john/jsl-home
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: john:dev
Branches Tags
john:main john:restic john:sops john:split-graphical john:dev
john:v3 john:v2 john:v1
..
compare: john:sops
Branches Tags
john:restic john:sops john:split-graphical john:dev john:main
john:v3 john:v2 john:v1

17 Commits
dev ... sops

Author SHA1 Message Date
John Lancaster
706e9ee95f added uv 2025-07-07 18:02:13 -05:00
John Lancaster
2ebdda4ab4 secret change 2025-07-07 01:15:08 -05:00
John Lancaster
be5a15f3d4 moved sops stuff into sops.nix 2025-07-07 01:10:11 -05:00
John Lancaster
cc396c2daf actually enabled sops 2025-07-07 01:04:48 -05:00
John Lancaster
1fe7f9b901 redid path 2025-07-07 00:53:56 -05:00
John Lancaster
5f3d3a224a fixed inputs for sops 2025-07-07 00:31:27 -05:00
John Lancaster
7eb20ee07d started secrets file 2025-07-07 00:24:22 -05:00
John Lancaster
460f0d132d added sops 2025-07-07 00:22:25 -05:00
John Lancaster
5d5b15fb63 singular lib.optional 2025-07-06 23:59:40 -05:00
John Lancaster
92067f8b69 using mkMerge now 2025-07-06 23:54:22 -05:00
John Lancaster
cc21dcdc92 added sublime and joplin options 2025-07-06 23:47:05 -05:00
John Lancaster
ac9e58ede6 fixed pathss 2025-07-06 23:11:25 -05:00
John Lancaster
be57ba16dd made plugin sciprt optional 2025-07-06 23:08:07 -05:00
John Lancaster
2fd6a2c04a moved keys 2025-07-06 23:07:54 -05:00
John Lancaster
09e941abbd broke out common logic 2025-07-06 21:52:22 -05:00
John Lancaster
e21c901e94 moved options together 2025-07-06 21:42:40 -05:00
John Lancaster
ce738ae612 started splitting up graphical programs because some of them don't really work well on ubuntu 2025-07-06 21:39:41 -05:00
13 changed files with 123 additions and 41 deletions
Expand all files Collapse all files

9
.sops.yaml Normal file
View File

@@ -0,0 +1,9 @@
keys:
- &john-p14s age1f6drjusg866yscj8029tk4yfpgecklrvezldm02ankm6h8nnwu5s2u6ahy
- &john-pc age1ykcs39e62pz3xu6cedg8ea685kv5d5qsrhgkndygzm8rx30xd5ys5t3qxt
creation_rules:
- path_regex: secrets.yaml$
key_groups:
- age:
- *john-p14s
- *john-pc

6
README.md
View File

@@ -76,8 +76,10 @@ nhmu
enableShell = true; enableShell = true;
_1password = true; _1password = true;
docker = true; docker = true;
graphical = true; graphical = {
steam = true; steam = true;
vscode = true;
};
extraImports = [ extraImports = [
./home-manager/john.nix ./home-manager/john.nix
./home-manager/gnome.nix ./home-manager/gnome.nix

