fix home-manager and misc changes

2024-11-07 14:17:25 +01:00 · 2024-11-07 14:17:25 +01:00 · 01f1e82284
commit 01f1e82284
parent dea19e0b3b
11 changed files with 237 additions and 46 deletions
--- a/.sops.yaml
+++ b/.sops.yaml
@ -0,0 +1,11 @@
+keys:
+  - users:
+    - &andreas age19j24x89dfh4f7v58c8k64yupqas4f7qkkyper7yj9dd7vqwvvq0qkyvhxk # generated using cli
+  - hosts:
+    - &th0nkpad-nixos age1ma8x6wugvc40mkst33mejq0m6r44jk6zwjjun3znyer5nztgn9vs0nwjx4 # derived from ssh host key
+creation_rules:
+ - path_regex: secrets.yaml$
+   key_groups:
+   - age:
+     - *andreas
+     - *th0nkpad-nixos
--- a/flake.lock
+++ b/flake.lock
@ -121,6 +121,26 @@
        "type": "github"
      }
    },
+    "home-manager": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1730837930,
+        "narHash": "sha256-0kZL4m+bKBJUBQse0HanewWO0g8hDdCvBhudzxgehqc=",
+        "owner": "nix-community",
+        "repo": "home-manager",
+        "rev": "2f607e07f3ac7e53541120536708e824acccfaa8",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "home-manager",
+        "type": "github"
+      }
+    },
    "nixos-cosmic": {
      "inputs": {
        "flake-compat": "flake-compat",
@ -262,6 +282,7 @@
    "root": {
      "inputs": {
        "game-of-life": "game-of-life",
+        "home-manager": "home-manager",
        "nixos-cosmic": "nixos-cosmic",
        "nixos-wsl": "nixos-wsl",
        "nixpkgs": "nixpkgs_4",
--- a/flake.nix
+++ b/flake.nix
@ -17,17 +17,22 @@
      url = "github:mic92/sops-nix";
      inputs.nixpkgs.follows = "nixpkgs";
    };
+    home-manager = {
+      url = "github:nix-community/home-manager";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
  };

-  outputs = inputs: let
-    lib = inputs.snowfall-lib.mkLib {
+  outputs = inputs:
+    let
+      lib = inputs.snowfall-lib.mkLib {
        inherit inputs;
        src = ./.;

        channels-config = {
          allowUnfree = true;
          allowUnfreePredicate = _: true;
-          permittedInsecurePackages = ["openssl-1.1.1w"];
+          permittedInsecurePackages = [ "openssl-1.1.1w" ];
        };

        # Configure Snowfall Lib, all of these settings are optional.
@ -55,7 +60,20 @@
      inherit inputs;
      src = ./.;

-      
+      nixos = with inputs; [
+        # disko.nixosModules.disko
+        # impermanence.nixosModules.impermanence
+        home-manager.nixosModules.home-manager
+        {
+          home-manager = {
+            useGlobalPkgs = true;
+            useUserPackages = true;
+          };
+        }
+        # nix-ld.nixosModules.nix-ld
+        # sops-nix.nixosModules.sops
+        # stylix.nixosModules.stylix
+      ];

