init by ai

nixos/default.nix

@@ -0,0 +1,44 @@
+{ config, lib, pkgs, pkgs-unstable, ... }:
+
+{
+  imports = [
+    ./modules/system.nix
+    ./modules/development.nix
+    ./modules/shell.nix
+  ];
+
+  # ============================================
+  # Shared NixOS Configuration
+  # ============================================
+
+  # System packages available to all users
+  environment.systemPackages = with pkgs; [
+    git
+    curl
+    wget
+    vim
+    htop
+  ];
+
+  # Nix settings
+  nix = {
+    settings = {
+      experimental-features = [ "nix-command" "flakes" ];
+      auto-optimise-store = true;
+    };
+    gc = {
+      automatic = true;
+      dates = "weekly";
+      options = "--delete-older-than 30d";
+    };
+  };
+
+  # System-wide locale
+  i18n.defaultLocale = "en_US.UTF-8";
+  time.timeZone = "UTC";
+
+  # Networking basics
+  networking.useDHCP = lib.mkDefault true;
+  networking.networkmanager.enable = lib.mkDefault false;
+
+}

nixos/modules/development.nix

@@ -0,0 +1,50 @@
+{ config, lib, pkgs, pkgs-unstable, ... }:
+
+{
+  options.custom.development = {
+    enable = lib.mkEnableOption "Development tools";
+    languages = lib.mkOption {
+      type = lib.types.listOf lib.types.str;
+      default = [ ];
+      description = "Programming languages to install (rust, python, nodejs, go, etc)";
+    };
+  };
+
+  config = let
+    cfg = config.custom.development;
+
+    languagePackages = {
+      rust = with pkgs; [ rustup cargo-deny cargo-edit ];
+      python = with pkgs; [ python3 python3Packages.pip python3Packages.virtualenv ];
+      nodejs = with pkgs; [ nodejs npm pnpm ];
+      go = with pkgs; [ go golangci-lint ];
+      ruby = with pkgs; [ ruby bundler ];
+    };
+
+    selectedPackages =
+      lib.concatMap (lang: languagePackages.${lang} or []) cfg.languages;
+
+  in lib.mkIf cfg.enable {
+
+    # Core development tools
+    environment.systemPackages = with pkgs; [
+      git
+      git-lfs
+      gnumake
+      pkg-config
+      gcc
+      clang
+      cmake
+      gdb
+      ripgrep
+      fd
+      jq
+      yq-go
+    ] ++ selectedPackages;
+
+    # Enable container support (optional)
+    virtualisation.docker.enable = true;
+    virtualisation.docker.enableOnBoot = false;
+
+  };
+}

nixos/modules/example-template.nix

@@ -0,0 +1,55 @@
+{ config, lib, pkgs, ... }:
+
+# Template for creating new NixOS modules
+# Copy this file and customize for your needs
+
+{
+  options.custom.example = {
+    enable = lib.mkEnableOption "Example feature";
+
+    # Add more options as needed
+    setting1 = lib.mkOption {
+      type = lib.types.str;
+      default = "default value";
+      description = "Description of setting1";
+    };
+
+    setting2 = lib.mkOption {
+      type = lib.types.listOf lib.types.str;
+      default = [ ];
+      description = "A list of values";
+    };
+  };
+
+  config = let
+    cfg = config.custom.example;
+  in lib.mkIf cfg.enable {
+
+    # Your configuration here
+    environment.systemPackages = with pkgs; [
+      # Add packages needed for this feature
+    ];
+
+    # Other NixOS configuration
+    # services.myservice.enable = true;
+
+  };
+
+}
+
+# How to use this module:
+#
+# 1. Save this template as nixos/modules/myfeature.nix
+#
+# 2. Import it in nixos/default.nix:
+#    imports = [
+#      ./modules/myfeature.nix
+#    ];
+#
+# 3. Enable in host config (hosts/laptop/default.nix):
+#    custom.myfeature.enable = true;
+#    custom.myfeature.setting1 = "my value";
+#    custom.myfeature.setting2 = [ "value1" "value2" ];
+#
+# 4. Rebuild:
+#    sudo nixos-rebuild switch --flake .#laptop

