localModules -> local

moved keys to their own module updated nix switching pinning method
2025-12-10 00:43:56 -05:00 · 2023-07-02 00:33:46 -04:00 · 2023-07-02 00:33:46 -04:00 · 160a5c3ffe
commit 160a5c3ffe
parent 2057ff5d17
24 changed files with 187 additions and 109 deletions
--- a/.sops.yaml
+++ b/.sops.yaml
@ -3,16 +3,16 @@ keys:
  - &moms-laptop age1vxx3qdsucv2v2slag67c4f0kwd8jtta4tue6m8d9xfl4ryrqvyusxgwl68
  - &game-laptop age1egxes320renph0uevtmnsz4d5aw0z794c5nwrk2z6249wv2yevgqx9cf90
 creation_rules:
-  - path_regex: systems/gerg-desktop/secrets.yaml$
+  - path_regex: hosts/gerg-desktop/secrets.yaml$
    key_groups:
    - age:
      - *gerg-desktop
-  - path_regex: systems/moms-laptop/secrets.yaml$
+  - path_regex: hosts/moms-laptop/secrets.yaml$
    key_groups:
    - age:
      - *moms-laptop
      - *gerg-desktop
-  - path_regex: systems/game-laptop/secrets.yaml$
+  - path_regex: hosts/game-laptop/secrets.yaml$
    key_groups:
    - age:
      - *game-laptop
--- a/flake.lock
+++ b/flake.lock
@ -7,11 +7,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1687747614,
-        "narHash": "sha256-KXspKgtdO2YRL12Jv0sUgkwOwHrAFwdIG/90pDx8Ydg=",
+        "lastModified": 1687968164,
+        "narHash": "sha256-L9jr2zCB6NIaBE3towusjGBigsnE2pMID8wBGkYbTS4=",
        "owner": "nix-community",
        "repo": "disko",
-        "rev": "fef67a1ddc293b595d62a660f57deabbcb70ff95",
+        "rev": "8002e7cb899bc2a02a2ebfb7f999fcd7c18b92a1",
        "type": "github"
      },
      "original": {
@ -27,11 +27,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1687390847,
-        "narHash": "sha256-T75KT5XFPMvmHOdxuoWotI+vCIM2cM5192QxLxenudU=",
+        "lastModified": 1688267694,
+        "narHash": "sha256-dU20pHcJkr08p9kJij4vLWGLahmXC09Fl22ywO24quQ=",
        "owner": "gerg-L",
        "repo": "fetch-rs",
-        "rev": "a571c0c6768db9c643cc81735a1a12799d09ed4e",
+        "rev": "45b0a9038ac0b73b2f37e16d83143f5d869595a0",
        "type": "github"
      },
      "original": {
@ -74,11 +74,11 @@
    },
    "master": {
      "locked": {
-        "lastModified": 1687829807,
-        "narHash": "sha256-3frHlJgnHai4BCR67iAn8rpOpVMYGGsxXP/RD9CJeug=",
+        "lastModified": 1688270854,
+        "narHash": "sha256-GLH4R4BseIDNrs6TukaXgzjKgFT0mSrYwS2bc+WZ0lM=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "71a84fc822c1d8f41d6b70ce31c600dd45dc7ac3",
+        "rev": "3454e7a9c8c78ee815bd2d5d3ff8a977f4d419f3",
        "type": "github"
      },
      "original": {
@ -90,16 +90,17 @@
    "neovim-src": {
      "flake": false,
      "locked": {
-        "lastModified": 1686422003,
-        "narHash": "sha256-Ekqqm2/FigfyhuCfx1BkePPsABdTwm7PJdiTaHPXems=",
+        "lastModified": 1688085369,
+        "narHash": "sha256-g/2k/heQXYN38xutKf3JoeAe3bpmLswR/F8oupPzxdM=",
        "owner": "neovim",
        "repo": "neovim",
-        "rev": "302d3cfb96d7f0c856262e1a4252d058e3300c8b",
+        "rev": "d7bb19e0138c7363ed40c142972c07e4e1912785",
        "type": "github"
      },
      "original": {
        "owner": "neovim",
        "repo": "neovim",
+        "rev": "d7bb19e0138c7363ed40c142972c07e4e1912785",
        "type": "github"
      }
    },
@ -111,17 +112,17 @@
        "nixpkgs-regression": "nixpkgs-regression"
      },
      "locked": {
-        "lastModified": 1686310844,
-        "narHash": "sha256-QS9/9v+bPTKb7HtB9a5zb4a6+IErwpfhHaqwi0PN0K8=",
+        "lastModified": 1688234932,
