include home manager config

2026-01-05 15:44:40 +01:00 · 2026-01-05 15:44:40 +01:00 · 7eb51e9bbc
commit 7eb51e9bbc
parent 8659920787
20 changed files with 176 additions and 145 deletions
--- a/configurations/home/toph@endurance/config/cron.nix
+++ b/configurations/home/toph@endurance/config/cron.nix
@ -46,6 +46,8 @@
    text = bin;
  };
 in {
  bosun.secrets.repoUpdatePAT = "repo-update-pat.age";
  systemd.user.timers."update-hausgold-github" = {
    Install.WantedBy = ["timers.target"];
    Timer = {
--- a/configurations/home/toph@endurance/config/dev.nix
+++ b/configurations/home/toph@endurance/config/dev.nix
@ -1,4 +1,8 @@
-{pkgs, ...}: {
+{
  pkgs,
  config,
  ...
 }: {
  home.packages = with pkgs; [
    # Editors
    jetbrains-toolbox # Installer for JetBrains IDEs
@ -46,6 +50,11 @@
    nodejs_20.pkgs.pnpm
  ];
  bosun.secrets.npmrc = {
    rekeyFile = "npmrc.age";
    path = "${config.home.homeDirectory}/.npmrc";
  };
  programs = {
    go.enable = true;
--- a/configurations/home/toph@endurance/default.nix
+++ b/configurations/home/toph@endurance/default.nix
@ -1,14 +1,14 @@
 {
  pkgs,
  config,
  lib,
  inputs,
  ...
 } @ all: {
  bosun.key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHl33DPxxzxrNNjM8rL4ktAj4ExzCyGiU8rKog0csxNA";
  imports =
    [
      # inputs.ovos.homeManagerModules.default
-
+      ./gaming.nix
      ./ssh.nix
      ./email.nix
      ./gpg
@ -17,30 +17,14 @@
      ./default-applications.nix
      ./misc/launcher.nix
      ./misc/browser.nix
      ./misc/gaming.nix
      ./misc/onedrive.nix
      ./misc/creativity.nix
      ./misc/recording.nix
      ./misc/everything.nix # TODO: Determine if we really always want all these programs or they should be composable
      ./global/current-packages.nix
    ]
    ++ (import ./config.nix all);
-  elements.secrets = {
+  #.kitty.enable = true;
    rekeyPath = "christopher_cobalt";
    key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHl33DPxxzxrNNjM8rL4ktAj4ExzCyGiU8rKog0csxNA";
    needs = {
      repoUpdatePAT = "repo-update-pat.age";
      emailPassword = "email-password.age";
      npmrc = {
        rekeyFile = "npmrc.age";
        path = "${config.home.homeDirectory}/.npmrc";
      };
    };
  };
  elements.kitty.enable = true;
  services = {
    activitywatch = {
--- a/configurations/home/toph@endurance/email.nix
+++ b/configurations/home/toph@endurance/email.nix
@ -11,6 +11,8 @@
    passwordCommand = "cat ${config.age.secrets.emailPassword.path}";
  };
 in {
  bosun.secrets.emailPassword = "email-password.age";
  programs = {
    # TODO: Move this into its own file
    irssi = {
--- a/configurations/home/toph@endurance/misc/gaming.nix
+++ b/configurations/home/toph@endurance/misc/gaming.nix
--- a/configurations/home/toph@endurance/global/current-packages.nix
+++ b/configurations/home/toph@endurance/global/current-packages.nix
@ -1,12 +0,0 @@
 {
  config,
  pkgs,
  ...
