update flake.lock and homebrew.nix: bump Homebrew dependencies and add new packages (curseforge, dbeaver-community)

README.md

@@ -21,8 +21,6 @@ This project is licensed under the MIT License. See the [LICENSE](LICENSE) file
 - [Building and Switching](#building-and-switching)
 - [Common Commands](#common-commands)
 - [Troubleshooting](#troubleshooting)
-- [Dirty Git Tree](#dirty-git-tree)
-- [Path Does Not Exist](#path-does-not-exist)
 - [References](#references)
 
 ## Overview
@@ -42,35 +40,42 @@ By splitting the configuration into multiple files under `./modules/`, each file
 After installing Nix, you can install nix-darwin (one recommended approach is from the official Nix-Darwin docs).
 
 ## Modules
-- **flake.nix**: The top-level file defining all inputs (nixpkgs, nix-darwin, home-manager, nix-homebrew) and outputs (your nix-darwin configuration). Imports each module (e.g., `./modules/darwin/homebrew.nix`) into `darwinConfigurations.<hostname>.modules`.
+
+- **flake.nix**: The top-level file defining all inputs (nixpkgs, nix-darwin, home-manager, nix-homebrew) and outputs.
 - **modules/darwin/apps/**:
   - `homebrew.nix`: Holds Homebrew-related configurations (brew packages, casks, etc.).
-  - `nixpackages.nix`: Holds your `environment.systemPackages`.
-  - `services.nix`: Configures system services (e.g., Tailscale, nix-daemon, security/pam).
-  - `default.nix`: Aggregates all .nix files in the directory for easier reference by the flake.
+  - `default.nix`: Aggregates all .nix files in the directory.
 - **modules/darwin/security/**:
   - `default.nix`: Consolidated configurations for security related settings.
 - **modules/darwin/system/**:
-  - `appearance.nix`: Appearance related settings (e.g., dock, interface, login window settings, etc ).
-  - `finder.nix`: Finder related customizations.
-  - `system.nix`: System configuration (e.g., trackpad, keyboard mapping, screenshot default location, etc...).
-  - `default.nix`: Aggregates all .nix files in directory for easier reference by the flake
+  - `system.nix`: System configuration (e.g., trackpad, keyboard mapping, screenshot default location, etc.).
+  - `default.nix`: Aggregates all .nix files in directory.
 - **modules/home/**:
-  - `<username>/dotfiles.nix`: Holds user-level dotfiles managed by Home Manager (e.g., `~/.gitconfig`, `~/.ssh/config`).
-- **rebuild.sh**: A convenience script that typically runs something like:
-  ```sh
-  #!/usr/bin/env bash
-  darwin-rebuild switch --flake .#<hostname>
-  ```
+  - `<username>/`: User-specific configurations
+  - `<username>/terminal/`: Terminal-related configurations including shell setup
+  - `<username>/terminal/starship/`: Starship prompt configurations
+
+## Management Script
+
+The repository includes an interactive management script (`manage.sh`) that provides a unified interface for common tasks:
+
+```sh
+./manage.sh
+```
+
+The script offers the following options:
+
+1. **Rebuild configuration**: Rebuilds the current configuration
+2. **Update flakes and rebuild**: Updates all flake inputs and rebuilds
+3. **Clean nix store**: Runs garbage collection on the Nix store
+4. **Exit**: Exits the script
+
+For rebuild operations (options 1 and 2), the script will:
+- Prompt for the hostname (defaults to "swaphb-mba" if not specified)
+- Execute the appropriate commands
 
 ## How to Use
 
-In the `flake.nix` file, you can define host-specific and user-specific variables using let-bindings. Examples shown in the `flake.nix` file.
-
-To add a new host or user, update the `hostVars` and `userVars` sections in the `flake.nix` file with the new configurations. Follow the existing structure to ensure consistency.
-
-Execution:
-
 1. **Clone the repository**:
     ```sh
     git clone https://github.com/your-username/nix-darwin-config.git
@@ -81,76 +86,46 @@ Execution:
     Follow the instructions on the [Nix website](https://nixos.org/download.html) to install Nix.
 
