sync mac

nix-darwin/home-modules/programs/bat.nix

@@ -5,7 +5,6 @@
   ...
 }:
 {
-
   options = {
     bat.enable = lib.mkOption {
       type = lib.types.bool;

nix-darwin/home-modules/programs/btop.nix

@@ -5,7 +5,6 @@
   ...
 }:
 {
-
   options = {
     btop.enable = lib.mkOption {
       type = lib.types.bool;

nix-darwin/home-modules/programs/devops.nix

@@ -20,6 +20,7 @@ let
         insomnia # not supported on aarch64-darwin
         # dns
         dogdns
+        dive
       ];
     }
     // lib.mkIf (currentSystem == "aarch64-linux") {
@@ -29,6 +30,7 @@ let
         postman
         # dns
         dogdns
+        dive
       ];
     };
 in

nix-darwin/home-modules/programs/modern_unix.nix

@@ -24,11 +24,6 @@
         enableFishIntegration = true;
         enableZshIntegration = true;
       };
-
-      bat = {
-        enable = true;
-        catppuccin.enable = true;
-      };
       jq.enable = true;
       fd.enable = true;
       ripgrep.enable = true;

nix-darwin/home-modules/programs/spacemacs.nix

@@ -13,6 +13,8 @@
     };
   };
 
+  # common issue on MacOs when getting ="Creating pipe" "too many open files"=
+  # https://gist.github.com/tombigel/d503800a282fcadbee14b537735d202c
   config = lib.mkIf config.spacemacs.enable {
     home = {
       sessionVariables = {

nix-darwin/nix-modules/services/yubico.nix

@@ -31,7 +31,6 @@ in
           enable = true;
           settings = {
             cue = true; # tell users to push button
-            # authFile = "${homeDirectory}/.config/Yubico/u2f_keys";
             authFile = config.sops.secrets."yubico/u2f_keys".path;
           };
         };

nix-darwin/users/henri.vandersleyen/.sops.yaml

@@ -0,0 +1,7 @@
+keys:
+  - &primary age17jgvjp9u4wa6799e3utfqxfrq9mgkfhxxed02cpp642tm6cna9gqg4yafw
+creation_rules:
+  - path_regex: secrets/.*\.yaml$
+    key_groups:
+    - age:
+      - *primary

nix-darwin/users/henri.vandersleyen/configuration.nix

@@ -50,9 +50,16 @@
     # (nerdfonts.override { fonts = [ "JetBrainsMono" ]; })
   ];
 
-  environment.variables = {
-    # XDG_CONFIG_HOME = "/users/henri.vandersleyen"; # issue with nushell
+  environment = {
+    systemPackages = [
+      pkgs.sops
+    ];
+    variables = {
+      # XDG_CONFIG_HOME = "/Users/henri.vandersleyen"; # issue with nushell
+      SOPS_AGE_KEY_FILE = "/Users/${username}/.config/sops/age/keys.txt";
+    };
   };
+
   security.sudo.extraConfig = ''
     Defaults        timestamp_timeout=3600
   '';

nix-darwin/users/henri.vandersleyen/home.nix

@@ -43,7 +43,11 @@
 
     # starus-bars
     # ../../home-modules/status-bars/sketchybar
+
+    # secrets (home-manager)
+    ./sops.nix
   ];
+
   # wm
   wm.aerospace = {
     enable = false;
@@ -60,28 +64,31 @@
   keychain.enable = true;
   keychain.keys = "/home/henri/.ssh/knak";
 
-  git.userEmail = "henri-vandersleyen@protonmail.com";
-  git.userName = "vanderscycle";
-  git.signingKey = "~/.ssh/knak.pub";
+  git = {
+    # userEmail = config.sops.secrets."knak/email".path;
+    userEmail = "henri.vandersleyen@knak.com";
+    userName = config.sops.secrets."knak/git/userName".path;
+    signingKey = config.sops.secrets."knak/git/keyName".path;
+  };
 
   home = {
-    username = "henri.vandersleyen";
-    homeDirectory = "/Users/henri.vandersleyen";
+    username = username;
+    homeDirectory = "/Users/${username}";
     stateVersion = "23.05"; # Please read the comment before changing.
-  };
 
-  # Makes sense for user specific applications that shouldn't be available system-wide
-  home.packages = [ ];
+    # Makes sense for user specific applications that shouldn't be available system-wide
+    packages = [ ];
+
+    file = { };
 
-  home.file = { };
+    sessionVariables = { };
 
-  home.sessionVariables = {
+    sessionPath = [
+      "/run/current-system/sw/bin"
+      "$HOME/.nix-profile/bin"
+    ];
   };
 
-  home.sessionPath = [
-    "/run/current-system/sw/bin"
-    "$HOME/.nix-profile/bin"
-  ];
   programs.home-manager.enable = true;
 
