localModules -> local

moved keys to their own module

updated nix

switching pinning method

.sops.yaml

@@ -3,16 +3,16 @@ keys:
   - &moms-laptop age1vxx3qdsucv2v2slag67c4f0kwd8jtta4tue6m8d9xfl4ryrqvyusxgwl68
   - &game-laptop age1egxes320renph0uevtmnsz4d5aw0z794c5nwrk2z6249wv2yevgqx9cf90
 creation_rules:
-  - path_regex: systems/gerg-desktop/secrets.yaml$
+  - path_regex: hosts/gerg-desktop/secrets.yaml$
     key_groups:
     - age:
       - *gerg-desktop
-  - path_regex: systems/moms-laptop/secrets.yaml$
+  - path_regex: hosts/moms-laptop/secrets.yaml$
     key_groups:
     - age:
       - *moms-laptop
       - *gerg-desktop
-  - path_regex: systems/game-laptop/secrets.yaml$
+  - path_regex: hosts/game-laptop/secrets.yaml$
     key_groups:
     - age:
       - *game-laptop

flake.lock

@@ -7,11 +7,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1687747614,
+        "lastModified": 1687968164,
-        "narHash": "sha256-KXspKgtdO2YRL12Jv0sUgkwOwHrAFwdIG/90pDx8Ydg=",
+        "narHash": "sha256-L9jr2zCB6NIaBE3towusjGBigsnE2pMID8wBGkYbTS4=",
         "owner": "nix-community",
         "repo": "disko",
-        "rev": "fef67a1ddc293b595d62a660f57deabbcb70ff95",
+        "rev": "8002e7cb899bc2a02a2ebfb7f999fcd7c18b92a1",
         "type": "github"
       },
       "original": {
@@ -27,11 +27,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1687390847,
+        "lastModified": 1688267694,
-        "narHash": "sha256-T75KT5XFPMvmHOdxuoWotI+vCIM2cM5192QxLxenudU=",
+        "narHash": "sha256-dU20pHcJkr08p9kJij4vLWGLahmXC09Fl22ywO24quQ=",
         "owner": "gerg-L",
         "repo": "fetch-rs",
-        "rev": "a571c0c6768db9c643cc81735a1a12799d09ed4e",
+        "rev": "45b0a9038ac0b73b2f37e16d83143f5d869595a0",
         "type": "github"
       },
       "original": {
@@ -74,11 +74,11 @@
     },
     "master": {
       "locked": {
-        "lastModified": 1687829807,
+        "lastModified": 1688270854,
-        "narHash": "sha256-3frHlJgnHai4BCR67iAn8rpOpVMYGGsxXP/RD9CJeug=",
+        "narHash": "sha256-GLH4R4BseIDNrs6TukaXgzjKgFT0mSrYwS2bc+WZ0lM=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "71a84fc822c1d8f41d6b70ce31c600dd45dc7ac3",
+        "rev": "3454e7a9c8c78ee815bd2d5d3ff8a977f4d419f3",
         "type": "github"
       },
       "original": {
@@ -90,16 +90,17 @@
     "neovim-src": {
       "flake": false,
       "locked": {
-        "lastModified": 1686422003,
+        "lastModified": 1688085369,
-        "narHash": "sha256-Ekqqm2/FigfyhuCfx1BkePPsABdTwm7PJdiTaHPXems=",
+        "narHash": "sha256-g/2k/heQXYN38xutKf3JoeAe3bpmLswR/F8oupPzxdM=",
         "owner": "neovim",
         "repo": "neovim",
-        "rev": "302d3cfb96d7f0c856262e1a4252d058e3300c8b",
+        "rev": "d7bb19e0138c7363ed40c142972c07e4e1912785",
         "type": "github"
       },
       "original": {
         "owner": "neovim",
         "repo": "neovim",
+        "rev": "d7bb19e0138c7363ed40c142972c07e4e1912785",
         "type": "github"
       }
     },
@@ -111,17 +112,17 @@
         "nixpkgs-regression": "nixpkgs-regression"
       },
       "locked": {
-        "lastModified": 1686310844,
+        "lastModified": 1688234932,
-        "narHash": "sha256-QS9/9v+bPTKb7HtB9a5zb4a6+IErwpfhHaqwi0PN0K8=",
+        "narHash": "sha256-X0Tus1uP+tSBySLCUKlmV/Nv7Vfj4ljBL/ptsS0DQ6s=",
         "owner": "nixos",
         "repo": "nix",
-        "rev": "03f9ff6ea59d21c6d7b29c64a03d5041bd621261",
+        "rev": "7b39a388b382e7912de3c5951faad42fe2d72f48",
         "type": "github"
       },
       "original": {
         "owner": "nixos",
         "repo": "nix",
-        "rev": "03f9ff6ea59d21c6d7b29c64a03d5041bd621261",
+        "rev": "7b39a388b382e7912de3c5951faad42fe2d72f48",
         "type": "github"
       }
     },
@@ -148,11 +149,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1687743756,
