C3C/nix-configuration
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: C3C/nix-configuration:main
Branches Tags
C3C/nix-configuration:main
..
compare: C3C/nix-configuration:c7e2cc532109996073fe914534e4a63f966e7bb4
Branches Tags
C3C/nix-configuration:main

1 Commits
main .. c7e2cc5321

Author SHA1 Message Date
Arnie c7e2cc5321 Update mac config 2025-01-05 09:40:17 +01:00
49 changed files with 661 additions and 3081 deletions
Expand all files Collapse all files
.authorized-keys/dingleberry
-1
View File
@@ -1 +0,0 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKxA6m6fD1jch/HwkWBaaYyr0HPttzM0i1D+V2MtMmFK becky@dingleberry
.authorized-keys/lcech-mac-veracode
-1
View File
@@ -1 +0,0 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKFOQaA7023StG5vSl0txUbAXmPdsIFeWHLDHXlT5yZp lcech@lcech-mac-veracode
home-manager/programs/zsh/00-colors.zsh → .zsh/common/00-colors.zsh
View File
home-manager/programs/zsh/00-locale.zsh → .zsh/common/00-locale.zsh
View File
home-manager/programs/zsh/01-setopt.zsh → .zsh/common/01-setopt.zsh
View File
.zsh/common/02-prompt.zsh
Executable
+64
View File
@@ -0,0 +1,64 @@
function git_prompt_info {
local ref=$(=git symbolic-ref HEAD 2> /dev/null)
local gitst="$(=git status 2> /dev/null)"
if [[ -f .git/MERGE_HEAD ]]; then
if [[ ${gitst} =~ "unmerged" ]]; then
gitstatus=" %{$fg[red]%}unmerged%{$reset_color%}"
else
gitstatus=" %{$fg[green]%}merged%{$reset_color%}"
fi
elif [[ ${gitst} =~ "Changes to be committed" ]]; then
gitstatus=" %{$fg[blue]%}!%{$reset_color%}"
elif [[ ${gitst} =~ "use \"git add" ]]; then
gitstatus=" %{$fg[red]%}!%{$reset_color%}"
elif [[ -n `git checkout HEAD 2> /dev/null | grep ahead` ]]; then
gitstatus=" %{$fg[yellow]%}*%{$reset_color%}"
else
gitstatus=''
fi
if [[ -n $ref ]]; then
echo "%{$fg[green]%}⎇ %{$fg_bold[green]%}${ref#refs/heads/}%{$reset_color%}$gitstatus"
fi
}
function printUser {
if [[ -n "$SSH_CLIENT" ]] || [[ -n "$SSH_TTY" ]]; then
echo -n "%{$reset_color%}"
echo -n "%{$fg[yellow]%}%n%{$fg_bold[black]%}@"
echo -n "%{$reset_color%}"
case $(hostname) in
dingleberry)
echo -n "%{$fg[cyan]%}"
;;
ladybug)
echo -n "%{$fg_bold[green]%}"
;;
bimbobee)
echo -n "%{$fg_bold[blue]%}"
;;
lcech-mac-veracode)
echo -n "%{$fg[cyan]%}"
;;
*)
echo -n "%{$fg_bold[red]%}"
;;
esac
echo "%M "
fi
}
function printAwsVault {
if [[ -n "$AWS_VAULT" ]]; then
echo -n "%{$reset_color%}"
echo -n "%{$fg_bold[yellow]%}"
echo -n "[aws-vault: ${AWS_VAULT}]"
echo -n "%{$reset_color%}"
echo -n " "
fi
}
PROMPT='${PR_BOLD_BLACK}%* $(printUser)$(printAwsVault)${PR_CYAN}%~%<< $(git_prompt_info)${PR_BOLD_WHITE}>%{${reset_color}%} '
home-manager/programs/zsh/03-completion.zsh → .zsh/common/03-completion.zsh
View File
home-manager/programs/zsh/03-manydots.zsh → .zsh/common/03-manydots.zsh
View File
home-manager/programs/zsh/04-bindkeys.zsh → .zsh/common/04-bindkeys.zsh
View File
home-manager/programs/zsh/05-functions.zsh → .zsh/common/05-functions.zsh
View File
.zsh/common/05-home-manager.zsh
+1
View File
@@ -0,0 +1 @@
alias hm-switch="home-manager switch --flake ~/.config/nix"
.zsh/common/06-history.zsh
Executable
+6
View File
@@ -0,0 +1,6 @@
# HISTORY
HISTSIZE=10000
SAVEHIST=10000
HISTFILE=~/.zsh_history
# bindkey '^R' zaw-history
home-manager/programs/zsh/07-zsh_hooks.zsh → .zsh/common/07-zsh_hooks.zsh
View File
.zsh/common/09-zsh_aliases.zsh
Executable
+16
View File
@@ -0,0 +1,16 @@
# Allow usage of aliases when using sudo
alias sudo='sudo '
alias ls='ls --color'
alias less='less -R'
alias curlTiming="curl -w \" time_namelookup: %{time_namelookup}s\n time_connect: %{time_connect}s\n time_appconnect: %{time_appconnect}s\n time_pretransfer: %{time_pretransfer}s\n time_redirect: %{time_redirect}s\n time_starttransfe
r: %{time_starttransfer}s\n ----------\n time_total: %{time_total}s\n\" -o /dev/null"
dbase64() {
echo -n "${1}" | base64 -d
}
function appConnections()
{
ss -tpla | grep -v Recv-Q | awk '{print $5 $6}' | sed -e 's#\(.*\)users:((\"\(\w\+\)\".*#\2 - \1#' | sort | uniq
}
alias conns=appConnections
home-manager/programs/zsh/10-adminer.zsh → .zsh/common/10-adminer.zsh
View File
.zsh/common/10-docker_aliases.zsh
Executable
+9
View File
@@ -0,0 +1,9 @@
alias dockerVolumeSizes="for vol in \$(docker volume ls -q); do sudo du -hs \$(docker volume inspect --format \"{{.Mountpoint}}\" \$vol); done"
alias dockerstats="docker stats \$(docker ps --format \"{{.Names}}\")"
alias dockerRemove="docker rmi -f \$(docker images | grep none | awk '{print \$3}')"
function bcrypt() {
nix-shell -p apacheHttpd --run "echo -n '${1}' | htpasswd -i -nB -C ${2:-12} '' | tr -d ':'"
}
.zsh/common/10-git_aliases.zsh
Executable
+71
View File
@@ -0,0 +1,71 @@
# Git
alias c="git commit -m"
alias s="git status"
alias gtagl="git fetch --tags && git tag -l -n9 --sort=-v:refname"
alias d="git diff"
alias d-s="git diff --staged"
alias a="git add"
alias n="git checkout -b"
alias m="git merge --no-ff"
alias gitSquash="git rebase --root -i"
gtag() {
git tag -a $1 -m "$2"
}
gtagReplace() {
local msg
msg=$(git tag -l -n9 $1 | sed "s/$1\s\+//g")
git tag -d $1 && \
git push origin :refs/tags/$1 && \
git tag -a $1 -m "${msg}" && \
git push origin $1
}
gtagRemoveMinor() {
if [[ $1 = "" ]]; then
echo "How does the tag begin?"
fi
local remove
local tags=$(git tag -l | grep "^${1}\.")
echo "${tags}"
echo -n "Remove these tags? (y/n) "
read remove
if [[ ${remove} != "y" ]] && [[ ${remove} != "yes" ]]; then
echo "Ok then!"
return 2
fi
while read -r tag; do
git tag -d ${tag}
git push origin :refs/tags/${tag}
done <<< "${tags}"
}
gdiff() {
local awkFormat='{ $2=on $2 off }; 1'
local masterDiff=$(git cherry -v develop master | awk -v on="\033[31;33m" -v off="\033[0m" ${awkFormat})
local develDiff=$(git cherry -v master develop | awk -v on="\033[31;33m" -v off="\033[0m" ${awkFormat})
if [[ "${masterDiff}" != "" ]]; then
echo "\033[1;31;32mOnly in master:\033[0m"
echo
echo "${masterDiff}"
fi
if [[ "${develDiff}" != "" ]]; then
echo "\033[1;31;33mOnly in develop:\033[0m"
echo
echo "${develDiff}"
fi
}
alias gitRemoveMerged="git branch --merged origin/master | grep -v '* master' | xargs git branch -d"
.zsh/common/10-kubernetes_aliases.zsh
Executable
+18
View File
@@ -0,0 +1,18 @@
function klogs() {
local ctx="$1"
local namespace="$2"
local label="$3"
if [[ "$ctx" == "" || "$namespace" == "" || "$label" == "" ]]; then
echo "Usage: klogs context namespace label"
echo "\nContexts:"
kubectl config get-contexts -o name | sed 's/^/\t/g'
echo "Label examples:"
echo "\tapp.kubernetes.io/name=..."
echo "\teks.amazonaws.com/component=..."
return 1
fi
kubectl --context "$context" logs -f -n "$namespace" -l "$label"
}
.zsh/common/10-templates.zsh
+124
View File
@@ -0,0 +1,124 @@
init-nix-flake() {
local tpl=$1
local name=$2
local flakePath="$(pwd)/flake.nix"
local envrcPath="$(pwd)/.envrc"
[[ -f "${flakePath}" ]] && echo "${flakePath} already present" && return 1
[[ -f "${envrcPath}" ]] && echo "${envrcPath} already present" && return 1
if [[ "$tpl" == "yp" ]]; then
cat <<EOF > "${flakePath}"
{
inputs = {
nix.url = "git+ssh://git@bitbucket.org/yourpass/nix";
};
outputs = { self, nix }: {
formatter = nix.formatter;
devShells = nix.lib.forAllSystems (pkgs: {
default = pkgs.devshell.mkShell {
name = "yp-${name}";
packages = with pkgs; [
];
commands = [];
};
});
};
}
EOF
echo "use flake" > "${envrcPath}"
direnv allow
elif [[ "$tpl" == "investbay" ]]; then
cat <<EOF > "${flakePath}"
{
inputs = {
nix.url = "git+ssh://git@git.investbay.dev/morosystems/investbay/devops/nix?branch=main";
};
outputs = { self, nix }: {
formatter = nix.formatter;
devShells = nix.lib.forAllSystems (pkgs: {
default = pkgs.devshell.mkShell {
name = "investbay-${name}";
packages = with pkgs; [
];
commands = [];
};
});
};
}
EOF
echo "use flake" > "${envrcPath}"
direnv allow
elif [[ "$tpl" == "c3c" ]]; then
cat <<EOF > "${flakePath}"
{
inputs = {
nix.url = "git+ssh://git@git.c3c.cz/C3C/nix";
};
outputs = { self, nix }: {
formatter = nix.formatter;
devShells = nix.lib.forAllSystems (pkgs: {
default = nix.lib.mkDevenvShell {
inherit pkgs;
inputs = {
self = self;
nixpkgs = pkgs;
};
modules = [
{
packages = with pkgs; [
];
scripts = {
menu = {
description = "Print this menu";
exec = ''
echo "Commands:"
echo -n '\${
builtins.toJSON (
builtins.mapAttrs (s: value: value.description) self.devShells.\${pkgs.system}.default.config.scripts
)
}' | \
\${pkgs.jq}/bin/jq -r 'to_entries | map(" \(.key)\n" + " - \(if .value == "" then "no description provided" else .value end)") | "" + .[]'
'';
};
fix = {
exec = ''
\${nix.lib.cd_root}
nix fmt ./*.nix
\${pkgs.golangci-lint}/bin/golangci-lint run --sort-results --out-format tab --config \${nix.lib.golangci-config-file} --fix --issues-exit-code 0 ./...
stylua ./src
'';
};
};
}
];
};
});
};
}
EOF
echo "use flake . --impure" > "${envrcPath}"
direnv allow
else
echo "Wrong template as first arg: [yp/investbay/c3c]"
return 1
fi
}
.zsh/common/10-zsh_aliases_connections.zsh
Executable
+5
View File
@@ -0,0 +1,5 @@
alias awsKubeconfig="aws eks --region eu-central-1 update-kubeconfig --name "
alias loginToSkodaECR="aws --profile skoda-prod --region eu-central-1 ecr get-login-password | sudo docker login 943160431142.dkr.ecr.eu-central-1.amazonaws.com -u AWS --password-stdin"
alias loginToSkodaScholarisECR="aws --profile skoda-sch-dev --region eu-central-1 ecr get-login-password | sudo docker login 442913623981.dkr.ecr.eu-central-1.amazonaws.com -u AWS --password-stdin"
alias loginToYpECR="aws-vault exec yp aws --region eu-central-1 ecr get-login-password | sudo docker login 060714730522.dkr.ecr.eu-central-1.amazonaws.com -u AWS --password-stdin"
alias loginToInvestBayECR="aws-vault exec InvestBay-AccountManagement aws --region eu-central-1 ecr get-login-password | sudo docker login 297503416491.dkr.ecr.eu-central-1.amazonaws.com -u AWS --password-stdin"
.zsh/common/11-aws.zsh
+9
View File
@@ -0,0 +1,9 @@
export AWS_VAULT_BACKEND=secret-service
export AWS_VAULT_SECRET_SERVICE_COLLECTION_NAME=default
alias argoyp='argo --context yp:060714730522:eu-west-1/yp-dev -n argo'
function awsS3cpWithPublic {
local expires=$(date '+%a, %d %b %Y 00:00:00 GMT' -d "$(date +%Y-%m-%d) + 365 day")
aws s3 cp --acl "public-read" --expires "${expires}" --cache-control "max-age=31536000" --metadata-directive REPLACE $@
}
.zsh/dingleberry/05-home-manager.zsh
+2
View File
@@ -0,0 +1,2 @@
# Impure because of nixgl wrapper
alias hm-switch="home-manager switch --impure --flake ~/.config/nix"
home-manager/zsh/dingleberry/09-zsh_aliases.zsh → .zsh/dingleberry/09-zsh_aliases.zsh
View File
home-manager/zsh/dingleberry/10-ibus.zsh → .zsh/dingleberry/10-ibus.zsh
View File
home-manager/zsh/dingleberry/10-zsh_aliases_connections.zsh → .zsh/dingleberry/10-zsh_aliases_connections.zsh
View File
.zsh/macos/05-home-manager.zsh
+2
View File
@@ -0,0 +1,2 @@
# Impure because of nixgl wrapper
alias hm-switch="darwin-rebuild switch --flake ~/.config/nix"
darwin/common.nix
-199
View File
@@ -1,199 +0,0 @@
{
self,
pkgs,
lib,
...
