start to use home manager as NixOS module

machines/calcite/configuration.nix

@@ -1,19 +1,13 @@
-# Edit this configuration file to define what should be installed on
-# your system.  Help is available in the configuration.nix(5) man page
-# and in the NixOS manual (accessible by running ‘nixos-help’).
-
-{ config, pkgs, nixos-cn, nur, nur-xddxdd, ... }:
+{ config, pkgs, ... }:
 
 {
   imports =
     [
       # Include the results of the hardware scan.
       ./hardware-configuration.nix
-      ../clash.nix
-      ../vscode.nix
-      # ../dnscrypt.nix
-      ./secret.nix
+      ./network.nix
       ../sops.nix
+      ../clash.nix
     ];
 
   # Bootloader.
@@ -22,25 +16,16 @@
   boot.loader.efi.efiSysMountPoint = "/boot/efi";
   # boot.kernelPackages = pkgs.linuxPackages_latest;
   boot.kernelModules = [ "nvidia" "nvidia_modeset" "nvidia_uvm" ];
+  boot.supportedFilesystems = [ "ntfs" ];
 
-  networking.hostName = "xin-laptop"; # Define your hostname.
+  networking.hostName = "calcite";
 
-  # Enable networking
-  networking = {
-    nameservers = [ "127.0.0.1" "::1" ];
-    networkmanager = {
-      enable = true;
-    };
-    resolvconf.useLocalResolver = true;
-  };
+  programs.vim.defaultEditor = true;
 
-  
-  sops = {
-    defaultSopsFile = ./secrets.yaml;
-    age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
-    age.keyFile = "/var/lib/sops-nix/keys.txt";
-    age.generateKey = true;
-  };
+  # Keep this even if enabled in home manager
+  programs.fish.enable = true;
+  environment.shells = [ pkgs.fish ];
+  users.defaultUserShell = pkgs.fish;
 
   # Setup wireguard
   # Set your time zone.
@@ -49,12 +34,6 @@
   # Select internationalisation properties.
   i18n.defaultLocale = "en_US.utf8";
 
-  # Chinese Input Method
-  i18n.inputMethod = {
-    enabled = "fcitx5";
-    fcitx5.addons = with pkgs; [ fcitx5-rime ];
-  };
-
   i18n.extraLocaleSettings = {
     LC_ADDRESS = "zh_CN.utf8";
     LC_IDENTIFICATION = "zh_CN.utf8";
@@ -115,6 +94,10 @@
 
   # Allow unfree packages
   nixpkgs.config.allowUnfree = true;
+  nixpkgs.config.permittedInsecurePackages = [
+    # For wechat-uos
+    "electron-19.0.7"
+  ];
   # List packages installed in system profile. To search, run:
   # $ nix search wget
   environment.systemPackages = with pkgs; [
@@ -125,38 +108,16 @@
     wineWowPackages.waylandFull
     faudio
 
-    man-pages
     # ==== CLI tools ==== #
     rust-analyzer
-    leetcode-cli
 
-    tree
-    wget
-    tmux
-    ffmpeg
-    tealdeer
-    neofetch
-    rclone
-    clash
     # tesseract5 # ocr
     ocrmypdf # pdfocr
 
     grc
-    fishPlugins.pisces
-    fishPlugins.bass
-    fishPlugins.done
-
-    hyperfine # benchmarking tool
-    grex # generate regex from example
-    delta # diff viewer
-    zoxide # autojumper
-    du-dust # du + rust
-    alacritty # terminal emulator
-    zellij # modern multiplexer
 
     # ==== Development ==== #
     # VCS
-    git
     git-crypt
 
     jetbrains.jdk # patch jetbrain runtime java
@@ -205,15 +166,13 @@
     vlc
     obs-studio
     spotify
-    netease-cloud-music-gtk
 
     digikam
 
     # IM
     tdesktop
     qq
-    nur-xddxdd.packages."x86_64-linux".wechat-uos-bin
-    # nixos-cn.legacyPackages.${system}.wechat-uos
+    config.nur.repos.xddxdd.wechat-uos
 
     # Mail
     thunderbird
@@ -235,100 +194,30 @@
 
     virt-manager
   ];
-  # use vim for editor
-  programs.vim = {
-    defaultEditor = true;
-  };
-
-  # use fish as default shell
-  environment.shells = [ pkgs.fish ];
-  users.defaultUserShell = pkgs.fish;
-  programs.fish = {
-    enable = true;
-  };
-
-  programs.wireshark = {
-    enable = true;
-    package = pkgs.wireshark-qt;
-  };
-
-  # Add gsconnect, open firewall
-  programs.kdeconnect = {
-    enable = true;
-    package = pkgs.gnomeExtensions.gsconnect;
-  };
 
   programs.steam = {
     enable = true;
-    remotePlay.openFirewall = true;
   };
-  # Some programs need SUID wrappers, can be configured further or are
-  # started in user sessions.
-  # programs.mtr.enable = true;
-  # programs.gnupg.agent = {
-  #   enable = true;
-  #   enableSSHSupport = true;
-  # };
 
