First pass at Home Manager on Ubuntu

.sops.yaml

@@ -56,6 +56,10 @@ creation_rules:
     key_groups:
       - age:
           - *user_mightymac
+  - path_regex: modules/hosts/home-manager-only/secrets.yaml$
+    key_groups:
+      - age:
+          - *system_rainbow_planet
   - path_regex: modules/hosts/common/secrets.yaml$
     key_groups:
       - age:

flake.nix

@@ -174,12 +174,9 @@
 
     # Home Manager (only) users
     homeConfigurations = {
-      gene = linuxHomeConfig {
+      gene = localLib.mkHomeConfig {
-        system = "x86_64-linux";
+        homeDirectory = "/home/gene";
-        hostname = "mini-watcher";
         username = "gene";
-        additionalModules = [];
-        additionalSpecialArgs = {};
       };
     }; # end homeConfigurations
 

lib/default.nix

@@ -1,7 +1,9 @@
 { inputs, ... }: let
   mkDarwinHost = import ./mkDarwinHost.nix { inherit inputs; };
+  mkHomeConfig = import ./mkHomeConfig.nix { inherit inputs; };
   mkNixosHost = import ./mkNixosHost.nix { inherit inputs; };
 in {
   inherit (mkDarwinHost) mkDarwinHost;
+  inherit (mkHomeConfig) mkHomeConfig;
   inherit (mkNixosHost) mkNixosHost;
 }

lib/mkHomeConfig.nix

@@ -0,0 +1,29 @@
+{ inputs, ... }: {
+  mkHomeConfig = {
+    system ? "x86_64-linux",
+    homeDirectory,
+    username,
+  }: inputs.home-manager.lib.homeManagerConfiguration {
+    extraSpecialArgs = { inherit inputs homeDirectory username; };
+
+    pkgs = inputs.nixpkgs.legacyPackages.${system};
+
+    # Specify your home configuration modules here, for example,
+    # the path to your home.nix.
+    modules = [
+      ./nixpkgs-settings.nix
+      ../modules/hosts/common
+      ../modules/hosts/home-manager-only
+      ../modules/hosts/home-manager-only/home-${username}.nix
+
+      {
+        home = {
+          username = "${username}";
+          homeDirectory = "${homeDirectory}";
+        };
+      }
+
+      inputs.sops-nix.homeManagerModules.sops
+    ];
+  };
+}

modules/hosts/common/hm-sops.nix

@@ -1,15 +0,0 @@
-{ config, pkgs, hostname, username, ... }: {
-  home.packages = with pkgs; [
-    home-manager
-  ];
-
-  sops = {
-    age.keyFile = "${config.users.users.${username}.home}/.config/sops/age/keys.txt";
-    defaultSopsFile = ../hosts/${hostname}/secrets.yaml;
-    secrets = {
-      local_git_config.path = "${config.users.users.${username}.home}/.gitconfig-local";
-      local_private_env.path = "${config.users.users.${username}.home}/.private-env";
-    };
-  };
-}
-

modules/hosts/home-manager-only/default.nix

@@ -0,0 +1,24 @@
+{ config, pkgs, ... }: {
+  home.stateVersion = "25.05";
+  home.packages = with pkgs; [
+    age
+    home-manager
+    sops
+    ssh-to-age
+  ];
+
+  # home-manager switch --flake ~/repos/dots
+  programs.zsh.shellAliases = {
+    nixdiff = "cd ~/repos/dots && home-manager build --flake . && nvd diff /run/current-system result";
+    nixup = "home-manager switch --flake ~/repos/dots";
+  };
+
+  sops = {
+    age.sshKeyPaths = [ "${config.home.homeDirectory}/.ssh/id_ed25519" ];
+    defaultSopsFile = ./secrets.yaml;
+    secrets = {
+      local_git_config.path = "${config.home.homeDirectory}/.gitconfig-local";
+      local_private_env.path = "${config.home.homeDirectory}/.private-env";
+    };
+  };
+}

modules/hosts/home-manager-only/home-gene.liverman.nix

@@ -0,0 +1,3 @@
+{ ... }: {
+  # Settings just for work machines go here
+}

modules/hosts/home-manager-only/home-gene.nix

@@ -0,0 +1,3 @@
+{ ... }: {
+  # Settings just for personal machines go here
+}

modules/hosts/home-manager-only/secrets.yaml

@@ -0,0 +1,17 @@
+local_git_config: ENC[AES256_GCM,data:7zJpT5px88Y/9S/ZR3dRZQmALdVS1aR/1qpKDYzfSAG7bTHutIXztBi93xH+iuId2blWZ7DVjRZPTLgbsxzPBGMVnwDMCTOfLPhTwbSGI6XfKXvYyl9TXNiw1qxn1zhIAia7zt2J/dBt63JMVByXaVohpHr0/9cKZio/cuI=,iv:k55B7Pe70M+enpMP+toVjyEkdIsuNnA5hRUe5Kgq5pE=,tag:6sChtIN2POPiK2zYweqTTA==,type:str]
+local_private_env: ENC[AES256_GCM,data:owNy1rCDk7qSFwayk+3/b9DYQBNqokJO2/v03Eu//f+6FjSeNzC6TrqmK/clAHcwSgl02z92yt+1Wc5ZJq1h,iv:omLnU8rSgoXYHf86NEIWoKN//ADZDJHzz+8qJ8NP2iw=,tag:aJeZrGWHp0iEIlPP20kwSg==,type:str]
+sops:
+    age:
+        - recipient: age1ueus0ucmvqhgkw3vyc8zxaq0qjc84cfrcuqpheppem68s4a2vq0qw376yc
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOdWZKN2lmdFRTSlVSTkpP
+            WWZrNFZWcWlraUd1R05wR0FWRnh0WGVLK3dBCnlyR0YrcFkrRFRleGRvMnIyakFY
+            Q0xRaFlJUkJ0bi9Sb1JrTE9DVVVScEEKLS0tIE94UkhFdEM5N1F3dHA1VXhNV1FE
+            aTV4a1QvaThld3g0aGt3Z3JvaWFtcFEK1zvoJDUDSwSmSJ5YyFUjNCP9qoj/7Uv5
+            MusGUeYe+IdBz413voyT0PgsGmlKNEjfxjzsF0DRKAw5a/n0EY9cOg==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2025-08-09T22:27:48Z"
+    mac: ENC[AES256_GCM,data:58bu+5mVOpq4ymQVUSGctR9DRFDTG7kvML6rbAA3qlcQidN4Ga0WPrL/DhCF+rU0WiID2c+WnQvVNb8ODxB3Ey17gZw8mYXiFmfV9n8UUAO9hkZF3UqDWRadCN0zXASECinQhi/hqRWMB5HzCP0e4tO9skgVOnRyRryPdY9zgwQ=,iv:b+djRzW7JbOij914tlvDJuTUd//xRHRrFWukYFN+VIE=,tag:/T84gtXOP3QcqE9lMLcc1A==,type:str]
+    unencrypted_suffix: _unencrypted
+    version: 3.10.2