 3. **Enable Flakes**:
-    Ensure that flakes are enabled in your Nix configuration:
     ```sh
     mkdir -p ~/.config/nix
     echo "experimental-features = nix-command flakes" >> ~/.config/nix/nix.conf
     ```
 
 4. **Apply Configuration**:
-    To apply the configuration for a specific host, run:
     ```sh
-    nix build .#darwinConfigurations.<hostname>.system
-    ./result/sw/bin/darwin-rebuild switch --flake .
+    nix run nix-darwin --extra-experimental-features nix-command --extra-experimental-features flakes -- switch --flake .#swaphb-mba
     ```
-
-    Replace `<hostname>` with the actual hostname defined in the `flake.nix` file (e.g., `swaphb-mba`).
-
-## Building and Switching
-
-1. Clone this repo (or ensure you have your local copy).
-2. Install nix-darwin if you haven’t already.
-3. From the root of this repository (where `flake.nix` resides), run:
-    ```sh
-    darwin-rebuild switch --flake .#<hostname>
-    ```
-    Replace `<hostname>` with the actual name of your system defined in `flake.nix` (e.g., `swaphb-mba`).
-
-Alternatively, if you have a script `rebuild.sh`, run:
-
-```sh
-./rebuild.sh
-```
-which should do the same command under the hood.
+    Select option 1 to rebuild the configuration, and enter your hostname when prompted.
 
 ## Common Commands
 
+All common commands are now available through the management script (`./manage.sh`). However, you can still run commands manually if needed:
+
 - **Build without switching**:
     ```sh
     darwin-rebuild build --flake .#<hostname>
     ```
-    This only builds the configuration but doesn’t apply it.
 
 - **Show changes**:
     ```sh
     darwin-rebuild dry-activate --flake .#<hostname>
     ```
-    See what changes will be made without applying them.
 
 - **List available flake outputs**:
     ```sh
     nix flake show
     ```
-- **Build with switching**
-    ```sh
-    darwin-rebuild switch --flake .#<hostname>
-    ```
-- **Update upstream flakes**
-    ```sh
-    nix flake update
-    ```
 
 ## Troubleshooting
 
 ### Dirty Git Tree
 
-If you see warnings like:
+If you see warnings about a dirty Git tree:
 ```
 warning: Git tree '/path/to/your/repo' is dirty
 ```
-It means you have uncommitted changes.
 