-  # List services that you want to enable:
-
-  # Enable the OpenSSH daemon.
-  # services.openssh.enable = true;
-
-  # services.gnome.gnome-remote-desktop.enable = true;
-
-  # Open ports in the firewall.
-  # networking.firewall.allowedTCPPorts = [ ... ];
-  networking.firewall.allowedUDPPorts = [ 41641 ];
-  # Or disable the firewall altogether.
-  # networking.firewall.enable = false;
-
-  # This value determines the NixOS release from which the default
-  # settings for stateful data, like file locations and database versions
-  # on your system were taken. It‘s perfectly fine and recommended to leave
-  # this value at the release version of the first install of this system.
-  # Before changing this value read the documentation for this option
-  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
-  system.stateVersion = "22.05"; # Did you read the comment?
+  system.stateVersion = "22.05";
 
   # Use mirror for binary cache
   nix.settings.substituters = [
     "https://mirrors.ustc.edu.cn/nix-channels/store"
-    # "https://mirrors.tuna.tsinghua.edu.cn/nix-channels/store"
+    "https://mirrors.tuna.tsinghua.edu.cn/nix-channels/store"
   ];
   nix.settings.experimental-features = [ "nix-command" "flakes" ];
 
   # MTP support
   services.gvfs.enable = true;
 
-  # Enable Tailscale
-  services.tailscale.enable = true;
-  services.tailscale.useRoutingFeatures = "both";
-
-  # Setup Nvidia driver
-  services.xserver.videoDrivers = [ "nvidia" ];
-  hardware.opengl = {
-    enable = true;
-    # driSupport = true;
-  };
-  hardware.nvidia.modesetting.enable = true;
-  hardware.nvidia.package = config.boot.kernelPackages.nvidiaPackages.stable;
-  # hardware.nvidia.open = true;
-  hardware.nvidia.prime = {
-    offload.enable = true;
-    offload.enableOffloadCmd = true;
-    nvidiaBusId = "PCI:1:0:0";
-    amdgpuBusId = "PCI:4:0:0";
-  };
-
   # Fonts
   fonts = {
     fonts = with pkgs; [
+      (nerdfonts.override { fonts = [ "FiraCode" ]; })
       noto-fonts
       noto-fonts-emoji
       liberation_ttf
-      fira-code
-      fira-code-symbols
       mplus-outline-fonts.githubRelease
       dina-font
       proggyfonts
@@ -345,7 +234,7 @@
       defaultFonts = {
         serif = [ "Noto Serif CJK SC" "Ubuntu" ];
         sansSerif = [ "Noto Sans CJK SC" "Ubuntu" ];
-        monospace = [ "FiraCode" "Ubuntu" ];
+        monospace = [ "FiraCode NerdFont Mono" "Ubuntu" ];
       };
     };
   };

machines/calcite/hardware-configuration.nix

@@ -14,17 +14,24 @@
   boot.extraModulePackages = [ ];
 
   fileSystems."/" =
-    { device = "/dev/disk/by-uuid/73ff3986-ff55-4e9b-a857-9fc3878ea94f";
+    { device = "/dev/disk/by-label/NIXROOT";
       fsType = "ext4";
     };
 
   fileSystems."/boot/efi" =
-    { device = "/dev/disk/by-uuid/5A85-9129";
+    { device = "/dev/disk/by-label/EFIBOOT";
       fsType = "vfat";
     };
 
+  fileSystems."/media/data" =
+    {
+      device = "/dev/disk/by-label/WINDATA";
+      fsType = "ntfs3";
+      options = [ "rw" "uid=1000" ];
+    };
+
   swapDevices =
-    [ { device = "/dev/disk/by-uuid/ccf8e837-d9c6-4e59-a36d-6bbd4836d11a"; }
+    [ { device = "/dev/disk/by-label/NIXSWAP"; }
     ];
 
