swarsel/.dotfiles
1
0
Fork 0
mirror of https://github.com/Swarsel/.dotfiles.git synced 2025-12-06 00:57:22 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

chore: flake cleanup

Browse source
This commit is contained in:
Leon Schwarzäugl 2025-07-17 21:50:14 +02:00
parent e7d3def830
commit 1468f3d0fc
Signed by: swarsel
GPG key ID: 26A54C31F2A4FD84
19 changed files with 267 additions and 391 deletions
Download patch file Download diff file Expand all files Collapse all files

370
SwarselSystems.org
View file

@ -840,9 +840,12 @@ The rest of the outputs either define or help define the actual configurations:
};
swarselprofiles = {
minimal = lib.mkIf minimal true;
minimal = lib.mkIf minimal (lib.mkDefault true);
};
swarselsystems = {
mainUser = lib.mkDefault "swarsel";
};
}
];
};
@ -2028,13 +2031,7 @@ My personal laptop.
{ self, config, inputs, lib, minimal, ... }:
let
primaryUser = config.swarselsystems.mainUser;
sharedOptions = {
isLaptop = true;
isNixos = true;
isBtrfs = true;
isLinux = true;
sharescreen = "eDP-1";
};
sharedOptions = { };
in
{
@ -2046,14 +2043,20 @@ My personal laptop.
];
swarselprofiles = {
reduced = lib.mkIf (!minimal) true;
minimal = lib.mkIf minimal true;
btrfs = true;
};
swarselprofiles = {
reduced = lib.mkIf (!minimal) true;
btrfs = true;
};
swarselsystems = lib.recursiveUpdate
{
isLaptop = true;
isNixos = true;
isBtrfs = true;
isLinux = true;
lowResolution = "1280x800";
highResolution = "1920x1080";
sharescreen = "eDP-1";
info = "Lenovo ThinkPad";
firewall = lib.mkForce true;
wallpaper = self + /files/wallpaper/lenovowp.png;
@ -2070,27 +2073,19 @@ My personal laptop.
sharedOptions;
home-manager.users."${primaryUser}" = {
swarselprofiles = {
reduced = lib.mkIf (!minimal) true;
minimal = lib.mkIf minimal true;
};
# home.stateVersion = lib.mkForce "23.05";
swarselsystems = lib.recursiveUpdate
{
lowResolution = "1280x800";
highResolution = "1920x1080";
monitors = {
main = {
name = "LG Display 0x04EF Unknown";
mode = "1920x1080"; # TEMPLATE
scale = "1";
position = "1920,0";
workspace = "15:L";
output = "eDP-1";
};
swarselsystems = {
monitors = {
main = {
name = "LG Display 0x04EF Unknown";
mode = "1920x1080"; # TEMPLATE
scale = "1";
position = "1920,0";
workspace = "15:L";
output = "eDP-1";
};
}
sharedOptions;
};
};
};
}
@ -2270,15 +2265,7 @@ This is my main server that I run at home. It handles most tasks that require bi
:CUSTOM_ID: h:8ad68406-4a75-45ba-97ad-4c310b921124
:END:
#+begin_src nix-ts :tangle hosts/nixos/winters/default.nix
{ lib, config, ... }:
let
primaryUser = config.swarselsystems.mainUser;
sharedOptions = {
isBtrfs = false;
isLinux = true;
isNixos = true;
};
in
{ config, ... }:
{
imports = [
@ -2299,24 +2286,20 @@ This is my main server that I run at home. It handles most tasks that require bi
};
swarselprofiles = {
server.local = true;
};
swarselsystems = lib.recursiveUpdate
{
info = "ASRock J4105-ITX, 32GB RAM";
isImpermanence = false;
isSecureBoot = true;
isCrypted = true;
}
sharedOptions;
home-manager.users."${primaryUser}" = {
home.stateVersion = lib.mkForce "23.05";
swarselsystems = lib.recursiveUpdate
{ }
sharedOptions;
swarselprofiles = {
server.local = true;
};
swarselsystems = {
info = "ASRock J4105-ITX, 32GB RAM";
isImpermanence = false;
isSecureBoot = true;
isCrypted = true;
isBtrfs = false;
isLinux = true;
isNixos = true;
};
}
@ -2492,15 +2475,7 @@ This machine mainly acts as an external sync helper. It manages the following th
:END:
#+begin_src nix-ts :tangle hosts/nixos/milkywell/default.nix
{ lib, config, minimal, ... }:
let
primaryUser = config.swarselsystems.mainUser;
sharedOptions = {
isBtrfs = true;
isLinux = true;
isNixos = true;
};
in
{ lib, minimal, ... }:
{
imports = [
./hardware-configuration.nix
@ -2525,24 +2500,19 @@ This machine mainly acts as an external sync helper. It manages the following th
swarselprofiles = {
minimal = lib.mkIf minimal true;
server.syncserver = true;
server.syncserver = true;
};
swarselsystems = lib.recursiveUpdate
{
info = "VM.Standard.E2.1.Micro";
isImpermanence = true;
isSecureBoot = false;
isCrypted = true;
isSwap = true;
rootDisk = "/dev/sda";
swapSize = "4G";
}
sharedOptions;
home-manager.users."${primaryUser}" = {
swarselsystems = lib.recursiveUpdate
{ }
sharedOptions;
swarselsystems = {
info = "VM.Standard.E2.1.Micro";
isImpermanence = true;
isSecureBoot = false;
isCrypted = true;
isSwap = true;
rootDisk = "/dev/sda";
swapSize = "4G";
isBtrfs = true;
isLinux = true;
isNixos = true;
};
}
@ -2696,17 +2666,10 @@ This machine mainly acts as an external sync helper. It manages the following th
#+begin_src nix-ts :tangle hosts/nixos/moonside/default.nix
{ lib, config, globals, ... }:
let
primaryUser = config.swarselsystems.mainUser;
inherit (config.repo.secrets.common) workHostName;
inherit (config.repo.secrets.local.syncthing) dev1 dev2 dev3 loc1;
inherit (config.swarselsystems) sopsFile;
serviceDomain = config.repo.secrets.common.services.domains.syncthing3;
sharedOptions = {
isBtrfs = true;
isNixos = true;
isLinux = true;
};
in
{
imports = [
@ -2905,27 +2868,21 @@ This machine mainly acts as an external sync helper. It manages the following th
};
};
swarselprofiles = {
server.moonside = true;
};
swarselsystems = lib.recursiveUpdate
{
info = "VM.Standard.A1.Flex, 4 OCPUs, 24GB RAM";
isImpermanence = true;
isSecureBoot = false;
isCrypted = false;
isSwap = false;
rootDisk = "/dev/sda";
}
sharedOptions;
home-manager.users."${primaryUser}" = {
home.stateVersion = lib.mkForce "23.11";
swarselsystems = lib.recursiveUpdate
{ }
sharedOptions;
swarselprofiles = {
server.moonside = true;
};
swarselsystems = {
info = "VM.Standard.A1.Flex, 4 OCPUs, 24GB RAM";
isImpermanence = true;
isSecureBoot = false;
isCrypted = false;
isSwap = false;
rootDisk = "/dev/sda";
isBtrfs = true;
isNixos = true;
isLinux = true;
};
}
#+end_src
@ -3100,14 +3057,7 @@ This is a slim setup for developing base configuration. I do not track the hardw
:CUSTOM_ID: h:4e53b40b-98b2-4615-b1b0-3696a75edd6e
:END:
#+begin_src nix-ts :tangle hosts/nixos/toto/default.nix
{ self, config, lib, minimal, ... }:
let
primaryUser = config.swarselsystems.mainUser;
sharedOptions = {
isBtrfs = true;
isLinux = true;
};
in
{ self, lib, minimal, ... }:
{
imports = [
@ -3115,42 +3065,33 @@ This is a slim setup for developing base configuration. I do not track the hardw
./hardware-configuration.nix
];
networking = {
hostName = "toto";
firewall.enable = false;
};
swarselprofiles = {
toto = lib.mkIf (!minimal) true;
minimal = lib.mkIf minimal true;
btrfs = true;
};
swarselsystems = lib.recursiveUpdate
{
info = "~SwarselSystems~ remote install helper";
wallpaper = self + /files/wallpaper/lenovowp.png;
isImpermanence = true;
isCrypted = true;
isSecureBoot = false;
isSwap = true;
swapSize = "2G";
# rootDisk = "/dev/nvme0n1";
rootDisk = "/dev/vda";
# rootDisk = "/dev/vda";
}
sharedOptions;
home-manager.users.${primaryUser} = {
home.stateVersion = lib.mkForce "23.05";
swarselsystems = lib.recursiveUpdate
{
isLaptop = false;
isNixos = true;
}
sharedOptions;
swarselprofiles = {
toto = lib.mkIf (!minimal) true;
btrfs = true;
};
swarselsystems = {
info = "~SwarselSystems~ remote install helper";
wallpaper = self + /files/wallpaper/lenovowp.png;
isImpermanence = true;
isCrypted = true;
isSecureBoot = false;
isSwap = true;
swapSize = "2G";
# rootDisk = "/dev/nvme0n1";
rootDisk = "/dev/vda";
# rootDisk = "/dev/vda";
isBtrfs = true;
isLinux = true;
isLaptop = false;
isNixos = true;
};
}
@ -3537,67 +3478,56 @@ I also set the =WLR_RENDERER_ALLOW_SOFTWARE=1= to allow this configuration to ru
{ self, config, pkgs, lib, minimal, ... }:
let
mainUser = "demo";
sharedOptions = {
inherit mainUser;
in
{
imports = [
./hardware-configuration.nix
./disk-config.nix
{
_module.args.diskDevice = config.swarselsystems.rootDisk;
}
];
environment.variables = {
WLR_RENDERER_ALLOW_SOFTWARE = 1;
};
services.qemuGuest.enable = true;
boot = {
loader.systemd-boot.enable = lib.mkForce true;
loader.efi.canTouchEfiVariables = true;
kernelPackages = lib.mkDefault pkgs.linuxPackages_latest;
};
networking = {
hostName = "chaostheatre";
firewall.enable = true;
};
swarselprofiles = {
chaostheatre = lib.mkIf (!minimal) true;
minimal = lib.mkIf minimal true;
btrfs = true;
};
swarselsystems = {
info = "~SwarselSystems~ demo host";
wallpaper = self + /files/wallpaper/lenovowp.png;
isImpermanence = true;
isCrypted = true;
isSecureBoot = false;
isSwap = true;
swapSize = "4G";
rootDisk = "/dev/vda";
isBtrfs = false;
inherit mainUser;
isLinux = true;
isPublic = true;
isNixos = true;
};
in
{
imports = [
./hardware-configuration.nix
./disk-config.nix
{
_module.args.diskDevice = config.swarselsystems.rootDisk;
}
];
environment.variables = {
WLR_RENDERER_ALLOW_SOFTWARE = 1;
};
services.qemuGuest.enable = true;
boot = {
loader.systemd-boot.enable = lib.mkForce true;
loader.efi.canTouchEfiVariables = true;
kernelPackages = lib.mkDefault pkgs.linuxPackages_latest;
};
networking = {
hostName = "chaostheatre";
firewall.enable = true;
};
swarselprofiles = {
chaostheatre = lib.mkIf (!minimal) true;
minimal = lib.mkIf minimal true;
btrfs = true;
};
swarselsystems = lib.recursiveUpdate
{
info = "~SwarselSystems~ demo host";
wallpaper = self + /files/wallpaper/lenovowp.png;
isImpermanence = true;
isCrypted = true;
isSecureBoot = false;
isSwap = true;
swapSize = "4G";
