migrate my nixos laptop to this flake

flake.lock

@@ -1,5 +1,26 @@
 {
   "nodes": {
+    "home-manager": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1651519540,
+        "narHash": "sha256-3k6p8VsTwwRPQjE8rrMh+o2AZACZn/eeYJ7ivdQ/Iro=",
+        "owner": "nix-community",
+        "repo": "home-manager",
+        "rev": "d93d56ab8c1c6aa575854a79b9d2f69d491db7d0",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "ref": "release-21.11",
+        "repo": "home-manager",
+        "type": "github"
+      }
+    },
     "nixpkgs": {
       "locked": {
         "lastModified": 1652975354,
@@ -15,7 +36,7 @@
         "type": "indirect"
       }
     },
-    "pkgsUnstable": {
+    "pkgs-gitea": {
       "locked": {
         "lastModified": 1651726670,
         "narHash": "sha256-dSGdzB49SEvdOJvrQWfQYkAefewXraHIV08Vz6iDXWQ=",
@@ -32,8 +53,9 @@
     },
     "root": {
       "inputs": {
+        "home-manager": "home-manager",
         "nixpkgs": "nixpkgs",
-        "pkgsUnstable": "pkgsUnstable"
+        "pkgs-gitea": "pkgs-gitea"
       }
     }
   },

flake.nix

@@ -5,17 +5,19 @@
 {
   inputs = {
     nixpkgs.url = "nixpkgs/nixos-21.11";
-    pkgsUnstable.url = "nixpkgs/c777cdf5c564015d5f63b09cc93bef4178b19b01";
+    pkgs-gitea.url = "nixpkgs/c777cdf5c564015d5f63b09cc93bef4178b19b01";
+    home-manager.url = "github:nix-community/home-manager/release-21.11";
+    # XXX colin: is this right?
+    home-manager.inputs.nixpkgs.follows = "nixpkgs";
   };
-  outputs = { self, pkgsUnstable, nixpkgs }: {
+  outputs = { self, nixpkgs, pkgs-gitea, home-manager }: {
     nixosConfigurations.uninsane = nixpkgs.lib.nixosSystem {
-      # inherit (self.packages.aarch64-linux) pkgs;
       pkgs = import nixpkgs {
         system = "aarch64-linux";
         config.allowUnfree = true;
         overlays = [
           (self: super: {
-            pkgsUnstable.system = "aarch64-linux";  # extraneous?
+            pkgs-gitea.system = "aarch64-linux";  # extraneous?
             #### customized packages
             # nixos-unstable pleroma is too far out-of-date for our db
             pleroma = super.callPackage ./pkgs/pleroma { };
@@ -28,7 +30,7 @@
             # gitea: 1.16.5 contains a fix which makes manual user approval *actually* work.
             # https://github.com/go-gitea/gitea/pull/19119
             # safe to remove after 1.16.5 (or 1.16.7 if we need db compat?)
-            gitea = pkgsUnstable.legacyPackages.aarch64-linux.gitea;
+            gitea = pkgs-gitea.legacyPackages.aarch64-linux.gitea;
 
             # try a newer rpi4 u-boot
             # ubootRaspberryPi4_64bit = pkgs.unstable.ubootRaspberryPi4_64bit;
@@ -52,6 +54,27 @@
         })
       ];
     };
+
+    nixosConfigurations.lappy = nixpkgs.lib.nixosSystem {
+      pkgs = import nixpkgs {
+        system = "x86_64-linux";
+        config.allowUnfree = true;
+      };
+      system = "x86_64-linux";
+      modules = [
+        ({ pkgs, ... }: {
+          nixpkgs.config.allowUnfree = true;
+        })
+        home-manager.nixosModules.home-manager {
+          home-manager.useGlobalPkgs = true;
+          home-manager.useUserPackages = true;
+          home-manager.users.colin.imports = [ ./lappy/colin.nix ];
+        }
+        ./configuration.nix
+        ./lappy/users.nix
+        ./lappy/hardware.nix
+      ];
+    };
     # packages = nixpkgs.lib.genAttrs nixpkgs.lib.platforms.all (system:
     #   {
     #     pkgs = import nixpkgs { inherit system; config.allowUnfree = true; };

