Compare commits
52 Commits
09463d0dbb
..
main
| Author | SHA1 | Date | |
|---|---|---|---|
 imbytecat
|
a4c7f28849 | ||
|
imbytecat
|
8d68dfafd2 | ||
|
imbytecat
|
f9d7d40e4e | ||
|
imbytecat
|
d072bb491c | ||
|
imbytecat
|
f011b5027d | ||
|
imbytecat
|
007a104ef3 | ||
|
imbytecat
|
41913d9a24 | ||
|
imbytecat
|
2cd41bcd16 | ||
|
imbytecat
|
7fccb75e4f | ||
|
imbytecat
|
8c0ada01b9 | ||
|
imbytecat
|
4e7ddff3eb | ||
|
imbytecat
|
ba7e0bb7af | ||
|
imbytecat
|
af82b03b3e | ||
|
imbytecat
|
b84b747b76 | ||
|
imbytecat
|
aec2625eaa | ||
|
imbytecat
|
40731eda73 | ||
|
imbytecat
|
bd5b0d9772 | ||
|
imbytecat
|
0cc6294e44 | ||
|
imbytecat
|
883d551f8e | ||
|
imbytecat
|
27b265803c | ||
|
imbytecat
|
635ea270aa | ||
|
imbytecat
|
54c56501e4 | ||
|
imbytecat
|
1df2e87a6e | ||
|
imbytecat
|
2147d2917e | ||
|
imbytecat
|
82a148a894 | ||
|
imbytecat
|
7e5e05470a | ||
|
imbytecat
|
f6e2f92da3 | ||
|
imbytecat
|
5583970878 | ||
|
imbytecat
|
beeb9948f4 | ||
|
imbytecat
|
804e96a979 | ||
|
imbytecat
|
fbb83ff013 | ||
|
imbytecat
|
8714184fbd | ||
|
imbytecat
|
895b3c2978 | ||
|
imbytecat
|
235b81c21e | ||
|
imbytecat
|
9a4582a752 | ||
|
imbytecat
|
2cd888e1cf | ||
|
imbytecat
|
75340604f1 | ||
|
imbytecat
|
d6a0bf0cae | ||
|
imbytecat
|
be247ff3b9 | ||
|
imbytecat
|
d7e0aaf798 | ||
|
imbytecat
|
5f7ef35a34 | ||
|
imbytecat
|
bf01c40ebb | ||
|
imbytecat
|
53f8c2ceb3 | ||
|
imbytecat
|
a1ba07faf5 | ||
|
imbytecat
|
d2f7210d1a | ||
|
imbytecat
|
77c2190f00 | ||
|
imbytecat
|
ed69dba1ca | ||
|
imbytecat
|
4acff86a06 | ||
|
imbytecat
|
35ac63e068 | ||
|
imbytecat
|
3c6910cfb1 | ||
|
imbytecat
|
067608f4f8 | ||
|
imbytecat
|
1e78149a4f |
@@ -2,7 +2,7 @@
|
|||||||
|
|
||||||
## Overview
|
## Overview
|
||||||
|
|
||||||
Nix flake managing 3 devices: Mac Mini, MacBook Air (both aarch64-darwin via nix-darwin), and a Windows PC via NixOS-WSL (x86_64-linux). Single user `imbytecat` everywhere.
|
Nix flake — 3 devices (Mac Mini, MacBook Air: aarch64-darwin; WSL: x86_64-linux). Single user `imbytecat`. Uses **Lix**.
|
||||||
|
|
||||||
## Architecture
|
## Architecture
|
||||||
|
|
||||||
@@ -13,88 +13,75 @@ flake.nix
|
|||||||
└── nixosConfigurations.wsl (x86_64-linux)
|
└── nixosConfigurations.wsl (x86_64-linux)
|
||||||
```
|
```
|
||||||
|
|
||||||
- `lib/default.nix` — builders: `mkDarwin`, `mkNixos`. All hosts get shared modules + home-manager + catppuccin + lazyvim-nix + sops-nix.
|
- `lib/default.nix` — `mkDarwin`/`mkNixos` builders, `sshKeys` (via `specialArgs`), `homeManagerConfig`
|
||||||
- `modules/shared/` — both platforms: nixpkgs config, overlays, nix settings, Lix
|
- `modules/shared/` — cross-platform: Lix, overlays, fonts, fish, openssh, 1password
|
||||||
- `modules/darwin/` — macOS: system preferences, homebrew (casks/brews/masApps), fonts, fish shell, user
|
- `modules/darwin/` — system preferences, homebrew, user
|
||||||
- `modules/nixos/` — NixOS: base packages, docker, locale, user
|
- `modules/nixos/` — system packages, locale, docker, user
|
||||||
- `home/` — home-manager (shared across all hosts via `useGlobalPkgs`)
|
- `home/` — home-manager (shared, `useGlobalPkgs`), catppuccin
|
||||||
- `hosts/*/` — per-host overrides (mac-mini: 24/7 server with sleep disabled; macbook-air: portable)
|
- `hosts/*/` — per-host overrides
|
||||||
- `overlays/` + `pkgs/` — custom packages (comment-checker)
|
- `overlays/` + `pkgs/` — custom packages (`comment-checker`)
|
||||||
- `secrets/` — sops-encrypted secrets (age key derived from `~/.ssh/id_ed25519`)
|
|
||||||
|
|
||||||
Config flows: `hosts/*` (host-specific) -> `modules/*` (platform) -> `home/*` (user-level, cross-platform)
|
Flow: `hosts/*` → `modules/*` → `home/*`
|
||||||
|
|
||||||
## Nix implementation
|
|
||||||
|
|
||||||
All platforms use **Lix** (`nix.package = pkgs.lix` in `modules/shared/nix.nix`). Channels are disabled (`nix.channel.enable = false`) — flakes only.
|
|
||||||
|
|
||||||
## Commands
|
## Commands
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
# Justfile shortcuts (preferred)
|
just rebuild mac-mini # macOS host (darwin-rebuild)
|
||||||
just rebuild mac-mini # rebuild macOS host (on macOS)
|
|
||||||
just rebuild macbook-air
|
just rebuild macbook-air
|
||||||
just rebuild # rebuild WSL (linux only, default: "wsl")
|
just rebuild wsl # NixOS host (nixos-rebuild)
|
||||||
just check # eval configs without building (platform-aware)
|
just check # eval without building (platform-aware)
|
||||||
just update # nix flake update
|
just update # nix flake update
|
||||||
just up nixpkgs # update a single flake input
|
just up nixpkgs # update single input
|
||||||
just show # nix flake show
|
just clean # nix-collect-garbage -d (user-level only)
|
||||||
just secrets # sops secrets/secrets.yaml
|
just rollback # NixOS only — rollback to previous generation
|
||||||
just clean # nix-collect-garbage -d
|
|
||||||
just history # list system profile generations
|
just history # list system profile generations
|
||||||
just lsp mac-mini # generate .vscode/settings.json for nixd option completion
|
just show # nix flake show
|
||||||
|
just lsp mac-mini # nixd option completion for VSCode
|
||||||
# Direct (when just isn't available)
|
|
||||||
sudo darwin-rebuild switch --flake .#mac-mini
|
|
||||||
sudo nixos-rebuild switch --flake .#wsl
|
|
||||||
nix build .#darwinConfigurations.mac-mini.system --dry-run # validate (eval only)
|
|
||||||
nix build .#darwinConfigurations.mac-mini.system # validate (full build)
|
|
||||||
|
|
||||||
# First-time bootstrap (nix-darwin not yet installed)
|
|
||||||
sudo nix run nix-darwin -- switch --flake .#mac-mini
|
|
||||||
```
|
```
|
||||||
|
|
||||||
## Critical gotchas
|
Note: `just check` and `just rebuild` have `[macos]`/`[linux]` variants — the justfile auto-selects by platform.
|
||||||
|
|
||||||
- **Neovim uses lazyvim-nix**: `programs.lazyvim` in `home/dev/neovim.nix` manages neovim via the `lazyvim-nix` flake input. Catppuccin nvim integration is explicitly disabled (`catppuccin.nvim.enable = false`) because LazyVim manages its own colorscheme. Don't try to use `catppuccin.enable` for nvim or the old `programs.neovim.plugins` approach.
|
## Gotchas
|
||||||
- **catppuccin module name**: Home-manager uses `catppuccin.homeModules.catppuccin` (imported in `home/default.nix`). NixOS uses `catppuccin.nixosModules.catppuccin` (in `lib/default.nix`). Don't use the old `homeManagerModules` name.
|
|
||||||
- **Homebrew tap casks**: Casks from taps need full path (e.g. `"goooler/repo/fl-clash"`), not just the short name.
|
|
||||||
- **`onActivation.cleanup = "zap"`**: Any brew formula/cask NOT declared in `modules/darwin/default.nix` WILL be removed on rebuild. Be comprehensive.
|
|
||||||
- **First-time bootstrap requires sudo**: `sudo nix run nix-darwin -- switch --flake .#mac-mini` (not `darwin-rebuild` which doesn't exist yet).
|
|
||||||
- **mise for version management**: Activated in `home/shell/fish.nix` via `mise activate fish | source`. Config in `home/dev/languages.nix` trusts all config paths.
|
|
||||||
|
|
||||||
## Secrets (sops-nix)
|
- **Shared settings in `modules/shared/`** — don't re-declare fish/openssh/1password/fonts in platform modules.
|
||||||
|
- **`sshKeys` centralized** in `lib/default.nix` via `specialArgs`. Don't hardcode.
|
||||||
|
- **WSL aliases force-cleared** — `hosts/wsl/default.nix` uses `lib.mkForce {}`. All aliases via Home Manager only.
|
||||||
|
- **Neovim = lazyvim-nix** — `programs.lazyvim` in `home/dev/neovim.nix`. `catppuccin.nvim.enable = false` (LazyVim manages colorscheme). The `lazyvim.homeManagerModules.default` is loaded as a sharedModule in `lib/default.nix`.
