Mac things

Add claude code to mac
Formatting and hammerspoon
2026-01-13 13:26:57 +01:00 · 2026-01-02 23:28:02 +01:00 · 2025-12-29 12:23:03 +01:00 · 2025-12-29 12:21:57 +01:00 · 2025-12-29 10:16:31 +01:00 · 2025-12-14 21:57:38 +01:00
28 changed files with 732 additions and 207 deletions
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKxA6m6fD1jch/HwkWBaaYyr0HPttzM0i1D+V2MtMmFK becky@dingleberry
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKFOQaA7023StG5vSl0txUbAXmPdsIFeWHLDHXlT5yZp lcech@lcech-mac-veracode
@@ -52,6 +52,7 @@ in
    git
    coreutils
    vim
+    flameshot
    wireguard-tools
  ];

@@ -94,12 +95,6 @@ in
  # $ darwin-rebuild changelog
  system.stateVersion = 5;

-  system.activationScripts.postUserActivation.text = ''
-    # activateSettings -u will reload the settings from the database and apply them to the current session,
-    # so we do not need to logout and login again to make the changes take effect.
-    /System/Library/PrivateFrameworks/SystemAdministration.framework/Resources/activateSettings -u
-  '';
-
  system.defaults = {
    dock = {
      autohide = true;
@@ -183,6 +178,13 @@ in

  nix.settings = {
    experimental-features = lib.mkDefault "nix-command flakes";
+    trusted-substituters = [
+      "https://nixpkgs-terraform.cachix.org"
+    ];
+
+    trusted-public-keys = [
+      "nixpkgs-terraform.cachix.org-1:8Sit092rIdAVENA3ZVeH9hzSiqI/jng6JiCrQ1Dmusw="
+    ];
  };

  homebrew = {
@@ -5,13 +5,23 @@
  # brew install --cask
  # these need to be updated manually
  homebrew.casks = [
-    "flameshot"
+    "drawio"
    "ghostty"
    "keepassxc"
    "spotify"
-    "drawio"
+    "wireshark-chmodbpf"
+    "visual-studio-code"
  ];