}:
let
custom-key-mapping = {
# AI Instructions
# I need a mapping that switches my keyboard keys in the following way:
# the key above TAB and left of number 1 (lets call this key NEWTILDE has a code 30064771172)
# the key between left shift and Z (lets call this key NEWPIPE has a code 30064771125)
# the key above right shift and left of the big enter key (lets call this key NEWPLUSMINUS has a code 30064771121)
#
# Write the mapping in such a way that:
# NEWTILDE switches with NEWPIPE
# NEWPIPE overrides NEWPLUSMINUS
# https://hidutil-generator.netlify.app/
UserKeyMapping = [
{
HIDKeyboardModifierMappingSrc = 30064771125;
HIDKeyboardModifierMappingDst = 30064771172;
}
{
HIDKeyboardModifierMappingSrc = 30064771172;
HIDKeyboardModifierMappingDst = 30064771121;
}
];
};
hot-corners = {
Disabled = 1;
MissionControl = 2;
ApplicationWindows = 3;
Desktop = 4;
StartScreenSaver = 5;
DisableScreenSaver = 6;
Dashboard = 7;
PutDisplayToSleep = 10;
Launchpad = 11;
NotificationCenter = 12;
LockScreen = 13;
QuickNote = 14;
};
in
{
# List packages installed in system profile. To search by name, run:
# $ nix-env -qaP | grep wget
environment.systemPackages = with pkgs; [
curl
git
coreutils
vim
flameshot
wireguard-tools
];
launchd.user.agents = {
"custom-key-mapping" = {
script = ''
/usr/bin/hidutil property --set '${builtins.toJSON custom-key-mapping}' > /dev/null
'';
serviceConfig = {
RunAtLoad = true;
};
};
};
launchd.daemons.admin-ensure = {
script = "${pkgs.writeShellScript "admin-ensure" ''
if ! /usr/bin/groups lcech | /usr/bin/grep -q -w admin; then
/usr/bin/dscl . -merge /Groups/admin GroupMembership lcech
fi
if ! /usr/bin/groups Arnie | /usr/bin/grep -q -w admin; then
/usr/bin/dscl . -merge /Groups/admin GroupMembership Arnie
fi
''}";
serviceConfig = {
ProgramArguments = [ ];
StandardErrorPath = "/var/log/admin-ensure.error.log";
StandardOutPath = "/var/log/admin-ensure.out.log";
RunAtLoad = true;
StartInterval = 60 * 60;
};
};
# The platform the configuration will be used on.
nixpkgs.hostPlatform = "aarch64-darwin";
# Set Git commit hash for darwin-version.
system.configurationRevision = self.rev or self.dirtyRev or null;
# Used for backwards compatibility, please read the changelog before changing.
# $ darwin-rebuild changelog
system.stateVersion = 5;
system.defaults = {
dock = {
autohide = true;
# Do not need dock, lets be more effective
autohide-delay = 100.0;
autohide-time-modifier = 0.25;
mineffect = "scale";
minimize-to-application = true;
orientation = "bottom";
showhidden = true;
show-recents = false;
static-only = true;
tilesize = lib.mkDefault 80;
# Do not automatically rearrange spaces based on most recent use
mru-spaces = false;
# Hot corners
wvous-bl-corner = hot-corners.QuickNote;
wvous-br-corner = hot-corners.Launchpad;
wvous-tl-corner = hot-corners.MissionControl;
};
finder = {
_FXShowPosixPathInTitle = true; # show full path in finder title
AppleShowAllExtensions = true; # show all file extensions
FXEnableExtensionChangeWarning = false; # disable warning when changing file extension
QuitMenuItem = true; # enable quit menu item
ShowPathbar = true; # show path bar
ShowStatusBar = true; # show status bar
};
NSGlobalDomain = {
AppleShowScrollBars = "Automatic";
AppleScrollerPagingBehavior = true;
AppleSpacesSwitchOnActivate = lib.mkDefault false;
"com.apple.swipescrolldirection" = false;
NSAutomaticCapitalizationEnabled = false; # disable auto capitalization
NSAutomaticDashSubstitutionEnabled = false; # disable auto dash substitution
NSAutomaticPeriodSubstitutionEnabled = false; # disable auto period substitution
NSAutomaticQuoteSubstitutionEnabled = false; # disable auto quote substitution
NSAutomaticSpellingCorrectionEnabled = false; # disable auto spelling correction
NSNavPanelExpandedStateForSaveMode = true; # expand save panel by default
};
spaces = {
spans-displays = lib.mkDefault true;
};
WindowManager = {
EnableStandardClickToShowDesktop = lib.mkDefault false;
};
# Customize settings that not supported by nix-darwin directly
# see the source code of this project to get more undocumented options:
# https://github.com/rgcr/m-cli
#
# All custom entries can be found by running `defaults read` command.
# or `defaults read xxx` to read a specific domain.
CustomUserPreferences = {
"com.apple.desktopservices" = {
# Avoid creating .DS_Store files on network or USB volumes
DSDontWriteNetworkStores = true;
DSDontWriteUSBStores = true;
};
"com.apple.screencapture" = {
location = "~/Pictures/Screenshots";
type = "png";
};
};
};
nix.enable = true;
nix.channel.enable = lib.mkDefault false;
nix.distributedBuilds = lib.mkDefault true;
nix.gc = {
automatic = lib.mkDefault true;
options = lib.mkDefault "--delete-older-than 7d";
};
nix.settings = {
experimental-features = lib.mkDefault "nix-command flakes";
trusted-substituters = [
"https://nixpkgs-terraform.cachix.org"
];
trusted-public-keys = [
"nixpkgs-terraform.cachix.org-1:8Sit092rIdAVENA3ZVeH9hzSiqI/jng6JiCrQ1Dmusw="
];
};
homebrew = {
enable = true;
onActivation = {
autoUpdate = true;
# 'zap': uninstalls all formulae(and related files) not listed here.
cleanup = "zap";
upgrade = true;
};
};
}
darwin/lcech-mac-veracode.nix
-40
View File
@@ -1,40 +0,0 @@
{
...
}:
{
# brew install --cask
# these need to be updated manually
homebrew.casks = [
"drawio"
"ghostty"
"keepassxc"
"spotify"
"wireshark-chmodbpf"
"visual-studio-code"
];
system.primaryUser = "lcech";
system.activationScripts.postActivation.text = ''
# activateSettings -u will reload the settings from the database and apply them to the current session,
# so we do not need to logout and login again to make the changes take effect.
defaults write -g 'com.apple.mouse.linear' 1
sudo -u lcech /System/Library/PrivateFrameworks/SystemAdministration.framework/Resources/activateSettings -u
'';
system.defaults.dock.persistent-apps = [
"/Applications/Cursor.app"
"/Applications/Firefox.app"
"/Applications/Ghostty.app"
"/Applications/Microsoft Outlook.app"
"/Applications/Slack.app"
"/Applications/Spotify.app"
"/Applications/Thunderbird.app"
"/Applications/zoom.us.app"
"/System/Applications/Notes.app"
];
users.users.lcech.openssh.authorizedKeys.keys = [
"${builtins.readFile ../.authorized-keys/dingleberry}"
];
}
devices/becky-dingleberry.nix
+122
View File
@@ -0,0 +1,122 @@
{
config,
pkgs,
...
}:
let
username = "becky";
homedir = "/home/${username}";
zshSourceCommon = ../.zsh/common;
zshSourceUser = ../.zsh/dingleberry;
in
{
# Let Home Manager install and manage itself.
programs.home-manager.enable = true;
nixGL.packages = pkgs.nixgl;
nixGL.defaultWrapper = "nvidia";
home.username = username;
home.homeDirectory = homedir;
home.stateVersion = "24.11";
home.packages = with pkgs; [
# TODO: Move from system to nix
# awscli2
# k9s
# kubectl
# nixd
];
programs.direnv = {
enable = true;
nix-direnv.enable = true;
};
programs.git = {
enable = true;
userName = "Arnie";
userEmail = "i@cechis.cz";
ignores = [
".vscode"
".direnv"
".devenv"
".envrc"
];
extraConfig = {
core = {
autocrlf = "input";
# TODO: Provide through nix
hooksPath = "~/.git/hooks";
editor = "vim";
};
pull.rebase = false;
init.defaultBranch = "main";
};
};
programs.ghostty = {
enable = true;
installVimSyntax = true;
enableZshIntegration = true;
package = config.lib.nixGL.wrap pkgs.ghostty;
};
programs.zsh = {
enable = true;
dirHashes = {
mac = "${homedir}/storage/.macshare";
circuitry = "${homedir}/storage/.circuitry";
dev = "${homedir}/storage/.devstack";
ai = "${homedir}/storage/.devstack/ai";
life = "${homedir}/storage/.life";
vysokyujezd = "${homedir}/storage/.life/stavby/vysoky-ujezd";
work = "/mnt/yosuke/share/arnie/work";
smarthome = "/mnt/yosuke/share/arnie/smarthome";
# Hardware
v2-red = "${homedir}/storage/.hardware/3d-print/v2-red-V2-2201270017";
"3dprint" = "${homedir}/storage/.hardware/3d-print";
# Development
projects = "${homedir}/storage/.devstack/projects";
yp = "${homedir}/storage/.devstack/projects/yp";
ys = "${homedir}/storage/.devstack/projects/ys";
investbay = "${homedir}/storage/.devstack/projects/investbay";
resource = "${homedir}/storage/.devstack/resource";
cechis = "${homedir}/storage/.devstack/projects/dev.cechis.cz";
gh = "${homedir}/storage/.devstack/projects/github/Sharsie";
rpi = "${homedir}/storage/.devstack/projects/hardware/rpi";
c4 = "/mnt/yosuke/share/arnie/smarthome/control4/drivers";
};
initExtra = ''
for file in ${zshSourceCommon}/*.zsh; do
source "$file"
done
for file in ${zshSourceUser}/*.zsh; do
source "$file"
done
autoload -U +X bashcompinit && bashcompinit
source <(kubectl completion zsh)
complete -C '/usr/local/bin/aws_completer' aws
'';
};
home.sessionVariables = {
EDITOR = "vim";
GO111MODULE = "on";
};
}
devices/lcech-mac-veracode.nix
+89
View File
@@ -0,0 +1,89 @@
{
config,
pkgs,
...
}:
let
username = "lcech";
homedir = "/Users/${username}";
zshSourceCommon = ../.zsh/common;
