Restructure Darwin configuration

So far, this is just based on mightymac. The other devices will be updated soon.
2026-03-27 01:17:42 -04:00 · 2024-12-07 23:12:52 -05:00 · 2024-12-07 23:12:52 -05:00 · f95cc09e13
commit f95cc09e13
parent ce3a1b5e20
45 changed files with 14 additions and 18 deletions
--- a/modules/hosts/darwin/default.nix
+++ b/modules/hosts/darwin/default.nix
@ -0,0 +1,131 @@
+{ pkgs, hostname, username, ... }: {
+  environment = {
+    shells = with pkgs; [ bash zsh ];
+    pathsToLink = [
+      "/Applications"
+      "/share/zsh"
+    ];
+    systemPackages = with pkgs; [
+      age
+      bandwhich
+      coreutils
+      hugo
+      mas
+      nmap
+      openjdk
+      sops
+      ssh-to-age
+    ];
+  };
+
+  homebrew = {
+    enable = true;
+    onActivation = {
+      autoUpdate = true;
+      cleanup = "zap";
+      upgrade = true;
+    };
+    taps = [
+      "homebrew/cask-fonts"
+      "null-dev/firefox-profile-switcher"
+      "theseal/ssh-askpass"
+    ];
+    brews = [
+      "fastfetch"
+      "ffmpeg"
+      "firefox-profile-switcher-connector"
+      "ssh-askpass"
+      "telnet"
+    ];
+    casks = [
+      "1password"
+      "1password-cli"
+      "amethyst"
+      "angry-ip-scanner"
+      "appcleaner"
+      "audacity"
+      "balenaetcher"
+      "bartender"
+      #"displaylink"
+      "element"
+      "firefox"
+      "font-hack-nerd-font"
+      "font-inconsolata-g-for-powerline"
+      "font-source-code-pro-for-powerline"
+      "gitkraken"
+      "gitkraken-cli"
+      "handbrake"
+      "imageoptim"
+      "iterm2"
+      "keepingyouawake"
+      "libreoffice"
+      "logseq"
+      "makemkv"
+      "meld"
+      "MKVToolNix"
+      "nextcloud"
+      "onlyoffice"
+      "raycast"
+      "signal"
+      "slack"
+      "sonos"
+      "tailscale"
+      "visual-studio-code"
+      "vivaldi"
+      "zoom"
+    ];
+    masApps = {
+      "1Password for Safari" = 1569813296;
+      "BetterSnapTool" = 417375580;
+      "Brother iPrint&Scan" = 1193539993;
+      "Home Assistant" = 1099568401;
+      "MQTT Explorer" = 1455214828;
+    };
+  };
+
+  networking.hostName = "${hostname}";
+
+  nix = {
+    settings = {
+      bash-prompt-prefix = "(nix:$name)\040";
+      build-users-group = "nixbld";
+      experimental-features = [
+        "auto-allocate-uids"
+        "flakes"
+        "nix-command"
+      ];
+      # extra-substituters = [
+      # ];
+      # extra-trusted-public-keys = [
+      # ];
+      substituters = [
+        "https://cache.nixos.org" # default one
+        "https://cache.flox.dev"
+        "https://nixpkgs-terraform.cachix.org"
+      ];
+      trusted-public-keys = [
+        "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" # default one
+        "flox-cache-public-1:7F4OyH7ZCnFhcze3fJdfyXYLQw/aV7GEed86nQ7IsOs="
+        "nixpkgs-terraform.cachix.org-1:8Sit092rIdAVENA3ZVeH9hzSiqI/jng6JiCrQ1Dmusw="
+      ];
+      trusted-users = [ "@admin" "${username}" ];
+    };
+    extraOptions = ''
+      # Generated by https://github.com/DeterminateSystems/nix-installer, version 0.11.0.
