starred/nix-config
1
0
Fork 0
mirror of https://github.com/ryan4yin/nix-config.git synced 2026-04-09 19:03:36 +02:00
Code Issues Packages Projects Releases 10 Wiki Activity

feat: simplify flake.nix

Browse Source
This commit is contained in:
Ryan Yin
2023-07-26 20:07:42 +08:00
parent eebbb9f5e6
commit 204cb03922
70 changed files with 1183 additions and 1165 deletions
Download Patch File Download Diff File Expand all files Collapse all files

209
modules/darwin/apps.nix
View File

@@ -1,140 +1,35 @@
{ pkgs, ...}: {
{pkgs, ...}: {
##########################################################################
#
# MacOS specific nix-darwin configuration
#
# Nix is not well supported on macOS, I met some strange bug recently.
# So install apps using [homebrew](https://daiderd.com/nix-darwin/manual/index.html#opt-homebrew.enable) here.
#
# Install all apps and packages here.
#
# NOTE: Your can find all available options in:
# https://daiderd.com/nix-darwin/manual/index.html
#
# TODO Fell free to modify this file to fit your needs.
#
##########################################################################
system = {
# Install packages from nix's official package repository.
#
# The packages installed here are available to all users, and are reproducible across machines, and are rollbackable.
# But on macOS, it's less stable than homebrew.
#
# Related Discussion: https://discourse.nixos.org/t/darwin-again/29331
environment.systemPackages = with pkgs; [
neovim
git
nushell # my custom shell
];
environment.variables.EDITOR = "nvim";
# activationScripts are executed every time you boot the system or run `nixos-rebuild` / `darwin-rebuild`.
activationScripts.postUserActivation.text = ''
# activateSettings -u will reload the settings from the database and apply them to the current session,
# so we do not need to logout and login again to make the changes take effect.
/System/Library/PrivateFrameworks/SystemAdministration.framework/Resources/activateSettings -u
'';
defaults = {
menuExtraClock.Show24Hour = true; # show 24 hour clock
# customize dock
dock = {
autohide = true;
show-recents = false; # disable recent apps
# customize Hot Corners(触发角, 鼠标移动到屏幕角落时触发的动作)
wvous-tl-corner = 2; # top-left - Mission Control
wvous-tr-corner = 13; # top-right - Lock Screen
wvous-bl-corner = 3; # bottom-left - Application Windows
wvous-br-corner = 4; # bottom-right - Desktop
};
# customize finder
finder = {
_FXShowPosixPathInTitle = true; # show full path in finder title
AppleShowAllExtensions = true; # show all file extensions
FXEnableExtensionChangeWarning = false; # disable warning when changing file extension
QuitMenuItem = true; # enable quit menu item
ShowPathbar = true; # show path bar
ShowStatusBar = true; # show status bar
};
# customize trackpad
trackpad = {
# tap - 轻触触摸板, click - 点击触摸板
Clicking = true; # enable tap to click(轻触触摸板相当于点击)
TrackpadRightClick = true; # enable two finger right click
TrackpadThreeFingerDrag = true; # enable three finger drag
};
# customize macOS
NSGlobalDomain = {
# `defaults read NSGlobalDomain "xxx"`
"com.apple.swipescrolldirection" = true; # enable natural scrolling(default to true)
"com.apple.sound.beep.feedback" = 0; # disable beep sound when pressing volume up/down key
AppleInterfaceStyle = "Dark"; # dark mode
AppleKeyboardUIMode = 3; # Mode 3 enables full keyboard control.
ApplePressAndHoldEnabled = true; # enable press and hold
# If you press and hold certain keyboard keys when in a text area, the keys character begins to repeat.
# This is very useful for vim users, they use `hjkl` to move cursor.
# sets how long it takes before it starts repeating.
InitialKeyRepeat = 15; # normal minimum is 15 (225 ms), maximum is 120 (1800 ms)
# sets how fast it repeats once it starts.
KeyRepeat = 3; # normal minimum is 2 (30 ms), maximum is 120 (1800 ms)
NSAutomaticCapitalizationEnabled = false; # disable auto capitalization(自动大写)
NSAutomaticDashSubstitutionEnabled = false; # disable auto dash substitution(智能破折号替换)
NSAutomaticPeriodSubstitutionEnabled = false; # disable auto period substitution(智能句号替换)
NSAutomaticQuoteSubstitutionEnabled = false; # disable auto quote substitution(智能引号替换)
NSAutomaticSpellingCorrectionEnabled = false; # disable auto spelling correction(自动拼写检查)
NSNavPanelExpandedStateForSaveMode = true; # expand save panel by default(保存文件时的路径选择/文件名输入页)
NSNavPanelExpandedStateForSaveMode2 = true;
};
# customize settings that not supported by nix-darwin directly
CustomUserPreferences = {
NSGlobalDomain = {
# Add a context menu item for showing the Web Inspector in web views
WebKitDeveloperExtras = true;
};
"com.apple.finder" = {