+  system.primaryUser = "lcech";
+
+  system.activationScripts.postActivation.text = ''
+    # activateSettings -u will reload the settings from the database and apply them to the current session,
+    # so we do not need to logout and login again to make the changes take effect.
+    defaults write -g 'com.apple.mouse.linear' 1
+    sudo -u lcech /System/Library/PrivateFrameworks/SystemAdministration.framework/Resources/activateSettings -u
+  '';
+
  system.defaults.dock.persistent-apps = [
    "/Applications/Cursor.app"
    "/Applications/Firefox.app"
@@ -23,4 +33,8 @@
    "/Applications/zoom.us.app"
    "/System/Applications/Notes.app"
  ];
+
+  users.users.lcech.openssh.authorizedKeys.keys = [
+    "${builtins.readFile ../.authorized-keys/dingleberry}"
+  ];
 }
@@ -1,12 +1,18 @@
 {
  "nodes": {
    "cl-nix-lite": {
+      "inputs": {
+        "flake-parts": "flake-parts",
+        "nixpkgs": "nixpkgs",
+        "systems": "systems",
+        "treefmt-nix": "treefmt-nix"
+      },
      "locked": {
-        "lastModified": 1728174978,
-        "narHash": "sha256-Grqqg+xuicANB85j0gNEXxi9SBKY7bzGeTuyi95eGcY=",
+        "lastModified": 1766810506,
+        "narHash": "sha256-I4BxozsEu205tA7jazufztI8ZQ5p7hcCnjqrSKPz9nI=",
        "owner": "hraban",
        "repo": "cl-nix-lite",
-        "rev": "31cfe6275c341eb3120a99f4b1c8516c49a29d87",
+        "rev": "038e341cede255a83a8f04af114dc95717461d32",
        "type": "github"
      },
      "original": {
@@ -32,6 +38,24 @@
        "type": "github"
      }
    },
+    "flake-parts": {
+      "inputs": {
+        "nixpkgs-lib": "nixpkgs-lib"
+      },
+      "locked": {
+        "lastModified": 1765835352,
+        "narHash": "sha256-XswHlK/Qtjasvhd1nOa1e8MgZ8GS//jBoTqWtrS1Giw=",
+        "owner": "hercules-ci",
+        "repo": "flake-parts",
+        "rev": "a34fae9c08a15ad73f295041fec82323541400a9",
+        "type": "github"
+      },
+      "original": {
+        "owner": "hercules-ci",
+        "repo": "flake-parts",
+        "type": "github"
+      }
+    },
    "flake-utils": {
      "inputs": {
        "systems": [
@@ -53,12 +77,15 @@
      }
    },
    "flake-utils_2": {
+      "inputs": {
+        "systems": "systems_3"
+      },
      "locked": {
-        "lastModified": 1659877975,
-        "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=",
+        "lastModified": 1731533236,
+        "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
        "owner": "numtide",
        "repo": "flake-utils",
-        "rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0",
+        "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
        "type": "github"
      },
      "original": {
@@ -74,11 +101,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1745987135,
-        "narHash": "sha256-8Up4QPuMZEJBU0eefAY+nUe7DYKQQzvaHnMpNdwRgKA=",
+        "lastModified": 1766980997,
+        "narHash": "sha256-oegDNAvyQwaG3GqSi4U5jpKM7SYHGESGVIuKMRV/lbw=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "d2b3e6c83d457aa0e7f9344c61c3fed32bad0f7e",
+        "rev": "7a7b43c7231a439d248179ba8d561dd6cd81799b",
        "type": "github"
      },
      "original": {
@@ -95,14 +122,15 @@
        "nixpkgs": [
          "nixpkgs"
        ],
-        "systems": "systems"
+        "systems": "systems_2",
+        "treefmt-nix": "treefmt-nix_2"
      },
      "locked": {
-        "lastModified": 1742156590,
-        "narHash": "sha256-aTM/2CrNN5utdVEQGsOA+kl4UozgH7VPLBQL5OXtBrg=",
+        "lastModified": 1766810876,
+        "narHash": "sha256-VPElWFQIiP31lXQXEom+L4sl85alZpZn33O4hewsP9k=",
        "owner": "hraban",
        "repo": "mac-app-util",
-        "rev": "341ede93f290df7957047682482c298e47291b4d",
+        "rev": "4747968574ea58512c5385466400b2364c85d2d0",
        "type": "github"
      },
      "original": {
@@ -118,11 +146,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1745816321,
-        "narHash": "sha256-Gyh/fkCDqVNGM0BWvk+4UAS17w2UI6iwnbQQCmc1TDI=",
+        "lastModified": 1766784396,
+        "narHash": "sha256-rIlgatT0JtwxsEpzq+UrrIJCRfVAXgbYPzose1DmAcM=",
        "owner": "LnL7",
        "repo": "nix-darwin",
-        "rev": "4515dacafb0ccd42e5395aacc49fd58a43027e01",
+        "rev": "f0c8e1f6feb562b5db09cee9fb566a2f989e6b55",
        "type": "github"
      },
      "original": {
@@ -139,11 +167,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1713543440,
-        "narHash": "sha256-lnzZQYG0+EXl/6NkGpyIz+FEOc/DSEG57AP1VsdeNrM=",
+        "lastModified": 1762090880,
+        "narHash": "sha256-fbRQzIGPkjZa83MowjbD2ALaJf9y6KMDdJBQMKFeY/8=",
        "owner": "nix-community",
        "repo": "nixGL",
-        "rev": "310f8e49a149e4c9ea52f1adf70cdc768ec53f8a",
+        "rev": "b6105297e6f0cd041670c3e8628394d4ee247ed5",
        "type": "github"
      },
      "original": {
@@ -154,11 +182,74 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1745934659,
-        "narHash": "sha256-odZyAgjybOV1ha/lEoVL5HVOJw1YqFDfem9u3t+VB2o=",
+        "lastModified": 1766736597,
+        "narHash": "sha256-BASnpCLodmgiVn0M1MU2Pqyoz0aHwar/0qLkp7CjvSQ=",
+        "owner": "nixos",
+        "repo": "nixpkgs",
+        "rev": "f560ccec6b1116b22e6ed15f4c510997d99d5852",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nixos",
+        "ref": "nixos-25.11",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs-lib": {
+      "locked": {
+        "lastModified": 1765674936,
+        "narHash": "sha256-k00uTP4JNfmejrCLJOwdObYC9jHRrr/5M/a/8L2EIdo=",
+        "owner": "nix-community",
+        "repo": "nixpkgs.lib",
+        "rev": "2075416fcb47225d9b68ac469a5c4801a9c4dd85",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "nixpkgs.lib",
+        "type": "github"
+      }
+    },
+    "nixpkgs_2": {
+      "locked": {
+        "lastModified": 1761236834,
+        "narHash": "sha256-+pthv6hrL5VLW2UqPdISGuLiUZ6SnAXdd2DdUE+fV2Q=",
+        "owner": "nixos",
+        "repo": "nixpkgs",
+        "rev": "d5faa84122bc0a1fd5d378492efce4e289f8eac1",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nixos",
+        "ref": "nixpkgs-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs_3": {
+      "locked": {
+        "lastModified": 1761236834,
+        "narHash": "sha256-+pthv6hrL5VLW2UqPdISGuLiUZ6SnAXdd2DdUE+fV2Q=",
+        "owner": "nixos",
+        "repo": "nixpkgs",
+        "rev": "d5faa84122bc0a1fd5d378492efce4e289f8eac1",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nixos",
+        "ref": "nixpkgs-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs_4": {
+      "locked": {
+        "lastModified": 1766870016,
+        "narHash": "sha256-fHmxAesa6XNqnIkcS6+nIHuEmgd/iZSP/VXxweiEuQw=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "fbc071e5c11e23fba50037de37268e3d8a1858eb",
+        "rev": "5c2bc52fb9f8c264ed6c93bd20afa2ff5e763dce",
        "type": "github"
      },
      "original": {
@@ -178,11 +269,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1742765550,
-        "narHash": "sha256-2vVIh2JrL6GAGfgCeY9e6iNKrBjs0Hw3bGQEAbwVs68=",
+        "lastModified": 1763909441,
+        "narHash": "sha256-56LwV51TX/FhgX+5LCG6akQ5KrOWuKgcJa+eUsRMxsc=",
        "owner": "nix-community",
        "repo": "plasma-manager",
-        "rev": "b70be387276e632fe51232887f9e04e2b6ef8c16",
+        "rev": "b24ed4b272256dfc1cc2291f89a9821d5f9e14b4",
        "type": "github"
      },
      "original": {
@@ -197,11 +288,26 @@
        "mac-app-util": "mac-app-util",
        "nix-darwin": "nix-darwin",
        "nixgl": "nixgl",
-        "nixpkgs": "nixpkgs",
+        "nixpkgs": "nixpkgs_4",
        "plasma-manager": "plasma-manager"
      }
    },
    "systems": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
+    },
+    "systems_2": {
      "locked": {
        "lastModified": 1689347925,
        "narHash": "sha256-ozenz5bFe1UUqOn7f60HRmgc01BgTGIKZ4Xl+HbocGQ=",
@@ -215,6 +321,57 @@
        "repo": "default-darwin",
        "type": "github"
      }
+    },
+    "systems_3": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
+    },
+    "treefmt-nix": {
+      "inputs": {
+        "nixpkgs": "nixpkgs_2"
+      },
+      "locked": {
+        "lastModified": 1766000401,
+        "narHash": "sha256-+cqN4PJz9y0JQXfAK5J1drd0U05D5fcAGhzhfVrDlsI=",
+        "owner": "numtide",
+        "repo": "treefmt-nix",
+        "rev": "42d96e75aa56a3f70cab7e7dc4a32868db28e8fd",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "treefmt-nix",
+        "type": "github"
+      }
+    },
+    "treefmt-nix_2": {
+      "inputs": {
+        "nixpkgs": "nixpkgs_3"
+      },
+      "locked": {
+        "lastModified": 1766000401,
+        "narHash": "sha256-+cqN4PJz9y0JQXfAK5J1drd0U05D5fcAGhzhfVrDlsI=",
+        "owner": "numtide",
+        "repo": "treefmt-nix",
+        "rev": "42d96e75aa56a3f70cab7e7dc4a32868db28e8fd",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "treefmt-nix",
+        "type": "github"
+      }
    }
  },
  "root": "root",
@@ -52,7 +52,8 @@
            function (
              import nixpkgs {
                inherit system;
-                config.allowUnfreePredicate = (pkg: builtins.elem (nixpkgs.lib.getName pkg) [ "nvidia" ]);
+                config.allowUnfreePredicate = (pkg: builtins.elem (nixpkgs.lib.getName pkg) [ "nvidia" "claude-code" ]);
+                config.allowUnfree = true;
              }
            )
          );
@@ -81,7 +82,7 @@
            inherit pkgs;

