a small commit for mankind, nah, a big one!

- moved the oidc client secrets into age secrets (and rotated them)
- changed stuff™

4 files changed, 65 insertions, 48 deletions

diff --git a/nix/hosts/caladan/aliases.nix b/nix/hosts/caladan/aliases.nix
index d65bc14..6738589 100644
--- a/nix/hosts/caladan/aliases.nix
+++ b/nix/hosts/caladan/aliases.nix
@@ -4,6 +4,7 @@
 
   # short forms
   tf = "terraform";
+  m = "multipass";
 
   r2help = ''r2 -qq -c "?*~..." --'';
   mosh = "mosh --no-init";
diff --git a/nix/hosts/caladan/darwin-configuration.nix b/nix/hosts/caladan/darwin-configuration.nix
index 6fdbdaa..e581cb8 100644
--- a/nix/hosts/caladan/darwin-configuration.nix
+++ b/nix/hosts/caladan/darwin-configuration.nix
@@ -1,7 +1,9 @@
 { pkgs, lib, ... }:
 
 {
-  imports = [ ./overlay.nix ];
+  imports = [
+    ./overlay.nix
+  ];
 
   system.stateVersion = 5;
 
@@ -27,9 +29,17 @@
   # users.users."_nixbld3".uid = 307;
   # users.users."_nixbld4".uid = 308;
   # users.users."_nixbld5".uid = 309;
+  
+  # virtualisation.multipass = {
+  #   enable = true;
+  #   package = pkgs.multipass;
+  #   logLevel = "debug";
+  # };
+
+  ids.gids.nixbld = 30000;
 
   nix = {
-    useDaemon = true;
+    # useDaemon = true;
     # package = pkgs.nixFlakes;
     extraOptions =
       ''
@@ -115,10 +125,11 @@
     allowUnsupportedSystem = true;
   };
 
-  services.nix-daemon.enable = true;
+  # services.nix-daemon.enable = true;
 
   # <3
-  security.pam.enableSudoTouchIdAuth = true;
+  # security.pam.enableSudoTouchIdAuth = true;
+  security.pam.services.sudo_local.touchIdAuth = true;
 
   environment = {
     systemPackages = [ ]; # set via home-manager
diff --git a/nix/hosts/caladan/home_emile.nix b/nix/hosts/caladan/home_emile.nix
index 545c4d5..704b73b 100644
--- a/nix/hosts/caladan/home_emile.nix
+++ b/nix/hosts/caladan/home_emile.nix
@@ -1,4 +1,4 @@
-{ lib, pkgs, ... }:
+{ pkgs, lib, ... }:
 
 {
   home = {
@@ -50,7 +50,7 @@
         fi
       '';
 
-      initExtraBeforeCompInit = ''
+      initContent = lib.mkOrder 550 ''
         ${builtins.readFile ./session_variables.zsh}
         ${builtins.readFile ./functions.zsh}
 
@@ -88,10 +88,8 @@
     kitty = {
       enable = true;
 
-      # package = pkgs.kitty;
-
       font = {
-        name = "Iosevka Nerd Font";
+        name = "Berkeley Mono";
         size = 13;
       };
 
@@ -104,9 +102,6 @@
         tab_bar_edge = "top";
         tab_bar_style = "slant";
         tab_bar_min_tabs = 1;
-
-        # tab_title_template = "{index}[{layout_name[0:2]}]: {title.replace('emile', 'e')[title.rfind('/')+1:]}";
-        # tab_title_template = "{index}[{layout_name[0:2]}]: {title.replace('emile', 'e')}";
         tab_title_template = "{index} {title.replace('emile', 'e')}";
 
         editor = "/Users/emile/.cargo/bin/hx";
@@ -186,7 +181,7 @@
     nixos-rebuild
 
     # editor
-    unstable-darwin.helix
+    unstable.helix
 
     ## formatter
     nixfmt-rfc-style # official formatter for nix code
@@ -194,9 +189,9 @@
     ## language server
     # nodePackages_latest.typescript-language-server # js / typescript
     nil # nix 
-    nodePackages.yaml-language-server # yaml
+    # nodePackages.yaml-language-server # yaml
     python312Packages.python-lsp-server # python
-    gopls # golang
+    # gopls # golang
 