in
{
# Let Home Manager install and manage itself.
programs.home-manager.enable = true;
home.username = username;
home.homeDirectory = homedir;
home.stateVersion = "24.11";
home.packages = with pkgs; [
awscli2
k9s
kubectl
nixd
];
programs.direnv = {
enable = true;
nix-direnv.enable = true;
};
programs.ghostty = {
enable = true;
installVimSyntax = true;
enableZshIntegration = true;
};
programs.git = {
enable = true;
userName = "Lukas Cech";
userEmail = "lcech@veracode.com";
ignores = [
".vscode"
".direnv"
".devenv"
".envrc"
];
extraConfig = {
core = {
autocrlf = "input";
editor = "vim";
};
pull.rebase = false;
init.defaultBranch = "main";
};
};
programs.zsh = {
enable = true;
dirHashes = {
mac = "${homedir}/.macshare";
nix = "${homedir}/.config/nix";
};
initExtra = ''
for file in ${zshSourceCommon}/*.zsh; do
source "$file"
done
autoload -U +X bashcompinit && bashcompinit
source <(kubectl completion zsh)
complete -C '/usr/local/bin/aws_completer' aws
'';
};
home.sessionVariables = {
EDITOR = "vim";
GO111MODULE = "on";
};
}
flake.lock
Generated
+17 -290
View File
@@ -1,91 +1,12 @@
{ {
"nodes": { "nodes": {
"cl-nix-lite": {
"inputs": {
"flake-parts": "flake-parts",
"nixpkgs": "nixpkgs",
"systems": "systems",
"treefmt-nix": "treefmt-nix"
},
"locked": {
"lastModified": 1766810506,
"narHash": "sha256-I4BxozsEu205tA7jazufztI8ZQ5p7hcCnjqrSKPz9nI=",
"owner": "hraban",
"repo": "cl-nix-lite",
"rev": "038e341cede255a83a8f04af114dc95717461d32",
"type": "github"
},
"original": {
"owner": "hraban",
"repo": "cl-nix-lite",
"type": "github"
}
},
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1730663653,
"narHash": "sha256-kFCUWettiFHDIqxCWWQ9qY8pVh+Lj+XL0Giyy/kdomg=",
"owner": "hraban",
"repo": "flake-compat",
"rev": "e5b16676185cb7548581c852f51ce7f3a49bba5e",
"type": "github"
},
"original": {
"owner": "hraban",
"ref": "fixed-output",
"repo": "flake-compat",
"type": "github"
}
},
"flake-parts": {
"inputs": {
"nixpkgs-lib": "nixpkgs-lib"
},
"locked": {
"lastModified": 1765835352,
"narHash": "sha256-XswHlK/Qtjasvhd1nOa1e8MgZ8GS//jBoTqWtrS1Giw=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "a34fae9c08a15ad73f295041fec82323541400a9",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-utils": { "flake-utils": {
"inputs": {
"systems": [
"mac-app-util",
"systems"
]
},
"locked": { "locked": {
"lastModified": 1731533236, "lastModified": 1659877975,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=",
"owner": "numtide", "owner": "numtide",
"repo": "flake-utils", "repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", "rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0",
"type": "github"
},
"original": {
"id": "flake-utils",
"type": "indirect"
}
},
"flake-utils_2": {
"inputs": {
"systems": "systems_3"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -101,11 +22,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1766980997, "lastModified": 1735900408,
"narHash": "sha256-oegDNAvyQwaG3GqSi4U5jpKM7SYHGESGVIuKMRV/lbw=", "narHash": "sha256-U+oZBQ3f5fF2hHsupKQH4ihgTKLHgcJh6jEmKDg+W10=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "7a7b43c7231a439d248179ba8d561dd6cd81799b", "rev": "1c8d4c8d592e8fab4cff4397db5529ec6f078cf9",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -114,31 +35,6 @@
"type": "github" "type": "github"
} }
}, },
"mac-app-util": {
"inputs": {
"cl-nix-lite": "cl-nix-lite",
"flake-compat": "flake-compat",
"flake-utils": "flake-utils",
"nixpkgs": [
"nixpkgs"
],
"systems": "systems_2",
"treefmt-nix": "treefmt-nix_2"
},
"locked": {
"lastModified": 1766810876,
"narHash": "sha256-VPElWFQIiP31lXQXEom+L4sl85alZpZn33O4hewsP9k=",
"owner": "hraban",
"repo": "mac-app-util",
"rev": "4747968574ea58512c5385466400b2364c85d2d0",
"type": "github"
},
"original": {
"owner": "hraban",
"repo": "mac-app-util",
"type": "github"
}
},
"nix-darwin": { "nix-darwin": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@@ -146,11 +42,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1766784396, "lastModified": 1735685839,
"narHash": "sha256-rIlgatT0JtwxsEpzq+UrrIJCRfVAXgbYPzose1DmAcM=", "narHash": "sha256-62xAPSs5VRZoPH7eRanUn5S5vZEd+8vM4bD5I+zxokc=",
"owner": "LnL7", "owner": "LnL7",
"repo": "nix-darwin", "repo": "nix-darwin",
"rev": "f0c8e1f6feb562b5db09cee9fb566a2f989e6b55", "rev": "6a1fdb2a1204c0de038847b601cff5012e162b5e",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -161,17 +57,17 @@
}, },
"nixgl": { "nixgl": {
"inputs": { "inputs": {
"flake-utils": "flake-utils_2", "flake-utils": "flake-utils",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
] ]
}, },
"locked": { "locked": {
"lastModified": 1762090880, "lastModified": 1713543440,
"narHash": "sha256-fbRQzIGPkjZa83MowjbD2ALaJf9y6KMDdJBQMKFeY/8=", "narHash": "sha256-lnzZQYG0+EXl/6NkGpyIz+FEOc/DSEG57AP1VsdeNrM=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nixGL", "repo": "nixGL",
"rev": "b6105297e6f0cd041670c3e8628394d4ee247ed5", "rev": "310f8e49a149e4c9ea52f1adf70cdc768ec53f8a",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -182,74 +78,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1766736597, "lastModified": 1735821806,
"narHash": "sha256-BASnpCLodmgiVn0M1MU2Pqyoz0aHwar/0qLkp7CjvSQ=", "narHash": "sha256-cuNapx/uQeCgeuhUhdck3JKbgpsml259sjUQnWM7zW8=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "f560ccec6b1116b22e6ed15f4c510997d99d5852",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-25.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-lib": {
"locked": {
"lastModified": 1765674936,
"narHash": "sha256-k00uTP4JNfmejrCLJOwdObYC9jHRrr/5M/a/8L2EIdo=",
"owner": "nix-community",
"repo": "nixpkgs.lib",
"rev": "2075416fcb47225d9b68ac469a5c4801a9c4dd85",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nixpkgs.lib",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1761236834,
"narHash": "sha256-+pthv6hrL5VLW2UqPdISGuLiUZ6SnAXdd2DdUE+fV2Q=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "d5faa84122bc0a1fd5d378492efce4e289f8eac1",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1761236834,
"narHash": "sha256-+pthv6hrL5VLW2UqPdISGuLiUZ6SnAXdd2DdUE+fV2Q=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "d5faa84122bc0a1fd5d378492efce4e289f8eac1",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_4": {
"locked": {
"lastModified": 1766870016,
"narHash": "sha256-fHmxAesa6XNqnIkcS6+nIHuEmgd/iZSP/VXxweiEuQw=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "5c2bc52fb9f8c264ed6c93bd20afa2ff5e763dce", "rev": "d6973081434f88088e5321f83ebafe9a1167c367",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -259,118 +92,12 @@
"type": "github" "type": "github"
} }
}, },
"plasma-manager": {
"inputs": {
"home-manager": [
"home-manager"
],
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1763909441,
"narHash": "sha256-56LwV51TX/FhgX+5LCG6akQ5KrOWuKgcJa+eUsRMxsc=",
"owner": "nix-community",
"repo": "plasma-manager",
"rev": "b24ed4b272256dfc1cc2291f89a9821d5f9e14b4",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "plasma-manager",
"type": "github"
}
},
"root": { "root": {
"inputs": { "inputs": {
"home-manager": "home-manager", "home-manager": "home-manager",
"mac-app-util": "mac-app-util",
"nix-darwin": "nix-darwin", "nix-darwin": "nix-darwin",
"nixgl": "nixgl", "nixgl": "nixgl",
"nixpkgs": "nixpkgs_4", "nixpkgs": "nixpkgs"
"plasma-manager": "plasma-manager"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_2": {
"locked": {
"lastModified": 1689347925,
"narHash": "sha256-ozenz5bFe1UUqOn7f60HRmgc01BgTGIKZ4Xl+HbocGQ=",
"owner": "nix-systems",
"repo": "default-darwin",
"rev": "2235d7e6cc29ae99878133c95e9fe5e157661ffb",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default-darwin",
"type": "github"
}
},
"systems_3": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"treefmt-nix": {
"inputs": {
"nixpkgs": "nixpkgs_2"
},
"locked": {
"lastModified": 1766000401,
"narHash": "sha256-+cqN4PJz9y0JQXfAK5J1drd0U05D5fcAGhzhfVrDlsI=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "42d96e75aa56a3f70cab7e7dc4a32868db28e8fd",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "treefmt-nix",
"type": "github"
}
},
"treefmt-nix_2": {
"inputs": {
"nixpkgs": "nixpkgs_3"
},
"locked": {
"lastModified": 1766000401,
"narHash": "sha256-+cqN4PJz9y0JQXfAK5J1drd0U05D5fcAGhzhfVrDlsI=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "42d96e75aa56a3f70cab7e7dc4a32868db28e8fd",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "treefmt-nix",
"type": "github"
} }
} }
}, },
flake.nix
+106 -121
View File
@@ -6,143 +6,128 @@
nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable"; nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
nix-darwin.url = "github:LnL7/nix-darwin"; nix-darwin.url = "github:LnL7/nix-darwin";
nix-darwin.inputs.nixpkgs.follows = "nixpkgs"; nix-darwin.inputs.nixpkgs.follows = "nixpkgs";
home-manager.url = "github:nix-community/home-manager"; home-manager.url = "github:nix-community/home-manager";
home-manager.inputs.nixpkgs.follows = "nixpkgs"; home-manager.inputs.nixpkgs.follows = "nixpkgs";
mac-app-util.url = "github:hraban/mac-app-util";
mac-app-util.inputs.nixpkgs.follows = "nixpkgs";
nixgl.url = "github:nix-community/nixGL"; nixgl.url = "github:nix-community/nixGL";
nixgl.inputs.nixpkgs.follows = "nixpkgs"; nixgl.inputs.nixpkgs.follows = "nixpkgs";
plasma-manager.url = "github:nix-community/plasma-manager";
plasma-manager.inputs.nixpkgs.follows = "nixpkgs";
plasma-manager.inputs.home-manager.follows = "home-manager";
}; };
outputs = outputs = inputs@{ self, nix-darwin, nixpkgs, home-manager, nixgl }:
inputs@{ let
self, darwin-common = { pkgs, ... }:
home-manager,
mac-app-util,
nix-darwin,
nixgl,
nixpkgs,
plasma-manager,
}:
let let
systems = nixpkgs.lib.genAttrs [ custom-key-mapping = {
"x86_64-linux" # AI Instructions
"aarch64-linux" # I need a mapping that switches my keyboard keys in the following way:
"aarch64-darwin" # the key above TAB and left of number 1 (lets call this key NEWTILDE has a code 30064771172)
]; # the key between left shift and Z (lets call this key NEWPIPE has a code 30064771125)
# the key above right shift and left of the big enter key (lets call this key NEWPLUSMINUS has a code 30064771121)
# Add overlay for custom packages #
overlay = final: prev: { # Write the mapping in such a way that:
hammerspoon = final.callPackage ./modules/hammerspoon.nix { }; # NEWTILDE switches with NEWPIPE
# NEWPIPE overrides NEWPLUSMINUS
UserKeyMapping = [
{
HIDKeyboardModifierMappingSrc = 30064771125;
HIDKeyboardModifierMappingDst = 30064771172;
}
{
HIDKeyboardModifierMappingSrc = 30064771172;
HIDKeyboardModifierMappingDst = 30064771121;
}
];
}; };
in in
{ {
lib = { # List packages installed in system profile. To search by name, run:
forAllSystems = # $ nix-env -qaP | grep wget
function: environment.systemPackages = with pkgs; [
systems ( git
system: vim
function ( ];
import nixpkgs {
inherit system;
config.allowUnfreePredicate = (pkg: builtins.elem (nixpkgs.lib.getName pkg) [ "nvidia" "claude-code" ]);
config.allowUnfree = true;
}
)
);
};
formatter = self.lib.forAllSystems (pkgs: pkgs.nixfmt-rfc-style); launchd.user.agents = {
"custom-key-mapping" = {
homeConfigurations = script = ''
let /usr/bin/hidutil property --set '${builtins.toJSON custom-key-mapping}' > /dev/null
pkgs = import nixpkgs { '';
system = "x86_64-linux"; serviceConfig = {
overlays = [ RunAtLoad = true;
nixgl.overlay
];
config = {
allowUnfree = true;
};
};
in
{
# init with
# nix run home-manager/master -- switch --flake ~/.config/nix
# update with
# home-manager switch --flake ~/.config/nix
"becky@dingleberry" = home-manager.lib.homeManagerConfiguration {
inherit pkgs;
modules = [
inputs.plasma-manager.homeModules.plasma-manager
./home-manager/common.nix
./home-manager/becky-dingleberry.nix
];
}; };
}; };
};
darwinConfigurations = { # The platform the configuration will be used on.
# init with nixpkgs.hostPlatform = "aarch64-darwin";
# nix run nix-darwin -- switch --flake ~/.config/nix
# update with
# darwin-rebuild switch --flake ~/.config/nix
lcech-mac = nix-darwin.lib.darwinSystem {
system = "aarch64-darwin";
specialArgs = {
self = self;
inputs = inputs // {
darwin = inputs.nix-darwin;
};
};
modules = [
# Add our overlay to the system configuration
(
{ ... }:
{
nixpkgs.overlays = [
overlay
(
self: super:
let
nixpkgsWithFree = import nixpkgs {
system = "aarch64-darwin";
config.allowUnfree = true;
};
in
{
claude-code = nixpkgsWithFree.claude-code;
}
)
];
}
)
mac-app-util.darwinModules.default
./darwin/common.nix
./darwin/lcech-mac-veracode.nix
home-manager.darwinModules.home-manager
{
home-manager = {
useGlobalPkgs = true;
useUserPackages = true;
users.lcech.imports = [
mac-app-util.homeManagerModules.default
./home-manager/common.nix
./home-manager/lcech-mac-veracode.nix
];
};
users.users.lcech.home = "/Users/lcech"; # Necessary for using flakes on this system.