            modules = [
-              inputs.plasma-manager.homeManagerModules.plasma-manager
+              inputs.plasma-manager.homeModules.plasma-manager
              ./home-manager/common.nix
              ./home-manager/becky-dingleberry.nix
            ];
@@ -97,13 +98,30 @@
          system = "aarch64-darwin";
          specialArgs = {
            self = self;
+            inputs = inputs // {
+              darwin = inputs.nix-darwin;
+            };
          };
          modules = [
            # Add our overlay to the system configuration
            (
              { ... }:
              {
-                nixpkgs.overlays = [ overlay ];
+                nixpkgs.overlays = [ 
+                  overlay
+                  (
+                    self: super:
+                    let
+                      nixpkgsWithFree = import nixpkgs {
+                        system = "aarch64-darwin";
+                        config.allowUnfree = true;
+                      };
+                    in
+                    {
+                      claude-code = nixpkgsWithFree.claude-code;
+                    }
+                  )
+                ];
              }
            )
            mac-app-util.darwinModules.default
@@ -46,6 +46,7 @@ in
        "application/xhtml+xml" = "userapp-Firefox-5T0SK2.desktop";
        "application/x-extension-xhtml" = "userapp-Firefox-5T0SK2.desktop";
        "application/x-extension-xht" = "userapp-Firefox-5T0SK2.desktop";
+        "x-scheme-handler/lmstudio" = "LM Studio.desktop";
      };
      enable = true;
    };
@@ -54,8 +55,8 @@ in
    #  };
  };

-  nixGL.packages = pkgs.nixgl;
-  nixGL.defaultWrapper = "nvidia";
+  targets.genericLinux.nixGL.packages = pkgs.nixgl;
+  targets.genericLinux.nixGL.defaultWrapper = "nvidia";

  home.username = username;

@@ -65,7 +66,9 @@ in

  home.packages = with pkgs; [
    android-tools
-    android-udev-rules
+    direnv
+    nix-direnv
+    kdePackages.kdeconnect-kde
    # TODO: Move from system to nix
    # awscli2
    # kubectl
@@ -73,6 +76,17 @@ in
    tcpdump
  ];

+  home.file = {
+    "${homedir}/.gnupg/gpg-agent.conf" = {
+      text = ''
+        default-cache-ttl 34560000
+        max-cache-ttl 34560000
+        allow-loopback-pinentry
+        pinentry-program ${pkgs.pinentry-curses}/bin/pinentry
+      '';
+    };
+  };
+
  xdg.configFile = lib.mkMerge [
    {
      "ghostty/config" = {
@@ -89,7 +103,7 @@ in
    }
  ];

-  # TODO: Manual ghostty injection
+  # TODO: Manual ghostty injectionF
  programs.bat.syntaxes.ghostty = {
    src = pkgs.ghostty;
    file = "share/bat/syntaxes/ghostty.sublime-syntax";
@@ -99,15 +113,11 @@ in

  programs.git = {
    enable = true;
-    userName = "Arnie";
-    userEmail = "i@cechis.cz";
-    ignores = [
-      ".vscode"
-      ".direnv"
-      ".devenv"
-      ".envrc"
-    ];
-    extraConfig = {
+    settings = {
+      user = {
+        name = "Arnie";
+        email = "i@cechis.cz";
+      };
      core = {
        autocrlf = "input";
        # TODO: Provide through nix
@@ -119,6 +129,37 @@ in

      init.defaultBranch = "main";
    };
+
+    ignores = [
+      ".vscode"
+      ".direnv"
+      ".devenv"
+      ".envrc"
+    ];
+
+    signing = {
+      signByDefault = true;
+      key = "892F43F4";
+    };
+  };
+
+  # Generate key wth gpg --full-gen-key
+  # Kind of key: 10 ECC sign only, curve 25519
+  # Real name: <username>
+  # Email address: <email>
+
+  # Add to git: gpg --list-secret-keys --keyid-format SHORT
+  # get the bit after the key kind and put it in the signing.key in git config above
+  # gpg --armor --export <KEY> and add to git account
+
+  programs.gpg = {
+    enable = true;
+    settings = {
+      use-agent = true;
+      pinentry-mode = "loopback";
+    };
+    mutableKeys = false;
+    publicKeys = [ ];
  };

  # Can't use the nixgl wrapper due to GTK libraries
@@ -217,6 +258,19 @@ in
        "Switch One Desktop to the Left" = "none";

        "Edit Tiles" = "none";
+
+        # "MoveMouseToCenter" = "Meta+F6,Meta+F6,Move Mouse to Center";
+        "MoveMouseToCenter" = "none";
+        # "MoveMouseToFocus" = "Meta+F5,Meta+F5,Move Mouse to Focus";
+        "MoveMouseToFocus" = "none";
+
+        # "Switch to Screen 0" = "none,,Switch to Screen 0";
+        "Switch to Screen 0" = "Meta+Ctrl+Alt+0";
+        # "Switch to Screen 1" = "none,,Switch to Screen 1";
+        "Switch to Screen 1" = "Meta+Ctrl+Alt+1";
+        # "Switch to Screen 2" = "none,,Switch to Screen 2";
+        "Switch to Screen 2" = "Meta+Ctrl+Alt+2";
+
      };

      plasmashell = {
@@ -253,6 +307,7 @@ in
      vysokyujezd = "${homedir}/storage/.life/stavby/vysoky-ujezd";
      work = "/mnt/yosuke/share/arnie/work";
      smarthome = "/mnt/yosuke/share/arnie/smarthome";
+      lab = "/mnt/storage/.lab";

      # Hardware
      v2-red = "${homedir}/storage/.hardware/3d-print/v2-red-V2-2201270017";
@@ -3,24 +3,21 @@
  pkgs,
  ...
 }:
-let
-  zshSourceCommon = ./zsh/common;
-
-  isDarwin = pkgs.stdenv.hostPlatform.isDarwin;
-  isLinux = pkgs.stdenv.hostPlatform.isLinux;
-in
 {
  imports = [
    (import ./nix-init-scripts.nix {
      inherit lib pkgs;
    })
+    ./programs/zsh.nix
  ];

  home.packages = with pkgs; [
    awscli2
    kubectl
    nixd
+    tree
    viu
+    yq
  ];

  # Let Home Manager install and manage itself.
@@ -95,6 +92,14 @@ in
    enable = true;
  };

+  programs.ripgrep = {
+    enable = true;
+    arguments = [
+      "--smart-case"
+      "--hidden"
+    ];
+  };
+
  programs.vim = {
    enable = true;
    settings = {
@@ -103,110 +108,6 @@ in
    };
  };