ShowExternalHardDrivesOnDesktop = true;
ShowHardDrivesOnDesktop = true;
ShowMountedServersOnDesktop = true;
ShowRemovableMediaOnDesktop = true;
_FXSortFoldersFirst = true;
# When performing a search, search the current folder by default
FXDefaultSearchScope = "SCcf";
};
"com.apple.desktopservices" = {
# Avoid creating .DS_Store files on network or USB volumes
DSDontWriteNetworkStores = true;
DSDontWriteUSBStores = true;
};
"com.apple.screensaver" = {
# Require password immediately after sleep or screen saver begins
askForPassword = 1;
askForPasswordDelay = 0;
};
"com.apple.screencapture" = {
location = "~/Desktop";
type = "png";
};
"com.apple.AdLib" = {
allowApplePersonalizedAdvertising = false;
};
# Prevent Photos from opening automatically when devices are plugged in
"com.apple.ImageCapture".disableHotPlug = true;
};
loginwindow = {
GuestEnabled = false; # disable guest user
SHOWFULLNAME = true; # show full name in login window
};
};
# keyboard settings is not very useful on macOS
# the most important thing is to remap option key to alt key globally,
# but it's not supported by macOS yet.
keyboard = {
enableKeyMapping = true; # enable key mapping so that we can use `option` as `control`
# NOTE: do NOT support remap capslock to both control and escape at the same time
remapCapsLockToControl = false; # remap caps lock to control, useful for emac users
remapCapsLockToEscape = true; # remap caps lock to escape, useful for vim users
# swap left command and left alt
# so it matches common keyboard layout: `ctrl | command | alt`
#
# disabled, caused only problems!
swapLeftCommandAndLeftAlt = false;
};
};
# Create /etc/zshrc that loads the nix-darwin environment.
# this is required if you want to use darwin's default shell - zsh
programs.zsh.enable = true;
environment.shells = [
pkgs.zsh
pkgs.nushell # my custom shell
];
# Homebrew Mirror
environment.variables = {
@@ -145,12 +40,11 @@
HOMEBREW_PIP_INDEX_URL = "https://pypi.tuna.tsinghua.edu.cn/simple";
};
# homebrew need to be installed manually, see https://brew.sh
homebrew = {
# TODO Homebrew install takes a long time,
# So only enable this when you make changes.
enable = false;
# TODO Homebrew install takes a long time,
# So only enable this when you make changes.
enable = true;
onActivation = {
autoUpdate = false;
@@ -161,12 +55,12 @@
# Applications to install from Mac App Store using mas.
# You need to install all these Apps manually first so that your apple account have records for them.
# otherwise Apple Store will refuse to install them.
# For details, see https://github.com/mas-cli/mas
# For details, see https://github.com/mas-cli/mas
masApps = {
# Xcode = 497799835;
Wechat = 836500024;
QQ = 451108668;
WeCom = 1189898970; # Wechat for Work
WeCom = 1189898970; # Wechat for Work
TecentMetting = 1484048379;
NeteaseCloudMusic = 944848654;
QQMusic = 595615424;
@@ -184,22 +78,25 @@
brews = [
# `brew install`
"wget" # download tool
"curl" # no not install curl via nixpkgs, it's not working well on macOS!
"aria2" # download tool
"httpie" # http client
"wireguard-tools" # wireguard
"wget" # download tool
"curl" # no not install curl via nixpkgs, it's not working well on macOS!
"aria2" # download tool
"httpie" # http client
"wireguard-tools" # wireguard
# Usage:
# https://github.com/tailscale/tailscale/wiki/Tailscaled-on-macOS#run-the-tailscaled-daemon
# 1. `sudo tailscaled install-system-daemon`
# 2. `tailscale up --accept-routes`
"tailscale" # tailscale
"tailscale" # tailscale
# https://github.com/rgcr/m-cli
"m-cli" #  Swiss Army Knife for macOS
];
# `brew install --cask`
casks = [
"squirrel" # input method for Chinese, rime-squirrel
"squirrel" # input method for Chinese, rime-squirrel
"firefox"
"google-chrome"
@@ -213,20 +110,20 @@
"microsoft-remote-desktop"
# "anki"
"clashx" # proxy tool
"iina" # video player
"openinterminal-lite" # open current folder in terminal
"syncthing" # file sync
"raycast" # (HotKey: alt/option + space)search, caculate and run scripts(with many plugins)
"iglance" # beautiful system monitor
"eudic" # 欧路词典
"clashx" # proxy tool
"iina" # video player
"openinterminal-lite" # open current folder in terminal
"syncthing" # file sync
"raycast" # (HotKey: alt/option + space)search, caculate and run scripts(with many plugins)
"iglance" # beautiful system monitor
"eudic" # 欧路词典
# "reaper" # audio editor
# Development
"insomnia" # REST client
"wireshark" # network analyzer
"jdk-mission-control" # Java Mission Control
"google-cloud-sdk" # Google Cloud SDK
"insomnia" # REST client
"wireshark" # network analyzer
"jdk-mission-control" # Java Mission Control
"google-cloud-sdk" # Google Cloud SDK
];
};
}

