nixos/aplaz: restore the machine

.sops.yaml

@@ -1,7 +1,7 @@
 keys:
   - &admin_lyc age1tcz7npvfsevrwkxn7ymuju3whj8ekeupn6jwgmnfcfc4s74h7g3svr7dzy
   - &server_adrastea age18appjgzkrf5jnjjp5566e33lt0w3wtrg8e2yqzfltzd8n2l60ccs85xxrk
-  - &machine_aplaz age156qya5amgx02usqfg0054lwkc4s6kztahka386w74g76et6k2edsgyv7vk
+  - &machine_aplaz age1m7lgj74f7q02slnwj9aaw89t8q84242cjnvnua42esnvpwualp5svtx2ke
   - &machine_metis age1q3wrg2mx9rjv4qedplesu28gyu0j7rzf0zt95zw9xxn524llwyzstjqk3a
 creation_rules:
   - path_regex: secrets/[^/]+\.yaml$

flake.nix

@@ -20,7 +20,7 @@
     nur.url = "github:nix-community/NUR";
 
     nixos-apple-silicon = {
-      url = "github:tpwrules/nixos-apple-silicon/17adff0d4ee0e366e24eac0eb15da30eaa4a2478";
+      url = "github:tpwrules/nixos-apple-silicon";
       inputs.nixpkgs.follows = "nixpkgs";
     };
 

home/lyc/configurations/aplaz/default.nix

@@ -1,4 +1,4 @@
-{ config, ... }:
+{ config, pkgs, ... }:
 {
   services.kdeconnect.enable = true;
 
@@ -15,6 +15,6 @@
 
   services.gpg-agent = {
     enable = true;
-    pinentryFlavor = "curses";
+    pinentryPackage = pkgs.pinentry-curses;
   };
 }

nixos/configurations/aplaz/default.nix

@@ -2,7 +2,7 @@
 # your system.  Help is available in the configuration.nix(5) man page
 # and in the NixOS manual (accessible by running ‘nixos-help’).
 
-{ inputs, config, lib, pkgs, ... }:
+{ inputs, lib, pkgs, ... }:
 
 {
   imports = [
@@ -19,7 +19,7 @@
   };
 
 
-  boot.loader.efi.canTouchEfiVariables = true;
+  boot.loader.efi.canTouchEfiVariables = false;
 
   boot.kernel.sysctl = {
     "vm.swappiness" = 100;
@@ -44,12 +44,6 @@
   # Set your time zone.
   time.timeZone = "Asia/Shanghai";
 
-  fileSystems = {
-    "/".options = [ "compress=zstd" ];
-    "/home".options = [ "compress=zstd" ];
-    "/nix".options = [ "compress=zstd" "noatime" ];
-  };
-
   boot.kernelParams = [ "hid_apple.fnmode=2" ];
 
 
@@ -72,17 +66,6 @@
 
   zramSwap.enable = true;
 
-
-  services.xserver.displayManager.sddm.settings = {
-    General = {
-      DisplayServer = "wayland";
-      InputMethod = "";
-    };
-    Wayland = {
-      CompositorCommand = "${pkgs.weston}/bin/weston --shell=fullscreen-shell.so";
-    };
-  };
-
   services.openssh.enable = true;
 
   # Open ports in the firewall.
@@ -146,6 +129,8 @@
     libreoffice-qt
     bubblewrap
     tigervnc
+
+    fluent-icon-theme
   ];
 
   hardware.bluetooth.enable = true;
@@ -163,9 +148,8 @@
     sudo.u2fAuth = true;
   };
 
-  services.xserver.displayManager.sddm.enable = lib.mkForce false;
-
-  services.greetd.enable = true;
+  services.displayManager.sddm.enable = true;
+  services.displayManager.sddm.wayland.enable = true;
 
   virtualisation.podman.enable = true;
 

nixos/configurations/aplaz/hardware-configuration.nix

@@ -1,7 +1,7 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
-{ config, lib, pkgs, modulesPath, ... }:
+{ lib, modulesPath, ... }:
 
