labsrv01/home-kjtsanaktsidis.nix


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109

{
  config,
  pkgs,
  lib,
  ...
}:
{
  home.username = "kjtsanaktsidis";
  home.homeDirectory = "/home/kjtsanaktsidis";
  home.stateVersion = "25.11";

  programs.home-manager.enable = true;

  # Install packages
  home.packages = with pkgs; [
    htop
    zellij
    tmux
    git-absorb
    # LazyVim dependencies
    lazygit
    ripgrep
    fd
    nodejs
    python3
    nixos-rebuild-ng
  ];

  # Configure sops for home-manager
  sops = {
    age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
    defaultSopsFile = ./secrets.yaml;
    secrets = {
      kj_id_ed25519 = {
        path = "${config.home.homeDirectory}/.ssh/id_ed25519";
      };
      kj_gpg_private_key = {
        path = "${config.home.homeDirectory}/.gnupg/private-key.asc";
      };
    };
  };

  # Git configuration
  programs.git = {
    enable = true;
    settings = {
      user.name = "KJ Tsanaktsidis";
      user.email = "kj@kjtsanaktsidis.id.au";
      pull.rebase = true;
    };
    signing = {
      key = "7F21FB211E24B02A5DEF86E227CD40EB9B81C726";
      signByDefault = true;
    };
  };

  programs.neovim = {
    enable = true;
    defaultEditor = true;
  };

  # Zsh configuration
  programs.zsh = {
    enable = true;
    history = {
      size = 1000000;
      save = 1000000;
      append = true;
      extended = true;
      ignoreSpace = false;
      ignoreDups = false;
    };

    initContent = lib.mkOrder 1000 (builtins.readFile ./zsh-config.zsh);
  };

  # FZF with standard keybindings
  programs.fzf = {
    enable = true;
    enableZshIntegration = true;
  };

  programs.gpg = {
    enable = true;
    homedir = "${config.home.homeDirectory}/.gnupg";
  };
  services.gpg-agent = {
    enable = true;
  };
  systemd.user.services.manage-secrets = {
    Unit = {
      Description = "Import GPG and SSH keys from sops secrets";
      After = [ "sops-nix.service" ];
      Requires = [ "sops-nix.service" ];
    };
    Service = {
      Type = "oneshot";
      RemainAfterExit = true;
      ExecStart = toString (pkgs.writeShellScript "manage-secrets" ''
        export GNUPGHOME="${config.programs.gpg.homedir}"
        ${pkgs.gnupg}/bin/gpg --batch --verbose --trust-model always --import "${config.sops.secrets.kj_gpg_private_key.path}"
        ${pkgs.openssh}/bin/ssh-keygen -y -f "${config.home.homeDirectory}/.ssh/id_ed25519" > "${config.home.homeDirectory}/.ssh/id_ed25519.pub"
      '');
    };
    Install = {
      WantedBy = [ "default.target" ];
    };
  };
}