gensokyo-zone/infrastructure
1
0
Fork 0
mirror of https://github.com/gensokyo-zone/infrastructure.git synced 2026-02-09 12:29:19 -08:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat: darwin configuration, LnL7/nix-darwin#310 patch

Browse source
This commit is contained in:
Kat Inskip 2022-07-11 10:43:50 -07:00
parent 6e1080ad2c
commit 2e98ec90e0
Signed by: kat
GPG key ID: 465E64DECEA8CF0F
20 changed files with 183 additions and 82 deletions
Download patch file Download diff file Expand all files Collapse all files

2
.envrc
View file

@ -2,4 +2,6 @@ if [[ $(id -un) = kat ]]; then
export TRUSTED=1 export TRUSTED=1
fi fi
export HOME_HOSTNAME=$(hostname -s)
use nix use nix

5
darwin/base/fonts.nix Normal file
View file

@ -0,0 +1,5 @@
{ config, ... }: {
fonts = {
fontDir.enable = true;
};
}

6
darwin/base/gpg.nix Normal file
View file

@ -0,0 +1,6 @@
{ config, ... }: {
programs.gnupg.agent = {
enable = true;
enableSSHSupport = true;
};
}

4
darwin/base/homebrew.nix
View file

@ -1,5 +1,9 @@
{ config, ... }: { { config, ... }: {
homebrew = { homebrew = {
enable = true; enable = true;
cleanup = "zap";
brews = [
"mas"
];
}; };
} }

2
darwin/base/nix.nix
View file

@ -12,6 +12,8 @@
experimental-features = nix-command flakes experimental-features = nix-command flakes
keep-derivations = true keep-derivations = true
keep-outputs = true keep-outputs = true
extra-platforms = x86_64-darwin aarch64-darwin
builders-use-substitutes = true
''; '';
}; };
} }

43
darwin/base/system.nix Normal file
View file

@ -0,0 +1,43 @@
{ config, ... }: {
services.activate-system.enable = true;
system = {
defaults = {
SoftwareUpdate.AutomaticallyInstallMacOSUpdates = true;
NSGlobalDomain = {
AppleInterfaceStyleSwitchesAutomatically = true;
AppleShowAllFiles = true;
AppleShowAllExtensions = true;
};
dock = {
autohide = true;
orientation = "left";
tilesize = 32;
wvous-tl-corner = 1;
wvous-tr-corner = 10;
wvous-bl-corner = 4;
wvous-br-corner = 14;
};
finder = {
CreateDesktop = false;
ShowPathbar = true;
ShowStatusBar = true;
AppleShowAllFiles = true;
AppleShowAllExtensions = true;
};
loginwindow = {
GuestEnabled = false;
};
};
keyboard = {
enableKeyMapping = true;
remapCapsLockToControl = true;
userKeyMapping = [
{
HIDKeyboardModifierMappingSrc = 30064771129;
HIDKeyboardModifierMappingDst = 30064771299;
}
];
};
};
}

9
darwin/systems/sumireko.nix
View file

@ -15,10 +15,19 @@
"firefox" "firefox"
"telegram" "telegram"
"discord" "discord"
"utm"
"mullvadvpn"
"bitwarden"
]; ];
masApps = {
Tailscale = 1475387142;
};
}; };
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
terraform
yt-dlp
k2tf
awscli awscli
jq jq
]; ];