lappy/colin.nix

@@ -0,0 +1,116 @@
+# docs:
+#   https://rycee.gitlab.io/home-manager/
+#   man home-configuration.nix
+
+{ config, pkgs, ... }:
+{
+
+  home.stateVersion = "21.11";
+  home.username = "colin";
+  home.homeDirectory = "/home/colin";
+  programs.home-manager.enable = true;
+  programs.zsh.enable = true;
+  programs.git = {
+    enable = true;
+    userName = "colin";
+    userEmail = "colin@uninsane.org";
+  };
+
+  programs.firefox = {
+    enable = true;
+    # profiles.default = {
+    #   settings = {
+    #     "browser.urlbar.placeholderName" = "DuckDuckGo";
+    #   };
+    # };
+    # extensions = [
+    # ];
+  };
+
+  programs.vim = {
+    enable = true;
+    extraConfig = ''
+      " wtf vim project: NOBODY LIKES MOUSE FOR VISUAL MODE
+      set mouse-=a
+      " copy/paste to system clipboard
+      set clipboard=unnamedplus
+      " <tab> completion menu settings
+      set wildmenu
+      set wildmode=longest,list,full
+      " highlight all matching searches (using / and ?)
+      set hlsearch
+      " allow backspace to delete empty lines in insert mode
+      set backspace=indent,eol,start
+      " built-in syntax highlighting
+      syntax enable
+      " show line/col number in bottom right
+      set ruler
+      " highlight trailing space & related syntax errors (does this work?)
+      let c_space_errors=1
+      let python_space_errors=1
+    '';
+  };
+
+  dconf.settings = {
+    # control alt-tab behavior
+    "org/gnome/desktop/wm/keybindings" = {
+      switch-applications = [ "<Super>Tab" ];
+      switch-applications-backward=[];
+      switch-windows=["<Alt>Tab"];
+      switch-windows-backward=["<Super><Alt>Tab"];
+    };
+    # idle power savings
+    "org/gnome/settings-deamon/plugins/power" = {
+      idle-brigthness = 50;
+      sleep-inactive-ac-type = "nothing";
+      sleep-inactive-battery-timeout = 5400;  # seconds
+    };
+  };
+
+  # xsession.enable = true;
+  # xsession.windowManager.command = "…";
+
+
+  home.packages = [
+    pkgs.gnumake
+    pkgs.dig
+    pkgs.duplicity
+    pkgs.fatresize
+    pkgs.fd
+    pkgs.file
+    pkgs.gptfdisk
+    pkgs.hdparm
+    pkgs.htop
+    pkgs.iftop
+    pkgs.iotop
+    pkgs.iptables
+    pkgs.jq
+    pkgs.killall
+    pkgs.lm_sensors  # for sensors-detect
+    pkgs.lsof
+    pkgs.pciutils
+    pkgs.matrix-synapse
+    pkgs.mix2nix
+    pkgs.netcat
+    # pkgs.nettools
+    pkgs.nmap
+    pkgs.parted
+    pkgs.powertop
+    pkgs.python3
+    pkgs.ripgrep
+    pkgs.smartmontools
+    pkgs.socat
+    pkgs.sudo
+    pkgs.telnet
+    pkgs.usbutils
+    pkgs.wireguard
+    pkgs.zola
+
+    pkgs.clinfo
+    pkgs.discord
+    pkgs.element-desktop
+    pkgs.gnome.dconf-editor
+    pkgs.mesa-demos
+    pkgs.tdesktop
+  ];
+}

lappy/hardware.nix

@@ -0,0 +1,52 @@
+{ config, pkgs, lib, ... }:
+
+{
+  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usb_storage" "sd_mod" "sdhci_pci" ];
+  boot.initrd.kernelModules = [ ];
+  # find more of these with sensors-detect
+  boot.kernelModules = [ "coretemp" "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  # Use the systemd-boot EFI boot loader.
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+
+  # enable cross compilation
+  boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
+
+  powerManagement.cpuFreqGovernor = "powersave";
+  hardware.enableRedistributableFirmware = true;
+  hardware.cpu.intel.updateMicrocode = true;
+  powerManagement.powertop.enable = true;
+  services.fwupd.enable = true;
+
+  hardware.opengl.extraPackages = [
+    pkgs.intel-compute-runtime
+    pkgs.intel-media-driver  # new
+    pkgs.libvdpau-va-gl      # new
+    pkgs.vaapiIntel
+  ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/75230e56-2c69-4e41-b03e-68475f119980";
+      fsType = "btrfs";
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/BD79-D6BB";
+      fsType = "vfat";
+    };
+
+  swapDevices = [ ];
+
+  time.timeZone = "America/Los_Angeles";
+
+  # start gnome/gdm on boot
+  services.xserver.enable = true;
+  services.xserver.desktopManager.gnome.enable = true;
+  services.xserver.displayManager.gdm.enable = true;
+
+  networking.useDHCP = false;
+  networking.networkmanager.enable = true;
+
+}

lappy/users.nix

@@ -0,0 +1,60 @@
+{ config, pkgs, lib, ... }:
+
+# installer docs: https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/profiles/installation-device.nix
+{
+  # Users are exactly these specified here;
+  # old ones will be deleted (from /etc/passwd, etc) upon upgrade.
+  users.mutableUsers = false;
+
+  # docs: https://nixpkgs-manual-sphinx-markedown-example.netlify.app/generated/options-db.xml.html#users-users
+  users.users.colin = {
+    # sets group to "users" (?)
+    isNormalUser = true;
+    home = "/home/colin";
+    uid = 1000;
+    # XXX colin: this is what the installer has, but is it necessary?
+    # group = "users";
+    extraGroups = [ "wheel" "networkmanager" ];
+    initialHashedPassword = "";
+    # shell = pkgs.bashInteractive;
+    # XXX colin: create ssh key for THIS user by logging in and running:
+    #   ssh-keygen -t ed25519
+    openssh.authorizedKeys.keys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGSDe/y0e9PSeUwYlMPjzhW0UhNsGAGsW3lCG3apxrD5 colin@colin.desktop"
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG+MZ/l5d8g5hbxMB9ed1uyvhV85jwNrSVNVxb5ujQjw colin@colin.laptop"
+    ];
+  };
+
+  # automatically log in at the virtual consoles.
+  # using root here makes sure we always have an escape hatch
+  # services.getty.autologinUser = "root";
+
+  security.sudo = {
+    enable = true;
+    wheelNeedsPassword = false;
+  };
+
+  services.openssh = {
+    enable = true;
+    permitRootLogin = "no";
+    passwordAuthentication = false;
+  };
+
+  programs.vim.defaultEditor = true;
+
+  # gitea doesn't create the git user
+  # users.users.git = {
+  #   description = "Gitea Service";
+  #   home = "/var/lib/gitea";
+  #   useDefaultShell = true;
+  #   group = "gitea";
+  #   isSystemUser = true;
+  #   # sendmail access (not 100% sure if this is necessary)
+  #   extraGroups = [ "postdrop" ];
+  # };
+
+  # # this is required to allow pleroma to send email.
+  # # raw `sendmail` works, but i think pleroma's passing it some funny flags or something, idk.
+  # # hack to fix that.
+  # users.users.pleroma.extraGroups = [ "postdrop" ];
+}