diff --git a/nix-darwin/flake.lock b/nix-darwin/flake.lock index d4c056cb..5990f462 100644 --- a/nix-darwin/flake.lock +++ b/nix-darwin/flake.lock @@ -3,19 +3,42 @@ "agenix": { "inputs": { "darwin": "darwin", - "home-manager": "home-manager_2", + "home-manager": "home-manager", + "nixpkgs": [ + "nixpkgs" + ], + "systems": "systems" + }, + "locked": { + "lastModified": 1770165109, + "narHash": "sha256-9VnK6Oqai65puVJ4WYtCTvlJeXxMzAp/69HhQuTdl/I=", + "owner": "ryantm", + "repo": "agenix", + "rev": "b027ee29d959fda4b60b57566d64c98a202e0feb", + "type": "github" + }, + "original": { + "owner": "ryantm", + "repo": "agenix", + "type": "github" + } + }, + "agenix_2": { + "inputs": { + "darwin": "darwin_2", + "home-manager": "home-manager_3", "nixpkgs": [ "railbird-secrets", "nixpkgs" ], - "systems": "systems_3" + "systems": "systems_5" }, "locked": { - "lastModified": 1707830867, - "narHash": "sha256-PAdwm5QqdlwIqGrfzzvzZubM+FXtilekQ/FA0cI49/o=", + "lastModified": 1770165109, + "narHash": "sha256-9VnK6Oqai65puVJ4WYtCTvlJeXxMzAp/69HhQuTdl/I=", "owner": "ryantm", "repo": "agenix", - "rev": "8cb01a0e717311680e0cbca06a76cbceba6f3ed6", + "rev": "b027ee29d959fda4b60b57566d64c98a202e0feb", "type": "github" }, "original": { @@ -27,16 +50,16 @@ "brew-src": { "flake": false, "locked": { - "lastModified": 1769363988, - "narHash": "sha256-BiGPeulrDVetXP+tjxhMcGLUROZAtZIhU5m4MqawCfM=", + "lastModified": 1774235677, + "narHash": "sha256-0ryNYmzDAeRlrzPTAgmzGH/Cgc8iv/LBN6jWGUANvIk=", "owner": "Homebrew", "repo": "brew", - "rev": "d01011cac6d72032c75fd2cd9489909e95d9faf2", + "rev": "894a3d23ac0c8aaf561b9874b528b9cb2e839201", "type": "github" }, "original": { "owner": "Homebrew", - "ref": "5.0.12", + "ref": "5.1.1", "repo": "brew", "type": "github" } @@ -49,11 +72,11 @@ ] }, "locked": { - "lastModified": 1770315205, - "narHash": "sha256-yOYprNUvMHRBC7EfmhNOYYLqNm43cLtydV39ITnCfZk=", + "lastModified": 1776370363, + "narHash": "sha256-Ul2mJIH6irPdJLiVFDUcSbc7rv7ULWutGjIv7IHOvyI=", "owner": "sadjow", "repo": "claude-code-nix", - "rev": "b774ffcdcd9987f4a2e6e3809130d04438e29a13", + "rev": "9e198808ce7466eceb5bbd341936d6c410f9c664", "type": "github" }, "original": { @@ -70,11 +93,11 @@ ] }, "locked": { - "lastModified": 1770406581, - "narHash": "sha256-5EBQV4crivXXwhrA+1s9ApMWryES/eadcNETtHin6Ko=", + "lastModified": 1776288174, + "narHash": "sha256-kCvsC6JxJtcpLLPrrjptgmBlV7Zmz0NWdLfoP15+jOc=", "owner": "sadjow", "repo": "codex-cli-nix", - "rev": "d3abf748ac6a06016a6fff14b5a99dedacf72378", + "rev": "7c050fa951b5ca20a4754b42ec5242231edda35f", "type": "github" }, "original": { @@ -87,17 +110,16 @@ "darwin": { "inputs": { "nixpkgs": [ - "railbird-secrets", "agenix", "nixpkgs" ] }, "locked": { - "lastModified": 1700795494, - "narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=", + "lastModified": 1744478979, + "narHash": "sha256-dyN+teG9G82G+m+PX/aSAagkC+vUv0SgUw3XkPhQodQ=", "owner": "lnl7", "repo": "nix-darwin", - "rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d", + "rev": "43975d782b418ebf4969e9ccba82466728c2851b", "type": "github" }, "original": { @@ -107,9 +129,76 @@ "type": "github" } }, + "darwin_2": { + "inputs": { + "nixpkgs": [ + "railbird-secrets", + "agenix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1744478979, + "narHash": "sha256-dyN+teG9G82G+m+PX/aSAagkC+vUv0SgUw3XkPhQodQ=", + "owner": "lnl7", + "repo": "nix-darwin", + "rev": "43975d782b418ebf4969e9ccba82466728c2851b", + "type": "github" + }, + "original": { + "owner": "lnl7", + "ref": "master", + "repo": "nix-darwin", + "type": "github" + } + }, + "fenix": { + "inputs": { + "nixpkgs": [ + "git-blame-rank", + "nixpkgs" + ], + "rust-analyzer-src": "rust-analyzer-src" + }, + "locked": { + "lastModified": 1773299640, + "narHash": "sha256-kTsZ5xGZqaeJ8jWsfZNACo/VsW3riVuIQEPWVGiqWKM=", + "owner": "nix-community", + "repo": "fenix", + "rev": "8ac78ff968869cd05d9cb42fbf63bdbc6851ec19", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "fenix", + "type": "github" + } + }, + "fenix_2": { + "inputs": { + "nixpkgs": [ + "keepbook", + "nixpkgs" + ], + "rust-analyzer-src": "rust-analyzer-src_2" + }, + "locked": { + "lastModified": 1769842381, + "narHash": "sha256-0dPzo1ElvAIZ0RwEwx5FfqAUiFj22K9QJOU9stiMCrw=", + "owner": "nix-community", + "repo": "fenix", + "rev": "b2344f384a82db1410ab09769eb8c4a820de667f", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "fenix", + "type": "github" + } + }, "flake-utils": { "inputs": { - "systems": "systems" + "systems": "systems_2" }, "locked": { "lastModified": 1731533236, @@ -127,7 +216,7 @@ }, "flake-utils_2": { "inputs": { - "systems": "systems_2" + "systems": "systems_3" }, "locked": { "lastModified": 1731533236, @@ -147,6 +236,24 @@ "inputs": { "systems": "systems_4" }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_4": { + "inputs": { + "systems": "systems_6" + }, "locked": { "lastModified": 1709126324, "narHash": "sha256-q6EQdSeUZOG26WelxqkmR7kArjgWCdw5sfJVHPH/7j8=", @@ -161,18 +268,43 @@ "type": "github" } }, - "home-manager": { + "git-blame-rank": { "inputs": { + "fenix": "fenix", + "flake-utils": [ + "flake-utils" + ], "nixpkgs": [ "nixpkgs" ] }, "locked": { - "lastModified": 1770318660, - "narHash": "sha256-yFVde8QZK7Dc0Xa8eQDsmxLX4NJNfL1NKfctSyiQgMY=", + "lastModified": 1773949452, + "narHash": "sha256-0gqIfgmZcvxyzfrHwCokPBUCRRmpWFYZ1pplohqTCAY=", + "owner": "colonelpanic8", + "repo": "git-blame-rank", + "rev": "16daa3aa6c9471da4beadb9cc05c54f4c1de65f8", + "type": "github" + }, + "original": { + "owner": "colonelpanic8", + "repo": "git-blame-rank", + "type": "github" + } + }, + "home-manager": { + "inputs": { + "nixpkgs": [ + "agenix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1745494811, + "narHash": "sha256-YZCh2o9Ua1n9uCvrvi5pRxtuVNml8X2a03qIFfRKpFs=", "owner": "nix-community", "repo": "home-manager", - "rev": "471e6a065f9efed51488d7c51a9abbd387df91b8", + "rev": "abfad3d2958c9e6300a883bd443512c55dfeb1be", "type": "github" }, "original": { @@ -182,6 +314,26 @@ } }, "home-manager_2": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1776454077, + "narHash": "sha256-7zSUFWsU0+jlD7WB3YAxQ84Z/iJurA5hKPm8EfEyGJk=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "565e5349208fe7d0831ef959103c9bafbeac0681", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, + "home-manager_3": { "inputs": { "nixpkgs": [ "railbird-secrets", @@ -190,11 +342,11 @@ ] }, "locked": { - "lastModified": 1703113217, - "narHash": "sha256-7ulcXOk63TIT2lVDSExj7XzFx09LpdSAPtvgtM7yQPE=", + "lastModified": 1745494811, + "narHash": "sha256-YZCh2o9Ua1n9uCvrvi5pRxtuVNml8X2a03qIFfRKpFs=", "owner": "nix-community", "repo": "home-manager", - "rev": "3bfaacf46133c037bb356193bd2f1765d9dc82c1", + "rev": "abfad3d2958c9e6300a883bd443512c55dfeb1be", "type": "github" }, "original": { @@ -206,11 +358,11 @@ "homebrew-cask": { "flake": false, "locked": { - "lastModified": 1770329113, - "narHash": "sha256-Os2PWAIdjdsVcBjHcI8Ylwty5qnR+Dhvb1LQ2kuR29A=", + "lastModified": 1776455667, + "narHash": "sha256-OKDV1G6pwELUesgrywURqPIROI6F1lm0mWCVY2ytd9Q=", "owner": "homebrew", "repo": "homebrew-cask", - "rev": "9db89c6e9fe65f0fe9c8ecf6070e788532161fde", + "rev": "4bcd1598f14109e9edd27f4dc9d81fde8caa7174", "type": "github" }, "original": { @@ -222,11 +374,11 @@ "homebrew-core": { "flake": false, "locked": { - "lastModified": 1770328672, - "narHash": "sha256-l9sCOH8PyK7QyjsT8W8k4ql/2Hzv7FCYGq6l0WEh5AM=", + "lastModified": 1776452660, + "narHash": "sha256-4my3q2B6l0/m6UlyrKHGpdtZi+2FO7gVbDzUPQVbtGg=", "owner": "homebrew", "repo": "homebrew-core", - "rev": "a483f6dd19f9d604f5db5edaa58c3ad43c23e2b3", + "rev": "8f3e1320b037c2d774334de9d9afe75e043916b5", "type": "github" }, "original": { @@ -235,6 +387,30 @@ "type": "github" } }, + "keepbook": { + "inputs": { + "fenix": "fenix_2", + "flake-utils": [ + "flake-utils" + ], + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1776369368, + "narHash": "sha256-5jnqHK2pOCr6Tp8FSyDIizWhiwdfhjQwwYjiKCzfdI0=", + "owner": "colonelpanic8", + "repo": "keepbook", + "rev": "4c573ac7343b588d0fff8e3cf83c100fbf272544", + "type": "github" + }, + "original": { + "owner": "colonelpanic8", + "repo": "keepbook", + "type": "github" + } + }, "nix-darwin": { "inputs": { "nixpkgs": [ @@ -242,11 +418,11 @@ ] }, "locked": { - "lastModified": 1770184146, - "narHash": "sha256-DsqnN6LvXmohTRaal7tVZO/AKBuZ02kPBiZKSU4qa/k=", + "lastModified": 1775037210, + "narHash": "sha256-KM2WYj6EA7M/FVZVCl3rqWY+TFV5QzSyyGE2gQxeODU=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "0d7874ef7e3ba02d58bebb871e6e29da36fa1b37", + "rev": "06648f4902343228ce2de79f291dd5a58ee12146", "type": "github" }, "original": { @@ -260,11 +436,11 @@ "brew-src": "brew-src" }, "locked": { - "lastModified": 1769437432, - "narHash": "sha256-8d7KnCpT2LweRvSzZYEGd9IM3eFX+A78opcnDM0+ndk=", + "lastModified": 1774720267, + "narHash": "sha256-YYftFe8jyfpQI649yfr0E+dqEXE2jznZNcYvy/lKV1U=", "owner": "zhaofengli-wip", "repo": "nix-homebrew", - "rev": "a5409abd0d5013d79775d3419bcac10eacb9d8c5", + "rev": "a7760a3a83f7609f742861afb5732210fdc437ed", "type": "github" }, "original": { @@ -275,11 +451,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1770169770, - "narHash": "sha256-awR8qIwJxJJiOmcEGgP2KUqYmHG4v/z8XpL9z8FnT1A=", + "lastModified": 