Add isServer option and conditionally enable Git signing

bin/actions/help.py

@@ -11,16 +11,18 @@ from helpers.functions import printfe, println, logo
 
 
 def main():
+    """Display help information."""
     # Print logo
     logo(continue_after=True)
 
     # Print help
     dotfiles_path = os.environ.get("DOTFILES_PATH", os.path.expanduser("~/.dotfiles"))
     try:
-        with open(f"{dotfiles_path}/bin/resources/help.txt", "r") as f:
+        with open(
+            f"{dotfiles_path}/bin/resources/help.txt", "r", encoding="utf-8"
+        ) as f:
             help_text = f.read()
-        print(help_text)
-    except Exception as e:
+    except OSError as e:
         printfe("red", f"Error reading help file: {e}")
         return 1
 

bin/actions/service.py

@@ -9,7 +9,7 @@ import argparse
 
 # Import helper functions
 sys.path.append(os.path.join(os.path.dirname(__file__), ".."))
-from helpers.functions import printfe, println, logo
+from helpers.functions import printfe, println
 
 # Base directory for Docker services $HOME/services
 SERVICES_DIR = os.path.join(os.path.expanduser("~"), ".services")
@@ -109,7 +109,8 @@ def cmd_stop(args):
         if protected_running:
             printfe(
                 "yellow",
-                f"Note: {', '.join(protected_running)} will not be stopped as they are protected services",
+                f"Note: {', '.join(protected_running)} will not be stopped "
+                "as they are protected services",
             )
 
         if not safe_services:
@@ -136,19 +137,18 @@ def cmd_stop(args):
         else:
             printfe("green", "\nAll running services stopped successfully")
             return 0
-    else:
-        # Check if trying to stop a protected service
-        if args.service in PROTECTED_SERVICES:
-            printfe(
-                "red",
-                f"Error: {args.service} is a protected service and cannot be stopped",
-            )
-            printfe(
-                "yellow",
-                f"The {args.service} service is required for other services to work properly",
-            )
-            return 1
-        return run_docker_compose(["down"], service_name=args.service)
+    # Check if trying to stop a protected service
+    if args.service in PROTECTED_SERVICES:
+        printfe(
+            "red",
+            f"Error: {args.service} is a protected service and cannot be stopped",
+        )
+        printfe(
+            "yellow",
+            f"The {args.service} service is required for other services to work properly",
+        )
+        return 1
+    return run_docker_compose(["down"], service_name=args.service)
 
 
 def cmd_restart(args):
@@ -208,15 +208,15 @@ def cmd_update(args):
         else:
             printfe("green", "\nAll running services updated successfully")
             return 0
-    else:
-        # The original single-service update logic
-        # First pull the latest images
-        pull_result = run_docker_compose(["pull"], service_name=args.service)
-        if pull_result != 0:
-            return pull_result
 
-        # Then bring the service up with the latest images
-        return run_docker_compose(["up", "-d"], service_name=args.service)
+    # The original single-service update logic
+    # First pull the latest images
+    pull_result = run_docker_compose(["pull"], service_name=args.service)
+    if pull_result != 0:
+        return pull_result
+
+    # Then bring the service up with the latest images
+    return run_docker_compose(["up", "-d"], service_name=args.service)
 
 
 def cmd_ps(args):
@@ -262,18 +262,27 @@ def get_systemd_timer_status(timer_name):
     """Check if a systemd timer is active and enabled, and get next run time"""
     # Check if timer is active (running/waiting)
     active_result = subprocess.run(
-        ["sudo", "systemctl", "is-active", timer_name], capture_output=True, text=True, check=False
+        ["sudo", "systemctl", "is-active", timer_name],
+        capture_output=True,
+        text=True,
+        check=False,
     )
 
     # Check if timer is enabled (will start on boot)
     enabled_result = subprocess.run(
-        ["sudo", "systemctl", "is-enabled", timer_name], capture_output=True, text=True, check=False
+        ["sudo", "systemctl", "is-enabled", timer_name],
+        capture_output=True,
+        text=True,
+        check=False,
     )
 
     # Check corresponding service status
     service_name = timer_name.replace(".timer", ".service")
     service_result = subprocess.run(
-        ["sudo", "systemctl", "is-active", service_name], capture_output=True, text=True, check=False
+        ["sudo", "systemctl", "is-active", service_name],
+        capture_output=True,
+        text=True,
+        check=False,
     )
 
     # Get next run time
@@ -297,7 +306,7 @@ def get_systemd_timer_status(timer_name):
     return is_active, is_enabled, next_run, service_status
 
 
-def cmd_list(args):
+def cmd_list(args):  # pylint: disable=unused-argument
     """List available Docker services and systemd services"""
     # Docker services section
     if not os.path.exists(SERVICES_DIR):
@@ -320,7 +329,10 @@ def cmd_list(args):
             is_running = container_count > 0
 
             if is_running:
-                status = f"[RUNNING - {container_count} container{'s' if container_count > 1 else ''}]"
+                status = (
+                    f"[RUNNING - {container_count} container"
+                    f"{'s' if container_count > 1 else ''}]"
+                )
                 color = "green"
             else:
                 status = "[STOPPED]"
@@ -360,6 +372,7 @@ def cmd_list(args):
 
 
 def main():
+    """Main entry point for managing Docker services."""
     parser = argparse.ArgumentParser(description="Manage Docker services")
     subparsers = parser.add_subparsers(dest="command", help="Command to run")
 

bin/actions/source.py

@@ -45,12 +45,12 @@ def main():
 