-**Solution**: Either commit the changes or pass `--impure` (not recommended), or stage/commit the changes to keep the flake happy:
+**Solution**: Commit your changes:
 ```sh
 git add -A
 git commit -m "Commit message"
@@ -158,17 +133,15 @@ git commit -m "Commit message"
 
 ### Path Does Not Exist
 
-If you get an error similar to:
+If you get path-related errors:
 ```
 error: path '/nix/store/...-source/modules/darwin/homebrew.nix' does not exist
 ```
-It usually means:
 
-- You haven’t actually created or committed the file.
-- There’s a typo or case mismatch in the file name.
-- The file is in a different directory than you think.
-
-**Solution**: Make sure the file exists, check for correct spelling/capitalization, and commit it to Git.
+**Solution**: 
+- Verify the file exists
+- Check for correct spelling/capitalization
+- Ensure the file is committed to Git
 
 ## References
 
@@ -176,5 +149,3 @@ It usually means:
 - [nix-darwin](https://github.com/LnL7/nix-darwin)
 - [Home Manager](https://github.com/nix-community/home-manager)
 - [nix-homebrew (zhaofengli-wip)](https://github.com/zhaofengli/nix-homebrew)
-
-With this multi-file approach, you can easily add, remove, or tweak individual modules without having a giant monolithic `flake.nix`.

flake.lock

@@ -3,16 +3,16 @@
     "brew-src": {
       "flake": false,
       "locked": {
-        "lastModified": 1731323744,
-        "narHash": "sha256-SxUQm4cTHcaoPQHoXe26ZV8cZiMWBGow8MjE4L+MckM=",
+        "lastModified": 1758543057,
+        "narHash": "sha256-lw3V2jOGYphUFHYQ5oARcb6urlbNpUCLJy1qhsGdUmc=",
         "owner": "Homebrew",
         "repo": "brew",
-        "rev": "254bf3fe9d8fa2e1b2fb55dbcf535b2d870180c4",
+        "rev": "5b236456eb93133c2bd0d60ef35ed63f1c0712f6",
         "type": "github"
       },
       "original": {
         "owner": "Homebrew",
-        "ref": "4.4.5",
+        "ref": "4.6.12",
         "repo": "brew",
         "type": "github"
       }
@@ -24,11 +24,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1736013363,
-        "narHash": "sha256-P4lsS2Y5GzBfC8OfXtD/xWEucX6oHGTjOzjEjEJbXfc=",
+        "lastModified": 1760462439,
+        "narHash": "sha256-bks3rTsKGlqehk4l7rViIg2lBnUsY6we22O+ecRZB/c=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "0d7908bd09165db6699908b7e3970f137327cbf0",
+        "rev": "990e5ce6791ff1f497a61280a82eb66e3789e0e9",
         "type": "github"
       },
       "original": {
@@ -37,14 +37,30 @@
         "type": "github"
       }
     },
+    "homebrew-argoproj": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1756414928,
+        "narHash": "sha256-TzQt2B1RkVjDWf8lv+DYeigK5bIDC+Xz3kqVUQ5pNrc=",
+        "owner": "argoproj",
+        "repo": "homebrew-tap",
+        "rev": "fdc7edd03bb7d2719369be916f2682898b33ef83",
+        "type": "github"
+      },
+      "original": {
+        "owner": "argoproj",
+        "repo": "homebrew-tap",
+        "type": "github"
+      }
+    },
     "homebrew-bundle": {
       "flake": false,
       "locked": {
-        "lastModified": 1735922156,
-        "narHash": "sha256-tOoJZFO27K73tdSe7sSBifXnZY7qcFOrfD4HcqBzmek=",
+        "lastModified": 1745335228,
+        "narHash": "sha256-TIKR2UgtyUmHLNZp255/vLs+1I10hXe+sciMEbAGFwE=",
         "owner": "homebrew",
         "repo": "homebrew-bundle",
-        "rev": "93317652a34feaed7d8d4bfc52b9ac2de68c5cd1",
+        "rev": "a3265c84b232e13048ecbf6fc18a2eedfadbeb08",
         "type": "github"
       },
       "original": {
@@ -56,11 +72,11 @@
     "homebrew-cask": {
       "flake": false,
       "locked": {
-        "lastModified": 1736044780,
-        "narHash": "sha256-qy+vJxiHkYZhW1tsMoYQamqB9qH7GOSmuifCTaFuD5k=",
+        "lastModified": 1760475873,
+        "narHash": "sha256-NeoqHBS13ARF7gYaWQDk6wYpWS+LjoQ1TEV6wRGC8uo=",
         "owner": "homebrew",
         "repo": "homebrew-cask",
-        "rev": "864a85099bc1f5b66cc146c77b127a7ec29699f4",
+        "rev": "c0853818223614d9f1abac68abc770f552e77653",
         "type": "github"
       },
       "original": {
@@ -72,11 +88,11 @@
     "homebrew-core": {
       "flake": false,
       "locked": {
-        "lastModified": 1736041820,
-        "narHash": "sha256-4k+3M0qs2rbhqR7QtffbPuTWu/rnSuu4aCfno9wiWeE=",
+        "lastModified": 1760474416,
+        "narHash": "sha256-EBgYlw+gadSAXnXM4oPhdQcu5r+2zKmDYqDVAjTidXE=",
         "owner": "homebrew",
