updates · jaspermayone.com/dots@01b4574

+5

configs/claude/CLAUDE.md

··· 1 + - Always prefer using the gh cli commands for github actions wherever possible 2 + - Commits dont need to be super long or info heavy, a super concise summary is always better (find some balance) 3 + - When working on new features/issues make git worktrees wherever it feels appropriate 4 + - Always remove git worktrees when you are done using them 5 + - After addressing PR comments, you can resolve them if you have solved / addressed the comment

+24

configs/claude/settings.json

··· 1 + { 2 + "permissions": { 3 + "defaultMode": "default" 4 + }, 5 + "attribution": { 6 + "commit": "", 7 + "pr": "" 8 + }, 9 + "includeCoAuthoredBy": false, 10 + "enabledPlugins": { 11 + "feature-dev@claude-plugins-official": true, 12 + "commit-commands@claude-plugins-official": true, 13 + "figma@claude-plugins-official": true, 14 + "github@claude-plugins-official": true, 15 + "security-guidance@claude-plugins-official": true, 16 + "stripe@claude-plugins-official": true, 17 + "swift-lsp@claude-plugins-official": true, 18 + "typescript-lsp@claude-plugins-official": true, 19 + "vercel@claude-plugins-official": true, 20 + "frontend-design@claude-plugins-official": true, 21 + "safety-net@cc-marketplace": true, 22 + "ruby-lsp@Piebald-AI/claude-code-lsps": true 23 + } 24 + }

+4 -2

darwin/default.nix

··· 28 28 environment.systemPackages = with pkgs; [ 29 29 vim 30 30 git 31 + git-gui 31 32 inputs.agenix.packages.${pkgs.stdenv.hostPlatform.system}.default 32 33 33 34 # CLI tools (migrated from homebrew) ··· 47 48 48 49 # Additional CLI tools 49 50 lazygit 50 - redis 51 51 mkcert 52 52 inetutils # telnet, ftp, etc. 53 53 watchman ··· 124 124 # Databases (specific versions) 125 125 "mysql@8.0" 126 126 "postgresql@17" 127 + "redis" 127 128 "percona-toolkit" 128 129 "pgvector" 129 130 ··· 437 438 # Activation scripts for settings that can't be done declaratively 438 439 # Note: these run as root during activation 439 440 system.activationScripts.extraActivation.text = '' 440 - # Symlink nix bitwarden-cli to homebrew bin for Raycast compatibility 441 + # Symlink nix tools to homebrew bin for GUI app compatibility 441 442 ln -sf /run/current-system/sw/bin/bw /opt/homebrew/bin/bw 443 + ln -sf /run/current-system/sw/bin/git /opt/homebrew/bin/git 442 444 443 445 # Show ~/Library folder (for primary user) 444 446 chflags nohidden /Users/jsp/Library

+1

home/default.nix

··· 31 31 EDITOR = "vim"; 32 32 VISUAL = "vim"; 33 33 PAGER = "less"; 34 + CLAUDE_CODE_DISABLE_TERMINAL_TITLE = "1"; 34 35 }; 35 36 36 37 # Vim configuration

+3 -3

hosts/alastor/configuration.nix

··· 118 118 mode = "400"; 119 119 owner = "jsp"; 120 120 }; 121 - github-token = { 122 - file = ../../secrets/github-token.age; 121 + knot-sync-github-token = { 122 + file = ../../secrets/knot-sync-github-token.age; 123 123 mode = "400"; 124 124 owner = "git"; # tangled uses git user 125 125 }; ··· 218 218 jsp.services.knot-sync = { 219 219 enable = true; 220 220 repoDir = "/var/lib/knot/repos/did:plc:abgthiqrd7tczkafjm4ennbo"; 221 - secretsFile = config.age.secrets.github-token.path; 221 + secretsFile = config.age.secrets.knot-sync-github-token.path; 222 222 }; 223 223 224 224 # Caddy reverse proxy (with Cloudflare DNS plugin for ACME)