102
modules/darwin/core.nix
View File

@@ -1,102 +0,0 @@
{ pkgs, lib, ... }:
{
###################################################################################
#
# Core configuration for nix-darwin
#
# All the configuration options are documented here:
# https://daiderd.com/nix-darwin/manual/index.html#sec-options
#
###################################################################################
# enable flakes globally
nix.settings.experimental-features = [ "nix-command" "flakes" ];
nix.settings.trusted-users = ["ryan"];
# Allow unfree packages
nixpkgs.config.allowUnfree = true;
# Auto upgrade nix package and the daemon service.
services.nix-daemon.enable = true;
# Use this instead of services.nix-daemon.enable if you
# don't wan't the daemon service to be managed for you.
# nix.useDaemon = true;
nix.package = pkgs.nix;
programs.nix-index.enable = true;
# boot.loader.grub.configurationLimit = 10;
# do garbage collection weekly to keep disk usage low
nix.gc = {
automatic = lib.mkDefault true;
options = lib.mkDefault "--delete-older-than 1w";
};
# Manual optimise storage: nix-store --optimise
# https://nixos.org/manual/nix/stable/command-ref/conf-file.html#conf-auto-optimise-store
nix.settings.auto-optimise-store = true;
# Add ability to used TouchID for sudo authentication
security.pam.enableSudoTouchIdAuth = true;
# Set your time zone.
# comment this due to the issue:
# https://github.com/LnL7/nix-darwin/issues/359
# time.timeZone = "Asia/shanghai";
# Apps
# `home-manager` currently has issues adding them to `~/Applications`
# Issue: https://github.com/nix-community/home-manager/issues/1341
environment.systemPackages = with pkgs; [
neovim
git
nushell # my custom shell
];
environment.variables.EDITOR = "nvim";
# Fonts
fonts = {
# use fonts specified by user rather than default ones
fontDir.enable = true;
fonts = with pkgs; [
# icon fonts
material-design-icons
font-awesome
# nerdfonts
(nerdfonts.override {
fonts = [
"FiraCode"
"JetBrainsMono"
"Iosevka"
];
})
];
};
# Define a user account. Don't forget to set a password with passwd.
users.users.ryan = {
home = "/Users/ryan";
description = "ryan";
# set user's default shell back to zsh
# `chsh -s /bin/zsh`
# DO NOT change the system's default shell to nushell! it will break some apps!
# It's better to change only starship/alacritty/vscode's shell to nushell!
};
# Create /etc/zshrc that loads the nix-darwin environment.
# this is required if you want to use darwin's default shell - zsh
programs.zsh.enable = true;
environment.shells = [
pkgs.zsh
pkgs.nushell # my custom shell
];
}

7
modules/darwin/default.nix Normal file
View File

@@ -0,0 +1,7 @@
{
imports = [
./apps.nix
./nix-core.nix
./system.nix
];
}

41
modules/darwin/nix-core.nix Normal file
View File

@@ -0,0 +1,41 @@
{
pkgs,
lib,
...
}: {
###################################################################################
#
# Core configuration for nix-darwin
#
# All the configuration options are documented here:
# https://daiderd.com/nix-darwin/manual/index.html#sec-options
#
###################################################################################
# enable flakes globally
nix.settings.experimental-features = ["nix-command" "flakes"];
# Allow unfree packages
nixpkgs.config.allowUnfree = true;
# Auto upgrade nix package and the daemon service.
services.nix-daemon.enable = true;
# Use this instead of services.nix-daemon.enable if you
# don't wan't the daemon service to be managed for you.
# nix.useDaemon = true;
nix.package = pkgs.nix;
programs.nix-index.enable = true;
# boot.loader.grub.configurationLimit = 10;
# do garbage collection weekly to keep disk usage low
nix.gc = {
automatic = lib.mkDefault true;
options = lib.mkDefault "--delete-older-than 1w";
};
# Manual optimise storage: nix-store --optimise
# https://nixos.org/manual/nix/stable/command-ref/conf-file.html#conf-auto-optimise-store
nix.settings.auto-optimise-store = true;
}