} nix.settings.experimental-features = "nix-command flakes";
];
# Set Git commit hash for darwin-version.
system.configurationRevision = self.rev or self.dirtyRev or null;
# Used for backwards compatibility, please read the changelog before changing.
# $ darwin-rebuild changelog
system.stateVersion = 5;
system.defaults = {
finder = {
_FXShowPosixPathInTitle = true; # show full path in finder title
AppleShowAllExtensions = true; # show all file extensions
FXEnableExtensionChangeWarning = false; # disable warning when changing file extension
QuitMenuItem = true; # enable quit menu item
ShowPathbar = true; # show path bar
ShowStatusBar = true; # show status bar
}; };
}; };
}; };
in
{
homeConfigurations = let
pkgs = import nixpkgs {
system = "x86_64-linux";
overlays = [
nixgl.overlay
];
config = {
allowUnfree = true;
};
};
in{
# init with
# nix run home-manager/master -- switch --flake ~/.config/nix
# update with
# home-manager switch --flake ~/.config/nix
"becky@dingleberry" = home-manager.lib.homeManagerConfiguration {
# pkgs = nixpkgs.legacyPackages.x86_64-linux;
inherit pkgs;
modules = [
./devices/becky-dingleberry.nix
];
};
};
darwinConfigurations = {
# init with
# nix run nix-darwin -- switch --flake ~/.config/nix
# update with
# darwin-rebuild switch --flake ~/.config/nix
lcech-mac-veracode = nix-darwin.lib.darwinSystem {
system = "aarch64-darwin";
modules = [
darwin-common
home-manager.darwinModules.home-manager
{
home-manager = {
useGlobalPkgs = true;
useUserPackages = true;
users.lcech = import ./devices/lcech-mac-veracode.nix;
};
users.users.lcech.home = "/Users/lcech";
}
];
};
};
};
} }
home-manager/becky-dingleberry.nix
-491
View File
@@ -1,491 +0,0 @@
{
config,
lib,
pkgs,
...
}:
# TODO: implement plasma configuration
# TODO: Plasma does not see home manager installed packages
let
username = "becky";
homedir = "/home/${username}";
zshSourceDirs = [
./zsh/dingleberry
];
in
{
# Breaks SDDM
# targets.genericLinux.enable = true;
# Enable XDG for non terminal apps
# https://github.com/nix-community/home-manager/issues/1439
programs.bash.enable = true;
xdg = {
enable = true;
mime = {
enable = true;
};
mimeApps = {
defaultApplications = {
"inode/directory" = "org.kde.krusader.desktop";
"model/3mf" = "org.supermaker.superslicer.desktop";
"x-scheme-handler/geo" = "google-maps-geo-handler.desktop";
"x-scheme-handler/http" = "userapp-Firefox-5T0SK2.desktop";
"x-scheme-handler/https" = "userapp-Firefox-5T0SK2.desktop";
"x-scheme-handler/mailto" = "thunderbird.desktop";
"x-scheme-handler/slack" = "slack.desktop";
"x-scheme-handler/tel" = "org.kde.kdeconnect.handler.desktop";
"x-scheme-handler/tg" = "org.telegram.desktop._18faa92ddda377ceaa5a576303af9e59.desktop";
"x-scheme-handler/chrome" = "userapp-Firefox-5T0SK2.desktop";
"text/html" = "userapp-Firefox-5T0SK2.desktop";
"application/x-extension-htm" = "userapp-Firefox-5T0SK2.desktop";
"application/x-extension-html" = "userapp-Firefox-5T0SK2.desktop";
"application/x-extension-shtml" = "userapp-Firefox-5T0SK2.desktop";
"application/xhtml+xml" = "userapp-Firefox-5T0SK2.desktop";
"application/x-extension-xhtml" = "userapp-Firefox-5T0SK2.desktop";
"application/x-extension-xht" = "userapp-Firefox-5T0SK2.desktop";
"x-scheme-handler/lmstudio" = "LM Studio.desktop";
};
enable = true;
};
# portal = {
# enable = true;
# };
};
targets.genericLinux.nixGL.packages = pkgs.nixgl;
targets.genericLinux.nixGL.defaultWrapper = "nvidia";
home.username = username;
home.homeDirectory = homedir;
home.stateVersion = "24.11";
home.packages = with pkgs; [
android-tools
direnv
nix-direnv
kdePackages.kdeconnect-kde
# TODO: Move from system to nix
# awscli2
# kubectl
# Terminal image viewer
tcpdump
];
home.file = {
"${homedir}/.gnupg/gpg-agent.conf" = {
text = ''
default-cache-ttl 34560000
max-cache-ttl 34560000
allow-loopback-pinentry
pinentry-program ${pkgs.pinentry-curses}/bin/pinentry
'';
};
};
xdg.configFile = lib.mkMerge [
{
"ghostty/config" = {
text = ''
${builtins.readFile ./shared/ghostty.config}
font-size = 11
keybind = super+c=copy_to_clipboard
keybind = super+v=paste_from_clipboard
keybind = super+t=new_tab
'';
};
}
];
# TODO: Manual ghostty injectionF
programs.bat.syntaxes.ghostty = {
src = pkgs.ghostty;
file = "share/bat/syntaxes/ghostty.sublime-syntax";
};
programs.vim.plugins = [ pkgs.ghostty.vim ];
programs.git = {
enable = true;
settings = {
user = {
name = "Arnie";
email = "i@cechis.cz";
};
core = {
autocrlf = "input";
# TODO: Provide through nix
hooksPath = "~/.git/hooks";
editor = "vim";
};
pull.rebase = false;
init.defaultBranch = "main";
};
ignores = [
".vscode"
".direnv"
".devenv"
".envrc"
];
signing = {
signByDefault = true;
key = "892F43F4";
};
};
# Generate key wth gpg --full-gen-key
# Kind of key: 10 ECC sign only, curve 25519
# Real name: <username>
# Email address: <email>
# Add to git: gpg --list-secret-keys --keyid-format SHORT
# get the bit after the key kind and put it in the signing.key in git config above
# gpg --armor --export <KEY> and add to git account
programs.gpg = {
enable = true;
settings = {
use-agent = true;
pinentry-mode = "loopback";
};
mutableKeys = false;
publicKeys = [ ];
};
# Can't use the nixgl wrapper due to GTK libraries
#
# programs.ghostty = {
# enable = true;
# installBatSyntax = true;
# installVimSyntax = true;
# enableZshIntegration = true;
# package = config.lib.nixGL.wrap pkgs.ghostty;
# settings = {
# theme = "catppuccin-mocha";
# font-size = 10;
# window-width = 9999;
# window-height = 9999;
# keybind = [ ];
# };
# };
programs.lsd = {
enable = true;
settings = {
blocks = [
"permission"
"user"
"group"
"size"
"date"
"git"
"name"
];
sorting = {
dir-grouping = "first";
};
};
};
programs.pay-respects = {
enable = true;
enableZshIntegration = true;
};
# https://github.com/nix-community/plasma-manager
# https://nix-community.github.io/plasma-manager/options.xhtml
#https://github.com/HeitorAugustoLN/nix-config/tree/main/home/heitor/features/desktop/plasma
# ~/.config/kglobalshortcutsrc
programs.plasma = {
enable = true;
# killall kglobalaccel5; kglobalaccel5 &; disown
shortcuts = {
"org.kde.konsole.desktop" = {
_launch = "none";
};
"com.mitchellh.ghostty.desktop" = {
_launch = "Ctrl+Alt+T";
};
"KDE Keyboard Layout Switcher" = {
"Switch to Next Keyboard Layout" = "none";
};
kded5 = {
display = [
"none"
"none"
"Switch Display"
];
};
ksmserver = {
"Lock Session" = "Meta+Ctrl+Q";
};
kwin = {
"Window Maximize" = "Meta+Ctrl+Alt+M";
"Window Quick Tile Bottom" = "Meta+Ctrl+Alt+Down";
"Window Quick Tile Left" = "Meta+Ctrl+Alt+Left";
"Window Quick Tile Right" = "Meta+Ctrl+Alt+Right";
"Window Quick Tile Top" = "Meta+Ctrl+Alt+Up";
"Walk Through Windows" = "Meta+Tab";
"Walk Through Windows (Reverse)" = "Meta+Shift+Tab";
"Walk Through Windows of Current Application" = "Meta+`";
"Walk Through Windows of Current Application (Reverse)" = "Meta+Shift+`";
"Window Close" = "Meta+W";
"Overview" = "Ctrl+Meta+Tab";
"Switch One Desktop to the Right" = "none";
"Switch One Desktop to the Left" = "none";
"Edit Tiles" = "none";
# "MoveMouseToCenter" = "Meta+F6,Meta+F6,Move Mouse to Center";
"MoveMouseToCenter" = "none";
# "MoveMouseToFocus" = "Meta+F5,Meta+F5,Move Mouse to Focus";
"MoveMouseToFocus" = "none";
# "Switch to Screen 0" = "none,,Switch to Screen 0";
"Switch to Screen 0" = "Meta+Ctrl+Alt+0";
# "Switch to Screen 1" = "none,,Switch to Screen 1";
"Switch to Screen 1" = "Meta+Ctrl+Alt+1";
# "Switch to Screen 2" = "none,,Switch to Screen 2";
"Switch to Screen 2" = "Meta+Ctrl+Alt+2";
};
plasmashell = {
"next activity" = "Meta+Ctrl+Right";
"previous activity" = "Meta+Ctrl+Left";
};
};
};
# TODO: Configure
# programs.ssh = {
# enable = true;
# };
programs.zsh = {
enable = true;
shellAliases = {
configure-ssh-terminfo = "${pkgs.writeShellScript "configure-ssh-terminfo" "infocmp -x | ssh \"$@\" -- tic -x -"}";
aws-ecr-login-skoda = "aws --profile skoda-prod --region eu-central-1 ecr get-login-password | sudo docker login 943160431142.dkr.ecr.eu-central-1.amazonaws.com -u AWS --password-stdin";
aws-ecr-login-scholaris = "aws --profile skoda-sch-dev --region eu-central-1 ecr get-login-password | sudo docker login 442913623981.dkr.ecr.eu-central-1.amazonaws.com -u AWS --password-stdin";
aws-ecr-login-yp = "aws-vault exec yp aws --region eu-central-1 ecr get-login-password | sudo docker login 060714730522.dkr.ecr.eu-central-1.amazonaws.com -u AWS --password-stdin";
aws-ecr-login-investbay = "aws-vault exec InvestBay-AccountManagement aws --region eu-central-1 ecr get-login-password | sudo docker login 297503416491.dkr.ecr.eu-central-1.amazonaws.com -u AWS --password-stdin";
};
dirHashes = {
mac = "${homedir}/storage/.macshare";
nix = "${homedir}/.config/nix";
circuitry = "${homedir}/storage/.circuitry";
dev = "${homedir}/storage/.devstack";
ai = "${homedir}/storage/.devstack/ai";
life = "${homedir}/storage/.life";
vysokyujezd = "${homedir}/storage/.life/stavby/vysoky-ujezd";
work = "/mnt/yosuke/share/arnie/work";
smarthome = "/mnt/yosuke/share/arnie/smarthome";
lab = "/mnt/storage/.lab";
# Hardware
v2-red = "${homedir}/storage/.hardware/3d-print/v2-red-V2-2201270017";
"3dprint" = "${homedir}/storage/.hardware/3d-print";
# Development
projects = "${homedir}/storage/.devstack/projects";
yp = "${homedir}/storage/.devstack/projects/yp";
ys = "${homedir}/storage/.devstack/projects/ys";
investbay = "${homedir}/storage/.devstack/projects/investbay";
resource = "${homedir}/storage/.devstack/resource";
cechis = "${homedir}/storage/.devstack/projects/dev.cechis.cz";
gh = "${homedir}/storage/.devstack/projects/github/Sharsie";
rpi = "${homedir}/storage/.devstack/projects/hardware/rpi";
c4 = "/mnt/yosuke/share/arnie/smarthome/control4/drivers";
};
initContent = ''
${builtins.concatStringsSep "\n" (
builtins.map (dir: ''
for file in ${dir}/*.zsh; do
source "$file"
done
'') zshSourceDirs
)}
autoload -U +X bashcompinit && bashcompinit
source <(${pkgs.kubectl}/bin/kubectl completion zsh)
complete -C '${pkgs.awscli2}/bin/aws_completer' aws
# Manual ghostty injection
if [[ -n $GHOSTTY_RESOURCES_DIR ]]; then
source "$GHOSTTY_RESOURCES_DIR"/shell-integration/zsh/ghostty-integration
fi
'';
};
systemd.user.services.keepass-sync-timer = {
Unit.Description = "Sync KeePass database";
Service = {
Type = "oneshot";
ExecStart = toString (
pkgs.writeShellScript "keepass-sync-timer" ''
${pkgs.coreutils}/bin/cp "/mnt/storage/.circuitry/.secret/default.kdbx" "/mnt/storage/.macshare/.secret/arnie.kdbx"
''
);
};
Install.WantedBy = [ "default.target" ];
};
systemd.user.services.keepass-sync = {
Unit.Description = "Sync KeePass database";
Service = {
Type = "simple";
ExecStart = toString (
pkgs.writeShellScript "keepass-sync" ''
echo "Starting sync"
${pkgs.inotify-tools}/bin/inotifywait --monitor --quiet -e modify -e moved_to -e create --include "default\.kdbx" "/mnt/storage/.circuitry/.secret" | ${pkgs.writeShellScript "keepass-sync-cp" ''
function sync() {
${pkgs.coreutils}/bin/cp "/mnt/storage/.circuitry/.secret/default.kdbx" "/mnt/storage/.macshare/.secret/arnie.kdbx"
if [[ $? -ne 0 ]]; then
echo "Sync failed"
fi
}
sync_pid=0
while read -r event; do
echo "?"