 }: {
  home.file.".cache/current-home-manager-packages".text = let
    packages = builtins.map (p: "${p.name}") config.home.packages;
    sortedUnique = builtins.sort builtins.lessThan (pkgs.lib.lists.unique packages);
    formatted = builtins.concatStringsSep "\n" sortedUnique;
  in
    formatted;
 }
--- a/configurations/home/toph@endurance/misc/recording.nix
+++ b/configurations/home/toph@endurance/misc/recording.nix
@ -14,13 +14,13 @@
  programs.firefox.profiles."streaming" = {
    id = 2;
    settings = {};
-    extensions.packages = with pkgs.nur.repos.rycee.firefox-addons; [
+    # extensions.packages = with inputs'.nur.packages.repos.rycee.firefox-addons; [
-      kagi-search
+    #   kagi-search
-      kagi-privacy-pass
+    #   kagi-privacy-pass
-      ublock-origin
+    #   ublock-origin
-      # dark-reader
+    #   # dark-reader
-      tree-style-tab
+    #   tree-style-tab
-    ];
+    # ];
    search = {
      force = true;
--- a/configurations/home/toph@endurance/ssh.nix
+++ b/configurations/home/toph@endurance/ssh.nix
@ -10,10 +10,10 @@
    "id_github"
    "id_hausgold"
    "id_homeassistant"
-    "id_rhenium"
+    "id_alvin"
  ];
 in {
-  elements.secrets.needs = builtins.listToAttrs (
+  bosun.secrets = builtins.listToAttrs (
    builtins.map
    (key:
      lib.attrsets.nameValuePair key {
--- a/flake.nix
+++ b/flake.nix
@ -70,7 +70,11 @@
    };
  };
-  outputs = inputs @ {flake-parts, ...}:
+  outputs = inputs @ {
    flake-parts,
    nixpkgs,
    ...
  }:
    flake-parts.lib.mkFlake {inherit inputs;} (top @ {
      config,
      withSystem,
@ -79,7 +83,6 @@
    }: {
      imports = [
        inputs.agenix-rekey.flakeModules.default
        inputs.home-manager.flakeModules.home-manager
        ./modules/flake
      ];
    });
--- a/lib/default.nix
+++ b/lib/default.nix
@ -2,8 +2,6 @@
  rootPath = ./..;
  secret = name: ./../secrets/${name};
  commonHomeModule = module: ./../homes/common + "/${module}";
  fixture = path: ./../fixtures + "/${path}";
  writeNushellApplication = import ./writeNushellApplication.nix {inherit lib;};
  # Determines the file location of the passed in attr set (e.g. `{ sep = "#"; })
@ -13,40 +11,4 @@
    ref = builtins.unsafeGetAttrPos "sep" attrs;
  in
    "${sep} ${ref.file}:${builtins.toString ref.line}\n" + str;
  enabled = {enable = true;};
  disabled = {enable = false;};
  agenixRekeyConfig = self: config: {
    rekey = {
      hostPubkey = config.key;
      # See https://github.com/oddlama/agenix-rekey?tab=readme-ov-file#local for
      # potential effects of this decision.
      storageMode = "local";
      localStorageDir = self + "/secrets/rekeyed/${config.rekeyPath}";
      # Used to decrypt stored secrets for rekeying.
      masterIdentities = [
        (self + "/secrets/keys/master-identity.pub")
      ];
      # Keys that will always be encrypted for. These act as backup keys in case the
      # master identities are somehow lost.
      extraEncryptionPubkeys = [
        "age1zd8wxnmgf04qcan9cvs0736valy8407f497fw9j0auwf072yadzqqdqsj9"
      ];
    };
    secrets =
      lib.attrsets.mapAttrs
      (
        name: secret: (
          if builtins.isString secret
          then {rekeyFile = self + "/secrets/${secret}";}
          else secret // {rekeyFile = self + "/secrets/${secret.rekeyFile}";}
        )
      )
      config.needs;
  };
 }
--- a/modules/flake/default.nix
+++ b/modules/flake/default.nix
@ -1,6 +1,7 @@
 {...}: {
  imports = [
    ./hosts.nix
    ./homes.nix
    ./args.nix
    ./formatter.nix
    ./lib
--- a/modules/flake/homes.nix
+++ b/modules/flake/homes.nix
@ -0,0 +1,20 @@
 {inputs, ...}: let
  inherit (inputs) self;
  mkHome = user: host: {
    imports = [
      (self + "/configurations/home/${user}@${host}")
      (self + "/modules/home")
    ];
  };
 in {
  imports = [
    inputs.home-manager.flakeModules.home-manager
  ];
  flake.homeConfigurations = {
    "toph@endurance" = mkHome "toph" "endurance";
    "toph@vasa" = mkHome "toph" "vasa";
    "toph@aepplet" = mkHome "toph" "aepplet";
  };
 }
--- a/modules/flake/hosts.nix
+++ b/modules/flake/hosts.nix
@ -1,8 +1,22 @@
 {
  self,
  inputs,
  inputs',
  ...
