starred/nix-config-ryan4yin
1
0
Fork 0
mirror of https://github.com/ryan4yin/nix-config.git synced 2026-01-11 22:30:25 +01:00
Code Issues Packages Projects Releases 10 Wiki Activity

feat: simplify flake.nix

Browse Source
This commit is contained in:
Ryan Yin
2023-07-26 20:07:42 +08:00
parent eebbb9f5e6
commit 204cb03922
70 changed files with 1183 additions and 1165 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
.gitignore vendored
View File

@@ -1,2 +1,3 @@
result
result/
result/
.DS_Store

10
Makefile
View File

@@ -13,13 +13,13 @@
i3:
nixos-rebuild switch --flake .#ai_i3 --use-remote-sudo
hyprland:
hypr:
nixos-rebuild switch --flake .#ai_hyprland --use-remote-sudo
debug_i3:
i3-debug:
nixos-rebuild switch --flake .#ai_i3 --use-remote-sudo --show-trace --verbose
debug_hyprland:
hypr-debug:
nixos-rebuild switch --flake .#ai_hyprland --use-remote-sudo --show-trace --verbose
update:
@@ -49,11 +49,11 @@ bright:
darwin-set-proxy:
sudo python3 scripts/darwin_set_proxy.py
darwin: darwin-set-proxy
ha: darwin-set-proxy
nix build .#darwinConfigurations.harmonica.system
./result/sw/bin/darwin-rebuild switch --flake .
darwin-debug: darwin-set-proxy
ha-debug: darwin-set-proxy
nix build .#darwinConfigurations.harmonica.system --show-trace --verbose
./result/sw/bin/darwin-rebuild switch --flake .#harmonica --show-trace --verbose

6
README.md
View File

@@ -58,17 +58,17 @@ sudo nixos-rebuild switch --flake .
make i3
# or we can deploy with details
make debug_i3
make i3-debug
```
For MacOS, use the following commands:
```bash
# deploy the darwin configuration(harmonicia)
make darwin
make ha
# deploy with details
make darwin-debug
make ha-debug
```
## Install Apps from Flatpak

135
flake.lock generated
View File

@@ -60,26 +60,6 @@
"type": "github"
}
},
"darwin_2": {
"inputs": {
"nixpkgs": [
"nixpkgs-darwin"
]
},
"locked": {
"lastModified": 1689516967,
"narHash": "sha256-sFAa33wkQHanmij/uhfGduIDK8z4dJAita/rK6u9pvE=",
"owner": "lnl7",
"repo": "nix-darwin",
"rev": "61662a63bfe1726588c1da6b412df86d8ca94d63",
"type": "github"
},
"original": {
"owner": "lnl7",
"repo": "nix-darwin",
"type": "github"
}
},
"flake-compat": {
"locked": {
"lastModified": 1688025799,
@@ -185,16 +165,16 @@
"xdph": "xdph"
},
"locked": {
"lastModified": 1689160271,
"narHash": "sha256-mEKF6Wcx+wSF/eos/91A7LxhFLDYhSnQnLpwZF13ntg=",
"lastModified": 1689766295,
"narHash": "sha256-2OuPIcw2WOUc/zjrH7JZHWe1byuMjqP6Zz7D4qsi10s=",
"owner": "hyprwm",
"repo": "Hyprland",
"rev": "5e577acf516b80173f695a458c2cc188a4d64560",
"rev": "b08b72358ad549fd066e5be0fc3aa4c9df367607",
"type": "github"
},
"original": {
"owner": "hyprwm",
"ref": "v0.27.0",
"ref": "v0.27.2",
"repo": "Hyprland",
"type": "github"
}
@@ -226,11 +206,11 @@
"nixpkgs-lib": "nixpkgs-lib"
},
"locked": {
"lastModified": 1689509371,
"narHash": "sha256-ESRIO7E8PfKF5cL2ymdrQrvj8LORET24Wbpl0XMzhog=",
"lastModified": 1690114105,
"narHash": "sha256-QOY9FXZ4pWjlDPdZKkLNNMHS+ct1+4wu8lrcua7+chw=",
"owner": "nix-community",
"repo": "lib-aggregate",
"rev": "d75813d1b691b829a5b459bc676e2b1d71d2c15e",
"rev": "d923660039d7e793712ba93f633778046f5e6087",
"type": "github"
},
"original": {
@@ -256,17 +236,38 @@
"url": "ssh://git@github.com/ryan4yin/nix-secrets.git"
}
},
"nix-darwin": {
"inputs": {
"nixpkgs": [
"nixpkgs-darwin"
]
},
"locked": {
"lastModified": 1690368313,
"narHash": "sha256-1MG/pU2riawknpYaTfaynKJPaIKFnQiYTTCFJAjXM5Q=",
"owner": "lnl7",
"repo": "nix-darwin",
"rev": "94212ebe32948471a1aa11baa5c576ce60d54589",
"type": "github"
},
"original": {
"owner": "lnl7",
"repo": "nix-darwin",
"type": "github"
}
},
"nix-eval-jobs": {
"inputs": {
"flake-parts": "flake-parts",
"nixpkgs": "nixpkgs_4"
"nixpkgs": "nixpkgs_4",
"treefmt-nix": "treefmt-nix"
},
"locked": {
"lastModified": 1689318580,
"narHash": "sha256-ccMZzE0Du6I7RtAuDZbERsBZRGnFcwXTAnSQqGd7mOY=",
"lastModified": 1689903701,
"narHash": "sha256-kW1Rke5wLqw8XHVyiWw7qIKZR911GCsbOg5SkgKH1Uc=",
"owner": "nix-community",
"repo": "nix-eval-jobs",
"rev": "f88571cfc9132e8f2768aa41d57f5f471941d4b6",
"rev": "fcaf7773e3a6713b78dacfd442339a96cfab405f",
"type": "github"
},
"original": {
@@ -298,11 +299,11 @@
]
},
"locked": {
"lastModified": 1689558522,
"narHash": "sha256-diNpqSRebzvT3P4fLX+40VWZbf2H2hraJDDdg5NJSj0=",
"lastModified": 1690133435,
"narHash": "sha256-YNZiefETggroaTLsLJG2M+wpF0pJPwiauKG4q48ddNU=",
"owner": "nix-community",
"repo": "nixos-generators",
"rev": "11c98929963a95ad3830960a9216d00e2f792502",
"rev": "b1171de4d362c022130c92d7c8adc4bf2b83d586",
"type": "github"
},
"original": {
@@ -329,11 +330,11 @@
},
"nixpkgs-darwin": {
"locked": {
"lastModified": 1689503327,
"narHash": "sha256-qVwzYLA8oT2oWNDXO0A3bZHOhoPOihIB9T677+Hor1E=",
"lastModified": 1690298576,
"narHash": "sha256-RLgIGS04t4Rd0viqsx2e9dGViKB6nVsGmO11EagCWmM=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "f64b9738da8e86195766147e9752c67fccee006c",
"rev": "88f63d511092e95d28e9a7c98534595c53de1048",
"type": "github"
},
"original": {
@@ -345,11 +346,11 @@
},
"nixpkgs-lib": {
"locked": {
"lastModified": 1689469483,
"narHash": "sha256-2SBhY7rZQ/iNCxe04Eqxlz9YK9KgbaTMBssq3/BgdWY=",
"lastModified": 1690073998,
"narHash": "sha256-qmK+VMvflwUzQSQl4XVP5kbodYLAKThNzq6mZrOM2Mo=",
"owner": "nix-community",
"repo": "nixpkgs.lib",
"rev": "02fea408f27186f139153e1ae88f8ab2abd9c22c",
"rev": "d0545f65611a9625f161d0ff02627bc364e024f6",
"type": "github"
},
"original": {
@@ -360,11 +361,11 @@
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1689534811,
"narHash": "sha256-jnSUdzD/414d94plCyNlvTJJtiTogTep6t7ZgIKIHiE=",
"lastModified": 1690179384,
"narHash": "sha256-+arbgqFTAtoeKtepW9wCnA0njCOyoiDFyl0Q0SBSOtE=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "6cee3b5893090b0f5f0a06b4cf42ca4e60e5d222",
"rev": "b12803b6d90e2e583429bb79b859ca53c348b39a",
"type": "github"
},
"original": {
@@ -382,11 +383,11 @@
"nixpkgs": "nixpkgs_5"
},
"locked": {
"lastModified": 1689585449,
"narHash": "sha256-D6TL+9EbDcGLNmpneuGXnonjNWlS563TOoghU/W/k88=",
"lastModified": 1690384532,
"narHash": "sha256-Nc9d6GPajVdSj02aBDkAAq93fdLUtRXP9EIfwKn3Uq4=",
"owner": "nix-community",
"repo": "nixpkgs-wayland",
"rev": "97941d1936213031ae7ca948ba27aa1bd141a630",
"rev": "729cabdcc73e84963751dd65163048e9ff1a1a75",
"type": "github"
},
"original": {
@@ -413,11 +414,11 @@
},
"nixpkgs_3": {
"locked": {
"lastModified": 1689503327,
"narHash": "sha256-qVwzYLA8oT2oWNDXO0A3bZHOhoPOihIB9T677+Hor1E=",
"lastModified": 1690271650,
"narHash": "sha256-qwdsW8DBY1qH+9luliIH7VzgwvL+ZGI3LZWC0LTiDMI=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "f64b9738da8e86195766147e9752c67fccee006c",
"rev": "6dc93f0daec55ee2f441da385aaf143863e3d671",
"type": "github"
},
"original": {
@@ -445,11 +446,11 @@
},
"nixpkgs_5": {
"locked": {
"lastModified": 1689534811,
"narHash": "sha256-jnSUdzD/414d94plCyNlvTJJtiTogTep6t7ZgIKIHiE=",
"lastModified": 1690179384,
"narHash": "sha256-+arbgqFTAtoeKtepW9wCnA0njCOyoiDFyl0Q0SBSOtE=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "6cee3b5893090b0f5f0a06b4cf42ca4e60e5d222",
"rev": "b12803b6d90e2e583429bb79b859ca53c348b39a",
"type": "github"
},
"original": {
@@ -463,10 +464,10 @@
"inputs": {
"agenix": "agenix",
"astronvim": "astronvim",
"darwin": "darwin_2",
"home-manager": "home-manager_2",
"hyprland": "hyprland",
"mysecrets": "mysecrets",
"nix-darwin": "nix-darwin",
"nixos-generators": "nixos-generators",
"nixpkgs": "nixpkgs_3",
"nixpkgs-darwin": "nixpkgs-darwin",
@@ -489,15 +490,37 @@
"type": "github"
}
},
"treefmt-nix": {
"inputs": {
"nixpkgs": [
"nixpkgs-wayland",
"nix-eval-jobs",
"nixpkgs"
]
},
"locked": {
"lastModified": 1689620039,
"narHash": "sha256-BtNwghr05z7k5YMdq+6nbue+nEalvDepuA7qdQMAKoQ=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "719c2977f958c41fa60a928e2fbc50af14844114",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "treefmt-nix",
"type": "github"
}
},
"wlroots": {
"flake": false,
"locked": {
"host": "gitlab.freedesktop.org",
"lastModified": 1686753331,
"narHash": "sha256-KovjVFwcuoUO0eu/UiWrnD3+m/K+SHSAVIz4xF9K1XA=",
"lastModified": 1689611045,
"narHash": "sha256-3RTOlQabkNetQ4O4UzSf57JPco9VGVHhSU1ls5uKBeE=",
"owner": "wlroots",
"repo": "wlroots",
"rev": "7e7633abf09b362d0bad9e3fc650fd692369291d",
"rev": "7791ffe0584c4ac13c170e1661ce33bdbd4a9b9e",
"type": "gitlab"
},
"original": {

345
flake.nix
View File

@@ -2,15 +2,15 @@
description = "NixOS & macOS configuration of Ryan Yin";
##################################################################################################################
#
#
# Want to know Nix in details? Looking for a beginner-friendly tutorial?
# Check out https://github.com/ryan4yin/nixos-and-flakes-book !
#
#
##################################################################################################################
# the nixConfig here only affects the flake itself, not the system configuration!
nixConfig = {
experimental-features = [ "nix-command" "flakes" ];
experimental-features = ["nix-command" "flakes"];
substituters = [
# replace official cache with a mirror located in China
@@ -30,7 +30,6 @@
];
};
# This is the standard format for flake.nix. `inputs` are the dependencies of the flake,
# Each item in `inputs` will be passed as a parameter to the `outputs` function after being pulled and built.
inputs = {
@@ -43,7 +42,7 @@
# for macos
nixpkgs-darwin.url = "github:nixos/nixpkgs/nixpkgs-23.05-darwin";
darwin = {
nix-darwin = {
url = "github:lnl7/nix-darwin";
inputs.nixpkgs.follows = "nixpkgs-darwin";
};
@@ -58,7 +57,7 @@
};
# modern window compositor
hyprland.url = "github:hyprwm/Hyprland/v0.27.0";
hyprland.url = "github:hyprwm/Hyprland/v0.27.2";
# community wayland nixpkgs
nixpkgs-wayland.url = "github:nix-community/nixpkgs-wayland";
@@ -72,216 +71,156 @@
agenix.url = "github:ryantm/agenix/0d8c5325fc81daf00532e3e26c6752f7bcde1143";
# AstroNvim is an aesthetic and feature-rich neovim config.
astronvim = { url = "github:AstroNvim/AstroNvim/v3.33.3"; flake = false; };
astronvim = {
url = "github:AstroNvim/AstroNvim/v3.33.3";
flake = false;
};
# my private secrets, it's a private repository, you need to replace it with your own.
# use ssh protocol to authenticate via ssh-agent/ssh-key, and shallow clone to save time
mysecrets = { url = "git+ssh://git@github.com/ryan4yin/nix-secrets.git?shallow=1"; flake = false; };
mysecrets = {
url = "git+ssh://git@github.com/ryan4yin/nix-secrets.git?shallow=1";
flake = false;
};
};
# The `outputs` function will return all the build results of the flake.
# The `outputs` function will return all the build results of the flake.
# A flake can have many use cases and different types of outputs,
# parameters in `outputs` are defined in `inputs` and can be referenced by their names.
# parameters in `outputs` are defined in `inputs` and can be referenced by their names.
# However, `self` is an exception, this special parameter points to the `outputs` itself (self-reference)
# The `@` syntax here is used to alias the attribute set of the inputs's parameter, making it convenient to use inside the function.
outputs =
inputs@{ self
, nixpkgs
, darwin
, home-manager
, nixos-generators
, ...