   # theme

nix-darwin/users/henri.vandersleyen/secrets/secrets.yaml

@@ -0,0 +1,25 @@
+knak:
+    email: ENC[AES256_GCM,data:DSz11pLyb4V3rZBKV/PTG02e7FZRVg6o2mMW,iv:gLZc96A2wwqJaAHVpgfEQpq/0nmFq4A+PihGHhcvHKE=,tag:LY2fmH0btJwydgo51WCwUQ==,type:str]
+    git:
+        userName: ENC[AES256_GCM,data:e3IOP07AkDNGbD7uXFE=,iv:0chdgiQB8EwE1gilbDuQ+2wBpIIKDwvPz7CwjbvsCcY=,tag:WoPv630zMydxNbyuZcztVQ==,type:str]
+        keyName: ENC[AES256_GCM,data:L7UKoDGQ5tWb01Fo8aZR,iv:Fmjs0Ke31I5ToRvnPNHkD+zNU3yaqFoRxQUHOZWFgrA=,tag:ITeE0an4oxmpqFKzpwMiSw==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age17jgvjp9u4wa6799e3utfqxfrq9mgkfhxxed02cpp642tm6cna9gqg4yafw
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmeEZIZ1RxVjd2Z0xEZ2pa
+            QnovanpSV0lUMmpqaUJlREVjbTE5MGpHa1JvCm5zenFtMXVjejRIWFhNVVpWcUtX
+            S0x4aUpkU0pJSUYzR1hGUSsyNnovbzAKLS0tIG5jeHZnbWxWUzZWQVpoOTRHZzk1
+            YzAzN1FjT1RxVTZOaHJaVGtWb1p6czgK7iHvbrJ0lH3Sn4NV8iWR2RrrATHX8v1A
+            tgjBjlMR10aTg3GXBv+ylmDi4YWh1K0g1QknrAmHfKS9FOapPxDceQ==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2025-01-10T18:18:16Z"
+    mac: ENC[AES256_GCM,data:Q6/R7Fz+XbLTEBkMNlPBJmUIYrQYV748swrrH/o5msz6Wvm4ms90fmr9VtQeLDxkZdjKBxFrxpYI8eoUpzCyl0QXUNeuQ1qtL+fiI7Ehp1znF3QwNTnzvvpwnKVtDQS1sG/3rHa18M3XKyECOZqB49+4xleR88BLg+TD9veOWOk=,iv:MDZkEkTCHqZoqJJxjtgKw0TvVT7mHLDLFtz1UsGPzsY=,tag:UaScfwQPZ8A7A43CWsKSEQ==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.9.2

nix-darwin/users/henri.vandersleyen/sops.nix

@@ -0,0 +1,29 @@
+{
+  inputs,
+  username,
+  config,
+  ...
+}:
+{
+  imports = [
+    inputs.sops-nix.homeManagerModules.sops
+  ];
+  sops = {
+    defaultSopsFile = ./secrets/secrets.yaml;
+    defaultSopsFormat = "yaml";
+
+    age.keyFile = "/Users/${username}/.config/sops/age/keys.txt";
+    secrets = {
+      "knak/email" = {
+        # owner = username;
+      };
+      "knak/git/userName" = {
+        # owner = username;
+      };
+      "knak/git/keyName" = {
+        # owner = username;
+      };
+    };
+  };
+
+}

nix-darwin/users/henri/sops.nix

@@ -2,6 +2,7 @@
   pkgs,
   inputs,
   config,
+  username,
   ...
 }:
 
@@ -15,14 +16,30 @@ in
   environment.systemPackages = [
     pkgs.sops
   ];
-  sops.defaultSopsFile = ./secrets/secrets.yaml;
-  sops.defaultSopsFormat = "yaml";
+  sops = {
+    defaultSopsFile = ./secrets/secrets.yaml;
+    defaultSopsFormat = "yaml";
 
-  sops.age.keyFile = "/home/henri/.config/sops/age/keys.txt";
+    age.keyFile = "/home/${username}/.config/sops/age/keys.txt";
+    secrets = {
+      # Maggit Forge
+      "emacs/forge/gh_api" = {
+        owner = "henri";
+      };
 
-  # Maggit Forge
-  sops.secrets."emacs/forge/gh_api" = {
-    owner = "henri";
+      # INFO: for values to be available throughout the config your must declare them
+      "yubico/u2f_keys" = {
+      };
+
+      # TruNas SMB access
+      "home-server/rice/password" = {
+        owner = "root";
+      };
+
+      "home-server/rice/user" = {
+        owner = "root";
+      };
+    };
   };
 
   systemd.services."authinfo" = {
@@ -38,18 +55,6 @@ in
     wantedBy = [ "multi-user.target" ];
   };
 
-  # INFO: for values to be available throughout the config your must declare them
-  sops.secrets."yubico/u2f_keys" = {
-  };
-
-  # TruNas SMB access
-  sops.secrets."home-server/rice/password" = {
-    owner = "root";
-  };
-
-  sops.secrets."home-server/rice/user" = {
-    owner = "root";
-  };
   systemd.services."smbcreds_fam" = {
     script = ''
       echo "user=$(cat ${config.sops.secrets."home-server/rice/user".path})" > /root/${trueNasFamilyUser}