john/dendritic
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

initial commit

Browse Source
This commit is contained in:
John Lancaster
2026-02-16 09:14:16 -06:00
commit c62545221c
16 changed files with 702 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
.sops.yaml Normal file
View File

@@ -0,0 +1,14 @@
keys:
- &john-p14s age1f6drjusg866yscj8029tk4yfpgecklrvezldm02ankm6h8nnwu5s2u6ahy
- &john-pc age1ykcs39e62pz3xu6cedg8ea685kv5d5qsrhgkndygzm8rx30xd5ys5t3qxt
creation_rules:
- path_regex: \.yaml$
key_groups:
- age:
- *john-p14s
- *john-pc
- path_regex: \.json$
key_groups:
- age:
- *john-p14s
- *john-pc

207
flake.lock generated Normal file
View File

@@ -0,0 +1,207 @@
{
"nodes": {
"flake-file": {
"locked": {
"lastModified": 1771017549,
"narHash": "sha256-n68HeYEQJ67hMH2LPI0cERD2pkpNe5dyeOGg11uZ7rc=",
"owner": "vic",
"repo": "flake-file",
"rev": "9d89918faacdbd2ce26d0aa7298da0fecad8b437",
"type": "github"
},
"original": {
"owner": "vic",
"repo": "flake-file",
"type": "github"
}
},
"flake-parts": {
"inputs": {
"nixpkgs-lib": [
"nixpkgs-lib"
]
},
"locked": {
"lastModified": 1769996383,
"narHash": "sha256-AnYjnFWgS49RlqX7LrC4uA+sCCDBj0Ry/WOJ5XWAsa0=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "57928607ea566b5db3ad13af0e57e921e6b12381",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1771102945,
"narHash": "sha256-e5NfW8NhC3qChR8bHVni/asrig/ZFzd1wzpq+cEE/tg=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "ff5e5d882c51f9a032479595cbab40fd04f56399",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"import-tree": {
"locked": {
"lastModified": 1771045967,
"narHash": "sha256-oYO4poyw0Sb/db2PigqugMlDwsvwLg6CSpFrMUWxA3Q=",
"owner": "vic",
"repo": "import-tree",
"rev": "c968d3b54d12cf5d9c13f16f7c545a06c9d1fde6",
"type": "github"
},
"original": {
"owner": "vic",
"repo": "import-tree",
"type": "github"
}
},
"nixgl": {
"inputs": {
"flake-utils": "flake-utils",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1762090880,
"narHash": "sha256-fbRQzIGPkjZa83MowjbD2ALaJf9y6KMDdJBQMKFeY/8=",
"owner": "nix-community",
"repo": "nixGL",
"rev": "b6105297e6f0cd041670c3e8628394d4ee247ed5",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nixGL",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1770841267,
"narHash": "sha256-9xejG0KoqsoKEGp2kVbXRlEYtFFcDTHjidiuX8hGO44=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "ec7c70d12ce2fc37cb92aff673dcdca89d187bae",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1771177547,
"narHash": "sha256-erxy9meNKMaKpKQpl8KfhZsVY4EtR4eaHT94jY98Ty0=",
"rev": "ac055f38c798b0d87695240c7b761b82fc7e5bc2",
"type": "tarball",
"url": "https://releases.nixos.org/nixpkgs/nixpkgs-26.05pre946843.ac055f38c798/nixexprs.tar.xz"
},
"original": {
"type": "tarball",
"url": "https://channels.nixos.org/nixpkgs-unstable/nixexprs.tar.xz"
}
},
"root": {
"inputs": {
"flake-file": "flake-file",
"flake-parts": "flake-parts",
"home-manager": "home-manager",
"import-tree": "import-tree",
"nixgl": "nixgl",
"nixpkgs": "nixpkgs_2",
"nixpkgs-lib": [
"nixpkgs"
],
"sops-nix": "sops-nix",
"systems": "systems_2"
}
},
"sops-nix": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1770683991,
"narHash": "sha256-xVfPvXDf9QN3Eh9dV+Lw6IkWG42KSuQ1u2260HKvpnc=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "8b89f44c2cc4581e402111d928869fe7ba9f7033",
"type": "github"
},
"original": {
"owner": "Mic92",
"repo": "sops-nix",
"type": "github"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_2": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
}
},
"root": "root",
"version": 7
}