         "repo": "homebrew-core",
-        "rev": "5269812199d74ce7e80f9893b99f84ba4dd7c344",
+        "rev": "c5d5de1246fe4f9720e55e939209e81a152f39c1",
         "type": "github"
       },
       "original": {
@@ -85,6 +101,38 @@
         "type": "github"
       }
     },
+    "homebrew-hauler": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1752524684,
+        "narHash": "sha256-PgrLRlK6rOKdK3dLadIbE+XfG1a9hbza9uLQoUBYJXk=",
+        "owner": "hauler-dev",
+        "repo": "homebrew-tap",
+        "rev": "7c822a194a6d79074df82ca8ce1d89e6ef8c4efb",
+        "type": "github"
+      },
+      "original": {
+        "owner": "hauler-dev",
+        "repo": "homebrew-tap",
+        "type": "github"
+      }
+    },
+    "homebrew-siderolabs": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1759238339,
+        "narHash": "sha256-ZWFluo9oxr3xsY5awb1ZlAD8io8DJvWrrAXMl6Ja6Tw=",
+        "owner": "siderolabs",
+        "repo": "homebrew-tap",
+        "rev": "0cf0fdceeb7d438afee533e2aec078f5d7c079d3",
+        "type": "github"
+      },
+      "original": {
+        "owner": "siderolabs",
+        "repo": "homebrew-tap",
+        "type": "github"
+      }
+    },
     "nix-darwin": {
       "inputs": {
         "nixpkgs": [
@@ -92,29 +140,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1736002328,
-        "narHash": "sha256-anoVvML2D+nLfHlBfhEcCMjTou/9SRrrlqQN+Ug39ws=",
+        "lastModified": 1760338583,
+        "narHash": "sha256-IGwy02SH5K2hzIFrKMRsCmyvwOwWxrcquiv4DbKL1S4=",
         "owner": "LnL7",
         "repo": "nix-darwin",
-        "rev": "a464e5ba8cfb10a81599dbd422f30f5d37997916",
-        "type": "github"
-      },
-      "original": {
-        "owner": "LnL7",
-        "repo": "nix-darwin",
-        "type": "github"
-      }
-    },
-    "nix-darwin_2": {
-      "inputs": {
-        "nixpkgs": "nixpkgs"
-      },
-      "locked": {
-        "lastModified": 1716329735,
-        "narHash": "sha256-ap51w+VqG21vuzyQ04WrhI2YbWHd3UGz0e7dc/QQmoA=",
-        "owner": "LnL7",
-        "repo": "nix-darwin",
-        "rev": "eac4f25028c1975a939c8f8fba95c12f8a25e01c",
+        "rev": "9a9ab01072f78823ca627ae5e895e40d493c3ecf",
         "type": "github"
       },
       "original": {
@@ -125,16 +155,14 @@
     },
     "nix-homebrew": {
       "inputs": {
-        "brew-src": "brew-src",
-        "nix-darwin": "nix-darwin_2",
-        "nixpkgs": "nixpkgs_2"
+        "brew-src": "brew-src"
       },
       "locked": {
-        "lastModified": 1736041957,
-        "narHash": "sha256-Kk/cVtkxwfHNoB6nINUarMLTtyAEvH+ohzxKBptMzzg=",
+        "lastModified": 1758598228,
+        "narHash": "sha256-qr60maXGbZ4FX5tejPRI3nr0bnRTnZ3AbbbfO6/6jq4=",
         "owner": "zhaofengli-wip",
         "repo": "nix-homebrew",
-        "rev": "a6d99cc7436fc18c097b3536d9c45c0548c694c8",
+        "rev": "f36e5db56e117f7df701ab152d0d2036ea85218c",
         "type": "github"
       },
       "original": {
@@ -145,40 +173,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1687274257,
-        "narHash": "sha256-TutzPriQcZ8FghDhEolnHcYU2oHIG5XWF+/SUBNnAOE=",
-        "path": "/nix/store/22qgs3skscd9bmrxv9xv4q5d4wwm5ppx-source",
-        "rev": "2c9ecd1f0400076a4d6b2193ad468ff0a7e7fdc5",
-        "type": "path"
-      },
-      "original": {
-        "id": "nixpkgs",
-        "type": "indirect"
-      }
-    },
-    "nixpkgs_2": {
-      "locked": {
-        "lastModified": 1716330097,
-        "narHash": "sha256-8BO3B7e3BiyIDsaKA0tY8O88rClYRTjvAp66y+VBUeU=",
+        "lastModified": 1760349414,
+        "narHash": "sha256-W4Ri1ZwYuNcBzqQQa7NnWfrv0wHMo7rduTWjIeU9dZk=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "5710852ba686cc1fd0d3b8e22b3117d43ba374c2",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NixOS",
-        "ref": "nixos-unstable",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
-    "nixpkgs_3": {
-      "locked": {
-        "lastModified": 1735915915,
-        "narHash": "sha256-Q4HuFAvoKAIiTRZTUxJ0ZXeTC7lLfC9/dggGHNXNlCw=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "a27871180d30ebee8aa6b11bf7fef8a52f024733",
+        "rev": "c12c63cd6c5eb34c7b4c3076c6a99e00fcab86ec",
         "type": "github"
       },
       "original": {
@@ -191,12 +190,15 @@
     "root": {
       "inputs": {
         "home-manager": "home-manager",
+        "homebrew-argoproj": "homebrew-argoproj",
