diff --git a/.gitignore b/.gitignore index 212281c..8b21503 100644 --- a/.gitignore +++ b/.gitignore @@ -6,3 +6,4 @@ .helix .pre-commit-config.yaml result +*.local.* diff --git a/.sops.yaml b/.sops.yaml index 463dde1..f9f42e4 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -3,15 +3,17 @@ # SPDX-License-Identifier: MIT keys: - - &laptop age1thulhunl9qf552rnlvhrdjrfy3udhfy43389them5her09ycrwcsqdjd25q + - &laptop age1thulhunl9qf552rnlvhrdjrfy3udhfy43389thm5ehr09ycrwcsqdjd25q - &vpn age1emavxf6jydt0f8nt7y5xyagthhh0hcc3f0kthtt2yx0am7df3vdqw7uwk6 - &vpn_ssh age1gqtj74kr2yumd7wkaf83j2ctlmltv6ykvkwna4thjjmr0v0tts6qnt5dc0 - &builder age1emavxf6jydt0f8nt7y5xyagthhh0hcc3f0kthtt2yx0am7df3vdqw7uwk6 + - &raspi age19mg5f2p7pwjqgnzu6upe7jezknr68ufjppn0h5eunmgzdgykggjqzkj5la creation_rules: - - path_regex: secrets/* + - path_regex: sops/* key_groups: - age: - *laptop - *vpn - *vpn_ssh - *builder + - *raspi diff --git a/flake.lock b/flake.lock index 97b3b07..1467a72 100644 --- a/flake.lock +++ b/flake.lock @@ -146,6 +146,9 @@ "git-hooks-nix": [ "git-hooks-nix" ], + "helix": [ + "helix" + ], "lix-module": [ "lix-module" ], @@ -157,11 +160,11 @@ ] }, "locked": { - "lastModified": 1752566655, - "narHash": "sha256-w1Shlyy4dlAwtOb8NJ9XMs2FUD030WLgHWxOBQsh8bk=", + "lastModified": 1752789776, + "narHash": "sha256-1GlRsbIJ8+j5tVTnNZJNV2UiGkNSPND9QM/AhwvPreU=", "ref": "main", - "rev": "193dbe8d030aa6784eae9acb211c4cfda404ed65", - "revCount": 11, + "rev": "657a888b00d75b2b341e74752d421b8a5f18cb22", + "revCount": 19, "type": "git", "url": "https://git.sudoer777.dev/me/nix-flake-base.git" }, @@ -358,6 +361,25 @@ "type": "github" } }, + "helix": { + "inputs": { + "nixpkgs": "nixpkgs_4", + "rust-overlay": "rust-overlay" + }, + "locked": { + "lastModified": 1752674572, + "narHash": "sha256-rCAwXmLQJQVHRpquWTQV1fDurHhf4beUzqDi6FVkdEo=", + "owner": "helix-editor", + "repo": "helix", + "rev": "2ee11a0a9d9b9951b5b64b54be05379cc030230b", + "type": "github" + }, + "original": { + "owner": "helix-editor", + "repo": "helix", + "type": "github" + } + }, "home-manager": { "inputs": { "nixpkgs": [ @@ -365,11 +387,11 @@ ] }, "locked": { - "lastModified": 1752780113, - "narHash": "sha256-w312x4qtwWzJZSLG8c9srlr/hQTh1IfyOaV40xmg4Fg=", + "lastModified": 1752783339, + "narHash": "sha256-RXxejsGIWtJ5rJKLAm8Kh159euZHPMi7CtbOoHLsm2c=", "owner": "nix-community", "repo": "home-manager", - "rev": "e595fe1df49d75e971b33f311e365f032089f450", + "rev": "7c78e592a895f2f1921f0024848fe193e2f8518e", "type": "github" }, "original": { @@ -483,6 +505,22 @@ } }, "nixpkgs_4": { + "locked": { + "lastModified": 1740560979, + "narHash": "sha256-Vr3Qi346M+8CjedtbyUevIGDZW8LcA1fTG0ugPY/Hic=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "5135c59491985879812717f4c9fea69604e7f26f", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_5": { "locked": { "lastModified": 1752747119, "narHash": "sha256-2Kp9St3Pbsmu+xMsobLcgzzUxPvZR7alVJWyuk2BAPc=", @@ -498,7 +536,7 @@ "type": "github" } }, - "nixpkgs_5": { + "nixpkgs_6": { "locked": { "lastModified": 1752480373, "narHash": "sha256-JHQbm+OcGp32wAsXTE/FLYGNpb+4GLi5oTvCxwSoBOA=", @@ -514,7 +552,7 @@ "type": "github" } }, - "nixpkgs_6": { + "nixpkgs_7": { "locked": { "lastModified": 1747958103, "narHash": "sha256-qmmFCrfBwSHoWw7cVK4Aj+fns+c54EBP8cGqp/yK410=", @@ -533,14 +571,14 @@ "nur": { "inputs": { "flake-parts": "flake-parts_2", - "nixpkgs": "nixpkgs_5" + "nixpkgs": "nixpkgs_6" }, "locked": { - "lastModified": 1752764131, - "narHash": "sha256-ICuzcl6k4/zxjsXjMm+CIDHroLSuVPYEWAZvjMsZtbg=", + "lastModified": 1752785475, + "narHash": "sha256-Lcy5RBPP0+EzUHboRaM1gPSHKwKJQF1e2qj/EOYsmGQ=", "owner": "nix-community", "repo": "NUR", - "rev": "a354aa8bcab5191c01acba64b4fdc81ede297757", + "rev": "12d87205784d8600ad091054f2d8458721e362ed", "type": "github" }, "original": { @@ -581,16 +619,38 @@ "flake-lib": "flake-lib", "flake-parts": "flake-parts", "git-hooks-nix": "git-hooks-nix", + "helix": "helix", "home-manager": "home-manager", "lix-module": "lix-module", "nixgl": "nixgl", - "nixpkgs": "nixpkgs_4", + "nixpkgs": "nixpkgs_5", "nur": "nur", "sops-nix": "sops-nix", "stylix": "stylix", "treefmt-nix": "treefmt-nix" } }, + "rust-overlay": { + "inputs": { + "nixpkgs": [ + "helix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1740623427, + "narHash": "sha256-3SdPQrZoa4odlScFDUHd4CUPQ/R1gtH4Mq9u8CBiK8M=", + "owner": "oxalica", + "repo": "rust-overlay", + "rev": "d342e8b5fd88421ff982f383c853f0fc78a847ab", + "type": "github" + }, + "original": { + "owner": "oxalica", + "repo": "rust-overlay", + "type": "github" + } + }, "sops-nix": { "inputs": { "nixpkgs": [ @@ -773,7 +833,7 @@ }, "treefmt-nix": { "inputs": { - "nixpkgs": "nixpkgs_6" + "nixpkgs": "nixpkgs_7" }, "locked": { "lastModified": 1752055615, diff --git a/flake.nix b/flake.nix index d35141d..b795c39 100644 --- a/flake.nix +++ b/flake.nix @@ -15,6 +15,7 @@ lix-module.follows = "lix-module"; nixpkgs.follows = "nixpkgs"; treefmt-nix.follows = "treefmt-nix"; + helix.follows = "helix"; }; }; @@ -48,6 +49,7 @@ inputs.nixpkgs.follows = "nixpkgs"; }; treefmt-nix.url = "github:numtide/treefmt-nix"; + helix.url = "github:helix-editor/helix"; }; outputs = inputs@{ flake-parts, ... }: @@ -80,12 +82,24 @@ "SOPS" "Stylix" ]; + excludes = [ + ".sops.yaml" + "sops/*" + ]; }; markdown.enable = true; nix.enable = true; toml.enable = true; yaml.enable = true; }; + pre-commit.settings.excludes = [ + ".sops.yaml" + "sops" + ]; + treefmt.settings.global.excludes = [ + ".sops.yaml" + "sops/*" + ]; devshells.default = { packages = [ pkgs.forgejo-cli ]; devshell = { diff --git a/home-manager/base.nix b/home-manager/base.nix index cb568bb..1991b4c 100644 --- a/home-manager/base.nix +++ b/home-manager/base.nix @@ -466,11 +466,12 @@ in ]; }; }; - direnv = { - enable = true; - mise.enable = true; - nix-direnv.enable = true; - }; + # TODO: Is currently broken + # direnv = { + # enable = true; + # mise.enable = true; + # nix-direnv.enable = true; + # }; }; services = { gpg-agent = { diff --git a/sops/secrets.yaml b/sops/secrets.yaml index 438a387..49ebb9d 100644 --- a/sops/secrets.yaml +++ b/sops/secrets.yaml @@ -2,37 +2,46 @@ # # SPDX-License-Identifier: MIT -openrouter_api_key: ENC[AES256_GCM,data:V/JK4bZb6ps22fseIz01AuXqHG+jGy1un3GzJNR5JL2y7WynHdVp9xsK01D4HoYApxYhbKG87VM2/40MSdfu46Rd7e6BwGCaiw==,iv:BMHPFzpu99911v3tBNvuZSzRiXpi+hJ+o/aGL3O/xPc=,tag:iXNV+chWGbUKUaghv6Rytw==,type:str] +openrouter_api_key: ENC[AES256_GCM,data:1/KzXXeYw35sp5MdW4ofnuMyWAc8e+t4f5Q58XuvPSxlOeAow8a51YDMcgAYl7Y9f9BUYQKdEXakUi5cmZNEtSHEZigFY9lVmw==,iv:v7cAy26YkNuOZFmJtSXIAYUd3rQinSKLch0Lfazj0yE=,tag:UBUbOnthVRqpd8m8oueAjQ==,type:str] sops: age: - - recipient: age1thulhunl9qf552rnlvhrdjrfy3udhfy43389them5her09ycrwcsqdjd25q + - recipient: age1thulhunl9qf552rnlvhrdjrfy3udhfy43389thm5ehr09ycrwcsqdjd25q enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDbkV1UUo0b0FzSVZ6ZTUw - cjdFNkpVOXFRanNuQkZWTlo4MjNVUTlyS1d3Ck9LVW9aemRTaFdLV0xnRGFuZUhT - QW5ab29kWmFjOWpvOEdXWjRMUkZWYUUKLS0tIHcxbWVjMlFMR2p4eWFrL1o5U3RR - akhEeWtRRHN5OG9ndzRVRS8rcm45RFEKa3Blj75nqr/tlzsHR4TIuGmUZiQvC2xI - cS1Zaja1WlcdRw6S8YapYF3jpP9fCPLun4vDQTPfuqMTt2R38TrO1w== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvaDl4cFJUZmVTS3JYZVI5 + WVFleU9CeUhZVG1VUE5sZWpHaHRwR0RBdmxVCjBZb2d3OUVuMVk4dGdrNzdIejVW + emM5UUdhM1d6c1BnTkR5enhQOWlVZGcKLS0tIHdKUFc5bmdmdUxWY1hObWZOL3h5 + M2NNVVZrTGFzVkxrSzNmamhuQU5vWTgKF/j5HPmhyZ/LicQlqQhvAHaGPXXlhTJ0 + wic+KOJKe+aALFtsrwFVKnZrZKYu9z5SzRPzcvvUH1MCtHIrlU3jOQ== -----END AGE ENCRYPTED FILE----- - recipient: age1emavxf6jydt0f8nt7y5xyagthhh0hcc3f0kthtt2yx0am7df3vdqw7uwk6 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3MmphS0kwMkh5eVAveGFy - eVVqb3dITFRQQWx4cUdybXlNMGNEbUlDcVNRCkVkQlh5eGo0SkNVQ3k5c25LQUxU - ZHlMdEEvRXBMQVFVVjZtK2U1cU9KRTQKLS0tIGtlMHJRbThhZHBvSHlFQlFIdEtT - d25YNzhHekQrSUtyNklBcVIwalY3ek0KVYnN1qvmmcVPWZ1u+HwM8Ua+BbMOky7B - qXLuKB7yz2/utw9ACm6kzd28CB5kBIELdsv0GvmexV73cYe7h/w71w== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByYTU0UHhaeEZVa0wxbHEv + NHVpa3pleDNhbFY1YzZXSzYxaE40dnUzcUVzCmYwY1M4cm1oclBrWUZlb2hoS0Vx + WmVTVTB0bTM4NmRMdE4zbmZSZTF4NVEKLS0tIE5jdFk3MmVpcUZHSzVmT2ZyZVhu + Rkk1NVpONHNrRFZrWHNlRVRzYnl6b3cKrDdWnmvJDwiXxdTew4TGG9orgsi4Lu3V + X5P+nN2TGxsVe187nmOi3UDTNB2jJnR4YsukyFykZ47DswrL70qTHw== -----END AGE ENCRYPTED FILE----- - recipient: age1gqtj74kr2yumd7wkaf83j2ctlmltv6ykvkwna4thjjmr0v0tts6qnt5dc0 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1QmJsOEJGM2JOV2FRQ0Y2 - Ui9uRGNmTkRneUpLR3ZRb0VqYWJvTlRzOHlJCkgwa0R6em1andWMvVDZ6cW5idElz - UG8zaVNAndWJiRStocHkzc1Z2T0dVVWMKLS0tIHhSTEgwRXpPdXR2b1BqQnF2RVp4 - bUZvN0pwdHBuYkN5M2JaOVExcXVFcmcKGPvIgMyzqBI2fUCU/83rPjnRHVKm0G43 - nCbcF+TwcvNzgS8rGD3of8OeyK3D03jIJla9zVFBSWZ/zA5YHIHkgg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1Ykk0TkhhSWI0NE52bUlV + NUFKYmRaREI4OGJXcldKOTFrd25wc2o0cGlrCmV0eDZlbDRodzBkSDNHK1BtdUtU + MUV6M3MxVkphWGtxeHc1QkMwZW00OVkKLS0tIE9XYlFYay80dDNvbnVhWE1oaXRh + SnFadEFOZVYzVitUeHNJMHk1eERMVUEKXLFCMOAX4AJSxy1UcsRxgC0CImUD4wEh + mVmmkokEqgwIyQgztRHom2/6uHh55evZSW+XxbzupoDPBTWoTiSIlA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-07-08T06:03:47Z" - mac: ENC[AES256_GCM,data:QDbGVibN23+BYfPfpw49qPVKF2k76ANaaMaxcWDIaPHvNdIcT+CdNl6Y+HJgayZjBA8W03djnm7Sts+4ijt8+SWuw5pHBmSqs4h5cZ7Vb2SAKjTYz2vPKb3aBHChWLpeIeL9Ihcn2GKqAl8D7PUP7i+YvC8Owr+U5xND/zaHCJ8=,iv:5ERCUXnjVpiOBLeswkEYT/R3sHqBF6kyDZ78L8/pyTo=,tag:Dki4cKMF66MxqBLbjuItZg==,type:str] + - recipient: age19mg5f2p7pwjqgnzu6upe7jezknr68ufjppn0h5eunmgzdgykggjqzkj5la + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoNUdBRGRGRGRDaFZtT3hU + OHJDd2E4cmtaWTRvL0RpcCtwbEVZL2J6N0hNCmZFOW1DOU1GbFdFYzJpVWVaVFBa + Z0J6S0NNVkR4aDJnc3FOWUZQZitEaUkKLS0tIDdrcFNNbmVING5QaXpINjV5cUl5 + c1RISGFPUlIwOXhVTkJKYTJTc0N4cXMKL4EZLRC1xYzn+33lhbeMv/3bqQtxMMVA + UQ7RwbXHILo8AODQY+xXv4+j//wX/MU6ZoUW1tW0vJ6U9qXx9Ez6dQ== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-07-17T22:06:42Z" + mac: ENC[AES256_GCM,data:bvoNDtqM1ST50wjzhdXw1GPHM0D4Gfj3dUZJFol4qudN4mh/qgXIxgCxSDknZSXQ53ed9beDEZF34zmIN3xwy9ygJmghU4hZNUYBN+Ux8xaRT55L+cW4mBGB12DtbDiBXqmkZGTiIWcgj3TYVjOZbvmahJkpRkEevk6jvonTa7c=,iv:PODs60uQYwuc6ecfKh1yE/SBXqA5clVWqevL57H3pIw=,tag:C8sLoSlsNF0Jvi0KKlP0jg==,type:str] unencrypted_suffix: _unencrypted version: 3.10.2