jsl-home/flake.nix

{
  description = "Home Manager configuration flake for JSL";

  inputs = {
    nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
    home-manager = {
      url = "github:nix-community/home-manager";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    _1password-shell-plugins.url = "github:1Password/shell-plugins";
  };

  outputs = { self, nixpkgs, ... }@inputs:
    let
      system = "x86_64-linux";
      pkgs = nixpkgs.legacyPackages.${system};
      lib = pkgs.lib;

      # These will get applied to both the configured user and the root user (if enabled)
      userOptions = config: {
        openssh.authorizedKeys.keyFiles = lib.optionals config.ssh [ ./personal_keys ];
        shell = lib.mkIf config.enableShell pkgs.zsh;
      };

      mkhomeManagerModules = config: [
        self.homeManagerModules.default {
          user = config.user;
          stateVersion = config.stateVersion;
          profile = config.profile;
          enableShell = config.enableShell;
          ssh = config.ssh;
          _1password = config._1password;
          docker = config.docker;
        }
      ] ++ config.extraImports;

    in
    {
      lib = { inherit mkhomeManagerModules; };

      homeManagerModules.default = { ... }: {
        imports = [
          ./nixosModules/options.nix
          ./home.nix
          inputs._1password-shell-plugins.hmModules.default
        ];
        nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [
          "1password-cli"
        ];
        
        home.packages = with pkgs; [
          (writeShellScriptBin "nhmu" ''
            nix flake update --flake ~/.config/home-manager
            nix run home-manager -- switch --flake ~/.config/home-manager
          '')
        ];
      };

      nixosModules.default = { config, ... }: {
        imports = [
          ./nixosModules/options.nix
          ./nixosModules/scripts.nix
          inputs.home-manager.nixosModules.default
        ];
        nix.settings.trusted-users = [ "root" "@wheel" ];
        users.users.${config.user} = {
          isNormalUser = true;
          description = "John Lancaster";
          extraGroups = []
          ++ lib.optionals config.root [ "wheel" ]
          ++ lib.optionals config.docker [ "docker" ]
          ++ lib.optionals config.networking.networkmanager.enable [ "networkmanager" ];
        } // userOptions config;

        users.users.root = lib.mkIf config.root (userOptions config);
        security.sudo-rs = lib.mkIf config.root {
          enable = true;
          execWheelOnly = false;
          wheelNeedsPassword = false;
          extraConfig = "Defaults        timestamp_timeout=1440";
        };

        programs.zsh.enable = lib.mkIf config.enableShell true;

        virtualisation.docker = lib.mkIf config.docker {
          enable = true;
          enableOnBoot = true;
          package = pkgs.docker;
        };

        home-manager = {
          useUserPackages = true;
          extraSpecialArgs = { inherit inputs; };
          users = {
            ${config.user} = {
              imports = mkhomeManagerModules config;
            };
          } // lib.optionalAttrs config.root {
            root = {
              # home.stateVersion = config.stateVersion;
              imports = mkhomeManagerModules (config // { user = "root"; });
            };
          };
        };
      };
    };
}