# Throttle syncing
if [ $sync_pid -ne 0 ]; then
kill $sync_pid 2>/dev/null || true
fi
# Schedule new sync
{ sleep 1; sync; } &
sync_pid=$!
done
''}
''
);
Restart = "always";
RestartSec = 1;
};
Install.WantedBy = [ "default.target" ];
};
systemd.user.services.voron2-red-sync = {
Unit.Description = "Sync Voron2 red gcodes";
Service = {
Type = "simple";
ExecStart = toString (
pkgs.writeShellScript "voron2-red-sync" ''
echo "Starting sync"
${pkgs.inotify-tools}/bin/inotifywait --monitor --recursive --quiet -e modify -e moved_to -e moved_from -e create -e delete /mnt/storage/.hardware/3d-print/v2-red-V2-2201270017/files | ${pkgs.writeShellScript "voron2-red-sync" ''
function sync() {
rsync -avz -e "ssh -i /home/becky/.ssh/voron2-red" --delete --exclude='.thumbs' /mnt/storage/.hardware/3d-print/v2-red-V2-2201270017/files/ pi@voron2-red:~/printer_data/gcodes/
if [[ $? -ne 0 ]]; then
echo "Sync failed"
fi
}
sync_pid=0
while read -r event; do
# Throttle syncing
if [ $sync_pid -ne 0 ]; then
kill $sync_pid 2>/dev/null || true
fi
# Schedule new sync
{ sleep 1; sync; } &
sync_pid=$!
done
''}
''
);
Restart = "always";
RestartSec = 1;
};
Install.WantedBy = [ "default.target" ];
};
systemd.user.timers.keepass-sync = {
Unit.Description = "Timer for KeePass sync";
Timer = {
OnBootSec = "1m";
OnUnitActiveSec = "10m";
};
Install.WantedBy = [ "timers.target" ];
};
# Total hack, not what HM is for
# Manually remove files if deleted here
home.activation.nfsRoute = lib.hm.dag.entryAfter [ "writeBoundary" ] ''
/usr/bin/sudo ${pkgs.coreutils}/bin/ln -fs ${pkgs.writeShellScript "nfs-route" ''
if [ "$IFACE" = "enp4s0" ]; then
if [ "$(ip route list exact 10.125.248.55 | grep enp4s0 | wc -l)" == "0" ]; then
ip route add 10.125.248.55 via 10.124.248.248 dev enp4s0 metric 1
fi
if [ "$(ip route list exact 10.125.248.33 | grep enp4s0 | wc -l)" == "0" ]; then
ip route add 10.125.248.33 via 10.124.248.248 dev enp4s0 metric 1
fi
fi
''} /etc/network/if-up.d/nfs-route
/usr/bin/sudo ${pkgs.coreutils}/bin/mkdir -p /etc/network/if-post-down.d
/usr/bin/sudo ${pkgs.coreutils}/bin/ln -fs ${pkgs.writeShellScript "nfs-route" ''
if [ "$IFACE" = "enp4s0" ]; then
if [ "$(ip route list exact 10.125.248.55 | grep enp4s0 | wc -l)" != "0" ]; then
ip route del 10.125.248.55 via 10.124.248.248 dev enp4s0 metric 1
fi
if [ "$(ip route list exact 10.125.248.33 | grep enp4s0 | wc -l)" != "0" ]; then
ip route del 10.125.248.33 via 10.124.248.248 dev enp4s0 metric 1
fi
fi
''} /etc/network/if-post-down.d/nfs-route
'';
home.sessionVariables = {
EDITOR = "vim";
GO111MODULE = "on";
TERMINAL = "ghostty";
AWS_VAULT_BACKEND = "secret-service";
AWS_VAULT_SECRET_SERVICE_COLLECTION_NAME = "default";
};
}
home-manager/common.nix
-153
View File
@@ -1,153 +0,0 @@
{
lib,
pkgs,
...
}:
{
imports = [
(import ./nix-init-scripts.nix {
inherit lib pkgs;
})
./programs/zsh.nix
];
home.packages = with pkgs; [
awscli2
kubectl
nixd
tree
viu
yq
];
# Let Home Manager install and manage itself.
programs.home-manager.enable = true;
programs.bat = {
enable = true;
};
programs.direnv = {
enable = true;
nix-direnv.enable = true;
};
programs.fzf = {
enable = true;
enableZshIntegration = true;
};
programs.htop = {
enable = true;
};
programs.k9s = {
enable = true;
settings = {
k9s = {
refreshRate = 2;
ui = {
logoless = true;
headless = true;
skin = "darkerbg";
};
logger = {
tail = 1000;
sinceSeconds = 60 * 30;
fullScreen = true;
showtime = true;
};
};
};
skins = {
darkerbg = {
k9s = {
body = {
bgColor = "#333";
};
frame = {
title = {
bgColor = "#333";
};
};
views = {
table = {
bgColor = "#333";
header = {
bgColor = "#333";
};
};
logs = {
bgColor = "#333";
};
};
};
};
};
};
programs.jq = {
enable = true;
};
programs.ripgrep = {
enable = true;
arguments = [
"--smart-case"
"--hidden"
];
};
programs.vim = {
enable = true;
settings = {
number = lib.mkDefault true;
relativenumber = lib.mkDefault true;
};
};
programs.starship = {
enable = true;
enableZshIntegration = true;
settings = {
format = lib.concatStrings [
"$username"
"$hostname"
"$directory"
"$character"
];
right_format = lib.concatStrings [
"$git_branch"
"$git_commit"
"$git_state"
"$git_metrics"
"$git_status"
"($cmd_duration)"
];
scan_timeout = 25;
add_newline = false;
continuation_prompt = "[ ](dimmed white)";
follow_symlinks = false;
directory = {
truncate_to_repo = false;
truncation_length = 20;
truncation_symbol = "/";
};
cmd_duration = {
min_time = 100;
show_milliseconds = true;
format = "took [$duration]($style) ";
style = "bold yellow";
};
character = {
success_symbol = "[](bold green)";
error_symbol = "[!](bold red)";
};
};
};
}
home-manager/flake-templates/c3c-flake.nix
-55
View File
@@ -1,55 +0,0 @@
{
inputs = {
nix.url = "git+ssh://git@git.c3c.cz/C3C/nix";
};
outputs =
{ self, nix }:
{
formatter = nix.formatter;
devShells = nix.lib.forAllSystems (pkgs: {
default = nix.lib.mkDevenvShell {
inherit pkgs;
inputs = {
self = self;
nixpkgs = pkgs;
};
modules = [
{
packages = with pkgs; [
];
scripts = {
menu = {
description = "Print this menu";
exec = ''
echo "Commands:"
echo -n '${
builtins.toJSON (
builtins.mapAttrs (
s: value: value.description
) self.devShells.${pkgs.stdenv.hostPlatform.system}.default.config.scripts
)
}' | \
${pkgs.jq}/bin/jq -r 'to_entries | map(" \(.key)\n" + " - \(if .value == "" then "no description provided" else .value end)") | "" + .[]'
'';
};
fix = {
exec = ''
${nix.lib.cd_root}
nix fmt ./*.nix
${pkgs.golangci-lint}/bin/golangci-lint run --sort-results --out-format tab --config ${nix.lib.golangci-config-file} --fix --issues-exit-code 0 ./...
stylua ./src
'';
};
};
}
];
};
});
};
}
home-manager/flake-templates/investbay-flake.nix
-23
View File
@@ -1,23 +0,0 @@
{
inputs = {
nix.url = "git+ssh://git@git.investbay.dev/devops/nix?branch=main";
};
outputs =
{ self, nix }:
{
formatter = nix.formatter;
devShells = nix.lib.forAllSystems (pkgs: {
default = pkgs.devshell.mkShell {
name = "investbay";
packages = with pkgs; [
];
commands = [ ];
};
});
};
}
home-manager/flake-templates/yp-flake.nix
-23
View File
@@ -1,23 +0,0 @@
{
inputs = {
nix.url = "git+ssh://git@bitbucket.org/yourpass/nix";
};
outputs =
{ self, nix }:
{
formatter = nix.formatter;
devShells = nix.lib.forAllSystems (pkgs: {
default = pkgs.devshell.mkShell {
name = "yp";
packages = with pkgs; [
];
commands = [ ];
};
});
};
}
home-manager/hammerspoon/C3CWorkspace.spoon/init.lua
-128
View File
@@ -1,128 +0,0 @@
return (function()
local grid = hs.grid
local screen = hs.screen
local spaces = hs.spaces
local timer = hs.timer
local window = hs.window
spoon = {
name = "C3C Workspace";
version = "0.0.1";
author = "Arnie";
license = "MIT";
}
-- DELL S2722DGM: 394ACDEE-CA25-43C4-A533-D4EDF4A897AF
-- DELL S2721DGF: D3142823-261D-46EF-B9C2-5181C7FE2CA5
-- AV Receiver: B5845603-D54C-44B8-9B55-96F7E5F50646
local appScreenMap = {
Slack = {
desktop = 1,
screen = "394ACDEE-CA25-43C4-A533-D4EDF4A897AF",
fullscreen = true,
},
Code = {
desktop = 1,
screen = "D3142823-261D-46EF-B9C2-5181C7FE2CA5",
fullscreen = true,
},
Spotify = {
desktop = 2,
screen = "D3142823-261D-46EF-B9C2-5181C7FE2CA5",
fullscreen = true,
},
["zoom.us"] = {
screen = "D3142823-261D-46EF-B9C2-5181C7FE2CA5",
fullscreen = true,
},
["Microsoft Outlook"] = {
desktop = 3,
screen = "D3142823-261D-46EF-B9C2-5181C7FE2CA5",
fullscreen = true,
},
}
local fullscreen = function(win)
local screen = win:screen()
local cell = grid.get(win, screen)
cell.x = 0
cell.y = 0
cell.w = 24
cell.h = 24
grid.set(win, cell, screen)
end
function spoon:restoreAppsToScreens()
local screens = {}
for _, scr in ipairs(screen.allScreens()) do
screens[scr:getUUID()] = scr
end
local currentSpaces = spaces.allSpaces()
local spaceMap = {}
for _, screenSpaces in pairs(currentSpaces) do
for _, space in ipairs(screenSpaces) do
spaceMap[space] = true
end
end
local spaceIds = {}
for spaceId, _ in pairs(spaceMap) do
table.insert(spaceIds, spaceId)
end
local winMap = {}
for _, spaceId in pairs(spaceIds) do
for _, winId in ipairs(spaces.windowsForSpace(spaceId)) do
winMap[winId] = true
end
end
for winId, _ in pairs(winMap) do
-- Cannot get windows for non-active spaces, window.filter would have to be used, but performance is crap
local win = window.get(winId)
if win ~= nil then
local name = win:application():name()
local def = appScreenMap[name]
if def ~= nil then
if def.desktop ~= nil and currentSpaces[def.screen] ~= nil then
print(name .. " moving window into an index " .. def.desktop .. " which is space " .. currentSpaces[def.screen][def.desktop])
spaces.moveWindowToSpace(win, currentSpaces[def.screen][def.desktop])
end
local scr = screens[def.screen]
if scr ~= nil then
timer.doAfter(1, function()
print(name .. " moving window into a screen " .. def.screen)
win:moveToScreen(scr)
if def.fullscreen then
timer.doAfter(1, function()
print(name .. " fullscreening window")
fullscreen(win)
end)
end
end)
end
end
end
end
end
-- https://github.com/Hammerspoon/hammerspoon/blob/master/SPOONS.md#hotkeys
function spoon:bindHotKeys(mapping)
local spec = {
restoreAppsToScreens = hs.fnutils.partial(self.restoreAppsToScreens, self)
}
hs.spoons.bindHotkeysToSpec(spec, mapping)
return self
end
return spoon
end)()
home-manager/hammerspoon/window-move.lua
-126
View File
@@ -1,126 +0,0 @@
windowMove = function()
local grid = hs.grid
local screen = hs.screen
local timer = hs.timer
local window = hs.window
-- move window to next screen
hs.hotkey.bind({ "ctrl", "alt", "cmd" }, "N", function()
local win = window.focusedWindow()
win:moveToScreen(win:screen():next())
end)
local fullscreen = function(win)
local scr = win:screen()
local cell = grid.get(win, scr)
cell.x = 0
cell.y = 0
cell.w = 24
cell.h = 24
grid.set(win, cell, scr)
end
local getScreenById = function(id)
for _, scr in ipairs(screen.allScreens()) do
if scr:getUUID() == id then
return scr
end
end
return nil
end
hs.hotkey.bind({ "ctrl", "alt", "cmd" }, "pad1", function()
-- DELL S2722DGM
local scr = getScreenById("394ACDEE-CA25-43C4-A533-D4EDF4A897AF")
if scr == nil then
return
end
local win = window.focusedWindow()
win:moveToScreen(scr)
timer.doAfter(1, function()
fullscreen(win)
end)
end)
hs.hotkey.bind({ "ctrl", "alt", "cmd" }, "pad2", function()
-- DELL S2721DGF
local scr = getScreenById("D3142823-261D-46EF-B9C2-5181C7FE2CA5")
if scr == nil then
return
end
local win = window.focusedWindow()
win:moveToScreen(scr)
timer.doAfter(1, function()
fullscreen(win)
end)
end)
hs.hotkey.bind({ "ctrl", "alt", "cmd" }, "pad3", function()
-- AV Receiver
local scr = getScreenById("B5845603-D54C-44B8-9B55-96F7E5F50646")
if scr == nil then
return
end
local win = window.focusedWindow()
win:moveToScreen(scr)
