diff --git a/.sops.yaml b/.sops.yaml index dff78bf..36393a6 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -4,6 +4,7 @@ keys: - &hosts: - &anzu age1wdjujpvc2zd0g592a9gqa7qzz4pcans8m0tyq3m6eq9np9a3lg2s8kxf3h - &ichigo age1hpcyetyl0yrwxy0geem6z2u2kwl4hmckur7pnaaxwaylf8ata9vsv8j3wh + - &kuromi age1culqt965xgweu5h6menrppf7eatq7at04z0n52t365f0nvlv043su5t2yl creation_rules: - path_regex: secrets.yaml$ key_groups: @@ -11,3 +12,4 @@ creation_rules: - *chase - *anzu - *ichigo + - *kuromi diff --git a/flake.lock b/flake.lock index 70e7e44..4e00a8a 100644 --- a/flake.lock +++ b/flake.lock @@ -191,11 +191,11 @@ ] }, "locked": { - "lastModified": 1749526396, - "narHash": "sha256-UL9F76abAk87llXOrcQRjhd5OaOclUd6MIltsqcUZmo=", + "lastModified": 1749779443, + "narHash": "sha256-r6YTIMprNCYcJcA4oZ0x1wPaHPPHUxb8CnyEeMkhGks=", "owner": "nix-community", "repo": "home-manager", - "rev": "427c96044f11a5da50faf6adaf38c9fa47e6d044", + "rev": "18f3a0d21c3739a242aafa17c04c5238bbab5a41", "type": "github" }, "original": { @@ -300,11 +300,11 @@ "xdph": "xdph" }, "locked": { - "lastModified": 1749540031, - "narHash": "sha256-11k6hq/4Tao2PNBFQpSNTlFFKmKGswL17caKuZIE0sM=", + "lastModified": 1749767250, + "narHash": "sha256-oWFxMzPIcp3ys4K0JXuAMPwGZcDqrKLSVgP4SPeP7cY=", "owner": "hyprwm", "repo": "Hyprland", - "rev": "6bdb1f413e4c592f73d91bef33dfb202503ef7ab", + "rev": "d14f81e6ac3debd57f8e3e70ead5bb52606a8c90", "type": "github" }, "original": { @@ -545,11 +545,11 @@ }, "nixpkgs-stable_2": { "locked": { - "lastModified": 1749494155, - "narHash": "sha256-FG4DEYBpROupu758beabUk9lhrblSf5hnv84v1TLqMc=", + "lastModified": 1749727998, + "narHash": "sha256-mHv/yeUbmL91/TvV95p+mBVahm9mdQMJoqaTVTALaFw=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "88331c17ba434359491e8d5889cce872464052c2", + "rev": "fd487183437963a59ba763c0cc4f27e3447dd6dd", "type": "github" }, "original": { @@ -600,11 +600,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1749581904, - "narHash": "sha256-QAzSbQuxaqM33WoOGCvwKlpuGPoN1RLAJOllz/Kli0I=", + "lastModified": 1749793929, + "narHash": "sha256-DKPE3shWebs9tBgfUsfFvJ2AHQtstHjp4h1CN6s7qa0=", "owner": "nix-community", "repo": "NUR", - "rev": "7f891b80637b9dc6b4254714e9cb6b435be31f86", + "rev": "6e15f4990e4c32382a927b68a6533ec254c60bbe", "type": "github" }, "original": { @@ -728,11 +728,11 @@ ] }, "locked": { - "lastModified": 1747603214, - "narHash": "sha256-lAblXm0VwifYCJ/ILPXJwlz0qNY07DDYdLD+9H+Wc8o=", + "lastModified": 1749592509, + "narHash": "sha256-VunQzfZFA+Y6x3wYi2UE4DEQ8qKoAZZCnZPUlSoqC+A=", "owner": "Mic92", "repo": "sops-nix", - "rev": "8d215e1c981be3aa37e47aeabd4e61bb069548fd", + "rev": "50754dfaa0e24e313c626900d44ef431f3210138", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 30c82aa..201893f 100644 --- a/flake.nix +++ b/flake.nix @@ -123,8 +123,8 @@ }; kuromi = mkNixOSConfigurations { host = hosts.kuromi; - nixpkgs = inputs.nixpkgs; - home-manager = inputs.home-manager; + nixpkgs = inputs.nixpkgs-stable; + home-manager = inputs.home-manager-stable; modules = []; }; }; diff --git a/home/base.nix b/home/base.nix index