4
devShell.nix
View file

@ -35,7 +35,6 @@ let
fi fi
''; '';
sumireko-apply = pkgs.writeShellScriptBin "sumireko-apply" '' sumireko-apply = pkgs.writeShellScriptBin "sumireko-apply" ''
nix build ${toString ./.}#darwinConfigurations.sumireko.system
darwin-rebuild switch --flake ${toString ./.}#sumireko darwin-rebuild switch --flake ${toString ./.}#sumireko
''; '';
in in
@ -47,7 +46,7 @@ pkgs.mkShell {
nf-update nf-update
sumireko-apply sumireko-apply
] ++ config.runners.lazy.nativeBuildInputs ] ++ config.runners.lazy.nativeBuildInputs
++ lib.optional (builtins.getEnv "TRUSTED" != "") (pkgs.writeShellScriptBin "bitw" ''${pkgs.rbw-bitw}/bin/bitw -p gpg://${config.network.nodes.nixos.koishi.kw.secrets.repo.bitw.source} "$@"'') ++ lib.optional (builtins.getEnv "TRUSTED" != "") (pkgs.writeShellScriptBin "bitw" ''${pkgs.rbw-bitw}/bin/bitw -p gpg://${config.network.nodes.${pkgs.hostPlatform.parsed.kernel.name}.${builtins.getEnv "HOME_HOSTNAME"}.kw.secrets.repo.bitw.source} "$@"'')
++ (map ++ (map
(node: writeShellScriptBin "${node.networking.hostName}-sd-img" '' (node: writeShellScriptBin "${node.networking.hostName}-sd-img" ''
nix build -f . network.nodes.${node.networking.hostName}.system.build.sdImage --show-trace nix build -f . network.nodes.${node.networking.hostName}.system.build.sdImage --show-trace
@ -59,7 +58,6 @@ pkgs.mkShell {
'') '')
(builtins.filter (node: node.system.build ? isoImage) (attrValues meta.network.nodes.nixos))); (builtins.filter (node: node.system.build ? isoImage) (attrValues meta.network.nodes.nixos)));
shellHook = '' shellHook = ''
export HOME_HOSTNAME=$(hostname -s)
export NIX_BIN_DIR=${pkgs.nix}/bin export NIX_BIN_DIR=${pkgs.nix}/bin
export HOME_UID=$(id -u) export HOME_UID=$(id -u)
export HOME_USER=$(id -un) export HOME_USER=$(id -un)

18
flake.lock generated
View file

@ -133,11 +133,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1657356697, "lastModified": 1657447684,
"narHash": "sha256-sT38tcx7m0Quz+Uj6jzx+yRa2+EVW2C3cE0FkROXUzQ=", "narHash": "sha256-FCP9AuU1q6PE3vOeM5SFf58f/UKPBAsoSGDUGamNBbo=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "87e7965bbcdbac3d103e3ed14ff04f719a4f7a58", "rev": "5f43d8b088d3771274bcfb69d3c7435b1121ac88",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -149,11 +149,11 @@
}, },
"nur": { "nur": {
"locked": { "locked": {
"lastModified": 1657458605, "lastModified": 1657535550,
"narHash": "sha256-WAoPHlCNTV/yXLF72D7vj+gk1yjfNBM3PmZ61sCT4co=", "narHash": "sha256-8WwxmlXe6o1Ob8rQan8R1H1NKSNaxqRuIuIU5RVhyd4=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nur", "repo": "nur",
"rev": "fe1f99449c93be772b31de520eebaee6feb8717e", "rev": "f0faa262c28384df0c00ec2c64e8031c4fbd0a61",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -181,11 +181,11 @@
"tf-nix": { "tf-nix": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1655220817, "lastModified": 1657549622,
"narHash": "sha256-5eYqmPN1KuBz8ZNnIJPpRDeQDMOuS/kFpLGNld2G0is=", "narHash": "sha256-gIoMfy8Roq4hh2BBL3Hd8Z+FsPtC4bGAcS/yttuahwg=",
"owner": "arcnmx", "owner": "arcnmx",
"repo": "tf-nix", "repo": "tf-nix",
"rev": "cd7c31d794a2d6992394ce4fa8b1157f8a88c349", "rev": "c99cf454785d57cb430ae09c3327a0b619e2eed1",
"type": "github" "type": "github"
}, },
"original": { "original": {

