.envrc

@@ -0,0 +1,2 @@
+# export SOPS_AGE_KEY_FILE=${HOME}/.config/sops/age/keys.txt
+export SOPS_AGE_KEY_FILE=$(pwd)/.keys.txt

.sops.yaml

@@ -0,0 +1,4 @@
+creation_rules:
+  - path_regex: secrets/[^/]+\.(yaml|json|env|ini)$
+    age: >-
+      age1fwwfdh3np846pcwlsre2d8py3a8z5gfltx3jcyghdfx9esn6a40sm60mdj

README.md

@@ -25,10 +25,6 @@ nix run nix-darwin -- switch --flake ~/.config/nix-macos#<host>
 vai
 ```
 
-## Documentation
-
-- [nix-darwin](https://daiderd.com/nix-darwin/manual/index.html)
-
 ## Crypt
 
 Files under `secrets` are encrypted using `git-crypt`.
@@ -41,13 +37,3 @@ git-crypt export-key - | base64 > .key.b64
 cat .key.b64 | base64 --decode > .key
 git-crypt unlock .key
 ```
-
-## TODO
-
-Stuff that I would like to automate, but have not found a way/time
-
-- Disable the default Spotlight keyboard shortcut. For now manually go to Settings -> Keyboard Shortcuts -> Spotlight -> Untick
-- `chsh -s /run/current-system/sw/bin/fish`
-- vscodium settings (download `zokugun.sync-settings` -> open repository settings -> paste secrets/configs/vscodium-sync.yaml -> download config)
-
-

darwin.nix

@@ -20,52 +20,36 @@
   # Nix Darwin
   # https://daiderd.com/nix-darwin/manual/index.html
 
-  system.defaults = {
-    # Security
-    screensaver.askForPassword = true;
-    screensaver.askForPasswordDelay = 0;
-    loginwindow.GuestEnabled = false;
+  # Security
+  system.defaults.screensaver.askForPassword = true;
+  system.defaults.screensaver.askForPasswordDelay = 0;
+  system.defaults.loginwindow.GuestEnabled = false;
 
-    # Dock
-    dock = {
-      autohide = true;
-      orientation = "left";
-      show-recents = false;
-      persistent-apps = [
-        "/Applications/Arc.app"
-        "/Applications/Ghostty.app"
-        "/Applications/VSCodium.app"
-        "/Applications/Spotify.app"
-        "/System/Applications/System Settings.app"
-      ];
-      persistent-others = [ ];
-    };
-
-    # Finder
-    finder = {
-      AppleShowAllExtensions = true;
-      ShowPathbar = true;
-    };
-
-    # Trackpad
-    NSGlobalDomain = {
-      InitialKeyRepeat = 25;
-      KeyRepeat = 2;
-      "com.apple.mouse.tapBehavior" = 1;
-      "com.apple.trackpad.scaling" = 0.875;
-    };
-    trackpad = {
-      Dragging = true;
-      Clicking = true;
-      TrackpadRightClick = true;
-    };
-  };
+  # Dock
+  system.defaults.dock.autohide = true;
+  system.defaults.dock.orientation = "left";
+  system.defaults.dock.show-recents = false;
+  system.defaults.dock.persistent-apps = [
+    "/Applications/Arc.app"
+    "/Applications/Ghostty.app"
+    "/Applications/VSCodium.app"
+    "/Applications/Spotify.app"
+    "/System/Applications/System Settings.app"
+  ];
+  system.defaults.dock.persistent-others = [ ];
 
   # Input devices
-  system.keyboard = {
-    enableKeyMapping = true;
-    remapCapsLockToEscape = true;
-  };
+  system.keyboard.enableKeyMapping = true;
+  system.keyboard.remapCapsLockToEscape = true;
+  system.defaults.NSGlobalDomain.InitialKeyRepeat = 25;
+  system.defaults.NSGlobalDomain.KeyRepeat = 2;
+  system.defaults.NSGlobalDomain."com.apple.mouse.tapBehavior" = 1;
+  system.defaults.NSGlobalDomain."com.apple.trackpad.scaling" = 0.875;
+  system.defaults.trackpad.Dragging = true;
+
+  # Finder
+  system.defaults.finder.AppleShowAllExtensions = true;
+  system.defaults.finder.ShowPathbar = true;
 
   # Other
   system.startup.chime = false;
@@ -75,7 +59,6 @@
     shell = pkgs.fish;
   };
   programs.fish.enable = true;
-  environment.shells = [ pkgs.fish ];
 
   homebrew = {
     enable = true;

home/home.nix

@@ -3,6 +3,7 @@
   pkgs,
   lib,
   config,
+  sops-nix,
   ...
 }:
 {
@@ -45,9 +46,6 @@
       g = "lazygit";
       d = "lazydocker";
       vai = "darwin-rebuild switch --flake ~/.config/nix-macos#${host.hostName}";
-
-      p = "pnpm";
-      px = "pnpm -s dlx";
     };
   };
 

home/pkgs.nix

@@ -21,6 +21,7 @@ with pkgs;
   woff2
   bat
   rsync
+  sops
 
   # Dev
   devenv

scripts/plist/export.sh

@@ -1,27 +0,0 @@
-#!/bin/bash
-
-# Create secrets directory if it doesn't exist
-mkdir -p secrets/plist
-
-# Array of app IDs to export
-APP_IDS=(
-  "com.lwouis.alt-tab-macos"
-  "com.jordanbaird.Ice"
-  "com.apphousekitchen.aldente-pro.plist"
-  "com.lihaoyun6.QuickRecorder.plist"
-)
-
-# Export each plist
-for APP_ID in "${APP_IDS[@]}"; do
-  echo "Exporting $APP_ID..."
-  defaults export "$APP_ID" - >"secrets/plist/$APP_ID.plist"
-
-  # Check if export was successful
-  if [ $? -eq 0 ]; then
-    echo "Successfully exported $APP_ID to secrets/$APP_ID.plist"
-  else
-    echo "Failed to export $APP_ID"
-  fi
-done
-
-echo "All exports completed!"

scripts/plist/import.sh

@@ -1,38 +0,0 @@
-#!/bin/bash
-
-# Path to the plist directory
-PLIST_DIR="secrets/plist"
-
-# Check if the plist directory exists
-if [ ! -d "$PLIST_DIR" ]; then
-  echo "Error: Directory $PLIST_DIR does not exist."
-  exit 1
-fi
-
-# Get all plist files in the directory
-PLIST_FILES=("$PLIST_DIR"/*.plist)
-
-# Check if there are any plist files
-if [ ${#PLIST_FILES[@]} -eq 0 ] || [ "${PLIST_FILES[0]}" = "$PLIST_DIR/*.plist" ]; then
-  echo "No plist files found in $PLIST_DIR."
-  exit 1
-fi
-
-# Import each plist
-for PLIST_PATH in "${PLIST_FILES[@]}"; do
-  # Extract app ID from filename (remove path and .plist extension)
-  FILENAME=$(basename "$PLIST_PATH")
-  APP_ID="${FILENAME%.plist}"
-
-  echo "Importing $APP_ID..."
-  cat "$PLIST_PATH" | defaults import "$APP_ID" -
-
-  # Check if import was successful
-  if [ $? -eq 0 ]; then
-    echo "Successfully imported $APP_ID from $PLIST_PATH"
-  else
-    echo "Failed to import $APP_ID"
-  fi
-done
-
-echo "All imports completed!"