mixed: gpg fixes, refactoring

common/home.nix

@@ -13,13 +13,13 @@ in {
     useUserPackages = true;
     sharedModules = with tree;
       [
-        home.modules
+        modules.home
-        home.state
+        kat.state
       ]
       ++ optional (tree.${systemType} ? home) tree.${systemType}.home;
 
-    users.kat.imports = with tree; [
+    users.kat.imports = with tree.kat; [
-      home.base
+      common
     ];
     extraSpecialArgs = {
       inherit tree machine;

darwin/home.nix

@@ -1,7 +1,13 @@
-{config, ...}: {
+{config,lib,...}: let
-  services.gpg-agent.pinentryFlavor = null;
+  inherit (lib.modules) mkForce mkMerge;
+in {
+  services.gpg-agent = {
+    enable = mkForce false;
+    pinentryFlavor = null;
+  };
 
-  home.file."${config.programs.gpg.homedir}/gpg-agent.conf".text = ''
+  home.file."${config.programs.gpg.homedir}/gpg-agent.conf".text = mkMerge [
-    pinentry-program /opt/homebrew/bin/pinentry-mac
+    config.services.gpg-agent.extraConfig
-  '';
+    "pinentry-program /opt/homebrew/bin/pinentry-mac"
+  ];
 }

darwin/kat.nix

@@ -1,14 +0,0 @@
-{pkgs, ...}: {
-  users.users.kat = {
-    name = "kat";
-    home = "/Users/kat";
-    shell = pkgs.zsh;
-    uid = 501;
-  };
-  users.knownUsers = [
-    "kat"
-  ];
-  home-manager.users.kat.programs.zsh.initExtraFirst = ''
-    source /etc/static/zshrc
-  '';
-}

home/shell/zsh.nix

@@ -1,114 +0,0 @@
-{
-  config,
-  lib,
-  pkgs,
-  ...
-}: {
-  home.packages = with pkgs; [
-    # programs.zsh.enableAutosuggestions only includes nix-zsh-autocompletions
-    zsh-completions
-  ];
-
-  xdg.configFile."kattheme_immutable.json".text = builtins.toJSON rec {
-    default = config.base16.defaultSchemeName;
-    current = default;
-  };
-
-  programs.zsh = {
-    enable = true;
-    enableSyntaxHighlighting = true;
-    enableAutosuggestions = true;
-    initExtra = let
-      zshOpts = [
-        "auto_pushd"
-        "pushd_ignore_dups"
-        "pushdminus"
-        "rmstarsilent"
-        "nonomatch"
-        "long_list_jobs"
-        "interactivecomments"
-        "append_history"
-        "hist_ignore_space"
-        "hist_verify"
-        "inc_append_history"
-        "nosharehistory"
-        "nomenu_complete"
-        "auto_menu"
-        "no_auto_remove_slash"
-        "complete_in_word"
-        "always_to_end"
-        "nolistbeep"
-        "autolist"
-        "listrowsfirst"
-      ];
-    in ''
-      		${
-        if pkgs.hostPlatform.isLinux
-        then ''
-          eval $(dircolors -b | sd "\*#=00;90" "*\#=00;90")
-        ''
-        else ''
-        ''
-      }
-      PROMPT_EOL_MARK='''
-      	ZSH_TAB_TITLE_ADDITIONAL_TERMS='wezterm'
-      	ZSH_TAB_TITLE_ENABLE_FULL_COMMAND=true
-      	zmodload -i zsh/complist
-      	h=()
-      	if [[ -r ~/.ssh/config ]]; then
-      		h=($h ''${''${''${(@M)''${(f)"$(cat ~/.ssh/config)"}:#Host *}#Host }:#*[*?]*})
-      			fi
-      			if [[ $#h -gt 0 ]]; then
-      				zstyle ':completion:*:ssh:*' hosts $h
-      					zstyle ':completion:*:slogin:*' hosts $h
-      					fi
-      					unset h
-      					u=(root ${config.home.username})
-      					zstyle ':completion:*:ssh:*' users $u
-      					unset u
-      					zstyle ':completion:*:*:*:*:*' menu select
-      					zstyle ':completion:*:cd:*' tag-order local-directories directory-stack path-directories
-      					zstyle ':completion:*:*:kill:*:processes' list-colors '=(#b) #([0-9]#) ([0-9a-z-]#)*=01;34=0=01'
-      					zstyle ':completion:*:*:*:*:processes' command "ps -u $USER -o pid,user,comm -w -w"
-      					zstyle ':completion:*:complete:pass:*:*' matcher 'r:|[./_-]=** r:|=*' 'l:|=* r:|=*'
-      					zstyle ':completion:*' list-colors ''${(s.:.)LS_COLORS}
-      zstyle ':fzf-tab:complete:cd:*' fzf-preview 'exa -1lb --color=always $realpath'
-      	${lib.concatStringsSep "\n" (map (opt: "setopt ${opt}") zshOpts)}
-      bindkey '^ ' autosuggest-accept
-        ${
-        if pkgs.hostPlatform.isDarwin
-        then ''
-          export PATH="''${KREW_ROOT:-$HOME/.krew}/bin:$PATH"
-        ''
-        else ""
-      }
-    '';
-    shellAliases = lib.mkMerge [
-      {
-        nixdirfmt = "nixpkgs-fmt $(fd -e nix)";
-        dmesg = "dmesg -HP";
-        hg = "history 0 | rg";
-      }
-      (lib.mkIf pkgs.hostPlatform.isLinux {
-        sys = "systemctl";
-        sysu = "systemctl --user";
-        logu = "journalctl --user";
-        log = "journalctl";
-        lg = "log --no-pager | rg";
-      })
-    ];
-    localVariables = {
-      ZSH_AUTOSUGGEST_HIGHLIGHT_STYLE = "fg=3,bold";
-      ZSH_AUTOSUGGEST_USE_ASYNC = 1;
-    };
-    plugins = with pkgs.zsh-plugins; (map (plugin: plugin.zshPlugin) [
-      tab-title
-      vim-mode
-      evil-registers
-    ]);
-  };
-
-  home.sessionVariables = {
-    XDG_DATA_HOME = "${config.xdg.dataHome}";
-  };
-}