+12

modules/configs.nix

··· 26 26 # Mise (version manager) configuration 27 27 xdg.configFile."mise/config.toml".source = ../configs/mise.toml; 28 28 29 + # Claude Code configuration 30 + home.file.".claude/CLAUDE.md".source = ../configs/claude/CLAUDE.md; 31 + home.file.".claude/settings.json".source = ../configs/claude/settings.json; 32 + 29 33 # Espanso configuration 30 34 home.file = lib.mkMerge [ 31 35 # macOS espanso paths ··· 103 107 NPMRC_SECRET="$SECRETS_DIR/npmrc.age" 104 108 if [ -f "$NPMRC_SECRET" ]; then 105 109 $DRY_RUN_CMD $AGE -d -i "$SSH_KEY" "$NPMRC_SECRET" > "$HOME/.npmrc" 2>/dev/null || echo "Warning: Failed to decrypt npmrc" 110 + fi 111 + 112 + # Decrypt Claude GitHub token (for MCP server) 113 + CLAUDE_GITHUB_SECRET="$SECRETS_DIR/claude-github-token.age" 114 + if [ -f "$CLAUDE_GITHUB_SECRET" ]; then 115 + $DRY_RUN_CMD mkdir -p "$HOME/.config/claude" 116 + $DRY_RUN_CMD $AGE -d -i "$SSH_KEY" "$CLAUDE_GITHUB_SECRET" > "$HOME/.config/claude/github-token" 2>/dev/null || echo "Warning: Failed to decrypt Claude GitHub token" 117 + $DRY_RUN_CMD chmod 600 "$HOME/.config/claude/github-token" 106 118 fi 107 119 fi 108 120 '';

+5

modules/shell.nix

··· 487 487 # Fix GPG issues with Homebrew install 488 488 export GPG_TTY=$(tty) 489 489 490 + # Claude Code GitHub token (for MCP server) 491 + if [[ -f "$HOME/.config/claude/github-token" ]]; then 492 + export GITHUB_PERSONAL_ACCESS_TOKEN=$(cat "$HOME/.config/claude/github-token") 493 + fi 494 + 490 495 # ============================================================================ 491 496 # SHELL INTEGRATIONS 492 497 # ============================================================================

secrets/atuin-key.age

This is a binary file and will not be displayed.

secrets/bore-token.age

This is a binary file and will not be displayed.

+11

secrets/claude-github-token.age

··· 1 + age-encryption.org/v1 2 + -> ssh-ed25519 1uIO/w C2aJkboV5F+oirlt3MjW2yO+NXYp3jfjoN70R1pQs1U 3 + DM2hplfGz1vrxyzB00ue75fQ/5hmbTnNSvuOi71HmSk 4 + -> ssh-ed25519 U0D80g kA/iiqJx+wI/3Spj0bRDdbZfSlJJN1Va8rxtL+LksWo 5 + Al4eOxG9IArRFf/YnmLMFgA9dawpDq1SR/JnscqzGcM 6 + -> ssh-ed25519 JCO7mw DXkJpySgjLuenfS6Dh/BWFatKYVYnli34n2Oc8laHVU 7 + iNR/fvH02sglw3zgsoaU3qxHRfne++gRgcfILdGcv/g 8 + -> ssh-ed25519 KMKb6w 2GYqYUcAFH2sxkJuuHB4moANVTMWXnPrWsnadHnQiy8 9 + 1ehEGVL2iFYypzhF1mMpnLvNg7qo09Z3vnhq810dnmM 10 + --- Q2JpnwcYOuhml+rN1E284+gVBa8lehfE5IQEf5NrKXg 11 + %t�?�M�%$3�H��.�v��C�J�Pp��;�UYzh4{�w�W�yO 9��7�Hty�;��q�ˋl� �e�Vr)��%��|4xir��;%��*�Cy��GWFH�V3��H

