ref: merged nixos and macOS configuration

2025-12-06 14:49:14 +00:00 · 2023-12-30 20:45:31 +01:00 · 2023-12-30 20:45:31 +01:00 · fcba199e19
commit fcba199e19
parent 76632a9d1c
21 changed files with 35 additions and 12 deletions
--- a/nix/hosts/nixie/age.nix
+++ b/nix/hosts/nixie/age.nix
@ -0,0 +1,17 @@
+{ ... }: {
+
+  age = {
+    identityPaths = [ "/home/leana/.ssh/id_ed25519" ];
+    secrets.sshconcfig = {
+      file = ../../secrets/sshconfig.age;
+      path = "/home/leana/.ssh/config";
+      mode = "644";
+      owner = "leana";
+    };
+    secrets.truenas_smb.file = ../../secrets/truenas_smb.age;
+    secrets.wpa_password.file = ../../secrets/wpa_password.age;
+    secrets.wireguard_priv.file = ../../secrets/wireguard_priv.age;
+    secrets.wireguard_psk.file = ../../secrets/wireguard_psk.age;
+  };
+
+}
--- a/nix/hosts/nixie/audio.nix
+++ b/nix/hosts/nixie/audio.nix
@ -0,0 +1,16 @@
+{ pkgs, ... }: {
+  sound = {
+    enable = true;
+    mediaKeys.enable = true;
+  };
+  security.rtkit.enable = true;
+  services.pipewire = {
+    enable = true;
+    alsa.enable = true;
+    alsa.support32Bit = true;
+    pulse.enable = true;
+    jack.enable = true;
+  };
+
+  environment.systemPackages = with pkgs; [ helvum pavucontrol ];
+}
--- a/nix/hosts/nixie/battery.nix
+++ b/nix/hosts/nixie/battery.nix
@ -0,0 +1,18 @@
+{pkgs, ...}: {
+  systemd.services.battery-charge-threshold = {
+    enable = true;
+    description = "Set the battery charge threshold";
+    unitConfig = {
+      After = "multi-user.target";
+      StartLimitBurst = 0;
+    };
+    serviceConfig = {
+      User = "root";
+      Group = "root";
+      Type = "oneshot";
+      Restart = "on-failure";
+      ExecStart = "${pkgs.bash}/bin/bash -c 'echo 70 > /sys/class/power_supply/BAT1/charge_control_start_threshold; echo 80 > /sys/class/power_supply/BAT1/charge_control_end_threshold'";
+    };
+    wantedBy = ["multi-user.target"];
+  };
+}
--- a/nix/hosts/nixie/bluetooth.nix
+++ b/nix/hosts/nixie/bluetooth.nix
@ -0,0 +1,15 @@
+{...}: {
+  hardware.bluetooth.enable = true;
+  services.blueman.enable = true;
+  # FIXME: this breaks the handsfree microphone mode for XM4
+  # environment.etc = {
+  #   "wireplumber/bluetooth.lua.d/51-bluez-config.lua".text = ''
+  #     bluez_monitor.properties = {
+  #       ["bluez5.enable-sbc-xq"] = true,
+  #       ["bluez5.enable-msbc"] = true,
+  #       ["bluez5.enable-hw-volume"] = true,
+  #       ["bluez5.headset-roles"] = "[ hsp_hs hsp_ag hfp_hf hfp_ag ]"
+  #     }
+  #   '';
+  # };
+}
--- a/nix/hosts/nixie/default.nix
+++ b/nix/hosts/nixie/default.nix
@ -0,0 +1,49 @@
+{ pkgs, ... }: {
+  system.stateVersion = "23.11";
+
+  imports = [
+    ./hardware-configuration.nix
+
+    ./age.nix
+    ./battery.nix
+    ./gui.nix
+    ./locale.nix
+    ./audio.nix
+    ./networking.nix
+    ./bluetooth.nix
+    ./packages.nix
+    ./virt.nix
+  ];
+
+  boot.loader = {
+    systemd-boot.enable = true;
+    efi.canTouchEfiVariables = true;
+  };
+
+  programs.fish.enable = true;
+  security.sudo.extraConfig = "Defaults lecture = always";
+  users.users.leana = {
+    uid = 1000;
+    shell = pkgs.fish;
+    isNormalUser = true;
+    description = "leana";
+    extraGroups = [ "wheel" "video" "audio" "docker" ];
+    packages = [ ];
+  };
+
+  nix = {
+    package = pkgs.nixFlakes;
+    extraOptions = ''
+      experimental-features = nix-command flakes
+    '';
+    gc = {
+      automatic = true;
+      dates = "weekly";
+      options = "--delete-older-than 45d";
+    };
+    settings = {
+      auto-optimise-store = true;
+      substituters = [ "https://nix-community.cachix.org" ];
+    };
+  };
+}
