sorry but this ones just lots of shit

2025-10-17 03:10:20 -05:00
parent 26d060e672
commit f5f1ad4580
10 changed files with 345 additions and 234 deletions
--- a/modules/system/nvidia/default.nix
+++ b/modules/system/nvidia/default.nix
@@ -1,15 +1,16 @@
-{ pkgs, config, lib, ... }:
-
-let
-  cfg = config.system.nvidia;
-in
 {
+  pkgs,
+  config,
+  lib,
+  ...
+}: let
+  cfg = config.system.nvidia;
+in {
  options.system.nvidia = {
    enable = lib.mkEnableOption "enables nvidia";
  };

  config = lib.mkIf cfg.enable {
-
    services.xserver.videoDrivers = ["nvidia"];
    boot.kernelModules = ["nvidia" "nvidia_modeset" "nvidia_uvm" "nvidia_drm"];
    #      boot.kernelModules = [ "nvidia" ];
@@ -32,6 +33,5 @@ in
    hardware.nvidia-container-toolkit.enable = true;
    virtualisation.docker.daemon.settings.features.cdi = true;
    virtualisation.docker.rootless.daemon.settings.features.cdi = true;
-
  };
 }
--- a/modules/system/podman/default.nix
+++ b/modules/system/podman/default.nix
@@ -1,15 +1,16 @@
-{ pkgs, config, lib, ... }:
-
-let
-  cfg = config.system.podman;
-in
 {
+  pkgs,
+  config,
+  lib,
+  ...
+}: let
+  cfg = config.system.podman;
+in {
  options.system.podman = {
    enable = lib.mkEnableOption "enables podman";
  };

  config = lib.mkIf cfg.enable {
-
    # install the binary for compose
    environment.systemPackages = with pkgs; [podman-compose];

--- a/modules/system/sops/default.nix
+++ b/modules/system/sops/default.nix
@@ -1,9 +1,12 @@
-{ pkgs, config, lib, inputs, ... }:
-
-let
-  cfg = config.system.sops;
-in
 {
+  pkgs,
+  config,
+  lib,
+  inputs,
+  ...
+}: let
+  cfg = config.system.sops;
+in {
  imports = [inputs.sops-nix.nixosModules.sops];

  options.system.sops = {
@@ -15,7 +18,6 @@ in
    sops = {
      defaultSopsFile = ../../../secrets/secrets.yaml;
      defaultSopsFormat = "yaml";
-#      age.keyFile = "/home/blake/.config/sops/age/keys.txt";
      age.keyFile = "/etc/sops/keys.txt";

      secrets = {
--- a/modules/system/yubikey/default.nix
+++ b/modules/system/yubikey/default.nix
@@ -4,14 +4,24 @@
  lib,
  ...
 }:
+/*
+# to enroll a yubikey (works like .ssh/known_hosts)
+nix-shell -p pam_u2f
+mkdir -p ~/.config/Yubico
+pamu2fcfg > ~/.config/Yubico/u2f_keys
+pamu2fcfg -n >> ~/.config/Yubico/u2f_keys (to add additional yubikeys)

+# to test auth with pam
+nix-shell -p pamtester
+pamtester login <username> authenticate
+pamtester sudo <username> authenticate
+*/
 let
  service = "yubikey";
  cfg = config.system.${service};
  sec = config.sops.secrets;
  homelab = config.homelab;
-in
-{
+in {
  options.system.${service} = {
    enable = lib.mkEnableOption "enables ${service}";
    mode = lib.mkOption {
@@ -27,7 +37,6 @@ in
  };