165
modules/darwin/system.nix Normal file
View File

@@ -0,0 +1,165 @@
{pkgs, ...}:
###################################################################################
#
# macOS's System configuration
#
# All the configuration options are documented here:
# https://daiderd.com/nix-darwin/manual/index.html#sec-options
#
###################################################################################
{
# Add ability to used TouchID for sudo authentication
security.pam.enableSudoTouchIdAuth = true;
system = {
# activationScripts are executed every time you boot the system or run `nixos-rebuild` / `darwin-rebuild`.
activationScripts.postUserActivation.text = ''
# activateSettings -u will reload the settings from the database and apply them to the current session,
# so we do not need to logout and login again to make the changes take effect.
/System/Library/PrivateFrameworks/SystemAdministration.framework/Resources/activateSettings -u
'';
defaults = {
menuExtraClock.Show24Hour = true; # show 24 hour clock
# customize dock
dock = {
autohide = true;
show-recents = false; # disable recent apps
# customize Hot Corners(触发角, 鼠标移动到屏幕角落时触发的动作)
wvous-tl-corner = 2; # top-left - Mission Control
wvous-tr-corner = 13; # top-right - Lock Screen
wvous-bl-corner = 3; # bottom-left - Application Windows
wvous-br-corner = 4; # bottom-right - Desktop
};
# customize finder
finder = {
_FXShowPosixPathInTitle = true; # show full path in finder title
AppleShowAllExtensions = true; # show all file extensions
FXEnableExtensionChangeWarning = false; # disable warning when changing file extension
QuitMenuItem = true; # enable quit menu item
ShowPathbar = true; # show path bar
ShowStatusBar = true; # show status bar
};
# customize trackpad
trackpad = {
# tap - 轻触触摸板, click - 点击触摸板
Clicking = true; # enable tap to click(轻触触摸板相当于点击)
TrackpadRightClick = true; # enable two finger right click
TrackpadThreeFingerDrag = true; # enable three finger drag
};
# customize macOS
NSGlobalDomain = {
# `defaults read NSGlobalDomain "xxx"`
"com.apple.swipescrolldirection" = true; # enable natural scrolling(default to true)
"com.apple.sound.beep.feedback" = 0; # disable beep sound when pressing volume up/down key
AppleInterfaceStyle = "Dark"; # dark mode
AppleKeyboardUIMode = 3; # Mode 3 enables full keyboard control.
ApplePressAndHoldEnabled = true; # enable press and hold
# If you press and hold certain keyboard keys when in a text area, the keys character begins to repeat.
# This is very useful for vim users, they use `hjkl` to move cursor.
# sets how long it takes before it starts repeating.
InitialKeyRepeat = 15; # normal minimum is 15 (225 ms), maximum is 120 (1800 ms)
# sets how fast it repeats once it starts.
KeyRepeat = 3; # normal minimum is 2 (30 ms), maximum is 120 (1800 ms)
NSAutomaticCapitalizationEnabled = false; # disable auto capitalization(自动大写)
NSAutomaticDashSubstitutionEnabled = false; # disable auto dash substitution(智能破折号替换)
NSAutomaticPeriodSubstitutionEnabled = false; # disable auto period substitution(智能句号替换)
NSAutomaticQuoteSubstitutionEnabled = false; # disable auto quote substitution(智能引号替换)
NSAutomaticSpellingCorrectionEnabled = false; # disable auto spelling correction(自动拼写检查)
NSNavPanelExpandedStateForSaveMode = true; # expand save panel by default(保存文件时的路径选择/文件名输入页)
NSNavPanelExpandedStateForSaveMode2 = true;
};
# customize settings that not supported by nix-darwin directly
CustomUserPreferences = {
NSGlobalDomain = {
# Add a context menu item for showing the Web Inspector in web views
WebKitDeveloperExtras = true;
};
"com.apple.finder" = {
ShowExternalHardDrivesOnDesktop = true;
ShowHardDrivesOnDesktop = true;
ShowMountedServersOnDesktop = true;
ShowRemovableMediaOnDesktop = true;
_FXSortFoldersFirst = true;
# When performing a search, search the current folder by default
FXDefaultSearchScope = "SCcf";
};
"com.apple.desktopservices" = {
# Avoid creating .DS_Store files on network or USB volumes
DSDontWriteNetworkStores = true;
DSDontWriteUSBStores = true;
};
"com.apple.screensaver" = {
# Require password immediately after sleep or screen saver begins
askForPassword = 1;
askForPasswordDelay = 0;
};
"com.apple.screencapture" = {
location = "~/Desktop";
type = "png";
};
"com.apple.AdLib" = {
allowApplePersonalizedAdvertising = false;
};
# Prevent Photos from opening automatically when devices are plugged in
"com.apple.ImageCapture".disableHotPlug = true;
};
loginwindow = {
GuestEnabled = false; # disable guest user
SHOWFULLNAME = true; # show full name in login window
};
};
# keyboard settings is not very useful on macOS
# the most important thing is to remap option key to alt key globally,
# but it's not supported by macOS yet.
keyboard = {
enableKeyMapping = true; # enable key mapping so that we can use `option` as `control`
# NOTE: do NOT support remap capslock to both control and escape at the same time
remapCapsLockToControl = false; # remap caps lock to control, useful for emac users
remapCapsLockToEscape = true; # remap caps lock to escape, useful for vim users
# swap left command and left alt
# so it matches common keyboard layout: `ctrl | command | alt`
#
# disabled, caused only problems!
swapLeftCommandAndLeftAlt = false;
};
};
# Set your time zone.
# comment this due to the issue:
# https://github.com/LnL7/nix-darwin/issues/359
# time.timeZone = "Asia/shanghai";
# Fonts
fonts = {
# use fonts specified by user rather than default ones
fontDir.enable = true;
fonts = with pkgs; [
# icon fonts
material-design-icons
font-awesome
# nerdfonts
(nerdfonts.override {
fonts = [
"FiraCode"
"JetBrainsMono"
"Iosevka"
];
})
];
};
}