+7 -7

secrets/cloudflare-credentials.age

··· 1 1 age-encryption.org/v1 2 - -> ssh-ed25519 1uIO/w ustp3KAI0UIOYeWp9mMmvJjb8x+GccflfBhVUaQbcDI 3 - t23eZWOWbD1G4dKZb3sjLZ4nHok/ik6vLWdMfjcsrlM 4 - -> ssh-ed25519 U0D80g n+88VRxxhoD6gXP7B2k+BSCS9tn/oNAXOQNWbgiWVVQ 5 - Vi8tRmPiA5LK4IOWuNKAI8Rd0u6IkTwbX6+IOrsXiPs 6 - --- v/3DyKYiVEkki2ci8s1mEm/ryuq7w8oGa2JRho7p63E 7 - �A�ť?�ʬ��$��J 8 - ��4�@�_��4pl| ��N�#�o"�Z��R��.�LF #^�J�?�_�\�{��0��eh0�vdqG�� 2 + -> ssh-ed25519 1uIO/w INMHGwSFnu9fRaG5Sweub4bMjSkRGyQ/IeMU50FYFxs 3 + 1fqZwY+KW4q4o1vNgmLup8DkzGurglx6Jc3uSqXyGsc 4 + -> ssh-ed25519 U0D80g C4rZguIlFOWqwark8zk+jubK43TVHx2VYeVy9jj1LDY 5 + mmxNDfRKS8uCBAHDAQ7TwVglvtzypbuVbqe9pyv0ER0 6 + --- L83vPP7SNMJPwfyl0qWephj2HxJPxSAcuOEKkoMunk0 7 + ��.F(�\�c:7l:� 8 + �dhAF��|'zf K��;�/�\u.�l�~��C�g5&[�;�o�JYw�0��>��a5�j

secrets/espanso-secrets.age

This is a binary file and will not be displayed.

+10 -10

secrets/frps-token.age

··· 1 1 age-encryption.org/v1 2 - -> ssh-ed25519 1uIO/w HVVwd1own0HsvfqhK6V6LoMV1d2XnQ8jldNueUth/0M 3 - 8rVQmIb6geTXN4mxsAxR4/+PLb+ftIeftaDuPn+hLLI 4 - -> ssh-ed25519 U0D80g gYRZkUv26xY38O99dXcVx2Exc9XjLdckq6lwhjKlDAg 5 - /mXRYYKEi/KaucDK1DDPglxAEGBJToJqcWXZHx2DIWQ 6 - -> ssh-ed25519 JCO7mw M0ZbhvP9SU7bHcH781mR61+9UKHsMUtINHNlQ96giGg 7 - Y7aJT2It2hnI/YditiDsJ1rebb4Y+IQ0dSOV53CfTso 8 - -> ssh-ed25519 KMKb6w IWXWK9vM8fWA9bj4MdzjJjjcFcTasdc69HPU5Q9VYEU 9 - mdUxLJH0e6pThXEWcAv1xQj/15UfKTFk/pd7QUj2s+0 10 - --- qkn/zcRiJLS/5kHQBsMFO7DcFmXu4u7QeQNj2r74G/U 11 - ��? �y- $��` �&I�ǽJ;?�K��GYL/*��g��bhfpZ]�f!�>�M�/��D��'��zh7@�eܫG��\�v��7 2 + -> ssh-ed25519 1uIO/w uBoDlvyHHLo4d6y0klCMvWV/3Yuq2O5dI4JPnBLTTmk 3 + Y5klXL2nmMopGqex8vanpwaAOksi+WwMiWkPeYM8WeM 4 + -> ssh-ed25519 U0D80g 6cyzMrnPGKx6MIY7NAZYkM+keZq75I+xoXc7TCEVNBE 5 + qyLCenr1wcVxJD+ZRZ28QyYsue+8/Ao7VpM50z5n4tc 6 + -> ssh-ed25519 JCO7mw CeYX4n95qw9rmlHvaQpimHINDyPyx5Pw1wSp74HqF2U 7 + 0rdo1snk+Wa0mJIQuOgHtfIn6dVzfk2f+5GkJpmJ+W8 8 + -> ssh-ed25519 KMKb6w o7N3/aB7JE14KXXDQtrbUv9FE7NJZCLX14llvDrWamE 9 + dhrvg1rFfrnbqOpIFCX4GSQ9y5vEikhT0ZoRGG7aefk 10 + --- 10fGNapHWktgTJJWH/1N5IkyhazZlX5EjeGTs6fy220 11 + ��e� ��W��+x�B�(u��Q��2d3p��^��Mg��J�e��հ�!��(�x�<:k'G)�i��օ|��G[_�yk�^ǡ��K�%��C

