include home manager config

configurations/home/toph@endurance/config/cron.nix

@@ -46,6 +46,8 @@
     text = bin;
   };
 in {
+  bosun.secrets.repoUpdatePAT = "repo-update-pat.age";
+
   systemd.user.timers."update-hausgold-github" = {
     Install.WantedBy = ["timers.target"];
     Timer = {

configurations/home/toph@endurance/config/dev.nix

@@ -1,4 +1,8 @@
-{pkgs, ...}: {
+{
+  pkgs,
+  config,
+  ...
+}: {
   home.packages = with pkgs; [
     # Editors
     jetbrains-toolbox # Installer for JetBrains IDEs
@@ -46,6 +50,11 @@
     nodejs_20.pkgs.pnpm
   ];
 
+  bosun.secrets.npmrc = {
+    rekeyFile = "npmrc.age";
+    path = "${config.home.homeDirectory}/.npmrc";
+  };
+
   programs = {
     go.enable = true;
 

configurations/home/toph@endurance/default.nix

@@ -1,14 +1,14 @@
 {
   pkgs,
   config,
-  lib,
-  inputs,
   ...
 } @ all: {
+  bosun.key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHl33DPxxzxrNNjM8rL4ktAj4ExzCyGiU8rKog0csxNA";
+
   imports =
     [
       # inputs.ovos.homeManagerModules.default
-
+      ./gaming.nix
       ./ssh.nix
       ./email.nix
       ./gpg
@@ -17,30 +17,14 @@
       ./default-applications.nix
       ./misc/launcher.nix
       ./misc/browser.nix
-      ./misc/gaming.nix
       ./misc/onedrive.nix
       ./misc/creativity.nix
       ./misc/recording.nix
       ./misc/everything.nix # TODO: Determine if we really always want all these programs or they should be composable
-      ./global/current-packages.nix
     ]
     ++ (import ./config.nix all);
 
-  elements.secrets = {
+  #.kitty.enable = true;
-    rekeyPath = "christopher_cobalt";
-    key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHl33DPxxzxrNNjM8rL4ktAj4ExzCyGiU8rKog0csxNA";
-
-    needs = {
-      repoUpdatePAT = "repo-update-pat.age";
-      emailPassword = "email-password.age";
-      npmrc = {
-        rekeyFile = "npmrc.age";
-        path = "${config.home.homeDirectory}/.npmrc";
-      };
-    };
-  };
-
-  elements.kitty.enable = true;
 
   services = {
     activitywatch = {

configurations/home/toph@endurance/email.nix

@@ -11,6 +11,8 @@
     passwordCommand = "cat ${config.age.secrets.emailPassword.path}";
   };
 in {
+  bosun.secrets.emailPassword = "email-password.age";
+
   programs = {
     # TODO: Move this into its own file
     irssi = {

configurations/home/toph@endurance/global/current-packages.nix

@@ -1,12 +0,0 @@
-{
-  config,
-  pkgs,
-  ...
-}: {
-  home.file.".cache/current-home-manager-packages".text = let
-    packages = builtins.map (p: "${p.name}") config.home.packages;
-    sortedUnique = builtins.sort builtins.lessThan (pkgs.lib.lists.unique packages);
-    formatted = builtins.concatStringsSep "\n" sortedUnique;
-  in
-    formatted;
-}

configurations/home/toph@endurance/misc/recording.nix

@@ -14,13 +14,13 @@
   programs.firefox.profiles."streaming" = {
     id = 2;
     settings = {};
-    extensions.packages = with pkgs.nur.repos.rycee.firefox-addons; [
+    # extensions.packages = with inputs'.nur.packages.repos.rycee.firefox-addons; [
-      kagi-search
+    #   kagi-search
-      kagi-privacy-pass
+    #   kagi-privacy-pass
-      ublock-origin
+    #   ublock-origin
-      # dark-reader
+    #   # dark-reader
-      tree-style-tab
+    #   tree-style-tab
-    ];
+    # ];
 
     search = {
       force = true;

configurations/home/toph@endurance/ssh.nix

@@ -10,10 +10,10 @@
     "id_github"
     "id_hausgold"
     "id_homeassistant"
-    "id_rhenium"
+    "id_alvin"
   ];
 in {
-  elements.secrets.needs = builtins.listToAttrs (
+  bosun.secrets = builtins.listToAttrs (
     builtins.map
     (key:
       lib.attrsets.nameValuePair key {

flake.nix

@@ -70,7 +70,11 @@
     };
   };
 