  config = lib.mkIf cfg.enable {
-
    security.pam.services = lib.mkIf (cfg.mode == "u2f") {
      login.u2fAuth = true;
      sudo.u2fAuth = true;
@@ -48,7 +57,5 @@ in
       ENV{ID_VENDOR}=="Yubico",\
       RUN+="${pkgs.systemd}/bin/loginctl lock-sessions"
    '';
-
  };
-
 }
--- a/secrets/secrets.yaml
+++ b/secrets/secrets.yaml
@@ -1,5 +1,7 @@
 #ENC[AES256_GCM,data:b7E2U/jRfXEKulR/Pba0L4Aucy3MSUPj2BU=,iv:+KC+vfB2z2AIiPr5uIC4Pbfgc44GOs6SVRZW1v80hUE=,tag:kkn3UfJwdgxYERmfiMUmjw==,type:comment]
 blake_passwd: ENC[AES256_GCM,data:AfFql6/ghGhCDLOb4+QuAsDznz4hC4ilxZYCIH2sgBWX9tWXsUOgFw1k7CIhDoXIehz6YlTy0czekXPCqHL5gmIKRQTowU4svocw/Bl/Qz5CQ58RASB6YpnzOKTrwX7HCnu/ghpdMrcy2A==,iv:hMAkLcHjP0hiyCY4rhMU0Ae7jdYPa6MffEd2WGolbEo=,tag:p/6xmD8Te1RnFkp0zWw+ew==,type:str]
+#ENC[AES256_GCM,data:0HBVS2AYQ2VZXY4EbMLwiSjRNyWZ57bf,iv:20SLWXpbRTLk76g5mFrhg1Z9Qasv3NoSJbK/FOiIgtk=,tag:DbUffQwrDqzy2QO64uoUeg==,type:comment]
+klefki_auth_mapping: ENC[AES256_GCM,data:pvQEdxtj,iv:7IyAbt6yXfp2UBrZooRAT/9/E8c4+HCm5t+F5U2Lqzk=,tag:RcS/aWHSheMvLz3QhhCPxw==,type:str]
 #ENC[AES256_GCM,data:ZxHtUSuOy19M0EKoT5xltFiqRg==,iv:72PJL2eG68VC4wiJFo6wL0l7AaDIsge8l/D/ZlLOWWA=,tag:Q16ztObK2AnbCCS5mRgjtA==,type:comment]
 tailscale_authkey: ENC[AES256_GCM,data:SU0k3asrJd+WZ86VbC4w8TDJp+MqsbyagrzCfDcgTzO5yvBjpWAKbJ7A+VxgQvdu4+S2jMYbdrONPp3YbQ==,iv:VMYmGVk5GpUQApKKQYhdOw/cYCXrXxEZJJwHfQL4MjQ=,tag:7ruaoCDxuFQ7tE/JLJ37Xw==,type:str]
 #ENC[AES256_GCM,data:bEbCic+ZDAA5ieNedCbiVbJrse17,iv:UwRYlis6NPB/RUcv+YnPxrGdbIcF4hrNiZt19YvWZNQ=,tag:m6PVlzPNnahX7X7KzMUj7A==,type:comment]
@@ -45,7 +47,7 @@ sops:
            U0tmdFBuZnJES3piOTZNV0VKQmQ0eVUKCWRQ/flLzmpC64WyLoipklZBmrkpYiUg
            PRu+itNolpPTHm96pe+P93g2iP0wgekG0cX21wkiU2xaLF3dY2FEIA==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-10-16T05:02:49Z"
-    mac: ENC[AES256_GCM,data:IU3J61qH0zCeSSrCdIdhrZ0IVl4F6AdhQ6enJl652PBNauqyNb+6ph+RnKbTVa6f1yDI1v75YHQmGgeZjOW7OWLH91rOwP0CsH59j1xeoLA1vWsUFNbEHnYowdcBb+tz4i6FMR2u4Nb5dLlOqKm2Xi3IT8ZPo1JDb7KB868jQ+4=,iv:yWxX1zFXG/FwnRoe3+7z9bAUu8qnM4M6w7KNfKHS3DQ=,tag:gmpZK3azAopujGlaBwnYnQ==,type:str]
+    lastmodified: "2025-10-17T02:56:39Z"
+    mac: ENC[AES256_GCM,data:vs3SAec+USFLUkmsV3OBjVT5V5XwG/sqD2pMK5fDaUm0vTwk5nQsqNZz+uEG6DakG+xXJdyMfXTp2pBVPuuRkZhplIXtt1Pb2ExSqprmyN5O0jFGpNCMZq4pq6BqvM0fjdz6T3BXRhmJ3Z7e35/hn/8CJGYanNX5Ybb+0Ugx5Gg=,iv:PLw22dGgd3auwrSNvuD9Ur4+j9dNR1Of6w7dtQZLoYQ=,tag:u8OHCs6Xlrt+2sGK1NWQZA==,type:str]
    unencrypted_suffix: _unencrypted
    version: 3.11.0
--- a/users/blake/default.nix
+++ b/users/blake/default.nix
@@ -37,4 +37,17 @@

