Merge integration branch with darwin support

Amp-Thread-ID: https://ampcode.com/threads/T-0748e36c-aff2-4360-bbfe-f185d2e11209
Co-authored-by: Amp <amp@ampcode.com>

hosts/darwin/casks/default.nix

@@ -0,0 +1,43 @@
+{  ... }:
+
+{
+  homebrew.enable = true;
+  homebrew.brews = [
+    "kind"
+    "kubectl"
+    "bazelisk"
+    "sourcegraph/src-cli/src-cli"
+    "gh"
+    # "postgresql@15"
+    # "redis"
+  ];
+  homebrew.casks = [
+    # Development Tools
+    "homebrew/cask/docker"
+    # "syncthing"
+    # "insomnia"
+    # "tableplus"
+    # "ngrok"
+    "postico"
+    "wireshark"
+    "1password"
+    "orbstack"
+
+    # Communication Tools
+    # Already installed manually
+    # "loom"
+    # "slack" 
+    # "zoom"
+    # "firefox"
+    # "1password-cli"
+
+    # Utility Tools
+    # "syncthing"
+
+    # Productivity Tools
+    "raycast"
+
+    # AI
+    # "diffusionbee"
+  ];
+}

hosts/darwin/default.nix

@@ -0,0 +1,154 @@
+{ self, pkgs, config, ... }:
+
+{
+  imports = [
+    ./sketchybar
+    ./yabai
+    # ./casks
+    # ../../modules/darwin/home-manager.nix
+    # ../../modules/shared
+    # ../../modules/shared/cachix
+  ];
+
+  environment.systemPackages = [ 
+    pkgs.go
+    pkgs.python3
+    pkgs.cargo
+    pkgs.k9s
+    pkgs.kubernetes-helm
+    pkgs.shellcheck
+  ];
+
+  age.identityPaths = [ "/Users/anishlakhwara/.ssh/id_ed25519" ];
+  age.secrets.work-wg.file = "${self}/secrets/work-wg.age";
+  age.secrets.work-wg.owner = "anishlakhwara";
+  networking.wg-quick.interfaces = {
+    wg0 = {
+      address = [ "10.0.69.7/24" ];
+      listenPort = 60990; # to match firewall allowedUDPPorts (without this wg uses random port numbers)
+      privateKeyFile = config.age.secrets.work-wg.path;
+      dns = [ "10.0.69.4" ];
+      postDown = ''
+        sudo /usr/sbin/networksetup -setdnsservers Wi-Fi "Empty"
+      '';
+      peers = [
+        # For a client configuration, one peer entry for the server will suffice.
+        {
+          publicKey = "c1J4p63rD3IlszugMZiki7UBV3YmDdqa3DU4UejXzAI=";
+          allowedIPs = [ "10.0.69.0/24" ];
+          # Set this to the server IP and port.
+          endpoint = "sealight.xyz:60990"; # ToDo: route to endpoint not automatically configured https://wiki.archlinux.org/index.php/WireGuard#Loop_routing https://discourse.nixos.org/t/solved-minimal-firewall-setup-for-wireguard-client/7577
+          persistentKeepalive = 25;
+        }
+      ];
+    };
+  };
+
+  # Auto upgrade nix package and the daemon service.
+  services.nix-daemon.enable = true;
+  nixpkgs.hostPlatform = "aarch64-darwin";
+  programs.zsh.enable = true;
+
+  # Setup user, packages, programs
+  nix = {
+    # package = pkgs.nixUnstable;
+    settings.trusted-users = [ "@admin" "anishlakhwara" ];
+
+    gc = {
+      user = "root";
+      automatic = true;
+      interval = { Weekday = 0; Hour = 2; Minute = 0; };
+      options = "--delete-older-than 30d";
+    };
+
+    # Turn this on to make command line easier
+    extraOptions = ''
+      experimental-features = nix-command flakes
+    '';
+  };
+
+  # Turn off NIX_PATH warnings now that we're using flakes
+  system.checks.verifyNixPath = false;
+
+  # Load configuration that is shared across systems
+  # environment.systemPackages = with pkgs; [
+  # 
+  # ] ++ (import ../../modules/shared/packages.nix { inherit pkgs; });
+
+  # Enable fonts dir
+  # fonts.fontDir.enable = true;
+  fonts.packages = with pkgs; [
+    fira-code
+    fira-code-symbols
+    hermit
+    #hack
+    siji
+    font-awesome
+    proggyfonts
+    (nerdfonts.override { fonts = [ "FiraCode" "DroidSansMono" "Iosevka" ]; })
+  ];
+
+  system = {
+    stateVersion = 4;
+
+    keyboard = {
+      enableKeyMapping = true;
+    };
+
+    defaults = {
+      LaunchServices = {
+        LSQuarantine = false;
+      };
+
+      NSGlobalDomain = {
+        AppleShowAllExtensions = true;
+        ApplePressAndHoldEnabled = false;
+
+        # 120, 90, 60, 30, 12, 6, 2
+        KeyRepeat = 2;
+
+        # 120, 94, 68, 35, 25, 15
+        InitialKeyRepeat = 15;
+
+        "com.apple.mouse.tapBehavior" = 1;
+        "com.apple.sound.beep.volume" = 0.0;
+        "com.apple.sound.beep.feedback" = 0;
+      };
+
+      loginwindow = {
+        # disable guest account
+        GuestEnabled = false;
+        # show name instead of username
+        SHOWFULLNAME = false;
+      };
+
+      dock = {
+        autohide = true;
+        autohide-delay = 0.0;
+        autohide-time-modifier = 1.0;
+        static-only = false;
+        showhidden = false;
+        show-recents = false;
+        launchanim = true;
+        mouse-over-hilite-stack = true;
+        orientation = "bottom";
+        tilesize = 48;
+        mru-spaces = false;
+      };
+
+      finder = {
+        _FXShowPosixPathInTitle = false;
+      };
+
+      trackpad = {
+        Clicking = false;
+        TrackpadThreeFingerDrag = true;
+      };
+    };
+
+    # keyboard = {
+    #   enableKeyMapping = true;
+    #   remapCapsLockToControl = true;
+    # };
+  };
+}