kat/default.nix

@@ -0,0 +1,27 @@
+{tree,lib,...}: let
+  inherit (lib.attrsets) mapAttrs;
+  wrapImports = imports: mapAttrs
+    (_: paths: { config, ... }: {
+      config.home-manager.users.kat = {
+        imports = lib.singleton paths;
+      };
+    })
+    imports;
+  dirImports = wrapImports tree.prev;
+in
+tree.prev
+// {
+  common = {
+    imports = with tree.prev; [
+      base16
+      shell
+      neovim
+    ];
+  };
+  work = {
+    imports = with dirImports; [
+      wezterm
+      gpg
+    ];
+  };
+}

kat/gpg.nix

@@ -1,10 +1,13 @@
 {lib, ...}: let
-  inherit (lib.modules) mkMerge;
+  inherit (lib.modules) mkDefault mkMerge;
 in {
   services.gpg-agent = {
-    enable = true;
+    enable = mkDefault true;
     enableExtraSocket = true;
-    enableSshSupport = false;
+    enableSshSupport = true;
+    sshKeys = [
+      "59921D2F4E6DF7EEC3CB2934BD3D53666007B1AB" # kat@inskip.me
+    ];
     extraConfig = mkMerge [
       "auto-expand-secmem 0x30000" # otherwise "gpg: public key decryption failed: Cannot allocate memory"
       "pinentry-timeout 30"

kat/shell/bitw.nix

@@ -1,9 +1,9 @@
-{pkgs, ...}: {
+{pkgs,tree,...}: {
   programs.rbw = {
     enable = true;
     package = pkgs.rbw-bitw;
     settings = {
-      email = "kat@kittywit.ch";
+      inherit (import tree.kat.user.data) email;
       base_url = "https://vault.kittywit.ch";
       identity_url = null;
       lock_timeout = 3600;

kat/shell/git.nix

@@ -1,4 +1,6 @@
-{pkgs, ...}: {
+{pkgs,tree,...}: let
+  kat = import tree.kat.user.data;
+in {
   home.packages = with pkgs; [
     gitAndTools.git-remote-gcrypt
     git-crypt
@@ -6,10 +8,9 @@
   ];
 
   programs.git = {
+    inherit (kat) userName userEmail;
     package = pkgs.gitAndTools.gitFull;
     enable = true;
-    userName = "Kat Inskip";
-    userEmail = "kat@inskip.me";
     extraConfig = {
       init = {defaultBranch = "main";};
       protocol.gcrypt.allow = "always";
@@ -20,7 +21,7 @@
       };
     };
     signing = {
-      key = "0xE8DDE3ED1C90F3A0";
+      inherit (kat) key;
       signByDefault = true;
     };
   };

