From cc08a506c85e4bb85f7cc65c96a69203e136bf75 Mon Sep 17 00:00:00 2001 From: Mohammad Rafiq Date: Wed, 9 Jul 2025 06:23:59 +0800 Subject: [PATCH 01/56] feat(keys): get gemini key from exret --- nix/modules/system/secrets.nix | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/nix/modules/system/secrets.nix b/nix/modules/system/secrets.nix index ff90532..fa2913c 100644 --- a/nix/modules/system/secrets.nix +++ b/nix/modules/system/secrets.nix @@ -10,15 +10,25 @@ let inherit (lib.meta) getExe; inherit (lib.strings) trim; inherit (cfg.admin) username pubkey; + inherit (cfg.paths) secrets; in { flake.modules.nixos.default = { config, ... }: { imports = [ inputs.sops-nix.nixosModules.sops ]; - config.sops.age.sshKeyPaths = [ - "/persist${config.users.defaultUserHome}/${username}/.ssh/id_ed25519" - ]; + config = { + sops = { + age.sshKeyPaths = [ + "/persist${config.users.defaultUserHome}/${username}/.ssh/id_ed25519" + ]; + secrets."keys/gemini".sopsFile = secrets + "/keys.yaml"; + }; + environment.shellInit = # sh + '' + export GEMINI_API_KEY=$(sudo cat ${config.sops.secrets."keys/gemini".path}) + ''; + }; }; flake.modules.homeManager.default.persistDirs = [ ".config/sops/age" ]; perSystem = From c21f7efecde83fc3d1abbaf45919993af7cd9f8e Mon Sep 17 00:00:00 2001 From: Mohammad Rafiq Date: Wed, 9 Jul 2025 06:25:15 +0800 Subject: [PATCH 02/56] feat(flake): add nix-darwin to flake WARNING: This commit includes additions to flake.nix and flake.lock. --- flake.lock | 22 ++++++++++++++++++++++ flake.nix | 5 +++++ 2 files changed, 27 insertions(+) diff --git a/flake.lock b/flake.lock index fb9b627..21693cb 100644 --- a/flake.lock +++ b/flake.lock @@ -337,6 +337,27 @@ "type": "github" } }, + "nix-darwin": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1751313918, + "narHash": "sha256-HsJM3XLa43WpG+665aGEh8iS8AfEwOIQWk3Mke3e7nk=", + "owner": "nix-darwin", + "repo": "nix-darwin", + "rev": "e04a388232d9a6ba56967ce5b53a8a6f713cdfcf", + "type": "github" + }, + "original": { + "owner": "nix-darwin", + "ref": "master", + "repo": "nix-darwin", + "type": "github" + } + }, "nix-index-database": { "inputs": { "nixpkgs": [ @@ -467,6 +488,7 @@ "impermanence": "impermanence", "import-tree": "import-tree", "make-shell": "make-shell", + "nix-darwin": "nix-darwin", "nix-index-database": "nix-index-database", "nixpkgs": "nixpkgs", "nur": "nur", diff --git a/flake.nix b/flake.nix index 86b2997..d6fc5e2 100644 --- a/flake.nix +++ b/flake.nix @@ -22,6 +22,11 @@ url = "github:nix-community/home-manager"; inputs.nixpkgs.follows = "nixpkgs"; }; + # nix darwin provides declarative mac configuration + nix-darwin = { + url = "github:nix-darwin/nix-darwin/master"; + inputs.nixpkgs.follows = "nixpkgs"; + }; # the nix user repository for mainly firefox extensions nur = { url = "github:nix-community/NUR"; From 9cb4542b05340833789bbebe42fa65cee936d838 Mon Sep 17 00:00:00 2001 From: Mohammad Rafiq Date: Wed, 9 Jul 2025 06:36:42 +0800 Subject: [PATCH 03/56] feat(configurations): add darwin config support --- nix/configurations.nix | 6 ++++++ nix/manifest.nix | 1 + nix/meta.nix | 9 ++++++--- nix/modules/machine/platform.nix | 1 + 4 files changed, 14 insertions(+), 3 deletions(-) diff --git a/nix/configurations.nix b/nix/configurations.nix index 1d27ceb..737700d 100644 --- a/nix/configurations.nix +++ b/nix/configurations.nix @@ -6,6 +6,7 @@ }: let inherit (lib) nixosSystem; + inherit (inputs.nix-darwin.lib) darwinSystem; inherit (lib.lists) optional; inherit (lib.attrsets) mapAttrs; inherit (cfg.lib.modules) forAllUsers'; @@ -35,6 +36,10 @@ let (value.extraCfg or { }) ] ++ optional value.graphical cfg.modules.nixos.graphical; } + else if class == "darwin" then + darwinSystem { + modules = [ cfg.modules.darwin.default ]; + } else { } ) hosts; @@ -42,4 +47,5 @@ in { imports = [ inputs.home-manager.flakeModules.home-manager ]; flake.nixosConfigurations = mkConfigurations "nixos" hosts.nixos; + flake.darwinConfigurations = mkConfigurations "darwin" hosts.darwin; } diff --git a/nix/manifest.nix b/nix/manifest.nix index 0643eb8..306e2ae 100644 --- a/nix/manifest.nix +++ b/nix/manifest.nix @@ -7,6 +7,7 @@ shell = "fish"; pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILdsZyY3gu8IGB8MzMnLdh+ClDxQQ2RYG9rkeetIKq8n rafiq"; }; + hosts.darwin.venus = { }; hosts.nixos = { nemesis = { graphical = true; diff --git a/nix/meta.nix b/nix/meta.nix index 0d95bd7..a10a6da 100644 --- a/nix/meta.nix +++ b/nix/meta.nix @@ -74,9 +74,12 @@ in type = lazyAttrsOf userOpts; default = { }; }; - hosts = mkOption { - # hosts.nixos, hosts.darwin, etc. - type = lazyAttrsOf (lazyAttrsOf hostOpts); + hosts.nixos = mkOption { + type = lazyAttrsOf hostOpts; + default = { }; + }; + hosts.darwin = mkOption { + type = lazyAttrsOf raw; default = { }; }; }; diff --git a/nix/modules/machine/platform.nix b/nix/modules/machine/platform.nix index ae8ab61..62db2d1 100644 --- a/nix/modules/machine/platform.nix +++ b/nix/modules/machine/platform.nix @@ -11,4 +11,5 @@ boot.kernelModules = [ "kvm-${platform}" ]; nixpkgs.hostPlatform = "${arch}-linux"; }; + flake.modules.darwin.default.nixpkgs.hostPlatform = "x86_64-darwin"; } From 0f741cbb368fc0ebed16c0bbb67c4746a75a3b51 Mon Sep 17 00:00:00 2001 From: Mohammad Rafiq Date: Wed, 9 Jul 2025 09:15:37 +0800 Subject: [PATCH 04/56] refactor(nix): Move modules to modules..default structure --- nix/modules/system/system.nix | 25 ++++++++++++++----------- 1 file changed, 14 insertions(+), 11 deletions(-) diff --git a/nix/modules/system/system.nix b/nix/modules/system/system.nix index 15342b1..ead2992 100644 --- a/nix/modules/system/system.nix +++ b/nix/modules/system/system.nix @@ -1,14 +1,17 @@ { - flake.modules.nixos.default = { - persistFiles = [ "/etc/machine-id" ]; - persistDirs = [ "/var/lib/systemd" ]; - time.timeZone = "Asia/Singapore"; - i18n.defaultLocale = "en_US.UTF-8"; - system.stateVersion = "25.11"; - }; - flake.modules.homeManager.default = - { osConfig, ... }: - { - home.stateVersion = osConfig.system.stateVersion; + flake.modules = { + nixos.default = { + persistFiles = [ "/etc/machine-id" ]; + persistDirs = [ "/var/lib/systemd" ]; + time.timeZone = "Asia/Singapore"; + i18n.defaultLocale = "en_US.UTF-8"; + system.stateVersion = "25.11"; }; + homeManager.default = + { osConfig, ... }: + { + home.stateVersion = osConfig.system.stateVersion; + }; + darwin.default.system.stateVersion = 6; + }; } From 45414c48b9818d91de0b30dc002ec768ff57ad93 Mon Sep 17 00:00:00 2001 From: Mohammad Rafiq Date: Wed, 9 Jul 2025 09:35:56 +0800 Subject: [PATCH 05/56] feat(nix): pass flake self to darwin modules and add revision --- flake.nix | 7 +++++-- nix/configurations.nix | 1 + nix/meta.nix | 1 + nix/modules/cli/nix.nix | 7 +++++++ nix/modules/system/system.nix | 7 ++++++- 5 files changed, 20 insertions(+), 3 deletions(-) diff --git a/flake.nix b/flake.nix index d6fc5e2..5e22b8c 100644 --- a/flake.nix +++ b/flake.nix @@ -1,11 +1,14 @@ { outputs = - inputs: + { self, ... }@inputs: inputs.flake-parts.lib.mkFlake { inherit inputs; } ( (inputs.import-tree ./nix) // { systems = import inputs.systems; - flake.paths.root = ./.; + flake = { + inherit self; + paths.root = ./.; + }; } ); inputs = { diff --git a/nix/configurations.nix b/nix/configurations.nix index 737700d..efac889 100644 --- a/nix/configurations.nix +++ b/nix/configurations.nix @@ -38,6 +38,7 @@ let } else if class == "darwin" then darwinSystem { + specialArgs = { inherit (config.flake) self; }; modules = [ cfg.modules.darwin.default ]; } else diff --git a/nix/meta.nix b/nix/meta.nix index a10a6da..5c8f8fc 100644 --- a/nix/meta.nix +++ b/nix/meta.nix @@ -56,6 +56,7 @@ let in { options.flake = mkSubmoduleOptions { + self = mkOption { type = raw; }; lib = mkOption { type = lazyAttrsOf raw; default = { }; diff --git a/nix/modules/cli/nix.nix b/nix/modules/cli/nix.nix index ad97ee5..a69b1d6 100644 --- a/nix/modules/cli/nix.nix +++ b/nix/modules/cli/nix.nix @@ -3,4 +3,11 @@ "nix-command" "flakes" ]; + flake.modules.darwin.default = { + nix.enable = false; + nix.settings.experimental-features = [ + "nix-command" + "flakes" + ]; + }; } diff --git a/nix/modules/system/system.nix b/nix/modules/system/system.nix index ead2992..9b50970 100644 --- a/nix/modules/system/system.nix +++ b/nix/modules/system/system.nix @@ -12,6 +12,11 @@ { home.stateVersion = osConfig.system.stateVersion; }; - darwin.default.system.stateVersion = 6; + darwin.default = + { self, ... }: + { + system.configurationRevision = self.rev or self.dirtyRev or null; + system.stateVersion = 6; + }; }; } From 1b3414549d584aec4c9bf756f2b5cb38e2b18753 Mon Sep 17 00:00:00 2001 From: Mohammad Rafiq Date: Wed, 9 Jul 2025 13:04:08 +0800 Subject: [PATCH 06/56] refactor(nix): Move darwin configurations to configurations.nix --- nix/configurations.nix | 23 +++++++++++++++++------ 1 file changed, 17 insertions(+), 6 deletions(-) diff --git a/nix/configurations.nix b/nix/configurations.nix index efac889..e460cdd 100644 --- a/nix/configurations.nix +++ b/nix/configurations.nix @@ -36,11 +36,6 @@ let (value.extraCfg or { }) ] ++ optional value.graphical cfg.modules.nixos.graphical; } - else if class == "darwin" then - darwinSystem { - specialArgs = { inherit (config.flake) self; }; - modules = [ cfg.modules.darwin.default ]; - } else { } ) hosts; @@ -48,5 +43,21 @@ in { imports = [ inputs.home-manager.flakeModules.home-manager ]; flake.nixosConfigurations = mkConfigurations "nixos" hosts.nixos; - flake.darwinConfigurations = mkConfigurations "darwin" hosts.darwin; + flake.darwinConfigurations.venus = darwinSystem { + specialArgs = { inherit (config.flake) self; }; + modules = [ + ( + { pkgs, self, ... }: + { + environment.systemPackages = [ pkgs.vim ]; + services.tailscale.enable = true; + nix.settings.experimental-features = "nix-command flakes"; + nix.enable = false; + system.configurationRevision = self.rev or self.dirtyRev or null; + system.stateVersion = 6; + nixpkgs.hostPlatform = "x86_64-darwin"; + } + ) + ]; + }; } From 79eec8b97169356c8a22b2b8720452bb5f7edb1d Mon Sep 17 00:00:00 2001 From: Mohammad Rafiq Date: Mon, 14 Jul 2025 00:01:11 +0800 Subject: [PATCH 07/56] refactor(nix): Use mkConfigurations for darwinConfigurations --- nix/configurations.nix | 35 ++++++++++++++++++----------------- 1 file changed, 18 insertions(+), 17 deletions(-) diff --git a/nix/configurations.nix b/nix/configurations.nix index e460cdd..04c1776 100644 --- a/nix/configurations.nix +++ b/nix/configurations.nix @@ -36,6 +36,23 @@ let (value.extraCfg or { }) ] ++ optional value.graphical cfg.modules.nixos.graphical; } + else if class == "darwin" then + darwinSystem { + specialArgs = { inherit (config.flake) self; }; + modules = [ + cfg.modules.darwin.default + ( + { pkgs, ... }: + { + environment.systemPackages = [ pkgs.vim ]; + services.tailscale.enable = true; + nix.settings.experimental-features = "nix-command flakes"; + nix.enable = false; + nixpkgs.hostPlatform = "x86_64-darwin"; + } + ) + ]; + } else { } ) hosts; @@ -43,21 +60,5 @@ in { imports = [ inputs.home-manager.flakeModules.home-manager ]; flake.nixosConfigurations = mkConfigurations "nixos" hosts.nixos; - flake.darwinConfigurations.venus = darwinSystem { - specialArgs = { inherit (config.flake) self; }; - modules = [ - ( - { pkgs, self, ... }: - { - environment.systemPackages = [ pkgs.vim ]; - services.tailscale.enable = true; - nix.settings.experimental-features = "nix-command flakes"; - nix.enable = false; - system.configurationRevision = self.rev or self.dirtyRev or null; - system.stateVersion = 6; - nixpkgs.hostPlatform = "x86_64-darwin"; - } - ) - ]; - }; + flake.darwinConfigurations = mkConfigurations "darwin" hosts.darwin; } From cd984132eeb18f8fd3c97df06384413a849cd38e Mon Sep 17 00:00:00 2001 From: Mohammad Rafiq Date: Mon, 14 Jul 2025 00:09:24 +0800 Subject: [PATCH 08/56] refactor(darwin): move tailscale to module --- nix/configurations.nix | 10 ---------- nix/modules/networking/tailscale.nix | 3 +++ 2 files changed, 3 insertions(+), 10 deletions(-) diff --git a/nix/configurations.nix b/nix/configurations.nix index 04c1776..7687a76 100644 --- a/nix/configurations.nix +++ b/nix/configurations.nix @@ -41,16 +41,6 @@ let specialArgs = { inherit (config.flake) self; }; modules = [ cfg.modules.darwin.default - ( - { pkgs, ... }: - { - environment.systemPackages = [ pkgs.vim ]; - services.tailscale.enable = true; - nix.settings.experimental-features = "nix-command flakes"; - nix.enable = false; - nixpkgs.hostPlatform = "x86_64-darwin"; - } - ) ]; } else diff --git a/nix/modules/networking/tailscale.nix b/nix/modules/networking/tailscale.nix index ddf1b9a..8f2a000 100644 --- a/nix/modules/networking/tailscale.nix +++ b/nix/modules/networking/tailscale.nix @@ -14,4 +14,7 @@ in persistDirs = [ "/var/lib/tailscale" ]; sops.secrets."tailscale/client-secret".sopsFile = secrets + "/tailscale.yaml"; }; + flake.modules.darwin.default = { + services.tailscale.enable = true; + }; } From 65659908cf762ce78bae5212c7db5afe7d6e9664 Mon Sep 17 00:00:00 2001 From: Mohammad Rafiq Date: Mon, 14 Jul 2025 00:16:05 +0800 Subject: [PATCH 09/56] refactor(home-manage): hardcode homeVersion --- nix/modules/system/system.nix | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/nix/modules/system/system.nix b/nix/modules/system/system.nix index 9b50970..cee1df3 100644 --- a/nix/modules/system/system.nix +++ b/nix/modules/system/system.nix @@ -7,11 +7,7 @@ i18n.defaultLocale = "en_US.UTF-8"; system.stateVersion = "25.11"; }; - homeManager.default = - { osConfig, ... }: - { - home.stateVersion = osConfig.system.stateVersion; - }; + homeManager.default.home.stateVersion = "25.11"; darwin.default = { self, ... }: { From 9470ea2f9018a943beceec7ccde588e3f4596e10 Mon Sep 17 00:00:00 2001 From: Mohammad Rafiq Date: Mon, 14 Jul 2025 00:18:04 +0800 Subject: [PATCH 10/56] feat(darwin): Add stylix and user modules --- nix/configurations.nix | 2 ++ nix/modules/graphical/stylix.nix | 8 ++++++++ nix/modules/system/users.nix | 10 ++++++++++ 3 files changed, 20 insertions(+) diff --git a/nix/configurations.nix b/nix/configurations.nix index 7687a76..66b9b83 100644 --- a/nix/configurations.nix +++ b/nix/configurations.nix @@ -41,6 +41,8 @@ let specialArgs = { inherit (config.flake) self; }; modules = [ cfg.modules.darwin.default + inputs.home-manager.darwinModules.home-manager + { home-manager = globalCfg name value; } ]; } else diff --git a/nix/modules/graphical/stylix.nix b/nix/modules/graphical/stylix.nix index c4b3c65..c347b6a 100644 --- a/nix/modules/graphical/stylix.nix +++ b/nix/modules/graphical/stylix.nix @@ -9,4 +9,12 @@ stylix.enable = true; stylix.base16Scheme = "${pkgs.base16-schemes}/share/themes/gruvbox-dark-hard.yaml"; }; + flake.modules.darwin.default = + { pkgs, ... }: + { + imports = [ inputs.stylix.darwinModules.stylix ]; + stylix.enable = true; + #TODO: move into manifest + stylix.base16Scheme = "${pkgs.base16-schemes}/share/themes/gruvbox-dark-hard.yaml"; + }; } diff --git a/nix/modules/system/users.nix b/nix/modules/system/users.nix index 5815089..c9f8768 100644 --- a/nix/modules/system/users.nix +++ b/nix/modules/system/users.nix @@ -31,4 +31,14 @@ in } ); }; + flake.modules.darwin.default = + { config, ... }: + { + home-manager.users = forAllUsers' ( + name: _: { + home.username = name; + home.homeDirectory = config.users.users.${name}.home; + } + ); + }; } From a53868c454698a848bc60306ab9347a4de380b31 Mon Sep 17 00:00:00 2001 From: Mohammad Rafiq Date: Mon, 14 Jul 2025 00:46:52 +0800 Subject: [PATCH 11/56] feat(users): Set home directory for all users --- nix/modules/system/users.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/nix/modules/system/users.nix b/nix/modules/system/users.nix index c9f8768..28c5f94 100644 --- a/nix/modules/system/users.nix +++ b/nix/modules/system/users.nix @@ -34,6 +34,7 @@ in flake.modules.darwin.default = { config, ... }: { + users.users = forAllUsers' (name: _: { home = "/Users/${name}"; }); home-manager.users = forAllUsers' ( name: _: { home.username = name; From c1100a67eb04d16e6bc63e76c00c9e9ff52bb917 Mon Sep 17 00:00:00 2001 From: Mohammad Rafiq Date: Mon, 14 Jul 2025 00:49:01 +0800 Subject: [PATCH 12/56] feat(darwin): Allow unsupported systems for darwin --- nix/modules/machine/platform.nix | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/nix/modules/machine/platform.nix b/nix/modules/machine/platform.nix index 62db2d1..a1c5b05 100644 --- a/nix/modules/machine/platform.nix +++ b/nix/modules/machine/platform.nix @@ -11,5 +11,10 @@ boot.kernelModules = [ "kvm-${platform}" ]; nixpkgs.hostPlatform = "${arch}-linux"; }; - flake.modules.darwin.default.nixpkgs.hostPlatform = "x86_64-darwin"; + + flake.modules.darwin.default.nixpkgs = { + hostPlatform = "x86_64-darwin"; + config.allowUnsupportedSystem = true; + }; + } From 331ab6a448fbedcceee912d4270c25577a6e3f1d Mon Sep 17 00:00:00 2001 From: Mohammad Rafiq Date: Mon, 14 Jul 2025 01:06:57 +0800 Subject: [PATCH 13/56] feat(darwin): disable allowUnsupportedSystem for darwin.nixpkgs --- nix/modules/machine/platform.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nix/modules/machine/platform.nix b/nix/modules/machine/platform.nix index a1c5b05..e60d4bf 100644 --- a/nix/modules/machine/platform.nix +++ b/nix/modules/machine/platform.nix @@ -14,7 +14,7 @@ flake.modules.darwin.default.nixpkgs = { hostPlatform = "x86_64-darwin"; - config.allowUnsupportedSystem = true; + # config.allowUnsupportedSystem = true; }; } From 26e21a4edd0f7bbd1265c9a401c7b330e9511638 Mon Sep 17 00:00:00 2001 From: Mohammad Rafiq Date: Mon, 14 Jul 2025 01:17:25 +0800 Subject: [PATCH 14/56] feat(persist): conditionally persist home on linux only --- nix/modules/system/persist.nix | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/nix/modules/system/persist.nix b/nix/modules/system/persist.nix index 4e298c0..bda2d15 100644 --- a/nix/modules/system/persist.nix +++ b/nix/modules/system/persist.nix @@ -5,6 +5,7 @@ ... }: let + inherit (lib.modules) mkIf; inherit (lib.options) mkOption; inherit (config.flake.lib.options) mkStrOption; inherit (lib.types) @@ -49,15 +50,17 @@ in }; }; flake.modules.homeManager.default = - { config, ... }: + { config, osConfig, ... }: { imports = [ inputs.impermanence.homeManagerModules.impermanence ]; options.persistDirs = mkOpts "directory" { }; options.persistFiles = mkOpts "file" { }; - config.home.persistence."/persist${config.home.homeDirectory}" = { - allowOther = true; - directories = config.persistDirs; - files = config.persistFiles; + config = mkIf (osConfig.nixpkgs.hostPlatform == "x86_64-linux") { + home.persistence."/persist${config.home.homeDirectory}" = { + allowOther = true; + directories = config.persistDirs; + files = config.persistFiles; + }; }; }; } From b085f9222617e550099077416340f1056161d807 Mon Sep 17 00:00:00 2001 From: Mohammad Rafiq Date: Mon, 14 Jul 2025 01:37:51 +0800 Subject: [PATCH 15/56] feat(graphical): Enable graphical modules for darwin and nixos --- nix/configurations.nix | 2 +- nix/manifest.nix | 2 +- nix/modules/graphical/default.nix | 15 +++++++++------ 3 files changed, 11 insertions(+), 8 deletions(-) diff --git a/nix/configurations.nix b/nix/configurations.nix index 66b9b83..9164647 100644 --- a/nix/configurations.nix +++ b/nix/configurations.nix @@ -43,7 +43,7 @@ let cfg.modules.darwin.default inputs.home-manager.darwinModules.home-manager { home-manager = globalCfg name value; } - ]; + ] ++ optional value.graphical cfg.modules.darwin.graphical; } else { } diff --git a/nix/manifest.nix b/nix/manifest.nix index 306e2ae..6d4698d 100644 --- a/nix/manifest.nix +++ b/nix/manifest.nix @@ -7,7 +7,7 @@ shell = "fish"; pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILdsZyY3gu8IGB8MzMnLdh+ClDxQQ2RYG9rkeetIKq8n rafiq"; }; - hosts.darwin.venus = { }; + hosts.darwin.venus.graphical = true; hosts.nixos = { nemesis = { graphical = true; diff --git a/nix/modules/graphical/default.nix b/nix/modules/graphical/default.nix index c714a2d..0ba55ca 100644 --- a/nix/modules/graphical/default.nix +++ b/nix/modules/graphical/default.nix @@ -3,12 +3,15 @@ let inherit (lib.options) mkEnableOption; in { - flake.modules.nixos.graphical = { - home-manager.sharedModules = [ { graphical = true; } ]; - services.pipewire = { - enable = true; - pulse.enable = true; + flake.modules = { + nixos.graphical = { + home-manager.sharedModules = [ { graphical = true; } ]; + services.pipewire = { + enable = true; + pulse.enable = true; + }; }; + homeManager.default.options.graphical = mkEnableOption ""; + darwin.graphical.home-manager.sharedModules = [ { graphical = true; } ]; }; - flake.modules.homeManager.default.options.graphical = mkEnableOption ""; } From 0f3694c82d89026d027a7147a2722593be3b930c Mon Sep 17 00:00:00 2001 From: Mohammad Rafiq Date: Mon, 14 Jul 2025 02:13:00 +0800 Subject: [PATCH 16/56] feat(homes): Move graphical nixos config to nixos.nix --- nix/homes/rafiq/desktop/default.nix | 222 +-------------------------- nix/homes/rafiq/desktop/nixos.nix | 226 ++++++++++++++++++++++++++++ nix/modules/system/persist.nix | 4 +- 3 files changed, 231 insertions(+), 221 deletions(-) create mode 100644 nix/homes/rafiq/desktop/nixos.nix diff --git a/nix/homes/rafiq/desktop/default.nix b/nix/homes/rafiq/desktop/default.nix index 9eb1fc4..dda5cd8 100644 --- a/nix/homes/rafiq/desktop/default.nix +++ b/nix/homes/rafiq/desktop/default.nix @@ -1,75 +1,9 @@ +{ lib, inputs, ... }: { - lib, - inputs, - config, - ... -}: -let - cfg = config.flake; -in -{ - allowedUnfreePackages = [ - "stremio-shell" - "stremio-server" - "steam" - "steam-unwrapped" - ]; - flake.modules.nixos.graphical = - { config, pkgs, ... }: - { - fonts.packages = [ pkgs.font-awesome ]; - services.getty.autologinUser = cfg.admin.username; - # Start Hyprland at boot only if not connecting through SSH - environment.loginShellInit = # sh - '' - if [[ -z "$SSH_CLIENT" && -z "$SSH_CONNECTION" ]]; then - if uwsm check may-start; then - exec uwsm start hyprland-uwsm.desktop - fi - fi - ''; - environment.variables = { - # Get Electron apps to use Wayland - ELECTRON_OZONE_PLATFORM_HINT = "auto"; - NIXOS_OZONE_WL = "1"; - }; - programs = { - hyprland = { - enable = true; - # Use UWSM to have each process controlled by systemd init - withUWSM = true; - }; - steam = { - enable = true; - gamescopeSession.enable = true; - }; - }; - security.pam.services.hyprlock = { }; - services.sunshine = { - enable = true; - capSysAdmin = true; - openFirewall = true; - settings = { - sunshine_name = config.networking.hostName; - origin_pin_allowed = "wan"; - origin_web_ui_allowed = "wan"; - }; - applications = { }; - }; - # spotifyd - networking.firewall.allowedTCPPorts = [ 5353 ]; - networking.firewall.allowedUDPPorts = [ 5353 ]; - }; flake.modules.homeManager.rafiq = - { - pkgs, - config, - hostName, - hostConfig, - ... - }: + { pkgs, config, ... }: let - inherit (lib.modules) mkMerge mkIf; + inherit (lib.modules) mkIf; inherit (builtins) map listToAttrs; inherit (lib.lists) findFirstIndex; inherit (inputs.nur.legacyPackages.