         "homebrew-bundle": "homebrew-bundle",
         "homebrew-cask": "homebrew-cask",
         "homebrew-core": "homebrew-core",
+        "homebrew-hauler": "homebrew-hauler",
+        "homebrew-siderolabs": "homebrew-siderolabs",
         "nix-darwin": "nix-darwin",
         "nix-homebrew": "nix-homebrew",
-        "nixpkgs": "nixpkgs_3"
+        "nixpkgs": "nixpkgs"
       }
     }
   },

flake.nix

@@ -25,6 +25,18 @@
       url = "github:homebrew/homebrew-bundle";
       flake = false;
     };
+    homebrew-argoproj = {
+      url = "github:argoproj/homebrew-tap";
+      flake = false;
+    };
+    homebrew-siderolabs = {
+      url = "github:siderolabs/homebrew-tap";
+      flake = false;
+    };
+    homebrew-hauler = {
+      url = "github:hauler-dev/homebrew-tap";
+      flake = false;
+    };
   };
 
   outputs = inputs@{ self, nix-darwin, home-manager, ... }:
@@ -92,6 +104,11 @@
       in
       nix-darwin.lib.darwinSystem {
         modules = [
+          ({ pkgs, ... }: {
+            _module.args = {
+              username = "${userVars.userA.username}";
+            };
+          })
           host1Base
           ./modules/darwin/default.nix
           inputs.nix-homebrew.darwinModules.nix-homebrew
@@ -104,9 +121,13 @@
                 "homebrew/homebrew-core"   = inputs.homebrew-core;
                 "homebrew/homebrew-cask"   = inputs.homebrew-cask;
                 "homebrew/homebrew-bundle" = inputs.homebrew-bundle;
+                "argoproj/homebrew-tap"    = inputs.homebrew-argoproj;
+                "siderolabs/homebrew-tap"  = inputs.homebrew-siderolabs;
+                "hauler-dev/homebrew-tap"  = inputs.homebrew-hauler;
+                # "hashicorp/homebrew-tap"   = inputs.homebrew-hashicorp;
               };
               autoMigrate = true;
-              mutableTaps = false;
+              mutableTaps = true;
             };
           }
           home-manager.darwinModules.home-manager {
@@ -121,7 +142,7 @@
               programs.zsh.enable  = (userVars.userA.shell == "zsh");
               programs.fish.enable = (userVars.userA.shell == "fish");
               imports = [
-                ./modules/home/${userVars.userA.username}/dotfiles.nix
+                ./modules/home/${userVars.userA.username}/default.nix
               ];
             };
           }

manage.sh

@@ -0,0 +1,44 @@
+#!/bin/bash
+
+# Colors for better visibility
+GREEN='\033[0;32m'
+BLUE='\033[0;34m'
+NC='\033[0m' # No Color
+
+# Print the menu
+echo -e "${BLUE}Nix Darwin Configuration Management${NC}"
+echo "1) Rebuild configuration"
+echo "2) Update flakes and rebuild"
+echo "3) Clean nix store"
+echo "4) Exit"
+echo ""
+
+# Get user choice
+read -p "Please select an option (1-4): " choice
+
+case $choice in
+    1)
+        echo -e "${GREEN}Rebuilding configuration...${NC}"
+        read -p "Enter hostname (default: swaphb-mba): " hostname
+        hostname=${hostname:-swaphb-mba}
+        sudo darwin-rebuild switch --flake .#$hostname
+        ;;
+    2)
+        echo -e "${GREEN}Updating flakes and rebuilding...${NC}"
+        read -p "Enter hostname (default: swaphb-mba): " hostname
+        hostname=${hostname:-swaphb-mba}
+        nix flake update && sudo darwin-rebuild switch --flake .#$hostname
+        ;;
+    3)
+        echo -e "${GREEN}Cleaning nix store...${NC}"
+        nix-store --gc
+        ;;
+    4)
+        echo "Exiting..."
+        exit 0
+        ;;
+    *)
+        echo "Invalid option. Please select 1-4."
+        exit 1
+        ;;
+esac 

modules/darwin/apps/homebrew.nix

@@ -4,30 +4,56 @@
   # Darwin-level Homebrew configuration
   homebrew = {
     enable = true;
-    onActivation.cleanup = "uninstall";
+    # Change cleanup strategy to be less aggressive
+    onActivation.cleanup = "zap"; # Only remove uninstalled packages
+    onActivation.autoUpdate = false;
+    onActivation.upgrade = false;
 
-    taps = [];
     brews = [
-      "cowsay"
+      "argoproj/homebrew-tap/kubectl-argo-rollouts"
+      "azure-cli"
+      "gh"
       "git"
-      "k9s"
+      "gnu-tar"
+      "hauler-dev/homebrew-tap/hauler"
       "helm"
-      "podman"
-      "podman-compose"
+      "httpie"
+      "k9s"
+      "siderolabs/homebrew-tap/talosctl"
+      "sshpass"
+      "ansible"
     ];
     casks = [
       "1password"
-      "podman-desktop"