+        "lastModified": 1688003049,
-        "narHash": "sha256-WhDERdaMGX73CBxpDfoauKU2Z4NC10+/4khdBbpXjWs=",
+        "narHash": "sha256-5oSxbv8OVSg2dOvycJ9eisacxF8e52N0PVUFryWWJmE=",
         "owner": "nix-community",
         "repo": "nixos-generators",
-        "rev": "844ce2ab9a0ba819b30df1fff2c48c9b2b2344be",
+        "rev": "bde0bc291c95b710dd63d5e5c422e47f760a1406",
         "type": "github"
       },
       "original": {
@@ -195,11 +196,11 @@
     },
     "nixpkgs-stable": {
       "locked": {
-        "lastModified": 1687031877,
+        "lastModified": 1688256355,
-        "narHash": "sha256-yMFcVeI+kZ6KD2QBrFPNsvBrLq2Gt//D0baHByMrjFY=",
+        "narHash": "sha256-/E+OSabu4ii5+ccWff2k4vxDsXYhpc4hwnm0s6JOz7Y=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "e2e2059d19668dab1744301b8b0e821e3aae9c99",
+        "rev": "f553c016a31277246f8d3724d3b1eee5e8c0842c",
         "type": "github"
       },
       "original": {
@@ -217,11 +218,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1686447176,
+        "lastModified": 1688269212,
-        "narHash": "sha256-d+chVhxA6k7uYyj9Ig+HL5TTiy62AUhp80n7r4b0CAI=",
+        "narHash": "sha256-psck0cUFcbmAadVbSqEkYqUDk6mFVBBnGEaNmLm1cFQ=",
         "owner": "gerg-L",
         "repo": "nvim-flake",
-        "rev": "8327aa444b285b7e4d042c609c118e4eb38d8376",
+        "rev": "32f337f1dda040aa2d1b2126ba5a16ff5cfe5502",
         "type": "github"
       },
       "original": {
@@ -270,11 +271,11 @@
         "nixpkgs-stable": "nixpkgs-stable"
       },
       "locked": {
-        "lastModified": 1687398569,
+        "lastModified": 1688268466,
-        "narHash": "sha256-e/umuIKFcFtZtWeX369Hbdt9r+GQ48moDmlTcyHWL28=",
+        "narHash": "sha256-fArazqgYyEFiNcqa136zVYXihuqzRHNOOeVICayU2Yg=",
         "owner": "mic92",
         "repo": "sops-nix",
-        "rev": "2ff6973350682f8d16371f8c071a304b8067f192",
+        "rev": "5ed3c22c1fa0515e037e36956a67fe7e32c92957",
         "type": "github"
       },
       "original": {
@@ -290,8 +291,8 @@
         ]
       },
       "locked": {
-        "lastModified": 1687749665,
+        "lastModified": 1688271042,
-        "narHash": "sha256-wvpL4zqF5DoqkKuEkNVuvwXPBz7pnxc2c0z/a5FgndU=",
+        "narHash": "sha256-jO2i5SAX87yh7MJtZ2kmlWwFBC90TyeBWjCzcs6Z2Jk=",
         "path": "/home/gerg/Projects/spicetify-nix",
         "type": "path"
       },
@@ -302,11 +303,11 @@
     },
     "stable": {
       "locked": {
-        "lastModified": 1687729501,
+        "lastModified": 1688109178,
-        "narHash": "sha256-mTLkMePoHUWvTCf3NuKbeYEea/tsikSIKBWwb9OfRr4=",
+        "narHash": "sha256-BSdeYp331G4b1yc7GIRgAnfUyaktW2nl7k0C577Tttk=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "35130d4b4f0b8c50ed2aceb909a538c66c91d4a0",
+        "rev": "b72aa95f7f096382bff3aea5f8fde645bca07422",
         "type": "github"
       },
       "original": {
@@ -323,11 +324,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1686447653,
+        "lastModified": 1688270082,
-        "narHash": "sha256-SjCdEjI6h3y5279VM6MV6Xhmtx9Rmms9MNZw9D/l4jY=",
+        "narHash": "sha256-lx053lNJZy16NqeFe3Gqn/ePIiEVrU+TjBwLhMxxhmw=",
         "owner": "gerg-L",
         "repo": "suckless",
-        "rev": "3e7fb0d693fce7a1592abe692c315b213630222e",
+        "rev": "99103d012b56965005aabb9619c73e5a802b4284",
         "type": "github"
       },
       "original": {
@@ -338,11 +339,11 @@
     },
     "unstable": {
       "locked": {
-        "lastModified": 1687681650,
+        "lastModified": 1688049487,
-        "narHash": "sha256-M2If+gRcfpmaJy/XbfSsRzLlPpoU4nr0NHnKKl50fd8=",
+        "narHash": "sha256-100g4iaKC9MalDjUW9iN6Jl/OocTDtXdeAj7pEGIRh4=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "1c9db9710cb23d60570ad4d7ab829c2d34403de3",
+        "rev": "4bc72cae107788bf3f24f30db2e2f685c9298dc9",
         "type": "github"
       },
       "original": {

