From b35291ea56f621baf56810b2a619bc08f16ad4c2 Mon Sep 17 00:00:00 2001
From: Milo Moisson <milomoisson@gmail.com>
Date: Fri, 2 Aug 2024 09:18:01 +0200
Subject: [PATCH] feat: welcome darwin configs

---
 Justfile                             |  3 ++
 flake.lock                           | 21 +++++++++
 flake.nix                            | 13 ++++++
 home-manager/profiles/macintosh.nix  | 65 ++++++++++++++++++++++++++++
 lib/flake/default.nix                | 20 +++++++--
 lib/flake/user.nix                   | 13 ++++--
 nixos/hardware/apple-wiro-laptop.nix | 19 ++++++++
 nixos/modules/nix.nix                | 13 +++++-
 nixos/profiles/macintosh.nix         | 27 ++++++++++++
 9 files changed, 185 insertions(+), 9 deletions(-)
 create mode 100644 home-manager/profiles/macintosh.nix
 create mode 100644 nixos/hardware/apple-wiro-laptop.nix
 create mode 100644 nixos/profiles/macintosh.nix

diff --git a/Justfile b/Justfile
index 724be7d..3f1109d 100644
--- a/Justfile
+++ b/Justfile
@@ -4,6 +4,9 @@ _default:
 switch:
 	sudo nixos-rebuild switch --show-trace
 
+switch-darwin:
+	darwin-rebuild switch --flake ~/.config/nix-darwin
+
 build:
 	nixos-rebuild build --show-trace
 
diff --git a/flake.lock b/flake.lock
index 865bfe2..f3f3bc1 100644
--- a/flake.lock
+++ b/flake.lock
@@ -340,6 +340,26 @@
         "type": "github"
       }
     },
+    "nix-darwin": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1722500642,
+        "narHash": "sha256-Vls0TQRdplex1JslnBxEk3M26Q1vR+OSg+sk5rBG4DA=",
+        "owner": "LnL7",
+        "repo": "nix-darwin",
+        "rev": "b47af8628624856ad6853168298f1f96364d92d6",
+        "type": "github"
+      },
+      "original": {
+        "owner": "LnL7",
+        "repo": "nix-darwin",
+        "type": "github"
+      }
+    },
     "nixos-hardware": {
       "locked": {
         "lastModified": 1722332872,
@@ -434,6 +454,7 @@
         "helix": "helix",
         "home-manager": "home-manager",
         "nix-colors": "nix-colors",
+        "nix-darwin": "nix-darwin",
         "nixos-hardware": "nixos-hardware",
         "nixpkgs": "nixpkgs",
         "nixpkgs-unstable": "nixpkgs-unstable",
diff --git a/flake.nix b/flake.nix
index ff7b76b..4014947 100644
--- a/flake.nix
+++ b/flake.nix
@@ -9,6 +9,9 @@
     home-manager.url = "github:nix-community/home-manager/release-24.05";
     home-manager.inputs.nixpkgs.follows = "nixpkgs";
 