+      "balenaetcher"
+      "brave-browser"
+      "citrix-workspace"
+      "curseforge"
+      "cursor"
+      "dbeaver-community"
+      "elgato-wave-link"
+      "freelens"
+      "ghostty"
+      "httpie"
+      "joplin"
+      "localsend"
+      "logi-options-plus"
+      "meetingbar"
+      "orbstack"
+      "parsec"
+      "spotify"
       "teleport-connect"
       "utm"
-      "localsend"
-      "joplin"
-      "ghostty"
+      "vivaldi"
     ];
     masApps = {
       "1Password for Safari" = 1569813296;
+      "pairvpn" = 1347012179;
+      "tailscale" = 1475387142;
+      "Windows App" = 1295203466;
       "wireguard" = 1451685025;
       "wipr" = 1320666476;
+      "Spacial Media Toolkit" = 6477903679;
     };
   };
 }

modules/darwin/apps/nixpackages.nix

@@ -1,23 +1,5 @@
 { config, pkgs, ... }:
 
 {
-  environment.systemPackages = with pkgs; [
-    _1password-cli
-    awscli
-    azure-cli
-    brave
-    discord
-    go
-    google-cloud-sdk
-    kubectl
-    krew
-    lens
-    slack
-    spotify
-    starship
-    teleport
-    tenv
-    vim
-    vscode
-  ];
+  environment.systemPackages = with pkgs; [  ];
 }

modules/darwin/apps/services.nix

@@ -2,6 +2,6 @@
 
 {
   # Example: Tailscale, other system services
-  services.nix-daemon.enable = true;
-  services.tailscale.enable = true;
+  # services.nix-daemon.enable = true;
+  # services.tailscale.enable = false;
 }

modules/darwin/security/default.nix

@@ -1,13 +1,13 @@
 { config, pkgs, ... }:
 {
   # Enable TouchID for PAM auth: you could also place security/pam or other service configs here:
-  security.pam.enableSudoTouchIdAuth = true;
+  security.pam.services.sudo_local.touchIdAuth = true;
 
-  system.defaults.alf = {
-    allowsignedenabled = 1; # Allows any signed Application to accept incoming requests. Default is true. 0 = disabled 1 = enabled
-    allowdownloadsignedenabled = 0; # Allows any signed Application to accept incoming requests. Default is false. 0 = disabled 1 = enabled
-    globalstate = 1; # Enable the internal firewall to prevent unauthorised applications, programs and services from accepting incoming connections. 0 = disabled 1 = enabled 2 = blocks all connections except for essential services
-    loggingenabled = 0; # Enable logging of blocked incoming connections. 0 = disabled 1 = enabled
-    stealthenabled = 1; # Enable stealth mode. This will prevent the computer from responding to ICMP ping requests and will not answer to port scans. 0 = disabled 1 = enabled
+  networking.applicationFirewall = {
+    enable = true;
+    blockAllIncoming = false; # Set to true if you want to block all except essential services
+    allowSigned = true;
+    allowSignedApp = false;
+    enableStealthMode = true;
   };
 }

modules/darwin/system/appearance.nix

@@ -1,31 +1,37 @@
-{ config, pkgs, lib, ... }:
+{ config, pkgs, lib, username, ... }:
+let
+  homeDirectory = "/Users/${username}";
+in
 {  
   # If you also want to do e.g. Dock preferences from the same user-level file:
   system.defaults.dock = {
     autohide = true;
     orientation = "bottom";
     persistent-apps = [
-      /Applications/Safari.app
-      /Applications/Ghostty.app
-      "/${pkgs.vscode}/Applications/Visual Studio Code.app" # Use the nixpkgs path to the app for apps installed via nix. This will automatically use the latest nix store path.
-      "/${pkgs.lens}/Applications/Lens.app"
+      "/System/Applications/Launchpad.app"
+      "/Applications/Vivaldi.app"
+      "/Applications/Brave Browser.app"
+      "/Applications/Ghostty.app"
+      "/Applications/Cursor.app"
+      "/Applications/Freelens.app"
+      # Use the nixpkgs path to the app for apps installed via nix. This will automatically use the latest nix store path.
       "/${pkgs.slack}/Applications/Slack.app"
       "/${pkgs.discord}/Applications/Discord.app"
-      "/${pkgs.spotify}/Applications/Spotify.app"
+      "/Applications/Spotify.app"
       "/Applications/joplin.app"
       # Add your persistent apps here
     ];
     persistent-others = [
-      "~/code"
-      "~/Downloads"
+      "${homeDirectory}/code"
+      "${homeDirectory}/Downloads"
+      "${homeDirectory}/Applications/Home Manager Apps"
       # Add your persistent others here
     ];
     show-recents = false;
     tilesize = 36; # Set the icon size on the dock; default is 64
