about summary refs log tree commit diff
diff options
context:
space:
mode:
-rw-r--r--.envrc2
-rw-r--r--justfile13
-rw-r--r--nix/flake/devshell.nix49
-rw-r--r--nix/flake/hosts.nix48
-rw-r--r--nix/hosts/common/nix.nix28
-rw-r--r--nix/hosts/darwin/default.nix1
-rw-r--r--nix/hosts/darwin/homebrew.nix21
-rw-r--r--nix/hosts/darwin/macos.nix39
-rw-r--r--nix/hosts/darwin/mba/default.nix16
-rw-r--r--nix/hosts/darwin/work/default.nix11
-rw-r--r--nix/machines/darwin-shared.nix12
-rw-r--r--nix/machines/hardware/vm-synology.nix36
-rw-r--r--nix/machines/vm-aarch64.nix17
-rw-r--r--nix/machines/vm-shared.nix9
-rw-r--r--nix/machines/vm-synology.nix1
-rw-r--r--nix/profiles/home-manager/dev.nix38
-rw-r--r--nix/profiles/home-manager/git.nix76
-rw-r--r--nix/profiles/home-manager/mac.nix4
-rw-r--r--nix/profiles/home-manager/media.nix35
-rw-r--r--nix/profiles/home-manager/personal.nix8
-rw-r--r--nix/profiles/home-manager/shell.nix112
-rw-r--r--nix/profiles/home-manager/ssh.nix44
-rw-r--r--nix/users/fcuny/home-manager.nix145
23 files changed, 123 insertions, 642 deletions
diff --git a/.envrc b/.envrc
index 7c91067..3550a30 100644
--- a/.envrc
+++ b/.envrc
@@ -1,3 +1 @@
-watch_file nix/flake/devshell.nix
-
 use flake
diff --git a/justfile b/justfile
index 49d6f1d..94877a0 100644
--- a/justfile
+++ b/justfile
@@ -1,5 +1,6 @@
 SSH_OPTIONS := "-o PubkeyAuthentication=no -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no"
 
+nixdisk := "vda"
 nixaddr := ""
 
 # update dependencies
@@ -33,13 +34,13 @@ vm-bootstrap:
 	#!/usr/bin/env bash
 	set -euxo pipefail
 	ssh {{SSH_OPTIONS}} root@{{nixaddr}} " \
-		parted /dev/vda -- mklabel gpt; \
-		parted /dev/vda -- mkpart primary 512MB 100%; \
-		parted /dev/vda -- mkpart ESP fat32 1MB 512MB; \
-		parted /dev/vda -- set 2 esp on; \
+		parted /dev/{{nixdisk}} -- mklabel gpt; \
+		parted /dev/{{nixdisk}} -- mkpart primary 512MB 100%; \
+		parted /dev/{{nixdisk}} -- mkpart ESP fat32 1MB 512MB; \
+		parted /dev/{{nixdisk}} -- set 2 esp on; \
 		sleep 1; \
-		mkfs.ext4 -L nixos /dev/vda1; \
-		mkfs.fat -F 32 -n boot /dev/vda2; \
+		mkfs.ext4 -L nixos /dev/{{nixdisk}}1; \
+		mkfs.fat -F 32 -n boot /dev/{{nixdisk}}2; \
 		sleep 1; \
 		mount /dev/disk/by-label/nixos /mnt; \
 		mkdir -p /mnt/boot; \
diff --git a/nix/flake/devshell.nix b/nix/flake/devshell.nix
deleted file mode 100644
index ae1d17d..0000000
--- a/nix/flake/devshell.nix
+++ /dev/null
@@ -1,49 +0,0 @@
-{ inputs, ... }: {
-  imports = [
-    inputs.devshell.flakeModule
-    inputs.treefmt-nix.flakeModule
-    inputs.pre-commit-hooks.flakeModule
-  ];
-
-  perSystem = { config, pkgs, ... }: {
-    devshells.default = {
-      name = "world";
-      devshell.startup.pre-commit.text = config.pre-commit.installationScript;
-      packages = with pkgs; [
-        (config.treefmt.build.wrapper)
-        just
-        nixos-rebuild
-      ];
-      env = [{
-        name = "DEVSHELL_NO_MOTD";
-        value = "1";
-      }];
-    };
-
-    treefmt = {
-
-      projectRootFile = ".git/config";
-
-      flakeFormatter = true;
-      flakeCheck = true;
-
-      # list of supported programs
-      # https://github.com/numtide/treefmt-nix
-      programs = {
-        nixpkgs-fmt.enable = true;
-        shfmt.enable = true;
-        yamlfmt.enable = true;
-      };
-    };
-
-    pre-commit = {
-      check.enable = true;
-      settings = {
-        hooks = {
-          deadnix.enable = true;
-          treefmt.enable = true;
-        };
-      };
-    };
-  };
-}
diff --git a/nix/flake/hosts.nix b/nix/flake/hosts.nix
deleted file mode 100644
index 9426bdd..0000000
--- a/nix/flake/hosts.nix
+++ /dev/null
@@ -1,48 +0,0 @@
-{ inputs, self, ... }:
-let
-  inherit (inputs) nixpkgs darwin home-manager;
-  inherit (nixpkgs.lib) mkMerge;
-
-  mkDarwinConfig = system: path:
-    darwin.lib.darwinSystem {
-      inherit system;
-      modules = [
-        home-manager.darwinModules.home-manager
-        {
-          home-manager = {
-            useGlobalPkgs = true;
-            useUserPackages = true;
-            extraSpecialArgs = { inherit self; };
-          };
-        }
-        "${self}/nix/hosts/darwin/"
-        "${self}/nix/hosts/common/nix.nix"
-        path
-        { nixpkgs.overlays = [ ]; }
-      ];
-      specialArgs = { inherit inputs self; };
-    };
-
-  mkNixosConfig = system: path:
-    nixpkgs.lib.nixosSystem {
-      inherit system;
-      modules =
-        [ "${self}/nix/hosts/nixos" "${self}/nix/hosts/common/nix.nix" path ];
-      specialArgs = { inherit inputs self; };
-    };
-in
-{
-  flake = mkMerge [{
-    darwinConfigurations = {
-      mba-fcuny =
-        mkDarwinConfig "aarch64-darwin" "${self}/nix/hosts/darwin/mba";
-      HQ-C02FK3Q7MD6T =
-        mkDarwinConfig "x86_64-darwin" "${self}/nix/hosts/darwin/work";
-    };
-
-    nixosConfigurations = {
-      vm = mkNixosConfig "aarch64-linux" "${self}/nix/hosts/nixos/vm";
-      wildcat = mkNixosConfig "x86_64-linux" "${self}/nix/hosts/nixos/wildcat";
-    };
-  }];
-}
diff --git a/nix/hosts/common/nix.nix b/nix/hosts/common/nix.nix
deleted file mode 100644
index 2ef6b48..0000000
--- a/nix/hosts/common/nix.nix
+++ /dev/null
@@ -1,28 +0,0 @@
-{ pkgs, ... }: {
-  nix = {
-    package = pkgs.nixVersions.stable;
-
-    gc = {
-      user = "root";
-      automatic = true;
-      interval = [{
-        Hour = 7;
-        Minute = 0;
-        Weekday = 0;
-      }];
-      options = "--delete-older-than 7d";
-    };
-
-    settings = {
-      trusted-users = [ "@admin" "fcuny" ];
-      experimental-features = [ "nix-command" "flakes" ];
-    };
-  };
-
-  nixpkgs.config = {
-    allowUnfree = true;
-    permittedInsecurePackages = [
-      "nix-2.16.2" # FIXME https://github.com/nix-community/nixd/issues/357
-    ];
-  };
-}
diff --git a/nix/hosts/darwin/default.nix b/nix/hosts/darwin/default.nix
deleted file mode 100644
index 2da9dbc..0000000
--- a/nix/hosts/darwin/default.nix
+++ /dev/null
@@ -1 +0,0 @@
-{ ... }: { imports = [ ./homebrew.nix ./macos.nix ]; }
diff --git a/nix/hosts/darwin/homebrew.nix b/nix/hosts/darwin/homebrew.nix
deleted file mode 100644
index 52543da..0000000
--- a/nix/hosts/darwin/homebrew.nix
+++ /dev/null
@@ -1,21 +0,0 @@
-{ ... }: {
-  # Required for homebrew on aarch64
-  environment.systemPath = [ "/opt/homebrew/bin" "/opt/homebrew/sbin" ];
-
-  homebrew = {
-    enable = true;
-    onActivation.autoUpdate = true;
-    onActivation.upgrade = true;
-
-    casks = [
-      "1password-cli"
-      "docker"
-      "element"
-      "emacs"
-      "iterm2"
-      "transmission"
-      "vlc"
-      "wireshark"
-    ];
-  };
-}
diff --git a/nix/hosts/darwin/macos.nix b/nix/hosts/darwin/macos.nix
deleted file mode 100644
index 36f680a..0000000
--- a/nix/hosts/darwin/macos.nix
+++ /dev/null
@@ -1,39 +0,0 @@
-{ pkgs, ... }: {
-  system.defaults.dock.autohide = true;
-  system.defaults.dock.orientation = "left";
-  system.defaults.dock.showhidden = false;
-  system.defaults.dock.show-recents = false;
-  # don’t rearrange spaces based on the most recent use
-  system.defaults.dock.mru-spaces = false;
-  system.defaults.finder.AppleShowAllExtensions = true;
-  system.defaults.screencapture.location = "~/Documents/screenshots";
-  system.defaults.SoftwareUpdate.AutomaticallyInstallMacOSUpdates = true;
-
-  fonts.packages = with pkgs; [
