diff --git a/.DS_Store b/.DS_Store deleted file mode 100644 index 29d63c7..0000000 Binary files a/.DS_Store and /dev/null differ diff --git a/.codex/skills/readme/SKILL.md b/.codex/skills/readme/SKILL.md new file mode 100644 index 0000000..428aead --- /dev/null +++ b/.codex/skills/readme/SKILL.md @@ -0,0 +1,64 @@ +--- +name: readme +description: Write and update README.md and README-ko.md for the nix-darwin repository. Use when asked to create new repository documentation, refresh outdated setup/usage instructions, summarize the current project structure, or produce Korean README content. +--- + +# README Writer + +## Overview + +Generate high-quality README files for this repository based on current code and +configuration. Create missing READMEs or update existing ones while preserving +useful, project-specific content. + +## Workflow + +1. Inspect repository facts before writing. Use targeted reads of `flake.nix`, + `Justfile`, `home/`, `modules/`, and `secrets/` plus recent git history. Do + not invent commands, tools, or directory names. + +2. Select target file and language. Default target is `README.md` in English. If + user asks for Korean or explicitly requests `README-ko.md`, write Korean + content to `README-ko.md`. If target is ambiguous, ask one concise + clarification question. + +3. Draft content before mutating files. Always show a draft summary (or full + draft when requested) and request explicit confirmation before writing. Use + concise, actionable prose and include concrete commands that work in this + repository. + +4. Create or update safely. If the target README does not exist, create it. If + it exists, retain useful custom sections and update stale technical details. + Avoid deleting user-authored content unless it is clearly obsolete and + replaced by accurate content. + +5. Validate the result. Re-check that all commands and paths referenced in the + README exist in the repository. Ensure headings are clear, markdown is valid, + and tone is professional. + +## Recommended README Structure + +- Title and short description +- Prerequisites (Nix/macOS assumptions when relevant) +- Repository layout (`home/`, `modules/`, `secrets/`, root files) +- Key commands (`just darwin`, `just darwin-debug`, `just fmt`, update/cleanup + commands) +- Configuration and secrets notes (`.sops.yaml`, `secrets/*.yaml`) +- Common workflows (apply config, update flake inputs, debug build issues) + +Adapt section names if user requests a different format, but keep the content +repository-specific. + +## Output Rules + +- Prefer concise explanations over long tutorials. +- Keep examples runnable from repository root. +- Use Markdown headings and fenced code blocks for commands. +- Do not include placeholders like "TODO" in final README output. +- For bilingual requests, keep language consistent per file (no mixed-language + sections unless requested). + +## Confirmation Requirement + +Never write or overwrite `README.md` or `README-ko.md` without explicit user +confirmation in the current conversation. diff --git a/.codex/skills/readme/agents/openai.yaml b/.codex/skills/readme/agents/openai.yaml new file mode 100644 index 0000000..caa5292 --- /dev/null +++ b/.codex/skills/readme/agents/openai.yaml @@ -0,0 +1,4 @@ +interface: + display_name: "README Writer" + short_description: "Draft and update repository README files" + default_prompt: "Use $readme to create or update README.md for this repository after showing a draft and requesting confirmation." diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..d547f7c --- /dev/null +++ b/.gitignore @@ -0,0 +1,6 @@ +# MacOS +.DS_Store + +# Nix +result +.cache diff --git a/.sops.yaml b/.sops.yaml new file mode 100644 index 0000000..85d5427 --- /dev/null +++ b/.sops.yaml @@ -0,0 +1,7 @@ +keys: + - &poby age1qeyrh6e40nek3da4mnj298cy2l3aswe7432us30d2p93akcvp9zqext63j +creation_rules: + - path_regex: secrets/.*\.yaml$ + key_groups: + - age: + - *poby diff --git a/AGENTS.md b/AGENTS.md new file mode 100644 index 0000000..8b218e8 --- /dev/null +++ b/AGENTS.md @@ -0,0 +1,69 @@ +# Repository Guidelines + +## Project Structure & Module Organization + +This repository is a declarative macOS setup built with Nix flakes. + +- `flake.nix` and `flake.lock`: entrypoint and pinned inputs. +- `modules/`: system-level nix-darwin modules (`nix-core.nix`, `system.nix`, + `apps.nix`, `host-users.nix`). +- `home/`: Home Manager user configuration, with feature modules such as + `git.nix`, `zsh.nix`, and `nvf/`. +- `secrets/`: encrypted SOPS files (for example `secrets/poby.yaml`). +- `Justfile`: day-to-day contributor commands. + +Prefer adding new configuration as small focused modules, then importing them +from `home/default.nix` or `flake.nix`. + +## Build, Test, and Development Commands + +Use `just` as the primary interface: + +- `just darwin `: build and switch to the current host (ex: `fenrir`). +- `just darwin-debug `: same as above with verbose trace output. +- `just fmt`: format all Nix files via `nix fmt` (Alejandra). +- `just up`: update all flake inputs. +- `just upp `: update one input (example: `just upp nixpkgs-darwin`). +- `just history`, `just gc`, `just clean`: inspect and prune Nix + generations/store. + +For validation without switching, run: +`nix build .#darwinConfigurations.fenrir.system --extra-experimental-features 'nix-command flakes'`. + +## Coding Style & Naming Conventions + +- Use 2-space indentation in `.nix` files and keep attribute sets readable. +- Run `just fmt` before committing; formatter is defined in `flake.nix` + (`alejandra`). +- Name module files in lowercase kebab-case (example: `host-users.nix`). +- Keep modules single-purpose and compose through `imports`. + +## Testing Guidelines + +There is no dedicated unit-test suite in this repo. Treat evaluation/build as +the test gate: + +- Run `just fmt`. +- Run `nix build .#darwinConfigurations.fenrir.system`. +- Use `just darwin-debug` when diagnosing evaluation/runtime issues. + +Document manual verification for user-facing changes (shell, terminal, window +manager, app defaults). + +## Commit & Pull Request Guidelines + +Commit history follows Conventional Commit style: `feat:`, `fix:`, `refactor:`, +`style:`. + +- Keep subject lines imperative and concise. +- Scope each commit to one logical change. +- In PRs, include: summary, affected modules/paths, command output used for + validation, and any relevant screenshots for UI changes (for example + WezTerm/AeroSpace behavior). + +## Security & Configuration Tips + +- Never commit plaintext secrets. +- Store secrets only in `secrets/*.yaml` and manage keys/rules in `.sops.yaml`. +- If adding new secret files, ensure `path_regex` coverage and encrypted content + before pushing. diff --git a/Justfile b/Justfile new file mode 100644 index 0000000..bb030f3 --- /dev/null +++ b/Justfile @@ -0,0 +1,78 @@ +# just is a command runner, Justfile is very similar to Makefile, but simpler. + +# List all the just commands +default: + @just --list + +############################################################################ +# +# Darwin related commands +# +############################################################################ + +[group('desktop')] +darwin hostname: + nix build .#darwinConfigurations.{{hostname}}.system \ + --extra-experimental-features 'nix-command flakes' + + sudo -E ./result/sw/bin/darwin-rebuild switch --flake .#{{hostname}} + +[group('desktop')] +darwin-debug hostname: + nix build .#darwinConfigurations.{{hostname}}.system --show-trace --verbose \ + --extra-experimental-features 'nix-command flakes' + + sudo -E ./result/sw/bin/darwin-rebuild switch --flake .