C3C/nix-configuration
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: C3C/nix-configuration:eb543d1d16631012c97b257eca8837974b0ae894
Branches Tags
C3C/nix-configuration:main
...
compare: C3C/nix-configuration:main
Branches Tags
C3C/nix-configuration:main

86 Commits
eb543d1d16 ... main

Author SHA1 Message Date
arnie 9503c33f24 Mac things 2026-01-13 13:26:57 +01:00
arnie fa9c2115e9 Add claude code to mac 2026-01-02 23:28:02 +01:00
arnie b9b62ea3c3 Formatting and hammerspoon 2025-12-29 12:23:03 +01:00
arnie c34274413a Add session manager plugin 2025-12-29 12:21:57 +01:00
arnie 0a7d543ff4 Update darwin stuff 2025-12-29 10:16:31 +01:00
Arnie 4c7d1aabea Add tree 2025-12-14 21:57:38 +01:00
Arnie 43fe34151a Update becky 2025-12-14 20:10:10 +01:00
Arnie ebcc853148 Fix pinentry for linux 2025-12-08 16:05:39 +01:00
Arnie 524ccea715 Update flake 2025-12-08 16:05:28 +01:00
Arnie 5c15c6885d Update flakes 2025-11-09 21:35:53 +01:00
arnie 7e2ae203da veracode gov stage access 2025-09-04 17:03:40 +02:00
arnie b163b2f9ce Formatting 2025-08-21 12:33:25 +02:00
arnie 7385941c96 Implement okta aws cli 2025-08-21 12:33:12 +02:00
arnie 22511d0238 Implement okta gov aws cli 2025-08-21 11:32:28 +02:00
arnie 0a9f041a3d Increase scollback limit in ghostty 2025-08-21 11:32:10 +02:00
arnie de2805aea2 Pass inputs to nix darwin 2025-08-21 11:31:52 +02:00
arnie 92d6ff3520 Update flakes 2025-08-21 11:31:42 +02:00
arnie 405af3517e Fix nix darwin activation script after update 2025-08-21 11:31:24 +02:00
arnie 2972486a85 Add shell script to cleanup aws clusters from kubeconfig 2025-07-29 10:51:13 +02:00
arnie 409a96c224 Fix grep reference from coreutils 2025-07-17 15:44:33 +02:00
arnie a7feabf2b8 Refactor zsh, add aws-sharable-url shell alias 2025-07-16 10:27:02 +02:00
arnie b7ff5d4869 Configure wireguard and ssh access for mac 2025-07-10 11:01:56 +02:00
arnie 261331252a Replace wireshark with wireshark-qt on mac 2025-07-09 10:17:04 +02:00
arnie a11c62c437 Add git insteadOf url for gitlab ssh 2025-07-09 10:00:49 +02:00
arnie a8a693cd95 Add wireshark to mac 2025-07-09 10:00:37 +02:00
arnie 0ae905e88f Add trusted substituters for nixpkgs terraform 2025-07-09 10:00:19 +02:00
arnie 8a56ff1571 Add rigrep 2025-07-09 09:59:29 +02:00
arnie c90d529ff6 Add yq to common packages 2025-06-11 10:10:08 +02:00
arnie 334780b2f4 QoL window move 2025-05-28 11:12:33 +02:00
arnie a9f26cfd6b Prepare window switching for all spaces 2025-04-30 09:21:52 +02:00
arnie f8807df81c Update mac config for aws and keepass 2025-04-30 09:13:04 +02:00
arnie 6372897237 Update flake inputs 2025-04-30 09:12:38 +02:00
arnie 6288dedcfe Increase ghostty scrollback limit 2025-04-23 11:33:27 +02:00
arnie 4026e78eb2 Update veracode-eu cli 2025-03-25 15:30:46 +01:00
arnie 51e76513c0 Add scrollback-limit to ghostty config 2025-03-25 12:19:19 +01:00
arnie 3a44cf40b7 Update veracode aws cli profiles 2025-03-25 12:19:00 +01:00
arnie 7de1a07096 Update AWS cli for veracode 2025-03-25 08:29:38 +01:00
arnie 143830ce27 Improve hammerspoon workspace management 2025-03-20 11:12:28 +01:00
arnie a12585068a Update veracode aws cli 2025-03-20 11:11:46 +01:00
arnie b71d16c7cf Add command to export assume role creds 2025-03-12 13:50:19 +01:00
Arnie 11b41208a5 Add service to sync keepass db on change 2025-03-11 09:09:43 +01:00
arnie 47a0914f75 Add veracode EU profiles to aws config with default names, but don't override US names where matching 2025-03-10 11:22:48 +01:00
arnie 9ba138df96 Adjust spaces behavior on darwin 2025-03-10 10:37:01 +01:00
arnie b73d0a54de Use EngineerAdmin for veracode master account 2025-03-06 11:33:39 +01:00
arnie 64586daac4 Ensure admin elevation through system 2025-03-05 10:03:08 +01:00
arnie 2f2e87a5d3 Update flakes 2025-03-05 09:50:03 +01:00
arnie fb04d4a456 Add aws cli profiles 2025-03-05 09:47:44 +01:00
arnie de256566e3 Add flameshot to mac 2025-03-03 12:06:09 +01:00
Arnie edaa9a2af0 Add metric to nfs routes 2025-02-20 21:25:53 +01:00
Arnie 9ede8608c6 Change nfs routing 2025-02-20 21:23:30 +01:00
Arnie a9132d4fbe Fix shell alias for configuring terminfo 2025-02-13 23:56:45 +01:00
arnie 76bdb1775d Add gpg git signature to Veracode 2025-02-07 14:13:18 +01:00
Lukas Cech 51433e6aca Update hammerspoon window management 2025-02-06 13:00:44 +01:00
Lukas Cech 0d2531afb4 Add veracode login script 2025-02-06 12:22:55 +01:00
Lukas Cech 205c10098a Change ghostty window split hotkeys 2025-02-06 12:22:38 +01:00
Lukas Cech aa70a30d45 Fix c3c flake template 2025-02-06 12:22:18 +01:00
Lukas Cech 71a1a67f16 Implement window presets in hammerspoon 2025-02-04 09:48:25 +01:00
Lukas Cech 25e93ab45c Formatting 2025-02-03 13:10:05 +01:00
Lukas Cech d16b8262c9 Fix klogs 2025-02-03 13:09:50 +01:00
Lukas Cech f9ed5be670 Improve klogs alias cross platform 2025-02-03 12:18:54 +01:00
Lukas Cech 30a76ebc8c Fix hammerspoon window move 2025-02-03 10:06:26 +01:00
Lukas Cech b6540bbc82 Replace xmind with drawio 2025-02-01 16:02:12 +01:00
Lukas Cech bce404fbaf Add window move commands for the home screen setup 2025-02-01 15:52:34 +01:00
Lukas Cech 7de78b10d0 Update keybinds for ghostty v1.1 2025-02-01 15:51:49 +01:00
Lukas Cech a6887fe85b Add xmind to veracode mac 2025-02-01 15:50:43 +01:00
Arnie 62d9753cfc Update dingleberry config 2025-01-31 21:57:32 +01:00
Arnie 1fc336f258 Add bcrypt shell alias 2025-01-31 21:57:24 +01:00
Lukas Cech ceabbe3c92 Fix loading spoons 2025-01-30 09:52:53 +01:00
Lukas Cech 9a4c10442a Fix keepass sync on mac 2025-01-30 09:13:14 +01:00
Lukas Cech 908d8e22b1 Add window moving to hammerspoon 2025-01-30 09:13:00 +01:00
Lukas Cech 46f71fabdd Refactor nix init scripts 2025-01-23 13:03:52 +01:00
Lukas Cech 28a44e36fa Refactor aliases 2025-01-23 13:03:39 +01:00
Lukas Cech ae9c1b1469 Shell alias rewrite part 1 2025-01-21 17:36:40 +01:00
Lukas Cech 802eba9819 Update nix init scripts 2025-01-21 17:36:23 +01:00
Lukas Cech 367e7ff45c Fix nix init scripts 2025-01-21 11:06:31 +01:00
Arnie 7ac33a4974 Add user service for syncing voron 2025-01-21 09:04:13 +01:00
Arnie 7c993c502a Refactoring, replace mcfly with fzf 2025-01-21 00:38:42 +01:00
Arnie a3e48a82ae Update ghostty and reverse search config 2025-01-20 22:52:38 +01:00
Arnie 4d53bc14f5 Add plasma manager 2025-01-20 22:51:38 +01:00
Lukas Cech 6713599065 Add dark k9s background for better readability 2025-01-20 15:08:48 +01:00
Lukas Cech ac857e73d1 Change keyboard for splitting ghostty windows 2025-01-20 15:08:35 +01:00
Lukas Cech c48e7e3165 Update nix initialization scripts 2025-01-20 15:08:19 +01:00
Lukas Cech bcf2d6355f Add alias for git syncing remote branches, add note to aws credential export alias 2025-01-20 15:08:07 +01:00
Lukas Cech 9fd1171c2c Update window tiling 2025-01-20 15:07:33 +01:00
Lukas Cech edac0da023 Darwin config update 2025-01-17 10:04:21 +01:00
Lukas Cech b3a2813e31 Add hammerspoon config for window tiling 2025-01-17 10:03:15 +01:00
40 changed files with 1906 additions and 536 deletions
Expand all files Collapse all files
.authorized-keys/dingleberry
+1
View File
@@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKxA6m6fD1jch/HwkWBaaYyr0HPttzM0i1D+V2MtMmFK becky@dingleberry
.authorized-keys/lcech-mac-veracode
+1
View File
@@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKFOQaA7023StG5vSl0txUbAXmPdsIFeWHLDHXlT5yZp lcech@lcech-mac-veracode
darwin/common.nix
+41 -11
View File
@@ -15,6 +15,7 @@ let
# Write the mapping in such a way that: # Write the mapping in such a way that:
# NEWTILDE switches with NEWPIPE # NEWTILDE switches with NEWPIPE
# NEWPIPE overrides NEWPLUSMINUS # NEWPIPE overrides NEWPLUSMINUS
# https://hidutil-generator.netlify.app/
UserKeyMapping = [ UserKeyMapping = [
{ {
HIDKeyboardModifierMappingSrc = 30064771125; HIDKeyboardModifierMappingSrc = 30064771125;
@@ -51,6 +52,7 @@ in
git git
coreutils coreutils
vim vim
flameshot
wireguard-tools wireguard-tools
]; ];
@@ -65,6 +67,24 @@ in
}; };
}; };
launchd.daemons.admin-ensure = {
script = "${pkgs.writeShellScript "admin-ensure" ''
if ! /usr/bin/groups lcech | /usr/bin/grep -q -w admin; then
/usr/bin/dscl . -merge /Groups/admin GroupMembership lcech
fi
if ! /usr/bin/groups Arnie | /usr/bin/grep -q -w admin; then
/usr/bin/dscl . -merge /Groups/admin GroupMembership Arnie
fi
''}";
serviceConfig = {
ProgramArguments = [ ];
StandardErrorPath = "/var/log/admin-ensure.error.log";
StandardOutPath = "/var/log/admin-ensure.out.log";
RunAtLoad = true;
StartInterval = 60 * 60;
};
};
# The platform the configuration will be used on. # The platform the configuration will be used on.
nixpkgs.hostPlatform = "aarch64-darwin"; nixpkgs.hostPlatform = "aarch64-darwin";
@@ -75,12 +95,6 @@ in
# $ darwin-rebuild changelog # $ darwin-rebuild changelog
system.stateVersion = 5; system.stateVersion = 5;
system.activationScripts.postUserActivation.text = ''