|
||||||
|
- **catppuccin modules** — `catppuccin.homeModules.catppuccin` (home), `catppuccin.nixosModules.catppuccin` (NixOS). Not the old `homeManagerModules`.
|
||||||
|
- **Homebrew `cleanup = "zap"`** — undeclared casks/brews get removed. `greedyCasks = true` upgrades even auto-updating casks. Shared → `modules/darwin/`, host-specific → `hosts/*/`. Tap casks need full path (e.g. `"goooler/repo/fl-clash"`).
|
||||||
|
- **Ghostty macOS-only** — `enable = pkgs.stdenv.isDarwin`, `package = null` (Homebrew cask). Terminfo propagated via `ghostty.terminfo` in `modules/nixos/`.
|
||||||
|
- **nix-ld on WSL** — `programs.nix-ld.enable = true` for VSCode Remote.
|
||||||
|
- **home-manager `backupFileExtension = "bak"`** — set in `lib/default.nix`. Existing dotfiles get `.bak` suffix on conflict.
|
||||||
|
- **mise** — runtime version management (`home/dev/languages.nix`). `trusted_config_paths = [ "/" ]` trusts all config files.
|
||||||
|
|
||||||
- Encrypted with age, key derived from `~/.ssh/id_ed25519` (see `.sops.yaml`)
|
## Environment
|
||||||
- Secrets file: `secrets/secrets.yaml` — edit with `just secrets` (runs `sops`)
|
|
||||||
- Decrypted at runtime via `home/secrets.nix`, exposed as env vars in fish: `AI_GATEWAY_BASE_URL`, `AI_GATEWAY_API_KEY`, `EXA_API_KEY`, `CONTEXT7_API_KEY`
|
|
||||||
- sops-nix integrated via `home-manager` sharedModules in `lib/default.nix`
|
|
||||||
- Never commit `*.dec.yaml`, `*.dec.json`, `*.plaintext` (in `.gitignore`)
|
|
||||||
|
|
||||||
## Shell
|
1Password CLI secrets are **cached locally** — shell startup reads `~/.cache/op-env/env.fish` (no network).
|
||||||
|
|
||||||
Fish (not zsh). All tool integrations use `enableFishIntegration`. Key files:
|
- Template: `home/shell/fish.nix` → `~/.config/op-env/env.tpl` (`op://` refs, safe to commit)
|
||||||
- `home/shell/fish.nix` — abbreviations, interactiveShellInit, mise activation
|
- Cache: `~/.cache/op-env/env.fish` (plaintext, `chmod 600`, outside git/nix store)
|
||||||
- `home/shell/tools.nix` — fzf, atuin, zoxide (`--cmd cd`), direnv, bat, eza, yazi, btop, zellij
|
- Auth: `OP_SERVICE_ACCOUNT_TOKEN` in `~/.config/fish/local.fish` (gitignored)
|
||||||
- `home/shell/starship.nix` — prompt
|
- Refresh: user runs `op-env-refresh` manually (needs network). Atomic write (mktemp + mv), failure keeps old cache.
|
||||||
|
- Clear: `op-env-clear` removes cache file.
|
||||||
|
- `local.fish` is sourced **after** the cache, so it can override env vars per-machine.
|
||||||
|
|
||||||
## Home Manager option API
|
## Home Manager option API
|
||||||
|
|
||||||
These options were renamed in recent home-manager; use the new names:
|
Use the new names:
|
||||||
- `programs.git.settings.user.{name,email}` (not `userName`/`userEmail`)
|
- `programs.git.settings.user.{name,email}` (not `userName`/`userEmail`)
|
||||||
- `programs.git.settings.*` (not `extraConfig`)
|
- `programs.git.settings.*` (not `extraConfig`)
|
||||||
- `programs.delta.{enable,options}` (not `programs.git.delta.*`)
|
- `programs.delta.{enable,options}` (not `programs.git.delta.*`)
|
||||||
- `programs.delta.enableGitIntegration = true` (must be explicit)
|
- `programs.delta.enableGitIntegration = true` (must be explicit)
|
||||||
- `programs.ssh.matchBlocks."*".addKeysToAgent` (not top-level `addKeysToAgent`)
|
- `programs.ssh.matchBlocks."*".addKeysToAgent` (not top-level)
|
||||||
- `programs.ssh.enableDefaultConfig = false` (set explicitly)
|
- `programs.ssh.enableDefaultConfig = false`
|
||||||
|
|
||||||
## Nix LSP & formatter
|
## Nix tooling
|
||||||
|
|
||||||
- LSP: `nixd` (not `nil`). Provides nixpkgs/option completion.
|
- LSP: `nixd`. Formatter: `nixfmt`. Linter: `statix`.
|
||||||
- Formatter: `nixfmt`. Run: `nixfmt <file.nix>`
|
- All in `home/dev/languages.nix`.
|
||||||
- Both installed via `home/dev/languages.nix`.
|
- `just lsp <host>` generates `.vscode/settings.json` from `.vscode/settings.base.json` (gitignored output).
|
||||||
- VSCode settings for nixd option completion: `just lsp <host>` (generates `.vscode/settings.json` from `.vscode/settings.base.json`)
|
|
||||||
|
|
||||||
## Tool usage
|
## Tool usage
|
||||||
|
|
||||||
- **Always use the `nixos_nix` MCP tool** when searching for nix-darwin / NixOS / home-manager options. Query with `source=darwin/nixos/home-manager` and `type=options/packages` to find available options before writing config. Do not guess option names or value types — verify first.
|
- `opencode.jsonc` configures `just-lsp` (LSP) and `mcp-nixos` (MCP).
|
||||||
|
- **Always use `nixos_nix` MCP** to look up nix-darwin/NixOS/home-manager options before writing config. Don't guess option names.
|
||||||
|
|||||||
@@ -1,6 +1,6 @@
|
|||||||
# Nix Config
|
# Nix Config
|
||||||
|
|
||||||
使用 [nix-darwin](https://github.com/nix-darwin/nix-darwin) + [NixOS-WSL](https://github.com/nix-community/NixOS-WSL) + [Home Manager](https://github.com/nix-community/home-manager) + [Flakes](https://nix.dev/concepts/flakes) 声明式管理三台设备的系统配置。
|
nix-darwin + NixOS-WSL + Home Manager + Flakes 声明式管理三台设备的系统配置。
|
||||||
|
|
||||||
## 设备
|
## 设备
|
||||||
|
|
||||||
@@ -12,108 +12,114 @@
|
|||||||
|
|
||||||
## 快速开始
|
## 快速开始
|
||||||
|
|
||||||
### macOS (Mac Mini / MacBook Air)
|
### macOS
|
||||||
|
|
||||||
1. 安装 [Lix](https://lix.systems/)(Nix 的社区分支,nix-darwin 官方推荐):
|
1. 安装 [Lix](https://lix.systems/):
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
curl -sSf -L https://install.lix.systems/lix | sh -s -- install
|
curl -sSf -L https://install.lix.systems/lix | sh -s -- install
|
||||||
```
|
```
|
||||||
|
|
||||||
2. 克隆仓库并首次构建:
|
2. 安装 [Homebrew](https://brew.sh/)(nix-darwin 不会自动安装):
|
||||||
|
|
||||||
|
```bash
|
||||||
|
/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"
|
||||||
|
```
|
||||||
|
|
||||||
|
3. 克隆仓库并首次构建:
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
git clone <repo-url> ~/nix-config
|
git clone <repo-url> ~/nix-config
|
||||||
cd ~/nix-config
|
cd ~/nix-config
|
||||||
# 首次(nix-darwin 尚未安装):
|
sudo nix run nix-darwin -- switch --flake .#macbook-air
|
||||||
sudo nix run nix-darwin -- switch --flake .#mac-mini
|
|
||||||
# 之后日常重建:
|
|
||||||
sudo darwin-rebuild switch --flake .#mac-mini
|
|
||||||
```
|
```
|
||||||
|
|
||||||
### WSL (Windows PC)
|
之后日常重建:`just rebuild macbook-air`
|
||||||
|
|
||||||
1. 安装 [NixOS-WSL](https://github.com/nix-community/NixOS-WSL/releases):
|
### WSL
|
||||||
|
|
||||||
|
1. 启用 WSL 并更新内核:
|
||||||
|
|
||||||
|
```powershell
|
||||||
|
wsl --install --no-distribution
|
||||||
|
wsl --update
|
||||||
|
```
|
||||||
|
|
||||||
|
2. 安装 [NixOS-WSL](https://github.com/nix-community/NixOS-WSL/releases):
|
||||||
|
|
||||||
```powershell
|
```powershell
|
||||||
wsl --import NixOS C:\wsl\nixos nixos-wsl.tar.gz
|
wsl --import NixOS C:\wsl\nixos nixos-wsl.tar.gz
|
||||||
wsl -d NixOS
|
wsl -d NixOS
|
||||||
```
|
```
|
||||||
|
|
||||||
2. 克隆仓库并构建:
|
3. 首次构建:
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
|
nix shell nixpkgs#git
|
||||||
git clone <repo-url> ~/nix-config
|