${pkgs.stdenv.hostPlatform.system}.repos.rycee) firefox-addons; @@ -104,41 +38,21 @@ in targets = { firefox.colorTheme.enable = true; firefox.profileNames = syncedProfiles; - waybar.addCss = false; }; }; - persistDirs = [ - "docs" - "repos" - "vids" - "tmp" - ".cache/Smart Code ltd/Stremio" - ".local/share/Smart Code ltd/Stremio" - ".mozilla/firefox" - ".tor project" - ".local/share/Steam" - ".local/share/PrismLauncher" - ".config/sunshine" - ]; home = { packages = with pkgs; [ prismlauncher stremio tor-browser vlc - wl-clipboard-rs ]; sessionVariables = { BROWSER = "firefox"; - LAUNCHER = "fuzzel"; - LOCKSCREEN = "hyprlock"; - NOTIFICATION_DAEMON = "mako"; TERMINAL = "ghostty"; - STATUS_BAR = "waybar"; }; }; programs = { - fuzzel.enable = true; obs-studio.enable = true; vesktop.enable = true; thunderbird.enable = true; @@ -147,142 +61,12 @@ in enable = true; inherit profiles; }; - hyprlock = { - enable = true; - settings = { - general.hide_cursor = true; - general.ignore_empty_input = true; - background.blur_passes = 5; - background.blur_size = 5; - label = { - text = ''hi, $USER.''; - font_size = 32; - position = "0, 0"; - halign = "center"; - valign = "center"; - zindex = 1; - shadow_passes = 5; - shadow_size = 5; - }; - input-field = { - placeholder_text = ""; - fade_on_empty = true; - size = "200, 45"; - position = "0, -5%"; - halign = "center"; - valign = "center"; - zindex = 1; - shadow_passes = 5; - shadow_size = 5; - }; - }; - }; ghostty = { enable = true; settings = { confirm-close-surface = false; }; }; - waybar = { - enable = true; - settings = [ - { - layer = "top"; - modules-left = [ - "pulseaudio" - ]; - modules-right = [ - "battery" - "clock" - ]; - "pulseaudio" = { - format = "{icon} {volume}%"; - format-muted = ""; - format-icons.default = [ - "" - "" - ]; - on-click = "${pkgs.pulseaudio}/bin/pactl set-sink-mute @DEFAULT_SINK@ toggle"; - }; - "clock" = { - interval = 1; - format = "{:%F %T}"; - }; - "battery" = { - interval = 1; - bat-compatibility = true; - }; - } - ]; - style = # css - '' - window#waybar { - background-color: rgba(0, 0, 0, 0); - } - - #pulseaudio, - #battery, - #clock { - padding-top: 5px; - padding-bottom: 5px; - padding-right: 5px; - color: #ffffff; - } - ''; - }; - }; - services = { - spotifyd.enable = true; - spotifyd.settings.global = { - device_name = "${hostName}"; - device_type = "computer"; - zeroconf_port = 5353; - }; - - mako.enable = true; - mako.settings.default-timeout = 10000; - - }; - wayland.windowManager.hyprland = { - enable = true; - # This is needed for UWSM - systemd.enable = false; - # Null the packages since we use them system wide - package = null; - portalPackage = null; - settings = mkMerge [ - (import ./_hyprland/decoration.nix) - (import ./_hyprland/keybinds.nix { inherit pkgs; }) - { - ecosystem.no_update_news = true; - xwayland.force_zero_scaling = true; - monitor = - let - mainMonitor = hostConfig.machine.monitors.main; - in - [ - "${mainMonitor.id}, ${mainMonitor.resolution}@${mainMonitor.refresh-rate}, auto, ${mainMonitor.scale}" - ", preferred, auto, 1" - ]; - exec-once = [ - "uwsm app -- $LOCKSCREEN" - "uwsm app -- $NOTIFICATION_DAEMON" - "uwsm app -- $STATUS_BAR" - ]; - } - ]; - }; - # xdg.configFile."uwsm/env".text = # sh - # '' - # # Force apps to scale right with Wayland - # export GDK_SCALE=${mainMonitor.scale} - # export STEAM_FORCE_DESKTOPUI_SCALING=${mainMonitor.scale} - # ''; - # xdg.configFile."uwsm/env-hyprland".text = # sh - # '' - # export GDK_SCALE=${mainMonitor.scale} - # export STEAM_FORCE_DESKTOPUI_SCALING=${mainMonitor.scale} - # ''; }; } diff --git a/nix/homes/rafiq/desktop/nixos.nix b/nix/homes/rafiq/desktop/nixos.nix new file mode 100644 index 0000000..dc9e77f --- /dev/null +++ b/nix/homes/rafiq/desktop/nixos.nix @@ -0,0 +1,226 @@ +{ lib, config, ... }: +let + cfg = config.flake; +in +{ + allowedUnfreePackages = [ + "stremio-shell" + "stremio-server" + "steam" + "steam-unwrapped" + ]; + flake.modules.nixos.graphical = + { config, pkgs, ... }: + { + fonts.packages = [ pkgs.font-awesome ]; + services.getty.autologinUser = cfg.admin.username; + # Start Hyprland at boot only if not connecting through SSH + environment.loginShellInit = # sh + '' + if [[ -z "$SSH_CLIENT" && -z "$SSH_CONNECTION" ]]; then + if uwsm check may-start; then + exec uwsm start hyprland-uwsm.desktop + fi + fi + ''; + environment.variables = { + # Get Electron apps to use Wayland + ELECTRON_OZONE_PLATFORM_HINT = "auto"; + NIXOS_OZONE_WL = "1"; + }; + programs = { + hyprland = { + enable = true; + # Use UWSM to have each process controlled by systemd init + withUWSM = true; + }; + steam = { + enable = true; + gamescopeSession.enable = true; + }; + }; + security.pam.services.hyprlock = { }; + services.sunshine = { + enable = true; + capSysAdmin = true; + openFirewall = true; + settings = { + sunshine_name = config.networking.hostName; + origin_pin_allowed = "wan"; + origin_web_ui_allowed = "wan"; + }; + applications = { }; + }; + # spotifyd + networking.firewall.allowedTCPPorts = [ 5353 ]; + networking.firewall.allowedUDPPorts = [ 5353 ]; + }; + flake.modules.homeManager.rafiq = + { + pkgs, + config, + hostName, + hostConfig, + ... + }: + let + inherit (lib.modules) mkMerge mkIf; + in + mkIf (config.graphical && pkgs.system == "x86_64-linux") { + stylix.targets.waybar.addCss = false; + persistDirs = [ + "docs" + "repos" + "vids" + "tmp" + ".cache/Smart Code ltd/Stremio" + ".local/share/Smart Code ltd/Stremio" + ".mozilla/firefox" + ".tor project" + ".local/share/Steam" + ".local/share/PrismLauncher" + ".config/sunshine" + ]; + home = { + packages = with pkgs; [ + wl-clipboard-rs + ]; + sessionVariables = { + LAUNCHER = "fuzzel"; + LOCKSCREEN = "hyprlock"; + NOTIFICATION_DAEMON = "mako"; + STATUS_BAR = "waybar"; + }; + }; + # xdg.configFile."uwsm/env".text = # sh + # '' + # # Force apps to scale right with Wayland + # export GDK_SCALE=${mainMonitor.scale} + # export STEAM_FORCE_DESKTOPUI_SCALING=${mainMonitor.scale} + # ''; + # xdg.configFile."uwsm/env-hyprland".text = # sh + # '' + # export GDK_SCALE=${mainMonitor.scale} + # export STEAM_FORCE_DESKTOPUI_SCALING=${mainMonitor.scale} + # ''; + wayland.windowManager.hyprland = { + enable = true; + # This is needed for UWSM + systemd.enable = false; + # Null the packages since we use them system wide + package = null; + portalPackage = null; + settings = mkMerge [ + (import ./_hyprland/decoration.nix) + (import ./_hyprland/keybinds.nix { inherit pkgs; }) + { + ecosystem.no_update_news = true; + xwayland.force_zero_scaling = true; + monitor = + let + mainMonitor = hostConfig.machine.monitors.main; + in + [ + "${mainMonitor.id}, ${mainMonitor.resolution}@${mainMonitor.refresh-rate}, auto, ${mainMonitor.scale}" + ", preferred, auto, 1" + ]; + exec-once = [ + "uwsm app -- $LOCKSCREEN" + "uwsm app -- $NOTIFICATION_DAEMON" + "uwsm app -- $STATUS_BAR" + ]; + } + ]; + }; + services = { + spotifyd.enable = true; + spotifyd.settings.global = { + device_name = "${hostName}"; + device_type = "computer"; + zeroconf_port = 5353; + }; + mako.enable = true; + mako.settings.default-timeout = 10000; + }; + programs = { + fuzzel.enable = true; + waybar = { + enable = true; + settings = [ + { + layer = "top"; + modules-left = [ + "pulseaudio" + ]; + modules-right = [ + "battery" + "clock" + ]; + "pulseaudio" = { + format = "{icon} {volume}%"; + format-muted = ""; + format-icons.default = [ + "" + "" + ]; + on-click = "${pkgs.pulseaudio}/bin/pactl set-sink-mute @DEFAULT_SINK@ toggle"; + }; + "clock" = { + interval = 1; + format = "{:%F %T}"; + }; + "battery" = { + interval = 1; + bat-compatibility = true; + }; + } + ]; + style = # css + '' + window#waybar { + background-color: rgba(0, 0, 0, 0); + } + + #pulseaudio, + #battery, + #clock { + padding-top: 5px; + padding-bottom: 5px; + padding-right: 5px; + color: #ffffff; + } + ''; + }; + hyprlock = { + enable = true; + settings = { + general.hide_cursor = true; + general.ignore_empty_input = true; + background.blur_passes = 5; + background.blur_size = 5; + label = { + text = ''hi, $USER.''; + font_size = 32; + position = "0, 0"; + halign = "center"; + valign = "center"; + zindex = 1; + shadow_passes = 5; + shadow_size = 5; + }; + input-field = { + placeholder_text = ""; + fade_on_empty = true; + size = "200, 45"; + position = "0, -5%"; + halign = "center"; + valign = "center"; + zindex = 1; + shadow_passes = 5; + shadow_size = 5; + }; + }; + }; + }; + }; +} diff --git a/nix/modules/system/persist.nix b/nix/modules/system/persist.nix index bda2d15..917440b 100644 --- a/nix/modules/system/persist.nix +++ b/nix/modules/system/persist.nix @@ -50,12 +50,12 @@ in }; }; flake.modules.homeManager.default = - { config, osConfig, ... }: + { config, pkgs, ... }: { imports = [ inputs.impermanence.homeManagerModules.impermanence ]; options.persistDirs = mkOpts "directory" { }; options.persistFiles = mkOpts "file" { }; - config = mkIf (osConfig.nixpkgs.hostPlatform == "x86_64-linux") { + config = mkIf (pkgs.system == "x86_64-linux") { home.persistence."/persist${config.home.homeDirectory}" = { allowOther = true; directories = config.persistDirs; From 92e6da3645b09fd9ba22d91e9bee85d717dabc8b Mon Sep 17 00:00:00 2001 From: Mohammad Rafiq Date: Mon, 14 Jul 2025 02:26:30 +0800 Subject: [PATCH 17/56] feat(homes): Move ghostty config to nixos and darwin modules --- nix/homes/rafiq/desktop/darwin.nix | 7 +++++++ nix/homes/rafiq/desktop/default.nix | 8 ++------ nix/homes/rafiq/desktop/nixos.nix | 1 + 3 files changed, 10 insertions(+), 6 deletions(-) create mode 100644 nix/homes/rafiq/desktop/darwin.nix diff --git a/nix/homes/rafiq/desktop/darwin.nix b/nix/homes/rafiq/desktop/darwin.nix new file mode 100644 index 0000000..ea20119 --- /dev/null +++ b/nix/homes/rafiq/desktop/darwin.nix @@ -0,0 +1,7 @@ +{ + flake.modules.darwin.graphical.homebrew = { + enable = true; + onActivation.cleanup = "uninstall"; + casks = [ "ghostty" ]; + }; +} diff --git a/nix/homes/rafiq/desktop/default.nix b/nix/homes/rafiq/desktop/default.nix index dda5cd8..d6e9c4c 100644 --- a/nix/homes/rafiq/desktop/default.nix +++ b/nix/homes/rafiq/desktop/default.nix @@ -57,16 +57,12 @@ vesktop.enable = true; thunderbird.enable = true; thunderbird.profiles.rafiq.isDefault = true; + # ghostty is broken on nix-darwin + ghostty.settings.confirm-close-surface = false; firefox = { enable = true; inherit profiles; }; - ghostty = { - enable = true; - settings = { - confirm-close-surface = false; - }; - }; }; }; } diff --git a/nix/homes/rafiq/desktop/nixos.nix b/nix/homes/rafiq/desktop/nixos.nix index dc9e77f..c40f260 100644 --- a/nix/homes/rafiq/desktop/nixos.nix +++ b/nix/homes/rafiq/desktop/nixos.nix @@ -144,6 +144,7 @@ in }; programs = { fuzzel.enable = true; + ghostty.enable = true; waybar = { enable = true; settings = [ From cf6917e56d6d446f7c2d23553d2c3807ef2e96bc Mon Sep 17 00:00:00 2001 From: Mohammad Rafiq Date: Mon, 14 Jul 2025 02:28:42 +0800 Subject: [PATCH 18/56] feat(darwin): Add primaryUser to homebrew config --- nix/homes/rafiq/desktop/darwin.nix | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/nix/homes/rafiq/desktop/darwin.nix b/nix/homes/rafiq/desktop/darwin.nix index ea20119..936c690 100644 --- a/nix/homes/rafiq/desktop/darwin.nix +++ b/nix/homes/rafiq/desktop/darwin.nix @@ -1,7 +1,10 @@ { - flake.modules.darwin.graphical.homebrew = { - enable = true; - onActivation.cleanup = "uninstall"; - casks = [ "ghostty" ]; - }; + flake.modules.darwin.graphical.homebrew = + { config, ... }: + { + enable = true; + primaryUser = config.home.username; + onActivation.cleanup = "uninstall"; + casks = [ "ghostty" ]; + }; } From 3d64bf5a6ebf922f8181ee56de73218be75e5ec9 Mon Sep 17 00:00:00 2001 From: Mohammad Rafiq Date: Mon, 14 Jul 2025 02:32:31 +0800 Subject: [PATCH 19/56] fix(darwin): Use flake.admin.username for homebrew primaryUser --- nix/homes/rafiq/desktop/darwin.nix | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/nix/homes/rafiq/desktop/darwin.nix b/nix/homes/rafiq/desktop/darwin.nix index 936c690..50fef24 100644 --- a/nix/homes/rafiq/desktop/darwin.nix +++ b/nix/homes/rafiq/desktop/darwin.nix @@ -1,10 +1,12 @@ +{ config, ... }: +let + cfg = config.flake; +in { - flake.modules.darwin.graphical.homebrew = - { config, ... }: - { - enable = true; - primaryUser = config.home.username; - onActivation.cleanup = "uninstall"; - casks = [ "ghostty" ]; - }; + flake.modules.darwin.graphical.homebrew = { + enable = true; + primaryUser = cfg.admin.username; + onActivation.cleanup = "uninstall"; + casks = [ "ghostty" ]; + }; } From 3af11b2519e70406ff91f48e2ce42719aac67534 Mon Sep 17 00:00:00 2001 From: Mohammad Rafiq Date: Mon, 14 Jul 2025 02:34:18 +0800 Subject: [PATCH 20/56] fix(darwin): Rename homebrew primaryUser to user --- nix/homes/rafiq/desktop/darwin.