# activateSettings -u will reload the settings from the database and apply them to the current session,
# so we do not need to logout and login again to make the changes take effect.
/System/Library/PrivateFrameworks/SystemAdministration.framework/Resources/activateSettings -u
'';
system.defaults = { system.defaults = {
dock = { dock = {
autohide = true; autohide = true;
@@ -95,6 +109,9 @@ in
static-only = true; static-only = true;
tilesize = lib.mkDefault 80; tilesize = lib.mkDefault 80;
# Do not automatically rearrange spaces based on most recent use
mru-spaces = false;
# Hot corners # Hot corners
wvous-bl-corner = hot-corners.QuickNote; wvous-bl-corner = hot-corners.QuickNote;
wvous-br-corner = hot-corners.Launchpad; wvous-br-corner = hot-corners.Launchpad;
@@ -111,8 +128,9 @@ in
}; };
NSGlobalDomain = { NSGlobalDomain = {
AppleShowScrollBars = "WhenScrolling"; AppleShowScrollBars = "Automatic";
AppleScrollerPagingBehavior = true; AppleScrollerPagingBehavior = true;
AppleSpacesSwitchOnActivate = lib.mkDefault false;
"com.apple.swipescrolldirection" = false; "com.apple.swipescrolldirection" = false;
NSAutomaticCapitalizationEnabled = false; # disable auto capitalization NSAutomaticCapitalizationEnabled = false; # disable auto capitalization
NSAutomaticDashSubstitutionEnabled = false; # disable auto dash substitution NSAutomaticDashSubstitutionEnabled = false; # disable auto dash substitution
@@ -122,6 +140,14 @@ in
NSNavPanelExpandedStateForSaveMode = true; # expand save panel by default NSNavPanelExpandedStateForSaveMode = true; # expand save panel by default
}; };
spaces = {
spans-displays = lib.mkDefault true;
};
WindowManager = {
EnableStandardClickToShowDesktop = lib.mkDefault false;
};
# Customize settings that not supported by nix-darwin directly # Customize settings that not supported by nix-darwin directly
# see the source code of this project to get more undocumented options: # see the source code of this project to get more undocumented options:
# https://github.com/rgcr/m-cli # https://github.com/rgcr/m-cli
@@ -141,11 +167,8 @@ in
}; };
}; };
# Auto upgrade nix package and the daemon service. nix.enable = true;
services.nix-daemon.enable = true;
nix.channel.enable = lib.mkDefault false; nix.channel.enable = lib.mkDefault false;
nix.configureBuildUsers = lib.mkDefault true;
nix.distributedBuilds = lib.mkDefault true; nix.distributedBuilds = lib.mkDefault true;
nix.gc = { nix.gc = {
@@ -155,6 +178,13 @@ in
nix.settings = { nix.settings = {
experimental-features = lib.mkDefault "nix-command flakes"; experimental-features = lib.mkDefault "nix-command flakes";
trusted-substituters = [
"https://nixpkgs-terraform.cachix.org"
];
trusted-public-keys = [
"nixpkgs-terraform.cachix.org-1:8Sit092rIdAVENA3ZVeH9hzSiqI/jng6JiCrQ1Dmusw="
];
}; };
homebrew = { homebrew = {
darwin/lcech-mac-veracode.nix
+17 -1
View File
@@ -5,11 +5,23 @@
# brew install --cask # brew install --cask
# these need to be updated manually # these need to be updated manually
homebrew.casks = [ homebrew.casks = [
"drawio"
"ghostty" "ghostty"
"spotify"
"keepassxc" "keepassxc"
"spotify"
"wireshark-chmodbpf"
"visual-studio-code"
]; ];
system.primaryUser = "lcech";
system.activationScripts.postActivation.text = ''
# activateSettings -u will reload the settings from the database and apply them to the current session,
# so we do not need to logout and login again to make the changes take effect.
defaults write -g 'com.apple.mouse.linear' 1
sudo -u lcech /System/Library/PrivateFrameworks/SystemAdministration.framework/Resources/activateSettings -u
'';
system.defaults.dock.persistent-apps = [ system.defaults.dock.persistent-apps = [
"/Applications/Cursor.app" "/Applications/Cursor.app"
"/Applications/Firefox.app" "/Applications/Firefox.app"
@@ -21,4 +33,8 @@
"/Applications/zoom.us.app" "/Applications/zoom.us.app"
"/System/Applications/Notes.app" "/System/Applications/Notes.app"
]; ];
users.users.lcech.openssh.authorizedKeys.keys = [
"${builtins.readFile ../.authorized-keys/dingleberry}"
];
} }
flake.lock
Generated
+204 -23
View File
@@ -1,12 +1,18 @@
{ {
"nodes": { "nodes": {
"cl-nix-lite": { "cl-nix-lite": {
"inputs": {
"flake-parts": "flake-parts",
"nixpkgs": "nixpkgs",
"systems": "systems",
"treefmt-nix": "treefmt-nix"
},
"locked": { "locked": {
"lastModified": 1728174978, "lastModified": 1766810506,
"narHash": "sha256-Grqqg+xuicANB85j0gNEXxi9SBKY7bzGeTuyi95eGcY=", "narHash": "sha256-I4BxozsEu205tA7jazufztI8ZQ5p7hcCnjqrSKPz9nI=",
"owner": "hraban", "owner": "hraban",
"repo": "cl-nix-lite", "repo": "cl-nix-lite",
"rev": "31cfe6275c341eb3120a99f4b1c8516c49a29d87", "rev": "038e341cede255a83a8f04af114dc95717461d32",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -32,6 +38,24 @@
"type": "github" "type": "github"
} }
}, },
"flake-parts": {
"inputs": {
"nixpkgs-lib": "nixpkgs-lib"
},
"locked": {
"lastModified": 1765835352,
"narHash": "sha256-XswHlK/Qtjasvhd1nOa1e8MgZ8GS//jBoTqWtrS1Giw=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "a34fae9c08a15ad73f295041fec82323541400a9",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-utils": { "flake-utils": {
"inputs": { "inputs": {
"systems": [ "systems": [
@@ -53,12 +77,15 @@
} }
}, },
"flake-utils_2": { "flake-utils_2": {
"inputs": {
"systems": "systems_3"
},
"locked": { "locked": {
"lastModified": 1659877975, "lastModified": 1731533236,
"narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=", "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide", "owner": "numtide",
"repo": "flake-utils", "repo": "flake-utils",
"rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0", "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -74,11 +101,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1735900408, "lastModified": 1766980997,
"narHash": "sha256-U+oZBQ3f5fF2hHsupKQH4ihgTKLHgcJh6jEmKDg+W10=", "narHash": "sha256-oegDNAvyQwaG3GqSi4U5jpKM7SYHGESGVIuKMRV/lbw=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "1c8d4c8d592e8fab4cff4397db5529ec6f078cf9", "rev": "7a7b43c7231a439d248179ba8d561dd6cd81799b",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -95,14 +122,15 @@
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
], ],
"systems": "systems" "systems": "systems_2",
"treefmt-nix": "treefmt-nix_2"
}, },
"locked": { "locked": {
"lastModified": 1732920695, "lastModified": 1766810876,
"narHash": "sha256-1fxvJZUznwrmEtYqpPuWi2tPcL9kj6v7p1J7ZZncAPE=", "narHash": "sha256-VPElWFQIiP31lXQXEom+L4sl85alZpZn33O4hewsP9k=",
"owner": "hraban", "owner": "hraban",
"repo": "mac-app-util", "repo": "mac-app-util",
"rev": "548672d0cb661ce11d08ee8bde92b87d2a75c872", "rev": "4747968574ea58512c5385466400b2364c85d2d0",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -118,11 +146,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1735685839, "lastModified": 1766784396,
"narHash": "sha256-62xAPSs5VRZoPH7eRanUn5S5vZEd+8vM4bD5I+zxokc=", "narHash": "sha256-rIlgatT0JtwxsEpzq+UrrIJCRfVAXgbYPzose1DmAcM=",
"owner": "LnL7", "owner": "LnL7",
"repo": "nix-darwin", "repo": "nix-darwin",
"rev": "6a1fdb2a1204c0de038847b601cff5012e162b5e", "rev": "f0c8e1f6feb562b5db09cee9fb566a2f989e6b55",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -139,11 +167,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1713543440, "lastModified": 1762090880,
"narHash": "sha256-lnzZQYG0+EXl/6NkGpyIz+FEOc/DSEG57AP1VsdeNrM=", "narHash": "sha256-fbRQzIGPkjZa83MowjbD2ALaJf9y6KMDdJBQMKFeY/8=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nixGL", "repo": "nixGL",
"rev": "310f8e49a149e4c9ea52f1adf70cdc768ec53f8a", "rev": "b6105297e6f0cd041670c3e8628394d4ee247ed5",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -154,11 +182,74 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1735821806, "lastModified": 1766736597,
"narHash": "sha256-cuNapx/uQeCgeuhUhdck3JKbgpsml259sjUQnWM7zW8=", "narHash": "sha256-BASnpCLodmgiVn0M1MU2Pqyoz0aHwar/0qLkp7CjvSQ=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "f560ccec6b1116b22e6ed15f4c510997d99d5852",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-25.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-lib": {
"locked": {
"lastModified": 1765674936,
"narHash": "sha256-k00uTP4JNfmejrCLJOwdObYC9jHRrr/5M/a/8L2EIdo=",
"owner": "nix-community",
"repo": "nixpkgs.lib",
"rev": "2075416fcb47225d9b68ac469a5c4801a9c4dd85",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nixpkgs.lib",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1761236834,
"narHash": "sha256-+pthv6hrL5VLW2UqPdISGuLiUZ6SnAXdd2DdUE+fV2Q=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "d5faa84122bc0a1fd5d378492efce4e289f8eac1",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1761236834,
"narHash": "sha256-+pthv6hrL5VLW2UqPdISGuLiUZ6SnAXdd2DdUE+fV2Q=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "d5faa84122bc0a1fd5d378492efce4e289f8eac1",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_4": {
"locked": {
"lastModified": 1766870016,
"narHash": "sha256-fHmxAesa6XNqnIkcS6+nIHuEmgd/iZSP/VXxweiEuQw=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "d6973081434f88088e5321f83ebafe9a1167c367", "rev": "5c2bc52fb9f8c264ed6c93bd20afa2ff5e763dce",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -168,16 +259,55 @@
"type": "github" "type": "github"
} }
}, },
"plasma-manager": {
"inputs": {
"home-manager": [
"home-manager"
],
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1763909441,
"narHash": "sha256-56LwV51TX/FhgX+5LCG6akQ5KrOWuKgcJa+eUsRMxsc=",
"owner": "nix-community",
"repo": "plasma-manager",
"rev": "b24ed4b272256dfc1cc2291f89a9821d5f9e14b4",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "plasma-manager",
"type": "github"
}
},
"root": { "root": {
"inputs": { "inputs": {
"home-manager": "home-manager", "home-manager": "home-manager",
"mac-app-util": "mac-app-util", "mac-app-util": "mac-app-util",
"nix-darwin": "nix-darwin", "nix-darwin": "nix-darwin",
"nixgl": "nixgl", "nixgl": "nixgl",
"nixpkgs": "nixpkgs" "nixpkgs": "nixpkgs_4",
"plasma-manager": "plasma-manager"
} }
}, },
"systems": { "systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_2": {
"locked": { "locked": {
"lastModified": 1689347925, "lastModified": 1689347925,
"narHash": "sha256-ozenz5bFe1UUqOn7f60HRmgc01BgTGIKZ4Xl+HbocGQ=", "narHash": "sha256-ozenz5bFe1UUqOn7f60HRmgc01BgTGIKZ4Xl+HbocGQ=",
@@ -191,6 +321,57 @@
"repo": "default-darwin", "repo": "default-darwin",
"type": "github" "type": "github"
} }
},
"systems_3": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"treefmt-nix": {
"inputs": {
"nixpkgs": "nixpkgs_2"
},
"locked": {
"lastModified": 1766000401,
"narHash": "sha256-+cqN4PJz9y0JQXfAK5J1drd0U05D5fcAGhzhfVrDlsI=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "42d96e75aa56a3f70cab7e7dc4a32868db28e8fd",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "treefmt-nix",
"type": "github"
}
},
"treefmt-nix_2": {
"inputs": {
"nixpkgs": "nixpkgs_3"
},
"locked": {
"lastModified": 1766000401,
"narHash": "sha256-+cqN4PJz9y0JQXfAK5J1drd0U05D5fcAGhzhfVrDlsI=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "42d96e75aa56a3f70cab7e7dc4a32868db28e8fd",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "treefmt-nix",
"type": "github"
}
} }
}, },
"root": "root", "root": "root",
flake.nix
+29 -2
View File
@@ -6,12 +6,19 @@
nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable"; nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
nix-darwin.url = "github:LnL7/nix-darwin"; nix-darwin.url = "github:LnL7/nix-darwin";
nix-darwin.inputs.nixpkgs.follows = "nixpkgs"; nix-darwin.inputs.nixpkgs.follows = "nixpkgs";
home-manager.url = "github:nix-community/home-manager"; home-manager.url = "github:nix-community/home-manager";
home-manager.inputs.nixpkgs.follows = "nixpkgs"; home-manager.inputs.nixpkgs.follows = "nixpkgs";
mac-app-util.url = "github:hraban/mac-app-util"; mac-app-util.url = "github:hraban/mac-app-util";
mac-app-util.inputs.nixpkgs.follows = "nixpkgs"; mac-app-util.inputs.nixpkgs.follows = "nixpkgs";
nixgl.url = "github:nix-community/nixGL"; nixgl.url = "github:nix-community/nixGL";
nixgl.inputs.nixpkgs.follows = "nixpkgs"; nixgl.inputs.nixpkgs.follows = "nixpkgs";
plasma-manager.url = "github:nix-community/plasma-manager";
plasma-manager.inputs.nixpkgs.follows = "nixpkgs";
plasma-manager.inputs.home-manager.follows = "home-manager";
}; };
outputs = outputs =
@@ -22,6 +29,7 @@
nix-darwin, nix-darwin,
nixgl, nixgl,
nixpkgs, nixpkgs,
plasma-manager,
}: }:
let let
systems = nixpkgs.lib.genAttrs [ systems = nixpkgs.lib.genAttrs [
@@ -44,7 +52,8 @@
function ( function (
import nixpkgs { import nixpkgs {
inherit system; inherit system;
config.allowUnfreePredicate = (pkg: builtins.elem (nixpkgs.lib.getName pkg) [ "nvidia" ]); config.allowUnfreePredicate = (pkg: builtins.elem (nixpkgs.lib.getName pkg) [ "nvidia" "claude-code" ]);
config.allowUnfree = true;
} }
) )
); );
@@ -73,6 +82,7 @@
inherit pkgs; inherit pkgs;
modules = [ modules = [
inputs.plasma-manager.homeModules.plasma-manager
./home-manager/common.nix ./home-manager/common.nix
./home-manager/becky-dingleberry.nix ./home-manager/becky-dingleberry.nix
]; ];
@@ -88,13 +98,30 @@
system = "aarch64-darwin"; system = "aarch64-darwin";
specialArgs = { specialArgs = {
self = self; self = self;
inputs = inputs // {
darwin = inputs.nix-darwin;
};
}; };
modules = [ modules = [
# Add our overlay to the system configuration # Add our overlay to the system configuration
( (
{ ... }: { ... }:
{ {
nixpkgs.overlays = [ overlay ]; nixpkgs.overlays = [
overlay
(
self: super:
let
nixpkgsWithFree = import nixpkgs {
system = "aarch64-darwin";
config.allowUnfree = true;
};
in
{
claude-code = nixpkgsWithFree.claude-code;
}
)
];
} }
) )
mac-app-util.darwinModules.default mac-app-util.darwinModules.default
home-manager/becky-dingleberry.nix
+265 -81
View File
@@ -4,6 +4,7 @@
pkgs, pkgs,
... ...
