WIP pinephone
Some checks failed
/ check (push) Has been cancelled

This commit is contained in:
Daniel Flanagan 2024-10-08 19:42:33 -05:00
parent a7b81162d5
commit 1bb83efeef
3 changed files with 98 additions and 34 deletions

View file

@ -522,6 +522,22 @@
"type": "github"
}
},
"mobile-nixos": {
"flake": false,
"locked": {
"lastModified": 1728423157,
"narHash": "sha256-pJaC+Aef6oixhV6HdWPS2Pq/TgHxEN+MPLYUjighWYI=",
"owner": "lytedev",
"repo": "mobile-nixos",
"rev": "b2c496bbcebc85a28d1d939b56bd331536bd1ac4",
"type": "github"
},
"original": {
"owner": "lytedev",
"repo": "mobile-nixos",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1709479366,
@ -627,6 +643,7 @@
"home-manager": "home-manager",
"home-manager-unstable": "home-manager-unstable",
"hyprland": "hyprland",
"mobile-nixos": "mobile-nixos",
"nixpkgs": "nixpkgs_3",
"nixpkgs-unstable": "nixpkgs-unstable",
"slippi": "slippi",

View file

@ -32,6 +32,11 @@
slippi.inputs.home-manager.follows = "home-manager-unstable";
# nnf.url = "github:thelegy/nixos-nftables-firewall?rev=71fc2b79358d0dbacde83c806a0f008ece567b7b";
mobile-nixos = {
url = "github:lytedev/mobile-nixos";
flake = false;
};
};
nixConfig = {
@ -66,6 +71,7 @@
home-manager-unstable,
helix,
hardware,
mobile-nixos,
# nnf,
# hyprland,
slippi,
@ -627,6 +633,47 @@
./nixos/router.nix
];
};
# pinephone-image =
# (import "${mobile-nixos}/lib/eval-with-configuration.nix" {
# configuration = with nixosModules; [
# linux
# home-manager-defaults
# # outputs.diskoConfigurations.unencrypted # can I even disko with an image-based installation?
# common
# wifi
# # TODO: how do I get a minimally useful mobile environment?
# # for me, this means an on-screen keyboard and suspend support I think?
# # I can live in a tty if needed and graphical stuff can all evolve later
# # not worried about modem
# # maybe/hopefully I can pull in or define my own sxmo via nix?
# ];
# device = "pine64-pinephone";
# pkgs = pkgsFor "aarch64-linux";
# })
# .outputs
# .disk-image;
pinephone = nixpkgs.lib.nixosSystem {
system = "aarch64-linux";
modules = with nixosModules; [
# TODO: how do I build this image?
linux
home-manager-defaults
# outputs.diskoConfigurations.unencrypted # can I even disko with an image-based installation?
common
wifi
{
imports = [
(import "${mobile-nixos}/lib/configuration.nix" {device = "pine64-pinephone";})
];
}
];
};
};
homeConfigurations = {
@ -657,7 +704,7 @@
};
/*
TODO: nix-on-droid for phone terminal usage?
TODO: nix-on-droid for phone terminal usage? mobile-nixos?
TODO: nix-darwin for work?
TODO: nixos ISO?
*/

View file

@ -1135,24 +1135,24 @@
boot.tmp.cleanOnBoot = true;
services.irqbalance.enable = true;
services.kanidm = {
enableClient = true;
enablePam = true;
package = pkgs.kanidm;
# this is not ready for primetime yet
# services.kanidm = {
# enableClient = true;
# enablePam = true;
# package = pkgs.kanidm;
clientSettings.uri = "https://idm.h.lyte.dev";
unixSettings = {
# hsm_pin_path = "/somewhere/else";
pam_allowed_login_groups = [];
};
};
systemd.tmpfiles.rules = [
"d /etc/kanidm 1755 nobody users -"
];
# clientSettings.uri = "https://idm.h.lyte.dev";
# unixSettings = {
# # hsm_pin_path = "/somewhere/else";
# pam_allowed_login_groups = [];
# };
# };
# systemd.tmpfiles.rules = [
# "d /etc/kanidm 1755 nobody users -"
# ];
# module has the incorrect file permissions out of the box
environment.etc = {
# environment.etc = {
/*
"kanidm" = {
enable = true;
@ -1161,17 +1161,17 @@
mode = "0755";
};
*/
"kanidm/unixd" = {
user = "kanidm-unixd";
group = "kanidm-unixd";
mode = "0700";
};
"kanidm/config" = {
user = "nobody";
group = "users";
mode = "0755";
};
};
# "kanidm/unixd" = {
# user = "kanidm-unixd";
# group = "kanidm-unixd";
# mode = "0700";
# };
# "kanidm/config" = {
# user = "nobody";
# group = "users";
# mode = "0755";
# };
# };
programs.gnupg.agent = {
enable = true;