-11

secrets/github-token.age

··· 1 - age-encryption.org/v1 2 - -> ssh-ed25519 1uIO/w xqS+ysnc8U0DlUFC9pugRcHSsrfi+V1qxVeiKz4nkQg 3 - 9Fi0A8Gf/RP3Hv7nLo0HWYC1x81mka1udNjrGpRQo3w 4 - -> ssh-ed25519 U0D80g DObx/eqVzwzNKkQgQR36ketADcC5xROuFNXz5qGIWRA 5 - GNWSptUAG63fE1HJc2D+f90ZoqsRsuA/BesODUMZsls 6 - -> ssh-ed25519 JCO7mw jmoqh6ffN6hRNV4KqzkdLhf4X1u5YruGalZ/1FuKlEw 7 - luUH4w9u/vtCiWefCKC8xU8c2khhXg2eXbAdOYB+Lq4 8 - -> ssh-ed25519 KMKb6w VYEdeWGr9VIjghoyKa/HrBIWuUVIICOcc8qvJP6eFSI 9 - ZoPCVuvL1EzV3IEEJkKOtyTW84klJTDa1tiGfElDRrU 10 - --- AHeU+fQc12IgGE0QXT42wX8LduGSmx2B6IYhaKRoedg 11 - �2��^J�1=TG��H3��L@b��0��.�9g�Y��(��ID��I{��j�(1��m-рw�ؤٸ�,/�~��,F��BЃrdmO=�L^R٧+�zn&�'��K��

+11 -10

secrets/knot-secret.age

··· 1 1 age-encryption.org/v1 2 - -> ssh-ed25519 1uIO/w p2c7bFPYXolp0bcTIzwTX1mfM586C66AcRmLkf790zM 3 - iuj+omzTG+rsO4gBgo2gV+opIqvAlyOYs3irFcVPbCE 4 - -> ssh-ed25519 U0D80g psgAoqT1j8hfkncowSowkLob4yVVYXylF5Bzq27Sthc 5 - 5B3U62jQY0aGq8ZIL9dNZO8/VAjAMENHOdtMxQl4reU 6 - -> ssh-ed25519 JCO7mw j9UdWkJmeH1sEfXnQ4rM/3ldlGq5MncFqtpKLI+w9k8 7 - u77vOTswEggbwD5ainmWD1bqR+wlplHD/GgUdirZnfk 8 - -> ssh-ed25519 KMKb6w L7T2jV8K09TCPrEn8Abl5Ga+1nIprFiqPR6N6yMc9jQ 9 - MkeTY0LMh/8AIZWm/1Oyfv5Kt/bV2BxxcTv4/GDkOso 10 - --- FxORnFxvVyee45zKRQwpnfMLPZj5bisw96h3dMDTlMw 11 - Ο۬��l�Z�+�-�eW�A��C��#�H�0S�/Z�vCh��l�Ƕ�2�<��8� 5\E�87��̆!�m�w��{��^ ��|Q 2 + -> ssh-ed25519 1uIO/w DoImV39oK+XJoJHOjUKyPs/dYG7eWBmokJ494TBOyy8 3 + 4GoUTnfke8A2bjl61u7jBWGJWTNbHMcyV4A0wp9f/hw 4 + -> ssh-ed25519 U0D80g Gx474O7qc6kxfS6wlFH6DPxJaMEE6rzuNo+DbxranQ0 5 + ghOVmf4UsyfF1XiZltWUMXXdmMP6T/9TcBbHu2aJwqw 6 + -> ssh-ed25519 JCO7mw 9QAHeymZQ2wLh+K1bD1pMxiN02peZQmeiXDU6crojwI 7 + 4hAM75DCXcsEmCQXo2LKVDmdS/dpZGZWUpKs0rx/Ubk 8 + -> ssh-ed25519 KMKb6w D/lSgUC+/GKpbhevhq9T5k5Wj4YBoHk9iq7K2HzpCFQ 9 + CvCSbDV0RKiEyfgVfeTrEEstFPL3VqDiypXhFn/JhDk 10 + --- NJtdYJBlQA4OmcfROX7WuJJ6KWwUwpE4XSeK/LHrnYE 11 + ��6&!@�v�r��5Q� 12 + �u$�Y�~��U�߮a�"��0x��Ù�*�E�>w`N�Y�J�"��cu��1��|�t'(��q8��1p��Y�

secrets/knot-sync-github-token.age

This is a binary file and will not be displayed.