rootDisk = "/dev/vda";
}
sharedOptions;
home-manager.users.${mainUser} = {
home.stateVersion = lib.mkForce "23.05";
swarselsystems = lib.recursiveUpdate
{
isNixos = true;
}
sharedOptions;
};
}
}
#+end_src
@ -4158,7 +4088,7 @@ We enable the use of =home-manager= as a NixoS module. A nice trick here is the
useGlobalPkgs = true;
useUserPackages = true;
verbose = true;
users.swarsel.imports = [
users.${config.swarselsystems.mainUser}.imports = [
inputs.nix-index-database.hmModules.nix-index
inputs.sops-nix.homeManagerModules.sops
# inputs.stylix.homeModules.stylix
@ -4209,8 +4139,8 @@ For that reason, make sure that =sops-nix= is properly working before finishing
users."${config.swarselsystems.mainUser}" = {
isNormalUser = true;
description = "Leon S";
password = lib.mkIf minimal "setup";
hashedPasswordFile = lib.mkIf (!minimal) config.sops.secrets.main-user-hashed-pw.path;
password = lib.mkIf (minimal || config.swarselsystems.isPublic) "setup";
hashedPasswordFile = lib.mkIf (!minimal && !config.swarselsystems.isPublic) config.sops.secrets.main-user-hashed-pw.path;
extraGroups = [ "wheel" ] ++ lib.optionals (!minimal) [ "networkmanager" "syncthing" "docker" "lp" "audio" "video" "vboxusers" "libvirtd" "scanner" ];
packages = with pkgs; [ ];
};
@ -10273,6 +10203,9 @@ Options that I need specifically at work. There are more options at [[#h:f0b2ea9
spice-protocol
win-virtio
win-spice
powershell
gh
];
@ -16123,7 +16056,7 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a
:END:
#+begin_src nix-ts :tangle profiles/nixos/personal/default.nix :mkdirp yes
{ lib, config, minimal, ... }:
{ lib, config, ... }:
{
options.swarselprofiles.personal = lib.mkEnableOption "is this a personal host";
config = lib.mkIf config.swarselprofiles.personal {
@ -16182,7 +16115,7 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a
};
home-manager.users."${config.swarselsystems.mainUser}" = {
swarselprofiles = {
personal = lib.mkIf (!minimal) true;
personal = lib.mkDefault true;
};
};
@ -16249,6 +16182,11 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a
ssh = lib.mkDefault true;
};
};
home-manager.users."${config.swarselsystems.mainUser}" = {
swarselprofiles = {
personal = lib.mkDefault true;
};
};
};
@ -16308,6 +16246,7 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a
home-manager = lib.mkDefault true;
xserver = lib.mkDefault true;
users = lib.mkDefault true;
sops = lib.mkDefault true;
env = lib.mkDefault true;
security = lib.mkDefault true;
systemdTimeout = lib.mkDefault true;
@ -16316,7 +16255,6 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a
pipewire = lib.mkDefault true;
network = lib.mkDefault true;
time = lib.mkDefault true;
sops = lib.mkDefault false;
stylix = lib.mkDefault true;
programs = lib.mkDefault true;
zsh = lib.mkDefault true;
@ -16327,7 +16265,7 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a
interceptionTools = lib.mkDefault true;
swayosd = lib.mkDefault true;
ppd = lib.mkDefault true;
yubikey = lib.mkDefault true;
yubikey = lib.mkDefault false;
ledger = lib.mkDefault true;
keyboards = lib.mkDefault true;
login = lib.mkDefault true;
@ -16389,7 +16327,7 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a
:END:
#+begin_src nix-ts :tangle profiles/nixos/work/default.nix :mkdirp yes
{ lib, config, minimal, ... }:
{ lib, config, ... }:
{
options.swarselprofiles.work = lib.mkEnableOption "is this a work host";
config = lib.mkIf config.swarselprofiles.work {
@ -16400,7 +16338,7 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a
};
home-manager.users."${config.swarselsystems.mainUser}" = {
swarselprofiles = {
work = lib.mkIf (!minimal) true;
work = lib.mkDefault true;
};
};
@ -16416,7 +16354,7 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a
:END:
#+begin_src nix-ts :tangle profiles/nixos/framework/default.nix :mkdirp yes
{ lib, config, minimal, ... }:
{ lib, config, ... }:
{
options.swarselprofiles.framework = lib.mkEnableOption "is this a framework brand host";
config = lib.mkIf config.swarselprofiles.framework {
@ -16427,7 +16365,7 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a
};
home-manager.users."${config.swarselsystems.mainUser}" = {
swarselprofiles = {
framework = lib.mkIf (!minimal) true;
framework = lib.mkDefault true;
};
};
@ -20847,7 +20785,7 @@ This file defines a few workflows that I often need to run when working on my co
sudo dd if=$(eza --sort changed {{ISO}} | tail -n1) of={{DRIVE}} bs=4M status=progress oflag=sync
sync USER HOST:
rsync -av --filter=':- .gitignore' -e "ssh -l {{USER}}" . {{USER}}@{{HOST}}:.dotfiles/
rsync -rltv --filter=':- .gitignore' -e "ssh -l {{USER}}" . {{USER}}@{{HOST}}:.dotfiles/
#+end_src
** aspell.conf