35
flake.nix
View File

@@ -12,6 +12,10 @@
url = "github:nix-community/nixGL"; url = "github:nix-community/nixGL";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
sops-nix = {
url = "github:Mic92/sops-nix";
inputs.nixpkgs.follows = "nixpkgs";
};
}; };
outputs = { self, nixpkgs, ... }@inputs: outputs = { self, nixpkgs, ... }@inputs:
@@ -22,12 +26,15 @@
# These will get applied to both the configured user and the root user (if enabled) # These will get applied to both the configured user and the root user (if enabled)
userOptions = config: { userOptions = config: {
openssh.authorizedKeys.keyFiles = lib.optionals config.ssh [ ./personal_keys ]; openssh.authorizedKeys = lib.mkIf config.ssh (lib.mkMerge [
(lib.mkIf (config.profile == "personal") { keyFiles = [ ./keys/personal ]; })
(lib.mkIf (config.profile == "work") { keyFiles = [ ./keys/work ]; })
]);
shell = lib.mkIf config.enableShell pkgs.zsh; shell = lib.mkIf config.enableShell pkgs.zsh;
}; };
mkhomeManagerModules = config: [ mkhomeManagerModules = config: [
self.homeManagerModules.default (self.homeManagerModules.default inputs)
# { inherit (config) extraImports; } # { inherit (config) extraImports; }
{ {
user = config.user; user = config.user;
@@ -38,7 +45,6 @@
_1password = config._1password; _1password = config._1password;
docker = config.docker; docker = config.docker;
graphical = config.graphical; graphical = config.graphical;
steam = config.steam;
} }
] ++ config.extraImports; ] ++ config.extraImports;
@@ -46,7 +52,9 @@
{ {
lib = { inherit mkhomeManagerModules; }; lib = { inherit mkhomeManagerModules; };
homeManagerModules.default = { ... }: { imports = [ ./homeManagerModules ]; }; homeManagerModules.default = inputs: {
imports = [ ./homeManagerModules ];
};
nixosModules.default = { config, ... }: { nixosModules.default = { config, ... }: {
imports = [ imports = [
@@ -54,14 +62,17 @@
inputs.home-manager.nixosModules.default inputs.home-manager.nixosModules.default
]; ];
nix.settings.trusted-users = [ "root" "@wheel" ]; nix.settings.trusted-users = [ "root" "@wheel" ];
users.users.${config.user} = { users.users.${config.user} = lib.mkMerge [
isNormalUser = true; {
description = "John Lancaster"; isNormalUser = true;
extraGroups = [] description = "John Lancaster";
++ lib.optionals config.root [ "wheel" ] extraGroups = []
++ lib.optionals config.docker [ "docker" ] ++ lib.optional config.root "wheel"
++ lib.optionals config.networking.networkmanager.enable [ "networkmanager" ]; ++ lib.optional config.docker "docker"
} // userOptions config; ++ lib.optional config.networking.networkmanager.enable "networkmanager";
}
(userOptions config)
];
users.users.root = lib.mkIf config.root (userOptions config); users.users.root = lib.mkIf config.root (userOptions config);
security.sudo-rs = lib.mkIf config.root { security.sudo-rs = lib.mkIf config.root {

16
homeManagerModules/default.nix
View File

@@ -6,6 +6,7 @@
./ghostty.nix ./ghostty.nix
./git.nix ./git.nix
./shell.nix ./shell.nix
./sops.nix
./ssh.nix ./ssh.nix
./vscode.nix ./vscode.nix
@@ -52,7 +53,7 @@
lazygit lazygit
btop btop
yazi yazi
sops uv
(writeShellScriptBin "nhmu" '' (writeShellScriptBin "nhmu" ''
nix flake update --flake ~/.config/home-manager nix flake update --flake ~/.config/home-manager
nix run home-manager -- switch --flake ~/.config/home-manager --impure nix run home-manager -- switch --flake ~/.config/home-manager --impure
@@ -62,15 +63,10 @@
# # parentheses. Maybe you want to install Nerd Fonts with a limited number of # # parentheses. Maybe you want to install Nerd Fonts with a limited number of
# # fonts? # # fonts?
# (pkgs.nerdfonts.override { fonts = [ "FantasqueSansMono" ]; }) # (pkgs.nerdfonts.override { fonts = [ "FantasqueSansMono" ]; })
] ++ lib.optionals config.graphical [ ]
discord ++ lib.optional config.graphical.discord discord
spotify ++ lib.optional config.graphical.joplin joplin-desktop
sublime4 ++ lib.optional config.graphical.sublime sublime4;
joplin-desktop
] ++ lib.optionals config._1password [
_1password-cli
gh # GitHub CLI with 1Password integration
];
# Home Manager can also manage your environment variables through # Home Manager can also manage your environment variables through
# 'home.sessionVariables'. These will be explicitly sourced when using a # 'home.sessionVariables'. These will be explicitly sourced when using a