+        "narHash": "sha256-X0Tus1uP+tSBySLCUKlmV/Nv7Vfj4ljBL/ptsS0DQ6s=",
        "owner": "nixos",
        "repo": "nix",
-        "rev": "03f9ff6ea59d21c6d7b29c64a03d5041bd621261",
+        "rev": "7b39a388b382e7912de3c5951faad42fe2d72f48",
        "type": "github"
      },
      "original": {
        "owner": "nixos",
        "repo": "nix",
-        "rev": "03f9ff6ea59d21c6d7b29c64a03d5041bd621261",
+        "rev": "7b39a388b382e7912de3c5951faad42fe2d72f48",
        "type": "github"
      }
    },
@ -148,11 +149,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1687743756,
-        "narHash": "sha256-WhDERdaMGX73CBxpDfoauKU2Z4NC10+/4khdBbpXjWs=",
+        "lastModified": 1688003049,
+        "narHash": "sha256-5oSxbv8OVSg2dOvycJ9eisacxF8e52N0PVUFryWWJmE=",
        "owner": "nix-community",
        "repo": "nixos-generators",
-        "rev": "844ce2ab9a0ba819b30df1fff2c48c9b2b2344be",
+        "rev": "bde0bc291c95b710dd63d5e5c422e47f760a1406",
        "type": "github"
      },
      "original": {
@ -195,11 +196,11 @@
    },
    "nixpkgs-stable": {
      "locked": {
-        "lastModified": 1687031877,
-        "narHash": "sha256-yMFcVeI+kZ6KD2QBrFPNsvBrLq2Gt//D0baHByMrjFY=",
+        "lastModified": 1688256355,
+        "narHash": "sha256-/E+OSabu4ii5+ccWff2k4vxDsXYhpc4hwnm0s6JOz7Y=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "e2e2059d19668dab1744301b8b0e821e3aae9c99",
+        "rev": "f553c016a31277246f8d3724d3b1eee5e8c0842c",
        "type": "github"
      },
      "original": {
@ -217,11 +218,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1686447176,
-        "narHash": "sha256-d+chVhxA6k7uYyj9Ig+HL5TTiy62AUhp80n7r4b0CAI=",
+        "lastModified": 1688269212,
+        "narHash": "sha256-psck0cUFcbmAadVbSqEkYqUDk6mFVBBnGEaNmLm1cFQ=",
        "owner": "gerg-L",
        "repo": "nvim-flake",
-        "rev": "8327aa444b285b7e4d042c609c118e4eb38d8376",
+        "rev": "32f337f1dda040aa2d1b2126ba5a16ff5cfe5502",
        "type": "github"
      },
      "original": {
@ -270,11 +271,11 @@
        "nixpkgs-stable": "nixpkgs-stable"
      },
      "locked": {
-        "lastModified": 1687398569,
-        "narHash": "sha256-e/umuIKFcFtZtWeX369Hbdt9r+GQ48moDmlTcyHWL28=",
+        "lastModified": 1688268466,
+        "narHash": "sha256-fArazqgYyEFiNcqa136zVYXihuqzRHNOOeVICayU2Yg=",
        "owner": "mic92",
        "repo": "sops-nix",
-        "rev": "2ff6973350682f8d16371f8c071a304b8067f192",
+        "rev": "5ed3c22c1fa0515e037e36956a67fe7e32c92957",
        "type": "github"
      },
      "original": {
@ -290,8 +291,8 @@
        ]
      },
      "locked": {
-        "lastModified": 1687749665,
-        "narHash": "sha256-wvpL4zqF5DoqkKuEkNVuvwXPBz7pnxc2c0z/a5FgndU=",
+        "lastModified": 1688271042,
+        "narHash": "sha256-jO2i5SAX87yh7MJtZ2kmlWwFBC90TyeBWjCzcs6Z2Jk=",
        "path": "/home/gerg/Projects/spicetify-nix",
        "type": "path"
      },
@ -302,11 +303,11 @@
    },
    "stable": {
      "locked": {
-        "lastModified": 1687729501,
-        "narHash": "sha256-mTLkMePoHUWvTCf3NuKbeYEea/tsikSIKBWwb9OfRr4=",
+        "lastModified": 1688109178,
+        "narHash": "sha256-BSdeYp331G4b1yc7GIRgAnfUyaktW2nl7k0C577Tttk=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "35130d4b4f0b8c50ed2aceb909a538c66c91d4a0",
+        "rev": "b72aa95f7f096382bff3aea5f8fde645bca07422",
        "type": "github"
      },
