bin/install-sd-pi

+#!/usr/bin/env zsh
+
+set -e
+set -u
+set -x
+set -o pipefail
+
+source $DOTFILES_PATH/bin/lib/util.zsh
+
+cmdname=$(basename $0)
+usage() {
+  print "Usage: $cmdname <machine>" >&2
+}
+readonly machine="$1"
+
+# Update nar-hash of dotfiles repository
+nix flake lock --update-input dotfiles "path:$MACHINES_PATH"
+
+readonly nix=(nix --log-format bar-with-logs)
+
+# Installables
+readonly system_installable="path:$MACHINES_PATH#nixosConfigurations.$machine.config.system.build.toplevel"
+
+# Build once to catch errors
+$nix build --keep-going --no-link $system_installable
+
+
+# Use cached build to get output path
+readonly nixos_config_path=$($nix build --json --no-link $system_installable | jq --raw-output ".[0].outputs.out")
+
+
+# NOTE: Update if required
+readonly target_disk="/dev/disk/by-id/usb-Generic_MassStorageClass_000000001538-0:1"
+
+# NOTE: Update for each new installation
+readonly boot_partition_uuid="a305b625-f427-4e64-8d8f-cadb1105ea64"
+readonly root_partition_uuid="184a74e1-894b-4319-b9c9-9b0f972a30f8"
+
+# NOTE: Update for each new installation
+readonly root_uuid="dec6d7a8-6f97-4f4e-aaeb-98fd1e6bda27"
+
+# NOTE: Update for each new installation
+# Unsigned int
+readonly disk_id="13000001"
+
+
+# Derived paths
+#readonly boot_partition="/dev/disk/by-partuuid/$boot_partition_uuid"
+#readonly root_partition="/dev/disk/by-partuuid/$root_partition_uuid"
+
+readonly boot_partition="/dev/disk/by-partuuid/$disk_id-01"
+readonly root_partition="/dev/disk/by-partuuid/$disk_id-02"
+
+
+sudo wipefs -a $target_disk
+
+# nested gpt/dos doesn't seem to work
+#sudo nix shell nixpkgs#util-linux -c sfdisk $target_disk <<EOF
+#  label: gpt
+#  unit: sectors
+#  sector-size: 512
+#
+#  start=2048, size=512MiB, type=0fc63daf-8483-4772-8e79-3d69d8477de4, uuid=$boot_partition_uuid, name="boot"
+#  type=69dad710-2ce4-4e3c-b16c-21a1d49abed3, uuid=$root_partition_uuid, name="root"
+#EOF
+#
+#sudo nix shell nixpkgs#util-linux -c sfdisk --label-nested dos $target_disk <<EOF
+#  label: dos
+#  sector-size: 512
+#
+#  start=2048, size=512MiB, type=0c, bootable
+#  start=1, size=2047, type=ee
+#EOF
+
+sudo nix shell nixpkgs#util-linux -c sfdisk $target_disk <<EOF
+  label: dos
+  label-id: 0x$disk_id
+  unit: sectors
+  sector-size: 512
+
+  start=2048, size=512MiB, type=0c, bootable
+  type=83
+EOF
+
+sleep 2s
+
+sudo wipefs -a $boot_partition
+sudo wipefs -a $root_partition
+
+# partprobe doesn't seem to be enough for symlinks to appear?
+while [[ ! -b $boot_partition ]] {
+  print "Waiting for $boot_partition"
+  sleep 1s
+}
+sudo mkfs.fat -F32 -n PI_BOOT $boot_partition
+
+# partprobe doesn't seem to be enough for symlinks to appear?
+while [[ ! -b $root_partition ]] {
+  print "Waiting for $root_partition"
+  sleep 1s
+}
+sudo mkfs.ext4 -U $root_uuid -L root_$machine $root_partition
+
+mount_point=/mnt/mnt
+sudo mount $root_partition $mount_point
+
+sudo mkdir $mount_point/boot
+sudo mount $boot_partition $mount_point/boot
+
+sudo $nix copy --no-check-sigs --to "$mount_point" $nixos_config_path
+
+print "Setting system profile"
+sudo nix-env --store $mount_point --profile $mount_point/nix/var/nix/profiles/system --set $nixos_config_path
+
+print "Creating /etc/NIXOS"
+sudo mkdir -m 0755 -p "$mount_point/etc"
+sudo touch "$mount_point/etc/NIXOS"
+
+# Bootloader installation: broken when installing across architectures
+#sudo nixos-enter --root $mount_point -c "NIXOS_INSTALL_BOOTLOADER=1 $nixos_config_path/bin/switch-to-configuration boot"
+
+# Manual steps:
+# - open switch-to-configuration script
+# - look for "Install or update the bootloader."
+# - run extlinux-conf-builder.sh:
+#   /nix/store/[...]-extlinux-conf-builder.sh -d /mnt/mnt/boot -c $nixos_config_path -t 5
+echo "Manual bootloader installation required"
+echo "- Find bootloader installation in: $nixos_config_path/bin/switch-to-configuration"
+echo "- Then run extlinux-builder: sudo /nix/store/[...]-extlinux-conf-builder.sh -d $mount_point/boot -c $nixos_config_path -t 5"