#{{hostname}} --show-trace --verbose + +############################################################################ +# +# nix related commands +# +############################################################################ + +# Update all the flake inputs +[group('nix')] +up: + nix flake update + +# Update specific input +# Usage: just upp nixpkgs +[group('nix')] +upp input: + nix flake update {{input}} + +# List all generations of the system profile +[group('nix')] +history: + nix profile history --profile /nix/var/nix/profiles/system + +# Open a nix shell with the flake +[group('nix')] +repl: + nix repl -f flake:nixpkgs + +# remove all generations older than 7 days +# on darwin, you may need to switch to root user to run this command +[group('nix')] +clean: + sudo nix profile wipe-history --profile /nix/var/nix/profiles/system --older-than 7d + +# Garbage collect all unused nix store entries +[group('nix')] +gc: + # garbage collect all unused nix store entries(system-wide) + sudo nix-collect-garbage --delete-older-than 7d + # garbage collect all unused nix store entries(for the user - home-manager) + # https://github.com/NixOS/nix/issues/8508 + nix-collect-garbage --delete-older-than 7d + +[group('nix')] +fmt range: + # format the nix files in this repo + nix fmt {{range}} + +# Show all the auto gc roots in the nix store +[group('nix')] +gcroot: + ls -al /nix/var/nix/gcroots/auto/ + diff --git a/README.md b/README.md new file mode 100644 index 0000000..635c8ab --- /dev/null +++ b/README.md @@ -0,0 +1,81 @@ +# nix-darwin + +Declarative macOS setup for host `fenrir` using `nix-darwin`, `home-manager`, +`nix-homebrew`, and `sops-nix`. + +## What This Repo Manages + +- System-level macOS configuration (`modules/`) +- User-level tooling and shell/editor setup (`home/`) +- Declarative Homebrew taps/apps/casks +- Encrypted secrets via SOPS (`secrets/` + `.sops.yaml`) + +## Prerequisites + +- macOS on Apple Silicon (`aarch64-darwin`) +- Nix with flakes (`nix-command` + `flakes`) +- `just` (command runner) +- SOPS age key at: + +```bash +~/.config/sops/age/keys.txt +``` + +## Repository Layout + +- `flake.nix`: flake inputs/outputs and `darwinConfigurations` +- `Justfile`: daily commands (`darwin`, `darwin-debug`, `fmt`, `up`, `gc`, etc.) +- `modules/`: system modules (`nix-core.nix`, `system.nix`, `apps.nix`, + `host-users.nix`) +- `home/`: Home Manager modules (shell, git, nvf, terminal, tools) +- `secrets/`: encrypted secret files (`poby.yaml`) + +## Common Commands + +```bash +# List available tasks +just + +# Build and switch for a host +just darwin $(hostname) + +# Build and switch with full trace +just darwin-debug $(hostname) + +# Format Nix files (example: whole repo) +just fmt . + +# Update all flake inputs +just up + +# Update one input +just upp nixpkgs-darwin + +# Inspect system profile history +just history + +# Clean old generations / garbage collect +just clean +just gc +``` + +## Secrets + +- Secrets are encrypted in `secrets/*.yaml`. +- `.sops.yaml` enforces age-based encryption rules. +- Home Manager reads secrets from `secrets/poby.yaml` and exposes: + - `github_ssh_key` + - `github_cli_token` + +## Customization Notes + +- Update `hostname`, `username`, and `useremail` in `flake.nix` for your + machine. +- Add new system behavior in `modules/*.nix`. +- Add user tooling in `home/*.nix` and import it from `home/default.nix`. + +## Troubleshooting + +- Use `just darwin-debug ` for verbose evaluation/build output. +- If a build succeeds but behavior is stale, re-run switch and verify active + host/config values. diff --git a/flake.lock b/flake.lock index 70619e6..921aba9 100644 --- a/flake.lock +++ b/flake.lock @@ -1,5 +1,22 @@ { "nodes": { + "brew-src": { + "flake": false, + "locked": { + "lastModified": 1769363988, + "narHash": "sha256-BiGPeulrDVetXP+tjxhMcGLUROZAtZIhU5m4MqawCfM=", + "owner": "Homebrew", + "repo": "brew", + "rev": "d01011cac6d72032c75fd2cd9489909e95d9faf2", + "type": "github" + }, + "original": { + "owner": "Homebrew", + "ref": "5.0.12", + "repo": "brew", + "type": "github" + } + }, "darwin": { "inputs": { "nixpkgs": [ @@ -7,26 +24,172 @@ ] }, "locked": { - "lastModified": 1758102940, - "narHash": "sha256-wwqf3+A8EiqwWpcAaPN20QXJLlpGPpwtLTrzgnngI2o=", - "owner": "lnl7", + "lastModified": 1772129556, + "narHash": "sha256-Utk0zd8STPsUJPyjabhzPc5BpPodLTXrwkpXBHYnpeg=", + "owner": "nix-darwin", "repo": "nix-darwin", - "rev": "ebd0bfc11fc2b5cff37401e9b3703881ad5fabbd", + "rev": "ebec37af18215214173c98cf6356d0aca24a2585", "type": "github" }, "original": { - "owner": "lnl7", + "owner": "nix-darwin", + "ref": "nix-darwin-25.11", "repo": "nix-darwin", "type": "github" } }, + "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1751685974, + "narHash": "sha256-NKw96t+BgHIYzHUjkTK95FqYRVKB8DHpVhefWSz/kTw=", + "ref": "refs/heads/main", + "rev": "549f2762aebeff29a2e5ece7a7dc0f955281a1d1", + "revCount": 92, + "type": "git", + "url": "https://git.lix.systems/lix-project/flake-compat.git" + }, + "original": { + "type": "git", + "url": "https://git.lix.systems/lix-project/flake-compat.git" + } + }, + "flake-parts": { + "inputs": { + "nixpkgs-lib": [ + "nvf", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1769996383, + "narHash": "sha256-AnYjnFWgS49RlqX7LrC4uA+sCCDBj0Ry/WOJ5XWAsa0=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "57928607ea566b5db3ad13af0e57e921e6b12381", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "home-manager": { + "inputs": { + "nixpkgs": [ + "nixpkgs-darwin" + ] + }, + "locked": { + "lastModified": 1773264488, + "narHash": "sha256-rK0507bDuWBrZo+0zts9bCs/+RRUEHuvFE5DHWPxX/Q=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "5c0f63f8d55040a7eed69df7e3fcdd15dfb5a04c", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "release-25.11", + "repo": "home-manager", + "type": "github" + } + }, + "homebrew-cask": { + "flake": false, + "locked": { + "lastModified": 1773410126, + "narHash": "sha256-3a9X78TmrHH9eNhj87TBL5HWQaAzD5z8/YcF/5Hpf+8=", + "owner": "homebrew", + "repo": "homebrew-cask", + "rev": "c94484c7d98b6442d80524eca84968bf8558075a", + "type": "github" + }, + "original": { + "owner": "homebrew", + "repo": "homebrew-cask", + "type": "github" + } + }, + "homebrew-core": { + "flake": false, + "locked": { + "lastModified": 1773409445, + "narHash": "sha256-3/WrGHe9vdH98DXzD4ZYQkEEonKeCOKj0Bkq3WFKxbk=", + "owner": "homebrew", + "repo": "homebrew-core", + "rev": "7a2962491e67edec68819e691817349558618d31", + "type": "github" + }, + "original": { + "owner": "homebrew", + "repo": "homebrew-core", + "type": "github" + } + }, + "mnw": { + "locked": { + "lastModified": 1770419553, + "narHash": "sha256-b1XqsH7AtVf2dXmq2iyRr2NC1yG7skY7Z6N2MpWHlK4=", + "owner": "Gerg-L", + "repo": "mnw", + "rev": "2aaffa8030d0b262176146adbb6b0e6374ce2957", + "type": "github" + }, + "original": { + "owner": "Gerg-L", + "repo": "mnw", + "type": "github" + } + }, + "ndg": { + "inputs": { + "nixpkgs": [ + "nvf", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1768214250, + "narHash": "sha256-hnBZDQWUxJV3KbtvyGW5BKLO/fAwydrxm5WHCWMQTbw=", + "owner": "feel-co", + "repo": "ndg", + "rev": "a6bd3c1ce2668d096e4fdaaa03ad7f03ba1fbca8", + "type": "github" + }, + "original": { + "owner": "feel-co", + "ref": "refs/tags/v2.6.0", + "repo": "ndg", + "type": "github" + } + }, + "nix-homebrew": { + "inputs": { + "brew-src": "brew-src" + }, + "locked": { + "lastModified": 1769437432, + "narHash": "sha256-8d7KnCpT2LweRvSzZYEGd9IM3eFX+A78opcnDM0+ndk=", + "owner": "zhaofengli", + "repo": "nix-homebrew", + "rev": "a5409abd0d5013d79775d3419bcac10eacb9d8c5", + "type": "github" + }, + "original": { + "owner": "zhaofengli", + "repo": "nix-homebrew", + "type": "github" + } + }, "nixpkgs": { "locked": { - "lastModified": 1758262103, - "narHash": "sha256-aBGl3XEOsjWw6W3AHiKibN7FeoG73dutQQEqnd/etR8=", + "lastModified": 1773231277, + "narHash": "sha256-Xy3WEpUAbpsz8ydgvVAQAGGB/WB+8cNA5cshiL0McTI=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "12bd230118a1901a4a5d393f9f56b6ad7e571d01", + "rev": "75690239f08f885ca9b0267580101f60d10fbe62", "type": "github" }, "original": { @@ -36,25 +199,91 @@ }, "nixpkgs-darwin": { "locked": { - "lastModified": 1758262103, - "narHash": "sha256-aBGl3XEOsjWw6W3AHiKibN7FeoG73dutQQEqnd/etR8=", + "lastModified": 1773282714, + "narHash": "sha256-at2PNNVNoTfXBe3bA6pgff+CKOwdBWUZCUBIfXGrXsU=", "owner": "nixos", "repo": "nixpkgs", - "rev": "12bd230118a1901a4a5d393f9f56b6ad7e571d01", + "rev": "a8556879c286b4a40a717a416ae61818c26d1ac8", "type": "github" }, "original": { "owner": "nixos", - "ref": "nixpkgs-unstable", + "ref": "nixpkgs-25.11-darwin", "repo": "nixpkgs", "type": "github" } }, + "nvf": { + "inputs": { + "flake-compat": "flake-compat", + "flake-parts": "flake-parts", + "mnw": "mnw", + "ndg": "ndg", + "nixpkgs": [ + "nixpkgs" + ], + "systems": "systems" + }, + "locked": { + "lastModified": 1773343795, + "narHash": "sha256-0+HEuOytpwyPt7i1jj6v2QJ+NXXisCYnL2XNwPBltvg=", + "owner": "notashelf", + "repo": "nvf", + "rev": "83b44eaf50b96bd5d06b1a56a3a51f1b2362db52", + "type": "github" + }, + "original": { + "owner": "notashelf", + "repo": "nvf", + "type": "github" + } + }, "root": { "inputs": { "darwin": "darwin", + "home-manager": "home-manager", + "homebrew-cask": "homebrew-cask", + "homebrew-core": "homebrew-core", + "nix-homebrew": "nix-homebrew", "nixpkgs": "nixpkgs", - "nixpkgs-darwin": "nixpkgs-darwin" + "nixpkgs-darwin": "nixpkgs-darwin", + "nvf": "nvf", + "sops-nix": "sops-nix" + } + }, + "sops-nix": { + "inputs": { + "nixpkgs": [ + "nixpkgs-darwin" + ] + }, + "locked": { + "lastModified": 1773096132, + "narHash": "sha256-M3zEnq9OElB7zqc+mjgPlByPm1O5t2fbUrH3t/Hm5Ag=", + "owner": "Mic92", + "repo": "sops-nix", + "rev": "d1ff3b1034d5bab5d7d8086a7803c5a5968cd784", + "type": "github" + }, + "original": { + "owner": "Mic92", + "repo": "sops-nix", + "type": "github" + } + }, + "systems": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" } } }, diff --git a/flake.nix b/flake.nix index 63f48c5..cfc6764 100644 --- a/flake.nix +++ b/flake.nix @@ -1,43 +1,75 @@ { - description = "Nix for macOS configuration"; + description = "Nix for Poby's MacOS"; - ################################################################################################################## - # - # Want to know Nix in details? Looking for a beginner-friendly tutorial? - # Check out https://github.com/ryan4yin/nixos-and-flakes-book ! - # - ################################################################################################################## + # TODO: is this necessary? + # nixConfig = { + # substituters = [ + # "https://nix-community.cachix.org" + # "https://cache.nixos.org" + # ]; + # }; - # This is the standard format for flake.nix. `inputs` are the dependencies of the flake, - # Each item in `inputs` will be passed as a parameter to the `outputs` function after being pulled and built. inputs = { - nixpkgs-darwin.url = "github:nixos/nixpkgs/nixpkgs-unstable"; - # nixpkgs-darwin.url = "github:nixos/nixpkgs/nixpkgs-24.05-darwin"; + # nixpkgs-darwin.url = "github:nixos/nixpkgs/nixpkgs-unstable"; # comment out for unstable version + nixpkgs-darwin.url = "github:nixos/nixpkgs/nixpkgs-25.11-darwin"; + + home-manager = { + url = "github:nix-community/home-manager/release-25.11"; + inputs.nixpkgs.follows = "nixpkgs-darwin"; + }; + darwin = { - url = "github:lnl7/nix-darwin"; + url = "github:nix-darwin/nix-darwin/nix-darwin-25.11"; + inputs.nixpkgs.follows = "nixpkgs-darwin"; + }; + + # Homebrew + nix-homebrew.url = "github:zhaofengli/nix-homebrew"; + + # Optional: Declarative tap management + homebrew-core = { + url = "github:homebrew/homebrew-core"; + flake = false; + }; + homebrew-cask = { + url = "github:homebrew/homebrew-cask"; + flake = false; + }; + + # NVF for neovim + nvf = { + url = "github:notashelf/nvf"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + + # sops-nix for secrets + sops-nix = { + url = "github:Mic92/sops-nix"; inputs.nixpkgs.follows = "nixpkgs-darwin"; }; }; - # The `outputs` function will return all the build results of the flake. - # A flake can have many use cases and different types of outputs, - # parameters in `outputs` are defined in `inputs` and can be referenced by their names. - # However, `self` is an exception, this special parameter points to the `outputs` itself (self-reference) - # The `@` syntax here is used to alias the attribute set of the inputs's parameter, making it convenient to use inside the function. outputs = inputs @ { self, nixpkgs, darwin, + home-manager, + nvf, + sops-nix, + nix-homebrew, + homebrew-core, + homebrew-cask, ... }: let - username = "poby"; system = "aarch64-darwin"; - hostname = "pobys-macbook-pro"; + username = "poby"; + useremail = "smg981024@gmail.com"; + hostname = "fenrir"; # TODO break down to multiple hosts specialArgs = inputs // { - inherit username hostname; + inherit username useremail hostname; }; in { darwinConfigurations."${hostname}" = darwin.lib.darwinSystem { @@ -47,9 +79,23 @@ ./modules/system.nix ./modules/apps.nix ./modules/host-users.nix + nix-homebrew.darwinModules.nix-homebrew + home-manager.darwinModules.home-manager + { + home-manager = { + useGlobalPkgs = true; + useUserPackages = true; + backupFileExtension = "backup"; + extraSpecialArgs = specialArgs; + sharedModules = [ + nvf.homeManagerModules.nvf + sops-nix.homeManagerModules.sops + ]; + users.${username} = import ./home; + }; + } ]; }; - # nix code formatter formatter.${system} = nixpkgs.legacyPackages.${system}.alejandra; }; -} \ No newline at end of file +} diff --git a/home/aerospace.nix b/home/aerospace.nix new file mode 100644 index 0000000..b5c37f3 --- /dev/null +++ b/home/aerospace.nix @@ -0,0 +1,133 @@ +{ + programs.aerospace = { + enable = true; + userSettings = { + start-at-login = true; + accordion-padding = 10; + default-root-container-layout = "tiles"; + default-root-container-orientation = "auto"; + on-focused-monitor-changed = ["move-mouse monitor-lazy-center"]; + automatically-unhide-macos-hidden-apps = false; + # persistent-workspaces = [ "1" "2" "3" "4" "5" "6" "7" "8" "9" ]; + + key-mapping = { + preset = "qwerty"; + }; + + gaps = { + inner.horizontal = 3; + inner.vertical = 3; + outer.left = 3; + outer.bottom = 3; + outer.top = 3; + outer.right = 3; + }; + + mode.main.binding = { + alt-slash = "layout tiles horizontal vertical"; + alt-comma = "layout accordion horizontal vertical"; + + alt-h = "focus left"; + alt-j = "focus down"; + alt-k = "focus up"; + alt-l = "focus right"; + + alt-shift-h = "move left"; + alt-shift-j = "move down"; + alt-shift-k = "move up"; + alt-shift-l = "move right"; + + alt-minus = "resize smart -50"; + alt-equal = "resize smart +50"; + + alt-1 = "workspace 1"; + alt-2 = "workspace 2"; + alt-3 = "workspace 3"; + alt-4 = "workspace 4"; + alt-5 = "workspace 5"; + alt-6 = "workspace 6"; + alt-7 = "workspace 7"; + alt-8 = "workspace 8"; + alt-9 = "workspace 9"; + + alt-shift-1 = [ + "move-node-to-workspace 1" + "workspace 1" + ]; + alt-shift-2 = [ + "move-node-to-workspace 2" + "workspace 2" + ]; + alt-shift-3 = [ + "move-node-to-workspace 3" + "workspace 3" + ]; + alt-shift-4 = [ + "move-node-to-workspace 4" + "workspace 4" + ]; + alt-shift-5 = [ + "move-node-to-workspace 5" + "workspace 5" + ]; + alt-shift-6 = [ + "move-node-to-workspace 6" + "workspace 6" + ]; + alt-shift-7 = [ + "move-node-to-workspace 7" + "workspace 7" + ]; + alt-shift-8 = [ + "move-node-to-workspace 8" + "workspace 8" + ]; + alt-shift-9 = [ + "move-node-to-workspace 9" + "workspace 9" + ]; + + alt-tab = "workspace-back-and-forth"; + alt-shift-tab = "move-workspace-to-monitor --wrap-around next"; + + alt-shift-semicolon = "mode service"; + }; + + mode.service.binding = { + esc = [ + "reload-config" + "mode main" + ]; + r = [ + "flatten-workspace-tree" + "mode main" + ]; + f = [ + "layout floating tiling" + "mode main" + ]; + backspace = [ + "close-all-windows-but-current" + "mode main" + ]; + + alt-shift-h = [ + "join-with left" + "mode main" + ]; + alt-shift-j = [ + "join-with down" + "mode main" + ]; + alt-shift-k = [ + "join-with up" + "mode main" + ]; + alt-shift-l = [ + "join-with right" + "mode main" + ]; + }; + }; + }; +} diff --git a/home/bat.nix b/home/bat.nix new file mode 100644 index 0000000..4cb0b03 --- /dev/null +++ b/home/bat.nix @@ -0,0 +1,5 @@ +{ + programs.bat = { + enable = true; + }; +} diff --git a/home/default.nix b/home/default.nix new file mode 100755 index 0000000..8ae1be7 --- /dev/null +++ b/home/default.nix @@ -0,0 +1,43 @@ +{ + pkgs, + username, + ... +}: { + imports = [ + ./fd.nix + ./fzf.nix + ./gh.nix + ./git.nix + ./nvf + ./ripgrep.nix + ./starship.nix + ./zoxide.nix + ./zsh.nix + ./eza.nix + ./jq.nix + ./lazygit.nix + ./mise.nix + ./terminal.nix + ./bat.nix + ./aerospace.nix + ./sops.nix + ./ssh.nix + ]; + + home = { + inherit username; + homeDirectory = "/Users/${username}"; + stateVersion = "25.11"; + + # packages that are not available via programs + packages = with pkgs; [ + raycast + ice-bar + keka + stats + iina + ]; + }; + + programs.home-manager.enable = true; +} diff --git a/home/eza.nix b/home/eza.nix new file mode 100644 index 0000000..348e54a --- /dev/null +++ b/home/eza.nix @@ -0,0 +1,10 @@ +{ + programs.eza = { + enable = true; + colors = "auto"; + git = true; + icons = "auto"; + enableZshIntegration = true; + enableBashIntegration = true; + }; +} diff --git a/home/fd.nix b/home/fd.nix new file mode 100755 index 0000000..79dadf7 --- /dev/null +++ b/home/fd.nix @@ -0,0 +1,7 @@ +{ + programs.fd = { + enable = true; + ignores = [".git/"]; + hidden = true; + }; +} diff --git a/home/fzf.nix b/home/fzf.nix new file mode 100755 index 0000000..b79ed72 --- /dev/null +++ b/home/fzf.nix @@ -0,0 +1,7 @@ +{ + programs.fzf = { + enable = true; + enableZshIntegration = true; + enableBashIntegration = true; + }; +} diff --git a/home/gh.nix b/home/gh.nix new file mode 100755 index 0000000..9120613 --- /dev/null +++ b/home/gh.nix @@ -0,0 +1,8 @@ +{ + programs.gh = { + enable = true; + settings = { + git_protocol = "ssh"; + }; + }; +} diff --git a/home/git.nix b/home/git.nix new file mode 100755 index 0000000..cd67e6d --- /dev/null +++ b/home/git.nix @@ -0,0 +1,35 @@ +{config, ...}: let + signingPrincipal = "87608318+smg1024@users.noreply.github.com"; + signingPublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFuQ4STNnixjNDo38AyI0yABKAVfF3hupo66613IgfC7"; + signingKeyPath = "${config.home.homeDirectory}/.config/sops-nix/secrets/github_ssh_key"; + allowedSignersPath = "${config.home.homeDirectory}/.config/git/allowed_signers"; +in { + home.file.".config/git/allowed_signers".text = '' + ${signingPrincipal} ${signingPublicKey} + ''; + + programs.git = { + enable = true; + signing = { + format = "ssh"; + key = signingKeyPath; + signByDefault = true; + signer = "ssh-keygen"; + }; + settings = { + user = { + name = "Poby"; + email = signingPrincipal; + }; + gpg = { + ssh = { + allowedSignersFile = allowedSignersPath; + }; + }; + init.defaultBranch = "master"; + push = { + autoSetupRemote = true; + }; + }; + }; +} diff --git a/home/jq.nix b/home/jq.nix new file mode 100644 index 0000000..825fbf2 --- /dev/null +++ b/home/jq.nix @@ -0,0 +1,3 @@ +{ + programs.jq.enable = true; +} diff --git a/home/lazygit.nix b/home/lazygit.nix new file mode 100644 index 0000000..c24f855 --- /dev/null +++ b/home/lazygit.nix @@ -0,0 +1,7 @@ +{ + programs.lazygit = { + enable = true; + enableZshIntegration = true; + enableBashIntegration = true; + }; +} diff --git a/home/mise.nix b/home/mise.nix new file mode 100644 index 0000000..d5fa8ce --- /dev/null +++ b/home/mise.nix @@ -0,0 +1,17 @@ +{ + programs.mise = { + enable = true; + + globalConfig = { + tools = { + node = "lts"; + uv = "latest"; + python = "3.13"; + }; + settings = { + experimental = true; + env_file = ".env"; + }; + }; + }; +} diff --git a/home/nvf/appearance/theme.nix b/home/nvf/appearance/theme.nix new file mode 100755 index 0000000..ce1b691 --- /dev/null +++ b/home/nvf/appearance/theme.nix @@ -0,0 +1,6 @@ +{ + # theme + enable = true; + name = "tokyonight"; + style = "night"; +} diff --git a/home/nvf/core/augroups.nix b/home/nvf/core/augroups.nix new file mode 100755 index 0000000..36fd071 --- /dev/null +++ b/home/nvf/core/augroups.nix @@ -0,0 +1,11 @@ +[ + # augroups + { + enable = true; + name = "LastCursorGroup"; + } + { + enable = true; + name = "HighlightYank"; + } +] diff --git a/home/nvf/core/autocmds.nix b/home/nvf/core/autocmds.nix new file mode 100755 index 0000000..ff9fdda --- /dev/null +++ b/home/nvf/core/autocmds.nix @@ -0,0 +1,33 @@ +{lib, ...}: [ + # autocmds + { + enable = true; + event = ["BufReadPost"]; + desc = "Return to last cursor position"; + group = "LastCursorGroup"; + callback = lib.generators.mkLuaInline '' + function() + local mark = vim.api.nvim_buf_get_mark(0, '"') + local line_count = vim.api.nvim_buf_line_count(0) + if mark[1] > 0 and mark[1] <= line_count then + pcall(vim.api.nvim_win_set_cursor, 0, mark) + end + end + ''; + } + { + enable = true; + event = ["TextYankPost"]; + desc = "Highlight yanks on copy"; + group = "HighlightYank"; + pattern = ["*"]; + callback = lib.generators.mkLuaInline '' + function() + vim.hl.on_yank({ + higroup = "IncSearch", + timeout = 250, + }) + end + ''; + } +] diff --git a/home/nvf/core/clipboard.nix b/home/nvf/core/clipboard.nix new file mode 100755 index 0000000..2fe1a81 --- /dev/null +++ b/home/nvf/core/clipboard.nix @@ -0,0 +1,8 @@ +{ + # clipboard + enable = true; + registers = "unnamedplus"; + providers = { + wl-copy.enable = true; + }; +} diff --git a/home/nvf/core/keymaps.nix b/home/nvf/core/keymaps.nix new file mode 100755 index 0000000..9af6a8b --- /dev/null +++ b/home/nvf/core/keymaps.nix @@ -0,0 +1,81 @@ +[ + # Keymaps + { + key = "ff"; + mode = "n"; + action = "FzfLua files"; + desc = "[F]ind files"; + } + { + key = "fg"; + mode = "n"; + action = "FzfLua live_grep_native"; + desc = "Live [G]rep"; + } + { + key = ""; + mode = "n"; + action = "FzfLua buffers"; + desc = "Buffers"; + } + { + key = "fh"; + mode = "n"; + action = "FzfLua help_tags"; + desc = "[H]elp Tags"; + } + { + key = "fx"; + mode = "n"; + action = "FzfLua diagnostics_document"; + desc = "Diagnostics Document"; + } + { + key = "fX"; + mode = "n"; + action = "FzfLua diagnostics_workspace"; + desc = "Diagnostics Workspace"; + } + { + key = "fs"; + mode = "n"; + action = "FzfLua lsp_document_symbols"; + desc = "Document [S]ymbols"; + } + { + key = "fS"; + mode = "n"; + action = "FzfLua lsp_workspace_symbols"; + desc = "Workspace [S]ymbols"; + } + { + key = "fk"; + mode = "n"; + action = "FzfLua keymaps"; + desc = "[K]eymaps"; + } + { + key = "fb"; + mode = "n"; + action = "FzfLua builtin"; + desc = "[B]uiltin FZF"; + } + { + key = "fr"; + mode = "n"; + action = "FzfLua resume"; + desc = "[R]esume"; + } + { + key = "fo"; + mode = "n"; + action = "FzfLua oldfiles"; + desc = "[O]ld Files"; + } + { + key = "-"; + mode = "n"; + action = "Oil --float"; + desc = "Open Current Directory"; + } +] diff --git a/home/nvf/core/options.nix b/home/nvf/core/options.nix new file mode 100755 index 0000000..705da07 --- /dev/null +++ b/home/nvf/core/options.nix @@ -0,0 +1,12 @@ +{ + # options + cursorlineopt = "line"; + wrap = false; + cmdheight = 1; + tabstop = 2; + shiftwidth = 2; + autoindent = true; + termguicolors = true; + splitbelow = true; + splitright = true; +} diff --git a/home/nvf/core/spellcheck.nix b/home/nvf/core/spellcheck.nix new file mode 100755 index 0000000..4966b3c --- /dev/null +++ b/home/nvf/core/spellcheck.nix @@ -0,0 +1,5 @@ +{ + # spellcheck + enable = true; + languages = ["en"]; +} diff --git a/home/nvf/core/undoFile.nix b/home/nvf/core/undoFile.nix new file mode 100755 index 0000000..4c5dbd1 --- /dev/null +++ b/home/nvf/core/undoFile.nix @@ -0,0 +1,4 @@ +{ + # undoFile + enable = true; +} diff --git a/home/nvf/default.nix b/home/nvf/default.nix new file mode 100755 index 0000000..43292a8 --- /dev/null +++ b/home/nvf/default.nix @@ -0,0 +1,47 @@ +{ + lib, + pkgs, + ... +}: let + options = import ./core/options.nix; + autocmds = import ./core/autocmds.nix {inherit lib;}; + augroups = import ./core/augroups.nix; + keymaps = import ./core/keymaps.nix; + fzf-lua = import ./plugins/fzf-lua.nix; + mini = import ./plugins/mini.nix; + utility = import ./plugins/utility.nix; + binds = import ./plugins/binds.nix; + terminal = import ./plugins/terminal.nix; + theme = import ./appearance/theme.nix; + lsp = import ./lsp/lsp.nix; + treesitter = import ./lsp/treesitter.nix {inherit pkgs;}; + autocomplete = import ./lsp/autocomplete.nix; + languages = import ./lsp/languages; +in { + programs.nvf = { + enable = true; + + settings = { + vim = { + inherit + options + autocmds + augroups + keymaps + fzf-lua + mini + utility + binds + terminal + theme + lsp + treesitter + autocomplete + languages + ; + searchCase = "smart"; + hideSearchHighlight = true; + }; + }; + }; +} diff --git a/home/nvf/lsp/autocomplete.nix b/home/nvf/lsp/autocomplete.nix new file mode 100755 index 0000000..3c467f5 --- /dev/null +++ b/home/nvf/lsp/autocomplete.nix @@ -0,0 +1,22 @@ +{ + # autocomplete + blink-cmp = { + enable = true; + friendly-snippets.enable = true; + setupOpts = { + keymap.preset = "default"; + cmdline = { + keymap.preset = "default"; + }; + completion = { + documentation = { + auto_show = true; + auto_show_delay_ms = 1000; + }; + }; + }; + sourcePlugins = { + emoji.enable = true; + }; + }; +} diff --git a/home/nvf/lsp/languages/bash.nix b/home/nvf/lsp/languages/bash.nix new file mode 100755 index 0000000..2205f03 --- /dev/null +++ b/home/nvf/lsp/languages/bash.nix @@ -0,0 +1,17 @@ +{ + # bash + enable = true; + extraDiagnostics = { + enable = true; + types = ["shellcheck"]; + }; + format = { + enable = true; + type = ["shfmt"]; + }; + lsp = { + enable = true; + servers = ["bash-ls"]; + }; + treesitter.enable = true; +} diff --git a/home/nvf/lsp/languages/default.nix b/home/nvf/lsp/languages/default.nix new file mode 100755 index 0000000..b67cb8b --- /dev/null +++ b/home/nvf/lsp/languages/default.nix @@ -0,0 +1,19 @@ +let + nix = import ./nix.nix; + python = import ./python.nix; + lua = import ./lua.nix; + bash = import ./bash.nix; + markdown = import ./markdown.nix; + html = import ./html.nix; + yaml = import ./yaml.nix; +in { + inherit + nix + python + lua + bash + markdown + html + yaml + ; +} diff --git a/home/nvf/lsp/languages/html.nix b/home/nvf/lsp/languages/html.nix new file mode 100755 index 0000000..c0d3a7b --- /dev/null +++ b/home/nvf/lsp/languages/html.nix @@ -0,0 +1,23 @@ +{ + # html + enable = true; + extraDiagnostics = { + enable = true; + types = ["htmlhint"]; + }; + format = { + enable = true; + type = [ + "superhtml" + "prettierd" + ]; + }; + lsp = { + enable = true; + servers = ["superhtml"]; + }; + treesitter = { + enable = true; + autotagHtml = true; + }; +} diff --git a/home/nvf/lsp/languages/lua.nix b/home/nvf/lsp/languages/lua.nix new file mode 100755 index 0000000..57c7de0 --- /dev/null +++ b/home/nvf/lsp/languages/lua.nix @@ -0,0 +1,17 @@ +{ + # lua + enable = true; + extraDiagnostics = { + enable = true; + types = ["luacheck"]; + }; + format = { + enable = true; + type = ["stylua"]; + }; + lsp = { + enable = true; + servers = ["lua-language-server"]; + }; + treesitter.enable = true; +} diff --git a/home/nvf/lsp/languages/markdown.nix b/home/nvf/lsp/languages/markdown.nix new file mode 100755 index 0000000..958bfff --- /dev/null +++ b/home/nvf/lsp/languages/markdown.nix @@ -0,0 +1,30 @@ +{ + # markdown + enable = true; + extensions = { + render-markdown-nvim = { + enable = true; + setupOpts = { + checkbox = { + checked.scope_highlight = "@markup.strikethrough"; + }; + }; + }; + }; + extraDiagnostics = { + enable = true; + types = ["markdownlint-cli2"]; + }; + format = { + enable = true; + type = [ + "prettierd" + "deno_fmt" + ]; + }; + lsp = { + enable = true; + servers = ["marksman"]; + }; + treesitter.enable = true; +} diff --git a/home/nvf/lsp/languages/nix.nix b/home/nvf/lsp/languages/nix.nix new file mode 100755 index 0000000..e03681a --- /dev/null +++ b/home/nvf/lsp/languages/nix.nix @@ -0,0 +1,20 @@ +{ + # nix + enable = true; + extraDiagnostics = { + enable = true; + types = [ + "deadnix" + "statix" + ]; + }; + format = { + enable = true; + type = ["alejandra"]; + }; + lsp = { + enable = true; + servers = ["nil"]; + }; + treesitter.enable = true; +} diff --git a/home/nvf/lsp/languages/python.nix b/home/nvf/lsp/languages/python.nix new file mode 100755 index 0000000..13bcf1b --- /dev/null +++ b/home/nvf/lsp/languages/python.nix @@ -0,0 +1,13 @@ +{ + # python + enable = true; + format = { + enable = true; + type = ["ruff"]; + }; + lsp = { + enable = true; + servers = ["pyright"]; + }; + treesitter.enable = true; +} diff --git a/home/nvf/lsp/languages/yaml.nix b/home/nvf/lsp/languages/yaml.nix new file mode 100755 index 0000000..43fb599 --- /dev/null +++ b/home/nvf/lsp/languages/yaml.nix @@ -0,0 +1,9 @@ +{ + # yaml + enable = true; + lsp = { + enable = true; + servers = ["yaml-language-server"]; + }; + treesitter.enable = true; +} diff --git a/home/nvf/lsp/lsp.nix b/home/nvf/lsp/lsp.nix new file mode 100755 index 0000000..adfac12 --- /dev/null +++ b/home/nvf/lsp/lsp.nix @@ -0,0 +1,7 @@ +{ + # lsp + enable = true; + inlayHints.enable = true; + lspconfig.enable = true; + formatOnSave = true; +} diff --git a/home/nvf/lsp/treesitter.nix b/home/nvf/lsp/treesitter.nix new file mode 100755 index 0000000..da824a3 --- /dev/null +++ b/home/nvf/lsp/treesitter.nix @@ -0,0 +1,15 @@ +{pkgs, ...}: { + # treesitter + enable = true; + addDefaultGrammars = true; + grammars = with pkgs.vimPlugins.nvim-treesitter.builtGrammars; [ + nix + lua + yaml + ]; + fold = true; + highlight = { + enable = true; + }; + indent.enable = true; +} diff --git a/home/nvf/plugins/binds.nix b/home/nvf/plugins/binds.nix new file mode 100755 index 0000000..b169725 --- /dev/null +++ b/home/nvf/plugins/binds.nix @@ -0,0 +1,10 @@ +{ + # binds + whichKey = { + enable = true; + register = { + "f" = "+FZF"; + "l" = "+Language"; + }; + }; +} diff --git a/home/nvf/plugins/fzf-lua.nix b/home/nvf/plugins/fzf-lua.nix new file mode 100755 index 0000000..f463c4a --- /dev/null +++ b/home/nvf/plugins/fzf-lua.nix @@ -0,0 +1,6 @@ +{ + # fzf-lua + enable = true; + profile = "default"; + setupOpts = {}; +} diff --git a/home/nvf/plugins/mini.nix b/home/nvf/plugins/mini.nix new file mode 100755 index 0000000..2606209 --- /dev/null +++ b/home/nvf/plugins/mini.nix @@ -0,0 +1,14 @@ +{ + # mini + statusline.enable = true; + ai.enable = true; + bufremove.enable = true; + comment.enable = true; + pairs.enable = true; + cursorword.enable = true; + icons.enable = true; + move.enable = true; + surround.enable = true; + indentscope.enable = true; + trailspace.enable = true; +} diff --git a/home/nvf/plugins/terminal.nix b/home/nvf/plugins/terminal.nix new file mode 100755 index 0000000..10910cd --- /dev/null +++ b/home/nvf/plugins/terminal.nix @@ -0,0 +1,21 @@ +{ + # terminal + toggleterm = { + enable = true; + setupOpts = { + direction = "horizontal"; + size = 6; + }; + mappings = { + open = "tt"; + }; + + # lazygit + lazygit = { + enable = true; + mappings = { + open = "gg"; + }; + }; + }; +} diff --git a/home/nvf/plugins/utility.nix b/home/nvf/plugins/utility.nix new file mode 100755 index 0000000..421e29c --- /dev/null +++ b/home/nvf/plugins/utility.nix @@ -0,0 +1,11 @@ +{ + # utility + oil-nvim = { + enable = true; + gitStatus.enable = true; + setupOpts = { + view_options.show_hidden = true; + }; + }; + sleuth.enable = true; +} diff --git a/home/ripgrep.nix b/home/ripgrep.nix new file mode 100755 index 0000000..34cc7c5 --- /dev/null +++ b/home/ripgrep.nix @@ -0,0 +1,3 @@ +{ + programs.ripgrep.enable = true; +} diff --git a/home/sops.nix b/home/sops.nix new file mode 100644 index 0000000..c8b52cf --- /dev/null +++ b/home/sops.nix @@ -0,0 +1,12 @@ +{config, ...}: { + sops = { + age.keyFile = "${config.home.homeDirectory}/.config/sops/age/keys.txt"; + + defaultSopsFile = ../secrets/poby.yaml; + + secrets = { + "github_ssh_key" = {}; + "github_cli_token" = {}; + }; + }; +} diff --git a/home/ssh.nix b/home/ssh.nix new file mode 100644 index 0000000..378be6e --- /dev/null +++ b/home/ssh.nix @@ -0,0 +1,15 @@ +{config, ...}: { + programs.ssh = { + enable = true; + enableDefaultConfig = false; + matchBlocks = { + "*" = {}; + "github.com" = { + host = "github.com"; + user = "git"; + identitiesOnly = true; + identityFile = [config.sops.secrets."github_ssh_key".path]; + }; + }; + }; +} diff --git a/home/starship.nix b/home/starship.nix new file mode 100755 index 0000000..2d50ffc --- /dev/null +++ b/home/starship.nix @@ -0,0 +1,230 @@ +{lib, ...