diff --git a/SwarselSystems.org b/SwarselSystems.org index 4d57033..cf2a700 100644 --- a/SwarselSystems.org +++ b/SwarselSystems.org @@ -26,14 +26,13 @@ This configuration is part of a NixOS system that is (nearly) fully declarative This literate configuration lets me explain my choices to my future self as well as you, the reader. I go to great lengths to explain the choices for all configuration steps that I take in order for me to pay due diligence in crafting my setup, and not simply copying big chunks of other peoples code. Also, the literate configuration approach is very convenient to me as I only need to keep of (ideally) a single file to manage all of my configuration. I hope that this documentation will make it easier for beginners to get into Emacs and NixOS as I know it can be a struggle in the beginning. +** Structure of this file + This file is structured as follows: - [[#h:a86fe971-f169-4052-aacf-15e0f267c6cd][Introduction (no code)]] This is the block you are currently in. It holds no code that actually builds the system, it just outlines the general approach and explains my rough mentality -- [[#h:d39b8dfb-536d-414f-9fc0-7d67df48cee4][Noweb-Ref blocks]] - This section hold code that can be templated at other parts of the configuration. This is mostly used for the NixOS side of the configuration where I define my host systems that usually have a lot in common. - - [[#h:c7588c0d-2528-485d-b2df-04d6336428d7][flake.nix]] This block holds everything related to the heart of the nix side of the configuration - the =flake.nix= file. @@ -103,7 +102,108 @@ window.addEventListener('load', addDarkmodeWidget); #+end_export -The rest of this file will now contain actual code that is used in the configuration. + + This section hold code that can be templated at other parts of the configuration. This is mostly used for the NixOS side of the configuration where I define my host systems that usually have a lot in common. + +- [[#h:8fc9f66a-7412-4091-8dee-a06f897baf67][Appendix A: Supplementary Files]] + This section holds files that are not written in nix but are still referenced in the configuration in some way. This is mostly used for configuration of programs that have no native nix support, like tridactyl. Note that shell scripts are still defined under their respective entry in [[#h:64a5cc16-6b16-4802-b421-c67ccef853e1][Packages]]. + +- Historical Note: Noweb-Ref blocks + +These blocks were used in several places throughout the configurations, but not on all machines necessarily. For example, the theming section used need to be in a NixOS block on NixOS machines but in a home-manager block on non-NixOS. + +Originally, I used this method a lot throughout my configuration. However, as my knowledge of NixOS grew, I have been weeding these snippets out more and more as I find more efficient native solutions. Now, only the theming block remains. For example, the above problem can be solved by defining a =theme= attribute set and using =lib.recursiveUpdate= as shown in [[#h:79f7150f-b162-4f57-abdf-07f40dffd932][Shared Configuration Options (holds firefox & stylix config parts)]] and [[#h:a92318cd-413e-4e78-a478-e63b09df019c][Theme (stylix)]]. + +As such, this served to reduce code duplication in this file. The tangled files experienced no size reduction, since noweb-ref only substitutes these blocks in. + +For archival reasons, here is shown how to use a noweb-ref block, in case I ever decide to use it again, or it is interesting to you: + + +#+begin_src nix :tangle no :noweb-ref blockName + enable = true; +#+end_src + +which can then be used in a block like: + +#+begin_src nix :tangle :noweb yes + <> +#+end_src + +not that noweb-reffed blocks will not be indented correctly. You will want to account for that when checking your nix flake with the formatter of your choice. Personally, I have solved this issue using the functions defined in [[#h:59d4306e-9b73-4b2c-b039-6a6518c357fc][org-mode: Upon-save actions (Auto-tangle, export to html, formatting)]]. Originally, I also automatically exported to html there, but it incurred a too high memory penalty which made Emacs become sluggish over time. + +** TODO Structure of this flake + +The structure of this flake as seen many revisions, however lately I have settled on a system that I have grown to like: + + - =hosts=: This folder is used to house all configurations that are used across the infrastructure. At the top level, it splits into the subfolders =nixos=, =home=, =darwin=, and =android=. These folders specify the mode that the configuration is running in: + - nixos: Full NixOS host (may or may not also use home-manager) + - darwin: Host that uses NixOS on MacOS (may or may not use home-manager) + - home: Host that uses only home-manager (no full NixOS) + - android: Phone using nix-on-droid (may or may not use home-manager) + + The corresponding configurations are automatically generated by =mkFullHostConfigs= and =mkHalfHostConfigs=. A "full" host either in the nixos or darwin folder, while a "half" host is in either of home or android. This has to do with the scheme in which these configurations are generated. + + These folders hold in turn a number of folders, the actual configurations. At this time, the files stored in this folder are: + - default.nix: + This file holds the abstracted configuration of the host. This should mostly be enabling [[#h:f0f1c961-3e7a-47b8-99ab-1654bb45dffc][Profiles]] as well as setting some [[#h:f4f22166-e345-43e6-b15f-b7f5bb886554][Shared Configuration Options]]. + - hardware-config.nix: + It is not clearly defined what I hold in this file. Mostly it is just the attributes that nix originally sets when setting up the system for the first time (although at this time modified by me!), bar any filesystem configuration. This makes my deployment in [[#h:74db57ae-0bb9-4257-84be-eddbc85130dd][swarsel-bootstrap]] a little bit simpler. + - disk-config.nix + Holds the aforementioned filesystem configuration and is applied using [[https://github.com/nix-community/disko][disko]]. + + - The hosts// folders may also have a =secrets= folder, under which a single file =pii.nix.enc= can be stored. As the name suggests, this file should be encrypted. Specifically, it needs to be a [[https://github.com/getsops/sops][sops]]-encrypted file (sops does not seem to suggest a file ending other than .yml or others, which is not verbose enough for me, so I went with =.enc=). This file should have the structure of a nix expression, e.g.: + + #+begin_src nix :tangle no + { + my_value = 2; + my_attrSet = { + enable = true; + }; + } + #+end_src + + Using the mechanisms in [[#h:82b8ede2-02d8-4c43-8952-7200ebd4dc23][PII management]] (which in turn uses [[#h:87c7893e-e946-4fc0-8973-1ca27d15cf0e][extra-builtins]] and [[#h:315e6ef6-27d5-4cd8-85ff-053eabe60ddb][sops-decrypt-and-cache]]), these files are decrypted during evaluation time and stored under a persistent directory. As the name suggests, I am using these files to store personally identifiable information - these "secrets" are stored world-readable in the nix store. As such, this should not be used to store important secrets, but rather information that you would not like everyone on the internet to easily find in your git repo. + + - =modules= + This folder holds the most part of the actual system configuration done in this repository. At some point I thought it was cool to have my whole configuration exposed under the flakes =nixosModules=, which is indeed achieved (its usefulness is however debatable). In any way, this folder splits up as: + - nixos: Holds true NixOS configuration + - home: Holds configuration to be used by home-manager (either as a NixOS submodule or not) + - darwin: Holds configuration for nix-darwin. This folder further splits up into a nixos and a home folder, which hold respective nix or home-manager configuration for nix-darwin. + - iso: Holds specific configuration for my installer ISO that I do not want to have loaded in the rest of the configuration. + + The nixos and home folders further split up: + + - common: Configuration that can be used by all hosts (TODO: this currently includes configuration used by my user devices, which will mostly not be used by servers) + - server: Configuration to be used on servers + - optional: Configuration that will be used rather rarely + + This structure is very optionated and highly subjective. I will possibly change this in the future. + + By themselves, most of the files in the modules folder will not do anything. In order for them to do something, their corresponding =config.swarselsystems.modules= attribute needs to be enabled. This is done using... + + - =profiles=: This folder splits up into =home= and =nixos= subfolders, where groupings of module enablers are stored for the respective home and nix setups. Note that =home= profiles are also used in NixOS setups (extensively even)! + + - =nix=: This special folder holds mostly =.nix= files that are not automatically loaded, but rather setup specific things that affect most of the flake. For example, here lies the aforementioned [[#h:87c7893e-e946-4fc0-8973-1ca27d15cf0e][extra-builtins]] as well as the setup for the [[*Globals][Globals]] system. TODO: Move flake-parts units there and explain them here. + + - =lib=: This folder holds utility functions that I add to the nixpkgs library under the =swarselsystems= attribute set. An example would be the =mkIfElse= function. + + - =pkgs=: This folder holds derivations (mostly packages) that I define myself. This is mostly used to grab versions that are not (yet) in nixpkgs, or modified versions of another package. Each derivation in this folder is in turn in its own folder which holds a defautlt.nix. Using the mechanism in [[#h:64a5cc16-6b16-4802-b421-c67ccef853e1][Packages]], these are automatically built and available to all configurations (packages still need to be installed e.g. in =environment.systemPackages=) + + - =checks=: Holds a file that defines my pre-commit-hook checks. TODO: move this to /nix probably + + - =scripts=: This folder holds a bunch of shell scripts that I use for various tasks. Nearly all of these are made into a derivation using =pkgs.writeShellApplication=. In the future (TODO?), I might convert these to native nix, but in the past I kept the as true shellfiles in case I ever wanted to move away from nix. This is becoming less and less likely, however. And even in case that this would happen, I could retrieve these files from the nix store and would simply have to remove the nix store paths. + + - =secrets=: Unlike the similar folder under =hosts=, this folder holds actual sops-encrypted secrets that are created at activation time and not in the nix store. The folder splits up into a bunch of folders, as well as a =repo= folder, which holds another =pii.nix.enc=, which holds global PII's, and a =certs= folder that holds some longer certificate style secrets. + + - =overlays=: This holds a single =default.nix= that defines the overlay I am using in my configuration. It is responsible for adding my defined packages and modifications to the final nixpkgs. Also I add some other conveniences like all past stable nixpkgs and some other package sets. + + - =programs=: This folder holds configurations for various programs (most notably emacs' =init.el= and =early-init.el=), that are being rendered using org-babel and loaded using nix. + + - =wallpaper=: Holds wallpapers and profile pictures. + + - =topology=: Holds the configuration used by [[https://github.com/oddlama/nix-topology][nix-topology]]. + + * flake.nix :PROPERTIES: @@ -11994,7 +12094,7 @@ This section sets up all the imports that are used in the home-manager section. } #+end_src -**** Shared Configuration Options (hold firefox config parts) +**** Shared Configuration Options (holds firefox & stylix config parts) :PROPERTIES: :CUSTOM_ID: h:79f7150f-b162-4f57-abdf-07f40dffd932 :END: @@ -12004,6 +12104,12 @@ Provides settings related to nix-darwin systems. At the moment, I am only making At work I am using several services that are using SSO login - however, as I am using four different accounts at work, this becomes a chore here. Hence, I have defined multiple profiles in [[#h:f0b2ea93-94c8-48d8-8d47-6fe58f58e0e6][Work]] that are all practically using the same configuration. To save screen space, I template that profile here. Set in firefox =about:config > toolkit.legacyUserProfileCustomizations.stylesheets= to true. This should in principle be set automatically using the below config, but it seems not to be working reliably +For styling, I am using the [[https://github.com/danth/stylix][stylix]] NixOS module, loaded by flake. This package is really great, as it adds nix expressions for basically everything. Ever since switching to this, I did not have to play around with theming anywhere else. + +The full list of nerd-fonts can be found here: https://github.com/NixOS/nixpkgs/blob/nixos-unstable/pkgs/data/fonts/nerd-fonts/manifests/fonts.json + +This is where the theme for the whole OS is defined. Originally, this noweb-ref section could not be copied to the general NixOS config since they are on different folder structure levels in the config, which would have made the flake impure. By now, I have found out that using the =${self}= method for referencing the flake root, I could circumvent this problem. Also, the noweb-ref block could in general be replaced by a custom attribute set (see for example [[#h:e7f98ad8-74a6-4860-a368-cce154285ff0][firefox]]). The difference here was, for a long time, that this block is used in a NixOS and a home-manager-only configuration, verbatim. If I were to use an attribute set, I would have to duplicate this block once each for NixOS and home-manager. Alas, this block stays (for now). However, I learned how to use an attribute set in a custom home-manager module and pass it to both NixOS and home-manager configurations, which also removed the need for that use of it. + #+begin_src nix :noweb yes :tangle modules/home/common/sharedsetup.nix { self, lib, pkgs, ... }: { @@ -18862,67 +18968,6 @@ This sets up the =dashboard=, which is really quite useless. But, it looks cool (add-hook 'comint-output-filter-functions 'comint-truncate-buffer) #+end_src -* Appendix A: Noweb-Ref blocks -:PROPERTIES: -:CUSTOM_ID: h:d39b8dfb-536d-414f-9fc0-7d67df48cee4 -:END: - -These blocks are used in several places throughout the configurations, but not on all machines necessarily. For example, the theming section needs to be in a NixOS block on NixOS machines but in a home-manager block on non-NixOS. - -Originally, I used this method a lot throughout my configuration. However, as my knowledge of NixOS grew, I have been weeding these snippets out more and more as I find more efficient native solutions. Now, only the theming block remains. - -This serves only to reduce code duplication in this file. The tangled files experience no size reduction, since noweb-ref only substitutes these blocks in. - -For styling, I am using the [[https://github.com/danth/stylix][stylix]] NixOS module, loaded by flake. This package is really great, as it adds nix expressions for basically everything. Ever since switching to this, I did not have to play around with theming anywhere else. - -The full list of nerd-fonts can be found here: https://github.com/NixOS/nixpkgs/blob/nixos-unstable/pkgs/data/fonts/nerd-fonts/manifests/fonts.json - -This is where the theme for the whole OS is defined. Originally, this noweb-ref section could not be copied to the general NixOS config since they are on different folder structure levels in the config, which would have made the flake impure. By now, I have found out that using the =${self}= method for referencing the flake root, I could circumvent this problem. Also, the noweb-ref block could in general be replaced by a custom attribute set (see for example [[#h:e7f98ad8-74a6-4860-a368-cce154285ff0][firefox]]). The difference here was, for a long time, that this block is used in a NixOS and a home-manager-only configuration, verbatim. If I were to use an attribute set, I would have to duplicate this block once each for NixOS and home-manager. Alas, this block stays (for now). However, I learned how to use an attribute set in a custom home-manager module and pass it to both NixOS and home-manager configurations, which also removed the need for that use of it. - - -#+begin_src nix :tangle no :noweb-ref theme - enable = true; - base16Scheme = "${self}/programs/stylix/swarsel.yaml"; - polarity = "dark"; - opacity.popups = 0.5; - cursor = { - package = pkgs.banana-cursor; - # package = pkgs.capitaine-cursors; - name = "Banana"; - # name = "capitaine-cursors"; - size = 16; - }; - fonts = { - sizes = { - terminal = 10; - applications = 11; - }; - serif = { - # package = (pkgs.nerdfonts.override { fonts = [ "FiraMono" "FiraCode"]; }); - package = pkgs.cantarell-fonts; - # package = pkgs.montserrat; - name = "Cantarell"; - # name = "FiraCode Nerd Font Propo"; - # name = "Montserrat"; - }; - sansSerif = { - # package = (pkgs.nerdfonts.override { fonts = [ "FiraMono" "FiraCode"]; }); - package = pkgs.cantarell-fonts; - # package = pkgs.montserrat; - name = "Cantarell"; - # name = "FiraCode Nerd Font Propo"; - # name = "Montserrat"; - }; - monospace = { - package = pkgs.nerd-fonts.fira-mono; # has overrides - name = "FiraCode Nerd Font Mono"; - }; - emoji = { - package = pkgs.noto-fonts-emoji; - name = "Noto Color Emoji"; - }; - }; -#+end_src * Appendix B: Supplementary Files :PROPERTIES: :CUSTOM_ID: h:8fc9f66a-7412-4091-8dee-a06f897baf67 diff --git a/index.html b/index.html index 9f83515..9e5a109 100644 --- a/index.html +++ b/index.html @@ -3,7 +3,7 @@ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> - + SwarselSystems: NixOS + Emacs Configuration @@ -201,7 +201,12 @@