bin/lib/installation.nix

@@ -21,7 +21,6 @@ let
   lvcreate-bin = "${lvm2.bin}/bin/lvcreate";
   vgcreate-bin = "${lvm2.bin}/bin/vgcreate";
   mkfs-fat-bin = "${dosfstools}/bin/mkfs.fat";
-  mkfs-ext4-bin = "${e2fsprogs}/bin/mkfs.ext4";
   mkfs-btrfs-bin = "${btrfsProgs}/bin/mkfs.btrfs";
   btrfs-bin = "${btrfsProgs}/bin/btrfs";
   fzf-bin = "${fzf}/bin/fzf";

flake.lock

@@ -84,11 +84,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1646497237,
-        "narHash": "sha256-Ccpot1h/rV8MgcngDp5OrdmLTMaUTbStZTR5/sI7zW0=",
+        "lastModified": 1647297614,
+        "narHash": "sha256-ulGq3W5XsrBMU/u5k9d4oPy65pQTkunR4HKKtTq0RwY=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "062a0c5437b68f950b081bbfc8a699d57a4ee026",
+        "rev": "73ad5f9e147c0d2a2061f1d4bd91e05078dc0b58",
         "type": "github"
       },
       "original": {

home-profiles/desktop/.config/rofi/config

-rofi.modi:		drun,ssh,window,run
-#rofi.theme:		~/.local/share/rofi/themes/gruvbox-dark.rasi
-rofi.theme:		~/.local/share/rofi/themes/android_notification.rasi
-rofi.font:		Fira Code retina 11
-rofi.terminal:		kitty
-rofi.ssh-command:	{terminal} {ssh-client} {host}
-rofi.run-shell-command:	{terminal} {cmd}
-rofi.kb-select-1:	F1
-rofi.kb-select-2:	F2
-rofi.kb-select-3:	F3
-rofi.kb-select-4:	F4
-rofi.kb-select-5:	F5
-rofi.kb-select-6:	F6
-rofi.kb-select-7:	F7
-rofi.kb-select-8:	F8
-rofi.kb-select-9:	F9
-rofi.kb-select-10:	F10
-rofi.kb-mode-next:	Shift+Right,Control+Tab,Super+Tab
-rofi.kb-mode-previous:	Shift+Left,Control+ISO_Left_Tab,Super+ISO_Left_Tab
-
-# vim: syntax=xdefaults