     # Generate the export commands
     exports = [
-        f'export BORG_REPO="/mnt/object_storage/borg-repo"',
+        'export BORG_REPO="/mnt/object_storage/borg-repo"',
         f'export BORG_PASSPHRASE="{passphrase}"',
-        f'export BORG_CACHE_DIR="/home/menno/.config/borg/cache"',
-        f'export BORG_CONFIG_DIR="/home/menno/.config/borg/config"',
-        f'export BORG_SECURITY_DIR="/home/menno/.config/borg/security"',
-        f'export BORG_KEYS_DIR="/home/menno/.config/borg/keys"',
+        'export BORG_CACHE_DIR="/home/menno/.config/borg/cache"',
+        'export BORG_CONFIG_DIR="/home/menno/.config/borg/config"',
+        'export BORG_SECURITY_DIR="/home/menno/.config/borg/security"',
+        'export BORG_KEYS_DIR="/home/menno/.config/borg/keys"',
     ]
 
     # Check if we're being eval'd (no arguments and stdout is a pipe)

bin/actions/update.py

@@ -351,7 +351,7 @@ def main():
                 str(jobs),
             ]
 
-            result = subprocess.run(cmd, env=env)
+            result = subprocess.run(cmd, env=env, check=False)
             if result.returncode != 0:
                 printfe("red", "Failed to upgrade Home Manager packages.")
                 return 1
@@ -419,9 +419,9 @@ def main():
 
         # Execute the Ansible command, passing password via stdin if available
         if sudo_password:
-            result = subprocess.run(ansible_cmd, input=sudo_password.encode("utf-8"))
+            result = subprocess.run(ansible_cmd, input=sudo_password.encode("utf-8"), check=False)
         else:
-            result = subprocess.run(ansible_cmd)
+            result = subprocess.run(ansible_cmd, check=False)
 
         if result.returncode != 0:
             printfe("red", "Failed to upgrade Ansible packages.")

bin/helpers/functions.py

@@ -1,5 +1,7 @@
 #!/usr/bin/env python3
 
+"""Helper functions for the dotfiles system."""
+
 import sys
 import subprocess
 import math
@@ -7,7 +9,6 @@ import random
 import shutil
 import datetime
 
-"""Helper functions for the dotfiles system."""
 
 try:
     import pyfiglet
@@ -173,7 +174,6 @@ def ensure_dependencies():
 
             printfe("green", "All dependencies have been processed")
             return True
-        else:
-            printfe("yellow", "Skipping dependency installation")
-            return False
+        printfe("yellow", "Skipping dependency installation")
+        return False
     return True

config/git.nix

@@ -12,7 +12,9 @@
     # Basic configuration
     userName = "Menno van Leeuwen";
     userEmail = "menno@vleeuwen.me";
-    signingKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM+sKpcREOUjwMMSzEWAso6830wbOi8kUxqpuXWw5gHr";
+    signing = lib.mkIf (!config.isServer) {
+      key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM+sKpcREOUjwMMSzEWAso6830wbOi8kUxqpuXWw5gHr";
+    };
 
     # Git settings
     extraConfig = {
@@ -84,14 +86,14 @@
       };
 
       # Security
-      gpg = {
+      gpg = lib.mkIf (!config.isServer) {
         format = "ssh";
         ssh = {
           program = "/opt/1Password/op-ssh-sign";
         };
       };
 
-      commit = {
+      commit = lib.mkIf (!config.isServer) {
         gpgsign = true;
       };
 

home.nix

@@ -1,16 +1,17 @@
 {
   config,
+  lib,
   isServer ? false,
   opnix,
   ...
 }:
 
 {
-  programs.home-manager.enable = true;
-
-  nixpkgs.config = {
-    allowUnfree = true;
-    allowUnfreePredicate = pkg: true;
+  options = {
+    isServer = lib.mkOption {
+      type = lib.types.bool;
+      default = false;
+    };
   };
 
   imports = [
@@ -31,12 +32,23 @@
       ]
   );
 
-  home = {
-    username = "menno";
-    homeDirectory = "/home/menno";
-    stateVersion = "25.05";
-    sessionVariables = {
-      PATH = "${config.home.homeDirectory}/go/bin:$PATH";
+  config = {
+    isServer = isServer;
+
+    programs.home-manager.enable = true;
+
+    nixpkgs.config = {
+      allowUnfree = true;
+      allowUnfreePredicate = pkg: true;
+    };
+
+    home = {
+      username = "menno";
+      homeDirectory = "/home/menno";
+      stateVersion = "25.05";
+      sessionVariables = {
+        PATH = "${config.home.homeDirectory}/go/bin:$PATH";
+      };
     };
   };
 }