Table of Contents

@@ -366,59 +372,60 @@
  • 3.3.1.2. Shared Configuration Options
  • 3.3.1.3. General NixOS settings (stateVersion)
  • 3.3.1.4. Share configuration between nodes
    • -
  • 3.3.1.5. System Packages
    • -
  • 3.3.1.6. Setup home-manager base
    • -
  • 3.3.1.7. Setup home-manager specialArgs
    • -
  • 3.3.1.8. Setup login keymap
    • -
  • 3.3.1.9. User setup, Make users non-mutable
    • -
  • 3.3.1.10. Environment setup
    • -
  • 3.3.1.11. Security
    • -
  • 3.3.1.12. Reduce systemd timeouts
    • -
  • 3.3.1.13. Hardware settings
    • -
  • 3.3.1.14. Pulseaudio
    • -
  • 3.3.1.15. Pipewire
    • -
  • 3.3.1.16. Common network settings
    • -
  • 3.3.1.17. Time, locale settings
    • -
  • 3.3.1.18. Meta options
    • -
  • 3.3.1.19. Topology
    • -
  • 3.3.1.20. sops
    • -
  • 3.3.1.21. PII management
    • -
  • 3.3.1.22. Theme (stylix)
    • -
  • 3.3.1.23. Programs (including zsh setup) +
  • 3.3.1.5. Global options
    • +
  • 3.3.1.6. System Packages
    • +
  • 3.3.1.7. Setup home-manager base
    • +
  • 3.3.1.8. Setup home-manager specialArgs
    • +
  • 3.3.1.9. Setup login keymap
    • +
  • 3.3.1.10. User setup, Make users non-mutable
    • +
  • 3.3.1.11. Environment setup
    • +
  • 3.3.1.12. Security
    • +
  • 3.3.1.13. Reduce systemd timeouts
    • +
  • 3.3.1.14. Hardware settings
    • +
  • 3.3.1.15. Pulseaudio
    • +
  • 3.3.1.16. Pipewire
    • +
  • 3.3.1.17. Common network settings
    • +
  • 3.3.1.18. Time, locale settings
    • +
  • 3.3.1.19. Meta options
    • +
  • 3.3.1.20. Topology
    • +
  • 3.3.1.21. sops
    • +
  • 3.3.1.22. PII management
    • +
  • 3.3.1.23. Theme (stylix)
    • +
  • 3.3.1.24. Programs (including zsh setup)
    • -
  • 3.3.1.24. Services +
  • 3.3.1.25. Services
    • -
  • 3.3.1.25. Hardware compatibility settings (Yubikey, Ledger, Keyboards) - udev rules +
  • 3.3.1.26. Hardware compatibility settings (Yubikey, Ledger, Keyboards) - udev rules
    • -
  • 3.3.1.26. System Login
    • -
  • 3.3.1.27. nix-ld
    • -
  • 3.3.1.28. Impermanence
    • -
  • 3.3.1.29. Summary of nixos-rebuild diff
    • -
  • 3.3.1.30. gnome-keyring
    • -
  • 3.3.1.31. Sway
    • -
  • 3.3.1.32. xdg-portal
    • -
  • 3.3.1.33. Podmam (distrobox)
    • -
  • 3.3.1.34. Appimage
    • -
  • 3.3.1.35. Handle lid switch correctly
    • -
  • 3.3.1.36. Low battery notification
    • -
  • 3.3.1.37. Lanzaboote
    • +
  • 3.3.1.27. System Login
    • +
  • 3.3.1.28. nix-ld
    • +
  • 3.3.1.29. Impermanence
    • +
  • 3.3.1.30. Summary of nixos-rebuild diff
    • +
  • 3.3.1.31. gnome-keyring
    • +
  • 3.3.1.32. Sway
    • +
  • 3.3.1.33. xdg-portal
    • +
  • 3.3.1.34. Podmam (distrobox)
    • +
  • 3.3.1.35. Appimage
    • +
  • 3.3.1.36. Handle lid switch correctly
    • +
  • 3.3.1.37. Low battery notification
    • +
  • 3.3.1.38. Lanzaboote
  • 3.3.2. Server @@ -489,7 +496,7 @@
  • 3.4.1. Common
    • -
  • 5. Appendix A: Noweb-Ref blocks
    • -
  • 6. Appendix B: Supplementary Files +
  • 5. Appendix B: Supplementary Files

    • -This file has 71481 words spanning 19500 lines and was last revised on 2025-06-29 15:39:50 +0200. +This file has 73111 words spanning 19692 lines and was last revised on 2025-06-30 23:10:29 +0200.