home-profiles/desktop/.local/share/rofi/themes/android_notification.rasi

-/*******************************************************************************
- * ROFI Color theme
- * User: Rasi
- * Copyright: Rasmus Steinke
- *******************************************************************************/
-
-* {
-    selected-normal-foreground:  rgba ( 255, 255, 255, 100 % );
-    foreground:                  rgba ( 193, 193, 193, 100 % );
-    normal-foreground:           @foreground;
-    alternate-normal-background: rgba ( 39, 50, 56, 100 % );
-    red:                         rgba ( 220, 50, 47, 100 % );
-    selected-urgent-foreground:  rgba ( 255, 24, 68, 100 % );
-    blue:                        rgba ( 38, 139, 210, 100 % );
-    urgent-foreground:           rgba ( 255, 24, 68, 100 % );
-    alternate-urgent-background: rgba ( 39, 50, 56, 100 % );
-    active-foreground:           rgba ( 128, 203, 196, 100 % );
-    lightbg:                     rgba ( 238, 232, 213, 100 % );
-    selected-active-foreground:  rgba ( 128, 203, 196, 100 % );
-    alternate-active-background: rgba ( 39, 50, 56, 100 % );
-    background:                  rgba ( 39, 50, 56, 100 % );
-    bordercolor:                 rgba ( 39, 50, 56, 100 % );
-    alternate-normal-foreground: @foreground;
-    normal-background:           rgba ( 39, 50, 56, 100 % );
-    lightfg:                     rgba ( 88, 104, 117, 100 % );
-    selected-normal-background:  rgba ( 57, 66, 73, 100 % );
-    border-color:                @foreground;
-    spacing:                     2;
-    separatorcolor:              rgba ( 30, 37, 41, 100 % );
-    urgent-background:           rgba ( 39, 50, 56, 100 % );
-    selected-urgent-background:  rgba ( 57, 66, 73, 100 % );
-    alternate-urgent-foreground: @urgent-foreground;
-    background-color:            rgba ( 0, 0, 0, 0 % );
-    alternate-active-foreground: @active-foreground;
-    active-background:           rgba ( 39, 50, 56, 100 % );
-    selected-active-background:  rgba ( 57, 66, 73, 100 % );
-}
-#window {
-    background-color: @background;
-    border:           1;
-    padding:          5;
-}
-#mainbox {
-    border:  0;
-    padding: 0;
-}
-#message {
-    border:       1px dash 0px 0px ;
-    border-color: @separatorcolor;
-    padding:      1px ;
-}
-#textbox {
-    text-color: @foreground;
-}
-#listview {
-    fixed-height: 0;
-    border:       2px dash 0px 0px ;
-    border-color: @separatorcolor;
-    spacing:      2px ;
-    scrollbar:    true;
-    padding:      2px 0px 0px ;
-}
-#element {
-    border:  0;
-    padding: 1px ;
-}
-#element.normal.normal {
-    background-color: @normal-background;
-    text-color:       @normal-foreground;
-}
-#element.normal.urgent {
-    background-color: @urgent-background;
-    text-color:       @urgent-foreground;
-}
-#element.normal.active {
-    background-color: @active-background;
-    text-color:       @active-foreground;
-}
-#element.selected.normal {
-    background-color: @selected-normal-background;
-    text-color:       @selected-normal-foreground;
-}
-#element.selected.urgent {
-    background-color: @selected-urgent-background;
-    text-color:       @selected-urgent-foreground;
-}
-#element.selected.active {
-    background-color: @selected-active-background;
-    text-color:       @selected-active-foreground;
-}
-#element.alternate.normal {
-    background-color: @alternate-normal-background;
-    text-color:       @alternate-normal-foreground;
-}
-#element.alternate.urgent {
-    background-color: @alternate-urgent-background;
-    text-color:       @alternate-urgent-foreground;
-}
-#element.alternate.active {
-    background-color: @alternate-active-background;
-    text-color:       @alternate-active-foreground;
-}
-#scrollbar {
-    width:        4px ;
-    border:       0;
-    handle-width: 8px ;
-    padding:      0;
-}
-#sidebar {
-    border:       2px dash 0px 0px ;
-    border-color: @separatorcolor;
-}
-#button.selected {
-    background-color: @selected-normal-background;
-    text-color:       @selected-normal-foreground;
-}
-#inputbar {
-    spacing:    0;
-    text-color: @normal-foreground;
-    padding:    1px ;
-}
-#case-indicator {
-    spacing:    0;
-    text-color: @normal-foreground;
-}
-#entry {
-    spacing:    0;
-    text-color: @normal-foreground;
-}
-#prompt {
-    spacing:    0;
-    text-color: @normal-foreground;
-}
-#inputbar {
-    children:   [ prompt,textbox-prompt-colon,entry,case-indicator ];
-}
-#textbox-prompt-colon {
-    expand:     false;
-    str:        ":";
-    margin:     0px 0.3em 0em 0em ;
-    text-color: @normal-foreground;
-}

