WIP pinephone

2024-10-08 19:42:33 -05:00 · 2024-10-08 19:42:33 -05:00 · 1bb83efeef
parent a7b81162d5
commit 1bb83efeef
3 changed files with 98 additions and 34 deletions
--- a/flake.lock
+++ b/flake.lock
@ -522,6 +522,22 @@
        "type": "github"
      }
    },
+    "mobile-nixos": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1728423157,
+        "narHash": "sha256-pJaC+Aef6oixhV6HdWPS2Pq/TgHxEN+MPLYUjighWYI=",
+        "owner": "lytedev",
+        "repo": "mobile-nixos",
+        "rev": "b2c496bbcebc85a28d1d939b56bd331536bd1ac4",
+        "type": "github"
+      },
+      "original": {
+        "owner": "lytedev",
+        "repo": "mobile-nixos",
+        "type": "github"
+      }
+    },
    "nixpkgs": {
      "locked": {
        "lastModified": 1709479366,
@ -627,6 +643,7 @@
        "home-manager": "home-manager",
        "home-manager-unstable": "home-manager-unstable",
        "hyprland": "hyprland",
+        "mobile-nixos": "mobile-nixos",
        "nixpkgs": "nixpkgs_3",
        "nixpkgs-unstable": "nixpkgs-unstable",
        "slippi": "slippi",
--- a/flake.nix
+++ b/flake.nix
@ -32,6 +32,11 @@
    slippi.inputs.home-manager.follows = "home-manager-unstable";

    # nnf.url = "github:thelegy/nixos-nftables-firewall?rev=71fc2b79358d0dbacde83c806a0f008ece567b7b";
+
+    mobile-nixos = {
+      url = "github:lytedev/mobile-nixos";
+      flake = false;
+    };
  };

  nixConfig = {
@ -66,6 +71,7 @@
    home-manager-unstable,
    helix,
    hardware,
+    mobile-nixos,
    # nnf,
    # hyprland,
    slippi,
@ -627,6 +633,47 @@
          ./nixos/router.nix
        ];
      };
+
+      # pinephone-image =
+      #   (import "${mobile-nixos}/lib/eval-with-configuration.nix" {
+      #     configuration = with nixosModules; [
+      #       linux
+      #       home-manager-defaults
+
+      #       # outputs.diskoConfigurations.unencrypted # can I even disko with an image-based installation?
+      #       common
+      #       wifi
+
+      #       # TODO: how do I get a minimally useful mobile environment?
+      #       # for me, this means an on-screen keyboard and suspend support I think?
+      #       # I can live in a tty if needed and graphical stuff can all evolve later
+      #       # not worried about modem
+      #       # maybe/hopefully I can pull in or define my own sxmo via nix?
+      #     ];
+      #     device = "pine64-pinephone";
+      #     pkgs = pkgsFor "aarch64-linux";
+      #   })
+      #   .outputs
+      #   .disk-image;
+
+      pinephone = nixpkgs.lib.nixosSystem {
+        system = "aarch64-linux";
+        modules = with nixosModules; [
+          # TODO: how do I build this image?
+          linux
+          home-manager-defaults
+
+          # outputs.diskoConfigurations.unencrypted # can I even disko with an image-based installation?
+          common
+          wifi
+
+          {
+            imports = [
+              (import "${mobile-nixos}/lib/configuration.nix" {device = "pine64-pinephone";})
+            ];
+          }
+        ];
+      };
    };

    homeConfigurations = {
@ -657,7 +704,7 @@
    };

    /*
-    TODO: nix-on-droid for phone terminal usage?
+    TODO: nix-on-droid for phone terminal usage? mobile-nixos?
    TODO: nix-darwin for work?
    TODO: nixos ISO?
    */
--- a/modules/nixos/default.nix
+++ b/modules/nixos/default.nix
@ -1135,43 +1135,43 @@
    boot.tmp.cleanOnBoot = true;
    services.irqbalance.enable = true;

-    services.kanidm = {
-      enableClient = true;
-      enablePam = true;
-      package = pkgs.kanidm;
+    # this is not ready for primetime yet
+    # services.kanidm = {
+    #   enableClient = true;
+    #   enablePam = true;
+    #   package = pkgs.kanidm;

-      clientSettings.uri = "https://idm.h.lyte.dev";
-      unixSettings = {
-        # hsm_pin_path = "/somewhere/else";
-        pam_allowed_login_groups = [];
-      };
-    };
-
-    systemd.tmpfiles.rules = [
-      "d /etc/kanidm 1755 nobody users -"
-    ];
+    #   clientSettings.uri = "https://idm.h.lyte.dev";
+    #   unixSettings = {
+    #     # hsm_pin_path = "/somewhere/else";
+    #     pam_allowed_login_groups = [];
+    #   };
+    # };
+    # systemd.tmpfiles.rules = [
+    #   "d /etc/kanidm 1755 nobody users -"
+    # ];

    # module has the incorrect file permissions out of the box
-    environment.etc = {
-      /*
-      "kanidm" = {
-      enable = true;
-        user = "nobody";
-        group = "users";
-        mode = "0755";
-      };
-      */
-      "kanidm/unixd" = {
-        user = "kanidm-unixd";
-        group = "kanidm-unixd";
-        mode = "0700";
-      };
-      "kanidm/config" = {
-        user = "nobody";
-        group = "users";
-        mode = "0755";
-      };
+    # environment.etc = {
+    /*
+    "kanidm" = {
+    enable = true;
+      user = "nobody";
+      group = "users";
+      mode = "0755";
    };
+    */
+    #   "kanidm/unixd" = {
+    #     user = "kanidm-unixd";
+    #     group = "kanidm-unixd";
+    #     mode = "0700";
+    #   };
+    #   "kanidm/config" = {
+    #     user = "nobody";
+    #     group = "users";
+    #     mode = "0755";
+    #   };
+    # };

    programs.gnupg.agent = {
      enable = true;