parent
a7b81162d5
commit
1bb83efeef
3 changed files with 98 additions and 34 deletions
17
flake.lock
17
flake.lock
|
@ -522,6 +522,22 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"mobile-nixos": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1728423157,
|
||||
"narHash": "sha256-pJaC+Aef6oixhV6HdWPS2Pq/TgHxEN+MPLYUjighWYI=",
|
||||
"owner": "lytedev",
|
||||
"repo": "mobile-nixos",
|
||||
"rev": "b2c496bbcebc85a28d1d939b56bd331536bd1ac4",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "lytedev",
|
||||
"repo": "mobile-nixos",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs": {
|
||||
"locked": {
|
||||
"lastModified": 1709479366,
|
||||
|
@ -627,6 +643,7 @@
|
|||
"home-manager": "home-manager",
|
||||
"home-manager-unstable": "home-manager-unstable",
|
||||
"hyprland": "hyprland",
|
||||
"mobile-nixos": "mobile-nixos",
|
||||
"nixpkgs": "nixpkgs_3",
|
||||
"nixpkgs-unstable": "nixpkgs-unstable",
|
||||
"slippi": "slippi",
|
||||
|
|
49
flake.nix
49
flake.nix
|
@ -32,6 +32,11 @@
|
|||
slippi.inputs.home-manager.follows = "home-manager-unstable";
|
||||
|
||||
# nnf.url = "github:thelegy/nixos-nftables-firewall?rev=71fc2b79358d0dbacde83c806a0f008ece567b7b";
|
||||
|
||||
mobile-nixos = {
|
||||
url = "github:lytedev/mobile-nixos";
|
||||
flake = false;
|
||||
};
|
||||
};
|
||||
|
||||
nixConfig = {
|
||||
|
@ -66,6 +71,7 @@
|
|||
home-manager-unstable,
|
||||
helix,
|
||||
hardware,
|
||||
mobile-nixos,
|
||||
# nnf,
|
||||
# hyprland,
|
||||
slippi,
|
||||
|
@ -627,6 +633,47 @@
|
|||
./nixos/router.nix
|
||||
];
|
||||
};
|
||||
|
||||
# pinephone-image =
|
||||
# (import "${mobile-nixos}/lib/eval-with-configuration.nix" {
|
||||
# configuration = with nixosModules; [
|
||||
# linux
|
||||
# home-manager-defaults
|
||||
|
||||
# # outputs.diskoConfigurations.unencrypted # can I even disko with an image-based installation?
|
||||
# common
|
||||
# wifi
|
||||
|
||||
# # TODO: how do I get a minimally useful mobile environment?
|
||||
# # for me, this means an on-screen keyboard and suspend support I think?
|
||||
# # I can live in a tty if needed and graphical stuff can all evolve later
|
||||
# # not worried about modem
|
||||
# # maybe/hopefully I can pull in or define my own sxmo via nix?
|
||||
# ];
|
||||
# device = "pine64-pinephone";
|
||||
# pkgs = pkgsFor "aarch64-linux";
|
||||
# })
|
||||
# .outputs
|
||||
# .disk-image;
|
||||
|
||||
pinephone = nixpkgs.lib.nixosSystem {
|
||||
system = "aarch64-linux";
|
||||
modules = with nixosModules; [
|
||||
# TODO: how do I build this image?
|
||||
linux
|
||||
home-manager-defaults
|
||||
|
||||
# outputs.diskoConfigurations.unencrypted # can I even disko with an image-based installation?
|
||||
common
|
||||
wifi
|
||||
|
||||
{
|
||||
imports = [
|
||||
(import "${mobile-nixos}/lib/configuration.nix" {device = "pine64-pinephone";})
|
||||
];
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
homeConfigurations = {
|
||||
|
@ -657,7 +704,7 @@
|
|||
};
|
||||
|
||||
/*
|
||||
TODO: nix-on-droid for phone terminal usage?
|
||||
TODO: nix-on-droid for phone terminal usage? mobile-nixos?
|
||||
TODO: nix-darwin for work?
|
||||
TODO: nixos ISO?
|
||||
*/
|
||||
|
|
|
@ -1135,24 +1135,24 @@
|
|||
boot.tmp.cleanOnBoot = true;
|
||||
services.irqbalance.enable = true;
|
||||
|
||||
services.kanidm = {
|
||||
enableClient = true;
|
||||
enablePam = true;
|
||||
package = pkgs.kanidm;
|
||||
# this is not ready for primetime yet
|
||||
# services.kanidm = {
|
||||
# enableClient = true;
|
||||
# enablePam = true;
|
||||
# package = pkgs.kanidm;
|
||||
|
||||
clientSettings.uri = "https://idm.h.lyte.dev";
|
||||
unixSettings = {
|
||||
# hsm_pin_path = "/somewhere/else";
|
||||
pam_allowed_login_groups = [];
|
||||
};
|
||||
};
|
||||
|
||||
systemd.tmpfiles.rules = [
|
||||
"d /etc/kanidm 1755 nobody users -"
|
||||
];
|
||||
# clientSettings.uri = "https://idm.h.lyte.dev";
|
||||
# unixSettings = {
|
||||
# # hsm_pin_path = "/somewhere/else";
|
||||
# pam_allowed_login_groups = [];
|
||||
# };
|
||||
# };
|
||||
# systemd.tmpfiles.rules = [
|
||||
# "d /etc/kanidm 1755 nobody users -"
|
||||
# ];
|
||||
|
||||
# module has the incorrect file permissions out of the box
|
||||
environment.etc = {
|
||||
# environment.etc = {
|
||||
/*
|
||||
"kanidm" = {
|
||||
enable = true;
|
||||
|
@ -1161,17 +1161,17 @@
|
|||
mode = "0755";
|
||||
};
|
||||
*/
|
||||
"kanidm/unixd" = {
|
||||
user = "kanidm-unixd";
|
||||
group = "kanidm-unixd";
|
||||
mode = "0700";
|
||||
};
|
||||
"kanidm/config" = {
|
||||
user = "nobody";
|
||||
group = "users";
|
||||
mode = "0755";
|
||||
};
|
||||
};
|
||||
# "kanidm/unixd" = {
|
||||
# user = "kanidm-unixd";
|
||||
# group = "kanidm-unixd";
|
||||
# mode = "0700";
|
||||
# };
|
||||
# "kanidm/config" = {
|
||||
# user = "nobody";
|
||||
# group = "users";
|
||||
# mode = "0755";
|
||||
# };
|
||||
# };
|
||||
|
||||
programs.gnupg.agent = {
|
||||
enable = true;
|
||||
|
|
Loading…
Reference in a new issue