1776255774, + "narHash": "sha256-psVTpH6PK3q1htMJpmdz1hLF5pQgEshu7gQWgKO6t6Y=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "aa290c9891fa4ebe88f8889e59633d20cc06a5f2", + "rev": "566acc07c54dc807f91625bb286cb9b321b5f42a", "type": "github" }, "original": { @@ -291,11 +467,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1709703039, - "narHash": "sha256-6hqgQ8OK6gsMu1VtcGKBxKQInRLHtzulDo9Z5jxHEFY=", + "lastModified": 1774709303, + "narHash": "sha256-D3Q07BbIA2KnTcSXIqqu9P586uWxN74zNoCH3h2ESHg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "9df3e30ce24fd28c7b3e2de0d986769db5d6225d", + "rev": "8110df5ad7abf5d4c0f6fb0f8f978390e77f9685", "type": "github" }, "original": { @@ -307,16 +483,16 @@ }, "railbird-secrets": { "inputs": { - "agenix": "agenix", - "flake-utils": "flake-utils_3", + "agenix": "agenix_2", + "flake-utils": "flake-utils_4", "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1769653852, - "narHash": "sha256-c4OP02iityp81ww01JDvPQ9cVrbU5S7z3i2iFKltIH4=", + "lastModified": 1775003480, + "narHash": "sha256-iJmjq37Ue8UnN8maiUK6IKySWExr+xnXzMAH8h+mzyI=", "ref": "refs/heads/master", - "rev": "2a750e0356b6dad548e32f7e99117e40ad901c66", - "revCount": 144, + "rev": "184225eeb922585d217b7df06a3b7386c3fb03b3", + "revCount": 155, "type": "git", "url": "ssh://gitea@dev.railbird.ai:1123/railbird/secrets-flake.git" }, @@ -327,17 +503,55 @@ }, "root": { "inputs": { + "agenix": "agenix", "claude-code-nix": "claude-code-nix", "codex-cli-nix": "codex-cli-nix", - "home-manager": "home-manager", + "flake-utils": "flake-utils_3", + "git-blame-rank": "git-blame-rank", + "home-manager": "home-manager_2", "homebrew-cask": "homebrew-cask", "homebrew-core": "homebrew-core", + "keepbook": "keepbook", "nix-darwin": "nix-darwin", "nix-homebrew": "nix-homebrew", "nixpkgs": "nixpkgs", "railbird-secrets": "railbird-secrets" } }, + "rust-analyzer-src": { + "flake": false, + "locked": { + "lastModified": 1773194001, + "narHash": "sha256-50PPXBtH2xfKuNfQfUNOyuIFgZPEz5QVertQWS2MQJE=", + "owner": "rust-lang", + "repo": "rust-analyzer", + "rev": "8ed3cca4d30610fd0d3c1179c85418de2dc0a7c1", + "type": "github" + }, + "original": { + "owner": "rust-lang", + "ref": "nightly", + "repo": "rust-analyzer", + "type": "github" + } + }, + "rust-analyzer-src_2": { + "flake": false, + "locked": { + "lastModified": 1769786006, + "narHash": "sha256-ax6cH54Nc20QuxlHNC8RMt1P8quMECY4gaACFAdd5ec=", + "owner": "rust-lang", + "repo": "rust-analyzer", + "rev": "eb0588812b041ebbf2645555f2a4df3bcd853c6d", + "type": "github" + }, + "original": { + "owner": "rust-lang", + "ref": "nightly", + "repo": "rust-analyzer", + "type": "github" + } + }, "systems": { "locked": { "lastModified": 1681028828, @@ -397,6 +611,36 @@ "repo": "default", "type": "github" } + }, + "systems_5": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_6": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } } }, "root": "root", diff --git a/nix-darwin/flake.nix b/nix-darwin/flake.nix index 44fefa32..211c512b 100644 --- a/nix-darwin/flake.nix +++ b/nix-darwin/flake.nix @@ -3,8 +3,13 @@ inputs = { nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable"; + flake-utils.url = "github:numtide/flake-utils"; nix-darwin.url = "github:LnL7/nix-darwin"; nix-darwin.inputs.nixpkgs.follows = "nixpkgs"; + agenix = { + url = "github:ryantm/agenix"; + inputs.nixpkgs.follows = "nixpkgs"; + }; railbird-secrets = { url = "git+ssh://gitea@dev.railbird.ai:1123/railbird/secrets-flake.git"; }; @@ -32,26 +37,55 @@ url = "github:sadjow/claude-code-nix"; inputs.nixpkgs.follows = "nixpkgs"; }; + + keepbook = { + url = "github:colonelpanic8/keepbook"; + inputs.nixpkgs.follows = "nixpkgs"; + inputs.flake-utils.follows = "flake-utils"; + }; + + git-blame-rank = { + url = "github:colonelpanic8/git-blame-rank"; + inputs.nixpkgs.follows = "nixpkgs"; + inputs.flake-utils.follows = "flake-utils"; + }; }; - outputs = inputs@{ self, nix-darwin, nixpkgs, home-manager, ... }: - let + outputs = inputs @ { + self, + agenix, + nix-darwin, + nixpkgs, + home-manager, + nix-homebrew, + ... + }: let libDir = ../dotfiles/lib; - configuration = { pkgs, lib, config, ... }: - let - essentialPkgs = (import ../nixos/essential.nix { inherit pkgs lib; }).environment.systemPackages; + configuration = { + pkgs, + lib, + config, + ... + }: let + essentialPkgs = (import ../nixos/essential.nix {inherit pkgs lib inputs;}).environment.systemPackages; in { networking.hostName = "mac-demarco-mini"; - imports = [ (import ./gitea-actions-runner.nix) ]; + imports = [(import ./gitea-actions-runner.nix)]; + age = { + identityPaths = [ + "${config.users.users.kat.home}/.ssh/id_ed25519" + "/etc/ssh/ssh_host_ed25519_key" + "/etc/ssh/ssh_host_rsa_key" + ]; + secrets.gitea-runner-token.file = ../nixos/secrets/gitea-runner-token.mac-demarco-mini.age; + }; services.gitea-actions-runner = { user = "gitea-runner"; instances.nix = { enable = true; name = config.networking.hostName; url = "https://dev.railbird.ai"; - # Keep the runner registration token out of git. - # Create this file on the machine before the runner is (re)registered. - tokenFile = "/var/lib/gitea-runner/nix/token"; + tokenFile = config.age.secrets.gitea-runner-token.path; labels = [ "nix-darwin-${pkgs.system}:host" "macos-aarch64-darwin" @@ -93,6 +127,17 @@ system.primaryUser = "kat"; + system.defaults.NSGlobalDomain."com.apple.swipescrolldirection" = false; + system.defaults.CustomUserPreferences."com.apple.screensaver".idleTime = 300; + system.defaults.screensaver.askForPassword = false; + system.defaults.screensaver.askForPasswordDelay = 0; + + power.sleep = { + computer = "never"; + display = "never"; + harddisk = "never"; + }; + # launchd.daemons.gitea-runner-restarter = { # serviceConfig = { # ProgramArguments = [ @@ -136,24 +181,27 @@ claude-code = inputs.claude-code-nix.packages.