e60f095..ceb7ae4 100644 --- a/home/base.nix +++ b/home/base.nix @@ -1,5 +1,6 @@ { config, + lib, pkgs, ... }: { @@ -44,24 +45,46 @@ flavor = "mocha"; }; - programs.bash = { + # programs.bash = { + # enable = true; + # enableCompletion = true; + # historyIgnore = [ + # "ls" + # "ls -a" + # "ls -l" + # "ls -la" + # "cd" + # "exit" + # ]; + # }; + + programs.zsh = { enable = true; enableCompletion = true; - bashrcExtra = '' - export SSH_AUTH_SOCK=/home/chase/.bitwarden-ssh-agent.sock - ''; - historyIgnore = [ - "ls" - "ls -a" - "ls -l" - "ls -la" - "cd" - "exit" - ]; + autosuggestion.enable = true; + history = { + append = true; + extended = true; + ignoreDups = true; + ignorePatterns = [ + "ls *" + "cd *" + "gs" + "exit" + ]; + }; + syntaxHighlighting.enable = true; }; programs.bat.enable = true; + programs.btop.enable = true; + + programs.emacs = { + enable = true; + package = lib.mkDefault pkgs.emacs-nox; + }; + programs.fastfetch = { enable = true; settings = { @@ -134,13 +157,10 @@ ''; }; - # programs.senpai.enable = true; - - # programs.sm64ex.enable = true; - programs.starship = { enable = true; enableBashIntegration = true; + enableZshIntegration = true; settings = { line_break = { disabled = true; @@ -166,6 +186,7 @@ programs.yazi = { enable = true; enableBashIntegration = true; + enableZshIntegration = true; }; programs.yt-dlp = { diff --git a/home/desktop.nix b/home/desktop.nix index 08b711c..612f642 100644 --- a/home/desktop.nix +++ b/home/desktop.nix @@ -109,7 +109,10 @@ programs.kitty = { enable = true; enableGitIntegration = true; - shellIntegration.enableBashIntegration = true; + shellIntegration = { + enableBashIntegration = true; + enableZshIntegration = true; + }; font = { name = "BlexMono Nerd Font"; size = 11; diff --git a/home/emacs/early-init.el b/home/emacs/early-init.el index 772019a..549c535 100644 --- a/home/emacs/early-init.el +++ b/home/emacs/early-init.el @@ -50,9 +50,9 @@ (setq frame-inhibit-implied-resize t) ;; no bars -(menu-bar-mode -1) -(tool-bar-mode -1) -(scroll-bar-mode -1) +;;(menu-bar-mode -1) +;;(tool-bar-mode -1) +;;(scroll-bar-mode -1) ;; no startup screen (setq inhibit-startup-screen t) diff --git a/home/emacs/init.el b/home/emacs/init.el index a9f0772..8b1c77c 100644 --- a/home/emacs/init.el +++ b/home/emacs/init.el @@ -21,6 +21,12 @@ (add-to-list 'find-file-not-found-functions #'er-auto-create-missing-dirs) +;; no bars +(add-hook 'window-setup-hook (lambda () + (menu-bar-mode -1) + (tool-bar-mode -1) + (scroll-bar-mode -1))) + ;; set repos and bootstrap use-package ;; (require 'package) @@ -57,7 +63,7 @@ (setq use-package-always-demand t use-package-compute-statistics t) -(require 'bind-key) +(use-package bind-key) (use-package diminish) @@ -281,8 +287,8 @@ (prog-mode . yas-minor-mode) :config (setq yas-snippet-dirs - '("~/.config/emacs/snippets" ;; personal - "~/.config/emacs/work"))) ;; keep em separated + '((expand-file-name "snippets/" user-emacs-directory) ;; personal + (expand-file-name "work/" user-emacs-directory)))) ;; keep em separated ;; nix (use-package nix-ts-mode @@ -397,7 +403,11 @@ ;; agenda (require 'find-lisp) + (unless (file-exists-p "~/Documents/org") + (make-directory "~/Documents/org" t)) (setq org-directory "~/Documents/org") + (unless (file-exists-p (expand-file-name "gtd/" org-directory)) + (make-directory (expand-file-name "gtd/" org-directory) t)) (setq chase/org-agenda-directory (expand-file-name "gtd/" org-directory)) (setq org-agenda-files @@ -456,9 +466,6 @@ (use-package org-roam :after org - :custom - (org-roam-directory - (expand-file-name "roam/" org-directory)) :bind (("C-c n l" . org-roam-buffer-toggle) ("C-c n f" . org-roam-node-find) @@ -468,6 +475,10 @@ ;; Dailies ("C-c n j" . org-roam-dailies-capture-today)) :config + (unless (file-exists-p (expand-file-name "roam/" org-directory)) + (make-directory (expand-file-name "roam/" org-directory) t)) + (setq org-roam-directory + (expand-file-name "roam/" org-directory)) (require 'org-roam-protocol) (require 'org-roam-export) (org-roam-db-autosync-mode) diff --git a/hosts/kuromi/configuration.nix b/hosts/kuromi/configuration.nix index 7285cd6..71386dd 100644 --- a/hosts/kuromi/configuration.nix +++ b/hosts/kuromi/configuration.nix @@ -9,7 +9,7 @@ imports = [ # Include the results of the hardware scan. ./hardware-configuration.nix - ../../nixos/desktop.nix + ../../nixos/base.nix ]; networking.hostName = "kuromi"; diff --git a/hosts/kuromi/home.nix b/hosts/kuromi/home.nix index 3c0aa01..77c2f6a 100644 --- a/hosts/kuromi/home.nix +++ b/hosts/kuromi/home.nix @@ -4,8 +4,7 @@ ... }: { imports = [ - ../../home/desktop.nix - ../../home/plasma.nix + ../../home/base.nix ]; home.stateVersion = "25.05"; diff --git a/nixos/base.nix b/nixos/base.nix index 9632c2d..c04e2f0 100644 --- a/nixos/base.nix +++ b/nixos/base.nix @@ -6,30 +6,31 @@ ... }: { # Bootloader. - boot.loader.systemd-boot = { - enable = true; - configurationLimit = 10; + boot.loader = { + efi.canTouchEfiVariables = true; + systemd-boot = { + enable = true; + configurationLimit = 10; + }; }; - boot.loader.efi.canTouchEfiVariables = true; # Garbage collection - nix.gc = { - automatic = true; - dates = "weekly"; - options = "--delete-older-than 1w"; + nix = { + gc = { + automatic = true; + dates = "weekly"; + options = "--delete-older-than 1w"; + }; + nixPath = ["nixpkgs=${inputs.nixpkgs}"]; + settings = { + auto-optimise-store = true; + download-buffer-size = 524288000; + experimental-features = ["nix-command" "flakes"]; + }; }; - # Optimize store - nix.settings.auto-optimise-store = true; - - # Allow power management - powerManagement.enable = true; - - # Firmware updates - services.fwupd.enable = true; - - # Enable networking - networking.networkmanager.enable = true; + # Allow unfree packages + nixpkgs.config.allowUnfree = true; # Set your time zone. time.timeZone = "America/New_York"; @@ -49,29 +50,26 @@ LC_TIME = "C.UTF-8"; }; + # Configure keymap + console.keyMap = lib.mkDefault "jp106"; + + services.xserver.xkb = { + layout = lib.mkDefault "jp"; + model = lib.mkDefault "jp106"; + }; + + # Allow power management + powerManagement.enable = true; + + # Enable networking + networking.networkmanager.enable = true; + # Catppuccin catppuccin = { enable = true; flavor = "mocha"; }; - # Configure keymap - console.keyMap = "jp106"; - - services.xserver.xkb = { - layout = lib.mkDefault "jp"; - model = "jp106"; - }; - - # Enable CUPS to print documents. - services.printing.enable = true; - - # Enable Flakes - nix.settings.experimental-features = ["nix-command" "flakes"]; - - # Allow unfree packages - nixpkgs.config.allowUnfree = true; - # Android debug tools programs.adb.enable = true; @@ -80,6 +78,15 @@ blesh.enable = true; }; + # zsh config + programs.zsh = { + enable = true; + enableCompletion = true; + enableBashCompletion = true; + autosuggestions.enable = true; + syntaxHighlighting.enable = true; + }; + # Define a user account users.users.chase = { isNormalUser = true; @@ -95,6 +102,10 @@ "video" "wheel" ]; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFSQX+s8Krl312DcnUtoEWOA2silcUnt5URtyVZz8Yek" + ]; + shell = pkgs.zsh; }; # Install git and enable cache @@ -129,6 +140,13 @@ vimAlias = true; }; + # ssh agent + programs.gnupg.agent.enable = true; + + programs.ssh = { + enableAskPassword = false; + }; + sops = { defaultSopsFile = ../secrets.yaml; validateSopsFiles = false; @@ -163,41 +181,12 @@ qemu rustup sbctl + sops usbutils wget yubikey-manager ]; - nix.nixPath = ["nixpkgs=${inputs.nixpkgs}"]; - - # ssh agent - # programs.mtr.enable = true; - programs.gnupg.agent.enable = true; - - programs.ssh = { - enableAskPassword = false; - }; - - services.fstrim.enable = lib.mkDefault true; - - # Enable the OpenSSH daemon. - services.openssh = { - enable = true; - settings = { - PermitRootLogin = "no"; - PasswordAuthentication = false; - KbdInteractiveAuthentication = false; - }; - }; - - services.pcscd.enable = true; - - services.udev.packages = with pkgs; [ - yubikey-personalization - ]; - - services.yubikey-agent.enable = true; - security.pam = lib.optionalAttrs pkgs.stdenv.isLinux { sshAgentAuth.enable = true; u2f = { @@ -220,4 +209,35 @@ pkcs11.enable = true; tctiEnvironment.enable = true; }; + + services.fstrim.enable = lib.mkDefault true; + + # Firmware updates + services.fwupd.enable = true; + + # Enable the OpenSSH daemon. + services.openssh = { + enable = true; + settings = { + PermitRootLogin = "no"; + PasswordAuthentication = false; + KbdInteractiveAuthentication = false; + }; + }; + + services.pcscd.enable = true; + + # Enable CUPS to print documents. + services.printing.enable = true; + + services.udev = { + packages = with pkgs; [ + yubikey-personalization + ]; + extraRules = '' + SUBSYSTEM=="usb", ATTRS{idVendor}=="04b8", ATTRS{idProduct}=="0202", MODE="0666", GROUP="dialout" + ''; + }; + + services.yubikey-agent.enable = true; } diff --git a/nixos/desktop.nix b/nixos/desktop.nix index e3e6599..345f8a2 100644 --- a/nixos/desktop.nix +++ b/nixos/desktop.nix @@ -119,6 +119,7 @@ winDecStyles = ["classic"]; }) firefoxpwa + qpwgraph yubioath-flutter ]; diff --git a/secrets.yaml b/secrets.yaml index 477d010..1eed982 100644 --- a/secrets.yaml +++ b/secrets.yaml @@ -5,29 +5,38 @@ sops: - recipient: age19uwxm2gynhjl9m90gckrkh76m9hjut44ak6d8969y4swhz8ypyeqvfcaas enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaKzlYVzI5U04xbU05L28z - ZGQvTG15T0t5dmgvbitxS204anBpMVROaGtvCkdJQlVmeGpCcjEyRlJRaWN6WEJv - eVJ2N0RmS2ZxMGNLTHd5bUxFY2ZmdEUKLS0tIGEvM2wzZE5yd3dvSk5KRGpQbU5C - dmh3d3RPbS9WSmF2bm12VHhwNUZ4SUEK0+efCtnuIIhotR92BNaEPyq5bGwadClp - pEf2CRhTaSGiPHK+VRDy1X+pW+q9Jxu5Z7jesjGLdH8ypW5lpYjc3Q== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvT1pKc1VrVllURWozOXd1 + NURBT1haRlBkeHB3eTVabmhWMEI0a1JySDFjCkU3Ry9QaEpRTllaZlRZUllJOUtF + U0ZtOFJRbmEwYnFwK1JRNkJQQXlVVnMKLS0tIGRBZTloenV2YkhGMllUSEx5UGlk + emcvaGhuRStCRFBPY29UdmhPeUhqWDQKkabWErK0qtwVnWza7UfhmX9yfIZJC1XV + MOsdxHryfilLFHhzOI2UGM2dzKlukNvHwAuJmoRkwjIj8Ugj1sU3nA== -----END AGE ENCRYPTED FILE----- - recipient: age1wdjujpvc2zd0g592a9gqa7qzz4pcans8m0tyq3m6eq9np9a3lg2s8kxf3h enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2NGdjbm43T2NaK3krWmtB - eHJMK0xyZVFGWndabmJ5aDJiRm05dlJRUlJBClZJY2Zmc0xHUXFFbHJ0dEhDN1Zh - SVppL0pWRm9VbFBtempIRHQzOXR2dzgKLS0tIExxTFJMV2NBajdWNkRKSmR4YUFj - MVFubkgwWFJ2cEtWUVJCc2JvWU9NSGcKcsGs3q55cJ4dp1mdo7KOQWqF98uPsZOF - zFm7oJh6LwbHJarz2m3mlUGBded4ndYrsyJbh2NjHyfUvz2XZgZRkg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQbDBPVUFTcERIaEh4ZHp3 + aW1GQXlVQThyeDdVYzNYNHlqcFRIYVNpa2xNCmpMeml4REpsRDl1SU1pSm92SU1V + OXNhUklhTGxRMTRTV3dlbENsTVlXTVEKLS0tICtzU3ZteFNCOEo3NmVwNE1ydHVM + dFpJMXowc3h1MHdBYVZLc0Y5bXZoTUkKFs67JKeHhZiK2tAu7Poh4Fou5QYm8HXK + r09HeCuiIfxjRuT1t8nRvRALdzOG6xNuPULs6aCdjpa/d0EvnXyw+w== -----END AGE ENCRYPTED FILE----- - recipient: age1hpcyetyl0yrwxy0geem6z2u2kwl4hmckur7pnaaxwaylf8ata9vsv8j3wh enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZWGNlNmdhVlRXRlN3OXo4 - dEVTL01uenhEY1VVMkRveGQrQXQ2TXlvSWpZCnRoVjI2TDRpbE1FVVNMTytMb3A2 - cjN0T2UyYm9idmg5dkdFUWp1a3ZHQXcKLS0tIFpnYS8veEVGMkFkMzlibHRUUUxF - TVpjTzArTkRGVFhHdzVHdWNSYm5EZjAK6iwQI8usDMhdHdphcJeoxeeidcbto1d0 - NFId4dYlrplJmkI7Og8bIxLqnaEw7enIsTz49LjLdKPRDfQB+PkEJw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmb3oyWFBvdXIxRkNtL0xs + aGNzQ0RERXB3TGFUOVBTQm5wOUlodkZiMXlvClFXR1Z0ZHpFa2RyUlYzL01Bb2RN + UGZNREVqRU9ZRVhMQ3VMYUNKcUI4WTgKLS0tIDB5RmkzSTdwSTVUQjJMbklxeFM5 + M0s3QmI4MzNiVy8yNGE2TG01Z1paOWcKIGj+ofrO443CiK1n3J291KwnKqmG99+M + 1mYfFrvpx/yVTzt2Pk5ioTC+hzDWUHy1gR8vQTVTjGkhU8cBCzNR/w== + -----END AGE ENCRYPTED FILE----- + - recipient: age1culqt965xgweu5h6menrppf7eatq7at04z0n52t365f0nvlv043su5t2yl + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWOVQ2ZzhZT0pqZjIzQXp1 + dzBuVEcyYS9MSW8vdnFPT2p4NzJBZ3g2K0c4CmpqSC9XRFBsdUJsM1phckQ4aW5D + RFZmTFJMSkR5VE9idzJMZGZzajFBWFEKLS0tIElnTXg5aUNQVE5qOGlxd00zY0NX + ZGRES0oyeGZSRHBQU0RQNzNZd1VBZTAKhRXixVaTXhZrTmntLGaC9WIm/Ylm3tp7 + xQxZA8n5PRtqENa5Cj3jqJQS2gmwy5kixO9U6IHzMWntBE7zr/hKrQ== -----END AGE ENCRYPTED FILE----- lastmodified: "2025-06-08T19:43:47Z" mac: ENC[AES256_GCM,data:9YpgBrJwWhz2utNPldpIU/ylaN2QfkSj1LvWa8sISSnuXvsBsZ8a+oNzuGDd5+Q1pSYtoiBt6viqZn65wp8x+kb9ZMJdsWoZZG2U1b3rHUsadOYarvwMVDoQ5TZFFjEOyzyCgT7ln6v1rfAKwL5LJ3Kjv6SRIb9dK51sDsVijhQ=,iv:yTlxgZoOdB7pu5iZKP+q1cXbDsTT5HgsWo4tkix8948=,tag:qJbiq+Fayx5L9V7to1ijvQ==,type:str]