From a1e13e2808aeab9e17317077e61421348494e38e Mon Sep 17 00:00:00 2001 From: wytch Date: Wed, 15 Apr 2026 17:01:33 -0500 Subject: [PATCH] Add home-manager config for sonja from ~/.config/home-manager Moves home-manager configuration into the flake under home/sonja/, integrating git, GPG agent, and package config. Fixes deprecated home-manager options and removes nixpkgs.config override incompatible with useGlobalPkgs. Co-Authored-By: Claude Sonnet 4.6 --- flake.lock | 375 ++++++++++++++++++++++++++++++++++ home/sonja/git.nix | 17 ++ home/sonja/gpg-agent.nix | 53 +++++ home/sonja/home.nix | 29 +++ hosts/coven/configuration.nix | 34 +-- 5 files changed, 475 insertions(+), 33 deletions(-) create mode 100644 flake.lock create mode 100644 home/sonja/git.nix create mode 100644 home/sonja/gpg-agent.nix create mode 100644 home/sonja/home.nix diff --git a/flake.lock b/flake.lock new file mode 100644 index 0000000..b82509d --- /dev/null +++ b/flake.lock @@ -0,0 +1,375 @@ +{ + "nodes": { + "cmpkgs": { + "locked": { + "lastModified": 1776169885, + "narHash": "sha256-l/iNYDZ4bGOAFQY2q8y5OAfBBtrDAaPuRQqWaFHVRXM=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "4bd9165a9165d7b5e33ae57f3eecbcb28fb231c9", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "determinate": { + "inputs": { + "determinate-nixd-aarch64-darwin": "determinate-nixd-aarch64-darwin", + "determinate-nixd-aarch64-linux": "determinate-nixd-aarch64-linux", + "determinate-nixd-x86_64-linux": "determinate-nixd-x86_64-linux", + "nix": "nix", + "nixpkgs": "nixpkgs_2" + }, + "locked": { + "lastModified": 1775584659, + "narHash": "sha256-NA5oZRunqxD+4LNdU7ZKJHqwuazKyAmBjO4OHXL14X4=", + "owner": "DeterminateSystems", + "repo": "determinate", + "rev": "21dcaa011d3d35cf42a04e988eaac9b28c97a707", + "type": "github" + }, + "original": { + "owner": "DeterminateSystems", + "repo": "determinate", + "type": "github" + } + }, + "determinate-nixd-aarch64-darwin": { + "flake": false, + "locked": { + "narHash": "sha256-qLWfYk9qkb21wKCDWnhMfqBFjcdBBJkNUKBlvdHSLgA=", + "type": "file", + "url": "https://install.determinate.systems/determinate-nixd/tag/v3.17.3/macOS" + }, + "original": { + "type": "file", + "url": "https://install.determinate.systems/determinate-nixd/tag/v3.17.3/macOS" + } + }, + "determinate-nixd-aarch64-linux": { + "flake": false, + "locked": { + "narHash": "sha256-0BmprPIRTopvJ2QdImOMP+TujAPVgRdl0bUL3vhqGIY=", + "type": "file", + "url": "https://install.determinate.systems/determinate-nixd/tag/v3.17.3/aarch64-linux" + }, + "original": { + "type": "file", + "url": "https://install.determinate.systems/determinate-nixd/tag/v3.17.3/aarch64-linux" + } + }, + "determinate-nixd-x86_64-linux": { + "flake": false, + "locked": { + "narHash": "sha256-+Q85cySxr0FB/cr97hk/WWYgeJY+iC4OH+FjGYygIbU=", + "type": "file", + "url": "https://install.determinate.systems/determinate-nixd/tag/v3.17.3/x86_64-linux" + }, + "original": { + "type": "file", + "url": "https://install.determinate.systems/determinate-nixd/tag/v3.17.3/x86_64-linux" + } + }, + "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-parts": { + "inputs": { + "nixpkgs-lib": [ + "determinate", + "nix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1748821116, + "narHash": "sha256-F82+gS044J1APL0n4hH50GYdPRv/5JWm34oCJYmVKdE=", + "rev": "49f0870db23e8c1ca0b5259734a02cd9e1e371a1", + "revCount": 377, + "type": "tarball", + "url": "https://api.flakehub.com/f/pinned/hercules-ci/flake-parts/0.1.377%2Brev-49f0870db23e8c1ca0b5259734a02cd9e1e371a1/01972f28-554a-73f8-91f4-d488cc502f08/source.tar.gz" + }, + "original": { + "type": "tarball", + "url": "https://flakehub.com/f/hercules-ci/flake-parts/0.1" + } + }, + "flake-utils": { + "inputs": { + "systems": "systems" + }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "git-hooks-nix": { + "inputs": { + "flake-compat": "flake-compat", + "gitignore": [ + "determinate", + "nix" + ], + "nixpkgs": [ + "determinate", + "nix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1747372754, + "narHash": "sha256-2Y53NGIX2vxfie1rOW0Qb86vjRZ7ngizoo+bnXU9D9k=", + "rev": "80479b6ec16fefd9c1db3ea13aeb038c60530f46", + "revCount": 1026, + "type": "tarball", + "url": "https://api.flakehub.com/f/pinned/cachix/git-hooks.nix/0.1.1026%2Brev-80479b6ec16fefd9c1db3ea13aeb038c60530f46/0196d79a-1b35-7b8e-a021-c894fb62163d/source.tar.gz" + }, + "original": { + "type": "tarball", + "url": "https://flakehub.com/f/cachix/git-hooks.nix/0.1.941" + } + }, + "home-manager": { + "inputs": { + "nixpkgs": [ + "cmpkgs" + ] + }, + "locked": { + "lastModified": 1776184304, + "narHash": "sha256-No6QGBmIv5ChiwKCcbkxjdEQ/RO2ZS1gD7SFy6EZ7rc=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "3c7524c68348ef79ce48308e0978611a050089b2", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "master", + "repo": "home-manager", + "type": "github" + } + }, + "lib-aggregate": { + "inputs": { + "flake-utils": "flake-utils", + "nixpkgs-lib": "nixpkgs-lib" + }, + "locked": { + "lastModified": 1775999376, + "narHash": "sha256-p0ychd1iag2L0mYE3hnI82MfbvIWSrBEwmPPTuYtDLw=", + "owner": "nix-community", + "repo": "lib-aggregate", + "rev": "2a998a6095a007e037d9a382a27991580be56c56", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "lib-aggregate", + "type": "github" + } + }, + "nix": { + "inputs": { + "flake-parts": "flake-parts", + "git-hooks-nix": "git-hooks-nix", + "nixpkgs": "nixpkgs", + "nixpkgs-23-11": "nixpkgs-23-11", + "nixpkgs-regression": "nixpkgs-regression" + }, + "locked": { + "lastModified": 1775583600, + "narHash": "sha256-/shs/3GA4R3rxhhqpPbEMnDZKbCvf3VpwnHB75nkTcI=", + "rev": "e9b4735be7b90cf49767faf5c36f770ac1bdc586", + "revCount": 24880, + "type": "tarball", + "url": "https://api.flakehub.com/f/pinned/DeterminateSystems/nix-src/3.17.3/019d6913-e8c2-7128-ba76-3dc4f6b58158/source.tar.gz" + }, + "original": { + "type": "tarball", + "url": "https://flakehub.com/f/DeterminateSystems/nix-src/%2A" + } + }, + "nixos-hardware": { + "locked": { + "lastModified": 1775490113, + "narHash": "sha256-2ZBhDNZZwYkRmefK5XLOusCJHnoeKkoN95hoSGgMxWM=", + "owner": "NixOS", + "repo": "nixos-hardware", + "rev": "c775c2772ba56e906cbeb4e0b2db19079ef11ff7", + "type": "github" + }, + "original": { + "owner": "NixOS", + "repo": "nixos-hardware", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1761597516, + "narHash": "sha256-wxX7u6D2rpkJLWkZ2E932SIvDJW8+ON/0Yy8+a5vsDU=", + "rev": "daf6dc47aa4b44791372d6139ab7b25269184d55", + "revCount": 