git clone <repo-url> ~/nix-config
|
||||||
cd ~/nix-config
|
cd ~/nix-config
|
||||||
sudo nixos-rebuild switch --flake .#wsl
|
sudo nixos-rebuild switch --flake .#wsl
|
||||||
```
|
```
|
||||||
|
|
||||||
|
之后日常重建:`just rebuild wsl`
|
||||||
|
|
||||||
## 仓库结构
|
## 仓库结构
|
||||||
|
|
||||||
```
|
```
|
||||||
├── flake.nix # 入口:输入源 + 输出配置
|
flake.nix # 入口
|
||||||
├── flake.lock # 依赖锁定文件
|
hosts/ # 主机特定配置
|
||||||
├── hosts/
|
modules/
|
||||||
│ ├── mac-mini/default.nix # Mac Mini 特定配置
|
├── darwin/ # macOS 模块
|
||||||
│ ├── macbook-air/default.nix# MacBook Air 特定配置
|
├── nixos/ # NixOS 模块
|
||||||
│ └── wsl/default.nix # WSL 特定配置
|
└── shared/ # 共享模块
|
||||||
├── modules/
|
home/ # Home Manager 配置
|
||||||
│ ├── darwin/default.nix # macOS 模块(Homebrew、系统偏好等)
|
├── dev/ # 开发工具
|
||||||
│ ├── nixos/ # NixOS 模块
|
└── shell/ # Shell 配置
|
||||||
│ │ ├── base.nix # 基础包
|
lib/default.nix # 构建辅助函数
|
||||||
│ │ ├── docker.nix # Docker 配置
|
overlays/ + pkgs/ # 自定义包
|
||||||
│ │ ├── locale.nix # 区域 / 语言
|
|
||||||
│ │ └── default.nix # 入口(用户、shell)
|
|
||||||
│ └── shared/ # 共享模块(Nix 设置)
|
|
||||||
├── home/ # Home Manager 配置
|
|
||||||
│ ├── default.nix # 入口 + 用户级包
|
|
||||||
│ ├── theme.nix # Catppuccin 主题
|
|
||||||
│ ├── dev/ # 开发工具
|
|
||||||
│ │ ├── neovim.nix
|
|
||||||
│ │ ├── languages.nix # 语言运行时、LSP
|
|
||||||
│ │ └── git.nix
|
|
||||||
│ └── shell/ # Shell 配置
|
|
||||||
│ ├── fish.nix # Fish shell
|
|
||||||
│ ├── starship.nix # Prompt
|
|
||||||
│ └── tools.nix # fzf, atuin, zoxide 等
|
|
||||||
├── lib/default.nix # 构建辅助函数
|
|
||||||
├── overlays/ # 自定义包覆盖
|
|
||||||
└── pkgs/ # 自定义包
|
|
||||||
```
|
```
|
||||||
|
|
||||||
**配置层级**:`hosts/*`(主机特定) → `modules/*`(平台模块) → `home/*`(用户级,跨平台共享)
|
配置层级:`hosts/*` → `modules/*` → `home/*`
|
||||||
|
|
||||||
## 日常使用
|
## 日常使用
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
# 重建(abbreviation 自动选择 darwin-rebuild 或 nixos-rebuild)
|
just rebuild <host> # 重建系统
|
||||||
rebuild
|
just update # 更新所有 flake 输入
|
||||||
|
just up <input> # 更新单个输入
|
||||||
# 更新所有依赖
|
just check # 检查配置
|
||||||
update
|
just clean # 清理旧 generation
|
||||||
|
just rollback # 回滚(仅 NixOS)
|
||||||
# 回滚(NixOS)
|
just history # 查看 profile 历史
|
||||||
sudo nixos-rebuild switch --rollback
|
just show # 显示 flake 输出
|
||||||
|
|
||||||
# 清理旧 generation
|
|
||||||
sudo nix-collect-garbage -d # NixOS
|
|
||||||
nix-collect-garbage -d # macOS
|
|
||||||
```
|
```
|
||||||
|
|
||||||
## Shell
|
## Shell
|
||||||
|
|
||||||
使用 **Fish** 作为默认 shell,搭配:
|
Fish + Starship + Atuin + Zoxide + FZF + Direnv,Catppuccin Mocha 主题。
|
||||||
|
|
||||||
- **Starship** — 跨平台 prompt
|
常用自定义:
|
||||||
- **Atuin** — shell 历史搜索
|
- fish abbreviation → `home/shell/fish.nix`
|
||||||
- **Zoxide** — 智能 cd(`cd` = zoxide, `cdi` = 交互选择)
|
- 添加包 → `home/default.nix` 或 `home/dev/languages.nix`
|
||||||
- **FZF** — 模糊搜索(Ctrl-R 历史, Ctrl-T 文件, Alt-C 目录)
|
- Homebrew cask → `modules/darwin/default.nix`
|
||||||
- **Direnv** — 自动加载项目环境
|
|
||||||
- **Catppuccin Mocha** — 统一主题
|
|
||||||
|
|
||||||
### 自定义
|
## Environment
|
||||||
|
|
||||||
- 添加 fish abbreviation: 编辑 `home/shell/fish.nix` 中的 `shellAbbrs`
|
1Password CLI `op inject` 获取环境变量,本地缓存后离线可用。
|
||||||
- 添加包: 编辑 `home/default.nix` 或 `home/dev/languages.nix`
|
|
||||||
- 添加 Homebrew cask: 编辑 `modules/darwin/default.nix` 中的 `homebrew.casks`
|
模板文件 `~/.config/op-env/env.tpl` 由 `home/shell/fish.nix` 生成,仅包含 `op://` 引用,可安全提交。
|
||||||
- 查包名: `nix search nixpkgs <关键词>` 或 [search.nixos.org](https://search.nixos.org/packages)
|
|
||||||
|
Shell 启动时只读取本地缓存(`~/.cache/op-env/env.fish`),不联网。首次使用或密钥变更后需手动刷新:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
op-env-refresh # 从 1Password 获取并缓存(需联网)
|
||||||
|
op-env-clear # 清除本地缓存
|
||||||
|
```
|
||||||
|
|
||||||
|
认证需要在 `~/.config/fish/local.fish`(gitignored)中设置:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
set -gx OP_SERVICE_ACCOUNT_TOKEN "your-service-account-token"
|
||||||
|
```
|
||||||
|
|
||||||
|
未设置 token 时 `op-env-refresh` 会提示错误,不影响已有缓存的正常使用。
|
||||||
|
|||||||
Generated
+6
-6
@@ -7,11 +7,11 @@
|
|||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1775994227,
|
"lastModified": 1776190523,
|
||||||
"narHash": "sha256-4VKeWtl9dEubrgpy9fSXkXbjBZlNXPNlQQM5l1ppHv4=",
|
"narHash": "sha256-qfZWzaWuXfbF487cXj43uT7HWtqF45A+g7g59fOPYsk=",
|
||||||
"owner": "catppuccin",
|
"owner": "catppuccin",
|
||||||
"repo": "nix",
|
"repo": "nix",
|
||||||
"rev": "d0a9a21ed8e235956a768fc624242ec9a3e15575",
|
"rev": "2eefec08414e2f90824bf2b508ea38ef6f295dfa",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
@@ -61,11 +61,11 @@
|
|||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1776046499,
|
"lastModified": 1776184304,
|
||||||
"narHash": "sha256-Wzc4nn07/0RL21ypPHRzNDQZcjhIC8LaYo7QJQjM5T4=",
|
"narHash": "sha256-No6QGBmIv5ChiwKCcbkxjdEQ/RO2ZS1gD7SFy6EZ7rc=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "home-manager",
|
"repo": "home-manager",
|
||||||
"rev": "287f84846c1eb3b72c986f5f6bebcff0bd67440d",
|
"rev": "3c7524c68348ef79ce48308e0978611a050089b2",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|||||||
@@ -37,7 +37,7 @@
|
|||||||
mylib = import ./lib { inherit inputs; };
|
mylib = import ./lib { inherit inputs; };
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
# ── macOS hosts ─────────────────────────────────────
|
# ── macOS 主机 ──────────────────────────────────────
|
||||||
darwinConfigurations = {
|
darwinConfigurations = {
|
||||||
mac-mini = mylib.mkDarwin {
|
mac-mini = mylib.mkDarwin {
|
||||||
hostname = "awesome-mac-mini";
|
hostname = "awesome-mac-mini";
|
||||||
@@ -54,7 +54,7 @@
|
|||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
# ── NixOS hosts (WSL on Windows PC) ─────────────────
|
# ── NixOS 主机(Windows PC 上的 WSL)──────────────
|
||||||
nixosConfigurations = {
|
nixosConfigurations = {
|
||||||
wsl = mylib.mkNixos {
|
wsl = mylib.mkNixos {
|
||||||
hostname = "awesome-wsl";
|
hostname = "awesome-wsl";
|
||||||
@@ -67,14 +67,19 @@
|
|||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
# ── Packages ────────────────────────────────────────
|
# ── 自定义包 ─────────────────────────────────────────
|
||||||
packages = nixpkgs.lib.genAttrs [ "aarch64-darwin" "x86_64-linux" ] (system: {
|
packages = nixpkgs.lib.genAttrs [ "aarch64-darwin" "x86_64-linux" ] (
|
||||||
comment-checker =
|
system:
|
||||||
(import nixpkgs {
|
let
|
||||||
|
pkgs = import nixpkgs {
|
||||||
inherit system;
|
inherit system;
|
||||||
overlays = [ self.overlays.default ];
|
overlays = [ self.overlays.default ];
|
||||||
}).comment-checker;
|
};
|
||||||
});
|
in
|
||||||
|
{
|
||||||
|
inherit (pkgs) comment-checker;
|
||||||
|
}
|
||||||
|
);
|
||||||
|
|
||||||
# ── Overlays ───────────────────────────────────────
|
# ── Overlays ───────────────────────────────────────
|
||||||
overlays.default = import ./overlays;
|
overlays.default = import ./overlays;
|
||||||
|
|||||||
+34
-40
@@ -1,6 +1,5 @@
|
|||||||
{
|
{
|
||||||
inputs,
|
inputs,
|
||||||
lib,
|
|
||||||
username,
|
username,
|
||||||
pkgs,
|
pkgs,
|
||||||
...
|
...