}: }:
# TODO: implement plasma configuration
# TODO: Plasma does not see home manager installed packages # TODO: Plasma does not see home manager installed packages
let let
username = "becky"; username = "becky";
@@ -45,6 +46,7 @@ in
"application/xhtml+xml" = "userapp-Firefox-5T0SK2.desktop"; "application/xhtml+xml" = "userapp-Firefox-5T0SK2.desktop";
"application/x-extension-xhtml" = "userapp-Firefox-5T0SK2.desktop"; "application/x-extension-xhtml" = "userapp-Firefox-5T0SK2.desktop";
"application/x-extension-xht" = "userapp-Firefox-5T0SK2.desktop"; "application/x-extension-xht" = "userapp-Firefox-5T0SK2.desktop";
"x-scheme-handler/lmstudio" = "LM Studio.desktop";
}; };
enable = true; enable = true;
}; };
@@ -53,8 +55,8 @@ in
# }; # };
}; };
nixGL.packages = pkgs.nixgl; targets.genericLinux.nixGL.packages = pkgs.nixgl;
nixGL.defaultWrapper = "nvidia"; targets.genericLinux.nixGL.defaultWrapper = "nvidia";
home.username = username; home.username = username;
@@ -63,52 +65,59 @@ in
home.stateVersion = "24.11"; home.stateVersion = "24.11";
home.packages = with pkgs; [ home.packages = with pkgs; [
nixd android-tools
direnv
nix-direnv
kdePackages.kdeconnect-kde
# TODO: Move from system to nix # TODO: Move from system to nix
# awscli2 # awscli2
# k9s
# kubectl # kubectl
# Terminal image viewer # Terminal image viewer
viu tcpdump
]; ];
home.file = {
"${homedir}/.gnupg/gpg-agent.conf" = {
text = ''
default-cache-ttl 34560000
max-cache-ttl 34560000
allow-loopback-pinentry
pinentry-program ${pkgs.pinentry-curses}/bin/pinentry
'';
};
};
xdg.configFile = lib.mkMerge [ xdg.configFile = lib.mkMerge [
{ {
"ghostty/config" = { "ghostty/config" = {
text = '' text = ''
font-size = 10 ${builtins.readFile ./shared/ghostty.config}
theme = catppuccin-mocha
window-height = 9999 font-size = 11
window-width = 9999
keybind = super+c=copy_to_clipboard
keybind = super+v=paste_from_clipboard
keybind = super+t=new_tab
''; '';
}; };
} }
]; ];
# TODO: Manual ghostty injection # TODO: Manual ghostty injectionF
programs.bat.syntaxes.ghostty = { programs.bat.syntaxes.ghostty = {
src = pkgs.ghostty; src = pkgs.ghostty;
file = "share/bat/syntaxes/ghostty.sublime-syntax"; file = "share/bat/syntaxes/ghostty.sublime-syntax";
}; };
programs.vim.plugins = lib.mkMerge [ pkgs.ghostty.vim ]; programs.vim.plugins = [ pkgs.ghostty.vim ];
programs.direnv = {
enable = true;
nix-direnv.enable = true;
};
programs.git = { programs.git = {
enable = true; enable = true;
userName = "Arnie"; settings = {
userEmail = "i@cechis.cz"; user = {
ignores = [ name = "Arnie";
".vscode" email = "i@cechis.cz";
".direnv" };
".devenv"
".envrc"
];
extraConfig = {
core = { core = {
autocrlf = "input"; autocrlf = "input";
# TODO: Provide through nix # TODO: Provide through nix
@@ -120,9 +129,41 @@ in
init.defaultBranch = "main"; init.defaultBranch = "main";
}; };
ignores = [
".vscode"
".direnv"
".devenv"
".envrc"
];
signing = {
signByDefault = true;
key = "892F43F4";
};
};
# Generate key wth gpg --full-gen-key
# Kind of key: 10 ECC sign only, curve 25519
# Real name: <username>
# Email address: <email>
# Add to git: gpg --list-secret-keys --keyid-format SHORT
# get the bit after the key kind and put it in the signing.key in git config above
# gpg --armor --export <KEY> and add to git account
programs.gpg = {
enable = true;
settings = {
use-agent = true;
pinentry-mode = "loopback";
};
mutableKeys = false;
publicKeys = [ ];
}; };
# Can't use the nixgl wrapper due to GTK libraries # Can't use the nixgl wrapper due to GTK libraries
#
# programs.ghostty = { # programs.ghostty = {
# enable = true; # enable = true;
@@ -141,36 +182,8 @@ in
# }; # };
# }; # };
programs.htop = {
enable = true;
};
programs.jq = {
enable = true;
};
programs.k9s = {
enable = true;
settings = {
k9s = {
refreshRate = 2;
ui = {
logoless = true;
headless = true;
};
logger = {
tail = 1000;
sinceSeconds = 60 * 30;
fullScreen = true;
showtime = true;
};
};
};
};
programs.lsd = { programs.lsd = {
enable = true; enable = true;
enableAliases = true;
settings = { settings = {
blocks = [ blocks = [
"permission" "permission"
@@ -187,32 +200,86 @@ in
}; };
}; };
programs.mcfly = {
enable = true;
enableZshIntegration = true;
keyScheme = "vim";
# TODO: Test
fuzzySearchFactor = 2;
settings = {
colors = {
menubar = {
bg = "black";
fg = "red";
};
darkmode = {
prompt = "cyan";
timing = "yellow";
};
};
};
};
programs.pay-respects = { programs.pay-respects = {
enable = true; enable = true;
enableZshIntegration = true; enableZshIntegration = true;
}; };
# https://github.com/nix-community/plasma-manager
# https://nix-community.github.io/plasma-manager/options.xhtml
#https://github.com/HeitorAugustoLN/nix-config/tree/main/home/heitor/features/desktop/plasma
# ~/.config/kglobalshortcutsrc
programs.plasma = {
enable = true;
# killall kglobalaccel5; kglobalaccel5 &; disown
shortcuts = {
"org.kde.konsole.desktop" = {
_launch = "none";
};
"com.mitchellh.ghostty.desktop" = {
_launch = "Ctrl+Alt+T";
};
"KDE Keyboard Layout Switcher" = {
"Switch to Next Keyboard Layout" = "none";
};
kded5 = {
display = [
"none"
"none"
"Switch Display"
];
};
ksmserver = {
"Lock Session" = "Meta+Ctrl+Q";
};
kwin = {
"Window Maximize" = "Meta+Ctrl+Alt+M";
"Window Quick Tile Bottom" = "Meta+Ctrl+Alt+Down";
"Window Quick Tile Left" = "Meta+Ctrl+Alt+Left";
"Window Quick Tile Right" = "Meta+Ctrl+Alt+Right";
"Window Quick Tile Top" = "Meta+Ctrl+Alt+Up";
"Walk Through Windows" = "Meta+Tab";
"Walk Through Windows (Reverse)" = "Meta+Shift+Tab";
"Walk Through Windows of Current Application" = "Meta+`";
"Walk Through Windows of Current Application (Reverse)" = "Meta+Shift+`";
"Window Close" = "Meta+W";
"Overview" = "Ctrl+Meta+Tab";
"Switch One Desktop to the Right" = "none";
"Switch One Desktop to the Left" = "none";
"Edit Tiles" = "none";
# "MoveMouseToCenter" = "Meta+F6,Meta+F6,Move Mouse to Center";
"MoveMouseToCenter" = "none";
# "MoveMouseToFocus" = "Meta+F5,Meta+F5,Move Mouse to Focus";
"MoveMouseToFocus" = "none";
# "Switch to Screen 0" = "none,,Switch to Screen 0";
"Switch to Screen 0" = "Meta+Ctrl+Alt+0";
# "Switch to Screen 1" = "none,,Switch to Screen 1";
"Switch to Screen 1" = "Meta+Ctrl+Alt+1";
# "Switch to Screen 2" = "none,,Switch to Screen 2";
"Switch to Screen 2" = "Meta+Ctrl+Alt+2";
};
plasmashell = {
"next activity" = "Meta+Ctrl+Right";
"previous activity" = "Meta+Ctrl+Left";
};
};
};
# TODO: Configure # TODO: Configure
# programs.ssh = { # programs.ssh = {
# enable = true; # enable = true;
@@ -222,8 +289,13 @@ in
enable = true; enable = true;
shellAliases = { shellAliases = {
hm-switch = "home-manager switch --impure --flake ~/.config/nix"; configure-ssh-terminfo = "${pkgs.writeShellScript "configure-ssh-terminfo" "infocmp -x | ssh \"$@\" -- tic -x -"}";
configure-ssh-terminfo = "f(){ infocmp -x | ssh \"$@\" -- tic -x -; unset -f f; }; f";
aws-ecr-login-skoda = "aws --profile skoda-prod --region eu-central-1 ecr get-login-password | sudo docker login 943160431142.dkr.ecr.eu-central-1.amazonaws.com -u AWS --password-stdin";
aws-ecr-login-scholaris = "aws --profile skoda-sch-dev --region eu-central-1 ecr get-login-password | sudo docker login 442913623981.dkr.ecr.eu-central-1.amazonaws.com -u AWS --password-stdin";
aws-ecr-login-yp = "aws-vault exec yp aws --region eu-central-1 ecr get-login-password | sudo docker login 060714730522.dkr.ecr.eu-central-1.amazonaws.com -u AWS --password-stdin";
aws-ecr-login-investbay = "aws-vault exec InvestBay-AccountManagement aws --region eu-central-1 ecr get-login-password | sudo docker login 297503416491.dkr.ecr.eu-central-1.amazonaws.com -u AWS --password-stdin";
}; };
dirHashes = { dirHashes = {
mac = "${homedir}/storage/.macshare"; mac = "${homedir}/storage/.macshare";
@@ -235,6 +307,7 @@ in
vysokyujezd = "${homedir}/storage/.life/stavby/vysoky-ujezd"; vysokyujezd = "${homedir}/storage/.life/stavby/vysoky-ujezd";
work = "/mnt/yosuke/share/arnie/work"; work = "/mnt/yosuke/share/arnie/work";
smarthome = "/mnt/yosuke/share/arnie/smarthome"; smarthome = "/mnt/yosuke/share/arnie/smarthome";
lab = "/mnt/storage/.lab";
# Hardware # Hardware
v2-red = "${homedir}/storage/.hardware/3d-print/v2-red-V2-2201270017"; v2-red = "${homedir}/storage/.hardware/3d-print/v2-red-V2-2201270017";
@@ -252,7 +325,7 @@ in
c4 = "/mnt/yosuke/share/arnie/smarthome/control4/drivers"; c4 = "/mnt/yosuke/share/arnie/smarthome/control4/drivers";
}; };
initExtra = '' initContent = ''
${builtins.concatStringsSep "\n" ( ${builtins.concatStringsSep "\n" (
builtins.map (dir: '' builtins.map (dir: ''
for file in ${dir}/*.zsh; do for file in ${dir}/*.zsh; do
@@ -263,8 +336,8 @@ in
autoload -U +X bashcompinit && bashcompinit autoload -U +X bashcompinit && bashcompinit
source <(kubectl completion zsh) source <(${pkgs.kubectl}/bin/kubectl completion zsh)
complete -C '/usr/local/bin/aws_completer' aws complete -C '${pkgs.awscli2}/bin/aws_completer' aws
# Manual ghostty injection # Manual ghostty injection
if [[ -n $GHOSTTY_RESOURCES_DIR ]]; then if [[ -n $GHOSTTY_RESOURCES_DIR ]]; then
@@ -273,13 +346,13 @@ in
''; '';
}; };
systemd.user.services.keepass-sync = { systemd.user.services.keepass-sync-timer = {
Unit.Description = "Sync KeePass database"; Unit.Description = "Sync KeePass database";
Service = { Service = {
Type = "oneshot"; Type = "oneshot";
ExecStart = toString ( ExecStart = toString (
pkgs.writeShellScript "keepass-sync" '' pkgs.writeShellScript "keepass-sync-timer" ''
${pkgs.coreutils}/bin/cp "/mnt/storage/.circuitry/.secret/default.kdbx" "/mnt/storage/.macshare/.secret/arnie.kdbx" ${pkgs.coreutils}/bin/cp "/mnt/storage/.circuitry/.secret/default.kdbx" "/mnt/storage/.macshare/.secret/arnie.kdbx"
'' ''
); );
@@ -288,6 +361,85 @@ in
Install.WantedBy = [ "default.target" ]; Install.WantedBy = [ "default.target" ];
}; };
systemd.user.services.keepass-sync = {
Unit.Description = "Sync KeePass database";
Service = {
Type = "simple";
ExecStart = toString (
pkgs.writeShellScript "keepass-sync" ''
echo "Starting sync"
${pkgs.inotify-tools}/bin/inotifywait --monitor --quiet -e modify -e moved_to -e create --include "default\.kdbx" "/mnt/storage/.circuitry/.secret" | ${pkgs.writeShellScript "keepass-sync-cp" ''
function sync() {
${pkgs.coreutils}/bin/cp "/mnt/storage/.circuitry/.secret/default.kdbx" "/mnt/storage/.macshare/.secret/arnie.kdbx"
if [[ $? -ne 0 ]]; then
echo "Sync failed"
fi
}
sync_pid=0
while read -r event; do
echo "?"
