diff --git a/.envrc b/.envrc index aa21f582..7570e240 100644 --- a/.envrc +++ b/.envrc @@ -2,4 +2,6 @@ if [[ $(id -un) = kat ]]; then export TRUSTED=1 fi +export HOME_HOSTNAME=$(hostname -s) + use nix diff --git a/darwin/base/fonts.nix b/darwin/base/fonts.nix new file mode 100644 index 00000000..23d42fb1 --- /dev/null +++ b/darwin/base/fonts.nix @@ -0,0 +1,5 @@ +{ config, ... }: { + fonts = { + fontDir.enable = true; + }; +} diff --git a/darwin/base/gpg.nix b/darwin/base/gpg.nix new file mode 100644 index 00000000..579dfa34 --- /dev/null +++ b/darwin/base/gpg.nix @@ -0,0 +1,6 @@ +{ config, ... }: { + programs.gnupg.agent = { + enable = true; + enableSSHSupport = true; + }; +} diff --git a/darwin/base/homebrew.nix b/darwin/base/homebrew.nix index d6968d3f..70dd9a68 100644 --- a/darwin/base/homebrew.nix +++ b/darwin/base/homebrew.nix @@ -1,5 +1,9 @@ { config, ... }: { homebrew = { enable = true; + cleanup = "zap"; + brews = [ + "mas" + ]; }; } diff --git a/darwin/base/nix.nix b/darwin/base/nix.nix index 37b21ce9..021b8eff 100644 --- a/darwin/base/nix.nix +++ b/darwin/base/nix.nix @@ -12,6 +12,8 @@ experimental-features = nix-command flakes keep-derivations = true keep-outputs = true + extra-platforms = x86_64-darwin aarch64-darwin + builders-use-substitutes = true ''; }; } diff --git a/darwin/base/system.nix b/darwin/base/system.nix new file mode 100644 index 00000000..16fed093 --- /dev/null +++ b/darwin/base/system.nix @@ -0,0 +1,43 @@ +{ config, ... }: { + services.activate-system.enable = true; + + system = { + defaults = { + SoftwareUpdate.AutomaticallyInstallMacOSUpdates = true; + NSGlobalDomain = { + AppleInterfaceStyleSwitchesAutomatically = true; + AppleShowAllFiles = true; + AppleShowAllExtensions = true; + }; + dock = { + autohide = true; + orientation = "left"; + tilesize = 32; + wvous-tl-corner = 1; + wvous-tr-corner = 10; + wvous-bl-corner = 4; + wvous-br-corner = 14; + }; + finder = { + CreateDesktop = false; + ShowPathbar = true; + ShowStatusBar = true; + AppleShowAllFiles = true; + AppleShowAllExtensions = true; + }; + loginwindow = { + GuestEnabled = false; + }; + }; + keyboard = { + enableKeyMapping = true; + remapCapsLockToControl = true; + userKeyMapping = [ + { + HIDKeyboardModifierMappingSrc = 30064771129; + HIDKeyboardModifierMappingDst = 30064771299; + } + ]; + }; + }; +} diff --git a/darwin/systems/sumireko.nix b/darwin/systems/sumireko.nix index 4b9c175f..85375dd5 100644 --- a/darwin/systems/sumireko.nix +++ b/darwin/systems/sumireko.nix @@ -15,10 +15,19 @@ "firefox" "telegram" "discord" + "utm" + "mullvadvpn" + "bitwarden" ]; + masApps = { + Tailscale = 1475387142; + }; }; environment.systemPackages = with pkgs; [ + terraform + yt-dlp + k2tf awscli jq ]; diff --git a/devShell.nix b/devShell.nix index f79583d0..4d6d6510 100644 --- a/devShell.nix +++ b/devShell.nix @@ -35,7 +35,6 @@ let fi ''; sumireko-apply = pkgs.writeShellScriptBin "sumireko-apply" '' - nix build ${toString ./.