    @@ -768,7 +774,10 @@ This configuration is part of a NixOS system that is (nearly) fully declarative

    This literate configuration lets me explain my choices to my future self as well as you, the reader. I go to great lengths to explain the choices for all configuration steps that I take in order for me to pay due diligence in crafting my setup, and not simply copying big chunks of other peoples code. Also, the literate configuration approach is very convenient to me as I only need to keep of (ideally) a single file to manage all of my configuration. I hope that this documentation will make it easier for beginners to get into Emacs and NixOS as I know it can be a struggle in the beginning.

    - + +
    +

    1.1. Structure of this file

    +

    This file is structured as follows:

    @@ -777,9 +786,6 @@ This file is structured as follows:
  • Introduction (no code) This is the block you are currently in. It holds no code that actually builds the system, it just outlines the general approach and explains my rough mentality
    • -
  • Noweb-Ref blocks -This section hold code that can be templated at other parts of the configuration. This is mostly used for the NixOS side of the configuration where I define my host systems that usually have a lot in common.
    • -
  • flake.nix This block holds everything related to the heart of the nix side of the configuration - the flake.nix file.
    • @@ -792,7 +798,7 @@ This section defines my Emacs configuration. For a while, I considered to use ry

    -My emacs is built using the emacs-overlay nix flake, which builds a bleeding edge emacs on wayland (pgtk) with utilities like treesitter support. By executing the below source block, the current build setting can be updated at any time, and you can see my most up-to-date build options (last updated: 2025-06-29 15:39:50 +0200) +My emacs is built using the emacs-overlay nix flake, which builds a bleeding edge emacs on wayland (pgtk) with utilities like treesitter support. By executing the below source block, the current build setting can be updated at any time, and you can see my most up-to-date build options (last updated: 2025-06-30 23:10:29 +0200)

    @@ -867,9 +873,156 @@ new Darkmode().showWidget(); window.addEventListener('load', addDarkmodeWidget); +

    -The rest of this file will now contain actual code that is used in the configuration. +This section hold code that can be templated at other parts of the configuration. This is mostly used for the NixOS side of the configuration where I define my host systems that usually have a lot in common.

    + +
      +
    • Appendix A: Supplementary Files +This section holds files that are not written in nix but are still referenced in the configuration in some way. This is mostly used for configuration of programs that have no native nix support, like tridactyl. Note that shell scripts are still defined under their respective entry in Packages.
      • + +
    • Historical Note: Noweb-Ref blocks
      • +
    + +

    +These blocks were used in several places throughout the configurations, but not on all machines necessarily. For example, the theming section used need to be in a NixOS block on NixOS machines but in a home-manager block on non-NixOS. +

    + +

    +Originally, I used this method a lot throughout my configuration. However, as my knowledge of NixOS grew, I have been weeding these snippets out more and more as I find more efficient native solutions. Now, only the theming block remains. For example, the above problem can be solved by defining a theme attribute set and using lib.recursiveUpdate as shown in Shared Configuration Options (holds firefox & stylix config parts) and Theme (stylix). +

    + +

    +As such, this served to reduce code duplication in this file. The tangled files experienced no size reduction, since noweb-ref only substitutes these blocks in. +

    + +

    +For archival reasons, here is shown how to use a noweb-ref block, in case I ever decide to use it again, or it is interesting to you: +

    + + +
    +
    enable = true;
+
    +
    + +

    +which can then be used in a block like: +

    + +
    +
    enable = true;
+
    +
    + +

    +not that noweb-reffed blocks will not be indented correctly. You will want to account for that when checking your nix flake with the formatter of your choice. Personally, I have solved this issue using the functions defined in org-mode: Upon-save actions (Auto-tangle, export to html, formatting). Originally, I also automatically exported to html there, but it incurred a too high memory penalty which made Emacs become sluggish over time. +

    +
    +
    +
    +

    1.2. TODO Structure of this flake

    +
    +

    +The structure of this flake as seen many revisions, however lately I have settled on a system that I have grown to like: +

    + +
      +
    • hosts: This folder is used to house all configurations that are used across the infrastructure. At the top level, it splits into the subfolders nixos, home, darwin, and android. These folders specify the mode that the configuration is running in: +
        +
      • nixos: Full NixOS host (may or may not also use home-manager)
        • +
      • darwin: Host that uses NixOS on MacOS (may or may not use home-manager)
        • +
      • home: Host that uses only home-manager (no full NixOS)
        • +
      • android: Phone using nix-on-droid (may or may not use home-manager)
        • +
      • +
    + +

    +The corresponding configurations are automatically generated by mkFullHostConfigs and mkHalfHostConfigs. A "full" host either in the nixos or darwin folder, while a "half" host is in either of home or android. This has to do with the scheme in which these configurations are generated. +

    + +

    +These <hosttype> folders hold in turn a number of <hostname> folders, the actual configurations. At this time, the files stored in this folder are: +

    +
      +
    • default.nix: +This file holds the abstracted configuration of the host. This should mostly be enabling Profiles as well as setting some Shared Configuration Options.
      • +
    • hardware-config.nix: +It is not clearly defined what I hold in this file. Mostly it is just the attributes that nix originally sets when setting up the system for the first time (although at this time modified by me!), bar any filesystem configuration. This makes my deployment in swarsel-bootstrap a little bit simpler.
      • +
    • disk-config.nix +Holds the aforementioned filesystem configuration and is applied using disko.
      • + +
    • The hosts/<hosttype>/<hostname> folders may also have a secrets folder, under which a single file pii.nix.enc can be stored. As the name suggests, this file should be encrypted. Specifically, it needs to be a sops-encrypted file (sops does not seem to suggest a file ending other than .yml or others, which is not verbose enough for me, so I went with .enc). This file should have the structure of a nix expression, e.g.:
      • +
    + +
    +
    {
+  my_value = 2;
+  my_attrSet = {
+    enable = true;
+  };
+}
+
    +
    + +

    +Using the mechanisms in PII management (which in turn uses extra-builtins and sops-decrypt-and-cache), these files are decrypted during evaluation time and stored under a persistent directory. As the name suggests, I am using these files to store personally identifiable information - these "secrets" are stored world-readable in the nix store. As such, this should not be used to store important secrets, but rather information that you would not like everyone on the internet to easily find in your git repo. +

    + +
      +

    • +modules +This folder holds the most part of the actual system configuration done in this repository. At some point I thought it was cool to have my whole configuration exposed under the flakes nixosModules, which is indeed achieved (its usefulness is however debatable). In any way, this folder splits up as: +

      +
        +
      • nixos: Holds true NixOS configuration
        • +
      • home: Holds configuration to be used by home-manager (either as a NixOS submodule or not)
        • +
      • darwin: Holds configuration for nix-darwin. This folder further splits up into a nixos and a home folder, which hold respective nix or home-manager configuration for nix-darwin.
        • +
      • iso: Holds specific configuration for my installer ISO that I do not want to have loaded in the rest of the configuration.
        • +
      + +

      +The nixos and home folders further split up: +

      + +
        +
      • common: Configuration that can be used by all hosts (TODO: this currently includes configuration used by my user devices, which will mostly not be used by servers)
        • +
      • server: Configuration to be used on servers
        • +
      • optional: Configuration that will be used rather rarely
        • +
      + +

      +This structure is very optionated and highly subjective. I will possibly change this in the future. +

      + +

      +By themselves, most of the files in the modules folder will not do anything. In order for them to do something, their corresponding config.swarselsystems.modules attribute needs to be enabled. This is done using… +

      • + +
    • profiles: This folder splits up into home and nixos subfolders, where groupings of module enablers are stored for the respective home and nix setups. Note that home profiles are also used in NixOS setups (extensively even)!
      • + +
    • nix: This special folder holds mostly .nix files that are not automatically loaded, but rather setup specific things that affect most of the flake. For example, here lies the aforementioned extra-builtins as well as the setup for the Globals system. TODO: Move flake-parts units there and explain them here.
      • + +
    • lib: This folder holds utility functions that I add to the nixpkgs library under the swarselsystems attribute set. An example would be the mkIfElse function.
      • + +
    • pkgs: This folder holds derivations (mostly packages) that I define myself. This is mostly used to grab versions that are not (yet) in nixpkgs, or modified versions of another package. Each derivation in this folder is in turn in its own folder which holds a defautlt.nix. Using the mechanism in Packages, these are automatically built and available to all configurations (packages still need to be installed e.g. in environment.systemPackages)
      • + +
    • checks: Holds a file that defines my pre-commit-hook checks. TODO: move this to /nix probably
      • + +
    • scripts: This folder holds a bunch of shell scripts that I use for various tasks. Nearly all of these are made into a derivation using pkgs.writeShellApplication. In the future (TODO?), I might convert these to native nix, but in the past I kept the as true shellfiles in case I ever wanted to move away from nix. This is becoming less and less likely, however. And even in case that this would happen, I could retrieve these files from the nix store and would simply have to remove the nix store paths.
      • + +
    • secrets: Unlike the similar folder under hosts, this folder holds actual sops-encrypted secrets that are created at activation time and not in the nix store. The folder splits up into a bunch of <hostname> folders, as well as a repo folder, which holds another pii.nix.enc, which holds global PII's, and a certs folder that holds some longer certificate style secrets.
      • + +
    • overlays: This holds a single default.nix that defines the overlay I am using in my configuration. It is responsible for adding my defined packages and modifications to the final nixpkgs. Also I add some other conveniences like all past stable nixpkgs and some other package sets.
      • + +
    • programs: This folder holds configurations for various programs (most notably emacs' init.el and early-init.el), that are being rendered using org-babel and loaded using nix.
      • + +
    • wallpaper: Holds wallpapers and profile pictures.
      • + +
    • topology: Holds the configuration used by nix-topology.
      • +
    +
    @@ -887,7 +1040,7 @@ These blocks are later inserted here: 2.1. flake.nix skeleton

    -This sections puts together the flake.nix file from the Noweb-Ref blocks section. This tangles the flake.nix file; This block only needs to be touched when updating the general structure of the flake. For everything else, see the respective noweb-ref block. +This sections puts together the flake.nix file from the [BROKEN LINK: h:d39b8dfb-536d-414f-9fc0-7d67df48cee4] section. This tangles the flake.nix file; This block only needs to be touched when updating the general structure of the flake. For everything else, see the respective noweb-ref block.