-    emacs-all-the-icons-fonts
-    google-fonts
-    roboto
-    source-code-pro
-    source-serif-pro
-    source-sans-pro
-    go-font
-  ];
-
-  system.keyboard = {
-    enableKeyMapping = true;
-    remapCapsLockToControl = true;
-  };
-
-  # Touch ID for sudo auth
-  security.pam.enableSudoTouchIdAuth = true;
-
-  services.nix-daemon.enable = true;
-
-  system.defaults.CustomUserPreferences = {
-    "com.apple.desktopservices" = {
-      # Avoid creating .DS_Store files on network or USB volumes
-      DSDontWriteNetworkStores = true;
-      DSDontWriteUSBStores = true;
-    };
-  };
-}
diff --git a/nix/hosts/darwin/mba/default.nix b/nix/hosts/darwin/mba/default.nix
deleted file mode 100644
index 21189a8..0000000
--- a/nix/hosts/darwin/mba/default.nix
+++ /dev/null
@@ -1,16 +0,0 @@
-{ pkgs, self, ... }: {
-  networking.hostName = "mba-fcuny";
-
-  users.users.fcuny.home = "/Users/fcuny";
-  users.users.fcuny.shell = pkgs.fish;
-  programs.fish.enable = true;
-  environment.shells = [ pkgs.fish ];
-
-  system.stateVersion = 5;
-
-  home-manager.users.fcuny =
-    import "${self}/nix/profiles/home-manager/personal.nix";
-
-  # brew packages I only want to get installed on this machine
-  homebrew.casks = [ "zoom" ];
-}
diff --git a/nix/hosts/darwin/work/default.nix b/nix/hosts/darwin/work/default.nix
deleted file mode 100644
index 9d5f2c0..0000000
--- a/nix/hosts/darwin/work/default.nix
+++ /dev/null
@@ -1,11 +0,0 @@
-{ pkgs, self, ... }: {
-  users.users.fcuny.home = "/Users/fcuny";
-  users.users.fcuny.shell = pkgs.fish;
-  programs.fish.enable = true;
-  environment.shells = [ pkgs.fish ];
-
-  system.stateVersion = 5;
-
-  home-manager.users.fcuny =
-    import "${self}/nix/profiles/home-manager/work.nix";
-}
diff --git a/nix/machines/darwin-shared.nix b/nix/machines/darwin-shared.nix
index 6c727f8..344ff00 100644
--- a/nix/machines/darwin-shared.nix
+++ b/nix/machines/darwin-shared.nix
@@ -1,18 +1,6 @@
 { pkgs, ... }: {
   nix = {
     package = pkgs.nixVersions.stable;
-
-    gc = {
-      user = "root";
-      automatic = true;
-      interval = [{
-        Hour = 7;
-        Minute = 0;
-        Weekday = 0;
-      }];
-      options = "--delete-older-than 7d";
-    };
-
     settings = {
       trusted-users = [ "@admin" "fcuny" ];
       experimental-features = [ "nix-command" "flakes" ];
diff --git a/nix/machines/hardware/vm-synology.nix b/nix/machines/hardware/vm-synology.nix
new file mode 100644
index 0000000..5511e98
--- /dev/null
+++ b/nix/machines/hardware/vm-synology.nix
@@ -0,0 +1,36 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ lib, modulesPath, ... }:
+
+{
+  imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
+
+  boot.initrd.availableKernelModules =
+    [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-amd" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" = {
+    device = "/dev/disk/by-label/nixos";
+    fsType = "ext4";
+  };
+
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-label/boot";
+    fsType = "vfat";
+    options = [ "fmask=0022" "dmask=0022" ];
+  };
+
+  swapDevices = [ ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.ens3.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+}
diff --git a/nix/machines/vm-aarch64.nix b/nix/machines/vm-aarch64.nix
index 8e84ed5..1c2e479 100644
--- a/nix/machines/vm-aarch64.nix
+++ b/nix/machines/vm-aarch64.nix
@@ -1,16 +1 @@
-{ ... }: {
-  imports = [ ./hardware/vm-aarch64-utm.nix ./vm-shared.nix ];
-
-  # Interface is this on my M1
-  networking.interfaces.enp0s10.useDHCP = true;
-
-  # Qemu
-  services.spice-vdagentd.enable = true;
-
-  # For now, we need this since hardware acceleration does not work.