}:
let
x64_system = "x86_64-linux";
x64_specialArgs = {
# use unstable branch for some packages to get the latest updates
pkgs-unstable = import inputs.nixpkgs-unstable {
system = x64_system; # refer the `system` parameter form outer scope recursively
# To use chrome, we need to allow the installation of non-free software
config.allowUnfree = true;
};
} // inputs;
# 星野 アイ, Hoshino Ai
idol_ai_modules_i3 = [
outputs = inputs @ {
self,
nixpkgs,
nixpkgs-unstable,
nix-darwin,
home-manager,
nixos-generators,
...
}: let
username = "ryan";
x64_system = "x86_64-linux";
x64_darwin = "x86_64-darwin";
allSystems = [x64_system x64_darwin];
nixosSystem = import ./lib/nixosSystem.nix;
macosSystem = import ./lib/macosSystem.nix;
# 星野 アイ, Hoshino Ai
idol_ai_modules_i3 = {
nixos-modules = [
./hosts/idols/ai
./modules/nixos/i3.nix
home-manager.nixosModules.home-manager
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.extraSpecialArgs = x64_specialArgs;
home-manager.users.ryan = import ./home/linux/desktop-i3.nix;
}
];
idol_ai_modules_hyprland = [
home-module = import ./home/linux/desktop-i3.nix;
};
idol_ai_modules_hyprland = {
nixos-modules = [
./hosts/idols/ai
./modules/nixos/hyprland.nix
home-manager.nixosModules.home-manager
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.extraSpecialArgs = x64_specialArgs;
home-manager.users.ryan = import ./home/linux/desktop-hyprland.nix;
}
];
# 星野 愛久愛海, Hoshino Akuamarin
idol_aquamarine_modules = [
./hosts/idols/aquamarine
home-manager.nixosModules.home-manager
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.extraSpecialArgs = x64_specialArgs;
home-manager.users.ryan = import ./home/linux/server.nix;
}
];
# 星野 瑠美衣, Hoshino Rubii
idol_ruby_modules = [
./hosts/idols/ruby
home-manager.nixosModules.home-manager
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.extraSpecialArgs = x64_specialArgs;
home-manager.users.ryan = import ./home/linux/server.nix;
}
];
# 有馬 かな, Arima Kana
idol_kana_modules = [
./hosts/idols/kana
home-manager.nixosModules.home-manager
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.extraSpecialArgs = x64_specialArgs;
home-manager.users.ryan = import ./home/linux/server.nix;
}
];
in {
nixosConfigurations = let system = x64_system; specialArgs = x64_specialArgs; in {
ai_i3 = nixpkgs.lib.nixosSystem { # ai with i3 window manager
inherit system specialArgs;
modules = idol_ai_modules_i3;
};
ai_hyprland = nixpkgs.lib.nixosSystem { # ai with hyprland compositor
inherit system specialArgs;
modules = idol_ai_modules_hyprland;
};
aquamarine = nixpkgs.lib.nixosSystem {
inherit system specialArgs;
modules = idol_aquamarine_modules;
};
ruby = nixpkgs.lib.nixosSystem {
inherit system specialArgs;
modules = idol_ruby_modules;
};
kana = nixpkgs.lib.nixosSystem {
inherit system specialArgs;
modules = idol_kana_modules;
};
};
# macOS's configuration, for work.
darwinConfigurations."harmonica" = let
system = "x86_64-darwin";
specialArgs = {
# use unstable branch for some packages to get the latest updates
pkgs-unstable = import inputs.nixpkgs-unstable {
inherit system; # refer the `system` parameter form outer scope recursively
# To use chrome, we need to allow the installation of non-free software
config.allowUnfree = true;
};
} // inputs;
in
darwin.lib.darwinSystem {
inherit system specialArgs;
modules = [
./hosts/harmonica
home-manager.darwinModules.home-manager
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.extraSpecialArgs = specialArgs;
home-manager.users.ryan = import ./home/darwin;
}
];
};
formatter = {
# format the nix code in this flake
# alejandra is a nix formatter with a beautiful output
x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.alejandra;
x86_64-darwin = nixpkgs.legacyPackages.x86_64-darwin.alejandra;
};
packages.x86_64-linux =
# take images for idols
# https://github.com/nix-community/nixos-generators
let system = x64_system; specialArgs = x64_specialArgs; in {
# Hoshino Ai is a physical machine, so we need to generate an iso image for it.
ai_i3 = nixos-generators.nixosGenerate { # ai with i3 window manager
inherit system specialArgs;
modules = idol_ai_modules_i3;
format = "iso";
};
ai_hyprland = nixos-generators.nixosGenerate { # ai with hyprland compositor
inherit system specialArgs;
modules = idol_ai_modules_hyprland;
format = "iso";
};
# Hoshino Aquamarine is a virtual machine running on Proxmox VE.
aquamarine = nixos-generators.nixosGenerate {
inherit system specialArgs;
modules = idol_aquamarine_modules ++ [
({config, ...}: {
proxmox.qemuConf.name = "aquamarine-nixos-${config.system.nixos.label}";
})
];
# proxmox's configuration:
# https://github.com/NixOS/nixpkgs/blob/nixos-unstable/nixos/modules/virtualisation/proxmox-image.nix
#
# after resize the disk, it will grow partition automatically.
# and it alse had qemu-guest-agent installed by default.
format = "proxmox";
};
# Hoshino Rubii is a vm too.
ruby = nixos-generators.nixosGenerate {
inherit system specialArgs;
modules = idol_ruby_modules ++ [
({config, ...}: {
proxmox.qemuConf.name = "ruby-nixos-${config.system.nixos.label}";
})
];
format = "proxmox";
};
# Kana is a vm too.
kana = nixos-generators.nixosGenerate {
inherit system specialArgs;
modules = idol_kana_modules ++ [
({config, ...}: {
proxmox.qemuConf.name = "kana-nixos-${config.system.nixos.label}";
})
];
format = "proxmox";
};
};
home-module = import ./home/linux/desktop-hyprland.nix;
};
# 星野 愛久愛海, Hoshino Akuamarin
idol_aquamarine_modules = {
nixos-modules = [
./hosts/idols/aquamarine
];
home-module = import ./home/linux/server.nix;
};
# 星野 瑠美衣, Hoshino Rubii
idol_ruby_modules = {
nixos-modules = [
./hosts/idols/ruby
];
home-module = import ./home/linux/server.nix;
};
# 有馬 かな, Arima Kana
idol_kana_modules = {
nixos-modules = [
./hosts/idols/kana
];
home-module = import ./home/linux/server.nix;
};
in {
nixosConfigurations = let
system = x64_system;
specialArgs =
{
inherit username;
# use unstable branch for some packages to get the latest updates
pkgs-unstable = import nixpkgs-unstable {
system = x64_system; # refer the `system` parameter form outer scope recursively
# To use chrome, we need to allow the installation of non-free software
config.allowUnfree = true;
};
}
// inputs;
base_args = {
inherit home-manager nixos-generators system specialArgs;
};
stable_args = base_args // {inherit nixpkgs;};
unstable_args = base_args // {nixpkgs = nixpkgs-unstable;};
in {
# ai with i3 window manager
ai_i3 = nixosSystem (idol_ai_modules_i3 // stable_args);
# ai with hyprland compositor
ai_hyprland = nixosSystem (idol_ai_modules_hyprland // stable_args);
aquamarine = nixosSystem (idol_aquamarine_modules // unstable_args);
ruby = nixosSystem (idol_ruby_modules // unstable_args);
kana = nixosSystem (idol_kana_modules // unstable_args);
};
# take images for idols
# https://github.com/nix-community/nixos-generators
packages."${x64_system}" =
nixpkgs.lib.genAttrs [
"ai_i3"
"ai_hyprland"
] (
host:
self.nixosConfigurations.${host}.config.formats.iso
)
// nixpkgs.lib.genAttrs [
"aquamarine"
"ruby"
"kana"
] (
host:
self.nixosConfigurations.${host}.config.formats.proxmox
);
# macOS's configuration, for work.
darwinConfigurations."harmonica" = let
system = x64_darwin;
specialArgs =
{
# use unstable branch for some packages to get the latest updates
pkgs-unstable = import nixpkgs-unstable {
inherit system; # refer the `system` parameter form outer scope recursively
# To use chrome, we need to allow the installation of non-free software
config.allowUnfree = true;
};
}
// inputs;
in
macosSystem {
inherit nix-darwin home-manager system specialArgs;
darwin-modules = [
./hosts/harmonica
];
home-module = import ./home/darwin;
};
# format the nix code in this flake
# alejandra is a nix formatter with a beautiful output
formatter = nixpkgs.lib.genAttrs allSystems (
system:
nixpkgs.legacyPackages.${system}.alejandra
);
};
}

13
fonts/icomoon-feather-icon-font.nix
View File

@@ -1,5 +1,8 @@
{ lib, stdenvNoCC, fetchgit }:
{
lib,
stdenvNoCC,
fetchgit,
}:
stdenvNoCC.mkDerivation rec {
pname = "icomoon-feather-font";
version = "2023-05-06";
@@ -8,7 +11,7 @@ stdenvNoCC.mkDerivation rec {
src = fetchgit {
url = "https://github.com/adi1090x/polybar-themes.git";
rev = "47b66337a92a1afd2240ed7094ffcb039cc686cf"; # git commit id
sparseCheckout = [ "fonts/feather.ttf" ]; # only fetch the feather.ttf file
sparseCheckout = ["fonts/feather.ttf"]; # only fetch the feather.ttf file
# the sha256 is used to verify the integrity of the downloaded source, and alse cache the build result.
# so if you copy other package src's sha256, you will get a cached build result of that package, and all configs in this file will be ignored.
@@ -29,11 +32,11 @@ stdenvNoCC.mkDerivation rec {
description = "Icomoon feather font";
version = version;
longDescription = ''
Feather is a collection of simply beautiful open source icons.
Feather is a collection of simply beautiful open source icons.
Each icon is designed on a 24x24 grid with an emphasis on simplicity, consistency, and flexibility.
'';
license = licenses.mit;
maintainers = [ maintainers.ryan4yin ];
maintainers = [maintainers.ryan4yin];
platforms = platforms.all;
};
}

145
home/base/desktop/alacritty/default.nix
View File

@@ -1,9 +1,8 @@
{ pkgs, ... }:
{pkgs, ...}:
###########################################################
#
# Alacritty Configuration
#
#
# Useful Hot Keys for macOS:
# 1. Multi-Window: `command + N`
# 2. Increase Font Size: `command + =` | `command + +`
@@ -18,80 +17,84 @@
# Note: Alacritty do not have support for Tabs, and any graphic protocol.
#
###########################################################
{
programs.alacritty = {
enable = true;
};
xdg.configFile."alacritty/alacritty.yml".text = ''
import:
# all alacritty themes can be found at
# https://github.com/alacritty/alacritty-theme
- ~/.config/alacritty/theme_catppuccino.yml
window:
# Background opacity
#
# Window opacity as a floating point number from `0.0` to `1.0`.
# The value `0.0` is completely transparent and `1.0` is opaque.
opacity: 0.95
# Startup Mode (changes require restart)
#
# Values for `startup_mode`:
# - Windowed
# - Maximized
# - Fullscreen
#
# Values for `startup_mode` (macOS only):
# - SimpleFullscreen
startup_mode: Windowed
# Allow terminal applications to change Alacritty's window title.
dynamic_title: true
# Make `Option` key behave as `Alt` (macOS only):
# - OnlyLeft
# - OnlyRight
# - Both
# - None (default)
option_as_alt: Both
scrolling:
# Maximum number of lines in the scrollback buffer.
# Specifying '0' will disable scrolling.
history: 10000
# Scrolling distance multiplier.
#multiplier: 3
# Font configuration
font:
# Normal (roman) font face
bold:
family: JetBrainsMono Nerd Font
italic:
family: JetBrainsMono Nerd Font
normal:
family: JetBrainsMono Nerd Font
bold_italic:
# Font family
#
# If the bold italic family is not specified, it will fall back to the
# value specified for the normal font.
family: JetBrainsMono Nerd Font
'' + (if pkgs.stdenv.isDarwin then ''
# Point size
size: 14
shell: # force nushell as default shell on macOS
program: /run/current-system/sw/bin/nu
'' else ''
# holder identation
# Point size
size: 13
'');
xdg.configFile."alacritty/alacritty.yml".text =
''
import:
# all alacritty themes can be found at
# https://github.com/alacritty/alacritty-theme
- ~/.config/alacritty/theme_catppuccino.yml
window:
# Background opacity
#
# Window opacity as a floating point number from `0.0` to `1.0`.
# The value `0.0` is completely transparent and `1.0` is opaque.
opacity: 0.95
# Startup Mode (changes require restart)
#
# Values for `startup_mode`:
# - Windowed
# - Maximized
# - Fullscreen
#
# Values for `startup_mode` (macOS only):
# - SimpleFullscreen
startup_mode: Windowed
# Allow terminal applications to change Alacritty's window title.
dynamic_title: true
# Make `Option` key behave as `Alt` (macOS only):
# - OnlyLeft
# - OnlyRight
# - Both
# - None (default)
option_as_alt: Both
scrolling:
# Maximum number of lines in the scrollback buffer.
# Specifying '0' will disable scrolling.
history: 10000
# Scrolling distance multiplier.
#multiplier: 3
# Font configuration
font:
# Normal (roman) font face
bold:
family: JetBrainsMono Nerd Font
italic:
family: JetBrainsMono Nerd Font
normal:
family: JetBrainsMono Nerd Font
bold_italic:
# Font family
#
# If the bold italic family is not specified, it will fall back to the
# value specified for the normal font.
family: JetBrainsMono Nerd Font
''
+ (
if pkgs.stdenv.isDarwin
then ''
# Point size
size: 14
shell: # force nushell as default shell on macOS
program: /run/current-system/sw/bin/nu
''
else ''
# holder identation
# Point size
size: 13
''
);
xdg.configFile."alacritty/theme_catppuccino.yml".source = ./theme_catppuccino.yml;
}

6
home/base/desktop/default.nix
View File

@@ -1,14 +1,12 @@
{ ... }:
{
{...}: {
imports = [
./alacritty
../server
./neovim
./development.nix
./kitty.nix
./media.nix
./shell.nix
];
}

23
home/base/desktop/development.nix
View File

@@ -1,10 +1,12 @@
{ pkgs, pkgs-unstable, ... }:
{
pkgs,
pkgs-unstable,
...