-}: {
+}: let
  inherit (inputs) self;
  mkHost = host: config:
    {
      path = ../../configurations/nixos/${host};
      deployable = true;
      specialArgs = {
        inherit inputs inputs';
        hostname = host;
      };
    }
    // config;
 in {
  imports = [inputs.easy-hosts.flakeModule];
  config.easy-hosts = {
@ -17,20 +31,13 @@
    };
    hosts = {
-      endurance = {
+      endurance = mkHost "endurance" {};
        path = ../../configurations/nixos/endurance;
        class = "nixos";
      };
-      vasa = {
+      aepplet = mkHost "aepplet" {};
-        path = ../../configurations/darwin/vasa;
+
      vasa = mkHost "vasa" {
        class = "darwin";
      };
      aepplet = {
        path = ../../configurations/nixos/aepplet;
        class = "nixos";
      };
    };
  };
 }
--- a/modules/flake/lib/homes.nix
+++ b/modules/flake/lib/homes.nix
@ -0,0 +1,13 @@
 {inputs, ...}: let
  inherit (inputs) self;
 in {
  mkHome = user: host: {
    imports = [
      inputs.home-manager.nixosModules.home-manager
    ];
    users.users.${user}.isNormalUser = true;
    home-manager.users.${user} = inputs.self.homeConfigurations."${user}@${host}";
  };
 }
--- a/modules/generic/default.nix
+++ b/modules/generic/default.nix
@ -1,4 +1,6 @@
 {
  # the `modules/generic` folder is generic only across nixos and darwin, not
  # across home manager. home modules are in `modules/home`
  imports = [
    ./nix.nix
    ./profiles.nix
--- a/modules/generic/secrets.nix
+++ b/modules/generic/secrets.nix
@ -2,6 +2,7 @@
  config,
  inputs',
  inputs,
  hostname,
  pkgs,
  lib,
  self,
@ -13,14 +14,12 @@ in {
  imports = [
    inputs.agenix.nixosModules.default
    inputs.agenix-rekey.nixosModules.default
    # inputs.agenix.homeManagerModules.default
  ];
  options.bosun = {
    rekeyPath = mkOption {
      type = types.str;
-      default = config.networking.hostName;
+      default = hostname;
    };
    key = mkOption {
--- a/modules/home/default.nix
+++ b/modules/home/default.nix
@ -1,5 +1,8 @@
-{
+{...}: {
  imports = [
    ./secrets.nix
  ];
  # no need to ever change this
  home.stateVersion = "25.11";
 }
--- a/modules/home/secrets.nix
+++ b/modules/home/secrets.nix
@ -1,20 +1,24 @@
 {
  inputs,
  lib,
  config,
  inputs,
  hostname,
  lib,
  ...
 }:
 with lib; let
  inherit (inputs) self;
  cfg = config.bosun;
 in {
  imports = [
    inputs.agenix.homeManagerModules.default
-    # inputs.agenix-rekey.homeManagerModules.default
+    inputs.agenix-rekey.homeManagerModules.default
  ];
  options.bosun = {
    rekeyPath = mkOption {
      type = types.str;
      default = hostname;
    };
    key = mkOption {
@ -27,11 +31,44 @@ in {
    };
  };
-  config.age =
+  config = {
-    (lib.bosun.mkAgenixConfig inputs.self cfg)
+    age = {
    // {
      identityPaths = ["${config.home.homeDirectory}/.ssh/key"];
      secretsDir = "${config.home.homeDirectory}/.local/share/agenix/agenix";
      secretsMountPoint = "${config.home.homeDirectory}/.local/share/agenix/agenix.d";
      # general host setup
      rekey = {
        hostPubkey = cfg.key;
