Rebase to flake parts #1

2026-05-01 15:00:10 -03:00
commit 37a394265b
176 changed files with 30782 additions and 0 deletions
@@ -0,0 +1,170 @@
+{ self, inputs, ... }: {
+
+  flake.nixosModules.t2mbpConfiguration =
+    { self, config, pkgs, ... }:
+    {
+      imports = [
+        self.nixosModules.t2mbpHardware
+        self.nixosModules.t2linux
+        inputs.t2fanrd.nixosModules.t2fanrd
+        inputs.home-manager.nixosModules.home-manager
+        inputs.sops-nix.nixosModules.sops
+
+        self.nixosModules.system
+        self.nixosModules.desktop
+        self.nixosModules.users
+
+        self.nixosModules."client-services"
+        ./_private/platform.nix
+        ./_private/firmware.nix
+      ];
+
+      # ───────────────────────────── Sops (see repo secrets/.sops.yaml) ───────────
+      sops = {
+        defaultSopsFile = ../../../secrets/secrets.yaml;
+        defaultSopsFormat = "yaml";
+        age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
+      };
+
+      sops.secrets."caching/attic/token" = {
+        owner = "olivier";
+        group = "users";
+        mode = "0400";
+      };
+
+      sops.secrets."users/olivier/hashedPassword".neededForUsers = true;
+      sops.secrets."swiftshare/API_KEY" = {
+        owner = "olivier";
+        group = "users";
+        mode = "0400";
+      };
+
+      chiasson.system.librepods.enable = true;
+      chiasson.system.palera1n.enable = true;
+
+      # T2 SMC fans: without a daemon they sit near minimum while thermald only throttles CPU —
+      # https://wiki.t2linux.org/guides/fan/
+      services.t2fanrd = {
+        enable = true;
+        # Upstream averages 50 samples (~5s); peak tracks spikes so fans hit sysfs max sooner
+        # under bursty browser/GPU load (see patches/t2fanrd-use-peak-temperature.patch).
+        package = inputs.t2fanrd.packages.x86_64-linux.default.overrideAttrs (old: {
+          patches = (old.patches or [ ]) ++ [ ../../../patches/t2fanrd-use-peak-temperature.patch ];
+        });
+        config = {
+          Fan1 = {
+            low_temp = 40;
+            high_temp = 65;
+            speed_curve = "exponential";
+            always_full_speed = false;
+          };
+          Fan2 = {
+            low_temp = 40;
+            high_temp = 65;
+            speed_curve = "exponential";
+            always_full_speed = false;
+          };
+        };
+      };
+
+      # Dynamic function row on the Touch Bar (`tiny-dfr`; needs `DRM_APPLETBDRM` — see t2linux kernel opts).
+      hardware.apple.touchBar.enable = true;
+
+      # ─────────────────────── Attic (pull + push + CLI token) ────────────────────
+      chiasson.system.caching.attic = {
+        enable = true;
+        cacheName = "nixos-new";
+        endpoint = "http://192.168.2.238:8080/";
+        publicKey = "nixos-new:8NySIcT0HP7KvGQKgBRWoWESxxRA8BVYo8S85UNpNX0=";
+        tokenFile = config.sops.secrets."caching/attic/token".path;
+        push.enable = true;
+        userCli.enable = true;
+      };
+
+      # ─────────────────────── Display Server & Desktop ──────────────────────────
+      chiasson.desktop = {
+        niri = {
+          enable = true;
+          # Hybrid T2 + `apple-gmux force_igd` + blacklisted amdgpu: a TB/DP encoder often stays
+          # "connected" with junk EDID → niri sees a second head (`Unknown-1`, absurd mode). Off.
+          extraSettings.extraConfig = ''
+            output "Unknown-1" {
+                off
+            }
+          '';
+        };
+        defaultSession = "niri";
+        shell = "dms";
+      };
+
+      chiasson.system = {
+        remoteDesktop = {
+          enable = false;
+          moonlight.enable = false;
+          sunshine.enable = false;
+        };
+        audio.enable = true;
+        extraPackages = [ pkgs.sops ];
+        networking = {
+          hostName = "t2mbp";
+          networkManager.enable = true;
+        };
+      };
+
+      chiasson.users.enabled = [ "olivier" ];
+
+      chiasson.users.extraModules.olivier = [
+        self.homeManagerModules.wisdomFilebrowsersDolphin
+        self.homeManagerModules.wisdomTerminalsKitty
+        self.homeManagerModules.wisdomBrowsersZen
+        self.homeManagerModules.wisdomBrowsersChrome
+        self.homeManagerModules.wisdomBrowsersEdge
+        self.homeManagerModules.wisdomEditorsCursor
+        self.homeManagerModules.wisdomEditorsKate
+        self.homeManagerModules.wisdomEditorsObsidian
+        self.homeManagerModules.wisdomShellYazi
+        self.homeManagerModules.wisdomShellFish
+        self.homeManagerModules.wisdomShellOhMyPosh
+        self.homeManagerModules.wisdomAppsDiscord
+        self.homeManagerModules.wisdomAppsSpotify
+        self.homeManagerModules.wisdomAppsLocalsend
+        self.homeManagerModules.wisdomAppsPokeclicker
+        self.homeManagerModules.wisdomDesktopScreenshot
+        {
+          chiasson.home = {
+            shell = {
+              fish.enable = true;
+              yazi.enable = true;
+              ohMyPosh.enable = true;
+            };
+          
+            terminals.kitty.enable = true;
+            filebrowsers.dolphin.enable = true;
+            browsers = {
+             zen.enable = false;
+              chrome.enable = false;
+              edge.enable = true;
+            };
+            editors = {
+              cursor.enable = true;
+              kate.enable = false;
+              obsidian.enable = true;
+            };
+            apps = {
+              discord.enable = true;
+              spotify.enable = false;
+              localsend.enable = true;
+              pokeclicker.enable = true;
+            };
+            desktop = {
+              screenshot = {
+                enable = true;
+                swiftshareApiKeyFile = "/run/secrets/swiftshare/API_KEY"; #TODO[epic=sops] redo this by passing sops file output directly
+              };
+            };
+          };
+        }
+      ];
+    };
+
+}