+    nix-darwin.url = "github:LnL7/nix-darwin";
+    nix-darwin.inputs.nixpkgs.follows = "nixpkgs";
+
     agenix.url = "github:ryantm/agenix";
     agenix.inputs.nixpkgs.follows = "nixpkgs";
     agenix.inputs.home-manager.follows = "home-manager";
@@ -87,6 +90,7 @@
         #   (user "milomoisson" { description = "Milo Moisson"; profile = "minimal"; keys = keys.users; })
         # ];
       };
+
       # I bundle my Home Manager config via the NixOS modules which create system generations and give free rollbacks.
       # However, in non-NixOS contexts, you can still use Home Manager to manage dotfiles using this template.
       homeConfigurations = {
@@ -96,5 +100,14 @@
         #   modules = [ ./home-manager/profiles/desktop.nix ];
         # };
       };
+
+      darwinConfigurations = with flake-lib.darwin; {
+        "apple-wiro-laptop" = createSystem pkgs."aarch64-darwin" [
+          (system "apple-wiro-laptop" "macintosh")
+          (user "milomoisson" { description = "Milo Moisson"; profile = "macintosh"; keys = keys.users; })
+        ];
+      };
+
+      # darwinPackages = ...;
     };
 }
diff --git a/home-manager/profiles/macintosh.nix b/home-manager/profiles/macintosh.nix
new file mode 100644
index 0000000..a095646
--- /dev/null
+++ b/home-manager/profiles/macintosh.nix
@@ -0,0 +1,65 @@
+{ self
+, lib
+, llib
+, config
+, pkgs
+, upkgs
+  # Provides the NixOS configuration if HM was loaded through the NixOS module
+, osConfig ? null
+, ...
+}:
+
+with lib;
+
+let
+  inherit (self.inputs) agenix nix-colors;
+
+  all-secrets = import ../../secrets;
+
+  toml-format = pkgs.formats.toml { };
+in
+{
+  imports = [
+    agenix.homeManagerModules.default
+    {
+      age.secrets = all-secrets.home-manager;
+      # This allows us to decrypt user space secrets without having to use a
+      # passwordless ssh key as you cannot interact with age in the service.
+      age.identityPaths = [ "${config.home.homeDirectory}/.ssh/id_home_manager" ];
+    }
+
+    # Nix colors
+    nix-colors.homeManagerModules.default
+    { config.colorScheme = llib.colorSchemes.oneDark; }
+  ] ++ map (modPath: ../modules/${modPath}) [
+    # "aws.nix"
+    # "chromium.nix"
+    # "firefox.nix"
+    # "git.nix"
+    # "imv.nix"
+    "shell.nix"
+    # "thunderbird.nix"
+    # "vm"
+    # "vscodium.nix"
+  ];
+
+  config = {
+    programs.home-manager.enable = osConfig == null;
+
+    home = {
+      stateVersion = "24.05";
+
+      packages = with pkgs; [
+        just
+      ];
+    };
+
+    programs.bat = {
+      enable = true;
+      config = {
+        style = "plain";
+      };
+    };
+  };
+}
+
diff --git a/lib/flake/default.nix b/lib/flake/default.nix
index c7c19e7..c9450f5 100644
--- a/lib/flake/default.nix
+++ b/lib/flake/default.nix
@@ -14,14 +14,15 @@ in
 rec {
   forAllSystems = genAttrs [ "x86_64-linux" "aarch64-linux" "aarch64-darwin" ];
 
-  # Makes
-  # - flake accessible through `self`
-  # - local flake library accessible through `llib`
-  # - unstable nixpkgs set accessible through `upkgs`
+  # - `self`: flake
+  # - `llib`: local flake library
+  # - `upkgs`: unstable nixpkgs set
+  # - `isDarwin`: indicates if system is darwin
   specialModuleArgs = pkgs: {
     inherit self;
     llib = import ../. pkgs;
     upkgs = import nixpkgs-unstable { inherit (pkgs) system config; };
+    isDarwin = pkgs.stdenv.isDarwin;
   };
 
   createSystem = pkgs: modules: nixosSystem {
@@ -39,4 +40,15 @@ rec {
   };
   user = import ./user.nix;
   managedDiskLayout = import ./managedDiskLayout.nix;
+
+  # Darwin related
+  darwin = {
+    createSystem = pkgs: modules: darwinSystem {
+      inherit pkgs modules;
+      specialArgs = specialModuleArgs pkgs;
+    };
+
+    inherit system;
+    user = import ./user.nix;
+  };
 }
diff --git a/lib/flake/user.nix b/lib/flake/user.nix
index b6e839e..36d3d89 100644
--- a/lib/flake/user.nix
+++ b/lib/flake/user.nix
@@ -1,6 +1,11 @@
 name: { description, profile, keys ? [ ], user ? { } }:
 
