feat: darwin configuration, LnL7/nix-darwin#310 patch

2026-02-09 12:29:19 -08:00 · 2022-07-11 10:43:50 -07:00 · 2022-07-11 10:43:50 -07:00 · 2e98ec90e0
commit 2e98ec90e0
parent 6e1080ad2c
20 changed files with 183 additions and 82 deletions
--- a/.envrc
+++ b/.envrc
@ -2,4 +2,6 @@ if [[ $(id -un) = kat ]]; then
 	export TRUSTED=1
 fi

+export HOME_HOSTNAME=$(hostname -s)
+
 use nix
--- a/darwin/base/fonts.nix
+++ b/darwin/base/fonts.nix
@ -0,0 +1,5 @@
+{ config, ... }: {
+  fonts = {
+    fontDir.enable = true;
+  };
+}
--- a/darwin/base/gpg.nix
+++ b/darwin/base/gpg.nix
@ -0,0 +1,6 @@
+{ config, ... }: {
+  programs.gnupg.agent = {
+    enable = true;
+    enableSSHSupport = true;
+  };
+}
--- a/darwin/base/homebrew.nix
+++ b/darwin/base/homebrew.nix
@ -1,5 +1,9 @@
 { config, ... }: {
  homebrew = {
    enable = true;
+    cleanup = "zap";
+    brews = [
+      "mas"
+    ];
  };
 }
--- a/darwin/base/nix.nix
+++ b/darwin/base/nix.nix
@ -12,6 +12,8 @@
      experimental-features = nix-command flakes
      keep-derivations = true
      keep-outputs = true
+      extra-platforms = x86_64-darwin aarch64-darwin
+      builders-use-substitutes = true
    '';
  };
 }
--- a/darwin/base/system.nix
+++ b/darwin/base/system.nix
@ -0,0 +1,43 @@
+{ config, ... }: {
+  services.activate-system.enable = true;
+  
+  system = {
+    defaults = {
+      SoftwareUpdate.AutomaticallyInstallMacOSUpdates = true;
+      NSGlobalDomain = {
+        AppleInterfaceStyleSwitchesAutomatically = true;
+        AppleShowAllFiles = true;
+        AppleShowAllExtensions = true;
+      };
+      dock = {
+        autohide = true;
+        orientation = "left";
+        tilesize = 32;
+        wvous-tl-corner = 1;
+        wvous-tr-corner = 10;
+        wvous-bl-corner = 4;
+        wvous-br-corner = 14;
+      };
+      finder = {
+        CreateDesktop = false;
+        ShowPathbar = true;
+        ShowStatusBar = true;
+        AppleShowAllFiles = true;
+        AppleShowAllExtensions = true;
+      };
+      loginwindow = {
+        GuestEnabled = false;
+      };
+    };
+    keyboard = {
+      enableKeyMapping = true;
+      remapCapsLockToControl = true;
+      userKeyMapping = [
+        { 
+          HIDKeyboardModifierMappingSrc = 30064771129; 
+          HIDKeyboardModifierMappingDst = 30064771299; 
+        }
+      ];
+    };
+  };
+}
--- a/darwin/systems/sumireko.nix
+++ b/darwin/systems/sumireko.nix
@ -15,10 +15,19 @@
      "firefox"
      "telegram"
      "discord"
+      "utm"
+      "mullvadvpn"
+      "bitwarden"
    ];
+    masApps = {
+      Tailscale = 1475387142;
+    };
  };