home-profiles/kitty/.config/kitty/kitty.conf

-# vim:fileencoding=utf-8:ft=conf
-
-font_family      PragmataPro Mono Liga
-
-#font_family      Fira Code
-#italic_font      auto
-#bold_font        Fira Code Bold
-#bold_italic_font auto
-
-font_size        10
-
-cursor_blink_interval     0.5
-
-cursor_stop_blinking_after 5
-
-scrollback_lines 10000
-scrollback_pager_history_size 10
-
-scrollback_fill_enlarged_window yes
-
-mouse_hide_wait -3
-
-enable_audio_bell no
-visual_bell_duration 0.05
-
-# Shell integration should be done in the shell
-shell_integration disabled
-
-
-selection_foreground #000000
-selection_background #FFFACD
-
-background #1d2021
-foreground #ebdbb2
-
-# Black + DarkGrey
-color0 #282828
-color8 #928374
-# DarkRed + Red
-color1 #cc241d
-color9 #fb4934
-# DarkGreen + Green
-color2 #98971a
-color10 #b8bb26
-# DarkYellow + Yellow
-color3 #d79921
-color11 #fabd2f
-# DarkBlue + Blue
-color4 #458588
-color12 #83a598
-# DarkMagenta + Magenta
-color5 #b16286
-color13 #d3869b
-# DarkCyan + Cyan
-color6 #689d6a
-color14 #8ec07c
-# LightGrey + White
-color7 #a89984
-color15 #ebdbb2
-
-update_check_interval 0
-
-
-map kitty_mod+plus change_font_size current +0.5
-map kitty_mod+minus change_font_size current -0.5
-map kitty_mod+backspace restore_font_size
-map kitty_mod+´ set_font_size 8.5
-
-map kitty_mod+f run_kitten text hints
-map kitty_mod+u input_unicode_character
-
-map kitty_mod+enter new_os_window_with_cwd

layers/base.nix

@@ -144,7 +144,6 @@ in
       isNormalUser = true;
       passwordFile = "/etc/secrets/passwords/jens";
       extraGroups = [ "wheel" "audio" "dialout" "networkmanager" ];
-      dotfiles.profiles = [ "base" ];
     };
   };
 }

layers/desktop.nix

@@ -35,11 +35,9 @@ in
     foot
     glxinfo
     gnome3.gnome-disk-utility
-    networkmanagerapplet
     wayvnc
     tigervnc
     dfeet
-    #vimiv
     mpv-queezle
     wdisplays
     squeekboard
@@ -80,7 +78,6 @@ in
     sysstat
     zsh
     bash
-    wirelesstools
     lm_sensors
     jq
   ];
@@ -103,7 +100,6 @@ in
         "video"
         "pulse-access"
       ];
-      dotfiles.profiles = [ "kitty" "vscode" "desktop" ];
     };
   };
 