# Throttle syncing
if [ $sync_pid -ne 0 ]; then
kill $sync_pid 2>/dev/null || true
fi
# Schedule new sync
{ sleep 1; sync; } &
sync_pid=$!
done
''}
''
);
Restart = "always";
RestartSec = 1;
};
Install.WantedBy = [ "default.target" ];
};
systemd.user.services.voron2-red-sync = {
Unit.Description = "Sync Voron2 red gcodes";
Service = {
Type = "simple";
ExecStart = toString (
pkgs.writeShellScript "voron2-red-sync" ''
echo "Starting sync"
${pkgs.inotify-tools}/bin/inotifywait --monitor --recursive --quiet -e modify -e moved_to -e moved_from -e create -e delete /mnt/storage/.hardware/3d-print/v2-red-V2-2201270017/files | ${pkgs.writeShellScript "voron2-red-sync" ''
function sync() {
rsync -avz -e "ssh -i /home/becky/.ssh/voron2-red" --delete --exclude='.thumbs' /mnt/storage/.hardware/3d-print/v2-red-V2-2201270017/files/ pi@voron2-red:~/printer_data/gcodes/
if [[ $? -ne 0 ]]; then
echo "Sync failed"
fi
}
sync_pid=0
while read -r event; do
# Throttle syncing
if [ $sync_pid -ne 0 ]; then
kill $sync_pid 2>/dev/null || true
fi
# Schedule new sync
{ sleep 1; sync; } &
sync_pid=$!
done
''}
''
);
Restart = "always";
RestartSec = 1;
};
Install.WantedBy = [ "default.target" ];
};
systemd.user.timers.keepass-sync = { systemd.user.timers.keepass-sync = {
Unit.Description = "Timer for KeePass sync"; Unit.Description = "Timer for KeePass sync";
@@ -299,9 +451,41 @@ in
Install.WantedBy = [ "timers.target" ]; Install.WantedBy = [ "timers.target" ];
}; };
# Total hack, not what HM is for
# Manually remove files if deleted here
home.activation.nfsRoute = lib.hm.dag.entryAfter [ "writeBoundary" ] ''
/usr/bin/sudo ${pkgs.coreutils}/bin/ln -fs ${pkgs.writeShellScript "nfs-route" ''
if [ "$IFACE" = "enp4s0" ]; then
if [ "$(ip route list exact 10.125.248.55 | grep enp4s0 | wc -l)" == "0" ]; then
ip route add 10.125.248.55 via 10.124.248.248 dev enp4s0 metric 1
fi
if [ "$(ip route list exact 10.125.248.33 | grep enp4s0 | wc -l)" == "0" ]; then
ip route add 10.125.248.33 via 10.124.248.248 dev enp4s0 metric 1
fi
fi
''} /etc/network/if-up.d/nfs-route
/usr/bin/sudo ${pkgs.coreutils}/bin/mkdir -p /etc/network/if-post-down.d
/usr/bin/sudo ${pkgs.coreutils}/bin/ln -fs ${pkgs.writeShellScript "nfs-route" ''
if [ "$IFACE" = "enp4s0" ]; then
if [ "$(ip route list exact 10.125.248.55 | grep enp4s0 | wc -l)" != "0" ]; then
ip route del 10.125.248.55 via 10.124.248.248 dev enp4s0 metric 1
fi
if [ "$(ip route list exact 10.125.248.33 | grep enp4s0 | wc -l)" != "0" ]; then
ip route del 10.125.248.33 via 10.124.248.248 dev enp4s0 metric 1
fi
fi
''} /etc/network/if-post-down.d/nfs-route
'';
home.sessionVariables = { home.sessionVariables = {
EDITOR = "vim"; EDITOR = "vim";
GO111MODULE = "on"; GO111MODULE = "on";
TERMINAL = "ghostty"; TERMINAL = "ghostty";
AWS_VAULT_BACKEND = "secret-service";
AWS_VAULT_SECRET_SERVICE_COLLECTION_NAME = "default";
}; };
} }
home-manager/common.nix
+89 -45
View File
@@ -3,13 +3,22 @@
pkgs, pkgs,
... ...
}: }:
let
zshSourceCommon = ./zsh/common;
isDarwin = pkgs.stdenv.hostPlatform.isDarwin;
isLinux = pkgs.stdenv.hostPlatform.isLinux;
in
{ {
imports = [
(import ./nix-init-scripts.nix {
inherit lib pkgs;
})
./programs/zsh.nix
];
home.packages = with pkgs; [
awscli2
kubectl
nixd
tree
viu
yq
];
# Let Home Manager install and manage itself. # Let Home Manager install and manage itself.
programs.home-manager.enable = true; programs.home-manager.enable = true;
@@ -18,6 +27,79 @@ in
enable = true; enable = true;
}; };
programs.direnv = {
enable = true;
nix-direnv.enable = true;
};
programs.fzf = {
enable = true;
enableZshIntegration = true;
};
programs.htop = {
enable = true;
};
programs.k9s = {
enable = true;
settings = {
k9s = {
refreshRate = 2;
ui = {
logoless = true;
headless = true;
skin = "darkerbg";
};
logger = {
tail = 1000;
sinceSeconds = 60 * 30;
fullScreen = true;
showtime = true;
};
};
};
skins = {
darkerbg = {
k9s = {
body = {
bgColor = "#333";
};
frame = {
title = {
bgColor = "#333";
};
};
views = {
table = {
bgColor = "#333";
header = {
bgColor = "#333";
};
};
logs = {
bgColor = "#333";
};
};
};
};
};
};
programs.jq = {
enable = true;
};
programs.ripgrep = {
enable = true;
arguments = [
"--smart-case"
"--hidden"
];
};
programs.vim = { programs.vim = {
enable = true; enable = true;
settings = { settings = {
@@ -26,44 +108,6 @@ in
}; };
}; };
programs.zsh = {
enable = true;
autocd = lib.mkDefault true;
shellAliases =
{
cat = lib.mkDefault "bat --paging=never";
nixfix = lib.mkDefault "nix fmt ./**/*.nix";
aws-export-credentials = lib.mkDefault "aws configure export-credentials --format env --profile";
# use curl-aws --aws-sigv4 "aws:amz:region:service"
curl-aws = lib.mkDefault "curl -H \"X-Amz-Security-Token: $AWS_SESSION_TOKEN\" --user \"$AWS_ACCESS_KEY_ID:$AWS_SECRET_ACCESS_KEY\"";
}
// (
if isDarwin then
{
hm-switch = lib.mkDefault "darwin-rebuild switch --flake ~/.config/nix";
}
else if isLinux then
{
hm-switch = lib.mkDefault "home-manager switch --flake ~/.config/nix";
}
else
{ }
);
initExtra = lib.mkBefore ''
for file in ${zshSourceCommon}/*.zsh; do
source "$file"
done
# [Ctrl-RightArrow] - move forward one word
bindkey '^[[1;3C' forward-word
# [Ctrl-LeftArrow] - move backward one word
bindkey '^[[1;3D' backward-word
'';
};
programs.starship = { programs.starship = {
enable = true; enable = true;
enableZshIntegration = true; enableZshIntegration = true;
@@ -102,7 +146,7 @@ in
character = { character = {
success_symbol = "[](bold green)"; success_symbol = "[](bold green)";
error_symbol = "[](bold red)"; error_symbol = "[!](bold red)";
}; };
}; };
}; };
home-manager/flake-templates/c3c-flake.nix
+4 -2
View File
@@ -27,9 +27,11 @@
description = "Print this menu"; description = "Print this menu";
exec = '' exec = ''
echo "Commands:" echo "Commands:"
echo -n ${ echo -n '${
builtins.toJSON ( builtins.toJSON (
builtins.mapAttrs (s: value: value.description) self.devShells.${pkgs.system}.default.config.scripts builtins.mapAttrs (
s: value: value.description
) self.devShells.${pkgs.stdenv.hostPlatform.system}.default.config.scripts
) )
}' | \ }' | \
${pkgs.jq}/bin/jq -r 'to_entries | map(" \(.key)\n" + " - \(if .value == "" then "no description provided" else .value end)") | "" + .[]' ${pkgs.jq}/bin/jq -r 'to_entries | map(" \(.key)\n" + " - \(if .value == "" then "no description provided" else .value end)") | "" + .[]'
home-manager/flake-templates/investbay-flake.nix
+23
View File
@@ -0,0 +1,23 @@
{
inputs = {
nix.url = "git+ssh://git@git.investbay.dev/devops/nix?branch=main";
};
outputs =
{ self, nix }:
{
formatter = nix.formatter;
devShells = nix.lib.forAllSystems (pkgs: {
default = pkgs.devshell.mkShell {
name = "investbay";
packages = with pkgs; [
];
commands = [ ];
};
});
};
}
home-manager/flake-templates/yp-flake.nix
+23
View File
@@ -0,0 +1,23 @@
{
inputs = {
nix.url = "git+ssh://git@bitbucket.org/yourpass/nix";
};
outputs =
{ self, nix }:
{
formatter = nix.formatter;
devShells = nix.lib.forAllSystems (pkgs: {
default = pkgs.devshell.mkShell {
name = "yp";
packages = with pkgs; [
];
commands = [ ];
};
});
};
}
home-manager/hammerspoon/C3CWorkspace.spoon/init.lua
+128
View File
@@ -0,0 +1,128 @@
return (function()
local grid = hs.grid
local screen = hs.screen
local spaces = hs.spaces
local timer = hs.timer
local window = hs.window
spoon = {
name = "C3C Workspace";
version = "0.0.1";
author = "Arnie";
license = "MIT";
}
-- DELL S2722DGM: 394ACDEE-CA25-43C4-A533-D4EDF4A897AF
-- DELL S2721DGF: D3142823-261D-46EF-B9C2-5181C7FE2CA5
-- AV Receiver: B5845603-D54C-44B8-9B55-96F7E5F50646
local appScreenMap = {
Slack = {
desktop = 1,
screen = "394ACDEE-CA25-43C4-A533-D4EDF4A897AF",
fullscreen = true,
},
Code = {
desktop = 1,
screen = "D3142823-261D-46EF-B9C2-5181C7FE2CA5",
fullscreen = true,
},
Spotify = {
desktop = 2,
screen = "D3142823-261D-46EF-B9C2-5181C7FE2CA5",
fullscreen = true,
},
["zoom.us"] = {
screen = "D3142823-261D-46EF-B9C2-5181C7FE2CA5",
fullscreen = true,
},
["Microsoft Outlook"] = {
desktop = 3,
screen = "D3142823-261D-46EF-B9C2-5181C7FE2CA5",
fullscreen = true,
},
}
local fullscreen = function(win)
local screen = win:screen()
local cell = grid.get(win, screen)
cell.x = 0
cell.y = 0
cell.w = 24
cell.h = 24
grid.set(win, cell, screen)
end
function spoon:restoreAppsToScreens()
local screens = {}
for _, scr in ipairs(screen.allScreens()) do
screens[scr:getUUID()] = scr
end
local currentSpaces = spaces.allSpaces()
local spaceMap = {}
for _, screenSpaces in pairs(currentSpaces) do
for _, space in ipairs(screenSpaces) do
spaceMap[space] = true
end
end
local spaceIds = {}
for spaceId, _ in pairs(spaceMap) do
table.insert(spaceIds, spaceId)
end
local winMap = {}
for _, spaceId in pairs(spaceIds) do
for _, winId in ipairs(spaces.windowsForSpace(spaceId)) do
winMap[winId] = true
end
end
for winId, _ in pairs(winMap) do
-- Cannot get windows for non-active spaces, window.filter would have to be used, but performance is crap
local win = window.get(winId)
if win ~= nil then
local name = win:application():name()
local def = appScreenMap[name]
if def ~= nil then
if def.desktop ~= nil and currentSpaces[def.screen] ~= nil then
print(name .. " moving window into an index " .. def.desktop .. " which is space " .. currentSpaces[def.screen][def.desktop])
spaces.moveWindowToSpace(win, currentSpaces[def.screen][def.desktop])
end
local scr = screens[def.screen]
if scr ~= nil then
timer.doAfter(1, function()
print(name .. " moving window into a screen " .. def.screen)
win:moveToScreen(scr)
if def.fullscreen then
timer.doAfter(1, function()
print(name .. " fullscreening window")
fullscreen(win)
end)
end
end)
end
end
end
end
end