29
flake.nix Normal file
View File

@@ -0,0 +1,29 @@
# DO-NOT-EDIT. This file was auto-generated using github:vic/flake-file.
# Use `nix run .#write-flake` to regenerate it.
{
description = "A dendritic setup.";
outputs = inputs: inputs.flake-parts.lib.mkFlake { inherit inputs; } (inputs.import-tree ./modules);
inputs = {
flake-file.url = "github:vic/flake-file";
flake-parts = {
inputs.nixpkgs-lib.follows = "nixpkgs-lib";
url = "github:hercules-ci/flake-parts";
};
home-manager.url = "github:nix-community/home-manager";
import-tree.url = "github:vic/import-tree";
nixgl = {
inputs.nixpkgs.follows = "nixpkgs";
url = "github:nix-community/nixGL";
};
nixpkgs.url = "https://channels.nixos.org/nixpkgs-unstable/nixexprs.tar.xz";
nixpkgs-lib.follows = "nixpkgs";
sops-nix = {
inputs.nixpkgs.follows = "nixpkgs";
url = "github:Mic92/sops-nix";
};
systems.url = "github:nix-systems/default";
};
}

3
keys/personal Normal file
View File

@@ -0,0 +1,3 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDIaHS9CLiDc6T1tja0fBwwv5qc6iwuckWN6w8MNo5yiR8LPWyrfueowNJkL4HMqu6OEuggtdybGw1Do4sW5o+toHCyWfZf3khI1l15opPXuVpD4CWED+SpJiZ0wBgRaCaWhfxLI+s4JOhjOO2OjiClPX3HfxIHyTpRiR78lOMcIieHSnzrAV2MatYKf6lL2ckOsIPwxo/OVM+1ljjX+HLq9IxGUCpWOnF4nF1rq3gKL2JUh2KsrgrzE3NB7EFuqKm8F0tF2rG3JjSvlwox0h06drKD02lpZWXPOBRlcyFDpNXymmc2bpG0S2Bbj5g+pqNBB0jO0h3kzWvYYqrtU/ElObg1cXhyi0PFOhhptlbhbK0Ao8B+pAbSZ661nMT3jpRWLVbnJrRFnXXdjX08r5eseQ3k4CFpv+g64n7yg3IMo9f8gA9P/hOexR+qu5AQ1Ad/tvkp6pPXnR/zsUnbe4p2A9MaNJm4E1zxbs5VGlXynNikXwDL+spkrnjwdfUULTk= john@JOHN-PC
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFn5ilhqaeDsOWSk7y29se2NvxGm8djlfL3RGLokj0q6 john@john-p14s
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDHh9SBuxU2dOJHnpGZAE4cwe0fXcTBBAx+JmRsmIX+Tk8zooeM32vbNxxSXiZNpBGH5wzHNb534dWexGGG3sOaONmcL7SCoPIvaAdnIn5VsiznerLrzppSbx3Qn8eyF97WAGCcOcIUNmTIDDx1m6zG762WQnoaUEy0Ul5IR7ET5GQxP3p5Qwx8yqfixKDwarvV421sUIxYt9gee31jS9jcI3MFd6EL57hWle95Z8BGpR/Q7sXDBTZQWMZauh5NPwLMZS7k3bHgxXZ7WNOw/J/yts1ckBbvIFJSRNnMuWD0oGnDTL6aivGi+Eiswp0fpKzYGzquB3/wr3VU4G1JcMM5 JuiceSSH