secrets/npmrc.age

This is a binary file and will not be displayed.

secrets/pds-mailer.age

This is a binary file and will not be displayed.

secrets/pds.age

This is a binary file and will not be displayed.

+5 -1

secrets/secrets.nix

··· 58 58 59 59 # GitHub token for knot-sync service 60 60 # Format: GITHUB_TOKEN=ghp_xxxxx 61 - "github-token.age".publicKeys = all; 61 + "knot-sync-github-token.age".publicKeys = all; 62 + 63 + # GitHub Personal Access Token for Claude Code MCP server 64 + # Format: ghp_xxxxx (just the token, no prefix) 65 + "claude-github-token.age".publicKeys = all; 62 66 63 67 # Atuin encryption key for sync 64 68 # Contains the raw encryption key for Atuin shell history sync

+10 -10

secrets/wakatime-api-key.age

··· 1 1 age-encryption.org/v1 2 - -> ssh-ed25519 1uIO/w 6LzFpPAvHkhf28qC0SSHm9fTIRvE1Ou76gz+PmOBsWE 3 - 50umTbF78g4H9hiTti4TMgO/h8rppBPp2tDoZr7IhzM 4 - -> ssh-ed25519 U0D80g F9rzESHEHElYrA0J8UmZKqiGKznnpvrv/0PT4bpnBXw 5 - U3clJgmtGpHEZXC4/DDEdvZpaA8YmAQ9MZ7hopuQu1c 6 - -> ssh-ed25519 JCO7mw ZcYD02Ua1bIFqfUjvJE7G6n6q2qrIy69R3PR4whevVo 7 - Ix2nl0YqbQweIya2ZMoJWyO8pwAVROR9iIcx7qKZpyw 8 - -> ssh-ed25519 KMKb6w R12EaPgTrZxyJ7yucgX2m283S3Z6BdhYg2oEwjUC9UA 9 - K7eNad+CqcqdVCsFK/jCzfDFPe47sgMaDBlsNKtk4Ds 10 - --- 95QNJSn/w0nWH9GjoHhGU6xmEC0D+hoaD4vZt7kebQ0 11 - Kx��e��~�q��~1~��ae��'aH5�gbn�wD��m##Ff5��夹��@�� 2 + -> ssh-ed25519 1uIO/w HWjYq0MX+qvcQ/dJPvolLwzfkQdNgoeYtD4t1mUIZBs 3 + wph2Ks6+onqpbxv/FJ77Itoxlv4t3NW5R/CkceaJ710 4 + -> ssh-ed25519 U0D80g JHqjXxeRDjV5/ZEr5zPzXIrkA6sTe35oN+NDbIBxdXA 5 + vdlmaOMIxYq73RjS/y5BN+0nUlxcirpYDkvpfgNXBuA 6 + -> ssh-ed25519 JCO7mw vi9BwccXTCxsS+bBEH4CQz6cm10Q/p4s1C0OivGPcww 7 + YBfIwuhLeIpsnY1q5RZa9kC27z6G1k47h/7semhYBoU 8 + -> ssh-ed25519 KMKb6w q9eD8/PzfDvHBgXpI4O/L2kfeVa5oDGddNAthPOJeT8 9 + reMjq5G81j5pEm6YBNV6Uo9OHcfE2S/XarrQNvVavJg 10 + --- dO9fA+7tAsAwKiWPDT9BA0wHaf0MQy9TlYT+R6ZxzfY 11 + �N��u�ymo��^&M|��w�/�=�P��:�W-�r%��9�ȯ�2nY��"G\��

secrets/wifi-passwords.age

This is a binary file and will not be displayed.