-- https://github.com/Hammerspoon/hammerspoon/blob/master/SPOONS.md#hotkeys
function spoon:bindHotKeys(mapping)
local spec = {
restoreAppsToScreens = hs.fnutils.partial(self.restoreAppsToScreens, self)
}
hs.spoons.bindHotkeysToSpec(spec, mapping)
return self
end
return spoon
end)()
home-manager/hammerspoon/window-move.lua
+126
View File
@@ -0,0 +1,126 @@
windowMove = function()
local grid = hs.grid
local screen = hs.screen
local timer = hs.timer
local window = hs.window
-- move window to next screen
hs.hotkey.bind({ "ctrl", "alt", "cmd" }, "N", function()
local win = window.focusedWindow()
win:moveToScreen(win:screen():next())
end)
local fullscreen = function(win)
local scr = win:screen()
local cell = grid.get(win, scr)
cell.x = 0
cell.y = 0
cell.w = 24
cell.h = 24
grid.set(win, cell, scr)
end
local getScreenById = function(id)
for _, scr in ipairs(screen.allScreens()) do
if scr:getUUID() == id then
return scr
end
end
return nil
end
hs.hotkey.bind({ "ctrl", "alt", "cmd" }, "pad1", function()
-- DELL S2722DGM
local scr = getScreenById("394ACDEE-CA25-43C4-A533-D4EDF4A897AF")
if scr == nil then
return
end
local win = window.focusedWindow()
win:moveToScreen(scr)
timer.doAfter(1, function()
fullscreen(win)
end)
end)
hs.hotkey.bind({ "ctrl", "alt", "cmd" }, "pad2", function()
-- DELL S2721DGF
local scr = getScreenById("D3142823-261D-46EF-B9C2-5181C7FE2CA5")
if scr == nil then
return
end
local win = window.focusedWindow()
win:moveToScreen(scr)
timer.doAfter(1, function()
fullscreen(win)
end)
end)
hs.hotkey.bind({ "ctrl", "alt", "cmd" }, "pad3", function()
-- AV Receiver
local scr = getScreenById("B5845603-D54C-44B8-9B55-96F7E5F50646")
if scr == nil then
return
end
local win = window.focusedWindow()
win:moveToScreen(scr)
timer.doAfter(1, function()
fullscreen(win)
end)
end)
hs.hotkey.bind({ "ctrl", "alt", "cmd", "shift" }, "pad1", function()
-- DELL S2722DGM
local scr = getScreenById("394ACDEE-CA25-43C4-A533-D4EDF4A897AF")
if scr == nil then
return
end
for _, win in ipairs(window.focusedWindow():application():allWindows()) do
win:moveToScreen(scr)
timer.doAfter(1, function()
fullscreen(win)
end)
end
end)
hs.hotkey.bind({ "ctrl", "alt", "cmd", "shift" }, "pad2", function()
-- DELL S2721DGF
local scr = getScreenById("D3142823-261D-46EF-B9C2-5181C7FE2CA5")
if scr == nil then
return
end
for _, win in ipairs(window.focusedWindow():application():allWindows()) do
win:moveToScreen(scr)
timer.doAfter(1, function()
fullscreen(win)
end)
end
end)
hs.hotkey.bind({ "ctrl", "alt", "cmd", "shift" }, "pad3", function()
-- AV Receiver
local scr = getScreenById("B5845603-D54C-44B8-9B55-96F7E5F50646")
if scr == nil then
return
end
for _, win in ipairs(window.focusedWindow():application():allWindows()) do
win:moveToScreen(scr)
timer.doAfter(1, function()
fullscreen(win)
end)
end
end)
end
windowMove()
home-manager/hammerspoon/window-tiling.lua
+155
View File
@@ -0,0 +1,155 @@
windowTiling =function()
local window = hs.window
local grid = hs.grid
local screen = hs.screen
hs.window.animationDuration = 0
hs.window.setShadows(false)
local hyper = { "ctrl", "alt", "cmd" }
local wm = {
sizes = { 1 / 2, 2 / 3, 1 / 3 },
}
function wm:_nextStep(dim, offs, cb)
if window.focusedWindow() then
local axis = dim == "w" and "x" or "y"
local oppDim = dim == "w" and "h" or "w"
local oppAxis = dim == "w" and "y" or "x"
local win = window.frontmostWindow()
local scr = win:screen()
local cell = grid.get(win, scr)
local nextSize = self.sizes[1]
for i = 1, #self.sizes do
if
cell[dim] == self.GRID[dim] * self.sizes[i]
and (cell[axis] + (offs and cell[dim] or 0)) == (offs and self.GRID[dim] or 0)
then
nextSize = self.sizes[(i % #self.sizes) + 1]
break
end
end
cb(cell, nextSize)
if cell[oppAxis] ~= 0 and cell[oppAxis] + cell[oppDim] ~= self.GRID[oppDim] then
cell[oppDim] = self.GRID[oppDim]
cell[oppAxis] = 0
end
grid.set(win, cell, scr)
end
end
function wm:_fullscreen()
if hs.window.focusedWindow() then
local win = window.frontmostWindow()
local scr = win:screen()
local cell = grid.get(win, scr)
cell.x = 0
cell.y = 0
cell.w = self.GRID.w
cell.h = self.GRID.h
grid.set(win, cell, scr)
end
end
function wm:_fullDimension(dim)
if window.focusedWindow() then
local win = window.frontmostWindow()
local scr = win:screen()
local cell = grid.get(win, scr)
if dim == "x" then
cell = "0,0 " .. self.GRID.w .. "x" .. self.GRID.h
else
cell[dim] = self.GRID[dim]
cell[dim == "w" and "x" or "y"] = 0
end
grid.set(win, cell, scr)
end
end
function wm:init()
self._pressed = {
up = false,
down = false,
left = false,
right = false,
}
self.GRID = { w = 24, h = 24 }
grid.setGrid(self.GRID.w .. "x" .. self.GRID.h)
grid.MARGINX = 0
grid.MARGINY = 0
hs.hotkey.bind(hyper, "down", function()
self._pressed.down = true
if self._pressed.up then
self:_fullDimension("h")
else
self:_nextStep("h", true, function(cell, nextSize)
cell.y = self.GRID.h - self.GRID.h * nextSize
cell.h = self.GRID.h * nextSize
end)
end
end, function()
self._pressed.down = false
end)
hs.hotkey.bind(hyper, "right", function()
self._pressed.right = true
if self._pressed.left then
self:_fullDimension("w")
else
self:_nextStep("w", true, function(cell, nextSize)
cell.x = self.GRID.w - self.GRID.w * nextSize
cell.w = self.GRID.w * nextSize
end)
end
end, function()
self._pressed.right = false
end)
hs.hotkey.bind(hyper, "left", function()
self._pressed.left = true
if self._pressed.right then
self:_fullDimension("w")
else
self:_nextStep("w", false, function(cell, nextSize)
cell.x = 0
cell.w = self.GRID.w * nextSize
end)
end
end, function()
self._pressed.left = false
end)
hs.hotkey.bind(hyper, "up", function()
self._pressed.up = true
if self._pressed.down then
self:_fullDimension("h")
else
self:_nextStep("h", false, function(cell, nextSize)
cell.y = 0
cell.h = self.GRID.h * nextSize
end)
end
end, function()
self._pressed.up = false
end)
hs.hotkey.bind(hyper, "m", function()
self:_fullscreen()
end)
end
wm:init()
end
windowTiling()
home-manager/lcech-mac-veracode.nix
+117 -71
View File
@@ -1,4 +1,5 @@
{ {
config,
lib, lib,
pkgs, pkgs,
... ...
@@ -9,14 +10,18 @@ let
zshSourceDirs = [ ]; zshSourceDirs = [ ];
gitUsername = "Lukas Cech";
gitEmail = "lcech@veracode.com";
in in
{ {
imports = [ imports = [
(import ./veracode/aws-cli.nix { (import ./veracode/aws-cli.nix {
inherit homedir lib pkgs; inherit
}) config
(import ./nix-init-scripts.nix { homedir
inherit lib pkgs; lib
pkgs
;
}) })
]; ];
@@ -27,43 +32,75 @@ in
home.stateVersion = "24.11"; home.stateVersion = "24.11";
home.packages = with pkgs; [ home.packages = with pkgs; [
awscli2 claude-code
hammerspoon
k9s
kubectl
nixd
pstree
watch
colima colima
docker docker
hammerspoon
pstree
ssm-session-manager-plugin
watch
wireshark-qt
]; ];
# ghostty marked as broken as of 2025-01-05 in nix, using homebrew and custom config # ghostty marked as broken as of 2025-01-05 in nix, using homebrew and custom config
home.file = { home.file = {
"${homedir}/Library/Application Support/com.mitchellh.ghostty/config" = { "${homedir}/Library/Application Support/com.mitchellh.ghostty/config" = {
text = '' text = ''
theme = "catppuccin-mocha" ${builtins.readFile ./shared/ghostty.config}
font-size = 14 font-size = 14
window-width = 9999
window-height = 9999
''; '';
}; };
"${homedir}/.gnupg/gpg-agent.conf" = {
text = ''
default-cache-ttl 34560000
max-cache-ttl 34560000
pinentry-program ${pkgs.pinentry_mac}/bin/pinentry-mac
'';
};
"${homedir}/.ssh/config" = {
text = ''
Include /Users/lcech/.colima/ssh_config
host git.c3c.cz
Port 5522
host dingleberry
User becky
Hostname 10.196.196.5
IdentityFile ~/.ssh/id_ed25519_access
host gitlab.veracode-staging.us
IdentityFile ~/.ssh/id_rsa_fedramp
'';
};
"${homedir}/.hammerspoon/hmSpoons/C3CWorkspace.spoon" = {
source = ./hammerspoon/C3CWorkspace.spoon;
recursive = true;
};
"${homedir}/.hammerspoon/init.lua" = { "${homedir}/.hammerspoon/init.lua" = {
text = '' text = ''
${builtins.readFile ./hammerspoon/window-tiling.lua}
${builtins.readFile ./hammerspoon/window-move.lua}
package.path = package.path .. ";" .. hs.configdir .. "/hmSpoons/?.spoon/init.lua"
hs.loadSpoon("C3CWorkspace")
spoon.C3CWorkspace:bindHotKeys({
restoreAppsToScreens = {{"ctrl", "alt", "cmd"}, "F12"}
})
''; '';
}; };
}; };
programs.direnv = {
enable = true;
nix-direnv.enable = true;
};
programs.git = { programs.git = {
enable = true; enable = true;
userName = "Lukas Cech";
userEmail = "lcech@veracode.com";
ignores = [ ignores = [
".vscode" ".vscode"
@@ -72,7 +109,15 @@ in
".envrc" ".envrc"
]; ];
extraConfig = { signing = {
signByDefault = true;
key = "5ABD6C5E";
};
settings = {
user.name = gitUsername;
user.email = gitEmail;
core = { core = {
autocrlf = "input"; autocrlf = "input";
editor = "vim"; editor = "vim";
@@ -81,39 +126,31 @@ in
pull.rebase = false; pull.rebase = false;
init.defaultBranch = "main"; init.defaultBranch = "main";
url."ssh://git@gitlab.laputa.veracode.io/".insteadOf = "https://gitlab.laputa.veracode.io/";
}; };
}; };
programs.htop = { # Generate key wth gpg --full-gen-key
enable = true; # Kind of key: 10 ECC sign only, curve 25519
}; # Real name: <username>
# Email address: <email>
programs.jq = { # Add to git: gpg --list-secret-keys --keyid-format SHORT
enable = true; # get the bit after the key kind and put it in the signing.key in git config above
}; # gpg --armor --export <KEY> and add to git account
programs.k9s = { programs.gpg = {
enable = true; enable = true;
settings = { settings = {
k9s = { use-agent = true;
refreshRate = 2;
ui = {
logoless = true;
headless = true;
};
logger = {
tail = 1000;
sinceSeconds = 60 * 30;
fullScreen = true;
showtime = true;
};
};
}; };
mutableKeys = false;
publicKeys = [ ];