      "original": {
@ -323,11 +324,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1686447653,
-        "narHash": "sha256-SjCdEjI6h3y5279VM6MV6Xhmtx9Rmms9MNZw9D/l4jY=",
+        "lastModified": 1688270082,
+        "narHash": "sha256-lx053lNJZy16NqeFe3Gqn/ePIiEVrU+TjBwLhMxxhmw=",
        "owner": "gerg-L",
        "repo": "suckless",
-        "rev": "3e7fb0d693fce7a1592abe692c315b213630222e",
+        "rev": "99103d012b56965005aabb9619c73e5a802b4284",
        "type": "github"
      },
      "original": {
@ -338,11 +339,11 @@
    },
    "unstable": {
      "locked": {
-        "lastModified": 1687681650,
-        "narHash": "sha256-M2If+gRcfpmaJy/XbfSsRzLlPpoU4nr0NHnKKl50fd8=",
+        "lastModified": 1688049487,
+        "narHash": "sha256-100g4iaKC9MalDjUW9iN6Jl/OocTDtXdeAj7pEGIRh4=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "1c9db9710cb23d60570ad4d7ab829c2d34403de3",
+        "rev": "4bc72cae107788bf3f24f30db2e2f685c9298dc9",
        "type": "github"
      },
      "original": {
--- a/flake.nix
+++ b/flake.nix
@ -6,7 +6,7 @@
    stable.url = "github:nixos/nixpkgs/nixos-23.05";
    pipewire_fix.url = "github:nixos/nixpkgs/45a55711fe12d0aada3aa04746082cf1b83dfbf3";
    #nix 2.17
-    nix.url = "github:nixos/nix/03f9ff6ea59d21c6d7b29c64a03d5041bd621261";
+    nix.url = "github:nixos/nix/7b39a388b382e7912de3c5951faad42fe2d72f48";

    nixos-generators = {
      url = "github:nix-community/nixos-generators";
--- a/hosts/game-laptop/default.nix
+++ b/hosts/game-laptop/default.nix
@ -3,7 +3,7 @@ _: {
  config,
  ...
 }: {
-  localModules = {
+  local = {
    remoteBuild.enable = true;
    DE.gnome.enable = true;
    DM = {
@ -62,9 +62,9 @@ _: {
        uid = 0;
        home = "/root";
        openssh.authorizedKeys.keys = [
-          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAuO/3IF+AjH8QjW4DAUV7mjlp2Mryd+1UnpAUofS2yA gerg@gerg-phone"
-          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILpYY2uw0OH1Re+3BkYFlxn0O/D8ryqByJB/ljefooNc gerg@gerg-windows"
-          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJWbwkFJmRBgyWyWU+w3ksZ+KuFw9uXJN3PwqqE7Z/i8 gerg@gerg-desktop"
+          config.local.keys.gerg_gerg-phone
+          config.local.keys.gerg_gerg-windows
+          config.local.keys.gerg_gerg-desktop
        ];
        passwordFile = config.sops.secrets.root.path;
      };
--- a/hosts/gerg-desktop/containers/website.nix_
+++ b/hosts/gerg-desktop/containers/website.nix_
@ -1,4 +1,4 @@
-_:{
+_: {
  sops.secrets = {
    "website/sql_gitea" = {
      mode = "0444";
@ -63,11 +63,11 @@ _:{
        gitea = {
          enable = true;
          appName = "Powered by NixOS";
-          domain = "git.gerg-l.com";
-          rootUrl = "https://git.gerg-l.com/";
-          httpPort = giteaPort;
          settings = {
            server = {
+              DOMAIN = "git.gerg-l.com";
+              ROOT_URL = "https://git.gerg-l.com/";
+              HTTP_PORT = giteaPort;
              LANDING_PAGE = "/explore/repos";
            };
            ui = {
@ -84,7 +84,7 @@ _:{
        };
        nextcloud = {
          enable = true;
-          package = pkgs.nextcloud26;
+          package = pkgs.nextcloud27;
          hostName = "next.gerg-l.com";
          autoUpdateApps.enable = true;
          enableBrokenCiphersForSSE = false;
--- a/hosts/gerg-desktop/default.nix
+++ b/hosts/gerg-desktop/default.nix
@ -3,7 +3,7 @@
  config,
  ...
