From 5fbfb7ed7e3c677965e6306ded35e1915f76ec4b Mon Sep 17 00:00:00 2001
From: Gene Liverman <gene@technicalissues.us>
Date: Fri, 26 Jan 2024 23:57:27 -0500
Subject: [PATCH] Adding mini-watcher

---
 .sops.yaml                                    |  8 ++++++
 flake.nix                                     | 25 +++++++++++++++++++
 modules/home-manager/common/hm-sops.nix       | 15 +++++++++++
 .../home-manager/hosts/mini-watcher/gene.nix  |  8 ++++++
 .../hosts/mini-watcher/secrets.yaml           | 22 ++++++++++++++++
 5 files changed, 78 insertions(+)
 create mode 100644 modules/home-manager/common/hm-sops.nix
 create mode 100644 modules/home-manager/hosts/mini-watcher/gene.nix
 create mode 100644 modules/home-manager/hosts/mini-watcher/secrets.yaml

diff --git a/.sops.yaml b/.sops.yaml
index 4569401..0414560 100644
--- a/.sops.yaml
+++ b/.sops.yaml
@@ -4,6 +4,7 @@ keys:
   - &system_rainbow_planet age15xlw5vnnjdx2ypz6rq0mqcywuaj3yx8y6lrgf95satafqf7y4qus6rv6ck
   - &user_airpuppet age1awdf9h0avajf57cudx0rjfmxu2wlxw8wf3sa7yvfk8rp4j6taecsu74x77
   - &user_blue_rock age1rt72txg22w8y3cdvq9w7zff0cas6xtkplpj36kxnevfnrtn82f6ss7yw7d
+  - &user_mini_watcher age1rpy8edlpgxuf6w75cvlqexuq2xe4c49h9t2ge6jhc3fzczp8vfasnjelwq
 creation_rules:
   - path_regex: nixnuc/secrets.yaml$
     key_groups:
@@ -21,10 +22,17 @@ creation_rules:
     key_groups:
       - age:
           - *user_blue_rock
+  - path_regex: mini-watcher/secrets.yaml$
+    key_groups:
+      - age:
+          - *user_mini_watcher
   - path_regex: modules/system/common/secrets.yaml$
     key_groups:
       - age:
           - *system_nixnuc
           - *system_rainbow_planet
+          - *user_airpuppet
           - *user_blue_rock
+          - *user_mini_watcher
+
 
diff --git a/flake.nix b/flake.nix
index 2e1469c..8106e85 100644
--- a/flake.nix
+++ b/flake.nix
@@ -111,6 +111,27 @@
       ];
     }; # end nixosSystem
 