  environment.systemPackages = with pkgs; [
+    terraform
+    yt-dlp
+    k2tf
    awscli
    jq
  ];
--- a/devShell.nix
+++ b/devShell.nix
@ -35,7 +35,6 @@ let
    fi
  '';
  sumireko-apply = pkgs.writeShellScriptBin "sumireko-apply" ''
-    nix build ${toString ./.}#darwinConfigurations.sumireko.system
    darwin-rebuild switch --flake ${toString ./.}#sumireko
  '';
 in
@ -47,7 +46,7 @@ pkgs.mkShell {
    nf-update
    sumireko-apply
  ] ++ config.runners.lazy.nativeBuildInputs
-   ++ lib.optional (builtins.getEnv "TRUSTED" != "") (pkgs.writeShellScriptBin "bitw" ''${pkgs.rbw-bitw}/bin/bitw -p gpg://${config.network.nodes.nixos.koishi.kw.secrets.repo.bitw.source} "$@"'')
+   ++ lib.optional (builtins.getEnv "TRUSTED" != "") (pkgs.writeShellScriptBin "bitw" ''${pkgs.rbw-bitw}/bin/bitw -p gpg://${config.network.nodes.${pkgs.hostPlatform.parsed.kernel.name}.${builtins.getEnv "HOME_HOSTNAME"}.kw.secrets.repo.bitw.source} "$@"'')
  ++ (map
    (node: writeShellScriptBin "${node.networking.hostName}-sd-img" ''
      nix build -f . network.nodes.${node.networking.hostName}.system.build.sdImage --show-trace
@ -59,7 +58,6 @@ pkgs.mkShell {
    '')
    (builtins.filter (node: node.system.build ? isoImage) (attrValues meta.network.nodes.nixos)));
  shellHook = ''
-    export HOME_HOSTNAME=$(hostname -s)
    export NIX_BIN_DIR=${pkgs.nix}/bin
    export HOME_UID=$(id -u)
    export HOME_USER=$(id -un)
--- a/flake.lock
+++ b/flake.lock
@ -133,11 +133,11 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1657356697,
-        "narHash": "sha256-sT38tcx7m0Quz+Uj6jzx+yRa2+EVW2C3cE0FkROXUzQ=",
+        "lastModified": 1657447684,
+        "narHash": "sha256-FCP9AuU1q6PE3vOeM5SFf58f/UKPBAsoSGDUGamNBbo=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "87e7965bbcdbac3d103e3ed14ff04f719a4f7a58",
+        "rev": "5f43d8b088d3771274bcfb69d3c7435b1121ac88",
        "type": "github"
      },
      "original": {
@ -149,11 +149,11 @@
    },
    "nur": {
      "locked": {
-        "lastModified": 1657458605,
-        "narHash": "sha256-WAoPHlCNTV/yXLF72D7vj+gk1yjfNBM3PmZ61sCT4co=",
+        "lastModified": 1657535550,
+        "narHash": "sha256-8WwxmlXe6o1Ob8rQan8R1H1NKSNaxqRuIuIU5RVhyd4=",
        "owner": "nix-community",
        "repo": "nur",
-        "rev": "fe1f99449c93be772b31de520eebaee6feb8717e",
+        "rev": "f0faa262c28384df0c00ec2c64e8031c4fbd0a61",
        "type": "github"
      },
      "original": {
@ -181,11 +181,11 @@
    "tf-nix": {
      "flake": false,
      "locked": {
-        "lastModified": 1655220817,
-        "narHash": "sha256-5eYqmPN1KuBz8ZNnIJPpRDeQDMOuS/kFpLGNld2G0is=",
+        "lastModified": 1657549622,
+        "narHash": "sha256-gIoMfy8Roq4hh2BBL3Hd8Z+FsPtC4bGAcS/yttuahwg=",
        "owner": "arcnmx",
        "repo": "tf-nix",
-        "rev": "cd7c31d794a2d6992394ce4fa8b1157f8a88c349",
+        "rev": "c99cf454785d57cb430ae09c3327a0b619e2eed1",
        "type": "github"
      },
      "original": {
--- a/flake.nix
+++ b/flake.nix
@ -14,9 +14,10 @@
      url = "github:kittywitch/home-manager/master";
      inputs.nixpkgs.follows = "nixpkgs";
    };
-    nur.url = "github:nix-community/nur/master";
-    darwin.url = "github:lnl7/nix-darwin/master";
-    darwin.inputs.nixpkgs.follows = "nixpkgs";
+    darwin = {
+      url = "github:lnl7/nix-darwin/master";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
    nix-dns = {
      url = "github:kirelagin/nix-dns/master";
      inputs.nixpkgs.follows = "nixpkgs";
@ -26,7 +27,6 @@
      url = "github:arcnmx/tf-nix/master";
      flake = false;
    };
-    flake-utils.url = "github:numtide/flake-utils";
    trusted = {
      url = "path:./flake/empty/.";
      flake = false;
@ -35,14 +35,16 @@
      url = "github:edolstra/flake-compat";
      flake = false;
    };
+    nur.url = "github:nix-community/nur/master";
+    flake-utils.url = "github:numtide/flake-utils";
  };