     # binary foo
     radare2
@@ -211,8 +206,8 @@
 
     # go foo
     go
-    delve
-    gotools
+    # delve
+    # gotools
 
     # c foo
     cmake
@@ -260,13 +255,23 @@
 
     taskwarrior3
 
-    drawio
+    # drawio
 
     # cargo rustup
     cargo
 
+    utm
+
+    #nmap ffuf
+    #typst
+    #age
+    #ffmpeg
+    #exiftool
+
     # custom
-    libc-database
+    # libc-database
+
+    # unstable.duckdb
 
     # blender
 
diff --git a/nix/hosts/caladan/overlay.nix b/nix/hosts/caladan/overlay.nix
index 8f3b810..8295339 100644
--- a/nix/hosts/caladan/overlay.nix
+++ b/nix/hosts/caladan/overlay.nix
@@ -3,37 +3,37 @@
 {
   nixpkgs = {
     overlays = [
-      (self: super: {
-        kitty = super.kitty.overrideAttrs (old: {
-          preCheck = ''
-            # skip failing tests due to darwin sandbox
-            substituteInPlace kitty_tests/file_transmission.py \
-              --replace test_file_get dont_test_file_get \
-              --replace test_path_mapping_receive dont_test_path_mapping_receive \
-              --replace test_transfer_send dont_test_transfer_send
-            substituteInPlace kitty_tests/shell_integration.py \
-              --replace test_fish_integration dont_test_fish_integration
-            substituteInPlace kitty_tests/shell_integration.py \
-              --replace test_bash_integration dont_test_bash_integration
-            substituteInPlace kitty_tests/open_actions.py \
-              --replace test_parsing_of_open_actions dont_test_parsing_of_open_actions
-            substituteInPlace kitty_tests/ssh.py \
-              --replace test_ssh_connection_data dont_test_ssh_connection_data
-            substituteInPlace kitty_tests/fonts.py \
-              --replace 'class Rendering(BaseTest)' 'class Rendering'
+      #(self: super: {
+      #  kitty = super.kitty.overrideAttrs (old: {
+      #    preCheck = ''
+      #      # skip failing tests due to darwin sandbox
+      #      substituteInPlace kitty_tests/file_transmission.py \
+      #        --replace test_file_get dont_test_file_get \
+      #        --replace test_path_mapping_receive dont_test_path_mapping_receive \
+      #        --replace test_transfer_send dont_test_transfer_send
+      #      substituteInPlace kitty_tests/shell_integration.py \
+      #        --replace test_fish_integration dont_test_fish_integration
+      #      substituteInPlace kitty_tests/shell_integration.py \
+      #        --replace test_bash_integration dont_test_bash_integration
+      #      substituteInPlace kitty_tests/open_actions.py \
+      #        --replace test_parsing_of_open_actions dont_test_parsing_of_open_actions
+      #      substituteInPlace kitty_tests/ssh.py \
+      #        --replace test_ssh_connection_data dont_test_ssh_connection_data
+      #      substituteInPlace kitty_tests/fonts.py \
+      #        --replace 'class Rendering(BaseTest)' 'class Rendering'
 
-            # TODO(emile): figure out why this test is failing and activate it
-            # again.
-            substituteInPlace kittens/hyperlinked_grep/main_test.go \
-              --replace TestRgArgParsing DontTestRgArgParsing \
+      #      # TODO(emile): figure out why this test is failing and activate it
+      #      # again.
+      #      substituteInPlace kittens/hyperlinked_grep/main_test.go \
+      #        --replace TestRgArgParsing DontTestRgArgParsing \
 
-            # theme collection test starts an http server
-            rm tools/themes/collection_test.go
-            # passwd_test tries to exec /usr/bin/dscl
-            rm tools/utils/passwd_test.go
-          '';
-        });
-      })
+      #      # theme collection test starts an http server
+      #      rm tools/themes/collection_test.go
+      #      # passwd_test tries to exec /usr/bin/dscl
+      #      rm tools/utils/passwd_test.go
+      #    '';
+      #  });
+      #})
     ];
     config = {
       allowUnfree = true;