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nix/homes/rafiq/desktop/darwin.nix b/nix/homes/rafiq/desktop/darwin.nix index 50fef24..10a2725 100644 --- a/nix/homes/rafiq/desktop/darwin.nix +++ b/nix/homes/rafiq/desktop/darwin.nix @@ -5,7 +5,7 @@ in { flake.modules.darwin.graphical.homebrew = { enable = true; - primaryUser = cfg.admin.username; + user = cfg.admin.username; onActivation.cleanup = "uninstall"; casks = [ "ghostty" ]; }; From ee522765b705d131c4d1f61d3379b44556afef9a Mon Sep 17 00:00:00 2001 From: Mohammad Rafiq Date: Mon, 14 Jul 2025 02:35:59 +0800 Subject: [PATCH 21/56] fix(homes): Move stremio unfree packages to default.nix --- nix/homes/rafiq/desktop/default.nix | 4 ++++ nix/homes/rafiq/desktop/nixos.nix | 2 -- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/nix/homes/rafiq/desktop/default.nix b/nix/homes/rafiq/desktop/default.nix index d6e9c4c..bec9118 100644 --- a/nix/homes/rafiq/desktop/default.nix +++ b/nix/homes/rafiq/desktop/default.nix @@ -1,5 +1,9 @@ { lib, inputs, ... }: { + allowedUnfreePackages = [ + "stremio-shell" + "stremio-server" + ]; flake.modules.homeManager.rafiq = { pkgs, config, ... }: let diff --git a/nix/homes/rafiq/desktop/nixos.nix b/nix/homes/rafiq/desktop/nixos.nix index c40f260..70cf13e 100644 --- a/nix/homes/rafiq/desktop/nixos.nix +++ b/nix/homes/rafiq/desktop/nixos.nix @@ -4,8 +4,6 @@ let in { allowedUnfreePackages = [ - "stremio-shell" - "stremio-server" "steam" "steam-unwrapped" ]; From 3f10cf6205b6248ad47fe907663e1168bef7ca22 Mon Sep 17 00:00:00 2001 From: Mohammad Rafiq Date: Mon, 14 Jul 2025 02:37:08 +0800 Subject: [PATCH 22/56] feat(unfree): Add darwin module to unfree predicate --- nix/modules/unfree-packages.nix | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/nix/modules/unfree-packages.nix b/nix/modules/unfree-packages.nix index b74984e..d444024 100644 --- a/nix/modules/unfree-packages.nix +++ b/nix/modules/unfree-packages.nix @@ -11,7 +11,8 @@ in type = listOf str; default = [ ]; }; - config.flake.modules.nixos.default = { - nixpkgs.config.allowUnfreePredicate = predicate; + config.flake.modules = { + nixos.default.nixpkgs.config.allowUnfreePredicate = predicate; + darwin.default.nixpkgs.config.allowUnfreePredicate = predicate; }; } From 7d9efe0b298f396a102c78cc7fd9090fbd63432f Mon Sep 17 00:00:00 2001 From: Mohammad Rafiq Date: Mon, 14 Jul 2025 02:43:31 +0800 Subject: [PATCH 23/56] feat(homes): Move stremio to nixos.nix from default.nix --- nix/homes/rafiq/desktop/default.nix | 5 ----- nix/homes/rafiq/desktop/nixos.nix | 3 +++ 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/nix/homes/rafiq/desktop/default.nix b/nix/homes/rafiq/desktop/default.nix index bec9118..1027c4b 100644 --- a/nix/homes/rafiq/desktop/default.nix +++ b/nix/homes/rafiq/desktop/default.nix @@ -1,9 +1,5 @@ { lib, inputs, ... }: { - allowedUnfreePackages = [ - "stremio-shell" - "stremio-server" - ]; flake.modules.homeManager.rafiq = { pkgs, config, ... }: let @@ -47,7 +43,6 @@ home = { packages = with pkgs; [ prismlauncher - stremio tor-browser vlc ]; diff --git a/nix/homes/rafiq/desktop/nixos.nix b/nix/homes/rafiq/desktop/nixos.nix index 70cf13e..19a70f0 100644 --- a/nix/homes/rafiq/desktop/nixos.nix +++ b/nix/homes/rafiq/desktop/nixos.nix @@ -4,6 +4,8 @@ let in { allowedUnfreePackages = [ + "stremio-shell" + "stremio-server" "steam" "steam-unwrapped" ]; @@ -82,6 +84,7 @@ in home = { packages = with pkgs; [ wl-clipboard-rs + stremio ]; sessionVariables = { LAUNCHER = "fuzzel"; From 003a676da02c9db28214d1164e9779ba958583e9 Mon Sep 17 00:00:00 2001 From: Mohammad Rafiq Date: Mon, 14 Jul 2025 02:47:08 +0800 Subject: [PATCH 24/56] feat(homes): Move tor-browser to nixos module --- nix/homes/rafiq/desktop/default.nix | 1 - nix/homes/rafiq/desktop/nixos.nix | 1 + 2 files changed, 1 insertion(+), 1 deletion(-) diff --git a/nix/homes/rafiq/desktop/default.nix b/nix/homes/rafiq/desktop/default.nix index 1027c4b..b7d10bc 100644 --- a/nix/homes/rafiq/desktop/default.nix +++ b/nix/homes/rafiq/desktop/default.nix @@ -43,7 +43,6 @@ home = { packages = with pkgs; [ prismlauncher - tor-browser vlc ]; sessionVariables = { diff --git a/nix/homes/rafiq/desktop/nixos.nix b/nix/homes/rafiq/desktop/nixos.nix index 19a70f0..4100bba 100644 --- a/nix/homes/rafiq/desktop/nixos.nix +++ b/nix/homes/rafiq/desktop/nixos.nix @@ -85,6 +85,7 @@ in packages = with pkgs; [ wl-clipboard-rs stremio + tor-browser ]; sessionVariables = { LAUNCHER = "fuzzel"; From 40b45c6c78b397bba82627c76d69f9c634a7abdc Mon Sep 17 00:00:00 2001 From: Mohammad Rafiq Date: Mon, 14 Jul 2025 02:48:14 +0800 Subject: [PATCH 25/56] feat(homes): Move vlc from default.nix to nixos module --- nix/homes/rafiq/desktop/default.nix | 1 - nix/homes/rafiq/desktop/nixos.nix | 1 + 2 files changed, 1 insertion(+), 1 deletion(-) diff --git a/nix/homes/rafiq/desktop/default.nix b/nix/homes/rafiq/desktop/default.nix index b7d10bc..2d9cedd 100644 --- a/nix/homes/rafiq/desktop/default.nix +++ b/nix/homes/rafiq/desktop/default.nix @@ -43,7 +43,6 @@ home = { packages = with pkgs; [ prismlauncher - vlc ]; sessionVariables = { BROWSER = "firefox"; diff --git a/nix/homes/rafiq/desktop/nixos.nix b/nix/homes/rafiq/desktop/nixos.nix index 4100bba..e8423b1 100644 --- a/nix/homes/rafiq/desktop/nixos.nix +++ b/nix/homes/rafiq/desktop/nixos.nix @@ -86,6 +86,7 @@ in wl-clipboard-rs stremio tor-browser + vlc ]; sessionVariables = { LAUNCHER = "fuzzel"; From 50a183a040ffaf369632cf03b907ce730346ddc5 Mon Sep 17 00:00:00 2001 From: Mohammad Rafiq Date: Mon, 14 Jul 2025 02:49:24 +0800 Subject: [PATCH 26/56] feat(homes): Move obs-studio config to nixos module --- nix/homes/rafiq/desktop/default.nix | 1 - nix/homes/rafiq/desktop/nixos.nix | 1 + 2 files changed, 1 insertion(+), 1 deletion(-) diff --git a/nix/homes/rafiq/desktop/default.nix b/nix/homes/rafiq/desktop/default.nix index 2d9cedd..8fbc7d3 100644 --- a/nix/homes/rafiq/desktop/default.nix +++ b/nix/homes/rafiq/desktop/default.nix @@ -50,7 +50,6 @@ }; }; programs = { - obs-studio.enable = true; vesktop.enable = true; thunderbird.enable = true; thunderbird.profiles.rafiq.isDefault = true; diff --git a/nix/homes/rafiq/desktop/nixos.nix b/nix/homes/rafiq/desktop/nixos.nix index e8423b1..b304c47 100644 --- a/nix/homes/rafiq/desktop/nixos.nix +++ b/nix/homes/rafiq/desktop/nixos.nix @@ -146,6 +146,7 @@ in mako.settings.default-timeout = 10000; }; programs = { + obs-studio.enable = true; fuzzel.enable = true; ghostty.enable = true; waybar = { From e9edf5ad55bd77ba42fd46e7212c1ed6540a1070 Mon Sep 17 00:00:00 2001 From: Mohammad Rafiq Date: Mon, 14 Jul 2025 03:19:11 +0800 Subject: [PATCH 27/56] feat(homes): Move prismlauncher to nixos module --- nix/homes/rafiq/desktop/default.nix | 3 --- nix/homes/rafiq/desktop/nixos.nix | 1 + 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/nix/homes/rafiq/desktop/default.nix b/nix/homes/rafiq/desktop/default.nix index 8fbc7d3..277d445 100644 --- a/nix/homes/rafiq/desktop/default.nix +++ b/nix/homes/rafiq/desktop/default.nix @@ -41,9 +41,6 @@ }; }; home = { - packages = with pkgs; [ - prismlauncher - ]; sessionVariables = { BROWSER = "firefox"; TERMINAL = "ghostty"; diff --git a/nix/homes/rafiq/desktop/nixos.nix b/nix/homes/rafiq/desktop/nixos.nix index b304c47..68b4716 100644 --- a/nix/homes/rafiq/desktop/nixos.nix +++ b/nix/homes/rafiq/desktop/nixos.nix @@ -87,6 +87,7 @@ in stremio tor-browser vlc + prismlauncher ]; sessionVariables = { LAUNCHER = "fuzzel"; From e5e365a1e0be6fd2a637df4bcc1dbb56f30ae483 Mon Sep 17 00:00:00 2001 From: Mohammad Rafiq Date: Mon, 14 Jul 2025 08:42:34 +0800 Subject: [PATCH 28/56] feat(homes): Add darwin support for user shells configuration --- nix/modules/cli/shell.nix | 41 +++++++++++++++++++++++++-------------- 1 file changed, 26 insertions(+), 15 deletions(-) diff --git a/nix/modules/cli/shell.nix b/nix/modules/cli/shell.nix index c28f00b..1b9aba6 100644 --- a/nix/modules/cli/shell.nix +++ b/nix/modules/cli/shell.nix @@ -5,19 +5,30 @@ let inherit (lib.attrsets) mapAttrs'; in { - flake.modules.nixos.default = - { pkgs, ... }: - { - programs = mapAttrs' (name: value: { - name = value.shell; - value.enable = true; - }) cfg.manifest.users; - users.users = forAllUsers' (_: value: { shell = pkgs.${value.shell}; }); - }; - flake.modules.homeManager.default = - { config, ... }: - { - programs.${cfg.manifest.users.${config.home.username}.shell}.enable = true; - home.shell.enableShellIntegration = true; - }; + flake.modules = { + nixos.default = + { pkgs, ... }: + { + programs = mapAttrs' (name: value: { + name = value.shell; + value.enable = true; + }) cfg.manifest.users; + users.users = forAllUsers' (_: value: { shell = pkgs.${value.shell}; }); + }; + darwin.default = + { pkgs, ... }: + { + programs = mapAttrs' (name: value: { + name = value.shell; + value.enable = true; + }) cfg.manifest.users; + users.users = forAllUsers' (_: value: { shell = pkgs.${value.shell}; }); + }; + homeManager.default = + { config, ... }: + { + programs.${cfg.manifest.users.${config.home.username}.shell}.enable = true; + home.shell.enableShellIntegration = true; + }; + }; } From 7866bc5bc7ae8ade0471ce42885eb3bd379c5289 Mon Sep 17 00:00:00 2001 From: Mohammad Rafiq Date: Mon, 14 Jul 2025 08:48:38 +0800 Subject: [PATCH 29/56] feat(darwin): Add machine platform config for darwin hosts --- nix/manifest.nix | 5 ++++- nix/modules/machine/platform.nix | 13 +++++++++---- 2 files changed, 13 insertions(+), 5 deletions(-) diff --git a/nix/manifest.nix b/nix/manifest.nix index 6d4698d..a4574b3 100644 --- a/nix/manifest.nix +++ b/nix/manifest.nix @@ -7,7 +7,10 @@ shell = "fish"; pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILdsZyY3gu8IGB8MzMnLdh+ClDxQQ2RYG9rkeetIKq8n rafiq"; }; - hosts.darwin.venus.graphical = true; + hosts.darwin.venus = { + graphical = true; + machine.platform = "intel"; + }; hosts.nixos = { nemesis = { graphical = true; diff --git a/nix/modules/machine/platform.nix b/nix/modules/machine/platform.nix index e60d4bf..08e60d4 100644 --- a/nix/modules/machine/platform.nix +++ b/nix/modules/machine/platform.nix @@ -12,9 +12,14 @@ nixpkgs.hostPlatform = "${arch}-linux"; }; - flake.modules.darwin.default.nixpkgs = { - hostPlatform = "x86_64-darwin"; - # config.allowUnsupportedSystem = true; - }; + flake.modules.darwin.default = + { hostName, ... }: + let + inherit (config.flake.manifest.hosts.darwin.