  outputs = { self, nixpkgs, flake-utils, ... }@inputs: let
    providedSystems = flake-utils.lib.eachDefaultSystem
  (system:
  rec {
-    devShells.default = import ./devShell.nix { inherit inputs system; };
-    legacyPackages = import ./outputs.nix { inherit inputs system; };
+    devShells.default = import ./devShell.nix { inherit system inputs; };
+    legacyPackages = import ./outputs.nix { inherit system inputs; };
  });
  in providedSystems // {
    nixosConfigurations = self.legacyPackages.x86_64-linux.network.nodes.nixos;
--- a/flake/trusted/flake.lock
+++ b/flake/trusted/flake.lock
@ -153,12 +153,12 @@
      },
      "locked": {
        "lastModified": 0,
-        "narHash": "sha256-omII+uAnixAdmjVSOtnvoSFMGG7nNW1Va6/YHMcpg14=",
-        "path": "/nix/store/6hxbwkay3q04zpnbkr811zn5v9sbvdwk-source",
+        "narHash": "sha256-5QiIP+KsR91bepdNbtT8KZ0xDetXgZ2Jwu8GsXEbEtA=",
+        "path": "/nix/store/gzp4k7vdi50xil3fakkxgz58ni45brjn-source",
        "type": "path"
      },
      "original": {
-        "path": "/nix/store/6hxbwkay3q04zpnbkr811zn5v9sbvdwk-source",
+        "path": "/nix/store/gzp4k7vdi50xil3fakkxgz58ni45brjn-source",
        "type": "path"
      }
    },
--- a/home/shell/zsh.nix
+++ b/home/shell/zsh.nix
@ -36,7 +36,7 @@
          "listrowsfirst"
        ]; in
      ''
-	${if lib.hasSuffix "linux" pkgs.stdenv.system then ''
+	${if pkgs.hostPlatform.isLinux then ''
        eval $(dircolors)
 	'' else ''
 	''}
@ -72,7 +72,7 @@
        dmesg = "dmesg -HP";
        hg = "history 0 | rg";
      }
-      (lib.mkIf (lib.hasSuffix "linux" pkgs.stdenv.system) {
+      (lib.mkIf pkgs.hostPlatform.isLinux {
        sys = "systemctl";
        sysu = "systemctl --user";
        walls = "journalctl _SYSTEMD_INVOCATION_ID=$(systemctl show -p InvocationID --value konawall.service --user) -o json | jq -r '.MESSAGE'";
--- a/meta.nix
+++ b/meta.nix
@ -8,7 +8,7 @@

  kw.secrets.command =
    let
-      bitw = pkgs.writeShellScriptBin "bitw" ''${pkgs.rbw-bitw}/bin/bitw -p gpg://${config.network.nodes.${builtins.getEnv "HOME_HOSTNAME"}.kw.secrets.repo.bitw.source} "$@"'';
+      bitw = pkgs.writeShellScriptBin "bitw" ''${pkgs.rbw-bitw}/bin/bitw -p gpg://${config.network.nodes.${pkgs.hostPlatform.parsed.kernel.name}.${builtins.getEnv "HOME_HOSTNAME"}.kw.secrets.repo.bitw.source} "$@"'';
    in
    "${bitw}/bin/bitw get";

