From 1bb83efeeff7c9dd3f72023a3e14de372e8d7f47 Mon Sep 17 00:00:00 2001
From: Daniel Flanagan <daniel@lyte.dev>
Date: Tue, 8 Oct 2024 19:42:33 -0500
Subject: [PATCH] WIP pinephone

---
 flake.lock                | 17 ++++++++++
 flake.nix                 | 49 ++++++++++++++++++++++++++++-
 modules/nixos/default.nix | 66 +++++++++++++++++++--------------------
 3 files changed, 98 insertions(+), 34 deletions(-)

diff --git a/flake.lock b/flake.lock
index 314c2d6..838341c 100644
--- a/flake.lock
+++ b/flake.lock
@@ -522,6 +522,22 @@
         "type": "github"
       }
     },
+    "mobile-nixos": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1728423157,
+        "narHash": "sha256-pJaC+Aef6oixhV6HdWPS2Pq/TgHxEN+MPLYUjighWYI=",
+        "owner": "lytedev",
+        "repo": "mobile-nixos",
+        "rev": "b2c496bbcebc85a28d1d939b56bd331536bd1ac4",
+        "type": "github"
+      },
+      "original": {
+        "owner": "lytedev",
+        "repo": "mobile-nixos",
+        "type": "github"
+      }
+    },
     "nixpkgs": {
       "locked": {
         "lastModified": 1709479366,
@@ -627,6 +643,7 @@
         "home-manager": "home-manager",
         "home-manager-unstable": "home-manager-unstable",
         "hyprland": "hyprland",
+        "mobile-nixos": "mobile-nixos",
         "nixpkgs": "nixpkgs_3",
         "nixpkgs-unstable": "nixpkgs-unstable",
         "slippi": "slippi",
diff --git a/flake.nix b/flake.nix
index 225aad4..130d227 100644
--- a/flake.nix
+++ b/flake.nix
@@ -32,6 +32,11 @@
     slippi.inputs.home-manager.follows = "home-manager-unstable";
 
     # nnf.url = "github:thelegy/nixos-nftables-firewall?rev=71fc2b79358d0dbacde83c806a0f008ece567b7b";
+
+    mobile-nixos = {
+      url = "github:lytedev/mobile-nixos";
+      flake = false;
+    };
   };
 
   nixConfig = {
@@ -66,6 +71,7 @@
     home-manager-unstable,
     helix,
     hardware,
+    mobile-nixos,
     # nnf,
     # hyprland,
     slippi,
@@ -627,6 +633,47 @@
           ./nixos/router.nix
         ];
       };
+
+      # pinephone-image =
+      #   (import "${mobile-nixos}/lib/eval-with-configuration.nix" {
+      #     configuration = with nixosModules; [
+      #       linux
+      #       home-manager-defaults
+
+      #       # outputs.diskoConfigurations.unencrypted # can I even disko with an image-based installation?
+      #       common
+      #       wifi
+
+      #       # TODO: how do I get a minimally useful mobile environment?
+      #       # for me, this means an on-screen keyboard and suspend support I think?
+      #       # I can live in a tty if needed and graphical stuff can all evolve later
+      #       # not worried about modem
+      #       # maybe/hopefully I can pull in or define my own sxmo via nix?
+      #     ];
+      #     device = "pine64-pinephone";
+      #     pkgs = pkgsFor "aarch64-linux";
+      #   })
+      #   .outputs
+      #   .disk-image;
+
+      pinephone = nixpkgs.lib.nixosSystem {
+        system = "aarch64-linux";
+        modules = with nixosModules; [
+          # TODO: how do I build this image?
+          linux
+          home-manager-defaults
+
+          # outputs.diskoConfigurations.unencrypted # can I even disko with an image-based installation?
+          common
+          wifi
+
+          {
+            imports = [
+              (import "${mobile-nixos}/lib/configuration.nix" {device = "pine64-pinephone";})
+            ];
+          }
+        ];
+      };
     };
 
     homeConfigurations = {
@@ -657,7 +704,7 @@
     };
 
     /*
-    TODO: nix-on-droid for phone terminal usage?
+    TODO: nix-on-droid for phone terminal usage? mobile-nixos?
     TODO: nix-darwin for work?
     TODO: nixos ISO?
     */
diff --git a/modules/nixos/default.nix b/modules/nixos/default.nix
index a985704..4617883 100644
--- a/modules/nixos/default.nix
+++ b/modules/nixos/default.nix
@@ -1135,43 +1135,43 @@
     boot.tmp.cleanOnBoot = true;
     services.irqbalance.enable = true;
 
-    services.kanidm = {
-      enableClient = true;
-      enablePam = true;
-      package = pkgs.kanidm;
+    # this is not ready for primetime yet
+    # services.kanidm = {
+    #   enableClient = true;
+    #   enablePam = true;
+    #   package = pkgs.kanidm;
 
-      clientSettings.uri = "https://idm.h.lyte.dev";
-      unixSettings = {
-        # hsm_pin_path = "/somewhere/else";
-        pam_allowed_login_groups = [];
-      };
-    };
-
-    systemd.tmpfiles.rules = [
-      "d /etc/kanidm 1755 nobody users -"
-    ];
+    #   clientSettings.uri = "https://idm.h.lyte.dev";
+    #   unixSettings = {
+    #     # hsm_pin_path = "/somewhere/else";
+    #     pam_allowed_login_groups = [];
+    #   };
+    # };
+    # systemd.tmpfiles.rules = [
+    #   "d /etc/kanidm 1755 nobody users -"
+    # ];
 
     # module has the incorrect file permissions out of the box
-    environment.etc = {
-      /*
-      "kanidm" = {
-      enable = true;
-        user = "nobody";
-        group = "users";
-        mode = "0755";
-      };
-      */
-      "kanidm/unixd" = {
-        user = "kanidm-unixd";
-        group = "kanidm-unixd";
-        mode = "0700";
-      };
-      "kanidm/config" = {
-        user = "nobody";
-        group = "users";
-        mode = "0755";
-      };
+    # environment.etc = {
+    /*
+    "kanidm" = {
+    enable = true;
+      user = "nobody";
+      group = "users";
+      mode = "0755";
     };
+    */
+    #   "kanidm/unixd" = {
+    #     user = "kanidm-unixd";
+    #     group = "kanidm-unixd";
+    #     mode = "0700";
+    #   };
+    #   "kanidm/config" = {
+    #     user = "nobody";
+    #     group = "users";
+    #     mode = "0755";
+    #   };
+    # };
 
     programs.gnupg.agent = {
       enable = true;