@@ -111,7 +107,7 @@ in
 
 
   programs.sway.enable = true;
-  programs.sway.extraPackages = with pkgs; [ swaylock swayidle xwayland kitty cool-retro-term xorg.xrdb ];
+  programs.sway.extraPackages = with pkgs; [ swaylock swayidle xwayland kitty cool-retro-term xorg.xrdb slurp ];
   # QT_QPA_PLATFORM=wayland requires qt5.qtwayland in systemPackages
   programs.sway.extraSessionCommands = ''
     export XDG_SESSION_TYPE=wayland

layers/dev.nix

@@ -13,6 +13,15 @@
     gdb
   ];
 
+  nix.extraOptions = ''
+    keep-outputs = true
+    keep-derivations = true
+  '';
+
+  home-manager.users.jens.xdg.configFile."direnv/direnvrc" = {
+    source = "${pkgs.nix-direnv}/share/nix-direnv";
+  };
+
   users.users = {
     jens = {
       packages = with pkgs; [ direnv ];
@@ -23,7 +32,6 @@
       isNormalUser = true;
       packages = with pkgs; [
       ];
-      dotfiles.profiles = [ "kitty" "vscode" "tmux" ];
     };
   };
 }

layers/git-jens.nix

-{ ... }:
-{
-  imports = [ ./base.nix ];
-
-  users = {
-    users.jens = {
-      dotfiles.profiles = [ "git-jens" ];
-    };
-  };
-}
-

layers/gpsd.nix

+{ config, lib, pkgs, ... }:
+with lib;
+
+let
+  uid = config.ids.uids.gpsd;
+  gid = config.ids.gids.gpsd;
+  cfg = config.services.gpsd;
+in {
+  # An attempt at creating a secure hotplug-capable gpsd configuration
+
+  # TODO: for not running as root, chronys SHM segments have to be configured to be writable from chrony
+  # (e.g. `refclock SHM 1:perm=0664 refid GPS2`, started with an appropriate group)
+  # The same applies to crony .sock files (they are only writeable by root by default)
+
+  # New service unit to use --sockfile feature
+  systemd.services.gpsd = {
+    serviceConfig = {
+      ExecStart = "${pkgs.gpsd}/bin/gpsd --foreground --sockfile /run/gpsd/gpsd.sock --nowait --debug 0";
+      Type = "exec";
+      #User = "gpsd";
+      #Group = "gpsd";
+      ProtectSystem = "strict";
+      ProtectHome = true;
+      ProtectControlGroups = true;
+      CapabilityBoundingSet = "CAP_SYS_TIME CAP_IPC_LOCK CAP_SETUID CAP_SETGID";
+      RuntimeDirectory = "gpsd";
+    };
+  };
+
+  # Per-device service unit to load devices
+  systemd.services."gpsd-add-device@" = {
+    requires = [ "gpsd.service" ];
+    after = [ "gpsd.service" ];
+    serviceConfig = {
+      ExecStartPre = "${pkgs.setserial}/bin/setserial /dev/%I low_latency";
+      ExecStart = "${pkgs.gpsd}/bin/gpsdctl add /dev/%I";
+      ExecStop = ''${pkgs.zsh}/bin/zsh -c "[[ -e /dev/%I ]] && ${pkgs.gpsd}/bin/gpsdctl remove /dev/%I"'';
+      RemainAfterExit = true;
+      Environment = "GPSD_SOCKET=/run/gpsd/gpsd.sock";
+      Type = "oneshot";
+      #User = "gpsd";
+      #Group = "gpsd";
+      ProtectSystem = "strict";
+      ProtectHome = true;
+      ProtectKernelTunables = true;
+      ProtectControlGroups = true;
+      CapabilityBoundingSet = "";
+    };
+  };
+
+  services.udev.packages = lib.singleton (pkgs.writeTextFile {
+    name = "gpsmouse-udev-rules";
+    destination = "/etc/udev/rules.d/90-gpsmouse.rules";
+    text = ''
+      SUBSYSTEM=="tty", ATTRS{idVendor}=="1546", ATTRS{idProduct}=="01a7", GROUP="dialout", TAG+="systemd", ENV{SYSTEMD_WANTS}="gpsd-add-device@$name.service"
+    '';
+  });
+
+  # User config replicated from nixpkgs gpsd.nix
+  users.users.gpsd =
+    { inherit uid;
+      group = "gpsd";
+      description = "gpsd daemon user";
+      home = "/var/empty";
+    };
+
+  users.groups.gpsd = { inherit gid; };
+}