-  programs.zsh = {
-    enable = true;
-
-    autocd = lib.mkDefault true;
-
-    shellAliases =
-      {
-        # use eval $(aws-export-credentials) to expose them to environment
-        aws-export-credentials = lib.mkDefault "${pkgs.awscli2}/bin/aws configure export-credentials --format env --profile";
-
-        aws-export-assume-role = lib.mkDefault "${pkgs.writeShellScript "aws-export-assume-role" ''
-          [[ -z "$1" || -z "$2" ]] && echo "Usage: aws-export-assume-role <profile> <role-arn>" && exit 1
-          ${pkgs.coreutils}/bin/printf 'export AWS_ACCESS_KEY_ID=%s\nexport AWS_SECRET_ACCESS_KEY=%s\nexport AWS_SESSION_TOKEN=%s' $(${pkgs.awscli2}/bin/aws --profile "$1" sts assume-role --role-arn "$2" --role-session-name lcech --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" --output text)
-        ''}";
-
-        aws-s3-cp-public = lib.mkDefault ''
-          ${pkgs.awscli2}/bin/aws s3 cp --acl "public-read" --expires "$(${pkgs.coreutils}/bin/date '+%a, %d %b %Y 00:00:00 GMT' -d "$(${pkgs.coreutils}/bin/date +%Y-%m-%d) + 365 day")" --cache-control "max-age=31536000" --metadata-directive REPLACE
-        '';
-
-        bcrypt = lib.mkDefault "${pkgs.writeShellScript "bcrypt" ''
-          if [[ -z "$1" ]]; then
-            echo "Usage: bcrypt <password> [cost]"
-            exit 1
-          fi
-
-          echo -n "$1" | ${pkgs.apacheHttpd}/bin/htpasswd -i -nB -C ''${2:-12} "" | tr -d ':'
-        ''}";
-
-        cat = lib.mkDefault "${pkgs.bat}/bin/bat --paging=never";
-
-        # use curl-aws --aws-sigv4 "aws:amz:region:service"
-        curl-aws = lib.mkDefault "${pkgs.curl}/bin/curl -H \"X-Amz-Security-Token: $AWS_SESSION_TOKEN\" --user \"$AWS_ACCESS_KEY_ID:$AWS_SECRET_ACCESS_KEY\"";
-
-        curl-timing = lib.mkDefault "${pkgs.curl}/bin/curl -w \"     time_namelookup:  %{time_namelookup}s\n        time_connect:  %{time_connect}s\n     time_appconnect:  %{time_appconnect}s\n    time_pretransfer:  %{time_pretransfer}s\n       time_redirect:  %{time_redirect}s\n  time_starttransfer:  %{time_starttransfer}s\n                     ----------\n          time_total:  %{time_total}s\n\" -o /dev/null";
-
-        dbase64 = lib.mkDefault "${pkgs.writeShellScript "dbase64" "echo -n \"$1\" | base64 -d"}";
-
-        git-sync-remote = lib.mkDefault "git remote update origin --prune";
-
-        klogs = lib.mkDefault "${pkgs.writeShellScript "klogs" ''
-          ctx="$1"
-          shift
-          namespace="$1"
-          shift
-          label="$1"
-          shift
-
-          if [[ "$ctx" == "" || "$namespace" == "" || "$label" == "" ]]; then
-                  echo "Usage: klogs context namespace label"
-                  echo "${"\n"}Contexts:"
-                  kubectl config get-contexts -o name | sed 's/^/\t/g'
-
-                  echo "Label examples:"
-                  echo "${"\t"}app.kubernetes.io/name=..."
-                  echo "${"\t"}eks.amazonaws.com/component=..."
-                  exit 1
-          fi
-
-          kubectl --context "$ctx" logs -f -n "$namespace" -l "$label" $@
-        ''}";
-
-        nixfix = lib.mkDefault "nix fmt ./**/*.nix";
-
-        # Git
-        a = "git add";
-        c = "git commit -m";
-        d = "git diff";
-        d-s = "git diff --staged";
-        gtag = "${pkgs.writeShellScript "gtag" "git tag -a $1 -m '$2'"}";
-        gtag-replace = "${pkgs.writeShellScript "gtag" ''
-          msg=$(git tag -l -n9 $1 | sed "s/$1\s\+//g")
-          git tag -d $1 && \
-          git push origin :refs/tags/$1 && \
-          git tag -a $1 -m "$msg" && \
-          git push origin $1
-        ''}";
-        gtagl = "git fetch --tags && git tag -l -n9 --sort=-v:refname";
-        s = "git status";
-      }
-      // (
-        if isDarwin then
-          {
-            hm-switch = lib.mkDefault "darwin-rebuild switch --flake ~/.config/nix";
-          }
-        else if isLinux then
-          {
-            hm-switch = lib.mkDefault "home-manager switch --impure --flake ~/.config/nix";
-          }
-        else
-          { }
-      );
-
-    initContent = lib.mkBefore ''
-      for file in ${zshSourceCommon}/*.zsh; do
-          source "$file"
-      done
-
-      # [Ctrl-RightArrow] - move forward one word
-      bindkey '^[[1;3C' forward-word
-      # [Ctrl-LeftArrow] - move backward one word
-      bindkey '^[[1;3D' backward-word
-    '';
-  };
-
  programs.starship = {
    enable = true;
    enableZshIntegration = true;
@@ -29,7 +29,9 @@
                    echo "Commands:"
                    echo -n '${
                      builtins.toJSON (
-                        builtins.mapAttrs (s: value: value.description) self.devShells.${pkgs.system}.default.config.scripts
+                        builtins.mapAttrs (
+                          s: value: value.description
+                        ) self.devShells.${pkgs.stdenv.hostPlatform.system}.default.config.scripts
                      )
                    }' | \
                    ${pkgs.jq}/bin/jq -r 'to_entries | map("  \(.key)\n" + "    - \(if .value == "" then "no description provided" else .value end)") | "" + .[]'
@@ -12,27 +12,27 @@ return (function()
        license = "MIT";
    }