}: {
#############################################################
#
# Basic settings for development environment
#
#
# Please avoid to install language specific packages here(globally),
# instead, install them independently using dev-templates:
# https://github.com/the-nix-way/dev-templates
@@ -36,13 +38,14 @@
gnumake # used by this repo, to simplify the deployment
# python
(python311.withPackages (ps: with ps; [
ipython
pandas
requests
pyquery
pyyaml
]))
(python311.withPackages (ps:
with ps; [
ipython
pandas
requests
pyquery
pyyaml
]))
# db related
dbeaver

40
home/base/desktop/kitty.nix
View File

@@ -1,9 +1,12 @@
{ lib, pkgs, ... }:
{
lib,
pkgs,
...
}:
###########################################################
#
# Kitty Configuration
#
#
# Useful Hot Keys for macOS:
# 1. New Tab: `command + t`
# 2. Close Tab: `command + w`
@@ -28,20 +31,29 @@
font = {
name = "JetBrainsMono Nerd Font";
# use different font size on macOS
size = if pkgs.stdenv.isDarwin then 14 else 13;
size =
if pkgs.stdenv.isDarwin
then 14
else 13;
};
settings = {
background_opacity = "0.95";
macos_option_as_alt = true; # Option key acts as Alt on macOS
scrollback_lines = 10000;
enable_audio_bell = false;
} // (if pkgs.stdenv.isDarwin then {
# macOS specific settings, force kitty to use nushell as default shell
shell = "/run/current-system/sw/bin/nu";
} else {});
settings =
{
background_opacity = "0.95";
macos_option_as_alt = true; # Option key acts as Alt on macOS
scrollback_lines = 10000;
enable_audio_bell = false;
}
// (
if pkgs.stdenv.isDarwin
then {
# macOS specific settings, force kitty to use nushell as default shell
shell = "/run/current-system/sw/bin/nu";
}
else {}
);
# macOS specific settings
darwinLaunchOptions = [ "--start-as=fullscreen" ];
darwinLaunchOptions = ["--start-as=fullscreen"];
};
}

9
home/base/desktop/media.nix
View File

@@ -1,6 +1,7 @@
{ pkgs
, config
, ...
{
pkgs,
config,
...
}:
# processing audio/video
{
@@ -8,7 +9,7 @@
ffmpeg-full
# images
viu # Terminal image viewer with native support for iTerm and Kitty
viu # Terminal image viewer with native support for iTerm and Kitty
imagemagick
graphviz
];

67
home/base/desktop/neovim/default.nix
View File

@@ -1,5 +1,8 @@
{ pkgs, astronvim, ... }:
{
pkgs,
astronvim,
...
}:
###############################################################################
#
# AstroNvim's configuration and all its dependencies
@@ -70,7 +73,7 @@
#
# Joining a Selection of Lines With Space: `:join`
# Joining without spaces: `:join!`
#
#
# Toggle text's case: `~`
# Convert to uppercase: `U`
# Convert to lowercase: `u`
@@ -93,7 +96,7 @@
"nvim" = {
# update AstroNvim
onChange = "${pkgs.neovim}/bin/nvim --headless +quitall";
source = astronvim;
source = astronvim;
};
# my cusotom astronvim config, astronvim will load it after base config
# https://github.com/AstroNvim/AstroNvim/blob/v3.32.0/lua/astronvim/bootstrap.lua#L15-L16
@@ -117,16 +120,15 @@
viAlias = false;
vimAlias = true;
withPython3 = true;
withNodeJs = true;
extraPackages = [];
# currently we use lazy.nvim as neovim's package manager, so comment this one.
plugins = with pkgs.vimPlugins;[
plugins = with pkgs.vimPlugins; [
# search all the plugins using https://search.nixos.org/packages
luasnip
];
};
};
@@ -144,14 +146,14 @@
#-- python
nodePackages.pyright # python language server
python311Packages.black # python formatter
python311Packages.black # python formatter
python311Packages.ruff-lsp
#-- rust
rust-analyzer
cargo # rust package manager
cargo # rust package manager
rustfmt
#-- zig
zls
@@ -159,18 +161,18 @@
nil
rnix-lsp
# nixd
statix # Lints and suggestions for the nix programming language
deadnix # Find and remove unused code in .nix source files
alejandra # Nix Code Formatter
statix # Lints and suggestions for the nix programming language
deadnix # Find and remove unused code in .nix source files
alejandra # Nix Code Formatter
#-- golang
go
gomodifytags
iferr # generate error handling code for go
impl # generate function implementation for go
gotools # contains tools like: godoc, goimports, etc.
gopls # go language server
delve # go debugger
iferr # generate error handling code for go
impl # generate function implementation for go
gotools # contains tools like: godoc, goimports, etc.
gopls # go language server
delve # go debugger
#-- lua
stylua
@@ -180,7 +182,7 @@
nodePackages.bash-language-server
shellcheck
shfmt
#-- javascript/typescript --#
nodePackages.typescript
nodePackages.typescript-language-server
@@ -194,26 +196,25 @@
terraform-ls
jsonnet
jsonnet-language-server
hadolint # Dockerfile linter
hadolint # Dockerfile linter
#-- Others
taplo # TOML language server / formatter / validator
taplo # TOML language server / formatter / validator
nodePackages.yaml-language-server
sqlfluff # SQL linter
actionlint # GitHub Actions linter
buf # protoc plugin for linting and formatting
proselint # English prose linter
sqlfluff # SQL linter
actionlint # GitHub Actions linter
buf # protoc plugin for linting and formatting
proselint # English prose linter
#-- Misc
tree-sitter # common language parser/highlighter
nodePackages.prettier # common code formatter
marksman # language server for markdown
glow # markdown previewer
tree-sitter # common language parser/highlighter
nodePackages.prettier # common code formatter
marksman # language server for markdown
glow # markdown previewer
#-- Optional Requirements:
gdu # disk usage analyzer, required by AstroNvim
ripgrep # fast search tool, required by AstroNvim's '<leader>fw'(<leader> is space key)
gdu # disk usage analyzer, required by AstroNvim
ripgrep # fast search tool, required by AstroNvim's '<leader>fw'(<leader> is space key)
];
};
}

4
home/base/desktop/shell.nix
View File

@@ -1,5 +1,4 @@
{ ... }: {
{...}: {
programs.bash = {
# load the alias file for work
bashrcExtra = ''
@@ -22,5 +21,4 @@
source /etc/agenix/alias-for-work.nushell
'';
};
}

2
home/base/server/bash.nix
View File

@@ -1,4 +1,4 @@
{ ... }: {
{...}: {
programs.bash = {
enable = true;
enableCompletion = true;

7
home/base/server/bat/default.nix
View File

@@ -1,6 +1,5 @@
{ ... }:
{
# a cat(1) clone with syntax highlighting and Git integration.
{...}: {
# a cat(1) clone with syntax highlighting and Git integration.
programs.bat = {
enable = true;
config = {
@@ -12,6 +11,4 @@
Catppuccin-mocha = builtins.readFile ./Catppuccin-mocha.tmTheme;
};
};
}

10
home/base/server/core.nix
View File

@@ -1,6 +1,4 @@
{ pkgs, ... }:
{
{pkgs, ...}: {
home.packages = with pkgs; [
neofetch
nnn # terminal file manager
@@ -20,12 +18,12 @@
# networking tools
mtr # A network diagnostic tool
iperf3
dnsutils # `dig` + `nslookup`
dnsutils # `dig` + `nslookup`
ldns # replacement of `dig`, it provide the command `drill`
aria2 # A lightweight multi-protocol & multi-source command-line download utility
socat # replacement of openbsd-netcat
nmap # A utility for network discovery and security auditing
ipcalc # it is a calculator for the IPv4/v6 addresses
ipcalc # it is a calculator for the IPv4/v6 addresses
# misc
cowsay
@@ -40,7 +38,7 @@
gnupg
# nix related
#
#
# it provides the command `nom` works just like `nix
# with more details log output
nix-output-monitor

4
home/base/server/default.nix
View File

@@ -1,5 +1,4 @@
{ ... }:
{
{...}: {
imports = [
./bat
./nushell
@@ -11,5 +10,4 @@
./git.nix
./starship.nix
];
}

11
home/base/server/git.nix
View File

@@ -1,13 +1,14 @@
{ config
, lib
, pkgs
, ...
{
config,
lib,
pkgs,
...
}: {
# `programs.git` will generate the config file: ~/.config/git/config
# to make git use this config file, `~/.gitconfig` should not exist!
#
# https://git-scm.com/docs/git-config#Documentation/git-config.txt---global
home.activation.removeExistingGitconfig = lib.hm.dag.entryBefore [ "checkLinkTargets" ] ''
home.activation.removeExistingGitconfig = lib.hm.dag.entryBefore ["checkLinkTargets"] ''
rm -f ~/.gitconfig
'';

4
home/base/server/nushell/default.nix
View File

@@ -1,11 +1,11 @@
{ ... }: {
{...}: {
programs.nushell = {
enable = true;
configFile.source = ./config.nu;
# home-manager will merge the cotent in `environmentVariables` with the `envFile.source`
# but basically, I set all environment variables via the shell-independent way, so I don't need to use those two options
#
#
# envFile.source = ./env.nu;
# environmentVariables = { FOO="bar"; };

2
home/base/server/starship.nix
View File

@@ -1,4 +1,4 @@
{ ... }: {
{...}: {
programs.starship = {
enable = true;

13
home/base/server/tmux/custom-plugins.nix
View File

@@ -1,16 +1,13 @@
{ pkgs, ... }:
let
{pkgs, ...}: let
buildTmuxPlugin = pkgs.tmuxPlugins.mkTmuxPlugin;
in
{
in {
draculaTheme = buildTmuxPlugin {
pluginName = "dracula";
version = "v2.2.0";
src = builtins.fetchTarball {
name = "dracula-tmux-v2.2.0";
url = "https://github.com/dracula/tmux/archive/refs/tags/v2.2.0.tar.gz";
name = "dracula-tmux-v2.2.0";
url = "https://github.com/dracula/tmux/archive/refs/tags/v2.2.0.tar.gz";
sha256 = "sha256:0v2k994yy4xx2iw8qxg7qphw46gq2qmg496i3a3h9b6jgwxqm7zn";
};
};
}
}

23
home/base/server/tmux/default.nix
View File

@@ -1,24 +1,25 @@
{ config, pkgs, ... }:
let
plugins = pkgs.tmuxPlugins // pkgs.callPackage ./custom-plugins.nix {};
in
{
config,
pkgs,
...