58
modules/nixos/core-desktop.nix
View File

@@ -1,6 +1,8 @@
{ lib, pkgs, ... }:
{
lib,
pkgs,
...
}: {
###################################################################################
#
# NixOS's core configuration suitable for my desktop computer
@@ -17,20 +19,6 @@
# Enable CUPS to print documents.
services.printing.enable = true;
# DO NOT promote ryan to input password for `nix-store` and `nix-copy-closure`
security.sudo.extraRules = [
{ users = [ "ryan" ];
commands = [
{ command = "/run/current-system/sw/bin/nix-store" ;
options = [ "NOPASSWD" ];
}
{ command = "/run/current-system/sw/bin/nix-copy-closure" ;
options = [ "NOPASSWD" ];
}
];
}
];
# all fonts are linked to /nix/var/nix/profiles/system/sw/share/X11/fonts
fonts = {
# use fonts specified by user rather than default ones
@@ -65,17 +53,17 @@
];
})
(pkgs.callPackage ../../fonts/icomoon-feather-icon-font.nix { })
(pkgs.callPackage ../../fonts/icomoon-feather-icon-font.nix {})
];
# user defined fonts
# the reason there's Noto Color Emoji everywhere is to override DejaVu's
# B&W emojis that would sometimes show instead of some Color emojis
fontconfig.defaultFonts = {
serif = [ "Noto Serif" "Noto Color Emoji" ];
sansSerif = [ "Noto Sans" "Noto Color Emoji" ];
monospace = [ "JetBrainsMono Nerd Font" "Noto Color Emoji" ];
emoji = [ "Noto Color Emoji" ];
serif = ["Noto Serif" "Noto Color Emoji"];
sansSerif = ["Noto Sans" "Noto Color Emoji"];
monospace = ["JetBrainsMono Nerd Font" "Noto Color Emoji"];
emoji = ["Noto Color Emoji"];
};
};
@@ -99,7 +87,7 @@
};
# The OpenSSH agent remembers private keys for you
# so that you dont have to type in passphrases every time you make an SSH connection.
# so that you dont have to type in passphrases every time you make an SSH connection.
# Use `ssh-add` to add a key to the agent.
programs.ssh.startAgent = true;
@@ -107,18 +95,19 @@
# $ nix search wget
environment.systemPackages = with pkgs; [
# python, some times I may need to use python with root permission.
(python310.withPackages (ps: with ps; [
ipython
pandas
requests
pyquery
pyyaml
]))
(python310.withPackages (ps:
with ps; [
ipython
pandas
requests
pyquery
pyyaml
]))
];
# PipeWire is a new low-level multimedia framework.
# It aims to offer capture and playback for both audio and video with minimal latency.
# It support for PulseAudio-, JACK-, ALSA- and GStreamer-based applications.
# It support for PulseAudio-, JACK-, ALSA- and GStreamer-based applications.
# PipeWire has a great bluetooth support, it can be a good alternative to PulseAudio.
# https://nixos.wiki/wiki/PipeWire
services.pipewire = {
@@ -167,28 +156,27 @@
services.gnome.gnome-keyring.enable = true;
security.pam.services.greetd.enableGnomeKeyring = true;
# A key remapping daemon for linux.
# A key remapping daemon for linux.
# https://github.com/rvaiya/keyd
services.keyd = {
enable = true;
settings = {
main = {
# overloads the capslock key to function as both escape (when tapped) and control (when held)
# overloads the capslock key to function as both escape (when tapped) and control (when held)
capslock = "overload(control, esc)";
};
};
};
services = {
dbus.packages = [ pkgs.gcr ];
dbus.packages = [pkgs.gcr];
geoclue2.enable = true;
udev.packages = with pkgs; [
gnome.gnome-settings-daemon
platformio # udev rules for platformio
openocd # required by paltformio, see https://github.com/NixOS/nixpkgs/issues/224895
openocd # required by paltformio, see https://github.com/NixOS/nixpkgs/issues/224895
android-udev-rules
];
};

