flake/hosts/dust/default.nix

{
  lib,
  pkgs,
  ...
}: {
  imports = [
    ../../nixos/profiles/sing-box
    ../../nixos/profiles/wireless

    ./anti-feature.nix
    ./disko.nix
    ./hardware-configuration.nix
    ./impermanence.nix
    ./lanzaboote.nix
  ];

  networking.hostName = "dust";
  time.timeZone = "Asia/Shanghai";
  system.stateVersion = "24.05";

  home-manager.users.guanranwang = import ./home;

  boot.tmp.useTmpfs = true;

  services.tailscale = {
    enable = true;
    openFirewall = true;
  };

  environment.systemPackages = with pkgs; [
    yubikey-manager
  ];

  networking.firewall.allowedTCPPorts = [53317];
  networking.firewall.allowedUDPPorts = [53317];

  programs.adb.enable = true;
  programs.localsend.enable = true;
  programs.seahorse.enable = true;
  programs.ssh = {
    startAgent = true;
    enableAskPassword = true;
  };

  services.power-profiles-daemon.enable = true;
  services.gvfs.enable = true;
  services.gnome = {
    gnome-keyring.enable = true;
    sushi.enable = true;
  };

  # yubikey
  services.pcscd.enable = true;
  services.udev.packages = [pkgs.yubikey-personalization];

  fonts = {
    enableDefaultPackages = false;
    packages = with pkgs; [
      (nerdfonts.override {
        fonts = ["NerdFontsSymbolsOnly"];
      })
      (inter.overrideAttrs {
        installPhase = ''
          runHook preInstall
          install -Dm644 -t $out/share/fonts/truetype/ InterVariable*.ttf
          runHook postInstall
        '';
      })
      (jetbrains-mono.overrideAttrs {
        installPhase = ''
          runHook preInstall
          install -Dm644 -t $out/share/fonts/truetype/ fonts/variable/*.ttf
          runHook postInstall
        '';
      })
      (source-serif.overrideAttrs {
        installPhase = ''
          runHook preInstall
          install -Dm444 VAR/*.otf -t $out/share/fonts/variable
          runHook postInstall
        '';
      })
      source-han-sans-vf-otf
      source-han-serif-vf-otf
      noto-fonts
      noto-fonts-color-emoji
    ];
    fontconfig = {
      defaultFonts = {
        emoji = [
          "Noto Color Emoji"
        ];
        # Append emoji font for Qt apps, they might use the monochrome emoji
        monospace = [
          "JetBrains Mono"
          "Source Han Sans SC VF"
          "Symbols Nerd Font"
          "Noto Color Emoji"
        ];
        sansSerif = [
          "Inter Variable"
          "Source Han Sans SC VF"
          "Noto Color Emoji"
        ];
        serif = [
          "Source Serif 4 Variable"
          "Source Han Serif SC VF"
          "Noto Color Emoji"
        ];
      };
      # GitHub perfers Noto Sans...
      localConf = ''
        <selectfont>
          <rejectfont>
            <pattern>
              <patelt name="family">
                <string>Noto Sans</string>
              </patelt>
            </pattern>
          </rejectfont>
        </selectfont>
      '';
    };
  };

  console = {
    earlySetup = true;
    keyMap = "dvorak";
  };

  services.greetd = {
    enable = true;
    settings.default_session.command = "${lib.getExe pkgs.greetd.tuigreet} --cmd ${pkgs.writeShellScript "sway" ''
      dbus-update-activation-environment --all --systemd
      exec systemd-cat --identifier=sway sway
    ''}";
  };

  security.polkit.enable = true;
  systemd.user.services.polkit-gnome-authentication-agent-1 = {
    description = "polkit-gnome-authentication-agent-1";
    wantedBy = ["graphical-session.target"];
    wants = ["graphical-session.target"];
    after = ["graphical-session.target"];
    serviceConfig = {
      Type = "simple";
      ExecStart = "${pkgs.polkit_gnome}/libexec/polkit-gnome-authentication-agent-1";
      Restart = "on-failure";
      RestartSec = 1;
      TimeoutStopSec = 10;
    };
  };

