From d048a7b6a225f9e30b2a95e9461f4c267eb29af0 Mon Sep 17 00:00:00 2001
From: Franck Cuny <franck@fcuny.net>
Date: Mon, 4 Mar 2024 16:17:39 -0800
Subject: add configuration for my work machine

---
 flake.nix                          |  6 ++++-
 hosts/common/darwin/homebrew.nix   |  7 ++++-
 hosts/common/darwin/macos.nix      |  5 ++++
 hosts/work/default.nix             | 35 +++++++++++++++++++++++++
 nix/flake/hosts.nix                |  1 +
 nix/profiles/home-manager/dev.nix  | 16 +++++++-----
 nix/profiles/home-manager/git.nix  |  6 +++++
 nix/profiles/home-manager/ssh.nix  | 21 +++++++++++++++
 nix/profiles/home-manager/work.nix | 53 ++++++++++++++++++++++++++++++++++++++
 9 files changed, 142 insertions(+), 8 deletions(-)
 create mode 100644 hosts/work/default.nix
 create mode 100644 nix/profiles/home-manager/work.nix

diff --git a/flake.nix b/flake.nix
index ab53de9..3a42cd9 100644
--- a/flake.nix
+++ b/flake.nix
@@ -42,7 +42,11 @@
   outputs = inputs:
     inputs.flake-parts.lib.mkFlake { inherit inputs; } {
 
-      systems = [ "aarch64-darwin" "x86_64-linux" ];
+      systems = [
+        "aarch64-darwin"
+        "x86_64-darwin"
+        "x86_64-linux"
+      ];
 
       imports = [
         ./nix/flake/devshell.nix
diff --git a/hosts/common/darwin/homebrew.nix b/hosts/common/darwin/homebrew.nix
index 0a7a2c9..60fbd6b 100644
--- a/hosts/common/darwin/homebrew.nix
+++ b/hosts/common/darwin/homebrew.nix
@@ -10,12 +10,17 @@
 
     brews = [
       "aspell" # spelling
-      "kind" # to run local k8s cluster
       "envoy" # to do some testing with envoy
+      "go" # it's also installed by nix, but this is a fallback, just in case
+      "hashicorp/tap/boundary" # https://www.boundaryproject.io/
+      "kind" # to run local k8s cluster
+      "kubebuilder"
+      "s3cmd"
     ];
 
     taps = [
       "homebrew/cask-fonts"
+      "hashicorp/tap"
     ];
 
     casks = [
diff --git a/hosts/common/darwin/macos.nix b/hosts/common/darwin/macos.nix
index 810d64d..edc57a0 100644
--- a/hosts/common/darwin/macos.nix
+++ b/hosts/common/darwin/macos.nix
@@ -8,6 +8,11 @@
   system.defaults.finder.AppleShowAllExtensions = true;
   system.defaults.screencapture.location = "~/Documents/screenshots";
 
+  system.keyboard = {
+    enableKeyMapping = true;
+    remapCapsLockToControl = true;
+  };
+
   system.defaults.CustomUserPreferences = {
     "com.apple.desktopservices" = {
       # Avoid creating .DS_Store files on network or USB volumes
diff --git a/hosts/work/default.nix b/hosts/work/default.nix
new file mode 100644
index 0000000..ae9a765
--- /dev/null
+++ b/hosts/work/default.nix
@@ -0,0 +1,35 @@
+{ pkgs, ... }:
+let user = "fcuny"; in
+{
+  services.nix-daemon.enable = true;
+
+  nix = {
+    package = pkgs.nixFlakes;
+
+    gc = {
+      user = "root";
+      automatic = true;
+      interval = { Weekday = 0; Hour = 2; Minute = 0; };
+      options = "--delete-older-than 30d";
+    };
+
+    settings = {
+      trusted-users = [ "@admin" "${user}" ];
+      experimental-features = [ "nix-command" "flakes" ];
+    };
+  };
+
+  # in order to install things like 1password's extensions
+  nixpkgs.config.allowUnfree = true;
+
+  programs.zsh.enable = true;
+
+  users.users.fcuny.home = "/Users/fcuny";
+
+  # Touch ID for sudo auth
+  security.pam.enableSudoTouchIdAuth = true;
+
+  home-manager.useGlobalPkgs = true;
+  home-manager.useUserPackages = true;
+  home-manager.users.fcuny = import ../../nix/profiles/home-manager/work.nix;
+}
diff --git a/nix/flake/hosts.nix b/nix/flake/hosts.nix
index 2d655d6..7348672 100644
--- a/nix/flake/hosts.nix
+++ b/nix/flake/hosts.nix
@@ -26,6 +26,7 @@ in
     {
       darwinConfigurations = {
         mba-fcuny = mkDarwinConfig "aarch64-darwin" ../../hosts/mba;
+        HQ-C02FK3Q7MD6T = mkDarwinConfig "x86_64-darwin" ../../hosts/work;
       };
     }
   ];
diff --git a/nix/profiles/home-manager/dev.nix b/nix/profiles/home-manager/dev.nix
index e0ca68b..6eacdc9 100644
--- a/nix/profiles/home-manager/dev.nix
+++ b/nix/profiles/home-manager/dev.nix
@@ -22,24 +22,28 @@ in
     goPath = ".local/share/pkg.go";
     goBin = ".local/bin.go";
     package = pkgs.go_1_21;
+    goPrivate = [ "github.rbx.com/roblox/*" "github.com/fcuny/world/*" ];
   };
 