}: let
plugins = pkgs.tmuxPlugins // pkgs.callPackage ./custom-plugins.nix {};
in {
programs.tmux = {
enable = true;
shell = "${pkgs.nushell}/bin/nu";
# Resize the window to the size of the smallest session for which it is the current window.
#
#
aggressiveResize = true;
# https://github.com/tmux-plugins/tmux-sensible
# tmux-sensible overwrites default tmux shortcuts, makes them more sane.
sensibleOnTop = true;
# extraConfig = builtins.readFile ./tmux.conf;
# keyMode = "vi"; # default is emacs
baseIndex = 1; # start index from 1
escapeTime = 0; # do not wait for escape key
terminal = "xterm-256color";
@@ -31,8 +32,8 @@ in
plugin = continuum;
extraConfig = ''
set -g @continuum-save-interval '15'
# Option to display current status of tmux continuum in tmux status line.
# Option to display current status of tmux continuum in tmux status line.
set -g status-right 'Continuum status: #{continuum_status}'
'';
}
@@ -41,7 +42,7 @@ in
# Manually persists tmux environment across system restarts.
# prefix + Ctrl-s - save
# prefix + Ctrl-r - restore
#
#
plugin = resurrect;
# Restore Neovim sessions
extraConfig = "set -g @resurrect-strategy-nvim 'session'";

4
home/base/server/zellij/default.nix
View File

@@ -1,6 +1,4 @@
{ ... }:
{
{...}: {
programs.zellij = {
enable = true;
};

6
home/darwin/core.nix
View File

@@ -1,8 +1,6 @@
{ pkgs, ... }:
{
{pkgs, ...}: {
##########################################################################
#
#
# MacOS specific home configuration
#
##########################################################################

10
home/darwin/default.nix
View File

@@ -1,9 +1,7 @@
{ ... }:
{
{ username, ... }: {
imports = [
../base/desktop
./core.nix
./nushell.nix
./rime-squirrel.nix
@@ -12,9 +10,9 @@
# Home Manager needs a bit of information about you and the
# paths it should manage.
home = {
username = "ryan";
username = username;
# set homeDirectory make build fail
homeDirectory = "/Users/ryan";
homeDirectory = "/Users/${username}";
# This value determines the Home Manager release that your
# configuration is compatible with. This helps avoid breakage

4
home/darwin/nushell.nix
View File

@@ -1,4 +1,4 @@
{ config, ... }: {
{config, ...}: {
# nix-darwin do not set PATH for nushell! so we need to do it manually
# this is a workaround to add nix's PATH to nushell
programs.nushell.extraConfig = ''
@@ -15,4 +15,4 @@
($env.PATH | split row (char esep))
] | flatten)
'';
}
}

8
home/darwin/rime-squirrel.nix
View File

@@ -1,8 +1,10 @@
{ lib, pkgs, ... }:
{
lib,
pkgs,
...
}: {
# remove existing rime data (squirrel)
home.activation.removeExistingRimeData = lib.hm.dag.entryBefore [ "checkLinkTargets" ] ''
home.activation.removeExistingRimeData = lib.hm.dag.entryBefore ["checkLinkTargets"] ''
rm -rf "~/Library/Rime/build/flypy.prism.bin"
'';

7
home/linux/base/shell.nix
View File

@@ -1,11 +1,8 @@
{ config, ... }:
let
{config, ...}: let
d = config.xdg.dataHome;
c = config.xdg.configHome;
cache = config.xdg.cacheHome;
in
rec {
in rec {
# add environment variables
systemd.user.sessionVariables = {
# clean up ~

10
home/linux/base/system-tools.nix
View File

@@ -1,7 +1,4 @@
{ pkgs, ... }:
{
{pkgs, ...}: {
# Linux Only Packages, not available on Darwin
home.packages = with pkgs; [
btop # replacement of htop/nmon
@@ -13,7 +10,7 @@
# misc
libnotify
wireguard-tools # manage wireguard vpn manually, via wg-quick
# need to run `conda-install` before using it
# need to run `conda-shell` before using command `conda`
# conda is not available for MacOS
@@ -30,7 +27,7 @@
ethtool
pciutils # lspci
usbutils # lsusb
hdparm # for disk performance, command
hdparm # for disk performance, command
dmidecode # a tool that reads information about your system's hardware from the BIOS according to the SMBIOS/DMI standard
];
@@ -42,5 +39,4 @@
services = {
# syncthing.enable = true;
};
}

13
home/linux/desktop-hyprland.nix
View File

@@ -1,6 +1,4 @@
{ ... }:
{
{ username, ... }: {
imports = [
../base/desktop
@@ -13,12 +11,9 @@
# Home Manager needs a bit of information about you and the
# paths it should manage.
home = let
name = "ryan";
in
{
username = name;
homeDirectory = "/home/${name}";
home = {
username = username;
homeDirectory = "/home/${username}";
# This value determines the Home Manager release that your
# configuration is compatible with. This helps avoid breakage

15
home/linux/desktop-i3.nix
View File

@@ -1,6 +1,4 @@
{ ... }:
{
{ username, ... }: {
imports = [
../base/desktop
@@ -9,16 +7,13 @@
./desktop
./i3
];
];
# Home Manager needs a bit of information about you and the
# paths it should manage.
home = let
name = "ryan";
in
{
username = name;
homeDirectory = "/home/${name}";
home = {
username = username;
homeDirectory = "/home/${username}";
# This value determines the Home Manager release that your
# configuration is compatible with. This helps avoid breakage

3
home/linux/desktop/creative.nix
View File

@@ -1,5 +1,4 @@
{ pkgs, ... }:
{
{pkgs, ...}: {
home.packages = with pkgs; [
# creative
# blender # 3d modeling

5
home/linux/desktop/default.nix
View File

@@ -1,5 +1,4 @@
{ pkgs, ... }:
{
{pkgs, ...}: {
imports = [
./creative.nix
./immutable-file.nix
@@ -10,7 +9,7 @@
home.packages = with pkgs; [
# GUI apps
insomnia # REST client
insomnia # REST client
wireshark # network analyzer
# e-book viewer(.epub/.mobi/...)

47
home/linux/desktop/immutable-file.nix
View File

@@ -1,26 +1,24 @@
{ config
, lib
, pkgs
, ...
{
config,
lib,
pkgs,
...
}:
##############################################################################################
#
# Provide a option `home.immutable-file`, it works like `home.file` but make the generated file immutable.
#
# Copy from https://github.com/iosmanthus/nixos-config/blob/349917b/modules/immutable-file.nix
#
# this module use the `chattr +i` to make the file immutable, `i` indicates `immutable`,
# this module use the `chattr +i` to make the file immutable, `i` indicates `immutable`,
# it's a i-node flags only works on Linux.
#
#
# TODO not used yet, need to test it.
#
#
##############################################################################################
with lib;
let
with lib; let
cfg = config.home.immutable-file;
immutableFileOpts = { ... }: {
immutableFileOpts = {...}: {
options = {
src = mkOption {
type = types.path;
@@ -44,21 +42,24 @@ let
sudo cp $2 $1
sudo chattr +i $1
'';
in
{
in {
options.home.immutable-file = mkOption {
type = with types; attrsOf (submodule immutableFileOpts);
default = { };
default = {};
};
config = mkIf (cfg != { }) {
home.activation = mapAttrs'
(name: { src, dst }:
config = mkIf (cfg != {}) {
home.activation =
mapAttrs'
(name: {
src,
dst,
}:
nameValuePair
"make-immutable-${name}"
(lib.hm.dag.entryAfter [ "writeBoundary" ] ''
${mkImmutableFile} ${dst} ${src}
''))
"make-immutable-${name}"
(lib.hm.dag.entryAfter ["writeBoundary"] ''
${mkImmutableFile} ${dst} ${src}
''))
cfg;
};
}
}

11
home/linux/desktop/media.nix
View File

@@ -1,6 +1,7 @@
{ pkgs
, config
, ...
{
pkgs,
config,
...
}:
# media - control and enjoy audio/video
{
@@ -23,8 +24,8 @@
programs = {
mpv = {
enable = true;
defaultProfiles = [ "gpu-hq" ];
scripts = [ pkgs.mpvScripts.mpris ];
defaultProfiles = ["gpu-hq"];
scripts = [pkgs.mpvScripts.mpris];
};
};

6
home/linux/desktop/ssh.nix
View File

@@ -1,6 +1,4 @@
{ pkgs
, ...
}: {
{pkgs, ...}: {
programs.ssh = {
enable = true;
@@ -35,7 +33,7 @@
Host gtr5
HostName 192.168.5.172
Port 22
Host um560
HostName 192.168.5.173
Port 22

109
home/linux/desktop/xdg.nix
View File

@@ -1,9 +1,12 @@
# XDG stands for "Cross-Desktop Group", with X used to mean "cross".
# It's a bunch of specifications from freedesktop.org intended to standardize desktops and
# other GUI applications on various systems (primarily Unix-like) to be interoperable:
# XDG stands for "Cross-Desktop Group", with X used to mean "cross".
# It's a bunch of specifications from freedesktop.org intended to standardize desktops and
# other GUI applications on various systems (primarily Unix-like) to be interoperable:
# https://www.freedesktop.org/wiki/Specifications/
{ config, pkgs, ... }:
{
config,
pkgs,
...
}: {
home.packages = with pkgs; [
xdg-utils # provides cli tools such as `xdg-mime` `xdg-open`
xdg-user-dirs
@@ -15,68 +18,64 @@
# manage $XDG_CONFIG_HOME/mimeapps.list
# xdg search all desktop entries from $XDG_DATA_DIRS, check it by command:
# echo $XDG_DATA_DIRS
# echo $XDG_DATA_DIRS
# the system-level desktop entries can be list by command:
# ls -l /run/current-system/sw/share/applications/
# the user-level desktop entries can be list by command(user ryan):
# ls /etc/profiles/per-user/ryan/share/applications/
mimeApps = {
enable = true;
defaultApplications =
let
browser = [ "firefox.desktop" ];
in
{
"application/json" = browser;
"application/pdf" = browser; # TODO: pdf viewer
defaultApplications = let
browser = ["firefox.desktop"];
in {
"application/json" = browser;
"application/pdf" = browser; # TODO: pdf viewer
"text/html" = browser;
"text/xml" = browser;
"application/xml" = browser;
"application/xhtml+xml" = browser;
"application/xhtml_xml" = browser;
"application/rdf+xml" = browser;
"application/rss+xml" = browser;
"application/x-extension-htm" = browser;
"application/x-extension-html" = browser;
"application/x-extension-shtml" = browser;
"application/x-extension-xht" = browser;
"application/x-extension-xhtml" = browser;
"text/html" = browser;
"text/xml" = browser;
"application/xml" = browser;
"application/xhtml+xml" = browser;
"application/xhtml_xml" = browser;
"application/rdf+xml" = browser;
"application/rss+xml" = browser;
"application/x-extension-htm" = browser;
"application/x-extension-html" = browser;
"application/x-extension-shtml" = browser;
"application/x-extension-xht" = browser;
"application/x-extension-xhtml" = browser;
"x-scheme-handler/about" = browser;
"x-scheme-handler/ftp" = browser;
"x-scheme-handler/http" = browser;
"x-scheme-handler/https" = browser;
"x-scheme-handler/unknown" = browser;
"x-scheme-handler/about" = browser;
"x-scheme-handler/ftp" = browser;
"x-scheme-handler/http" = browser;
"x-scheme-handler/https" = browser;
"x-scheme-handler/unknown" = browser;
"x-scheme-handler/discord" = [ "discord.desktop" ];
"x-scheme-handler/tg" = [ "telegramdesktop.desktop" ];
"x-scheme-handler/discord" = ["discord.desktop"];
"x-scheme-handler/tg" = ["telegramdesktop.desktop"];
"audio/*" = [ "mpv.desktop" ];
"video/*" = [ "mpv.dekstop" ];
"image/*" = [ "imv.desktop" ];
};
"audio/*" = ["mpv.desktop"];
"video/*" = ["mpv.dekstop"];
"image/*" = ["imv.desktop"];
};
associations.removed =
let
browser = [ "google-chrome.desktop" ];
in
{
"text/html" = browser;
"text/xml" = browser;
"application/xml" = browser;
"application/xhtml+xml" = browser;
"application/xhtml_xml" = browser;
"application/rdf+xml" = browser;
"application/rss+xml" = browser;
"image/gif" = browser;
"image/jpeg" = browser;
"image/png" = browser;
"image/webp" = browser;
"x-scheme-handler/http" = browser;
"x-scheme-handler/https" = browser;
"application/pdf" = browser;
};
associations.removed = let
browser = ["google-chrome.desktop"];
in {
"text/html" = browser;
"text/xml" = browser;
"application/xml" = browser;
"application/xhtml+xml" = browser;
"application/xhtml_xml" = browser;
"application/rdf+xml" = browser;
"application/rss+xml" = browser;
"image/gif" = browser;
"image/jpeg" = browser;
"image/png" = browser;
"image/webp" = browser;
"x-scheme-handler/http" = browser;
"x-scheme-handler/https" = browser;
"application/pdf" = browser;
};
};
userDirs = {

12
home/linux/fcitx5/default.nix
View File

@@ -1,12 +1,16 @@
{ pkgs, config, lib, ... }: {
{
pkgs,
config,
lib,
...
}: {
home.file.".config/fcitx5/profile".source = ./profile;
home.file.".config/fcitx5/profile-bak".source = ./profile; # used for backup
# every time fcitx5 switch input method, it will modify ~/.config/fcitx5/profile file,
# every time fcitx5 switch input method, it will modify ~/.config/fcitx5/profile file,
# which will override my config managed by home-manager
# so we need to remove it before everytime we rebuild the config
home.activation.removeExistingFcitx5Profile = lib.hm.dag.entryBefore [ "checkLinkTargets" ] ''
home.activation.removeExistingFcitx5Profile = lib.hm.dag.entryBefore ["checkLinkTargets"] ''
rm -f "${config.xdg.configHome}/fcitx5/profile"
'';

5
home/linux/hyprland/default.nix
View File

@@ -1,5 +1,4 @@
{ pkgs, ...}:
{
{pkgs, ...}: {
imports = [
./wayland-apps.nix
];
@@ -22,7 +21,6 @@
home.file.".gtkrc-2.0".source = ./gtkrc-2.0;
home.file.".config/hypr/wallpapers/wallpaper.png".source = ../wallpapers/wallpaper.png;
# music player - mpd
home.file.".config/mpd" = {
source = ./mpd;
@@ -58,5 +56,4 @@
package = pkgs.qogir-theme;
size = 64;
};
}

9
home/linux/hyprland/wayland-apps.nix
View File

@@ -1,18 +1,13 @@
{ pkgs
, ...
