starred/nix-config
1
0
Fork 0
mirror of https://github.com/ryan4yin/nix-config.git synced 2026-04-29 12:17:05 +02:00
Code Issues Packages Projects Releases 10 Wiki Activity

feat: install some apps from apple store instead of homebrew

Browse Source 
feat: replace username with ryan
fix: secrets
This commit is contained in:
Ryan Yin
2023-07-15 16:15:00 +08:00
parent c90d1c0208
commit c6e736d64b
13 changed files with 184 additions and 118 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
Makefile
View File

@@ -44,15 +44,12 @@ darwin-set-proxy:
sudo python3 scripts/darwin_set_proxy.py sudo python3 scripts/darwin_set_proxy.py
darwin: darwin-set-proxy darwin: darwin-set-proxy
nix build .#darwinConfigurations.harmonica.system \ nix build .#darwinConfigurations.harmonica.system
--extra-experimental-features 'nix-command flakes'
./result/sw/bin/darwin-rebuild switch --flake . ./result/sw/bin/darwin-rebuild switch --flake .
darwin-debug: darwin-set-proxy darwin-debug: darwin-set-proxy
nix build .#darwinConfigurations.harmonica.system \ nix build .#darwinConfigurations.harmonica.system --show-trace --verbose
--show-trace --verbose \ ./result/sw/bin/darwin-rebuild switch --flake .#harmonica --show-trace --verbose
--extra-experimental-features 'nix-command flakes'
./result/sw/bin/darwin-rebuild switch --flake . --show-trace --verbose
############################################################################ ############################################################################

31
flake.lock generated
View File

@@ -7,17 +7,16 @@
"nixpkgs": "nixpkgs" "nixpkgs": "nixpkgs"
}, },
"locked": { "locked": {
"lastModified": 1684153753, "lastModified": 1689334118,
"narHash": "sha256-PVbWt3qrjYAK+T5KplFcO+h7aZWfEj1UtyoKlvcDxh0=", "narHash": "sha256-djk5AZv1yU84xlKFaVHqFWvH73U7kIRstXwUAnDJPsk=",
"owner": "ryantm", "owner": "ryantm",
"repo": "agenix", "repo": "agenix",
"rev": "db5637d10f797bb251b94ef9040b237f4702cde3", "rev": "0d8c5325fc81daf00532e3e26c6752f7bcde1143",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "ryantm", "owner": "ryantm",
"repo": "agenix", "repo": "agenix",
"rev": "db5637d10f797bb251b94ef9040b237f4702cde3",
"type": "github" "type": "github"
} }
}, },
@@ -242,10 +241,10 @@
"mysecrets": { "mysecrets": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1689338661, "lastModified": 1689349623,
"narHash": "sha256-yRWO66sDXWYMKgGVHQ5KmzaOQbgFdKpfikHVi/OLioM=", "narHash": "sha256-qcoafd+3BirNkN44YcLhixH+AEbmEcu238S8D0qooFQ=",
"ref": "refs/heads/main", "ref": "refs/heads/main",
"rev": "e468b93e6d92c5398e55d30f1ec9752030308035", "rev": "6ed7a2c3c4c10bda234db78f0051d6e6f39ce187",
"shallow": true, "shallow": true,
"type": "git", "type": "git",
"url": "ssh://git@github.com/ryan4yin/nix-secrets.git" "url": "ssh://git@github.com/ryan4yin/nix-secrets.git"
@@ -360,11 +359,11 @@
}, },
"nixpkgs-unstable": { "nixpkgs-unstable": {
"locked": { "locked": {
"lastModified": 1689192006, "lastModified": 1689282004,
"narHash": "sha256-QM0f0d8oPphOTYJebsHioR9+FzJcy1QNIzREyubB91U=", "narHash": "sha256-VNhuyb10c9SV+3hZOlxwJwzEGytZ31gN9w4nPCnNvdI=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "2de8efefb6ce7f5e4e75bdf57376a96555986841", "rev": "e74e68449c385db82de3170288a28cd0f608544f",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -382,11 +381,11 @@
"nixpkgs": "nixpkgs_5" "nixpkgs": "nixpkgs_5"
}, },
"locked": { "locked": {
"lastModified": 1689333233, "lastModified": 1689352891,
"narHash": "sha256-MRJcuia/nnpN4rigEOZTgDKPjNfaiqr8LfLdqcTJmdc=", "narHash": "sha256-R2WdPDvDzT4h+vgJKd/LcZk/GsGnVONez5/h3ay2jtM=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nixpkgs-wayland", "repo": "nixpkgs-wayland",
"rev": "62657e12fcad6f4e1180f87031c718787faf8fb1", "rev": "a4d97549d6410c03cfaa13568d025edd0269f8bb",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -445,11 +444,11 @@
}, },
"nixpkgs_5": { "nixpkgs_5": {
"locked": { "locked": {
"lastModified": 1689192006, "lastModified": 1689282004,
"narHash": "sha256-QM0f0d8oPphOTYJebsHioR9+FzJcy1QNIzREyubB91U=", "narHash": "sha256-VNhuyb10c9SV+3hZOlxwJwzEGytZ31gN9w4nPCnNvdI=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "2de8efefb6ce7f5e4e75bdf57376a96555986841", "rev": "e74e68449c385db82de3170288a28cd0f608544f",
"type": "github" "type": "github"
}, },
"original": { "original": {

