From f5c1fa2ce0fbf74e72816e12e860f17e3fe8d469 Mon Sep 17 00:00:00 2001
From: Gene Liverman <gene@technicalissues.us>
Date: Sat, 9 Aug 2025 09:42:48 -0400
Subject: [PATCH] First pass at Home Manager on Ubuntu

---
 .sops.yaml                                    |  4 +++
 flake.nix                                     |  7 ++---
 lib/default.nix                               |  2 ++
 lib/mkHomeConfig.nix                          | 29 +++++++++++++++++++
 modules/hosts/common/hm-sops.nix              | 15 ----------
 modules/hosts/home-manager-only/default.nix   | 24 +++++++++++++++
 .../home-manager-only/home-gene.liverman.nix  |  3 ++
 modules/hosts/home-manager-only/home-gene.nix |  3 ++
 modules/hosts/home-manager-only/secrets.yaml  | 17 +++++++++++
 9 files changed, 84 insertions(+), 20 deletions(-)
 create mode 100644 lib/mkHomeConfig.nix
 delete mode 100644 modules/hosts/common/hm-sops.nix
 create mode 100644 modules/hosts/home-manager-only/default.nix
 create mode 100644 modules/hosts/home-manager-only/home-gene.liverman.nix
 create mode 100644 modules/hosts/home-manager-only/home-gene.nix
 create mode 100644 modules/hosts/home-manager-only/secrets.yaml

diff --git a/.sops.yaml b/.sops.yaml
index 8a4ab22..6f2ac3b 100644
--- a/.sops.yaml
+++ b/.sops.yaml
@@ -56,6 +56,10 @@ creation_rules:
     key_groups:
       - age:
           - *user_mightymac
+  - path_regex: modules/hosts/home-manager-only/secrets.yaml$
+    key_groups:
+      - age:
+          - *system_rainbow_planet
   - path_regex: modules/hosts/common/secrets.yaml$
     key_groups:
       - age:
diff --git a/flake.nix b/flake.nix
index 88988b6..b056cfa 100644
--- a/flake.nix
+++ b/flake.nix
@@ -174,12 +174,9 @@
 
     # Home Manager (only) users
     homeConfigurations = {
-      gene = linuxHomeConfig {
-        system = "x86_64-linux";
-        hostname = "mini-watcher";
+      gene = localLib.mkHomeConfig {
+        homeDirectory = "/home/gene";
         username = "gene";
-        additionalModules = [];
-        additionalSpecialArgs = {};
       };
     }; # end homeConfigurations
 