hosts/darwin/sketchybar/default.nix

@@ -0,0 +1,10 @@
+{ pkgs, ... }:
+
+{
+  services.sketchybar = {
+    enable = true;
+    config = (builtins.readFile ./sketchybarrc);
+    extraPackages = [ pkgs.jq ];
+  };
+
+}

hosts/darwin/sketchybar/sketchybarrc

@@ -0,0 +1,59 @@
+#!/usr/bin/env bash
+
+source "$HOME/.config/sketchybar/variables.sh" # Loads all defined colors
+
+# General bar and defaults
+# parts I didn't want
+# y_offset=5 \
+# margin=5 \
+
+sketchybar --bar height=35 \
+  color="$BAR_COLOR" \
+  shadow="$SHADOW" \
+  position=top \
+  sticky=on \
+  padding_right=0 \
+  padding_left=3 \
+  corner_radius="$CORNER_RADIUS" \
+  blur_radius=20 \
+  notch_width=200 \
+  --default updates=when_shown \
+  icon.font="$FONT:Bold:13.5" \
+  icon.color="$ICON_COLOR" \
+  icon.padding_left="$PADDINGS" \
+  icon.padding_right="$PADDINGS" \
+  label.font="$FONT:Bold:13.0" \
+  label.color="$LABEL_COLOR" \
+  label.padding_left="$PADDINGS" \
+  label.padding_right="$PADDINGS" \
+  background.padding_right="$PADDINGS" \
+  background.padding_left="$PADDINGS" \
+  popup.background.border_width=1 \
+  popup.background.corner_radius=11 \
+  popup.background.border_color="$POPUP_BORDER_COLOR" \
+  popup.background.color="$POPUP_BACKGROUND_COLOR" \
+  popup.background.shadow.drawing="$SHADOW"
+
+# Left
+# source "$ITEM_DIR/apple.sh"
+source "$ITEM_DIR/spaces.sh"
+
+# Center (of notch)
+# source "$ITEM_DIR/spotify.sh"
+source "$ITEM_DIR/front_app.sh"
+
+# Right
+source "$ITEM_DIR/clock.sh"
+source "$ITEM_DIR/calendar.sh"
+source "$ITEM_DIR/battery.sh"
+source "$ITEM_DIR/volume.sh"
+source "$ITEM_DIR/cpu.sh"
+source "$ITEM_DIR/vpn.sh"
+
+#################### Finalizing Setup ####################
+
+# sketchybar --hotload true
+
+sketchybar --update
+
+echo "sketchybar configuration loaded.."