timer.doAfter(1, function()
fullscreen(win)
end)
end)
hs.hotkey.bind({ "ctrl", "alt", "cmd", "shift" }, "pad1", function()
-- DELL S2722DGM
local scr = getScreenById("394ACDEE-CA25-43C4-A533-D4EDF4A897AF")
if scr == nil then
return
end
for _, win in ipairs(window.focusedWindow():application():allWindows()) do
win:moveToScreen(scr)
timer.doAfter(1, function()
fullscreen(win)
end)
end
end)
hs.hotkey.bind({ "ctrl", "alt", "cmd", "shift" }, "pad2", function()
-- DELL S2721DGF
local scr = getScreenById("D3142823-261D-46EF-B9C2-5181C7FE2CA5")
if scr == nil then
return
end
for _, win in ipairs(window.focusedWindow():application():allWindows()) do
win:moveToScreen(scr)
timer.doAfter(1, function()
fullscreen(win)
end)
end
end)
hs.hotkey.bind({ "ctrl", "alt", "cmd", "shift" }, "pad3", function()
-- AV Receiver
local scr = getScreenById("B5845603-D54C-44B8-9B55-96F7E5F50646")
if scr == nil then
return
end
for _, win in ipairs(window.focusedWindow():application():allWindows()) do
win:moveToScreen(scr)
timer.doAfter(1, function()
fullscreen(win)
end)
end
end)
end
windowMove()
home-manager/hammerspoon/window-tiling.lua
-155
View File
@@ -1,155 +0,0 @@
windowTiling =function()
local window = hs.window
local grid = hs.grid
local screen = hs.screen
hs.window.animationDuration = 0
hs.window.setShadows(false)
local hyper = { "ctrl", "alt", "cmd" }
local wm = {
sizes = { 1 / 2, 2 / 3, 1 / 3 },
}
function wm:_nextStep(dim, offs, cb)
if window.focusedWindow() then
local axis = dim == "w" and "x" or "y"
local oppDim = dim == "w" and "h" or "w"
local oppAxis = dim == "w" and "y" or "x"
local win = window.frontmostWindow()
local scr = win:screen()
local cell = grid.get(win, scr)
local nextSize = self.sizes[1]
for i = 1, #self.sizes do
if
cell[dim] == self.GRID[dim] * self.sizes[i]
and (cell[axis] + (offs and cell[dim] or 0)) == (offs and self.GRID[dim] or 0)
then
nextSize = self.sizes[(i % #self.sizes) + 1]
break
end
end
cb(cell, nextSize)
if cell[oppAxis] ~= 0 and cell[oppAxis] + cell[oppDim] ~= self.GRID[oppDim] then
cell[oppDim] = self.GRID[oppDim]
cell[oppAxis] = 0
end
grid.set(win, cell, scr)
end
end
function wm:_fullscreen()
if hs.window.focusedWindow() then
local win = window.frontmostWindow()
local scr = win:screen()
local cell = grid.get(win, scr)
cell.x = 0
cell.y = 0
cell.w = self.GRID.w
cell.h = self.GRID.h
grid.set(win, cell, scr)
end
end
function wm:_fullDimension(dim)
if window.focusedWindow() then
local win = window.frontmostWindow()
local scr = win:screen()
local cell = grid.get(win, scr)
if dim == "x" then
cell = "0,0 " .. self.GRID.w .. "x" .. self.GRID.h
else
cell[dim] = self.GRID[dim]
cell[dim == "w" and "x" or "y"] = 0
end
grid.set(win, cell, scr)
end
end
function wm:init()
self._pressed = {
up = false,
down = false,
left = false,
right = false,
}
self.GRID = { w = 24, h = 24 }
grid.setGrid(self.GRID.w .. "x" .. self.GRID.h)
grid.MARGINX = 0
grid.MARGINY = 0
hs.hotkey.bind(hyper, "down", function()
self._pressed.down = true
if self._pressed.up then
self:_fullDimension("h")
else
self:_nextStep("h", true, function(cell, nextSize)
cell.y = self.GRID.h - self.GRID.h * nextSize
cell.h = self.GRID.h * nextSize
end)
end
end, function()
self._pressed.down = false
end)
hs.hotkey.bind(hyper, "right", function()
self._pressed.right = true
if self._pressed.left then
self:_fullDimension("w")
else
self:_nextStep("w", true, function(cell, nextSize)
cell.x = self.GRID.w - self.GRID.w * nextSize
cell.w = self.GRID.w * nextSize
end)
end
end, function()
self._pressed.right = false
end)
hs.hotkey.bind(hyper, "left", function()
self._pressed.left = true
if self._pressed.right then
self:_fullDimension("w")
else
self:_nextStep("w", false, function(cell, nextSize)
cell.x = 0
cell.w = self.GRID.w * nextSize
end)
end
end, function()
self._pressed.left = false
end)
hs.hotkey.bind(hyper, "up", function()
self._pressed.up = true
if self._pressed.down then
self:_fullDimension("h")
else
self:_nextStep("h", false, function(cell, nextSize)
cell.y = 0
cell.h = self.GRID.h * nextSize
end)
end
end, function()
self._pressed.up = false
end)
hs.hotkey.bind(hyper, "m", function()
self:_fullscreen()
end)
end
wm:init()
end
windowTiling()
home-manager/lcech-mac-veracode.nix
-249
View File
@@ -1,249 +0,0 @@
{
config,
lib,
pkgs,
...
}:
let
username = "lcech";
homedir = "/Users/${username}";
zshSourceDirs = [ ];
gitUsername = "Lukas Cech";
gitEmail = "lcech@veracode.com";
in
{
imports = [
(import ./veracode/aws-cli.nix {
inherit
config
homedir
lib
pkgs
;
})
];
home.username = username;
home.homeDirectory = homedir;
home.stateVersion = "24.11";
home.packages = with pkgs; [
claude-code
colima
docker
hammerspoon
pstree
ssm-session-manager-plugin
watch
wireshark-qt
];
# ghostty marked as broken as of 2025-01-05 in nix, using homebrew and custom config
home.file = {
"${homedir}/Library/Application Support/com.mitchellh.ghostty/config" = {
text = ''
${builtins.readFile ./shared/ghostty.config}
font-size = 14
'';
};
"${homedir}/.gnupg/gpg-agent.conf" = {
text = ''
default-cache-ttl 34560000
max-cache-ttl 34560000
pinentry-program ${pkgs.pinentry_mac}/bin/pinentry-mac
'';
};
"${homedir}/.ssh/config" = {
text = ''
Include /Users/lcech/.colima/ssh_config
host git.c3c.cz
Port 5522
host dingleberry
User becky
Hostname 10.196.196.5
IdentityFile ~/.ssh/id_ed25519_access
host gitlab.veracode-staging.us
IdentityFile ~/.ssh/id_rsa_fedramp
'';
};
"${homedir}/.hammerspoon/hmSpoons/C3CWorkspace.spoon" = {
source = ./hammerspoon/C3CWorkspace.spoon;
recursive = true;
};
"${homedir}/.hammerspoon/init.lua" = {
text = ''
${builtins.readFile ./hammerspoon/window-tiling.lua}
${builtins.readFile ./hammerspoon/window-move.lua}
package.path = package.path .. ";" .. hs.configdir .. "/hmSpoons/?.spoon/init.lua"
hs.loadSpoon("C3CWorkspace")
spoon.C3CWorkspace:bindHotKeys({
restoreAppsToScreens = {{"ctrl", "alt", "cmd"}, "F12"}
})
'';
};
};
programs.git = {
enable = true;
ignores = [
".vscode"
".direnv"
".devenv"
".envrc"
];
signing = {
signByDefault = true;
key = "5ABD6C5E";
};
settings = {
user.name = gitUsername;
user.email = gitEmail;
core = {
autocrlf = "input";
editor = "vim";
};
pull.rebase = false;
init.defaultBranch = "main";
url."ssh://git@gitlab.laputa.veracode.io/".insteadOf = "https://gitlab.laputa.veracode.io/";
};
};
# Generate key wth gpg --full-gen-key
# Kind of key: 10 ECC sign only, curve 25519
# Real name: <username>
# Email address: <email>
# Add to git: gpg --list-secret-keys --keyid-format SHORT
# get the bit after the key kind and put it in the signing.key in git config above
# gpg --armor --export <KEY> and add to git account
programs.gpg = {
enable = true;
settings = {
use-agent = true;
};
mutableKeys = false;
publicKeys = [ ];
};
programs.lsd = {
enable = true;
settings = {
blocks = [
"permission"
"user"
"group"
"size"
"date"
"git"
"name"
];
sorting = {
dir-grouping = "first";
};
};
};
programs.pay-respects = {
enable = true;
enableZshIntegration = true;
};
programs.zsh = {
enable = true;
dirHashes = {
mac = "${homedir}/storage/.macshare";
nix = "${homedir}/.config/nix";
vc = "${homedir}/projects/veracode";
};
shellAliases = {
hammerspoon-config = "open -a ${pkgs.hammerspoon}/Applications/Hammerspoon.app/Contents/MacOS/Hammerspoon";
get-key = "${pkgs.writeShellScript "get-key" ''
set -e
scp dingleberry:/self/hintihint/keys/sum.key ${homedir}/hw.key
read -p "waiting for confirmation to delete the key"
rm ${homedir}/hw.key
''}";
wg-home = "${pkgs.writeShellScript "wg-home" ''
WG=$(sudo wg show)
if [[ "$WG" != "" ]]; then
if [[ $(echo "$WG" | grep endpoint | cut -c13-26) == "10.125.248.248" ]]; then
sudo wg-quick down /etc/wireguard/home.conf
else
sudo wg-quick down /etc/wireguard/home-remote.conf
fi
fi
if [[ "$(ipconfig getifaddr en0)" =~ "10.125.24" ]]; then
sudo wg-quick up /etc/wireguard/home.conf
else
sudo wg-quick up /etc/wireguard/home-remote.conf
fi
''}";
ssm = "${pkgs.writeShellScript "ssm" ''
aws --profile $1 --region ''${3:-us-east-1} ssm start-session --target $2
''}";
};
initContent = ''
${builtins.concatStringsSep "\n" (
builtins.map (dir: ''
for file in ${dir}/*.zsh; do
source "$file"
done
'') zshSourceDirs
)}
autoload -U +X bashcompinit && bashcompinit
source <(${pkgs.kubectl}/bin/kubectl completion zsh)
complete -C '${pkgs.awscli2}/bin/aws_completer' aws
bindkey '^[[3~' delete-char
'';
};
home.sessionVariables = {
EDITOR = "vim";
GO111MODULE = "on";
TERMINAL = "ghostty";
};
launchd.agents.keepass-sync-timer = {
enable = true;
config = {
Program = "${pkgs.writeShellScript "keepass-sync-timer" ''
${pkgs.coreutils}/bin/cp "${homedir}/storage/.macshare/.secret/arnie.kdbx" "${homedir}/.secret/arnie.kdbx"
''}";
ProgramArguments = [ ];
StartInterval = 60 * 10;
StandardErrorPath = "/var/log/keepass-sync.error.log";
StandardOutPath = "/var/log/keepass-sync.out.log";
};
};
}
home-manager/nix-init-scripts.nix
-90
View File
@@ -1,90 +0,0 @@
{ lib, pkgs, ... }:
let
flake-dir =
{
flake,
impure ? false,
}:
pkgs.writeShellScript "nix-prepare" ''
run() {
local dir="$1"
echo "Preparing nix environment in $dir"
if [ "$dir" = "" ]; then
echo "Usage: nix-prepare <dir>"
exit 1
fi
mkdir -p $dir
cd $dir
git init
# Insert the nix flake
cp ${flake} flake.nix
chmod 644 flake.nix
echo '/*' > .gitignore
echo '!/.gitignore' >> .gitignore
echo '!/flake.nix' >> .gitignore
echo '!/flake.lock' >> .gitignore
echo 'use flake .${(if impure then " --impure" else "")}' > .envrc
git add flake.nix .gitignore
git commit -m "Setup initial flake"
direnv allow
eval "$(direnv export bash)"
git add flake.lock
git commit -m "Lock flakes"
}
run "$@"
'';
git-flake-dir-clone =
{
flake,
impure ? false,
}:
pkgs.writeShellScript "git-nix-clone" ''
# Input is a git repository such as git@github.com:group/project-name.git
run() {
local repo="$1"
local projectName=$(echo "$repo" | sed 's/.*\///' | sed 's/\.git//')
if [ "$repo" = "" ]; then
echo "Usage: git-nix-clone <repo>"
exit 1
fi
${flake-dir { inherit flake impure; }} "$projectName"-nix
git clone "$repo" "$projectName"-nix"/$projectName"
}
run "$@"
'';
in
{
programs.zsh.shellAliases = {
git-c3c-clone = lib.mkDefault "${git-flake-dir-clone {
flake = ./flake-templates/c3c-flake.nix;
impure = true;
}}";
flake-dir-c3c = lib.mkDefault "${flake-dir {
flake = ./flake-templates/c3c-flake.nix;
impure = true;
}}";
flake-dir-yp = lib.mkDefault "${flake-dir {
flake = ./flake-templates/yp-flake.nix;
impure = false;
}}";
flake-dir-investbay = lib.mkDefault "${flake-dir {
flake = ./flake-templates/investbay-flake.nix;
impure = false;
}}";
};
}
home-manager/programs/zsh.nix
-174
View File
@@ -1,174 +0,0 @@
{
lib,
pkgs,
...