flake.nix

@@ -6,7 +6,7 @@
     stable.url = "github:nixos/nixpkgs/nixos-23.05";
     pipewire_fix.url = "github:nixos/nixpkgs/45a55711fe12d0aada3aa04746082cf1b83dfbf3";
     #nix 2.17
-    nix.url = "github:nixos/nix/03f9ff6ea59d21c6d7b29c64a03d5041bd621261";
+    nix.url = "github:nixos/nix/7b39a388b382e7912de3c5951faad42fe2d72f48";
 
     nixos-generators = {
       url = "github:nix-community/nixos-generators";

hosts/game-laptop/default.nix

@@ -3,7 +3,7 @@ _: {
   config,
   ...
 }: {
-  localModules = {
+  local = {
     remoteBuild.enable = true;
     DE.gnome.enable = true;
     DM = {
@@ -62,9 +62,9 @@ _: {
         uid = 0;
         home = "/root";
         openssh.authorizedKeys.keys = [
-          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAuO/3IF+AjH8QjW4DAUV7mjlp2Mryd+1UnpAUofS2yA gerg@gerg-phone"
+          config.local.keys.gerg_gerg-phone
-          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILpYY2uw0OH1Re+3BkYFlxn0O/D8ryqByJB/ljefooNc gerg@gerg-windows"
+          config.local.keys.gerg_gerg-windows
-          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJWbwkFJmRBgyWyWU+w3ksZ+KuFw9uXJN3PwqqE7Z/i8 gerg@gerg-desktop"
+          config.local.keys.gerg_gerg-desktop
         ];
         passwordFile = config.sops.secrets.root.path;
       };

hosts/gerg-desktop/containers/website.nix

@@ -1,4 +1,4 @@
-_:{
+_: {
   sops.secrets = {
     "website/sql_gitea" = {
       mode = "0444";
@@ -63,11 +63,11 @@ _:{
         gitea = {
           enable = true;
           appName = "Powered by NixOS";
-          domain = "git.gerg-l.com";
-          rootUrl = "https://git.gerg-l.com/";
-          httpPort = giteaPort;
           settings = {
             server = {
+              DOMAIN = "git.gerg-l.com";
+              ROOT_URL = "https://git.gerg-l.com/";
+              HTTP_PORT = giteaPort;
               LANDING_PAGE = "/explore/repos";
             };
             ui = {
@@ -84,7 +84,7 @@ _:{
         };
         nextcloud = {
           enable = true;
-          package = pkgs.nextcloud26;
+          package = pkgs.nextcloud27;
           hostName = "next.gerg-l.com";
           autoUpdateApps.enable = true;
           enableBrokenCiphersForSSE = false;

hosts/gerg-desktop/default.nix

@@ -3,7 +3,7 @@
   config,
   ...
 }: {
-  localModules = {
+  local = {
     remoteBuild.isBuilder = true;
     X11Programs = {
       sxhkd.enable = true;
@@ -62,6 +62,11 @@
     };
   };
 
