WIP pinephone

2024-10-08 19:42:33 -05:00 · 2024-10-08 19:42:33 -05:00 · 1bb83efeef
commit 1bb83efeef
parent a7b81162d5
3 changed files with 98 additions and 34 deletions
--- a/flake.lock
+++ b/flake.lock
@ -522,6 +522,22 @@
        "type": "github"
      }
    },
    "mobile-nixos": {
      "flake": false,
      "locked": {
        "lastModified": 1728423157,
        "narHash": "sha256-pJaC+Aef6oixhV6HdWPS2Pq/TgHxEN+MPLYUjighWYI=",
        "owner": "lytedev",
        "repo": "mobile-nixos",
        "rev": "b2c496bbcebc85a28d1d939b56bd331536bd1ac4",
        "type": "github"
      },
      "original": {
        "owner": "lytedev",
        "repo": "mobile-nixos",
        "type": "github"
      }
    },
    "nixpkgs": {
      "locked": {
        "lastModified": 1709479366,
@ -627,6 +643,7 @@
        "home-manager": "home-manager",
        "home-manager-unstable": "home-manager-unstable",
        "hyprland": "hyprland",
        "mobile-nixos": "mobile-nixos",
        "nixpkgs": "nixpkgs_3",
        "nixpkgs-unstable": "nixpkgs-unstable",
        "slippi": "slippi",
--- a/flake.nix
+++ b/flake.nix
@ -32,6 +32,11 @@
    slippi.inputs.home-manager.follows = "home-manager-unstable";
    # nnf.url = "github:thelegy/nixos-nftables-firewall?rev=71fc2b79358d0dbacde83c806a0f008ece567b7b";
    mobile-nixos = {
      url = "github:lytedev/mobile-nixos";
      flake = false;
    };
  };
  nixConfig = {
@ -66,6 +71,7 @@
    home-manager-unstable,
    helix,
    hardware,
    mobile-nixos,
    # nnf,
    # hyprland,
    slippi,
@ -627,6 +633,47 @@
          ./nixos/router.nix
        ];
      };
      # pinephone-image =
      #   (import "${mobile-nixos}/lib/eval-with-configuration.nix" {
      #     configuration = with nixosModules; [
      #       linux
      #       home-manager-defaults
      #       # outputs.diskoConfigurations.unencrypted # can I even disko with an image-based installation?
      #       common
      #       wifi
      #       # TODO: how do I get a minimally useful mobile environment?
      #       # for me, this means an on-screen keyboard and suspend support I think?
      #       # I can live in a tty if needed and graphical stuff can all evolve later
      #       # not worried about modem
      #       # maybe/hopefully I can pull in or define my own sxmo via nix?
      #     ];
      #     device = "pine64-pinephone";
      #     pkgs = pkgsFor "aarch64-linux";
      #   })
      #   .outputs
      #   .disk-image;
      pinephone = nixpkgs.lib.nixosSystem {
        system = "aarch64-linux";
        modules = with nixosModules; [
          # TODO: how do I build this image?
          linux
          home-manager-defaults
          # outputs.diskoConfigurations.unencrypted # can I even disko with an image-based installation?
          common
          wifi
          {
            imports = [
              (import "${mobile-nixos}/lib/configuration.nix" {device = "pine64-pinephone";})
            ];
          }
        ];
      };
    };
    homeConfigurations = {
@ -657,7 +704,7 @@
    };
    /*
-    TODO: nix-on-droid for phone terminal usage?
+    TODO: nix-on-droid for phone terminal usage? mobile-nixos?
    TODO: nix-darwin for work?
    TODO: nixos ISO?
    */
--- a/modules/nixos/default.nix
+++ b/modules/nixos/default.nix
@ -1135,24 +1135,24 @@
    boot.tmp.cleanOnBoot = true;
    services.irqbalance.enable = true;
-    services.kanidm = {
+    # this is not ready for primetime yet
-      enableClient = true;
+    # services.kanidm = {
-      enablePam = true;
+    #   enableClient = true;
-      package = pkgs.kanidm;
+    #   enablePam = true;
    #   package = pkgs.kanidm;
-      clientSettings.uri = "https://idm.h.lyte.dev";
+    #   clientSettings.uri = "https://idm.h.lyte.dev";
-      unixSettings = {
+    #   unixSettings = {
-        # hsm_pin_path = "/somewhere/else";
+    #     # hsm_pin_path = "/somewhere/else";
-        pam_allowed_login_groups = [];
+    #     pam_allowed_login_groups = [];
-      };
+    #   };
-    };
+    # };
-
+    # systemd.tmpfiles.rules = [
-    systemd.tmpfiles.rules = [
+    #   "d /etc/kanidm 1755 nobody users -"
-      "d /etc/kanidm 1755 nobody users -"
+    # ];
    ];
    # module has the incorrect file permissions out of the box
-    environment.etc = {
+    # environment.etc = {
    /*
    "kanidm" = {
    enable = true;
@ -1161,17 +1161,17 @@
      mode = "0755";
    };
    */
-      "kanidm/unixd" = {
+    #   "kanidm/unixd" = {
-        user = "kanidm-unixd";
+    #     user = "kanidm-unixd";
-        group = "kanidm-unixd";
+    #     group = "kanidm-unixd";
-        mode = "0700";
+    #     mode = "0700";
-      };
+    #   };
-      "kanidm/config" = {
+    #   "kanidm/config" = {
-        user = "nobody";
+    #     user = "nobody";
-        group = "users";
+    #     group = "users";
-        mode = "0755";
+    #     mode = "0755";
-      };
+    #   };
-    };
+    # };
    programs.gnupg.agent = {
      enable = true;