   };
 
-
-system.defaults.NSGlobalDomain = {
+  system.defaults.NSGlobalDomain = {
     AppleInterfaceStyle = "Dark";     # "Dark" or "Light" - Darkmode all the things
     # Add more NSGlobalDomain settings here
   };
@@ -34,5 +40,5 @@ system.defaults.NSGlobalDomain = {
     GuestEnabled = false; # Disable guest account
     LoginwindowText = "Super Awesome Mac"; # Set login window text
     # Add more loginwindow settings here
-    };
+  };
 }

modules/darwin/system/system.nix

@@ -1,6 +1,8 @@
 { config, lib, ... }:
 
 {
+  system.primaryUser = config._module.args.username;
+ 
   system.defaults.screencapture = {
     location = "~/Documents/Screenshots"; # Set default screenshot location
     # Add more screencapture settings here
@@ -14,11 +16,12 @@
   };
 
   system.keyboard = {
-    swapLeftCtrlAndFn = true; # Swap left control and function keys
+    swapLeftCtrlAndFn = false; # Swap left control and function keys
     enableKeyMapping = true; # Enable key mapping
     # Set up your keyboard preferences here
   };
 
   system.defaults.WindowManager.EnableStandardClickToShowDesktop = false; # Disable/Enable standard click to show desktop
   # You can add more Mac defaults here as well...
+
 }

modules/home/stephen/default.nix

@@ -0,0 +1,29 @@
+{ config, pkgs, lib, ... }:
+{
+  imports = [
+    ./terminal/default.nix
+    ./shell.nix
+  ];
+
+  home = {
+    packages = with pkgs; [
+      _1password-cli
+      awscli2
+      discord
+      go
+      google-cloud-sdk
+      kubectl
+      krew
+      lens
+      ollama
+      packer
+      hcloud
+      butane
+      slack
+      teleport
+      tenv
+      vim
+      vscode
+    ];
+  };
+}

modules/home/stephen/dotfiles.nix

@@ -1,27 +0,0 @@
-{ config, pkgs, lib, ... }:
-
-{
-  # Some user-level dotfiles
-  home.file = {
-    ".ssh/config".text = ''
-      Host *
-        IdentityAgent "~/Library/Group Containers/2BUA8C4S2C.com.1password/t/agent.sock"
-    '';
-
-    ".gitconfig".text = ''
-      [user]
-        name = swaphb
-        email = s@swaphb.com
-        signingkey = ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJx0WMlfx+AwcROXFO+/all/WkLvBKpEkjwRY15tjSiB
-
-      [gpg]
-        format = ssh
-
-      [gpg "ssh"]
-        program = "/Applications/1Password.app/Contents/MacOS/op-ssh-sign"
-
-      [commit]
-        gpgSign = true
-    '';
-  };
-}

modules/home/stephen/shell.nix

@@ -0,0 +1,12 @@
+{ config, pkgs, lib, ... }:
+
+{
+  # Configure zsh through programs.zsh instead of home.file
+  programs.zsh = {
+    enable = true;
+    initContent = ''
+      eval "$(starship init zsh)"
+      export PATH="''${KREW_ROOT:-/Users/${config.home.username}/.krew}/bin:$PATH"
+    '';
+  };
+}

modules/home/stephen/terminal/default.nix

@@ -0,0 +1,70 @@
+{ config, pkgs, lib, ... }:
+
+{
+
+  imports = [
+    ./starship/default.nix
+  ];
+
+  # Some user-level dotfiles
+  home.file = {
+    # Configure ssh
+    ".ssh/config".text = ''
+      Host *
+        IdentityAgent "~/Library/Group Containers/2BUA8C4S2C.com.1password/t/agent.sock"
+      
+      Host 100.107.126.64 # er-docker-server
+        User stephen
+        IdentityAgent "~/Library/Group Containers/2BUA8C4S2C.com.1password/t/agent.sock"
+        
+      Host ovh-pangolin
+        User ubuntu
+        IdentityAgent "~/Library/Group Containers/2BUA8C4S2C.com.1password/t/agent.sock"
+    '';
+
+    # Configure git
+    ".gitconfig".text = ''
+      [user]
+        name = swaphb
+        email = s@swaphb.com
+        signingkey = ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJx0WMlfx+AwcROXFO+/all/WkLvBKpEkjwRY15tjSiB
+
+      [gpg]
+        format = ssh
+
+      [gpg "ssh"]
+        program = "/Applications/1Password.app/Contents/MacOS/op-ssh-sign"
+
+      [commit]
+        gpgSign = true
+    '';
+
+    # Configure 1password agent.toml
+    ".config/1Password/ssh/agent.toml".text = ''
+      # Examples can be found here:
+      #  https://developer.1password.com/docs/ssh/agent/config
+
+      [[ssh-keys]]
+      item = "github-auth-key"
+      vault = "Private"
+      
+      [[ssh-keys]]
+      item = "github-sign-key"
+      vault = "Private"
+      
+      [[ssh-keys]]
+      item = "Github-swaphb"
+      vault = "Private"
+      
+      [[ssh-keys]]
+      vault = "Employee"
+    '';
+
+    # Configure ghostty
+    ".config/ghostty/config".text = ''