+  services.udev.packages = [
+    pkgs.android-udev-rules
+  ];
+  programs.adb.enable = true;
+
   networking = {
     useDHCP = false;
     hostName = "gerg-desktop";
@@ -100,10 +105,10 @@
         useDefaultShell = true;
         uid = 1000;
         isNormalUser = true;
-        extraGroups = ["wheel" "audio"];
+        extraGroups = ["wheel" "audio" "adbusers"];
         openssh.authorizedKeys.keys = [
-          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAuO/3IF+AjH8QjW4DAUV7mjlp2Mryd+1UnpAUofS2yA gerg@gerg-phone"
+          config.local.keys.gerg_gerg-phone
-          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILpYY2uw0OH1Re+3BkYFlxn0O/D8ryqByJB/ljefooNc gerg@gerg-windows"
+          config.local.keys.gerg_gerg-windows
         ];
         passwordFile = config.sops.secrets.gerg.path;
       };

hosts/gerg-desktop/secrets.yaml

@@ -1,5 +1,6 @@
 discordenv: ENC[AES256_GCM,data:/A46urPOiqH2ejKmmzCIpR/g2hU6n/AUTNQPikAxvp1PikWgX8JX+NPrGSGgxpn82B70JlwGK9T+9Fe9gaFgswhMrUj19TQ1kERW8HWLJ1LptvJTOsX57rKihJZUwD0v7g/Xof75U68dKPzdSlH7z16r0iOVA6ET4/w=,iv:0HK+0eBMf3awgQrbwXAEsBniTsxqj+izmftoB/UEp64=,tag:EajyB09aJPnHpss3Jv5SaQ==,type:str]
 gerg: ENC[AES256_GCM,data:iSwWGIIxQenCPMd/Tith/eagjVINn0mgrO99IG85cP4UXtut6GF2R57XDMeD7SU18vW1ULod/lYuTo0SmmrkmX+wlDWgm4cODw==,iv:fHTcn4ZmjSqLC8jQkuualRbp+RwvgblS1ic6WPb2WEY=,tag:rkDuXhvleKekv3bVpdNNuw==,type:str]
+store_key: ENC[AES256_GCM,data:/1wAHcMZl3loV2IR7mj1z51lwfKmaP24DgEjl2w8qwbrKHBIS09meLXrVTvsvQmFM4AvKig9ADs1aeYoVTTEa4QE9nKJ/LyRI5z8dHe7j7H5Y+UI+Syr0CUKN2I9UuqkOAyWrPM=,iv:5cLxhzNawFMTKn+MT5cHILTvggHmxteycL+2bxUPsoc=,tag:q8voriNRZUL4pYYfOvJT0A==,type:str]
 website:
     nextcloud: ENC[AES256_GCM,data:JoxSXYzBhXV+h4Ar,iv:jKlAwWfX58DpgGbGOqWBIwcnx8EdIxhFKOUzsDccr7w=,tag:L6UBHh1HU8Je+OczQCypXg==,type:str]
     sql_gitea: ENC[AES256_GCM,data:Usfd0QDm/4ntj7kzXXYa3O7H7/E=,iv:3xUD2KuQvJUQtai6C+qAnQ2RbkpN5VLK8BUJFiMpQkY=,tag:E6KNzFIZekgecJCBPlw4YA==,type:str]
@@ -21,8 +22,8 @@ sops:
             dGhDRXRTWE9xSGtxQU80RVpuL1A5MkEKxAxC/wDkq+6hM8eXkWd/RBDNIUtGYnPy
             MvVxB6dkj+S11oRcMpdFqiM9jSzz/gYecB2tfuDgj+UX/VAzSkvPxA==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2023-05-19T00:33:35Z"
+    lastmodified: "2023-07-02T03:02:17Z"
-    mac: ENC[AES256_GCM,data:YWGS3fxhEh6Xz/OohJkQdvGzfe9Do7IRN7MiuHo8URbidq6DLsuvN086QNlMQEnopR5BDJ2V+4inKS1xOM+G66e4Ta/uYH7VweamGSk/dGGqAnG5uylljIupSS9WDvI0tpv2PMWrbGV6oEps0SPC2HN7CvhI8EaSQdz3CvEYKgo=,iv:YDKgb90IvwEkfRFMwoy/Y1LREHe2Dzf3Dt97BT/wJuo=,tag:HSmmPdyhF5dr+5IvM+Xo6Q==,type:str]
+    mac: ENC[AES256_GCM,data:iz4xGDiaMNvmNum2R7Bm5NmRBzUo8clhV60hLcHrIpjGwpbrRuWEnsQL6hvUu2O8zZDx7xH0MApig7dYvdNyPaloWiWob/DPT5AgWx++etr40z0Bbl3GHY+WQQdqU+E6l+x0LMQYGv3GQv4o166VsnFsCm5ParPeMmZa3+kaxBw=,iv:Q4JL2EtXRD3LKWx95q0Jo27UWHCHn2i6cM87Z/GhO28=,tag:rxwjRdK85znMzX6H/rx+9A==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.7.3