6
flake.lock generated
View file

@ -1618,11 +1618,11 @@
},
"nixpkgs-dev": {
"locked": {
"lastModified": 1752440522,
"narHash": "sha256-CInQkEG3f8XwIBQxYFhuFCT+T++JPstThfifAMD0yRk=",
"lastModified": 1752736260,
"narHash": "sha256-90Gt98hmw/20aOAd7KaSW6otXu7MOBctRmI9RlXD/s0=",
"owner": "Swarsel",
"repo": "nixpkgs",
"rev": "1f569e3bd49502cb4ec312214662d93619cf2c54",
"rev": "169c3483f7c06fbb58c9346e4d9d112c8aa7827e",
"type": "github"
},
"original": {

46
hosts/nixos/bakery/default.nix
View file

@ -1,13 +1,7 @@
{ self, config, inputs, lib, minimal, ... }:
let
primaryUser = config.swarselsystems.mainUser;
sharedOptions = {
isLaptop = true;
isNixos = true;
isBtrfs = true;
isLinux = true;
sharescreen = "eDP-1";
};
sharedOptions = { };
in
{
@ -21,12 +15,18 @@ in
swarselprofiles = {
reduced = lib.mkIf (!minimal) true;
minimal = lib.mkIf minimal true;
btrfs = true;
};
swarselsystems = lib.recursiveUpdate
{
isLaptop = true;
isNixos = true;
isBtrfs = true;
isLinux = true;
lowResolution = "1280x800";
highResolution = "1920x1080";
sharescreen = "eDP-1";
info = "Lenovo ThinkPad";
firewall = lib.mkForce true;
wallpaper = self + /files/wallpaper/lenovowp.png;
@ -43,26 +43,18 @@ in
sharedOptions;
home-manager.users."${primaryUser}" = {
swarselprofiles = {
reduced = lib.mkIf (!minimal) true;
minimal = lib.mkIf minimal true;
};
# home.stateVersion = lib.mkForce "23.05";
swarselsystems = lib.recursiveUpdate
{
lowResolution = "1280x800";
highResolution = "1920x1080";
monitors = {
main = {
name = "LG Display 0x04EF Unknown";
mode = "1920x1080"; # TEMPLATE
scale = "1";
position = "1920,0";
workspace = "15:L";
output = "eDP-1";
};
swarselsystems = {
monitors = {
main = {
name = "LG Display 0x04EF Unknown";
mode = "1920x1080"; # TEMPLATE
scale = "1";
position = "1920,0";
workspace = "15:L";
output = "eDP-1";
};
}
sharedOptions;
};
};
};
}

41
hosts/nixos/chaostheatre/default.nix
View file

@ -1,12 +1,6 @@
{ self, config, pkgs, lib, minimal, ... }:
let
mainUser = "demo";
sharedOptions = {
inherit mainUser;
isBtrfs = false;
isLinux = true;
isPublic = true;
};
in
{
@ -40,25 +34,20 @@ in
minimal = lib.mkIf minimal true;
btrfs = true;
};
swarselsystems = lib.recursiveUpdate
{
info = "~SwarselSystems~ demo host";
wallpaper = self + /files/wallpaper/lenovowp.png;
isImpermanence = true;
isCrypted = true;
isSecureBoot = false;
isSwap = true;
swapSize = "4G";
rootDisk = "/dev/vda";
}
sharedOptions;
home-manager.users.${mainUser} = {
home.stateVersion = lib.mkForce "23.05";
swarselsystems = lib.recursiveUpdate
{
isNixos = true;
}
sharedOptions;
swarselsystems = {
info = "~SwarselSystems~ demo host";
wallpaper = self + /files/wallpaper/lenovowp.png;
isImpermanence = true;
isCrypted = true;
isSecureBoot = false;
isSwap = true;
swapSize = "4G";
rootDisk = "/dev/vda";
isBtrfs = false;
inherit mainUser;
isLinux = true;
isPublic = true;
isNixos = true;
};
}

37
hosts/nixos/milkywell/default.nix
View file

@ -1,12 +1,4 @@
{ lib, config, minimal, ... }:
let
primaryUser = config.swarselsystems.mainUser;
sharedOptions = {
isBtrfs = true;
isLinux = true;
isNixos = true;
};
in
{ lib, minimal, ... }:
{
imports = [
./hardware-configuration.nix
@ -33,22 +25,17 @@ in
minimal = lib.mkIf minimal true;
server.syncserver = true;
};
swarselsystems = lib.recursiveUpdate
{
info = "VM.Standard.E2.1.Micro";
isImpermanence = true;
isSecureBoot = false;
isCrypted = true;
isSwap = true;
rootDisk = "/dev/sda";
swapSize = "4G";
}
sharedOptions;
home-manager.users."${primaryUser}" = {
swarselsystems = lib.recursiveUpdate
{ }
sharedOptions;
swarselsystems = {
info = "VM.Standard.E2.1.Micro";
isImpermanence = true;
isSecureBoot = false;
isCrypted = true;
isSwap = true;
rootDisk = "/dev/sda";
swapSize = "4G";
isBtrfs = true;
isLinux = true;
isNixos = true;
};
}

33
hosts/nixos/moonside/default.nix
View file

@ -1,16 +1,9 @@
{ lib, config, globals, ... }:
let
primaryUser = config.swarselsystems.mainUser;
inherit (config.repo.secrets.common) workHostName;
inherit (config.repo.secrets.local.syncthing) dev1 dev2 dev3 loc1;
inherit (config.swarselsystems) sopsFile;
serviceDomain = config.repo.secrets.common.services.domains.syncthing3;
sharedOptions = {
isBtrfs = true;
isNixos = true;
isLinux = true;
};
in
{
imports = [
@ -212,22 +205,16 @@ in
swarselprofiles = {
server.moonside = true;
};
swarselsystems = lib.recursiveUpdate
{
info = "VM.Standard.A1.Flex, 4 OCPUs, 24GB RAM";
isImpermanence = true;
isSecureBoot = false;
isCrypted = false;
isSwap = false;
rootDisk = "/dev/sda";
}
sharedOptions;
home-manager.users."${primaryUser}" = {
home.stateVersion = lib.mkForce "23.11";
swarselsystems = lib.recursiveUpdate
{ }
sharedOptions;
swarselsystems = {
info = "VM.Standard.A1.Flex, 4 OCPUs, 24GB RAM";
isImpermanence = true;
isSecureBoot = false;
isCrypted = false;
isSwap = false;
rootDisk = "/dev/sda";
isBtrfs = true;
isNixos = true;
isLinux = true;
};
}

50
hosts/nixos/toto/default.nix
View file

@ -1,11 +1,4 @@
{ self, config, lib, minimal, ... }:
let
primaryUser = config.swarselsystems.mainUser;
sharedOptions = {
isBtrfs = true;
isLinux = true;
};
in
{ self, lib, minimal, ... }:
{
imports = [
@ -13,8 +6,6 @@ in
./hardware-configuration.nix
];
networking = {
hostName = "toto";
firewall.enable = false;
@ -22,31 +13,24 @@ in
swarselprofiles = {
toto = lib.mkIf (!minimal) true;
minimal = lib.mkIf minimal true;
btrfs = true;
};
swarselsystems = lib.recursiveUpdate
{
info = "~SwarselSystems~ remote install helper";
wallpaper = self + /files/wallpaper/lenovowp.png;
isImpermanence = true;
isCrypted = true;
isSecureBoot = false;
isSwap = true;
swapSize = "2G";
# rootDisk = "/dev/nvme0n1";
rootDisk = "/dev/vda";
# rootDisk = "/dev/vda";
}
sharedOptions;
home-manager.users.${primaryUser} = {
home.stateVersion = lib.mkForce "23.05";
swarselsystems = lib.recursiveUpdate
{
isLaptop = false;
isNixos = true;
}
sharedOptions;
swarselsystems = {
info = "~SwarselSystems~ remote install helper";
wallpaper = self + /files/wallpaper/lenovowp.png;
isImpermanence = true;
isCrypted = true;
isSecureBoot = false;
isSwap = true;
swapSize = "2G";
# rootDisk = "/dev/nvme0n1";
rootDisk = "/dev/vda";
# rootDisk = "/dev/vda";
isBtrfs = true;
isLinux = true;
isLaptop = false;
isNixos = true;
};
}