    @@ -988,128 +1141,208 @@ In outputs = inputs@ [...], the inputs@ makes it so th inputs.nixpkgs.follows = "nixpkgs"; }; nix-topology.url = "github:oddlama/nix-topology"; + flake-parts.url = "github:hercules-ci/flake-parts"; }; outputs = inputs@{ self - , nixpkgs - , home-manager - , systems - , ... - }: + , nixpkgs + , home-manager + , systems + , ... + }: let inherit (self) outputs; lib = (nixpkgs.lib // home-manager.lib).extend (_: _: { swarselsystems = import ./lib { inherit self lib inputs outputs systems; }; }); in - { - inherit lib; - - # nixosModules = import ./modules/nixos { inherit lib; }; - # homeModules = import ./modules/home { inherit lib; }; - packages = lib.swarselsystems.forEachSystem (pkgs: import ./pkgs { inherit lib pkgs; }); - formatter = lib.swarselsystems.forEachSystem (pkgs: pkgs.nixpkgs-fmt); - overlays = import ./overlays { inherit self lib inputs; }; - - apps = lib.swarselsystems.forAllSystems (system: - let - appNames = [ - "swarsel-bootstrap" - "swarsel-install" - "swarsel-rebuild" - "swarsel-postinstall" - ]; - appSet = lib.swarselsystems.mkApps system appNames self; - in - - appSet // { - default = appSet.swarsel-bootstrap; - } - ); - - devShells = lib.swarselsystems.forAllSystems (system: - let - pkgs = lib.swarselsystems.pkgsFor.${system}; - checks = self.checks.${system}; - in - { - default = pkgs.mkShell { - # plugin-files = ${pkgs.nix-plugins.overrideAttrs (o: { - # buildInputs = [pkgs.nixVersions.latest pkgs.boost]; - # patches = (o.patches or []) ++ [ "${self}/nix/nix-plugins.patch" ]; - # })}/lib/nix/plugins - NIX_CONFIG = '' - plugin-files = ${pkgs.nix-plugins}/lib/nix/plugins - extra-builtins-file = ${self + /nix/extra-builtins.nix} - ''; - inherit (checks.pre-commit-check) shellHook; - - buildInputs = checks.pre-commit-check.enabledPackages; - nativeBuildInputs = [ - (builtins.trace "alarm: we pinned nix_2_24 because of https://github.com/shlevy/nix-plugins/issues/20" pkgs.nixVersions.nix_2_24) # Always use the nix version from this flake's nixpkgs version, so that nix-plugins (below) doesn't fail because of different nix versions. - # pkgs.nix - pkgs.home-manager - pkgs.git - pkgs.just - pkgs.age - pkgs.ssh-to-age - pkgs.sops - pkgs.statix - pkgs.deadnix - pkgs.nixpkgs-fmt - ]; - }; - } - ); - - templates = import ./templates { inherit lib; }; - - checks = lib.swarselsystems.forAllSystems (system: - let - pkgs = lib.swarselsystems.pkgsFor.${system}; - in - import ./checks { inherit self inputs system pkgs; } - ); - - diskoConfigurations.default = import .templates/hosts/nixos/disk-config.nix; - - nixosConfigurations = - lib.swarselsystems.mkFullHostConfigs (lib.swarselsystems.readHosts "nixos") "nixos"; - homeConfigurations = - - # "swarsel@home-manager" = inputs.home-manager.lib.homeManagerConfiguration { - # pkgs = lib.swarselsystems.pkgsFor.x86_64-linux; - # extraSpecialArgs = { inherit inputs outputs; }; - # modules = homeModules ++ mixedModules ++ [ - # ./hosts/home-manager - # ]; - # }; - - lib.swarselsystems.mkHalfHostConfigs (lib.swarselsystems.readHosts "home") "home" lib.swarselsystems.pkgsFor.x86_64-linux; - darwinConfigurations = - lib.swarselsystems.mkFullHostConfigs (lib.swarselsystems.readHosts "darwin") "darwin"; - nixOnDroidConfigurations = - - # magicant = inputs.nix-on-droid.lib.nixOnDroidConfiguration { - # pkgs = lib.swarselsystems.pkgsFor.aarch64-linux; - # modules = [ - # ./hosts/magicant - # ]; - # }; - - lib.swarselsystems.mkHalfHostConfigs (lib.swarselsystems.readHosts "android") "android" lib.swarselsystems.pkgsFor.aarch64-linux; - - - topology = - - lib.swarselsystems.forEachSystem (pkgs: import inputs.nix-topology { - inherit pkgs; - modules = [ - "${self}/topology" - { inherit (self) nixosConfigurations; } + inputs.flake-parts.lib.mkFlake { inherit inputs; } { + imports = [ + ./nix/globals.nix ]; - }); + flake = { config, ... }: + let + inherit (self) outputs; + lib = (nixpkgs.lib // home-manager.lib).extend (_: _: { swarselsystems = import ./lib { inherit self lib inputs outputs systems; }; }); + + + linuxUser = "swarsel"; + macUser = "leon.schwarzaeugl"; + + mkFullHost = host: type: { + ${host} = + let + systemFunc = if (type == "nixos") then lib.nixosSystem else inputs.nix-darwin.lib.darwinSystem; + in + systemFunc { + specialArgs = { inherit inputs outputs lib self; inherit (config) globals; }; + modules = [ + { + node.name = host; + node.secretsDir = ./hosts/${type}/${host}/secrets; + } + # put inports here that are for all hosts + inputs.disko.nixosModules.disko + inputs.sops-nix.nixosModules.sops + inputs.impermanence.nixosModules.impermanence + inputs.lanzaboote.nixosModules.lanzaboote + inputs.fw-fanctrl.nixosModules.default + "${self}/hosts/${type}/${host}" + { + _module.args.primaryUser = linuxUser; + } + ] ++ + (if (host == "iso") then [ + inputs.nix-topology.nixosModules.default + ] else + ([ + # put nixos imports here that are for all servers and normal hosts + inputs.nix-topology.nixosModules.default + "${self}/modules/${type}/common" + inputs.stylix.nixosModules.stylix + inputs.nswitch-rcm-nix.nixosModules.nswitch-rcm + ] ++ (if (type == "nixos") then [ + inputs.home-manager.nixosModules.home-manager + "${self}/profiles/nixos" + "${self}/modules/nixos/server" + "${self}/modules/nixos/optional" + { + home-manager.users."${linuxUser}".imports = [ + # put home-manager imports here that are for all normal hosts + "${self}/modules/home/common" + "${self}/modules/home/server" + "${self}/modules/home/optional" + "${self}/profiles/home" + ]; + } + ] else [ + # put nixos imports here that are for darwin hosts + "${self}/modules/darwin/nixos/common" + "${self}/profiles/darwin" + inputs.home-manager.darwinModules.home-manager + { + home-manager.users."${macUser}".imports = [ + # put home-manager imports here that are for darwin hosts + "${self}/modules/darwin/home" + "${self}/modules/home/server" + "${self}/modules/home/optional" + "${self}/profiles/home" + ]; + } + ]) + )); + }; + }; + + mkHalfHost = host: type: pkgs: { + ${host} = + let + systemFunc = if (type == "home") then inputs.home-manager.lib.homeManagerConfiguration else inputs.nix-on-droid.lib.nixOnDroidConfiguration; + in + systemFunc + { + inherit pkgs; + extraSpecialArgs = { inherit inputs outputs lib self; }; + modules = [ "${self}/hosts/${type}/${host}" ]; + }; + }; + + mkFullHostConfigs = hosts: type: lib.foldl (acc: set: acc // set) { } (lib.map (host: mkFullHost host type) hosts); + + mkHalfHostConfigs = hosts: type: pkgs: lib.foldl (acc: set: acc // set) { } (lib.map (host: mkHalfHost host type pkgs) hosts); + + in + { + inherit lib; + + # nixosModules = import ./modules/nixos { inherit lib; }; + # homeModules = import ./modules/home { inherit lib; }; + packages = lib.swarselsystems.forEachSystem (pkgs: import ./pkgs { inherit lib pkgs; }); + formatter = lib.swarselsystems.forEachSystem (pkgs: pkgs.nixpkgs-fmt); + overlays = import ./overlays { inherit self lib inputs; }; + + apps = lib.swarselsystems.forAllSystems (system: + let + appNames = [ + "swarsel-bootstrap" + "swarsel-install" + "swarsel-rebuild" + "swarsel-postinstall" + ]; + appSet = lib.swarselsystems.mkApps system appNames self; + in + + appSet // { + default = appSet.swarsel-bootstrap; + } + ); + + devShells = lib.swarselsystems.forAllSystems (system: + let + pkgs = lib.swarselsystems.pkgsFor.${system}; + checks = self.checks.${system}; + in + { + default = pkgs.mkShell { + # plugin-files = ${pkgs.nix-plugins.overrideAttrs (o: { + # buildInputs = [pkgs.nixVersions.latest pkgs.boost]; + # patches = (o.patches or []) ++ [ "${self}/nix/nix-plugins.patch" ]; + # })}/lib/nix/plugins + NIX_CONFIG = '' + plugin-files = ${pkgs.nix-plugins}/lib/nix/plugins + extra-builtins-file = ${self + /nix/extra-builtins.nix} + ''; + inherit (checks.pre-commit-check) shellHook; + + buildInputs = checks.pre-commit-check.enabledPackages; + nativeBuildInputs = [ + (builtins.trace "alarm: we pinned nix_2_24 because of https://github.com/shlevy/nix-plugins/issues/20" pkgs.nixVersions.nix_2_24) # Always use the nix version from this flake's nixpkgs version, so that nix-plugins (below) doesn't fail because of different nix versions. + # pkgs.nix + pkgs.home-manager + pkgs.git + pkgs.just + pkgs.age + pkgs.ssh-to-age + pkgs.sops + pkgs.statix + pkgs.deadnix + pkgs.nixpkgs-fmt + ]; + }; + } + ); + + templates = import ./templates { inherit lib; }; + + checks = lib.swarselsystems.forAllSystems (system: + let + pkgs = lib.swarselsystems.pkgsFor.${system}; + in + import ./checks { inherit self inputs system pkgs; } + ); + + diskoConfigurations.default = import .templates/hosts/nixos/disk-config.nix; + + nixosConfigurations = mkFullHostConfigs (lib.swarselsystems.readHosts "nixos") "nixos"; + homeConfigurations = mkHalfHostConfigs (lib.swarselsystems.readHosts "home") "home" lib.swarselsystems.pkgsFor.x86_64-linux; + darwinConfigurations = mkFullHostConfigs (lib.swarselsystems.readHosts "darwin") "darwin"; + nixOnDroidConfigurations = mkHalfHostConfigs (lib.swarselsystems.readHosts "android") "android" lib.swarselsystems.pkgsFor.aarch64-linux; + + topology = lib.swarselsystems.forEachSystem (pkgs: import inputs.nix-topology { + inherit pkgs; + modules = [ + "${self}/topology" + { inherit (self) nixosConfigurations; } + ]; + }); + + nodes = config.nixosConfigurations; + }; + systems = [ + "x86_64-linux" + "aarch64-linux" + ]; }; } @@ -1259,6 +1492,7 @@ vbc-nix = { inputs.nixpkgs.follows = "nixpkgs"; }; nix-topology.url = "github:oddlama/nix-topology"; +flake-parts.url = "github:hercules-ci/flake-parts";

