diff --git a/.sops.yaml b/.sops.yaml new file mode 100644 index 0000000..45ea201 --- /dev/null +++ b/.sops.yaml @@ -0,0 +1,4 @@ +creation_rules: + - path_regex: secrets/[^/]+\.(yaml|json|env|ini)$ + age: >- + age1fwwfdh3np846pcwlsre2d8py3a8z5gfltx3jcyghdfx9esn6a40sm60mdj diff --git a/cask.nix b/cask.nix index 871fc1e..657d739 100644 --- a/cask.nix +++ b/cask.nix @@ -17,7 +17,6 @@ "sloth" "vscodium" "hoppscotch" - "tailscale" "utm" "balenaetcher" diff --git a/darwin.nix b/darwin.nix index 5135c8a..f2a41c2 100644 --- a/darwin.nix +++ b/darwin.nix @@ -1,5 +1,10 @@ -{ flake }: -{ pkgs, host, ... }: +{ + pkgs, + host, + flake, + lib, + ... +}: { nix.settings.experimental-features = "nix-command flakes"; @@ -57,7 +62,8 @@ homebrew = { enable = true; - casks = import ./cask.nix; + # casks = (if builtins.hasAttr "casks" host then host.casks else [ ]) ++ (import ./cask.nix); + casks = (lib.attrByPath [ "extras" "casks" ] [ ] host) ++ (import ./cask.nix); taps = [ "lihaoyun6/tap" ]; onActivation = { autoUpdate = true; diff --git a/files/git/gitconfig b/files/git/gitconfig index d7eb159..069cccb 100644 --- a/files/git/gitconfig +++ b/files/git/gitconfig @@ -10,12 +10,6 @@ [commit] gpgsign = false -[includeIf "gitdir:/Users/nicco/"] - path = "~/.dotfiles/files/git/config.personal" - -[includeIf "gitdir:/Users/niccoloborgioli/"] - path = "~/.dotfiles/files/git/config.work" - [pull] rebase = false @@ -25,3 +19,6 @@ sort = -committerdate [alias] fpush = push --force-with-lease + +[include] + path = ~/.gitconfig.local diff --git a/flake.lock b/flake.lock index 85e8ecb..e4809d0 100644 --- a/flake.lock +++ b/flake.lock @@ -2,16 +2,14 @@ "nodes": { "home-manager": { "inputs": { - "nixpkgs": [ - "nixpkgs" - ] + "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1737762889, - "narHash": "sha256-5HGG09bh/Yx0JA8wtBMAzt0HMCL1bYZ93x4IqzVExio=", + "lastModified": 1738448366, + "narHash": "sha256-4ATtQqBlgsGqkHTemta0ydY6f7JBRXz4Hf574NHQpkg=", "owner": "nix-community", "repo": "home-manager", - "rev": "daf04c5950b676f47a794300657f1d3d14c1a120", + "rev": "18fa9f323d8adbb0b7b8b98a8488db308210ed93", "type": "github" }, "original": { @@ -27,11 +25,11 @@ ] }, "locked": { - "lastModified": 1737504076, - "narHash": "sha256-/B4XJnzYU/6K1ZZOBIgsa3K4pqDJrnC2579c44c+4rI=", + "lastModified": 1738277753, + "narHash": "sha256-iyFcCOk0mmDiv4ut9mBEuMxMZIym3++0qN1rQBg8FW0=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "65cc1fa8e36ceff067daf6cfb142331f02f524d3", + "rev": "49b807fa7c37568d7fbe2aeaafb9255c185412f9", "type": "github" }, "original": { @@ -42,11 +40,27 @@ }, "nixpkgs": { "locked": { - "lastModified": 1737879851, - "narHash": "sha256-H+FXIKj//kmFHTTW4DFeOjR7F1z2/3eb2iwN6Me4YZk=", + "lastModified": 