  nix.settings.trusted-users = ["blake"];
  programs.zsh.enable = true;
+
+
+  sops.secrets = {
+    "blake_passwd" =  { 
+      owner = "root";
+      group = "root";
+      neededForUsers = true;
+    };
+    "klefki_auth_map" =  { 
+      owner = "blake";
+      group = "blake";
+    };
+  };
 }
--- a/users/blake/dots/kitty/default.nix
+++ b/users/blake/dots/kitty/default.nix
@@ -0,0 +1,33 @@
+{
+  pkgs,
+  lib,
+  config,
+  ...
+}: {
+  programs.kitty = {
+    enable = true;
+    enableZshIntegration = true;
+    enableGitIntegration = true;
+    #darwinLaunchOptions = [""];
+    settings = {
+      dynamic_background_opacity = "no";
+      confirm_os_window_close = "0";
+      shell_integration = "enabled";
+      cursor = "#d0d0d0";
+      cursor_shape = "beam";
+      cursor_beam_thickness = 2.5;
+      foreground = "#dddddd";
+      background = "#2F1730Q";
+      background_opacity = 0.9;
+      selection_foreground = "none";
+      selection_background = "none";
+      term = "xterm-256color";
+    };
+    #    font = {
+    #      package = ;
+    #      name = ;
+    #      size = 12;
+    #    };
+  };
+
+}
--- a/users/blake/dots/neovim/default.nix
+++ b/users/blake/dots/neovim/default.nix
@@ -4,11 +4,15 @@
  lib,
  inputs,
  ...
-}:
-{
-  imports = [
-    inputs.nvf.homeManagerModules.default
-  ];
+}: let
+  cfg = config.blake.nvf;
+in {
+  options.blake.nvf = {
+    enable = lib.mkEnableOption;
+  };
+
+  config = lib.mkIf cfg.enable {
+    imports = [inputs.nvf.homeManagerModules.default];

    programs.nvf = {
      enable = true;
@@ -180,7 +184,7 @@
            markdown.enable = true;
            rust.enable = true;
            lua.enable = true;
-
+          };
        };
      };
    };
--- a/users/blake/home.nix
+++ b/users/blake/home.nix
@@ -4,8 +4,14 @@
  pkgs,
  inputs,
  ...
-}: {
-  imports = [
+}: let
+  
+  # general config
+  linux_home = {
+    username = "blake";
+    homeDirectory = "/home/blake";
+  };
+  linux_imports = [
    inputs.sops-nix.homeManagerModules.sops
    ./dots/neovim
    ./dots/lf
@@ -15,14 +21,28 @@
    ./dots/git
    ./dots/xdg
  ];
+  darwin_home = {
+    username = "blake";
+    homeDirectory = "/home/blake";
+  };
+  darwin_imports = [
+    inputs.sops-nix.homeManagerModules.sops
+    ./dots/neovim
+    ./dots/lf
+    ./dots/zsh
+    ./dots/ssh
+    ./dots/gpg
+    ./dots/git
+  ];
+in
+{
+  imports = if pkgs.system == "x86_64-darwin" then darwin_imports else linux_imports;