 }: {
-  localModules = {
+  local = {
    remoteBuild.isBuilder = true;
    X11Programs = {
      sxhkd.enable = true;
@ -62,6 +62,11 @@
    };
  };

+  services.udev.packages = [
+    pkgs.android-udev-rules
+  ];
+  programs.adb.enable = true;
+
  networking = {
    useDHCP = false;
    hostName = "gerg-desktop";
@ -100,10 +105,10 @@
        useDefaultShell = true;
        uid = 1000;
        isNormalUser = true;
-        extraGroups = ["wheel" "audio"];
+        extraGroups = ["wheel" "audio" "adbusers"];
        openssh.authorizedKeys.keys = [
-          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAuO/3IF+AjH8QjW4DAUV7mjlp2Mryd+1UnpAUofS2yA gerg@gerg-phone"
-          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILpYY2uw0OH1Re+3BkYFlxn0O/D8ryqByJB/ljefooNc gerg@gerg-windows"
+          config.local.keys.gerg_gerg-phone
+          config.local.keys.gerg_gerg-windows
        ];
        passwordFile = config.sops.secrets.gerg.path;
      };
--- a/hosts/gerg-desktop/secrets.yaml
+++ b/hosts/gerg-desktop/secrets.yaml
@ -1,5 +1,6 @@
 discordenv: ENC[AES256_GCM,data:/A46urPOiqH2ejKmmzCIpR/g2hU6n/AUTNQPikAxvp1PikWgX8JX+NPrGSGgxpn82B70JlwGK9T+9Fe9gaFgswhMrUj19TQ1kERW8HWLJ1LptvJTOsX57rKihJZUwD0v7g/Xof75U68dKPzdSlH7z16r0iOVA6ET4/w=,iv:0HK+0eBMf3awgQrbwXAEsBniTsxqj+izmftoB/UEp64=,tag:EajyB09aJPnHpss3Jv5SaQ==,type:str]
 gerg: ENC[AES256_GCM,data:iSwWGIIxQenCPMd/Tith/eagjVINn0mgrO99IG85cP4UXtut6GF2R57XDMeD7SU18vW1ULod/lYuTo0SmmrkmX+wlDWgm4cODw==,iv:fHTcn4ZmjSqLC8jQkuualRbp+RwvgblS1ic6WPb2WEY=,tag:rkDuXhvleKekv3bVpdNNuw==,type:str]
+store_key: ENC[AES256_GCM,data:/1wAHcMZl3loV2IR7mj1z51lwfKmaP24DgEjl2w8qwbrKHBIS09meLXrVTvsvQmFM4AvKig9ADs1aeYoVTTEa4QE9nKJ/LyRI5z8dHe7j7H5Y+UI+Syr0CUKN2I9UuqkOAyWrPM=,iv:5cLxhzNawFMTKn+MT5cHILTvggHmxteycL+2bxUPsoc=,tag:q8voriNRZUL4pYYfOvJT0A==,type:str]
 website:
    nextcloud: ENC[AES256_GCM,data:JoxSXYzBhXV+h4Ar,iv:jKlAwWfX58DpgGbGOqWBIwcnx8EdIxhFKOUzsDccr7w=,tag:L6UBHh1HU8Je+OczQCypXg==,type:str]
    sql_gitea: ENC[AES256_GCM,data:Usfd0QDm/4ntj7kzXXYa3O7H7/E=,iv:3xUD2KuQvJUQtai6C+qAnQ2RbkpN5VLK8BUJFiMpQkY=,tag:E6KNzFIZekgecJCBPlw4YA==,type:str]
@ -21,8 +22,8 @@ sops:
            dGhDRXRTWE9xSGtxQU80RVpuL1A5MkEKxAxC/wDkq+6hM8eXkWd/RBDNIUtGYnPy
            MvVxB6dkj+S11oRcMpdFqiM9jSzz/gYecB2tfuDgj+UX/VAzSkvPxA==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2023-05-19T00:33:35Z"
-    mac: ENC[AES256_GCM,data:YWGS3fxhEh6Xz/OohJkQdvGzfe9Do7IRN7MiuHo8URbidq6DLsuvN086QNlMQEnopR5BDJ2V+4inKS1xOM+G66e4Ta/uYH7VweamGSk/dGGqAnG5uylljIupSS9WDvI0tpv2PMWrbGV6oEps0SPC2HN7CvhI8EaSQdz3CvEYKgo=,iv:YDKgb90IvwEkfRFMwoy/Y1LREHe2Dzf3Dt97BT/wJuo=,tag:HSmmPdyhF5dr+5IvM+Xo6Q==,type:str]
