starred/nix-config-ryan4yin
1
0
Fork 0
mirror of https://github.com/ryan4yin/nix-config.git synced 2026-01-11 22:30:25 +01:00
Code Issues Packages Projects Releases 10 Wiki Activity

refactor: fonts (#194)

Browse Source
This commit is contained in:
Ryan Yin
2025-06-22 20:13:50 +08:00
committed by GitHub
parent 5716831d6c
commit 4ec26c5e5f
20 changed files with 210 additions and 199 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
modules/README.md
View File

@@ -2,4 +2,4 @@
1. `darwin`: macOS-specific configuration.
2. `nixos`: NixOS-specific configuration.
3. `base.nix`: Common configuration for both NixOS and Nix-Darwin.
3. `base`: Common configuration for both NixOS and Nix-Darwin.

126
modules/base.nix
View File

@@ -1,126 +0,0 @@
{
config,
pkgs,
myvars,
nuenv,
...
} @ args: {
nixpkgs.overlays =
[
nuenv.overlays.default
]
++ (import ../overlays args);
# Add my private PKI's CA certificate to the system-wide trust store.
security.pki.certificateFiles = [
../certs/ecc-ca.crt
];
# auto upgrade nix to the unstable version
# https://github.com/NixOS/nixpkgs/blob/nixos-unstable/pkgs/tools/package-management/nix/default.nix#L284
nix.package = pkgs.nixVersions.latest;
# for security reasons, do not load neovim's user config
# since EDITOR may be used to edit some critical files
environment.variables.EDITOR = "nvim --clean";
environment.systemPackages = with pkgs; [
# core tools
tealdeer # a very fast version of tldr
fastfetch
neovim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
just # justfile
nushell # nushell
git # used by nix flakes
git-lfs # used by huggingface models
# archives
zip
xz
zstd
unzipNLS
p7zip
# Text Processing
# Docs: https://github.com/learnbyexample/Command-line-text-processing
gnugrep # GNU grep, provides `grep`/`egrep`/`fgrep`
gnused # GNU sed, very powerful(mainly for replacing text in files)
gawk # GNU awk, a pattern scanning and processing language
jq # A lightweight and flexible command-line JSON processor
# networking tools
mtr # A network diagnostic tool
iperf3
dnsutils # `dig` + `nslookup`
ldns # replacement of `dig`, it provide the command `drill`
wget
curl
aria2 # A lightweight multi-protocol & multi-source command-line download utility
socat # replacement of openbsd-netcat
nmap # A utility for network discovery and security auditing
ipcalc # it is a calculator for the IPv4/v6 addresses
# misc
file
findutils
which
tree
gnutar
rsync
];
users.users.${myvars.username} = {
description = myvars.userfullname;
# Public Keys that can be used to login to all my PCs, Macbooks, and servers.
#
# Since its authority is so large, we must strengthen its security:
# 1. The corresponding private key must be:
# 1. Generated locally on every trusted client via:
# ```bash
# # KDF: bcrypt with 256 rounds, takes 2s on Apple M2):
# # Passphrase: digits + letters + symbols, 12+ chars
# ssh-keygen -t ed25519 -a 256 -C "ryan@xxx" -f ~/.ssh/xxx`
# ```
# 2. Never leave the device and never sent over the network.
# 2. Or just use hardware security keys like Yubikey/CanoKey.
openssh.authorizedKeys.keys = myvars.mainSshAuthorizedKeys;
};
programs.ssh = myvars.networking.ssh;
nix.settings = {
# enable flakes globally
experimental-features = ["nix-command" "flakes"];
# given the users in this list the right to specify additional substituters via:
# 1. `nixConfig.substituers` in `flake.nix`
# 2. command line args `--options substituers http://xxx`
trusted-users = [myvars.username];
# substituers that will be considered before the official ones(https://cache.nixos.org)
substituters = [
# cache mirror located in China
# status: https://mirrors.ustc.edu.cn/status/
"https://mirrors.ustc.edu.cn/nix-channels/store"
# status: https://mirror.sjtu.edu.cn/
# "https://mirror.sjtu.edu.cn/nix-channels/store"
# others
# "https://mirrors.sustech.edu.cn/nix-channels/store"
"https://mirrors.tuna.tsinghua.edu.cn/nix-channels/store"
"https://nix-community.cachix.org"
# my own cache server, currently not used.
# "https://ryan4yin.cachix.org"
];
trusted-public-keys = [
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
"ryan4yin.cachix.org-1:Gbk27ZU5AYpGS9i3ssoLlwdvMIh0NxG0w8it/cv9kbU="
];
builders-use-substitutes = true;
};
nix.extraOptions = ''
!include ${config.age.secrets.nix-access-tokens.path}
'';
}

