From bbecaacdb09f4ed1d97d1e10ad5387533a102032 Mon Sep 17 00:00:00 2001 From: Ethan Turkeltaub Date: Fri, 10 Apr 2026 22:50:40 -0400 Subject: [PATCH 1/9] Proof of concept for sops-nix --- hosts/eMac/configuration.nix | 2 ++ secrets.json | 19 +++++++++++++++++++ 2 files changed, 21 insertions(+) create mode 100644 secrets.json diff --git a/hosts/eMac/configuration.nix b/hosts/eMac/configuration.nix index 26fbe4fd..80ae6432 100644 --- a/hosts/eMac/configuration.nix +++ b/hosts/eMac/configuration.nix @@ -10,6 +10,8 @@ networking.hostName = "eMac"; + sops.secrets.foo = { }; + homebrew = { brews = [ "postgresql@14" diff --git a/secrets.json b/secrets.json new file mode 100644 index 00000000..adbcd293 --- /dev/null +++ b/secrets.json @@ -0,0 +1,19 @@ +{ + "foo": "ENC[AES256_GCM,data:qOFd,iv:gXuw0T+sfYtWFIKhMGlEcSCL2/wCe63IXyKxjDESTmE=,tag:tWopWv+CIM85IkqQ5vf4dg==,type:str]", + "sops": { + "age": [ + { + "recipient": "age10539mc6shf02hpa8huyjktdw3nfyavxdg8pt247wwvq4xrv8h5zs8nc0k0", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5S2NwY2dZNlBPS00wZnNB\ncFJkSVBBS0V6VWFtbG5hZ0Jxc3M0NkVrMHlNCmpoY00xMkRJaFFxcHJEU1F4QklL\nN1NrZFFHNWZQRjFJcEpyWEEzWDZMQUEKLS0tIEFNdG8vU3pQa1dYVkZVd0dvd0RP\nTi9oUnJLS0pwZ0ZDNnFzUnNzNlRMMVkKnDZ7wvJF6fDXVjfu/A3V9fm+Ij09APkF\nGoKFxdHSEwaMiXg0VSUDunghm7+C7vtnjHkbQ6oOkfcxYL2iCS4ZZg==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1ypylw6zxmaxwzqehtf0976jlx8zc2a5npj9s4rzeawwxcdchk3kqzjusdl", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3NXN0dUM3MHlodXpDMkc4\nMlBPMytoc1V0cXFNQm8xaFBEbndzS2I3MWpFCnFnLzFaSjFXN1d3ODFrU0hIWWMx\nUWdKTlMzYkgrOEFyYURDNXBwZzQzUjgKLS0tIHRnUXhTUEdndWVvVEVNVXE4WWht\ndnFkdmt6cXpyTlRNd2h0cDRGaHFabk0KuHlyO8tpGxwiqfiiMTcA8Bv1Z9PhNvnc\npjZhCZZ1AtP9cF42Br/1lWAK8k9v8ez0mSRB6va5uSxiNgWsfoP40A==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2026-04-11T02:50:23Z", + "mac": "ENC[AES256_GCM,data:5NglWBL3/cchOkH8WAXeutVfTYnUcLjuyrLOlZpXIw6hAH3bKDH3CoeGW37HO/5xSfHXaUuTFYHiJFpIQ3WX1E4DzemZnQbYuKUSi8Xdjd+k0P+Hxw84Jc5hIoRpP8iFgvMujAFL9PwDW0Ol+qZhrmYhSVTCJDeQaRqMxIZCIO4=,iv:acM+Wl0GphPQ5ardXjS87nxRBKxEXt8J0d1kkdyAwKU=,tag:5IcItivWEOW5VOyI3YNO0g==,type:str]", + "unencrypted_suffix": "_unencrypted", + "version": "3.12.1" + } +} From 970f7e8284b6e01df7ce3b16c59a92122a6f486d Mon Sep 17 00:00:00 2001 From: Ethan Turkeltaub Date: Fri, 10 Apr 2026 23:04:59 -0400 Subject: [PATCH 2/9] Proof of concept for sops-nix in home-manager --- secrets.json | 5 +++-- users/ethan/home.nix | 4 +++- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/secrets.json b/secrets.json index adbcd293..843fa595 100644 --- a/secrets.json +++ b/secrets.json @@ -1,5 +1,6 @@ { "foo": "ENC[AES256_GCM,data:qOFd,iv:gXuw0T+sfYtWFIKhMGlEcSCL2/wCe63IXyKxjDESTmE=,tag:tWopWv+CIM85IkqQ5vf4dg==,type:str]", + "biz": "ENC[AES256_GCM,data:/d6G,iv:eZwBh/xC8XJa/iFZR999bRRty8KzkhXkVaC0k+xqIPU=,tag:cFVS7XrGYUDsjiH2Dyvmwg==,type:str]", "sops": { "age": [ { @@ -11,8 +12,8 @@ "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3NXN0dUM3MHlodXpDMkc4\nMlBPMytoc1V0cXFNQm8xaFBEbndzS2I3MWpFCnFnLzFaSjFXN1d3ODFrU0hIWWMx\nUWdKTlMzYkgrOEFyYURDNXBwZzQzUjgKLS0tIHRnUXhTUEdndWVvVEVNVXE4WWht\ndnFkdmt6cXpyTlRNd2h0cDRGaHFabk0KuHlyO8tpGxwiqfiiMTcA8Bv1Z9PhNvnc\npjZhCZZ1AtP9cF42Br/1lWAK8k9v8ez0mSRB6va5uSxiNgWsfoP40A==\n-----END AGE ENCRYPTED FILE-----\n" } ], - "lastmodified": "2026-04-11T02:50:23Z", - "mac": "ENC[AES256_GCM,data:5NglWBL3/cchOkH8WAXeutVfTYnUcLjuyrLOlZpXIw6hAH3bKDH3CoeGW37HO/5xSfHXaUuTFYHiJFpIQ3WX1E4DzemZnQbYuKUSi8Xdjd+k0P+Hxw84Jc5hIoRpP8iFgvMujAFL9PwDW0Ol+qZhrmYhSVTCJDeQaRqMxIZCIO4=,iv:acM+Wl0GphPQ5ardXjS87nxRBKxEXt8J0d1kkdyAwKU=,tag:5IcItivWEOW5VOyI3YNO0g==,type:str]", + "lastmodified": "2026-04-11T02:55:47Z", + "mac": "ENC[AES256_GCM,data:QVhghgb1rjrFY/JzrFtUZYUQgfRc6leAwYKSG9KJzoGju5fBKVMkDO4JhALqfkepxj+pTiYcgoQoFiZWsvH+7aTwqufuOMSvsBA6vG6l0qcKbWBoSQMRYNuNZGHkhemWM3RKMbmB8kskH9mY7A/DowCoZSAMKM1qIDCkZDHME+A=,iv:khrxv6jGpxHbfkQt35Qc88BSPUQW/XHe/B25rFMsNNE=,tag:i14rzV4QxTYIKOmqGVkQwA==,type:str]", "unencrypted_suffix": "_unencrypted", "version": "3.12.1" } diff --git a/users/ethan/home.nix b/users/ethan/home.nix index 6f2e23a2..c903c231 100644 --- a/users/ethan/home.nix +++ b/users/ethan/home.nix @@ -1,4 +1,4 @@ -{ suites, profiles, pkgs, ... }: { +{ suites, profiles, config, pkgs, ... }: { imports = (with suites; base ++ development ++ identity) ++ (with profiles; [ elixir mise nodejs tools.media-management