${hostName}.machine) platform; + arch = if platform == "intel" then "x86_64" else "aarch64"; + in + { + nixpkgs.hostPlatform = "${arch}-darwin"; + }; } From 25cb9a6ff8328fa744584356422c213ce106dd18 Mon Sep 17 00:00:00 2001 From: Mohammad Rafiq Date: Mon, 14 Jul 2025 12:23:47 +0800 Subject: [PATCH 30/56] feat(manifest): add hephaestus --- nix/manifest.nix | 152 ++++++++++++++++--------------- nix/modules/machine/platform.nix | 1 - 2 files changed, 80 insertions(+), 73 deletions(-) diff --git a/nix/manifest.nix b/nix/manifest.nix index a4574b3..18d9474 100644 --- a/nix/manifest.nix +++ b/nix/manifest.nix @@ -7,87 +7,95 @@ shell = "fish"; pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILdsZyY3gu8IGB8MzMnLdh+ClDxQQ2RYG9rkeetIKq8n rafiq"; }; - hosts.darwin.venus = { - graphical = true; - machine.platform = "intel"; - }; - hosts.nixos = { - nemesis = { - graphical = true; - machine = { - platform = "amd"; - gpu = "nvidia"; - root.drive = "/dev/disk/by-id/nvme-CT2000P3SSD8_2325E6E77434"; - monitors.main = { - id = "desc:OOO AN-270W04K"; - resolution = "3840x2160"; - refresh-rate = "60"; - scale = "2"; - }; + hosts = { + darwin = { + venus = { + graphical = true; + machine.platform = "intel"; }; - extraCfg = { - services.fwupd.enable = true; # FIXME: remove - machine = { - bluetooth.enable = true; - usb.automount = true; - virtualisation = { - podman.enable = true; - podman.distrobox.enable = true; - }; - }; - server.web-apps = { - comfy-ui.enable = true; - sd-webui-forge.enable = true; - }; + hephaestus = { + graphical = true; + machine.platform = "apple-silicon"; }; }; - apollo = { - graphical = false; - machine = { - platform = "intel"; - root.drive = "/dev/disk/by-id/nvme-eui.002538d221b47b01"; - }; - extraCfg.server = { - ddns = { - enable = true; - domains = [ - "aenyrathia.wiki" - "slayment.com" - ]; + nixos = { + nemesis = { + graphical = true; + machine = { + platform = "amd"; + gpu = "nvidia"; + root.drive = "/dev/disk/by-id/nvme-CT2000P3SSD8_2325E6E77434"; + monitors.main = { + id = "desc:OOO AN-270W04K"; + resolution = "3840x2160"; + refresh-rate = "60"; + scale = "2"; + }; }; - web-servers = { - enableSSL = true; - nginx = { + extraCfg = { + services.fwupd.enable = true; # FIXME: remove + machine = { + bluetooth.enable = true; + usb.automount = true; + virtualisation = { + podman.enable = true; + podman.distrobox.enable = true; + }; + }; + server.web-apps = { + comfy-ui.enable = true; + sd-webui-forge.enable = true; + }; + }; + }; + apollo = { + graphical = false; + machine = { + platform = "intel"; + root.drive = "/dev/disk/by-id/nvme-eui.002538d221b47b01"; + }; + extraCfg.server = { + ddns = { enable = true; - proxies = [ - { - source = "aenyrathia.wiki"; - target = "http://helios:5896"; - } - { - source = "il.bwfiq.com"; - target = "http://helios:2283"; - } + domains = [ + "aenyrathia.wiki" + "slayment.com" ]; }; - }; - databases = { - mongodb.enable = true; - mysql.enable = true; - postgresql.enable = true; - }; - web-apps = { - librechat = { - enable = true; - domain = "chat.bwfiq.com"; + web-servers = { + enableSSL = true; + nginx = { + enable = true; + proxies = [ + { + source = "aenyrathia.wiki"; + target = "http://helios:5896"; + } + { + source = "il.bwfiq.com"; + target = "http://helios:2283"; + } + ]; + }; }; - forgejo = { - enable = true; - domain = "git.rrv.sh"; - openFirewall = true; + databases = { + mongodb.enable = true; + mysql.enable = true; + postgresql.enable = true; + }; + web-apps = { + librechat = { + enable = true; + domain = "chat.bwfiq.com"; + }; + forgejo = { + enable = true; + domain = "git.rrv.sh"; + openFirewall = true; + }; + rrv-sh.enable = true; + rrv-sh.domain = "rrv.sh"; }; - rrv-sh.enable = true; - rrv-sh.domain = "rrv.sh"; }; }; }; diff --git a/nix/modules/machine/platform.nix b/nix/modules/machine/platform.nix index 08e60d4..19b2fdf 100644 --- a/nix/modules/machine/platform.nix +++ b/nix/modules/machine/platform.nix @@ -21,5 +21,4 @@ { nixpkgs.hostPlatform = "${arch}-darwin"; }; - } From 16d4a9e9d18c1ae521726a1678768d08cef40f77 Mon Sep 17 00:00:00 2001 From: Mohammad Rafiq Date: Mon, 14 Jul 2025 13:26:44 +0800 Subject: [PATCH 31/56] feat(configs): Pass flake to nixosSystem and darwinSystem --- nix/configurations.nix | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/nix/configurations.nix b/nix/configurations.nix index 9164647..ecc9c2f 100644 --- a/nix/configurations.nix +++ b/nix/configurations.nix @@ -28,7 +28,10 @@ let name: value: if class == "nixos" then nixosSystem { - specialArgs.hostName = name; + specialArgs = { + inherit (config.flake) self; + hostName = name; + }; modules = [ cfg.modules.nixos.default inputs.home-manager.nixosModules.home-manager @@ -38,11 +41,15 @@ let } else if class == "darwin" then darwinSystem { - specialArgs = { inherit (config.flake) self; }; + specialArgs = { + inherit (config.flake) self; + hostName = name; + }; modules = [ cfg.modules.darwin.default inputs.home-manager.darwinModules.home-manager { home-manager = globalCfg name value; } + (value.extraCfg or { }) ] ++ optional value.graphical cfg.modules.darwin.graphical; } else From 42ef2d6c01db3d047144ddf3a668236f3974bad0 Mon Sep 17 00:00:00 2001 From: Mohammad Rafiq Date: Mon, 14 Jul 2025 13:30:56 +0800 Subject: [PATCH 32/56] fix(nvf): Disable csharp language server on darwin WARN: This commit message assumes the reason for disabling is darwin. --- nix/homes/rafiq/_nvf/languages.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/nix/homes/rafiq/_nvf/languages.nix b/nix/homes/rafiq/_nvf/languages.nix index cc3dd8c..6378a42 100644 --- a/nix/homes/rafiq/_nvf/languages.nix +++ b/nix/homes/rafiq/_nvf/languages.nix @@ -4,7 +4,8 @@ enableTreesitter = true; bash.enable = true; clang.enable = true; - csharp.enable = true; + # broken on macos + # csharp.enable = true; css.enable = true; go.enable = true; html.enable = true; From 74dcb8fed0080f9848b18cbce77449b3ac1f3c0f Mon Sep 17 00:00:00 2001 From: Mohammad Rafiq Date: Mon, 14 Jul 2025 13:53:49 +0800 Subject: [PATCH 33/56] feat(tailscale): Enable tailscale on darwin and skip some tests --- nix/modules/networking/tailscale.nix | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/nix/modules/networking/tailscale.nix b/nix/modules/networking/tailscale.nix index 8f2a000..e50534c 100644 --- a/nix/modules/networking/tailscale.nix +++ b/nix/modules/networking/tailscale.nix @@ -14,7 +14,17 @@ in persistDirs = [ "/var/lib/tailscale" ]; sops.secrets."tailscale/client-secret".sopsFile = secrets + "/tailscale.yaml"; }; - flake.modules.darwin.default = { - services.tailscale.enable = true; - }; + flake.modules.darwin.default = + { pkgs, ... }: + { + services.tailscale = { + enable = true; + package = pkgs.tailscale.overrideAttrs { + checkFlags = [ + "-skip" + "TestProtocolQEMU|TestProtocolUnixDgram" + ]; + }; + }; + }; } From 80c63d155d7591ce2522ae4e12afa2ff37565724 Mon Sep 17 00:00:00 2001 From: Mohammad Rafiq Date: Mon, 14 Jul 2025 13:56:56 +0800 Subject: [PATCH 34/56] fix(tailscale): Disable tailscale checks to allow build on darwin --- nix/modules/networking/tailscale.nix | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/nix/modules/networking/tailscale.nix b/nix/modules/networking/tailscale.nix index e50534c..e1ad04c 100644 --- a/nix/modules/networking/tailscale.nix +++ b/nix/modules/networking/tailscale.nix @@ -19,12 +19,7 @@ in { services.tailscale = { enable = true; - package = pkgs.tailscale.overrideAttrs { - checkFlags = [ - "-skip" - "TestProtocolQEMU|TestProtocolUnixDgram" - ]; - }; + package = pkgs.tailscale.overrideAttrs { doCheck = false; }; }; }; } From 346ad74c5dc15314a1422aa94890faa6bc8ddaf7 Mon Sep 17 00:00:00 2001 From: Mohammad Rafiq Date: Mon, 14 Jul 2025 14:20:57 +0800 Subject: [PATCH 35/56] feat(darwin): add user ids --- nix/modules/system/users.nix | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/nix/modules/system/users.nix b/nix/modules/system/users.nix index 28c5f94..85fceb3 100644 --- a/nix/modules/system/users.nix +++ b/nix/modules/system/users.nix @@ -1,7 +1,9 @@ -{ config, ... }: +{ config, lib, ... }: let cfg = config.flake; inherit (cfg.lib.modules) userListToAttrs forAllUsers'; + inherit (lib.lists) findFirstIndex; + inherit (builtins) attrNames; in { flake.modules.nixos.default = @@ -34,7 +36,13 @@ in flake.modules.darwin.default = { config, ... }: { - users.users = forAllUsers' (name: _: { home = "/Users/${name}"; }); + users.knownUsers = attrNames cfg.manifest.users; + users.users = forAllUsers' ( + name: _: { + home = "/Users/${name}"; + uid = 501 + (findFirstIndex (x: x == name) null (attrNames cfg.manifest.users)); + } + ); home-manager.users = forAllUsers' ( name: _: { home.username = name; From 750f2efaa73b510d9f0bfc45d844bfb11dd59377 Mon Sep 17 00:00:00 2001 From: Mohammad Rafiq Date: Mon, 14 Jul 2025 14:32:59 +0800 Subject: [PATCH 36/56] fix(darwin): set user shell --- nix/modules/cli/shell.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/nix/modules/cli/shell.nix b/nix/modules/cli/shell.nix index 1b9aba6..0e081a1 100644 --- a/nix/modules/cli/shell.nix +++ b/nix/modules/cli/shell.nix @@ -23,6 +23,7 @@ in value.enable = true; }) cfg.manifest.users; users.users = forAllUsers' (_: value: { shell = pkgs.${value.shell}; }); + environment.shells = [ pkgs.fish ]; }; homeManager.default = { config, ... }: From 59fb406eb98ecf48a82f4a73f78f35eb8ecf65f2 Mon Sep 17 00:00:00 2001 From: Mohammad Rafiq Date: Mon, 14 Jul 2025 14:54:26 +0800 Subject: [PATCH 37/56] feat(darwin): add homebrew apps --- nix/homes/rafiq/desktop/darwin.nix | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/nix/homes/rafiq/desktop/darwin.nix b/nix/homes/rafiq/desktop/darwin.nix index 10a2725..21a14f4 100644 --- a/nix/homes/rafiq/desktop/darwin.nix +++ b/nix/homes/rafiq/desktop/darwin.nix @@ -7,6 +7,13 @@ in enable = true; user = cfg.admin.username; onActivation.cleanup = "uninstall"; - casks = [ "ghostty" ]; + brews = [ + "mise" + "docker" + ]; + casks = [ + "ghostty" + "slack" + ]; }; } From bebc1ed6492a57c96abde874f526231284a2f99c Mon Sep 17 00:00:00 2001 From: Mohammad Rafiq Date: Mon, 14 Jul 2025 15:09:12 +0800 Subject: [PATCH 38/56] feat(homes/rafiq): add mise --- nix/homes/rafiq/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/nix/homes/rafiq/default.nix b/nix/homes/rafiq/default.nix index ed01690..86b4733 100644 --- a/nix/homes/rafiq/default.nix +++ b/nix/homes/rafiq/default.nix @@ -45,6 +45,7 @@ in ]; }; programs = { + mise.enable = true; nvf.enable = true; nvf.settings.vim = { syntaxHighlighting = true; From e72a8a05868f4e9d8adb5974a6216d7271380ebd Mon Sep 17 00:00:00 2001 From: Mohammad Rafiq Date: Mon, 14 Jul 2025 15:22:45 +0800 Subject: [PATCH 39/56] feat(darwin): add brew to path --- nix/homes/rafiq/desktop/darwin.nix | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/nix/homes/rafiq/desktop/darwin.nix b/nix/homes/rafiq/desktop/darwin.nix index 21a14f4..d86ea87 100644 --- a/nix/homes/rafiq/desktop/darwin.nix +++ b/nix/homes/rafiq/desktop/darwin.nix @@ -16,4 +16,17 @@ in "slack" ]; }; + flake.modules.homeManager.rafiq = { + # make sure brew is on the path for M1 + programs.zsh.initContent = '' + if [[ $(uname -m) == 'arm64' ]]; then + eval "$(/opt/homebrew/bin/brew shellenv)" + fi + ''; + programs.fish.shellInit = '' + if test (uname -m) = "arm64" + eval (/opt/homebrew/bin/brew shellenv) + end + ''; + }; } From 359707ffeef9c51f684aba20820abd4dd5bd54d4 Mon Sep 17 00:00:00 2001 From: Mohammad Rafiq Date: Mon, 14 Jul 2025 18:34:48 +0800 Subject: [PATCH 40/56] feat(darwin): add gitify with homebrew --- nix/homes/rafiq/desktop/darwin.