3
modules/base/default.nix Normal file
View File

@@ -0,0 +1,3 @@
{mylib, ...}: {
imports = mylib.scanPaths ./.;
}

56
modules/base/fonts.nix Normal file
View File

@@ -0,0 +1,56 @@
{
pkgs,
config,
lib,
...
}: let
cfg = config.modules.desktop;
in {
options.modules.desktop = {
fonts.enable = lib.mkEnableOption "Rich Fonts - Add NerdFonts Icons, emojis & CJK Fonts";
};
config.fonts.packages = with pkgs;
lib.mkIf cfg.fonts.enable
[
# icon fonts
material-design-icons
font-awesome
# nerdfonts
# https://github.com/NixOS/nixpkgs/blob/nixos-unstable-small/pkgs/data/fonts/nerd-fonts/manifests/fonts.json
nerd-fonts.symbols-only # symbols icon only
nerd-fonts.fira-code
nerd-fonts.jetbrains-mono
nerd-fonts.iosevka
# Noto 是 Google 开发的开源字体家族
# 名字的含义是「没有豆腐」no tofu因为缺字时显示的方框或者方框被叫作 tofu
#
# Noto 系列字族只支持西文,命名规则是 Noto + Sans 或 Serif + 文字名称。
noto-fonts # 大部分文字的常见样式,不包含汉字
noto-fonts-color-emoji # 彩色的表情符号字体
# Noto CJK 为「思源」系列汉字字体,由 Adobe + Google 共同开发
# Google 以 Noto Sans/Serif CJK SC/TC/HK/JP/KR 的名称发布该系列字体。
# 这俩跟 noto-fonts-cjk-sans/serif 实际为同一字体,只是分别由 Adobe/Google 以自己的品牌名发布
# noto-fonts-cjk-sans # 思源黑体
# noto-fonts-cjk-serif # 思源宋体
# Adobe 以 Source Han Sans/Serif 的名称发布此系列字体
source-sans # 无衬线字体,不含汉字。字族名叫 Source Sans 3以及带字重的变体VF
source-serif # 衬线字体,不含汉字。字族名叫 Source Serif 4以及带字重的变体
# Source Hans 系列汉字字体由 Adobe + Google 共同开发
source-han-sans # 思源黑体
source-han-serif # 思源宋体
source-han-mono # 思源等宽
# 霞鹜文楷 屏幕阅读版
# https://github.com/lxgw/LxgwWenKai-Screen
lxgw-wenkai-screen
# Maple Mono NF CN (连字 未微调版,适用于高分辨率屏幕)
# Full version, embed with nerdfonts icons, Chinese and Japanese glyphs
# https://github.com/subframe7536/maple-font
maple-mono.NF-CN-unhinted
];
}

46
modules/base/nix.nix Normal file
View File

@@ -0,0 +1,46 @@
{
pkgs,
config,
myvars,
...
}: {
# auto upgrade nix to the unstable version
# https://github.com/NixOS/nixpkgs/blob/nixos-unstable/pkgs/tools/package-management/nix/default.nix#L284
nix.package = pkgs.nixVersions.latest;
nix.settings = {
# enable flakes globally
experimental-features = ["nix-command" "flakes"];
# given the users in this list the right to specify additional substituters via:
# 1. `nixConfig.substituers` in `flake.nix`
# 2. command line args `--options substituers http://xxx`
trusted-users = [myvars.username];
# substituers that will be considered before the official ones(https://cache.nixos.org)
substituters = [
# cache mirror located in China
# status: https://mirrors.ustc.edu.cn/status/
"https://mirrors.ustc.edu.cn/nix-channels/store"
# status: https://mirror.sjtu.edu.cn/
# "https://mirror.sjtu.edu.cn/nix-channels/store"
# others
# "https://mirrors.sustech.edu.cn/nix-channels/store"
"https://mirrors.tuna.tsinghua.edu.cn/nix-channels/store"
"https://nix-community.cachix.org"
# my own cache server, currently not used.
# "https://ryan4yin.cachix.org"
];
trusted-public-keys = [
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
"ryan4yin.cachix.org-1:Gbk27ZU5AYpGS9i3ssoLlwdvMIh0NxG0w8it/cv9kbU="
];
builders-use-substitutes = true;
};
nix.extraOptions = ''
!include ${config.age.secrets.nix-access-tokens.path}
'';
}