32
hosts/nixos/winters/default.nix
View file

@ -1,12 +1,4 @@
{ lib, config, ... }:
let
primaryUser = config.swarselsystems.mainUser;
sharedOptions = {
isBtrfs = false;
isLinux = true;
isNixos = true;
};
in
{ config, ... }:
{
imports = [
@ -30,19 +22,15 @@ in
swarselprofiles = {
server.local = true;
};
swarselsystems = lib.recursiveUpdate
{
info = "ASRock J4105-ITX, 32GB RAM";
isImpermanence = false;
isSecureBoot = true;
isCrypted = true;
}
sharedOptions;
home-manager.users."${primaryUser}" = {
home.stateVersion = lib.mkForce "23.05";
swarselsystems = lib.recursiveUpdate
{ }
sharedOptions;
swarselsystems = {
info = "ASRock J4105-ITX, 32GB RAM";
isImpermanence = false;
isSecureBoot = true;
isCrypted = true;
isBtrfs = false;
isLinux = true;
isNixos = true;
};
}

2
justfile
View file

@ -24,4 +24,4 @@ dd DRIVE ISO:
sudo dd if=$(eza --sort changed {{ISO}} | tail -n1) of={{DRIVE}} bs=4M status=progress oflag=sync
sync USER HOST:
rsync -av --filter=':- .gitignore' -e "ssh -l {{USER}}" . {{USER}}@{{HOST}}:.dotfiles/
rsync -rltv --filter=':- .gitignore' -e "ssh -l {{USER}}" . {{USER}}@{{HOST}}:.dotfiles/

2
modules/nixos/common/home-manager.nix
View file

@ -6,7 +6,7 @@
useGlobalPkgs = true;
useUserPackages = true;
verbose = true;
users.swarsel.imports = [
users.${config.swarselsystems.mainUser}.imports = [
inputs.nix-index-database.hmModules.nix-index
inputs.sops-nix.homeManagerModules.sops
# inputs.stylix.homeModules.stylix

4
modules/nixos/common/users.nix
View file

@ -12,8 +12,8 @@ in
users."${config.swarselsystems.mainUser}" = {
isNormalUser = true;
description = "Leon S";
password = lib.mkIf minimal "setup";
hashedPasswordFile = lib.mkIf (!minimal) config.sops.secrets.main-user-hashed-pw.path;
password = lib.mkIf (minimal || config.swarselsystems.isPublic) "setup";
hashedPasswordFile = lib.mkIf (!minimal && !config.swarselsystems.isPublic) config.sops.secrets.main-user-hashed-pw.path;
extraGroups = [ "wheel" ] ++ lib.optionals (!minimal) [ "networkmanager" "syncthing" "docker" "lp" "audio" "video" "vboxusers" "libvirtd" "scanner" ];
packages = with pkgs; [ ];
};

3
modules/nixos/optional/work.nix
View file

@ -208,6 +208,9 @@ in
spice-protocol
win-virtio
win-spice
powershell
gh
];

5
nix/hosts.nix
View file

@ -28,9 +28,12 @@
};
swarselprofiles = {
minimal = lib.mkIf minimal true;
minimal = lib.mkIf minimal (lib.mkDefault true);
};
swarselsystems = {
mainUser = lib.mkDefault "swarsel";
};
}
];
};

4
profiles/nixos/chaostheatre/default.nix
View file

@ -8,6 +8,7 @@
home-manager = lib.mkDefault true;
xserver = lib.mkDefault true;
users = lib.mkDefault true;
sops = lib.mkDefault true;
env = lib.mkDefault true;
security = lib.mkDefault true;
systemdTimeout = lib.mkDefault true;
@ -16,7 +17,6 @@
pipewire = lib.mkDefault true;
network = lib.mkDefault true;
time = lib.mkDefault true;
sops = lib.mkDefault false;
stylix = lib.mkDefault true;
programs = lib.mkDefault true;
zsh = lib.mkDefault true;
@ -27,7 +27,7 @@
interceptionTools = lib.mkDefault true;
swayosd = lib.mkDefault true;
ppd = lib.mkDefault true;
yubikey = lib.mkDefault true;
yubikey = lib.mkDefault false;
ledger = lib.mkDefault true;
keyboards = lib.mkDefault true;
login = lib.mkDefault true;

4
profiles/nixos/framework/default.nix
View file

@ -1,4 +1,4 @@
{ lib, config, minimal, ... }:
{ lib, config, ... }:
{
options.swarselprofiles.framework = lib.mkEnableOption "is this a framework brand host";
config = lib.mkIf config.swarselprofiles.framework {
@ -9,7 +9,7 @@
};
home-manager.users."${config.swarselsystems.mainUser}" = {
swarselprofiles = {
framework = lib.mkIf (!minimal) true;
framework = lib.mkDefault true;
};
};

4
profiles/nixos/personal/default.nix
View file

@ -1,4 +1,4 @@
{ lib, config, minimal, ... }:
{ lib, config, ... }:
{
options.swarselprofiles.personal = lib.mkEnableOption "is this a personal host";
config = lib.mkIf config.swarselprofiles.personal {
@ -57,7 +57,7 @@
};
home-manager.users."${config.swarselsystems.mainUser}" = {
swarselprofiles = {
personal = lib.mkIf (!minimal) true;
personal = lib.mkDefault true;
};
};

5
profiles/nixos/reduced/default.nix
View file

@ -49,6 +49,11 @@
ssh = lib.mkDefault true;
};
};
home-manager.users."${config.swarselsystems.mainUser}" = {
swarselprofiles = {
personal = lib.mkDefault true;
};
};
};

