diff options
Diffstat (limited to 'labsrv01/home.nix')
| -rw-r--r-- | labsrv01/home.nix | 94 |
1 files changed, 94 insertions, 0 deletions
diff --git a/labsrv01/home.nix b/labsrv01/home.nix new file mode 100644 index 0000000..72824ba --- /dev/null +++ b/labsrv01/home.nix @@ -0,0 +1,94 @@ +{ + config, + pkgs, + ... +}: +{ + home.username = "kjtsanaktsidis"; + home.homeDirectory = "/home/kjtsanaktsidis"; + home.stateVersion = "25.11"; + + programs.home-manager.enable = true; + + # Install packages + home.packages = with pkgs; [ + htop + zellij + tmux + neovim + git-absorb + # LazyVim dependencies + lazygit + ripgrep + fd + nodejs + python3 + ]; + + # Configure sops for home-manager + sops = { + age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; + defaultSopsFile = ./secrets.yaml; + secrets = { + kj_id_ed25519 = { + path = "${config.home.homeDirectory}/.ssh/id_ed25519"; + }; + kj_gpg_private_key = { + path = "${config.home.homeDirectory}/.gnupg/private-key.asc"; + }; + }; + }; + + # Git configuration + programs.git = { + enable = true; + settings = { + user.name = "KJ Tsanaktsidis"; + user.email = "kj@kjtsanaktsidis.id.au"; + pull.rebase = true; + }; + signing = { + key = "7F21FB211E24B02A5DEF86E227CD40EB9B81C726"; + signByDefault = true; + }; + }; + + # SSH public key (private key is managed by sops) + home.file.".ssh/id_ed25519.pub" = { + text = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMtGcEXu5S/0zsF6Suxc65DmGFGt1JWRnqadoVhErOed kjtsanaktsidis@KJMacbookGroq.local"; + }; + + # Zsh configuration + programs.zsh = { + enable = true; + history = { + size = 1000000; + save = 1000000; + append = true; + extended = true; + ignoreSpace = false; + ignoreDups = false; + }; + + initContent = builtins.readFile ./zsh-config.zsh; + }; + + # FZF with standard keybindings + programs.fzf = { + enable = true; + enableZshIntegration = true; + }; + + programs.gpg = { + enable = true; + homedir = "${config.home.homeDirectory}/.gnupg"; + }; + services.gpg-agent = { + enable = true; + }; + home.activation.importGpgPrivateKey = config.lib.dag.entryAfter ["sops-nix" "onFilesChange"] '' + export GNUPGHOME="${config.programs.gpg.homedir}" + $DRY_RUN_CMD ${pkgs.gnupg}/bin/gpg --batch --verbose --trust-model always --import "${config.sops.secrets.kj_gpg_private_key.path}" + echo "GPG private key imported from sops secret" + ''; +} |