+    lastmodified: "2023-07-02T03:02:17Z"
+    mac: ENC[AES256_GCM,data:iz4xGDiaMNvmNum2R7Bm5NmRBzUo8clhV60hLcHrIpjGwpbrRuWEnsQL6hvUu2O8zZDx7xH0MApig7dYvdNyPaloWiWob/DPT5AgWx++etr40z0Bbl3GHY+WQQdqU+E6l+x0LMQYGv3GQv4o166VsnFsCm5ParPeMmZa3+kaxBw=,iv:Q4JL2EtXRD3LKWx95q0Jo27UWHCHn2i6cM87Z/GhO28=,tag:rxwjRdK85znMzX6H/rx+9A==,type:str]
    pgp: []
    unencrypted_suffix: _unencrypted
    version: 3.7.3
--- a/hosts/gerg-desktop/zfs.nix
+++ b/hosts/gerg-desktop/zfs.nix
@ -7,6 +7,7 @@ _: {
  systemd.tmpfiles.rules = [
    "L+ /etc/ssh/ssh_host_ed25519_key  - - - - /persist/ssh/ssh_host_ed25519_key"
    "L+ /etc/ssh/ssh_host_ed25519_key.pub  - - - - /persist/ssh/ssh_host_ed25519_key.pub"
+    "L  /etc/nixos/flake.nix  - - - - /home/gerg/Projects/nixos/flake.nix"
  ];
  #create machine-id for spotify
  environment.etc = {
--- a/hosts/moms-laptop/default.nix
+++ b/hosts/moms-laptop/default.nix
@ -3,7 +3,7 @@ _: {
  config,
  ...
 }: {
-  localModules = {
+  local = {
    remoteBuild.enable = true;
    DM = {
      lightdm.enable = true;
@ -49,9 +49,9 @@ _: {
        uid = 0;
        home = "/root";
        openssh.authorizedKeys.keys = [
-          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAuO/3IF+AjH8QjW4DAUV7mjlp2Mryd+1UnpAUofS2yA gerg@gerg-phone"
-          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILpYY2uw0OH1Re+3BkYFlxn0O/D8ryqByJB/ljefooNc gerg@gerg-windows"
-          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJWbwkFJmRBgyWyWU+w3ksZ+KuFw9uXJN3PwqqE7Z/i8 gerg@gerg-desktop"
+          config.local.keys.gerg_gerg-phone
+          config.local.keys.gerg_gerg-windows
+          config.local.keys.gerg_gerg-desktop
        ];
        passwordFile = config.sops.secrets.root.path;
      };
--- a/modules/DE/dwm.nix
+++ b/modules/DE/dwm.nix
@ -8,9 +8,9 @@
  lib,
  ...
 }: {
-  options.localModules.DE.dwm.enable = lib.mkEnableOption "";
+  options.local.DE.dwm.enable = lib.mkEnableOption "";

-  config = lib.mkIf config.localModules.DE.dwm.enable {
+  config = lib.mkIf config.local.DE.dwm.enable {
    services.gvfs.enable = true;
    services.xserver = {
      enable = true;
--- a/modules/DE/gnome.nix
+++ b/modules/DE/gnome.nix
@ -4,9 +4,9 @@ _: {
  pkgs,
  ...
 }: {
-  options.localModules.DE.gnome.enable = lib.mkEnableOption "";
+  options.local.DE.gnome.enable = lib.mkEnableOption "";

-  config = lib.mkIf config.localModules.DE.gnome.enable {
+  config = lib.mkIf config.local.DE.gnome.enable {
    environment = {
      systemPackages = [pkgs.gnome.gnome-calculator];
      gnome.excludePackages = builtins.attrValues {
--- a/modules/DE/xfce.nix
+++ b/modules/DE/xfce.nix
@ -4,9 +4,9 @@ _: {
  pkgs,
  ...