}; };
programs.lsd = { programs.lsd = {
enable = true; enable = true;
enableAliases = true;
settings = { settings = {
blocks = [ blocks = [
"permission" "permission"
@@ -130,27 +167,6 @@ in
}; };
}; };
programs.mcfly = {
enable = true;
enableZshIntegration = true;
keyScheme = "vim";
# TODO: Test
fuzzySearchFactor = 2;
settings = {
colors = {
menubar = {
bg = "black";
fg = "red";
};
darkmode = {
prompt = "cyan";
timing = "yellow";
};
};
};
};
programs.pay-respects = { programs.pay-respects = {
enable = true; enable = true;
enableZshIntegration = true; enableZshIntegration = true;
@@ -165,7 +181,36 @@ in
vc = "${homedir}/projects/veracode"; vc = "${homedir}/projects/veracode";
}; };
initExtra = '' shellAliases = {
hammerspoon-config = "open -a ${pkgs.hammerspoon}/Applications/Hammerspoon.app/Contents/MacOS/Hammerspoon";
get-key = "${pkgs.writeShellScript "get-key" ''
set -e
scp dingleberry:/self/hintihint/keys/sum.key ${homedir}/hw.key
read -p "waiting for confirmation to delete the key"
rm ${homedir}/hw.key
''}";
wg-home = "${pkgs.writeShellScript "wg-home" ''
WG=$(sudo wg show)
if [[ "$WG" != "" ]]; then
if [[ $(echo "$WG" | grep endpoint | cut -c13-26) == "10.125.248.248" ]]; then
sudo wg-quick down /etc/wireguard/home.conf
else
sudo wg-quick down /etc/wireguard/home-remote.conf
fi
fi
if [[ "$(ipconfig getifaddr en0)" =~ "10.125.24" ]]; then
sudo wg-quick up /etc/wireguard/home.conf
else
sudo wg-quick up /etc/wireguard/home-remote.conf
fi
''}";
ssm = "${pkgs.writeShellScript "ssm" ''
aws --profile $1 --region ''${3:-us-east-1} ssm start-session --target $2
''}";
};
initContent = ''
${builtins.concatStringsSep "\n" ( ${builtins.concatStringsSep "\n" (
builtins.map (dir: '' builtins.map (dir: ''
for file in ${dir}/*.zsh; do for file in ${dir}/*.zsh; do
@@ -178,6 +223,8 @@ in
source <(${pkgs.kubectl}/bin/kubectl completion zsh) source <(${pkgs.kubectl}/bin/kubectl completion zsh)
complete -C '${pkgs.awscli2}/bin/aws_completer' aws complete -C '${pkgs.awscli2}/bin/aws_completer' aws
bindkey '^[[3~' delete-char
''; '';
}; };
@@ -187,14 +234,13 @@ in
TERMINAL = "ghostty"; TERMINAL = "ghostty";
}; };
launchd.agents.keepass-sync = { launchd.agents.keepass-sync-timer = {
enable = true; enable = true;
config = { config = {
Program = /bin/cp; Program = "${pkgs.writeShellScript "keepass-sync-timer" ''
ProgramArguments = [ ${pkgs.coreutils}/bin/cp "${homedir}/storage/.macshare/.secret/arnie.kdbx" "${homedir}/.secret/arnie.kdbx"
"${homedir}/storage/.macshare/.secret/arnie.kdbx" ''}";
"${homedir}/arnie.kdbx" ProgramArguments = [ ];
];
StartInterval = 60 * 10; StartInterval = 60 * 10;
StandardErrorPath = "/var/log/keepass-sync.error.log"; StandardErrorPath = "/var/log/keepass-sync.error.log";
StandardOutPath = "/var/log/keepass-sync.out.log"; StandardOutPath = "/var/log/keepass-sync.out.log";
home-manager/nix-init-scripts.nix
+67 -33
View File
@@ -1,6 +1,54 @@
{ lib, pkgs, ... }: { lib, pkgs, ... }:
let let
git-nix-clone = '' flake-dir =
{
flake,
impure ? false,
}:
pkgs.writeShellScript "nix-prepare" ''
run() {
local dir="$1"
echo "Preparing nix environment in $dir"
if [ "$dir" = "" ]; then
echo "Usage: nix-prepare <dir>"
exit 1
fi
mkdir -p $dir
cd $dir
git init
# Insert the nix flake
cp ${flake} flake.nix
chmod 644 flake.nix
echo '/*' > .gitignore
echo '!/.gitignore' >> .gitignore
echo '!/flake.nix' >> .gitignore
echo '!/flake.lock' >> .gitignore
echo 'use flake .${(if impure then " --impure" else "")}' > .envrc
git add flake.nix .gitignore
git commit -m "Setup initial flake"
direnv allow
eval "$(direnv export bash)"
git add flake.lock
git commit -m "Lock flakes"
}
run "$@"
'';
git-flake-dir-clone =
{
flake,
impure ? false,
}:
pkgs.writeShellScript "git-nix-clone" ''
# Input is a git repository such as git@github.com:group/project-name.git # Input is a git repository such as git@github.com:group/project-name.git
run() { run() {
local repo="$1" local repo="$1"
@@ -11,38 +59,9 @@ let
exit 1 exit 1
fi fi
echo "Clone $repo into ''${projectName}-nix/''${projectName}?" ${flake-dir { inherit flake impure; }} "$projectName"-nix
read -p "continue?" answer
if [ "$answer" != "" ]; then git clone "$repo" "$projectName"-nix"/$projectName"
echo "Aborting"
exit 1
fi
mkdir -p "$projectName"-nix
cd "$projectName"-nix
git init
# Insert the nix flake
cp ${./flake-templates/c3c-flake.nix} flake.nix
chmod 644 flake.nix
echo '/*' > .gitignore
echo '!/flake.nix' >> .gitignore
echo '!/flake.lock' >> .gitignore
echo 'use flake . --impure' > .envrc
git add flake.nix .gitignore
git commit -m "Setup initial flake"
direnv allow
eval "$(direnv export bash)"
git add flake.lock
git commit -m "Lock flakes"
git clone "$repo"
} }
run "$@" run "$@"
@@ -50,7 +69,22 @@ let
in in
{ {
programs.zsh.shellAliases = { programs.zsh.shellAliases = {
git-nix-clone = lib.mkDefault "${pkgs.writeShellScript "git-nix-clone" git-nix-clone}"; git-c3c-clone = lib.mkDefault "${git-flake-dir-clone {
flake = ./flake-templates/c3c-flake.nix;
impure = true;
}}";
flake-dir-c3c = lib.mkDefault "${flake-dir {
flake = ./flake-templates/c3c-flake.nix;
impure = true;
}}";
flake-dir-yp = lib.mkDefault "${flake-dir {
flake = ./flake-templates/yp-flake.nix;
impure = false;
}}";
flake-dir-investbay = lib.mkDefault "${flake-dir {
flake = ./flake-templates/investbay-flake.nix;
impure = false;
}}";
}; };
} }
home-manager/programs/zsh.nix
+174
View File
@@ -0,0 +1,174 @@
{
lib,
pkgs,
...
}:
let
isDarwin = pkgs.stdenv.hostPlatform.isDarwin;
isLinux = pkgs.stdenv.hostPlatform.isLinux;
in
{
programs.zsh = {
enable = true;
autocd = lib.mkDefault true;
history = {
expireDuplicatesFirst = true;
ignoreDups = true;
save = 10000;
share = false;
size = 10000;
};
shellAliases = {
# use eval $(aws-export-credentials) to expose them to environment
aws-export-credentials = lib.mkDefault "${pkgs.awscli2}/bin/aws configure export-credentials --format env --profile";
aws-export-assume-role = lib.mkDefault "${pkgs.writeShellScript "aws-export-assume-role" ''
[[ -z "$1" || -z "$2" ]] && echo "Usage: aws-export-assume-role <profile> <role-arn>" && exit 1
${pkgs.coreutils}/bin/printf 'export AWS_ACCESS_KEY_ID=%s\nexport AWS_SECRET_ACCESS_KEY=%s\nexport AWS_SESSION_TOKEN=%s' $(${pkgs.awscli2}/bin/aws --profile "$1" sts assume-role --role-arn "$2" --role-session-name lcech --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" --output text)
''}";
# https://docs.aws.amazon.com/singlesignon/latest/userguide/createshortcutlink.html
aws-sharable-url = lib.mkDefault "${pkgs.writeShellScript "aws-sharable-url" ''
set -e
URL=$1
[[ -z "$URL" ]] && read -p "Enter URL: " URL
# Strip schema
URL="''${URL#https://}"
# Parse Account ID from multi-session URL
ACCOUNT_ID="''${URL%%-*}"
# Strip account ID and hash up to the region part
URL="''${URL#*\.}"
PROFILE=$(${pkgs.gnugrep}/bin/grep "sso_account_id = $ACCOUNT_ID" ~/.aws/config -B 5 | ${pkgs.gnugrep}/bin/grep "\[profile" | ${pkgs.coreutils}/bin/tail -n 1 | ${pkgs.coreutils}/bin/tr -d '[]')
PROFILE="''${PROFILE#profile }"
ROLE_NAME=$(${pkgs.awscli2}/bin/aws configure get profile.$PROFILE.sso_role_name)
SSO_SESSION=$(${pkgs.awscli2}/bin/aws configure get profile.$PROFILE.sso_session)
SSO_URL=$(${pkgs.gnugrep}/bin/grep "\[sso-session $SSO_SESSION" ~/.aws/config -A5 | ${pkgs.gnugrep}/bin/grep sso_start_url | ${pkgs.coreutils}/bin/head -n 1)
SSO_URL="''${SSO_URL#sso_start_url = }"
# Strip trailing slash from SSO_URL if present
SSO_URL="''${SSO_URL%/}"
SHARABLE_URL="$SSO_URL/#/console?account_id=$ACCOUNT_ID&role_name=$ROLE_NAME&destination=$(${pkgs.urlencode}/bin/urlencode "https://$URL")"
${
if isDarwin then
''
echo -n "$SHARABLE_URL" | pbcopy
''
else
''
echo -n "$SHARABLE_URL" | ${pkgs.xclip}/bin/xclip -selection clipboard
''
}
echo "URL copied to clipboard"
''}";
aws-s3-cp-public = lib.mkDefault ''
${pkgs.awscli2}/bin/aws s3 cp --acl "public-read" --expires "$(${pkgs.coreutils}/bin/date '+%a, %d %b %Y 00:00:00 GMT' -d "$(${pkgs.coreutils}/bin/date +%Y-%m-%d) + 365 day")" --cache-control "max-age=31536000" --metadata-directive REPLACE
'';
bcrypt = lib.mkDefault "${pkgs.writeShellScript "bcrypt" ''
if [[ -z "$1" ]]; then
echo "Usage: bcrypt <password> [cost]"
exit 1
fi
echo -n "$1" | ${pkgs.apacheHttpd}/bin/htpasswd -i -nB -C ''${2:-12} "" | tr -d ':'
''}";
cat = lib.mkDefault "${pkgs.bat}/bin/bat --paging=never";
# use curl-aws --aws-sigv4 "aws:amz:region:service"
curl-aws = lib.mkDefault "${pkgs.curl}/bin/curl -H \"X-Amz-Security-Token: $AWS_SESSION_TOKEN\" --user \"$AWS_ACCESS_KEY_ID:$AWS_SECRET_ACCESS_KEY\"";
curl-timing = lib.mkDefault "${pkgs.curl}/bin/curl -w \" time_namelookup: %{time_namelookup}s\n time_connect: %{time_connect}s\n time_appconnect: %{time_appconnect}s\n time_pretransfer: %{time_pretransfer}s\n time_redirect: %{time_redirect}s\n time_starttransfer: %{time_starttransfer}s\n ----------\n time_total: %{time_total}s\n\" -o /dev/null";
dbase64 = lib.mkDefault "${pkgs.writeShellScript "dbase64" "echo -n \"$1\" | base64 -d"}";
git-sync-remote = lib.mkDefault "git remote update origin --prune";
cleanup-kube-config = "${
pkgs.writeShellApplication {
name = "app";
text = ./zsh/aliases/cleanup-kube-config.sh;
runtimeInputs = [
pkgs.gnugrep
pkgs.coreutils
];
}
}/bin/app";
klogs = lib.mkDefault "${pkgs.writeShellScript "klogs" ''
ctx="$1"
shift
namespace="$1"
shift
label="$1"
shift
if [[ "$ctx" == "" || "$namespace" == "" || "$label" == "" ]]; then
echo "Usage: klogs context namespace label"
echo "${"\n"}Contexts:"
kubectl config get-contexts -o name | sed 's/^/\t/g'
echo "Label examples:"
echo "${"\t"}app.kubernetes.io/name=..."
echo "${"\t"}eks.amazonaws.com/component=..."
