From 4335687f4850aa55bdcef99d7227ed110a1f8a50 Mon Sep 17 00:00:00 2001
From: 0xWheatyz <wyatt@leeworks.dev>
Date: Sun, 24 May 2026 19:34:58 -0400
Subject: [PATCH] feat(nixos): add iOS interop (localsend, uxplay,
 libimobiledevice)

Adds Mac-style iPhone interop to the GNOME host:
- LocalSend for AirDrop-style file transfer (programs.localsend
  opens TCP 53317)
- UxPlay AirPlay receiver with Avahi mDNS publishing so iOS Screen
  Mirroring discovers the host; opens UxPlay's TCP 7000/7001/7100
  and UDP 6000/6001/7011
- usbmuxd + libimobiledevice + ifuse so GVfs auto-mounts iPhone
  over USB in GNOME Files

Constraint: Continuity / Handoff / Universal Clipboard / iMessage
have no FOSS impl on Linux and are out of scope
Rejected: KDE Connect | iOS app cannot send SMS or share clipboard
  due to iOS sandbox, no parity with macOS
Rejected: shairport-sync AirPlay audio receiver | user opted out
Confidence: high
Scope-risk: narrow
Directive: Avahi publish.userServices = true is required for UxPlay
  discovery; do not narrow without retesting iOS Screen Mirroring
Not-tested: behavior when networking.firewall.enable is later
  flipped to true (currently disabled at line 128)
---
 configuration.nix | 30 ++++++++++++++++++++++++++++--
 1 file changed, 28 insertions(+), 2 deletions(-)

diff --git a/configuration.nix b/configuration.nix
index 3ba0bc6..99c6eb7 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -105,6 +105,10 @@
     adwaita-icon-theme
     pkgs-unstable.claude-code  # Use unstable for latest version
     yubikey-manager
+    # iOS interop
+    uxplay
+    libimobiledevice
+    ifuse
   ];
 
   # Some programs need SUID wrappers, can be configured further or are
@@ -116,6 +120,12 @@
     pinentryPackage = pkgs.pinentry-gnome3;
   };
 
+  # AirDrop-style file transfer (LocalSend)
+  programs.localsend = {
+    enable = true;
+    openFirewall = true;
+  };
+
   # List services that you want to enable:
 
   # Enable the OpenSSH daemon.
@@ -225,11 +235,12 @@
   };
 
 
-  # Open firewall for Tailscale
+  # Open firewall for Tailscale + UxPlay AirPlay receiver
   networking.firewall = {
     checkReversePath = "loose";
     trustedInterfaces = [ "tailscale0" "wg0" ];
-    allowedUDPPorts = [ config.services.tailscale.port ];
+    allowedTCPPorts = [ 7000 7001 7100 ];
+    allowedUDPPorts = [ config.services.tailscale.port 6000 6001 7011 ];
   };
 
   # Auto-connect tailscale on boot
@@ -267,6 +278,21 @@
 
   services.pcscd.enable = true;
 
+  # iPhone USB mount (libimobiledevice)
+  services.usbmuxd.enable = true;
+
+  # mDNS for AirPlay receiver (UxPlay) discovery from iPhone
+  services.avahi = {
+    enable = true;
+    nssmdns4 = true;
+    openFirewall = true;
+    publish = {
+      enable = true;
+      addresses = true;
+      userServices = true;
+    };
+  };
+
   security.pam.services = {
     login.u2fAuth = true;
     sudo.u2fAuth = true;