        # See https://github.com/oddlama/agenix-rekey?tab=readme-ov-file#local
        # for potential effects of this decision.
        storageMode = "local";
        localStorageDir = self + "/secrets/rekeyed/${cfg.rekeyPath}";
        # Used to decrypt stored secrets for rekeying.
        masterIdentities = [
          (self + "/secrets/keys/master-identity.pub")
        ];
        # Keys that will always be encrypted for. These act as backup keys in
        # case the master identities are somehow lost.
        extraEncryptionPubkeys = [
          "age1zd8wxnmgf04qcan9cvs0736valy8407f497fw9j0auwf072yadzqqdqsj9"
        ];
      };
      # map all simplified secrets from `config.bosun.secrets` to their
      # respective `config.age.secrets` mapping
      secrets =
        lib.attrsets.mapAttrs (
          name: secret: (
            if builtins.isString secret
            then {rekeyFile = self + "/secrets/${secret}";}
            else secret // {rekeyFile = self + "/secrets/${secret.rekeyFile}";}
          )
        )
        cfg.secrets;
    };
  };
 }
--- a/modules/nixos/users.nix
+++ b/modules/nixos/users.nix
@ -1,51 +1,50 @@
 {
  inputs,
-  config,
+  inputs',
  pkgs,
-  lib,
+  hostname,
  ...
-}: let
+}: {
-  cfg = config.elements;
+  imports = [
-in
+    inputs.home-manager.nixosModules.home-manager
-  with lib;
+  ];
-  with builtins; {
+
-    options = {
+  config = {
-      elements = {
+    bosun.secrets.tophPassword = "toph-password.age";
-        users = mkOption {
+
-          type = types.listOf types.str;
+    programs.fish.enable = true;
-          default = [];
+
-        };
+    home-manager = {
      users.toph = inputs.self.homeConfigurations."toph@${hostname}";
      extraSpecialArgs = {
        inherit inputs inputs' hostname;
      };
    };
-    config = {
+    users = {
-      bosun.secrets.tophPassword = "toph-password.age";
+      users.toph = {
        isNormalUser = true;
        # hashedPasswordFile = config.age.secrets.tophPassword.path;
        shell = pkgs.fish;
-      programs.fish.enable = true;
+        extraGroups = [
          "wheel"
          "docker"
          "dialout"
          "uinput"
          "pico"
        ];
-      users = {
+        openssh.authorizedKeys.keys = [
-        users.toph = {
+          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBEqcR3f71g7yuxQtUewrqdoEh8jDHtkB1973GF0EQ6q christopher@all"
-          isNormalUser = true;
+        ];
-          # hashedPasswordFile = config.age.secrets.tophPassword.path;
+      };
          shell = pkgs.fish;
-          extraGroups = [
+      groups.toph = {
-            "wheel"
+        members = ["toph"];
-            "docker"
+        gid = 1000;
            "dialout"
            "uinput"
            "pico"
          ];
          openssh.authorizedKeys.keys = [
            "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBEqcR3f71g7yuxQtUewrqdoEh8jDHtkB1973GF0EQ6q christopher@all"
          ];
        };
        groups.toph = {
          members = ["toph"];
          gid = 1000;
        };
      };
    };
-  }
+  };
 }
--- a/packages/dedoc/default.nix
+++ b/packages/dedoc/default.nix
@ -24,7 +24,7 @@ pkgs.rustPlatform.buildRustPackage rec {
    description = "Terminal based viewer for DevDocs";
    homepage = "https://github.com/toiletbril/dedoc";
    license = lib.licenses.gpl3Only;
-    maintainers = with lib.maintainers; [];
+    # maintainers = with lib.maintainers; [];
    mainProgram = "dedoc";
  };
 }