ruby ]) ++ [ ./profiles/git.nix @@ -14,4 +14,6 @@ homeDirectory = "/Users/ethan"; stateVersion = "24.05"; }; + + sops.secrets.biz = { path = "${config.home.homeDirectory}/biz.txt"; }; } From 7ba9b9c11a5ff1144f53624936d30c1a7f109da6 Mon Sep 17 00:00:00 2001 From: Ethan Turkeltaub Date: Fri, 10 Apr 2026 23:36:47 -0400 Subject: [PATCH 3/9] Add secret for GitHub PAT in `nix.conf` --- hosts/eMac/configuration.nix | 2 -- secrets.json | 20 -------------------- users/ethan/home.nix | 4 +--- 3 files changed, 1 insertion(+), 25 deletions(-) delete mode 100644 secrets.json diff --git a/hosts/eMac/configuration.nix b/hosts/eMac/configuration.nix index 80ae6432..26fbe4fd 100644 --- a/hosts/eMac/configuration.nix +++ b/hosts/eMac/configuration.nix @@ -10,8 +10,6 @@ networking.hostName = "eMac"; - sops.secrets.foo = { }; - homebrew = { brews = [ "postgresql@14" diff --git a/secrets.json b/secrets.json deleted file mode 100644 index 843fa595..00000000 --- a/secrets.json +++ /dev/null @@ -1,20 +0,0 @@ -{ - "foo": "ENC[AES256_GCM,data:qOFd,iv:gXuw0T+sfYtWFIKhMGlEcSCL2/wCe63IXyKxjDESTmE=,tag:tWopWv+CIM85IkqQ5vf4dg==,type:str]", - "biz": "ENC[AES256_GCM,data:/d6G,iv:eZwBh/xC8XJa/iFZR999bRRty8KzkhXkVaC0k+xqIPU=,tag:cFVS7XrGYUDsjiH2Dyvmwg==,type:str]", - "sops": { - "age": [ - { - "recipient": "age10539mc6shf02hpa8huyjktdw3nfyavxdg8pt247wwvq4xrv8h5zs8nc0k0", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5S2NwY2dZNlBPS00wZnNB\ncFJkSVBBS0V6VWFtbG5hZ0Jxc3M0NkVrMHlNCmpoY00xMkRJaFFxcHJEU1F4QklL\nN1NrZFFHNWZQRjFJcEpyWEEzWDZMQUEKLS0tIEFNdG8vU3pQa1dYVkZVd0dvd0RP\nTi9oUnJLS0pwZ0ZDNnFzUnNzNlRMMVkKnDZ7wvJF6fDXVjfu/A3V9fm+Ij09APkF\nGoKFxdHSEwaMiXg0VSUDunghm7+C7vtnjHkbQ6oOkfcxYL2iCS4ZZg==\n-----END AGE ENCRYPTED FILE-----\n" - }, - { - "recipient": "age1ypylw6zxmaxwzqehtf0976jlx8zc2a5npj9s4rzeawwxcdchk3kqzjusdl", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3NXN0dUM3MHlodXpDMkc4\nMlBPMytoc1V0cXFNQm8xaFBEbndzS2I3MWpFCnFnLzFaSjFXN1d3ODFrU0hIWWMx\nUWdKTlMzYkgrOEFyYURDNXBwZzQzUjgKLS0tIHRnUXhTUEdndWVvVEVNVXE4WWht\ndnFkdmt6cXpyTlRNd2h0cDRGaHFabk0KuHlyO8tpGxwiqfiiMTcA8Bv1Z9PhNvnc\npjZhCZZ1AtP9cF42Br/1lWAK8k9v8ez0mSRB6va5uSxiNgWsfoP40A==\n-----END AGE ENCRYPTED FILE-----\n" - } - ], - "lastmodified": "2026-04-11T02:55:47Z", - "mac": "ENC[AES256_GCM,data:QVhghgb1rjrFY/JzrFtUZYUQgfRc6leAwYKSG9KJzoGju5fBKVMkDO4JhALqfkepxj+pTiYcgoQoFiZWsvH+7aTwqufuOMSvsBA6vG6l0qcKbWBoSQMRYNuNZGHkhemWM3RKMbmB8kskH9mY7A/DowCoZSAMKM1qIDCkZDHME+A=,iv:khrxv6jGpxHbfkQt35Qc88BSPUQW/XHe/B25rFMsNNE=,tag:i14rzV4QxTYIKOmqGVkQwA==,type:str]", - "unencrypted_suffix": "_unencrypted", - "version": "3.12.1" - } -} diff --git a/users/ethan/home.nix b/users/ethan/home.nix index c903c231..6f2e23a2 100644 --- a/users/ethan/home.nix +++ b/users/ethan/home.nix @@ -1,4 +1,4 @@ -{ suites, profiles, config, pkgs, ... }: { +{ suites, profiles, pkgs, ... }: { imports = (with suites; base ++ development ++ identity) ++ (with profiles; [ elixir mise nodejs tools.media-management ruby ]) ++ [ ./profiles/git.nix @@ -14,6 +14,4 @@ homeDirectory = "/Users/ethan"; stateVersion = "24.05"; }; - - sops.secrets.biz = { path = "${config.home.homeDirectory}/biz.txt"; }; } From 683f50ab790b4e0b3587c80cf9d2ac31b9120094 Mon Sep 17 00:00:00 2001 From: Ethan Turkeltaub Date: Sat, 11 Apr 2026 09:44:04 -0400 Subject: [PATCH 4/9] Update secrets --- modules/profiles/system/core/nix-config/secrets.json | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/modules/profiles/system/core/nix-config/secrets.json b/modules/profiles/system/core/nix-config/secrets.json index 70fce03d..3b09eb13 100644 --- a/modules/profiles/system/core/nix-config/secrets.json +++ b/modules/profiles/system/core/nix-config/secrets.json @@ -4,11 +4,19 @@ "age": [ { "recipient": "age10539mc6shf02hpa8huyjktdw3nfyavxdg8pt247wwvq4xrv8h5zs8nc0k0", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBV1BzVHpRYWMzN2lrTmR1\nTG1CdDc5a2lMbXZxNnc5RnlhMEg0aklyUFNzCkovbElTOGhIZjNuMHFsU3ZNQWhN\nc0VNeFhST3EybGR6eDZqbnhNNUFsTmsKLS0tIGZlK0JDRG5QWWFXdnByQjdZTkti\neVNrQWFCUll2d2VFbFVEdkF1YnhEa2MK0EhU2rJSFMHJ9SUCBWxdgXXOh1gyGKDr\nY0A7DVjbhqZqPUz0DMmnrTn7um7uvxJqy+QEwd/nDUtbHgh1Ws/urQ==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGcFJCMkxmVE50MGMxUU9B\nU0hWZU80aGNGV2JWcW15RTYxRTVUL2QwUW1RCnBwbUpCYTdzYW13WW1pMnY2aUhy\nTmsySHFIWlFudk1ZamVWb0huMVNRZUUKLS0tIEFHYTBFSGhJNTY3eFpYRVI3bEFk\nYkx6QjFLbVFoTWVyNzVaQ05FVW1yQTgK1lbBhhCvCGX96oNt9UAx0p3d+aJubew2\nZuX7UXjXOd6uRpO08zaBwPVC7rCivmPsm+54hhZmFvWm1m4WhD5boA==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1s2dhv789xf9jjfr9pdjsww7rf4dutl3qmavgpurlwj6l5khdkfasd4v7xn", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLQnNFaEduaWVrWGNrUW5K\nZEdka2JxSmRMSjhuM3RGYU9FOWJiRTQyd0FJCkhFZG9NT0p2MS9hSmhHbGFweGlZ\nM2ZieE11YWpmcHhhQXg5V09WbmYzUWsKLS0tIHNUdHRYYWloV2oxcURkekNhdDRG\nRkJxOHh5MlorTnNxbXhsUkJtcUlPRkUKS7ustSTK/mh/In1bclZGHJ+4yrtI/wTl\n8xHN2hI9tiuXk3PJT73PTc0V/6BBYXsHC3HYSPVcgRbEPLf0KU8uqQ==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1hqq6znfaedyrmqkqqnaafa243cus77nts3e5vunxdl5xkfm6ffgqmf70r8", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnUkN1VFJoOGJBVUszMmJL\najVnZkZ5bTRHZkJVcXlSS0toNDl2N0dIU2tJCnN5Q0MxdmVxc2s3cTY3bjgxUDBV\nY3YxNFE2YnhNSG1ZR0xDa09MbitLM2sKLS0tIHp4QmhMaEJkWFV1Y1NxSUp5WnVv\nY2tlSjBING01Yi9PeXcvQjZLSWpCUzgKwb98LBNBawqlAEGIuZzBWSh7S/4fLJV5\nVsewLWRGyePe/IbekpnYpENvVVP7oap9QSsdIdlYGyg4zycnQN1w1w==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsb1FtYXdUbTczVVBUbGJK\nSThSZlBJbG5ybitQd1VFNVNXTTFralpadUVJCmh6TE94dWJVdUVIZDJVcWlCdGM4\nUDIvbS9OV29CMHlORkxGWnFCQ0V2cFEKLS0tIGhoNGoza1BVWmtKRU1VRzB5UlQ1\nWk9wYzB1VDNnRW5EbUJNYXVuZFc4TmMKbo2wmIqT0owmmEhFHnoj40fMiOitoRo6\nI89QzzC9nEsKvqjRHysgRJx5r6DnEryz1lidEw8MZso29xJj44kBDQ==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1zkx88lththygcwj07xtz54tcvy6ltavnedrpskfpzcdh9tt2ngyq9gvqv5", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsL0hMVWgyYU15SUFsQ25w\nQXRTYUNZeE02SHBGMFFteHlEQTN0cmg2NjBVCjJTWER2SVRURndhU2NIWmNZOGN3\neEh2dm14d0pmTlVVV3FMZW1aNWxGclkKLS0tIDd3ci9SY3h4TnpHQy9yU24wT3c1\nTHNpRTVwZUJOa1NkS28vS3dsREc3eDgK5y+i56ywqzk4vXg3Vwrn8m2BRu9jiTpB\nMMCjOv4fMPg+N3xJR/7cS+QnM5zDH8lk9mDtj8yEVcFpTTjRyucotQ==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2026-04-11T03:31:33Z", From 640a04483caa2ac61205d03c25e1f34b864050ce Mon Sep 17 00:00:00 2001 From: Ethan Turkeltaub Date: Sat, 11 Apr 2026 09:47:10 -0400 Subject: [PATCH 5/9] Add Claude Code secret for Mercury --- users/et/profiles/claude-code/secrets.json | 27 ++++++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 users/et/profiles/claude-code/secrets.json diff --git a/users/et/profiles/claude-code/secrets.json b/users/et/profiles/claude-code/secrets.json new file mode 100644 index 00000000..3f171609 --- /dev/null +++ b/users/et/profiles/claude-code/secrets.json @@ -0,0 +1,27 @@ +{ + "claude_code_github_pat_mercury": "ENC[AES256_GCM,data:EEx6ucrRXLTS/lGRdd300P74mRFCmew4LHsjv8N5AQnwpNU/YQqcUA==,iv:syMLcP+02D6JNzoLcfly3gdaxYZZbc8sw1kBLuymsuE=,tag:ut60GUiJBgczT1bYfAMulA==,type:str]", + "sops": { + "age": [ + { + "recipient": "age10539mc6shf02hpa8huyjktdw3nfyavxdg8pt247wwvq4xrv8h5zs8nc0k0", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3MXY0djd2Lzl6Q1hDOU5s\nTWtQSzdWTlFSZU5VWnJ3QzhwUERvWUwzOXhVCkhLR0xEcDFnTnY1WWgwYmxnVFF6\nRnBhZjFzUkVrZk84NDJjTlZQYy9aanMKLS0tIDVFclVDTklsaXN5eVpzekxSL01k\nL2U3a1BzN0l1WnlOOHhkeGU2Mnd6em8K+j+2hqWkAMrdXLdnP76bBXTZovPuxCJy\n11RITEo2WrkFGGbvVCr35Iw15tdvM2Lx78Ksb+133GsGJr6tyMQjcg==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1s2dhv789xf9jjfr9pdjsww7rf4dutl3qmavgpurlwj6l5khdkfasd4v7xn", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvYVZ1MVRNTVRpUitaakd4\ncU5Sc1N1TUZvbXI0SVk5bS8yQktObFd2VWdvClpKZmwrUUQ5d2JlUGozRUtqeGds\nVlpqSXp5UGxPb2hXcVE3bG4xOER1MHMKLS0tIDhMaWVkUjlGVDFQNlpUSVVZL0tq\nRUppek5vcVRiczgzZzNmaDNTLzN0LzgKZuRCKXiliG4JmRcRKkL7ay9/iSCFcvlZ\nvYPUfcEfT+6j4yBsg6wYyYDud8WmX/8xOuVZi8G3ASsi4S1zMCYfPQ==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1hqq6znfaedyrmqkqqnaafa243cus77nts3e5vunxdl5xkfm6ffgqmf70r8", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1c1hzckUrVWU0dTE4bUUx\nSE51VmtlcmdQRThYcTVCR2VtSU1qOHMrc0Z3CnhaRjl4NnNFVWpJV3VjL0dTS0pW\nY0pLRWxnemtScTN3b2JtR2JkK0xxckEKLS0tIEtpTXNWbzlQWTNGek5HSEV6V0hE\nTkRTekdVdjVwTG0rT29XeVlHOGZIQmsKGBDjcZKxfU0wI3nKYHkoX1c9y5IOW7S7\nBtdKJhLJXkILTyzhnMaed3IbIfUn9Gw848UGLSffcKYaaRz6PjEZAA==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1zkx88lththygcwj07xtz54tcvy6ltavnedrpskfpzcdh9tt2ngyq9gvqv5", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlalVybklFZGd6VTk5djBH\nNTZPZlc2d0dTTnM1MVBya0RzWTFtd001TXlZCnp3ZytVRWpyNEg3T0pCSythUzFv\nVmVLQy94cVU5a3lOQkRFLzdXM1puYW8KLS0tIHVDR0xVTS9tNVVaZC9rMUZPa3dU\nZkd4TUwxWStONTRMQnBCS2prUmk0WFkKclu880lKKMrEmAx1IEZyM5+82I8C5k5u\nMYLELib2/vL4U5cGCeCBYWE0SWn8OgkT39sM77uSEGDDsMicN58UBA==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2026-04-11T13:46:39Z", + "mac": "ENC[AES256_GCM,data:HRonle4eGjVoMZWhJtbJxZqjLV9K2g/v7SCiLpy5NdjwCVyQC8B1Wwrqmfa/qOePk0U/QJrkkf6W+/L3hcX9HwquYxTZ6Bgi0Ne7WzMXHP2PWyb05aPNZ7pSCw3PEUinVqdpu1X3+1frm9jN5MyAkF3sdtj9zTacNGRdf19YO3A=,iv:qrfsE7fH2d0xUL0VAz8WJYjwpYgsD9QOfE6UMCldE5k=,tag:KHgnXQ3zw9Br0wdQbJkdFQ==,type:str]", + "unencrypted_suffix": "_unencrypted", + "version": "3.12.1" + } +} From