}:
{
{pkgs, ...}: {
# TODO vscode & chrome both have wayland support, but they don't work with fcitx5, need to fix it.
programs = {
# source code: https://github.com/nix-community/home-manager/blob/master/modules/programs/chromium.nix
google-chrome = {
enable = true;
commandLineArgs = [
# make it use GTK_IM_MODULE if it runs with Gtk4, so fcitx5 can work with it.
# (only supported by chromium/chrome at this time, not electron)
# (only supported by chromium/chrome at this time, not electron)
"--gtk-version=4"
# make it use text-input-v1, which works for kwin 5.27 and weston
# "--enable-wayland-ime"

3
home/linux/i3/default.nix
View File

@@ -1,5 +1,4 @@
{ pkgs, ...}:
{
{pkgs, ...}: {
# i3 window manager's config, based on https://github.com/endeavouros-team/endeavouros-i3wm-setup
imports = [

8
home/linux/i3/x11-apps.nix
View File

@@ -1,15 +1,11 @@
{ pkgs
, ...
}: {
{pkgs, ...}: {
home.packages = with pkgs; [
firefox
xsel # for clipboard support in x11, required by tmux's clipboard support
xsel # for clipboard support in x11, required by tmux's clipboard support
];
# TODO vscode & chrome both have wayland support, but they don't work with fcitx5, need to fix it.
programs = {
# source code: https://github.com/nix-community/home-manager/blob/master/modules/programs/chromium.nix
google-chrome = {
enable = true;

13
home/linux/server.nix
View File

@@ -1,6 +1,4 @@
{ ... }:
{
{ username, ... }: {
imports = [
../base/server
@@ -9,12 +7,9 @@
# Home Manager needs a bit of information about you and the
# paths it should manage.
home = let
name = "ryan";
in
{
username = name;
homeDirectory = "/home/${name}";
home = {
username = username;
homeDirectory = "/home/${username}";
# This value determines the Home Manager release that your
# configuration is compatible with. This helps avoid breakage

31
hosts/harmonica/default.nix
View File

@@ -1,25 +1,34 @@
{ ... } @ args:
{ username, ... } @ args:
#############################################################
#
# Harmonica - my MacBook Pro 2020 13-inch, mainly for business.
#
#############################################################
let
name = "harmonica";
in
{
hostname = "harmonica";
in {
imports = [
../../modules/darwin/core.nix
../../modules/darwin/apps.nix
../../modules/darwin
../../secrets/darwin.nix
];
nixpkgs.overlays = import ../../overlays args;
networking.hostName = name;
networking.computerName = name;
system.defaults.smb.NetBIOSName = name;
networking.hostName = hostname;
networking.computerName = hostname;
system.defaults.smb.NetBIOSName = hostname;
# Define a user account. Don't forget to set a password with passwd.
users.users."${username}" = {
home = "/Users/${username}";
description = username;
# set user's default shell back to zsh
# `chsh -s /bin/zsh`
# DO NOT change the system's default shell to nushell! it will break some apps!
# It's better to change only starship/alacritty/vscode's shell to nushell!
};
nix.settings.trusted-users = [username];
}

12
hosts/idols/ai/cifs-mount.nix
View File

@@ -1,8 +1,12 @@
{ config, pkgs, ... }:
{
config,
pkgs,
username,
...
}: {
# mount a smb/cifs share
fileSystems."/home/ryan/SMB-Downloads" = {
fileSystems."/home/${username}/SMB-Downloads" = {
device = "//192.168.5.194/Downloads";
fsType = "cifs";
options = [
@@ -10,5 +14,3 @@
];
};
}

23
hosts/idols/ai/default.nix
View File

@@ -1,11 +1,9 @@
{ config, ... } @ args:
{config, ...} @ args:
#############################################################
#
# Ai - my main computer, with NixOS + I5-13600KF + RTX 4090 GPU, for gaming & daily use.
#
#############################################################
{
imports = [
./cifs-mount.nix
@@ -24,7 +22,7 @@
nixpkgs.overlays = import ../../../overlays args;
# Enable binfmt emulation of aarch64-linux, this is required for cross compilation.
boot.binfmt.emulatedSystems = [ "aarch64-linux" "riscv64-linux" ];
boot.binfmt.emulatedSystems = ["aarch64-linux" "riscv64-linux"];
# supported fil systems, so we can mount any removable disks with these filesystems
boot.supportedFilesystems = [
"ext4"
@@ -60,10 +58,12 @@
enableIPv6 = false; # disable ipv6
interfaces.enp5s0 = {
useDHCP = false;
ipv4.addresses = [{
address = "192.168.5.100";
prefixLength = 24;
}];
ipv4.addresses = [
{
address = "192.168.5.100";
prefixLength = 24;
}
];
};
defaultGateway = "192.168.5.201";
nameservers = [
@@ -75,17 +75,17 @@
virtualisation.docker.storageDriver = "btrfs";
# for Nvidia GPU
services.xserver.videoDrivers = [ "nvidia" ]; # will install nvidia-vaapi-driver by default
services.xserver.videoDrivers = ["nvidia"]; # will install nvidia-vaapi-driver by default
hardware.nvidia = {
package = config.boot.kernelPackages.nvidiaPackages.stable;
modesetting.enable = true;
powerManagement.enable = true;
};
virtualisation.docker.enableNvidia = true; # for nvidia-docker
virtualisation.docker.enableNvidia = true; # for nvidia-docker
hardware.opengl = {
enable = true;
# if hardware.opengl.driSupport is enabled, mesa is installed and provides Vulkan for supported hardware.
# if hardware.opengl.driSupport is enabled, mesa is installed and provides Vulkan for supported hardware.
driSupport = true;
# needed by nvidia-docker
driSupport32Bit = true;
@@ -98,5 +98,4 @@
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "22.11"; # Did you read the comment?
}

46
hosts/idols/ai/hardware-configuration.nix
View File

@@ -1,34 +1,34 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[
(modulesPath + "/installer/scan/not-detected.nix")
];
config,
lib,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod"];
boot.initrd.kernelModules = [];
boot.kernelModules = ["kvm-intel"];
boot.extraModulePackages = [];
fileSystems."/" =
{
device = "/dev/disk/by-uuid/231466f6-cdf3-40e1-b9d2-6b4e8d10a4d3";
fsType = "btrfs";
options = [ "subvol=@" ];
};
fileSystems."/" = {
device = "/dev/disk/by-uuid/231466f6-cdf3-40e1-b9d2-6b4e8d10a4d3";
fsType = "btrfs";
options = ["subvol=@"];
};
fileSystems."/boot/efi" =
{
device = "/dev/disk/by-uuid/87ED-8B2E";
fsType = "vfat";
};
fileSystems."/boot/efi" = {
device = "/dev/disk/by-uuid/87ED-8B2E";
fsType = "vfat";
};
swapDevices =
[{ device = "/dev/disk/by-uuid/17391ca0-8cdb-4598-a40b-fd9548fd9b37"; }];
swapDevices = [{device = "/dev/disk/by-uuid/17391ca0-8cdb-4598-a40b-fd9548fd9b37";}];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's

18
hosts/idols/aquamarine/default.nix
View File

@@ -1,11 +1,9 @@
{ ... } @args:
{...} @ args:
#############################################################
#
# Aquamarine - A NixOS VM running on Proxmox
#
#############################################################
{
imports = [
{
@@ -21,9 +19,8 @@
nixpkgs.overlays = import ../../../overlays args;
# Enable binfmt emulation of aarch64-linux, this is required for cross compilation.
boot.binfmt.emulatedSystems = [ "aarch64-linux" "riscv64-linux" ];
boot.binfmt.emulatedSystems = ["aarch64-linux" "riscv64-linux"];
# supported fil systems, so we can mount any removable disks with these filesystems
boot.supportedFilesystems = [
"ext4"
@@ -48,10 +45,12 @@
networkmanager.enable = true;
interfaces.ens18 = {
useDHCP = false;
ipv4.addresses = [{
address = "192.168.5.101";
prefixLength = 24;
}];
ipv4.addresses = [
{
address = "192.168.5.101";
prefixLength = 24;
}
];
};
defaultGateway = "192.168.5.201";
nameservers = [
@@ -67,5 +66,4 @@
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "22.11"; # Did you read the comment?
}

18
hosts/idols/kana/default.nix
View File

@@ -1,11 +1,9 @@
{ ... } @args:
{...} @ args:
#############################################################
#
# Kana - a NixOS VM running on Proxmox
#
#############################################################
{
imports = [
{
@@ -21,9 +19,8 @@
nixpkgs.overlays = import ../../../overlays args;
# Enable binfmt emulation of aarch64-linux, this is required for cross compilation.
boot.binfmt.emulatedSystems = [ "aarch64-linux" "riscv64-linux" ];
boot.binfmt.emulatedSystems = ["aarch64-linux" "riscv64-linux"];
# supported fil systems, so we can mount any removable disks with these filesystems
boot.supportedFilesystems = [
"ext4"
@@ -48,10 +45,12 @@
networkmanager.enable = true;
interfaces.ens18 = {
useDHCP = false;
ipv4.addresses = [{
address = "192.168.5.103";
prefixLength = 24;
}];
ipv4.addresses = [
{
address = "192.168.5.103";
prefixLength = 24;
}
];
};
defaultGateway = "192.168.5.201";
nameservers = [
@@ -67,5 +66,4 @@
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "23.05"; # Did you read the comment?
}

20
hosts/idols/ruby/default.nix
View File

@@ -1,13 +1,9 @@
{ ... } @args:
{...} @ args:
#############################################################
#
# Ruby - a NixOS VM running on Proxmox
#
#############################################################
{
imports = [
{
@@ -23,9 +19,8 @@
nixpkgs.overlays = import ../../../overlays args;
# Enable binfmt emulation of aarch64-linux, this is required for cross compilation.
boot.binfmt.emulatedSystems = [ "aarch64-linux" "riscv64-linux" ];
boot.binfmt.emulatedSystems = ["aarch64-linux" "riscv64-linux"];
# supported fil systems, so we can mount any removable disks with these filesystems
boot.supportedFilesystems = [
"ext4"
@@ -50,10 +45,12 @@
networkmanager.enable = true;
interfaces.ens18 = {
useDHCP = false;
ipv4.addresses = [{
address = "192.168.5.102";
prefixLength = 24;
}];
ipv4.addresses = [
{
address = "192.168.5.102";
prefixLength = 24;
}
];
};
defaultGateway = "192.168.5.201";
nameservers = [
@@ -69,5 +66,4 @@
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "23.05"; # Did you read the comment?
}

25
lib/macosSystem.nix Normal file
View File

@@ -0,0 +1,25 @@
{
nix-darwin,
home-manager,
system,
specialArgs,
darwin-modules,
home-module,
}: let
username = specialArgs.username;
in
nix-darwin.lib.darwinSystem {
inherit system specialArgs;
modules =
darwin-modules
++ [
home-manager.darwinModules.home-manager
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.extraSpecialArgs = specialArgs;
home-manager.users."${username}" = home-module;
}
];
}

35
lib/nixosSystem.nix Normal file
View File

@@ -0,0 +1,35 @@
{
nixpkgs,
home-manager,
nixos-generators,
system,
specialArgs,
nixos-modules,
home-module,
}: let
username = specialArgs.username;
in
nixpkgs.lib.nixosSystem {
inherit system specialArgs;
modules =
nixos-modules
++ [
nixos-generators.nixosModules.all-formats
{
# formatConfigs.iso = {config, ...}: {};
formatConfigs.proxmox = {config, ...}: {
# custom proxmox's image name
proxmox.qemuConf.name = "${config.networking.hostName}-nixos-${config.system.nixos.label}";
};
}
home-manager.nixosModules.home-manager
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.extraSpecialArgs = specialArgs;
home-manager.users."${username}" = home-module;
}
];
}

209
modules/darwin/apps.nix
View File

@@ -1,140 +1,35 @@
{ pkgs, ...}: {
{pkgs, ...}: {
##########################################################################
#
# MacOS specific nix-darwin configuration
#
# Nix is not well supported on macOS, I met some strange bug recently.
# So install apps using [homebrew](https://daiderd.com/nix-darwin/manual/index.html#opt-homebrew.enable) here.
#
# Install all apps and packages here.
#
# NOTE: Your can find all available options in:
# https://daiderd.com/nix-darwin/manual/index.html
#
# TODO Fell free to modify this file to fit your needs.
#
##########################################################################
system = {
# Install packages from nix's official package repository.
#
# The packages installed here are available to all users, and are reproducible across machines, and are rollbackable.
# But on macOS, it's less stable than homebrew.
#
# Related Discussion: https://discourse.nixos.org/t/darwin-again/29331
environment.systemPackages = with pkgs; [
neovim
git
nushell # my custom shell
];
environment.variables.EDITOR = "nvim";
# activationScripts are executed every time you boot the system or run `nixos-rebuild` / `darwin-rebuild`.
activationScripts.postUserActivation.text = ''
# activateSettings -u will reload the settings from the database and apply them to the current session,
# so we do not need to logout and login again to make the changes take effect.
/System/Library/PrivateFrameworks/SystemAdministration.framework/Resources/activateSettings -u
'';
defaults = {
menuExtraClock.Show24Hour = true; # show 24 hour clock
# customize dock
dock = {
autohide = true;
show-recents = false; # disable recent apps
# customize Hot Corners(触发角, 鼠标移动到屏幕角落时触发的动作)
wvous-tl-corner = 2; # top-left - Mission Control
wvous-tr-corner = 13; # top-right - Lock Screen
wvous-bl-corner = 3; # bottom-left - Application Windows
wvous-br-corner = 4; # bottom-right - Desktop
};
# customize finder
finder = {
_FXShowPosixPathInTitle = true; # show full path in finder title
AppleShowAllExtensions = true; # show all file extensions
FXEnableExtensionChangeWarning = false; # disable warning when changing file extension
QuitMenuItem = true; # enable quit menu item
ShowPathbar = true; # show path bar
ShowStatusBar = true; # show status bar
};
# customize trackpad
trackpad = {
# tap - 轻触触摸板, click - 点击触摸板
Clicking = true; # enable tap to click(轻触触摸板相当于点击)
TrackpadRightClick = true; # enable two finger right click
TrackpadThreeFingerDrag = true; # enable three finger drag
};
# customize macOS
NSGlobalDomain = {
# `defaults read NSGlobalDomain "xxx"`
"com.apple.swipescrolldirection" = true; # enable natural scrolling(default to true)
"com.apple.sound.beep.feedback" = 0; # disable beep sound when pressing volume up/down key
AppleInterfaceStyle = "Dark"; # dark mode
AppleKeyboardUIMode = 3; # Mode 3 enables full keyboard control.