+    linuxHomeConfig = system: hostname: username: home-manager.lib.homeManagerConfiguration {
+      pkgs = import nixpkgs {
+        inherit system;
+        config = {
+          allowUnfree = true;
+          permittedInsecurePackages = [ "electron-21.4.4" ];
+        };
+      };
+      extraSpecialArgs = { inherit genebean-omp-themes hostname username; };
+      modules = [
+        ./modules/home-manager/hosts/${hostname}/${username}.nix
+        {
+          home = {
+            username = "${username}";
+            homeDirectory = "/home/${username}";
+          };
+        }
+        sops-nix.homeManagerModules.sops
+      ];
+    }; # end homeManagerConfiguration
+
   in {
       darwinConfigurations = {
         AirPuppet = darwinHostConfig "x86_64-darwin" "AirPuppet" "gene";
@@ -121,5 +142,9 @@
         nixnuc = nixosHostConfig "x86_64-linux" "nixnuc" "gene";
         rainbow-planet = nixosHostConfig "x86_64-linux" "rainbow-planet" "gene";
       };
+
+     homeConfigurations = {
+       gene = linuxHomeConfig "x86_64-linux" "mini-watcher" "gene";
+     };
   };
 }
diff --git a/modules/home-manager/common/hm-sops.nix b/modules/home-manager/common/hm-sops.nix
new file mode 100644
index 0000000..215aa7c
--- /dev/null
+++ b/modules/home-manager/common/hm-sops.nix
@@ -0,0 +1,15 @@
+{ pkgs, hostname, username, ... }: {
+  home.packages = with pkgs; [
+    home-manager
+  ];
+
+  sops = {
+    age.keyFile = /home/${username}/.config/sops/age/keys.txt;
+    defaultSopsFile = ../hosts/${hostname}/secrets.yaml;
+    secrets = {
+      local_git_config.path = "/home/${username}/.gitconfig-local";
+      local_private_env.path = "/home/${username}/.private-env";
+    };
+  };
+}
+
diff --git a/modules/home-manager/hosts/mini-watcher/gene.nix b/modules/home-manager/hosts/mini-watcher/gene.nix
new file mode 100644
index 0000000..7cb68f2
--- /dev/null
+++ b/modules/home-manager/hosts/mini-watcher/gene.nix
@@ -0,0 +1,8 @@
+{ pkgs, genebean-omp-themes, ... }: {
+  home.stateVersion = "23.11";
+  imports = [
+    ../../common/all-cli.nix
+    ../../common/all-linux.nix
+    ../../common/hm-sops.nix
+  ];
+}
diff --git a/modules/home-manager/hosts/mini-watcher/secrets.yaml b/modules/home-manager/hosts/mini-watcher/secrets.yaml
new file mode 100644
index 0000000..50f2656
--- /dev/null
+++ b/modules/home-manager/hosts/mini-watcher/secrets.yaml
@@ -0,0 +1,22 @@
+local_git_config: ENC[AES256_GCM,data:ECcO9NiS6Xo1AevHx/4tIGmhVHTG+WHIJI/RgYLe4DbptPJQFxFMBEk=,iv:xPvAfNywX7Ww3iwZDwQGTa88ZoJZqnIjdNDv4R0iAf0=,tag:bQ7rNxPniyP7SNW8Nz+1rw==,type:str]
+local_private_env: ENC[AES256_GCM,data:Eg1IYFMJFysMavh1ssddpO3fzoyrKpA2dfSNSUUUsb/548IxqOktXIArR5bqbWVL//bUmnYI3N37jYRFiQSO,iv:50WBKSSy/Ea6l6kdggeoVCXhRG6lc4QxQBm1CoK2RTc=,tag:USADBcnceslCg3ueSikf+w==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1rpy8edlpgxuf6w75cvlqexuq2xe4c49h9t2ge6jhc3fzczp8vfasnjelwq
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBveXpUSFNmVXJFTy9ieWRv
+            a1Fpb2xic1lnYW5mZ2VaY1dyOXVUbkNGWnlNCkxKcUZVbm0rRUNydERUeC9ueloy
+            N3d0NGxyaTFCd1lMUmh2VklqbTZJalkKLS0tIC8xb1VnZU0xbmdObnZIUjRvU01k
+            bmtPb3hjTkxMaDJwSGQ0amF5ci85UXcK16fgU78H4SK8LKDyYCUgMdRE2ZTygzyE
+            spYcQ8w+PvQSxLUFJKW6DZdkSXLkNR0HkmVkuSmBKW0lVNWCfXbfvA==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2024-01-28T00:59:32Z"
+    mac: ENC[AES256_GCM,data:Dcs3LkQtReunJGQl1aBy/fo022r0fwAdjDKRlgGsDtnWWEWZww6+n30yCkMjDrQCZm4NekDCYrEd0Dhq90nLON+vxykojxd/UTBEX86NIxUrGtO3faotP0/buVi59JgqQQqBDB14GpJttZGVr59LVlxieG1PhpmE9lFePpT8eR4=,iv:7KmeBD4Pk+guEW0nb9/W7olsF36bwfZtFkehO5u40po=,tag:PJmbdqiud4FHxbVcZv2png==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.8.1