f52a10dcdb918252b8a1538837b764a82c0e35ca Mon Sep 17 00:00:00 2001 From: Ethan Turkeltaub Date: Sat, 11 Apr 2026 14:26:16 -0400 Subject: [PATCH 6/9] Add MCP integrations --- flake.lock | 28 ++++++++++++++++--- flake.nix | 5 +++- lib/src/hm.nix | 6 ++-- modules/profiles/home/claude-code.nix | 6 ++++ modules/profiles/home/mcp/default.nix | 1 + modules/profiles/home/mcp/github/default.nix | 20 +++++++++++++ modules/profiles/home/mcp/github/secrets.json | 27 ++++++++++++++++++ modules/profiles/home/mcp/nixos.nix | 1 + modules/suites/home.nix | 4 +++ users/et/profiles/claude-code/secrets.json | 27 ------------------ 10 files changed, 91 insertions(+), 34 deletions(-) create mode 100644 modules/profiles/home/claude-code.nix create mode 100644 modules/profiles/home/mcp/default.nix create mode 100644 modules/profiles/home/mcp/github/default.nix create mode 100644 modules/profiles/home/mcp/github/secrets.json create mode 100644 modules/profiles/home/mcp/nixos.nix delete mode 100644 users/et/profiles/claude-code/secrets.json diff --git a/flake.lock b/flake.lock index ae0940d7..6bf836fb 100644 --- a/flake.lock +++ b/flake.lock @@ -1999,16 +1999,15 @@ ] }, "locked": { - "lastModified": 1775077333, - "narHash": "sha256-OXcxobt7lBkh1B8AjwreU+24myhtKpqeLfAeIyNLFY8=", + "lastModified": 1775900011, + "narHash": "sha256-QUGu6CJYFQ5AWVV0n3/FsJyV+1/gj7HSDx68/SX9pwM=", "owner": "nix-community", "repo": "home-manager", - "rev": "49ca96b2714c5931e17401eff87f3edd42d2b0f2", + "rev": "b0569dc6ec1e6e7fefd8f6897184e4c191cd768e", "type": "github" }, "original": { "owner": "nix-community", - "ref": "release-25.11", "repo": "home-manager", "type": "github" } @@ -2229,6 +2228,26 @@ "type": "github" } }, + "mcp-servers": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1775901136, + "narHash": "sha256-5J+54o9YDgAeY1iYuSN7kVt0cTB90x4zO5whqdPg3Tw=", + "owner": "natsukium", + "repo": "mcp-servers-nix", + "rev": "59335c80be7b719df7b6e6473f14424b1e6647df", + "type": "github" + }, + "original": { + "owner": "natsukium", + "repo": "mcp-servers-nix", + "type": "github" + } + }, "mise": { "inputs": { "flake-utils": "flake-utils", @@ -4222,6 +4241,7 @@ "flake-root": "flake-root", "haumea": "haumea", "home-manager": "home-manager", + "mcp-servers": "mcp-servers", "nix-darwin": "nix-darwin", "nixpkgs": "nixpkgs", "nixpkgs-master": "nixpkgs-master", diff --git a/flake.nix b/flake.nix index f1cbb348..bca1e589 100644 --- a/flake.nix +++ b/flake.nix @@ -29,7 +29,7 @@ nix-darwin.url = "github:nix-darwin/nix-darwin/nix-darwin-25.11"; nix-darwin.inputs.nixpkgs.follows = "nixpkgs"; - home-manager.url = "github:nix-community/home-manager/release-25.11"; + home-manager.url = "github:nix-community/home-manager"; home-manager.inputs.nixpkgs.follows = "nixpkgs"; flake-root.url = "github:srid/flake-root"; @@ -48,6 +48,9 @@ emacs-overlay.url = "github:nix-community/emacs-overlay"; emacs-overlay.inputs.nixpkgs.follows = "nixpkgs"; + mcp-servers.url = "github:natsukium/mcp-servers-nix"; + mcp-servers.inputs.nixpkgs.follows = "nixpkgs"; + pragmatapro.url = "git+ssh://git@github.com/ethnt/pragmatapro"; pragmatapro.inputs.nixpkgs.follows = "nixpkgs"; pragmatapro.inputs.flake-parts.follows = "flake-parts"; diff --git a/lib/src/hm.nix b/lib/src/hm.nix index 8925e0b5..61eb91e3 100644 --- a/lib/src/hm.nix +++ b/lib/src/hm.nix @@ -5,8 +5,10 @@ let l = inputs.nixpkgs.lib // builtins; - sharedModules = l.attrValues flake.homeModules - ++ [ inputs.sops-nix.homeManagerModules.sops ]; + sharedModules = l.attrValues flake.homeModules ++ (with inputs; [ + sops-nix.homeManagerModules.sops + mcp-servers.homeManagerModules.default + ]); extraSpecialArgs = { inherit flake inputs secrets; diff --git a/modules/profiles/home/claude-code.nix b/modules/profiles/home/claude-code.nix new file mode 100644 index 00000000..87e8bda2 --- /dev/null +++ b/modules/profiles/home/claude-code.nix @@ -0,0 +1,6 @@ +{ + programs.claude-code = { + enable = true; + enableMcpIntegration = true; + }; +} diff --git a/modules/profiles/home/mcp/default.nix b/modules/profiles/home/mcp/default.nix new file mode 100644 index 00000000..343c82f5 --- /dev/null +++ b/modules/profiles/home/mcp/default.nix @@ -0,0 +1 @@ +{ programs.mcp.enable = true; } diff --git a/modules/profiles/home/mcp/github/default.nix b/modules/profiles/home/mcp/github/default.nix new file mode 100644 index 00000000..c2055de4 --- /dev/null +++ b/modules/profiles/home/mcp/github/default.nix @@ -0,0 +1,20 @@ +{ config, ... }: { + sops = { + secrets.github_mcp_pat = { + sopsFile = ./secrets.json; + path = "${config.xdg.dataHome}/secrets/mcp/github-mcp-pat.txt"; + }; + + templates.github_mcp_env_file = { + content = '' + GITHUB_PERSONAL_ACCESS_TOKEN=${config.sops.placeholder.github_mcp_pat} + ''; + mode = "0777"; + }; + }; + + mcp-servers.programs.github = { + enable = true; + envFile = config.sops.templates.github_mcp_env_file.path; + }; +} diff --git a/modules/profiles/home/mcp/github/secrets.json b/modules/profiles/home/mcp/github/secrets.json new file mode 100644 index 00000000..7d06c7a3 --- /dev/null +++ b/modules/profiles/home/mcp/github/secrets.json @@ -0,0 +1,27 @@ +{ + "github_mcp_pat": "ENC[AES256_GCM,data:L8TNbqtvvbl8Un/VXTeqqPYA9pJcS6TgyMZNI5mZyMuB+HQrfoR5Ew==,iv:FkL5gq/va/CEPYvvk0CMSMOmoIv3H3/u+RY9HdQe7Xc=,tag:VI8mlpcrSSHjJUpLZNgIsg==,type:str]", + "sops": { + "age": [ + { + "recipient": "age10539mc6shf02hpa8huyjktdw3nfyavxdg8pt247wwvq4xrv8h5zs8nc0k0", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkb0h6cjlFYWNzc25ZdXl4\nTnppQXo1SVhDQVUyNkhIdFA0K2JKY1BYbkJrCjhHZmIyclV3TWpDMjEyUS9Rb2lW\ncXpQOFhoVXBUNEtoQmx4WEo1OGpnQTgKLS0tIGxaN0xvQ3ZYdnEwWmoxZGR1R1My\nZlFmNVFYN0JDbWFFSk4vcDFoL1o1SGcKLZbwXjvCGfA9/e0/bdDTTf9NIg4XWBYQ\nm+kCwS2KSxlgFZux81UO5Jgo9irkwJ5giyvy3EksXHaGItGEsgWN2Q==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1s2dhv789xf9jjfr9pdjsww7rf4dutl3qmavgpurlwj6l5khdkfasd4v7xn", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxYlV5Z3ZkRExxL1A2aFlC\nV2hNVHFZU05RVWJtOG82YXVjWE9rb044S0ZrCnIvV3F3MHltMHNaUFprKzRubURM\nL1FmMVdKdFZLbEcxT0xVMlZObjlHWmsKLS0tIFVrSTIzdlByaExqNzBtK2xwWGZN\nbWxneERMS05icE5Wb2gwSXROdjdTOEkKsXQ2uGllbWEALG943bIHsF05Ic93rfdX\n3nwiqsTpXorkfuv/38RRi61OvGPJFwx+SGHEnX22nfIka4ltFC2Yrg==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1hqq6znfaedyrmqkqqnaafa243cus77nts3e5vunxdl5xkfm6ffgqmf70r8", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrWm9JQU0yK1h0eHRkY2tN\nczFhSHJiNG9ReXhjMkpLYXlrRTZsU1dNZ0RNCklpaHpNSHhPSXVpdFdyWStTaVFs\naGk2N1l2VUYzSnNlWDR5eXNmMGVNdEEKLS0tIDhVLzhXbm1LbGRpVTZlVTFqL0hz\nMVBmS05venVkRnV5NndnMUJWbVhwM3cKizmrV8U0BJj4Mu2g0nHLA9j+SvDbBC10\n9auqt6WjqbsyiCbpdKTmu6krzHK3Ivg8YKekLIAnPKaexa8CBe2CBA==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1zkx88lththygcwj07xtz54tcvy6ltavnedrpskfpzcdh9tt2ngyq9gvqv5", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwWDltbGlKVlRhRkxCMW5V\ncm14bmpXam5zR2VkbGhUSHpFemc5VTVueVY0CklYNllSMHprSVlTMlJ1ZGJJc0pK\nbDZzNU5MOWtGclM1TFFseHNKclM1UGMKLS0tIHVtV2dGRmgxMXdjYkZJZDRjNXZZ\nZ01uaHo4Q0ZVNzlJSEo5L1ZGUXlwRUUKsMz0K7x57fbPka6BAlINK8P0AK+UdiQh\nTtnS0wYIIz/SAGDqcBKtZNH902v2zpJXkrWu5e2+f4z6Thu84Gk6mg==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2026-04-11T18:18:16Z", + "mac": "ENC[AES256_GCM,data:mr9tFkYfP5l9a0hpRtLJK4GosCyZJ+aIXpol6IyzfQh4hPQORuxFVLMW5FgkNNFf6Cw9+Vvjn/iIAdQcDt/rvLJ4493RX/nfN/uU7yq1RL+d3amIfHUTabzh64erdt2INgVkhocLQb8crXH/JWE2unQHEGW1hS8BrVnFrQKZdqY=,iv:FwlnaMdzkKnSYtO2WGtRZ5x8qK/d38p7sxM5Gvf7Iqs=,tag:mc+wo0LIATIHvlLm6Z0yQg==,type:str]", + "unencrypted_suffix": "_unencrypted", + "version": "3.12.1" + } +} diff --git a/modules/profiles/home/mcp/nixos.nix b/modules/profiles/home/mcp/nixos.nix new file mode 100644 index 00000000..9863583e --- /dev/null +++ b/modules/profiles/home/mcp/nixos.nix @@ -0,0 +1 @@ +{ mcp-servers.programs.nixos.enable = true; } diff --git a/modules/suites/home.nix b/modules/suites/home.nix index 8f5bc0f6..dbd02555 100644 --- a/modules/suites/home.nix +++ b/modules/suites/home.nix @@ -29,12 +29,16 @@ with profiles; ]; development = [ + claude-code git.common git.difftastic git.mergiraf git.worktrunk gh gh-dash + mcp.default + mcp.github.default + mcp.nixos mise vscode ]; diff --git a/users/et/profiles/claude-code/secrets.json b/users/et/profiles/claude-code/secrets.json deleted file mode 100644 index 3f171609..00000000 --- a/users/et/profiles/claude-code/secrets.json +++ /dev/null @@ -1,27 +0,0 @@ -{ - "claude_code_github_pat_mercury": "ENC[AES256_GCM,data:EEx6ucrRXLTS/lGRdd300P74mRFCmew4LHsjv8N5AQnwpNU/YQqcUA==,iv:syMLcP+02D6JNzoLcfly3gdaxYZZbc8sw1kBLuymsuE=,tag:ut60GUiJBgczT1bYfAMulA==,type:str]", - "sops": { - "age": [ - { - "recipient": "age10539mc6shf02hpa8huyjktdw3nfyavxdg8pt247wwvq4xrv8h5zs8nc0k0", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3MXY0djd2Lzl6Q1hDOU5s\nTWtQSzdWTlFSZU5VWnJ3QzhwUERvWUwzOXhVCkhLR0xEcDFnTnY1WWgwYmxnVFF6\nRnBhZjFzUkVrZk84NDJjTlZQYy9aanMKLS0tIDVFclVDTklsaXN5eVpzekxSL01k\nL2U3a1BzN0l1WnlOOHhkeGU2Mnd6em8K+j+2hqWkAMrdXLdnP76bBXTZovPuxCJy\n11RITEo2WrkFGGbvVCr35Iw15tdvM2Lx78Ksb+133GsGJr6tyMQjcg==\n-----END AGE ENCRYPTED FILE-----\n" - }, - { - "recipient": "age1s2dhv789xf9jjfr9pdjsww7rf4dutl3qmavgpurlwj6l5khdkfasd4v7xn", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvYVZ1MVRNTVRpUitaakd4\ncU5Sc1N1TUZvbXI0SVk5bS8yQktObFd2VWdvClpKZmwrUUQ5d2JlUGozRUtqeGds\nVlpqSXp5UGxPb2hXcVE3bG4xOER1MHMKLS0tIDhMaWVkUjlGVDFQNlpUSVVZL0tq\nRUppek5vcVRiczgzZzNmaDNTLzN0LzgKZuRCKXiliG4JmRcRKkL7ay9/iSCFcvlZ\nvYPUfcEfT+6j4yBsg6wYyYDud8WmX/8xOuVZi8G3ASsi4S1zMCYfPQ==\n-----END AGE ENCRYPTED FILE-----\n" - }, - { - "recipient": "age1hqq6znfaedyrmqkqqnaafa243cus77nts3e5vunxdl5xkfm6ffgqmf70r8", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1c1hzckUrVWU0dTE4bUUx\nSE51VmtlcmdQRThYcTVCR2VtSU1qOHMrc0Z3CnhaRjl4NnNFVWpJV3VjL0dTS0pW\nY0pLRWxnemtScTN3b2JtR2JkK0xxckEKLS0tIEtpTXNWbzlQWTNGek5HSEV6V0hE\nTkRTekdVdjVwTG0rT29XeVlHOGZIQmsKGBDjcZKxfU0wI3nKYHkoX1c9y5IOW7S7\nBtdKJhLJXkILTyzhnMaed3IbIfUn9Gw848UGLSffcKYaaRz6PjEZAA==\n-----END AGE ENCRYPTED FILE-----\n" - }, - { - "recipient": "age1zkx88lththygcwj07xtz54tcvy6ltavnedrpskfpzcdh9tt2ngyq9gvqv5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlalVybklFZGd6VTk5djBH\nNTZPZlc2d0dTTnM1MVBya0RzWTFtd001TXlZCnp3ZytVRWpyNEg3T0pCSythUzFv\nVmVLQy94cVU5a3lOQkRFLzdXM1puYW8KLS0tIHVDR0xVTS9tNVVaZC9rMUZPa3dU\nZkd4TUwxWStONTRMQnBCS2prUmk0WFkKclu880lKKMrEmAx1IEZyM5+82I8C5k5u\nMYLELib2/vL4U5cGCeCBYWE0SWn8OgkT39sM77uSEGDDsMicN58UBA==\n-----END AGE ENCRYPTED FILE-----\n" - } - ], - "lastmodified": "2026-04-11T13:46:39Z", - "mac": "ENC[AES256_GCM,data:HRonle4eGjVoMZWhJtbJxZqjLV9K2g/v7SCiLpy5NdjwCVyQC8B1Wwrqmfa/qOePk0U/QJrkkf6W+/L3hcX9HwquYxTZ6Bgi0Ne7WzMXHP2PWyb05aPNZ7pSCw3PEUinVqdpu1X3+1frm9jN5MyAkF3sdtj9zTacNGRdf19YO3A=,iv:qrfsE7fH2d0xUL0VAz8WJYjwpYgsD9QOfE6UMCldE5k=,tag:KHgnXQ3zw9Br0wdQbJkdFQ==,type:str]", - "unencrypted_suffix": "_unencrypted", - "version": "3.12.1" - } -} From 7793b201e12b861a0a58141815422c0bb3b78e1e Mon Sep 17 00:00:00 2001 From: Ethan Turkeltaub Date: Sat, 11 Apr 2026 16:59:24 -0400 Subject: [PATCH 7/9] Add Notion MCP --- Justfile | 4 ++++ flake.lock | 13 ++++++------- flake.nix | 3 ++- users/et/profiles/mcp.nix | 1 + 4 files changed, 13 insertions(+), 8 deletions(-) create mode 100644 users/et/profiles/mcp.nix diff --git a/Justfile b/Justfile index 417ebc31..6046b3e1 100644 --- a/Justfile +++ b/Justfile @@ -48,15 +48,19 @@ move-rc-files: sudo mv /etc/zshrc /etc/zshrc.before-nix-darwin sudo mv /etc/zprofile /etc/zprofile.before-nix-darwin +[doc("Edit a secret file")] edit-secret file: EDITOR="zeditor --wait" sops {{ file }} +[doc("Update all secret files with new keys")] update-secret-files: find . -regextype egrep -regex '^.*secrets\.(json|yml)' -execdir sops updatekeys {} -y ';' +[doc("Generate an age key for the current user")] generate-user-age-key: mkdir -p ~/.config/sops/age nix shell nixpkgs#age --command sh -c "age-keygen -o ~/.config/sops/age/keys.txt" +[doc("Get the age key for the current host")] host-age-key: nix shell nixpkgs#ssh-to-age --command sh -c "sudo cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age" diff --git a/flake.lock b/flake.lock index 6bf836fb..71b97a12 100644 --- a/flake.lock +++ b/flake.lock @@ -4574,17 +4574,16 @@ ] }, "locked": { - "lastModified": 1771943863, - "narHash": "sha256-uSsGDhojfy6BbjHJ6gRnbCnrsspoMTWeWg3Ci2Nbdj8=", - "ref": "refs/heads/main", - "rev": "7054ab1713cd73ec5bdd917a38ad69603683c0c7", - "revCount": 35, + "dirtyRev": "451e1d0c6e14cd046338fc4e6cfde5d5fc820f99-dirty", + "dirtyShortRev": "451e1d0-dirty", + "lastModified": 