kalbasit · kalbasit · Aug 30, 2023 · Aug 8, 2021 · Aug 8, 2021 · Aug 8, 2021
diff --git a/flake.lock b/flake.lock
diff --git a/flake.nix b/flake.nix
@@ -16,9 +16,17 @@
       };
     };
 
+    darwin = {
+      url = "github:LnL7/nix-darwin";
+      inputs = {
+        nixpkgs.follows = "nixpkgs";
+      };
+    };
+
     soxin = {
       url = "github:SoxinOS/soxin";
       inputs = {
+        darwin.follows = "darwin";
         deploy-rs.follows = "deploy-rs";
         flake-utils-plus.follows = "flake-utils-plus";
         home-manager.follows = "home-manager";
@@ -93,9 +101,10 @@
 
         # Supported systems, used for packages, apps, devShell and multiple other definitions. Defaults to `flake-utils.lib.defaultSystems`
         supportedSystems = [
+          "aarch64-darwin"
           "aarch64-linux"
-          "x86_64-linux"
           "x86_64-darwin"
+          "x86_64-linux"
         ];
 
         devShellBuilder = channels: with channels.nixpkgs; mkShell {

diff --git a/hosts/darwins/default.nix b/hosts/darwins/default.nix
@@ -1,2 +1,57 @@
-inputs@{ ... }:
-{ }
+inputs@{ self, darwin, deploy-rs, lib ? nixpkgs.lib, nixpkgs, ... }:
+
+let
+  inherit (lib)
+    mapAttrs
+    recursiveUpdate
+    ;
+
+  # the default channel to follow.
+  channelName = "nixpkgs";
+
+  # the operating mode of Soxin
+  mode = "nix-darwin";
+in
+mapAttrs
+  (n: v: recursiveUpdate
+  {
+    inherit
+      mode
+      ;
+  }
+    v)
+{
+  ###
+  # x86_64-darwin
+  ###
+
+  poseidon =
+    let
+      system = "x86_64-darwin";
+    in
+    {
+      inherit
+        channelName
+        system
+        ;
+
+      modules = [ ./poseidon/configuration.nix ];
+    };
+
+  ###
+  # aarch64-darwin
+  ###
+
+  saturn =
+    let
+      system = "aarch64-darwin";
+    in
+    {
+      inherit
+        channelName
+        system
+        ;
+
+      modules = [ ./saturn/configuration.nix ];
+    };
+}
diff --git a/hosts/darwins/poseidon/configuration.nix b/hosts/darwins/poseidon/configuration.nix
@@ -0,0 +1,23 @@
+{ config, lib, pkgs, inputs, soxincfg, ... }:
+
+let
+  inherit (lib)
+    singleton
+    ;
+in
+{
+  imports = [
+    soxincfg.nixosModules.profiles.myself
+    soxincfg.nixosModules.profiles.workstation.darwin.local
+  ];
+
+  # load YL's home-manager configuration
+  home-manager.users.yl = import ./home.nix { inherit soxincfg; };
+
+  # TODO: Make gpg work, and re-enable this.
+  soxincfg.programs.git.enableGpgSigningKey = false;
+
+  nix = {
+    useDaemon = true;
+  };
+}
diff --git a/hosts/darwins/poseidon/home.nix b/hosts/darwins/poseidon/home.nix
@@ -0,0 +1,14 @@
+# home-manager configuration for user `yl`
+{ soxincfg }:
+{ config, pkgs, home-manager, lib, ... }:
+
+with lib;
+
+{
+  imports = [
+    soxincfg.nixosModules.profiles.myself
+    soxincfg.nixosModules.profiles.workstation.darwin.local
+  ];
+
+  home.stateVersion = "23.05";
+}
diff --git a/hosts/darwins/saturn/configuration.nix b/hosts/darwins/saturn/configuration.nix
@@ -0,0 +1,23 @@
+{ config, lib, pkgs, inputs, soxincfg, ... }:
+
+let
+  inherit (lib)
+    singleton
+    ;
+in
+{
+  imports = [
+    soxincfg.nixosModules.profiles.myself
+    soxincfg.nixosModules.profiles.workstation.darwin.local
+  ];
+
+  # load YL's home-manager configuration
+  home-manager.users.yl = import ./home.nix { inherit soxincfg; };
+
+  # TODO: Make gpg work, and re-enable this.
+  soxincfg.programs.git.enableGpgSigningKey = false;
+
+  nix = {
+    useDaemon = true;
+  };
+}
diff --git a/hosts/darwins/saturn/home.nix b/hosts/darwins/saturn/home.nix
@@ -0,0 +1,14 @@
+# home-manager configuration for user `yl`
+{ soxincfg }:
+{ config, pkgs, home-manager, lib, ... }:
+
+with lib;
+
+{
+  imports = [
+    soxincfg.nixosModules.profiles.myself
+    soxincfg.nixosModules.profiles.workstation.darwin.local
+  ];
+
+  home.stateVersion = "23.05";
+}
diff --git a/hosts/default.nix b/hosts/default.nix
@@ -1,4 +1,4 @@
 inputs@{ ... }:
 