--- a/modules/meta/network.nix
+++ b/modules/meta/network.nix
@ -50,7 +50,7 @@ with lib;
          };
          config = {
            nixpkgs = {
-              system = mkDefault pkgs.system;
+              system = mkDefault "x86_64-linux";
              pkgs =
                let
                  pkgsReval = import pkgs.path {
@ -94,10 +94,12 @@ with lib;
        darwinType =
          let
            baseModules = import (config.network.darwin.modulesPath + "/module-list.nix");
+            flakeModule = (config.network.darwin.modulesPath + "/system/flake-overrides.nix");
          in
          types.submoduleWith {
            modules = baseModules
              ++ singleton darwinModule
+              ++ singleton flakeModule
              ++ config.network.darwin.extraModules;

            specialArgs = {
@ -116,6 +118,8 @@ with lib;
      extraModules = [
        inputs.home-manager.darwinModules.home-manager
        meta.modules.darwin
+        meta.modules.system
+        meta.system
      ];
      specialArgs = {
        inherit (config.network) nodes;
@ -126,6 +130,8 @@ with lib;
      extraModules = [
        inputs.home-manager.nixosModules.home-manager
        meta.modules.nixos
+        meta.modules.system
+        meta.system
      ];
      specialArgs = {
        inherit (config.network) nodes;
--- a/nixos/base/locale.nix
+++ b/nixos/base/locale.nix
@ -4,8 +4,13 @@
  fonts.fonts = [
    pkgs.tamzen
  ];
-  i18n.defaultLocale = "en_GB.UTF-8";
-  time.timeZone = "Europe/London";
+  i18n = {
+    defaultLocale = "en_CA.UTF-8";
+    supportedLocales = [
+      "en_CA.UTF-8/UTF-8"
+      "en_GB.UTF-8/UTF-8"
+    ];
+  };
  console = {
    packages = [ pkgs.tamzen ];
    keyMap = "uk";
--- a/nixos/gui/fonts.nix
+++ b/nixos/gui/fonts.nix
@ -14,12 +14,4 @@
      };
    };
  };
-
-  fonts.fonts = with pkgs; [
-    cantarell-fonts
-    emacs-all-the-icons-fonts
-    font-awesome
-    cozette
-    twitter-color-emoji
-  ] ++ map (variant: iosevka-bin.override { inherit variant; } ) [ "" "ss10" "aile" ];
 }
--- a/outputs.nix
+++ b/outputs.nix
@ -4,9 +4,18 @@
  pkgs = import ./overlays { inherit inputs system; };
  inherit (pkgs) lib;

+  patchedInputs = inputs // { darwin = pkgs.applyPatches {
+    name = "darwin";
+    src = inputs.darwin;
+    patches = [ (pkgs.fetchpatch {
+      url = "https://patch-diff.githubusercontent.com/raw/LnL7/nix-darwin/pull/310.patch";
+      sha256 = "sha256-drnLOhF8JGXx8YY7w1PD2arUZvbqafWPTatQNTHt+QI=";
+    }) ];
+  }; };
+
  mkTree = import ./tree.nix { inherit lib; };
  localTree = mkTree {
-    inherit inputs;
+    inputs = patchedInputs;
    folder = ./.;
    config = {
      "/" = {
@ -28,28 +37,28 @@
            (inputs.tf-nix + "/modules/nixos/secrets.nix")
            (inputs.tf-nix + "/modules/nixos/secrets-users.nix")
          ] ++ (with (import (inputs.arcexprs + "/modules")).nixos; [
-      nix
-      systemd
-      dht22-exporter
-      glauth
-      modprobe
-      kernel
-      crypttab
-      mutable-state
-      common-root
-      pulseaudio
-      wireplumber
-      alsa
-      yggdrasil
-      bindings
-      matrix-appservices
-      matrix-synapse-appservices
-      display
-      filebin
-      mosh
-      base16 base16-shared
-      doc-warnings
-    ]);
+            nix
+            systemd
+            dht22-exporter
+            glauth
+            modprobe
+            kernel
+            crypttab
+            mutable-state
+            common-root
+            pulseaudio
+            wireplumber
+            alsa
+            yggdrasil
+            bindings
+            matrix-appservices
+            matrix-synapse-appservices
+            display
+            filebin
+            mosh
+            base16 base16-shared
+            doc-warnings
+          ]);
        };
      };
      "modules/home" = {
@ -62,6 +71,7 @@
        };
      };
      "modules/darwin".functor.enable = true;
+      "modules/system".functor.enable = true;
      "modules/meta".functor.enable = true;
      "nixos/systems".functor.enable = false;
      "darwin/systems".functor.enable = false;
@ -71,6 +81,7 @@
      "darwin/*".functor = {
        enable = true;
      };
+      "system".functor.enable = true;
      "hardware".evaluateDefault = true;
      "nixos/cross".evaluateDefault = true;
      "hardware/*".evaluateDefault = true;
@ -80,7 +91,7 @@
    };
  };
  trustedTree = mkTree {
-    inherit inputs;
+    inputs = patchedInputs;
    folder = inputs.trusted;
    config = {
      "secrets".evaluateDefault = true;
@ -104,34 +115,35 @@