-  environment.variables.LIBGL_ALWAYS_SOFTWARE = "1";
-
-  # Lots of stuff that uses aarch64 that claims doesn't work, but actually works.
-  nixpkgs.config.allowUnfree = true;
-  nixpkgs.config.allowUnsupportedSystem = true;
-}
+{ ... }: { imports = [ ./hardware/vm-aarch64-utm.nix ./vm-shared.nix ]; }
diff --git a/nix/machines/vm-shared.nix b/nix/machines/vm-shared.nix
index 04eedf0..acff195 100644
--- a/nix/machines/vm-shared.nix
+++ b/nix/machines/vm-shared.nix
@@ -3,11 +3,10 @@
 
   nix = {
     package = pkgs.nixVersions.latest;
-    extraOptions = ''
-      experimental-features = nix-command flakes
-      keep-outputs = true
-      keep-derivations = true
-    '';
+    settings = {
+      trusted-users = [ "@admin" "fcuny" ];
+      experimental-features = [ "nix-command" "flakes" ];
+    };
   };
 
   # Use the systemd-boot EFI boot loader.
diff --git a/nix/machines/vm-synology.nix b/nix/machines/vm-synology.nix
new file mode 100644
index 0000000..a38af50
--- /dev/null
+++ b/nix/machines/vm-synology.nix
@@ -0,0 +1 @@
+{ ... }: { imports = [ ./hardware/vm-synology.nix ./vm-shared.nix ]; }
diff --git a/nix/profiles/home-manager/dev.nix b/nix/profiles/home-manager/dev.nix
deleted file mode 100644
index 02eb566..0000000
--- a/nix/profiles/home-manager/dev.nix
+++ /dev/null
@@ -1,38 +0,0 @@
-{ pkgs, config, ... }: {
-
-  programs.go = {
-    enable = true;
-    goPath = ".local/share/pkg.go";
-    goBin = ".local/bin.go";
-    goPrivate = [ "github.rbx.com/*" "github.com/fcuny/*" "git.fcuny.net/*" ];
-  };
-
-  home.packages = with pkgs; [
-    # go
-    go-tools
-    golangci-lint
-    gopls
-    delve
-
-    # docker
-    dive # explore layers in docker images
-
-    # shell
-    shellcheck
-
-    # ops
-    google-cloud-sdk
-    kubectl
-    tfswitch
-  ];
-
-  home.sessionPath = [ config.home.sessionVariables.GOBIN ];
-
-  home.sessionVariables = with config.xdg; {
-    IPYTHONDIR = "${cacheHome}/ipython";
-    PIP_LOG = "${cacheHome}/pip/pip.log";
-    PYLINTHOME = "${cacheHome}/pylint";
-    PYTHON_EGG_CACHE = "${cacheHome}/python-eggs";
-    MYPY_CACHE_DIR = "${cacheHome}/mypy";
-  };
-}
diff --git a/nix/profiles/home-manager/git.nix b/nix/profiles/home-manager/git.nix
deleted file mode 100644
index cba49f9..0000000
--- a/nix/profiles/home-manager/git.nix
+++ /dev/null
@@ -1,76 +0,0 @@
-{ pkgs, config, lib, ... }: {
-  programs.git = {
-    enable = true;
-    userName = "Franck Cuny";
-
-    aliases = {
-      amend = "commit --amend";
-      ll = ''log --pretty="format:%h %G? %aN  %s"'';
-    };
-
-    includes = [
-      {
-        condition = "hasconfig:remote.*.url:git@github.rbx.com:**";
-        path = pkgs.writeText "finsitGitConfig"
-          (lib.generators.toGitINI { user.email = "fcuny@roblox.com"; });
-      }
-      {
-        condition = "hasconfig:remote.*.url:git@github.com:Roblox/**";
-        path = pkgs.writeText "finsitGitConfig"
-          (lib.generators.toGitINI { user.email = "fcuny@roblox.com"; });
-      }
-    ];
-
-    extraConfig = {
-      core.whitespace = "trailing-space,space-before-tab";
-      color.ui = "true";
-
-      # abort if the remote branch does not match the local one
-      push.default = "simple";
-
-      # https://adamj.eu/tech/2024/01/18/git-improve-diff-histogram/
-      diff.algorithm = "histogram";
-
-      init.defaultBranch = "main";
-
-      pull.rebase = true;
-      rebase = {
-        # Automatically create a temporary stash entry before the
-        # operation begins, and apply it after the operation ends.