}:
let
isDarwin = pkgs.stdenv.hostPlatform.isDarwin;
isLinux = pkgs.stdenv.hostPlatform.isLinux;
in
{
programs.zsh = {
enable = true;
autocd = lib.mkDefault true;
history = {
expireDuplicatesFirst = true;
ignoreDups = true;
save = 10000;
share = false;
size = 10000;
};
shellAliases = {
# use eval $(aws-export-credentials) to expose them to environment
aws-export-credentials = lib.mkDefault "${pkgs.awscli2}/bin/aws configure export-credentials --format env --profile";
aws-export-assume-role = lib.mkDefault "${pkgs.writeShellScript "aws-export-assume-role" ''
[[ -z "$1" || -z "$2" ]] && echo "Usage: aws-export-assume-role <profile> <role-arn>" && exit 1
${pkgs.coreutils}/bin/printf 'export AWS_ACCESS_KEY_ID=%s\nexport AWS_SECRET_ACCESS_KEY=%s\nexport AWS_SESSION_TOKEN=%s' $(${pkgs.awscli2}/bin/aws --profile "$1" sts assume-role --role-arn "$2" --role-session-name lcech --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" --output text)
''}";
# https://docs.aws.amazon.com/singlesignon/latest/userguide/createshortcutlink.html
aws-sharable-url = lib.mkDefault "${pkgs.writeShellScript "aws-sharable-url" ''
set -e
URL=$1
[[ -z "$URL" ]] && read -p "Enter URL: " URL
# Strip schema
URL="''${URL#https://}"
# Parse Account ID from multi-session URL
ACCOUNT_ID="''${URL%%-*}"
# Strip account ID and hash up to the region part
URL="''${URL#*\.}"
PROFILE=$(${pkgs.gnugrep}/bin/grep "sso_account_id = $ACCOUNT_ID" ~/.aws/config -B 5 | ${pkgs.gnugrep}/bin/grep "\[profile" | ${pkgs.coreutils}/bin/tail -n 1 | ${pkgs.coreutils}/bin/tr -d '[]')
PROFILE="''${PROFILE#profile }"
ROLE_NAME=$(${pkgs.awscli2}/bin/aws configure get profile.$PROFILE.sso_role_name)
SSO_SESSION=$(${pkgs.awscli2}/bin/aws configure get profile.$PROFILE.sso_session)
SSO_URL=$(${pkgs.gnugrep}/bin/grep "\[sso-session $SSO_SESSION" ~/.aws/config -A5 | ${pkgs.gnugrep}/bin/grep sso_start_url | ${pkgs.coreutils}/bin/head -n 1)
SSO_URL="''${SSO_URL#sso_start_url = }"
# Strip trailing slash from SSO_URL if present
SSO_URL="''${SSO_URL%/}"
SHARABLE_URL="$SSO_URL/#/console?account_id=$ACCOUNT_ID&role_name=$ROLE_NAME&destination=$(${pkgs.urlencode}/bin/urlencode "https://$URL")"
${
if isDarwin then
''
echo -n "$SHARABLE_URL" | pbcopy
''
else
''
echo -n "$SHARABLE_URL" | ${pkgs.xclip}/bin/xclip -selection clipboard
''
}
echo "URL copied to clipboard"
''}";
aws-s3-cp-public = lib.mkDefault ''
${pkgs.awscli2}/bin/aws s3 cp --acl "public-read" --expires "$(${pkgs.coreutils}/bin/date '+%a, %d %b %Y 00:00:00 GMT' -d "$(${pkgs.coreutils}/bin/date +%Y-%m-%d) + 365 day")" --cache-control "max-age=31536000" --metadata-directive REPLACE
'';
bcrypt = lib.mkDefault "${pkgs.writeShellScript "bcrypt" ''
if [[ -z "$1" ]]; then
echo "Usage: bcrypt <password> [cost]"
exit 1
fi
echo -n "$1" | ${pkgs.apacheHttpd}/bin/htpasswd -i -nB -C ''${2:-12} "" | tr -d ':'
''}";
cat = lib.mkDefault "${pkgs.bat}/bin/bat --paging=never";
# use curl-aws --aws-sigv4 "aws:amz:region:service"
curl-aws = lib.mkDefault "${pkgs.curl}/bin/curl -H \"X-Amz-Security-Token: $AWS_SESSION_TOKEN\" --user \"$AWS_ACCESS_KEY_ID:$AWS_SECRET_ACCESS_KEY\"";
curl-timing = lib.mkDefault "${pkgs.curl}/bin/curl -w \" time_namelookup: %{time_namelookup}s\n time_connect: %{time_connect}s\n time_appconnect: %{time_appconnect}s\n time_pretransfer: %{time_pretransfer}s\n time_redirect: %{time_redirect}s\n time_starttransfer: %{time_starttransfer}s\n ----------\n time_total: %{time_total}s\n\" -o /dev/null";
dbase64 = lib.mkDefault "${pkgs.writeShellScript "dbase64" "echo -n \"$1\" | base64 -d"}";
git-sync-remote = lib.mkDefault "git remote update origin --prune";
cleanup-kube-config = "${
pkgs.writeShellApplication {
name = "app";
text = ./zsh/aliases/cleanup-kube-config.sh;
runtimeInputs = [
pkgs.gnugrep
pkgs.coreutils
];
}
}/bin/app";
klogs = lib.mkDefault "${pkgs.writeShellScript "klogs" ''
ctx="$1"
shift
namespace="$1"
shift
label="$1"
shift
if [[ "$ctx" == "" || "$namespace" == "" || "$label" == "" ]]; then
echo "Usage: klogs context namespace label"
echo "${"\n"}Contexts:"
kubectl config get-contexts -o name | sed 's/^/\t/g'
echo "Label examples:"
echo "${"\t"}app.kubernetes.io/name=..."
echo "${"\t"}eks.amazonaws.com/component=..."
exit 1
fi
kubectl --context "$ctx" logs -f -n "$namespace" -l "$label" $@
''}";
nixfix = lib.mkDefault "nix fmt ./**/*.nix";
# Git
a = "git add";
c = "git commit -m";
d = "git diff";
d-s = "git diff --staged";
gtag = "${pkgs.writeShellScript "gtag" "git tag -a $1 -m '$2'"}";
gtag-replace = "${pkgs.writeShellScript "gtag" ''
msg=$(git tag -l -n9 $1 | sed "s/$1\s\+//g")
git tag -d $1 && \
git push origin :refs/tags/$1 && \
git tag -a $1 -m "$msg" && \
git push origin $1
''}";
gtagl = "git fetch --tags && git tag -l -n9 --sort=-v:refname";
s = "git status";
}
// (
if isDarwin then
{
hm-switch = lib.mkDefault "sudo darwin-rebuild switch --flake ~/.config/nix";
}
else if isLinux then
{
hm-switch = lib.mkDefault "home-manager switch --impure --flake ~/.config/nix";
}
else
{ }
);
initContent = lib.mkBefore ''
for file in ${./zsh}/*.zsh; do
source "$file"
done
# [Ctrl-RightArrow] - move forward one word
bindkey '^[[1;3C' forward-word
# [Ctrl-LeftArrow] - move backward one word
bindkey '^[[1;3D' backward-word
'';
};
}
home-manager/programs/zsh/09-zsh_aliases.zsh
-7
View File
@@ -1,7 +0,0 @@
alias less='less -R'
function appConnections()
{
ss -tpla | grep -v Recv-Q | awk '{print $5 $6}' | sed -e 's#\(.*\)users:((\"\(\w\+\)\".*#\2 - \1#' | sort | uniq
}
alias conns=appConnections
home-manager/programs/zsh/aliases/cleanup-kube-config.sh
-53
View File
@@ -1,53 +0,0 @@
set -e
declare -A account_clusters
declare -A account_profiles
for ctx in $(kubectl config get-contexts -o name); do
if [[ "${ctx:0:7}" != "arn:aws" ]]; then
continue
fi
account_id="${ctx#*:*:*:*:}"
account_id="${account_id%%:*}"
cluster_name="${ctx#*cluster/}"
if [[ "${account_id}" == "" ]] || [[ "${cluster_name}" == "" ]]; then
continue
fi
if [[ ! -v account_profiles[$account_id] ]]; then
aws_profile=$(grep "sso_account_id = $account_id" ~/.aws/config -B 5 | grep "\[profile" | tail -n 1 | tr -d '[]')
aws_profile="${aws_profile#profile }"
if [[ "${aws_profile}" == "" ]]; then
continue
fi
account_profiles[$account_id]=$aws_profile
account_clusters[$account_id]=""
fi
account_clusters[$account_id]+="$cluster_name "
done
for acc in ${!account_profiles[@]}; do
profile=${account_profiles[$acc]}
declare -A current_clusters
for remote_cluster in $(aws --profile $profile eks list-clusters --query "clusters" --output text); do
current_clusters[$remote_cluster]=""
done
for cluster in ${account_clusters[$acc]}; do
if [[ -v current_clusters[$cluster] ]]; then
# check if credentials are current
echo "$cluster cluster exists"
else
kubectl config delete-context "$(kubectl config get-contexts -o name | grep "$acc:cluster/$cluster" | head -n 1)"
fi
done
unset -v current_clusters
done
home-manager/shared/ghostty.config
-34
View File
@@ -1,34 +0,0 @@
theme = "Catppuccin Mocha"
window-width = 9999
window-height = 9999
# unbind resize split
keybind = super+ctrl+down=unbind
keybind = super+ctrl+left=unbind
keybind = super+ctrl+up=unbind
keybind = super+ctrl+right=unbind
# unbind clear_window
keybind = super+k=unbind
# unbind goto split
keybind = super+alt+right=unbind
keybind = super+alt+down=unbind
keybind = super+alt+left=unbind
keybind = super+alt+up=unbind
keybind = super+alt+k=new_split:down
keybind = super+alt+l=new_split:right
keybind = super+j=goto_split:up
keybind = super+k=goto_split:down
keybind = super+h=goto_split:left
keybind = super+l=goto_split:right
keybind = super+shift+j=resize_split:up,10
keybind = super+shift+k=resize_split:down,10
keybind = super+shift+h=resize_split:left,10
keybind = super+shift+l=resize_split:right,10
# https://ghostty.org/docs/config/reference#scrollback-limit
scrollback-limit = 100000000
home-manager/veracode/.okta_aws_login_config
-16
View File
@@ -1,16 +0,0 @@
[govus-stage]
okta_org_url = https://govus-staging-veracode.okta.com
gimme_creds_server = appurl
aws_rolename = arn:aws-us-gov:iam::403885414333:role/Corp-Engineer
write_aws_creds = True
cred_profile = 403885414333-Corp-Engineer
okta_username = lcech@veracode.com
app_url = https://govus-staging-veracode.okta.com/home/amazon_aws/0oame0n0rGjDo9BvZ4h6/272
resolve_aws_alias = False
include_path = True
preferred_mfa_type = push
remember_device = True
aws_default_duration = 3600
output_format = export
force_classic = True
enable_keychain = True
home-manager/veracode/aws-cli.nix
-611
View File
@@ -1,611 +0,0 @@
{
config,
homedir,
lib,
pkgs,
...