|
||||||
@@ -11,57 +10,52 @@
|
|||||||
inputs.catppuccin.homeModules.catppuccin
|
inputs.catppuccin.homeModules.catppuccin
|
||||||
./shell
|
./shell
|
||||||
./dev
|
./dev
|
||||||
./theme.nix
|
|
||||||
];
|
];
|
||||||
|
|
||||||
|
catppuccin = {
|
||||||
|
enable = true;
|
||||||
|
flavor = "mocha";
|
||||||
|
};
|
||||||
|
|
||||||
home = {
|
home = {
|
||||||
username = username;
|
username = username;
|
||||||
homeDirectory = if pkgs.stdenv.isDarwin then "/Users/${username}" else "/home/${username}";
|
homeDirectory = if pkgs.stdenv.isDarwin then "/Users/${username}" else "/home/${username}";
|
||||||
stateVersion = "24.11";
|
stateVersion = "25.11";
|
||||||
};
|
};
|
||||||
|
|
||||||
# ── User-level packages ────────────────────────────
|
home.packages = with pkgs; [
|
||||||
home.packages =
|
# 现代 CLI 替代工具
|
||||||
with pkgs;
|
dust # du
|
||||||
[
|
duf # df
|
||||||
# Modern CLI replacements
|
procs # ps
|
||||||
dust # du
|
sd # sed
|
||||||
duf # df
|
jq # JSON
|
||||||
procs # ps
|
yq # YAML
|
||||||
sd # sed
|
wget
|
||||||
xh # curl/httpie
|
|
||||||
jq # JSON
|
|
||||||
yq # YAML
|
|
||||||
wget
|
|
||||||
|
|
||||||
# System info
|
# 系统信息
|
||||||
fastfetch
|
fastfetch
|
||||||
tealdeer # tldr
|
tealdeer # tldr
|
||||||
|
|
||||||
# File management
|
# 文件管理
|
||||||
gomi
|
gomi
|
||||||
|
ouch # 压缩/解压
|
||||||
|
|
||||||
# Nix tools
|
# Nix 工具
|
||||||
nix-output-monitor # nom
|
nix-output-monitor # nom
|
||||||
nvd # nix version diff
|
nvd # Nix 版本对比
|
||||||
nh # nix helper
|
nh # Nix 辅助工具
|
||||||
just
|
just
|
||||||
|
|
||||||
# Secrets management (WSL uses Windows op.exe via interop)
|
# AI 编程代理
|
||||||
]
|
opencode
|
||||||
++ lib.optionals pkgs.stdenv.isDarwin [
|
comment-checker
|
||||||
_1password-cli
|
skills
|
||||||
]
|
|
||||||
++ (with pkgs; [
|
|
||||||
# AI coding agent
|
|
||||||
opencode
|
|
||||||
comment-checker
|
|
||||||
|
|
||||||
# Misc
|
# 其他
|
||||||
ffmpeg
|
ffmpeg
|
||||||
pandoc
|
pandoc
|
||||||
]);
|
];
|
||||||
|
|
||||||
# XDG directories
|
|
||||||
xdg.enable = true;
|
xdg.enable = true;
|
||||||
}
|
}
|
||||||
|
|||||||
+4
-8
@@ -1,14 +1,12 @@
|
|||||||
{ ... }:
|
_:
|
||||||
|
|
||||||
{
|
{
|
||||||
programs.git = {
|
programs.git = {
|
||||||
enable = true;
|
enable = true;
|
||||||
signing.format = null;
|
signing.format = null;
|
||||||
settings = {
|
settings = {
|
||||||
user = {
|
user.name = "imbytecat";
|
||||||
name = "imbytecat";
|
user.email = "imbytecat@gmail.com";
|
||||||
email = "imbytecat@gmail.com";
|
|
||||||
};
|
|
||||||
merge.conflictstyle = "zdiff3";
|
merge.conflictstyle = "zdiff3";
|
||||||
pull.rebase = true;
|
pull.rebase = true;
|
||||||
push.autoSetupRemote = true;
|
push.autoSetupRemote = true;
|
||||||
@@ -36,9 +34,7 @@
|
|||||||
nerdFontsVersion = "3";
|
nerdFontsVersion = "3";
|
||||||
showBottomLine = false;
|
showBottomLine = false;
|
||||||
};
|
};
|
||||||
git.pagers = [
|
git.pagers = [ { pager = "delta --paging=never"; } ];
|
||||||
{ pager = "delta --paging=never"; }
|
|
||||||
];
|
|
||||||
update.method = "never";
|
update.method = "never";
|
||||||
disableStartupPopups = true;
|
disableStartupPopups = true;
|
||||||
};
|
};
|
||||||
|
|||||||
+21
-17
@@ -2,18 +2,16 @@
|
|||||||
|
|
||||||
{
|
{
|
||||||
home.packages = with pkgs; [
|
home.packages = with pkgs; [
|
||||||
# ── Language runtimes ──
|
# ── 语言运行时 ──
|
||||||
# Node.js: 默认跟随 nixpkgs,当前 unstable 为 v24.14.0
|
|
||||||
# 如需固定 LTS 版本,改为: nodejs_22 或 nodejs_20
|
|
||||||
nodejs
|
nodejs
|
||||||
go
|
go
|
||||||
bun
|
bun
|
||||||
|
python3
|
||||||
|
|
||||||
# ── Package management / version management ──
|
# ── 包管理 / 版本管理 ──
|
||||||
mise
|
|
||||||
uv
|
uv
|
||||||
|
|
||||||
# ── LSP servers ──
|
# ── LSP 服务器 ──
|
||||||
bash-language-server
|
bash-language-server
|
||||||
gopls
|
gopls
|
||||||
typescript-language-server
|
typescript-language-server
|
||||||
@@ -21,25 +19,31 @@
|
|||||||
vue-language-server
|
vue-language-server
|
||||||
dockerfile-language-server
|
dockerfile-language-server
|
||||||
lua-language-server
|
lua-language-server
|
||||||
nixd # Nix LSP
|
nixd
|
||||||
just-lsp # Justfile LSP
|
just-lsp
|
||||||
|
|
||||||
# ── Linter / Formatter ──
|
# ── 代码检查 / 格式化 ──
|
||||||
biome
|
biome
|
||||||
ruff
|
ruff
|
||||||
shellcheck
|
shellcheck
|
||||||
shfmt
|
shfmt
|
||||||
nixfmt # nix formatter
|
nixfmt
|
||||||
statix # nix linter
|
statix
|
||||||
stylua
|
stylua
|
||||||
|
|
||||||
# ── Code intelligence ──
|
# ── 代码智能 ──
|
||||||
ast-grep
|
ast-grep
|
||||||
];
|
];
|
||||||
|
|
||||||
# ── mise config ──────────────────────────────────────
|
# ── mise ─────────────────────────────────────────────
|
||||||
xdg.configFile."mise/config.toml".text = ''
|
programs.mise = {
|
||||||
[settings]
|
enable = true;
|
||||||
trusted_config_paths = ["/"]
|
enableFishIntegration = true;
|
||||||
'';
|
globalConfig = {
|
||||||
|
settings = {
|
||||||
|
trusted_config_paths = [ "/" ];
|
||||||
|
all_compile = false;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
|||||||
+3
-3
@@ -1,7 +1,7 @@
|
|||||||
{ ... }:
|
_:
|
||||||
|
|
||||||
{
|
{
|
||||||
# Disable catppuccin/nix neovim integration — LazyVim manages its own colorscheme
|
# 禁用 catppuccin/nix 的 Neovim 集成 — LazyVim 自行管理配色方案
|
||||||
catppuccin.nvim.enable = false;
|
catppuccin.nvim.enable = false;
|
||||||
|
|
||||||
programs.neovim = {
|
programs.neovim = {
|
||||||
@@ -22,7 +22,7 @@
|
|||||||
lang.docker.enable = true;
|
lang.docker.enable = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
# Catppuccin Mocha colorscheme (managed by LazyVim, not catppuccin/nix)
|
# Catppuccin Mocha 配色方案(由 LazyVim 管理,非 catppuccin/nix)
|
||||||
plugins = {
|
plugins = {
|
||||||
colorscheme = ''
|
colorscheme = ''
|
||||||
return {
|
return {
|
||||||
|
|||||||
@@ -1,6 +1,7 @@
|
|||||||
{
|
{
|
||||||
imports = [
|
imports = [
|
||||||
./fish.nix
|
./fish.nix
|
||||||
|
./ghostty.nix
|
||||||
./starship.nix
|
./starship.nix
|
||||||
./tools.nix
|
./tools.nix
|
||||||
];
|
];
|
||||||
|
|||||||
+102
-46
@@ -1,79 +1,135 @@
|
|||||||
{ ... }:
|
|
||||||
|
|
||||||
{
|
{
|
||||||
# ── 1Password env template ──────────────────────────
|
config,
|
||||||
# op:// references only — no real secrets, safe to commit
|
pkgs,
|
||||||
xdg.configFile."op/env.tpl".text = ''
|
lib,
|
||||||
AI_GATEWAY_BASE_URL={{ op://Private/AI Gateway API/URL }}
|
...