 }: {
-  options.localModules.DE.xfce.enable = lib.mkEnableOption "";
+  options.local.DE.xfce.enable = lib.mkEnableOption "";

-  config = lib.mkIf config.localModules.DE.xfce.enable {
+  config = lib.mkIf config.local.DE.xfce.enable {
    environment.systemPackages = [pkgs.xfce.xfce4-whiskermenu-plugin];
    services.xserver = {
      enable = true;
--- a/modules/DM/autoLogin.nix
+++ b/modules/DM/autoLogin.nix
@ -3,7 +3,7 @@ _: {
  lib,
  ...
 }: {
-  options.localModules.DM = {
+  options.local.DM = {
    autoLogin = lib.mkEnableOption "";
    loginUser = lib.mkOption {
      type = lib.types.nullOr lib.types.str;
@ -11,11 +11,11 @@ _: {
    };
  };

-  config = lib.mkIf config.localModules.DM.autoLogin {
+  config = lib.mkIf config.local.DM.autoLogin {
    services.xserver.displayManager = {
      autoLogin = {
        enable = true;
-        user = config.localModules.DM.loginUser;
+        user = config.local.DM.loginUser;
      };
    };
  };
--- a/modules/DM/lightDM.nix
+++ b/modules/DM/lightDM.nix
@ -4,9 +4,9 @@
  pkgs,
  ...
 }: {
-  options.localModules.DM.lightdm.enable = lib.mkEnableOption "";
+  options.local.DM.lightdm.enable = lib.mkEnableOption "";

-  config = lib.mkIf config.localModules.DM.lightdm.enable {
+  config = lib.mkIf config.local.DM.lightdm.enable {
    services.xserver = {
      displayManager = {
        lightdm = {
@ -15,7 +15,7 @@
          extraConfig = "minimum-vt=1";
          greeters.mini = {
            enable = true;
-            user = config.localModules.DM.loginUser;
+            user = config.local.DM.loginUser;
            extraConfig = ''
              [greeter]
              show-password-label = false
--- a/modules/X11.nix
+++ b/modules/X11.nix
@ -4,9 +4,9 @@ _: {
  lib,
  ...
 }: let
-  cfg = config.localModules.X11Programs;
+  cfg = config.local.X11Programs;
 in {
-  options.localModules.X11Programs = {
+  options.local.X11Programs = {
    sxhkd.enable = lib.mkEnableOption "";
  };
  config = lib.mkMerge [
--- a/modules/builders.nix
+++ b/modules/builders.nix
@ -3,13 +3,13 @@ _: {
  lib,
  ...
 }: {
-  options.localModules.remoteBuild = {
+  options.local.remoteBuild = {
    enable = lib.mkEnableOption "";
    isBuilder = lib.mkEnableOption "";
  };
  config = lib.mkMerge [
    (
-      lib.mkIf config.localModules.remoteBuild.enable {
+      lib.mkIf config.local.remoteBuild.enable {
        nix = {
          settings = {
            keep-outputs = false;
@ -18,7 +18,6 @@ _: {
            max-jobs = 0;
            substituters = ["ssh-ng://nix-ssh@gerg-desktop" "https://cache.nixos.org/"];
            trusted-public-keys = ["gerg-desktop:6p1+h6jQnb1MOt3ra3PlQpfgEEF4zRrQWiEuAqcjBj8=" "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="];
-            secret-key-files = "/persist/cache-keys/cache-priv-key.pem";
          };
          distributedBuilds = true;
          buildMachines = [
@ -30,29 +29,24 @@ _: {
              supportedFeatures = ["big-parallel" "nixos-test" "kvm" "benchmark"];
              sshUser = "builder";
              sshKey = "/etc/ssh/ssh_host_ed25519_key";
-              publicHostKey = "BQxvBOWsTw1gdNDR0KzrSRmbVhDrJdG05vYXkVmw8yA";
+              publicHostKey = config.local.keys.gerg-desktop_fingerprint;
            }
          ];
        };