exit 1
fi
kubectl --context "$ctx" logs -f -n "$namespace" -l "$label" $@
''}";
nixfix = lib.mkDefault "nix fmt ./**/*.nix";
# Git
a = "git add";
c = "git commit -m";
d = "git diff";
d-s = "git diff --staged";
gtag = "${pkgs.writeShellScript "gtag" "git tag -a $1 -m '$2'"}";
gtag-replace = "${pkgs.writeShellScript "gtag" ''
msg=$(git tag -l -n9 $1 | sed "s/$1\s\+//g")
git tag -d $1 && \
git push origin :refs/tags/$1 && \
git tag -a $1 -m "$msg" && \
git push origin $1
''}";
gtagl = "git fetch --tags && git tag -l -n9 --sort=-v:refname";
s = "git status";
}
// (
if isDarwin then
{
hm-switch = lib.mkDefault "sudo darwin-rebuild switch --flake ~/.config/nix";
}
else if isLinux then
{
hm-switch = lib.mkDefault "home-manager switch --impure --flake ~/.config/nix";
}
else
{ }
);
initContent = lib.mkBefore ''
for file in ${./zsh}/*.zsh; do
source "$file"
done
# [Ctrl-RightArrow] - move forward one word
bindkey '^[[1;3C' forward-word
# [Ctrl-LeftArrow] - move backward one word
bindkey '^[[1;3D' backward-word
'';
};
}
home-manager/zsh/common/00-colors.zsh → home-manager/programs/zsh/00-colors.zsh
View File
home-manager/zsh/common/00-locale.zsh → home-manager/programs/zsh/00-locale.zsh
View File
home-manager/zsh/common/01-setopt.zsh → home-manager/programs/zsh/01-setopt.zsh
View File
home-manager/zsh/common/03-completion.zsh → home-manager/programs/zsh/03-completion.zsh
View File
home-manager/zsh/common/03-manydots.zsh → home-manager/programs/zsh/03-manydots.zsh
View File
home-manager/zsh/common/04-bindkeys.zsh → home-manager/programs/zsh/04-bindkeys.zsh
View File
home-manager/zsh/common/05-functions.zsh → home-manager/programs/zsh/05-functions.zsh
View File
home-manager/zsh/common/07-zsh_hooks.zsh → home-manager/programs/zsh/07-zsh_hooks.zsh
View File
home-manager/programs/zsh/09-zsh_aliases.zsh
Executable
+7
View File
@@ -0,0 +1,7 @@
alias less='less -R'
function appConnections()
{
ss -tpla | grep -v Recv-Q | awk '{print $5 $6}' | sed -e 's#\(.*\)users:((\"\(\w\+\)\".*#\2 - \1#' | sort | uniq
}
alias conns=appConnections
home-manager/zsh/common/10-adminer.zsh → home-manager/programs/zsh/10-adminer.zsh
View File
home-manager/programs/zsh/aliases/cleanup-kube-config.sh
Executable
+53
View File
@@ -0,0 +1,53 @@
set -e
declare -A account_clusters
declare -A account_profiles
for ctx in $(kubectl config get-contexts -o name); do
if [[ "${ctx:0:7}" != "arn:aws" ]]; then
continue
fi
account_id="${ctx#*:*:*:*:}"
account_id="${account_id%%:*}"
cluster_name="${ctx#*cluster/}"
if [[ "${account_id}" == "" ]] || [[ "${cluster_name}" == "" ]]; then
continue
fi
if [[ ! -v account_profiles[$account_id] ]]; then
aws_profile=$(grep "sso_account_id = $account_id" ~/.aws/config -B 5 | grep "\[profile" | tail -n 1 | tr -d '[]')
aws_profile="${aws_profile#profile }"
if [[ "${aws_profile}" == "" ]]; then
continue
fi
account_profiles[$account_id]=$aws_profile
account_clusters[$account_id]=""
fi
account_clusters[$account_id]+="$cluster_name "
done
for acc in ${!account_profiles[@]}; do
profile=${account_profiles[$acc]}
declare -A current_clusters
for remote_cluster in $(aws --profile $profile eks list-clusters --query "clusters" --output text); do
current_clusters[$remote_cluster]=""
done
for cluster in ${account_clusters[$acc]}; do
if [[ -v current_clusters[$cluster] ]]; then
# check if credentials are current
echo "$cluster cluster exists"
else
kubectl config delete-context "$(kubectl config get-contexts -o name | grep "$acc:cluster/$cluster" | head -n 1)"
fi
done
unset -v current_clusters
done
home-manager/shared/ghostty.config
+34
View File
@@ -0,0 +1,34 @@
theme = "Catppuccin Mocha"
window-width = 9999
window-height = 9999
# unbind resize split
keybind = super+ctrl+down=unbind
keybind = super+ctrl+left=unbind
keybind = super+ctrl+up=unbind
keybind = super+ctrl+right=unbind
# unbind clear_window
keybind = super+k=unbind
# unbind goto split
keybind = super+alt+right=unbind
keybind = super+alt+down=unbind
keybind = super+alt+left=unbind
keybind = super+alt+up=unbind
keybind = super+alt+k=new_split:down
keybind = super+alt+l=new_split:right
keybind = super+j=goto_split:up
keybind = super+k=goto_split:down
keybind = super+h=goto_split:left
keybind = super+l=goto_split:right
keybind = super+shift+j=resize_split:up,10
keybind = super+shift+k=resize_split:down,10
keybind = super+shift+h=resize_split:left,10
keybind = super+shift+l=resize_split:right,10
# https://ghostty.org/docs/config/reference#scrollback-limit
scrollback-limit = 100000000
home-manager/veracode/.okta_aws_login_config
+16
View File
@@ -0,0 +1,16 @@
[govus-stage]
okta_org_url = https://govus-staging-veracode.okta.com
gimme_creds_server = appurl
aws_rolename = arn:aws-us-gov:iam::403885414333:role/Corp-Engineer
write_aws_creds = True
cred_profile = 403885414333-Corp-Engineer
okta_username = lcech@veracode.com
app_url = https://govus-staging-veracode.okta.com/home/amazon_aws/0oame0n0rGjDo9BvZ4h6/272
resolve_aws_alias = False
include_path = True
preferred_mfa_type = push
remember_device = True
aws_default_duration = 3600
output_format = export
force_classic = True
enable_keychain = True
home-manager/veracode/aws-cli.nix
+329 -7
View File
@@ -1,4 +1,5 @@
{ {
config,
homedir, homedir,
lib, lib,
pkgs, pkgs,
@@ -25,7 +26,7 @@ let
}; };
"359955634867" = { "359955634867" = {
name = "veracode-eu-master"; name = "veracode-eu-master";
role = "ReadOnly"; role = "EngineerAdmin-Veracode-EU-All";
}; };
"675053010029" = { "675053010029" = {
name = "veracode-eu-networking"; name = "veracode-eu-networking";
@@ -179,7 +180,7 @@ let
}; };
"011479462201" = { "011479462201" = {
name = "veracode-lz-master"; name = "veracode-lz-master";
role = "ReadOnly"; role = "EngineerAdmin";
}; };
"900979254221" = { "900979254221" = {
name = "veracode-lz-static-non-prod"; name = "veracode-lz-static-non-prod";
@@ -222,6 +223,191 @@ let
role = "EngineerAdmin"; role = "EngineerAdmin";
}; };
}; };
old-world = {
"747166839737" = {
name = "Alternator Prod";
role = "EngineerAdmin";
};
"849762296401" = {
name = "aws-cloudloop";
role = "EngineerAdmin";
};
"555828001259" = {
name = "aws-devops";
role = "EngineerAdmin";
};
"095180515219" = {
name = "aws-disco-dev";
role = "EngineerAdmin";
};
"602400992919" = {
name = "aws-disco-prod";
role = "EngineerAdmin";
};
"671440995558" = {
name = "aws-mpt";
role = "EngineerAdmin";
};
"390809507444" = {
name = "aws-research";
role = "EngineerAdmin";
};
"547681985753" = {
name = "aws-static-dev";
role = "EngineerAdmin";
};
"576836758243" = {
name = "aws-static-prod";
role = "EngineerAdmin";
};
"272739225222" = {
name = "Greenlight Dev";
role = "EngineerAdmin";
};
"187309115203" = {
name = "Greenlight Prod";
role = "EngineerAdmin";
};
"312566581319" = {
name = "mvsa-prod";
role = "EngineerAdmin";
};
"528304698271" = {
name = "ops1";
role = "EngineerAdmin";
};
"178484873978" = {
name = "ops2";
role = "EngineerAdmin";
};
"036935693235" = {
name = "platform-integrations-dev";
role = "EngineerAdmin";
};
"101042440253" = {
name = "platform-integrations-prod";
role = "EngineerAdmin";
};
"769404944768" = {
name = "Veracode GovCloud Parent Staging";
role = "EngineerAdmin";
};
"932961976631" = {
name = "Veracode Laputa";
role = "EngineerAdmin";
};
"706178003760" = {
name = "Veracode Master";
role = "EngineerAdmin";
};
"227458413628" = {
name = "veracode-asc-ilt";
role = "EngineerAdmin";
};
"637659597440" = {
name = "veracode-dataservices-dev";
role = "EngineerAdmin";
};
"360252896736" = {
name = "veracode-dataservices-production";
role = "EngineerAdmin";
};
"634743813634" = {
name = "veracode-elearning-nonprod";
role = "EngineerAdmin";
};
"231131777030" = {
name = "veracode-gov-parent-nonproduction";
role = "EngineerAdmin";
};
"391700338873" = {
name = "veracode-gov-parent-production";
role = "EngineerAdmin";
};
"083679226615" = {
name = "veracode-hackathon";
role = "EngineerAdmin";
};
"228885042232" = {
name = "veracode-info-sec";
role = "EngineerAdmin";
};
"653330403905" = {
name = "veracode-mpt-mffc";
role = "EngineerAdmin";
};
"566201213358" = {
name = "veracode-nonproduction";
role = "EngineerAdmin";
};
"518031149952" = {
name = "veracode-production";
role = "EngineerAdmin";
};
"966752150300" = {
name = "veracode-qaoncloud-nonproduction";
role = "EngineerAdmin";
};
"221433242586" = {
name = "veracode-solutions-architect";
role = "EngineerAdmin";
};
"576647558819" = {
name = "VeraRadio";
role = "EngineerAdmin";
};
};
longbow = {
"520315734741" = {
name = "Audit";
role = "AWS-Engineer-Admin";
};
"853528449373" = {
name = "demo";
role = "AWS-Engineer-Admin";
};
"058887878640" = {
name = "Dev";
role = "AWS-Engineer-Admin";
};
"539590419140" = {
name = "Hans Gruber";
role = "AWS-Engineer-Admin";
};
"048352314288" = {
name = "Log archive";
role = "AWS-Engineer-Admin";
};
"066179854877" = {
name = "Production";
role = "AWS-Engineer-Admin";
};
"388353868666" = {
name = "SaaS Seller Account";
role = "AWS-Engineer-Admin";
};
"057168112839" = {
name = "Sandbox";
role = "AWS-Engineer-Admin";
};
"704459292453" = {
name = "Shared Services";
role = "AWS-Engineer-Admin";
};
"108911762463" = {
name = "Staging";
role = "AWS-Engineer-Admin";
};
"252894127310" = {
name = "TalonX";
role = "AWS-Engineer-Admin";
};
"932480454180" = {
name = "Test Customer";
role = "AWS-Engineer-Admin";
};
};
}; };
in in
{ {
@@ -240,9 +426,38 @@ in
sso_region = eu-central-1 sso_region = eu-central-1
sso_registration_scopes = sso:account:access sso_registration_scopes = sso:account:access
[sso-session veracode-old-world]
sso_start_url = https://d-90679ac9ea.awsapps.com/start
sso_region = us-east-1
sso_registration_scopes = sso:account:access
[sso-session veracode-longbow]
sso_start_url = https://d-90677f445e.awsapps.com/start
sso_region = us-east-1
sso_registration_scopes = sso:account:access
[sso-session veracode-gov-stag]
sso_start_url = https://???.awsapps.com/start
sso_region = us-east-1
sso_registration_scopes = sso:account:access
[profile veracode-gov-staging-gov]
sso_account_id = 403885414333
sso_session = veracode-gov-stag
sso_role_name = Corp-Engineer
region = us-east-1
output = json
${builtins.concatStringsSep "\n" ( ${builtins.concatStringsSep "\n" (
lib.mapAttrsToList (id: account: '' lib.mapAttrsToList (id: account: ''
[profile us-${account.name}] [profile ${builtins.replaceStrings [ " " ] [ "" ] account.name}]
sso_account_id = ${id}
sso_role_name = ${account.role}
sso_session = veracode-us
region = us-east-1
output = json
[profile us-${builtins.replaceStrings [ " " ] [ "" ] account.name}]
sso_account_id = ${id} sso_account_id = ${id}
sso_role_name = ${account.role} sso_role_name = ${account.role}
sso_session = veracode-us sso_session = veracode-us
@@ -253,7 +468,21 @@ in
${builtins.concatStringsSep "\n" ( ${builtins.concatStringsSep "\n" (
lib.mapAttrsToList (id: account: '' lib.mapAttrsToList (id: account: ''
[profile eu-${account.name}] ${
if lib.any (usAccount: usAccount.name == account.name) (lib.attrValues accounts.us) then
""
else
''
[profile ${builtins.replaceStrings [ " " ] [ "" ] account.name}]
sso_account_id = ${id}
sso_role_name = ${account.role}
sso_session = veracode-eu
region = eu-central-1
output = json
''
}
[profile eu-${builtins.replaceStrings [ " " ] [ "" ] account.name}]
sso_account_id = ${id} sso_account_id = ${id}