|
||||||
AI_GATEWAY_API_KEY={{ op://Private/AI Gateway API/credential }}
|
}:
|
||||||
EXA_API_KEY={{ op://Private/Exa API/credential }}
|
|
||||||
CONTEXT7_API_KEY={{ op://Private/Context7 API/credential }}
|
let
|
||||||
|
envTpl = "${config.xdg.configHome}/op-env/env.tpl";
|
||||||
|
envCache = "${config.xdg.cacheHome}/op-env/env.fish";
|
||||||
|
in
|
||||||
|
{
|
||||||
|
# ── 1Password 环境变量模板 ─────────────────────────────
|
||||||
|
# 仅包含 op:// 引用 — 无真实密钥,可安全提交
|
||||||
|
# 放在 ~/.config/op 之外 — 该目录必须是 700 权限且属于 op CLI
|
||||||
|
xdg.configFile."op-env/env.tpl".text = ''
|
||||||
|
set -gx AI_GATEWAY_BASE_URL "{{ op://Developer/AI Gateway API/URL }}"
|
||||||
|
set -gx AI_GATEWAY_API_KEY "{{ op://Developer/AI Gateway API/credential }}"
|
||||||
|
set -gx EXA_API_KEY "{{ op://Developer/Exa API/credential }}"
|
||||||
|
set -gx CONTEXT7_API_KEY "{{ op://Developer/Context7 API/credential }}"
|
||||||
'';
|
'';
|
||||||
|
|
||||||
programs.fish = {
|
programs.fish = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
|
||||||
shellAbbrs = {
|
shellAbbrs = {
|
||||||
# Navigation
|
# 导航(一次性命令,无需记录历史)
|
||||||
".." = "cd ..";
|
".." = "cd ..";
|
||||||
"..." = "cd ../..";
|
"..." = "cd ../..";
|
||||||
|
};
|
||||||
|
|
||||||
# File listing (eza)
|
shellAliases = {
|
||||||
ls = "eza --icons --group-directories-first";
|
# 文件列表(eza)— 基础别名(ls/la/lt)来自 programs.eza
|
||||||
ll = "eza -la --icons --git --group-directories-first";
|
ll = "eza -lh";
|
||||||
la = "eza -a --icons --group-directories-first";
|
lla = "eza -lah --time-style=long-iso";
|
||||||
lt = "eza --tree --level=2 --icons";
|
|
||||||
|
|
||||||
# Tools
|
|
||||||
cat = "bat --paging=never";
|
cat = "bat --paging=never";
|
||||||
rm = "gomi";
|
rm = "gomi";
|
||||||
lg = "lazygit";
|
lg = "lazygit";
|
||||||
vi = "nvim";
|
|
||||||
|
|
||||||
# Network
|
|
||||||
http = "xh";
|
|
||||||
|
|
||||||
};
|
};
|
||||||
|
|
||||||
interactiveShellInit = ''
|
interactiveShellInit = ''
|
||||||
# No greeting
|
|
||||||
set -g fish_greeting
|
set -g fish_greeting
|
||||||
|
|
||||||
# PATH
|
|
||||||
fish_add_path $HOME/go/bin $HOME/.bun/bin
|
fish_add_path $HOME/go/bin $HOME/.bun/bin
|
||||||
|
${lib.optionalString pkgs.stdenv.isDarwin ''fish_add_path "/Applications/Visual Studio Code.app/Contents/Resources/app/bin"''}
|
||||||
|
|
||||||
# mise
|
# 双击 Escape 在命令前插入 sudo
|
||||||
mise activate fish | source
|
|
||||||
|
|
||||||
# Sudo: double Escape to prepend sudo
|
|
||||||
bind \e\e 'fish_commandline_prepend sudo'
|
bind \e\e 'fish_commandline_prepend sudo'
|
||||||
|
|
||||||
# WSL clipboard
|
# WSL 剪贴板
|
||||||
if set -q WSL_DISTRO_NAME
|
if set -q WSL_DISTRO_NAME
|
||||||
alias pbcopy clip.exe
|
alias pbcopy clip.exe
|
||||||
alias pbpaste "powershell.exe -noprofile -c Get-Clipboard"
|
alias pbpaste "powershell.exe -noprofile -c Get-Clipboard"
|
||||||
alias op op.exe
|
|
||||||
end
|
end
|
||||||
|
|
||||||
# User-local overrides
|
# Windows Terminal:发送 OSC 9;9 使新标签页/窗格在同一目录打开
|
||||||
|
function __wt_osc9_9 --on-variable PWD
|
||||||
|
if test -n "$WT_SESSION"
|
||||||
|
printf "\e]9;9;%s\e\\" (wslpath -w "$PWD")
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
# 1Password → 环境变量(本地缓存,启动时不联网)
|
||||||
|
# 启动时仅加载缓存;手动执行 op-env-refresh 拉取/更新
|
||||||
|
# 通过 OP_SERVICE_ACCOUNT_TOKEN 认证(在 ~/.config/fish/local.fish 中设置)
|
||||||
|
function op-env-refresh --description "Fetch secrets from 1Password and cache locally"
|
||||||
|
if not type -q op
|
||||||
|
echo "op-env: op CLI not found in PATH" >&2
|
||||||
|
return 1
|
||||||
|
end
|
||||||
|
if not set -q OP_SERVICE_ACCOUNT_TOKEN; or test -z "$OP_SERVICE_ACCOUNT_TOKEN"
|
||||||
|
echo "op-env: OP_SERVICE_ACCOUNT_TOKEN is not set" >&2
|
||||||
|
return 1
|
||||||
|
end
|
||||||
|
if not test -f "${envTpl}"
|
||||||
|
echo "op-env: template not found: ${envTpl}" >&2
|
||||||
|
return 1
|
||||||
|
end
|
||||||
|
set -l cache_dir (path dirname "${envCache}")
|
||||||
|
if not mkdir -p "$cache_dir"; or not chmod 700 "$cache_dir"
|
||||||
|
echo "op-env: cannot prepare cache dir: $cache_dir" >&2
|
||||||
|
return 1
|
||||||
|
end
|
||||||
|
set -l tmp (mktemp "$cache_dir/.tmp.XXXXXX")
|
||||||
|
or begin
|
||||||
|
echo "op-env: mktemp failed" >&2
|
||||||
|
return 1
|
||||||
|
end
|
||||||
|
if not op inject --in-file "${envTpl}" > "$tmp"
|
||||||
|
command rm -f "$tmp"
|
||||||
|
echo "op-env: inject failed; old cache kept" >&2
|
||||||
|
return 1
|
||||||
|
end
|
||||||
|
# 替换缓存前记录旧变量名
|
||||||
|
set -l old_vars
|
||||||
|
if test -f "${envCache}"
|
||||||
|
set old_vars (string match -rg 'set -gx (\S+)' < "${envCache}")
|
||||||
|
end
|
||||||
|
if not mv "$tmp" "${envCache}"
|
||||||
|
command rm -f "$tmp"
|
||||||
|
echo "op-env: cannot replace cache file" >&2
|
||||||
|
return 1
|
||||||
|
end
|
||||||
|
for var in $old_vars
|
||||||
|
set -e $var
|
||||||
|
end
|
||||||
|
if not source "${envCache}"
|
||||||
|
echo "op-env: cache written but could not be sourced" >&2
|
||||||
|
return 1
|
||||||
|
end
|
||||||
|
echo "op-env: refreshed"
|
||||||
|
end
|
||||||
|
|
||||||
|
function op-env-clear --description "Clear cached secrets"
|
||||||
|
if test -f "${envCache}"
|
||||||
|
for var in (string match -rg 'set -gx (\S+)' < "${envCache}")
|
||||||
|
set -e $var
|
||||||
|
end
|
||||||
|
command rm -f "${envCache}"
|
||||||
|
end
|
||||||
|
echo "op-env: cleared"
|
||||||
|
end
|
||||||
|
|
||||||
|
# 加载缓存的密钥(即时,不联网)
|
||||||
|
if test -f "${envCache}"
|
||||||
|
source "${envCache}"
|
||||||
|
end
|
||||||
|
|
||||||
|
# 用户本地配置(OP_SERVICE_ACCOUNT_TOKEN、机器特定覆盖)
|
||||||
if test -f ~/.config/fish/local.fish
|
if test -f ~/.config/fish/local.fish
|
||||||
source ~/.config/fish/local.fish
|
source ~/.config/fish/local.fish
|
||||||
end
|
end
|
||||||
|
|
||||||
# 1Password → env vars (single op call, silent if locked)
|
|
||||||
function op-env --description "Load secrets from 1Password"
|
|
||||||
if not type -q op; or not test -f ~/.config/op/env.tpl
|
|
||||||
return 1
|
|
||||||
end
|
|
||||||
for line in (op inject < ~/.config/op/env.tpl 2>/dev/null)
|
|
||||||
string match -qr '^\s*(#|$)' -- $line; and continue
|
|
||||||
set -l kv (string split -m 1 '=' $line)
|
|
||||||
if test (count $kv) -ge 2
|
|
||||||
set -gx $kv[1] $kv[2]
|
|
||||||
end
|
|
||||||
end
|
|
||||||
end
|
|
||||||
op-env
|
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -0,0 +1,13 @@
|
|||||||
|
{ pkgs, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
programs.ghostty = {
|
||||||
|
enable = pkgs.stdenv.isDarwin;
|
||||||
|
package = null; # 通过 Homebrew cask 安装
|
||||||
|
settings = {
|
||||||
|
font-family = "Maple Mono NF CN";
|
||||||
|
font-size = 14;
|
||||||
|
shell-integration-features = "cursor,sudo,title,ssh-env,ssh-terminfo";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
||||||
+24
-16
@@ -18,10 +18,11 @@
|
|||||||
"$git_branch"
|
"$git_branch"
|
||||||
"$git_status"
|
"$git_status"
|
||||||
"[](fg:yellow bg:green)"
|
"[](fg:yellow bg:green)"
|
||||||
"$nodejs"
|
"$bun"
|
||||||
"$python"
|
|
||||||
"$golang"
|
"$golang"
|
||||||
"$nix_shell"
|
"$nix_shell"
|
||||||
|
"$nodejs"
|
||||||
|
"$python"
|
||||||
"[](fg:green bg:sapphire)"
|
"[](fg:green bg:sapphire)"
|
||||||
"$docker_context"
|
"$docker_context"
|
||||||
"[](fg:sapphire bg:lavender)"
|
"[](fg:sapphire bg:lavender)"
|
||||||
@@ -38,6 +39,7 @@
|
|||||||
symbols = {
|
symbols = {
|
||||||
Linux = "";
|
Linux = "";
|
||||||
Macos = "";
|
Macos = "";
|
||||||
|
NixOS = "";
|
||||||
Windows = "";
|
Windows = "";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
@@ -55,11 +57,11 @@
|
|||||||
truncation_length = 3;
|
truncation_length = 3;
|
||||||