4
profiles/nixos/work/default.nix
View file

@ -1,4 +1,4 @@
{ lib, config, minimal, ... }:
{ lib, config, ... }:
{
options.swarselprofiles.work = lib.mkEnableOption "is this a work host";
config = lib.mkIf config.swarselprofiles.work {
@ -9,7 +9,7 @@
};
home-manager.users."${config.swarselsystems.mainUser}" = {
swarselprofiles = {
work = lib.mkIf (!minimal) true;
work = lib.mkDefault true;
};
};

6
secrets/repo/pii.nix.enc
View file

@ -1,5 +1,5 @@
{
"data": "ENC[AES256_GCM,data:EF0WWDO7RbeBETTY74hH+dPkI0gxqZwJcciHT687Jj/w4T5MuiVBHd61LPhYsnMmoN//yBzRGgNqHr5Cw5EZiwnK2X2/tobv6f8iD56CLM8wQvtUtmRaqjwirSL2MVJlDuaGkUS2D+6hdzqGnRFRiL9FN0Lt/FLU4mX+Iv4iy+SOfd6gaGjJBq34ZdrL1EU5hdzoRFhQKWRi8GyBq5jhyn7JgTDF2q99Cx5EwuN1NrgKsMhtW0VaYxwL6wnhO/iHO0WIIf+ORXuRVZBLFr6AOAg4nG7JL9HWn+QZ8uUBCzYYryqPcUWZ/2V6e/gVsLCNpfVB0MqGnn8zLYx0ADeBnlKTWID2zp8Mb4Ygxx+2pj6pbVKWj2kPG1pMXH58NxaqSU1ouoh8+uhnGj/VMIvJ7I13eo/rf5ju13Qj9mh5MCFMTh8uBN9M6euGgHgwS41N/GmZIGa01qVDjIc4r0NQjIa5/31IcedTzrVaChjV5RVFJIMD0NmqKv4zkv95Q0+mlee/9SZXirXAfgA4bvUnBR/dTOogC7c2MrANyl/mUAch6UmA0FG5ALC+trlvfY2FYdsbKuL4TWN3CqUCO+bD2Nfeg1y7PK/2xZ5gVNCbIRQy/AdZMWU4NX1N4Hrm+seT9cP6etIu2JjFDg4VIyCCgnFW2O95GOHkBRcVZmBE6Y6ttZ7D+UNSsctXO4duerjMd1Hf2NwaDS0KBNPct2wbCfx5L6iCN4/5KW+vzzy3TPxti1qarZG7jyUeWWAsgn27mKq8v7xbAKIPs6+ebsAH2GB4dY1Bk+cr2mpNychJXJ9G+hfRPuU+7eMhNG/ckFx2Axw1BC6MYaz2zGPQZXayTWVvcbx1Lhx9jqL1QjC2WKc3bxPUKWZy9xhOTS/tGMK8MIWk75s5JnJfhnQ/wMMqXjEsaITSQ1hJhKKVDUTo6FfooZXgFhY7wKpW5gl6hstL9YI+ccZmRtHkyb03ibiOVBni0xzQlpY7vh+DKkOCgl+DcKwAslmhCDFyR9s4ARrQojY5LZtDwPStV/LklU5lcelzHiwUNdirWSd0xN7wobZDLO8U1SrMYkqdwKDNGGObc2G5DqDNtpIxv+bvAr5llth5GmVd0soJdTrORDO8ZfbbDcc145pfva58D4jptvpuTbMnTTtYh3vNHZDxUoTVICUsfA+EMKwNSAog4eQhc/jLdCgLO2AdfL+0bGhAu6mk270IOZOD8ZEXCW/ZC5JwYPXLmictIWGtGjZocV8qMXFJB4LDyLm/49HntW22xcgTEG56VN/Y9YHXDrA2KmjPWNRy9OazPwe4Xqk2CjtwL3be0XuQ/dwwUcd8jh7v765cDrLNWgmwFM2SdmImtyKTeevKPiQOjQgfa2yK5Mmmtw8HpyPkYjdGJSFHm+gco+HaEyl3EfZNB/zQ1vhkWK8Fo70FOZ4tCgi6u+6vuxKPSWz8Vgy4d/fWzF1r+/bite6b4fOQYQu7G0yMVMk2aDGJt5cLTsHLTKy/CNFCc8phBfJXi17u+YVvqyjLuD2QwK0ehF/XIvF5xyog7hWruGaAM1homjATItlLe2Bv6Ag8HXMmcS6CFK5FNKhoLIqiCP1rShzQpYQ94f3kwPFCtXehUSj4WY4XKsYGyFQYiQiqxG7SESXDsmaJKl688e/nsFBGNhJa/AKRflN6XC3ZCtarlG00RNiVjh+lpR8Qx2OFv+u96KumbZ+KDiN9s29AWNBJES0wLoLTZ4NDtIBTV6s5quEEh+R6+m0fLQXjvcnR0uQGtdIf4SDp4Is96oUHEfcmmp48lJD5s8nXT5cKA+ZeHyo7ixh/jiZWhHm2hMWK4+US/wPLoFaeiGGl5jaeV4RSL2uF+lJtfDRHR+4u9PFUro0RWNStHIov21kFkCyxzVQ5hBz2avGgqnoPDbYA31PcPlXXEttWmcEaq7Q+5v0Ttm50UBasS9D/gX+h9AzyP7xljf7i+lqlYjS8Abu8V1wwzPXt9kkYfOUX986QGittxhyKAffyGl/D6hvgv3kuzkzQivskrQLw+3y+My2JHRvIawkUVw2twr6sDY8hsNrvQHVfd6nfIBBsC7ZQO+xF68yjEAA2TwGu3eh3nD3i0G6XcZBHhmlTHM4gtRX4/BD2WM2JxSYlRg7cMtKObICP7cBSE7Mxy6Xatx49Ckp7+sE9H/y/EMCHUc48ayoasLPo8LwdjcZsWp69t9zFO1fdW/HBNCAmhrHwdvNieadPqjzGs7gU8cy/GE/pYXoBrWh2Qr3awMvAmmoshnVsHB8BATVo73FVI3UTkNOkppKhzcOFIULxa4qEI/tgjSGBqVTXdMPEX6WL7OQMm7bkhlUyU3BMcNd8IyxK2p+VsznOOQW8fN0NdZtqi6a8lYQIulX73oqM0p/th2eFl18bxMbkm5agEk+bzFPdAQmRKwExwzWDTxjKIf7jChQ8MYD4a7/i2Qc1qYXZGtkNAF6Yf7Rb7q8ECqkiIcAGDiPDtoncM5Fq4z/hFsPbKEypoZqgnRkMWDOGqQFDr6wpJ2U72CJ7FiZQ2Jhwqz8z/wKpRxI5srbzgRkIo/ZCThvKmFfcjLhZGqmtLk0F1VOzW6xgEh9rzaFEvsrY3lrwiDEN3f6D0XftXLYXw+jdqy9pN9twYsbAbWzYGvLp8vQAz6Q/uiyqYxzQnrUKLJYr5e3RfSEP4g8m97y6EqHx9IsYeT8Yybvnc+qKmh4H1xg0VgLzNDKOKjVP4XUtWJax61VDVzICFO/SX88hbmf6fEgNLO79OmWh8svkS7yYFdi4LxWlxeYQOf+hsfawCpRQ0d4AIvOATRDZK0itOKDU/Nx9wyj9MFSHDwAh9MzEQ3BknCNbo/feOx7pri66eVMNJlOTa7dSTAgQsiP8+weNkCWhJrnxgPlNXxicCkPjLtPWPQZm8gozjuNM3fe+YY4zkwkz7E7tctxq5Zai7Ple5stRUYHTPBOXP6TrUUVJfiElh6PHRhamAZUiMzcrM+qM4tdJjtvRJLR7JucAqZqW2dh6Yq9bfH1LufxvukwR+my5sND3mjz9E+S2YPV3fr2cB7sqQqrtBa+UtC3tywk4aVIJ6hTOiWB+HAGAsRGBNuxVb/oUZIlI7ub8N8Vf/tMPwLyfS49LKwwx4lFTxQRKkvpv/ZARR5PtZVIS3nLh4AORqylM2gIi2Lx2862tJ4SEo4WQy1aukQ==,iv:pEDV2WLEFisblx+XrhuoaNpxtk4Byj+jB/ixhsk3uPQ=,tag:T4xI5g6sIrIobuSuViG5+A==,type:str]",
"data": "ENC[AES256_GCM,data:qxu3uvHbL+/lGIh+ZFZ83Xvr6TWaP12ZnJtgE+d7idFV3/aVXGXoIFzKm7V7KUvHxNjN/1/w1VURBJwRy02dioCuumtxgPYwYRyeO2qjyYo+1oMJljrE0ajqRe0R3JsCapdPcoa91UAO0FqIi7szzA+yd9EHmUcCxEhSjfi0K9JXQfSksrY0ZqgeVf8VqeQ2IaTE4637K+ykNgiBrmifAyyeC/Zu9I3nUq9s9jXZDVf7CXs2UVrDt56gE6x6aMColPJo25f6jKEnvMRzWgzfOp1hwx7Bflq1U7c5icrrsHvQZvrdsgBWOH3EdSWDRUFkoPFfii4lru6uLsvD9e/1zWYOFEzXrucUwWRYskTTGLeYoaDiQzGr9RAO9KdU5UhwyBxYLqstLfxIcIJOK/aoyB0GdQP2LNwz1/5AbxFVtiXEVcY29XwuauiJU5H4xX9bR2DAnNSESkniqHIHDR1juLX59C+byqDj7tdWIvYuNEuFspGebmYG929+nRp/pS9AoqahzhfUrSLHI+IuJc4tI/4S8SrL2y5NQ8u3wV/GuecNVFKc0saX8kd8GU+kcE/TBdP01ZHaR58oDEte9eAxNJPyVP1V4rorI7+3Mw1opIp0xum5KAT5/X0GdBGSZC32Iff3KjhxKnbc/fHvMQOUIidrpc2JiGn8kQV5iyhog9oxXR/BzIV2HVg0z70OagSt1ERYwWmj6RhKwqKqm/kPW+0TsYJegq2rLafFsP11R2KX7Y3BkyZV0Orej3Gs0mj8cj4IdH/kaoM7rQ96Uvx3SRqm76PPpqJDku1LvquaDkqMUmYoBJLUh3VUtnXh01heOrrhWtvnJPgpqZ8JP0HCP4JwYyCByiWTeslk/m9GRWbB8l9ottBX+0E25lZW+OtcdYEUwQna8XIqf7vZGR/nNyLdAmQSuZ+05fV/4iiTEiFvFDhoA4EqZtB5oJPkgn1R3HIMo3EXo3NRnSVTfK35JLUDH9Gt8wDKJw+Joo28rBy270auFnf7B2GtcAnCAEkSeysDMpu6hk8Kl/itlNL+DA33tMnL8AZSBMw4KlT4E+ojz3RkPz31bi2PtV0gzkzkeRSX1R0IUbYmjPseyFc1CmhnulI3R+N2WCl7cEpMpBg1SJfENYytyl83J1Jn8ihMq2oj2Lwq+4R3X3CzAydzIQ7ROazTBeugnf0hTTzUUmMVKJGoPBOtS6/te2kcvL+s3cdNisDlSNYrMNHbAqR8HgnzHqYNXwdrhw5AMTorIA8x8SzXDYLP7kOiN3nw5sUcmQYxfzMwshisy3lOdlil4+HwQJkWVlJIOqrEzB+E1NezszZB/rnpohHUVOqlAyttHZDII9SAU1+vD7yP2ZNYqozqPSS1eJn3Vxhuv2kTtrK82noGv4txa6kMhoxUJ3evwk2ILGEGCnNHaMcMRWGtVtRrKV9AasBSjUnrB5+NEqVaTZDaGTZyJKNba+lG5pA5hZzlb608QyTl8nW7HMD1NP/X93zbjjsb0uyQf5EybPmqXd3AY0zupOi9Ibovqr5v1V7XKoGeaAEKmYOCOrRO19+u0kQQRvgEDmwpoglolusAzR8BDdnXFik2sKIiHinBvtn11EVlwaiJoNSSZd1f1KdImWDGgv2QaZeUVXJTumNcWJC6HJ26e4iS+vUXSizVuyAwMgATpIDcG2RMEhnjHRcAyZ9QdP8O