6
flake.nix
View File

@@ -11,10 +11,10 @@
# the nixConfig here only affects the flake itself, not the system configuration! # the nixConfig here only affects the flake itself, not the system configuration!
nixConfig = { nixConfig = {
experimental-features = [ "nix-command" "flakes" ]; experimental-features = [ "nix-command" "flakes" ];
trusted-users = [ "ryan" ];
substituters = [ substituters = [
# replace official cache with a mirror located in China # replace official cache with a mirror located in China
"https://mirrors.bfsu.edu.cn/nix-channels/store"
"https://mirrors.ustc.edu.cn/nix-channels/store" "https://mirrors.ustc.edu.cn/nix-channels/store"
"https://cache.nixos.org" "https://cache.nixos.org"
]; ];
@@ -70,7 +70,7 @@
}; };
# secrets management, lock with git commit at 2023/5/15 # secrets management, lock with git commit at 2023/5/15
agenix.url = "github:ryantm/agenix/db5637d10f797bb251b94ef9040b237f4702cde3"; agenix.url = "github:ryantm/agenix";
# AstroNvim is an aesthetic and feature-rich neovim config. # AstroNvim is an aesthetic and feature-rich neovim config.
astronvim = { url = "github:AstroNvim/AstroNvim/v3.32.0"; flake = false; }; astronvim = { url = "github:AstroNvim/AstroNvim/v3.32.0"; flake = false; };
@@ -193,7 +193,7 @@
home-manager.useUserPackages = true; home-manager.useUserPackages = true;
home-manager.extraSpecialArgs = inputs; home-manager.extraSpecialArgs = inputs;
home-manager.users.admin = import ./home/darwin; home-manager.users.ryan = import ./home/darwin;
} }
]; ];
}; };

14
home/base/server/core.nix
View File

@@ -65,14 +65,14 @@
enable = true; enable = true;
config = { config = {
pager = "less -FR"; pager = "less -FR";
theme = "Catppuccin-mocha"; # theme = "Catppuccin-mocha";
};
themes = {
Catppuccin-mocha = builtins.readFile (pkgs.fetchurl {
url = "https://raw.githubusercontent.com/catppuccin/bat/main/Catppuccin-mocha.tmTheme";
hash = "sha256-qMQNJGZImmjrqzy7IiEkY5IhvPAMZpq0W6skLLsng/w=";
});
}; };
#themes = {
# Catppuccin-mocha = builtins.readFile (pkgs.fetchurl {
# url = "https://raw.githubusercontent.com/catppuccin/bat/main/Catppuccin-mocha.tmTheme";
# hash = "sha256-qMQNJGZImmjrqzy7IiEkY5IhvPAMZpq0W6skLLsng/w=";
# });
#};
}; };
# skim provides a single executable: sk. # skim provides a single executable: sk.