${prev.stdenv.hostPlatform.system}.default; }) ]; - environment.systemPackages = - essentialPkgs - ++ (with pkgs; [ - alejandra - claude-code - cocoapods - codex - nodePackages.prettier - nodejs - slack - tea - typescript - vim - yarn - ]); + environment.systemPackages = essentialPkgs ++ [pkgs.spotify]; nixpkgs.config.allowUnfree = true; + # Install GUI-visible fonts into /Library/Fonts/Nix Fonts. + fonts.packages = with pkgs; [ + nerd-fonts.jetbrains-mono + ]; + + # Homebrew casks (managed by nix-darwin, installed by nix-homebrew) + homebrew = { + enable = true; + casks = [ + "codex-app" + "ghostty" + ]; + masApps = { + Xcode = 497799835; + }; + onActivation.cleanup = "zap"; + }; # Auto upgrade nix package and the daemon service. launchd.user.envVariables.PATH = config.environment.systemPath; @@ -174,7 +222,6 @@ ]; }; - # Set Git commit hash for darwin-version. system.configurationRevision = self.rev or self.dirtyRev or null; @@ -192,8 +239,6 @@ createHome = false; }; - home-manager.useGlobalPkgs = true; home-manager.useUserPackages = true; - users.users.kat = { name = "kat"; home = "/Users/kat"; @@ -201,37 +246,38 @@ programs.zsh = { enable = true; - shellInit = '' - fpath+="${libDir}/functions" - for file in "${libDir}/functions/"* - do - autoload "''${file##*/}" - done - ''; - interactiveShellInit = '' - # eval "$(register-python-argcomplete prb)" - # eval "$(register-python-argcomplete prod-prb)" - # eval "$(register-python-argcomplete railbird)" - # [ -n "$EAT_SHELL_INTEGRATION_DIR" ] && source "$EAT_SHELL_INTEGRATION_DIR/zsh" - - autoload -Uz bracketed-paste-magic - zle -N bracketed-paste bracketed-paste-magic - ''; + enableSyntaxHighlighting = true; }; - - home-manager.users.kat = { - programs.starship = { - enable = true; + home-manager = { + useGlobalPkgs = true; + useUserPackages = true; + backupFileExtension = "hm-backup"; + extraSpecialArgs = { + inherit inputs libDir; + }; + sharedModules = [./home/common.nix]; + users.kat = { + imports = [./home/kat.nix]; }; - programs.zsh.enable = true; - home.stateVersion = "24.05"; }; }; - in - { + in { darwinConfigurations."mac-demarco-mini" = nix-darwin.lib.darwinSystem { modules = [ + agenix.darwinModules.default home-manager.darwinModules.home-manager + nix-homebrew.darwinModules.nix-homebrew + { + nix-homebrew = { + enable = true; + user = "kat"; + autoMigrate = true; + taps = { + "homebrew/homebrew-core" = inputs.homebrew-core; + "homebrew/homebrew-cask" = inputs.homebrew-cask; + }; + }; + } configuration ]; }; diff --git a/nix-darwin/gitea-actions-runner.nix b/nix-darwin/gitea-actions-runner.nix index 2254511b..8110a4ca 100644 --- a/nix-darwin/gitea-actions-runner.nix +++ b/nix-darwin/gitea-actions-runner.nix @@ -152,6 +152,9 @@ in { {} // optionalAttrs (instance.token != null) { TOKEN = instance.token; + } + // optionalAttrs (instance.tokenFile != null) { + TOKEN_FILE = toString instance.tokenFile; }; RunAtLoad = true; ProgramArguments = [ @@ -164,6 +167,10 @@ in { '' else "" } if [ ! -e "/var/lib/gitea-runner/${name}/.runner" ]; then + if [ -z "''${TOKEN:-}" ]; then + echo "Missing registration token for ${name}" >&2 + exit 1 + fi ${cfg.package}/bin/act_runner register --no-interactive \ --instance ${escapeShellArg instance.url} \ --token "$TOKEN" \ diff --git a/nix-darwin/home/common.nix