+      extra-nix-path = nixpkgs=flake:nixpkgs
+      # Uncoment below after validation bug is fixed
+      #upgrade-nix-store-path-url = https://install.determinate.systems/nix-upgrade/stable/universal
+    '';
+  };
+
+  programs = {
+    zsh.enable = true;
+  };
+
+  services.nix-daemon.enable = true;
+
+  users.users.${username} = {
+    home = "/Users/${username}";
+    shell = pkgs.zsh;
+  };
+}
--- a/modules/hosts/darwin/home.nix
+++ b/modules/hosts/darwin/home.nix
@ -0,0 +1,29 @@
+{ username, ... }: {
+  # dawrwin-specific shell config
+  programs.zsh = {
+    initExtra = ''
+      function otpon() {
+        osascript -e 'tell application "yubiswitch" to KeyOn'
+      }
+      function otpoff() {
+        osascript -e 'tell application "yubiswitch" to KeyOff'
+      }
+
+      # Include Puppet's normal bin folder since it is installed via Homebrew
+      export PATH=$PATH:/opt/puppetlabs/bin
+      export PATH=$PATH:/opt/puppetlabs/pdk/bin
+      export PATH=$PATH:/opt/puppetlabs/puppet/bin
+    '';
+    oh-my-zsh.plugins = [ "macos" ];
+    shellAliases = {
+      currentwifi = "networksetup -getairportnetwork en0 |cut -d ':' -f2- | cut -d ' ' -f2-";
+      nixdiff = "cd ~/repos/dots && darwin-rebuild build --flake . && nvd diff /run/current-system result";
+      nixup = "darwin-rebuild switch --flake ~/repos/dots";
+      uwgconnect = "networksetup -setairportnetwork en0 SecureWest";
+      uwgforget = "networksetup -removepreferredwirelessnetwork en0 SecureWest";
+      ykey = "pkill -9 gpg-agent && source ~/.zshrc; ssh-add -L";
+    };
+  };
+
+  sops.age.keyFile = "/Users/${username}/Library/Application Support/sops/age/keys.txt";
+}
--- a/modules/hosts/darwin/mightymac/gene.liverman.nix
+++ b/modules/hosts/darwin/mightymac/gene.liverman.nix
@ -0,0 +1,30 @@
+{ username, ... }: {
+  home.stateVersion = "23.11";
+  imports = [
+    ../home.nix
+    ../../common
+    ../../common/all-gui.nix
+  ];
+
+  programs = {
+    go = {
+      enable = true;
+      goPath = "go";
+    };
+    k9s.enable = true;
+    zsh = {
+      initExtra = ''
+        eval $(brew shellenv)
+      '';
+    };
+  };
+
+  sops = {
+    defaultSopsFile = ./secrets.yaml;