-        autoStash = true;
-        # Print a warning if some commits are removed
-        missingCommitsCheck = "warn";
-      };
-
-      branch.autosetuprebase = "remote";
-      branch.sort = "authordate";
-
-      commit.template = "${config.xdg.dataHome}/git/commit.template";
-
-      url = {
-        "ssh://git@github.rbx.com/" = {
-          insteadOf = "https://github.rbx.com/";
-        };
-      };
-    };
-
-    ignores = [ "*~" ".envrc" ".direnv" "__pycache__" ];
-  };
-
-  xdg.dataFile."git/commit.template".source =
-    pkgs.writeText "commit.template" ''
-
-      # (If applied, this commit will...) <subject>
-
-      # Explain why this change is being made
-
-      # --- COMMIT END ---
-      # Remember to
-      #    Use the imperative mood, present tense: `change' not `changed' nor `changes'
-      #    Do not end the subject line with a period
-      #    Use the body to explain what and why vs. how
-      #    Can use multiple lines with "-" for bullet points in body
-    '';
-
-  home.packages = with pkgs; [ gitAndTools.pre-commit git-credential-manager ];
-}
diff --git a/nix/profiles/home-manager/mac.nix b/nix/profiles/home-manager/mac.nix
deleted file mode 100644
index 045441a..0000000
--- a/nix/profiles/home-manager/mac.nix
+++ /dev/null
@@ -1,4 +0,0 @@
-{ ... }: {
-  imports = [ ./dev.nix ./git.nix ./shell.nix ./ssh.nix ];
-  xdg.enable = false;
-}
diff --git a/nix/profiles/home-manager/media.nix b/nix/profiles/home-manager/media.nix
deleted file mode 100644
index d3351fa..0000000
--- a/nix/profiles/home-manager/media.nix
+++ /dev/null
@@ -1,35 +0,0 @@
-{ ... }: {
-  programs.yt-dlp = {
-    enable = true;
-
-    extraConfig = ''
-      # Do not overwrite files
-      --no-overwrites
-
-      # Add metadata to the video files
-      --add-metadata
-
-      # Write video description to a .description file
-      --write-description
-
-      # Restrict filenames to only ASCII characters, and avoid "&" and spaces in filenames
-      --restrict-filenames
-
-      # Select the best audio quality (when extracting audio with -x/--extract-audio)
-      --audio-quality 0
-
-      # Save videos under "~/Movies/WebsiteName/" with the filename "VideoTitle---FormatNote-VideoId.VideoExtension"
-      --output "~/Movies/%(extractor_key)s/%(title)s---%(format_note)s-%(id)s.%(ext)s"
-
-      # Download subtitles for English and French
-      --sub-langs en,fr
-
-      # Embed subtitles in the video (only possible with mp4, webm and mkv files)
-      --embed-subs
-
-      # Download with the best resolution and if possible, in the video format mp4 and audio format m4a.