truncation_symbol = "…/";
|
truncation_symbol = "…/";
|
||||||
substitutions = {
|
substitutions = {
|
||||||
Developer = " ";
|
Developer = "";
|
||||||
Documents = " ";
|
Documents = "";
|
||||||
Downloads = " ";
|
Downloads = "";
|
||||||
Music = " ";
|
Music = "";
|
||||||
Pictures = " ";
|
Pictures = "";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
@@ -74,17 +76,10 @@
|
|||||||
format = "[[($all_status$ahead_behind )](fg:crust bg:yellow)]($style)";
|
format = "[[($all_status$ahead_behind )](fg:crust bg:yellow)]($style)";
|
||||||
};
|
};
|
||||||
|
|
||||||
nodejs = {
|
bun = {
|
||||||
symbol = "";
|
symbol = "";
|
||||||
style = "bg:green";
|
style = "bg:green";
|
||||||
format = "[[ $symbol( $version) ](fg:crust bg:green)]($style)";
|
format = "[[ $symbol( $version) ](fg:crust bg:green)]($style)";
|
||||||
detect_extensions = [ ];
|
|
||||||
};
|
|
||||||
|
|
||||||
python = {
|
|
||||||
symbol = "";
|
|
||||||
style = "bg:green";
|
|
||||||
format = "[[ $symbol( $version)(\\($virtualenv\\)) ](fg:crust bg:green)]($style)";
|
|
||||||
};
|
};
|
||||||
|
|
||||||
golang = {
|
golang = {
|
||||||
@@ -99,6 +94,19 @@
|
|||||||
format = "[[ $symbol$state( \\($name\\)) ](fg:crust bg:green)]($style)";
|
format = "[[ $symbol$state( \\($name\\)) ](fg:crust bg:green)]($style)";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
nodejs = {
|
||||||
|
symbol = "";
|
||||||
|
style = "bg:green";
|
||||||
|
format = "[[ $symbol( $version) ](fg:crust bg:green)]($style)";
|
||||||
|
detect_extensions = [ ];
|
||||||
|
};
|
||||||
|
|
||||||
|
python = {
|
||||||
|
symbol = "";
|
||||||
|
style = "bg:green";
|
||||||
|
format = "[[ $symbol( $version)(\\($virtualenv\\)) ](fg:crust bg:green)]($style)";
|
||||||
|
};
|
||||||
|
|
||||||
docker_context = {
|
docker_context = {
|
||||||
symbol = "";
|
symbol = "";
|
||||||
style = "bg:sapphire";
|
style = "bg:sapphire";
|
||||||
|
|||||||
+10
-11
@@ -19,7 +19,7 @@
|
|||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
# ── Atuin (shell history) ────────────────────────────
|
# ── Atuin(Shell 历史记录)─────────────────────────────
|
||||||
programs.atuin = {
|
programs.atuin = {
|
||||||
enable = true;
|
enable = true;
|
||||||
enableFishIntegration = true;
|
enableFishIntegration = true;
|
||||||
@@ -33,11 +33,11 @@
|
|||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
# ── Zoxide (smart cd) ───────────────────────────────
|
# ── Zoxide(智能 cd)──────────────────────────────────
|
||||||
programs.zoxide = {
|
programs.zoxide = {
|
||||||
enable = true;
|
enable = true;
|
||||||
enableFishIntegration = true;
|
enableFishIntegration = true;
|
||||||
options = [ "--cmd cd" ]; # cd/cdi instead of z/zi
|
options = [ "--cmd cd" ]; # 用 cd/cdi 替代 z/zi
|
||||||
};
|
};
|
||||||
|
|
||||||
# ── Direnv + nix-direnv ─────────────────────────────
|
# ── Direnv + nix-direnv ─────────────────────────────
|
||||||
@@ -50,7 +50,7 @@
|
|||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
# ── Bat (cat replacement) ───────────────────────────
|
# ── Bat(cat 替代)────────────────────────────────────
|
||||||
programs.bat = {
|
programs.bat = {
|
||||||
enable = true;
|
enable = true;
|
||||||
extraPackages = with pkgs.bat-extras; [
|
extraPackages = with pkgs.bat-extras; [
|
||||||
@@ -59,26 +59,25 @@
|
|||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
# ── Eza (ls replacement) ────────────────────────────
|
# ── Eza(ls 替代)─────────────────────────────────────
|
||||||
programs.eza = {
|
programs.eza = {
|
||||||
enable = true;
|
enable = true;
|
||||||
enableFishIntegration = false; # we use custom abbrs in fish.nix
|
enableFishIntegration = true;
|
||||||
git = true;
|
git = true;
|
||||||
icons = "auto";
|
icons = "auto";
|
||||||
extraOptions = [
|
extraOptions = [
|
||||||
"--color=always"
|
|
||||||
"--group-directories-first"
|
"--group-directories-first"
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
# ── Yazi (file manager) ─────────────────────────────
|
# ── Yazi(文件管理器)────────────────────────────────
|
||||||
programs.yazi = {
|
programs.yazi = {
|
||||||
enable = true;
|
enable = true;
|
||||||
enableFishIntegration = true;
|
enableFishIntegration = true;
|
||||||
shellWrapperName = "y";
|
shellWrapperName = "y";
|
||||||
};
|
};
|
||||||
|
|
||||||
# ── Btop (system monitor) ───────────────────────────
|
# ── Btop(系统监控)──────────────────────────────────
|
||||||
programs.btop = {
|
programs.btop = {
|
||||||
enable = true;
|
enable = true;
|
||||||
settings = {
|
settings = {
|
||||||
@@ -86,10 +85,10 @@
|
|||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
# ── Zellij (terminal multiplexer) ────────────────────
|
# ── Zellij(终端复用器)──────────────────────────────
|
||||||
programs.zellij = {
|
programs.zellij = {
|
||||||
enable = true;
|
enable = true;
|
||||||
enableFishIntegration = true;
|
enableFishIntegration = false;
|
||||||
settings = {
|
settings = {
|
||||||
show_startup_tips = false;
|
show_startup_tips = false;
|
||||||
};
|
};
|
||||||
|
|||||||
@@ -1,8 +0,0 @@
|
|||||||
{ ... }:
|
|
||||||
|
|
||||||
{
|
|
||||||
catppuccin = {
|
|
||||||
enable = true;
|
|
||||||
flavor = "mocha";
|
|
||||||
};
|
|
||||||
}
|
|
||||||
@@ -1,13 +1,13 @@
|
|||||||
{ ... }:
|
{ ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
# ── Mac Mini specific ─────────────────────────────────
|
# ── Mac Mini 专属配置 ────────────────────────────────
|
||||||
# Always plugged in — 24/7 server role
|
# 常驻供电 — 全天候服务器角色
|
||||||
|
|
||||||
# Touch ID for sudo
|
# Touch ID 验证 sudo
|
||||||
security.pam.services.sudo_local.touchIdAuth = true;
|
security.pam.services.sudo_local.touchIdAuth = true;
|
||||||
|
|
||||||
# ── Never sleep ─────────────────────────────────────
|
# ── 禁止睡眠 ────────────────────────────────────────
|
||||||
power.sleep.computer = "never";
|
power.sleep.computer = "never";
|
||||||
power.sleep.display = "never";
|
power.sleep.display = "never";
|
||||||
power.sleep.harddisk = "never";
|
power.sleep.harddisk = "never";
|
||||||
@@ -15,17 +15,17 @@
|
|||||||
power.restartAfterPowerFailure = true;
|
power.restartAfterPowerFailure = true;
|
||||||
power.restartAfterFreeze = true;
|
power.restartAfterFreeze = true;
|
||||||
|
|
||||||
# ── Wake on LAN ──────────────────────────────────
|
# ── 网络唤醒(WoL)─────────────────────────────────
|
||||||
networking.wakeOnLan.enable = true;
|
networking.wakeOnLan.enable = true;
|
||||||
|
|
||||||
# ── Screen Sharing (VNC) & pmset ─────────────────
|
# ── 屏幕共享(VNC)& pmset ──────────────────────────
|
||||||
system.activationScripts.postActivation.text = ''
|
system.activationScripts.postActivation.text = ''
|
||||||
# VNC
|
# VNC
|
||||||
launchctl enable system/com.apple.screensharing
|
launchctl enable system/com.apple.screensharing
|
||||||
launchctl load -w /System/Library/LaunchDaemons/com.apple.screensharing.plist 2>/dev/null || true
|
launchctl load -w /System/Library/LaunchDaemons/com.apple.screensharing.plist 2>/dev/null || true
|
||||||
# Disable Power Nap
|
# 禁用 Power Nap
|
||||||
pmset -a powernap 0
|
pmset -a powernap 0
|
||||||
'';
|
'';
|
||||||
|
|
||||||
system.stateVersion = 5;
|
system.stateVersion = 6;
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -1,11 +1,16 @@
|
|||||||
{ ... }:
|
{ ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
# ── MacBook Air specific ──────────────────────────────
|
# ── MacBook Air 专属配置 ─────────────────────────────
|
||||||
# Portable — battery-conscious settings
|
# 便携设备 — 注意电池续航
|
||||||
|
|
||||||
# Touch ID for sudo
|
# Touch ID 验证 sudo
|
||||||
security.pam.services.sudo_local.touchIdAuth = true;
|
security.pam.services.sudo_local.touchIdAuth = true;
|
||||||
|
|
||||||