-    -- DELL S2722DGM: 0F6BDB5B-840D-40BE-AAC9-B467A78E057A
+    -- DELL S2722DGM: 394ACDEE-CA25-43C4-A533-D4EDF4A897AF
    -- DELL S2721DGF: D3142823-261D-46EF-B9C2-5181C7FE2CA5
-    -- AV Receiver:   B5A65BB6-E73E-4C3D-977C-33C86798AA5A
+    -- AV Receiver:   B5845603-D54C-44B8-9B55-96F7E5F50646
    local appScreenMap = {
        Slack = {
            desktop = 1,
-            screen = "0F6BDB5B-840D-40BE-AAC9-B467A78E057A",
+            screen = "394ACDEE-CA25-43C4-A533-D4EDF4A897AF",
            fullscreen = true,
        },
-        Cursor = {
+        Code = {
            desktop = 1,
-            screen = "B5A65BB6-E73E-4C3D-977C-33C86798AA5A",
+            screen = "D3142823-261D-46EF-B9C2-5181C7FE2CA5",
            fullscreen = true,
        },
        Spotify = {
-            desktop = 3,
-            screen = "B5A65BB6-E73E-4C3D-977C-33C86798AA5A",
+            desktop = 2,
+            screen = "D3142823-261D-46EF-B9C2-5181C7FE2CA5",
            fullscreen = true,
        },
        ["zoom.us"] = {
-            screen = "B5A65BB6-E73E-4C3D-977C-33C86798AA5A",
+            screen = "D3142823-261D-46EF-B9C2-5181C7FE2CA5",
            fullscreen = true,
        },
        ["Microsoft Outlook"] = {
@@ -63,24 +63,46 @@ return (function()

        local currentSpaces = spaces.allSpaces()

-        for _, v in pairs(window.list()) do
-            local def = appScreenMap[v.kCGWindowOwnerName]
-            local win = window.get(v.kCGWindowNumber)
-            if def ~= nil and win ~= nil then
+        local spaceMap = {}
+        for _, screenSpaces in pairs(currentSpaces) do
+            for _, space in ipairs(screenSpaces) do
+                spaceMap[space] = true
+            end
+        end
+
+        local spaceIds = {}
+        for spaceId, _ in pairs(spaceMap) do
+            table.insert(spaceIds, spaceId)
+        end
+
+        local winMap = {}
+        for _, spaceId in pairs(spaceIds) do
+            for _, winId in ipairs(spaces.windowsForSpace(spaceId)) do
+                winMap[winId] = true
+            end
+        end
+
+        for winId, _ in pairs(winMap) do
+            -- Cannot get windows for non-active spaces, window.filter would have to be used, but performance is crap
+            local win = window.get(winId)
+            if win ~= nil then
+                local name = win:application():name()
+                local def = appScreenMap[name]
+                if def ~= nil then
                    if def.desktop ~= nil and currentSpaces[def.screen] ~= nil then
-                    print(v.kCGWindowOwnerName .. " moving window into an index " .. def.desktop .. " which is space " .. currentSpaces[def.screen][def.desktop])
+                        print(name .. " moving window into an index " .. def.desktop .. " which is space " .. currentSpaces[def.screen][def.desktop])
                        spaces.moveWindowToSpace(win, currentSpaces[def.screen][def.desktop])
                    end

                    local scr = screens[def.screen]
                    if scr ~= nil then
                        timer.doAfter(1, function()
-                        print(v.kCGWindowOwnerName .. " moving window into a screen " .. def.screen)
+                            print(name .. " moving window into a screen " .. def.screen)

                            win:moveToScreen(scr)
                            if def.fullscreen then
                                timer.doAfter(1, function()
-                                print(v.kCGWindowOwnerName .. " fullscreening window")
+                                    print(name .. " fullscreening window")

                                    fullscreen(win)
                                end)
@@ -90,6 +112,7 @@ return (function()
                end
            end
        end
+    end

    -- https://github.com/Hammerspoon/hammerspoon/blob/master/SPOONS.md#hotkeys
    function spoon:bindHotKeys(mapping)
@@ -35,7 +35,7 @@ windowMove = function()

 	hs.hotkey.bind({ "ctrl", "alt", "cmd" }, "pad1", function()
 		-- DELL S2722DGM
-		local scr = getScreenById("0F6BDB5B-840D-40BE-AAC9-B467A78E057A")
+		local scr = getScreenById("394ACDEE-CA25-43C4-A533-D4EDF4A897AF")
 		if scr == nil then
 			return
 		end
@@ -63,7 +63,7 @@ windowMove = function()

 	hs.hotkey.bind({ "ctrl", "alt", "cmd" }, "pad3", function()
 		-- AV Receiver
-		local scr = getScreenById("B5A65BB6-E73E-4C3D-977C-33C86798AA5A")
+		local scr = getScreenById("B5845603-D54C-44B8-9B55-96F7E5F50646")
 		if scr == nil then
 			return
 		end
@@ -74,6 +74,53 @@ windowMove = function()
 			fullscreen(win)
 		end)
 	end)
+
+
+
+	hs.hotkey.bind({ "ctrl", "alt", "cmd", "shift" }, "pad1", function()
+		-- DELL S2722DGM
+		local scr = getScreenById("394ACDEE-CA25-43C4-A533-D4EDF4A897AF")
+		if scr == nil then
+			return
+		end
+
+		for _, win in ipairs(window.focusedWindow():application():allWindows()) do
+			win:moveToScreen(scr)
+			timer.doAfter(1, function()
+				fullscreen(win)
+			end)
+		end
+	end)
+
+	hs.hotkey.bind({ "ctrl", "alt", "cmd", "shift" }, "pad2", function()
+		-- DELL S2721DGF
+		local scr = getScreenById("D3142823-261D-46EF-B9C2-5181C7FE2CA5")
+		if scr == nil then
+			return
+		end
+
+		for _, win in ipairs(window.focusedWindow():application():allWindows()) do
+			win:moveToScreen(scr)
+			timer.doAfter(1, function()
+				fullscreen(win)
+			end)
+		end
+	end)
+
+	hs.hotkey.bind({ "ctrl", "alt", "cmd", "shift" }, "pad3", function()
+		-- AV Receiver
+		local scr = getScreenById("B5845603-D54C-44B8-9B55-96F7E5F50646")
+		if scr == nil then
+			return
+		end
+
+		for _, win in ipairs(window.focusedWindow():application():allWindows()) do
+			win:moveToScreen(scr)
+			timer.doAfter(1, function()
+				fullscreen(win)
+			end)
+		end
+	end)
 end

 windowMove()
@@ -1,4 +1,5 @@
 {
+  config,
  lib,
  pkgs,
  ...
@@ -11,12 +12,16 @@ let

  gitUsername = "Lukas Cech";
  gitEmail = "lcech@veracode.com";
-
 in
 {
  imports = [
    (import ./veracode/aws-cli.nix {
-      inherit homedir lib pkgs;
+      inherit
+        config
+        homedir
+        lib
+        pkgs
+        ;
    })
  ];

