feat: full bootstrapping

profiles/common/home/custom-packages.nix

@@ -21,6 +21,8 @@
     ts2t
     vershell
 
+    bootstrap
+
     (pkgs.writeScriptBin "project" ''
       #! ${pkgs.bash}/bin/bash
       if [ "$1" == "rust" ]; then

profiles/common/home/emacs.nix

@@ -1,5 +1,9 @@
-{ self, pkgs, ... }:
+{ self, config, pkgs, ... }:
 {
+
+  # needed for elfeed
+  sops.secrets.fever = { path = "${config.home.homeDirectory}/.emacs.d/.fever"; };
+
   # enable emacs overlay for bleeding edge features
   # also read init.el file and install use-package packages
   programs.emacs = {

profiles/common/home/settings.nix

@@ -1,4 +1,4 @@
-{ self, lib, config, pkgs, ... }:
+{ lib, config, pkgs, ... }:
 {
   nix = {
     package = lib.mkDefault pkgs.nix;
@@ -20,7 +20,7 @@
     stateVersion = lib.mkDefault "23.05";
     keyboard.layout = "us";
     sessionVariables = {
-      FLAKE = "${self}";
+      FLAKE = "${config.home.homeDirectory}/.dotfiles";
     };
   };
 }

profiles/common/home/sops.nix

@@ -7,7 +7,7 @@ let
 in
 {
   sops = {
-    age.sshKeyPaths = [ "${config.home.homeDirectory}/.ssh/sops" ];
+    age.sshKeyPaths = [ "${config.home.homeDirectory}/.ssh/sops" "${config.home.homeDirectory}/.ssh/ssh_host_ed25519_key" ];
     defaultSopsFile = mkIfElse config.swarselsystems.isBtrfs "/persist/.dotfiles/secrets/general/secrets.yaml" "${config.home.homeDirectory}/.dotfiles/secrets/general/secrets.yaml";
 
     validateSopsFiles = false;
@@ -17,7 +17,6 @@ in
       leon = { path = "/run/user/1000/secrets/leon"; };
       swarselmail = { path = "/run/user/1000/secrets/swarselmail"; };
       github_notif = { path = "/run/user/1000/secrets/github_notif"; };
-      fever = { path = "${config.home.homeDirectory}/.emacs.d/.fever"; };
     };
   };
 }

profiles/common/nixos/sops.nix

@@ -8,7 +8,7 @@ in
 {
   sops = {
 
-    age.sshKeyPaths = mkIfElse config.swarselsystems.isBtrfs [ "/persist/.ssh/sops" ] [ "${config.users.users.swarsel.home}/.ssh/sops" ];
+    age.sshKeyPaths = mkIfElse config.swarselsystems.isBtrfs [ "/persist/.ssh/sops" ] [ "${config.users.users.swarsel.home}/.ssh/sops" "/etc/ssh/ssh_host_ed25519_key" ];
     defaultSopsFile = mkIfElse config.swarselsystems.isBtrfs "/persist/.dotfiles/secrets/general/secrets.yaml" "${config.users.users.swarsel.home}/.dotfiles/secrets/general/secrets.yaml";
 
     validateSopsFiles = false;

profiles/common/nixos/users.nix

@@ -7,6 +7,7 @@
     users.swarsel = {
       isNormalUser = true;
       description = "Leon S";
+      password = lib.mkIf config.swarselsystems.initialSetup "setup";
       hashedPasswordFile = lib.mkIf (!config.swarselsystems.initialSetup) config.sops.secrets.swarseluser.path;
       extraGroups = [ "networkmanager" "syncthing" "docker" "wheel" "lp" "audio" "video" "vboxusers" "libvirtd" "scanner" ];
       packages = with pkgs; [ ];

profiles/iso/minimal.nix

@@ -32,6 +32,10 @@
     };
   };
 
+  security.sudo.extraConfig = ''
+    Defaults    env_keep+=SSH_AUTH_SOCK
+  '';
+
   security.pam = {
     sshAgentAuth.enable = true;
     services = {
@@ -41,6 +45,8 @@
 
   environment.systemPackages = with pkgs; [
     curl
+    git
+    gnupg
     rsync
     ssh-to-age
     sops
@@ -50,7 +56,6 @@
 
   programs = {
     git.enable = true;
-    zsh.enable = lib.mkDefault true;
   };
 
   fileSystems."/boot".options = [ "umask=0077" ];

profiles/server/nixos/syncthing.nix

@@ -79,11 +79,11 @@
             devices = [ "magicant" "nbl-imba-2" ];
             id = "hgr3d-pfu3w";
           };
-          ".elfeed" = {
-            path = "/Vault/data/syncthing/.elfeed";
-            devices = [ "sync (@oracle)" "magicant" "nbl-imba-2" ];
-            id = "h7xbs-fs9v1";
-          };
+          # ".elfeed" = {
+          #   path = "/Vault/data/syncthing/.elfeed";
+          #   devices = [ "sync (@oracle)" "magicant" "nbl-imba-2" ];
+          #   id = "h7xbs-fs9v1";
+          # };
         };
       };
     };