ApplePressAndHoldEnabled = true; # enable press and hold
# If you press and hold certain keyboard keys when in a text area, the keys character begins to repeat.
# This is very useful for vim users, they use `hjkl` to move cursor.
# sets how long it takes before it starts repeating.
InitialKeyRepeat = 15; # normal minimum is 15 (225 ms), maximum is 120 (1800 ms)
# sets how fast it repeats once it starts.
KeyRepeat = 3; # normal minimum is 2 (30 ms), maximum is 120 (1800 ms)
NSAutomaticCapitalizationEnabled = false; # disable auto capitalization(自动大写)
NSAutomaticDashSubstitutionEnabled = false; # disable auto dash substitution(智能破折号替换)
NSAutomaticPeriodSubstitutionEnabled = false; # disable auto period substitution(智能句号替换)
NSAutomaticQuoteSubstitutionEnabled = false; # disable auto quote substitution(智能引号替换)
NSAutomaticSpellingCorrectionEnabled = false; # disable auto spelling correction(自动拼写检查)
NSNavPanelExpandedStateForSaveMode = true; # expand save panel by default(保存文件时的路径选择/文件名输入页)
NSNavPanelExpandedStateForSaveMode2 = true;
};
# customize settings that not supported by nix-darwin directly
CustomUserPreferences = {
NSGlobalDomain = {
# Add a context menu item for showing the Web Inspector in web views
WebKitDeveloperExtras = true;
};
"com.apple.finder" = {
ShowExternalHardDrivesOnDesktop = true;
ShowHardDrivesOnDesktop = true;
ShowMountedServersOnDesktop = true;
ShowRemovableMediaOnDesktop = true;
_FXSortFoldersFirst = true;
# When performing a search, search the current folder by default
FXDefaultSearchScope = "SCcf";
};
"com.apple.desktopservices" = {
# Avoid creating .DS_Store files on network or USB volumes
DSDontWriteNetworkStores = true;
DSDontWriteUSBStores = true;
};
"com.apple.screensaver" = {
# Require password immediately after sleep or screen saver begins
askForPassword = 1;
askForPasswordDelay = 0;
};
"com.apple.screencapture" = {
location = "~/Desktop";
type = "png";
};
"com.apple.AdLib" = {
allowApplePersonalizedAdvertising = false;
};
# Prevent Photos from opening automatically when devices are plugged in
"com.apple.ImageCapture".disableHotPlug = true;
};
loginwindow = {
GuestEnabled = false; # disable guest user
SHOWFULLNAME = true; # show full name in login window
};
};
# keyboard settings is not very useful on macOS
# the most important thing is to remap option key to alt key globally,
# but it's not supported by macOS yet.
keyboard = {
enableKeyMapping = true; # enable key mapping so that we can use `option` as `control`
# NOTE: do NOT support remap capslock to both control and escape at the same time
remapCapsLockToControl = false; # remap caps lock to control, useful for emac users
remapCapsLockToEscape = true; # remap caps lock to escape, useful for vim users
# swap left command and left alt
# so it matches common keyboard layout: `ctrl | command | alt`
#
# disabled, caused only problems!
swapLeftCommandAndLeftAlt = false;
};
};
# Create /etc/zshrc that loads the nix-darwin environment.
# this is required if you want to use darwin's default shell - zsh
programs.zsh.enable = true;
environment.shells = [
pkgs.zsh
pkgs.nushell # my custom shell
];
# Homebrew Mirror
environment.variables = {
@@ -145,12 +40,11 @@
HOMEBREW_PIP_INDEX_URL = "https://pypi.tuna.tsinghua.edu.cn/simple";
};
# homebrew need to be installed manually, see https://brew.sh
homebrew = {
# TODO Homebrew install takes a long time,
# So only enable this when you make changes.
enable = false;
# TODO Homebrew install takes a long time,
# So only enable this when you make changes.
enable = true;
onActivation = {
autoUpdate = false;
@@ -161,12 +55,12 @@
# Applications to install from Mac App Store using mas.
# You need to install all these Apps manually first so that your apple account have records for them.
# otherwise Apple Store will refuse to install them.
# For details, see https://github.com/mas-cli/mas
# For details, see https://github.com/mas-cli/mas
masApps = {
# Xcode = 497799835;
Wechat = 836500024;
QQ = 451108668;
WeCom = 1189898970; # Wechat for Work
WeCom = 1189898970; # Wechat for Work
TecentMetting = 1484048379;
NeteaseCloudMusic = 944848654;
QQMusic = 595615424;
@@ -184,22 +78,25 @@
brews = [
# `brew install`
"wget" # download tool
"curl" # no not install curl via nixpkgs, it's not working well on macOS!
"aria2" # download tool
"httpie" # http client
"wireguard-tools" # wireguard
"wget" # download tool
"curl" # no not install curl via nixpkgs, it's not working well on macOS!
"aria2" # download tool
"httpie" # http client
"wireguard-tools" # wireguard
# Usage:
# https://github.com/tailscale/tailscale/wiki/Tailscaled-on-macOS#run-the-tailscaled-daemon
# 1. `sudo tailscaled install-system-daemon`
# 2. `tailscale up --accept-routes`
"tailscale" # tailscale
"tailscale" # tailscale
# https://github.com/rgcr/m-cli
"m-cli" #  Swiss Army Knife for macOS
];
# `brew install --cask`
casks = [
"squirrel" # input method for Chinese, rime-squirrel
"squirrel" # input method for Chinese, rime-squirrel
"firefox"
"google-chrome"
@@ -213,20 +110,20 @@
"microsoft-remote-desktop"
# "anki"
"clashx" # proxy tool
"iina" # video player
"openinterminal-lite" # open current folder in terminal
"syncthing" # file sync
"raycast" # (HotKey: alt/option + space)search, caculate and run scripts(with many plugins)
"iglance" # beautiful system monitor
"eudic" # 欧路词典
"clashx" # proxy tool
"iina" # video player
"openinterminal-lite" # open current folder in terminal
"syncthing" # file sync
"raycast" # (HotKey: alt/option + space)search, caculate and run scripts(with many plugins)
"iglance" # beautiful system monitor
"eudic" # 欧路词典
# "reaper" # audio editor
# Development
"insomnia" # REST client
"wireshark" # network analyzer
"jdk-mission-control" # Java Mission Control
"google-cloud-sdk" # Google Cloud SDK
"insomnia" # REST client
"wireshark" # network analyzer
"jdk-mission-control" # Java Mission Control
"google-cloud-sdk" # Google Cloud SDK
];
};
}

102
modules/darwin/core.nix
View File

@@ -1,102 +0,0 @@
{ pkgs, lib, ... }:
{
###################################################################################
#
# Core configuration for nix-darwin
#
# All the configuration options are documented here:
# https://daiderd.com/nix-darwin/manual/index.html#sec-options
#
###################################################################################
# enable flakes globally
nix.settings.experimental-features = [ "nix-command" "flakes" ];
nix.settings.trusted-users = ["ryan"];
# Allow unfree packages
nixpkgs.config.allowUnfree = true;
# Auto upgrade nix package and the daemon service.
services.nix-daemon.enable = true;
# Use this instead of services.nix-daemon.enable if you
# don't wan't the daemon service to be managed for you.
# nix.useDaemon = true;
nix.package = pkgs.nix;
programs.nix-index.enable = true;
# boot.loader.grub.configurationLimit = 10;
# do garbage collection weekly to keep disk usage low
nix.gc = {
automatic = lib.mkDefault true;
options = lib.mkDefault "--delete-older-than 1w";
};
# Manual optimise storage: nix-store --optimise
# https://nixos.org/manual/nix/stable/command-ref/conf-file.html#conf-auto-optimise-store
nix.settings.auto-optimise-store = true;
# Add ability to used TouchID for sudo authentication
security.pam.enableSudoTouchIdAuth = true;
# Set your time zone.
# comment this due to the issue:
# https://github.com/LnL7/nix-darwin/issues/359
# time.timeZone = "Asia/shanghai";
# Apps
# `home-manager` currently has issues adding them to `~/Applications`
# Issue: https://github.com/nix-community/home-manager/issues/1341
environment.systemPackages = with pkgs; [
neovim
git
nushell # my custom shell
];
environment.variables.EDITOR = "nvim";
# Fonts
fonts = {
# use fonts specified by user rather than default ones
fontDir.enable = true;
fonts = with pkgs; [
# icon fonts
material-design-icons
font-awesome
# nerdfonts
(nerdfonts.override {
fonts = [
"FiraCode"
"JetBrainsMono"
"Iosevka"
];
})
];
};
# Define a user account. Don't forget to set a password with passwd.
users.users.ryan = {
home = "/Users/ryan";
description = "ryan";
# set user's default shell back to zsh
# `chsh -s /bin/zsh`
# DO NOT change the system's default shell to nushell! it will break some apps!
# It's better to change only starship/alacritty/vscode's shell to nushell!
};
# Create /etc/zshrc that loads the nix-darwin environment.
# this is required if you want to use darwin's default shell - zsh
programs.zsh.enable = true;
environment.shells = [
pkgs.zsh
pkgs.nushell # my custom shell
];
}

7
modules/darwin/default.nix Normal file
View File

@@ -0,0 +1,7 @@
{
imports = [
./apps.nix
./nix-core.nix
./system.nix
];
}

41
modules/darwin/nix-core.nix Normal file
View File

@@ -0,0 +1,41 @@
{
pkgs,
lib,
...
}: {
###################################################################################
#
# Core configuration for nix-darwin
#
# All the configuration options are documented here:
# https://daiderd.com/nix-darwin/manual/index.html#sec-options
#
###################################################################################
# enable flakes globally
nix.settings.experimental-features = ["nix-command" "flakes"];
# Allow unfree packages
nixpkgs.config.allowUnfree = true;
# Auto upgrade nix package and the daemon service.
services.nix-daemon.enable = true;
# Use this instead of services.nix-daemon.enable if you
# don't wan't the daemon service to be managed for you.
# nix.useDaemon = true;
nix.package = pkgs.nix;
programs.nix-index.enable = true;
# boot.loader.grub.configurationLimit = 10;
# do garbage collection weekly to keep disk usage low
nix.gc = {
automatic = lib.mkDefault true;
options = lib.mkDefault "--delete-older-than 1w";
};
# Manual optimise storage: nix-store --optimise
# https://nixos.org/manual/nix/stable/command-ref/conf-file.html#conf-auto-optimise-store
nix.settings.auto-optimise-store = true;
}

165
modules/darwin/system.nix Normal file
View File

@@ -0,0 +1,165 @@
{pkgs, ...}:
###################################################################################
#
# macOS's System configuration
#
# All the configuration options are documented here:
# https://daiderd.com/nix-darwin/manual/index.html#sec-options
#
###################################################################################
{
# Add ability to used TouchID for sudo authentication
security.pam.enableSudoTouchIdAuth = true;
system = {
# activationScripts are executed every time you boot the system or run `nixos-rebuild` / `darwin-rebuild`.
activationScripts.postUserActivation.text = ''
# activateSettings -u will reload the settings from the database and apply them to the current session,
# so we do not need to logout and login again to make the changes take effect.
/System/Library/PrivateFrameworks/SystemAdministration.framework/Resources/activateSettings -u
'';
defaults = {
menuExtraClock.Show24Hour = true; # show 24 hour clock
# customize dock
dock = {
autohide = true;
show-recents = false; # disable recent apps
# customize Hot Corners(触发角, 鼠标移动到屏幕角落时触发的动作)
wvous-tl-corner = 2; # top-left - Mission Control
wvous-tr-corner = 13; # top-right - Lock Screen
wvous-bl-corner = 3; # bottom-left - Application Windows
wvous-br-corner = 4; # bottom-right - Desktop
};
# customize finder
finder = {
_FXShowPosixPathInTitle = true; # show full path in finder title
AppleShowAllExtensions = true; # show all file extensions
FXEnableExtensionChangeWarning = false; # disable warning when changing file extension
QuitMenuItem = true; # enable quit menu item
ShowPathbar = true; # show path bar
ShowStatusBar = true; # show status bar
};
# customize trackpad
trackpad = {
# tap - 轻触触摸板, click - 点击触摸板
Clicking = true; # enable tap to click(轻触触摸板相当于点击)
TrackpadRightClick = true; # enable two finger right click
TrackpadThreeFingerDrag = true; # enable three finger drag
};
# customize macOS
NSGlobalDomain = {
# `defaults read NSGlobalDomain "xxx"`
"com.apple.swipescrolldirection" = true; # enable natural scrolling(default to true)
"com.apple.sound.beep.feedback" = 0; # disable beep sound when pressing volume up/down key
AppleInterfaceStyle = "Dark"; # dark mode
AppleKeyboardUIMode = 3; # Mode 3 enables full keyboard control.