      systems.modules.nixos = with inputs; [
        # my-input.nixosModules.my-module
--- a/homes/x86_64-linux/andreas@nixos-wsl/.gitkeep
+++ b/homes/x86_64-linux/andreas@nixos-wsl/.gitkeep
--- a/homes/x86_64-linux/andreas@nixos-wsl/default.nix
+++ b/homes/x86_64-linux/andreas@nixos-wsl/default.nix
@ -1,39 +0,0 @@
-{
-  config,
-  lib,
-  pkgs,
-  ...
-}: let
-  inherit (lib.mine) enabled;
-in {
-  imports = [
-    ../modules.nix
-  ];
-  mine.home = {
-    gui-apps = {
-      hexchat = enabled;
-    };
-    networking = enabled;
-    sops.secrets.deploy_ed25519 = {
-      mode = "0400";
-      path = "${config.home.homeDirectory}/.ssh/deploy_ed25519";
-    };
-    tui.neomutt.personalEmail = true;
-    personal-apps = enabled;
-    suites.laptop = enabled;
-    user.settings = {
-      stylix = {
-        fonts = {
-          terminalSize = 10.0;
-          waybarSize = 12;
-        };
-        image = ../../../systems/x86_64-linux/ironman-laptop/ffvii.jpg;
-      };
-      transparancy.terminalOpacity = 0.85;
-    };
-    waybar.resolution = 768;
-  };
-  home = {
-    packages = [pkgs.tochd];
-  };
-}
--- a/homes/x86_64-linux/andreas@th0nkpad-nixos/.gitkeep
+++ b/homes/x86_64-linux/andreas@th0nkpad-nixos/.gitkeep
--- a/homes/x86_64-linux/andreas@th0nkpad-nixos/default.nix
+++ b/homes/x86_64-linux/andreas@th0nkpad-nixos/default.nix
@ -0,0 +1,24 @@
+{ config
+, lib
+, pkgs
+, ...
+}:
+let
+  inherit (lib.my-namespace) enabled;
+in
+{
+  imports = [
+    # ../modules.nix
+  ];
+  my-namespace.home = {
+    stream-tools = enabled;
+    # networking = enabled;
+    # personal-apps = enabled;
+    # suites.laptop = enabled;
+  };
+  home = {
+    packages = [ 
+      pkgs.nil
+    ];
+  };
+}
--- a/modules/home/home/default.nix
+++ b/modules/home/home/default.nix
@ -0,0 +1,106 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}: let
+  inherit (lib) mkIf;
+  inherit (lib.mine) enabled;
+
+  imp = config.mine.home.impermanence.enable;
+in {
+  config = {
+    home = {
+      packages = with pkgs; [
+        dig
+        duf
+        du-dust
+        eltclsh
+        fzf
+        idracclient
+        inetutils
+        jq
+        neofetch
+        nerdfonts
+        nodejs_18
+        p7zip
+        poppler_utils
+        pv
+        qrencode
+        restic
+        rclone
+        ripgrep
+        switchssh
+        unzip
+        yq
+        zip
+      ];
+      sessionPath = ["$HOME/bin" "$HOME/.local/bin"];
+      shellAliases = {
+        # "df" = "duf -only local";
+        # "du" = "dust -xd1 --skip-total";
+        # # "ducks" = "du -chs * 2>/dev/null | sort -rh | head -11 && du -chs .* 2>/dev/null | sort -rh | head -11";
+        # "gmount" = "rclone mount google:/ ~/Drive/";
+        "df" = "df -h";
+        "nano" = "vim";
+      };
+      stateVersion = "24.05";
+    };
+    # manual = {
+    #   html.enable = false;
+    #   manpages.enable = false;
+    #   json.enable = false;
+    # };
+    programs = {
+      bash = {
+        enable = true;
+        enableCompletion = true;
+        enableVteIntegration = true;
+      };
+      dircolors = enabled;
+      direnv = {
+        enable = true;
+        enableBashIntegration = true;
+        nix-direnv = enabled;