-{ self, pkgs, lib, ... }:
+{ self
+, pkgs
+, lib
+, isDarwin
+, ...
+}:
 
 with lib;
 
@@ -9,7 +14,9 @@ let
   inherit (self.flake-lib) specialModuleArgs;
 in
 {
-  imports = [ home-manager.nixosModules.home-manager ];
+  imports = [
+    (if isDarwin then home-manager.darwinModules.home-manager else home-manager.nixosModules.home-manager)
+  ];
 
   options = {
     local.user.username = mkOption {
@@ -24,7 +31,7 @@ in
     users.users.${name} = {
       isNormalUser = true;
       inherit description;
-      extraGroups = [ "wheel" "networkmanager" ];
+      extraGroups = mkIf (!isDarwin) [ "wheel" "networkmanager" ];
       shell = pkgs.fish;
 
       openssh.authorizedKeys.keys = keys;
diff --git a/nixos/hardware/apple-wiro-laptop.nix b/nixos/hardware/apple-wiro-laptop.nix
new file mode 100644
index 0000000..3db0e1b
--- /dev/null
+++ b/nixos/hardware/apple-wiro-laptop.nix
@@ -0,0 +1,19 @@
+{ self
+, config
+, lib
+, ...
+}:
+
+{
+  imports = [ ];
+
+  config = {
+    system.configurationRevision = self.rev or self.dirtyRev;
+
+    # Used for backwards compatibility, please read the changelog before changing.
+    # $ darwin-rebuild changelog
+    system.stateVersion = 4;
+
+    nixpkgs.hostPlatform = "aarch64-darwin";
+  };
+}
diff --git a/nixos/modules/nix.nix b/nixos/modules/nix.nix
index c2da14e..a3b6765 100644
--- a/nixos/modules/nix.nix
+++ b/nixos/modules/nix.nix
@@ -1,6 +1,8 @@
 { self
 , lib
+, pkgs
 , config
+, isDarwin
 , ...
 }:
 
@@ -27,8 +29,13 @@ in
 
       gc = {
         automatic = true;
-        dates = "weekly";
-      };
+      }
+      # Same option to say that GC is ran weekly at 3h15
+      // (if isDarwin then {
+        interval = { Weekday = 7; Hour = 3; Minute = 15; };
+      } else {
+        dates = "Sun *-*-* 03:15:00";
+      });
 
       settings = {
         experimental-features = [ "nix-command" "flakes" ];
@@ -45,11 +52,13 @@ in
           "https://nix-community.cachix.org"
           "https://mrnossiom.cachix.org"
           "https://radicle.cachix.org"
+          "https://helix.cachix.org"
         ];
         extra-trusted-public-keys = [
           "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
           "mrnossiom.cachix.org-1:WKo+xfDFaT6pRP4YiIFsEXvyBzI/Pm9uGhURgF1wlQg="
           "radicle.cachix.org-1:x7jrVNzziAP6GAAJF2wvgJBndqRhmh2EylgWr93ofx0="
+          "helix.cachix.org-1:ejp9KQpR1FBI2onstMQ34yogDm4OgU2ru6lIwPvuCVs="
         ];
       };
     };
diff --git a/nixos/profiles/macintosh.nix b/nixos/profiles/macintosh.nix
new file mode 100644
index 0000000..f06d047
--- /dev/null
+++ b/nixos/profiles/macintosh.nix
@@ -0,0 +1,27 @@
+{ self
+, lib
+, config
+, pkgs
+, upkgs
+, ...
+}:
+
+with lib;
+
+let
+  inherit (self.outputs) nixosModules;
+in
+{
+  # Hardware is imported in the flake to be machine specific
+  imports = map (modPath: ../modules/${modPath}) [
+    # "agenix.nix"
+    # "logiops.nix"
+    "nix.nix"
+  ];
+
+  security.pam.enableSudoTouchIdAuth = true;
+
+  services.nix-daemon.enable = true;
+
+  programs.zsh.enable = true;
+}