1
{
2
config,
3
pkgs,
4
...
5
}:
6
let
7
openssh = pkgs.openssh.overrideAttrs (
8
final: prev: {
9
patches = prev.patches ++ [
10
./0001-ssh-agent-add-__APPLE_LAUNCHD__-parts.patch
11
./0002-ssh-use-VYX_SSH_AUTH_SOCK.patch
12
];
13
}
14
);
15
in
16
{
17
18
system.stateVersion = 4;
19
system.primaryUser = "kivikakk";
20
21
nix.package = pkgs.nix;
22
23
vyx.secrets.encrypted = {
24
"aerc-password" = { };
25
"seraphim-id_ed25519_sk".path = "/Users/kivikakk/.ssh/id_ed25519_sk";
26
"kubeconfig" = { };
27
};
28
vyx.linux-builder.enable = true;
29
30
users.users.kivikakk = {
31
uid = 501;
32
gid = 20;
33
home = "/Users/kivikakk";
34
description = "Asherah Connor";
35
};
36
37
home-manager.users.kivikakk = {
38
accounts.email.accounts.asherah.passwordCommand = "cat ${
39
config.vyx.secrets.decrypted."aerc-password".path
40
}";
41
42
home.file.".ssh/id_ed25519_sk.pub".source = ../../sources/seraphim-id_ed25519_sk.pub;
43
home.file.".hammerspoon/init.lua".source = ../../sources/hammerspoon-init.lua;
44
45
home.packages = with pkgs; [
46
pulseview
47
gtkwave
48
iqan
49
];
50
51
programs.fish.interactiveShellInit = ''
52
set -gx COLORTERM truecolor
53
alias surfer $HOME/g/surfer/target/release/surfer
54
'';
55
};
56
57
# We include Nix's openssh for ed25519-sk support.
58
# We patch it to add back launchd support.
59
environment.systemPackages = [ openssh ];
60
61
# Messing around with launchd to try to disable the built-in
62
# gui/$UID/com.openssh.ssh-agent has not been fruitful. So we just use
63
# VYX_SSH_AUTH_SOCK (see patches above) instead!
64
launchd.user.agents.ssh-agent = {
65
serviceConfig = {
66
ProgramArguments = [
67
"${openssh}/bin/ssh-agent"
68
"-l"
69
];
70
Sockets.Listeners.SecureSocketWithKey = "VYX_SSH_AUTH_SOCK";
71
EnableTransactions = true;
72
};
73
};
74
75
environment.variables.PLUG_EDITOR = "hammerspoon://vyx?file=__FILE__&line=__LINE__";
76
environment.variables.KUBECONFIG = config.vyx.secrets.decrypted."kubeconfig".path;
77
78
services.comenzar.enable = true;
79
services.outfoxsync-client.enable = true;
80
81
homebrew = {
82
enable = true;
83
onActivation.cleanup = "uninstall";
84
taps = [ "homebrew/services" ];
85
brews = [
86
"libftdi"
87
"pkg-config"
88
"zstd" # zig
89
];
90
casks =
91
[
92
# Essentials/miscellaeny.
93
"1password"
94
"balenaetcher"
95
"daisydisk"
96
"firefox"
97
"keybase"
98
"kindle"
99
"rectangle"
100
"transmission"
101
"transmission-remote-gui"
102
"vlc"
103
"yubico-authenticator"
104
"hammerspoon"
105
]
106
++ [
107
# CAD.
108
"solvespace"
109
"freecad"
110
]
111
++ [
112
# Dev tools.
113
"ungoogled-chromium"
114
"kicad"
115
"utm"
116
"zed"
117
]
118
++ [
119
# Communications.
120
"element"
121
"signal"
122
]
123
++ [
124
# Darknet/cryptocurrency.
125
"tor-browser"
126
# "bitcoin-core"
127
# "ledger-live"
128
# "monero-wallet"
129
]
130
++ [
131
# Fonts.
132
# "font-atkinson-hyperlegible"
133
# "font-bangers"
134
"font-comic-mono"
135
"font-go"
136
"font-lato"
137
"font-open-sans"
138
"sf-symbols"
139
]
140
++ [
141
# Don't need now but do need sometimes:
142
# "ableton-live-lite"
143
# "anki"
144
# "audacity"
145
# "dosbox-x"
146
# "multipass"
147
# "musescore"
148
# "scrivener"
149
# "syncthing"
150
# "wireshark"
151
# "xld"
152
# "yubico-yubikey-manager"
153
];
154
};
155
}
156