28
modules/nixos/core-server.nix
View File

@@ -1,6 +1,8 @@
{ lib, pkgs, ... }:
{
lib,
pkgs,
...
}: {
###################################################################################
#
# NixOS's core configuration suitable for all my machines
@@ -22,8 +24,7 @@
nix.settings.auto-optimise-store = true;
# enable flakes globally
nix.settings.experimental-features = [ "nix-command" "flakes" ];
nix.settings.experimental-features = ["nix-command" "flakes"];
# Allow unfree packages
nixpkgs.config.allowUnfree = lib.mkDefault false;
@@ -74,14 +75,17 @@
# create a fhs environment by command `fhs`, so we can run non-nixos packages in nixos!
(
let base = pkgs.appimageTools.defaultFhsEnvArgs; in
pkgs.buildFHSUserEnv (base // {
name = "fhs";
targetPkgs = pkgs: (base.targetPkgs pkgs) ++ [ pkgs.pkg-config ];
profile = "export FHS=1";
runScript = "bash";
extraOutputsToInstall = [ "dev" ];
})
let
base = pkgs.appimageTools.defaultFhsEnvArgs;
in
pkgs.buildFHSUserEnv (base
// {
name = "fhs";
targetPkgs = pkgs: (base.targetPkgs pkgs) ++ [pkgs.pkg-config];
profile = "export FHS=1";
runScript = "bash";
extraOutputsToInstall = ["dev"];
})
)
];

42
modules/nixos/fhs-fonts.nix
View File

@@ -1,33 +1,33 @@
{ config, pkgs, ... }:
{
config,
pkgs,
...
}: {
###################################################################################
#
# Copy from https://github.com/NixOS/nixpkgs/issues/119433#issuecomment-1326957279
# Mainly for flatpak
# 1. bindfs resolves all symlink,
# 1. bindfs resolves all symlink,
# 2. allowing all fonts to be accessed at `/usr/share/fonts`
# 3. without letting /nix into the sandbox.
#
###################################################################################
system.fsPackages = [ pkgs.bindfs ];
fileSystems =
let
mkRoSymBind = path: {
device = path;
fsType = "fuse.bindfs";
options = [ "ro" "resolve-symlinks" "x-gvfs-hide" ];
};
aggregatedFonts = pkgs.buildEnv {
name = "system-fonts";
paths = config.fonts.fonts;
pathsToLink = [ "/share/fonts" ];
};
in
{
# Create an FHS mount to support flatpak host icons/fonts
"/usr/share/icons" = mkRoSymBind (config.system.path + "/share/icons");
"/usr/share/fonts" = mkRoSymBind (aggregatedFonts + "/share/fonts");
system.fsPackages = [pkgs.bindfs];
fileSystems = let
mkRoSymBind = path: {
device = path;
fsType = "fuse.bindfs";
options = ["ro" "resolve-symlinks" "x-gvfs-hide"];
};
aggregatedFonts = pkgs.buildEnv {
name = "system-fonts";
paths = config.fonts.fonts;
pathsToLink = ["/share/fonts"];
};
in {
# Create an FHS mount to support flatpak host icons/fonts
"/usr/share/icons" = mkRoSymBind (config.system.path + "/share/icons");
"/usr/share/fonts" = mkRoSymBind (aggregatedFonts + "/share/fonts");
};
}

16
modules/nixos/hyprland.nix
View File

@@ -1,8 +1,4 @@
{ pkgs, ... }:
{
{pkgs, ...}: {
##########################################################################################################
#
# NixOS's Configuration for Hyprland Window Manager
@@ -13,8 +9,7 @@
#
##########################################################################################################
environment.pathsToLink = [ "/libexec" ]; # links /libexec from derivations to /run/current-system/sw
environment.pathsToLink = ["/libexec"]; # links /libexec from derivations to /run/current-system/sw
services.xserver = {
enable = true;
@@ -44,7 +39,6 @@
};
programs.light.enable = true; # monitor backlight control
# thunar file manager(part of xfce) related options
programs.thunar.plugins = with pkgs.xfce; [
thunar-archive-plugin
@@ -74,12 +68,12 @@
yad # a fork of zenity, for creating dialogs
# audio
alsa-utils # provides amixer/alsamixer/...
cava # for visualizing audio
alsa-utils # provides amixer/alsamixer/...
cava # for visualizing audio
mpd # for playing system sounds
mpc-cli # command-line mpd client
ncmpcpp # a mpd client with a UI
networkmanagerapplet # provide GUI app: nm-connection-editor
networkmanagerapplet # provide GUI app: nm-connection-editor
xfce.thunar # xfce4's file manager
];

8
modules/nixos/i3.nix
View File

@@ -1,6 +1,4 @@
{ pkgs, ... }:
{
{pkgs, ...}: {
####################################################################
#
# NixOS's Configuration for I3 Window Manager
@@ -8,7 +6,7 @@
####################################################################
# i3 related options
environment.pathsToLink = [ "/libexec" ]; # links /libexec from derivations to /run/current-system/sw
environment.pathsToLink = ["/libexec"]; # links /libexec from derivations to /run/current-system/sw
services.xserver = {
enable = true;
@@ -42,7 +40,7 @@
xorg.xdpyinfo # get screen information
scrot # minimal screen capture tool, used by i3 blur lock to take a screenshot
sysstat # get system information
alsa-utils # provides amixer/alsamixer/...
alsa-utils # provides amixer/alsamixer/...
xfce.thunar # xfce4's file manager
];