-  outputs = inputs @ {flake-parts, ...}:
+  outputs = inputs @ {
+    flake-parts,
+    nixpkgs,
+    ...
+  }:
     flake-parts.lib.mkFlake {inherit inputs;} (top @ {
       config,
       withSystem,
@@ -79,7 +83,6 @@
     }: {
       imports = [
         inputs.agenix-rekey.flakeModules.default
-        inputs.home-manager.flakeModules.home-manager
         ./modules/flake
       ];
     });

lib/default.nix

@@ -2,8 +2,6 @@
   rootPath = ./..;
   secret = name: ./../secrets/${name};
 
-  commonHomeModule = module: ./../homes/common + "/${module}";
-  fixture = path: ./../fixtures + "/${path}";
   writeNushellApplication = import ./writeNushellApplication.nix {inherit lib;};
 
   # Determines the file location of the passed in attr set (e.g. `{ sep = "#"; })
@@ -13,40 +11,4 @@
     ref = builtins.unsafeGetAttrPos "sep" attrs;
   in
     "${sep} ${ref.file}:${builtins.toString ref.line}\n" + str;
-
-  enabled = {enable = true;};
-  disabled = {enable = false;};
-
-  agenixRekeyConfig = self: config: {
-    rekey = {
-      hostPubkey = config.key;
-
-      # See https://github.com/oddlama/agenix-rekey?tab=readme-ov-file#local for
-      # potential effects of this decision.
-      storageMode = "local";
-      localStorageDir = self + "/secrets/rekeyed/${config.rekeyPath}";
-
-      # Used to decrypt stored secrets for rekeying.
-      masterIdentities = [
-        (self + "/secrets/keys/master-identity.pub")
-      ];
-
-      # Keys that will always be encrypted for. These act as backup keys in case the
-      # master identities are somehow lost.
-      extraEncryptionPubkeys = [
-        "age1zd8wxnmgf04qcan9cvs0736valy8407f497fw9j0auwf072yadzqqdqsj9"
-      ];
-    };
-
-    secrets =
-      lib.attrsets.mapAttrs
-      (
-        name: secret: (
-          if builtins.isString secret
-          then {rekeyFile = self + "/secrets/${secret}";}
-          else secret // {rekeyFile = self + "/secrets/${secret.rekeyFile}";}
-        )
-      )
-      config.needs;
-  };
 }

modules/flake/default.nix

@@ -1,6 +1,7 @@
 {...}: {
   imports = [
     ./hosts.nix
+    ./homes.nix
     ./args.nix
     ./formatter.nix
     ./lib

modules/flake/homes.nix

@@ -0,0 +1,20 @@
+{inputs, ...}: let
+  inherit (inputs) self;
+
+  mkHome = user: host: {
+    imports = [
+      (self + "/configurations/home/${user}@${host}")
+      (self + "/modules/home")
+    ];
+  };
+in {
+  imports = [
+    inputs.home-manager.flakeModules.home-manager
+  ];
+
+  flake.homeConfigurations = {
+    "toph@endurance" = mkHome "toph" "endurance";
+    "toph@vasa" = mkHome "toph" "vasa";
+    "toph@aepplet" = mkHome "toph" "aepplet";
+  };
+}

modules/flake/hosts.nix

@@ -1,8 +1,22 @@
 {
-  self,
   inputs,
+  inputs',
   ...
-}: {
+}: let
+  inherit (inputs) self;
+
+  mkHost = host: config:
+    {
+      path = ../../configurations/nixos/${host};
+      deployable = true;
+
+      specialArgs = {
+        inherit inputs inputs';
+        hostname = host;
+      };
+    }
+    // config;
+in {
   imports = [inputs.easy-hosts.flakeModule];
 
   config.easy-hosts = {
@@ -17,20 +31,13 @@
     };
 
     hosts = {
-      endurance = {
+      endurance = mkHost "endurance" {};
-        path = ../../configurations/nixos/endurance;
-        class = "nixos";
-      };
 
-      vasa = {
+      aepplet = mkHost "aepplet" {};
-        path = ../../configurations/darwin/vasa;
+
+      vasa = mkHost "vasa" {
         class = "darwin";
       };
-
-      aepplet = {
-        path = ../../configurations/nixos/aepplet;
-        class = "nixos";
-      };
     };
   };
 }

modules/flake/lib/homes.nix

@@ -0,0 +1,13 @@
+{inputs, ...}: let
+  inherit (inputs) self;
+in {
+  mkHome = user: host: {
+    imports = [
+      inputs.home-manager.nixosModules.home-manager
+    ];
+
+    users.users.${user}.isNormalUser = true;
+
+    home-manager.users.${user} = inputs.self.homeConfigurations."${user}@${host}";
+  };
+}