 {
   imports =
@@ -16,47 +16,45 @@
 
   fileSystems."/" =
     {
-      device = "/dev/disk/by-uuid/611ab6b3-0797-4563-b45f-8ddc6dd94612";
+      device = "/dev/disk/by-uuid/16a487e5-aef5-46b2-a98b-28f1bd4e7a3b";
       fsType = "btrfs";
-      options = [ "subvol=root" ];
+      options = [ "subvol=root" "compress=zstd" ];
     };
 
   fileSystems."/home" =
     {
-      device = "/dev/disk/by-uuid/611ab6b3-0797-4563-b45f-8ddc6dd94612";
+      device = "/dev/disk/by-uuid/16a487e5-aef5-46b2-a98b-28f1bd4e7a3b";
       fsType = "btrfs";
-      options = [ "subvol=home" ];
+      options = [ "subvol=home" "compress=zstd" ];
     };
 
   fileSystems."/nix" =
     {
-      device = "/dev/disk/by-uuid/611ab6b3-0797-4563-b45f-8ddc6dd94612";
+      device = "/dev/disk/by-uuid/16a487e5-aef5-46b2-a98b-28f1bd4e7a3b";
       fsType = "btrfs";
-      options = [ "subvol=nix" ];
+      options = [ "subvol=nix" "compress=zstd" "noatime" ];
     };
 
   fileSystems."/boot" =
     {
-      device = "/dev/disk/by-uuid/8121-1600";
+      device = "/dev/disk/by-uuid/BB05-1B0A";
       fsType = "vfat";
+      options = [ "fmask=0022" "dmask=0022" ];
     };
 
-  swapDevices = [{
-    device = "/swap/swapfile";
-  }];
+  swapDevices = [ ];
 
   # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
   # (the default) this is the recommended approach. When using systemd-networkd it's
   # still possible to use this option, but it's recommended to use it in conjunction
   # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
   networking.useDHCP = lib.mkDefault true;
-  # networking.interfaces.wlp1s0f0.useDHCP = lib.mkDefault true;
+  # networking.interfaces.wlan0.useDHCP = lib.mkDefault true;
 
   nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
   powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand";
 
   hardware.asahi.peripheralFirmwareDirectory = /boot/asahi;
-  hardware.asahi.addEdgeKernelConfig = true;
 