14
flake.nix
View file

@ -14,9 +14,10 @@
url = "github:kittywitch/home-manager/master"; url = "github:kittywitch/home-manager/master";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
nur.url = "github:nix-community/nur/master"; darwin = {
darwin.url = "github:lnl7/nix-darwin/master"; url = "github:lnl7/nix-darwin/master";
darwin.inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
};
nix-dns = { nix-dns = {
url = "github:kirelagin/nix-dns/master"; url = "github:kirelagin/nix-dns/master";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
@ -26,7 +27,6 @@
url = "github:arcnmx/tf-nix/master"; url = "github:arcnmx/tf-nix/master";
flake = false; flake = false;
}; };
flake-utils.url = "github:numtide/flake-utils";
trusted = { trusted = {
url = "path:./flake/empty/."; url = "path:./flake/empty/.";
flake = false; flake = false;
@ -35,14 +35,16 @@
url = "github:edolstra/flake-compat"; url = "github:edolstra/flake-compat";
flake = false; flake = false;
}; };
nur.url = "github:nix-community/nur/master";
flake-utils.url = "github:numtide/flake-utils";
}; };
outputs = { self, nixpkgs, flake-utils, ... }@inputs: let outputs = { self, nixpkgs, flake-utils, ... }@inputs: let
providedSystems = flake-utils.lib.eachDefaultSystem providedSystems = flake-utils.lib.eachDefaultSystem
(system: (system:
rec { rec {
devShells.default = import ./devShell.nix { inherit inputs system; }; devShells.default = import ./devShell.nix { inherit system inputs; };
legacyPackages = import ./outputs.nix { inherit inputs system; }; legacyPackages = import ./outputs.nix { inherit system inputs; };
}); });
in providedSystems // { in providedSystems // {
nixosConfigurations = self.legacyPackages.x86_64-linux.network.nodes.nixos; nixosConfigurations = self.legacyPackages.x86_64-linux.network.nodes.nixos;

6
flake/trusted/flake.lock generated
View file

@ -153,12 +153,12 @@
}, },
"locked": { "locked": {
"lastModified": 0, "lastModified": 0,
"narHash": "sha256-omII+uAnixAdmjVSOtnvoSFMGG7nNW1Va6/YHMcpg14=", "narHash": "sha256-5QiIP+KsR91bepdNbtT8KZ0xDetXgZ2Jwu8GsXEbEtA=",
"path": "/nix/store/6hxbwkay3q04zpnbkr811zn5v9sbvdwk-source", "path": "/nix/store/gzp4k7vdi50xil3fakkxgz58ni45brjn-source",
"type": "path" "type": "path"
}, },
"original": { "original": {
"path": "/nix/store/6hxbwkay3q04zpnbkr811zn5v9sbvdwk-source", "path": "/nix/store/gzp4k7vdi50xil3fakkxgz58ni45brjn-source",
"type": "path" "type": "path"
} }
}, },

4
home/shell/zsh.nix
View file

@ -36,7 +36,7 @@
"listrowsfirst" "listrowsfirst"
]; in ]; in
'' ''
${if lib.hasSuffix "linux" pkgs.stdenv.system then '' ${if pkgs.hostPlatform.isLinux then ''
eval $(dircolors) eval $(dircolors)
'' else '' '' else ''
''} ''}
@ -72,7 +72,7 @@
dmesg = "dmesg -HP"; dmesg = "dmesg -HP";
hg = "history 0 | rg"; hg = "history 0 | rg";
} }
(lib.mkIf (lib.hasSuffix "linux" pkgs.stdenv.system) { (lib.mkIf pkgs.hostPlatform.isLinux {
sys = "systemctl"; sys = "systemctl";
sysu = "systemctl --user"; sysu = "systemctl --user";
walls = "journalctl _SYSTEMD_INVOCATION_ID=$(systemctl show -p InvocationID --value konawall.service --user) -o json | jq -r '.MESSAGE'"; walls = "journalctl _SYSTEMD_INVOCATION_ID=$(systemctl show -p InvocationID --value konawall.service --user) -o json | jq -r '.MESSAGE'";

2
meta.nix
View file

@ -8,7 +8,7 @@
kw.secrets.command = kw.secrets.command =
let let
bitw = pkgs.writeShellScriptBin "bitw" ''${pkgs.rbw-bitw}/bin/bitw -p gpg://${config.network.nodes.${builtins.getEnv "HOME_HOSTNAME"}.kw.secrets.repo.bitw.source} "$@"''; bitw = pkgs.writeShellScriptBin "bitw" ''${pkgs.rbw-bitw}/bin/bitw -p gpg://${config.network.nodes.${pkgs.hostPlatform.parsed.kernel.name}.${builtins.getEnv "HOME_HOSTNAME"}.kw.secrets.repo.bitw.source} "$@"'';
in in
"${bitw}/bin/bitw get"; "${bitw}/bin/bitw get";