    @@ -1476,7 +1710,7 @@ Note: The preceding nixosConfigurations is found in -
    lib.swarselsystems.mkFullHostConfigs (lib.swarselsystems.readHosts "nixos") "nixos";
+
     
    
 
 
@@ -1494,7 +1728,7 @@ Note: The preceding darwinConfigurations is found in     
-
    lib.swarselsystems.mkFullHostConfigs (lib.swarselsystems.readHosts "darwin") "darwin";
+
     
    
 
 
@@ -1516,7 +1750,6 @@ In contrast, this defines home-manager systems, which I only have one of, that s
 #   ];
 # };
 
-lib.swarselsystems.mkHalfHostConfigs (lib.swarselsystems.readHosts "home") "home" lib.swarselsystems.pkgsFor.x86_64-linux;
 
    
 
 
@@ -1537,7 +1770,6 @@ Nix on Android also demands an own flake output, which is provided here.
 #   ];
 # };
 
-lib.swarselsystems.mkHalfHostConfigs (lib.swarselsystems.readHosts "android") "android" lib.swarselsystems.pkgsFor.aarch64-linux;
    @@ -1548,13 +1780,6 @@ lib.swarselsystems.mkHalfHostConfigs (lib.swarselsystems.readHosts "android") "a 
    -lib.swarselsystems.forEachSystem (pkgs: import inputs.nix-topology {
-  inherit pkgs;
-  modules = [
-    "${self}/topology"
-    { inherit (self) nixosConfigurations; }
-  ];
-});
    @@ -3168,6 +3393,9 @@ in "${self}/modules/nixos/common/topology.nix" "${self}/modules/home/common/sharedsetup.nix" + "${self}/modules/nixos/common/globals.nix" + + inputs.home-manager.nixosModules.home-manager { home-manager.users."${primaryUser}".imports = [ @@ -6226,11 +6454,7 @@ TODO

    -
    { self, lib, systems, inputs, outputs, ... }:
-let
-  linuxUser = "swarsel";
-  macUser = "leon.schwarzaeugl";
-in
+
    { self, lib, systems, inputs, ... }:
 {
 
   mkIfElseList = p: yes: no: lib.mkMerge [
@@ -6275,88 +6499,6 @@ in
 
   forEachSystem = f: lib.genAttrs (import systems) (system: f lib.swarselsystems.pkgsFor.${system});
 
-  mkFullHost = host: type: {
-    ${host} =
-      let
-        systemFunc = if (type == "nixos") then lib.nixosSystem else inputs.nix-darwin.lib.darwinSystem;
-      in
-      systemFunc {
-        specialArgs = { inherit inputs outputs lib self; };
-        modules = [
-          {
-            node.name = host;
-            node.secretsDir = ../hosts/${type}/${host}/secrets;
-          }
-          # put inports here that are for all hosts
-          inputs.disko.nixosModules.disko
-          inputs.sops-nix.nixosModules.sops
-          inputs.impermanence.nixosModules.impermanence
-          inputs.lanzaboote.nixosModules.lanzaboote
-          inputs.fw-fanctrl.nixosModules.default
-          "${self}/hosts/${type}/${host}"
-          {
-            _module.args.primaryUser = linuxUser;
-          }
-        ] ++
-        (if (host == "iso") then [
-          inputs.nix-topology.nixosModules.default
-        ] else
-        ([
-          # put nixos imports here that are for all servers and normal hosts
-          inputs.nix-topology.nixosModules.default
-          "${self}/modules/${type}/common"
-          inputs.stylix.nixosModules.stylix
-          inputs.nswitch-rcm-nix.nixosModules.nswitch-rcm
-        ] ++ (if (type == "nixos") then [
-          inputs.home-manager.nixosModules.home-manager
-          "${self}/profiles/nixos"
-          "${self}/modules/nixos/server"
-          "${self}/modules/nixos/optional"
-          {
-            home-manager.users."${linuxUser}".imports = [
-              # put home-manager imports here that are for all normal hosts
-              "${self}/modules/home/common"
-              "${self}/modules/home/server"
-              "${self}/modules/home/optional"
-              "${self}/profiles/home"
-            ];
-          }
-        ] else [
-          # put nixos imports here that are for darwin hosts
-          "${self}/modules/darwin/nixos/common"
-          "${self}/profiles/darwin"
-          inputs.home-manager.darwinModules.home-manager
-          {
-            home-manager.users."${macUser}".imports = [
-              # put home-manager imports here that are for darwin hosts
-              "${self}/modules/darwin/home"
-              "${self}/modules/home/server"
-              "${self}/modules/home/optional"
-              "${self}/profiles/home"
-            ];
-          }
-        ])
-        ));
-      };
-  };
-
-  mkHalfHost = host: type: pkgs: {
-    ${host} =
-      let
-        systemFunc = if (type == "home") then inputs.home-manager.lib.homeManagerConfiguration else inputs.nix-on-droid.lib.nixOnDroidConfiguration;
-      in
-      systemFunc
-        {
-          inherit pkgs;
-          extraSpecialArgs = { inherit inputs outputs lib self; };
-          modules = [ "${self}/hosts/${type}/${host}" ];
-        };
-  };
-
-  mkFullHostConfigs = hosts: type: lib.foldl (acc: set: acc // set) { } (lib.map (host: lib.swarselsystems.mkFullHost host type) hosts);
-
-  mkHalfHostConfigs = hosts: type: pkgs: lib.foldl (acc: set: acc // set) { } (lib.map (host: lib.swarselsystems.mkHalfHost host type pkgs) hosts);
-
   readHosts = type: lib.attrNames (builtins.readDir "${self}/hosts/${type}");
   readNix = type: lib.filter (name: name != "default.nix") (lib.attrNames (builtins.readDir "${self}/${type}"));
 
@@ -6669,6 +6811,64 @@ in
   };
 }
 
+
    
+
    +
    + +
    +
    3.2.5.4. Globals
    +
    +
    +
    { inputs, ... }:
+{
+  flake =
+    {
+      config,
+      lib,
+      ...
+    }:
+    {
+      globals =
+        let
+          globalsSystem = lib.evalModules {
+            prefix = [ "globals" ];
+            specialArgs = {
+              inherit lib;
+              inherit inputs;
+              inherit (config) nodes;
+            };
+            modules = [
+              ../modules/nixos/common/globals.nix
+              (
+                { lib, ... }:
+                {
+                  globals = lib.mkMerge (
+                    lib.concatLists (
+                      lib.flip lib.mapAttrsToList config.nodes (
+                        name: cfg:
+                        builtins.addErrorContext "while aggregating globals from nixosConfigurations.${name} into flake-level globals:" cfg.config._globalsDefs
+                      )
+                    )
+                  );
+                }
+              )
+            ];
+          };
+        in
+        {
+          # Make sure the keys of this attrset are trivially evaluatable to avoid infinite recursion,
+          # therefore we inherit relevant attributes from the config.
+          inherit (globalsSystem.config.globals)
+            domains
+            services
+            macs
+            myuser
+            root
+            ;
+        };
+    };
+}
+
    @@ -6748,38 +6948,6 @@ I usually use mutableUsers = false in my NixOS configuration. Howev isImpermanence = lib.mkEnableOption "use impermanence on this system"; isSecureBoot = lib.mkEnableOption "use secure boot on this system"; }; - globals = lib.mkOption { - default = { }; - type = lib.types.submodule { - options = { - - services = lib.mkOption { - type = lib.types.attrsOf ( - lib.types.submodule { - options = { - domain = lib.mkOption { - type = lib.types.str; - description = "Domain that the service runs under"; - }; - }; - } - ); - }; - domains = { - main = lib.mkOption { - type = lib.types.str; - description = "My main domain."; - }; - }; - }; - }; - }; - # _globalsDefs = lib.mkOption { - # type = lib.types.unspecified; - # default = options.globals.definitions; - # readOnly = true; - # internal = true; - # }; }; } @@ -6967,8 +7135,91 @@ in
    +
    +
    3.3.1.5. Global options
    +
    +
    +
    { lib, options, ... }:
+let
+  inherit (lib)
+    mkOption
+    types
+    ;
+
+in
+{
+  options = {
+    globals = mkOption {
+      default = { };
+      type = types.submodule {
+        options = {
+          root = {
+            hashedPassword = mkOption {
+              type = types.str;
+              description = "My root user's password hash.";
+            };
+          };
+
+          myuser = {
+            name = mkOption {
+              type = types.str;
+              description = "My unix username.";
+            };
+            hashedPassword = mkOption {
+              type = types.str;
+              description = "My unix password hash.";
+            };
+          };
+
+
+          services = mkOption {
+            type = types.attrsOf (
+              types.submodule {
+                options = {
+                  domain = mkOption {
+                    type = types.str;
+                    description = "The domain under which this service can be reached";
+                  };
+                };
+              }
+            );
+          };
+
+          domains = {
+            me = mkOption {
+              type = types.str;
+              description = "My main domain.";
+            };
+
+            personal = mkOption {
+              type = types.str;
+              description = "My personal domain.";
+            };
+          };
+
+          macs = mkOption {
+            default = { };
+            type = types.attrsOf types.str;
+            description = "Known MAC addresses for external devices.";
+          };
+        };
+      };
+    };
+
+    _globalsDefs = mkOption {
+      type = types.unspecified;
+      default = options.globals.definitions;
+      readOnly = true;
+      internal = true;
+    };
+  };
+}
+
    +
    +
    +
    -
    3.3.1.6. Setup home-manager base
    +
    3.3.1.7. Setup home-manager base