-      # If the video format isn't mp4 already, it will be converted to mp4
-      --format-sort res,ext:mp4:m4a --recode mp4
-    '';
-  };
-}
diff --git a/nix/profiles/home-manager/personal.nix b/nix/profiles/home-manager/personal.nix
deleted file mode 100644
index 34feca5..0000000
--- a/nix/profiles/home-manager/personal.nix
+++ /dev/null
@@ -1,8 +0,0 @@
-{ ... }: {
-
-  home.stateVersion = "23.05";
-
-  imports = [ ./mac.nix ./media.nix ];
-
-  programs.git = { userEmail = "franck@fcuny.net"; };
-}
diff --git a/nix/profiles/home-manager/shell.nix b/nix/profiles/home-manager/shell.nix
deleted file mode 100644
index bfeeb09..0000000
--- a/nix/profiles/home-manager/shell.nix
+++ /dev/null
@@ -1,112 +0,0 @@
-{ pkgs, config, ... }: {
-
-  home.packages = with pkgs; [
-    # shell utils
-    coreutils
-    direnv
-    dust
-    procs
-    ripgrep
-    tree
-    wget
-
-    # network
-    bandwhich
-
-    # data manipulation
-    jless
-    jq
-    yq
-
-    # encryption
-    age
-
-    # media
-    # mpv - TODO: this is currently broken
-    ffmpeg
-
-    # dicts
-    aspell
-    aspellDicts.en
-    aspellDicts.en-computers
-    aspellDicts.en-science
-
-    # nix related
-    nil
-    nix-direnv
-    nixd
-    nixfmt-classic
-    nixpkgs-fmt
-    nil # nix lsp
-  ];
-
-  xdg = {
-    configFile = {
-      "aspell/config".text = ''
-        local-data-dir ${pkgs.aspell}/lib/aspell
-        data-dir ${pkgs.aspellDicts.en}/lib/aspell
-        personal ${config.xdg.configHome}/aspell/en_US.personal
-        repl ${config.xdg.configHome}/aspell/en_US.repl
-      '';
-    };
-  };
-
-  home.sessionVariables = {
-    EDITOR = "emacsclient -a=";
-    VISUAL = "emacsclient -a=";
-    LESS = "-FRSXM";
-    LESSCHARSET = "utf-8";
-    PAGER = "less";
-    ASPELL_CONF = "conf ${config.xdg.configHome}/aspell/config;";
-    # for some reason, if I don't set this, zsh is picked up and mess up stuff.
-    SHELL = "${pkgs.fish}/bin/fish";
-    # stop bothering me with brew messages
-    HOMEBREW_NO_AUTO_UPDATE = 1;
-  };
-
-  # an alternative to ls
-  programs.eza = {
-    enable = true;
-    icons = "never";
-    enableFishIntegration = false;
-    extraOptions = [
-      "--group-directories-first"
-      "--no-quotes"
-      "--git-ignore"
-      "--icons=never"
-    ];
-  };
-
-  # an alternative to find
-  programs.fd = {
-    enable = true;
-    hidden = true;
-    ignores = [ ".git/" ];
-  };
-
-  programs.direnv = {
-    enable = true;
-    nix-direnv.enable = true;
-    enableZshIntegration = true;
-    config = {
-      global.disable_stdin = true;
-      global.strict_env = true;
-    };
-  };
-
-  programs.fish = {
-    enable = true;
-    interactiveShellInit = ''
-      set fish_greeting ""
-    '';
-
-    shellAbbrs = { ncg = "nix-collect-garbage -d"; };
-    shellAliases = {
-      c = "clear";
-      ls = "eza -l -L=1 --git --color=always --group-directories-first";
-      la = "eza -la --git --color=always --group-directories-first";
-      ll = "eza -la -L=1 --git --color=always --group-directories-first";
-      lt = "eza -aT -L=2 --git --color=always --group-directories-first";
-    };
-  };
-}
diff --git a/nix/profiles/home-manager/ssh.nix b/nix/profiles/home-manager/ssh.nix
deleted file mode 100644
index eebfd71..0000000
--- a/nix/profiles/home-manager/ssh.nix
+++ /dev/null
@@ -1,44 +0,0 @@
-{ ... }:
-{
-  programs.ssh = {
-    enable = true;
-    forwardAgent = true;
-    serverAliveInterval = 60;
-    controlMaster = "auto";
-    controlPersist = "30m";
-    extraConfig = ''
-      IdentityAgent "~/Library/Group Containers/2BUA8C4S2C.com.1password/t/agent.sock"