28
keys/secrets.yaml Normal file
View File

@@ -0,0 +1,28 @@
restic_password:
john_ubuntu: ENC[AES256_GCM,data:Q4lUaFFDgoK9k4kQj7hSVKaFDGW0T+6V+OpFU5R528R3EKM7YJMgcFX+sK3mWl9XA4/6E1GeINpIqOpx+FP5Cf/8qt9sXBXCmXXSYdA4IH3RS6a1NkcIVjsTMvpn4q/fslCeYN4LB+r4pBGmdca105miqVun8J69cZGwjZ+wuxrMAP+mdnHdSUPycjNWJJzmEa3waQsygAi4A5cAN5sigOPBxe2pCTh/FEKoTgWmzHGJvcjrzuL6wNOpQrkMWwTsHCtbe9dyMP/fQpoBgYDT4W9Rd4XHhbrooje+g3x48EL1rkRIVVNRavpRUih/mjcdJGzzJ6jZmLLcc1f7SZIKZht7f+ZcdZl3rKQB+WanZgK/KAgKBRCrbIk2eeBZwkcRSw5kmGFU7x0azdIipJYj+3KHHQS5S2VW4j2tQG74xK3qaNJcSMjpKmdI1dHcPf0x2ILaDDV9Ts0H4GTOB2zO9iGy7x2tdPd4tugxxk5rr5rphTZL3lgUf0Ri/qMkJh9I8CsjUdvRycHeIEUZPmEVaIqJC2jrd2pBslis5VWD/6PHQBCob07d1fcpIYox4YXM3GcLg3OxiD8nZ7DTzGRMhciZtTKKWbBT8qzPud4ZQvDkT5l+XOpeM13wXFIMa13CwOzYeyWjycED0VQ/i3XRw9+9lg3cosfxaPdaFtv4MjV7Od62G/UJw3OxaQOHM2y24N+Q0pSBoTdDAFwDCH/kcqZji6ZrVTu4Rad8opcILJJcqC+pjegDvBtUdDz+G3/dFiS6m8RYIRb7qB5yEX/lCgzlECmRS2XP8uraNJ5NN8rtk0gdBtaI9/78YyAjLLGkjIcIR4uJA5buCZBR9jIdqf4f52fowbx18VPrwFXN2mYX6mPsKbDmaz0ILHq/I9n8bS/KM7gIQmTw/RAUwnmL4IRu8zHn6nmIqj6d8AkjYx7s6pG8OF8LgfhqZT7tdPKCd+n/HnYn1fZGSw26zHzPd4nKnVV1e3NYvX6CVwVycerGs9elOKtOI8GsrWYyXzJbfC+nWxbHKI/t6sxyzTBrHPR4r6l/CchQF+SfBs5aELKExe7h325qBB2y6EFdkbxTj1tPGqxttp9xJB1LUyNtwsEAkpD44JNqPxZCYHQbeVE3Oo3TYtRUSVWREc1WNIsfSG/anScYUhDEah9YyIdiG+O71QqegunusLoxmpF2rQtx7shtAvJV3skDBB0tFDoQyIV+yPo7kPV0D7Ig+Ba+mk5ASJrT9DXZ53Q2CCTLAuslU4MP7g22RX8rU3s2hFJq8m7wvMwpqa9Tr6O38i1wX4PhG1VRMM8EIlMQnLWWKmni6NbOYiRxFYJMioxH5SyE4ODQYXy5YIuLoRsX8VR6UqJ1GZb7sJf3M1aPOFOHzTN9hnziTRRe1KCMoBrAghrqhvL1VRr9X5PYMxnjBh6o0d5YTN0WOGD2iEVbCzqxFXcxQZBBp4KyNAAhFhGNw8WUp/rVoyCYn7+OEYFspY4FmGMTYhvxbq5LEptXeQgOP2ggBkqsw8sYP9oj1cb4kzBNv8M7nR9kM1EqvZpFV47phoTbBeMY4DZOJodkASFVM5/7ijWy/M9rtWMFMCXKURKkAQJRFADs0KqMJ5osnFFnubX7vKgK736XXF4+wIQuuHqEsYDZ90ftInxq8sYRnb2FZ0EV4yc8qqnz++fjwrAA5EV+zhL6l6hum1zL8JkUJ1ICKZ905If6nIeoul8MY3B1Cz4W+osN2Wtl8OeJ2t3iZx3wk/unVa8uDZH1owu47He68e2V8vpYxOaW4/hLyy/XuL5DukETrhRjC+7GbEaKaCwoA2UwAdqU,iv:N8ek+tp16WiZgjTDxXb0CRXH+MbLsl/oZ/OwcOoVRO0=,tag:uIzCSX0R/EObF/RdWxj64w==,type:str]
api:
gmail_client_secret: ENC[AES256_GCM,data:du2gEY5TQIwpUEvJKDWKY3noLRGeiKek4IMwPUusVx8NMys=,iv:hIYi1xQYf6+hDhK0pNprBYu6wXwRH2yOTwQg6pzQa0A=,tag:sqmQ5GCkKbHpIy2R+Y5G/A==,type:str]
sops:
age:
- recipient: age1f6drjusg866yscj8029tk4yfpgecklrvezldm02ankm6h8nnwu5s2u6ahy
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoWkxDSnlNT2Vua1ZXWC8r
SU9UMnhaVXVEVlZGL3dtYTBJSzNGbHVaSTJNCm9ZTFM3RndpRktUcWhwZk1Fc2dk
ZGtoWXdoOWVyK1F0YStSS3dsMkg2R28KLS0tIFkrdVFZNlVxRjhPaWdMZXl2elV3
TVpyTzFsNFNmd3FNU0tlMnlTOHNTQWsKfKdN4epZokF74bCNr9+jxulZJFBQM83P
quMhl+H85My8jAsEeC9CW7y2jdNPJkfk9gHun4ozoW8U7o6y5RLfJg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1ykcs39e62pz3xu6cedg8ea685kv5d5qsrhgkndygzm8rx30xd5ys5t3qxt
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSakZRUnkraWtId2h3eUhB
REpkUHhYMm1MSmtFU2pvd1BpQ0xRTTlCWkZJCkxrTm1sdDBqclJ3RHR6VkllOFpo
ZXRtS2lsazRDS2lyRnZmT3FTTjJ6WUUKLS0tIExxNlFoeDhHQ3l5a1VvUHNRWUdw
Mms2UEhFSU82UWR5Z1VvU25qenJUQm8KtQeZDIfJIczm1l8ql/WmVEf8KI9dg0vw
9rNSjtBkEttVd21zUSOziG4513abllE8NFTkAc1z3HacuXpHTBnd5A==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-08-03T17:03:22Z"
mac: ENC[AES256_GCM,data:c3rcMHTRxbnpQoW5eLn0X1aCL1v2ft05UTcHaCuGiCaF3b/loVjEQr30pepBgR07PSleTIi375Y0Rj8ik8Ot3j+Zl5BR32bEtqf6gcWwz6oSmeORDrJS15698d7/avJl82/EC0ZN77j+fcdkWZrCJHb47HGfRxKl9L5HbyWasA4=,iv:g3d3C571uYpTTFixYZg+ztg8jTdof1g6Hb5gtRvpRkk=,tag:8kAxrUwUVeWvpYjWMDE+AA==,type:str]
unencrypted_suffix: _unencrypted
version: 3.10.2