14
modules/nixos/libvirt.nix
View File

@@ -1,7 +1,8 @@
{ lib, pkgs, ... }:
{
lib,
pkgs,
...
}: {
###################################################################################
#
# Enable Libvirt(QEMU/KVM), install qemu-system-riscv64/qemu-system-loongarch64/...)
@@ -11,7 +12,7 @@
virtualisation = {
libvirtd = {
enable = true;
# hanging this option to false may cause file permission issues for existing guests.
# hanging this option to false may cause file permission issues for existing guests.
# To fix these, manually change ownership of affected files in /var/lib/libvirt/qemu to qemu-libvirtd.
qemu.runAsRoot = true;
};
@@ -37,12 +38,11 @@
qemu_full
];
boot.kernelModules = [ "kvm-amd" "kvm-intel" ];
boot.kernelModules = ["kvm-amd" "kvm-intel"];
# Enable nested virsualization, required by security containers and nested vm.
boot.extraModprobeConfig = "options kvm_intel nested=1"; # for intel cpu
boot.extraModprobeConfig = "options kvm_intel nested=1"; # for intel cpu
# boot.extraModprobeConfig = "options kvm_amd nested=1"; # for amd cpu
# NixOS VM should enable this:
# services.qemuGuest = {
# enable = true;

27
modules/nixos/proxmox-hardware-configuration.nix
View File

@@ -1,24 +1,28 @@
{ config, lib, ... }:
{
config,
lib,
username,
...
}:
##############################################################################
#
# Template for Proxmox's VM, mainly based on:
# https://github.com/NixOS/nixpkgs/blob/nixos-unstable/nixos/modules/virtualisation/proxmox-image.nix
#
# the url above is used by `nixos-generator` to generate the Proxmox's VMA image file.
#
#
##############################################################################
{
# DO NOT promote ryan to input password for sudo.
# this is a workaround for the issue of remote deploy:
# https://github.com/NixOS/nixpkgs/issues/118655
security.sudo.extraRules = [
{ users = [ "ryan" ];
{
users = [ username ];
commands = [
{ command = "ALL" ;
options = [ "NOPASSWD" ];
{
command = "ALL";
options = ["NOPASSWD"];
}
];
}
@@ -27,7 +31,7 @@
boot = {
# after resize the disk, it will grow partition automatically.
growPartition = true;
kernelParams = [ "console=ttyS0" ];
kernelParams = ["console=ttyS0"];
loader.grub = {
device = "/dev/vda";
@@ -36,8 +40,8 @@
efiInstallAsRemovable = false;
};
loader.timeout = 3; # wait for 3 seconds to select the boot entry
initrd.availableKernelModules = [ "uas" "virtio_blk" "virtio_pci" ];
loader.timeout = lib.mkForce 3; # wait for 3 seconds to select the boot entry
initrd.availableKernelModules = ["uas" "virtio_blk" "virtio_pci"];
};
fileSystems."/" = {
@@ -47,7 +51,6 @@
};
# we do not have a /boot partition, so do not mount it.
# it alse had qemu-guest-agent installed by default.
services.qemuGuest.enable = lib.mkDefault true;
}

