summaryrefslogtreecommitdiff
path: root/machines/work.nix
blob: be8580afa3c6dcc7bb1fa3d907ed1c02b75d68a3 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135

{ self, config, pkgs, lib, ... }: with lib; {
  options = {
    virtualisation = mkSinkUndeclaredOptions {};
    programs = {
      virt-manager = mkSinkUndeclaredOptions {};
      steam = mkSinkUndeclaredOptions {};
    };
    hardware = mkSinkUndeclaredOptions {};
    services = {
      resolved = mkSinkUndeclaredOptions {};
      openssh.enable = mkOption {
        type = types.bool;
        default = false;
      };
    };
    security = {
      sudo = mkSinkUndeclaredOptions {};
    };
    users.users = mkOption {
      type = types.attrsOf (types.submodule ({...}: {
        options = {
          extraGroups = mkSinkUndeclaredOptions {};
          isNormalUser = mkSinkUndeclaredOptions {};
        };
        config = {
          home = "/Users/${ivi.username}";
        };
      }));
    };
  };
  config = {
    # List packages installed in system profile. To search by name, run:
    # $ nix-env -qaP | grep wget
    environment.systemPackages =
      [ pkgs.qemu
        pkgs.kitty
        pkgs.openssh
        pkgs.python311
        pkgs.mpv
      ];
    hm.home.sessionPath = [
      "/opt/homebrew/bin"
    ];

    networking.hostName = "work";
    sops.age.keyFile = "${config.hm.xdg.configHome}/sops/age/keys.txt";
    homebrew = {
      enable = true;
      brews = [
        "choose-gui"
      ];
      casks = [
        "docker"
      ];
      masApps = {
        tailscale = 1475387142;
      };
    };
    services.syncthing = {
      cert = builtins.toFile "syncthing-cert" ''
        -----BEGIN CERTIFICATE-----
        MIICHDCCAaKgAwIBAgIICf/IfhEqojIwCgYIKoZIzj0EAwIwSjESMBAGA1UEChMJ
        U3luY3RoaW5nMSAwHgYDVQQLExdBdXRvbWF0aWNhbGx5IEdlbmVyYXRlZDESMBAG
        A1UEAxMJc3luY3RoaW5nMB4XDTI0MDIwOTAwMDAwMFoXDTQ0MDIwNDAwMDAwMFow
        SjESMBAGA1UEChMJU3luY3RoaW5nMSAwHgYDVQQLExdBdXRvbWF0aWNhbGx5IEdl
        bmVyYXRlZDESMBAGA1UEAxMJc3luY3RoaW5nMHYwEAYHKoZIzj0CAQYFK4EEACID
        YgAEB3N4kE5gTlpCt8W/ocQQbDZMvIzmNghcl0tsc+EVPXCTnpinIB48jOxGNkPr
        rm0o3EEPrI8O+cJqSydeyeSVMKYCjNswP6LiYNWaWua+SXjz25FurJxV21LXYMhc
        1egPo1UwUzAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG
        AQUFBwMCMAwGA1UdEwEB/wQCMAAwFAYDVR0RBA0wC4IJc3luY3RoaW5nMAoGCCqG
        SM49BAMCA2gAMGUCMEOYa4HZKLy4WimWlAIpXU/joYvpIPS3dJP50VQIkKFj/eL8
        p8+rG7+7P03W7J4E6AIxANp5CxwCtTlh1a1+8Kdvfc7ZvFuMwPlM3d8EFk9y9aRZ
        jurkqKKyl7EUOk0ufvUaQQ==
        -----END CERTIFICATE-----
      '';
    };
    services.skhd = {
      enable = true;
      skhdConfig = ''
        cmd - 1 : osascript -e 'tell application "kitty" to activate'
        cmd - 2 : osascript -e 'tell application "Google Chrome" to activate'
        cmd - 3 : osascript -e 'tell application "slack" to activate'
        cmd - 4 : osascript -e 'tell application "Microsoft Teams (work or school)" to activate'
        cmd - 5 : osascript -e 'tell application "calendar" to activate'
        cmd - 6 : osascript -e 'tell application "mail" to activate'
        cmd - return : ${pkgs.kitty}/bin/kitty --single-instance -d ~
        cmd + shift - d : ${pkgs.writers.writeBash "passmenu" ''
          shopt -s nullglob globstar

          dmenu="/opt/homebrew/bin/choose"

          (
              export PASSWORD_STORE_DIR="$HOME/sync/password-store"
              prefix="$PASSWORD_STORE_DIR"
              echo "prefix: $prefix"
              password_files=( "$prefix"/**/*.gpg )
              password_files=( "''${password_files[@]#"$prefix"/}" )
              password_files=( "''${password_files[@]%.gpg}" )
              echo "password_files: ''${password_files[*]}"

              password="$(printf '%s\n' "''${password_files[@]}" | "$dmenu" "$@")"
              echo "password: $password"

              [[ -n $password ]] || exit

              ${pkgs.pass}/bin/pass show -c "$password"
          ) >/tmp/debug 2>&1
        ''}
      '';
    };

    # Auto upgrade nix package and the daemon service.
    services.nix-daemon.enable = true;
    # nix.package = pkgs.nix;

    # Necessary for using flakes on this system.
    nix.settings.experimental-features = "nix-command flakes";

    nix.extraOptions = ''extra-platforms = x86_64-darwin aarch64-darwin '';

    # Set Git commit hash for darwin-version.
    system.configurationRevision = self.rev or self.dirtyRev or null;

    # Used for backwards compatibility, please read the changelog before changing.
    # $ darwin-rebuild changelog
    system.stateVersion = 4;

    # The platform the configuration will be used on.
    nixpkgs.hostPlatform = "aarch64-darwin";
    users.users.${ivi.username} = {
      shell = pkgs.bashInteractive;
    };
    environment.shells = [pkgs.bashInteractive];
  };
}
generated by cgit v1.2.3 (git 2.25.1) at 2026-02-12 13:04:46 +0000