system.stateVersion = 5;
|
# ── 刘海屏适配 ──────────────────────────────────────
|
||||||
|
homebrew.casks = [
|
||||||
|
"thaw" # 刘海屏菜单栏管理工具
|
||||||
|
];
|
||||||
|
|
||||||
|
system.stateVersion = 6;
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -1,6 +1,10 @@
|
|||||||
{ username, ... }:
|
{ lib, username, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
|
# ── Shell ─────────────────────────────────────────────
|
||||||
|
# 移除 NixOS 默认别名(ls/ll/l)— 由 Home Manager eza 管理
|
||||||
|
environment.shellAliases = lib.mkForce { };
|
||||||
|
|
||||||
# ── WSL ──────────────────────────────────────────────
|
# ── WSL ──────────────────────────────────────────────
|
||||||
wsl = {
|
wsl = {
|
||||||
enable = true;
|
enable = true;
|
||||||
@@ -11,5 +15,5 @@
|
|||||||
# ── nix-ld (VSCode Remote, etc.) ────────────────────
|
# ── nix-ld (VSCode Remote, etc.) ────────────────────
|
||||||
programs.nix-ld.enable = true;
|
programs.nix-ld.enable = true;
|
||||||
|
|
||||||
system.stateVersion = "24.11";
|
system.stateVersion = "25.11";
|
||||||
}
|
}
|
||||||
|
|||||||
+9
-8
@@ -17,7 +17,7 @@ rebuild host:
|
|||||||
# Rebuild and switch to new system configuration
|
# Rebuild and switch to new system configuration
|
||||||
[linux]
|
[linux]
|
||||||
[group('build')]
|
[group('build')]
|
||||||
rebuild host="wsl":
|
rebuild host:
|
||||||
sudo nixos-rebuild switch --flake .#{{host}}
|
sudo nixos-rebuild switch --flake .#{{host}}
|
||||||
|
|
||||||
# Check configs evaluate without errors
|
# Check configs evaluate without errors
|
||||||
@@ -27,6 +27,12 @@ check:
|
|||||||
@nix eval .#darwinConfigurations.mac-mini.system > /dev/null && echo "mac-mini: ok"
|
@nix eval .#darwinConfigurations.mac-mini.system > /dev/null && echo "mac-mini: ok"
|
||||||
@nix eval .#darwinConfigurations.macbook-air.system > /dev/null && echo "macbook-air: ok"
|
@nix eval .#darwinConfigurations.macbook-air.system > /dev/null && echo "macbook-air: ok"
|
||||||
|
|
||||||
|
# Rollback to previous system generation
|
||||||
|
[linux]
|
||||||
|
[group('build')]
|
||||||
|
rollback:
|
||||||
|
sudo nixos-rebuild switch --rollback
|
||||||
|
|
||||||
# Check configs evaluate without errors
|
# Check configs evaluate without errors
|
||||||
[linux]
|
[linux]
|
||||||
[group('build')]
|
[group('build')]
|
||||||
@@ -66,15 +72,10 @@ clean:
|
|||||||
|
|
||||||
############################################################################
|
############################################################################
|
||||||
#
|
#
|
||||||
# Secrets & tooling
|
# Tooling
|
||||||
#
|
#
|
||||||
############################################################################
|
############################################################################
|
||||||
|
|
||||||
# Edit encrypted secrets
|
|
||||||
[group('tools')]
|
|
||||||
secrets:
|
|
||||||
sops secrets/secrets.yaml
|
|
||||||
|
|
||||||
# Generate .vscode/settings.json with LSP option completion
|
# Generate .vscode/settings.json with LSP option completion
|
||||||
[macos]
|
[macos]
|
||||||
[group('tools')]
|
[group('tools')]
|
||||||
@@ -85,6 +86,6 @@ lsp host:
|
|||||||
# Generate .vscode/settings.json with LSP option completion
|
# Generate .vscode/settings.json with LSP option completion
|
||||||
[linux]
|
[linux]
|
||||||
[group('tools')]
|
[group('tools')]
|
||||||
lsp host="wsl":
|
lsp host:
|
||||||
@jq --arg h "{{host}}" '."nix.serverSettings".nixd.options = {"nixos":{"expr":"(builtins.getFlake (toString ./.)).nixosConfigurations.\($h).options"},"home-manager":{"expr":"(builtins.getFlake (toString ./.)).nixosConfigurations.\($h).options.home-manager.users.type.getSubOptions []"}}' .vscode/settings.base.json > .vscode/settings.json
|
@jq --arg h "{{host}}" '."nix.serverSettings".nixd.options = {"nixos":{"expr":"(builtins.getFlake (toString ./.)).nixosConfigurations.\($h).options"},"home-manager":{"expr":"(builtins.getFlake (toString ./.)).nixosConfigurations.\($h).options.home-manager.users.type.getSubOptions []"}}' .vscode/settings.base.json > .vscode/settings.json
|
||||||
@echo "Generated .vscode/settings.json for {{host}}"
|
@echo "Generated .vscode/settings.json for {{host}}"
|
||||||
+33
-25
@@ -3,30 +3,28 @@
|
|||||||
let
|
let
|
||||||
inherit (inputs.nixpkgs) lib;
|
inherit (inputs.nixpkgs) lib;
|
||||||
|
|
||||||
# Shared home-manager configuration block
|
sshKeys = [
|
||||||
homeManagerConfig =
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDRTOo48gzzRGT+bF9dzJCFJu61YgsQVONFtxU9kTPIg"
|
||||||
{
|
];
|
||||||
username,
|
|
||||||
sharedModules ? [ ],
|
# 共享的 Home Manager 配置块
|
||||||
}:
|
homeManagerConfig = username: {
|
||||||
{
|
home-manager = {
|
||||||
home-manager = {
|
useGlobalPkgs = true;
|
||||||
useGlobalPkgs = true;
|
useUserPackages = true;
|
||||||
useUserPackages = true;
|
backupFileExtension = "bak";
|
||||||
backupFileExtension = "bak";
|
sharedModules = [
|
||||||
sharedModules = [
|
inputs.lazyvim.homeManagerModules.default
|
||||||
inputs.lazyvim.homeManagerModules.default
|
];
|
||||||
]
|
extraSpecialArgs = {
|
||||||
++ sharedModules;
|
inherit inputs username;
|
||||||
extraSpecialArgs = {
|
|
||||||
inherit inputs username;
|
|
||||||
};
|
|
||||||
users.${username} = import ../home;
|
|
||||||
};
|
};
|
||||||
|
users.${username} = import ../home;
|
||||||
};
|
};
|
||||||
|
};
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
# ── NixOS host builder ──────────────────────────────
|
# ── NixOS 主机构建器 ─────────────────────────────────
|
||||||
mkNixos =
|
mkNixos =
|
||||||
{
|
{
|
||||||
hostname,
|
hostname,
|
||||||
@@ -37,20 +35,25 @@ in
|
|||||||
lib.nixosSystem {
|
lib.nixosSystem {
|
||||||
inherit system;
|
inherit system;
|
||||||
specialArgs = {
|
specialArgs = {
|
||||||
inherit inputs hostname username;
|
inherit
|
||||||
|
inputs
|
||||||
|
hostname
|
||||||
|
username
|
||||||
|
sshKeys
|
||||||
|
;
|
||||||
};
|
};
|
||||||
modules = [
|
modules = [
|
||||||
../modules/shared
|
../modules/shared
|
||||||
../modules/nixos
|
../modules/nixos
|
||||||
inputs.home-manager.nixosModules.home-manager
|
inputs.home-manager.nixosModules.home-manager
|
||||||
inputs.catppuccin.nixosModules.catppuccin
|
inputs.catppuccin.nixosModules.catppuccin
|
||||||
(homeManagerConfig { inherit username; })
|
(homeManagerConfig username)
|
||||||
{ networking.hostName = hostname; }
|
{ networking.hostName = hostname; }
|
||||||
]
|
]
|
||||||
++ extraModules;
|
++ extraModules;
|
||||||
};
|
};
|
||||||
|
|
||||||
# ── nix-darwin host builder ─────────────────────────
|
# ── nix-darwin 主机构建器 ────────────────────────────
|
||||||
mkDarwin =
|
mkDarwin =
|
||||||
{
|
{
|
||||||
hostname,
|
hostname,
|
||||||
@@ -61,13 +64,18 @@ in
|
|||||||
inputs.nix-darwin.lib.darwinSystem {
|
inputs.nix-darwin.lib.darwinSystem {
|
||||||
inherit system;
|
inherit system;
|
||||||
specialArgs = {
|
specialArgs = {
|
||||||
inherit inputs hostname username;
|
inherit
|
||||||
|
inputs
|
||||||
|
hostname
|
||||||
|
username
|
||||||
|
sshKeys
|
||||||
|
;
|
||||||
};
|
};
|
||||||
modules = [
|
modules = [
|
||||||
../modules/shared
|
../modules/shared
|
||||||
../modules/darwin
|
../modules/darwin
|
||||||
inputs.home-manager.darwinModules.home-manager
|
inputs.home-manager.darwinModules.home-manager
|
||||||
(homeManagerConfig { inherit username; })
|
(homeManagerConfig username)
|
||||||
{ networking.hostName = hostname; }
|
{ networking.hostName = hostname; }
|
||||||
]
|
]
|
||||||
++ extraModules;
|
++ extraModules;
|
||||||
|
|||||||
+29
-26
@@ -1,37 +1,33 @@
|
|||||||
{ pkgs, username, ... }:
|
{
|
||||||
|
pkgs,
|
||||||
|
username,
|
||||||
|
sshKeys,
|
||||||
|
...