   hardware.asahi.useExperimentalGPUDriver = true;
 }

secrets/general.yaml

@@ -20,38 +20,38 @@ sops:
         - recipient: age1tcz7npvfsevrwkxn7ymuju3whj8ekeupn6jwgmnfcfc4s74h7g3svr7dzy
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwMlBneXd6bHlkaTJVeExS
-            NFBkazRJSy9jUFZyczNMZElyWU0vZ0ZrK2w4CnVYUXBmYjhDK1RMU21WL2JFSFE4
-            RmFmbnhzVnZrd2wxYVJKdjNTWFh3aG8KLS0tIDFVbHVWc0RwRmZQY1o5NjNVZUQr
-            U0NaaGhsOHRNMHY3TFpUcmhveXlsTUEKJW8BIy5vWGYJNV1f7LxrYCF0jN6TYJDQ
-            y0IFkx8m6bA2RNtVcB0qj1m+G0u1ySB9FK4KhCk6KaSlEaR+RO2TKw==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtcHM3b3d2WEJBWkdScEFB
+            bHJZenE0ckVoVm9Kck9KYWhqMTFzZTNKZEVjCmpISFgzZ2FKc20rK1A0T3dIVEhR
+            ckxyRkhHTWZJMVB5dmFvWUhsQm5XOXcKLS0tIEdGWkdrV2VtOXM5cEpaTkZFaGFT
+            Zk55WkQwK05UTHVZUy80WXQ5Wmk5bTAKqCR7xEoQPxC5Jrsz3Wm6LG3TNtItdKJ2
+            /+5NJPxs8HbWuadkBjnRmFA3SbzMDCL4vrZ4jMl7AiCY+nUGCs4h9w==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age18appjgzkrf5jnjjp5566e33lt0w3wtrg8e2yqzfltzd8n2l60ccs85xxrk
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArUTE0YTR2K3VOM3V6NFpz
-            S003MG9qTU15RUlLSmlUVG5WWHhVTE40U0JvCk9VM2xZckVmbHV4VnBWNm5paVpX
-            UjZmUTIrWDlLK3lxbUpqeVRWcjArM0UKLS0tIHZSR3BUdExaZU80b3FrbHFPOFU2
-            T0pPNHdDQUJ4WDFuOGxqbEZXSFpBVlUKQlfXjcPw3+GtESZsxUMkj7+MsYyWzMmy
-            9X2Ca30281nCEclgWakUegVdO3k+p6/pbVjBp3Bx7ROrBLHLHe7pkg==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2dlVCWWk0VURTdlBpMjE2
+            ZHh6RmZxWEQzbjUvWmIzWFBKVVpRaTV3c1NVCnJjWkhvZm5lWkxjWEJlVDR3VGs0
+            eVI3NjBzejdrVTRha3pWZWJNVzhGdVkKLS0tIEViWkFhTWI0WVRXUk10MTRWZDVk
+            Ri83RitZRDFURk1IM1VjL1JjM0FYVkkKxrlbzlWsrSzJ7b1JLMj9ocY8X1YnDj79
+            XmN0I+H4YtgUi9ldp20m7nJH2BiVol/fFrcvJFa/4scmsqoGlmK0Og==
             -----END AGE ENCRYPTED FILE-----
-        - recipient: age156qya5amgx02usqfg0054lwkc4s6kztahka386w74g76et6k2edsgyv7vk
+        - recipient: age1m7lgj74f7q02slnwj9aaw89t8q84242cjnvnua42esnvpwualp5svtx2ke
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpU0dTaW5PUG41VDFmYzFm
-            b0dvV2t5djYyMnRrdmZrN09OcUxnS0VUYlZvCjg0WjlNWDRhdzFDUEhJU2xRV21H
-            Y25hekQ0T1Nva2l5cmk4UzZ4UzF5Q28KLS0tIFM2bVdPWnZjZGVvMmFWWUFCUzBK
-            ZWZpdVVXcU1ueW1vcGNJaTIzamRxNW8K0CRkqAYjZkAPWui89I8BEL6ZwcQ/nM4H
-            nYxCF3IFYf6DCmVHpyMsaJdHPpvxBSMcbp2/9ylNtjVdpdd4Aveg2g==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCbnM4c0dPTDE0T2FzUWsy
+            d3EvYzlJbXBSZVlTQkcxc3FHTFJpWDFYZWlZCjhuakl3L0Q4RzNIV3orWEp0N1Jn
+            eno4R0lMVUkyU1BlVXorbk9lQ1Myb28KLS0tIHNyMyt3MDNPYlVSc21SRDZtVEtv
+            N2hqWDA0R1MxZHRBNUhUeXJ4TFVUYzQKAFoR7Xw9OAN7L0/P1fvxDIhNFBXn/DyC
+            f6rbk1MDnkldQDa7VZ+/2WWYQVLCiQVIwsLD8RRjLG0zpxqt9+dBxQ==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age1q3wrg2mx9rjv4qedplesu28gyu0j7rzf0zt95zw9xxn524llwyzstjqk3a
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxdENHYyswUHV2Y1R3WTlO
-            UUo4cXExbzA0ZzBMb3dwaHFHSFJGaHYzeWpFCm4rSmRHM2tjUHFKKzlGSUJTTXpF
-            SGVESjBWR3RqM3JyRDJpUnM5dlYvRkUKLS0tIGlZcmpqZlFaR0RNR3ZYT0RXd0Ru
-            TkVrd2RsNys4SGFZRVozYzdrT2VXVWMK7Ctrg2D1BAMVQqTaxOIw3ylgbI6lYswL
-            MD2TkOYFNTRNOyoz4fmoidjDry/yqwdJ03FPPK4z98uVVvVITey83Q==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBucWdiWk0yTjVoUW5UNGdv
+            WU5ldGZMTWxSaUQydE5qdjlnNTlmM1NYRUVrCkZaMnFqSjBlZE16Z2wvQS9xVjB6
+            THJTS0pRYnBVaXVsSEpYc25KNzF1a3cKLS0tIEZhZU94TDJacHRETktKVUNUYXBa
+            ZDg0T2hqR2tROVI1T1BLeFNnaGVYY1EKOnOp5ZPo48XIB7d9PnG2sKvsoLX32XEm
+            Pqf4UTOmT47SSKsvu5xgxPXJrhBySkspn97gtpl9bYG4n8HYCSw+hg==
             -----END AGE ENCRYPTED FILE-----
     lastmodified: "2023-12-27T12:49:20Z"
     mac: ENC[AES256_GCM,data:rU8CKwh9Vg1XsVawa8ZBO0Xuymryk8q7D5Lqp9BWmK7+qJBP8a6W2tUbbOvsc3/pgw5ExWPhfDBQ5j5O5vtwNVzYK4qhF2Jd7IU39aSQL6N4J2dMGiruA+FoHEXl8EKWRevYlkXFMeonDMy23TiBq63KgdKhl1k+NOn9ttf0bOE=,iv:uNnptOSNlgCeR540pqu9M/YtI/h7Intp6CEeORzGnBI=,tag:duOiXWFx0zyCZ/pHyyGcpA==,type:str]