6
homeManagerModules/ghostty.nix
View File

@@ -1,6 +1,6 @@
{ config, pkgs, lib, nixgl, ... }: { config, pkgs, lib, nixgl, ... }:
{ {
home.sessionVariables = lib.mkIf (config.enableShell && config.graphical) { home.sessionVariables = lib.mkIf (config.enableShell && config.graphical.ghostty) {
TERMINAL = "ghostty"; TERMINAL = "ghostty";
}; };
@@ -9,7 +9,7 @@
nixGL.defaultWrapper = "mesa"; nixGL.defaultWrapper = "mesa";
nixGL.installScripts = [ "mesa" ]; nixGL.installScripts = [ "mesa" ];
programs.ghostty = lib.mkIf (config.enableShell && config.graphical) { programs.ghostty = lib.mkIf (config.enableShell && config.graphical.ghostty) {
enable = true; enable = true;
enableZshIntegration = true; enableZshIntegration = true;
package = config.lib.nixGL.wrap pkgs.ghostty; package = config.lib.nixGL.wrap pkgs.ghostty;
@@ -52,7 +52,7 @@
}; };
# https://github.com/ghostty-org/ghostty/discussions/3763#discussioncomment-11699970 # https://github.com/ghostty-org/ghostty/discussions/3763#discussioncomment-11699970
xdg.desktopEntries."com.mitchellh.ghostty" = lib.mkIf (config.enableShell && config.graphical) { xdg.desktopEntries."com.mitchellh.ghostty" = lib.mkIf (config.enableShell && config.graphical.ghostty) {
name = "Ghostty"; name = "Ghostty";
type = "Application"; type = "Application";
comment = "A terminal emulator"; comment = "A terminal emulator";

4
homeManagerModules/shell.nix
View File

@@ -38,7 +38,9 @@
}; };
shellAliases.ls = "${pkgs.eza}/bin/eza -lgos type --no-time"; shellAliases.ls = "${pkgs.eza}/bin/eza -lgos type --no-time";
initContent = lib.mkIf config._1password '' initContent = lib.mkIf config._1password ''
source ${config.home.homeDirectory}/.config/op/plugins.sh if [ -f "${config.home.homeDirectory}/.config/op/plugins.sh" ]; then
source ${config.home.homeDirectory}/.config/op/plugins.sh
fi
''; '';
}; };
} }

24
homeManagerModules/sops.nix Normal file
View File

@@ -0,0 +1,24 @@
{ inputs, config, pkgs, lib, ... }:
let
sopsConfigPath = "${config.home.homeDirectory}/.config/home-manager/jsl-home/.sops.yaml";
sopsSecretsPath = "${config.home.homeDirectory}/.config/home-manager/jsl-home/keys/secrets.yaml";
in
{
imports = [
inputs.sops-nix.homeManagerModules.sops
];
sops = {
# It's also possible to use a ssh key, but only when it has no password:
age.sshKeyPaths = [ "${config.home.homeDirectory}/.ssh/id_ed25519" ];
defaultSopsFile = ../keys/secrets.yaml;
defaultSopsFormat = "yaml";
};
home.packages = with pkgs; [
(writeShellScriptBin "edit-secrets" ''
sops --config ${sopsConfigPath} ${sopsSecretsPath}
'')
sops
age
];
programs.zsh.shellAliases.sops = lib.mkIf config.enableShell "sops --config ${sopsConfigPath}";
}

2
homeManagerModules/vscode.nix
View File

@@ -1,6 +1,6 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
{ {
programs.vscode = lib.mkIf config.graphical { programs.vscode = lib.mkIf config.graphical.vscode {
enable = true; enable = true;
package = pkgs.vscode; package = pkgs.vscode;
profiles.default.extensions = with pkgs.vscode-extensions; [ profiles.default.extensions = with pkgs.vscode-extensions; [

