blob: b1d9127b44d60e7ac6e9bbeb76683d74fcffd2fd (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
|
{ self, config, pkgs, lib, ... }: with lib; {
options = {
virtualisation = mkSinkUndeclaredOptions {};
programs = {
virt-manager = mkSinkUndeclaredOptions {};
steam = mkSinkUndeclaredOptions {};
};
hardware = mkSinkUndeclaredOptions {};
services = {
resolved = mkSinkUndeclaredOptions {};
};
security = {
sudo.wheelNeedsPassword = mkSinkUndeclaredOptions {};
};
systemd = mkSinkUndeclaredOptions {};
users.users = mkOption {
type = types.attrsOf (types.submodule ({...}: {
options = {
extraGroups = mkSinkUndeclaredOptions {};
isNormalUser = mkSinkUndeclaredOptions {};
};
config = {
home = "/Users/${my.username}";
};
}));
};
};
config = {
fonts = {
packages = with pkgs; [
nerd-fonts.fira-code
nerd-fonts.jetbrains-mono
];
};
users.users.root.home = mkForce "/var/root";
# List packages installed in system profile. To search by name, run:
# $ nix-env -qaP | grep wget
environment.systemPackages =
[
pkgs.nushell
pkgs.zsh
pkgs.bashInteractive
pkgs.just
pkgs.git
];
hm = {
# services.ssh-agent.enable = true;
programs.git.enable = mkForce false;
home = {
sessionPath = [
"/opt/homebrew/bin"
];
# file.".config/aerospace".source = config.lib.meta.mkMutableSymlink /mut/aerospace;
# file."Library/KeyBindings/DefaultKeyBinding.dict".source = config.lib.meta.mkMutableSymlink /mut/DefaultKeyBinding.dict;
file."gpg-agent.conf" = {
text = ''
pinentry-program /opt/homebrew/bin/pinentry-mac
enable-ssh-support
ttyname $GPG_TTY
default-cache-ttl 60
max-cache-ttl 120
'';
target = ".gnupg/gpg-agent.conf";
};
};
};
networking.hostName = "work";
sops.age.keyFile = "${config.hm.xdg.configHome}/sops/age/keys.txt";
homebrew = {
enable = true;
brews = [
"pinentry-mac"
];
casks = [
"docker"
"intellij-idea-ce"
"visual-studio-code"
"zed"
];
masApps = {
tailscale = 1475387142;
slack = 803453959;
};
};
services.openssh.enable = false;
services.syncthing = {
cert = builtins.toFile "syncthing-cert" ''
-----BEGIN CERTIFICATE-----
MIICHDCCAaKgAwIBAgIICf/IfhEqojIwCgYIKoZIzj0EAwIwSjESMBAGA1UEChMJ
U3luY3RoaW5nMSAwHgYDVQQLExdBdXRvbWF0aWNhbGx5IEdlbmVyYXRlZDESMBAG
A1UEAxMJc3luY3RoaW5nMB4XDTI0MDIwOTAwMDAwMFoXDTQ0MDIwNDAwMDAwMFow
SjESMBAGA1UEChMJU3luY3RoaW5nMSAwHgYDVQQLExdBdXRvbWF0aWNhbGx5IEdl
bmVyYXRlZDESMBAGA1UEAxMJc3luY3RoaW5nMHYwEAYHKoZIzj0CAQYFK4EEACID
YgAEB3N4kE5gTlpCt8W/ocQQbDZMvIzmNghcl0tsc+EVPXCTnpinIB48jOxGNkPr
rm0o3EEPrI8O+cJqSydeyeSVMKYCjNswP6LiYNWaWua+SXjz25FurJxV21LXYMhc
1egPo1UwUzAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG
AQUFBwMCMAwGA1UdEwEB/wQCMAAwFAYDVR0RBA0wC4IJc3luY3RoaW5nMAoGCCqG
SM49BAMCA2gAMGUCMEOYa4HZKLy4WimWlAIpXU/joYvpIPS3dJP50VQIkKFj/eL8
p8+rG7+7P03W7J4E6AIxANp5CxwCtTlh1a1+8Kdvfc7ZvFuMwPlM3d8EFk9y9aRZ
jurkqKKyl7EUOk0ufvUaQQ==
-----END CERTIFICATE-----
'';
};
# Auto upgrade nix package and the daemon service.
services.nix-daemon.enable = true;
# nix.package = pkgs.nix;
# Necessary for using flakes on this system.
nix.settings.experimental-features = "nix-command flakes";
nix.extraOptions = ''extra-platforms = x86_64-darwin aarch64-darwin '';
nix.linux-builder.enable = true;
nix.settings.trusted-users = [ "@admin" "@ivi" ];
# Set Git commit hash for darwin-version.
system.configurationRevision = self.rev or self.dirtyRev or null;
# Used for backwards compatibility, please read the changelog before changing.
# $ darwin-rebuild changelog
system.stateVersion = 4;
# The platform the configuration will be used on.
nixpkgs.hostPlatform = "aarch64-darwin";
my.shell = pkgs.nushell;
environment.shells = [pkgs.bashInteractive pkgs.zsh pkgs.nushell];
environment.pathsToLink = [ "/share/zsh" ];
environment.variables = {
SLACK_NO_AUTO_UPDATES = "1";
};
};
}
|