   # Enables DHCP on each ethernet and wireless interface. In case of scripted networking

machines/calcite/network.nix

@@ -0,0 +1,37 @@
+{ pkgs, ...}:
+
+{
+  # Enable networking
+  networking = {
+    nameservers = [ "127.0.0.1" "::1" ];
+    networkmanager = {
+      enable = true;
+    };
+    resolvconf.useLocalResolver = true;
+  };
+
+  # Enable Tailscale
+  services.tailscale.enable = true;
+  # services.tailscale.useRoutingFeatures = "both";
+
+  # Open ports in the firewall.
+  # networking.firewall.allowedTCPPorts = [ ... ];
+  networking.firewall.allowedUDPPorts = [ 41641 ];
+  # Or disable the firewall altogether.
+  # networking.firewall.enable = false;
+
+  programs.steam.remotePlay.openFirewall = true;
+
+  # Add gsconnect, open firewall
+  programs.kdeconnect = {
+    enable = true;
+    package = pkgs.gnomeExtensions.gsconnect;
+  };
+
+  programs.wireshark = {
+    enable = true;
+    package = pkgs.wireshark-qt;
+  };
+
+  # services.gnome.gnome-remote-desktop.enable = true;
+}

machines/calcite/secrets.yaml

@@ -0,0 +1,30 @@
+clash_subscription_link: ENC[AES256_GCM,data:HKHMCu6FAhXroM+j33coUhJybw2P0k4c+2NyVoLkHRtxyWc2qDmwLfyaYfU9hkBdE60eZ6t5ewNFnMFe78DatVTcwPXGznY=,iv:0yP9LG8lUdjKiize6z5LjY3NsGmKST4H2aMvOZoUXyo=,tag:vcBk7seKuaSpEw8PXmM05A==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1uw059wcwfvd9xuj0hpqzqpeg7qemecspjrsatg37wc7rs2pumfdsgken0c
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuRXoxNVJzZERQTFdDNWlL
+            N2s2ajdCVzFFZWlSY1dndWhCL0RuMnk3aVdJCjJaQUJ2a1VPanArN2YxMy9vSEYv
+            blBISEZQL3UvNnRFN0ozZ3hzbEcvaDQKLS0tIEYydmF2bHBwQWdTSFFQQ29ROGxi
+            OFo3K3N6VWsyRnphblVsM2pHZnljUncKWLyzuKl+8WXtvlPtsaYG4PyGYNmPFdG5
+            gxlMsQvaUrGReCs9M3EeS0KKvl9INzOP33KCiwrIAfq1PygP1xF1QQ==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1ytwfqfeez3dqtazyjltn7mznccwx3ua8djhned7n8mxqhw4p6e5s97skfa
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1ZHpMa0NiYzJSa0Jyd3dD
+            WUFzenY3dEYzRjBxbVk4NWFGUnp0N0oySjE4CllEMlRXSmR6cWR0QlMrOWJGdEhO
+            ZzkwaFRRMVdjcVhLaEpMcFhxMTVxcTQKLS0tIEY3eER1d3B0NGtsdk9RaENscTBk
+            eHg2UVZRRkdVWm5PdW1MSzhVTGlpc3cKnZj4fil9mysiJJcDK4SLo+I0TcUtgww1
+            67W3wpd2y+ofIEP/qBSTVU4PYJ+ZsYDr1hy+6qJ7r4rgQ9wzLiWBog==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2023-04-22T15:22:58Z"
+    mac: ENC[AES256_GCM,data:3LtivTLt04ADulz9XkMxcpgAY6it+hWFuXZVI9AOuFVQCgGE41fpH0RUKgJ4kIpr5kvbe4wVLQ6OTFqBcAkPnBBPCCg/Npzo7sWbGOiBEyK3aEk2uGsmZHqpDexHS5VJvSY0iePD+Qb/LNxjBo4KLWGNj+frKnpGALV0Qn6yzIE=,iv:alylpWLPhIIL4piaVFpjHbXJY4nz0pcUIFN5TvVcj74=,tag:HaSjcpwRMZ06UjXoDwEmyg==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.7.3