--- a/nix/hosts/nixie/gui.nix
+++ b/nix/hosts/nixie/gui.nix
@ -0,0 +1,27 @@
+{ ... }: {
+  services.xserver.enable = true;
+
+  services.xserver = {
+    autoRepeatDelay = 300;
+    autoRepeatInterval = 40;
+  };
+
+  services.xserver = {
+    displayManager.gdm.enable = true;
+    windowManager.xmonad = {
+      enable = true;
+      enableContribAndExtras = true;
+      extraPackages = hp: with hp; [ neat-interpolation ];
+    };
+  };
+
+  services.xserver.libinput = {
+    mouse = {
+      naturalScrolling = true;
+      accelSpeed = "-0.5";
+    };
+    touchpad = { naturalScrolling = true; };
+  };
+
+  programs.light.enable = true;
+}
--- a/nix/hosts/nixie/hardware-configuration.nix
+++ b/nix/hosts/nixie/hardware-configuration.nix
@ -0,0 +1,42 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usb_storage" "sd_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/7810e3a3-fed9-4c2d-8a39-a6063d0863cf";
+      fsType = "ext4";
+    };
+
+  boot.initrd.luks.devices."luks-a80f77f5-9c77-4730-aa0b-2a496c32f44b".device = "/dev/disk/by-uuid/a80f77f5-9c77-4730-aa0b-2a496c32f44b";
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/E63B-47B3";
+      fsType = "vfat";
+    };
+
+  swapDevices =
+    [ { device = "/dev/disk/by-uuid/2fd42520-5c2c-4d64-82ba-613033d34799"; }
+    ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true;
+  # networking.interfaces.wlp4s0.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}
--- a/nix/hosts/nixie/locale.nix
+++ b/nix/hosts/nixie/locale.nix
@ -0,0 +1,122 @@
+{pkgs, ...}: {
+  time.timeZone = "Europe/Paris";
+  i18n = {
+    defaultLocale = "en_US.UTF-8";
+    extraLocaleSettings = {
+      LC_ADDRESS = "fr_FR.UTF-8";
+      LC_IDENTIFICATION = "fr_FR.UTF-8";
+      LC_MEASUREMENT = "fr_FR.UTF-8";
+      LC_MONETARY = "fr_FR.UTF-8";
+      LC_NAME = "fr_FR.UTF-8";
+      LC_NUMERIC = "fr_FR.UTF-8";
+      LC_PAPER = "fr_FR.UTF-8";
+      LC_TELEPHONE = "fr_FR.UTF-8";
+      LC_TIME = "fr_FR.UTF-8";
+    };
+    supportedLocales = [
+      "en_US.UTF-8/UTF-8"
+      "fr_FR.UTF-8/UTF-8"
+      "zh_TW.UTF-8/UTF-8"
+    ];
+  };
+
+  i18n.inputMethod.enabled = "fcitx5";
+  i18n.inputMethod.fcitx5.addons = with pkgs; [
+    fcitx5-chinese-addons
+    fcitx5-table-extra
+  ];
+  i18n.inputMethod.fcitx5.ignoreUserConfig = true;
+
+  i18n.inputMethod.fcitx5.settings.inputMethod = {
+    "Groups/0" = {
+      "Name" = "gCangjie";
+      "Default Layout" = "us";
+      "DefaultIM" = "cangjie5";
+    };
+    "Groups/0/Items/0" = {
+      "Name" = "cangjie5";
+      "Layout" = null;
+    };
+
+    "Groups/1" = {
+      "Name" = "gDvorak";
+      "Default Layout" = "myDvorak";
+      "DefaultIM" = "keyboard-myDvorak";
+    };
+    "Groups/1/Items/0" = {
+      "Name" = "keyboard-myDvorak";
+      "Layout" = null;
+    };
+
+    "Groups/2" = {
+      "Name" = "gDvorakFrench";
+      "Default Layout" = "myDvorakFrench";
+      "DefaultIM" = "keyboard-myDvorakFrench";
+    };
+    "Groups/2/Items/0" = {
+      "Name" = "keyboard-myDvorakFrench";
+      "Layout" = null;
+    };
+
+    "GroupOrder" = {
+      "0" = "gDvorak";
+      "1" = "gDvorakFrench";
+      "2" = "gCangjie";
+    };
+  };
+  i18n.inputMethod.fcitx5.settings.globalOptions = {
+    Hotkey = {
+      EnumerateWithTriggerKeys = true;
+      EnumerateForwardKeys = null;
+      EnumerateBackwardKeys = null;
+      EnumerateSkipFirst = null;
+    };
+
+    "Hotkey/TriggerKeys" = {};
+    "Hotkey/AltTriggerKeys" = {"0" = "Shift_L";};
+    "Hotkey/EnumerateGroupForwardKeys" = {"0" = "Control+space";};
+    "Hotkey/EnumerateGroupBackwardKeys" = {"0" = "Control+Shift+space";};
+
+    "Hotkey/PrevPage" = {"0" = "Up";};