+    secrets = {
+      i2cssh_config.path = "/Users/${username}/.i2csshrc";
+      local_git_config.path = "/Users/${username}/.gitconfig-local";
+      local_private_env.path = "/Users/${username}/.private-env";
+    };
+  };
+}
--- a/modules/hosts/darwin/mightymac/secrets.yaml
+++ b/modules/hosts/darwin/mightymac/secrets.yaml
@ -0,0 +1,24 @@
+tailscale_key: ENC[AES256_GCM,data:rWN6mW6LC/EjMTbMjXkCmMQYEehEbViScKeaLEOpR6VSZJFD0aZI9wh5yKcQeaUT0BiJIzITsUxj,iv:aCqdsW7JPq6Q2kFl6ZciwIQfzAbs9LvhWilbEI8okAc=,tag:U0p4UND/n26ZF17keSL0DA==,type:str]
+i2cssh_config: ENC[AES256_GCM,data:MwYLGFribitABOcQJFsEgd3vD4qsEdz0grg2ISE0LB3IT2usVRgUfnI/5g7pK4ON/bxz+mpkncDCZep8wBrd4+c316320u/HkxTEQYFU+zXGuFnkF380fx8klQdBel7JsJJKwa5b1M20Sqj9QYNXtwEw8zs+vG/VGdzWLKHlQosvUrdhT0LGntu+/RIgVhC3B6aEp79mbz8xOh8BrCpi4hVPFm8x5sUC++wR+aBvIg+bsOOU8T9OoW3bnEs8ucnvni9RYN7r5YCOllyhaFekNp6KiFBLd4h3A2r2UWBnRjlg5LKJc5aG6Z6XMHaz6NaGpZUw+fMHVZx7t7QL7IwvNpFp/+8oeWzBz/qecfxzVkGvBYqtPPsnv9mNUYZux6Fd0FETMbPI7dmUQrmUK2Y+L8Qw55cpL+BVJkV693DaKIJwQL3VIC6Z/NKqTXPdBBS9hWHjYWfGBmbiAiaU5X2Z3cz8YaEsCnC4OMqqlALLmzZ0crD/HXc6756U/i63GVsx4GiBTfs8Rvy+7GZOyjBhgvHZK6g4ShVZHDtNMInHlfyFzOGC03smZhgseF9ivVVXAMa6AI8OHU5678Fkb6/lD4e0Vqk77Icaj+Yte6EKmHK3Pq9ctYyJLNBFlFCreBWTcxrV+a6WLxh6QkcHmUYLfHKp/cG3nypPKRIaBkvbYOUYLuPI1IRrzdndALv5uRBhxKJEL+ukBv0EVm9y9sR1uimTQYB9tCRE7+2JfgBhcQwbUbIlW4NmZeOx9/9jAoqlID0PTS/2QsnbYI00X7c3GibGpLVVY86X6S4hW/HaHEq8jB5JiFDlQRGDLy/YV8MM1USsqZpjJHlZy8AWQRH3Ta47cXYfwCOD2eTC2pouS938qAaq48m3mPMuzCWlbiExXRrdE2Noek49/pfwCduplEebxb3FLr16lRHdcI+M8Hb9W5iXAJFYBx9FzFkIewDKz4UxL+MKX88K4t5l5ZTG6IT0OqCekZ3M/9scYbhrpgU2sWp3ADgmLRwL8iMxgwFygl1ZxdQ9C0IS8LwgLCfAn3wVKZlUogRdBkV52iHbkUVG4tEqUZxhJUALFW3P1A==,iv:udLgI4t3M3KDNfcA+WkUFLAe523/+O9tE/LGol1UBQA=,tag:6v1XUPTpgcjfmcgak9YKAQ==,type:str]
+local_git_config: ENC[AES256_GCM,data:CQjq1bFnc8jdv2bM3Ez4hEgC6CtH5xQx4nFhqSRG7oV8DtMLQOwYklQt9Fra,iv:Wxw1or1+QaROvqe7QzTRi9oJSjrPtk0N60kq7jDfdWM=,tag:eODZOCeZMM/HoeRSeeNVLA==,type:str]