    We enable the use of home-manager as a NixoS module. A nice trick here is the extraSpecialArgs = inputs line, which enables the use of seflf in most parts of the configuration. This is useful to refer to the root of the flake (which is otherwise quite hard while maintaining flake purity). @@ -7096,7 +7347,7 @@ We enable the use of home-manager as a NixoS module. A nice trick h

    -
    3.3.1.7. Setup home-manager specialArgs
    +
    3.3.1.8. Setup home-manager specialArgs

    This sets up the nix-secrets extraSpeciaArgs. This should not be present on the chaostheatre configuration, which is why I split this section into its own file, which makes removal easier when setting that system up. @@ -7117,7 +7368,7 @@ This sets up the nix-secrets extraSpeciaArgs. This should not be pr

    -
    3.3.1.8. Setup login keymap
    +
    3.3.1.9. Setup login keymap

    Next, we setup the keymap in case we are not in a graphical session. At this point, I always resort to us/altgr-intl, as it is comfortable to use and I do not write too much German anyways. @@ -7141,7 +7392,7 @@ Next, we setup the keymap in case we are not in a graphical session. At this poi

    -
    3.3.1.9. User setup, Make users non-mutable
    +
    3.3.1.10. User setup, Make users non-mutable

    This ensures that all user-configuration happens here in the config file. @@ -7180,7 +7431,7 @@ in

    -
    3.3.1.10. Environment setup
    +
    3.3.1.11. Environment setup

    Next, we will setup some environment variables that need to be set on the system-side. We apply some compatibility options for chromium apps on wayland, enable the wordlist and make metadata reading possible for my file explorer (nautilus). @@ -7211,7 +7462,7 @@ Next, we will setup some environment variables that need to be set on the system

    -
    3.3.1.11. Security
    +
    3.3.1.12. Security

    Needed for control over system-wide privileges etc. Also I make sure that the root user has access to SSH_AUTH_SOCK (without this, root will not be able to read my nix-secrets repository). @@ -7245,7 +7496,7 @@ Needed for control over system-wide privileges etc. Also I make sure that the ro

    -
    3.3.1.12. Reduce systemd timeouts
    +
    3.3.1.13. Reduce systemd timeouts

    There is a persistent bug over Linux kernels that makes the user wait 1m30s on system shutdown due to the reason a stop job is running for session 1 of user .... I do not want to wait that long and am confident no important data is lost by doing this. @@ -7268,7 +7519,7 @@ There is a persistent bug over Linux kernels that makes the user wait 1m30s on s

    -
    3.3.1.13. Hardware settings
    +
    3.3.1.14. Hardware settings

    Enable OpenGL, Sound, Bluetooth and various drivers. @@ -7328,7 +7579,7 @@ Enable OpenGL, Sound, Bluetooth and various drivers.

    -
    3.3.1.14. Pulseaudio
    +
    3.3.1.15. Pulseaudio

    This is only used on systems not running Pipewire. @@ -7352,7 +7603,7 @@ This is only used on systems not running Pipewire.

    -
    3.3.1.15. Pipewire
    +
    3.3.1.16. Pipewire

    Pipewire handles communication on Wayland. This enables several sound tools as well as screen sharing in combinaton with xdg-desktop-portal-wlr. @@ -7384,7 +7635,7 @@ Pipewire handles communication on Wayland. This enables several sound tools as w

    -
    3.3.1.16. Common network settings
    +
    3.3.1.17. Common network settings

    Here I only enable networkmanager and a few default networks. The rest of the network config is done separately in System specific configuration. @@ -7647,7 +7898,7 @@ Here I only enable networkmanager and a few default networks. The r

    -
    3.3.1.17. Time, locale settings
    +
    3.3.1.18. Time, locale settings

    Setup timezone and locale. I want to use the US layout, but have the rest adapted to my country and timezone. Also, there is an issue with running Windows/Linux dualboot on the same machine where the hardware clock desyncs between the two OS'es. We fix that bug here as well. @@ -7684,7 +7935,7 @@ Setup timezone and locale. I want to use the US layout, but have the rest adapte

    -
    3.3.1.18. Meta options
    +
    3.3.1.19. Meta options
    { lib, ... }:
@@ -7708,7 +7959,7 @@ Setup timezone and locale. I want to use the US layout, but have the rest adapte
    -
    3.3.1.19. Topology
    +
    3.3.1.20. Topology
    { self, lib, config, ... }:
@@ -7730,7 +7981,7 @@ Setup timezone and locale. I want to use the US layout, but have the rest adapte
    -
    3.3.1.20. sops
    +
    3.3.1.21. sops

    I use sops-nix to handle secrets that I want to have available on my machines at all times. Procedure to add a new machine: @@ -7803,7 +8054,7 @@ in

    -
    3.3.1.21. PII management
    +
    3.3.1.22. PII management
    # largely based on https://github.com/oddlama/nix-config/blob/main/modules/secrets.nix
@@ -7885,7 +8136,7 @@ in
    -
    3.3.1.22. Theme (stylix)
    +
    3.3.1.23. Theme (stylix)

    By default, stylix wants to style GRUB as well. However, I think that looks horrible. @@ -7915,7 +8166,7 @@ By default, stylix wants to style

    -
    3.3.1.23. Programs (including zsh setup)
    +
    3.3.1.24. Programs (including zsh setup)

    Some programs profit from being installed through dedicated NixOS settings on system-level; these go here. Notably the zsh setup goes here and cannot be deleted under any circumstances. @@ -7937,7 +8188,7 @@ Some programs profit from being installed through dedicated NixOS settings on sy

    -
    3.3.1.23.1. zsh
    +
    3.3.1.24.1. zsh

    Here I disable global completion to prevent redundant compinit calls and cache invalidation that slow down shell startup (enabled on the home-manager side). @@ -7962,7 +8213,7 @@ Here I disable global completion to prevent redundant compinit calls and cache i

    -
    3.3.1.23.2. syncthing
    +
    3.3.1.24.2. syncthing
    { lib, config, pkgs, ... }:
@@ -8031,14 +8282,14 @@ in
    -
    3.3.1.24. Services
    +
    3.3.1.25. Services

    Setting up some hardware services as well as keyboard related settings. Here we make sure that we can use the CAPS key as a ESC/CTRL double key, which is a lifesaver.

    -
    3.3.1.24.1. blueman
    +
    3.3.1.25.1. blueman

    Enables the blueman service including the nice system tray icon. @@ -8058,7 +8309,7 @@ Enables the blueman service including the nice system tray icon.

    -
    3.3.1.24.2. Network devices
    +
    3.3.1.25.2. Network devices

    In this section we enable compatibility with several network devices I have at home, mainly printers and scanners. @@ -8109,7 +8360,7 @@ Avahi is the service used for the network discovery.

    -
    3.3.1.24.3. enable GVfs
    +
    3.3.1.25.3. enable GVfs

    This is being set to allow myself to use all functions of nautilus in NixOS @@ -8128,7 +8379,7 @@ This is being set to allow myself to use all functions of nautilus in NixOS

    -
    3.3.1.24.4. interception-tools: Make CAPS work as ESC/CTRL
    +
    3.3.1.25.4. interception-tools: Make CAPS work as ESC/CTRL

    This is a super-convenient package that lets my remap my CAPS key to ESC if pressed shortly, and CTRL if being held. @@ -8172,7 +8423,7 @@ This is a super-convenient package that lets my remap my CAPS key t

    -
    3.3.1.24.5. power-profiles-daemon
    +
    3.3.1.25.5. power-profiles-daemon

    This enables power profile management. The available modes are: @@ -8201,7 +8452,7 @@ Most of the time I am using power-saver, however, it is good to be

    -
    3.3.1.24.6. SwayOSD
    +
    3.3.1.25.6. SwayOSD
    { lib, pkgs, config, ... }:
@@ -8232,11 +8483,11 @@ Most of the time I am using power-saver, however, it is good to be
    -
    3.3.1.25. Hardware compatibility settings (Yubikey, Ledger, Keyboards) - udev rules
    +
    3.3.1.26. Hardware compatibility settings (Yubikey, Ledger, Keyboards) - udev rules
    -
    3.3.1.25.1. Yubikey
    +
    3.3.1.26.1. Yubikey

    This takes care of the main Yubikey related configuration on the NixOS side - note that the starting of the gpg-agent is done in the sway settings, to also perform this step of the setup for non NixOS-machines at the same time. @@ -8276,7 +8527,7 @@ Also, since I use a GPG key in sops, it seems that scdaemon creates an instance

    -
    3.3.1.25.2. Ledger
    +
    3.3.1.26.2. Ledger

    This performs the necessary configuration to support this hardware. @@ -8300,7 +8551,7 @@ This performs the necessary configuration to support this hardware.