   home.packages = with pkgs; [
+    # go
     go-tools
     golangci-lint
     gopls
 
+    # docker
     dive # explore layers in docker images
 
-    pythonEnv
-
-    kubectl
+    # shell
+    shellcheck
 
+    # ops
     google-cloud-sdk
+    kubectl
+    tfswitch
 
-    rnix-lsp
-    alejandra
-    nil
+    # python
+    pythonEnv
   ];
 
   home.sessionPath = [
diff --git a/nix/profiles/home-manager/git.nix b/nix/profiles/home-manager/git.nix
index d7b07c3..93909de 100644
--- a/nix/profiles/home-manager/git.nix
+++ b/nix/profiles/home-manager/git.nix
@@ -35,6 +35,12 @@
       branch.sort = "authordate";
 
       commit.template = "${config.xdg.dataHome}/git/commit.template";
+
+      url = {
+        "ssh://git@github.rbx.com/" = {
+          insteadOf = "https://github.rbx.com/";
+        };
+      };
     };
 
     ignores = [
diff --git a/nix/profiles/home-manager/ssh.nix b/nix/profiles/home-manager/ssh.nix
index 47aee8a..0ed401e 100644
--- a/nix/profiles/home-manager/ssh.nix
+++ b/nix/profiles/home-manager/ssh.nix
@@ -10,12 +10,33 @@
       IdentityAgent "~/Library/Group Containers/2BUA8C4S2C.com.1password/t/agent.sock"
     '';
     matchBlocks = {
+      "personal" = {
+        hostname = "github.com";
+        user = "git";
+        forwardAgent = false;
+        extraOptions = { preferredAuthentications = "publickey"; };
+      };
       "github.com" = {
         hostname = "github.com";
         user = "git";
         forwardAgent = false;
         extraOptions = { preferredAuthentications = "publickey"; };
       };
+      "github.rbx.com" = {
+        hostname = "github.com";
+        user = "git";
+        forwardAgent = false;
+        extraOptions = { preferredAuthentications = "publickey"; };
+      };
     };
   };
+
+  # Generate ssh agent config for 1Password - I want both my personal and work keys
+  home.file.".config/1Password/ssh/agent.toml".text = ''
+    [[ssh-keys]]
+    account = "my.1password.com"
+
+    [[ssh-keys]]
+    account = "roblox.1password.com"
+  '';
 }
diff --git a/nix/profiles/home-manager/work.nix b/nix/profiles/home-manager/work.nix
new file mode 100644
index 0000000..d9b0dab
--- /dev/null
+++ b/nix/profiles/home-manager/work.nix
@@ -0,0 +1,53 @@
+{ pkgs, ... }: {
+
+  home.stateVersion = "23.05";
+
+  imports = [
+    ./dev.nix
+    ./firefox.nix
+    ./git.nix
+    ./ssh.nix
+    ./zsh.nix
+  ];
+
+  home.packages = with pkgs; [
+    # general shell utils
+    direnv
+    ripgrep
+    tree
+    wget
+
+    # data manipulation
+    jless
+    jq
+    yq
+
+    # nix related
+    nil
+    nix-direnv
+    nixd
+    nixfmt
+    nixpkgs-fmt
+    rnix-lsp
+  ];
+
+  home.sessionVariables = {
+    EDITOR = "emacsclient -a=";
+    VISUAL = "emacsclient -a=";
+    LESS = "-FRSXM";
+    LESSCHARSET = "utf-8";
+    PAGER = "less";
+  };
+
+  programs = {
+    direnv = {
+      enable = true;
+      nix-direnv.enable = true;
+      enableZshIntegration = true;
+      config = {
+        global.disable_stdin = true;
+        global.strict_env = true;
+      };
+    };
+  };
+}
-- 
cgit 1.4.1