@@ -27,11 +32,14 @@ in
  home.stateVersion = "24.11";

  home.packages = with pkgs; [
-    hammerspoon
-    pstree
-    watch
+    claude-code
    colima
    docker
+    hammerspoon
+    pstree
+    ssm-session-manager-plugin
+    watch
+    wireshark-qt
  ];

  # ghostty marked as broken as of 2025-01-05 in nix, using homebrew and custom config
@@ -52,6 +60,23 @@ in
      '';
    };

+    "${homedir}/.ssh/config" = {
+      text = ''
+        Include /Users/lcech/.colima/ssh_config
+
+        host git.c3c.cz
+                Port 5522
+
+        host dingleberry
+                User becky
+                Hostname 10.196.196.5
+                IdentityFile ~/.ssh/id_ed25519_access
+
+        host gitlab.veracode-staging.us
+                IdentityFile ~/.ssh/id_rsa_fedramp
+      '';
+    };
+
    "${homedir}/.hammerspoon/hmSpoons/C3CWorkspace.spoon" = {
      source = ./hammerspoon/C3CWorkspace.spoon;
      recursive = true;
@@ -76,8 +101,6 @@ in

  programs.git = {
    enable = true;
-    userName = gitUsername;
-    userEmail = gitEmail;

    ignores = [
      ".vscode"
@@ -91,7 +114,10 @@ in
      key = "5ABD6C5E";
    };

-    extraConfig = {
+    settings = {
+      user.name = gitUsername;
+      user.email = gitEmail;
+
      core = {
        autocrlf = "input";
        editor = "vim";
@@ -100,6 +126,8 @@ in
      pull.rebase = false;

      init.defaultBranch = "main";
+
+      url."ssh://git@gitlab.laputa.veracode.io/".insteadOf = "https://gitlab.laputa.veracode.io/";
    };
  };

@@ -155,6 +183,31 @@ in

    shellAliases = {
      hammerspoon-config = "open -a ${pkgs.hammerspoon}/Applications/Hammerspoon.app/Contents/MacOS/Hammerspoon";
+      get-key = "${pkgs.writeShellScript "get-key" ''
+        set -e
+        scp dingleberry:/self/hintihint/keys/sum.key ${homedir}/hw.key
+        read -p "waiting for confirmation to delete the key"
+        rm ${homedir}/hw.key
+      ''}";
+      wg-home = "${pkgs.writeShellScript "wg-home" ''
+        WG=$(sudo wg show)
+        if [[ "$WG" != "" ]]; then
+          if [[ $(echo "$WG" | grep endpoint | cut -c13-26) == "10.125.248.248" ]]; then
+            sudo wg-quick down /etc/wireguard/home.conf
+          else
+            sudo wg-quick down /etc/wireguard/home-remote.conf
+          fi
+        fi
+
+        if [[ "$(ipconfig getifaddr en0)" =~ "10.125.24" ]]; then
+          sudo wg-quick up /etc/wireguard/home.conf
+        else
+          sudo wg-quick up /etc/wireguard/home-remote.conf
+        fi
+      ''}";
+      ssm = "${pkgs.writeShellScript "ssm" ''
+        aws --profile $1 --region ''${3:-us-east-1} ssm start-session --target $2
+      ''}";
    };