kat/shell/zsh.nix

@@ -0,0 +1,114 @@
+{
+  config,
+    lib,
+    pkgs,
+    ...
+}: {
+  home.packages = with pkgs; [
+# programs.zsh.enableAutosuggestions only includes nix-zsh-autocompletions
+    zsh-completions
+  ];
+
+  xdg.configFile."kattheme_immutable.json".text = builtins.toJSON rec {
+    default = config.base16.defaultSchemeName;
+    current = default;
+  };
+
+  programs.zsh = {
+    enable = true;
+    enableSyntaxHighlighting = true;
+    enableAutosuggestions = true;
+    initExtra = let
+      zshOpts = [
+      "auto_pushd"
+        "pushd_ignore_dups"
+        "pushdminus"
+        "rmstarsilent"
+        "nonomatch"
+        "long_list_jobs"
+        "interactivecomments"
+        "append_history"
+        "hist_ignore_space"
+        "hist_verify"
+        "inc_append_history"
+        "nosharehistory"
+        "nomenu_complete"
+        "auto_menu"
+        "no_auto_remove_slash"
+        "complete_in_word"
+        "always_to_end"
+        "nolistbeep"
+        "autolist"
+        "listrowsfirst"
+        ];
+    in ''
+      ${
+        if pkgs.hostPlatform.isLinux
+          then ''
+            eval $(dircolors -b | sd "\*#=00;90" "*\#=00;90")
+            ''
+        else ''
+          ''
+      }
+    PROMPT_EOL_MARK='''
+      ZSH_TAB_TITLE_ADDITIONAL_TERMS='wezterm'
+      ZSH_TAB_TITLE_ENABLE_FULL_COMMAND=true
+      zmodload -i zsh/complist
+      h=()
+      if [[ -r ~/.ssh/config ]]; then
+        h=($h ''${''${''${(@M)''${(f)"$(cat ~/.ssh/config)"}:#Host *}#Host }:#*[*?]*})
+          fi
+          if [[ $#h -gt 0 ]]; then
+            zstyle ':completion:*:ssh:*' hosts $h
+              zstyle ':completion:*:slogin:*' hosts $h
+              fi
+              unset h
+              u=(root ${config.home.username})
+              zstyle ':completion:*:ssh:*' users $u
+              unset u
+              zstyle ':completion:*:*:*:*:*' menu select
+              zstyle ':completion:*:cd:*' tag-order local-directories directory-stack path-directories
+              zstyle ':completion:*:*:kill:*:processes' list-colors '=(#b) #([0-9]#) ([0-9a-z-]#)*=01;34=0=01'
+              zstyle ':completion:*:*:*:*:processes' command "ps -u $USER -o pid,user,comm -w -w"
+              zstyle ':completion:*:complete:pass:*:*' matcher 'r:|[./_-]=** r:|=*' 'l:|=* r:|=*'
+              zstyle ':completion:*' list-colors ''${(s.:.)LS_COLORS}
+    zstyle ':fzf-tab:complete:cd:*' fzf-preview 'exa -1lb --color=always $realpath'
+      ${lib.concatStringsSep "\n" (map (opt: "setopt ${opt}") zshOpts)}
+    bindkey '^ ' autosuggest-accept
+      ${
+        if pkgs.hostPlatform.isDarwin
+          then ''
+            export PATH="''${KREW_ROOT:-$HOME/.krew}/bin:$PATH"
+            ''
+        else ""
+      }
+    '';
+    shellAliases = lib.mkMerge [
+    {
+      nixdirfmt = "nixpkgs-fmt $(fd -e nix)";
+      dmesg = "dmesg -HP";
+      hg = "history 0 | rg";
+    }
+    (lib.mkIf pkgs.hostPlatform.isLinux {
+     sys = "systemctl";
+     sysu = "systemctl --user";
+     logu = "journalctl --user";
+     log = "journalctl";
+     lg = "log --no-pager | rg";
+     })
+    ];
+    localVariables = {
+      ZSH_AUTOSUGGEST_HIGHLIGHT_STYLE = "fg=3,bold";
+      ZSH_AUTOSUGGEST_USE_ASYNC = 1;
+    };
+    plugins = with pkgs.zsh-plugins; (map (plugin: plugin.zshPlugin) [
+        tab-title
+        vim-mode
+        evil-registers
+    ]);
+  };
+
+  home.sessionVariables = {
+    XDG_DATA_HOME = "${config.xdg.dataHome}";
+  };
+}

kat/user/common.nix

@@ -0,0 +1,6 @@
+{pkgs,tree,...}: {
+  users.users.kat = {
+    inherit (import tree.kat.user.data) description;
+    shell = pkgs.zsh;
+  };
+}