}#darwinConfigurations.sumireko.system darwin-rebuild switch --flake ${toString ./.}#sumireko ''; in @@ -47,7 +46,7 @@ pkgs.mkShell { nf-update sumireko-apply ] ++ config.runners.lazy.nativeBuildInputs - ++ lib.optional (builtins.getEnv "TRUSTED" != "") (pkgs.writeShellScriptBin "bitw" ''${pkgs.rbw-bitw}/bin/bitw -p gpg://${config.network.nodes.nixos.koishi.kw.secrets.repo.bitw.source} "$@"'') + ++ lib.optional (builtins.getEnv "TRUSTED" != "") (pkgs.writeShellScriptBin "bitw" ''${pkgs.rbw-bitw}/bin/bitw -p gpg://${config.network.nodes.${pkgs.hostPlatform.parsed.kernel.name}.${builtins.getEnv "HOME_HOSTNAME"}.kw.secrets.repo.bitw.source} "$@"'') ++ (map (node: writeShellScriptBin "${node.networking.hostName}-sd-img" '' nix build -f . network.nodes.${node.networking.hostName}.system.build.sdImage --show-trace @@ -59,7 +58,6 @@ pkgs.mkShell { '') (builtins.filter (node: node.system.build ? isoImage) (attrValues meta.network.nodes.nixos))); shellHook = '' - export HOME_HOSTNAME=$(hostname -s) export NIX_BIN_DIR=${pkgs.nix}/bin export HOME_UID=$(id -u) export HOME_USER=$(id -un) diff --git a/flake.lock b/flake.lock index c7030d36..5c81dec9 100644 --- a/flake.lock +++ b/flake.lock @@ -133,11 +133,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1657356697, - "narHash": "sha256-sT38tcx7m0Quz+Uj6jzx+yRa2+EVW2C3cE0FkROXUzQ=", + "lastModified": 1657447684, + "narHash": "sha256-FCP9AuU1q6PE3vOeM5SFf58f/UKPBAsoSGDUGamNBbo=", "owner": "nixos", "repo": "nixpkgs", - "rev": "87e7965bbcdbac3d103e3ed14ff04f719a4f7a58", + "rev": "5f43d8b088d3771274bcfb69d3c7435b1121ac88", "type": "github" }, "original": { @@ -149,11 +149,11 @@ }, "nur": { "locked": { - "lastModified": 1657458605, - "narHash": "sha256-WAoPHlCNTV/yXLF72D7vj+gk1yjfNBM3PmZ61sCT4co=", + "lastModified": 1657535550, + "narHash": "sha256-8WwxmlXe6o1Ob8rQan8R1H1NKSNaxqRuIuIU5RVhyd4=", "owner": "nix-community", "repo": "nur", - "rev": "fe1f99449c93be772b31de520eebaee6feb8717e", + "rev": "f0faa262c28384df0c00ec2c64e8031c4fbd0a61", "type": "github" }, "original": { @@ -181,11 +181,11 @@ "tf-nix": { "flake": false, "locked": { - "lastModified": 1655220817, - "narHash": "sha256-5eYqmPN1KuBz8ZNnIJPpRDeQDMOuS/kFpLGNld2G0is=", + "lastModified": 1657549622, + "narHash": "sha256-gIoMfy8Roq4hh2BBL3Hd8Z+FsPtC4bGAcS/yttuahwg=", "owner": "arcnmx", "repo": "tf-nix", - "rev": "cd7c31d794a2d6992394ce4fa8b1157f8a88c349", + "rev": "c99cf454785d57cb430ae09c3327a0b619e2eed1", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index edbbc924..8fdf760e 100644 --- a/flake.nix +++ b/flake.nix @@ -14,9 +14,10 @@ url = "github:kittywitch/home-manager/master"; inputs.nixpkgs.follows = "nixpkgs"; }; - nur.url = "github:nix-community/nur/master"; - darwin.url = "github:lnl7/nix-darwin/master"; - darwin.inputs.nixpkgs.follows = "nixpkgs"; + darwin = { + url = "github:lnl7/nix-darwin/master"; + inputs.nixpkgs.follows = "nixpkgs"; + }; nix-dns = { url = "github:kirelagin/nix-dns/master"; inputs.nixpkgs.follows = "nixpkgs"; @@ -26,7 +27,6 @@ url = "github:arcnmx/tf-nix/master"; flake = false; }; - flake-utils.url = "github:numtide/flake-utils"; trusted = { url = "path:./flake/empty/."; flake = false; @@ -35,14 +35,16 @@ url = "github:edolstra/flake-compat"; flake = false; }; + nur.url = "github:nix-community/nur/master"; + flake-utils.url = "github:numtide/flake-utils"; }; outputs = { self, nixpkgs, flake-utils, ... }@inputs: let providedSystems = flake-utils.lib.eachDefaultSystem (system: rec { - devShells.default = import ./devShell.nix { inherit inputs system; }; - legacyPackages = import ./outputs.nix { inherit inputs system; }; + devShells.default = import ./devShell.nix { inherit system inputs; }; + legacyPackages = import ./outputs.nix { inherit system inputs; }; }); in providedSystems // { nixosConfigurations = self.legacyPackages.x86_64-linux.network.nodes.nixos; diff --git a/flake/trusted/flake.lock b/flake/trusted/flake.lock index df8414fe..da62207f 100644 --- a/flake/trusted/flake.lock +++ b/flake/trusted/flake.lock @@ -153,12 +153,12 @@ }, "locked": { "lastModified": 0, - "narHash": "sha256-omII+uAnixAdmjVSOtnvoSFMGG7nNW1Va6/YHMcpg14=", - "path": "/nix/store/6hxbwkay3q04zpnbkr811zn5v9sbvdwk-source", + "narHash": "sha256-5QiIP+KsR91bepdNbtT8KZ0xDetXgZ2Jwu8GsXEbEtA=", + "path": "/nix/store/gzp4k7vdi50xil3fakkxgz58ni45brjn-source", "type": "path" }, "original": { - "path": "/nix/store/6hxbwkay3q04zpnbkr811zn5v9sbvdwk-source", + "path": "/nix/store/gzp4k7vdi50xil3fakkxgz58ni45brjn-source", "type": "path" } }, diff --git a/home/shell/zsh.nix b/home/shell/zsh.nix index b102cbf3..eb2f1dac 100644 --- a/home/shell/zsh.nix +++ b/home/shell/zsh.nix @@ -36,7 +36,7 @@ "listrowsfirst" ]; in '' - ${if lib.hasSuffix "linux" pkgs.stdenv.system then '' + ${if pkgs.hostPlatform.isLinux then '' eval $(dircolors) '' else '' ''} @@ -72,7 +72,7 @@ dmesg = "dmesg -HP"; hg = "history 0 | rg"; } - (lib.mkIf (lib.hasSuffix "linux" pkgs.stdenv.system) { + (lib.mkIf pkgs.hostPlatform.isLinux { sys = "systemctl"; sysu = "systemctl --user"; walls = "journalctl _SYSTEMD_INVOCATION_ID=$(systemctl show -p InvocationID --value konawall.service --user) -o json | jq -r '.MESSAGE'"; diff --git a/meta.nix b/meta.nix index 41db74b0..abaaa1d0 100644 --- a/meta.nix +++ b/meta.nix @@ -8,7 +8,7 @@ kw.secrets.command = let - bitw = pkgs.writeShellScriptBin "bitw" ''${pkgs.rbw-bitw}/bin/bitw -p gpg://${config.network.nodes.${builtins.getEnv "HOME_HOSTNAME"}.kw.secrets.repo.bitw.source} "$@"''; + bitw = pkgs.writeShellScriptBin "bitw" ''${pkgs.rbw-bitw}/bin/bitw -p gpg://${config.network.nodes.${pkgs.hostPlatform.parsed.kernel.name}.