  security.pam.services.swaylock = {};
  xdg.portal = {
    enable = true;
    wlr.enable = true;
    extraPortals = [pkgs.xdg-desktop-portal-gtk];
    # https://gitlab.archlinux.org/archlinux/packaging/packages/sway/-/blob/main/sway-portals.conf
    config."sway" = {
      default = "gtk";
      "org.freedesktop.impl.portal.ScreenCast" = "wlr";
      "org.freedesktop.impl.portal.Screenshot" = "wlr";
      "org.freedesktop.impl.portal.Inhibit" = "none";
    };
  };
}
hosts: add dust 2024-07-23 16:14:27 +00:00			`{`
			`lib,`
			`pkgs,`
			`...`
			`}: {`
			`imports = [`
nixos: mihomo -> sing-box 2024-08-24 08:10:54 +00:00			`../../nixos/profiles/sing-box`
			`../../nixos/profiles/wireless`
hosts: add dust 2024-07-23 16:14:27 +00:00
			`./anti-feature.nix`
			`./disko.nix`
			`./hardware-configuration.nix`
			`./impermanence.nix`
			`./lanzaboote.nix`
			`];`

			`networking.hostName = "dust";`
Revert "dust: change timezone" This reverts commit 17dad62efad28472d6caa0d3e7cbf4127e9bf5c2. 2024-08-09 09:28:11 +00:00			`time.timeZone = "Asia/Shanghai";`
treewide: bump stateVersion 2024-08-12 07:25:36 +00:00			`system.stateVersion = "24.05";`
hosts: add dust 2024-07-23 16:14:27 +00:00
			`home-manager.users.guanranwang = import ./home;`

treewide: chores 2024-08-19 14:45:14 +00:00			`boot.tmp.useTmpfs = true;`

hosts: add dust 2024-07-23 16:14:27 +00:00			`services.tailscale = {`
			`enable = true;`
			`openFirewall = true;`
			`};`

			`environment.systemPackages = with pkgs; [`
			`yubikey-manager`
			`];`

			`networking.firewall.allowedTCPPorts = [53317];`
			`networking.firewall.allowedUDPPorts = [53317];`

			`programs.adb.enable = true;`
nixos: cleanup 2024-07-24 16:53:10 +00:00			`programs.localsend.enable = true;`
hosts: add dust 2024-07-23 16:14:27 +00:00			`programs.seahorse.enable = true;`
dust: libsecret, pam, polkit, ssh, gpg extremely confusing... it wont auto open keyring for some reason 2024-08-01 22:23:39 +00:00			`programs.ssh = {`
			`startAgent = true;`
			`enableAskPassword = true;`
			`};`
hosts: add dust 2024-07-23 16:14:27 +00:00
			`services.power-profiles-daemon.enable = true;`
			`services.gvfs.enable = true;`
			`services.gnome = {`
			`gnome-keyring.enable = true;`
			`sushi.enable = true;`
			`};`

			`# yubikey`
			`services.pcscd.enable = true;`
			`services.udev.packages = [pkgs.yubikey-personalization];`