-        programs.ssh.knownHosts = {
-          gerg-desktop = {
-            extraHostNames = ["gerg-desktop.lan"];
-            publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIeHsGcmOdIMzV+SNe4WFcA3CPHCNb1aqxThkXtm7G/1";
-          };
-        };
      }
    )

    (
      let
        keys = [
-          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIq9YTf4jlVCKBKn44m4yJvj94C7pTOyaa4VjZFohNqD root@mom-laptop"
-          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJUKHZasYQUAmRBiqtx1drDxfq18/N4rKydCtPHx461I root@game-laptop"
+          config.local.keys.root_moms-laptop
+          config.local.keys.root_game-laptop
        ];
      in
        lib.mkIf
-        config.localModules.remoteBuild.isBuilder
+        config.local.remoteBuild.isBuilder
        {
+          sops.secrets.store_key = {};
          users = {
            groups.builder = {};
            users.builder = {
@ -63,12 +57,22 @@ _: {
              group = "builder";
            };
          };
+          services.openssh.extraConfig = ''
+            Match User builder
+              AllowAgentForwarding no
+              AllowTcpForwarding no
+              PermitTTY no
+              PermitTunnel no
+              X11Forwarding no
+            Match All
+          '';

          nix = {
            settings = {
              trusted-users = ["builder" "nix-ssh"];
              keep-outputs = true;
              keep-derivations = true;
+              secret-key-files = config.sops.secrets.store_key.path;
            };
            sshServe = {
              enable = true;
--- a/modules/direnv.nix
+++ b/modules/direnv.nix
@ -5,11 +5,9 @@ _: {pkgs, ...}: {
      DIRENV_LOG_FORMAT = "";
      DIRENV_CONFIG = "/etc/direnv";
    };
+    #other direnv configuration goes here
    etc."direnv/direnvrc".text = ''
      source ${pkgs.nix-direnv}/share/nix-direnv/direnvrc
-      if [ -e $HOME/.config/direnv/direnvrc ] ; then
-        source $HOME/.config/direnv/direnvrc
-      fi
    '';
  };
  programs = {
@ -23,12 +21,14 @@ _: {pkgs, ...}: {
        eval "$(direnv hook bash)"
      fi
    '';
-    #   fish.enable = true;
-    #   fish.interactiveShellInit = ''
-    #     if status --is-interactive; and not printenv PATH | grep -qc '/nix/store'; and  [ -z "$IN_NIX_SHELL" ];
-    #       direnv hook fish | source;
-    #       echo "loaded direnv";
-    #     end
-    #   '';
+    # doesn't work for some reason
+    #  fish.enable = true;
+    #  fish.interactiveShellInit = ''
+    #    set -g direnv_fish_mode disable_arrow
+    #    if status --is-interactive; and not printenv PATH | grep -qc '/nix/store'; and  [ -z "$IN_NIX_SHELL" ];
+    #      direnv hook fish | source;
+    #      echo "loaded direnv";
+    #    end
+    #  '';
  };
 }
--- a/modules/git.nix
+++ b/modules/git.nix
@ -4,12 +4,12 @@ _: {
  lib,
  ...
 }: {
-  options.localModules.git.disable = lib.mkOption {
+  options.local.git.disable = lib.mkOption {
    type = lib.types.bool;
    default = false;
  };

-  config = lib.mkIf (! config.localModules.git.disable) {
+  config = lib.mkIf (! config.local.git.disable) {
    programs.git = {
      enable = true;
      package = pkgs.gitMinimal;
--- a/modules/hardware.nix
+++ b/modules/hardware.nix
@ -3,9 +3,9 @@ _: {
  lib,
  ...