0
keys/work Normal file
View File

16
modules/default.nix Normal file
View File

@@ -0,0 +1,16 @@
{ inputs, ... }:
{
imports = [
inputs.flake-file.flakeModules.dendritic
# inputs.flake-parts.flakeModules.modules
];
flake-file.description = "A dendritic setup.";
# flake-file.inputs = {
# flake-file.url = "github:vic/flake-file";
# flake-parts.url = "github:hercules-ci/flake-parts";
# nixpkgs.url = "github:nixos/nixpkgs/nixpkgs-unstable";
# systems.url = "github:nix-systems/default";
# };
systems = import inputs.systems;
}

30
modules/home-manager/default.nix Normal file
View File

@@ -0,0 +1,30 @@
{ inputs, ... }:
{
imports = [
inputs.home-manager.flakeModules.home-manager
];
flake-file.inputs = {
home-manager.url = "github:nix-community/home-manager";
};
flake.homeModules.rebuild = { pkgs, lib, ... }:
let
nixBin = lib.getExe pkgs.nix;
flakeDir = "~/.config/home-manager/jsl-home";
in
{
home.packages = with pkgs; [
home-manager
(writeShellScriptBin "flake-parts-check" ''
cd ${flakeDir}
${nixBin} run ".#write-flake"
${nixBin} flake check
'')
(writeShellScriptBin "nhms" ''
cd ${flakeDir}
${nixBin} run ".#write-flake"
${lib.getExe home-manager} switch --impure --flake ${flakeDir}
'')
];
};
}

84
modules/home-manager/ghostty.nix Normal file
View File

@@ -0,0 +1,84 @@
{ inputs, ... }:
{
flake-file.inputs = {
nixgl = {
url = "github:nix-community/nixGL";
inputs.nixpkgs.follows = "nixpkgs";
};
};
flake.homeModules.ghostty = { config, pkgs, lib, ... }:
{
home.sessionVariables = {
TERMINAL = "ghostty";
};
targets.genericLinux.nixGL = {
packages = inputs.nixgl.packages.${pkgs.system};
defaultWrapper = "mesa";
installScripts = [ "mesa" ];
};
programs.ghostty = {
enable = true;
enableZshIntegration = true;
package = config.lib.nixGL.wrap pkgs.ghostty;
settings = {
command = "TERM=xterm-256color ${lib.getExe pkgs.zsh}";
font-size = 12;
font-family = "Source Code Pro";
theme = "Catppuccin Mocha";
copy-on-select = true;
shell-integration = "zsh";
shell-integration-features = [ "no-title" "sudo" ];
gtk-single-instance = true;
window-padding-balance = true;
window-padding-x = 5;
window-padding-y = 5;
initial-window = true;
resize-overlay = "never";
keybind = [
"ctrl+s>n=new_split:down"
"ctrl+t>n=new_tab"
"ctrl+t>1=goto_tab:1"
"ctrl+t>2=goto_tab:2"
"ctrl+t>3=goto_tab:3"
"ctrl+s>i=goto_split:up"
"ctrl+s>k=goto_split:down"
];
window-height = 40;
window-width = 200;
};
};
# https://github.com/ghostty-org/ghostty/discussions/3763#discussioncomment-11699970
xdg.desktopEntries."com.mitchellh.ghostty" = {
name = "Ghostty";
type = "Application";
comment = "A terminal emulator";
exec = "nixGLMesa ghostty";
icon = "com.mitchellh.ghostty";
terminal = false;
startupNotify = true;
categories = [ "System" "TerminalEmulator" ];
settings = {
Keywords = "terminal;tty;pty;";
X-GNOME-UsesNotifications = "true";
X-TerminalArgExec = "-e";
X-TerminalArgTitle = "--title=";
X-TerminalArgAppId = "--class=";
X-TerminalArgDir = "--working-directory=";
X-TerminalArgHold = "--wait-after-command";
};
actions = {
new-window = {
name = "New Window";
exec = "nixGLMesa ghostty";
};
};
};
};
}

13
modules/home-manager/git.nix Normal file
View File

@@ -0,0 +1,13 @@
{
flake.homeModules.git = { config, lib, ... }:
{
programs.git = {
enable = true;
settings = {
credential.helper = "store --file ~/.git-credentials";
init.defaultBranch = "main";
push.autoSetupRemote = true;
};
};
};
}