hosts/gerg-desktop/zfs.nix

@@ -7,6 +7,7 @@ _: {
   systemd.tmpfiles.rules = [
     "L+ /etc/ssh/ssh_host_ed25519_key  - - - - /persist/ssh/ssh_host_ed25519_key"
     "L+ /etc/ssh/ssh_host_ed25519_key.pub  - - - - /persist/ssh/ssh_host_ed25519_key.pub"
+    "L  /etc/nixos/flake.nix  - - - - /home/gerg/Projects/nixos/flake.nix"
   ];
   #create machine-id for spotify
   environment.etc = {

hosts/moms-laptop/default.nix

@@ -3,7 +3,7 @@ _: {
   config,
   ...
 }: {
-  localModules = {
+  local = {
     remoteBuild.enable = true;
     DM = {
       lightdm.enable = true;
@@ -49,9 +49,9 @@ _: {
         uid = 0;
         home = "/root";
         openssh.authorizedKeys.keys = [
-          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAuO/3IF+AjH8QjW4DAUV7mjlp2Mryd+1UnpAUofS2yA gerg@gerg-phone"
+          config.local.keys.gerg_gerg-phone
-          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILpYY2uw0OH1Re+3BkYFlxn0O/D8ryqByJB/ljefooNc gerg@gerg-windows"
+          config.local.keys.gerg_gerg-windows
-          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJWbwkFJmRBgyWyWU+w3ksZ+KuFw9uXJN3PwqqE7Z/i8 gerg@gerg-desktop"
+          config.local.keys.gerg_gerg-desktop
         ];
         passwordFile = config.sops.secrets.root.path;
       };

modules/DE/dwm.nix

@@ -8,9 +8,9 @@
   lib,
   ...
 }: {
-  options.localModules.DE.dwm.enable = lib.mkEnableOption "";
+  options.local.DE.dwm.enable = lib.mkEnableOption "";
 
-  config = lib.mkIf config.localModules.DE.dwm.enable {
+  config = lib.mkIf config.local.DE.dwm.enable {
     services.gvfs.enable = true;
     services.xserver = {
       enable = true;

modules/DE/gnome.nix

@@ -4,9 +4,9 @@ _: {
   pkgs,
   ...
 }: {
-  options.localModules.DE.gnome.enable = lib.mkEnableOption "";
+  options.local.DE.gnome.enable = lib.mkEnableOption "";
 
-  config = lib.mkIf config.localModules.DE.gnome.enable {
+  config = lib.mkIf config.local.DE.gnome.enable {
     environment = {
       systemPackages = [pkgs.gnome.gnome-calculator];
       gnome.excludePackages = builtins.attrValues {

modules/DE/xfce.nix

@@ -4,9 +4,9 @@ _: {
   pkgs,
   ...
 }: {
-  options.localModules.DE.xfce.enable = lib.mkEnableOption "";
+  options.local.DE.xfce.enable = lib.mkEnableOption "";
 