-(import ./nixoses inputs) //
-(import ./darwins inputs)
+(import ./nixoses inputs)
+  // (import ./darwins inputs)
diff --git a/hosts/nixoses/default.nix b/hosts/nixoses/default.nix
@@ -1,9 +1,25 @@
-inputs@{ self, deploy-rs, ... }:
+inputs@{ self, deploy-rs, lib ? nixpkgs.lib, nixpkgs, ... }:
 
 let
+  inherit (lib)
+    mapAttrs
+    recursiveUpdate
+    ;
+
   # the default channel to follow.
   channelName = "nixpkgs";
+
+  # the operating mode of Soxin
+  mode = "NixOS";
 in
+mapAttrs
+  (n: v: recursiveUpdate
+  {
+    inherit
+      mode
+      ;
+  }
+    v)
 {
   ###
   # x86_64-linux

diff --git a/modules/hardware/onlykey/home.nix b/modules/hardware/onlykey/home.nix
@@ -5,6 +5,7 @@ let
     mkDefault
     mkIf
     mkMerge
+    optionals
     singleton
     ;
 
@@ -15,20 +16,30 @@ let
     writeShellScript
     ;
 
+  inherit (pkgs.hostPlatform)
+    isLinux
+    ;
+
   cfg = config.soxincfg.hardware.onlykey;
 
   gpg-agent-program = writeShellScript "run-onlykey-agent.sh" ''
     set -euo pipefail
 
     exec ${onlykey-agent}/bin/onlykey-gpg-agent \
+      --homedir ~/.gnupg \
       --skey-slot=${toString cfg.gnupg-support.signing-key-slot} \
       --dkey-slot=${toString cfg.gnupg-support.decryption-key-slot} \
       $*
   '';
 in
 {
   config = mkIf cfg.enable (mkMerge [
-    { home.packages = [ onlykey onlykey-agent onlykey-cli ]; }
+    {
+      home.packages =
+        [
+          onlykey-cli
+        ] ++ optionals (isLinux) [ onlykey ];
+    }
 
     (mkIf cfg.ssh-support.enable {
       soxincfg.programs.ssh = {
@@ -41,12 +52,20 @@ in
       '';
     })
 
+    (mkIf (cfg.ssh-support.enable && pkgs.stdenv.hostPlatform.isDarwin) {
+      programs.zsh.initExtra = ''
+        eval "$(${pkgs.keychain}/bin/keychain --eval --agents ssh id_ed25519_sk_rk -q)"
+      '';
+    })
+
     (mkIf cfg.gnupg-support.enable {
       home.file.".gnupg/run-agent.sh" = {
         source = gpg-agent-program;
         executable = true;
       };
 
+      home.packages = singleton onlykey-agent;
+
       programs.gpg = {
         enable = true;
 

diff --git a/modules/programs/ssh/default.nix b/modules/programs/ssh/default.nix
@@ -135,7 +135,7 @@ in
   };
 
   config = mkIf cfg.enable (mkMerge [
-    {
+    (optionalAttrs (mode == "NixOS" || mode == "home-manager") {
       programs.ssh = {
         extraConfig = ''
           PubkeyAuthentication yes
@@ -156,7 +156,7 @@ in
               ("Ciphers " + (concatStringsSep "," cfg.ciphers))}
         '';
       };
-    }
+    })
 
     (optionalAttrs (mode == "NixOS") {
       programs.ssh = {
@@ -170,6 +170,12 @@ in
       };
     })
 
+    (optionalAttrs (mode == "home-manager") (mkIf (cfg.enableSSHAgent && pkgs.stdenv.hostPlatform.isDarwin) {
+      programs.zsh.initExtra = ''
+        eval "$(${pkgs.keychain}/bin/keychain --eval -q)"
+      '';
+    }))
+
     (optionalAttrs (mode == "home-manager") {
       programs.ssh = {
         enable = true;