+      };
+      gpg = {
+        enable = true;
+        settings = {
+          personal-cipher-preferences = "AES256 AES192 AES";
+          personal-digest-preferences = "SHA512 SHA384 SHA256";
+          personal-compress-preferences = "ZLIB BZIP2 ZIP Uncompressed";
+          default-preference-list = "SHA512 SHA384 SHA256 AES256 AES192 AES ZLIB BZIP2 ZIP Uncompressed";
+          cert-digest-algo = "SHA512";
+          s2k-digest-algo = "SHA512";
+          s2k-cipher-algo = "AES256";
+          charset = "utf-8";
+          fixed-list-mode = true;
+          no-comments = true;
+          no-emit-version = true;
+          no-greeting = true;
+          keyid-format = "0xlong";
+          list-options = "show-uid-validity";
+          verify-options = "show-uid-validity";
+          with-fingerprint = true;
+          require-cross-certification = true;
+          no-symkey-cache = true;
+          use-agent = true;
+          throw-keyids = true;
+        };
+      };
+      home-manager = enabled;
+    };
+    services = {
+      gpg-agent = {
+        enable = true;
+        enableScDaemon = true;
+        enableSshSupport = true;
+        extraConfig = ''
+          ttyname $GPG_TTY
+        '';
+        defaultCacheTtl = 10800;
+        maxCacheTtl = 21600;
+      };
+    };
+  };
+}
--- a/modules/home/stream-tools/default.nix
+++ b/modules/home/stream-tools/default.nix
@ -4,8 +4,8 @@
  lib,
  ...
 }: let
-  inherit (lib.my-namespace) mkEnableOption mkIf;
-  cfg = config.my-namespace.home.stream-tools;
+  inherit (lib) mkEnableOption mkIf;
+  cfg = config.mine.home.stream-tools;
 in {
  options.my-namespace.home.stream-tools = {
    enable = mkEnableOption "Enable the Stream Machine Tools";
--- a/secrets.yaml
+++ b/secrets.yaml
@ -0,0 +1,42 @@
+private-keys:
+    andreas: ENC[AES256_GCM,data:UMOMU5vd+kOvReBP+noCPopsP90uAx0UM5mLgsXX1obks3DvcW28yVpLR952CroDzUOYwpkQ+7MheBznZxVfG6+b36rzphIUyDXArix3c90mak+4fhkUFAxsAW2VeKzUTGEBIUiejtfW4sBaHoQVWpDBSLbGajB9GzBXspNR+J/nriD8xas9ZkvYvFM4BIKM5vFNQxCGUy44IyHffxtX9kHjboiSeIgK7Gj1hA4iC/byIBqTLzJOCBHQs3irs/CSbZgFR7MFuiqR2ZWVdJ1dKAr9fejd36muymsutVUDzTsq/P1Id0YlgnYVcpJxAMHKq8QEZu8yNLEzkr/QMxs5Z2Bu93CkiJDAGXJZvtipfLX0UtIkResCLBD40EKty8U2OnKwm4k3xzJoHRTZ3qVnJQGESYHTZHHumRRcDYJnQBL6iav50mG0KS0mfcoetoDTpQfxsi3OnLO7kjSP2fE8sSJRi363nfciBwH/TTf911HhD5ruOo3bQeryjtGN8Y+PAqvrILiIKPODvoRVqaka,iv:lvlaQwEzDpvdSjH6Z4NrzABifyVP5jyzERHP72CSbis=,tag:rmSINraNXFZElfFHZDqeeQ==,type:str]
+andreas-password: ENC[AES256_GCM,data:XBvfrBSrlKzpO9vgmwQYJshlJH1OCMrcdfYMvp32ZOFZSf4/GrM/FRaatS7to+0ZgJlLNt+npSK0nwV8NXvwgHgN8bsuDiL7KQ==,iv:lD0ruX5AVKVfdA0/vpeUAPf5cTSExyaF8VWebFkbXV8=,tag:nAuwEkHGtlEzu8Qbe0ECdA==,type:str]
+#ENC[AES256_GCM,data:aX2EVkOK7ivoDTzSMmonY64dU6mnRjE83sA3MFIPnzeJ5snZN8WY9PF1CmkDU/ZVB+j9Law=,iv:sPfVyBuGCyd/Y9Lw9cl0akA2IUE5/Yi5C07dh6Ioyu0=,tag:tOT5uHVdgYG+/E4ye0QcFg==,type:comment]
+#ENC[AES256_GCM,data:djH8vAA+TvvbA/Jsuvca7E4o6pYTfKGGdK4=,iv:5Dw0niDhi7P6P9XRz2qgSL3CxpiXBtIsekOMycroLrA=,tag:OSvPPgq0kV4JskrQ86Qp5A==,type:comment]
+#ENC[AES256_GCM,data:C1BstOPXnCf4Cr8UlanCegA=,iv:k9Me959xb6Weg/yArAIg5kWH36se/yyGWNQUu314uw0=,tag:x0bTh0bsYxbCX5GObsGI5g==,type:comment]