kat/user/darwin.nix

@@ -0,0 +1,10 @@
+_: {
+  users.users.kat = {
+    name = "kat";
+    home = "/Users/kat";
+    uid = 501;
+  };
+  users.knownUsers = [
+    "kat"
+  ];
+}

kat/user/data.nix

@@ -0,0 +1,10 @@
+rec {
+  description = "Kat Inskip";
+  email = "kat@inskip.me";
+  keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDPsu3vNsvBb/G+wALpstD/DnoRZ3fipAs00jtl8rzDuv96RlS7AJr4aNvG6Pt2D9SYn2wVLaiw+76mz2gOycH9/N+VCvL4/0MN9uqj+7XIcxNRo0gHVOblmi2bOXcmGKh3eRwHj1xyDwRxo9WIuBEP2bPpDPz75OXRtEdlTgvky7siSguQxJu03cb0p9hNAYhUoohNXyWW2CjDCLUQVE1+QRVUzsKq3KkPy0cHYgmZC1gRSMQyKpMt72L5tayLz3Tp/zrshucc+QO5IJeZdqMxsNAcvALsysT1J5EqxZoYH9VpWLRhSgVD6Nvn853pycJAlXQxgOCpSD3/v/JbgUe5NE+ci0o7NMy5IiHUv2gQMRIEhwBHlRGwokUPL9upx0lsjaEiPya5xQqqDKRom87xytM778ANS5CuMdQMWg9qVbpHZUHMjA0QmNkjPgq71pUDXHk5L4mZuS8wVjyjnvlw68yIJuHEc8P7QiLcjvRHFS2L9Ck8NRmPDTQXlQi9kk6LmMyu6fdevR/kZL21b+xO1e2DMyxBbNDTot8luppiiL8adgUDMwptpIne7JCWB1o9NFCbXUVgwuCCYBif6pOGSc6bGo1JTAKMflRlcy6Mi3t5H0mR2lj/sCSTWwTlP5FM4aPIq08NvW6PeuK1bFJY9fIgTwVsUnbAKOhmsMt62w== pgp-${email}" ];
+  keyid = "9CC644B569CDA59BC874C4C9E8DDE3ED1C90F3A0";
+  keygrip = "59921D2F4E6DF7EEC3CB2934BD3D53666007B1AB";
+  userName = description;
+  userEmail = email;
+  key = keyid;
+}

kat/user/default.nix

@@ -1,17 +1,16 @@
 {tree, ...}:
 tree.prev
 // {
-  base = {
+  nixos = {
     imports = with tree.prev; [
-      base16
+      nixos
-      shell
+      common
-      neovim
     ];
   };
-  work = {
+  darwin = {
     imports = with tree.prev; [
-      work
+      darwin
-      wezterm
+      common
     ];
   };
 }

kat/user/nixos.nix

@@ -0,0 +1,17 @@
+{tree,...}: {
+  users.users.kat = {
+    uid = 1000;
+    isNormalUser = true;
+    openssh.authorizedKeys = {
+      inherit (import tree.kat.user.data) keys;
+    };
+    extraGroups = [
+      "wheel"
+      "video"
+      "systemd-journal"
+      "plugdev"
+      "input"
+      "uinput"
+    ];
+  };
+}

modules/home/zsh.nix

@@ -0,0 +1,5 @@
+_: {
+  programs.zsh.initExtraFirst = ''
+    source /etc/static/zshrc
+  '';
+}

