initial commit

modules/home-manager/default.nix

@@ -0,0 +1,30 @@
+{ inputs, ... }:
+{
+  imports = [
+    inputs.home-manager.flakeModules.home-manager
+  ];
+  flake-file.inputs = {
+    home-manager.url = "github:nix-community/home-manager";
+  };
+
+  flake.homeModules.rebuild = { pkgs, lib, ... }:
+  let
+    nixBin = lib.getExe pkgs.nix;
+    flakeDir = "~/.config/home-manager/jsl-home";
+  in
+  {
+    home.packages = with pkgs; [
+      home-manager
+      (writeShellScriptBin "flake-parts-check" ''
+        cd ${flakeDir}
+        ${nixBin} run ".#write-flake"
+        ${nixBin} flake check
+      '')
+      (writeShellScriptBin "nhms" ''
+        cd ${flakeDir}
+        ${nixBin} run ".#write-flake"
+        ${lib.getExe home-manager} switch --impure --flake ${flakeDir}
+      '')
+    ];
+  };
+}

modules/home-manager/ghostty.nix

@@ -0,0 +1,84 @@
+{ inputs, ... }:
+{
+  flake-file.inputs = {
+    nixgl = {
+      url = "github:nix-community/nixGL";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+  };
+
+  flake.homeModules.ghostty = { config, pkgs, lib, ... }:
+  {
+    home.sessionVariables = {
+      TERMINAL = "ghostty";
+    };
+
+    targets.genericLinux.nixGL = {
+      packages = inputs.nixgl.packages.${pkgs.system};
+      defaultWrapper = "mesa";
+      installScripts = [ "mesa" ];
+    };
+
+    programs.ghostty = {
+      enable = true;
+      enableZshIntegration = true;
+      package = config.lib.nixGL.wrap pkgs.ghostty;
+      settings = {
+        command = "TERM=xterm-256color ${lib.getExe pkgs.zsh}";
+        font-size = 12;
+        font-family = "Source Code Pro";
+        theme = "Catppuccin Mocha";
+        copy-on-select = true;
+        shell-integration = "zsh";
+        shell-integration-features = [ "no-title" "sudo" ];
+        gtk-single-instance = true;
+
+        window-padding-balance = true;
+        window-padding-x = 5;
+        window-padding-y = 5;
+        initial-window = true;
+        resize-overlay = "never";
+
+        keybind = [
+          "ctrl+s>n=new_split:down"
+          "ctrl+t>n=new_tab"
+          "ctrl+t>1=goto_tab:1"
+          "ctrl+t>2=goto_tab:2"
+          "ctrl+t>3=goto_tab:3"
+          "ctrl+s>i=goto_split:up"
+          "ctrl+s>k=goto_split:down"
+        ];
+
+        window-height = 40;
+        window-width = 200;
+      };
+    };
+
+    # https://github.com/ghostty-org/ghostty/discussions/3763#discussioncomment-11699970
+    xdg.desktopEntries."com.mitchellh.ghostty" = {
+      name = "Ghostty";
+      type = "Application";
+      comment = "A terminal emulator";
+      exec = "nixGLMesa ghostty";
+      icon = "com.mitchellh.ghostty";
+      terminal = false;
+      startupNotify = true;
+      categories = [ "System" "TerminalEmulator" ];
+      settings = {
+        Keywords = "terminal;tty;pty;";
+        X-GNOME-UsesNotifications = "true";
+        X-TerminalArgExec = "-e";
+        X-TerminalArgTitle = "--title=";
+        X-TerminalArgAppId = "--class=";
+        X-TerminalArgDir = "--working-directory=";
+        X-TerminalArgHold = "--wait-after-command";
+      };
+      actions = {
+        new-window = {
+          name = "New Window";
+          exec = "nixGLMesa ghostty";
+        };
+      };
+    };
+  };
+}

modules/home-manager/git.nix

@@ -0,0 +1,13 @@
+{
+  flake.homeModules.git = { config, lib, ... }:
+  {
+    programs.git = {
+        enable = true;
+        settings = {
+          credential.helper = "store --file ~/.git-credentials";
+          init.defaultBranch = "main";
+          push.autoSetupRemote = true;
+        };
+    };
+  };
+}