hosts/darwin/yabai/default.nix

@@ -0,0 +1,102 @@
+{pkgs, ... }:
+
+{
+  services.yabai = {
+    enable = true;
+    config = {
+      mouse_follows_focus = "off";
+      focus_follows_mouse = "off";
+      window_placement = "second_child";
+      window_topmost = "off";
+      window_opacity = "off";
+      window_opacity_duration = 0.0;
+      window_shadow = "on";
+      window_border = "off";
+      window_border_placement = "inset";
+      window_border_width = 4;
+      window_border_radius = -1.0;
+      active_window_border_topmost = "off";
+      active_window_border_color = "0xff775759";
+      normal_window_border_color = "0xff505050";
+      insert_window_border_color = "0xffd75f5f";
+      active_window_opacity = 1.0;
+      normal_window_opacity = 0.9;
+      split_ratio = 0.73;
+      auto_balance = "on";
+      mouse_modifier = "fn";
+      mouse_action1 = "move";
+      mouse_action2 = "resize";
+      layout = "bsp";
+      top_padding = 5;
+      bottom_padding = 5;
+      left_padding = 5;
+      right_padding = 5;
+      window_gap = 5;
+    };
+    extraConfig = ''
+      # Do not manage windows with certain titles eg. Copying files or moving to bin
+      yabai -m rule --add title="(Copy|Bin|About This Mac|Info)" manage=off
+      # Do not manage some apps which are not resizable
+      yabai -m rule --add app="^(Calculator|System Preferences|[sS]tats|[Jj]et[Bb]rains [Tt]ool[Bb]ox|kftray)$" manage=off
+    '';
+  };
+
+  system.activationScripts.yabai = {
+    enable = true;
+    text = ''
+      yabai --install-service && yabai --start-service
+    '';
+  };
+
+  services.skhd = {
+    enable = true;
+    skhdConfig = ''
+# Open iTerm2
+cmd - enter : kitty --single-instance -d ~
+
+##################
+# Window Motions #
+##################
+# Rotate
+lalt - r : yabai -m space --rotate 90
+# Mirror verticaly
+lalt - x : yabai -m space --mirror y-axis
+# Mirror horizontaly
+lalt - y : yabai -m space --mirror x-axis
+# yes, i know i swapped x and y, but I mainly use y-axis and y is further...
+# Fullscreen
+cmd - f : yabai -m window --toggle zoom-fullscreen
+# Swap
+lalt - q : yabai -m window --swap west
+lalt - s : yabai -m window --swap south
+lalt - z : yabai -m window --swap north
+lalt - d : yabai -m window --swap east
+# Warp
+shift + lalt - q : yabai -m window --warp west
+shift + lalt - s : yabai -m window --warp south
+shift + lalt - z : yabai -m window --warp north
+shift + lalt - d : yabai -m window --warp east
+
+#########
+# Focus #
+#########
+# Clockwise
+# alt - tab : yabai -m window --focus "$(yabai -m query --windows --space | jq -re "[sort_by(.id, .frame) | .[] | select(.role == \"AXWindow\" and .subrole == \"AXStandardWindow\") | .id] | nth(index($(yabai -m query --windows --window | jq -re ".id")) - 1)")"
+# Counter-clockwise
+# shift - tab : yabai -m window --focus "$(yabai -m query --windows --space | jq -re "[sort_by(.id, .frame) | reverse | .[] | select(.role == \"AXWindow\" and .subrole == \"AXStandardWindow\") | .id] | nth(index($(yabai -m query --windows --window | jq -re ".id")) - 1)")"
+
+##########
+# Spaces #
+##########
+ctrl - left : yabai -m space --focus prev
+ctrl - right : yabai -m space --focus next
+ctrl + shift - right : yabai -m window --space next; yabai -m space --focus next
+ctrl + shift - left : yabai -m window --space prev; yabai -m space --focus prev
+cmd - 1 : yabai -m window --space  1; yabai -m space --focus 1
+cmd - 2 : yabai -m window --space  2; yabai -m space --focus 2
+cmd - 3 : yabai -m window --space  3; yabai -m space --focus 3
+cmd - 4 : yabai -m window --space  4; yabai -m space --focus 4
+cmd - 5 : yabai -m window --space  5; yabai -m space --focus 5
+  '';
+  };
+}