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/nix/homes/rafiq/desktop/darwin.nix b/nix/homes/rafiq/desktop/darwin.nix index d86ea87..19cc41d 100644 --- a/nix/homes/rafiq/desktop/darwin.nix +++ b/nix/homes/rafiq/desktop/darwin.nix @@ -14,6 +14,7 @@ in casks = [ "ghostty" "slack" + "gitify" ]; }; flake.modules.homeManager.rafiq = { From ba4f32c4f9f7e1daff2bb3428cdc2feafd478f50 Mon Sep 17 00:00:00 2001 From: Mohammad Rafiq Date: Mon, 14 Jul 2025 18:42:26 +0800 Subject: [PATCH 41/56] feat(darwin): add telegram with homebrew --- nix/homes/rafiq/desktop/darwin.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/nix/homes/rafiq/desktop/darwin.nix b/nix/homes/rafiq/desktop/darwin.nix index 19cc41d..4178396 100644 --- a/nix/homes/rafiq/desktop/darwin.nix +++ b/nix/homes/rafiq/desktop/darwin.nix @@ -15,6 +15,7 @@ in "ghostty" "slack" "gitify" + "telegram" ]; }; flake.modules.homeManager.rafiq = { From fba46e0d0de0152bf987549380afd8c0268c26a1 Mon Sep 17 00:00:00 2001 From: Mohammad Rafiq Date: Mon, 14 Jul 2025 18:57:24 +0800 Subject: [PATCH 42/56] feat(darwin): enable sudo auth with touchid --- nix/modules/system/sudo.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/nix/modules/system/sudo.nix b/nix/modules/system/sudo.nix index 1c9b560..55b32ee 100644 --- a/nix/modules/system/sudo.nix +++ b/nix/modules/system/sudo.nix @@ -8,4 +8,9 @@ in nix.settings.trusted-users = [ "@wheel" ]; users.users.${cfg.admin.username}.extraGroups = [ "wheel" ]; }; + flake.modules.darwin.default.security.pam.services.sudo_local = { + enable = true; + reattach = true; + touchIdAuth = true; + }; } From f502810dae595fcef3a73bd9930cd54a9f394482 Mon Sep 17 00:00:00 2001 From: Mohammad Rafiq Date: Mon, 14 Jul 2025 19:09:16 +0800 Subject: [PATCH 43/56] fix(darwin): put aichat config in right place for darwin --- nix/homes/rafiq/darwin.nix | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) create mode 100644 nix/homes/rafiq/darwin.nix diff --git a/nix/homes/rafiq/darwin.nix b/nix/homes/rafiq/darwin.nix new file mode 100644 index 0000000..873dbcd --- /dev/null +++ b/nix/homes/rafiq/darwin.nix @@ -0,0 +1,21 @@ +{ lib, ... }: +let + inherit (lib.modules) mkIf; +in +{ + flake.modules.homeManager.rafiq = + { + pkgs, + config, + hostName, + hostConfig, + ... + }: + mkIf (pkgs.system == "aarch64-darwin" || pkgs.system == "x86_64-darwin") { + home.file."Library/Application Support/aichat/config.yaml".text = '' + model: gemini:gemini-2.0-flash + clients: + - type: gemini + ''; + }; +} From 79b83cfc709fc693cdf5d4e6c97d916cf6e6c3ac Mon Sep 17 00:00:00 2001 From: Mohammad Rafiq Date: Mon, 14 Jul 2025 19:16:37 +0800 Subject: [PATCH 44/56] feat(secrets): Add darwin sops config and gemini key access --- nix/modules/system/secrets.nix | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/nix/modules/system/secrets.nix b/nix/modules/system/secrets.nix index fa2913c..7b75ed1 100644 --- a/nix/modules/system/secrets.nix +++ b/nix/modules/system/secrets.nix @@ -30,6 +30,21 @@ in ''; }; }; + flake.modules.darwin.default = + { config, ... }: + { + imports = [ inputs.sops-nix.darwinModules.sops ]; + config = { + sops = { + age.sshKeyPaths = [ "${config.users.users.${username}.home}/.ssh/id_ed25519" ]; + secrets."keys/gemini".sopsFile = secrets + "/keys.yaml"; + }; + environment.shellInit = # sh + '' + export GEMINI_API_KEY=$(sudo cat ${config.sops.secrets."keys/gemini".path}) + ''; + }; + }; flake.modules.homeManager.default.persistDirs = [ ".config/sops/age" ]; perSystem = { pkgs, ... }: From 343f3d481f7fab97726e93c22cf4f0403a31d5e9 Mon Sep 17 00:00:00 2001 From: Mohammad Rafiq Date: Mon, 14 Jul 2025 19:19:02 +0800 Subject: [PATCH 45/56] feat(sudo): configure sudo with nix modules --- nix/modules/system/sudo.nix | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/nix/modules/system/sudo.nix b/nix/modules/system/sudo.nix index 55b32ee..ec974cc 100644 --- a/nix/modules/system/sudo.nix +++ b/nix/modules/system/sudo.nix @@ -8,9 +8,12 @@ in nix.settings.trusted-users = [ "@wheel" ]; users.users.${cfg.admin.username}.extraGroups = [ "wheel" ]; }; - flake.modules.darwin.default.security.pam.services.sudo_local = { - enable = true; - reattach = true; - touchIdAuth = true; + flake.modules.darwin.default.security = { + sudo.extraConfig = "%admin ALL = (ALL) NOPASSWD: ALL"; + pam.services.sudo_local = { + enable = true; + reattach = true; + touchIdAuth = true; + }; }; } From bee32b5b2b1c86628fd3d8f5f473642ebe268af3 Mon Sep 17 00:00:00 2001 From: Mohammad Rafiq Date: Mon, 14 Jul 2025 20:15:17 +0800 Subject: [PATCH 46/56] feat(darwin): add admin as primary user --- nix/modules/system/users.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/nix/modules/system/users.nix b/nix/modules/system/users.nix index 85fceb3..35b199b 100644 --- a/nix/modules/system/users.nix +++ b/nix/modules/system/users.nix @@ -36,6 +36,7 @@ in flake.modules.darwin.default = { config, ... }: { + system.primaryUser = cfg.admin.username; users.knownUsers = attrNames cfg.manifest.users; users.users = forAllUsers' ( name: _: { From 399e049775c1ef5dd73315b72b7306218c0e0e27 Mon Sep 17 00:00:00 2001 From: Mohammad Rafiq Date: Mon, 14 Jul 2025 21:46:18 +0800 Subject: [PATCH 47/56] feat(darwin): add vial with homebrew --- nix/homes/rafiq/desktop/darwin.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/nix/homes/rafiq/desktop/darwin.nix b/nix/homes/rafiq/desktop/darwin.nix index 4178396..9c4565b 100644 --- a/nix/homes/rafiq/desktop/darwin.nix +++ b/nix/homes/rafiq/desktop/darwin.nix @@ -16,6 +16,7 @@ in "slack" "gitify" "telegram" + "vial" ]; }; flake.modules.homeManager.rafiq = { From 96321d40265db970099cd88b8828c80b965497c7 Mon Sep 17 00:00:00 2001 From: Mohammad Rafiq Date: Mon, 14 Jul 2025 23:11:19 +0800 Subject: [PATCH 48/56] feat(machine, secrets): add qmk and vial, export gemini key --- nix/manifest.nix | 2 +- nix/modules/machine/default.nix | 20 ++++++++++- nix/modules/system/secrets.nix | 60 +++++++++++++++++---------------- 3 files changed, 51 insertions(+), 31 deletions(-) diff --git a/nix/manifest.nix b/nix/manifest.nix index 18d9474..d781698 100644 --- a/nix/manifest.nix +++ b/nix/manifest.nix @@ -33,10 +33,10 @@ }; }; extraCfg = { - services.fwupd.enable = true; # FIXME: remove machine = { bluetooth.enable = true; usb.automount = true; + usb.qmk.enable = true; virtualisation = { podman.enable = true; podman.distrobox.enable = true; diff --git a/nix/modules/machine/default.nix b/nix/modules/machine/default.nix index 8ad3f7a..ce8c615 100644 --- a/nix/modules/machine/default.nix +++ b/nix/modules/machine/default.nix @@ -5,7 +5,12 @@ let in { flake.modules.nixos.default = - { config, modulesPath, ... }: + { + config, + modulesPath, + pkgs, + ... + }: let cfg = config.machine; in @@ -14,6 +19,7 @@ in options.machine = { bluetooth.enable = mkEnableOption ""; usb.automount = mkEnableOption ""; + usb.qmk.enable = mkEnableOption ""; }; config = mkMerge [ (mkIf cfg.usb.automount { @@ -28,6 +34,18 @@ in } ]; }) + (mkIf cfg.usb.qmk.enable { + hardware.keyboard.qmk.enable = true; + services.udev = { + packages = with pkgs; [ + vial + qmk + qmk-udev-rules + qmk_hid + ]; + }; + + }) (mkIf cfg.bluetooth.enable { persistDirs = [ "/var/lib/bluetooth" ]; hardware.bluetooth = { diff --git a/nix/modules/system/secrets.nix b/nix/modules/system/secrets.nix index 7b75ed1..7e5400d 100644 --- a/nix/modules/system/secrets.nix +++ b/nix/modules/system/secrets.nix @@ -13,39 +13,41 @@ let inherit (cfg.paths) secrets; in { - flake.modules.nixos.default = - { config, ... }: - { - imports = [ inputs.sops-nix.nixosModules.sops ]; - config = { - sops = { - age.sshKeyPaths = [ - "/persist${config.users.defaultUserHome}/${username}/.ssh/id_ed25519" - ]; - secrets."keys/gemini".sopsFile = secrets + "/keys.yaml"; + flake.modules = { + nixos.default = + { config, ... }: + { + imports = [ inputs.sops-nix.nixosModules.sops ]; + config = { + sops = { + age.sshKeyPaths = [ + "/persist${config.users.defaultUserHome}/${username}/.ssh/id_ed25519" + ]; + secrets."keys/gemini".sopsFile = secrets + "/keys.yaml"; + }; + environment.shellInit = # sh + '' + export GEMINI_API_KEY=$(sudo cat ${config.sops.secrets."keys/gemini".path}) + ''; }; - environment.shellInit = # sh - '' - export GEMINI_API_KEY=$(sudo cat ${config.sops.secrets."keys/gemini".path}) - ''; }; - }; - flake.modules.darwin.default = - { config, ... }: - { - imports = [ inputs.sops-nix.darwinModules.sops ]; - config = { - sops = { - age.sshKeyPaths = [ "${config.users.users.${username}.home}/.ssh/id_ed25519" ]; - secrets."keys/gemini".sopsFile = secrets + "/keys.yaml"; + darwin.default = + { config, ... }: + { + imports = [ inputs.sops-nix.darwinModules.sops ]; + config = { + sops = { + age.sshKeyPaths = [ "${config.users.users.${username}.home}/.ssh/id_ed25519" ]; + secrets."keys/gemini".sopsFile = secrets + "/keys.yaml"; + }; + environment.shellInit = # sh + '' + export GEMINI_API_KEY=$(sudo cat ${config.sops.secrets."keys/gemini".path}) + ''; }; - environment.shellInit = # sh - '' - export GEMINI_API_KEY=$(sudo cat ${config.sops.secrets."keys/gemini".path}) - ''; }; - }; - flake.modules.homeManager.default.persistDirs = [ ".config/sops/age" ]; + homeManager.default.persistDirs = [ ".config/sops/age" ]; + }; perSystem = { pkgs, ... }: { From 06e7b69f99120b736aef7e8fde3b58007f803283 Mon Sep 17 00:00:00 2001 From: Mohammad Rafiq Date: Tue, 15 Jul 2025 12:36:20 +0800 Subject: [PATCH 49/56] feat(darwin): add linear-linear with homebrew --- nix/homes/rafiq/desktop/darwin.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/nix/homes/rafiq/desktop/darwin.nix b/nix/homes/rafiq/desktop/darwin.nix index 9c4565b..f05b180 100644 --- a/nix/homes/rafiq/desktop/darwin.nix +++ b/nix/homes/rafiq/desktop/darwin.nix @@ -17,6 +17,7 @@ in "gitify" "telegram" "vial" + "linear-linear" ]; }; flake.modules.homeManager.rafiq = { From d9c41f1c61c5f2b798dfc37978da2f5fd13309c5 Mon Sep 17 00:00:00 2001 From: Mohammad Rafiq Date: Tue, 15 Jul 2025 18:24:39 +0800 Subject: [PATCH 50/56] feat(darwin): add chatgpt with homebrew --- nix/homes/rafiq/desktop/darwin.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/nix/homes/rafiq/desktop/darwin.nix b/nix/homes/rafiq/desktop/darwin.nix index f05b180..322bfcc 100644 --- a/nix/homes/rafiq/desktop/darwin.nix +++ b/nix/homes/rafiq/desktop/darwin.nix @@ -18,6 +18,7 @@ in "telegram" "vial" "linear-linear" + "chatgpt" ]; }; flake.modules.homeManager.rafiq = { From 084caa727b91b68951a7f9ae1420a3dc144b59ee Mon Sep 17 00:00:00 2001 From: Mohammad Rafiq Date: Tue, 15 Jul 2025 21:54:00 +0800 Subject: [PATCH 51/56] feat(meta): use manifest to define system configurations --- nix/configurations.nix | 11 ++-- nix/files/readme.nix | 4 +- nix/flake-parts/manifest.nix | 77 +++++++++++++++++++++++++++ nix/homes/rafiq/desktop/darwin.nix | 4 +- nix/homes/rafiq/desktop/nixos.nix | 4 +- nix/lib/modules.nix | 7 ++- nix/manifest.nix | 2 +- nix/meta.nix | 84 ++---------------------------- nix/modules/cli/git.nix | 6 +-- nix/modules/cli/shell.nix | 7 +-- nix/modules/machine/gpu.nix | 8 +-- nix/modules/machine/platform.nix | 9 ++-- nix/modules/machine/root.nix | 13 ++--- nix/modules/networking/ssh.nix | 3 +- nix/modules/server/web-servers.nix | 2 +- nix/modules/system/secrets.nix | 4 +- nix/modules/system/sudo.nix | 4 +- nix/modules/system/users.nix | 7 +-- 18 files changed, 125 insertions(+), 131 deletions(-) create mode 100644 nix/flake-parts/manifest.nix diff --git a/nix/configurations.nix b/nix/configurations.nix index ecc9c2f..3cae4bd 100644 --- a/nix/configurations.nix +++ b/nix/configurations.nix @@ -10,18 +10,15 @@ let inherit (lib.lists) optional; inherit (lib.attrsets) mapAttrs; inherit (cfg.lib.modules) forAllUsers'; + inherit (config.manifest) hosts; cfg = config.flake; - globalCfg = name: hostConfig: { + globalCfg = hostName: hostConfig: { useGlobalPkgs = true; useUserPackages = true; - extraSpecialArgs = { - inherit hostConfig; - hostName = name; - }; + extraSpecialArgs = { inherit hostName hostConfig; }; sharedModules = [ cfg.modules.homeManager.default ]; users = forAllUsers' (name: _: cfg.modules.homeManager.