 }: let
-  cfg = config.localModules.hardware;
+  cfg = config.local.hardware;
 in {
-  options.localModules.hardware = {
+  options.local.hardware = {
    gpuAcceleration = {
      disable = lib.mkOption {
        type = lib.types.bool;
--- a/modules/keys.nix
+++ b/modules/keys.nix
@ -0,0 +1,18 @@
+_: {lib, ...}: {
+  options = {
+    local.keys = lib.mkOption {
+      default = {};
+    };
+  };
+  config = {
+    local.keys = {
+      gerg_gerg-phone = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDU6BnoHIgMLgZVGuvi03J9l5Z1yP1P5Q8QPyjRHyi77 gerg@gerg-phone";
+      gerg_gerg-windows = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILpYY2uw0OH1Re+3BkYFlxn0O/D8ryqByJB/ljefooNc gerg@gerg-windows";
+      root_moms-laptop = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIq9YTf4jlVCKBKn44m4yJvj94C7pTOyaa4VjZFohNqD root@moms-laptop";
+      root_game-laptop = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJUKHZasYQUAmRBiqtx1drDxfq18/N4rKydCtPHx461I root@game-laptop";
+      root_gerg-desktop = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIeHsGcmOdIMzV+SNe4WFcA3CPHCNb1aqxThkXtm7G/1 root@gerg-desktop";
+      gerg-desktop_fingerprint = "BQxvBOWsTw1gdNDR0KzrSRmbVhDrJdG05vYXkVmw8yA";
+      gerg_gerg-desktop = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJWbwkFJmRBgyWyWU+w3ksZ+KuFw9uXJN3PwqqE7Z/i8 gerg@gerg-desktop";
+    };
+  };
+}
--- a/modules/misc.nix
+++ b/modules/misc.nix
@ -7,7 +7,6 @@ _: {
  options = {
    dummyvalue = lib.mkOption {
      default = {};
-      type = lib.configType;
    };
    nixpkgs.allowedUnfree = lib.mkOption {
      type = lib.types.listOf lib.types.string;
--- a/modules/pinning.nix
+++ b/modules/pinning.nix
@ -4,8 +4,7 @@ in
  lib.pipe alias [
    (lib.filterAttrs (_: v: v._type == "flake"))
    (lib.mapAttrsToList (n: input: {
-      environment.etc."nixpath/${n}".source = input.outPath;
-      nix.nixPath = ["${n}=/etc/nixpath/${n}"];
+      nix.nixPath = ["${n}=flake:${n}"];
      nix.registry.${n}.flake = input;
    }))
    lib.mkMerge
--- a/modules/shell.nix
+++ b/modules/shell.nix
@ -66,17 +66,54 @@
      syntaxHighlighting.enable = true;
      histSize = 10000;
      histFile = "$HOME/.cache/zsh_history";
+      interactiveShellInit = ''
+          zle-line-init() {
+          emulate -L zsh
+
+          [[ $CONTEXT == start ]] || return 0
+
+          while true; do
+            zle .recursive-edit
+            local -i ret=$?
+           [[ $ret == 0 && $KEYS == $'\4' ]] || break
+           [[ -o ignore_eof ]] || exit 0
+          done
+
+         local saved_prompt=$PROMPT
+          local saved_rprompt=$RPROMPT
+          PROMPT='\$ '
+          RPROMPT='''
+          zle .reset-prompt
+          PROMPT=$saved_prompt
+          RPROMPT=$saved_rprompt
+
+          if (( ret )); then
+            zle .send-break
+          else
+            zle .accept-line
+          fi
+          return ret
+        }
+
+        zle -N zle-line-init
+      '';
    };
    #starship
    starship = {
      enable = true;
      settings = {
        add_newline = false;
-        format = "$sudo$nix_shell\${custom.direnv}$cmd_duration\n$git_metrics$git_state$git_branch\n$directory$character";
+        format = "$cmd_duration$git_metrics$git_state$git_branch\n$status$directory$character";
+        right_format = "$sudo$nix_shell\${custom.direnv} $time";
+        continuation_prompt = "▶▶ ";
        character = {
          success_symbol = "[\\$](#9ece6a bold)";
          error_symbol = "[\\$](#db4b4b bold)";
        };
+        status = {
+          disabled = false;
+          format = "[$status]($style) ";
+        };
        nix_shell = {
          format = "[󱄅 ](#74b2ff)";
          heuristic = true;
@ -104,6 +141,19 @@
          style = "#36c692";
          when = "printenv DIRENV_FILE";
        };
+        time = {
+          format = "[$time]($style)\n";
+          time_format = "%I:%M %p";
+          disabled = false;
+        };
+        #        username = {
+        #          format = "[$user]($style)";
+        #          show_always = true;
+        #        };
+        #        hostname = {
+        #          ssh_only = false;
+        #          format = "[$hostname]($style)";
+        #        };
      };
    };
  };
--- a/modules/theming.nix
+++ b/modules/theming.nix
@ -4,9 +4,9 @@ _: {
  lib,
  ...
 }: let
-  cfg = config.localModules.theming;
+  cfg = config.local.theming;
 in {
-  options.localModules.theming = {
+  options.local.theming = {
    enable = lib.mkEnableOption "";
    kmscon.enable = lib.mkEnableOption "";
  };