811874, + "type": "tarball", + "url": "https://api.flakehub.com/f/pinned/NixOS/nixpkgs/0.2505.811874%2Brev-daf6dc47aa4b44791372d6139ab7b25269184d55/019a3494-3498-707e-9086-1fb81badc7fe/source.tar.gz" + }, + "original": { + "type": "tarball", + "url": "https://flakehub.com/f/NixOS/nixpkgs/0.2505" + } + }, + "nixpkgs-23-11": { + "locked": { + "lastModified": 1717159533, + "narHash": "sha256-oamiKNfr2MS6yH64rUn99mIZjc45nGJlj9eGth/3Xuw=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "a62e6edd6d5e1fa0329b8653c801147986f8d446", + "type": "github" + }, + "original": { + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "a62e6edd6d5e1fa0329b8653c801147986f8d446", + "type": "github" + } + }, + "nixpkgs-lib": { + "locked": { + "lastModified": 1775959049, + "narHash": "sha256-o2JFoAWll4ZuHnVKX2ld03ynKR2zkvTDxJ/ZTCDz2/I=", + "owner": "nix-community", + "repo": "nixpkgs.lib", + "rev": "ec2b7be3c0b3b764aa0380fa32aa304a5b680cf8", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixpkgs.lib", + "type": "github" + } + }, + "nixpkgs-regression": { + "locked": { + "lastModified": 1643052045, + "narHash": "sha256-uGJ0VXIhWKGXxkeNnq4TvV3CIOkUJ3PAoLZ3HMzNVMw=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2", + "type": "github" + }, + "original": { + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2", + "type": "github" + } + }, + "nixpkgs-unstable": { + "locked": { + "lastModified": 1776255774, + "narHash": "sha256-psVTpH6PK3q1htMJpmdz1hLF5pQgEshu7gQWgKO6t6Y=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "566acc07c54dc807f91625bb286cb9b321b5f42a", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_2": { + "locked": { + "lastModified": 1775464765, + "narHash": "sha256-nex6TL2x1/sVHCyDWcvl1t/dbTedb9bAGC4DLf/pmYk=", + "rev": "83e29f2b8791f6dec20804382fcd9a666d744c07", + "revCount": 975711, + "type": "tarball", + "url": "https://api.flakehub.com/f/pinned/DeterminateSystems/nixpkgs-weekly/0.1.975711%2Brev-83e29f2b8791f6dec20804382fcd9a666d744c07/019d6689-cde2-7061-b044-e0ef61ade488/source.tar.gz" + }, + "original": { + "type": "tarball", + "url": "https://flakehub.com/f/DeterminateSystems/nixpkgs-weekly/0.1" + } + }, + "root": { + "inputs": { + "cmpkgs": "cmpkgs", + "determinate": "determinate", + "home-manager": "home-manager", + "lib-aggregate": "lib-aggregate", + "nixos-hardware": "nixos-hardware", + "nixpkgs-unstable": "nixpkgs-unstable", + "sops-nix": "sops-nix" + } + }, + "sops-nix": { + "inputs": { + "nixpkgs": [ + "cmpkgs" + ] + }, + "locked": { + "lastModified": 1776119890, + "narHash": "sha256-Zm6bxLNnEOYuS/SzrAGsYuXSwk3cbkRQZY0fJnk8a5M=", + "owner": "Mic92", + "repo": "sops-nix", + "rev": "d4971dd58c6627bfee52a1ad4237637c0a2fb0cd", + "type": "github" + }, + "original": { + "owner": "Mic92", + "ref": "master", + "repo": "sops-nix", + "type": "github" + } + }, + "systems": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/home/sonja/git.nix b/home/sonja/git.nix new file mode 100644 index 0000000..68ee5a6 --- /dev/null +++ b/home/sonja/git.nix @@ -0,0 +1,17 @@ +{ pkgs, ... }: + +{ + programs.git = { + enable = true; + signing = { + key = "0xC3D40E4903C6D427"; + signByDefault = true; + }; + + settings = { + user.name = "wytch"; + user.email = "wytch@sassysalamander.net"; + gpg.program = "${pkgs.gnupg}/bin/gpg2"; + }; + }; +} diff --git a/home/sonja/gpg-agent.nix b/home/sonja/gpg-agent.nix new file mode 100644 index 0000000..9c0ca9c --- /dev/null +++ b/home/sonja/gpg-agent.nix @@ -0,0 +1,53 @@ +{ config, lib, pkgs, ... }: +let + cfg = config.custom.pgp; +in { + options.custom.pgp.enable = lib.mkEnableOption "Enable PGP Gnupgp"; + + config = lib.mkIf cfg.enable { + # 1. Provide the bridge to pcscd + home.file.".gnupg/scdaemon.conf".text = '' + disable-ccid + pcsc-driver ${pkgs.pcsclite.lib}/lib/libpcsclite.so.1 + ''; + + # 2. Configure the Agent + services.gpg-agent = { + enable = true; + enableSshSupport = true; + enableZshIntegration = true; + pinentry.package = pkgs.pinentry-curses; + + # Removed 'disable-scdaemon' so it can actually talk to our config above + extraConfig = '' + allow-loopback-pinentry + ''; + }; + + # 3. Standard GPG settings + programs.gpg = { + enable = true; + settings = { + use-agent = true; + personal-cipher-preferences = "AES256 AES192 AES"; + personal-digest-preferences = "SHA512 SHA384 SHA256"; + cert-digest-algo = "SHA512"; + s2k-digest-algo = "SHA512"; + s2k-cipher-algo = "AES256"; + charset = "utf-8"; + fixed-list-mode = ""; + no-comments = ""; + no-emit-version = ""; + no-greeting = ""; + keyid-format = "0xlong"; + list-options = "show-uid-validity"; + verify-options = "show-uid-validity"; + with-fingerprint = ""; + require-cross-certification = ""; + no-symkey-cache = ""; + }; + }; + + home.packages = [ pkgs.gnupg pkgs.pcsclite ]; + }; +} diff --git a/home/sonja/home.nix b/home/sonja/home.nix new file mode 100644 index 0000000..6eec375 --- /dev/null +++ b/home/sonja/home.nix @@ -0,0 +1,29 @@ +{ pkgs, ... }: + +{ + imports = [ + ./gpg-agent.nix + ./git.nix + ]; + + custom.pgp.enable = true; + + home.packages = [ + pkgs.librewolf + pkgs.zsh + pkgs.neovim + pkgs.nmap + pkgs.alacritty + pkgs.tmux + pkgs.git + pkgs.uv + pkgs.discord + pkgs.steam-unwrapped + pkgs.steam-tui + pkgs.supersonic + pkgs.fzf + pkgs.claude-code + ]; + + home.stateVersion = "25.11"; +} diff --git a/hosts/coven/configuration.nix b/hosts/coven/configuration.nix index f364df7..2ad9063 100644 --- a/hosts/coven/configuration.nix +++ b/hosts/coven/configuration.nix @@ -91,39 +91,7 @@ # home-manager module is injected by the flake; no need to import it here home-manager.useGlobalPkgs = true; home-manager.useUserPackages = true; - home-manager.users.sonja = { pkgs, lib, ... }: { - nixpkgs.config.allowUnfreePredicate = pkg: - builtins.elem (lib.getName pkg) [ - "discord" - "steam-unwrapped" - "steam" - "steam-original" - "steam-run" - "steamcmd" - "steam-tui" - "claude-code" - ]; - - home.packages = [ - pkgs.librewolf - pkgs.zsh - pkgs.neovim - pkgs.nmap - pkgs.alacritty - pkgs.tmux - pkgs.git - pkgs.uv - pkgs.discord - pkgs.steam-unwrapped - pkgs.steam-tui - pkgs.supersonic - pkgs.fzf - pkgs.gnupg - pkgs.claude-code - ]; - - home.stateVersion = "25.11"; - }; + home-manager.users.sonja = import ../../home/sonja/home.nix; programs.ssh.extraConfig = '' Host whatbox