    -
    3.3.1.25.3. Keyboards
    +
    3.3.1.26.3. Keyboards

    This loads some udev rules that I need for my split keyboards. @@ -8324,7 +8575,7 @@ This loads some udev rules that I need for my split keyboards.

    -
    3.3.1.26. System Login
    +
    3.3.1.27. System Login

    This section houses the greetd related settings. I do not really want to use a display manager, but it is useful to have setup in some ways - in my case for starting sway on system startup. Notably the default user login setting that is commented out here goes into the system specific settings, make sure to update it there @@ -8359,7 +8610,7 @@ This section houses the greetd related settings. I do not really want to use a d

    -
    3.3.1.27. nix-ld
    +
    3.3.1.28. nix-ld

    This provides libraries for binaries that are not patched for use on NixOS. This really makes the biggest gripe with NixOS go away, that being having to run a binary that is only found in a single spot. It is most of the times possible to patch such a file, but this makes such a situation take much less time to resolve. @@ -8492,7 +8743,7 @@ When a program does not work, start with nix-ldd <program>. T

    -
    3.3.1.28. Impermanence
    +
    3.3.1.29. Impermanence

    This is where the impermanence magic happens. When this is enabled, the root directory is rolled back to a blanket state on each reboot. @@ -8599,7 +8850,7 @@ in

    -
    3.3.1.29. Summary of nixos-rebuild diff
    +
    3.3.1.30. Summary of nixos-rebuild diff

    This snipped is added to the activation script that is run after every rebuild and shows what packages have been added and removed. This is actually not the optimal place to add that snipped, but the correct spot is in some perl file that I have not had the leisure to take a look at yet. @@ -8624,7 +8875,7 @@ This snipped is added to the activation script that is run after every rebuild a

    -
    3.3.1.30. gnome-keyring
    +
    3.3.1.31. gnome-keyring

    Used for storing sessions in e.g. Nextcloud. Using this on a system level keeps the login information when logging out of the session as well. @@ -8647,7 +8898,7 @@ Used for storing sessions in e.g. Nextcloud. Using this on a system level keeps

    -
    3.3.1.31. Sway
    +
    3.3.1.32. Sway

    This is used to better integrate Sway into the system on NixOS hosts. On the home-manager side, the package attribute will be null for such an host, using the systems derivation instead. @@ -8683,7 +8934,7 @@ This is used to better integrate Sway into the system on NixOS hosts. On the hom

    -
    3.3.1.32. xdg-portal
    +
    3.3.1.33. xdg-portal

    This allows me to use screen sharing on Wayland. The implementation is a bit crude and only the whole screen can be shared. However, most of the time that is all I need to do anyways. @@ -8715,7 +8966,7 @@ This allows me to use screen sharing on Wayland. The implementation is a bit cru

    -
    3.3.1.33. Podmam (distrobox)
    +
    3.3.1.34. Podmam (distrobox)

    I am using distrobox to quickly circumvent isses that I cannot immediately solve on NixOS. It is always the goal to quickly get things working on NixOS, but this prevents me from getting completely stuck. @@ -8743,7 +8994,7 @@ I am using distrobox to quickly circumvent isses that I cannot immediately solve

    -
    3.3.1.34. Appimage
    +
    3.3.1.35. Appimage

    Adds the necessary tools to allow .appimage programs easily. @@ -8766,7 +9017,7 @@ Adds the necessary tools to allow .appimage programs easily.

    -
    3.3.1.35. Handle lid switch correctly
    +
    3.3.1.36. Handle lid switch correctly

    This turns off the display when the lid is closed. @@ -8815,7 +9066,7 @@ This turns off the display when the lid is closed.

    -
    3.3.1.36. Low battery notification
    +
    3.3.1.37. Low battery notification

    Since I hide the waybar completely during normal operation, I run the risk of not noticing when my battery is about to run out. This module sends a notification when the battery level falls below 10%. Written by cafkafk. @@ -8856,7 +9107,7 @@ Since I hide the waybar completely during normal operation, I run the risk of no

    -
    3.3.1.37. Lanzaboote
    +
    3.3.1.38. Lanzaboote

    This dynamically uses systemd boot or Lanzaboote depending on `config.swarselsystems.initialSetup` and `config.swarselsystems.isSecureBoot`. @@ -9201,6 +9452,7 @@ in info = "https://${serviceDomain}"; icon = "${self}/topology/images/kavita.png"; }; + globals.services.${serviceName}.domain = serviceDomain; services.kavita = { enable = true; @@ -9270,7 +9522,8 @@ in ]; }; - topology.self.services.jellyfin.info = "https://${serviceDomain}"; + topology.self.services.${serviceName}.info = "https://${serviceDomain}"; + globals.services.${serviceName}.domain = serviceDomain; services.jellyfin = { enable = true; @@ -9353,6 +9606,8 @@ in networking.firewall.allowedTCPPorts = [ 4040 ]; + globals.services.${serviceName}.domain = serviceDomain; + services.navidrome = { enable = true; openFirewall = true; @@ -9712,6 +9967,8 @@ in }; }; + globals.services.${serviceName}.domain = matrixDomain; + services = { postgresql = { enable = true; @@ -9996,6 +10253,9 @@ in }; }; + + globals.services.${serviceName}.domain = serviceDomain; + services = { nextcloud = { enable = true; @@ -10053,7 +10313,7 @@ in

    3.3.2.17. immich
    -
    { lib, config, ... }:
+
    { lib, config, globals, ... }:
 let
   serviceDomain = "shots.swarsel.win";
   servicePort = 3001;
@@ -10068,7 +10328,8 @@ in
       extraGroups = [ "video" "render" "users" ];
     };
 
-    topology.self.services.immich.info = "https://${serviceDomain}";
+    topology.self.services.${serviceName}.info = "https://${serviceDomain}";
+    globals.services.${serviceName}.domain = serviceDomain;
 
     services.immich = {
       enable = true;
@@ -10163,6 +10424,8 @@ in
 
     networking.firewall.allowedTCPPorts = [ servicePort ];
 
+    globals.services.${serviceName}.domain = serviceDomain;
+
     services = {
       paperless = {
         enable = true;
@@ -10357,6 +10620,8 @@ in
       prowlarr.info = "https://${serviceDomain}/prowlarr";
     };
 
+    globals.services.transmission.domain = serviceDomain;
+
     services = {
       radarr = {
         enable = true;
@@ -10478,6 +10743,8 @@ in
 
     networking.firewall.allowedTCPPorts = [ servicePort ];
 
+    globals.services.${serviceName}.domain = serviceDomain;
+
     services.syncthing = {
       enable = true;
       user = serviceUser;
@@ -10696,6 +10963,7 @@ in
     networking.firewall.allowedTCPPorts = [ servicePort prometheusPort ];
 
     topology.self.services.prometheus.info = "https://${serviceDomain}/${prometheusWebRoot}";
+    globals.services.${moduleName}.domain = serviceDomain;
 
     services = {
       grafana = {
@@ -11034,12 +11302,14 @@ in
       #   };
     };
 
-    topology.self.services.freshrss = {
+    topology.self.services.${serviceName} = {
       name = "FreshRSS";
       info = "https://${serviceDomain}";
       icon = "${self}/topology/images/freshrss.png";
     };
 
+    globals.services.${serviceName}.domain = serviceDomain;
+
     services.freshrss = {
       enable = true;
       virtualHost = serviceDomain;
@@ -11117,6 +11387,8 @@ in
       kanidm-forgejo-client = { owner = serviceUser; group = serviceGroup; mode = "0440"; };
     };
 
+    globals.services.${serviceName}.domain = serviceDomain;
+
     services.forgejo = {
       enable = true;
       user = serviceUser;
@@ -11264,11 +11536,13 @@ in
 
     sops.secrets.swarsel = { owner = "root"; };
 
-    topology.self.services.anki = {
+    topology.self.services.${serviceName} = {
       name = lib.mkForce "Anki Sync Server";
       info = "https://${serviceDomain}";
     };
 
+    globals.services.${serviceName}.domain = serviceDomain;
+
     services.anki-sync-server = {
       enable = true;
       port = servicePort;
@@ -11330,7 +11604,7 @@ To get other URLs (token, etc.), use 
-
    { self, lib, pkgs, config, ... }:
+
    { self, lib, pkgs, config, globals, ... }:
 let
   certsSopsFile = self + /secrets/certs/secrets.yaml;
   serviceDomain = "sso.swarsel.win";
@@ -11338,7 +11612,7 @@ let
   serviceUser = "kanidm";
   serviceGroup = serviceUser;
   serviceName = "kanidm";
-  oauth2ProxyDomain = "soauth.swarsel.win";
+  oauth2ProxyDomain = globals.services.oauth2Proxy.domain;
 in
 {
   options.swarselsystems.modules.server."${serviceName}" = lib.mkEnableOption "enable ${serviceName} on server";
@@ -11369,6 +11643,8 @@ in
 
     networking.firewall.allowedTCPPorts = [ servicePort ];
 
+    globals.services.${serviceName}.domain = serviceDomain;
+
     services = {
       kanidm = {
         package = pkgs.kanidmWithSecretProvisioning;
@@ -11582,9 +11858,9 @@ in
 
    3.3.2.29. oauth2-proxy
    
 
    
 
    
-
    { lib, config, ... }:
+
    { lib, config, globals, ... }:
 let
-  kanidmDomain = "sso.swarsel.win";
+  kanidmDomain = globals.services.kanidm.domain;
   oauth2ProxyDomain = "soauth.swarsel.win";
   oauth2ProxyPort = 3004;
 in
@@ -11721,6 +11997,8 @@ in
 
     networking.firewall.allowedTCPPorts = [ oauth2ProxyPort ];
 