diff --git a/lib/default.nix b/lib/default.nix
index 3776697..5d79385 100644
--- a/lib/default.nix
+++ b/lib/default.nix
@@ -1,7 +1,9 @@
 { inputs, ... }: let
   mkDarwinHost = import ./mkDarwinHost.nix { inherit inputs; };
+  mkHomeConfig = import ./mkHomeConfig.nix { inherit inputs; };
   mkNixosHost = import ./mkNixosHost.nix { inherit inputs; };
 in {
   inherit (mkDarwinHost) mkDarwinHost;
+  inherit (mkHomeConfig) mkHomeConfig;
   inherit (mkNixosHost) mkNixosHost;
 }
diff --git a/lib/mkHomeConfig.nix b/lib/mkHomeConfig.nix
new file mode 100644
index 0000000..1abd08a
--- /dev/null
+++ b/lib/mkHomeConfig.nix
@@ -0,0 +1,29 @@
+{ inputs, ... }: {
+  mkHomeConfig = {
+    system ? "x86_64-linux",
+    homeDirectory,
+    username,
+  }: inputs.home-manager.lib.homeManagerConfiguration {
+    extraSpecialArgs = { inherit inputs homeDirectory username; };
+
+    pkgs = inputs.nixpkgs.legacyPackages.${system};
+
+    # Specify your home configuration modules here, for example,
+    # the path to your home.nix.
+    modules = [
+      ./nixpkgs-settings.nix
+      ../modules/hosts/common
+      ../modules/hosts/home-manager-only
+      ../modules/hosts/home-manager-only/home-${username}.nix
+
+      {
+        home = {
+          username = "${username}";
+          homeDirectory = "${homeDirectory}";
+        };
+      }
+
+      inputs.sops-nix.homeManagerModules.sops
+    ];
+  };
+}
\ No newline at end of file
diff --git a/modules/hosts/common/hm-sops.nix b/modules/hosts/common/hm-sops.nix
deleted file mode 100644
index 946935b..0000000
--- a/modules/hosts/common/hm-sops.nix
+++ /dev/null
@@ -1,15 +0,0 @@
-{ config, pkgs, hostname, username, ... }: {
-  home.packages = with pkgs; [
-    home-manager
-  ];
-
-  sops = {
-    age.keyFile = "${config.users.users.${username}.home}/.config/sops/age/keys.txt";
-    defaultSopsFile = ../hosts/${hostname}/secrets.yaml;
-    secrets = {
-      local_git_config.path = "${config.users.users.${username}.home}/.gitconfig-local";
-      local_private_env.path = "${config.users.users.${username}.home}/.private-env";
-    };
-  };
-}
-
diff --git a/modules/hosts/home-manager-only/default.nix b/modules/hosts/home-manager-only/default.nix
new file mode 100644
index 0000000..b25a527
--- /dev/null
+++ b/modules/hosts/home-manager-only/default.nix
@@ -0,0 +1,24 @@
+{ config, pkgs, ... }: {
+  home.stateVersion = "25.05";
+  home.packages = with pkgs; [
+    age
+    home-manager
+    sops
+    ssh-to-age
+  ];
+
+  # home-manager switch --flake ~/repos/dots
+  programs.zsh.shellAliases = {
+    nixdiff = "cd ~/repos/dots && home-manager build --flake . && nvd diff /run/current-system result";
+    nixup = "home-manager switch --flake ~/repos/dots";
+  };
+
+  sops = {
+    age.sshKeyPaths = [ "${config.home.homeDirectory}/.ssh/id_ed25519" ];
+    defaultSopsFile = ./secrets.yaml;
+    secrets = {
+      local_git_config.path = "${config.home.homeDirectory}/.gitconfig-local";
+      local_private_env.path = "${config.home.homeDirectory}/.private-env";
+    };
+  };
+}
diff --git a/modules/hosts/home-manager-only/home-gene.liverman.nix b/modules/hosts/home-manager-only/home-gene.liverman.nix
new file mode 100644
index 0000000..7095165
--- /dev/null
+++ b/modules/hosts/home-manager-only/home-gene.liverman.nix
@@ -0,0 +1,3 @@
+{ ... }: {
+  # Settings just for work machines go here
+}
\ No newline at end of file
diff --git a/modules/hosts/home-manager-only/home-gene.nix b/modules/hosts/home-manager-only/home-gene.nix
new file mode 100644
index 0000000..d8208a0
--- /dev/null
+++ b/modules/hosts/home-manager-only/home-gene.nix
@@ -0,0 +1,3 @@
+{ ... }: {
+  # Settings just for personal machines go here
+}
\ No newline at end of file
diff --git a/modules/hosts/home-manager-only/secrets.yaml b/modules/hosts/home-manager-only/secrets.yaml
new file mode 100644
index 0000000..b51ffba
--- /dev/null
+++ b/modules/hosts/home-manager-only/secrets.yaml
@@ -0,0 +1,17 @@
+local_git_config: ENC[AES256_GCM,data:7zJpT5px88Y/9S/ZR3dRZQmALdVS1aR/1qpKDYzfSAG7bTHutIXztBi93xH+iuId2blWZ7DVjRZPTLgbsxzPBGMVnwDMCTOfLPhTwbSGI6XfKXvYyl9TXNiw1qxn1zhIAia7zt2J/dBt63JMVByXaVohpHr0/9cKZio/cuI=,iv:k55B7Pe70M+enpMP+toVjyEkdIsuNnA5hRUe5Kgq5pE=,tag:6sChtIN2POPiK2zYweqTTA==,type:str]
+local_private_env: ENC[AES256_GCM,data:owNy1rCDk7qSFwayk+3/b9DYQBNqokJO2/v03Eu//f+6FjSeNzC6TrqmK/clAHcwSgl02z92yt+1Wc5ZJq1h,iv:omLnU8rSgoXYHf86NEIWoKN//ADZDJHzz+8qJ8NP2iw=,tag:aJeZrGWHp0iEIlPP20kwSg==,type:str]
+sops:
+    age:
+        - recipient: age1ueus0ucmvqhgkw3vyc8zxaq0qjc84cfrcuqpheppem68s4a2vq0qw376yc
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOdWZKN2lmdFRTSlVSTkpP
+            WWZrNFZWcWlraUd1R05wR0FWRnh0WGVLK3dBCnlyR0YrcFkrRFRleGRvMnIyakFY
+            Q0xRaFlJUkJ0bi9Sb1JrTE9DVVVScEEKLS0tIE94UkhFdEM5N1F3dHA1VXhNV1FE
+            aTV4a1QvaThld3g0aGt3Z3JvaWFtcFEK1zvoJDUDSwSmSJ5YyFUjNCP9qoj/7Uv5
+            MusGUeYe+IdBz413voyT0PgsGmlKNEjfxjzsF0DRKAw5a/n0EY9cOg==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2025-08-09T22:27:48Z"
+    mac: ENC[AES256_GCM,data:58bu+5mVOpq4ymQVUSGctR9DRFDTG7kvML6rbAA3qlcQidN4Ga0WPrL/DhCF+rU0WiID2c+WnQvVNb8ODxB3Ey17gZw8mYXiFmfV9n8UUAO9hkZF3UqDWRadCN0zXASECinQhi/hqRWMB5HzCP0e4tO9skgVOnRyRryPdY9zgwQ=,iv:b+djRzW7JbOij914tlvDJuTUd//xRHRrFWukYFN+VIE=,tag:/T84gtXOP3QcqE9lMLcc1A==,type:str]
+    unencrypted_suffix: _unencrypted
+    version: 3.10.2