-  config = lib.mkIf config.localModules.DE.xfce.enable {
+  config = lib.mkIf config.local.DE.xfce.enable {
     environment.systemPackages = [pkgs.xfce.xfce4-whiskermenu-plugin];
     services.xserver = {
       enable = true;

modules/DM/autoLogin.nix

@@ -3,7 +3,7 @@ _: {
   lib,
   ...
 }: {
-  options.localModules.DM = {
+  options.local.DM = {
     autoLogin = lib.mkEnableOption "";
     loginUser = lib.mkOption {
       type = lib.types.nullOr lib.types.str;
@@ -11,11 +11,11 @@ _: {
     };
   };
 
-  config = lib.mkIf config.localModules.DM.autoLogin {
+  config = lib.mkIf config.local.DM.autoLogin {
     services.xserver.displayManager = {
       autoLogin = {
         enable = true;
-        user = config.localModules.DM.loginUser;
+        user = config.local.DM.loginUser;
       };
     };
   };

modules/DM/lightDM.nix

@@ -4,9 +4,9 @@
   pkgs,
   ...
 }: {
-  options.localModules.DM.lightdm.enable = lib.mkEnableOption "";
+  options.local.DM.lightdm.enable = lib.mkEnableOption "";
 
-  config = lib.mkIf config.localModules.DM.lightdm.enable {
+  config = lib.mkIf config.local.DM.lightdm.enable {
     services.xserver = {
       displayManager = {
         lightdm = {
@@ -15,7 +15,7 @@
           extraConfig = "minimum-vt=1";
           greeters.mini = {
             enable = true;
-            user = config.localModules.DM.loginUser;
+            user = config.local.DM.loginUser;
             extraConfig = ''
               [greeter]
               show-password-label = false

modules/X11.nix

@@ -4,9 +4,9 @@ _: {
   lib,
   ...
 }: let
-  cfg = config.localModules.X11Programs;
+  cfg = config.local.X11Programs;
 in {
-  options.localModules.X11Programs = {
+  options.local.X11Programs = {
     sxhkd.enable = lib.mkEnableOption "";
   };
   config = lib.mkMerge [

modules/builders.nix

@@ -3,13 +3,13 @@ _: {
   lib,
   ...
 }: {
-  options.localModules.remoteBuild = {
+  options.local.remoteBuild = {
     enable = lib.mkEnableOption "";
     isBuilder = lib.mkEnableOption "";
   };
   config = lib.mkMerge [
     (
-      lib.mkIf config.localModules.remoteBuild.enable {
+      lib.mkIf config.local.remoteBuild.enable {
         nix = {
           settings = {
             keep-outputs = false;
@@ -18,7 +18,6 @@ _: {
             max-jobs = 0;
             substituters = ["ssh-ng://nix-ssh@gerg-desktop" "https://cache.nixos.org/"];
             trusted-public-keys = ["gerg-desktop:6p1+h6jQnb1MOt3ra3PlQpfgEEF4zRrQWiEuAqcjBj8=" "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="];
-            secret-key-files = "/persist/cache-keys/cache-priv-key.pem";
           };
           distributedBuilds = true;
           buildMachines = [
@@ -30,29 +29,24 @@ _: {
               supportedFeatures = ["big-parallel" "nixos-test" "kvm" "benchmark"];
               sshUser = "builder";
               sshKey = "/etc/ssh/ssh_host_ed25519_key";
-              publicHostKey = "BQxvBOWsTw1gdNDR0KzrSRmbVhDrJdG05vYXkVmw8yA";
+              publicHostKey = config.local.keys.gerg-desktop_fingerprint;
             }
           ];
         };
-        programs.ssh.knownHosts = {
-          gerg-desktop = {
-            extraHostNames = ["gerg-desktop.lan"];
-            publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIeHsGcmOdIMzV+SNe4WFcA3CPHCNb1aqxThkXtm7G/1";
-          };
-        };
       }
     )
 