${builtins.getEnv "HOME_HOSTNAME"}.kw.secrets.repo.bitw.source} "$@"''; in "${bitw}/bin/bitw get"; diff --git a/modules/meta/network.nix b/modules/meta/network.nix index 96da0a30..83ddbabb 100644 --- a/modules/meta/network.nix +++ b/modules/meta/network.nix @@ -50,7 +50,7 @@ with lib; }; config = { nixpkgs = { - system = mkDefault pkgs.system; + system = mkDefault "x86_64-linux"; pkgs = let pkgsReval = import pkgs.path { @@ -94,10 +94,12 @@ with lib; darwinType = let baseModules = import (config.network.darwin.modulesPath + "/module-list.nix"); + flakeModule = (config.network.darwin.modulesPath + "/system/flake-overrides.nix"); in types.submoduleWith { modules = baseModules ++ singleton darwinModule + ++ singleton flakeModule ++ config.network.darwin.extraModules; specialArgs = { @@ -116,6 +118,8 @@ with lib; extraModules = [ inputs.home-manager.darwinModules.home-manager meta.modules.darwin + meta.modules.system + meta.system ]; specialArgs = { inherit (config.network) nodes; @@ -126,6 +130,8 @@ with lib; extraModules = [ inputs.home-manager.nixosModules.home-manager meta.modules.nixos + meta.modules.system + meta.system ]; specialArgs = { inherit (config.network) nodes; diff --git a/nixos/base/locale.nix b/nixos/base/locale.nix index a22fa2ab..12ded209 100644 --- a/nixos/base/locale.nix +++ b/nixos/base/locale.nix @@ -4,8 +4,13 @@ fonts.fonts = [ pkgs.tamzen ]; - i18n.defaultLocale = "en_GB.UTF-8"; - time.timeZone = "Europe/London"; + i18n = { + defaultLocale = "en_CA.UTF-8"; + supportedLocales = [ + "en_CA.UTF-8/UTF-8" + "en_GB.UTF-8/UTF-8" + ]; + }; console = { packages = [ pkgs.tamzen ]; keyMap = "uk"; diff --git a/nixos/gui/fonts.nix b/nixos/gui/fonts.nix index ce1bd942..6c0e4417 100644 --- a/nixos/gui/fonts.nix +++ b/nixos/gui/fonts.nix @@ -14,12 +14,4 @@ }; }; }; - - fonts.fonts = with pkgs; [ - cantarell-fonts - emacs-all-the-icons-fonts - font-awesome - cozette - twitter-color-emoji - ] ++ map (variant: iosevka-bin.override { inherit variant; } ) [ "" "ss10" "aile" ]; } diff --git a/outputs.nix b/outputs.nix index c93d3bef..b540723a 100644 --- a/outputs.nix +++ b/outputs.nix @@ -4,9 +4,18 @@ pkgs = import ./overlays { inherit inputs system; }; inherit (pkgs) lib; + patchedInputs = inputs // { darwin = pkgs.applyPatches { + name = "darwin"; + src = inputs.darwin; + patches = [ (pkgs.fetchpatch { + url = "https://patch-diff.githubusercontent.com/raw/LnL7/nix-darwin/pull/310.patch"; + sha256 = "sha256-drnLOhF8JGXx8YY7w1PD2arUZvbqafWPTatQNTHt+QI="; + }) ]; + }; }; + mkTree = import ./tree.nix { inherit lib; }; localTree = mkTree { - inherit inputs; + inputs = patchedInputs; folder = ./.; config = { "/" = { @@ -28,28 +37,28 @@ (inputs.tf-nix + "/modules/nixos/secrets.nix") (inputs.tf-nix + "/modules/nixos/secrets-users.nix") ] ++ (with (import (inputs.arcexprs + "/modules")).nixos; [ - nix - systemd - dht22-exporter - glauth - modprobe - kernel - crypttab - mutable-state - common-root - pulseaudio - wireplumber - alsa - yggdrasil - bindings - matrix-appservices - matrix-synapse-appservices - display - filebin - mosh - base16 base16-shared - doc-warnings - ]); + nix + systemd + dht22-exporter + glauth + modprobe + kernel + crypttab + mutable-state + common-root + pulseaudio + wireplumber + alsa + yggdrasil + bindings + matrix-appservices + matrix-synapse-appservices + display + filebin + mosh + base16 base16-shared + doc-warnings + ]); }; }; "modules/home" = { @@ -62,6 +71,7 @@ }; }; "modules/darwin".functor.enable = true; + "modules/system".functor.enable = true; "modules/meta".functor.enable = true; "nixos/systems".functor.enable = false; "darwin/systems".functor.enable = false; @@ -71,6 +81,7 @@ "darwin/*".functor = { enable = true; }; + "system".functor.enable = true; "hardware".evaluateDefault = true; "nixos/cross".evaluateDefault = true; "hardware/*".evaluateDefault = true; @@ -80,7 +91,7 @@ }; }; trustedTree = mkTree { - inherit inputs; + inputs = patchedInputs; folder = inputs.trusted; config = { "secrets".evaluateDefault = true; @@ -104,34 +115,35 @@ eval = let nixosNodes = (map - (node: { - network.nodes.nixos.${node} = { - imports = config.lib.kw.nixosImport node; - networking = { - hostName = node; - }; + (node: { + network.nodes.nixos.${node} = { + imports = config.lib.kw.nixosImport node; + networking = { + hostName = node; }; - }) - (lib.attrNames nixfiles.nixos.systems)); + }; + }) + (lib.attrNames nixfiles.nixos.systems)); darwinNodes = (map - (node: { - network.nodes.darwin.${node} = { - imports = config.lib.kw.darwinImport node; - networking = { - hostName = node; - }; + (node: { + network.nodes.darwin.${node} = { + imports = config.lib.kw.darwinImport node; + networking = { + hostName = node; }; - }) - (lib.attrNames nixfiles.darwin.systems)); + }; + }) + (lib.attrNames nixfiles.darwin.systems)); in lib.evalModules { modules = lib.singleton metaBase - ++ lib.singleton nixfiles.modules.meta - ++ lib.attrValues nixfiles.targets - ++ nixosNodes - ++ darwinNodes; + ++ lib.singleton nixfiles.modules.meta + ++ lib.attrValues nixfiles.targets + ++ nixosNodes + ++ darwinNodes; specialArgs = { - inherit inputs root tree; + inherit root tree; + inputs = patchedInputs; meta = self; } // nixfiles; }; @@ -139,6 +151,6 @@ inherit (eval) config; - self = config // { inherit pkgs lib inputs tree; } // nixfiles; + self = config // { inherit pkgs lib tree; inputs = patchedInputs; } // nixfiles; in -self + self diff --git a/system/fonts.nix b/system/fonts.nix new file mode 100644 index 00000000..3782bb27 --- /dev/null +++ b/system/fonts.nix @@ -0,0 +1,7 @@ +{ config, pkgs, ... }: { + fonts.fonts = with pkgs; [ + cantarell-fonts + font-awesome + cozette + ] ++ map (variant: iosevka-bin.override { inherit variant; } ) [ "" "ss10" "aile" ]; +} diff --git a/system/secrets.nix b/system/secrets.nix new file mode 100644 index 00000000..1cbcd1d2 --- /dev/null +++ b/system/secrets.nix @@ -0,0 +1,5 @@ +{ config, meta, inputs, lib, pkgs, ... }: + +{ + imports = lib.optional (meta.trusted ? secrets) meta.trusted.secrets; +} diff --git a/system/time.nix b/system/time.nix new file mode 100644 index 00000000..0c870ba2 --- /dev/null +++ b/system/time.nix @@ -0,0 +1,3 @@ +{ config, ... }: { + time.timeZone = "America/Vancouver"; +}