${name}); }; - hosts = cfg.manifest.hosts or { }; mkConfigurations = class: hosts: mapAttrs ( @@ -31,6 +28,7 @@ let specialArgs = { inherit (config.flake) self; hostName = name; + hostConfig = value; }; modules = [ cfg.modules.nixos.default @@ -44,6 +42,7 @@ let specialArgs = { inherit (config.flake) self; hostName = name; + hostConfig = value; }; modules = [ cfg.modules.darwin.default diff --git a/nix/files/readme.nix b/nix/files/readme.nix index a8eccbf..6209325 100644 --- a/nix/files/readme.nix +++ b/nix/files/readme.nix @@ -24,8 +24,8 @@ parts."Structure" = # markdown '' The system configurations are defined in [`flake.manifest`](nix/manifest.nix). - `flake.manifest.owner` provides the attributes for the administrator user, including username and pubkey. - `flake.manifest.hosts` provides the specifications for the system configurations that should be exposed by the flake as nixosConfigurations. + `manifest.owner` provides the attributes for the administrator user, including username and pubkey. + `manifest.hosts` provides the specifications for the system configurations that should be exposed by the flake as nixosConfigurations. `flake.modules.nixos.*` provide NixOS options and configurations. The attribute `flake.modules.nixos.default` provides options that will be applied to every system of that class. You can use it as seen [here](nix/modules/flake/home-manager.nix): diff --git a/nix/flake-parts/manifest.nix b/nix/flake-parts/manifest.nix new file mode 100644 index 0000000..1d121a1 --- /dev/null +++ b/nix/flake-parts/manifest.nix @@ -0,0 +1,77 @@ +{ lib, config, ... }: +let + cfg = config.flake; + inherit (lib.options) mkOption mkEnableOption; + inherit (lib.types) + bool + str + lazyAttrsOf + deferredModule + submodule + ; + inherit (cfg.lib.options) mkStrOption; + inherit (cfg.lib.attrsets) firstAttrNameMatching; + userOpts = submodule { + options = { + primary = mkOption { type = bool; }; + username = mkOption { type = str; }; + name = mkOption { type = str; }; + email = mkOption { type = str; }; + shell = mkOption { type = str; }; + pubkey = mkOption { type = str; }; + }; + }; + monitorOpts = submodule { + options = { + id = mkStrOption ""; + resolution = mkStrOption ""; + refresh-rate = mkStrOption ""; + scale = mkStrOption ""; + }; + }; + hostOpts = submodule { + options = { + graphical = mkEnableOption ""; + machine = { + platform = mkStrOption ""; + gpu = mkStrOption ""; + root.drive = mkStrOption ""; + root.ephemeral = mkEnableOption "" // { + default = true; + }; + monitors = mkOption { + type = lazyAttrsOf monitorOpts; + default = { }; + }; + }; + extraCfg = mkOption { + type = deferredModule; + default = { }; + }; + }; + }; + username = firstAttrNameMatching (_: v: v.primary or false) config.manifest.users; +in +{ + options.manifest = { + admin = mkOption { + type = userOpts; + readOnly = true; + }; + users = mkOption { + type = lazyAttrsOf userOpts; + default = { }; + }; + hosts.nixos = mkOption { + type = lazyAttrsOf hostOpts; + default = { }; + }; + hosts.darwin = mkOption { + type = lazyAttrsOf hostOpts; + default = { }; + }; + }; + config.manifest.admin = config.manifest.users.${username} // { + inherit username; + }; +} diff --git a/nix/homes/rafiq/desktop/darwin.nix b/nix/homes/rafiq/desktop/darwin.nix index 9c4565b..d11f684 100644 --- a/nix/homes/rafiq/desktop/darwin.nix +++ b/nix/homes/rafiq/desktop/darwin.nix @@ -1,11 +1,11 @@ { config, ... }: let - cfg = config.flake; + inherit (config.manifest) admin; in { flake.modules.darwin.graphical.homebrew = { enable = true; - user = cfg.admin.username; + user = admin.username; onActivation.cleanup = "uninstall"; brews = [ "mise" diff --git a/nix/homes/rafiq/desktop/nixos.nix b/nix/homes/rafiq/desktop/nixos.nix index 68b4716..e7d66b4 100644 --- a/nix/homes/rafiq/desktop/nixos.nix +++ b/nix/homes/rafiq/desktop/nixos.nix @@ -1,6 +1,6 @@ { lib, config, ... }: let - cfg = config.flake; + inherit (config.manifest) admin; in { allowedUnfreePackages = [ @@ -13,7 +13,7 @@ in { config, pkgs, ... }: { fonts.packages = [ pkgs.font-awesome ]; - services.getty.autologinUser = cfg.admin.username; + services.getty.autologinUser = admin.username; # Start Hyprland at boot only if not connecting through SSH environment.loginShellInit = # sh '' diff --git a/nix/lib/modules.nix b/nix/lib/modules.nix index 0d5b50b..ba27bfd 100644 --- a/nix/lib/modules.nix +++ b/nix/lib/modules.nix @@ -1,6 +1,5 @@ { lib, config, ... }: let - cfg = config.flake; inherit (builtins) foldl' attrNames; inherit (lib.attrsets) mapAttrs; in @@ -35,7 +34,7 @@ in ::: */ - userListToAttrs = f: foldl' (acc: elem: acc // (f elem)) { } (attrNames cfg.manifest.users); + userListToAttrs = f: foldl' (acc: elem: acc // (f elem)) { } (attrNames config.manifest.users); /** Return an attribute set for use with a option that needs to be used for all users. @@ -65,7 +64,7 @@ in ::: */ - forAllUsers = attrset: mapAttrs (_: _: attrset) cfg.manifest.users; + forAllUsers = attrset: mapAttrs (_: _: attrset) config.manifest.users; /** Like forAllUsers, but passes in the name and value from the manifest. @@ -96,6 +95,6 @@ in ::: */ - forAllUsers' = f: mapAttrs f cfg.manifest.users; + forAllUsers' = f: mapAttrs f config.manifest.users; }; } diff --git a/nix/manifest.nix b/nix/manifest.nix index d781698..4f4f42f 100644 --- a/nix/manifest.nix +++ b/nix/manifest.nix @@ -1,5 +1,5 @@ { - flake.manifest = { + manifest = { users.rafiq = { primary = true; name = "Mohammad Rafiq"; diff --git a/nix/meta.nix b/nix/meta.nix index 5c8f8fc..9b93c47 100644 --- a/nix/meta.nix +++ b/nix/meta.nix @@ -5,54 +5,10 @@ ... }: let - inherit (lib.options) mkOption mkEnableOption; - inherit (cfg.lib.options) mkStrOption; - inherit (lib.types) - path - lazyAttrsOf - raw - deferredModule - submodule - ; + inherit (lib.options) mkOption; + inherit (lib.types) path lazyAttrsOf raw; inherit (inputs.flake-parts.lib) mkSubmoduleOptions; - inherit (cfg.lib.attrsets) firstAttrNameMatching; cfg = config.flake; - monitorOpts = submodule { - options = { - id = mkStrOption ""; - resolution = mkStrOption ""; - refresh-rate = mkStrOption ""; - scale = mkStrOption ""; - }; - }; - userOpts = submodule { - options = { - username = mkStrOption ""; - primary = mkEnableOption ""; - name = mkStrOption ""; - email = mkStrOption ""; - shell = mkStrOption ""; - pubkey = mkStrOption ""; - }; - }; - hostOpts = submodule { - options = { - graphical = mkEnableOption ""; - machine = { - platform = mkStrOption ""; - gpu = mkStrOption ""; - root.drive = mkStrOption ""; - monitors = mkOption { - type = lazyAttrsOf monitorOpts; - default = { }; - }; - }; - extraCfg = mkOption { - type = deferredModule; - default = { }; - }; - }; - }; in { options.flake = mkSubmoduleOptions { @@ -68,38 +24,8 @@ in readOnly = true; }; }; - manifest = mkOption { - type = submodule { - options = { - users = mkOption { - type = lazyAttrsOf userOpts; - default = { }; - }; - hosts.nixos = mkOption { - type = lazyAttrsOf hostOpts; - default = { }; - }; - hosts.darwin = mkOption { - type = lazyAttrsOf raw; - default = { }; - }; - }; - }; - }; - # Helper Option - admin = mkOption { - type = userOpts; - default = { }; - }; }; - config.flake = - let - username = firstAttrNameMatching (_: v: v.primary or false) cfg.manifest.users; - in - { - paths.secrets = cfg.paths.root + "/secrets"; - admin = cfg.manifest.users.${username} // { - inherit username; - }; - }; + config.flake = { + paths.secrets = cfg.paths.root + "/secrets"; + }; } diff --git a/nix/modules/cli/git.nix b/nix/modules/cli/git.nix index c609a1a..0571ca3 100644 --- a/nix/modules/cli/git.nix +++ b/nix/modules/cli/git.nix @@ -1,6 +1,6 @@ { config, ... }: let - inherit (config.flake) manifest; + inherit (config.manifest) users; in { flake.modules.homeManager.default = @@ -9,8 +9,8 @@ in home.sessionVariables.GIT_CONFIG_GLOBAL = "$HOME/.config/git/config"; programs.git = { enable = true; - userName = manifest.users.${config.home.username}.name; - userEmail = manifest.users.${config.home.username}.email; + userName = users.${config.home.username}.name; + userEmail = users.${config.home.username}.email; signing.key = "~/.ssh/id_ed25519.pub"; }; }; diff --git a/nix/modules/cli/shell.nix b/nix/modules/cli/shell.nix index 0e081a1..ac1617d 100644 --- a/nix/modules/cli/shell.nix +++ b/nix/modules/cli/shell.nix @@ -1,6 +1,7 @@ { config, lib, ... }: let cfg = config.flake; + inherit (config.manifest) users; inherit (cfg.lib.modules) forAllUsers'; inherit (lib.attrsets) mapAttrs'; in @@ -12,7 +13,7 @@ in programs = mapAttrs' (name: value: { name = value.shell; value.enable = true; - }) cfg.manifest.users; + }) users; users.users = forAllUsers' (_: value: { shell = pkgs.${value.shell}; }); }; darwin.default = @@ -21,14 +22,14 @@ in programs = mapAttrs' (name: value: { name = value.shell; value.enable = true; - }) cfg.manifest.users; + }) users; users.users = forAllUsers' (_: value: { shell = pkgs.${value.shell}; }); environment.shells = [ pkgs.fish ]; }; homeManager.default = { config, ... }: { - programs.${cfg.manifest.users.${config.home.username}.shell}.enable = true; + programs.${users.${config.home.username}.shell}.enable = true; home.shell.enableShellIntegration = true; }; }; diff --git a/nix/modules/machine/gpu.nix b/nix/modules/machine/gpu.nix index 00c56cd..8517036 100644 --- a/nix/modules/machine/gpu.nix +++ b/nix/modules/machine/gpu.nix @@ -1,7 +1,3 @@ -{ config, ... }: -let - cfg = config.flake; -in { allowedUnfreePackages = [ "nvidia-x11" @@ -11,11 +7,11 @@ in { config, pkgs, - hostName, + hostConfig, ... }: let - gpu = cfg.manifest.hosts.nixos.${hostName}.machine.gpu or ""; + inherit (hostConfig.machine) gpu; in if gpu == "nvidia" then { diff --git a/nix/modules/machine/platform.nix b/nix/modules/machine/platform.nix index 19b2fdf..62943b4 100644 --- a/nix/modules/machine/platform.nix +++ b/nix/modules/machine/platform.nix @@ -1,9 +1,8 @@ -{ config, ... }: { flake.modules.nixos.default = - { hostName, ... }: + { hostConfig, ... }: let - inherit (config.flake.manifest.hosts.nixos.${hostName}.machine) platform; + inherit (hostConfig.machine) platform; arch = if platform == "amd" || platform == "intel" then "x86_64" else "aarch64"; in { @@ -13,9 +12,9 @@ }; flake.modules.darwin.default = - { hostName, ... }: + { hostConfig, ... }: let - inherit (config.flake.manifest.hosts.darwin.${hostName}.machine) platform; + inherit (hostConfig.machine) platform; arch = if platform == "intel" then "x86_64" else "aarch64"; in { diff --git a/nix/modules/machine/root.nix b/nix/modules/machine/root.nix index 98c1120..9c7d4ea 100644 --- a/nix/modules/machine/root.nix +++ b/nix/modules/machine/root.nix @@ -1,17 +1,12 @@ -{ - config, - lib, - inputs, - ... -}: +{ lib, inputs, ... }: let inherit (lib.modules) mkMerge mkIf mkAfter; in { flake.modules.nixos.default = - { hostName, ... }: + { hostConfig, ... }: let - inherit (config.flake.manifest.hosts.nixos.${hostName}.machine) root; + inherit (hostConfig.machine) root; in { imports = [ inputs.disko.nixosModules.disko ]; @@ -85,7 +80,7 @@ in }; } # Ephemeral by default - assumes btrfs - (mkIf (config.flake.manifest.hosts.nixos.