     (
       let
         keys = [
-          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIq9YTf4jlVCKBKn44m4yJvj94C7pTOyaa4VjZFohNqD root@mom-laptop"
+          config.local.keys.root_moms-laptop
-          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJUKHZasYQUAmRBiqtx1drDxfq18/N4rKydCtPHx461I root@game-laptop"
+          config.local.keys.root_game-laptop
         ];
       in
         lib.mkIf
-        config.localModules.remoteBuild.isBuilder
+        config.local.remoteBuild.isBuilder
         {
+          sops.secrets.store_key = {};
           users = {
             groups.builder = {};
             users.builder = {
@@ -63,12 +57,22 @@ _: {
               group = "builder";
             };
           };
+          services.openssh.extraConfig = ''
+            Match User builder
+              AllowAgentForwarding no
+              AllowTcpForwarding no
+              PermitTTY no
+              PermitTunnel no
+              X11Forwarding no
+            Match All
+          '';
 
           nix = {
             settings = {
               trusted-users = ["builder" "nix-ssh"];
               keep-outputs = true;
               keep-derivations = true;
+              secret-key-files = config.sops.secrets.store_key.path;
             };
             sshServe = {
               enable = true;

modules/direnv.nix

@@ -5,11 +5,9 @@ _: {pkgs, ...}: {
       DIRENV_LOG_FORMAT = "";
       DIRENV_CONFIG = "/etc/direnv";
     };
+    #other direnv configuration goes here
     etc."direnv/direnvrc".text = ''
       source ${pkgs.nix-direnv}/share/nix-direnv/direnvrc
-      if [ -e $HOME/.config/direnv/direnvrc ] ; then
-        source $HOME/.config/direnv/direnvrc
-      fi
     '';
   };
   programs = {
@@ -23,12 +21,14 @@ _: {pkgs, ...}: {
         eval "$(direnv hook bash)"
       fi
     '';
-    #   fish.enable = true;
+    # doesn't work for some reason
-    #   fish.interactiveShellInit = ''
+    #  fish.enable = true;
-    #     if status --is-interactive; and not printenv PATH | grep -qc '/nix/store'; and  [ -z "$IN_NIX_SHELL" ];
+    #  fish.interactiveShellInit = ''
-    #       direnv hook fish | source;
+    #    set -g direnv_fish_mode disable_arrow
-    #       echo "loaded direnv";
+    #    if status --is-interactive; and not printenv PATH | grep -qc '/nix/store'; and  [ -z "$IN_NIX_SHELL" ];
-    #     end
+    #      direnv hook fish | source;
-    #   '';
+    #      echo "loaded direnv";
+    #    end
+    #  '';
   };
 }

modules/git.nix

@@ -4,12 +4,12 @@ _: {
   lib,
   ...
 }: {
-  options.localModules.git.disable = lib.mkOption {
+  options.local.git.disable = lib.mkOption {
     type = lib.types.bool;
     default = false;
   };
 
-  config = lib.mkIf (! config.localModules.git.disable) {
+  config = lib.mkIf (! config.local.git.disable) {
     programs.git = {
       enable = true;
       package = pkgs.gitMinimal;

modules/hardware.nix

@@ -3,9 +3,9 @@ _: {
   lib,
   ...
 }: let
-  cfg = config.localModules.hardware;
+  cfg = config.local.hardware;
 in {
-  options.localModules.hardware = {
+  options.local.hardware = {
     gpuAcceleration = {
       disable = lib.mkOption {
         type = lib.types.bool;