0
modules/home-manager/scripts.nix Normal file
View File

80
modules/home-manager/sops.nix Normal file
View File

@@ -0,0 +1,80 @@
{ inputs, ... }:
let
inputs' = inputs; # save a reference before it's shadowed
in
{
flake-file.inputs = {
# Adding sops-nix to the flake-file inputs causes it to get added to the inputs in flake.nix when it gets generated.
# This also makes the sops-nix module available
sops-nix.url = "github:Mic92/sops-nix";
sops-nix.inputs.nixpkgs.follows = "nixpkgs";
};
# Define the homeModules that are used by flake-parts
# https://flake.parts/options/home-manager.html#opt-flake.homeModules
flake.homeModules.sops = { inputs, config, pkgs, lib, ... }:
let
sopsBin = lib.getExe pkgs.sops;
sopsConfigPath = ../../.sops.yaml;
sopsSecretsPath = ../../keys/secrets.yaml;
ageKeyFile = "${config.xdg.configHome}/sops/age/keys.txt";
in
{
home.packages = with pkgs; [
eza
age
sops # This is necessary to make the sops binary available
ssh-to-age
(writeShellScriptBin "gen-age-key" ''
exec ${lib.getExe pkgs.ssh-to-age} -i ${config.sshIdentityFile} -private-key > ${ageKeyFile}
'')
(writeShellScriptBin "show-age-key" "exec ${lib.getExe pkgs.ssh-to-age} -i ${config.sshIdentityFile}.pub")
(writeShellScriptBin "edit-secrets" "exec ${sopsBin} --config ${sopsConfigPath} ${sopsSecretsPath}")
(writeShellScriptBin "ls-secrets" "exec ${lib.getExe pkgs.eza} -alT --follow-symlinks ~/.config/sops-nix/secrets")
];
programs.zsh.shellAliases.sops = "exec ${sopsBin} --config ${sopsConfigPath}";
imports = [
# This import makes the sops config attribute available below
inputs'.sops-nix.homeManagerModules.sops
];
home.sessionVariables = {
GMAIL_CREDS_PATH = "${config.xdg.configHome}/sops-nix/gmail_api_credentials.json";
};
# Option definitions for the sops home-manager module:
# https://github.com/Mic92/sops-nix/blob/master/modules/home-manager/sops.nix
sops = {
defaultSopsFile = "${sopsSecretsPath}";
defaultSopsFormat = "yaml";
# Not sure any of these are necessary
age.sshKeyPaths = [ "${config.sshIdentityFile}" ];
# age.keyFile = "${ageKeyFile}";
age.generateKey = true;
# secrets."api/gmail_client_secret" = {
# path = "${config.xdg.configHome}/resticprofile/dendrite.txt";
# };
templates."gmail_creds" = {
path = "${config.xdg.configHome}/sops-nix/gmail_api_credentials.json";
content = ''
{
"installed": {
"client_id": "499012320469-vtml6emu6bmujpsj9lud2b44jqu7h26j.apps.googleusercontent.com",
"project_id": "python-apis-423500",
"auth_uri": "https://accounts.google.com/o/oauth2/auth",
"token_uri": "https://oauth2.googleapis.com/token",
"auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
"client_secret": "${config.sops.placeholder."api/gmail_client_secret"}",
"redirect_uris": [ "http://localhost" ]
}
}
'';
};
};
};
}