+local_private_env: ENC[AES256_GCM,data:af4Y533qLDjnhVjUvHfK4akcd2VISHrddDRYHmbQhBhwtVL+EkqmoEC6YI6slcbR8Dih1kPpCNClYgvu6pSb0Tux0adVw2F2TZhV6lmmF45XOLXfvXwB2DfqJ+6mQmsjP1ykOeq0GM6BbH+gzxPmQGkmGJBCjlE4uOpQZgsUQemPXVfwKT3kh9Hu3KKQLygXQruZxQHX1uTPwYI+dnDzrNcNWnGZHzcOKlqgeAMfchbXk86xVUcqnwOVo6rhLnYLq7WWgu5frIvG93DkyaxxyKM6mFpQqtlDFe2qAMTCeUNe6YFZ5T2v06UdZIgfKVJAr2PCiC+614BZvFzIofefRRj7tdKw9OOQtIjY+4YXH/FePUn/m3/HZemLp7VsxuBv6uIZmfx+iW8DdthXX742a7KBhXvDHpdqt/GsuaQMg0iYezVfgxjbsHiypVjoVdCt7mtJ/Ni4fjh2/VDgEixo6sWw/LDnvOB0ESyeIz+aqA0lsVbNQSf6PtcHXdbZzaevQavqWQJk62eJnmIqF7tL/0LfwUW3a0XZyQB4GYeLf65dOhGdVarGtrN6TnM65i35OtYXflLuutYzs9f45/tOi54qUjCtrNJ83HooxM3JsF8LJg0IldTU0bJ6eiDAZqqiy9XGSPLM1Ej3EVyVztrxh+qekh7m2Np7YRzf/+8gIObuNIv9g3m0iw/InA8bS0XcOnRzPtASQu2757NA0Ae5pxNb7NHlfzSYHPCyYM065/jrMIBKoKhS5hiUIjCbkXa2Nm5khmixrpH1m3gbZC4Luue7gXe7md+OouNjYpjHQ4PhOoKgi5s3KztwNg8DZzi6dntnXiNwTOvGjdbJBrC4AjNxgLYHZNjEHJhvp3RBopkyTuUb/51pjDFKo5Xh2EaHTVRGwoznDFwICNWqkqCSQUxvWhNHiZwiIBlbke51Ab74C4wz7ul7RSz9pNUtkDnfEJJhCYXt7eCjrx41xC9QdAlnv934sjlK+L/nP+jGDv9mhPnAgF1IgcdY43saQNIkAh93YWR/OOpJOunp2nZh9L9qk1XakrRMnWn2tloW9x1a94kTqYW5nc5WRy3Znngki839gRwIJSJjRSMFC6KDDsd/fWu/mGdJthC0rz0CoCKgYs2jxSe1IKD5/Grls14W4K4CKmQ5sGcEycp30zLrJBkGTzzTGBIiHLqmlQ4LJqpbHyN0kCC2OXBwWKEzBvpLdj622f7obaf4oOWK3WvjwnL3qqYe3TqMu+alsg2EFufrN6b+wClGCFCese1DF+HH1DDRHI4kr3PkJF5tO48f9wMjRHJ9o5ojbsw22Qw1ugYrQMcFCxuuDZ+pNzIuxjbggPhXR/P3Pq9fBu6HI+WkfvicTlqkRpv+5KQAsbbk+LlQUA/lbtkhIrl1mKVYQLMbe75AmrarY5czJsNCLEFf74SoT8KDPKBvLnfDeMYGTOejYDibPyEY+NDdteqSrp69m1Q40kYEQU0SdIbeU/X6fMkctlMoB/9RlhD4he3GFSnILdLQcP8ptnGjkeWtmYUOzu5p1sBAjfqnLsOGuhDjaAu3lZBFgnXueSyTvDwszMTvN5Nruhny4/nqyn0TX/kH0nOhGkEieQPoiWbai5Iepf/ikHxan6uLxdG4Gs6hHHuR28zo0sZM4zsc74VD0qEjMzX3pYms/Oqw+/RA9uqk8j/YOA93mRrirbC/XMmca8kzJvJz3LaUdrsgvd/VKT5iIAnqTU7tYy0aAA73H8AZbk3hbtA/kHxOcCWiiKq9x2uTX+wi6E1qVT3KdtSVoVwHRDdMtOlS7GklM8j24AwyINzc1bxb3EiSrObZCpbYjksAz5sOfQBxxdiEB2+DG8iJFfa2pcr8FD6fFpFuur0pbk9CmH33ZJA3N1ZjEoznQwQXKfF2pL/teoPlmBiCsj1fEYPpz6IJ6URwNoWzFl3bEMTB6SAC15B86gSd+SnfsApakX4RgUVE7Y9sycUWNnOXuPWJE8qcWx2jYvAIJNDcLWmsdYvepEJauC+P93m249Z3pyzmk/Uo+TrFK3DLgVbGdHnpm85xA5so0jx2YenRSQDHfS7foQDgM16ykDQVaj7rTo1F2iAJJceKSaflMn/VJKfSi60MCUIlyi1k0a7p7u6i8qdzhtx9b6ks5v6dw+JT3fgvapx/G5fWihndSIkakNtGwaQt9EpczcefoqMsEpN0WUIQkrCuFFsTxRmTRMYrsyJNFNkWTUqGbkfjN96IgiW4nGZclE6OhesQh2zOYqyo8MhfLfFdDxWRATSkz0oB/Zz3fH6nWBLAyH+wobkW2Lko4HAT3l2uRWlElhL0BCAcKZfil2K+exgrYngEUyREEcud7bQc7S4TTXFqxYpRKTK985fma7YnBOcC6XaIBowfJixjQMqhFRcxv/XxEidz1XXo292n7H5b/TNlqOj/2+dbAN+TJam/dHEZCQm/XLvvFCY4wB+CbgUBZ46m5kmL/04XSDBxW9px6TkRA47DmNaCXO9NY/YyGILtW9HtsXUy+4/Fr+xBuxZn4MpVGqsQWv4Rr3GgIkQUpuOfwqyJ9QgSSPqmCp8C83g4pHVAf5IQhoQLhjA1M/w3E9tYihUrfnxcQa+27lJigh2Jya94R3IIYdy3VlWJuOw0K3nJ4cP1muE99MpfqzHzi5BRhYTWcwZ8hK5lWqZY4SWOqYe3QsiHVMYUif5MN+HfbOnl+SjWzVZNZiOCl01qlx9hqTY/rH9mbLScGYNj6nKqFdZl0R7NKAOIO4DQeSMakGkkyvjrWcw0WiksY1kAqgXtPOhbumaI8BupEA7Fz+NHtTDwNgdll+yhLpcYoypJ/b4atD9iLqNOcOTBj0RaI4WMNPxa+8MBTOC6nkbSpqaLpTHgVRtZfCzx4a1EMcTwpt3lOH91BCcz70BogKiugC1d+elynrcghZLVgTO4EkepzC15g+aEoD7hqS9LxT+MltwbO96RyTZBOh1J5/UKjOeufxKnPkh7kbtpHL2GMEiGpJkoaW6nWH/KQMF4w0ReR0+AGXQzhzDdikyyAWA/WDv/tJXUnkK3z2Sm2hBQ7DWWtghFZDZsRHaaBrZQvbnOqMq3IefvigrZElgPLSLsctK8qABqEs1Y1NWs5Fx51/qmfUi98x9ouJLgA2RHFB0PlLypMx8NkHjwoHWs8swH0ZRMBtR/KQ/Y1F2yzmoy7bKvTxPyU9hlQg5hGwkie2J7dNcUNR/5JYBgHrk0Z7Sb8OaAB9WIJ1N2hXA9hQ/9y3O1l4jrN8FpE+XPe2CmPGJrPd6HRW7GndRcQ0eRDPssOQiCn8qV/eibTrHkpv8Y8+eKRkkzgbMo6rgTC4T2OdTV/ece7ZVuFFeeMQAD7WrCCT8osjGZMwNoBEOdBAmahpZgp38JoDUaXaksOon1Ku9UOhIaajGSQNM6Tr+d/xlQSr1YMLKaYfz0ur8P19Fyaaq5Mhy1/DDE4DpwTuH8wSH9yJTI+7J/LzkHjunEWTb8xBHN41Adyy0ru3ZQBI0NbyWKftepIdgHwW4sbvsdmFL7in2pmvSW5ClYq2fVClaXEeHhsg7Ucq8Tzhq+li7W36qK35ap4hAs8foIGYjhoWCMmUWJ,iv:47L7sa1Vt4hCdBXFlD/7oLNKjJ/i0WXz2F0a6JJiie8=,tag:kIAESlg2frqNl5zemsQc3w==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1zz34qx3n3dj63sva24kaymetv3apn58lafjq4dl6zw7xxachuyts00mhck
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3VEdwRHBZWWt2bERMV1Zm
+            K0VHb2NFVXBmMFpWYUh2V2VoYXRueTVuUER3CkdKK1pZb21qRjZvTFdlSzdjREpD
+            NXdwbjdKb2JrNXRTQUtiU0tlaWpzWUUKLS0tIE9Yck5NZC9IcTFFTDUwQytsTUdU
+            YndNc25Xemxrd2VXSStlbTJjZFBOR0UKe6wxJBlS7YZJXW3f/rlmKanqu9SeYXYB
+            qxEU+fMDfQ/R+jRo6fGRtNnnY3nowZP+hSYYuGT9SRFwqYR1M3xeqw==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2024-10-30T12:08:30Z"
+    mac: ENC[AES256_GCM,data:ko6uVSGiB0n3u/83EWrdvqj5O0E5gXIVbqW1+ihSmLjD0/DT7dF2+Ab36lnKLZTM+OKk72o5RZQ4vXNJsvLpjOXcqxUgo0Wv7cMymDKjrRMmC3kGAQImtBNXW/fifmZGogGzj8iAdaOoVrhTOoUdCYnqt865X3zG9cA6ZeRTYoo=,iv:yLH7l142mpogxPYx5m8riGA1kg3sBiHwE3Ojykq220Q=,tag:VbyvXFfD3+KRswocDJpteA==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.8.1