4
home/darwin/default.nix
View File

@@ -12,9 +12,9 @@
# Home Manager needs a bit of information about you and the # Home Manager needs a bit of information about you and the
# paths it should manage. # paths it should manage.
home = { home = {
username = "admin"; username = "ryan";
# set homeDirectory make build fail # set homeDirectory make build fail
homeDirectory = "/Users/admin"; homeDirectory = "/Users/ryan";
# This value determines the Home Manager release that your # This value determines the Home Manager release that your
# configuration is compatible with. This helps avoid breakage # configuration is compatible with. This helps avoid breakage

2
hosts/harmonica/default.nix
View File

@@ -11,6 +11,6 @@
../../modules/darwin/core.nix ../../modules/darwin/core.nix
../../modules/darwin/apps.nix ../../modules/darwin/apps.nix
../../secrets ../../secrets/darwin.nix
]; ];
} }

2
hosts/idols/ai/default.nix
View File

@@ -20,7 +20,7 @@
# ../../../modules/nixos/remote-building.nix # ../../../modules/nixos/remote-building.nix
../../../modules/nixos/user-group.nix ../../../modules/nixos/user-group.nix
../../../secrets ../../../secrets/nixos.nix
]; ];
nixpkgs.overlays = import ../../../overlays args; nixpkgs.overlays = import ../../../overlays args;

30
modules/darwin/apps.nix
View File

@@ -11,7 +11,7 @@
system = { system = {
# activationScripts are executed every time you boot the system or run `nixos-rebuild`. # activationScripts are executed every time you boot the system or run `nixos-rebuild` / `darwin-rebuild`.
activationScripts.postUserActivation.text = '' activationScripts.postUserActivation.text = ''
# activateSettings -u will reload the settings from the database and apply them to the current session, # activateSettings -u will reload the settings from the database and apply them to the current session,
# so we do not need to logout and login again to make the changes take effect. # so we do not need to logout and login again to make the changes take effect.
@@ -125,8 +125,19 @@
}; };
}; };
# Homebrew Mirror
environment.variables = {
HOMEBREW_API_DOMAIN = "https://mirrors.tuna.tsinghua.edu.cn/homebrew-bottles/api";
HOMEBREW_BOTTLE_DOMAIN = "https://mirrors.tuna.tsinghua.edu.cn/homebrew-bottles";
HOMEBREW_BREW_GIT_REMOTE = "https://mirrors.tuna.tsinghua.edu.cn/git/homebrew/brew.git";
HOMEBREW_CORE_GIT_REMOTE = "https://mirrors.tuna.tsinghua.edu.cn/git/homebrew/homebrew-core.git";
HOMEBREW_PIP_INDEX_URL = "https://pypi.tuna.tsinghua.edu.cn/simple";
};
homebrew = { homebrew = {
enable = true; # TODO Homebrew install takes a long time,
# So only enable this when you make changes.
enable = false;
onActivation = { onActivation = {
autoUpdate = false; autoUpdate = false;
@@ -135,8 +146,17 @@
}; };
# Applications to install from Mac App Store using mas. # Applications to install from Mac App Store using mas.
# You need to install all these Apps manually first so that your apple account have records for them.
# otherwise Apple Store will refuse to install them.
# For details, see https://github.com/mas-cli/mas
masApps = { masApps = {
# Xcode = 497799835; # Xcode = 497799835;
Wechat = 836500024;
QQ = 451108668;
WeCom = 1189898970; # Wechat for Work
TecentMetting = 1484048379;
NeteaseCloudMusic = 944848654;
QQMusic = 595615424;
}; };
taps = [ taps = [
@@ -161,7 +181,6 @@
# `brew install --cask` # `brew install --cask`
casks = [ casks = [
# broser & editor
"firefox" "firefox"
"google-chrome" "google-chrome"
"visual-studio-code" "visual-studio-code"
@@ -169,13 +188,9 @@
# IM & audio & remote desktop & meeting # IM & audio & remote desktop & meeting
"telegram" "telegram"
"discord" "discord"
"wechat"
"qq"
"neteasemusic" "neteasemusic"
"qqmusic" "qqmusic"
"microsoft-remote-desktop" "microsoft-remote-desktop"
"wechatwork"
"tencent-meeting"
# "anki" # "anki"
"clashx" # proxy tool "clashx" # proxy tool
@@ -185,7 +200,6 @@
"raycast" # (HotKey: alt/option + space)search, caculate and run scripts(with many plugins) "raycast" # (HotKey: alt/option + space)search, caculate and run scripts(with many plugins)
"iglance" # beautiful system monitor "iglance" # beautiful system monitor
"eudic" # 欧路词典 "eudic" # 欧路词典
"baiduinput" # baidu input method
# "reaper" # audio editor # "reaper" # audio editor
# Development # Development