nixos/modules/secrets-example.nix

@@ -0,0 +1,69 @@
+{ config, lib, pkgs, sops-nix, ... }:
+
+# Example: How to use sops-nix for secrets management
+# This module is NOT imported by default - uncomment in nixos/default.nix to use
+
+{
+  imports = [ sops-nix.nixosModules.sops ];
+
+  # Point to your encrypted secrets file
+  sops.defaultSopsFile = ../../../secrets/secrets.yaml;
+
+  # Age key location (sops-nix will decrypt using this)
+  sops.age.keyFile = "/home/youruser/.config/sops/age/keys.txt";
+
+  # Define which secrets to decrypt and where
+  sops.secrets = {
+    # SSH keys
+    "ssh/github_key" = {
+      owner = "youruser";
+      group = "users";
+      mode = "0600";
+      # Decrypted to: /run/secrets/ssh/github_key
+    };
+
+    # API keys
+    "api_keys/example_api" = {
+      owner = "youruser";
+      group = "users";
+      mode = "0600";
+    };
+
+    # Passwords (less recommended, use SSH keys when possible)
+    "passwords/example_password" = {
+      owner = "youruser";
+      group = "users";
+      mode = "0600";
+    };
+  };
+
+  # Example: Use decrypted secret in environment variable
+  environment.variables = {
+    # GITHUB_SSH_KEY = "${config.sops.secrets."ssh/github_key".path}";
+  };
+
+  # Example: Copy secret to user home (for Git, SSH, etc.)
+  system.activationScripts.installSecrets = lib.stringAfter [ "users" ] ''
+    mkdir -p /home/youruser/.ssh
+    cp ${config.sops.secrets."ssh/github_key".path} /home/youruser/.ssh/github
+    chown youruser:users /home/youruser/.ssh/github
+    chmod 0600 /home/youruser/.ssh/github
+  '';
+
+}
+
+# Usage in other modules:
+#
+# To use decrypted secrets in other config files, reference like:
+#   ${config.sops.secrets."ssh/github_key".path}
+#
+# Example in Git config:
+#   programs.git.extraConfig = {
+#     core.sshCommand = "ssh -i ${config.sops.secrets."ssh/github_key".path}";
+#   };
+#
+# Example in home-manager:
+#   programs.ssh.matchBlocks.github = {
+#     host = "github.com";
+#     identityFile = "${config.sops.secrets."ssh/github_key".path}";
+#   };

nixos/modules/shell.nix

@@ -0,0 +1,28 @@
+{ config, lib, pkgs, ... }:
+
+{
+  options.custom.shell = {
+    enable = lib.mkEnableOption "Shell configuration" // { default = true; };
+    defaultShell = lib.mkOption {
+      type = lib.types.str;
+      default = "zsh";
+      description = "Default shell (bash, zsh, fish)";
+    };
+  };
+
+  config = let
+    cfg = config.custom.shell;
+  in lib.mkIf cfg.enable {
+
+    programs.zsh.enable = cfg.defaultShell == "zsh";
+    programs.bash.enable = true;
+    programs.fish.enable = cfg.defaultShell == "fish";
+
+    # Common shell packages
+    environment.systemPackages = with pkgs; [
+      starship
+      direnv
+    ];
+
+  };
+}

nixos/modules/system.nix

@@ -0,0 +1,25 @@
+{ config, lib, pkgs, ... }:
+
+{
+  options.custom.system = {
+    enable = lib.mkEnableOption "Custom system module" // { default = true; };
+  };
+
+  config = lib.mkIf config.custom.system.enable {
+    # System-wide settings
+    system.stateVersion = "24.11";
+
+    # Users
+    users.users.youruser = {
+      isNormalUser = true;
+      extraGroups = [ "wheel" "docker" ];
+      shell = pkgs.zsh;
+    };
+
+    # Sudo
+    security.sudo.enable = true;
+
+    # SSH (disabled by default, enable in host config if needed)
+    services.openssh.enable = lib.mkDefault false;
+  };
+}