modules/generic/default.nix

@@ -1,4 +1,6 @@
 {
+  # the `modules/generic` folder is generic only across nixos and darwin, not
+  # across home manager. home modules are in `modules/home`
   imports = [
     ./nix.nix
     ./profiles.nix

modules/generic/secrets.nix

@@ -2,6 +2,7 @@
   config,
   inputs',
   inputs,
+  hostname,
   pkgs,
   lib,
   self,
@@ -13,14 +14,12 @@ in {
   imports = [
     inputs.agenix.nixosModules.default
     inputs.agenix-rekey.nixosModules.default
-
-    # inputs.agenix.homeManagerModules.default
   ];
 
   options.bosun = {
     rekeyPath = mkOption {
       type = types.str;
-      default = config.networking.hostName;
+      default = hostname;
     };
 
     key = mkOption {

modules/home/default.nix

@@ -1,5 +1,8 @@
-{
+{...}: {
   imports = [
     ./secrets.nix
   ];
+
+  # no need to ever change this
+  home.stateVersion = "25.11";
 }

modules/home/secrets.nix

@@ -1,20 +1,24 @@
 {
-  inputs,
-  lib,
   config,
+  inputs,
+  hostname,
+  lib,
   ...
 }:
 with lib; let
+  inherit (inputs) self;
+
   cfg = config.bosun;
 in {
   imports = [
     inputs.agenix.homeManagerModules.default
-    # inputs.agenix-rekey.homeManagerModules.default
+    inputs.agenix-rekey.homeManagerModules.default
   ];
 
   options.bosun = {
     rekeyPath = mkOption {
       type = types.str;
+      default = hostname;
     };
 
     key = mkOption {
@@ -27,11 +31,44 @@ in {
     };
   };
 
-  config.age =
+  config = {
-    (lib.bosun.mkAgenixConfig inputs.self cfg)
+    age = {
-    // {
       identityPaths = ["${config.home.homeDirectory}/.ssh/key"];
       secretsDir = "${config.home.homeDirectory}/.local/share/agenix/agenix";
       secretsMountPoint = "${config.home.homeDirectory}/.local/share/agenix/agenix.d";
+
+      # general host setup
+      rekey = {
+        hostPubkey = cfg.key;
+
+        # See https://github.com/oddlama/agenix-rekey?tab=readme-ov-file#local
+        # for potential effects of this decision.
+        storageMode = "local";
+        localStorageDir = self + "/secrets/rekeyed/${cfg.rekeyPath}";
+
+        # Used to decrypt stored secrets for rekeying.
+        masterIdentities = [
+          (self + "/secrets/keys/master-identity.pub")
+        ];
+
+        # Keys that will always be encrypted for. These act as backup keys in
+        # case the master identities are somehow lost.
+        extraEncryptionPubkeys = [
+          "age1zd8wxnmgf04qcan9cvs0736valy8407f497fw9j0auwf072yadzqqdqsj9"
+        ];
+      };
+
+      # map all simplified secrets from `config.bosun.secrets` to their
+      # respective `config.age.secrets` mapping
+      secrets =
+        lib.attrsets.mapAttrs (
+          name: secret: (
+            if builtins.isString secret
+            then {rekeyFile = self + "/secrets/${secret}";}
+            else secret // {rekeyFile = self + "/secrets/${secret.rekeyFile}";}
+          )
+        )
+        cfg.secrets;
+    };
   };
 }

modules/nixos/users.nix

@@ -1,28 +1,27 @@
 {
   inputs,
-  config,
+  inputs',
   pkgs,
-  lib,
+  hostname,
   ...
-}: let
+}: {
-  cfg = config.elements;
+  imports = [
-in
+    inputs.home-manager.nixosModules.home-manager
-  with lib;
+  ];
-  with builtins; {
-    options = {
-      elements = {
-        users = mkOption {
-          type = types.listOf types.str;
-          default = [];
-        };
-      };
-    };
 
   config = {
     bosun.secrets.tophPassword = "toph-password.age";
 
     programs.fish.enable = true;
 
+    home-manager = {
+      users.toph = inputs.self.homeConfigurations."toph@${hostname}";
+
+      extraSpecialArgs = {
+        inherit inputs inputs' hostname;
+      };
+    };
+
     users = {
       users.toph = {
         isNormalUser = true;

packages/dedoc/default.nix

@@ -24,7 +24,7 @@ pkgs.rustPlatform.buildRustPackage rec {
     description = "Terminal based viewer for DevDocs";
     homepage = "https://github.com/toiletbril/dedoc";
     license = lib.licenses.gpl3Only;
-    maintainers = with lib.maintainers; [];
+    # maintainers = with lib.maintainers; [];
     mainProgram = "dedoc";
   };
 }