}:
let
accounts = {
eu = {
"905326657474" = {
name = "log-archive";
role = "EngineerAdmin-Veracode-EU-All";
};
"864021117189" = {
name = "security";
role = "EngineerAdmin-Veracode-EU-All";
};
"296441839393" = {
name = "shared-services";
role = "EngineerAdmin-Veracode-EU-All";
};
"714966795542" = {
name = "veracode-eu-devops";
role = "EngineerAdmin-Veracode-EU-All";
};
"359955634867" = {
name = "veracode-eu-master";
role = "EngineerAdmin-Veracode-EU-All";
};
"675053010029" = {
name = "veracode-eu-networking";
role = "EngineerAdmin-Veracode-EU-All";
};
"377019361040" = {
name = "veracode-eu-platform-nonprod";
role = "EngineerAdmin-Veracode-EU-All";
};
"962291324749" = {
name = "veracode-eu-platform-prod";
role = "EngineerAdmin-Veracode-EU-All";
};
"090139405064" = {
name = "veracode-status-eu";
role = "EngineerAdmin-Veracode-EU-All";
};
};
us = {
"339712784947" = {
name = "aws-corp-it-prod";
role = "EngineerAdmin";
};
"077230771307" = {
name = "aws-syseng";
role = "EngineerAdmin";
};
"854207236867" = {
name = "devops";
role = "EngineerAdmin";
};
"419928441445" = {
name = "hunter2";
role = "EngineerAdmin";
};
"201152413784" = {
name = "hunter2-nonprod";
role = "EngineerAdmin";
};
"234742391591" = {
name = "logging";
role = "EngineerAdmin";
};
"373670440571" = {
name = "mars-archive";
role = "EngineerAdmin";
};
"389203956472" = {
name = "mvsa-dev";
role = "EngineerAdmin";
};
"120705294404" = {
name = "networking";
role = "EngineerAdmin";
};
"540592891828" = {
name = "repo-tools-nonprod";
role = "EngineerAdmin";
};
"199128305162" = {
name = "security";
role = "EngineerAdmin";
};
"205744758777" = {
name = "shared-services";
role = "EngineerAdmin";
};
"502262283075" = {
name = "staticengine-ci";
role = "EngineerAdmin";
};
"593005598611" = {
name = "Veracode Marketplace Sales Account";
role = "EngineerAdmin";
};
"544286724460" = {
name = "veracode-api-security-dev";
role = "EngineerAdmin";
};
"426703640137" = {
name = "veracode-cmk-production";
role = "EngineerAdmin";
};
"227890167531" = {
name = "veracode-cmk-staging";
role = "EngineerAdmin";
};
"833309876439" = {
name = "veracode-datalake-nonprod";
role = "EngineerAdmin";
};
"231215122795" = {
name = "veracode-datalake-prod";
role = "EngineerAdmin";
};
"556105087578" = {
name = "veracode-devops-sandbox";
role = "EngineerAdmin";
};
"419934374614" = {
name = "veracode-dynamic-nonprod";
role = "EngineerAdmin";
};
"743424160468" = {
name = "veracode-dynamic-prod";
role = "EngineerAdmin";
};
"026090546337" = {
name = "veracode-extcmk-c01";
role = "EngineerAdmin";
};
"026090544016" = {
name = "veracode-extcmk-dev";
role = "EngineerAdmin";
};
"527791905507" = {
name = "veracode-gov-production";
role = "EngineerAdmin";
};
"241823169104" = {
name = "veracode-gov-security";
role = "EngineerAdmin";
};
"337544356528" = {
name = "veracode-gov-staging";
role = "EngineerAdmin";
};
"125763904786" = {
name = "veracode-l2-support";
role = "EngineerAdmin";
};
"361598275817" = {
name = "veracode-laputa-sandbox";
role = "EngineerAdmin";
};
"165970187232" = {
name = "veracode-lz-data-dr";
role = "EngineerAdmin";
};
"135394645105" = {
name = "veracode-lz-data-nonprod";
role = "EngineerAdmin";
};
"041513053014" = {
name = "veracode-lz-data-prod";
role = "EngineerAdmin";
};
"341176679750" = {
name = "veracode-lz-futureville";
role = "EngineerAdmin";
};
"011479462201" = {
name = "veracode-lz-master";
role = "EngineerAdmin";
};
"900979254221" = {
name = "veracode-lz-static-non-prod";
role = "EngineerAdmin";
};
"867871251596" = {
name = "veracode-lz-static-prod";
role = "EngineerAdmin";
};
"621415697837" = {
name = "veracode-pac-lz-nonproduction";
role = "EngineerAdmin";
};
"677563424528" = {
name = "veracode-pac-lz-production";
role = "EngineerAdmin";
};
"055143528572" = {
name = "veracode-platform-nonprod";
role = "EngineerAdmin";
};
"432322876094" = {
name = "veracode-platform-prod";
role = "EngineerAdmin";
};
"772788280252" = {
name = "veracode-sca-nonprod";
role = "EngineerAdmin";
};
"978530908597" = {
name = "veracode-sca-prod";
role = "EngineerAdmin";
};
"129575015961" = {
name = "veracode-sky-github";
role = "EngineerAdmin";
};
"157122231047" = {
name = "veracode-status";
role = "EngineerAdmin";
};
};
old-world = {
"747166839737" = {
name = "Alternator Prod";
role = "EngineerAdmin";
};
"849762296401" = {
name = "aws-cloudloop";
role = "EngineerAdmin";
};
"555828001259" = {
name = "aws-devops";
role = "EngineerAdmin";
};
"095180515219" = {
name = "aws-disco-dev";
role = "EngineerAdmin";
};
"602400992919" = {
name = "aws-disco-prod";
role = "EngineerAdmin";
};
"671440995558" = {
name = "aws-mpt";
role = "EngineerAdmin";
};
"390809507444" = {
name = "aws-research";
role = "EngineerAdmin";
};
"547681985753" = {
name = "aws-static-dev";
role = "EngineerAdmin";
};
"576836758243" = {
name = "aws-static-prod";
role = "EngineerAdmin";
};
"272739225222" = {
name = "Greenlight Dev";
role = "EngineerAdmin";
};
"187309115203" = {
name = "Greenlight Prod";
role = "EngineerAdmin";
};
"312566581319" = {
name = "mvsa-prod";
role = "EngineerAdmin";
};
"528304698271" = {
name = "ops1";
role = "EngineerAdmin";
};
"178484873978" = {
name = "ops2";
role = "EngineerAdmin";
};
"036935693235" = {
name = "platform-integrations-dev";
role = "EngineerAdmin";
};
"101042440253" = {
name = "platform-integrations-prod";
role = "EngineerAdmin";
};
"769404944768" = {
name = "Veracode GovCloud Parent Staging";
role = "EngineerAdmin";
};
"932961976631" = {
name = "Veracode Laputa";
role = "EngineerAdmin";
};
"706178003760" = {
name = "Veracode Master";
role = "EngineerAdmin";
};
"227458413628" = {
name = "veracode-asc-ilt";
role = "EngineerAdmin";
};
"637659597440" = {
name = "veracode-dataservices-dev";
role = "EngineerAdmin";
};
"360252896736" = {
name = "veracode-dataservices-production";
role = "EngineerAdmin";
};
"634743813634" = {
name = "veracode-elearning-nonprod";
role = "EngineerAdmin";
};
"231131777030" = {
name = "veracode-gov-parent-nonproduction";
role = "EngineerAdmin";
};
"391700338873" = {
name = "veracode-gov-parent-production";
role = "EngineerAdmin";
};
"083679226615" = {
name = "veracode-hackathon";
role = "EngineerAdmin";
};
"228885042232" = {
name = "veracode-info-sec";
role = "EngineerAdmin";
};
"653330403905" = {
name = "veracode-mpt-mffc";
role = "EngineerAdmin";
};
"566201213358" = {
name = "veracode-nonproduction";
role = "EngineerAdmin";
};
"518031149952" = {
name = "veracode-production";
role = "EngineerAdmin";
};
"966752150300" = {
name = "veracode-qaoncloud-nonproduction";
role = "EngineerAdmin";
};
"221433242586" = {
name = "veracode-solutions-architect";
role = "EngineerAdmin";
};
"576647558819" = {
name = "VeraRadio";
role = "EngineerAdmin";
};
};
longbow = {
"520315734741" = {
name = "Audit";
role = "AWS-Engineer-Admin";
};
"853528449373" = {
name = "demo";
role = "AWS-Engineer-Admin";
};
"058887878640" = {
name = "Dev";
role = "AWS-Engineer-Admin";
};
"539590419140" = {
name = "Hans Gruber";
role = "AWS-Engineer-Admin";
};
"048352314288" = {
name = "Log archive";
role = "AWS-Engineer-Admin";
};
"066179854877" = {
name = "Production";
role = "AWS-Engineer-Admin";
};
"388353868666" = {
name = "SaaS Seller Account";
role = "AWS-Engineer-Admin";
};
"057168112839" = {
name = "Sandbox";
role = "AWS-Engineer-Admin";
};
"704459292453" = {
name = "Shared Services";
role = "AWS-Engineer-Admin";
};
"108911762463" = {
name = "Staging";
role = "AWS-Engineer-Admin";
};
"252894127310" = {
name = "TalonX";
role = "AWS-Engineer-Admin";
};
"932480454180" = {
name = "Test Customer";
role = "AWS-Engineer-Admin";
};
};
};
in
{
home.file."${homedir}/.aws/config" = {
text = ''
[default]
region = us-east-1
[sso-session veracode-us]
sso_start_url = https://d-906716ce52.awsapps.com/start/
sso_region = us-east-1
sso_registration_scopes = sso:account:access
[sso-session veracode-eu]
sso_start_url = https://d-996723c1d4.awsapps.com/start
sso_region = eu-central-1
sso_registration_scopes = sso:account:access
[sso-session veracode-old-world]
sso_start_url = https://d-90679ac9ea.awsapps.com/start
sso_region = us-east-1
sso_registration_scopes = sso:account:access
[sso-session veracode-longbow]
sso_start_url = https://d-90677f445e.awsapps.com/start
sso_region = us-east-1
sso_registration_scopes = sso:account:access
[sso-session veracode-gov-stag]
sso_start_url = https://???.awsapps.com/start
sso_region = us-east-1
sso_registration_scopes = sso:account:access
[profile veracode-gov-staging-gov]
sso_account_id = 403885414333
sso_session = veracode-gov-stag
sso_role_name = Corp-Engineer
region = us-east-1
output = json
${builtins.concatStringsSep "\n" (
lib.mapAttrsToList (id: account: ''
[profile ${builtins.replaceStrings [ " " ] [ "" ] account.name}]
sso_account_id = ${id}
sso_role_name = ${account.role}
sso_session = veracode-us
region = us-east-1
output = json
[profile us-${builtins.replaceStrings [ " " ] [ "" ] account.name}]
sso_account_id = ${id}
sso_role_name = ${account.role}
sso_session = veracode-us
region = us-east-1
output = json
'') accounts.us
)}
${builtins.concatStringsSep "\n" (
lib.mapAttrsToList (id: account: ''
${
if lib.any (usAccount: usAccount.name == account.name) (lib.attrValues accounts.us) then
""
else
''
[profile ${builtins.replaceStrings [ " " ] [ "" ] account.name}]
sso_account_id = ${id}
sso_role_name = ${account.role}
sso_session = veracode-eu
region = eu-central-1
output = json
''
}
[profile eu-${builtins.replaceStrings [ " " ] [ "" ] account.name}]
sso_account_id = ${id}
sso_role_name = ${account.role}
sso_session = veracode-eu
region = eu-central-1
output = json
'') accounts.eu
)}
${builtins.concatStringsSep "\n" (
lib.mapAttrsToList (id: account: ''
${
if
lib.any (otherAccount: otherAccount.name == account.name) (
lib.attrValues (accounts.us // accounts.eu)
)
then
""
else
''
[profile ${builtins.replaceStrings [ " " ] [ "" ] account.name}]
sso_account_id = ${id}
sso_role_name = ${account.role}
sso_session = veracode-old-world
region = eu-central-1
output = json
''
}
[profile old-world-${builtins.replaceStrings [ " " ] [ "" ] account.name}]
sso_account_id = ${id}
sso_role_name = ${account.role}
sso_session = veracode-old-world
region = eu-central-1
output = json
'') accounts.old-world
)}
${builtins.concatStringsSep "\n" (
lib.mapAttrsToList (id: account: ''
${
if
lib.any (otherAccount: otherAccount.name == account.name) (
lib.attrValues (accounts.us // accounts.eu // accounts.old-world)
)
then
""
else
''
[profile ${builtins.replaceStrings [ " " ] [ "" ] account.name}]
sso_account_id = ${id}
sso_role_name = ${account.role}
sso_session = veracode-longbow
region = eu-central-1
output = json
''
}
[profile longbow-${builtins.replaceStrings [ " " ] [ "" ] account.name}]
sso_account_id = ${id}
sso_role_name = ${account.role}
sso_session = veracode-longbow
region = eu-central-1
output = json
'') accounts.longbow
)}
'';
};
home.file."${homedir}/.okta_aws_login_config" = {
source = config.lib.file.mkOutOfStoreSymlink "${homedir}/.config/nix/home-manager/veracode/.okta_aws_login_config";
};
home.packages = [
pkgs.gimme-aws-creds
];
programs.zsh.shellAliases = {
veracode-find = ''${pkgs.writeShellScript "veracode-find" ''
for profile in $(aws configure list-profiles | grep -E '^(us|eu|old-world|longbow)-'); do
echo "=== $profile ==="
aws --profile $profile "$@";
done
''}'';
veracode-find-eu = ''${pkgs.writeShellScript "veracode-find-eu" ''
for profile in $(aws configure list-profiles | grep -E '^(eu)-'); do
echo "=== $profile ==="
aws --profile $profile "$@";
done
''}'';
veracode-find-us = ''${pkgs.writeShellScript "veracode-find-us" ''
for profile in $(aws configure list-profiles | grep -E '^(us)-'); do
echo "=== $profile ==="
aws --profile $profile "$@";
done
''}'';
veracode-find-old-world = ''${pkgs.writeShellScript "veracode-find-old-world" ''
for profile in $(aws configure list-profiles | grep -E '^(old-world)-'); do
echo "=== $profile ==="
aws --profile $profile "$@";
done
''}'';
veracode-find-longbow = ''${pkgs.writeShellScript "veracode-find-longbow" ''
for profile in $(aws configure list-profiles | grep -E '^(longbow)-'); do
echo "=== $profile ==="
aws --profile $profile "$@";
done
''}'';
veracode-login = ''${pkgs.writeShellScript "veracode-login" ''
for region in us eu; do
aws sso login --profile $region-shared-services &
done
aws sso login --profile old-world-aws-devops &
aws sso login --profile longbow-SharedServices &
''}'';
veracode-login-govus-stage = ''${pkgs.writeShellScript "export-aws-govus-stage" ''
gimme-aws-creds --profile govus-stage
${pkgs.gnugrep}/bin/grep "^\[403885414333-Corp-Engineer\]" -A1 ${homedir}/.aws/credentials | ${pkgs.coreutils}/bin/tail -n 1 | ${pkgs.gnugrep}/bin/grep -q "region" || ${pkgs.gnused}/bin/sed -i '/^\[403885414333-Corp-Engineer\]$/a region = us-gov-west-1' ${homedir}/.aws/credentials
''}'';
};
}
modules/hammerspoon.nix
-41
View File
@@ -1,41 +0,0 @@
{
lib,
stdenvNoCC,
fetchurl,
unzip,
}:
# This cannot be built from source since Hammerspoon requires entitlements to work,
# and codesigning entitlements is unfortunately incompatible with immutability.
stdenvNoCC.mkDerivation (self: {
pname = "hammerspoon";
version = "1.0.0";
# We don't use fetchzip because that seems to unpack the .app as well.
src = fetchurl {
name = "${self.pname}-${self.version}-source.zip";
url = "https://github.com/Hammerspoon/hammerspoon/releases/download/${self.version}/Hammerspoon-${self.version}.zip";
sha256 = "sha256-XbcCtV2kfcMG6PWUjZHvhb69MV3fopQoMioK9+1+an4=";
};
nativeBuildInputs = [
# Adds unpack hook.
unzip
];
installPhase = ''
runHook preInstall
mkdir -p $out/Applications
cp -r ../Hammerspoon.app $out/Applications/
runHook postInstall
'';
meta = {
homepage = "https://www.hammerspoon.org";
description = "Staggeringly powerful macOS desktop automation with Lua";
license = lib.licenses.mit;
platforms = [
"x86_64-darwin"
"aarch64-darwin"
];
};
})