8
modules/meta/network.nix
View file

@ -50,7 +50,7 @@ with lib;
}; };
config = { config = {
nixpkgs = { nixpkgs = {
system = mkDefault pkgs.system; system = mkDefault "x86_64-linux";
pkgs = pkgs =
let let
pkgsReval = import pkgs.path { pkgsReval = import pkgs.path {
@ -94,10 +94,12 @@ with lib;
darwinType = darwinType =
let let
baseModules = import (config.network.darwin.modulesPath + "/module-list.nix"); baseModules = import (config.network.darwin.modulesPath + "/module-list.nix");
flakeModule = (config.network.darwin.modulesPath + "/system/flake-overrides.nix");
in in
types.submoduleWith { types.submoduleWith {
modules = baseModules modules = baseModules
++ singleton darwinModule ++ singleton darwinModule
++ singleton flakeModule
++ config.network.darwin.extraModules; ++ config.network.darwin.extraModules;
specialArgs = { specialArgs = {
@ -116,6 +118,8 @@ with lib;
extraModules = [ extraModules = [
inputs.home-manager.darwinModules.home-manager inputs.home-manager.darwinModules.home-manager
meta.modules.darwin meta.modules.darwin
meta.modules.system
meta.system
]; ];
specialArgs = { specialArgs = {
inherit (config.network) nodes; inherit (config.network) nodes;
@ -126,6 +130,8 @@ with lib;
extraModules = [ extraModules = [
inputs.home-manager.nixosModules.home-manager inputs.home-manager.nixosModules.home-manager
meta.modules.nixos meta.modules.nixos
meta.modules.system
meta.system
]; ];
specialArgs = { specialArgs = {
inherit (config.network) nodes; inherit (config.network) nodes;

9
nixos/base/locale.nix
View file

@ -4,8 +4,13 @@
fonts.fonts = [ fonts.fonts = [
pkgs.tamzen pkgs.tamzen
]; ];
i18n.defaultLocale = "en_GB.UTF-8"; i18n = {
time.timeZone = "Europe/London"; defaultLocale = "en_CA.UTF-8";
supportedLocales = [
"en_CA.UTF-8/UTF-8"
"en_GB.UTF-8/UTF-8"
];
};
console = { console = {
packages = [ pkgs.tamzen ]; packages = [ pkgs.tamzen ];
keyMap = "uk"; keyMap = "uk";

8
nixos/gui/fonts.nix
View file

@ -14,12 +14,4 @@
}; };
}; };
}; };
fonts.fonts = with pkgs; [
cantarell-fonts
emacs-all-the-icons-fonts
font-awesome
cozette
twitter-color-emoji
] ++ map (variant: iosevka-bin.override { inherit variant; } ) [ "" "ss10" "aile" ];
} }

