Alexander Heldt
169 lines
5.0 KiB
Nix
169 lines
5.0 KiB
Nix
{
|
||
inputs,
|
||
pkgs,
|
||
lib,
|
||
config,
|
||
...
|
||
}:
|
||
let
|
||
gitEnabled = config.mod.git.enable;
|
||
goEnabled = config.mod.go.enable;
|
||
openvpnEnabled = config.mod.openvpn.enable;
|
||
in
|
||
{
|
||
home-manager.users.alex = {
|
||
# Ensure bashInteractive is first in PATH inside nix devshells.
|
||
# stdenv provides a non-interactive bash that breaks Copilot shell commands.
|
||
# Adding bashInteractive to home.packages alone isn't enough because devshell
|
||
# packages are prepended to PATH. This precmd hook runs after direnv's hook
|
||
# and re-prepends bashInteractive so it takes priority.
|
||
programs.zsh.initContent = ''
|
||
_ensure_bash_interactive() {
|
||
[[ "$PATH" == "${pkgs.bashInteractive}/bin:"* ]] || export PATH="${pkgs.bashInteractive}/bin:$PATH"
|
||
}
|
||
precmd_functions+=(_ensure_bash_interactive)
|
||
|
||
# Source the zsh-specific rc file that nix-direnv emits ($DIRENV_ZSH_RC)
|
||
# so devshell completions and zsh setup are picked up. direnv itself only
|
||
# exports env vars, so without this hook the zsh side of the devshell is
|
||
# never loaded. Guarded by LAST_LOADED_DIRENV_ZSH_RC so we don't re-source
|
||
# it on every precmd.
|
||
_nix_direnv_bridge_hook() {
|
||
if [[ -n "$DIRENV_ZSH_RC" && "$LAST_LOADED_DIRENV_ZSH_RC" != "$DIRENV_ZSH_RC" ]]; then
|
||
if [[ -f "$DIRENV_ZSH_RC" ]]; then
|
||
source "$DIRENV_ZSH_RC"
|
||
export LAST_LOADED_DIRENV_ZSH_RC="$DIRENV_ZSH_RC"
|
||
echo "❄️ direnv zsh loaded..."
|
||
fi
|
||
fi
|
||
}
|
||
|
||
autoload -Uz add-zsh-hook
|
||
add-zsh-hook precmd _nix_direnv_bridge_hook
|
||
'';
|
||
|
||
# Configure IntelliJ to exclude .direnv from indexing
|
||
home.activation.intellijIgnoreDirenv = ''
|
||
for idea_config in $HOME/.config/JetBrains/IntelliJIdea*; do
|
||
if [ -d "$idea_config" ]; then
|
||
$DRY_RUN_CMD mkdir -p "$idea_config/options"
|
||
$DRY_RUN_CMD tee "$idea_config/options/filetypes.xml" > /dev/null <<'EOF'
|
||
<application>
|
||
<component name="FileTypeManager" version="18">
|
||
<ignoreFiles list="*.pyc;*.pyo;*.rbc;*.yarb;*~;.DS_Store;.git;.hg;.svn;CVS;__pycache__;_svn;vssver.scc;vssver2.scc;.direnv" />
|
||
</component>
|
||
</application>
|
||
EOF
|
||
fi
|
||
done
|
||
'';
|
||
|
||
home.sessionVariables = {
|
||
GITHUB_ACTOR = "Alexander Heldt";
|
||
GITHUB_TOKEN = "$(${pkgs.coreutils}/bin/cat ${config.age.secrets.work-github-token.path})";
|
||
};
|
||
|
||
home.packages = [
|
||
# (pkgs.callPackage ./pants.nix { inherit (pkgs) stdenv.hostPlatform.system; })
|
||
# (pkgs.callPackage ./syb-cli.nix { })
|
||
|
||
(inputs.nix-jetbrains-plugins.lib.buildIdeWithPlugins pkgs "idea" [
|
||
"IdeaVIM"
|
||
"com.github.copilot"
|
||
])
|
||
pkgs.bashInteractive
|
||
|
||
(pkgs.google-cloud-sdk.withExtraComponents [
|
||
pkgs.google-cloud-sdk.components.gke-gcloud-auth-plugin
|
||
])
|
||
|
||
pkgs.graphite-cli
|
||
|
||
pkgs.postman
|
||
pkgs.grpcurl
|
||
|
||
pkgs.slack
|
||
|
||
# for `radio`
|
||
pkgs.go-mockery
|
||
pkgs.golangci-lint
|
||
|
||
(pkgs.writeShellScriptBin "work-vpn" ''
|
||
case $1 in
|
||
up)
|
||
sudo sh -c "systemctl start openvpn-work-staging.service; systemctl start openvpn-work-production.service"
|
||
;;
|
||
down)
|
||
sudo sh -c "systemctl stop openvpn-work-staging.service; systemctl stop openvpn-work-production.service"
|
||
;;
|
||
esac
|
||
'')
|
||
];
|
||
|
||
programs.go = lib.mkIf goEnabled {
|
||
env = {
|
||
GOPRIVATE = [ "$(${pkgs.coreutils}/bin/cat ${config.age.secrets.work-go-private.path})" ];
|
||
};
|
||
};
|
||
|
||
programs.git = lib.mkIf gitEnabled {
|
||
includes = [
|
||
{
|
||
path = config.age.secrets.work-gitconfig.path;
|
||
condition = "gitdir:~/code/work/";
|
||
}
|
||
];
|
||
};
|
||
};
|
||
|
||
# Needed for `copilot`
|
||
programs.nix-ld.enable = true;
|
||
programs.nix-ld.libraries = [
|
||
pkgs.stdenv.cc.cc.lib
|
||
pkgs.zlib
|
||
];
|
||
|
||
services.openvpn.servers = lib.mkIf openvpnEnabled {
|
||
work-staging = {
|
||
config = "config ${config.age.secrets.work-staging-ovpn.path}";
|
||
autoStart = false;
|
||
};
|
||
|
||
work-production = {
|
||
config = "config ${config.age.secrets.work-production-ovpn.path}";
|
||
autoStart = false;
|
||
};
|
||
};
|
||
|
||
age.secrets = {
|
||
"work-gitconfig" = lib.mkIf gitEnabled {
|
||
file = ../../../../secrets/pinwheel/work-gitconfig.age;
|
||
path = "/home/alex/code/work/.work-gitconfig";
|
||
owner = "alex";
|
||
group = "users";
|
||
};
|
||
|
||
"work-github-token" = lib.mkIf gitEnabled {
|
||
file = ../../../../secrets/pinwheel/work-github-token.age;
|
||
path = "/home/alex/code/work/.work-github-token";
|
||
owner = "alex";
|
||
group = "users";
|
||
};
|
||
|
||
"work-go-private" = lib.mkIf goEnabled {
|
||
file = ../../../../secrets/pinwheel/work-go-private.age;
|
||
path = "/home/alex/code/work/.work-go-private";
|
||
owner = "alex";
|
||
group = "users";
|
||
};
|
||
|
||
"work-staging-ovpn" = lib.mkIf openvpnEnabled {
|
||
file = ../../../../secrets/pinwheel/work-staging-ovpn.age;
|
||
};
|
||
|
||
"work-production-ovpn" = lib.mkIf openvpnEnabled {
|
||
file = ../../../../secrets/pinwheel/work-production-ovpn.age;
|
||
};
|
||
};
|
||
}
|