modules/home-manager/sops.nix

@@ -0,0 +1,80 @@
+{ inputs, ... }:
+let
+  inputs' = inputs;  # save a reference before it's shadowed
+in
+{
+  flake-file.inputs = {
+    # Adding sops-nix to the flake-file inputs causes it to get added to the inputs in flake.nix when it gets generated.
+    # This also makes the sops-nix module available
+    sops-nix.url = "github:Mic92/sops-nix";
+    sops-nix.inputs.nixpkgs.follows = "nixpkgs";
+  };
+  
+  # Define the homeModules that are used by flake-parts
+  # https://flake.parts/options/home-manager.html#opt-flake.homeModules
+  flake.homeModules.sops = { inputs, config, pkgs, lib, ... }:
+  let
+    sopsBin = lib.getExe pkgs.sops;
+    sopsConfigPath = ../../.sops.yaml;
+    sopsSecretsPath = ../../keys/secrets.yaml;
+    ageKeyFile = "${config.xdg.configHome}/sops/age/keys.txt";
+  in
+  {
+    home.packages = with pkgs; [
+      eza
+      age
+      sops # This is necessary to make the sops binary available
+      ssh-to-age
+      (writeShellScriptBin "gen-age-key" ''
+        exec ${lib.getExe pkgs.ssh-to-age} -i ${config.sshIdentityFile} -private-key > ${ageKeyFile}
+      '')
+      (writeShellScriptBin "show-age-key" "exec ${lib.getExe pkgs.ssh-to-age} -i ${config.sshIdentityFile}.pub")
+      (writeShellScriptBin "edit-secrets" "exec ${sopsBin} --config ${sopsConfigPath} ${sopsSecretsPath}")
+      (writeShellScriptBin "ls-secrets" "exec ${lib.getExe pkgs.eza} -alT --follow-symlinks ~/.config/sops-nix/secrets")
+    ];
+
+    programs.zsh.shellAliases.sops = "exec ${sopsBin} --config ${sopsConfigPath}";
+
+    imports = [
+      # This import makes the sops config attribute available below
+      inputs'.sops-nix.homeManagerModules.sops
+    ];
+
+    home.sessionVariables = {
+      GMAIL_CREDS_PATH = "${config.xdg.configHome}/sops-nix/gmail_api_credentials.json";
+    };
+
+    # Option definitions for the sops home-manager module:
+    # https://github.com/Mic92/sops-nix/blob/master/modules/home-manager/sops.nix
+    sops = {
+      defaultSopsFile = "${sopsSecretsPath}";
+      defaultSopsFormat = "yaml";
+
+      # Not sure any of these are necessary
+      age.sshKeyPaths = [ "${config.sshIdentityFile}" ];
+      # age.keyFile = "${ageKeyFile}";
+      age.generateKey = true;
+
+      # secrets."api/gmail_client_secret" = {
+      #   path = "${config.xdg.configHome}/resticprofile/dendrite.txt";
+      # };
+      
+      templates."gmail_creds" = {
+        path = "${config.xdg.configHome}/sops-nix/gmail_api_credentials.json";
+        content = ''
+          {
+              "installed": {
+                  "client_id": "499012320469-vtml6emu6bmujpsj9lud2b44jqu7h26j.apps.googleusercontent.com",
+                  "project_id": "python-apis-423500",
+                  "auth_uri": "https://accounts.google.com/o/oauth2/auth",
+                  "token_uri": "https://oauth2.googleapis.com/token",
+                  "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
+                  "client_secret": "${config.sops.placeholder."api/gmail_client_secret"}",
+                  "redirect_uris": [ "http://localhost" ]
+              }
+          }
+        '';
+      };
+    };
+  };
+}

modules/home-manager/ssh.nix

@@ -0,0 +1,73 @@
+{inputs, ... }:
+let
+  userName = "john";
+in
+{
+  flake.homeModules.ssh = { pkgs, config, lib, ... }:
+  {
+    options = {
+      sshIdentityFile = lib.mkOption {
+        # Intentionally not using a path type here because that will end up with the private key getting copied into the store
+        type = lib.types.str;
+        default = "${config.home.homeDirectory}/.ssh/id_ed25519";
+        description = "Path to the SSH identity file.";
+      };
+    };
+
+    # All this stuff has to be wrapped in a config attribute because of the presence of the options here?
+    config = let
+      identityFile = config.sshIdentityFile;
+      publicKeyFile = "${identityFile}.pub";
+      certificateFile = "${identityFile}-cert.pub";
+      userKnownHostsFile = "${config.home.homeDirectory}/.ssh/known_hosts";
+    in {
+      home.packages = [
+        (pkgs.writeShellScriptBin "sign-ssh-cert" ''
+          echo "Signing ${publicKeyFile}"
+          echo "Copy the Step-CA JWK Provisioner password from 1password"
+          step ssh certificate --sign \
+          --principal root --principal ${userName} \
+          --provisioner admin \
+          ${userName} ${publicKeyFile}
+        '')
+      ];
+
+      programs.ssh = {
+        enable = true;
+        enableDefaultConfig = false;
+        extraConfig = ''
+          SetEnv TERM="xterm-256color"
+          IdentityAgent ~/.1password/agent.sock
+        '';
+
+        matchBlocks = {
+          "*" = {
+            user = "john";
+
+            compression = false;
+            serverAliveInterval = 0;
+            serverAliveCountMax = 3;
+
+            identitiesOnly = true;
+            inherit identityFile certificateFile;
+
+            hashKnownHosts = false;
+            userKnownHostsFile = "${userKnownHostsFile}";
+
+            addKeysToAgent = "yes";
+            forwardAgent = false;
+          };
+
+          "janus" = {
+            hostname = "janus.john-stream.com";
+            user = "root";
+          };
+          "soteria" = {
+            hostname = "soteria.john-stream.com";
+            user = "john";
+          };
+        };
+      };
+    };
+  };
+}

modules/home-manager/zsh.nix

@@ -0,0 +1,43 @@
+{ inputs, ... }:
+{
+  flake.homeModules.zsh = { pkgs, config, lib, ... }:
+  {
+    home.packages = with pkgs; [
+      eza
+      zsh
+    ];
+
+    programs.zsh = {
+      enable = true;
+      enableCompletion = true;
+      autosuggestion.enable = true;
+      # syntaxHighlighting.enable = true;
+      history = {
+        append = true;
+        ignoreAllDups = true;
+        ignorePatterns = [
+          "history"
+          "ls"
+          "eza"
+          "clear"
+        ];
+        save = 1000;
+        size = 1000;
+        share = true;
+      };
+      oh-my-zsh = {
+        enable = true;
+        # theme = "risto";
+        theme = "agnoster";
+        plugins = [
+          "sudo"
+          "dotenv"
+          "git"
+          "ssh"
+          "ssh-agent"
+        ];
+      };
+      shellAliases.ls = "${lib.getExe pkgs.eza} -lgos type --no-time --follow-symlinks";
+    };
+  };
+}