  # general config
-  home.username = "blake";
-  home.homeDirectory = "/home/blake";
-  home.stateVersion = "25.05";
-
-  # general packages
-  home.packages = with pkgs; [
+  home = (if pkgs.system == "x86_64-darwin" then darwin_home else linux_home) // {
+    # cross party general packages here : )
+    stateVersion = "25.05";
+    packages = with pkgs; [
      ripgrep
      btop
      p7zip
@@ -30,12 +50,14 @@
      sops
      usbutils
    ];
+  };

-  # for macos
+  # needed for macos, linux don't mind
  programs.home-manager.enable = true;

+  # set up seperate key file just for me 
  sops = {
-    defaultSopsFile = ../../secrets/secrets.yaml;
+    defaultSopsFile = ./secrets/secrets.yaml;
    defaultSopsFormat = "yaml";
    age.keyFile = "/home/blake/.config/sops/age/keys.txt";
  };
--- a/users/blake/secrets/secrets.yaml
+++ b/users/blake/secrets/secrets.yaml
@@ -0,0 +1,27 @@
+#ENC[AES256_GCM,data:3JeFFtzO7nuVZmzPcLsP7h12BKbnyOb9/A==,iv:V6gzwAze1FVjmpf1dD8CqQpUpO9CqWfj+nHImXgz+Zw=,tag:iT6zE2X7DQmIT9d4Ds4XiA==,type:comment]
+blake_passwd: ENC[AES256_GCM,data:AfFql6/ghGhCDLOb4+QuAsDznz4hC4ilxZYCIH2sgBWX9tWXsUOgFw1k7CIhDoXIehz6YlTy0czekXPCqHL5gmIKRQTowU4svocw/Bl/Qz5CQ58RASB6YpnzOKTrwX7HCnu/ghpdMrcy2A==,iv:hMAkLcHjP0hiyCY4rhMU0Ae7jdYPa6MffEd2WGolbEo=,tag:p/6xmD8Te1RnFkp0zWw+ew==,type:str]
+#ENC[AES256_GCM,data:0HBVS2AYQ2VZXY4EbMLwiSjRNyWZ57bf,iv:20SLWXpbRTLk76g5mFrhg1Z9Qasv3NoSJbK/FOiIgtk=,tag:DbUffQwrDqzy2QO64uoUeg==,type:comment]
+klefki_auth_map: ENC[AES256_GCM,data:eQ==,iv:DwWh1mhnM4EcYW3XtryDJSq1kIGwDKgekN8+FQqDhoE=,tag:oMCQkNDnIYJZeNZxrRGB5w==,type:str]
+#ENC[AES256_GCM,data:bEbCic+ZDAA5ieNedCbiVbJrse17,iv:UwRYlis6NPB/RUcv+YnPxrGdbIcF4hrNiZt19YvWZNQ=,tag:m6PVlzPNnahX7X7KzMUj7A==,type:comment]
+borg_passwd: ENC[AES256_GCM,data:XOMJtr+DRs7xn5Iclc49iTzK9cFJyc/fSXJjhdKa9jdN,iv:YB8z7zNYjh6NpSxQb1TfPxAYUdzThdVfNZIe6tO5grA=,tag:bO6kZ3cLJDL4IQoWmGvRdg==,type:str]
+#ENC[AES256_GCM,data:ozhgyE+IyqR10KT8vI9x,iv:+ZOTucRlCZRQ9ZbxZgySPMOJ/qU4gXbhSyLAMgt4QMs=,tag:mQ3X+dqCet1Yk1gZ5pZ5gw==,type:comment]
