addKeysToAgent = "yes"; + forwardAgent = false; + }; + + "janus" = { + hostname = "janus.john-stream.com"; + user = "root"; + }; + "soteria" = { + hostname = "soteria.john-stream.com"; + user = "john"; + }; + }; + }; + }; + }; +} diff --git a/modules/home-manager/zsh.nix b/modules/home-manager/zsh.nix new file mode 100644 index 0000000..d214b53 --- /dev/null +++ b/modules/home-manager/zsh.nix @@ -0,0 +1,43 @@ +{ inputs, ... }: +{ + flake.homeModules.zsh = { pkgs, config, lib, ... }: + { + home.packages = with pkgs; [ + eza + zsh + ]; + + programs.zsh = { + enable = true; + enableCompletion = true; + autosuggestion.enable = true; + # syntaxHighlighting.enable = true; + history = { + append = true; + ignoreAllDups = true; + ignorePatterns = [ + "history" + "ls" + "eza" + "clear" + ]; + save = 1000; + size = 1000; + share = true; + }; + oh-my-zsh = { + enable = true; + # theme = "risto"; + theme = "agnoster"; + plugins = [ + "sudo" + "dotenv" + "git" + "ssh" + "ssh-agent" + ]; + }; + shellAliases.ls = "${lib.getExe pkgs.eza} -lgos type --no-time --follow-symlinks"; + }; + }; +} \ No newline at end of file diff --git a/modules/lib.nix b/modules/lib.nix new file mode 100644 index 0000000..4072764 --- /dev/null +++ b/modules/lib.nix @@ -0,0 +1,39 @@ +{ + inputs, + ... +}: +{ + flake.lib = { + loadNixosAndHmModuleForUser = + config: modules: username: + assert builtins.isAttrs config; + assert builtins.isList modules; + assert builtins.isString username; + { + imports = (builtins.map (module: config.flake.modules.nixos.${module} or { }) modules) ++ [ + { + imports = [ + inputs.home-manager.nixosModules.home-manager + ]; + + home-manager.users.${username}.imports = [ + ( + { osConfig, ... }: + { + home.stateVersion = osConfig.system.stateVersion; + } + ) + ] ++ builtins.map (module: config.flake.modules.homeManager.${module} or { }) modules; + } + ]; + }; + + loadHmModules = + config: modules: + assert builtins.isAttrs config; + assert builtins.isList modules; + { + imports = builtins.map (module: config.flake.homeModules.${module} or { }) modules; + }; + }; +} \ No newline at end of file diff --git a/modules/profiles/john.nix b/modules/profiles/john.nix new file mode 100644 index 0000000..2fb7dfe --- /dev/null +++ b/modules/profiles/john.nix @@ -0,0 +1,43 @@ +{ inputs, self, ... }: +let + userName = "john"; +in +{ + flake.homeModules."${userName}" = { + home.username = userName; + home.homeDirectory = "/home/${userName}"; + home.stateVersion = "25.11"; + + programs.git.settings.user.name = "John Lancaster"; + programs.git.settings.user.email = "32917998+jsl12@users.noreply.github.com"; + }; + + flake.modules.nixos."${userName}" = + { pkgs, ... }: + { + users.users."${userName}" = { + name = "${userName}"; + shell = pkgs.zsh; + }; + programs.zsh.enable = true; + + home-manager.users."${userName}" = { + imports = [ + inputs.self.homeModules."${userName}" + ]; + }; + }; + + flake.homeConfigurations.${userName} = inputs.home-manager.lib.homeManagerConfiguration { + pkgs = import inputs.nixpkgs { system = "x86_64-linux"; }; + modules = with inputs.self.homeModules; [ + john + ssh + git + rebuild + ghostty + sops + zsh + ]; + }; +}