			`fonts = {`
			`enableDefaultPackages = false;`
			`packages = with pkgs; [`
			`(nerdfonts.override {`
			`fonts = ["NerdFontsSymbolsOnly"];`
			`})`
			`(inter.overrideAttrs {`
			`installPhase = ''`
			`runHook preInstall`
			`install -Dm644 -t $out/share/fonts/truetype/ InterVariable*.ttf`
			`runHook postInstall`
			`'';`
			`})`
			`(jetbrains-mono.overrideAttrs {`
			`installPhase = ''`
			`runHook preInstall`
			`install -Dm644 -t $out/share/fonts/truetype/ fonts/variable/*.ttf`
			`runHook postInstall`
			`'';`
			`})`
			`(source-serif.overrideAttrs {`
			`installPhase = ''`
			`runHook preInstall`
			`install -Dm444 VAR/*.otf -t $out/share/fonts/variable`
			`runHook postInstall`
			`'';`
			`})`
			`source-han-sans-vf-otf`
			`source-han-serif-vf-otf`
dust: add noto-fonts 2024-08-15 15:32:56 +00:00			`noto-fonts`
hosts: add dust 2024-07-23 16:14:27 +00:00			`noto-fonts-color-emoji`
			`];`
dust: add noto-fonts 2024-08-15 15:32:56 +00:00			`fontconfig = {`
			`defaultFonts = {`
			`emoji = [`
			`"Noto Color Emoji"`
			`];`
			`# Append emoji font for Qt apps, they might use the monochrome emoji`
			`monospace = [`
			`"JetBrains Mono"`
			`"Source Han Sans SC VF"`
			`"Symbols Nerd Font"`
			`"Noto Color Emoji"`
			`];`
			`sansSerif = [`
			`"Inter Variable"`
			`"Source Han Sans SC VF"`
			`"Noto Color Emoji"`
			`];`
			`serif = [`
			`"Source Serif 4 Variable"`
			`"Source Han Serif SC VF"`
			`"Noto Color Emoji"`
			`];`
			`};`
			`# GitHub perfers Noto Sans...`
			`localConf = ''`
			`<selectfont>`
			`<rejectfont>`
			`<pattern>`
			`<patelt name="family">`
			`<string>Noto Sans</string>`
			`</patelt>`
			`</pattern>`
			`</rejectfont>`
			`</selectfont>`
			`'';`
hosts: add dust 2024-07-23 16:14:27 +00:00			`};`
			`};`

			`console = {`
			`earlySetup = true;`
			`keyMap = "dvorak";`
			`};`

			`services.greetd = {`
			`enable = true;`
treewide: cleanup 2024-08-01 22:17:30 +00:00			`settings.default_session.command = "${lib.getExe pkgs.greetd.tuigreet} --cmd ${pkgs.writeShellScript "sway" ''`
dust/sway: disable xwayland 2024-08-15 15:33:15 +00:00			`dbus-update-activation-environment --all --systemd`
treewide: cleanup 2024-08-01 22:17:30 +00:00			`exec systemd-cat --identifier=sway sway`
			`''}";`
hosts: add dust 2024-07-23 16:14:27 +00:00			`};`

			`security.polkit.enable = true;`
			`systemd.user.services.polkit-gnome-authentication-agent-1 = {`
			`description = "polkit-gnome-authentication-agent-1";`
			`wantedBy = ["graphical-session.target"];`
			`wants = ["graphical-session.target"];`
			`after = ["graphical-session.target"];`
			`serviceConfig = {`
			`Type = "simple";`
			`ExecStart = "${pkgs.polkit_gnome}/libexec/polkit-gnome-authentication-agent-1";`
			`Restart = "on-failure";`
			`RestartSec = 1;`
			`TimeoutStopSec = 10;`
			`};`
			`};`

			`security.pam.services.swaylock = {};`
			`xdg.portal = {`
			`enable = true;`
			`wlr.enable = true;`
			`extraPortals = [pkgs.xdg-desktop-portal-gtk];`
			`# https://gitlab.archlinux.org/archlinux/packaging/packages/sway/-/blob/main/sway-portals.conf`
			`config."sway" = {`
			`default = "gtk";`
			`"org.freedesktop.impl.portal.ScreenCast" = "wlr";`
			`"org.freedesktop.impl.portal.Screenshot" = "wlr";`
			`"org.freedesktop.impl.portal.Inhibit" = "none";`
			`};`
			`};`
			`}`