layers/greeter.nix

@@ -37,8 +37,10 @@ in
     isSystemUser = true;
     home = "/var/run/greeter";
     createHome = true;
-    # TODO only apply theming
-    dotfiles.profiles = [ "desktop" ];
+
+    # Profiles no longer exist
+    #dotfiles.profiles = [ "desktop" ];
+    # TODO Add theming configuration to greeter
   };
 
   services.greetd = {

modules/default.nix

@@ -4,10 +4,11 @@
   imports = [
     ./desktop
     ./desktop/launcher.nix
+    ./distraction-blocker
     ./emacs
+    ./git
     ./sway
     ./project-manager
-    ./dotfiles.nix
     ./he-dns.nix
     ./kea.nix
     ./mobile-nixos-bootloader.nix

modules/desktop/config/xdg-desktop-portal-wlr.nix

+{ lib, pkgs, config, ... }:
+with lib;
+pkgs.writeText "xdg-desktop-portal.config" ''
+[screencast]
+max_fps=30
+chooser_cmd=${pkgs.slurp}/bin/slurp -f %o -or
+chooser_type=simple
+''

modules/desktop/default.nix

@@ -23,18 +23,32 @@ in
 
     queezle.project-manager.enable = true;
 
-    home-manager.users."${cfg.user}".xdg = {
-      configFile."foot/foot.ini" = {
-        source = import ./config/foot.nix inputs;
+    home-manager.users."${cfg.user}" = {
+      home = {
+        file.".zprofile".source = ./files/home/zprofile;
+        file.".Xresources".source = ./files/home/Xresources;
       };
-      dataFile."squeekboard/keyboards/terminal/us.yaml" = { source = squeekboardConfig; };
-      dataFile."squeekboard/keyboards/terminal/us_wide.yaml" = { source = squeekboardConfig; };
-      dataFile."squeekboard/keyboards/us.yaml" = { source = squeekboardConfig; };
-      dataFile."squeekboard/keyboards/us_wide.yaml" = { source = squeekboardConfig; };
 
-      # TODO: remove after next nixpkgs-pinephone update
-      dataFile."squeekboard/keyboards/terminal.yaml" = { source = squeekboardConfig; };
-      dataFile."squeekboard/keyboards/terminal_wide.yaml" = { source = squeekboardConfig; };
+      xdg = {
+        configFile."foot/foot.ini".source = import ./config/foot.nix inputs;
+        #configFile."xdg-desktop-portal-wlr/config".source = import ./config/xdg-desktop-portal-wlr.nix inputs;
+        configFile."dunst".source = ./files/config/dunst;
+        configFile."gammastep".source = ./files/config/gammastep;
+        configFile."gtk-3.0".source = ./files/config/gtk-3.0;
+        configFile."qbar".source = ./files/config/qbar;
+        configFile."swaylock".source = ./files/config/swaylock;
+
+        dataFile."squeekboard/keyboards/terminal/us.yaml".source = squeekboardConfig;
+        dataFile."squeekboard/keyboards/terminal/us_wide.yaml".source = squeekboardConfig;
+        dataFile."squeekboard/keyboards/us.yaml".source = squeekboardConfig;
+        dataFile."squeekboard/keyboards/us_wide.yaml".source = squeekboardConfig;
+
+        dataFile."icons/default/index.theme".source = ./files/data/icons/default/index.theme;
+
+        # TODO: remove after next nixpkgs-pinephone update
+        dataFile."squeekboard/keyboards/terminal.yaml".source = squeekboardConfig;
+        dataFile."squeekboard/keyboards/terminal_wide.yaml".source = squeekboardConfig;
+      };
     };
   };
 }