ApplePressAndHoldEnabled = true; # enable press and hold
# If you press and hold certain keyboard keys when in a text area, the keys character begins to repeat.
# This is very useful for vim users, they use `hjkl` to move cursor.
# sets how long it takes before it starts repeating.
InitialKeyRepeat = 15; # normal minimum is 15 (225 ms), maximum is 120 (1800 ms)
# sets how fast it repeats once it starts.
KeyRepeat = 3; # normal minimum is 2 (30 ms), maximum is 120 (1800 ms)
NSAutomaticCapitalizationEnabled = false; # disable auto capitalization(自动大写)
NSAutomaticDashSubstitutionEnabled = false; # disable auto dash substitution(智能破折号替换)
NSAutomaticPeriodSubstitutionEnabled = false; # disable auto period substitution(智能句号替换)
NSAutomaticQuoteSubstitutionEnabled = false; # disable auto quote substitution(智能引号替换)
NSAutomaticSpellingCorrectionEnabled = false; # disable auto spelling correction(自动拼写检查)
NSNavPanelExpandedStateForSaveMode = true; # expand save panel by default(保存文件时的路径选择/文件名输入页)
NSNavPanelExpandedStateForSaveMode2 = true;
};
# customize settings that not supported by nix-darwin directly
CustomUserPreferences = {
NSGlobalDomain = {
# Add a context menu item for showing the Web Inspector in web views
WebKitDeveloperExtras = true;
};
"com.apple.finder" = {
ShowExternalHardDrivesOnDesktop = true;
ShowHardDrivesOnDesktop = true;
ShowMountedServersOnDesktop = true;
ShowRemovableMediaOnDesktop = true;
_FXSortFoldersFirst = true;
# When performing a search, search the current folder by default
FXDefaultSearchScope = "SCcf";
};
"com.apple.desktopservices" = {
# Avoid creating .DS_Store files on network or USB volumes
DSDontWriteNetworkStores = true;
DSDontWriteUSBStores = true;
};
"com.apple.screensaver" = {
# Require password immediately after sleep or screen saver begins
askForPassword = 1;
askForPasswordDelay = 0;
};
"com.apple.screencapture" = {
location = "~/Desktop";
type = "png";
};
"com.apple.AdLib" = {
allowApplePersonalizedAdvertising = false;
};
# Prevent Photos from opening automatically when devices are plugged in
"com.apple.ImageCapture".disableHotPlug = true;
};
loginwindow = {
GuestEnabled = false; # disable guest user
SHOWFULLNAME = true; # show full name in login window
};
};
# keyboard settings is not very useful on macOS
# the most important thing is to remap option key to alt key globally,
# but it's not supported by macOS yet.
keyboard = {
enableKeyMapping = true; # enable key mapping so that we can use `option` as `control`
# NOTE: do NOT support remap capslock to both control and escape at the same time
remapCapsLockToControl = false; # remap caps lock to control, useful for emac users
remapCapsLockToEscape = true; # remap caps lock to escape, useful for vim users
# swap left command and left alt
# so it matches common keyboard layout: `ctrl | command | alt`
#
# disabled, caused only problems!
swapLeftCommandAndLeftAlt = false;
};
};
# Set your time zone.
# comment this due to the issue:
# https://github.com/LnL7/nix-darwin/issues/359
# time.timeZone = "Asia/shanghai";
# Fonts
fonts = {
# use fonts specified by user rather than default ones
fontDir.enable = true;
fonts = with pkgs; [
# icon fonts
material-design-icons
font-awesome
# nerdfonts
(nerdfonts.override {
fonts = [
"FiraCode"
"JetBrainsMono"
"Iosevka"
];
})
];
};
}

58
modules/nixos/core-desktop.nix
View File

@@ -1,6 +1,8 @@
{ lib, pkgs, ... }:
{
lib,
pkgs,
...
}: {
###################################################################################
#
# NixOS's core configuration suitable for my desktop computer
@@ -17,20 +19,6 @@
# Enable CUPS to print documents.
services.printing.enable = true;
# DO NOT promote ryan to input password for `nix-store` and `nix-copy-closure`
security.sudo.extraRules = [
{ users = [ "ryan" ];
commands = [
{ command = "/run/current-system/sw/bin/nix-store" ;
options = [ "NOPASSWD" ];
}
{ command = "/run/current-system/sw/bin/nix-copy-closure" ;
options = [ "NOPASSWD" ];
}
];
}
];
# all fonts are linked to /nix/var/nix/profiles/system/sw/share/X11/fonts
fonts = {
# use fonts specified by user rather than default ones
@@ -65,17 +53,17 @@
];
})
(pkgs.callPackage ../../fonts/icomoon-feather-icon-font.nix { })
(pkgs.callPackage ../../fonts/icomoon-feather-icon-font.nix {})
];
# user defined fonts
# the reason there's Noto Color Emoji everywhere is to override DejaVu's
# B&W emojis that would sometimes show instead of some Color emojis
fontconfig.defaultFonts = {
serif = [ "Noto Serif" "Noto Color Emoji" ];
sansSerif = [ "Noto Sans" "Noto Color Emoji" ];
monospace = [ "JetBrainsMono Nerd Font" "Noto Color Emoji" ];
emoji = [ "Noto Color Emoji" ];
serif = ["Noto Serif" "Noto Color Emoji"];
sansSerif = ["Noto Sans" "Noto Color Emoji"];
monospace = ["JetBrainsMono Nerd Font" "Noto Color Emoji"];
emoji = ["Noto Color Emoji"];
};
};
@@ -99,7 +87,7 @@
};
# The OpenSSH agent remembers private keys for you
# so that you dont have to type in passphrases every time you make an SSH connection.
# so that you dont have to type in passphrases every time you make an SSH connection.
# Use `ssh-add` to add a key to the agent.
programs.ssh.startAgent = true;
@@ -107,18 +95,19 @@
# $ nix search wget
environment.systemPackages = with pkgs; [
# python, some times I may need to use python with root permission.
(python310.withPackages (ps: with ps; [
ipython
pandas
requests
pyquery
pyyaml
]))
(python310.withPackages (ps:
with ps; [
ipython
pandas
requests
pyquery
pyyaml
]))
];
# PipeWire is a new low-level multimedia framework.
# It aims to offer capture and playback for both audio and video with minimal latency.
# It support for PulseAudio-, JACK-, ALSA- and GStreamer-based applications.
# It support for PulseAudio-, JACK-, ALSA- and GStreamer-based applications.
# PipeWire has a great bluetooth support, it can be a good alternative to PulseAudio.
# https://nixos.wiki/wiki/PipeWire
services.pipewire = {
@@ -167,28 +156,27 @@
services.gnome.gnome-keyring.enable = true;
security.pam.services.greetd.enableGnomeKeyring = true;
# A key remapping daemon for linux.
# A key remapping daemon for linux.
# https://github.com/rvaiya/keyd
services.keyd = {
enable = true;
settings = {
main = {
# overloads the capslock key to function as both escape (when tapped) and control (when held)
# overloads the capslock key to function as both escape (when tapped) and control (when held)
capslock = "overload(control, esc)";
};
};
};
services = {
dbus.packages = [ pkgs.gcr ];
dbus.packages = [pkgs.gcr];
geoclue2.enable = true;
udev.packages = with pkgs; [
gnome.gnome-settings-daemon
platformio # udev rules for platformio
openocd # required by paltformio, see https://github.com/NixOS/nixpkgs/issues/224895
openocd # required by paltformio, see https://github.com/NixOS/nixpkgs/issues/224895
android-udev-rules
];
};

28
modules/nixos/core-server.nix
View File

@@ -1,6 +1,8 @@
{ lib, pkgs, ... }:
{
lib,
pkgs,
...
}: {
###################################################################################
#
# NixOS's core configuration suitable for all my machines
@@ -22,8 +24,7 @@
nix.settings.auto-optimise-store = true;
# enable flakes globally
nix.settings.experimental-features = [ "nix-command" "flakes" ];
nix.settings.experimental-features = ["nix-command" "flakes"];
# Allow unfree packages
nixpkgs.config.allowUnfree = lib.mkDefault false;
@@ -74,14 +75,17 @@
# create a fhs environment by command `fhs`, so we can run non-nixos packages in nixos!
(
let base = pkgs.appimageTools.defaultFhsEnvArgs; in
pkgs.buildFHSUserEnv (base // {
name = "fhs";
targetPkgs = pkgs: (base.targetPkgs pkgs) ++ [ pkgs.pkg-config ];
profile = "export FHS=1";
runScript = "bash";
extraOutputsToInstall = [ "dev" ];
})
let
base = pkgs.appimageTools.defaultFhsEnvArgs;
in
pkgs.buildFHSUserEnv (base
// {
name = "fhs";
targetPkgs = pkgs: (base.targetPkgs pkgs) ++ [pkgs.pkg-config];
profile = "export FHS=1";
runScript = "bash";
extraOutputsToInstall = ["dev"];
})
)
];

42
modules/nixos/fhs-fonts.nix
View File

@@ -1,33 +1,33 @@
{ config, pkgs, ... }:
{
config,
pkgs,
...
}: {
###################################################################################
#
# Copy from https://github.com/NixOS/nixpkgs/issues/119433#issuecomment-1326957279
# Mainly for flatpak
# 1. bindfs resolves all symlink,
# 1. bindfs resolves all symlink,
# 2. allowing all fonts to be accessed at `/usr/share/fonts`
# 3. without letting /nix into the sandbox.
#
###################################################################################
system.fsPackages = [ pkgs.bindfs ];
fileSystems =
let
mkRoSymBind = path: {
device = path;
fsType = "fuse.bindfs";
options = [ "ro" "resolve-symlinks" "x-gvfs-hide" ];
};
aggregatedFonts = pkgs.buildEnv {
name = "system-fonts";
paths = config.fonts.fonts;
pathsToLink = [ "/share/fonts" ];
};
in
{
# Create an FHS mount to support flatpak host icons/fonts
"/usr/share/icons" = mkRoSymBind (config.system.path + "/share/icons");
"/usr/share/fonts" = mkRoSymBind (aggregatedFonts + "/share/fonts");
system.fsPackages = [pkgs.bindfs];
fileSystems = let
mkRoSymBind = path: {
device = path;
fsType = "fuse.bindfs";
options = ["ro" "resolve-symlinks" "x-gvfs-hide"];
};
aggregatedFonts = pkgs.buildEnv {
name = "system-fonts";
paths = config.fonts.fonts;
pathsToLink = ["/share/fonts"];
};
in {
# Create an FHS mount to support flatpak host icons/fonts
"/usr/share/icons" = mkRoSymBind (config.system.path + "/share/icons");
"/usr/share/fonts" = mkRoSymBind (aggregatedFonts + "/share/fonts");
};
}

16
modules/nixos/hyprland.nix
View File

@@ -1,8 +1,4 @@
{ pkgs, ... }:
{
{pkgs, ...}: {
##########################################################################################################
#
# NixOS's Configuration for Hyprland Window Manager
@@ -13,8 +9,7 @@
#
##########################################################################################################
environment.pathsToLink = [ "/libexec" ]; # links /libexec from derivations to /run/current-system/sw
environment.pathsToLink = ["/libexec"]; # links /libexec from derivations to /run/current-system/sw
services.xserver = {
enable = true;
@@ -44,7 +39,6 @@
};
programs.light.enable = true; # monitor backlight control
# thunar file manager(part of xfce) related options
programs.thunar.plugins = with pkgs.xfce; [
thunar-archive-plugin
@@ -74,12 +68,12 @@
yad # a fork of zenity, for creating dialogs
# audio
alsa-utils # provides amixer/alsamixer/...
cava # for visualizing audio
alsa-utils # provides amixer/alsamixer/...
cava # for visualizing audio
mpd # for playing system sounds
mpc-cli # command-line mpd client
ncmpcpp # a mpd client with a UI
networkmanagerapplet # provide GUI app: nm-connection-editor
networkmanagerapplet # provide GUI app: nm-connection-editor
xfce.thunar # xfce4's file manager
];

8
modules/nixos/i3.nix
View File

@@ -1,6 +1,4 @@
{ pkgs, ... }:
{
{pkgs, ...}: {
####################################################################
#
# NixOS's Configuration for I3 Window Manager
@@ -8,7 +6,7 @@
####################################################################
# i3 related options
environment.pathsToLink = [ "/libexec" ]; # links /libexec from derivations to /run/current-system/sw
environment.pathsToLink = ["/libexec"]; # links /libexec from derivations to /run/current-system/sw
services.xserver = {
enable = true;
@@ -42,7 +40,7 @@
xorg.xdpyinfo # get screen information
scrot # minimal screen capture tool, used by i3 blur lock to take a screenshot
sysstat # get system information
alsa-utils # provides amixer/alsamixer/...
alsa-utils # provides amixer/alsamixer/...
xfce.thunar # xfce4's file manager
];

14
modules/nixos/libvirt.nix
View File

@@ -1,7 +1,8 @@
{ lib, pkgs, ... }:
{
lib,
pkgs,
...