0
personal_keys → keys/personal
View File

34
keys/secrets.yaml Normal file
View File

@@ -0,0 +1,34 @@
hello: ENC[AES256_GCM,data:4uC3/Tig8jP77fzue3w/gevs7yj61h3hF8bEMLPBlJakpna3G8DVAFOlyqEjOg==,iv:3LCkLVdAdMdo9cD/1usIYu/akZ5anpMlqciHrVcwOLU=,tag:sOSoPPxoippFJAusbtIuVQ==,type:str]
example_key: ENC[AES256_GCM,data:cLLYEiJbKg60ANK/h+kG,iv:1yrJt5JhbDP/9/Wb2l93fjwQF1hxERnxjPZ6qF4S/Bw=,tag:wbboaGylFJRSj4/TB+RCZg==,type:str]
#ENC[AES256_GCM,data:c0Ay18GCW/gowNHmF67TMg==,iv:T+FN8xaVilVSETMQztl6lmpLqnGiyrXhJvWsO+dBdd0=,tag:1D6TkngB116dOeCAX85djg==,type:comment]
example_array:
- ENC[AES256_GCM,data:yUJ7p5VfyQUANjbuz48=,iv:XTGb97tMV3mkPwNyKetSflLLlE31g9UgMPcelMPpNZ0=,tag:j5muB72Ogc/gtenvsWvpbQ==,type:str]
- ENC[AES256_GCM,data:8eQ2clCNBxPfdycPMOo=,iv:C9iT+wJH9ENJShNYo3IGceRwHyrlU6LUE7jpc+72KOw=,tag:YTbZqYJVMUoTRqD2ujTOvg==,type:str]
example_number: ENC[AES256_GCM,data:LhABh/RtBsdKAg==,iv:JGYFnixDNZUIRKJcuaenvO8D60T+Jvx/R7SWxbIPXsM=,tag:+1b/aj3x1yfQZ2j4OM5dcg==,type:float]
example_booleans:
- ENC[AES256_GCM,data:pGnelw==,iv:KAayJZ8px4Qupv0NfapSQ6valrVKndEtCb3U4MTmK/U=,tag:lkl+zBgkEMbFQjNssxYQjg==,type:bool]
- ENC[AES256_GCM,data:Vqqfp2w=,iv:SC1DS7G9/lHYtA6PPRbVsi/ZhyNUYvRjXxHIqCxqEPA=,tag:9hv6F1rP7xSd08KCKkuiLQ==,type:bool]
sops:
age:
- recipient: age1f6drjusg866yscj8029tk4yfpgecklrvezldm02ankm6h8nnwu5s2u6ahy
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoWkxDSnlNT2Vua1ZXWC8r
SU9UMnhaVXVEVlZGL3dtYTBJSzNGbHVaSTJNCm9ZTFM3RndpRktUcWhwZk1Fc2dk
ZGtoWXdoOWVyK1F0YStSS3dsMkg2R28KLS0tIFkrdVFZNlVxRjhPaWdMZXl2elV3
TVpyTzFsNFNmd3FNU0tlMnlTOHNTQWsKfKdN4epZokF74bCNr9+jxulZJFBQM83P
quMhl+H85My8jAsEeC9CW7y2jdNPJkfk9gHun4ozoW8U7o6y5RLfJg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1ykcs39e62pz3xu6cedg8ea685kv5d5qsrhgkndygzm8rx30xd5ys5t3qxt
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSakZRUnkraWtId2h3eUhB
REpkUHhYMm1MSmtFU2pvd1BpQ0xRTTlCWkZJCkxrTm1sdDBqclJ3RHR6VkllOFpo
ZXRtS2lsazRDS2lyRnZmT3FTTjJ6WUUKLS0tIExxNlFoeDhHQ3l5a1VvUHNRWUdw
Mms2UEhFSU82UWR5Z1VvU25qenJUQm8KtQeZDIfJIczm1l8ql/WmVEf8KI9dg0vw
9rNSjtBkEttVd21zUSOziG4513abllE8NFTkAc1z3HacuXpHTBnd5A==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-07-07T06:14:57Z"
mac: ENC[AES256_GCM,data:gqadQL2Qp31+3ATZa0r4LDVNv8txUBoRsj3nZnBdLXkyMXKUQD9kuPOS1j+/vF5bg1d6rVdQAWl8BKlcu7UyyhO95P3G4l7hxdNBQCuNbiyb0hxrR2G7O1ZpMGuKec7+cBRkpGtVMrPmvt/7Ymh27qXiV9Gx6j812iSlORolj3w=,iv:Fg23U8c5IRWLdy2KmLHK3O+O9P1P58JF1jqzKnM4wLY=,tag:n6mBBzxQ/hjh5yREwyVGkg==,type:str]
unencrypted_suffix: _unencrypted
version: 3.10.2

0
work_keys → keys/work
View File

26
nixosModules/options.nix
View File

@@ -60,15 +60,19 @@
description = "Whether to enable docker stuff"; description = "Whether to enable docker stuff";
}; };
options.graphical = lib.mkOption { options.graphical =
type = lib.types.bool; let
default = false; boolOption = lib.mkOption {
description = "Whether this system has a graphical environment"; type = lib.types.bool;
}; default = false;
};
options.steam = lib.mkOption { in
type = lib.types.bool; {
default = false; discord = boolOption;
description = "Whether this system has Steam installed"; ghostty = boolOption;
}; joplin = boolOption;
steam = boolOption;
sublime = boolOption;
vscode = boolOption;
};
} }

2
nixosModules/steam.nix
View File

@@ -1,6 +1,6 @@
{ config, pkgs, lib, ... }: { config, pkgs, lib, ... }:
{ {
programs.steam = lib.mkIf config.steam { programs.steam = lib.mkIf config.graphical.steam {
enable = true; enable = true;
gamescopeSession.enable = true; gamescopeSession.enable = true;
remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play