b/nix-darwin/home/common.nix new file mode 100644 index 00000000..84cab9da --- /dev/null +++ b/nix-darwin/home/common.nix @@ -0,0 +1,131 @@ +{ + config, + libDir, + lib, + pkgs, + ... +}: let + dotfilesDir = builtins.dirOf (toString libDir); + outOfStore = config.lib.file.mkOutOfStoreSymlink; + + excludedTopLevelEntries = [ + "agents" + "claude" + "codex" + "config" + "emacs.d" + "zshenv" + "zshrc" + ]; + + excludedConfigEntries = [ + "starship.toml" + ]; + + dotfilesLinks = lib.listToAttrs (map (name: { + name = ".${name}"; + value = { + force = true; + source = outOfStore "${dotfilesDir}/${name}"; + }; + }) (lib.subtractLists excludedTopLevelEntries (builtins.attrNames (builtins.readDir dotfilesDir)))); + + xdgConfigLinks = lib.listToAttrs (map (name: { + name = name; + value = { + force = true; + source = outOfStore "${dotfilesDir}/config/${name}"; + }; + }) (lib.subtractLists excludedConfigEntries (builtins.attrNames (builtins.readDir "${dotfilesDir}/config")))); +in { + programs.home-manager.enable = true; + + home.file = dotfilesLinks; + + home.activation.linkEmacsDotdir = lib.hm.dag.entryAfter ["writeBoundary"] '' + live_emacs_dir="$HOME/dotfiles/dotfiles/emacs.d" + target_emacs_dir="${dotfilesDir}/emacs.d" + if [ -d "$live_emacs_dir" ]; then + target_emacs_dir="$live_emacs_dir" + fi + if [ -L "$HOME/.emacs.d" ] || [ ! -e "$HOME/.emacs.d" ]; then + rm -f "$HOME/.emacs.d" + ln -s "$target_emacs_dir" "$HOME/.emacs.d" + else + echo "Skipping ~/.emacs.d relink because it is not a symlink" >&2 + fi + ''; + + home.sessionPath = [ + "$HOME/.cargo/bin" + "${libDir}/bin" + "${libDir}/functions" + ]; + + home.sessionVariables = { + EDITOR = "emacsclient --alternate-editor emacs"; + }; + + programs.ssh = { + enable = true; + enableDefaultConfig = false; + matchBlocks = { + "*" = { + forwardAgent = true; + addKeysToAgent = "no"; + compression = false; + serverAliveInterval = 0; + serverAliveCountMax = 3; + hashKnownHosts = false; + userKnownHostsFile = "~/.ssh/known_hosts"; + controlMaster = "no"; + controlPath = "~/.ssh/master-%r@%n:%p"; + controlPersist = "no"; + }; + }; + }; + + services.gpg-agent = { + enable = true; + defaultCacheTtl = 8 * 60 * 60; + maxCacheTtl = 8 * 60 * 60; + enableSshSupport = true; + extraConfig = '' + allow-emacs-pinentry + allow-loopback-pinentry + ''; + }; + + programs.starship = { + enable = true; + }; + + programs.zsh = { + enable = true; + autosuggestion.enable = true; + oh-my-zsh = { + enable = true; + plugins = ["git" "sudo"]; + }; + shellAliases = { + df_ssh = "TERM='xterm-256color' ssh -o StrictHostKeyChecking=no"; + ta = "tmux attach"; + }; + initContent = lib.mkMerge [ + (lib.mkOrder 550 '' + fpath+="${libDir}/functions" + for file in "${libDir}/functions/"*; do + autoload "''${file##*/}" + done + '') + '' + [ -n "$EAT_SHELL_INTEGRATION_DIR" ] && source "$EAT_SHELL_INTEGRATION_DIR/zsh" + + autoload -Uz bracketed-paste-magic + zle -N bracketed-paste bracketed-paste-magic + '' + ]; + }; + + xdg.configFile = xdgConfigLinks; +} diff --git a/nix-darwin/home/kat.nix b/nix-darwin/home/kat.nix new file mode 100644 index 00000000..e289b392 --- /dev/null +++ b/nix-darwin/home/kat.nix @@ -0,0 +1,36 @@ +{pkgs, ...