hosts/deck/configuration.nix

@@ -0,0 +1,120 @@
+# Edit this configuration file to define what should be installed on
+# your system.  Help is available in the configuration.nix(5) man page
+# and in the NixOS manual (accessible by running ‘nixos-help’).
+
+{ config, pkgs, ... }:
+
+{
+  imports =
+    [ # Include the results of the hardware scan.
+      ./hardware-configuration.nix
+    ];
+
+  # Bootloader.
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+
+  networking.hostName = "deck"; # Define your hostname.
+  # networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant.
+
+  # Configure network proxy if necessary
+  # networking.proxy.default = "http://user:password@proxy:port/";
+  # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
+
+  # Enable networking
+  networking.networkmanager.enable = true;
+
+  # Set your time zone.
+  # time.timeZone = "America/Los_Angeles";
+
+  # Select internationalisation properties.
+  i18n.defaultLocale = "en_US.UTF-8";
+
+  # i18n.extraLocaleSettings = {
+  #   LC_ADDRESS = "en_US.UTF-8";
+  #   LC_IDENTIFICATION = "en_US.UTF-8";
+  #   LC_MEASUREMENT = "en_US.UTF-8";
+  #   LC_MONETARY = "en_US.UTF-8";
+  #   LC_NAME = "en_US.UTF-8";
+  #   LC_NUMERIC = "en_US.UTF-8";
+  #   LC_PAPER = "en_US.UTF-8";
+  #   LC_TELEPHONE = "en_US.UTF-8";
+  #   LC_TIME = "en_US.UTF-8";
+  # };
+
+  # Enable the X11 windowing system.
+  # services.xserver.enable = true;
+
+  # Enable the GNOME Desktop Environment.
+  # services.xserver.displayManager.gdm.enable = true;
+  # services.xserver.desktopManager.gnome.enable = true;
+
+  # Configure keymap in X11
+  # services.xserver.xkb = {
+  #   layout = "us";
+  #   variant = "";
+  # };
+
+
+    # use the example session manager (no others are packaged yet so this is enabled by default,
+    # no need to redefine it in your config for now)
+    #media-session.enable = true;
+
+  # Enable touchpad support (enabled default in most desktopManager).
+  # services.xserver.libinput.enable = true;
+
+  # Define a user account. Don't forget to set a password with ‘passwd’.
+  # users.users.anish = {
+  #   isNormalUser = true;
+  #   extraGroups = [ "networkmanager" "wheel" ];
+  #   packages = with pkgs; [
+  #   #  thunderbird
+  #   ];
+  # };
+
+  # Enable automatic login for the user.
+  services.xserver.displayManager.autoLogin.enable = true;
+  services.xserver.displayManager.autoLogin.user = "anish";
+
+  # Workaround for GNOME autologin: https://github.com/NixOS/nixpkgs/issues/103746#issuecomment-945091229
+  systemd.services."getty@tty1".enable = false;
+  systemd.services."autovt@tty1".enable = false;
+
+  # Install firefox.
+  # programs.firefox.enable = true;
+
+  # List packages installed in system profile. To search, run:
+  # $ nix search wget
+  environment.systemPackages = with pkgs; [
+  #  vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
+  #  wget
+  ];
+
+  # Some programs need SUID wrappers, can be configured further or are
+  # started in user sessions.
+  # programs.mtr.enable = true;
+  # programs.gnupg.agent = {
+  #   enable = true;
+  #   enableSSHSupport = true;
+  # };
+
+  # List services that you want to enable:
+
+  # Enable the OpenSSH daemon.
+  # services.openssh.enable = true;
+
+  # Open ports in the firewall.
+  # networking.firewall.allowedTCPPorts = [ ... ];
+  # networking.firewall.allowedUDPPorts = [ ... ];
+  # Or disable the firewall altogether.
+  # networking.firewall.enable = false;
+
+  # This value determines the NixOS release from which the default
+  # settings for stateful data, like file locations and database versions
+  # on your system were taken. It‘s perfectly fine and recommended to leave
+  # this value at the release version of the first install of this system.
+  # Before changing this value read the documentation for this option
+  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+  system.stateVersion = "24.11"; # Did you read the comment?
+
+}