sso_role_name = ${account.role} sso_role_name = ${account.role}
sso_session = veracode-eu sso_session = veracode-eu
@@ -261,29 +490,122 @@ in
output = json output = json
'') accounts.eu '') accounts.eu
)} )}
${builtins.concatStringsSep "\n" (
lib.mapAttrsToList (id: account: ''
${
if
lib.any (otherAccount: otherAccount.name == account.name) (
lib.attrValues (accounts.us // accounts.eu)
)
then
""
else
''
[profile ${builtins.replaceStrings [ " " ] [ "" ] account.name}]
sso_account_id = ${id}
sso_role_name = ${account.role}
sso_session = veracode-old-world
region = eu-central-1
output = json
''
}
[profile old-world-${builtins.replaceStrings [ " " ] [ "" ] account.name}]
sso_account_id = ${id}
sso_role_name = ${account.role}
sso_session = veracode-old-world
region = eu-central-1
output = json
'') accounts.old-world
)}
${builtins.concatStringsSep "\n" (
lib.mapAttrsToList (id: account: ''
${
if
lib.any (otherAccount: otherAccount.name == account.name) (
lib.attrValues (accounts.us // accounts.eu // accounts.old-world)
)
then
""
else
''
[profile ${builtins.replaceStrings [ " " ] [ "" ] account.name}]
sso_account_id = ${id}
sso_role_name = ${account.role}
sso_session = veracode-longbow
region = eu-central-1
output = json
''
}
[profile longbow-${builtins.replaceStrings [ " " ] [ "" ] account.name}]
sso_account_id = ${id}
sso_role_name = ${account.role}
sso_session = veracode-longbow
region = eu-central-1
output = json
'') accounts.longbow
)}
''; '';
}; };
home.file."${homedir}/.okta_aws_login_config" = {
source = config.lib.file.mkOutOfStoreSymlink "${homedir}/.config/nix/home-manager/veracode/.okta_aws_login_config";
};
home.packages = [
pkgs.gimme-aws-creds
];
programs.zsh.shellAliases = { programs.zsh.shellAliases = {
veracode-find = ''${pkgs.writeShellScript "veracode-find" '' veracode-find = ''${pkgs.writeShellScript "veracode-find" ''
for profile in $(aws configure list-profiles | grep -E '^(us|eu)-'); do for profile in $(aws configure list-profiles | grep -E '^(us|eu|old-world|longbow)-'); do
echo "=== $profile ===" echo "=== $profile ==="
aws --profile $profile "$@"; aws --profile $profile "$@";
done done
''}''; ''}'';
veracode-find-eu = ''${pkgs.writeShellScript "veracode-find" '' veracode-find-eu = ''${pkgs.writeShellScript "veracode-find-eu" ''
for profile in $(aws configure list-profiles | grep -E '^(eu)-'); do for profile in $(aws configure list-profiles | grep -E '^(eu)-'); do
echo "=== $profile ===" echo "=== $profile ==="
aws --profile $profile "$@"; aws --profile $profile "$@";
done done
''}''; ''}'';
veracode-find-us = ''${pkgs.writeShellScript "veracode-find" '' veracode-find-us = ''${pkgs.writeShellScript "veracode-find-us" ''
for profile in $(aws configure list-profiles | grep -E '^(us)-'); do for profile in $(aws configure list-profiles | grep -E '^(us)-'); do
echo "=== $profile ===" echo "=== $profile ==="
aws --profile $profile "$@"; aws --profile $profile "$@";
done done
''}''; ''}'';
veracode-find-old-world = ''${pkgs.writeShellScript "veracode-find-old-world" ''
for profile in $(aws configure list-profiles | grep -E '^(old-world)-'); do
echo "=== $profile ==="
aws --profile $profile "$@";
done
''}'';
veracode-find-longbow = ''${pkgs.writeShellScript "veracode-find-longbow" ''
for profile in $(aws configure list-profiles | grep -E '^(longbow)-'); do
echo "=== $profile ==="
aws --profile $profile "$@";
done
''}'';
veracode-login = ''${pkgs.writeShellScript "veracode-login" ''
for region in us eu; do
aws sso login --profile $region-shared-services &
done
aws sso login --profile old-world-aws-devops &
aws sso login --profile longbow-SharedServices &
''}'';
veracode-login-govus-stage = ''${pkgs.writeShellScript "export-aws-govus-stage" ''
gimme-aws-creds --profile govus-stage
${pkgs.gnugrep}/bin/grep "^\[403885414333-Corp-Engineer\]" -A1 ${homedir}/.aws/credentials | ${pkgs.coreutils}/bin/tail -n 1 | ${pkgs.gnugrep}/bin/grep -q "region" || ${pkgs.gnused}/bin/sed -i '/^\[403885414333-Corp-Engineer\]$/a region = us-gov-west-1' ${homedir}/.aws/credentials
''}'';
}; };
} }
home-manager/zsh/common/05-home-manager.zsh
-1
View File
@@ -1 +0,0 @@
alias hm-switch="home-manager switch --flake ~/.config/nix"
home-manager/zsh/common/06-history.zsh
-6
View File
@@ -1,6 +0,0 @@
# HISTORY
HISTSIZE=10000
SAVEHIST=10000
HISTFILE=~/.zsh_history
# bindkey '^R' zaw-history
home-manager/zsh/common/09-zsh_aliases.zsh
-14
View File
@@ -1,14 +0,0 @@
# Allow usage of aliases when using sudo
alias less='less -R'
alias curlTiming="curl -w \" time_namelookup: %{time_namelookup}s\n time_connect: %{time_connect}s\n time_appconnect: %{time_appconnect}s\n time_pretransfer: %{time_pretransfer}s\n time_redirect: %{time_redirect}s\n time_starttransfe
r: %{time_starttransfer}s\n ----------\n time_total: %{time_total}s\n\" -o /dev/null"
dbase64() {
echo -n "${1}" | base64 -d
}
function appConnections()
{
ss -tpla | grep -v Recv-Q | awk '{print $5 $6}' | sed -e 's#\(.*\)users:((\"\(\w\+\)\".*#\2 - \1#' | sort | uniq
}
alias conns=appConnections
home-manager/zsh/common/10-docker_aliases.zsh
-9
View File
@@ -1,9 +0,0 @@
alias dockerVolumeSizes="for vol in \$(docker volume ls -q); do sudo du -hs \$(docker volume inspect --format \"{{.Mountpoint}}\" \$vol); done"
alias dockerstats="docker stats \$(docker ps --format \"{{.Names}}\")"
alias dockerRemove="docker rmi -f \$(docker images | grep none | awk '{print \$3}')"
function bcrypt() {
nix-shell -p apacheHttpd --run "echo -n '${1}' | htpasswd -i -nB -C ${2:-12} '' | tr -d ':'"
}
home-manager/zsh/common/10-git_aliases.zsh
-71
View File
@@ -1,71 +0,0 @@
# Git
alias c="git commit -m"
alias s="git status"
alias gtagl="git fetch --tags && git tag -l -n9 --sort=-v:refname"
alias d="git diff"
alias d-s="git diff --staged"
alias a="git add"
alias n="git checkout -b"
alias m="git merge --no-ff"
alias gitSquash="git rebase --root -i"
gtag() {
git tag -a $1 -m "$2"
}
gtagReplace() {
local msg
msg=$(git tag -l -n9 $1 | sed "s/$1\s\+//g")
git tag -d $1 && \
git push origin :refs/tags/$1 && \
git tag -a $1 -m "${msg}" && \
git push origin $1
}
gtagRemoveMinor() {
if [[ $1 = "" ]]; then
echo "How does the tag begin?"
fi
local remove
local tags=$(git tag -l | grep "^${1}\.")
echo "${tags}"
echo -n "Remove these tags? (y/n) "
read remove
if [[ ${remove} != "y" ]] && [[ ${remove} != "yes" ]]; then
echo "Ok then!"
return 2
fi
while read -r tag; do
git tag -d ${tag}
git push origin :refs/tags/${tag}
done <<< "${tags}"
}
gdiff() {
local awkFormat='{ $2=on $2 off }; 1'
local masterDiff=$(git cherry -v develop master | awk -v on="\033[31;33m" -v off="\033[0m" ${awkFormat})
local develDiff=$(git cherry -v master develop | awk -v on="\033[31;33m" -v off="\033[0m" ${awkFormat})
if [[ "${masterDiff}" != "" ]]; then
echo "\033[1;31;32mOnly in master:\033[0m"
echo
echo "${masterDiff}"
fi
if [[ "${develDiff}" != "" ]]; then
echo "\033[1;31;33mOnly in develop:\033[0m"
echo
echo "${develDiff}"
fi
}
alias gitRemoveMerged="git branch --merged origin/master | grep -v '* master' | xargs git branch -d"
home-manager/zsh/common/10-kubernetes_aliases.zsh
-18
View File
@@ -1,18 +0,0 @@
function klogs() {
local ctx="$1"
local namespace="$2"
local label="$3"
if [[ "$ctx" == "" || "$namespace" == "" || "$label" == "" ]]; then
echo "Usage: klogs context namespace label"
echo "\nContexts:"
kubectl config get-contexts -o name | sed 's/^/\t/g'
echo "Label examples:"
echo "\tapp.kubernetes.io/name=..."
echo "\teks.amazonaws.com/component=..."
return 1
fi
kubectl --context "$context" logs -f -n "$namespace" -l "$label"
}
home-manager/zsh/common/10-templates.zsh
-124
View File
@@ -1,124 +0,0 @@
init-nix-flake() {
local tpl=$1
local name=$2
local flakePath="$(pwd)/flake.nix"
local envrcPath="$(pwd)/.envrc"
[[ -f "${flakePath}" ]] && echo "${flakePath} already present" && return 1
[[ -f "${envrcPath}" ]] && echo "${envrcPath} already present" && return 1
if [[ "$tpl" == "yp" ]]; then
cat <<EOF > "${flakePath}"
{
inputs = {
nix.url = "git+ssh://git@bitbucket.org/yourpass/nix";
};
outputs = { self, nix }: {
formatter = nix.formatter;
devShells = nix.lib.forAllSystems (pkgs: {
default = pkgs.devshell.mkShell {
name = "yp-${name}";
packages = with pkgs; [
];
commands = [];
};
});
};
}
EOF
echo "use flake" > "${envrcPath}"
direnv allow
elif [[ "$tpl" == "investbay" ]]; then
cat <<EOF > "${flakePath}"
{
inputs = {
nix.url = "git+ssh://git@git.investbay.dev/morosystems/investbay/devops/nix?branch=main";
};
outputs = { self, nix }: {
formatter = nix.formatter;
devShells = nix.lib.forAllSystems (pkgs: {
default = pkgs.devshell.mkShell {
name = "investbay-${name}";
packages = with pkgs; [
];
commands = [];
};
});
};
}
EOF
echo "use flake" > "${envrcPath}"
direnv allow
elif [[ "$tpl" == "c3c" ]]; then
cat <<EOF > "${flakePath}"
{
inputs = {
nix.url = "git+ssh://git@git.c3c.cz/C3C/nix";
};
outputs = { self, nix }: {
formatter = nix.formatter;
devShells = nix.lib.forAllSystems (pkgs: {
default = nix.lib.mkDevenvShell {
inherit pkgs;
inputs = {
self = self;
nixpkgs = pkgs;
};
modules = [
{
packages = with pkgs; [
];
scripts = {
menu = {
description = "Print this menu";
exec = ''
echo "Commands:"
echo -n '\${
builtins.toJSON (
builtins.mapAttrs (s: value: value.description) self.devShells.\${pkgs.system}.default.config.scripts
)
}' | \
\${pkgs.jq}/bin/jq -r 'to_entries | map(" \(.key)\n" + " - \(if .value == "" then "no description provided" else .value end)") | "" + .[]'
'';
};
fix = {
exec = ''
\${nix.lib.cd_root}
nix fmt ./*.nix
\${pkgs.golangci-lint}/bin/golangci-lint run --sort-results --out-format tab --config \${nix.lib.golangci-config-file} --fix --issues-exit-code 0 ./...
stylua ./src
'';
};
};
}
];
};
});
};
}
EOF
echo "use flake . --impure" > "${envrcPath}"
direnv allow
else
echo "Wrong template as first arg: [yp/investbay/c3c]"
return 1
fi
}
home-manager/zsh/common/10-zsh_aliases_connections.zsh
-5
View File
@@ -1,5 +0,0 @@
alias awsKubeconfig="aws eks --region eu-central-1 update-kubeconfig --name "
alias loginToSkodaECR="aws --profile skoda-prod --region eu-central-1 ecr get-login-password | sudo docker login 943160431142.dkr.ecr.eu-central-1.amazonaws.com -u AWS --password-stdin"
alias loginToSkodaScholarisECR="aws --profile skoda-sch-dev --region eu-central-1 ecr get-login-password | sudo docker login 442913623981.dkr.ecr.eu-central-1.amazonaws.com -u AWS --password-stdin"
alias loginToYpECR="aws-vault exec yp aws --region eu-central-1 ecr get-login-password | sudo docker login 060714730522.dkr.ecr.eu-central-1.amazonaws.com -u AWS --password-stdin"
alias loginToInvestBayECR="aws-vault exec InvestBay-AccountManagement aws --region eu-central-1 ecr get-login-password | sudo docker login 297503416491.dkr.ecr.eu-central-1.amazonaws.com -u AWS --password-stdin"
home-manager/zsh/common/11-aws.zsh
-9
View File
@@ -1,9 +0,0 @@
export AWS_VAULT_BACKEND=secret-service
export AWS_VAULT_SECRET_SERVICE_COLLECTION_NAME=default
alias argoyp='argo --context yp:060714730522:eu-west-1/yp-dev -n argo'
function awsS3cpWithPublic {
local expires=$(date '+%a, %d %b %Y 00:00:00 GMT' -d "$(date +%Y-%m-%d) + 365 day")
aws s3 cp --acl "public-read" --expires "${expires}" --cache-control "max-age=31536000" --metadata-directive REPLACE $@
}