}: { + programs.starship = { + enable = true; + enableZshIntegration = true; + enableBashIntegration = true; + + settings = { + add_newline = true; + continuation_prompt = "[▸▹ ](dimmed white)"; + + format = lib.concatStrings [ + "($nix_shell$container$fill\n)$cmd_duration" + "$hostname" + "$localip" + "$shell" + "$env_var" + "$jobs" + "$sudo" + "$username" + "$character" + ]; + + right_format = lib.concatStrings [ + "$directory" + "$git_branch" + "$git_commit" + "$git_state" + "$git_status" + "$docker_context" + "$c" + "$cpp" + "$deno" + "$helm" + "$java" + "$kotlin" + "$gradle" + "$lua" + "$nodejs" + "$python" + "$ruby" + "$rust" + "$terraform" + "$conda" + "$pixi" + ]; + + fill = { + symbol = " "; + }; + + line_break = { + disabled = false; + }; + + character = { + format = "$symbol "; + success_symbol = "[◎](bold italic bright-yellow)"; + error_symbol = "[○](italic purple)"; + vimcmd_symbol = "[■](italic dimmed green)"; + }; + + env_var.VIMSHELL = { + format = "[$env_value]($style)"; + style = "green italic"; + }; + + sudo = { + format = "[$symbol]($style)"; + style = "bold italic bright-purple"; + symbol = "⋈┈"; + disabled = false; + }; + + username = { + style_user = "bright-yellow bold italic"; + style_root = "purple bold italic"; + format = "[⭘ $user]($style) "; + disabled = false; + show_always = false; + }; + + directory = { + home_symbol = "⌂"; + truncation_length = 2; + truncation_symbol = "□ "; + read_only = " ◈"; + use_os_path_sep = true; + style = "italic blue"; + format = "[$path]($style)[$read_only]($read_only_style)"; + repo_root_style = "bold blue"; + repo_root_format = "[$before_root_path]($before_repo_root_style)[$repo_root]($repo_root_style)[$path]($style)[$read_only]($read_only_style) [△](bold bright-blue)"; + }; + + cmd_duration = { + format = "[◄ $duration ](italic white)"; + }; + + jobs = { + format = "[$symbol$number]($style) "; + style = "white"; + symbol = "[▶](blue italic)"; + }; + + localip = { + ssh_only = true; + format = " ◯[$localipv4](bold magenta)"; + disabled = false; + }; + + git_branch = { + format = " [$branch(:$remote_branch)]($style)"; + symbol = "[△](bold italic bright-blue)"; + style = "italic bright-blue"; + truncation_symbol = "⋯"; + truncation_length = 11; + ignore_branches = [ + "main" + "master" + ]; + only_attached = true; + }; + + git_metrics = { + format = "([▴$added]($added_style))([▿$deleted]($deleted_style))"; + added_style = "italic dimmed green"; + deleted_style = "italic dimmed red"; + ignore_submodules = true; + disabled = false; + }; + + git_status = { + style = "bold italic bright-blue"; + format = "([⎪$ahead_behind$staged$modified$untracked$renamed$deleted$conflicted$stashed⎥]($style))"; + conflicted = "[◪◦](italic bright-magenta)"; + ahead = "[▴│[\${count}](bold white)│](italic green)"; + behind = "[▿│[\${count}](bold white)│](italic red)"; + diverged = "[◇ ▴┤[\${ahead_count}](regular white)│▿┤[\${behind_count}](regular white)│](italic bright-magenta)"; + untracked = "[◌◦](italic bright-yellow)"; + stashed = "[◃◈](italic white)"; + modified = "[●◦](italic yellow)"; + staged = "[▪┤[$count](bold white)│](italic bright-cyan)"; + renamed = "[◎◦](italic bright-blue)"; + deleted = "[✕](italic red)"; + }; + + deno = { + format = " [deno](italic) [∫ $version](green bold)"; + version_format = "\${raw}"; + }; + + lua = { + format = " [lua](italic) [\${symbol}\${version}]($style)"; + version_format = "\${raw}"; + symbol = "⨀ "; + style = "bold bright-yellow"; + }; + + nodejs = { + format = " [node](italic) [◫ ($version)](bold bright-green)"; + version_format = "\${raw}"; + detect_files = [ + "package-lock.json" + "yarn.lock" + ]; + detect_folders = ["node_modules"]; + detect_extensions = []; + }; + + python = { + format = " [py](italic) [\${symbol}\${version}]($style)"; + symbol = "[⌉](bold bright-blue)⌊ "; + version_format = "\${raw}"; + style = "bold bright-yellow"; + }; + + ruby = { + format = " [rb](italic) [\${symbol}\${version}]($style)"; + symbol = "◆ "; + version_format = "\${raw}"; + style = "bold red"; + }; + + rust = { + format = " [rs](italic) [$symbol$version]($style)"; + symbol = "⊃ "; + version_format = "\${raw}"; + style = "bold red"; + }; + + c = { + symbol = "ℂ "; + format = " [$symbol($version(-$name))]($style)"; + }; + + cpp = { + symbol = "ℂ "; + format = " [$symbol($version(-$name))]($style)"; + }; + + conda = { + symbol = "◯ "; + format = " conda [$symbol$environment]($style)"; + }; + + pixi = { + symbol = "■ "; + format = " pixi [$symbol$version ($environment )]($style)"; + }; + + docker_context = { + symbol = "◧ "; + format = " docker [$symbol$context]($style)"; + }; + + java = { + symbol = "∪ "; + format = " java [\${symbol}(\${version} )]($style)"; + }; + + nix_shell = { + style = "bold italic dimmed blue"; + symbol = "✶"; + format = "[$symbol nix⎪$state⎪]($style) [$name](italic dimmed white)"; + impure_msg = "[⌽](bold dimmed red)"; + pure_msg = "[⌾](bold dimmed green)"; + unknown_msg = "[◌](bold dimmed yellow)"; + }; + }; + }; +} diff --git a/home/terminal.nix b/home/terminal.nix new file mode 100644 index 0000000..f6dffc4 --- /dev/null +++ b/home/terminal.nix @@ -0,0 +1,9 @@ +{ + programs.wezterm = { + enable = true; + enableZshIntegration = true; + enableBashIntegration = true; + # TODO wezterm config + extraConfig = builtins.readFile ./wezterm.lua; + }; +} diff --git a/home/wezterm.lua b/home/wezterm.lua new file mode 100644 index 0000000..fb9ec1e --- /dev/null +++ b/home/wezterm.lua @@ -0,0 +1,34 @@ +local wezterm = require("wezterm") + +config = wezterm.config_builder() + +config = { + -- Windows + automatically_reload_config = true, + use_fancy_tab_bar = true, + hide_tab_bar_if_only_one_tab = true, + window_close_confirmation = "NeverPrompt", + window_decorations = "RESIZE", -- disable title bar, enable resize + default_cursor_style = "BlinkingBar", + + -- Appearance + color_scheme = "Tokyo Night", + font = wezterm.font("D2CodingLigature Nerd Font"), + font_size = 16, + background = { + { + source = { Color = "#282c35" }, + width = "100%", + height = "100%", + opacity = 0.95, + }, + }, + window_padding = { + left = 0, + right = 0, + top = 0, + bottom = 0, + }, +} + +return config diff --git a/home/zoxide.nix b/home/zoxide.nix new file mode 100755 index 0000000..ac54e8f --- /dev/null +++ b/home/zoxide.nix @@ -0,0 +1,8 @@ +{ + programs.zoxide = { + enable = true; + enableZshIntegration = true; + enableBashIntegration = true; + options = ["--cmd j"]; + }; +} diff --git a/home/zsh.nix b/home/zsh.nix new file mode 100755 index 0000000..2a5dc0a --- /dev/null +++ b/home/zsh.nix @@ -0,0 +1,49 @@ +{config, ...}: { + programs.zsh = { + enable = true; + + enableCompletion = true; + autosuggestion.enable = true; + syntaxHighlighting.enable = true; + + defaultKeymap = "viins"; + + history = { + size = 10000; + save = 10000; + share = true; + ignoreAllDups = true; + ignoreDups = true; + ignoreSpace = true; + }; + + shellAliases = { + poby = "echo my name is poby"; + nixconfig = "cd ~/nix-darwin && vim flake.nix"; + just-darwin = "cd ~/nix-darwin && just darwin $(hostname)"; + }; + + sessionVariables = { + EDITOR = "nvim"; + }; + + initContent = '' + export GH_TOKEN="$(cat ${config.sops.secrets."github_cli_token".path})" + ''; + + oh-my-zsh = { + enable = true; + theme = "robbyrussell"; + plugins = [ + "git" + "gitignore" + "history" + "sudo" + "vi-mode" + "zoxide" + "eza" + "mise" + ]; + }; + }; +} diff --git a/modules/.DS_Store b/modules/.DS_Store deleted file mode 100644 index 5008ddf..0000000 Binary files a/modules/.DS_Store and /dev/null differ diff --git a/modules/apps.nix b/modules/apps.nix index e41b251..29553b0 100644 --- a/modules/apps.nix +++ b/modules/apps.nix @@ -1,126 +1,62 @@ -{ pkgs, ... }: { +{ + pkgs, + config, + username, + homebrew-core, + homebrew-cask, + ... +}: { + nixpkgs.config.allowUnfree = true; - ########################################################################## - # - # Install all apps and packages here. - # - ########################################################################## - - # Install packages from nix's official package repository. - # - # The packages installed here are available to all users, and are reproducible across machines, and are rollbackable. - # But on macOS, it's less stable than homebrew. - # - # Related Discussion: https://discourse.nixos.org/t/darwin-again/29331 environment.systemPackages = with pkgs; [ - # CLI git + neovim just # use Justfile to simplify nix-darwin's commands - ffmpeg - fzf - bat - fastfetch - gh - lsd - mkalias - python310 - tldr - tmux tree - zoxide - zsh-powerlevel10k - zsh-fzf-tab - commitizen + fastfetchMinimal ]; environment.variables.EDITOR = "nvim"; - # TODO To make this work, homebrew need to be installed manually, see https://brew.sh - # - # The apps installed by homebrew are not managed by nix, and not reproducible! - # But on macOS, homebrew has a much larger selection of apps than nixpkgs, especially for GUI apps! + nix-homebrew = { + enable = true; + enableRosetta = true; + user = username; + taps = { + "homebrew/homebrew-core" = homebrew-core; + "homebrew/homebrew-cask" = homebrew-cask; + }; + mutableTaps = false; + }; + homebrew = { enable = true; onActivation = { - autoUpdate = true; # Fetch the newest stable branch of Homebrew's git repo - upgrade = true; # Upgrade outdated casks, formulae, and App Store apps - # 'zap': uninstalls all formulae(and related files) not listed in the generated Brewfile + autoUpdate = true; cleanup = "zap"; }; # Applications to install from Mac App Store using mas. - # You need to install all these Apps manually first so that your apple account have records for them. - # otherwise Apple Store will refuse to install them. - # For details, see https://github.com/mas-cli/mas masApps = { KakaoTalk = 869223134; Across = 6444851827; - Flighty = 1358823008; - Numbers = 409203825; - Pages = 409201541; - Keynote = 409183694; Bitwarden = 1352778147; }; - taps = [ ]; + taps = builtins.attrNames config.nix-homebrew.taps; - # `brew install` + # WARNING only include those not in nixpkgs brews = [ - "wget" - "curl" # do not install curl via nixpkgs, it's not working well on macOS! - "nvm" - "uv" - "openjdk" - "openjdk@21" - "openjdk@17" - "neovim" - "ripgrep" - "tree-sitter" + "gemini-cli" ]; - # `brew install --cask` casks = [ - "alt-tab" - "bruno" - "discord" - "google-chrome" - "iina" - "intellij-idea" - "jordanbaird-ice" - "keka" - "raycast" - "rectangle" - "slack" - "stats" - "telegram" - "visual-studio-code" - "zoom" - "claude" "batfi" - "docker-desktop" - "cursor" - "daisydisk" - "ghostty" "hammerspoon" - "hancom-docs" - "logi-options+" - "notion" - "onyx" - "shottr" + "shottr" # stable version dmg link not found "arc" - "obsidian" - "antigravity" - "figma" - - # Fonts - "font-fontawesome" - "font-jetbrains-mono-nerd-font" - "font-meslo-lg-nerd-font" - "font-d2coding" - "font-fira-code-nerd-font" - "font-symbols-only-nerd-font" - "font-material-design-icons-webfont" - "font-pretendard" + "codex" + "claude-code" ]; }; } diff --git a/modules/host-users.nix b/modules/host-users.nix index 079befd..9df535e 100644 --- a/modules/host-users.nix +++ b/modules/host-users.nix @@ -2,18 +2,13 @@ username, hostname, ... -} @ args: -############################################################# -# -# Host & Users configuration -# -############################################################# -{ - networking.hostName = hostname; - networking.computerName = hostname; - system.defaults.smb.NetBIOSName = hostname; +}: { + networking = { + hostName = hostname; + computerName = hostname; + localHostName = hostname; + }; - # Define a user account. Don't forget to set a password with ‘passwd’. users.users."${username}" = { home = "/Users/${username}"; description = username; diff --git a/modules/nix-core.nix b/modules/nix-core.nix index 721ee99..cee556b 100644 --- a/modules/nix-core.nix +++ b/modules/nix-core.nix @@ -1,20 +1,28 @@ -{ pkgs, ... }: - { - nix.settings = { - # enable flakes globally - experimental-features = ["nix-command" "flakes"]; + pkgs, + lib, + ... +}: { + nix = { + enable = true; + package = pkgs.nix; + + settings = { + experimental-features = [ + "nix-command" + "flakes" + ]; + substituters = ["https://nix-community.cachix.org"]; + trusted-public-keys = [ + "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" + ]; + builders-use-substitutes = true; + auto-optimise-store = false; # issue https://github.com/NixOS/nix/issues/7273 + }; + + gc = { + automatic = lib.mkDefault true; + options = lib.mkDefault "--delete-older-than 7d"; + }; }; - - # Allow unfree packages - nixpkgs.config = { - allowUnfree = true; - allowBroken = true; - }; - - # Auto upgrade nix package and the daemon service. - nix.package = pkgs.nix; - - # Enable Determinate - nix.enable = false; } diff --git a/modules/system.nix b/modules/system.nix index f41a4d2..3936253 100644 --- a/modules/system.nix +++ b/modules/system.nix @@ -1,21 +1,17 @@ -{ pkgs, config, username, ... }: - - ################################################################################### - # - # macOS's System configuration - # - # All the configuration options are documented here: - # https://daiderd.com/nix-darwin/manual/index.html#sec-options - # Incomplete list of macOS `defaults` commands : - # https://github.com/yannbertrand/macos-defaults - # - ################################################################################### { + pkgs, + config, + username, + hostname, + ... +}: { + time.timeZone = "Asia/Seoul"; + system = { primaryUser = username; stateVersion = 6; - # activationScripts are executed every time you boot the system or run `nixos-rebuild` / `darwin-rebuild`. + # symlink /Applications/Nix Apps to /Applications for Spotlight activationScripts.extraActivation.text = '' # activateSettings -u will reload the settings from the database and apply them to the current session, # so we do not need to logout and login again to make the changes take effect. @@ -26,46 +22,42 @@ env = pkgs.buildEnv { name = "system-applications"; paths = config.environment.systemPackages; - pathsToLink = "/Applications"; + pathsToLink = ["/Applications"]; }; in pkgs.lib.mkForce '' - # Set up applications. - echo "setting up /Applications..." >&2 - rm -rf /Applications/Nix\ Apps - mkdir -p /Applications/Nix\ Apps - find ${env}/Applications -maxdepth 1 -type l -exec readlink '{}' + | - while read -r src; do - app_name=$(basename "$src") - echo "copying $src" >&2 - ${pkgs.mkalias}/bin/mkalias "$src" "/Applications/Nix Apps/$app_name" - done - ''; + # Set up applications. + echo "setting up /Applications..." >&2 + rm -rf /Applications/Nix\ Apps + mkdir -p /Applications/Nix\ Apps + find ${env}/Applications -maxdepth 1 -type l -exec readlink '{}' + | + while read -r src; do + app_name=$(basename "$src") + echo "copying $src" >&2 + ${pkgs.mkalias}/bin/mkalias "$src" "/Applications/Nix Apps/$app_name" + done + ''; defaults = { - # login window loginwindow = { - GuestEnabled = false; # disable guest user - SHOWFULLNAME = true; # show full name in login window + GuestEnabled = false; }; - # control center controlcenter = { - Sound = false; - Bluetooth = false; AirDrop = false; + BatteryShowPercentage = false; + Bluetooth = false; Display = false; + FocusModes = false; NowPlaying = false; + Sound = false; }; - # clock menuExtraClock = { Show24Hour = true; - ShowAMPM = false; ShowDayOfWeek = false; }; - - # dock + dock = { autohide = true; autohide-delay = 0.01; @@ -75,38 +67,69 @@ tilesize = 50; magnification = true; largesize = 70; - wvous-bl-corner = 11; + showMissionControlGestureEnabled = true; }; - # finder finder = { AppleShowAllFiles = true; + AppleShowAllExtensions = true; ShowStatusBar = true; ShowPathbar = true; - FXPreferredViewStyle = "Nlsv"; - AppleShowAllExtensions = true; - QuitMenuItem = true; + FXPreferredViewStyle = "clmv"; + FXRemoveOldTrashItems = true; + _FXEnableColumnAutoSizing = true; _FXShowPosixPathInTitle = true; _FXSortFoldersFirst = true; + _FXSortFoldersFirstOnDesktop = true; FXEnableExtensionChangeWarning = false; - NewWindowTarget = "Home"; + FXDefaultSearchScope = "SCcf"; + NewWindowTarget = "Other"; + NewWindowTargetPath = "/Users/${username}/Downloads"; + ShowExternalHardDrivesOnDesktop = true; + ShowHardDrivesOnDesktop = true; + ShowMountedServersOnDesktop = true; + ShowRemovableMediaOnDesktop = true; + QuitMenuItem = true; }; - # trackpad trackpad = { Clicking = true; - TrackpadRightClick = true; # enable two finger right click - TrackpadThreeFingerDrag = true; # enable three finger drag + TrackpadRightClick = true; # two finger right click + TrackpadThreeFingerDrag = true; + TrackpadFourFingerHorizSwipeGesture = 2; # swipe between full-screen applications + TrackpadFourFingerVertSwipeGesture = 2; # down for Mission Control, up for App Expose + TrackpadPinch = true; + TrackpadThreeFingerHorizSwipeGesture = 0; # disable for three finger drag + TrackpadThreeFingerVertSwipeGesture = 0; # disable for three finger drag + TrackpadTwoFingerDoubleTapGesture = true; # smart zoom + TrackpadTwoFingerFromRightEdgeSwipeGesture = 0; }; - # customize settings that not supported by nix-darwin directly - # Incomplete list of macOS `defaults` commands : - # https://github.com/yannbertrand/macos-defaults + screensaver = { + askForPassword = true; + askForPasswordDelay = 0; + }; + + smb = { + NetBIOSName = hostname; + ServerDescription = hostname; + }; + + WindowManager = { + AppWindowGroupingBehavior = true; + EnableStandardClickToShowDesktop = false; + EnableTilingByEdgeDrag = false; + EnableTilingOptionAccelerator = false; + EnableTopTilingByEdgeDrag = false; + StandardHideDesktopIcons = true; + StandardHideWidgets = true; + }; + + # Customize settings that not supported by nix-darwin directly + # source: https://github.com/yannbertrand/macos-defaults NSGlobalDomain = { - # `defaults read NSGlobalDomain "xxx"` - "com.apple.swipescrolldirection" = true; AppleInterfaceStyle = "Dark"; - AppleKeyboardUIMode = 3; + AppleKeyboardUIMode = 2; ApplePressAndHoldEnabled = false; InitialKeyRepeat = 15; KeyRepeat = 2; @@ -115,6 +138,7 @@ AppleScrollerPagingBehavior = true; AppleEnableMouseSwipeNavigateWithScrolls = true; AppleEnableSwipeNavigateWithScrolls = true; + AppleSpacesSwitchOnActivate = true; NSAutomaticCapitalizationEnabled = false; NSAutomaticDashSubstitutionEnabled = false; @@ -126,49 +150,15 @@ NSTableViewDefaultSizeMode = 2; "com.apple.keyboard.fnState" = true; + "com.apple.sound.beep.feedback" = 0; }; # Customize settings that not supported by nix-darwin directly - # see the source code of this project to get more undocumented options: - # https://github.com/rgcr/m-cli - # - # All custom entries can be found by running `defaults read` command. - # or `defaults read xxx` to read a specific domain. - CustomUserPreferences = { - ".GlobalPreferences" = { - # automatically switch to a new space when switching to the application - AppleSpacesSwitchOnActivate = true; - }; - NSGlobalDomain = { - # Add a context menu item for showing the Web Inspector in web views - WebKitDeveloperExtras = true; - }; - "com.apple.finder" = { - ShowExternalHardDrivesOnDesktop = true; - ShowHardDrivesOnDesktop = true; - ShowMountedServersOnDesktop = true; - ShowRemovableMediaOnDesktop = true; - _FXSortFoldersFirst = true; - # When performing a search, search the current folder by default - FXDefaultSearchScope = "SCcf"; - }; + CustomSystemPreferences = { "com.apple.desktopservices" = { - # Avoid creating .DS_Store files on network or USB volumes DSDontWriteNetworkStores = true; DSDontWriteUSBStores = true; }; - "com.apple.WindowManager" = { - EnableStandardClickToShowDesktop = 0; # Click wallpaper to reveal desktop - StandardHideDesktopIcons = 0; # Show items on desktop - HideDesktop = 0; # Do not hide items on desktop & stage manager - StageManagerHideWidgets = 0; - StandardHideWidgets = 0; - }; - "com.apple.screensaver" = { - # Require password immediately after sleep or screen saver begins - askForPassword = 1; - askForPasswordDelay = 0; - }; "com.apple.AdLib" = { allowApplePersonalizedAdvertising = false; }; @@ -182,70 +172,34 @@ }; }; - # keyboard settings is not very useful on macOS - # the most important thing is to remap option key to alt key globally, - # but it's not supported by macOS yet. keyboard = { - enableKeyMapping = true; # enable key mapping so that we can use `option` as `control` - - # NOTE: do NOT support remap capslock to both control and escape at the same time - remapCapsLockToControl = false; # remap caps lock to control, useful for emac users - remapCapsLockToEscape = false; # remap caps lock to escape, useful for vim users + enableKeyMapping = true; # enable key mapping so that we can use `option` as `control` }; }; # Add ability to used TouchID for sudo authentication security.pam.services.sudo_local.touchIdAuth = true; - # Create /etc/zshrc that loads the nix-darwin environment. - # this is required if you want to use darwin's default shell - zsh programs.zsh = { enable = true; - enableCompletion = true; - enableAutosuggestions = true; - enableFastSyntaxHighlighting = true; - enableFzfCompletion = true; - enableFzfGit = true; - enableFzfHistory = true; - promptInit = '' - fastfetch - source ${pkgs.zsh-powerlevel10k}/share/zsh-powerlevel10k/powerlevel10k.zsh-theme - source ${pkgs.zsh-fzf-tab}/share/fzf-tab/fzf-tab.plugin.zsh - ''; }; environment = { shells = [ pkgs.zsh ]; - shellAliases = { - ls = "lsd --color=auto"; - l = "lsd -lhG"; - lt = "l --tree"; - ll = "lsd -alhG"; - lh = "lsd -dl .*"; - lsd = "lsd --group-directories-first"; - filecount="find . -type f | wc -l"; - cat = "bat --color=always"; - man = "tldr"; - nixrebuild = "sudo darwin-rebuild switch --flake ~/.config/nix-darwin"; - nixupgrade = "cd ~/.config/nix-darwin && nix flake update"; - nixconfig = "nvim ~/.config/nix-darwin"; - sshconfig = "nvim ~/.ssh/config"; - - # git - g = "git"; - gaa = "git add --all"; - gcm = "git commit -m"; - gca = "git commit --amend"; - gst = "git status"; - gco = "git checkout"; - gl = "git pull"; - gp = "git push"; - glg = "git log --graph --pretty='%Cred%h%Creset -%C(auto)%d%Creset %s %Cgreen(%ad) %C(bold blue)<%an>%Creset' --date=short"; - }; }; - # Set your time zone. - time.timeZone = "Asia/Seoul"; + fonts = { + packages = with pkgs; [ + material-design-icons + font-awesome + pretendard + nerd-fonts.symbols-only + nerd-fonts.jetbrains-mono + nerd-fonts.d2coding + nerd-fonts.iosevka + nerd-fonts.meslo-lg + ]; + }; } diff --git a/result b/result deleted file mode 120000 index 6007f38..0000000 --- a/result +++ /dev/null @@ -1 +0,0 @@ -/nix/store/wqavdqq4f3j9gwymsj724hz9jkjwa3gf-darwin-system-25.05.73d5958 \ No newline at end of file diff --git a/secrets/poby.yaml b/secrets/poby.yaml new file mode 100644 index 0000000..57f8f7d --- /dev/null +++ b/secrets/poby.yaml @@ -0,0 +1,17 @@ +github_ssh_key: ENC[AES256_GCM,data:nlZoOfyEMRj2U+P2ANao+ATS90zr8h4c+mVCu1JVoNpC50DBjyMl3eZDCDERISLHf0JWbg0wAZZbPI0Xp2KvZ9D4g+59Dd+F2csgAxUbTL0QPNkgFzSWQNINPR+pabf8phfWKFBJpBD66R8CGY0g8qM9oCJVGM2sGevdAKlhEHk5qsKZ48N0XdSzwXDxYpAeSt0Lz5mcuu8ndUZq+VJs744pLNd6Br6X6wgYJ8HpOXnzyequRer/Tp/EiX5Wel+Nu4JnlXa74ziv/AVqVdZS+mLylT1Cr+fnT3rASMHtA3KFokKlnoBzmJKlqKOcC9hCg7JApLn9s/iyWaC9AbFqZzEolwB0C9TkY3UHD6f5Eph0jaZemsI8DA1+CB39La48snLy0FraQ2yBdjQB/SwcO34OwqZaNHy6FaK5vNSMnDmlhC+FZkdHt6XkUMv8EZewLSA4WxkTuDE2fgF+NVoBNiSe4G9Fpmrl4h6Adp5pIxivthJPVEmudkTB1Q8TNp2yS2NLlWarUrgELNbGBgG0KocF3F6CXJKC8KNwI3x5cgW8GOB02h3EQGOmazTBUAOwjkZZ0V/8jzbEhRyEcou0LyhY6Ls/ltLaAAo6mtBaOB0=,iv:PNdvBAlSLsW2SxoiajXD6nCgl9EXFzR2SRfo6Ynj4iQ=,tag:qGMtoaigw1iEMET99PVSbw==,type:str] +github_cli_token: ENC[AES256_GCM,data:yaJZb5MUeiyBu2LJIgfJ6nX0TL2XdPvZn0IuSMIaxdy5LMyg4NQZkg==,iv:Q+dGU0bPznY5cexiailAzPKgsm0YuOKpGXIAaPh3hNs=,tag:tZKAUVK3H04xD8FMZ2KBsA==,type:str] +sops: + age: + - recipient: age1qeyrh6e40nek3da4mnj298cy2l3aswe7432us30d2p93akcvp9zqext63j + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQaUt1Y1hFS1N0djNEU3NQ + QjFIMk9GZkxoeks2WUx0WlBNblR6dEpSZ2tBCkl3Wk1xaDlXWEFnYkIzZ2J3bUxw + bTltMDJtWEMrZ0NsbzFtTEQyelJsODQKLS0tIHFCYlZGalp2UVpIWTBRdUVob3JM + QXQ3YUkxWnk2U0hacjBMZDQ5WlNFQTAKzzzcoCZg7iNg5QoajxSpP1ka5qIIfaNE + 5VMXcX4qL0OszsO3j3ShYIT02m3XqkSeaOMSz+uty2BWtPCDZoLHrg== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2026-03-14T12:35:18Z" + mac: ENC[AES256_GCM,data:HUZRdHhmybKofm8xI44Q95b9oizFsvRO+SkJ742KO31rFfYhTp9/PYw3+7JxROY7mMyQKrEvRLYcWB97gv3zaDXhevIdBM+wEp9xvpLJ732G9jccarmYqHaAzPsyVUof/I6fyQMFLCcdCmniPR/UihOcmuQpMWjxJ5xr0rerRFA=,iv:o67tqpx4YfvwFNEuXK9ZWIp/b4GXuzWlRbbHw/kEQHQ=,tag:PZyk2G9reLy15yiw8LV/eA==,type:str] + unencrypted_suffix: _unencrypted + version: 3.12.1