-    '';
-    matchBlocks = {
-      "personal" = {
-        hostname = "github.com";
-        user = "git";
-        forwardAgent = false;
-        extraOptions = { preferredAuthentications = "publickey"; };
-      };
-      "github.com" = {
-        hostname = "github.com";
-        user = "git";
-        forwardAgent = false;
-        extraOptions = { preferredAuthentications = "publickey"; };
-      };
-      "github.rbx.com" = {
-        hostname = "github.rbx.com";
-        user = "git";
-        forwardAgent = false;
-        extraOptions = { preferredAuthentications = "publickey"; };
-      };
-    };
-  };
-
-  # Generate ssh agent config for 1Password - I want both my personal and work keys
-  home.file.".config/1Password/ssh/agent.toml".text = ''
-    [[ssh-keys]]
-    account = "my.1password.com"
-
-    [[ssh-keys]]
-    account = "roblox.1password.com"
-    item = "GitHub ssh key"
-    vault = "Private"
-  '';
-}
diff --git a/nix/users/fcuny/home-manager.nix b/nix/users/fcuny/home-manager.nix
index 6c3342b..f18be40 100644
--- a/nix/users/fcuny/home-manager.nix
+++ b/nix/users/fcuny/home-manager.nix
@@ -1,80 +1,83 @@
 { ... }:
 
-{ config, lib, pkgs, ... }: {
+{ config, lib, pkgs, ... }:
+let isLinux = pkgs.stdenv.isLinux;
+in {
   home.stateVersion = "23.05";
 
   xdg.enable = true;
 
-  home.packages = with pkgs; [
-    # go
-    go-tools
-    golangci-lint
-    gopls
-    delve
-
-    # docker
-    dive # explore layers in docker images
-
-    # shell
-    shellcheck
-
-    # git
-    gitAndTools.pre-commit
-    git-credential-manager
-    gh
-
-    # shell utils
-    coreutils
-    direnv
-    dust
-    procs
-    ripgrep
-    tree
-    wget
-
-    # network
-    bandwhich
-
-    # data manipulation
-    jless
-    jq
-    yq
-
-    # encryption
-    age
-
-    # media
-    mpv
-    ffmpeg
-
-    # dicts
-    aspell
-    aspellDicts.en
-    aspellDicts.en-computers
-    aspellDicts.en-science
-
-    # nix
-    nil
-    nix-direnv
-    nixd
-    nixfmt-classic
-    nixpkgs-fmt
-    nil # nix lsp
-
-    # k8s
-    kind # k8s in docker
-    kubebuilder # generate controller
-    kubectl
-    kubernetes-helm # deploy applications
-    kubie # kubeconfig browser https://github.com/sbstp/kubie
-    kubelogin-oidc # OIDC plugin
-    k9s # object explorer
-
-    # hashicorp
-    boundary
-    nomad-pack
-    tfswitch
-  ];
+  home.packages = with pkgs;
+    [
+      # go
+      go-tools
+      golangci-lint
+      gopls
+      delve
+
+      # docker
+      dive # explore layers in docker images
+
+      # shell
+      shellcheck
+
+      # git
+      gitAndTools.pre-commit
+      git-credential-manager
+      gh
+
+      # shell utils
+      coreutils
+      direnv
+      dust
+      procs
+      ripgrep
+      tree
+      wget
+
+      # network
+      bandwhich
+
+      # data manipulation
+      jless
+      jq
+      yq
+
+      # encryption
+      age
+
+      # media
+      mpv
+      ffmpeg
+
+      # dicts
+      aspell
+      aspellDicts.en
+      aspellDicts.en-computers
+      aspellDicts.en-science
+
+      # nix
+      nil
+      nix-direnv
+      nixd
+      nixfmt-classic
+      nixpkgs-fmt
+      nil # nix lsp
+
+      # k8s
+      kind # k8s in docker
+      kubebuilder # generate controller
+      kubectl
+      kubernetes-helm # deploy applications
+      kubie # kubeconfig browser https://github.com/sbstp/kubie
+      kubelogin-oidc # OIDC plugin
+      k9s # object explorer
+
+      # hashicorp
+      boundary
+      nomad-pack
+      tfswitch
+    ] ++ (lib.optionals (isLinux) [ htop ]);
 
   programs.go = {
     enable = true;