}: {
###################################################################################
#
# Enable Libvirt(QEMU/KVM), install qemu-system-riscv64/qemu-system-loongarch64/...)
@@ -11,7 +12,7 @@
virtualisation = {
libvirtd = {
enable = true;
# hanging this option to false may cause file permission issues for existing guests.
# hanging this option to false may cause file permission issues for existing guests.
# To fix these, manually change ownership of affected files in /var/lib/libvirt/qemu to qemu-libvirtd.
qemu.runAsRoot = true;
};
@@ -37,12 +38,11 @@
qemu_full
];
boot.kernelModules = [ "kvm-amd" "kvm-intel" ];
boot.kernelModules = ["kvm-amd" "kvm-intel"];
# Enable nested virsualization, required by security containers and nested vm.
boot.extraModprobeConfig = "options kvm_intel nested=1"; # for intel cpu
boot.extraModprobeConfig = "options kvm_intel nested=1"; # for intel cpu
# boot.extraModprobeConfig = "options kvm_amd nested=1"; # for amd cpu
# NixOS VM should enable this:
# services.qemuGuest = {
# enable = true;

27
modules/nixos/proxmox-hardware-configuration.nix
View File

@@ -1,24 +1,28 @@
{ config, lib, ... }:
{
config,
lib,
username,
...
}:
##############################################################################
#
# Template for Proxmox's VM, mainly based on:
# https://github.com/NixOS/nixpkgs/blob/nixos-unstable/nixos/modules/virtualisation/proxmox-image.nix
#
# the url above is used by `nixos-generator` to generate the Proxmox's VMA image file.
#
#
##############################################################################
{
# DO NOT promote ryan to input password for sudo.
# this is a workaround for the issue of remote deploy:
# https://github.com/NixOS/nixpkgs/issues/118655
security.sudo.extraRules = [
{ users = [ "ryan" ];
{
users = [ username ];
commands = [
{ command = "ALL" ;
options = [ "NOPASSWD" ];
{
command = "ALL";
options = ["NOPASSWD"];
}
];
}
@@ -27,7 +31,7 @@
boot = {
# after resize the disk, it will grow partition automatically.
growPartition = true;
kernelParams = [ "console=ttyS0" ];
kernelParams = ["console=ttyS0"];
loader.grub = {
device = "/dev/vda";
@@ -36,8 +40,8 @@
efiInstallAsRemovable = false;
};
loader.timeout = 3; # wait for 3 seconds to select the boot entry
initrd.availableKernelModules = [ "uas" "virtio_blk" "virtio_pci" ];
loader.timeout = lib.mkForce 3; # wait for 3 seconds to select the boot entry
initrd.availableKernelModules = ["uas" "virtio_blk" "virtio_pci"];
};
fileSystems."/" = {
@@ -47,7 +51,6 @@
};
# we do not have a /boot partition, so do not mount it.
# it alse had qemu-guest-agent installed by default.
services.qemuGuest.enable = lib.mkDefault true;
}

121
modules/nixos/remote-building.nix
View File

@@ -1,5 +1,5 @@
{ ... }: {
{ username, ... }:
{
####################################################################
#
# NixOS's Configuration for Remote Building / Distributed Building
@@ -8,68 +8,67 @@
# 1. https://github.com/NixOS/nix/issues/7380
# 2. https://nixos.wiki/wiki/Distributed_build
# 3. https://github.com/NixOS/nix/issues/2589
#
####################################################################
# set local's max-job to 0 to force remote building(disable local building)
# nix.settings.max-jobs = 0;
nix.distributedBuilds = true;
nix.buildMachines =
let
sshUser = "ryan";
# ssh key's path on local machine
sshKey = "/home/ryan/.ssh/ai-idols";
systems = [
# native arch
"x86_64-linux"
nix.buildMachines = let
sshUser = username;
# ssh key's path on local machine
sshKey = "/home/${username}/.ssh/ai-idols";
systems = [
# native arch
"x86_64-linux"
# emulated arch using binfmt_misc and qemu-user
"aarch64-linux"
"riscv64-linux"
];
# all available system features are poorly documentd here:
# https://github.com/NixOS/nix/blob/e503ead/src/libstore/globals.hh#L673-L687
supportedFeatures = [
"benchmark"
"big-parallel"
"kvm"
];
in
[
# Nix seems always try to build on the machine remotely
# to make use of the local machine's high-performance CPU, do not set remote builder's maxJobs too high.
{
# some of my remote builders are running NixOS
# and has the same sshUser, sshKey, systems, etc.
inherit sshUser sshKey systems supportedFeatures;
# emulated arch using binfmt_misc and qemu-user
"aarch64-linux"
"riscv64-linux"
];
# all available system features are poorly documentd here:
# https://github.com/NixOS/nix/blob/e503ead/src/libstore/globals.hh#L673-L687
supportedFeatures = [
"benchmark"
"big-parallel"
"kvm"
];
in [
# Nix seems always try to build on the machine remotely
# to make use of the local machine's high-performance CPU, do not set remote builder's maxJobs too high.
{
# some of my remote builders are running NixOS
# and has the same sshUser, sshKey, systems, etc.
inherit sshUser sshKey systems supportedFeatures;
# the hostName should be:
# 1. a hostname that can be resolved by DNS
# 2. the ip address of the remote builder
# 3. a host alias defined globally in /etc/ssh/ssh_config
hostName = "aquamarine";
# remote builder's max-job
maxJobs = 3;
# speedFactor's a signed integer
# but it seems that it's not used by Nix, takes no effect
speedFactor = 1;
}
{
inherit sshUser sshKey systems supportedFeatures;
hostName = "ruby";
maxJobs = 2;
speedFactor = 1;
}
{
inherit sshUser sshKey systems supportedFeatures;
hostName = "kana";
maxJobs = 2;
speedFactor = 1;
}
];
# the hostName should be:
# 1. a hostname that can be resolved by DNS
# 2. the ip address of the remote builder
# 3. a host alias defined globally in /etc/ssh/ssh_config
hostName = "aquamarine";
# remote builder's max-job
maxJobs = 3;
# speedFactor's a signed integer
# but it seems that it's not used by Nix, takes no effect
speedFactor = 1;
}
{
inherit sshUser sshKey systems supportedFeatures;
hostName = "ruby";
maxJobs = 2;
speedFactor = 1;
}
{
inherit sshUser sshKey systems supportedFeatures;
hostName = "kana";
maxJobs = 2;
speedFactor = 1;
}
];
# optional, useful when the builder has a faster internet connection than yours
nix.extraOptions = ''
builders-use-substitutes = true
'';
nix.extraOptions = ''
builders-use-substitutes = true
'';
# define the host alias for remote builders
# this config will be written to /etc/ssh/ssh_config
@@ -77,11 +76,11 @@
Host ai
HostName 192.168.5.100
Port 22
Host aquamarine
HostName 192.168.5.101
Port 22
Host ruby
HostName 192.168.5.102
Port 22
@@ -96,19 +95,19 @@
programs.ssh.knownHosts = {
# 星野 愛久愛海, Hoshino Aquamarine
aquamarine = {
hostNames = [ "aquamarine" "192.168.5.101" ];
hostNames = ["aquamarine" "192.168.5.101"];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDnCQXlllHoLX5EvU+t6yP/npsmuxKt0skHVeJashizE";
};
# 星野 瑠美衣, Hoshino Rubii
ruby = {
hostNames = [ "ruby" "192.168.5.102" ];
hostNames = ["ruby" "192.168.5.102"];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE7n11XxB8B3HjdyAsL3PuLVDZxWCzEOUTJAY8+goQmW";
};
# 有馬 かな, Arima Kana
kana = {
hostNames = [ "kana" "192.168.5.103" ];
hostNames = ["kana" "192.168.5.103"];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ3dDLOZERP1nZfRz3zIeVDm1q2Trer+fWFVvVXrgXM1";
};
};

39
modules/nixos/user-group.nix
View File

@@ -1,24 +1,24 @@
{ ... }:
{ username, ... }:
{
nix.settings.trusted-users = ["ryan"];
nix.settings.trusted-users = [username];
users.groups = {
ryan = { };
docker = { };
wireshark = { };
"${username}" = {};
docker = {};
wireshark = {};
};
# Define a user account. Don't forget to set a password with passwd.
users.users.ryan = {
users.users."${username}" = {
# the hashed password with salt is generated by run `mkpasswd`.
hashedPassword = "$y$j9T$YQu5vhlnogjDFDWp9QkPh0$Eu85OiwllqvLg5fzRVMLVHNO7InA3ro8grTJJIepyH1";
home = "/home/ryan";
home = "/home/${username}";
isNormalUser = true;
description = "ryan";
extraGroups = [
"ryan"
description = username;
extraGroups = [
username
"users"
"networkmanager"
"networkmanager"
"wheel"
"docker"
"wireshark"
@@ -29,4 +29,21 @@
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDiipi59EnVbi6bK1bGrcbfEM263wgdNfbrt6VBC1rHx ryan@ai-idols"
];
};
# DO NOT promote the specified user to input password for `nix-store` and `nix-copy-closure`
security.sudo.extraRules = [
{
users = [username];
commands = [
{
command = "/run/current-system/sw/bin/nix-store";
options = ["NOPASSWD"];
}
{
command = "/run/current-system/sw/bin/nix-copy-closure";
options = ["NOPASSWD"];
}
];
}
];
}

10
overlays/default.nix
View File

@@ -1,7 +1,9 @@
args:
# execute and import all overlay files in the current directory with the given args
builtins.map
(f: (import (./. + "/${f}") args)) # execute and import the overlay file
(builtins.filter # find all overlay files in the current directory
(f: f != "default.nix")
(builtins.attrNames (builtins.readDir ./.)))
(f: (import (./. + "/${f}") args)) # execute and import the overlay file
(builtins.filter # find all overlay files in the current directory
(f: f != "default.nix")
(builtins.attrNames (builtins.readDir ./.)))

6
overlays/fcitx5/default.nix
View File

@@ -1,12 +1,10 @@
# 为了不使用默认的 rime-data改用我自定义的小鹤音形数据这里需要 override
# 参考 https://github.com/NixOS/nixpkgs/blob/e4246ae1e7f78b7087dce9c9da10d28d3725025f/pkgs/tools/inputmethods/fcitx5/fcitx5-rime.nix
{ ... }:
(self: super: {
{...}: (self: super: {
# 小鹤音形配置,配置来自 flypy.com 官方网盘的鼠须管配置压缩包「小鹤音形“鼠须管”for macOS.zip」
# 我仅修改了 default.yaml 文件,将其中的半角括号改为了直角括号「 与 」。
rime-data = ./rime-data-flypy;
fcitx5-rime = super.fcitx5-rime.override { rimeDataPkgs = [ ./rime-data-flypy ]; };
fcitx5-rime = super.fcitx5-rime.override {rimeDataPkgs = [./rime-data-flypy];};
# used by macOS Squirrel
flypy-squirrel = ./rime-data-flypy;

20
secrets/darwin.nix
View File

@@ -1,7 +1,12 @@
{ config, pkgs, agenix, mysecrets, ... }:
{
config,
pkgs,
agenix,
mysecrets,
username,
...
}: {
imports = [
agenix.darwinModules.default
];
@@ -11,8 +16,8 @@
];
# if you changed this key, you need to regenerate all encrypt files from the decrypt contents!
age.identityPaths = [
"/Users/ryan/.ssh/juliet-age" # macOS
age.identityPaths = [
"/Users/${username}/.ssh/juliet-age" # macOS
];
age.secrets = {
@@ -31,7 +36,7 @@
# place secrets in /etc/
environment.etc = {
# wireguard config used with `wg-quick up wg-business`
# wireguard config used with `wg-quick up wg-business`
# Fix DNS for WireGuard on macOS: https://github.com/ryan4yin/nix-config/issues/5
"wireguard/wg-business.conf" = {
source = config.age.secrets."wg-business.conf".path;
@@ -39,7 +44,7 @@
# The following secrets are used by home-manager modules
# But nix-darwin doesn't support environment.etc.<name>.mode
# So we need to change its mode manually
# So we need to change its mode manually
"agenix/alias-for-work.nushell" = {
source = config.age.secrets."alias-for-work.nushell".path;
};
@@ -56,5 +61,4 @@
system.activationScripts.postUserActivation.text = ''
sudo chmod 644 /etc/agenix/*
'';
}

17
secrets/nixos.nix
View File

@@ -1,7 +1,12 @@
{ config, pkgs, agenix, mysecrets, ... }:
{
config,
pkgs,
agenix,
mysecrets,
username,
...
}: {
imports = [
agenix.nixosModules.default
];
@@ -11,8 +16,8 @@
];
# if you changed this key, you need to regenerate all encrypt files from the decrypt contents!
age.identityPaths = [
"/home/ryan/.ssh/juliet-age" # Linux
age.identityPaths = [
"/home/${username}/.ssh/juliet-age" # Linux
];
# Used only by NixOS Modules
@@ -37,7 +42,7 @@
# place secrets in /etc/
environment.etc = {
# wireguard config used with `wg-quick up wg-business`
# wireguard config used with `wg-quick up wg-business`
"wireguard/wg-business.conf" = {
source = config.age.secrets."wg-business.conf".path;
};