modules/keys.nix

@@ -0,0 +1,18 @@
+_: {lib, ...}: {
+  options = {
+    local.keys = lib.mkOption {
+      default = {};
+    };
+  };
+  config = {
+    local.keys = {
+      gerg_gerg-phone = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDU6BnoHIgMLgZVGuvi03J9l5Z1yP1P5Q8QPyjRHyi77 gerg@gerg-phone";
+      gerg_gerg-windows = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILpYY2uw0OH1Re+3BkYFlxn0O/D8ryqByJB/ljefooNc gerg@gerg-windows";
+      root_moms-laptop = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIq9YTf4jlVCKBKn44m4yJvj94C7pTOyaa4VjZFohNqD root@moms-laptop";
+      root_game-laptop = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJUKHZasYQUAmRBiqtx1drDxfq18/N4rKydCtPHx461I root@game-laptop";
+      root_gerg-desktop = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIeHsGcmOdIMzV+SNe4WFcA3CPHCNb1aqxThkXtm7G/1 root@gerg-desktop";
+      gerg-desktop_fingerprint = "BQxvBOWsTw1gdNDR0KzrSRmbVhDrJdG05vYXkVmw8yA";
+      gerg_gerg-desktop = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJWbwkFJmRBgyWyWU+w3ksZ+KuFw9uXJN3PwqqE7Z/i8 gerg@gerg-desktop";
+    };
+  };
+}

modules/misc.nix

@@ -7,7 +7,6 @@ _: {
   options = {
     dummyvalue = lib.mkOption {
       default = {};
-      type = lib.configType;
     };
     nixpkgs.allowedUnfree = lib.mkOption {
       type = lib.types.listOf lib.types.string;

modules/pinning.nix

@@ -4,8 +4,7 @@ in
   lib.pipe alias [
     (lib.filterAttrs (_: v: v._type == "flake"))
     (lib.mapAttrsToList (n: input: {
-      environment.etc."nixpath/${n}".source = input.outPath;
+      nix.nixPath = ["${n}=flake:${n}"];
-      nix.nixPath = ["${n}=/etc/nixpath/${n}"];
       nix.registry.${n}.flake = input;
     }))
     lib.mkMerge

modules/shell.nix

@@ -66,17 +66,54 @@
       syntaxHighlighting.enable = true;
       histSize = 10000;
       histFile = "$HOME/.cache/zsh_history";
+      interactiveShellInit = ''
+          zle-line-init() {
+          emulate -L zsh
+
+          [[ $CONTEXT == start ]] || return 0
+
+          while true; do
+            zle .recursive-edit
+            local -i ret=$?
+           [[ $ret == 0 && $KEYS == $'\4' ]] || break
+           [[ -o ignore_eof ]] || exit 0
+          done
+
+         local saved_prompt=$PROMPT
+          local saved_rprompt=$RPROMPT
+          PROMPT='\$ '
+          RPROMPT='''
+          zle .reset-prompt
+          PROMPT=$saved_prompt
+          RPROMPT=$saved_rprompt
+
+          if (( ret )); then
+            zle .send-break
+          else
+            zle .accept-line
+          fi
+          return ret
+        }
+
+        zle -N zle-line-init
+      '';
     };
     #starship
     starship = {
       enable = true;
       settings = {
         add_newline = false;
-        format = "$sudo$nix_shell\${custom.direnv}$cmd_duration\n$git_metrics$git_state$git_branch\n$directory$character";
+        format = "$cmd_duration$git_metrics$git_state$git_branch\n$status$directory$character";
+        right_format = "$sudo$nix_shell\${custom.direnv} $time";
+        continuation_prompt = "▶▶ ";
         character = {
           success_symbol = "[\\$](#9ece6a bold)";
           error_symbol = "[\\$](#db4b4b bold)";
         };
+        status = {
+          disabled = false;
+          format = "[$status]($style) ";
+        };
         nix_shell = {
           format = "[󱄅 ](#74b2ff)";
           heuristic = true;
@@ -104,6 +141,19 @@
           style = "#36c692";
           when = "printenv DIRENV_FILE";
         };
+        time = {
+          format = "[$time]($style)\n";
+          time_format = "%I:%M %p";
+          disabled = false;
+        };
+        #        username = {
+        #          format = "[$user]($style)";
+        #          show_always = true;
+        #        };
+        #        hostname = {
+        #          ssh_only = false;
+        #          format = "[$hostname]($style)";
+        #        };
       };
     };
   };

modules/theming.nix

@@ -4,9 +4,9 @@ _: {
   lib,
   ...
 }: let
-  cfg = config.localModules.theming;
+  cfg = config.local.theming;
 in {
-  options.localModules.theming = {
+  options.local.theming = {
     enable = lib.mkEnableOption "";
     kmscon.enable = lib.mkEnableOption "";
   };