7
modules/base/overlays.nix Normal file
View File

@@ -0,0 +1,7 @@
{nuenv, ...} @ args: {
nixpkgs.overlays =
[
nuenv.overlays.default
]
++ (import ../../overlays args);
}

6
modules/base/security.nix Normal file
View File

@@ -0,0 +1,6 @@
{
# Add my private PKI's CA certificate to the system-wide trust store.
security.pki.certificateFiles = [
../../certs/ecc-ca.crt
];
}

50
modules/base/system-packages.nix Normal file
View File

@@ -0,0 +1,50 @@
{pkgs, ...}: {
# for security reasons, do not load neovim's user config
# since EDITOR may be used to edit some critical files
environment.variables.EDITOR = "nvim --clean";
environment.systemPackages = with pkgs; [
# core tools
tealdeer # a very fast version of tldr
fastfetch
neovim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
just # justfile
nushell # nushell
git # used by nix flakes
git-lfs # used by huggingface models
# archives
zip
xz
zstd
unzipNLS
p7zip
# Text Processing
# Docs: https://github.com/learnbyexample/Command-line-text-processing
gnugrep # GNU grep, provides `grep`/`egrep`/`fgrep`
gnused # GNU sed, very powerful(mainly for replacing text in files)
gawk # GNU awk, a pattern scanning and processing language
jq # A lightweight and flexible command-line JSON processor
# networking tools
mtr # A network diagnostic tool
iperf3
dnsutils # `dig` + `nslookup`
ldns # replacement of `dig`, it provide the command `drill`
wget
curl
aria2 # A lightweight multi-protocol & multi-source command-line download utility
socat # replacement of openbsd-netcat
nmap # A utility for network discovery and security auditing
ipcalc # it is a calculator for the IPv4/v6 addresses
# misc
file
findutils
which
tree
gnutar
rsync
];
}

20
modules/base/users.nix Normal file
View File

@@ -0,0 +1,20 @@
{myvars, ...}: {
programs.ssh = myvars.networking.ssh;
users.users.${myvars.username} = {
description = myvars.userfullname;
# Public Keys that can be used to login to all my PCs, Macbooks, and servers.
#
# Since its authority is so large, we must strengthen its security:
# 1. The corresponding private key must be:
# 1. Generated locally on every trusted client via:
# ```bash
# # KDF: bcrypt with 256 rounds, takes 2s on Apple M2):
# # Passphrase: digits + letters + symbols, 12+ chars
# ssh-keygen -t ed25519 -a 256 -C "ryan@xxx" -f ~/.ssh/xxx`
# ```
# 2. Never leave the device and never sent over the network.
# 2. Or just use hardware security keys like Yubikey/CanoKey.
openssh.authorizedKeys.keys = myvars.mainSshAuthorizedKeys;
};
}

2
modules/darwin/default.nix
View File

@@ -2,6 +2,6 @@
imports =
(mylib.scanPaths ./.)
++ [
../base.nix
../base
];
}

22
modules/darwin/fonts.nix
View File

@@ -1,22 +0,0 @@
{pkgs, ...}: {
# Fonts
fonts = {
packages = with pkgs; [
# icon fonts
material-design-icons
font-awesome
source-sans # 无衬线字体,不含汉字。
source-serif # 衬线字体,不含汉字。
source-han-sans # 思源黑体
source-han-serif # 思源宋体
# nerdfonts
# https://github.com/NixOS/nixpkgs/blob/nixos-unstable-small/pkgs/data/fonts/nerd-fonts/manifests/fonts.json
nerd-fonts.symbols-only # symbols icon only
nerd-fonts.fira-code
nerd-fonts.jetbrains-mono
nerd-fonts.iosevka
];
};
}

2
modules/nixos/desktop.nix
View File

@@ -10,7 +10,7 @@ with lib; let
in {
imports = [
./base
../base.nix
../base
./desktop
];