nixos/users/kat.nix

@@ -1,20 +0,0 @@
-_: {
-  users.users.kat = {
-    uid = 1000;
-    isNormalUser = true;
-    openssh.authorizedKeys.keys = [
-      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCocjQqiDIvzq+Qu3jkf7FXw5piwtvZ1Mihw9cVjdVcsra3U2c9WYtYrA3rS50N3p00oUqQm9z1KUrvHzdE+03ZCrvaGdrtYVsaeoCuuvw7qxTQRbItTAEsfRcZLQ5c1v/57HNYNEsjVrt8VukMPRXWgl+lmzh37dd9w45cCY1QPi+JXQQ/4i9Vc3aWSe4X6PHOEMSBHxepnxm5VNHm4PObGcVbjBf0OkunMeztd1YYA9sEPyEK3b8IHxDl34e5t6NDLCIDz0N/UgzCxSxoz+YJ0feQuZtud/YLkuQcMxW2dSGvnJ0nYy7SA5DkW1oqcy6CGDndHl5StOlJ1IF9aGh0gGkx5SRrV7HOGvapR60RphKrR5zQbFFka99kvSQgOZqSB3CGDEQGHv8dXKXIFlzX78jjWDOBT67vA/M9BK9FS2iNnBF5x6shJ9SU5IK4ySxq8qvN7Us8emkN3pyO8yqgsSOzzJT1JmWUAx0tZWG/BwKcFBHfceAPQl6pwxx28TM3BTBRYdzPJLTkAy48y6iXW6UYdfAPlShy79IYjQtEThTuIiEzdzgYdros0x3PDniuAP0KOKMgbikr0gRa6zahPjf0qqBnHeLB6nHAfaVzI0aNbhOg2bdOueE1FX0x48sjKqjOpjlIfq4WeZp9REr2YHEsoLFOBfgId5P3BPtpBQ== yubikey5"
-      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDPsu3vNsvBb/G+wALpstD/DnoRZ3fipAs00jtl8rzDuv96RlS7AJr4aNvG6Pt2D9SYn2wVLaiw+76mz2gOycH9/N+VCvL4/0MN9uqj+7XIcxNRo0gHVOblmi2bOXcmGKh3eRwHj1xyDwRxo9WIuBEP2bPpDPz75OXRtEdlTgvky7siSguQxJu03cb0p9hNAYhUoohNXyWW2CjDCLUQVE1+QRVUzsKq3KkPy0cHYgmZC1gRSMQyKpMt72L5tayLz3Tp/zrshucc+QO5IJeZdqMxsNAcvALsysT1J5EqxZoYH9VpWLRhSgVD6Nvn853pycJAlXQxgOCpSD3/v/JbgUe5NE+ci0o7NMy5IiHUv2gQMRIEhwBHlRGwokUPL9upx0lsjaEiPya5xQqqDKRom87xytM778ANS5CuMdQMWg9qVbpHZUHMjA0QmNkjPgq71pUDXHk5L4mZuS8wVjyjnvlw68yIJuHEc8P7QiLcjvRHFS2L9Ck8NRmPDTQXlQi9kk6LmMyu6fdevR/kZL21b+xO1e2DMyxBbNDTot8luppiiL8adgUDMwptpIne7JCWB1o9NFCbXUVgwuCCYBif6pOGSc6bGo1JTAKMflRlcy6Mi3t5H0mR2lj/sCSTWwTlP5FM4aPIq08NvW6PeuK1bFJY9fIgTwVsUnbAKOhmsMt62w== cardno:12 078 454"
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII74JrgGsDQ6r7tD7+k3ykxXV7DpeeFRscPMxrBsDPhz kat@goliath"
-    ];
-    shell = pkgs.zsh;
-    extraGroups = [
-      "wheel"
-      "video"
-      "systemd-journal"
-      "plugdev"
-      "input"
-      "uinput"
-    ];
-  };
-}

systems/default.nix

@@ -71,8 +71,10 @@
         }
         .${toLower config.type};
       modules = with tree; [
-        tree.${config.folder}.modules
+        tree.modules.${config.folder}
-        system
+        tree.${config.folder}.common
+        tree.kat.user.${config.folder}
+        common
       ];
       builder =
         {

systems/sumireko.nix

@@ -1,8 +1,7 @@
 _: let
   hostConfig = {tree, ...}: {
     imports = with tree; [
-      darwin.base
+      kat.work
-      darwin.kat
     ];
 
     security.pam.enableSudoTouchIdAuth = true;

tree.nix

@@ -25,15 +25,16 @@
       ];
     };
     # Required for all-system common imports
-    system.functor.enable = true;
+    common.functor.enable = true;
     # Re-map home directory profiles
-    home.evaluateDefault = true;
+    kat.evaluateDefault = true;
+    "kat/user".evaluateDefault = true;
     # Allow profile importing
     "nixos/*".functor.enable = true;
     "darwin/*".functor.enable = true;
-    "home/*".functor.enable = true;
+    "kat/*".functor.enable = true;
     # Various modules
-    "nixos/modules" = {
+    "modules/nixos" = {
       functor = {
         enable = true;
         external = with inputs;
@@ -48,7 +49,7 @@
           ]);
       };
     };
-    "darwin/modules" = {
+    "modules/darwin" = {
       functor = {
         enable = true;
         external = with inputs; [
@@ -57,7 +58,7 @@
         ];
       };
     };
-    "home/modules" = {
+    "modules/home" = {
       functor = {
         enable = true;
         external = with inputs;