5daahat+MvTJeEjNChRvZN07pjYZ6ZbELR4WECGsEcztOd3EgB/XRxOP11UAjC5EfkG247h0ECS4pecRa+oDPsqv5rmvx9A49DnRF64E13JzMuHjF1ysxSfL/HeEiXXIVHYxuyAwJmjCd8XE0cJ9IJgZ0XYBmz5QcXEtbrllRebuUbspNQH1EFRnXKeOYrWO7ig+AmAUKNeaRPg8+7et0+xWZOlSqjzoSmywm7Zmc1GdRdDt0DEQon4591R2aaUW8ui7Spl1dn2mX0l0LwZRgrZoYBaydvf6Wpd/YtLVFfbrFI4gxY4+vCdOptx15//+zqSYWt9Y8UvFeRDlz9nEWnNSr0qBlfjJ3HiqX8ZDM6ZvnjLtyYClUIgKRTHt8Low2xxH+kAzQ9fY8GS7nTWiU2QLr9AASbfU5GdXh/DfYdx96J7Ojwkntc7iNe2+1NcAa4cxkTasyi0BqC2fNQsQrP4AdNGKl7SRt2SHBl7nc0fiCMmJNqoaMyuRHI8pfi0gmX+FLieHFPKWiM6KRaXCK0J5r1jGH5mdQNVJBS5YivBTpaYi17P+pGWxadHnv/n80PpR95DCqX+0DadZwg8/ux4MprXIYOmHOWp0SQz8p4LpXDlG6ZfPprMr1rKkapIdaqCpZVkpYen1F8RYz20RBNi8SnPtn6Ank6+EewNp1ApTFfrdBkY3E6ikLCSl4skd9lnsOFI1VbxCiw0Xg6j45ubn/NXSSnxAdReFcdJWLGV+WBfFqSOa0bBL3xWmcHXgyoqtiRCHrWGO8OwDUuqaZWdd7/qAoMrKcKyPZO43Id7dakPDAtPGqkbRXL6k9gaEEmSw5esPLHC2NjGvzmhR8gIaSqWx1MeepprKSlDkVsYaWyE8wNVTAkwUA2EyW5m0lWjS3fn7wdMvWogdm1gAbFO/ytP4QAtyT6kf5zJ4yJHXb8Mkshr7fugVz4+4VwfPWW+YHHffgMkanLflB7tZv5HjAK+BQSgJk1/M4k8snEz6KhRcoU140k5iS+WAhrHGesH/N+jXhokcfAqgmnjCgAfoYrFalOIahgWaFteutKLu6QMXhTx2g8OXfqQxQgMO2XOWoTg99OkHTNryxwMC13KiSD8jItkNwhubosB3a2p2Ofw3HsRRK1crsRFs9Y3K2pygKpqlkgkPelK9+A+dBISW2ht9d1v/EMkLUW6dwbhTNCVMyZZvfHKt1mIh4k7YQrn+nqW7xPFUZd5P8Dvqag/yuNjiMpeEof2fgavo5lJzw1tVMSQZX3vdIiKlEepNZ8t9WuP5kgjN6nzAxW+ZAgSIRKSmWtdBuVjpuFAKOfw9W6ruqRS1HycwtQicFBJ1Anewq20OwPm2nADN62vnhmNzQF2TuRJJDXLZaQcoG9GvW67IyFdPkroh1Gshhzvu5RKNR7yZrpjOlIMV1+hKdgZzxZkfhihaABeumFWlDWZPDRzqzLHtTKDvkVWPNFHbu1oVKTdMFMGTRdYSLIdMqkMJwkEiLSf58qE8Tuf5tk8L6XFXdT8XejUlajz3vhq4WzN9LjW1zQ==,iv:2AkTWN5WCYjf9DWJGCsmRf3CLA/EMgpLaORWcB2pGvs=,tag:cbwxW35me7T1OZipxdHfvw==,type:str]",
"sops": {
"age": [
{
@ -27,8 +27,8 @@
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtU240VjVRZmJ5TGsrclJF\nRXRLbTRCZURtR0Z3d2E2eDNNeGRDODlXVEY4CllTeVFYbDJQWlRSS1RFLzAxSnlM\nZi9NU1c3cWo3YWRLcUJ2U2ZFWFBBVEEKLS0tIGtmZU9qSWdBT3RDeStaaFFDSWtk\ndkUzZXJwZUl4LzVxYXdidmxXRnNnclUKyAMZqCKSY/RQvTR4bbjLaPnGKwdBcHXc\nvtiVSrLdIdzMa6id/J07TJH5UesUmcp0wjU41MDa4aMBLy+cXhuBHA==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2025-07-14T02:08:47Z",
"mac": "ENC[AES256_GCM,data:ZT2q2cHleWw+h7JNzWi+UnFo7G72xMMjzkbr4Ixp09xT9jqHjeHRitRveoNyh8jcRSbWxVeYf1fpKEKPEAxqU77NORhD/QBFjQm1iG/UH/xkRNBTQ/kE+yp/6jlkyfJ/m8ulTSbegz2eQkko9HP9qG7+QMcESP6zE7ko8UFPXAY=,iv:AvQDzn9kQYj1cr6K/luFZkv2G1UAQT27cA9/pQMRJl0=,tag:uuH3aZSI644HrJXYR5I7UQ==,type:str]",
"lastmodified": "2025-07-17T19:47:10Z",
"mac": "ENC[AES256_GCM,data:rSJPK8zMaT+VGj92885MrhHf3VPWKChIGeoWAjWYzGS0GNd+ENThrx7SmKSA2GRgcvT52Xap+wZi8Vzzl0wZPyKiM3LwtQ1JDH401m+RJzqYmEmSmNWtBaXijMYzlW82oG6dJxsHPNAiZfV3iIrXfq4mDIs8KEjl/PwiW+5n3Is=,iv:WRFWcPwFD+Al+EsUMDnCKzXLGiH+xQXMa1ZOGMKgDKI=,tag:h9ObzyxKSXhQB84XVGv6Vw==,type:str]",
"pgp": [
{
"created_at": "2025-06-13T20:13:06Z",