From f8a9228baa4f68c7639ef703e15f97bf146c53ee Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Thu, 13 Nov 2025 22:45:18 +0100
Subject: ...

---
 users/gkleen/default.nix | 135 ++++++++++++++++++++++++++---------------------
 users/root.nix           | 110 +++++++++++++++++++++++++++-----------
 2 files changed, 155 insertions(+), 90 deletions(-)

(limited to 'users')

diff --git a/users/gkleen/default.nix b/users/gkleen/default.nix
index 5ce93de7..84446582 100644
--- a/users/gkleen/default.nix
+++ b/users/gkleen/default.nix
@@ -1,5 +1,7 @@
-{ flake, userName, pkgs, customUtils, lib, ... }:
-{
+{ flake, home-manager, userName, pkgs, customUtils, lib, ... }:
+let
+  homeManagerRelease = lib.importJSON (home-manager + /release.json);
+in {
   imports = with flake.nixosModules.userProfiles.${userName}; [
     utils direnv
   ];
@@ -15,69 +17,84 @@
     hashedPassword = "$6$rounds=500000$dOMgCU7DAk$yQFYGOURTEt12387LIYBnFKSWmtwXMUk1LJWnV0m7OFt.y2TnxQn2abdGA5dhwG9EmMB5wZGXf4J5F71c746C/";
   };
 
-  home-manager.users.${userName} = {
-    home.keyboard = {
-      layout = "us";
-      variant = "dvp";
-      options = [ "ctl:nocaps" "compose:caps" ];
-    };
+  home-manager.users.${userName} = { config, ... }: lib.foldr lib.recursiveUpdate {} ([
+    {
+      home.keyboard = {
+        layout = "us";
+        variant = "dvp";
+        options = [ "ctl:nocaps" "compose:caps" ];
+      };
+
+      programs = {
+        git.enable = true;
 
+        ssh.enable = true;
+
+        gpg.enable = true;
+      };
+    }
+  ] ++ (lib.optional (lib.versionAtLeast homeManagerRelease.release "25.11") {
     programs = {
-      git = {
-        enable = true;
-        userEmail = "gkleen@yggdrasil.li";
-        userName = "Gregor Kleen";
-        delta.enable = true;
-        extraConfig = {
-          core.excludesfile = toString ./gitignore;
-          pull.rebase = true;
-          submodule.recurse = true;
-          init.defaultBranch = "main";
-          column.ui = "auto";
-          branch.sort = "-committerdate";
-          tag.sort = "version:refname";
-          diff = {
-            algorithm = "histogram";
-            colorMoved = "plain";
-            mnemonicPrefix = true;
-            renames = true;
-          };
-          push = {
-            default = "simple";
-            autoSetupRemote = true;
-            followTags = true;
-          };
-          fetch = {
-            prune = true;
-            pruneTags = true;
-            all = true;
-          };
-          rerere = {
-            enabled = true;
-            autoupdate = true;
-          };
-          rebase = {
-            autoSquash = true;
-            autoStash = true;
-            updateRefs = true;
-          };
-          merge.conflictstyle = "zdiff3";
+      git.settings = {
+        user = {
+          email = "gkleen@yggdrasil.li";
+          name = "Gregor Kleen";
+        };
+        core.excludesfile = toString ./gitignore;
+        pull.rebase = true;
+        submodule.recurse = true;
+        init.defaultBranch = "main";
+        column.ui = "auto";
+        branch.sort = "-committerdate";
+        tag.sort = "version:refname";
+        diff = {
+          algorithm = "histogram";
+          colorMoved = "plain";
+          mnemonicPrefix = true;
+          renames = true;
+        };
+        push = {
+          default = "simple";
+          autoSetupRemote = true;
+          followTags = true;
+        };
+        fetch = {
+          prune = true;
+          pruneTags = true;
+          all = true;
         };
+        rerere = {
+          enabled = true;
+          autoupdate = true;
+        };
+        rebase = {
+          autoSquash = true;
+          autoStash = true;
+          updateRefs = true;
+        };
+        merge.conflictstyle = "zdiff3";
       };
-
-      ssh = {
+      delta = {
         enable = true;
-        controlMaster = "auto";
-        controlPersist = "30m";
-        serverAliveInterval = 6;
-        serverAliveCountMax = 10;
-        hashKnownHosts = true;
-        extraConfig = ''
-          IdentitiesOnly true
-        '';
+        enableGitIntegration = true;
       };
+      ssh = {
+        enableDefaultConfig = false;
+        matchBlocks."*" = {
+          forwardAgent = false;
+          addKeysToAgent = "no";
+          compression = false;
+          userKnownHostsFile = "~/.ssh/known_hosts";
+          controlPath = "~/.ssh/master-%r@%n:%p";
 