+      background-opacity = 0.9
+      theme = "dracula"
+    '';
+
+  };
+}

modules/home/stephen/terminal/starship/default.nix

@@ -0,0 +1,185 @@
+{
+  programs.starship = {
+    enable = true;
+    settings = {
+      add_newline = false;
+      scan_timeout = 10;
+      format = "$all";
+
+      character = {
+        success_symbol = "[>](bold green)";
+        error_symbol = "[x](bold red)";
+        vimcmd_symbol = "[<](bold green)";
+      };
+
+      cmd_duration = {
+        min_time = 500;
+        format = "took [$duration](bold yellow)";
+      };
+
+      git_commit = {
+        tag_symbol = " tag ";
+      };
+
+      git_status = {
+        ahead = ">";
+        behind = "<";
+        diverged = "<>";
+        renamed = "r";
+        deleted = "x";
+      };
+
+      aws = {
+        symbol = "aws ";
+      };
+
+      azure = {
+        symbol = "az ";
+      };
+
+      bun = {
+        symbol = "bun ";
+      };
+
+      cmake = {
+        symbol = "cmake ";
+      };
+
+      deno = {
+        symbol = "deno ";
+      };
+
+      directory = {
+        read_only = " ro";
+      };
+
+      docker_context = {
+        symbol = "docker ";
+      };
+
+      git_branch = {
+        symbol = "git ";
+      };
+
+      golang = {
+        symbol = "go ";
+      };
+
+      hostname = {
+        ssh_only = false;
+        format = " on [$hostname](bold #FFA500)\n";
+        disabled = false;
+      };
+
+      lua = {
+        symbol = "lua ";
+      };
+
+      nodejs = {
+        symbol = "nodejs ";
+      };
+
+      memory_usage = {
+        symbol = "memory ";
+      };
+
+      nim = {
+        symbol = "nim ";
+      };
+
+      nix_shell = {
+        symbol = "nix ";
+      };
+
+      os = {
+        format = "[$symbol]($style) "; # Display the OS symbol
+        disabled = false;             # Enable the OS module
+        style = "bold green";         # Style for the OS symbol
+      };
+
+      os.symbols = {
+        Alpaquita = "alq ";
+        Alpine = "alp ";
+        Amazon = "amz ";
+        Android = "andr ";
+        Arch = "rch ";
+        Artix = "atx ";
+        CentOS = "cent ";
+        Debian = "deb ";
+        DragonFly = "dfbsd ";
+        Emscripten = "emsc ";
+        EndeavourOS = "ndev ";
+        Fedora = "fed ";
+        FreeBSD = "fbsd ";
+        Garuda = "garu ";
+        Gentoo = "gent ";
+        HardenedBSD = "hbsd ";
+        Illumos = "lum ";
+        Linux = "lnx ";
+        Mabox = "mbox ";
+        Macos = " ";
+        Manjaro = "mjo ";
+        Mariner = "mrn ";
+        MidnightBSD = "mid ";
+        Mint = "mint ";
+        NetBSD = "nbsd ";
+        NixOS = "nix ";
+        OpenBSD = "obsd ";
+        OpenCloudOS = "ocos ";
+        openEuler = "oeul ";
+        openSUSE = "osuse ";
+        OracleLinux = "orac ";
+        Pop = "pop ";
+        Raspbian = "rasp ";
+        Redhat = "rhl ";
+        RedHatEnterprise = "rhel ";
+        Redox = "redox ";
+        Solus = "sol ";
+        SUSE = "suse ";
+        Ubuntu = "ubnt ";
+        Unknown = "unk ";
+        Windows = "win ";
+      };
+
+      package = {
+        symbol = "pkg ";
+      };
+
+      purescript = {
+        symbol = "purs ";
+      };
+
+      python = {
+        symbol = "py ";
+      };
+
+      rust = {
+        symbol = "rs ";
+      };
+
+      status = {
+        symbol = "[x](bold red) ";
+      };
+
+      sudo = {
+        symbol = "sudo ";
+      };
+
+      terraform = {
+        symbol = "terraform ";
+      };
+
+      username = {
+        style_user = "blue bold";
+        style_root = "orange bold";
+        format = "[$user]($style)";
+        disabled = false;
+        show_always = true;
+      };
+
+      zig = {
+        symbol = "zig ";
+      };
+    };
+  };
+}

modules/home/userB/default.nix

@@ -1,4 +1,4 @@
-{ config, pkgs, lib, ... }:
+{ config, pkgs, lib, username, ... }:
 
 {
   home.file.".gitconfig".text = ''
@@ -10,4 +10,15 @@
   home.file.".zshrc".text = ''
     # userA's custom zsh config
   '';
+
+  imports = [
+    # User B's imports
+  ];
+
+  home = {
+    packages = with pkgs; [
+      # User B's packages
+    ];
+
+  };
 }

rebuild.sh

@@ -1,2 +0,0 @@
-#bin/bash
-darwin-rebuild switch --flake .#swaphb-mba

update.sh

@@ -1,3 +0,0 @@
-#bin/bash
-nix flake update
-darwin-rebuild switch --flake .#swaphb-mba