1737885589, + "narHash": "sha256-Zf0hSrtzaM1DEz8//+Xs51k/wdSajticVrATqDrfQjg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "5d3221fd57cc442a1a522a15eb5f58230f45a304", + "rev": "852ff1d9e153d8875a83602e03fdef8a63f0ecf8", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_2": { + "locked": { + "lastModified": 1738452225, + "narHash": "sha256-Qmwx3FXM0x0pdjibwTk/uRbayqDrs3EwmRJe7tQWu48=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "6c4e0724e0a785a20679b1bca3a46bfce60f05b6", "type": "github" }, "original": { @@ -60,7 +74,28 @@ "inputs": { "home-manager": "home-manager", "nix-darwin": "nix-darwin", - "nixpkgs": "nixpkgs" + "nixpkgs": "nixpkgs_2", + "sops-nix": "sops-nix" + } + }, + "sops-nix": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1738291974, + "narHash": "sha256-wkwYJc8cKmmQWUloyS9KwttBnja2ONRuJQDEsmef320=", + "owner": "Mic92", + "repo": "sops-nix", + "rev": "4c1251904d8a08c86ac6bc0d72cc09975e89aef7", + "type": "github" + }, + "original": { + "owner": "Mic92", + "repo": "sops-nix", + "type": "github" } } }, diff --git a/flake.nix b/flake.nix index e71f548..7188e59 100644 --- a/flake.nix +++ b/flake.nix @@ -8,7 +8,10 @@ nix-darwin.inputs.nixpkgs.follows = "nixpkgs"; home-manager.url = "github:nix-community/home-manager"; - home-manager.inputs.nixpkgs.follows = "nixpkgs"; + # home-manager.inputs.nixpkgs.follows = "nixpkgs"; + + sops-nix.url = "github:Mic92/sops-nix"; + sops-nix.inputs.nixpkgs.follows = "nixpkgs"; }; outputs = @@ -17,6 +20,7 @@ nix-darwin, nixpkgs, home-manager, + sops-nix, }: let hosts = import ./hosts; @@ -27,18 +31,17 @@ map (host: { name = host.hostName; value = nix-darwin.lib.darwinSystem { + specialArgs = { + inherit sops-nix; + inherit host; + flake = self; + }; modules = [ - # Make `host` available as module arg. - ( - { config, ... }: - { - config._module.args = { inherit host; }; - } - ) - # configuration - (import ./darwin.nix { flake = self; }) + (import ./darwin.nix) + sops-nix.darwinModules.sops home-manager.darwinModules.home-manager { + home-manager.sharedModules = [ sops-nix.homeManagerModules.sops ]; home-manager.backupFileExtension = "backup"; home-manager.useGlobalPkgs = true; home-manager.useUserPackages = true; diff --git a/home.nix b/home.nix index 43a78de..ff658b3 100644 --- a/home.nix +++ b/home.nix @@ -1,8 +1,14 @@ { host }: -{ pkgs, lib, ... }: +{ + pkgs, + lib, + config, + sops-nix, + ... +}: { # https://nix-community.github.io/home-manager - home.stateVersion = "25.05"; # Please read the comment before changing. + home.stateVersion = "25.05"; programs.home-manager.enable = true; home.username = host.username; @@ -26,6 +32,7 @@ ".config/ghostty/config".source = ./files/ghostty/config; ".gitconfig".source = ./files/git/gitconfig; ".gitignore_global".source = ./files/git/gitignore_global; + ".gitconfig.local".source = ./files/git/config.work; ".config/nvim".source = ./files/nvim; }; @@ -79,4 +86,14 @@ }; }; + # Secrets + sops = { + age.keyFile = "${config.home.homeDirectory}/.config/sops/age/keys.txt"; + defaultSopsFile = ./secrets/ssh.yaml; + secrets.config = { + mode = "0600"; + path = "${config.home.homeDirectory}/.ssh/config"; + }; + }; + } diff --git a/home/sflx.nix b/home/sflx.nix index acf22ee..ab21526 100644 --- a/home/sflx.nix +++ b/home/sflx.nix @@ -5,4 +5,5 @@ with pkgs; cocoapods phrase-cli boundary + awscli2 ] diff --git a/home/shared.nix b/home/shared.nix index 6a6bebf..96267e0 100644 --- a/home/shared.nix +++ b/home/shared.nix @@ -25,6 +25,8 @@ with pkgs; devenv nixpacks ollama + colima + lazydocker # Editor neovim diff --git a/hosts/mac16.nix b/hosts/mac16.nix index d1a88cc..50c6090 100644 --- a/hosts/mac16.nix +++ b/hosts/mac16.nix @@ -2,4 +2,12 @@ username = "niccoloborgioli"; hostName = "mac16"; platform = "aarch64-darwin"; + + extras = { + casks = [ + "phpstorm" + "datagrip" + "tailscale" + ]; + }; } diff --git a/secrets/ssh.yaml b/secrets/ssh.yaml new file mode 100644 index 0000000..1b9ead1 --- /dev/null +++ b/secrets/ssh.yaml @@ -0,0 +1,21 @@ +config: ENC[AES256_GCM,data:zbHax9P2aa3gecoWQTrHZ5wtjouYnYJPKnoM1B1bZ/wxV1gEsHIAFu96FBhWEI8dRPgDO7FkjdgI/ip1WVtwqQgasHbFYRoc46UI8kbMYPrWSlIsNLQQJjaMdfn0KqIQJDFD3FL8cwnj6Es/E/Bb62h+ILb2pRU+4pmKdxA/1DWSXHl+BNTx8nLmFrTtm7rMo0b3OOQlNe3cz2BKGbzJBRhmOGAppZIPoRNKtZDbss3qTcb3PHQbOt1dgFQcUCnaQFbjsRGiATSYroszUP4SPbBR9wLeSoBT7rCeTxvN+0tlB3zyMGF42IWVO2SZh160zxb03YKjYUWMVHSEhMLLDLHO4U885AeX45gc2p7UUUjtZdqjAs+0qMH5EAlscQnhR0ioN6L0VRX/KWnJmsfTbdkY/5ldoXVnzx8TauwLsyyr/EymYlTR3DyeR3sbCUXLD6pxDMlAeVzakGuXzYjjBhx2Or4sEtoek2E/50kjtrignG7ADopvM7R43gf1FfRbnneQLk1g81lDEzgU9IlnnqH3ZyRKvPmUBiAcAlgndF1niUuRkdq5quFk0IOxAoDc9XcoA5uUEDs6s+d9Ejp5wWRKT7yKPjzMmTDzb0I++UFu7QRxbIF39UJn73R8rWnlN99pkUCo3LeBmJS1Hz1z+SKmRNrD8qW4ytcwlqkSfzVYb6DBjPq7xAliE6Gk7JPmOCHvq/LJ/dbjGSEqtgBcmzbg6TN4tdmvj7DOxrmch9m4iROiMHpJjUJC7c2uMd/e+bojLgNT8qQavExxGa7gL+8PvemGZO5vAZDEGjgxxeUhMSW9x47MESjTZOfRBwC891IsLTHAAWilvbw0F2ISmzcA/TdweC3jFkp+5wZITENca52vlFYW9WCfRtfYIT8rOsRoTiwDUtIPQfNpgY4+3kYI65vipw==,iv:8BiTj23eULj7Rjw+iWbJ0QR80Xss9xDSla3hSz/9E6M=,tag:OdJIcXwA9P65o2H4Ii6UcQ==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1fwwfdh3np846pcwlsre2d8py3a8z5gfltx3jcyghdfx9esn6a40sm60mdj + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOQng5V1YwTDdWbVBocStY + NXo5OFBBU1krbzFkNU52MDhJR2lkUGcwbndNCkpYMlRQU3NTVWJYN2lPWXhieUtw + R2R2OXV1N1dEQnN5QzgvUjdxR1doV2sKLS0tIFRuTUNYOFZ5YWNlWjR6MmxneTBy + dnowaVoyc0FhTEJLQmJYM1VQTDlKZ0EKBnlbVqp+D6C8Avs39SQr3ESNRCvQKcMO + MFz3pV9ENOaTrY10xuA8J0easXwyqCc3EgMPYp86FQXENpt+9m3efw== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-01-29T11:05:11Z" + mac: ENC[AES256_GCM,data:HYsosS2tyBvU1rQp3xH48YTY2lmA+115ls4ZhxmAm43yjfqvFtHKVQSDIYEeWGANX58GnN3wOj9ANVC6BZX3v4DUoD9VAXqfPc1S8Sb1C7rc1W5vT1V4Qjz5VsSX+jpjzj8dbROxJ+h5kd6II1gpl47ZtMaWynsAd5N6v9lU5s8=,iv:22lMFqrDZ7ctPjbHV/0HWSW1AfGoIn1KcwjcpCnDMno=,tag:hF/361akPsRSoXWFMQQZXQ==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.9.3