hosts/deck/default.nix

@@ -0,0 +1,51 @@
+{ self, pkgs, config, ... }:
+{
+  imports = [
+    ./configuration.nix
+    ../users/anish
+    ../profiles/core
+    # ../profiles/bluetooth
+    # ../profiles/music
+    ../profiles/sync/cal
+    ../profiles/wifi
+    ../profiles/desktop
+    ../profiles/mimetypes
+    ../profiles/syncthing
+    ../profiles/mossnet-hosts
+    # ../profiles/fly-wg
+    # ../profiles/mount-mossnet
+  ];
+
+  # age.secrets.deck-wg.file = "${self}/secrets/deck-wg.age";
+  # age.secrets.deck-wg.owner = "deck";
+  # mossnet.wg = {
+  #   enable = true;
+  #   ips = [ "10.0.69.6/24" ];
+  #   privateKeyFile = "/run/agenix/deck-wg";
+  # };
+
+  users.users.anish.extraGroups = [ "adbusers" "wheel" "plugdev" "libvertd" ];
+  # boot.plymouth = {
+  #   enable = true;
+  #   themePackages = [ pkgs.plymouth-themes ];
+  #   theme = "motion";
+  # };
+
+  jovian.steam.enable = true;
+  jovian.devices.steamdeck.enable = true;
+  jovian.steam.user = "anish";
+  jovian.steam.autoStart = true;
+  jovian.steam.desktopSession = "gnome";
+  # jovian.steam.desktopSession = "none+bspwm";
+
+  # Install XR drivers
+  # environment.systemPackages = with pkgs; [
+  #   xrlinuxdriver
+  #   breezy-gnome
+  # ];
+
+  # services.udev.packages = with pkgs; [
+  #   xrlinuxdriver
+  # ];
+
+}

hosts/deck/hardware-configuration.nix

@@ -0,0 +1,40 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "usbhid" "sdhci_pci" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-amd" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/d432dae0-3512-4891-9582-56d7ecd8524c";
+      fsType = "ext4";
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/5B4C-7406";
+      fsType = "vfat";
+      options = [ "fmask=0077" "dmask=0077" ];
+    };
+
+  swapDevices =
+    [ { device = "/dev/disk/by-uuid/f75a730e-c849-4edd-a17f-52492d4260dc"; }
+    ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.wlo1.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}