  eval = let
    nixosNodes = (map
-      (node: {
-        network.nodes.nixos.${node} = {
-          imports = config.lib.kw.nixosImport node;
-          networking = {
-            hostName = node;
-          };
+    (node: {
+      network.nodes.nixos.${node} = {
+        imports = config.lib.kw.nixosImport node;
+        networking = {
+          hostName = node;
        };
-      })
-      (lib.attrNames nixfiles.nixos.systems));
+      };
+    })
+    (lib.attrNames nixfiles.nixos.systems));
    darwinNodes = (map
-      (node: {
-        network.nodes.darwin.${node} = {
-          imports = config.lib.kw.darwinImport node;
-          networking = {
-            hostName = node;
-          };
+    (node: {
+      network.nodes.darwin.${node} = {
+        imports = config.lib.kw.darwinImport node;
+        networking = {
+          hostName = node;
        };
-      })
-      (lib.attrNames nixfiles.darwin.systems));
+      };
+    })
+    (lib.attrNames nixfiles.darwin.systems));
  in lib.evalModules {
    modules = lib.singleton metaBase
-      ++ lib.singleton nixfiles.modules.meta
-      ++ lib.attrValues nixfiles.targets
-      ++ nixosNodes
-      ++ darwinNodes;
+    ++ lib.singleton nixfiles.modules.meta
+    ++ lib.attrValues nixfiles.targets
+    ++ nixosNodes
+    ++ darwinNodes;

    specialArgs = {
-      inherit inputs root tree;
+      inherit root tree;
+      inputs = patchedInputs;
      meta = self;
    } // nixfiles;
  };
@ -139,6 +151,6 @@
  inherit (eval) config;


-  self = config // { inherit pkgs lib inputs tree; } // nixfiles;
+  self = config // { inherit pkgs lib tree; inputs = patchedInputs; } // nixfiles;
 in
-self
+  self
--- a/system/fonts.nix
+++ b/system/fonts.nix
@ -0,0 +1,7 @@
+{ config, pkgs, ... }: {
+  fonts.fonts = with pkgs; [
+    cantarell-fonts
+    font-awesome
+    cozette
+  ] ++ map (variant: iosevka-bin.override { inherit variant; } ) [ "" "ss10" "aile" ];
+}
--- a/system/secrets.nix
+++ b/system/secrets.nix
@ -0,0 +1,5 @@
+{ config, meta, inputs, lib, pkgs, ... }:
+
+{
+ imports = lib.optional (meta.trusted ? secrets) meta.trusted.secrets;
+}
--- a/system/time.nix
+++ b/system/time.nix
@ -0,0 +1,3 @@
+{ config, ... }: {
+  time.timeZone = "America/Vancouver";
+}