1769469089, + "narHash": "sha256-wbYdSY9Sp+wDUUoRGAcnX0m6WUoqjLPkYNJ5TT/e4cg=", "type": "git", - "url": "ssh://git@github.com/ethnt/tilde-secrets" + "url": "file:///Users/ethan/Workspace/tilde-secrets" }, "original": { "type": "git", - "url": "ssh://git@github.com/ethnt/tilde-secrets" + "url": "file:///Users/ethan/Workspace/tilde-secrets" } }, "tilde-secrets_2": { diff --git a/flake.nix b/flake.nix index bca1e589..a58ae651 100644 --- a/flake.nix +++ b/flake.nix @@ -43,7 +43,8 @@ treefmt.url = "github:numtide/treefmt-nix"; treefmt.inputs.nixpkgs.follows = "nixpkgs"; - tilde-secrets.url = "git+ssh://git@github.com/ethnt/tilde-secrets"; + # tilde-secrets.url = "git+ssh://git@github.com/ethnt/tilde-secrets"; + tilde-secrets.url = "git+file:///Users/ethan/Workspace/tilde-secrets"; emacs-overlay.url = "github:nix-community/emacs-overlay"; emacs-overlay.inputs.nixpkgs.follows = "nixpkgs"; diff --git a/users/et/profiles/mcp.nix b/users/et/profiles/mcp.nix new file mode 100644 index 00000000..ac873643 --- /dev/null +++ b/users/et/profiles/mcp.nix @@ -0,0 +1 @@ +{ mcp-servers.programs.notion.enable = true; } From 904c833628c20102130dc98625122c1ae7c7f266 Mon Sep 17 00:00:00 2001 From: Ethan Turkeltaub Date: Sat, 11 Apr 2026 17:02:31 -0400 Subject: [PATCH 8/9] Update from tilde-secrets --- flake.lock | 13 +++++++------ flake.nix | 3 +-- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/flake.lock b/flake.lock index 71b97a12..ebee1677 100644 --- a/flake.lock +++ b/flake.lock @@ -4574,16 +4574,17 @@ ] }, "locked": { - "dirtyRev": "451e1d0c6e14cd046338fc4e6cfde5d5fc820f99-dirty", - "dirtyShortRev": "451e1d0-dirty", - "lastModified": 1769469089, - "narHash": "sha256-wbYdSY9Sp+wDUUoRGAcnX0m6WUoqjLPkYNJ5TT/e4cg=", + "lastModified": 1775941241, + "narHash": "sha256-uj9pd6tBOZU9u4sCLXQ4CBkoh4Qi/hKO474Cc0g9pBM=", + "ref": "refs/heads/main", + "rev": "4baf7b5a310a8b478288ffbf31f2d9c23d6839f3", + "revCount": 36, "type": "git", - "url": "file:///Users/ethan/Workspace/tilde-secrets" + "url": "ssh://git@github.com/ethnt/tilde-secrets" }, "original": { "type": "git", - "url": "file:///Users/ethan/Workspace/tilde-secrets" + "url": "ssh://git@github.com/ethnt/tilde-secrets" } }, "tilde-secrets_2": { diff --git a/flake.nix b/flake.nix index a58ae651..bca1e589 100644 --- a/flake.nix +++ b/flake.nix @@ -43,8 +43,7 @@ treefmt.url = "github:numtide/treefmt-nix"; treefmt.inputs.nixpkgs.follows = "nixpkgs"; - # tilde-secrets.url = "git+ssh://git@github.com/ethnt/tilde-secrets"; - tilde-secrets.url = "git+file:///Users/ethan/Workspace/tilde-secrets"; + tilde-secrets.url = "git+ssh://git@github.com/ethnt/tilde-secrets"; emacs-overlay.url = "github:nix-community/emacs-overlay"; emacs-overlay.inputs.nixpkgs.follows = "nixpkgs"; From 37c991dc84248dfd1926881ec9ca99e089c1ca93 Mon Sep 17 00:00:00 2001 From: Ethan Turkeltaub Date: Sat, 11 Apr 2026 23:39:15 -0400 Subject: [PATCH 9/9] Use unstable versions of nixpkgs/nix-darwin/home-manager --- flake.lock | 45 ++++++++++++++++---------------- flake.nix | 4 +-- modules/profiles/home/man.nix | 1 + modules/profiles/home/mise.nix | 2 +- modules/profiles/home/nodejs.nix | 2 +- modules/suites/home.nix | 1 + users/et/home.nix | 2 +- users/ethan/home.nix | 2 +- 8 files changed, 30 insertions(+), 29 deletions(-) create mode 100644 modules/profiles/home/man.nix diff --git a/flake.lock b/flake.lock index ebee1677..6b239770 100644 --- a/flake.lock +++ b/flake.lock @@ -528,11 +528,11 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1775062601, - "narHash": "sha256-/5+NrxyE/JmHmnsSEve/zE7sTgXxrNSi+S+vAanmSSc=", + "lastModified": 1775925499, + "narHash": "sha256-yDiy4gqHJyHe4gliPyNabgXTJKXfddKr91MENiAJ22k=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "120ce11560e7ce7c73b9977ca15fe9915b921e82", + "rev": "d620f2831e367850fb9310849db3049587151ad1", "type": "github" }, "original": { @@ -1877,11 +1877,11 @@ ] }, "locked": { - "lastModified": 1775060170, - "narHash": "sha256-PipZGd4lzEm64M3T0OOYbej+KgXEjmyIT+SPbswqAiA=", + "lastModified": 1775588949, + "narHash": "sha256-Dui1kPYl9SyK4sT9dG5KStp2f8a8CsbG8pRWSyEPcrU=", "owner": "nix-community", "repo": "haumea", - "rev": "c9bf22f79ba1250c31d2c79232669b0280200cc6", + "rev": "efc8797aba90f740b9ddf7a6c8eaf6baf226ae77", "type": "github" }, "original": { @@ -2310,16 +2310,15 @@ ] }, "locked": { - "lastModified": 1772129556, - "narHash": "sha256-Utk0zd8STPsUJPyjabhzPc5BpPodLTXrwkpXBHYnpeg=", + "lastModified": 