    initContent = ''
@@ -0,0 +1,174 @@
+{
+  lib,
+  pkgs,
+  ...
+}:
+let
+  isDarwin = pkgs.stdenv.hostPlatform.isDarwin;
+  isLinux = pkgs.stdenv.hostPlatform.isLinux;
+in
+{
+  programs.zsh = {
+    enable = true;
+
+    autocd = lib.mkDefault true;
+
+    history = {
+      expireDuplicatesFirst = true;
+      ignoreDups = true;
+      save = 10000;
+      share = false;
+      size = 10000;
+    };
+
+    shellAliases = {
+      # use eval $(aws-export-credentials) to expose them to environment
+      aws-export-credentials = lib.mkDefault "${pkgs.awscli2}/bin/aws configure export-credentials --format env --profile";
+
+      aws-export-assume-role = lib.mkDefault "${pkgs.writeShellScript "aws-export-assume-role" ''
+        [[ -z "$1" || -z "$2" ]] && echo "Usage: aws-export-assume-role <profile> <role-arn>" && exit 1
+        ${pkgs.coreutils}/bin/printf 'export AWS_ACCESS_KEY_ID=%s\nexport AWS_SECRET_ACCESS_KEY=%s\nexport AWS_SESSION_TOKEN=%s' $(${pkgs.awscli2}/bin/aws --profile "$1" sts assume-role --role-arn "$2" --role-session-name lcech --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" --output text)
+      ''}";
+
+      # https://docs.aws.amazon.com/singlesignon/latest/userguide/createshortcutlink.html
+      aws-sharable-url = lib.mkDefault "${pkgs.writeShellScript "aws-sharable-url" ''
+        set -e
+
+        URL=$1
+        [[ -z "$URL" ]] && read -p "Enter URL: " URL
+
+        # Strip schema
+        URL="''${URL#https://}"
+
+        # Parse Account ID from multi-session URL
+        ACCOUNT_ID="''${URL%%-*}"
+
+        # Strip account ID and hash up to the region part
+        URL="''${URL#*\.}"
+
+        PROFILE=$(${pkgs.gnugrep}/bin/grep "sso_account_id = $ACCOUNT_ID" ~/.aws/config -B 5 | ${pkgs.gnugrep}/bin/grep "\[profile" | ${pkgs.coreutils}/bin/tail -n 1 | ${pkgs.coreutils}/bin/tr -d '[]')
+        PROFILE="''${PROFILE#profile }"
+
+        ROLE_NAME=$(${pkgs.awscli2}/bin/aws configure get profile.$PROFILE.sso_role_name)
+        SSO_SESSION=$(${pkgs.awscli2}/bin/aws configure get profile.$PROFILE.sso_session)
+
+        SSO_URL=$(${pkgs.gnugrep}/bin/grep "\[sso-session $SSO_SESSION" ~/.aws/config -A5 | ${pkgs.gnugrep}/bin/grep sso_start_url | ${pkgs.coreutils}/bin/head -n 1)
+        SSO_URL="''${SSO_URL#sso_start_url = }"
+        # Strip trailing slash from SSO_URL if present
+        SSO_URL="''${SSO_URL%/}"
+
+        SHARABLE_URL="$SSO_URL/#/console?account_id=$ACCOUNT_ID&role_name=$ROLE_NAME&destination=$(${pkgs.urlencode}/bin/urlencode "https://$URL")"
+
+        ${
+          if isDarwin then
+            ''
+              echo -n "$SHARABLE_URL" | pbcopy
+            ''
+          else
+            ''
+              echo -n "$SHARABLE_URL" | ${pkgs.xclip}/bin/xclip -selection clipboard
+            ''
+        }
+        echo "URL copied to clipboard"
+      ''}";
+
+      aws-s3-cp-public = lib.mkDefault ''
+        ${pkgs.awscli2}/bin/aws s3 cp --acl "public-read" --expires "$(${pkgs.coreutils}/bin/date '+%a, %d %b %Y 00:00:00 GMT' -d "$(${pkgs.coreutils}/bin/date +%Y-%m-%d) + 365 day")" --cache-control "max-age=31536000" --metadata-directive REPLACE
+      '';
+
+      bcrypt = lib.mkDefault "${pkgs.writeShellScript "bcrypt" ''
+        if [[ -z "$1" ]]; then
+          echo "Usage: bcrypt <password> [cost]"
+          exit 1
+        fi
+
+        echo -n "$1" | ${pkgs.apacheHttpd}/bin/htpasswd -i -nB -C ''${2:-12} "" | tr -d ':'
+      ''}";
+
+      cat = lib.mkDefault "${pkgs.bat}/bin/bat --paging=never";
+
+      # use curl-aws --aws-sigv4 "aws:amz:region:service"
+      curl-aws = lib.mkDefault "${pkgs.curl}/bin/curl -H \"X-Amz-Security-Token: $AWS_SESSION_TOKEN\" --user \"$AWS_ACCESS_KEY_ID:$AWS_SECRET_ACCESS_KEY\"";
+
+      curl-timing = lib.mkDefault "${pkgs.curl}/bin/curl -w \"     time_namelookup:  %{time_namelookup}s\n        time_connect:  %{time_connect}s\n     time_appconnect:  %{time_appconnect}s\n    time_pretransfer:  %{time_pretransfer}s\n       time_redirect:  %{time_redirect}s\n  time_starttransfer:  %{time_starttransfer}s\n                     ----------\n          time_total:  %{time_total}s\n\" -o /dev/null";
+
+      dbase64 = lib.mkDefault "${pkgs.writeShellScript "dbase64" "echo -n \"$1\" | base64 -d"}";
+
+      git-sync-remote = lib.mkDefault "git remote update origin --prune";
+
+      cleanup-kube-config = "${
+        pkgs.writeShellApplication {
+          name = "app";
+          text = ./zsh/aliases/cleanup-kube-config.sh;
+          runtimeInputs = [
+            pkgs.gnugrep
+            pkgs.coreutils
+          ];
+        }
+      }/bin/app";
+
+      klogs = lib.mkDefault "${pkgs.writeShellScript "klogs" ''
+        ctx="$1"
+        shift
+        namespace="$1"
+        shift
+        label="$1"
+        shift
+
+        if [[ "$ctx" == "" || "$namespace" == "" || "$label" == "" ]]; then
+                echo "Usage: klogs context namespace label"
+                echo "${"\n"}Contexts:"
+                kubectl config get-contexts -o name | sed 's/^/\t/g'
+
+                echo "Label examples:"
+                echo "${"\t"}app.kubernetes.io/name=..."
+                echo "${"\t"}eks.amazonaws.com/component=..."
+                exit 1
+        fi
+
+        kubectl --context "$ctx" logs -f -n "$namespace" -l "$label" $@
+      ''}";
+
+      nixfix = lib.mkDefault "nix fmt ./**/*.nix";
+
+      # Git
+      a = "git add";
+      c = "git commit -m";
+      d = "git diff";
+      d-s = "git diff --staged";
+      gtag = "${pkgs.writeShellScript "gtag" "git tag -a $1 -m '$2'"}";
+      gtag-replace = "${pkgs.writeShellScript "gtag" ''
+        msg=$(git tag -l -n9 $1 | sed "s/$1\s\+//g")
+        git tag -d $1 && \
+        git push origin :refs/tags/$1 && \
+        git tag -a $1 -m "$msg" && \
+        git push origin $1
+      ''}";
+      gtagl = "git fetch --tags && git tag -l -n9 --sort=-v:refname";
+      s = "git status";
+    }
+    // (
+      if isDarwin then
+        {
+          hm-switch = lib.mkDefault "sudo darwin-rebuild switch --flake ~/.config/nix";
+        }
+      else if isLinux then
+        {
+          hm-switch = lib.mkDefault "home-manager switch --impure --flake ~/.config/nix";
+        }
+      else
+        { }
+    );
+
+    initContent = lib.mkBefore ''
+      for file in ${./zsh}/*.zsh; do
+          source "$file"
+      done
+
+      # [Ctrl-RightArrow] - move forward one word
+      bindkey '^[[1;3C' forward-word
+      # [Ctrl-LeftArrow] - move backward one word
+      bindkey '^[[1;3D' backward-word
+    '';
+  };
+}
@@ -0,0 +1,53 @@
+set -e
+
+declare -A account_clusters
+declare -A account_profiles
+
+for ctx in $(kubectl config get-contexts -o name); do
+    if [[ "${ctx:0:7}" != "arn:aws" ]]; then
+        continue
+    fi
+
+    account_id="${ctx#*:*:*:*:}"
+    account_id="${account_id%%:*}"
+    cluster_name="${ctx#*cluster/}"
+
+    if [[ "${account_id}" == "" ]] || [[ "${cluster_name}" == "" ]]; then
+        continue
+    fi
+
+    if [[ ! -v account_profiles[$account_id] ]]; then
+        aws_profile=$(grep "sso_account_id = $account_id" ~/.aws/config -B 5 | grep "\[profile" | tail -n 1 | tr -d '[]')
+        aws_profile="${aws_profile#profile }"
+
+        if [[ "${aws_profile}" == "" ]]; then
+            continue
+        fi
+
+        account_profiles[$account_id]=$aws_profile
+        account_clusters[$account_id]=""
+    fi
+
+    account_clusters[$account_id]+="$cluster_name "
+done
+
+for acc in ${!account_profiles[@]}; do
+    profile=${account_profiles[$acc]}
+
+    declare -A current_clusters
+
+    for remote_cluster in $(aws --profile $profile eks list-clusters --query "clusters" --output text); do
+      current_clusters[$remote_cluster]=""
+    done
+
+    for cluster in ${account_clusters[$acc]}; do
+        if [[ -v current_clusters[$cluster] ]]; then
+            # check if credentials are current
+            echo "$cluster cluster exists"
+        else
+            kubectl config delete-context "$(kubectl config get-contexts -o name | grep "$acc:cluster/$cluster" | head -n 1)"
+        fi
+    done
+
+    unset -v current_clusters
+done
@@ -1,4 +1,4 @@
-theme = "catppuccin-mocha"
+theme = "Catppuccin Mocha"
 window-width = 9999
 window-height = 9999