}: { + home.packages = with pkgs; [ + alejandra + claude-code + cocoapods + codex + nodejs + prettier + slack + tea + typescript + vim + yarn + ]; + + services.git-sync = { + enable = true; + package = + if pkgs ? "git-sync-rs" + then pkgs."git-sync-rs" + else pkgs.git-sync; + repositories = { + org = { + path = "/Users/kat/org"; + uri = "ssh://gitea@1896Folsom.duckdns.org:1123/kkathuang/org.git"; + interval = 180; + }; + password-store = { + path = "/Users/kat/.password-store"; + uri = "git@github.com:IvanMalison/.password-store.git"; + }; + }; + }; + + home.stateVersion = "24.05"; +} diff --git a/nix-darwin/justfile b/nix-darwin/justfile index 6d96e5d0..a835cb2a 100644 --- a/nix-darwin/justfile +++ b/nix-darwin/justfile @@ -1,5 +1,11 @@ +hostname := "mac-demarco-mini" + switch: - sudo -H /run/current-system/sw/bin/nix run nix-darwin -- switch --flake .# + sudo -H /run/current-system/sw/bin/nix run nix-darwin -- switch --flake .#{{hostname}} + +update: + /run/current-system/sw/bin/nix flake update + just switch update-nix-darwin: nix flake lock --update-input nix-darwin diff --git a/nixos/essential.nix b/nixos/essential.nix index fad763ef..a3a8a51f 100644 --- a/nixos/essential.nix +++ b/nixos/essential.nix @@ -1,15 +1,16 @@ -{ pkgs, inputs, ... }: -let +{ + pkgs, + lib, + inputs, + ... +}: let git-blame-rank = inputs.git-blame-rank.packages.${pkgs.stdenv.hostPlatform.system}.default; keepbook = inputs.keepbook.packages.${pkgs.stdenv.hostPlatform.system}.keepbook.overrideAttrs (_: { # Upstream checks currently depend on TS artifacts that are not built in Nix. doCheck = false; }); -in -{ - nixpkgs.config.allowBroken = true; - environment.systemPackages = with pkgs; [ + commonPkgs = lib.filter (pkg: lib.meta.availableOn pkgs.stdenv.hostPlatform pkg) ((with pkgs; [ automake bazel bento4 @@ -18,38 +19,27 @@ in cachix bubblewrap cmake - dex direnv - dpkg - efibootmgr - emacs-auto fd ffmpeg file gawk gcc - gdb gh git-fame git-blame-rank git-lfs git-sync - git-sync-rs gitFull gnumake - gparted home-manager htop - inotify-tools - iotop ispell jq just keepbook - lshw lsof magic-wormhole-rs - mesa-demos ncdu fastfetch neovim @@ -57,24 +47,47 @@ in nix-search-cli pass patchelf - pciutils pstree - pulseaudio - python-with-my-packages rclone ripgrep - runc silver-searcher skim - sshfs - sysz tmux - tzupdate - udiskie unzip - usbutils wget xkcdpass yubikey-manager + ]) ++ lib.optionals (builtins.hasAttr "git-sync-rs" pkgs) [pkgs.git-sync-rs]); + + linuxOnly = with pkgs; [ + dex + dpkg + efibootmgr + emacs-auto + gparted + inotify-tools + iotop + lshw + mesa-demos + pciutils + pulseaudio + python-with-my-packages + runc + sshfs + sysz + gdb + udiskie + usbutils + tzupdate ]; + + darwinOnly = with pkgs; [ + ]; +in { + nixpkgs.config.allowBroken = true; + + environment.systemPackages = + commonPkgs + ++ lib.optionals pkgs.stdenv.isLinux linuxOnly + ++ lib.optionals pkgs.stdenv.isDarwin darwinOnly; }