1775037210, + "narHash": "sha256-KM2WYj6EA7M/FVZVCl3rqWY+TFV5QzSyyGE2gQxeODU=", "owner": "nix-darwin", "repo": "nix-darwin", - "rev": "ebec37af18215214173c98cf6356d0aca24a2585", + "rev": "06648f4902343228ce2de79f291dd5a58ee12146", "type": "github" }, "original": { "owner": "nix-darwin", - "ref": "nix-darwin-25.11", "repo": "nix-darwin", "type": "github" } @@ -2994,16 +2993,16 @@ }, "nixpkgs": { "locked": { - "lastModified": 1774818300, - "narHash": "sha256-4eRB7XOFBxQ/tUUFPjz7UU2/zt1dtTiVP96X9BNWdeI=", + "lastModified": 1775823930, + "narHash": "sha256-ALT447J7FcxP/97J01A/gp/hgdO5lXRsm+zLMt+gIjc=", "owner": "nixos", "repo": "nixpkgs", - "rev": "fb0b20238291625260547f4ce9f5540aff156fd5", + "rev": "8c11f88bb9573a10a7d6bf87161ef08455ac70b9", "type": "github" }, "original": { "owner": "nixos", - "ref": "nixpkgs-25.11-darwin", + "ref": "nixpkgs-unstable", "repo": "nixpkgs", "type": "github" } @@ -3194,11 +3193,11 @@ }, "nixpkgs-master": { "locked": { - "lastModified": 1775093810, - "narHash": "sha256-kOlaUrWgaZHS63XDKAnew7iv+1nqh+QaL2xvDuKlCS8=", + "lastModified": 1775939394, + "narHash": "sha256-WJyQHoFLIHjki8bL9uR3tEP8ANmKFudsOX0/PsHpfDE=", "owner": "nixos", "repo": "nixpkgs", - "rev": "b44f78afb715c272c65fb6bcb29a7542d69fc9a0", + "rev": "bdc8856144febb6c032d0c5452f9ab764e03b5ba", "type": "github" }, "original": { @@ -3305,11 +3304,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1775002709, - "narHash": "sha256-d3Yx83vSrN+2z/loBh4mJpyRqr9aAJqlke4TkpFmRJA=", + "lastModified": 1775811116, + "narHash": "sha256-t+HZK42pB6N+i5RGbuy7Xluez/VvWbembBdvzsc23Ss=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "bcd464ccd2a1a7cd09aa2f8d4ffba83b761b1d0e", + "rev": "54170c54449ea4d6725efd30d719c5e505f1c10e", "type": "github" }, "original": { @@ -4991,11 +4990,11 @@ ] }, "locked": { - "lastModified": 1773297127, - "narHash": "sha256-6E/yhXP7Oy/NbXtf1ktzmU8SdVqJQ09HC/48ebEGBpk=", + "lastModified": 1775636079, + "narHash": "sha256-pc20NRoMdiar8oPQceQT47UUZMBTiMdUuWrYu2obUP0=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "71b125cd05fbfd78cab3e070b73544abe24c5016", + "rev": "790751ff7fd3801feeaf96d7dc416a8d581265ba", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index bca1e589..b9feb74f 100644 --- a/flake.nix +++ b/flake.nix @@ -20,13 +20,13 @@ }; inputs = { - nixpkgs.url = "github:nixos/nixpkgs/nixpkgs-25.11-darwin"; + nixpkgs.url = "github:nixos/nixpkgs/nixpkgs-unstable"; nixpkgs-master.url = "github:nixos/nixpkgs"; flake-parts.url = "github:hercules-ci/flake-parts"; - nix-darwin.url = "github:nix-darwin/nix-darwin/nix-darwin-25.11"; + nix-darwin.url = "github:nix-darwin/nix-darwin"; nix-darwin.inputs.nixpkgs.follows = "nixpkgs"; home-manager.url = "github:nix-community/home-manager"; diff --git a/modules/profiles/home/man.nix b/modules/profiles/home/man.nix new file mode 100644 index 00000000..7f3b164d --- /dev/null +++ b/modules/profiles/home/man.nix @@ -0,0 +1 @@ +{ pkgs, ... }: { programs.man.package = pkgs.man; } diff --git a/modules/profiles/home/mise.nix b/modules/profiles/home/mise.nix index 0ce96c41..5c409b1f 100644 --- a/modules/profiles/home/mise.nix +++ b/modules/profiles/home/mise.nix @@ -3,7 +3,7 @@ enable = true; enableFishIntegration = true; package = pkgs.mise; - settings = { + globalConfig.settings = { asdf_compat = true; legacy_version_file = true; idiomatic_version_file_enable_tools = [ "node" ]; diff --git a/modules/profiles/home/nodejs.nix b/modules/profiles/home/nodejs.nix index d02344a9..395e46f7 100644 --- a/modules/profiles/home/nodejs.nix +++ b/modules/profiles/home/nodejs.nix @@ -1 +1 @@ -{ pkgs, ... }: { home.packages = with pkgs; [ corepack nodejs_24 ]; } +{ pkgs, ... }: { home.packages = with pkgs; [ nodejs_25 ]; } diff --git a/modules/suites/home.nix b/modules/suites/home.nix index dbd02555..46d56fa8 100644 --- a/modules/suites/home.nix +++ b/modules/suites/home.nix @@ -16,6 +16,7 @@ with profiles; helix lazygit jujutsu + man navi paths rippkgs diff --git a/users/et/home.nix b/users/et/home.nix index 75eaa061..cd0a26ed 100644 --- a/users/et/home.nix +++ b/users/et/home.nix @@ -13,6 +13,6 @@ username = "et"; homeDirectory = "/Users/et"; - stateVersion = "24.05"; + stateVersion = "26.05"; }; } diff --git a/users/ethan/home.nix b/users/ethan/home.nix index 6f2e23a2..5dedac80 100644 --- a/users/ethan/home.nix +++ b/users/ethan/home.nix @@ -12,6 +12,6 @@ home = { username = "ethan"; homeDirectory = "/Users/ethan"; - stateVersion = "24.05"; + stateVersion = "26.05"; }; }