@@ -31,4 +31,4 @@ keybind = super+shift+h=resize_split:left,10
 keybind = super+shift+l=resize_split:right,10

 # https://ghostty.org/docs/config/reference#scrollback-limit
-scrollback-limit = 10000000
+scrollback-limit = 100000000
@@ -0,0 +1,16 @@
+[govus-stage]
+okta_org_url = https://govus-staging-veracode.okta.com
+gimme_creds_server = appurl
+aws_rolename = arn:aws-us-gov:iam::403885414333:role/Corp-Engineer
+write_aws_creds = True
+cred_profile = 403885414333-Corp-Engineer
+okta_username = lcech@veracode.com
+app_url = https://govus-staging-veracode.okta.com/home/amazon_aws/0oame0n0rGjDo9BvZ4h6/272
+resolve_aws_alias = False
+include_path = True
+preferred_mfa_type = push
+remember_device = True
+aws_default_duration = 3600
+output_format = export
+force_classic = True
+enable_keychain = True
@@ -1,4 +1,5 @@
 {
+  config,
  homedir,
  lib,
  pkgs,
@@ -550,6 +551,14 @@ in
    '';
  };

+  home.file."${homedir}/.okta_aws_login_config" = {
+    source = config.lib.file.mkOutOfStoreSymlink "${homedir}/.config/nix/home-manager/veracode/.okta_aws_login_config";
+  };
+
+  home.packages = [
+    pkgs.gimme-aws-creds
+  ];
+
  programs.zsh.shellAliases = {
    veracode-find = ''${pkgs.writeShellScript "veracode-find" ''
      for profile in $(aws configure list-profiles | grep -E '^(us|eu|old-world|longbow)-'); do
@@ -593,5 +602,10 @@ in
      aws sso login --profile old-world-aws-devops &
      aws sso login --profile longbow-SharedServices &
    ''}'';
+
+    veracode-login-govus-stage = ''${pkgs.writeShellScript "export-aws-govus-stage" ''
+      gimme-aws-creds --profile govus-stage
+      ${pkgs.gnugrep}/bin/grep "^\[403885414333-Corp-Engineer\]" -A1 ${homedir}/.aws/credentials | ${pkgs.coreutils}/bin/tail -n 1 | ${pkgs.gnugrep}/bin/grep -q "region" || ${pkgs.gnused}/bin/sed -i '/^\[403885414333-Corp-Engineer\]$/a region = us-gov-west-1' ${homedir}/.aws/credentials
+    ''}'';
  };
 }
@@ -1,6 +0,0 @@
-# HISTORY
-HISTSIZE=10000
-SAVEHIST=10000
-HISTFILE=~/.zsh_history
-
-# bindkey '^R' zaw-history
Author	SHA1	Message	Date
arnie	9503c33f24	Mac things	2026-01-13 13:26:57 +01:00
arnie	fa9c2115e9	Add claude code to mac	2026-01-02 23:28:02 +01:00
arnie	b9b62ea3c3	Formatting and hammerspoon	2025-12-29 12:23:03 +01:00
arnie	c34274413a	Add session manager plugin	2025-12-29 12:21:57 +01:00
arnie	0a7d543ff4	Update darwin stuff	2025-12-29 10:16:31 +01:00
Arnie	4c7d1aabea	Add tree	2025-12-14 21:57:38 +01:00
Arnie	43fe34151a	Update becky	2025-12-14 20:10:10 +01:00
Arnie	ebcc853148	Fix pinentry for linux	2025-12-08 16:05:39 +01:00
Arnie	524ccea715	Update flake	2025-12-08 16:05:28 +01:00
Arnie	5c15c6885d	Update flakes	2025-11-09 21:35:53 +01:00
arnie	7e2ae203da	veracode gov stage access	2025-09-04 17:03:40 +02:00
arnie	b163b2f9ce	Formatting	2025-08-21 12:33:25 +02:00
arnie	7385941c96	Implement okta aws cli	2025-08-21 12:33:12 +02:00
arnie	22511d0238	Implement okta gov aws cli	2025-08-21 11:32:28 +02:00
arnie	0a9f041a3d	Increase scollback limit in ghostty	2025-08-21 11:32:10 +02:00
arnie	de2805aea2	Pass inputs to nix darwin	2025-08-21 11:31:52 +02:00
arnie	92d6ff3520	Update flakes	2025-08-21 11:31:42 +02:00
arnie	405af3517e	Fix nix darwin activation script after update	2025-08-21 11:31:24 +02:00
arnie	2972486a85	Add shell script to cleanup aws clusters from kubeconfig	2025-07-29 10:51:13 +02:00
arnie	409a96c224	Fix grep reference from coreutils	2025-07-17 15:44:33 +02:00
arnie	a7feabf2b8	Refactor zsh, add aws-sharable-url shell alias	2025-07-16 10:27:02 +02:00
arnie	b7ff5d4869	Configure wireguard and ssh access for mac	2025-07-10 11:01:56 +02:00
arnie	261331252a	Replace wireshark with wireshark-qt on mac	2025-07-09 10:17:04 +02:00
arnie	a11c62c437	Add git insteadOf url for gitlab ssh	2025-07-09 10:00:49 +02:00
arnie	a8a693cd95	Add wireshark to mac	2025-07-09 10:00:37 +02:00
arnie	0ae905e88f	Add trusted substituters for nixpkgs terraform	2025-07-09 10:00:19 +02:00
arnie	8a56ff1571	Add rigrep	2025-07-09 09:59:29 +02:00
arnie	c90d529ff6	Add yq to common packages	2025-06-11 10:10:08 +02:00
arnie	334780b2f4	QoL window move	2025-05-28 11:12:33 +02:00
arnie	a9f26cfd6b	Prepare window switching for all spaces	2025-04-30 09:21:52 +02:00
				`@@ -0,0 +1 @@`
				`ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKxA6m6fD1jch/HwkWBaaYyr0HPttzM0i1D+V2MtMmFK becky@dingleberry`
				`@@ -0,0 +1 @@`
				`ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKFOQaA7023StG5vSl0txUbAXmPdsIFeWHLDHXlT5yZp lcech@lcech-mac-veracode`