12
modules/darwin/core.nix
View File

@@ -14,7 +14,7 @@
# enable flakes globally # enable flakes globally
nix.settings.experimental-features = [ "nix-command" "flakes" ]; nix.settings.experimental-features = [ "nix-command" "flakes" ];
nix.settings.trusted-users = ["admin"]; nix.settings.trusted-users = ["ryan"];
# Allow unfree packages # Allow unfree packages
nixpkgs.config.allowUnfree = true; nixpkgs.config.allowUnfree = true;
@@ -44,7 +44,9 @@
security.pam.enableSudoTouchIdAuth = true; security.pam.enableSudoTouchIdAuth = true;
# Set your time zone. # Set your time zone.
time.timeZone = "Asia/Shanghai"; # comment this due to the issue:
# https://github.com/LnL7/nix-darwin/issues/359
# time.timeZone = "Asia/shanghai";
# Apps # Apps
# `home-manager` currently has issues adding them to `~/Applications` # `home-manager` currently has issues adding them to `~/Applications`
@@ -80,9 +82,9 @@
}; };
# Define a user account. Don't forget to set a password with passwd. # Define a user account. Don't forget to set a password with passwd.
users.users.admin = { users.users.ryan = {
home = "/Users/admin"; home = "/Users/ryan";
description = "admin"; description = "ryan";
# set user's default shell back to zsh # set user's default shell back to zsh
# `chsh -s /bin/zsh` # `chsh -s /bin/zsh`

12
scripts/darwin_set_proxy.py
View File

@@ -12,7 +12,8 @@ from pathlib import Path
NIX_DAEMON_PLIST = Path("/Library/LaunchDaemons/org.nixos.nix-daemon.plist") NIX_DAEMON_PLIST = Path("/Library/LaunchDaemons/org.nixos.nix-daemon.plist")
NIX_DAEMON_NAME = "org.nixos.nix-daemon" NIX_DAEMON_NAME = "org.nixos.nix-daemon"
# http proxy provided by clash # http proxy provided by clash
HTTP_PROXY = "http://127.0.0.1:7890" # HTTP_PROXY = "http://127.0.0.1:7890"
HTTP_PROXY = "http://192.168.5.201:7890"
pl = plistlib.loads(NIX_DAEMON_PLIST.read_bytes()) pl = plistlib.loads(NIX_DAEMON_PLIST.read_bytes())
@@ -20,6 +21,15 @@ pl = plistlib.loads(NIX_DAEMON_PLIST.read_bytes())
pl["EnvironmentVariables"]["HTTP_PROXY"] = HTTP_PROXY pl["EnvironmentVariables"]["HTTP_PROXY"] = HTTP_PROXY
pl["EnvironmentVariables"]["HTTPS_PROXY"] = HTTP_PROXY pl["EnvironmentVariables"]["HTTPS_PROXY"] = HTTP_PROXY
# Homebrew Mirror
pl["EnvironmentVariables"].update({
"HOMEBREW_API_DOMAIN": "https://mirrors.tuna.tsinghua.edu.cn/homebrew-bottles/api",
"HOMEBREW_BOTTLE_DOMAIN": "https://mirrors.tuna.tsinghua.edu.cn/homebrew-bottles",
"HOMEBREW_BREW_GIT_REMOTE": "https://mirrors.tuna.tsinghua.edu.cn/git/homebrew/brew.git",
"HOMEBREW_CORE_GIT_REMOTE": "https://mirrors.tuna.tsinghua.edu.cn/git/homebrew/homebrew-core.git",
"HOMEBREW_PIP_INDEX_URL": "https://pypi.tuna.tsinghua.edu.cn/simple",
})
os.chmod(NIX_DAEMON_PLIST, 0o644) os.chmod(NIX_DAEMON_PLIST, 0o644)
NIX_DAEMON_PLIST.write_bytes(plistlib.dumps(pl)) NIX_DAEMON_PLIST.write_bytes(plistlib.dumps(pl))
os.chmod(NIX_DAEMON_PLIST, 0o444) os.chmod(NIX_DAEMON_PLIST, 0o444)