+    "Hotkey/NextPage" = {"0" = "Down";};
+    "Hotkey/PrevCandidate" = {"0" = "Shift+Tab";};
+    "Hotkey/NextCandidate" = {"0" = "Tab";};
+
+    Behavior = {
+      ActiveByDefault = false;
+      ShareInputState = "No";
+      PreeditEnabledByDefault = true;
+      ShowInputMethodInformation = true;
+      ShowInputMethodInformationWhenFocusIn = false;
+      CompactInputmethodInformation = true;
+      ShowFirstInputMethodInformation = true;
+      DefaultPageSize = "5";
+      OverriedXkbOption = false;
+      CustomXkbOption = null;
+      EnabledAddons = null;
+      DisabledAddons = null;
+      PreloadInputMethod = true;
+      AllowInputMethodForPassword = false;
+      ShowPreeditForPassword = false;
+      AutoSavePeriod = "30";
+    };
+  };
+
+  i18n.inputMethod.fcitx5.settings.addons = {
+    classicui.globalSection = {
+      "Vertical Candidate List" = false;
+      WheelForPaging = true;
+      Font = "HanaMinB 12";
+      MenuFont = "HanaMinB 12";
+      TrayFont = "HanaMinB 12";
+      PreferTextIcon = false;
+      ShowLayoutNameInIcon = true;
+      UseInputMethodLanguageToDisplayText = true;
+      Theme = "default";
+      DarkTheme = "default-dark";
+      UseDarkTheme = false;
+      UseAccentColor = true;
+      PerScreenDPI = false;
+    };
+  };
+}
--- a/nix/hosts/nixie/networking.nix
+++ b/nix/hosts/nixie/networking.nix
@ -0,0 +1,51 @@
+{ config, hostname, pkgs, lib, ... }: {
+  networking.hostName = hostname;
+
+  networking.networkmanager.enable = lib.mkForce false;
+
+  services.openssh.enable = true;
+
+  environment.systemPackages = [ pkgs.cifs-utils ];
+  fileSystems."/mnt/data" = {
+    device = "//10.0.0.20/data";
+    fsType = "cifs";
+    options = let
+      prevent_hanging =
+        "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s";
+      auth = "credentials=${config.age.secrets.truenas_smb.path}";
+      uid = "uid=${toString config.users.users.leana.uid}";
+    in [ "${prevent_hanging},${auth},${uid}" ];
+  };
+
+  networking.wireless = {
+    enable = true;
+    userControlled.enable = true;
+    environmentFile = config.age.secrets.wpa_password.path;
+    # To add networks: https://nixos.wiki/wiki/Wpa_supplicant
+    networks = { "HiddenParadize@Earth2077".psk = "@HOME@"; };
+  };
+
+  # # FIXME: doesn't work
+  # #
+  # # We need to rewire default gateway, but this is stupid for a laptop setup
+  # # https://discourse.nixos.org/t/solved-minimal-firewall-setup-for-wireguard-client/7577
+  # networking.firewall = { allowedUDPPorts = [ 660 ]; };
+  # networking.wireguard.interfaces = {
+  #   wg0 = {
+  #     ips = [ "10.66.66.50/32" ];
+  #     # listenPort = 660;
+  #     privateKeyFile = config.age.secrets.wireguard_priv.path;
+  #     peers = [{
+  #       publicKey = "amb6icauPN4P/suyNZoPsVVkB5+MiAnhFF6hIeUiNFE=";
+  #       presharedKeyFile = config.age.secrets.wireguard_psk.path;
+  #       allowedIPs = [
+  #         "10.0.0.0/23"
+  #         # "0.0.0.0/24"
+  #       ];
+  #       endpoint = "earth2077.fr:660";
+  #       persistentKeepalive = 25;
+  #     }];
+  #   };
+  # };
+
+}
--- a/nix/hosts/nixie/packages.nix
+++ b/nix/hosts/nixie/packages.nix
@ -0,0 +1,20 @@
+{
+  pkgs,
+  agenix,
+  ...
+}: {
+  environment.systemPackages = with pkgs; [
+    curl
+    stow
+    gcc
+
+    agenix.default
+  ];
+
+  programs.vim.defaultEditor = true;
+  programs.git.enable = true;
+  programs.gnupg.agent = {
+    enable = true;
+    pinentryFlavor = "curses";
+  };
+}
--- a/nix/hosts/nixie/virt.nix
+++ b/nix/hosts/nixie/virt.nix
@ -0,0 +1 @@
+{ ... }: { virtualisation.docker.enable = true; }
				`@ -0,0 +1 @@`
				`{ ... }: { virtualisation.docker.enable = true; }`