it seems to be doing better

secrets/test1.age

@@ -1,15 +0,0 @@
------BEGIN AGE ENCRYPTED FILE-----
-YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDd6MzN5USBKcmZV
-NGJQYmVUeVYrQ2JaV0lmMkhMUFN1S0Rwa29ZYU5FbFQwbWtMbWtnCitlZXlQYkZr
-TDViemxOaXUxYUhsYjM5WElBRno0UGF0OXc0Qys3WnlRc0UKLT4gc3NoLWVkMjU1
-MTkgSjkxOXNRIFg4K09yZS81YXhGeDJJUFArMVhHaHc5dzBTOGlEdXRqbk5lMmNN
-NUMyV1kKV2V3WGwzK2RESXhvR2VBMG9lY082SngxTGxXNU94Mys5aStaM1grNWR0
-OAotPiBzc2gtZWQyNTUxOSBlNmUwbFEgNGxJbGpKNUJ3YkhGbkhGdStIOE1oVVVy
-S1pJdTNpMGZtOWtHOGo4VjRENApEQWlBTkVEWEdVbE1CSGNUM1hlcnJjQWUxNU9V
-Z1ZxVExjaEdGazQwQ2dJCi0+IFduYm4ueC1ncmVhc2UgVkggNDI5fU1FIGInTgpB
-NzJuN01JU1REOE1Vc3U2NkdudjJNb2svVTgwTUdFSXNodjdQVWxraVAyMU5LTkw3
-SDQ3bXlYUnNjeERIVHArClFUY3gwK1pXTTVlSjh3YXFtVEVhY1VCRm1HTmsrQ25r
-cG5wbEZnbwotLS0gMG9mM0RjQ1NmMWlGSkRTMzZTbjBXRUcrVVdZa0g1dFJRaHJO
-b09HRTJrVQr7a6J+H3U+cSUTVgwj8kN/BvANiKufv5UsJTxwfZD3YT7K49O5OfR5
-/RXQwUU8GUM9b9BCkroA4fB1NJoU9pc=
------END AGE ENCRYPTED FILE-----

systems/_common/configuration.nix

@@ -1,4 +1,4 @@
-{ config, lib, pkgs, settings, ylib, ... } @ args:
+{ config, lib, pkgs, settings, ylib, ... } @ inputs:
 let
   home-manager = builtins.fetchTarball {
     url = "https://github.com/nix-community/home-manager/archive/release-23.11.tar.gz";
@@ -24,7 +24,7 @@ in
   security.polkit.enable = true;
   home-manager.useUserPackages = true;
   home-manager.useGlobalPkgs = true;
-  home-manager.extraSpecialArgs = { inherit settings; inherit ylib; inherit (args) ragenix; };
+  home-manager.extraSpecialArgs = { inherit settings; inherit ylib; inherit (inputs) ragenix; inherit (config) age; };
 
   # ==========
   #   Common

systems/_common/ragenix.nix

@@ -20,8 +20,8 @@ in
       #     (import secretsFile)
       # else { };
       {
-        test1 = {
-          file = /${settings.secretsDir}/test1.age;
+        nix2github = {
+          file = /${settings.secretsDir}/nix2github.age;
           owner = settings.user.username;
         };
       };

systems/gpdPocket3/configuration.nix

@@ -1,12 +1,11 @@
 { config, lib, pkgs, settings, ... } @ args:
-let
-  homeManagerUser = import "${settings.usersDir}/${settings.user.username}/home.nix";
-in
 {
   imports =
     [
       # Our custom stuff
       ./stupid-keyboard.nix
+      (settings.usersDir + "/root/configuration.nix")
+      (settings.usersDir + "/josh/configuration.nix")
     ];
 
   # Use the systemd-boot EFI boot loader.
@@ -88,20 +87,6 @@ in
     (nerdfonts.override { fonts = [ "JetBrainsMono" ]; })
   ];
 
-  users.users.root.initialPassword = "password1";
-  users.users.${settings.user.username} = {
-    initialPassword = "password1";
-    isNormalUser = true;
-    extraGroups = [ "wheel" "networkmanager" "video" "input" ];
-    shell = pkgs.zsh;
-  };
-  # TODO how to do this from home manager file instead
-  environment.pathsToLink = [ "/share/zsh" ];
-  programs.zsh = {
-    enable = true;
-  };
-  home-manager.users.${settings.user.username} = homeManagerUser;
-
   services.xserver.enable = true;
   services.xserver.displayManager.gdm.enable = true;
   services.xserver.desktopManager.gnome.enable = true;

users/_common/programs/ssh.nix

@@ -1,4 +1,4 @@
-{ lib, ... } @ args:
+{ lib, settings, age, pkgs, ... } @ args:
 {
   # We always want a standard ssh key-pair used for secret management, create it if not there.
   home.activation.generateSshKey = lib.hm.dag.entryAfter [ "writeBoundary" ] ''
@@ -21,7 +21,7 @@
     matchBlocks = {
       github = {
         hostname = "github.com";
-        identityFile = age.secrets.test1.file;
+        identityFile = age.secrets.nix2github.path;
       };
     };
   };

users/josh/configuration.nix

@@ -0,0 +1,32 @@
+{ config, lib, ylib, pkgs, settings, ... } @ args:
+{
+  users.users.${settings.user.username} = {
+    initialPassword = "password1";
+    isNormalUser = true;
+    extraGroups = [ "wheel" "networkmanager" "video" "input" ];
+    shell = pkgs.zsh;
+  };
+
+  # TODO how to do this from home manager file instead
+  environment.pathsToLink = [ "/share/zsh" ];
+  programs.zsh = {
+    enable = true;
+  };
+
+  home-manager.users.${settings.user.username} = {
+    imports =
+      # Common settings all users share
+      [ (settings.usersDir + "/_common/home.nix") ]
+      # User programs
+      ++ ylib.umport {
+        paths = [ ./programs ];
+        recursive = true;
+      }
+      # User theme
+      ++ ylib.umport {
+        paths = [ ./theme ];
+        recursive = true;
+      };
+  };
+} 
+

users/josh/home.nix

@@ -1,16 +0,0 @@
-{ settings, ylib, ... }:
-{
-  imports =
-    # Common settings all users share
-    [ (settings.usersDir + "/_common/home.nix") ]
-    # User programs
-    ++ ylib.umport {
-      paths = [ ./programs ];
-      recursive = true;
-    }
-    # User theme
-    ++ ylib.umport {
-      paths = [ ./theme ];
-      recursive = true;
-    };
-}

users/root/configuration.nix

@@ -0,0 +1,9 @@
+{ config, lib, pkgs, settings, ... } @ args:
+{
+  users.users.root = {
+    initialPassword = "password1";
+  };
+
+  ## TODO github ssh key... etc
+}
+