73
modules/home-manager/ssh.nix Normal file
View File

@@ -0,0 +1,73 @@
{inputs, ... }:
let
userName = "john";
in
{
flake.homeModules.ssh = { pkgs, config, lib, ... }:
{
options = {
sshIdentityFile = lib.mkOption {
# Intentionally not using a path type here because that will end up with the private key getting copied into the store
type = lib.types.str;
default = "${config.home.homeDirectory}/.ssh/id_ed25519";
description = "Path to the SSH identity file.";
};
};
# All this stuff has to be wrapped in a config attribute because of the presence of the options here?
config = let
identityFile = config.sshIdentityFile;
publicKeyFile = "${identityFile}.pub";
certificateFile = "${identityFile}-cert.pub";
userKnownHostsFile = "${config.home.homeDirectory}/.ssh/known_hosts";
in {
home.packages = [
(pkgs.writeShellScriptBin "sign-ssh-cert" ''
echo "Signing ${publicKeyFile}"
echo "Copy the Step-CA JWK Provisioner password from 1password"
step ssh certificate --sign \
--principal root --principal ${userName} \
--provisioner admin \
${userName} ${publicKeyFile}
'')
];
programs.ssh = {
enable = true;
enableDefaultConfig = false;
extraConfig = ''
SetEnv TERM="xterm-256color"
IdentityAgent ~/.1password/agent.sock
'';
matchBlocks = {
"*" = {
user = "john";
compression = false;
serverAliveInterval = 0;
serverAliveCountMax = 3;
identitiesOnly = true;
inherit identityFile certificateFile;
hashKnownHosts = false;
userKnownHostsFile = "${userKnownHostsFile}";
addKeysToAgent = "yes";
forwardAgent = false;
};
"janus" = {
hostname = "janus.john-stream.com";
user = "root";
};
"soteria" = {
hostname = "soteria.john-stream.com";
user = "john";
};
};
};
};
};
}

43
modules/home-manager/zsh.nix Normal file
View File

@@ -0,0 +1,43 @@
{ inputs, ... }:
{
flake.homeModules.zsh = { pkgs, config, lib, ... }:
{
home.packages = with pkgs; [
eza
zsh
];
programs.zsh = {
enable = true;
enableCompletion = true;
autosuggestion.enable = true;
# syntaxHighlighting.enable = true;
history = {
append = true;
ignoreAllDups = true;
ignorePatterns = [
"history"
"ls"
"eza"
"clear"
];
save = 1000;
size = 1000;
share = true;
};
oh-my-zsh = {
enable = true;
# theme = "risto";
theme = "agnoster";
plugins = [
"sudo"
"dotenv"
"git"
"ssh"
"ssh-agent"
];
};
shellAliases.ls = "${lib.getExe pkgs.eza} -lgos type --no-time --follow-symlinks";
};
};
}

39
modules/lib.nix Normal file
View File

@@ -0,0 +1,39 @@
{
inputs,
...
}:
{
flake.lib = {
loadNixosAndHmModuleForUser =
config: modules: username:
assert builtins.isAttrs config;
assert builtins.isList modules;
assert builtins.isString username;
{
imports = (builtins.map (module: config.flake.modules.nixos.${module} or { }) modules) ++ [
{
imports = [
inputs.home-manager.nixosModules.home-manager
];
home-manager.users.${username}.imports = [
(
{ osConfig, ... }:
{
home.stateVersion = osConfig.system.stateVersion;
}
)
] ++ builtins.map (module: config.flake.modules.homeManager.${module} or { }) modules;
}
];
};
loadHmModules =
config: modules:
assert builtins.isAttrs config;
assert builtins.isList modules;
{
imports = builtins.map (module: config.flake.homeModules.${module} or { }) modules;
};
};
}

43
modules/profiles/john.nix Normal file
View File

@@ -0,0 +1,43 @@
{ inputs, self, ... }:
let
userName = "john";
in
{
flake.homeModules."${userName}" = {
home.username = userName;
home.homeDirectory = "/home/${userName}";
home.stateVersion = "25.11";
programs.git.settings.user.name = "John Lancaster";
programs.git.settings.user.email = "32917998+jsl12@users.noreply.github.com";
};
flake.modules.nixos."${userName}" =
{ pkgs, ... }:
{
users.users."${userName}" = {
name = "${userName}";
shell = pkgs.zsh;
};
programs.zsh.enable = true;
home-manager.users."${userName}" = {
imports = [
inputs.self.homeModules."${userName}"
];
};
};
flake.homeConfigurations.${userName} = inputs.home-manager.lib.homeManagerConfiguration {
pkgs = import inputs.nixpkgs { system = "x86_64-linux"; };
modules = with inputs.self.homeModules; [
john
ssh
git
rebuild
ghostty
sops
zsh
];
};
}