43
modules/nixos/desktop/fonts.nix
View File

@@ -5,47 +5,8 @@
enableDefaultPackages = false;
fontDir.enable = true;
packages = with pkgs; [
# icon fonts
material-design-icons
font-awesome
# nerdfonts
# https://github.com/NixOS/nixpkgs/blob/nixos-unstable-small/pkgs/data/fonts/nerd-fonts/manifests/fonts.json
nerd-fonts.symbols-only # symbols icon only
nerd-fonts.fira-code
nerd-fonts.jetbrains-mono
nerd-fonts.iosevka
# Noto 是 Google 开发的开源字体家族
# 名字的含义是「没有豆腐」no tofu因为缺字时显示的方框或者方框被叫作 tofu
#
# Noto 系列字族只支持西文,命名规则是 Noto + Sans 或 Serif + 文字名称。
noto-fonts # 大部分文字的常见样式,不包含汉字
noto-fonts-color-emoji # 彩色的表情符号字体
# Noto CJK 为「思源」系列汉字字体,由 Adobe + Google 共同开发
# Google 以 Noto Sans/Serif CJK SC/TC/HK/JP/KR 的名称发布该系列字体。
# 这俩跟 noto-fonts-cjk-sans/serif 实际为同一字体,只是分别由 Adobe/Google 以自己的品牌名发布
# noto-fonts-cjk-sans # 思源黑体
# noto-fonts-cjk-serif # 思源宋体
# Adobe 以 Source Han Sans/Serif 的名称发布此系列字体
source-sans # 无衬线字体,不含汉字。字族名叫 Source Sans 3以及带字重的变体VF
source-serif # 衬线字体,不含汉字。字族名叫 Source Serif 4以及带字重的变体
# Source Hans 系列汉字字体由 Adobe + Google 共同开发
source-han-sans # 思源黑体
source-han-serif # 思源宋体
source-han-mono # 思源等宽
# 霞鹜文楷屏幕阅读版
# https://github.com/lxgw/LxgwWenKai-Screen
lxgw-wenkai-screen
# Maple Mono NF CN (连字 未微调版,适用于高分辨率屏幕)
# Full version, embed with nerdfonts icons, Chinese and Japanese glyphs
# https://github.com/subframe7536/maple-font
maple-mono.NF-CN-unhinted
];
# fonts are defined in /modules/base/fonts.nix, used by both NixOS & Darwin.
# packages = [ ... ];
fontconfig = {
# User defined default fonts

2
modules/nixos/server/server-aarch64.nix
View File

@@ -13,7 +13,7 @@
../base/ssh.nix
../base/user-group.nix
../../base.nix
../../base
];
# Fix: jasper is marked as broken, refusing to evaluate.

2
modules/nixos/server/server-riscv64.nix
View File

@@ -12,6 +12,6 @@
../base/ssh.nix
../base/user-group.nix
../../base.nix
../../base
];
}

2
modules/nixos/server/server.nix
View File

@@ -1,6 +1,6 @@
{lib, ...}: {
imports = [
../base
../../base.nix
../../base
];
}

4
nixos-installer/flake.nix
View File

@@ -28,7 +28,7 @@
./configuration.nix
../modules/base.nix
../modules/base
../modules/nixos/base/i18n.nix
../modules/nixos/base/user-group.nix
../modules/nixos/base/networking.nix
@@ -58,7 +58,7 @@
./configuration.nix
../modules/base.nix
../modules/base
../modules/nixos/base/i18n.nix
../modules/nixos/base/user-group.nix
../modules/nixos/base/networking.nix

7
outputs/aarch64-darwin/src/fern.nix
View File

@@ -21,7 +21,12 @@
# host specific
"hosts/darwin-${name}"
])
++ [];
++ [
{
modules.desktop.fonts.enable = true;
}
];
home-modules = map mylib.relativeToRoot [
"hosts/darwin-${name}/home.nix"
"home/darwin"

6
outputs/aarch64-darwin/src/frieren.nix
View File

@@ -21,7 +21,11 @@
# host specific
"hosts/darwin-${name}"
])
++ [];
++ [
{
modules.desktop.fonts.enable = true;
}
];
home-modules = map mylib.relativeToRoot [
"hosts/darwin-${name}/home.nix"
"home/darwin"

1
outputs/x86_64-linux/src/idols-ai.nix
View File

@@ -36,6 +36,7 @@
nixos-modules =
[
{
modules.desktop.fonts.enable = true;
modules.desktop.wayland.enable = true;
modules.secrets.desktop.enable = true;
modules.secrets.impermanence.enable = true;