machines/laptop/secrets.yaml

@@ -1,30 +0,0 @@
-gmail: ENC[AES256_GCM,data:CajGtLth9OWLc4OHvRB2WIf9h8Fz4A==,iv:8VpGHDn06sDsTwsIVSHf9teRLNWx3hmQJ7Qml5ovjoo=,tag:dVIgRQ9LjSWSe/6QdCVUyA==,type:str]
-sops:
-    kms: []
-    gcp_kms: []
-    azure_kv: []
-    hc_vault: []
-    age:
-        - recipient: age1n359y6qkgzypu0lkcy66pfpneskul35xyhrzz3qumjsmeyp2wsuqq0df49
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByNmR1LzJkZUxHcnRsV0Nj
-            RVRJZ3lZWmhzWFkyM3M5ZHZyZGo5OG0xZmpJCkVEd0VmNVNDejlDY0pYcmNHMjB0
-            a1d0UDVQRFFCUUxFMXh2UlBGc0RRZk0KLS0tIFpJRVIvM1Q3NG02ZEk2MEdsYmkz
-            YU9zMzJCcDVtRGdOWXNSMGpCcUNneDgKUDVNx2OjyOSRzMqhmFkBx3do4VrNO/fw
-            tFk4EzayyNoRAd5Ch/XfAccGwLceNhvMPZYxcB0hZljZM5u3g3JPtQ==
-            -----END AGE ENCRYPTED FILE-----
-        - recipient: age179ldmg92wqsspgujc70hujfgttw0ljxkh7g86w8rqzywx0f7psysrk0cfn
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLVFg0OEFSMHJYTjZxNUM0
-            ZmY0NUU0c3pNK1d4ak0wcmYrRTN1TEcyakZRCnBLNzNxNm5YWk9kNzZqL0dHMkhG
-            UXA1bDY4QVg2K3d6eVBpWG1ybHN2VDAKLS0tIFJpSTk4cFZKeTVkd09sN3NmQzc1
-            eXNvMElBbnkxaEVJZ1hRZnZDUmp0WE0KmjdpdtWkxNgwcm3GuGAhO2p8rH/UyGSW
-            iJMXAD/FIbbB9e50oSVixg5PFZuqL6ryxFDrj8UgUZozBVXFrlZfBw==
-            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2023-04-16T05:37:57Z"
-    mac: ENC[AES256_GCM,data:XX17bbc+hGPcsfg7t3S93X22fpydT0N+P8DTpLB4SkVi9anRbNTrldJkIxKNuN3LXKZmdON/BO6x4TMe+wh45yAW1Ds8OD6VTr6IdXYIvvYC5IKt27qd30Cqbed0Q4LSq9mZ97YiRCyxVsNSf+n4rJV+Ufc24LS35Kb3qR5Pia8=,iv:T5BPf9fCLroreDqHGBrWyI1fFYNTWtYx557AnMReQnU=,tag:8qC/yN/erx4mDDO949oppA==,type:str]
-    pgp: []
-    unencrypted_suffix: _unencrypted
-    version: 3.7.3

machines/secrets.yaml

@@ -0,0 +1,30 @@
+clash_subscription_link: ENC[AES256_GCM,data:HKHMCu6FAhXroM+j33coUhJybw2P0k4c+2NyVoLkHRtxyWc2qDmwLfyaYfU9hkBdE60eZ6t5ewNFnMFe78DatVTcwPXGznY=,iv:0yP9LG8lUdjKiize6z5LjY3NsGmKST4H2aMvOZoUXyo=,tag:vcBk7seKuaSpEw8PXmM05A==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1uw059wcwfvd9xuj0hpqzqpeg7qemecspjrsatg37wc7rs2pumfdsgken0c
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuRXoxNVJzZERQTFdDNWlL
+            N2s2ajdCVzFFZWlSY1dndWhCL0RuMnk3aVdJCjJaQUJ2a1VPanArN2YxMy9vSEYv
+            blBISEZQL3UvNnRFN0ozZ3hzbEcvaDQKLS0tIEYydmF2bHBwQWdTSFFQQ29ROGxi
+            OFo3K3N6VWsyRnphblVsM2pHZnljUncKWLyzuKl+8WXtvlPtsaYG4PyGYNmPFdG5
+            gxlMsQvaUrGReCs9M3EeS0KKvl9INzOP33KCiwrIAfq1PygP1xF1QQ==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1ytwfqfeez3dqtazyjltn7mznccwx3ua8djhned7n8mxqhw4p6e5s97skfa
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1ZHpMa0NiYzJSa0Jyd3dD
+            WUFzenY3dEYzRjBxbVk4NWFGUnp0N0oySjE4CllEMlRXSmR6cWR0QlMrOWJGdEhO
+            ZzkwaFRRMVdjcVhLaEpMcFhxMTVxcTQKLS0tIEY3eER1d3B0NGtsdk9RaENscTBk
+            eHg2UVZRRkdVWm5PdW1MSzhVTGlpc3cKnZj4fil9mysiJJcDK4SLo+I0TcUtgww1
+            67W3wpd2y+ofIEP/qBSTVU4PYJ+ZsYDr1hy+6qJ7r4rgQ9wzLiWBog==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2023-04-22T15:22:58Z"
+    mac: ENC[AES256_GCM,data:3LtivTLt04ADulz9XkMxcpgAY6it+hWFuXZVI9AOuFVQCgGE41fpH0RUKgJ4kIpr5kvbe4wVLQ6OTFqBcAkPnBBPCCg/Npzo7sWbGOiBEyK3aEk2uGsmZHqpDexHS5VJvSY0iePD+Qb/LNxjBo4KLWGNj+frKnpGALV0Qn6yzIE=,iv:alylpWLPhIIL4piaVFpjHbXJY4nz0pcUIFN5TvVcj74=,tag:HaSjcpwRMZ06UjXoDwEmyg==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.7.3

machines/sops.nix

@@ -1,2 +1,9 @@
+{ ... }:
 {
+  sops = {
+    defaultSopsFile = ./secrets.yaml;
+    age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
+    # age.keyFile = "/var/lib/sops-nix/keys.txt";
+    # age.generateKey = true;
+  };
 }