${hostName}.machine.root.ephemeral or true) { + (mkIf root.ephemeral { boot.initrd.postDeviceCommands = mkAfter '' mkdir /btrfs_tmp mount /dev/root_vg/root /btrfs_tmp diff --git a/nix/modules/networking/ssh.nix b/nix/modules/networking/ssh.nix index d721746..2238b7e 100644 --- a/nix/modules/networking/ssh.nix +++ b/nix/modules/networking/ssh.nix @@ -1,6 +1,7 @@ { config, lib, ... }: let cfg = config.flake; + inherit (config.manifest) admin; inherit (lib.modules) mkMerge; inherit (cfg.lib.modules) forAllUsers'; in @@ -16,7 +17,7 @@ in "/etc/ssh/ssh_host_rsa_key.pub" ]; } - { users.users.root.openssh.authorizedKeys.keys = [ cfg.admin.pubkey ]; } + { users.users.root.openssh.authorizedKeys.keys = [ admin.pubkey ]; } ]; flake.modules.homeManager.default = { persistDirs = [ ".ssh" ]; diff --git a/nix/modules/server/web-servers.nix b/nix/modules/server/web-servers.nix index 1967268..9b0cf75 100644 --- a/nix/modules/server/web-servers.nix +++ b/nix/modules/server/web-servers.nix @@ -4,7 +4,7 @@ let inherit (config.flake.lib.options) mkStrOption mkPathOption; inherit (config.flake.lib.services) mkRootDomain; inherit (config.flake.paths) secrets; - inherit (config.flake.admin) email; + inherit (config.manifest.admin) email; inherit (lib.types) listOf submodule attrs; inherit (lib.options) mkOption mkEnableOption; inherit (lib.modules) mkMerge mkIf; diff --git a/nix/modules/system/secrets.nix b/nix/modules/system/secrets.nix index 7e5400d..e71989d 100644 --- a/nix/modules/system/secrets.nix +++ b/nix/modules/system/secrets.nix @@ -6,11 +6,11 @@ }: let cfg = config.flake; + inherit (cfg.paths) secrets; inherit (builtins) readFile; inherit (lib.meta) getExe; inherit (lib.strings) trim; - inherit (cfg.admin) username pubkey; - inherit (cfg.paths) secrets; + inherit (config.manifest.admin) username pubkey; in { flake.modules = { diff --git a/nix/modules/system/sudo.nix b/nix/modules/system/sudo.nix index ec974cc..fa7724c 100644 --- a/nix/modules/system/sudo.nix +++ b/nix/modules/system/sudo.nix @@ -1,12 +1,12 @@ { config, ... }: let - cfg = config.flake; + inherit (config.manifest) admin; in { flake.modules.nixos.default = { security.sudo.wheelNeedsPassword = false; nix.settings.trusted-users = [ "@wheel" ]; - users.users.${cfg.admin.username}.extraGroups = [ "wheel" ]; + users.users.${admin.username}.extraGroups = [ "wheel" ]; }; flake.modules.darwin.default.security = { sudo.extraConfig = "%admin ALL = (ALL) NOPASSWD: ALL"; diff --git a/nix/modules/system/users.nix b/nix/modules/system/users.nix index 35b199b..dc80b0b 100644 --- a/nix/modules/system/users.nix +++ b/nix/modules/system/users.nix @@ -1,6 +1,7 @@ { config, lib, ... }: let cfg = config.flake; + inherit (config.manifest) users admin; inherit (cfg.lib.modules) userListToAttrs forAllUsers'; inherit (lib.lists) findFirstIndex; inherit (builtins) attrNames; @@ -36,12 +37,12 @@ in flake.modules.darwin.default = { config, ... }: { - system.primaryUser = cfg.admin.username; - users.knownUsers = attrNames cfg.manifest.users; + system.primaryUser = admin.username; + users.knownUsers = attrNames users; users.users = forAllUsers' ( name: _: { home = "/Users/${name}"; - uid = 501 + (findFirstIndex (x: x == name) null (attrNames cfg.manifest.users)); + uid = 501 + (findFirstIndex (x: x == name) null (attrNames users)); } ); home-manager.users = forAllUsers' ( From e02411d5636ac677b18d23bdb74c008ae5c4c76c Mon Sep 17 00:00:00 2001 From: Mohammad Rafiq Date: Tue, 15 Jul 2025 22:51:00 +0800 Subject: [PATCH 52/56] feat(flake): add manifest input and module import --- flake.lock | 16 ++++++++ flake.nix | 2 + nix/flake-parts/manifest.nix | 77 +----------------------------------- 3 files changed, 20 insertions(+), 75 deletions(-) diff --git a/flake.lock b/flake.lock index 21693cb..9d72b1b 100644 --- a/flake.lock +++ b/flake.lock @@ -337,6 +337,21 @@ "type": "github" } }, + "manifest": { + "locked": { + "lastModified": 1752588656, + "narHash": "sha256-clKPzQ43eDpukeiGHzXmd1hGb2s4N+MWXAzQ5u5+pHQ=", + "owner": "rrvsh", + "repo": "manifest", + "rev": "365902fba994f30469298dee0c98a5fc0f41ec38", + "type": "github" + }, + "original": { + "owner": "rrvsh", + "repo": "manifest", + "type": "github" + } + }, "nix-darwin": { "inputs": { "nixpkgs": [ @@ -488,6 +503,7 @@ "impermanence": "impermanence", "import-tree": "import-tree", "make-shell": "make-shell", + "manifest": "manifest", "nix-darwin": "nix-darwin", "nix-index-database": "nix-index-database", "nixpkgs": "nixpkgs", diff --git a/flake.nix b/flake.nix index 5e22b8c..dcb6882 100644 --- a/flake.nix +++ b/flake.nix @@ -71,6 +71,8 @@ files.url = "github:mightyiam/files"; # text.nix lets us easily define markdown text to pass to files text.url = "github:rrvsh/text.nix"; + # manifest lets us define all hosts in one file + manifest.url = "github:rrvsh/manifest"; # make-shells. creates devShells and checks make-shell = { url = "github:nicknovitski/make-shell"; diff --git a/nix/flake-parts/manifest.nix b/nix/flake-parts/manifest.nix index 1d121a1..e61d29a 100644 --- a/nix/flake-parts/manifest.nix +++ b/nix/flake-parts/manifest.nix @@ -1,77 +1,4 @@ -{ lib, config, ... }: -let - cfg = config.flake; - inherit (lib.options) mkOption mkEnableOption; - inherit (lib.types) - bool - str - lazyAttrsOf - deferredModule - submodule - ; - inherit (cfg.lib.options) mkStrOption; - inherit (cfg.lib.attrsets) firstAttrNameMatching; - userOpts = submodule { - options = { - primary = mkOption { type = bool; }; - username = mkOption { type = str; }; - name = mkOption { type = str; }; - email = mkOption { type = str; }; - shell = mkOption { type = str; }; - pubkey = mkOption { type = str; }; - }; - }; - monitorOpts = submodule { - options = { - id = mkStrOption ""; - resolution = mkStrOption ""; - refresh-rate = mkStrOption ""; - scale = mkStrOption ""; - }; - }; - hostOpts = submodule { - options = { - graphical = mkEnableOption ""; - machine = { - platform = mkStrOption ""; - gpu = mkStrOption ""; - root.drive = mkStrOption ""; - root.ephemeral = mkEnableOption "" // { - default = true; - }; - monitors = mkOption { - type = lazyAttrsOf monitorOpts; - default = { }; - }; - }; - extraCfg = mkOption { - type = deferredModule; - default = { }; - }; - }; - }; - username = firstAttrNameMatching (_: v: v.primary or false) config.manifest.users; -in +{ inputs, ... }: { - options.manifest = { - admin = mkOption { - type = userOpts; - readOnly = true; - }; - users = mkOption { - type = lazyAttrsOf userOpts; - default = { }; - }; - hosts.nixos = mkOption { - type = lazyAttrsOf hostOpts; - default = { }; - }; - hosts.darwin = mkOption { - type = lazyAttrsOf hostOpts; - default = { }; - }; - }; - config.manifest.admin = config.manifest.users.${username} // { - inherit username; - }; + imports = [ inputs.manifest.flakeModules.default ]; } From ab627ac91948f4ca64cf78feef13e312d2d4084d Mon Sep 17 00:00:00 2001 From: Mohammad Rafiq Date: Tue, 15 Jul 2025 22:54:06 +0800 Subject: [PATCH 53/56] refactor(flake-parts): consolidate modules into one file --- nix/flake-parts/debug.nix | 3 --- nix/flake-parts/flake-parts.nix | 10 ++++++++++ nix/flake-parts/make-shell.nix | 5 ----- nix/flake-parts/manifest.nix | 4 ---- nix/flake-parts/modules.nix | 4 ---- nix/flake-parts/text.nix | 4 ---- 6 files changed, 10 insertions(+), 20 deletions(-) delete mode 100644 nix/flake-parts/debug.nix create mode 100644 nix/flake-parts/flake-parts.nix delete mode 100644 nix/flake-parts/make-shell.nix delete mode 100644 nix/flake-parts/manifest.nix delete mode 100644 nix/flake-parts/modules.nix delete mode 100644 nix/flake-parts/text.nix diff --git a/nix/flake-parts/debug.nix b/nix/flake-parts/debug.nix deleted file mode 100644 index 38e2cb3..0000000 --- a/nix/flake-parts/debug.nix +++ /dev/null @@ -1,3 +0,0 @@ -{ - debug = true; -} diff --git a/nix/flake-parts/flake-parts.nix b/nix/flake-parts/flake-parts.nix new file mode 100644 index 0000000..4f0d093 --- /dev/null +++ b/nix/flake-parts/flake-parts.nix @@ -0,0 +1,10 @@ +{ inputs, ... }: +{ + debug = true; + imports = [ + inputs.make-shell.flakeModules.default + inputs.manifest.flakeModules.default + inputs.flake-parts.flakeModules.modules + inputs.text.flakeModules.default + ]; +} diff --git a/nix/flake-parts/make-shell.nix b/nix/flake-parts/make-shell.nix deleted file mode 100644 index 66ca600..0000000 --- a/nix/flake-parts/make-shell.nix +++ /dev/null @@ -1,5 +0,0 @@ -{ inputs, ... }: -{ - #TODO: add to readme - imports = [ inputs.make-shell.flakeModules.default ]; -} diff --git a/nix/flake-parts/manifest.nix b/nix/flake-parts/manifest.nix deleted file mode 100644 index e61d29a..0000000 --- a/nix/flake-parts/manifest.nix +++ /dev/null @@ -1,4 +0,0 @@ -{ inputs, ... }: -{ - imports = [ inputs.manifest.flakeModules.default ]; -} diff --git a/nix/flake-parts/modules.nix b/nix/flake-parts/modules.nix deleted file mode 100644 index 1c75663..0000000 --- a/nix/flake-parts/modules.nix +++ /dev/null @@ -1,4 +0,0 @@ -{ inputs, ... }: -{ - imports = [ inputs.flake-parts.flakeModules.modules ]; -} diff --git a/nix/flake-parts/text.nix b/nix/flake-parts/text.nix deleted file mode 100644 index 81b2f51..0000000 --- a/nix/flake-parts/text.nix +++ /dev/null @@ -1,4 +0,0 @@ -{ inputs, ... }: -{ - imports = [ inputs.text.flakeModules.default ]; -} From e3ad7a252807a57cafcc66720d679f2fc0a51413 Mon Sep 17 00:00:00 2001 From: Mohammad Rafiq Date: Thu, 17 Jul 2025 15:17:46 +0800 Subject: [PATCH 54/56] feat(languages): enable tailwind language support --- nix/homes/rafiq/_nvf/languages.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/nix/homes/rafiq/_nvf/languages.nix b/nix/homes/rafiq/_nvf/languages.nix index 6378a42..fbeaf85 100644 --- a/nix/homes/rafiq/_nvf/languages.nix +++ b/nix/homes/rafiq/_nvf/languages.nix @@ -27,6 +27,7 @@ }; rust.enable = true; rust.crates.enable = true; + tailwind.enable = true; ts.enable = true; ts.extensions.ts-error-translator.enable = true; typst.enable = true; From b0c6785f648612dfd7592f1d0f3753b6b686449e Mon Sep 17 00:00:00 2001 From: Mohammad Rafiq Date: Fri, 18 Jul 2025 19:47:24 +0800 Subject: [PATCH 55/56] refactor(homebrew): move homebrew config to module --- nix/homes/rafiq/desktop/darwin.nix | 7 ------- nix/modules/system/homebrew.nix | 11 +++++++++++ 2 files changed, 11 insertions(+), 7 deletions(-) create mode 100644 nix/modules/system/homebrew.nix diff --git a/nix/homes/rafiq/desktop/darwin.nix b/nix/homes/rafiq/desktop/darwin.nix index e1f598c..7ef9790 100644 --- a/nix/homes/rafiq/desktop/darwin.nix +++ b/nix/homes/rafiq/desktop/darwin.nix @@ -1,12 +1,5 @@ -{ config, ... }: -let - inherit (config.manifest) admin; -in { flake.modules.darwin.graphical.homebrew = { - enable = true; - user = admin.username; - onActivation.cleanup = "uninstall"; brews = [ "mise" "docker" diff --git a/nix/modules/system/homebrew.nix b/nix/modules/system/homebrew.nix new file mode 100644 index 0000000..312a26b --- /dev/null +++ b/nix/modules/system/homebrew.nix @@ -0,0 +1,11 @@ +{ config, ... }: +let + inherit (config.manifest) admin; +in +{ + flake.modules.darwin.graphical.homebrew = { + enable = true; + user = admin.username; + onActivation.cleanup = "uninstall"; + }; +} From 609482e62cc056786592969b4ceb7798b0fb11b9 Mon Sep 17 00:00:00 2001 From: Mohammad Rafiq Date: Sat, 19 Jul 2025 01:36:49 +0800 Subject: [PATCH 56/56] feat(darwin): add spotify with homebrew --- nix/homes/rafiq/desktop/darwin.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/nix/homes/rafiq/desktop/darwin.nix b/nix/homes/rafiq/desktop/darwin.nix index 7ef9790..892031c 100644 --- a/nix/homes/rafiq/desktop/darwin.nix +++ b/nix/homes/rafiq/desktop/darwin.nix @@ -12,6 +12,7 @@ "vial" "linear-linear" "chatgpt" + "spotify" ]; }; flake.modules.homeManager.rafiq = {