From f502810dae595fcef3a73bd9930cd54a9f394482 Mon Sep 17 00:00:00 2001
From: Mohammad Rafiq <rafiq@rrv.sh>
Date: Mon, 14 Jul 2025 19:09:16 +0800
Subject: [PATCH 1/3] fix(darwin): put aichat config in right place for darwin

---
 nix/homes/rafiq/darwin.nix | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)
 create mode 100644 nix/homes/rafiq/darwin.nix

diff --git a/nix/homes/rafiq/darwin.nix b/nix/homes/rafiq/darwin.nix
new file mode 100644
index 0000000..873dbcd
--- /dev/null
+++ b/nix/homes/rafiq/darwin.nix
@@ -0,0 +1,21 @@
+{ lib, ... }:
+let
+  inherit (lib.modules) mkIf;
+in
+{
+  flake.modules.homeManager.rafiq =
+    {
+      pkgs,
+      config,
+      hostName,
+      hostConfig,
+      ...
+    }:
+    mkIf (pkgs.system == "aarch64-darwin" || pkgs.system == "x86_64-darwin") {
+      home.file."Library/Application Support/aichat/config.yaml".text = ''
+        model: gemini:gemini-2.0-flash
+        clients:
+        - type: gemini
+      '';
+    };
+}

From 79b83cfc709fc693cdf5d4e6c97d916cf6e6c3ac Mon Sep 17 00:00:00 2001
From: Mohammad Rafiq <rafiq@rrv.sh>
Date: Mon, 14 Jul 2025 19:16:37 +0800
Subject: [PATCH 2/3] feat(secrets): Add darwin sops config and gemini key
 access

---
 nix/modules/system/secrets.nix | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/nix/modules/system/secrets.nix b/nix/modules/system/secrets.nix
index fa2913c..7b75ed1 100644
--- a/nix/modules/system/secrets.nix
+++ b/nix/modules/system/secrets.nix
@@ -30,6 +30,21 @@ in
           '';
       };
     };
+  flake.modules.darwin.default =
+    { config, ... }:
+    {
+      imports = [ inputs.sops-nix.darwinModules.sops ];
+      config = {
+        sops = {
+          age.sshKeyPaths = [ "${config.users.users.${username}.home}/.ssh/id_ed25519" ];
+          secrets."keys/gemini".sopsFile = secrets + "/keys.yaml";
+        };
+        environment.shellInit = # sh
+          ''
+            export GEMINI_API_KEY=$(sudo cat ${config.sops.secrets."keys/gemini".path})
+          '';
+      };
+    };
   flake.modules.homeManager.default.persistDirs = [ ".config/sops/age" ];
   perSystem =
     { pkgs, ... }:

From 343f3d481f7fab97726e93c22cf4f0403a31d5e9 Mon Sep 17 00:00:00 2001
From: Mohammad Rafiq <rafiq@rrv.sh>
Date: Mon, 14 Jul 2025 19:19:02 +0800
Subject: [PATCH 3/3] feat(sudo): configure sudo with nix modules

---
 nix/modules/system/sudo.nix | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/nix/modules/system/sudo.nix b/nix/modules/system/sudo.nix
index 55b32ee..ec974cc 100644
--- a/nix/modules/system/sudo.nix
+++ b/nix/modules/system/sudo.nix
@@ -8,9 +8,12 @@ in
     nix.settings.trusted-users = [ "@wheel" ];
     users.users.${cfg.admin.username}.extraGroups = [ "wheel" ];
   };
-  flake.modules.darwin.default.security.pam.services.sudo_local = {
-    enable = true;
-    reattach = true;
-    touchIdAuth = true;
+  flake.modules.darwin.default.security = {
+    sudo.extraConfig = "%admin          ALL = (ALL) NOPASSWD: ALL";
+    pam.services.sudo_local = {
+      enable = true;
+      reattach = true;
+      touchIdAuth = true;
+    };
   };
 }