56
secrets/darwin.nix Normal file
View File

@@ -0,0 +1,56 @@
{ config, pkgs, agenix, mysecrets, ... }:
{
imports = [
agenix.darwinModules.default
];
environment.systemPackages = [
agenix.packages."${pkgs.system}".default
];
# if you changed this key, you need to regenerate all encrypt files from the decrypt contents!
age.identityPaths = [
"/Users/ryan/.ssh/juliet-age" # macOS
];
age.secrets = {
"wg-business.conf" = {
file = "${mysecrets}/wg-business.conf.age";
};
# alias-for-work
"alias-for-work.nushell" = {
file = "${mysecrets}/alias-for-work.nushell.age";
};
"alias-for-work.bash" = {
file = "${mysecrets}/alias-for-work.bash.age";
};
};
# place secrets in /etc/
environment.etc = {
# wireguard config used with `wg-quick up wg-business`
"wireguard/wg-business.conf" = {
source = config.age.secrets."wg-business.conf".path;
};
# The following secrets are used by home-manager modules
# But nix-darwin doesn't support environment.etc.<name>.mode
# So we need to change its mode manually
"agenix/alias-for-work.nushell" = {
source = config.age.secrets."alias-for-work.nushell".path;
};
"agenix/alias-for-work.bash" = {
source = config.age.secrets."alias-for-work.bash".path;
};
};
# activationScripts are executed every time you boot the system or run `nixos-rebuild` / `darwin-rebuild`.
system.activationScripts.postUserActivation.text = ''
sudo chmod 644 /etc/agenix/alias-for-work.nushell
sudo chmod 644 /etc/agenix/alias-for-work.bash
'';
}

68
secrets/default.nix
View File

@@ -1,68 +0,0 @@
{ config, pkgs, agenix, mysecrets, ... }:
{
imports = [
(agenix.nixosModules.default)
];
environment.systemPackages = [
agenix.packages."${pkgs.system}".default
];
# if you changed this key, you need to regenerate all encrypt files from the decrypt contents!
age.identityPaths = [ "/home/ryan/.ssh/juliet-age" ];
############################################################################
#
# The following secrets are used by NixOS Modules
#
############################################################################
# wireguard config used with `wg-quick up wg-business`
age.secrets."wg-business.conf" = {
# wether secrets are symlinked to age.secrets.<name>.path(default to true)
symlink = true;
# target path for decrypted file
path = "/etc/wireguard/";
# encrypted file path
file = "${mysecrets}/wg-business.conf.age";
mode = "0400";
owner = "root";
group = "root";
};
# smb-credentials is referenced in /etc/fstab, by ../hosts/ai/cifs-mount.nix
age.secrets."smb-credentials" = {
file = "${mysecrets}/smb-credentials.age";
};
############################################################################
#
# The following secrets are used by home-manager modules
# So they should be readable by the user `ryan`
#
############################################################################
age.secrets."alias-for-work.nushell" = {
file = "${mysecrets}/alias-for-work.nushell.age";
};
age.secrets."alias-for-work.bash" = {
file = "${mysecrets}/alias-for-work.bash.age";
};
environment.etc = {
"agenix/alias-for-work.nushell" = {
source = config.age.secrets."alias-for-work.nushell".path;
mode = "0600";
uid = 1000;
gid = 1000;
};
"agenix/alias-for-work.bash" = {
source = config.age.secrets."alias-for-work.bash".path;
mode = "0600";
uid = 1000;
gid = 1000;
};
};
}

56
secrets/nixos.nix Normal file
View File

@@ -0,0 +1,56 @@
{ config, pkgs, agenix, mysecrets, ... }:
{
imports = [
agenix.nixosModules.default
];
environment.systemPackages = [
agenix.packages."${pkgs.system}".default
];
# if you changed this key, you need to regenerate all encrypt files from the decrypt contents!
age.identityPaths = [
"/home/ryan/.ssh/juliet-age" # Linux
];
# Used only by NixOS Modules
# smb-credentials is referenced in /etc/fstab, by ../hosts/ai/cifs-mount.nix
age.secrets."smb-credentials" = {
file = "${mysecrets}/smb-credentials.age";
};
age.secrets = {
"wg-business.conf" = {
file = "${mysecrets}/wg-business.conf.age";
};
# alias-for-work
"alias-for-work.nushell" = {
file = "${mysecrets}/alias-for-work.nushell.age";
};
"alias-for-work.bash" = {
file = "${mysecrets}/alias-for-work.bash.age";
};
};
# place secrets in /etc/
environment.etc = {
# wireguard config used with `wg-quick up wg-business`
"wireguard/wg-business.conf" = {
source = config.age.secrets."wg-business.conf".path;
};
# The following secrets are used by home-manager modules
# So we need to make then readable by the user
"agenix/alias-for-work.nushell" = {
source = config.age.secrets."alias-for-work.nushell".path;
mode = "0644";
};
"agenix/alias-for-work.bash" = {
source = config.age.secrets."alias-for-work.bash".path;
mode = "0644";
};
};
}