106
outputs.nix
View file

@ -4,9 +4,18 @@
pkgs = import ./overlays { inherit inputs system; }; pkgs = import ./overlays { inherit inputs system; };
inherit (pkgs) lib; inherit (pkgs) lib;
patchedInputs = inputs // { darwin = pkgs.applyPatches {
name = "darwin";
src = inputs.darwin;
patches = [ (pkgs.fetchpatch {
url = "https://patch-diff.githubusercontent.com/raw/LnL7/nix-darwin/pull/310.patch";
sha256 = "sha256-drnLOhF8JGXx8YY7w1PD2arUZvbqafWPTatQNTHt+QI=";
}) ];
}; };
mkTree = import ./tree.nix { inherit lib; }; mkTree = import ./tree.nix { inherit lib; };
localTree = mkTree { localTree = mkTree {
inherit inputs; inputs = patchedInputs;
folder = ./.; folder = ./.;
config = { config = {
"/" = { "/" = {
@ -28,28 +37,28 @@
(inputs.tf-nix + "/modules/nixos/secrets.nix") (inputs.tf-nix + "/modules/nixos/secrets.nix")
(inputs.tf-nix + "/modules/nixos/secrets-users.nix") (inputs.tf-nix + "/modules/nixos/secrets-users.nix")
] ++ (with (import (inputs.arcexprs + "/modules")).nixos; [ ] ++ (with (import (inputs.arcexprs + "/modules")).nixos; [
nix nix
systemd systemd
dht22-exporter dht22-exporter
glauth glauth
modprobe modprobe
kernel kernel
crypttab crypttab
mutable-state mutable-state
common-root common-root
pulseaudio pulseaudio
wireplumber wireplumber
alsa alsa
yggdrasil yggdrasil
bindings bindings
matrix-appservices matrix-appservices
matrix-synapse-appservices matrix-synapse-appservices
display display
filebin filebin
mosh mosh
base16 base16-shared base16 base16-shared
doc-warnings doc-warnings
]); ]);
}; };
}; };
"modules/home" = { "modules/home" = {
@ -62,6 +71,7 @@
}; };
}; };
"modules/darwin".functor.enable = true; "modules/darwin".functor.enable = true;
"modules/system".functor.enable = true;
"modules/meta".functor.enable = true; "modules/meta".functor.enable = true;
"nixos/systems".functor.enable = false; "nixos/systems".functor.enable = false;
"darwin/systems".functor.enable = false; "darwin/systems".functor.enable = false;
@ -71,6 +81,7 @@
"darwin/*".functor = { "darwin/*".functor = {
enable = true; enable = true;
}; };
"system".functor.enable = true;
"hardware".evaluateDefault = true; "hardware".evaluateDefault = true;
"nixos/cross".evaluateDefault = true; "nixos/cross".evaluateDefault = true;
"hardware/*".evaluateDefault = true; "hardware/*".evaluateDefault = true;
@ -80,7 +91,7 @@
}; };
}; };
trustedTree = mkTree { trustedTree = mkTree {
inherit inputs; inputs = patchedInputs;
folder = inputs.trusted; folder = inputs.trusted;
config = { config = {
"secrets".evaluateDefault = true; "secrets".evaluateDefault = true;
@ -104,34 +115,35 @@
eval = let eval = let
nixosNodes = (map nixosNodes = (map
(node: { (node: {
network.nodes.nixos.${node} = { network.nodes.nixos.${node} = {
imports = config.lib.kw.nixosImport node; imports = config.lib.kw.nixosImport node;
networking = { networking = {
hostName = node; hostName = node;
};
}; };
}) };
(lib.attrNames nixfiles.nixos.systems)); })
(lib.attrNames nixfiles.nixos.systems));
darwinNodes = (map darwinNodes = (map
(node: { (node: {
network.nodes.darwin.${node} = { network.nodes.darwin.${node} = {
imports = config.lib.kw.darwinImport node; imports = config.lib.kw.darwinImport node;
networking = { networking = {
hostName = node; hostName = node;
};
}; };
}) };
(lib.attrNames nixfiles.darwin.systems)); })
(lib.attrNames nixfiles.darwin.systems));
in lib.evalModules { in lib.evalModules {
modules = lib.singleton metaBase modules = lib.singleton metaBase
++ lib.singleton nixfiles.modules.meta ++ lib.singleton nixfiles.modules.meta
++ lib.attrValues nixfiles.targets ++ lib.attrValues nixfiles.targets
++ nixosNodes ++ nixosNodes
++ darwinNodes; ++ darwinNodes;
specialArgs = { specialArgs = {
inherit inputs root tree; inherit root tree;
inputs = patchedInputs;
meta = self; meta = self;
} // nixfiles; } // nixfiles;
}; };
@ -139,6 +151,6 @@
inherit (eval) config; inherit (eval) config;
self = config // { inherit pkgs lib inputs tree; } // nixfiles; self = config // { inherit pkgs lib tree; inputs = patchedInputs; } // nixfiles;
in in
self self

7
system/fonts.nix Normal file
View file

@ -0,0 +1,7 @@
{ config, pkgs, ... }: {
fonts.fonts = with pkgs; [
cantarell-fonts
font-awesome
cozette
] ++ map (variant: iosevka-bin.override { inherit variant; } ) [ "" "ss10" "aile" ];
}

5
system/secrets.nix Normal file
View file

@ -0,0 +1,5 @@
{ config, meta, inputs, lib, pkgs, ... }:
{
imports = lib.optional (meta.trusted ? secrets) meta.trusted.secrets;
}

3
system/time.nix Normal file
View file

@ -0,0 +1,3 @@
{ config, ... }: {
time.timeZone = "America/Vancouver";
}