|
||||||
|
}:
|
||||||
|
|
||||||
{
|
{
|
||||||
# ── Primary user (required by nix-darwin) ──────────
|
|
||||||
system.primaryUser = username;
|
system.primaryUser = username;
|
||||||
|
|
||||||
# ── Shell ──────────────────────────────────────────
|
# ── 免密 sudo ────────────────────────────────────────
|
||||||
programs.fish.enable = true;
|
security.sudo.extraConfig = ''
|
||||||
|
${username} ALL=(ALL) NOPASSWD:ALL
|
||||||
|
'';
|
||||||
|
|
||||||
# ── SSH ───────────────────────────────────────────
|
|
||||||
services.openssh.enable = true;
|
|
||||||
|
|
||||||
# ── User ───────────────────────────────────────────
|
|
||||||
users.knownUsers = [ username ];
|
users.knownUsers = [ username ];
|
||||||
users.users.${username} = {
|
users.users.${username} = {
|
||||||
home = "/Users/${username}";
|
home = "/Users/${username}";
|
||||||
shell = pkgs.fish;
|
shell = pkgs.fish;
|
||||||
uid = 501;
|
uid = 501;
|
||||||
openssh.authorizedKeys.keys = [
|
openssh.authorizedKeys.keys = sshKeys;
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDRTOo48gzzRGT+bF9dzJCFJu61YgsQVONFtxU9kTPIg"
|
|
||||||
];
|
|
||||||
};
|
};
|
||||||
|
|
||||||
# ── Fonts ──────────────────────────────────────────
|
# ── macOS 系统偏好设置 ────────────────────────────────
|
||||||
fonts.packages = with pkgs; [
|
|
||||||
maple-mono.NF-CN-unhinted
|
|
||||||
nerd-fonts.symbols-only
|
|
||||||
];
|
|
||||||
|
|
||||||
# ── macOS system preferences ───────────────────────
|
|
||||||
system.defaults = {
|
system.defaults = {
|
||||||
LaunchServices.LSQuarantine = false;
|
LaunchServices.LSQuarantine = false;
|
||||||
dock = {
|
dock = {
|
||||||
autohide = true;
|
autohide = true;
|
||||||
|
autohide-delay = 0.0;
|
||||||
|
autohide-time-modifier = 0.15;
|
||||||
show-recents = false;
|
show-recents = false;
|
||||||
mru-spaces = false;
|
mru-spaces = false;
|
||||||
wvous-tl-corner = 1;
|
wvous-tl-corner = 1;
|
||||||
@@ -39,35 +35,40 @@
|
|||||||
wvous-bl-corner = 1;
|
wvous-bl-corner = 1;
|
||||||
wvous-br-corner = 1;
|
wvous-br-corner = 1;
|
||||||
};
|
};
|
||||||
finder = {
|
finder.FXPreferredViewStyle = "clmv";
|
||||||
AppleShowAllExtensions = true;
|
|
||||||
FXPreferredViewStyle = "clmv";
|
|
||||||
};
|
|
||||||
NSGlobalDomain = {
|
NSGlobalDomain = {
|
||||||
AppleShowAllExtensions = true;
|
AppleShowAllExtensions = true;
|
||||||
InitialKeyRepeat = 15;
|
InitialKeyRepeat = 15;
|
||||||
KeyRepeat = 2;
|
KeyRepeat = 2;
|
||||||
};
|
};
|
||||||
|
CustomUserPreferences."ch.sudo.cyberduck" = {
|
||||||
|
# 永久禁用捐赠提示(日期设为遥远的未来)
|
||||||
|
"donate.reminder.date" = 253402300799000;
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
# ── Homebrew ───────────────────────────────────────
|
# ── Homebrew ───────────────────────────────────────
|
||||||
homebrew = {
|
homebrew = {
|
||||||
enable = true;
|
enable = true;
|
||||||
greedyCasks = true; # always upgrade casks even if they auto-update
|
greedyCasks = true; # 即使 cask 自动更新也始终升级
|
||||||
|
# 已废弃:Homebrew 将于 2026-09 后移除 --no-quarantine
|
||||||
|
# 待所有 cask 通过 Gatekeeper(签名且公证)后移除此项
|
||||||
|
caskArgs.no_quarantine = true;
|
||||||
|
|
||||||
taps = [
|
taps = [
|
||||||
"goooler/repo"
|
"goooler/repo"
|
||||||
];
|
];
|
||||||
|
|
||||||
brews = [
|
brews = [
|
||||||
"mole" # broken in nixpkgs
|
"mole"
|
||||||
];
|
];
|
||||||
|
|
||||||
# GUI apps
|
# GUI 应用
|
||||||
casks = [
|
casks = [
|
||||||
"1password"
|
"1password"
|
||||||
"brave-browser"
|
"brave-browser"
|
||||||
"cherry-studio"
|
"cherry-studio"
|
||||||
|
"cyberduck"
|
||||||
"dbeaver-community"
|
"dbeaver-community"
|
||||||
"discord"
|
"discord"
|
||||||
"feishu"
|
"feishu"
|
||||||
@@ -83,6 +84,7 @@
|
|||||||
"raycast"
|
"raycast"
|
||||||
"spotify"
|
"spotify"
|
||||||
"telegram-desktop"
|
"telegram-desktop"
|
||||||
|
"tencent-meeting"
|
||||||
"termius"
|
"termius"
|
||||||
"visual-studio-code"
|
"visual-studio-code"
|
||||||
"wechat"
|
"wechat"
|
||||||
@@ -91,6 +93,7 @@
|
|||||||
|
|
||||||
# Mac App Store
|
# Mac App Store
|
||||||
masApps = {
|
masApps = {
|
||||||
|
"iPreview" = 1519213509;
|
||||||
"Microsoft Word" = 462054704;
|
"Microsoft Word" = 462054704;
|
||||||
"Microsoft Excel" = 462058435;
|
"Microsoft Excel" = 462058435;
|
||||||
"Microsoft PowerPoint" = 462062816;
|
"Microsoft PowerPoint" = 462062816;
|
||||||
@@ -101,7 +104,7 @@
|
|||||||
onActivation = {
|
onActivation = {
|
||||||
autoUpdate = true;
|
autoUpdate = true;
|
||||||
upgrade = true;
|
upgrade = true;
|
||||||
cleanup = "zap"; # remove anything not declared above
|
cleanup = "zap"; # 移除所有未声明的内容
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -1,18 +0,0 @@
|
|||||||
{ pkgs, ... }:
|
|
||||||
|
|
||||||
{
|
|
||||||
# ── System-essential packages ──────────────────────
|
|
||||||
# User-level tools live in home-manager (home/)
|
|
||||||
environment.systemPackages = with pkgs; [
|
|
||||||
curl
|
|
||||||
git
|
|
||||||
vim
|
|
||||||
wget
|
|
||||||
];
|
|
||||||
|
|
||||||
# ── Fonts ──────────────────────────────────────────
|
|
||||||
fonts.packages = with pkgs; [
|
|
||||||
maple-mono.NF-CN-unhinted
|
|
||||||
nerd-fonts.symbols-only
|
|
||||||
];
|
|
||||||
}
|
|
||||||
+17
-12
@@ -1,28 +1,33 @@
|
|||||||
{ pkgs, username, ... }:
|
{
|
||||||
|
pkgs,
|
||||||
|
username,
|
||||||
|
sshKeys,
|
||||||
|
...
|
||||||
|
}:
|
||||||
|
|
||||||
{
|
{
|
||||||
imports = [
|
imports = [
|
||||||
./base.nix
|
|
||||||
./docker.nix
|
./docker.nix
|
||||||
./locale.nix
|
|
||||||
];
|
];
|
||||||
|
|
||||||
# ── Default shell ──────────────────────────────────
|
environment.systemPackages = with pkgs; [
|
||||||
programs.fish.enable = true;
|
curl
|
||||||
|
git
|
||||||
|
ghostty.terminfo
|
||||||
|
];
|
||||||
|
|
||||||
# ── SSH ──────────────────────────────────────────
|
i18n = {
|
||||||
services.openssh.enable = true;
|
defaultLocale = "en_US.UTF-8";
|
||||||
|
supportedLocales = [ "en_US.UTF-8/UTF-8" ];
|
||||||
|
};
|
||||||
|
time.timeZone = "Asia/Shanghai";
|
||||||
|
|
||||||
# ── Default user ───────────────────────────────────
|
|
||||||
users.users.${username} = {
|
users.users.${username} = {
|
||||||
isNormalUser = true;
|
isNormalUser = true;
|
||||||
shell = pkgs.fish;
|
shell = pkgs.fish;
|
||||||
extraGroups = [ "wheel" ];
|
extraGroups = [ "wheel" ];
|
||||||
openssh.authorizedKeys.keys = [
|
openssh.authorizedKeys.keys = sshKeys;
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDRTOo48gzzRGT+bF9dzJCFJu61YgsQVONFtxU9kTPIg"
|
|
||||||
];
|
|
||||||
};
|
};
|
||||||
|
|
||||||
# ── sudo ───────────────────────────────────────────
|
|
||||||
security.sudo.wheelNeedsPassword = false;
|
security.sudo.wheelNeedsPassword = false;
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -8,8 +8,4 @@
|
|||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = with pkgs; [
|
||||||
docker-compose
|
docker-compose
|
||||||
];
|
];
|
||||||
|
|
||||||
# WSL 环境下如使用 Docker Desktop,可改为:
|
|
||||||
# wsl.docker-desktop.enable = true;
|
|
||||||
# 并将上面的 virtualisation.docker.enable 设为 false
|
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -1,10 +0,0 @@
|
|||||||
{ ... }:
|
|
||||||
|
|
||||||
{
|
|
||||||
i18n = {
|
|
||||||
defaultLocale = "en_US.UTF-8";
|
|
||||||
supportedLocales = [ "en_US.UTF-8/UTF-8" ];
|
|
||||||
};
|
|
||||||
|
|
||||||
time.timeZone = "Asia/Shanghai";
|
|
||||||
}
|
|
||||||
@@ -1,3 +1,10 @@
|
|||||||
{
|
{
|
||||||
imports = [ ./nix.nix ];
|
imports = [
|
||||||
|
./fonts.nix
|
||||||
|
./nix.nix
|
||||||
|
];
|
||||||
|
|
||||||
|
programs.fish.enable = true;
|
||||||
|
programs._1password.enable = true;
|
||||||
|
services.openssh.enable = true;
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -0,0 +1,8 @@
|
|||||||
|
{ pkgs, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
fonts.packages = with pkgs; [
|
||||||
|
maple-mono.NF-CN-unhinted
|
||||||
|
nerd-fonts.symbols-only
|
||||||
|
];
|
||||||
|
}
|
||||||
@@ -11,7 +11,7 @@
|
|||||||
warn-dirty = false;
|
warn-dirty = false;
|
||||||
};
|
};
|
||||||
|
|
||||||
# Disable channels — we use flakes exclusively
|
# 禁用 channels — 仅使用 flakes
|
||||||
nix.channel.enable = false;
|
nix.channel.enable = false;
|
||||||
|
|
||||||
nixpkgs = {
|
nixpkgs = {
|
||||||
|
|||||||
Reference in New Issue
Block a user