+#ENC[AES256_GCM,data:Q0vsUrzlOgDICeIxXtc=,iv:gR8sYrtE/v9GGDEO2nj/v5IHr9ycXhvv1VcB/dEH/FU=,tag:FBde9vkRM/drFtpTWfLcNg==,type:comment]
+#ENC[AES256_GCM,data:LoKuLBSze19z0U/45DBFt6aEJBs=,iv:Btk0sBgj8h5Qk5eYNwPHULuhPu0nXSXE2iR4UVFcBeA=,tag:S2I9HQkeo/jJboy44vrgCw==,type:comment]
+#ENC[AES256_GCM,data:wDZ6Ln5teASPxXPvQGRZCdBIvfY=,iv:Qnx32skeDMB21GwhXd5fImkHS+y+HUOdNvbMT2mpy6A=,tag:BKl04542M8rH6BpFERqHZg==,type:comment]
+#ENC[AES256_GCM,data:f+g7qdm8xf/wDhQqlnzIdmHhzfOG73VWfdw=,iv:/kDspwnXH7QfhzUuHATQTniLm/ZX6mo/QGxyQXdubcY=,tag:muoXeMNHb5vqm8IoC6Gl4A==,type:comment]
+#ENC[AES256_GCM,data:42kR+DANphdxNVWNlxePU8U=,iv:JeZgMtb7a+/7V5hruQIHio0Aj+ThpHZwajx10e0rqOA=,tag:Ln+7DFl6+aq4YLZ8GK9qOg==,type:comment]
+#ENC[AES256_GCM,data:DjK/fZDWEaa2BA==,iv:AnceR62V3OJrn5utgdffMcC+mWdxsUYMYn6454SVCsY=,tag:MRa8cDMEMGtBCxvqcKy/0Q==,type:comment]
+#ENC[AES256_GCM,data:jqzidzai+6ShhzM=,iv:PDjUgLaoFVxAWBLXfWkXRzBp5BuvGU7DCorRYY6dan0=,tag:dKa2O7n/jno/M5nzCzCD/w==,type:comment]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age19j24x89dfh4f7v58c8k64yupqas4f7qkkyper7yj9dd7vqwvvq0qkyvhxk
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBdGZlV3R4eW5FYS9HZGYr
+            N3VSR0tIbzUrL0RsUEw2NkZtUWcxVG55bEIwCjQ5U0Ztd1luUEQ2SEg4RHA2RWRK
+            K3dhN2liMDYyZElhbkZEUC9namhrc2MKLS0tIEhYTEYwQWduNkdKbGJQcTBRUWVG
+            aDMwR1I5NG13dUhwRXg1TXI4dG9nWXMKti+hv0+7/Rz0W22bToYs1/DFzoMllHpB
+            7uuVpUFDuC2D40ize0UX4rJ8Yo63lhJrRpsxIhzkP/vq+wMAFrKKLg==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1ma8x6wugvc40mkst33mejq0m6r44jk6zwjjun3znyer5nztgn9vs0nwjx4
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnK0dSTTVJWmt3aS91UmFm
+            Ui9zT3VpMlBybWJXOVdKdU5mTkprdU5WRm00CktHd2g4M1VldHhTQyszRTVTOUtt
+            Mld4a3lYSHF2SytIc0RjQ1RoODQvaE0KLS0tIGN3SlpMeTEvNktNSm5oT0dXRVFr
+            UmZrTXhyM2hYWW1kY05xa01PM1MzUDAK67AkP1XE445RXbVxcksRXL7MYHFjLPLV
+            ITL404AabakBeOX9yixwymzkD1BbUYEdW6N28ntqdH5cZZfVteYdMA==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2024-11-07T10:47:23Z"
+    mac: ENC[AES256_GCM,data:zqkbmx7XIHQnOVkozPLiBzsNhACbGwvWiFcFlEHhlyEeQ7rvltLlUlgivb7aawwG1RuxCwshHwLfuKRQ/iGJcXjFO4UM5VER6CAA/88UrpgXW8VBw8iuchr+Y58lu0s+98fj7VffcuWjhJ1AYvBxFaTZA6DjxFjv3l1Gyxtw6kM=,iv:XG9Qb61INy1OJZjI3cDbY9fswLqf8+QvcUMrmtKGtuQ=,tag:+JacTF/+qU+j/cm8Wn1c8g==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.9.1
--- a/systems/x86_64-linux/th0nkpad-nixos/default.nix
+++ b/systems/x86_64-linux/th0nkpad-nixos/default.nix
@ -54,7 +54,7 @@ in
          #  thunderbird
        ];
      };
-      lib.my-namespace.home.stream-tools.enable = true;
+      # lib.my-namespace.home.stream-tools.enable = true;


      # Open ports in the firewall.
@ -91,10 +91,18 @@ in
          flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo
        '';
      };
+
+      services.openssh = {
+        enable = true;
+        passwordAuthentication = true;
+      };
+
+
      # services.xrdp.enable = true;
      # services.xrdp.defaultWindowManager = "${pkgs.gnome-session}/bin/gnome-session";
      # services.xrdp.openFirewall = true;

+
      # Disable the GNOME3/GDM auto-suspend feature that cannot be disabled in GUI!
      # If no user is logged in, the machine will power down after 20 minutes.
      systemd.targets.sleep.enable = false;