121
modules/nixos/remote-building.nix
View File

@@ -1,5 +1,5 @@
{ ... }: {
{ username, ... }:
{
####################################################################
#
# NixOS's Configuration for Remote Building / Distributed Building
@@ -8,68 +8,67 @@
# 1. https://github.com/NixOS/nix/issues/7380
# 2. https://nixos.wiki/wiki/Distributed_build
# 3. https://github.com/NixOS/nix/issues/2589
#
####################################################################
# set local's max-job to 0 to force remote building(disable local building)
# nix.settings.max-jobs = 0;
nix.distributedBuilds = true;
nix.buildMachines =
let
sshUser = "ryan";
# ssh key's path on local machine
sshKey = "/home/ryan/.ssh/ai-idols";
systems = [
# native arch
"x86_64-linux"
nix.buildMachines = let
sshUser = username;
# ssh key's path on local machine
sshKey = "/home/${username}/.ssh/ai-idols";
systems = [
# native arch
"x86_64-linux"
# emulated arch using binfmt_misc and qemu-user
"aarch64-linux"
"riscv64-linux"
];
# all available system features are poorly documentd here:
# https://github.com/NixOS/nix/blob/e503ead/src/libstore/globals.hh#L673-L687
supportedFeatures = [
"benchmark"
"big-parallel"
"kvm"
];
in
[
# Nix seems always try to build on the machine remotely
# to make use of the local machine's high-performance CPU, do not set remote builder's maxJobs too high.
{
# some of my remote builders are running NixOS
# and has the same sshUser, sshKey, systems, etc.
inherit sshUser sshKey systems supportedFeatures;
# emulated arch using binfmt_misc and qemu-user
"aarch64-linux"
"riscv64-linux"
];
# all available system features are poorly documentd here:
# https://github.com/NixOS/nix/blob/e503ead/src/libstore/globals.hh#L673-L687
supportedFeatures = [
"benchmark"
"big-parallel"
"kvm"
];
in [
# Nix seems always try to build on the machine remotely
# to make use of the local machine's high-performance CPU, do not set remote builder's maxJobs too high.
{
# some of my remote builders are running NixOS
# and has the same sshUser, sshKey, systems, etc.
inherit sshUser sshKey systems supportedFeatures;
# the hostName should be:
# 1. a hostname that can be resolved by DNS
# 2. the ip address of the remote builder
# 3. a host alias defined globally in /etc/ssh/ssh_config
hostName = "aquamarine";
# remote builder's max-job
maxJobs = 3;
# speedFactor's a signed integer
# but it seems that it's not used by Nix, takes no effect
speedFactor = 1;
}
{
inherit sshUser sshKey systems supportedFeatures;
hostName = "ruby";
maxJobs = 2;
speedFactor = 1;
}
{
inherit sshUser sshKey systems supportedFeatures;
hostName = "kana";
maxJobs = 2;
speedFactor = 1;
}
];
# the hostName should be:
# 1. a hostname that can be resolved by DNS
# 2. the ip address of the remote builder
# 3. a host alias defined globally in /etc/ssh/ssh_config
hostName = "aquamarine";
# remote builder's max-job
maxJobs = 3;
# speedFactor's a signed integer
# but it seems that it's not used by Nix, takes no effect
speedFactor = 1;
}
{
inherit sshUser sshKey systems supportedFeatures;
hostName = "ruby";
maxJobs = 2;
speedFactor = 1;
}
{
inherit sshUser sshKey systems supportedFeatures;
hostName = "kana";
maxJobs = 2;
speedFactor = 1;
}
];
# optional, useful when the builder has a faster internet connection than yours
nix.extraOptions = ''
builders-use-substitutes = true
'';
nix.extraOptions = ''
builders-use-substitutes = true
'';
# define the host alias for remote builders
# this config will be written to /etc/ssh/ssh_config
@@ -77,11 +76,11 @@
Host ai
HostName 192.168.5.100
Port 22
Host aquamarine
HostName 192.168.5.101
Port 22
Host ruby
HostName 192.168.5.102
Port 22
@@ -96,19 +95,19 @@
programs.ssh.knownHosts = {
# 星野 愛久愛海, Hoshino Aquamarine
aquamarine = {
hostNames = [ "aquamarine" "192.168.5.101" ];
hostNames = ["aquamarine" "192.168.5.101"];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDnCQXlllHoLX5EvU+t6yP/npsmuxKt0skHVeJashizE";
};
# 星野 瑠美衣, Hoshino Rubii
ruby = {
hostNames = [ "ruby" "192.168.5.102" ];
hostNames = ["ruby" "192.168.5.102"];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE7n11XxB8B3HjdyAsL3PuLVDZxWCzEOUTJAY8+goQmW";
};
# 有馬 かな, Arima Kana
kana = {
hostNames = [ "kana" "192.168.5.103" ];
hostNames = ["kana" "192.168.5.103"];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ3dDLOZERP1nZfRz3zIeVDm1q2Trer+fWFVvVXrgXM1";
};
};

39
modules/nixos/user-group.nix
View File

@@ -1,24 +1,24 @@
{ ... }:
{ username, ... }:
{
nix.settings.trusted-users = ["ryan"];
nix.settings.trusted-users = [username];
users.groups = {
ryan = { };
docker = { };
wireshark = { };
"${username}" = {};
docker = {};
wireshark = {};
};
# Define a user account. Don't forget to set a password with passwd.
users.users.ryan = {
users.users."${username}" = {
# the hashed password with salt is generated by run `mkpasswd`.
hashedPassword = "$y$j9T$YQu5vhlnogjDFDWp9QkPh0$Eu85OiwllqvLg5fzRVMLVHNO7InA3ro8grTJJIepyH1";
home = "/home/ryan";
home = "/home/${username}";
isNormalUser = true;
description = "ryan";
extraGroups = [
"ryan"
description = username;
extraGroups = [
username
"users"
"networkmanager"
"networkmanager"
"wheel"
"docker"
"wireshark"
@@ -29,4 +29,21 @@
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDiipi59EnVbi6bK1bGrcbfEM263wgdNfbrt6VBC1rHx ryan@ai-idols"
];
};
# DO NOT promote the specified user to input password for `nix-store` and `nix-copy-closure`
security.sudo.extraRules = [
{
users = [username];
commands = [
{
command = "/run/current-system/sw/bin/nix-store";
options = ["NOPASSWD"];
}
{
command = "/run/current-system/sw/bin/nix-copy-closure";
options = ["NOPASSWD"];
}
];
}
];
}