-      gpg.enable = true;
+          controlMaster = "auto";
+          controlPersist = "30m";
+          serverAliveInterval = 6;
+          serverAliveCountMax = 10;
+          hashKnownHosts = true;
+          identitiesOnly = true;
+        };
+      };
     };
-  };
+  }));
 }
diff --git a/users/root.nix b/users/root.nix
index ed1acd50..7fa99452 100644
--- a/users/root.nix
+++ b/users/root.nix
@@ -1,6 +1,7 @@
-{ flake, lib, config, hostName, userName, pkgs, ... }:
+{ flake, home-manager, lib, config, hostName, userName, pkgs, ... }:
 let
   haveGKleen = flake.nixosModules.accounts ? "gkleen@${hostName}";
+  homeManagerRelease = lib.importJSON (home-manager + /release.json);
 in {
   imports = with flake.nixosModules.userProfiles.${userName}; [
     direnv utils
@@ -11,42 +12,89 @@ in {
     openssh.authorizedKeys.keyFiles = config.users.users."gkleen".openssh.authorizedKeys.keyFiles;
   };
 
-  home-manager.users.${userName} = {
+  home-manager.users.${userName} = { config, ... }: lib.foldr lib.recursiveUpdate {} ([
+    {
+      programs = {
+        git.enable = true;
+
+        ssh.enable = true;
+
+        gpg.enable = true;
+      };
+
+      services = {
+        gpg-agent = {
+          enable = true;
+          enableSshSupport = true;
+          extraConfig = ''
+            pinentry-program ${pkgs.pinentry-curses}/bin/pinentry
+            grab
+          '';
+        };
+      };
+    }
+  ] ++ (lib.optional (lib.versionAtLeast homeManagerRelease.release "25.11") {
     programs = {
-      git = {
-        enable = true;
-        userEmail = "gkleen@yggdrasil.li";
-        userName = "Gregor Kleen";
-        delta.enable = true;
-        extraConfig = {
-          pull.rebase = false;
+      git.settings = {
+        user = {
+          email = "gkleen@yggdrasil.li";
+          name = "Gregor Kleen";
+        };
+        core.excludesfile = toString ./gitignore;
+        pull.rebase = true;
+        submodule.recurse = true;
+        init.defaultBranch = "main";
+        column.ui = "auto";
+        branch.sort = "-committerdate";
+        tag.sort = "version:refname";
+        diff = {
+          algorithm = "histogram";
+          colorMoved = "plain";
+          mnemonicPrefix = true;
+          renames = true;
+        };
+        push = {
+          default = "simple";
+          autoSetupRemote = true;
+          followTags = true;
+        };
+        fetch = {
+          prune = true;
+          pruneTags = true;
+          all = true;
         };
+        rerere = {
+          enabled = true;
+          autoupdate = true;
+        };
+        rebase = {
+          autoSquash = true;
+          autoStash = true;
+          updateRefs = true;
+        };
+        merge.conflictstyle = "zdiff3";
       };
-
-      ssh = {
+      delta = {
         enable = true;
-        controlMaster = "auto";
-        controlPersist = "30m";
-        serverAliveInterval = 6;
-        serverAliveCountMax = 10;
-        hashKnownHosts = true;
-        extraConfig = ''
-          IdentitiesOnly true
-        '';
+        enableGitIntegration = true;
       };
+      ssh = {
+        enableDefaultConfig = false;
+        matchBlocks."*" = {
+          forwardAgent = false;
+          addKeysToAgent = "no";
+          compression = false;
+          userKnownHostsFile = "~/.ssh/known_hosts";
+          controlPath = "~/.ssh/master-%r@%n:%p";
 
-      gpg.enable = true;
-    };
-
-    services = {
-      gpg-agent = {
-        enable = true;
-        enableSshSupport = true;
-        extraConfig = ''
-          pinentry-program ${pkgs.pinentry-curses}/bin/pinentry
-          grab
-        '';
+          controlMaster = "auto";
+          controlPersist = "30m";
+          serverAliveInterval = 6;
+          serverAliveCountMax = 10;
+          hashKnownHosts = true;
+          identitiesOnly = true;
+        };
       };
     };
-  };
+  }));
 }
-- 
cgit v1.2.3