+id_snowbelle.pub: ENC[AES256_GCM,data:q4sOB8/SpcD36uE/+8OlE+vUZ1bO2RTDeVyyWK/PH89DTFBIfyAfyAzIJuw/Q9S8fNEGn4PqrNtP90wIPj85VQ7AlJzS2xSonp3D+ZHqUzLO1hN2ePnmme46KhVSJR3i,iv:T1CUXPUtwUqpivpitRSx4/lYoRleX65vrf6IOJQFXYg=,tag:eQP+jFWGZzambEwNvIx+HQ==,type:str]
+#ENC[AES256_GCM,data:7V0L0832xewUXU8/Bq469w==,iv:9bCzEpUcNx6qnCMomFweXgYmWwSMzdffDikjA22xu6E=,tag:F4S80e/EPXA0tS20KFRbXw==,type:comment]
+id_snowbelle: ENC[AES256_GCM,data:MAw5R2fqVIctN7fB/d3hfCU7W3sxvuy2O3w3n0vD8FxK1DAhqoROlVv04joV1a+U1hof57TYc1cN2ng9BRWxadc8ZIpWakokZYVI0dUG05/hPMyxctWPkOiDd5909aaNUFC2G+Y/VrgAemyrB+AlQgokV0U3fiz+qjg055fzO7ypaeM8okON6rBnigfwetmSm60MxpdYrVlxVaniDVvKKUYZjpHU8SZ+TYj6Jmm/bVuKWOJ2DXZbmM0CeKeIgnA9HML1wSXojMv2IMGulxq5mmdaiiJTPoL1q17OA5zZkkVW3Dx1y6SbEeBAQTPG32RHseAxXK6qdU6lftRQZKyivuyjdCVfBBw/VzqTxbWjSXXsjDdK/Ti09051w6znA1uvRX65XsOq6zPKt4BNwR+yMDF+xR9AElBTHES/TDf7TRc5YDyovlH2PhGNg12Coy3zfb6WESLyaz3/GYZxF0IjvBnDkN65CRjstut0CgKXcWY8x+CuKVysU+U4c0A2ucDnsf3HuITrdIufhAwRNNZMka7LWVsaaR/tnvcf,iv:agf/LEjohw1XAXsOJJ78kiBVJnTT95IUmWzYUujSlJI=,tag:a55o9L85a9Z7gG9s5BEfIw==,type:str]
+#ENC[AES256_GCM,data:ep/Z5O6RNFwTd0I5hvtk5DP9,iv:M7sclKcTR+IfCEsvz0lZaoZBRZlQsN/FhwuzFNXgVew=,tag:Ddo3Qf8tMBX9Amt7C9m5FA==,type:comment]
+klefki_pub.asc: ENC[AES256_GCM,data:lGfgwhgn2xCb1cNTo0nMP8R3KSDiEn0/k6neDE2dv1DynvXsHWmZSXED6VWBjY3uMU3YtcpXGCtxTU6EiaRKiGnhxslQlBiSypAnXHeh55DZJMJJ/JM7+BCtr33LY2lusF9/aAuKO9tbdpGmu63s5ItZ1/9zMoCJwBfpQZgY2HzZoBhjwqYu2wSkOOVAMjq+jXET7nASieOZXmpQq2uDepuEDa8MP7d6G6kV2KYJPdLYYaY4U2eppEr7ALhhJidYm3P38W47JuLyu/2raG0AY2uDtCQw9d16BcJO3au+T4B4mHzPg1/cPhQ2X4dHTTGHjRZ0sT95DrEYYmcwWVKHKyiuL8WPtQmF0QBfCOPczwJajJejB4DbxEW8U2kuhuoBWr7wZe4y/nbW2hB3pcMYYXc0EXen74IttiUrvksw+hbkLaZDCJgG91SOlWSwI12UlDrJJSzOYm+ODWqK+bKyqAafQTL9xh5heM3nQlR5G6/A/8UG+0q5ZDL+IxJwe+EffJNwrL1mn4Rc3qx068udMJC+qzmft7Ljey7mfoIiwepITpii1IA/CtuEqtpe4I5MUemQ60qAw/PoVbmD8zhOcnRHCBZtQ394I5vMo1qR2a4KeBICexx3IAjpeAQYI3+MAgo/bedqpklLYjbxpv37XwinoLj9ew4hKSjAB1wRRZlswmk+GD4XKlVo8eu88RCXYrsZ2oaOD4qxrtbc7+skGm+EqxL67nLW5n9bSC2u95bFJ1386teSFhsJL9w3EFiBlQRtm5tvee/ipmr6D2W7SyfCnSxImPC4TgTwkAXziQ3XtsUtGqj0Tv1HGayaAQpYzlJaPzf7h8oanH1VaA+AgRq+RY1OjLZGHEz37jSbqhWOiIWxwJ7qFaqGB90cHq3s07qcWrDl2wUawFLTXavZ0IF3gj9KnFSIzW3+ANvedUCXOjai+zOKmpxVFZ4Bi4W3Dcbl9B+qa0Ly0NIgldi7PmqEvL3V4FnJs6WnwdagyhXOzdlKVlrAgGluucgqBpBZZfpN6uB+tdkbrqzsdMbr+H9Hwk3RUxRzAK9k+J9WRgY7eMazH0najJ1PYh9/UZJf0DKWRi2vZTlWW+6ZruJWTohOKm+7MCgvMEttIpNQfvK6+cq7p3vwPe+pmq0DznNg4LO7Uu3cXKq3zHjl08KGE04KZyfoJuZPr+XrF91AywZ03HlT2SBBaZtFld1VapccgB5DqgE1JfFg+TS4is9a8G52Ad9yh/abUmLohsnUpGdYMaj/1FmhSLM7ldHeub8CmL2vKW4f/JTuqmOxq3X5RA+qw5f946ekUz9ZF8EyGvNwaRZ2p5m0MtXQG2IKp8Q61aBSpqbMwKzTW93VycEn7L5ZsoV5eYo0rC4PMawGkfgdNzBpq4NL5bNB82l6qHnWqU7jXh611/ZV4ueX2MLSB3cyhnaFxsH9bat1jGDtUl5umNWNtvN6rWBVsClmYfBLSUCEyftGPlxzAOy6vRHGxAdCNdoiTRGgZru3aYyW9l5XhYH1aZ+dOlTOwngaqqIb3kZoPzcc9xCeZ/I/N6iVuTUI69us8y3LVL6qKa6az5zTTgumoFB5kMugPtumS1U9hzhLtm9+hY6yZVgYredgAwVVIviMAqFFZztFkPiskcwIdrPhXzoXwfuBWDaq+dF9nykjw1F9U2gyDU0YhEOtSmdIWoIma3OmdOZ/h/JbWNrwUoAirmBmWIHQTmA5Ag==,iv:btQ5xmt/AA9vW1njJH4Inj6YmOBx6pGbHbsvCMbg7fI=,tag:DuQ4Wy9wX3mPQAVLLd6t1Q==,type:str]
+sops:
+    age:
+        - recipient: age14gfh682a7m7jfp3qrulql03x5rs7yedwmxwksxrrmgjsunstyuksqx93pz
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1WkdJMnJ3Y3IvN3lkemJK
+            RjF0dmgzT2lDcENka3BlK1NQRTBuR1BtSmhnCmI2cnRWdVpIM2t5SWNMOWNWdG84
+            SWRtMkNOYWZWbXFZYjJEWnVYazljcmMKLS0tIEF3eThDQTRKbEI0VWFLc3BSRVlF
+            U0tmdFBuZnJES3piOTZNV0VKQmQ0eVUKCWRQ/flLzmpC64WyLoipklZBmrkpYiUg
+            PRu+itNolpPTHm96pe+P93g2iP0wgekG0cX21wkiU2xaLF3dY2FEIA==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2025-10-17T07:41:50Z"
+    mac: ENC[AES256_GCM,data:WHuD9FaBmAGWpCaL3LxE55Fb2BHXyGwrk7N1aKwL5oIwQYbJX+3VdhW3jkMvWqDGNzaPE0/eVmpqQgEujOaY3cj0tQDLmmJ8SR5MAn5IytVJiW/ppgqL+5Nyko9kxjtyMfHFmPNQj6ehRA/D5NS3cvqvCrV6ENDdIwI/LcuGP3A=,iv:WZo3bt0LoK/U6dx9e68+JprhrDT0+dsceDt5dcJhI5A=,tag:PJRS3aNCjsTgvDJtr0gj9A==,type:str]
+    unencrypted_suffix: _unencrypted
+    version: 3.11.0