+    globals.services.oauth2Proxy.domain = oauth2ProxyDomain;
+
     services = {
       oauth2-proxy = {
         enable = true;
@@ -11808,7 +12086,7 @@ in
 
    { self, lib, config, ... }:
 let
   cfg = config.services.firefly-iii;
-  fireflyDomain = "stonks.swarsel.win";
+  serviceDomain = "stonks.swarsel.win";
   fireflyUser = "firefly-iii";
   serviceName = "firefly";
 in
@@ -11829,9 +12107,10 @@ in
 
     topology.self.services.firefly-iii = {
       name = "Firefly-III";
-      info = "https://${fireflyDomain}";
+      info = "https://${serviceDomain}";
       icon = "${self}/topology/images/firefly-iii.png";
     };
+    globals.services.${serviceName}.domain = serviceDomain;
 
     services = {
       firefly-iii = {
@@ -11841,7 +12120,7 @@ in
         dataDir = "/Vault/data/firefly-iii";
         settings = {
           TZ = config.repo.secrets.common.location.timezone;
-          APP_URL = "https://${fireflyDomain}";
+          APP_URL = "https://${serviceDomain}";
           APP_KEY_FILE = config.sops.secrets.firefly-iii-app-key.path;
           APP_ENV = "local";
           DB_CONNECTION = "sqlite";
@@ -11852,12 +12131,12 @@ in
           # AUTHENTICATION_GUARD_EMAIL = "X-Email";
         };
         enableNginx = true;
-        virtualHost = fireflyDomain;
+        virtualHost = serviceDomain;
       };
 
       nginx = {
         virtualHosts = {
-          "${fireflyDomain}" = {
+          "${serviceDomain}" = {
             locations = {
               "/api" = {
                 setOauth2Headers = false;
@@ -11882,7 +12161,7 @@ in
         };
       };
       virtualHosts = {
-        "${fireflyDomain}" = {
+        "${serviceDomain}" = {
           enableACME = true;
           forceSSL = true;
           acmeRoot = null;
@@ -11938,6 +12217,7 @@ in
       info = "https://${serviceDomain}";
       icon = "${self}/topology/images/koillection.png";
     };
+    globals.services.${serviceName}.domain = serviceDomain;
 
     virtualisation.oci-containers.containers = {
       koillection = {
@@ -12050,7 +12330,8 @@ in
   options.swarselsystems.modules.server."${serviceName}" = lib.mkEnableOption "enable ${serviceName} on server";
   config = lib.mkIf config.swarselsystems.modules.server."${serviceName}" {
 
-    topology.self.services.atuin.info = "https://${serviceDomain}";
+    topology.self.services.${serviceName}.info = "https://${serviceDomain}";
+    globals.services.${serviceName}.domain = serviceDomain;
 
     services.atuin = {
       enable = true;
@@ -12127,7 +12408,8 @@ in
       };
     };
 
-    topology.self.services.radicale.info = "https://${serviceDomain}";
+    topology.self.services.${serviceName}.info = "https://${serviceDomain}";
+    globals.services.${serviceName}.domain = serviceDomain;
 
     services.radicale = {
       enable = true;
@@ -12243,7 +12525,8 @@ in
       };
     };
 
-    topology.self.services.croc.info = "https://${serviceDomain}";
+    topology.self.services.${serviceName}.info = "https://${serviceDomain}";
+    globals.services.${serviceName}.domain = serviceDomain;
 
     services.croc = {
       enable = true;
@@ -12322,7 +12605,8 @@ in
       };
     };
 
-    topology.self.services."${serviceName}".info = "https://${serviceDomain}";
+    topology.self.services.${serviceName}.info = "https://${serviceDomain}";
+    globals.services.${serviceName}.domain = serviceDomain;
 
     services."${serviceName}" = {
       enable = true;
@@ -12460,6 +12744,9 @@ in
       { directory = "/var/lib/containers"; }
     ];
 
+    topology.self.services.${serviceName}.info = "https://${serviceDomain}";
+    globals.services.${serviceName}.domain = serviceDomain;
+
     services.nginx = {
       upstreams = {
         "${serviceName}" = {
@@ -13167,7 +13454,7 @@ in
 
    
 
    
 
    
-
    3.4.1.2. Shared Configuration Options (hold firefox config parts)
    
+
    3.4.1.2. Shared Configuration Options (holds firefox & stylix config parts)
    
 
    
 
    
 Provides settings related to nix-darwin systems. At the moment, I am only making use of a isDarwin flag.
@@ -13178,6 +13465,18 @@ At work I am using several services that are using SSO login - however, as I am
 Set in firefox about:config > toolkit.legacyUserProfileCustomizations.stylesheets to true. This should in principle be set automatically using the below config, but it seems not to be working reliably
 
    
 
+
    
+For styling, I am using the stylix NixOS module, loaded by flake. This package is really great, as it adds nix expressions for basically everything. Ever since switching to this, I did not have to play around with theming anywhere else.
+
    
+
+
    
+The full list of nerd-fonts can be found here: https://github.com/NixOS/nixpkgs/blob/nixos-unstable/pkgs/data/fonts/nerd-fonts/manifests/fonts.json
+
    
+
+
    
+This is where the theme for the whole OS is defined. Originally, this noweb-ref section could not be copied to the general NixOS config since they are on different folder structure levels in the config, which would have made the flake impure. By now, I have found out that using the ${self} method for referencing the flake root, I could circumvent this problem. Also, the noweb-ref block could in general be replaced by a custom attribute set (see for example [BROKEN LINK: h:e7f98ad8-74a6-4860-a368-cce154285ff0]). The difference here was, for a long time, that this block is used in a NixOS and a home-manager-only configuration, verbatim. If I were to use an attribute set, I would have to duplicate this block once each for NixOS and home-manager. Alas, this block stays (for now). However, I learned how to use an attribute set in a custom home-manager module and pass it to both NixOS and home-manager configurations, which also removed the need for that use of it.
+
    
+
 
    
 
    { self, lib, pkgs, ... }:
 {
@@ -20557,89 +20856,15 @@ This sets up the dashboard, which is really quite useless. But, it
 
    
 
    
 
    
-
    
-
    5. Appendix A: Noweb-Ref blocks
    
-
    
-
    
-These blocks are used in several places throughout the configurations, but not on all machines necessarily. For example, the theming section needs to be in a NixOS block on NixOS machines but in a home-manager block on non-NixOS.
-
    
-
-
    
-Originally, I used this method a lot throughout my configuration. However, as my knowledge of NixOS grew, I have been weeding these snippets out more and more as I find more efficient native solutions. Now, only the theming block remains.
-
    
-
-
    
-This serves only to reduce code duplication in this file. The tangled files experience no size reduction, since noweb-ref only substitutes these blocks in.
-
    
-
-
    
-For styling, I am using the stylix NixOS module, loaded by flake. This package is really great, as it adds nix expressions for basically everything. Ever since switching to this, I did not have to play around with theming anywhere else.
-
    
-
-
    
-The full list of nerd-fonts can be found here: https://github.com/NixOS/nixpkgs/blob/nixos-unstable/pkgs/data/fonts/nerd-fonts/manifests/fonts.json
-
    
-
-
    
-This is where the theme for the whole OS is defined. Originally, this noweb-ref section could not be copied to the general NixOS config since they are on different folder structure levels in the config, which would have made the flake impure. By now, I have found out that using the ${self} method for referencing the flake root, I could circumvent this problem. Also, the noweb-ref block could in general be replaced by a custom attribute set (see for example [BROKEN LINK: h:e7f98ad8-74a6-4860-a368-cce154285ff0]). The difference here was, for a long time, that this block is used in a NixOS and a home-manager-only configuration, verbatim. If I were to use an attribute set, I would have to duplicate this block once each for NixOS and home-manager. Alas, this block stays (for now). However, I learned how to use an attribute set in a custom home-manager module and pass it to both NixOS and home-manager configurations, which also removed the need for that use of it.
-
    
-
-
-
    
-
    enable = true;
-base16Scheme = "${self}/programs/stylix/swarsel.yaml";
-polarity = "dark";
-opacity.popups = 0.5;
-cursor = {
-  package = pkgs.banana-cursor;
-  # package = pkgs.capitaine-cursors;
-  name = "Banana";
-  # name = "capitaine-cursors";
-  size = 16;
-};
-fonts = {
-  sizes = {
-    terminal = 10;
-    applications = 11;
-  };
-  serif = {
-    # package = (pkgs.nerdfonts.override { fonts = [ "FiraMono" "FiraCode"]; });
-    package = pkgs.cantarell-fonts;
-    # package = pkgs.montserrat;
-    name = "Cantarell";
-    # name = "FiraCode Nerd Font Propo";
-    # name = "Montserrat";
-  };
-  sansSerif = {
-    # package = (pkgs.nerdfonts.override { fonts = [ "FiraMono" "FiraCode"]; });
-    package = pkgs.cantarell-fonts;
-    # package = pkgs.montserrat;
-    name = "Cantarell";
-    # name = "FiraCode Nerd Font Propo";
-    # name = "Montserrat";
-  };
-  monospace = {
-    package = pkgs.nerd-fonts.fira-mono; # has overrides
-    name = "FiraCode Nerd Font Mono";
-  };
-  emoji = {
-    package = pkgs.noto-fonts-emoji;
-    name = "Noto Color Emoji";
-  };
-};
-
    
-
    
-
    
-
    
 
    
-
    6. Appendix B: Supplementary Files
    
+
    5. Appendix B: Supplementary Files
    
 
    
 
    
 This section now holds some of the configuration files that cannot be defined directly within NixOS configuration. These files are usually symlinked using home.file.
 
    
 
    
 
    
-
    6.1. Server Emacs config
    
+
    5.1. Server Emacs config
    
 
    
 
    
 On my server, I use a reduced, self-contained emacs configuration that only serves as an elfeed sync server. This is currently unused, however, I am keeping this in here for now as a reference. The big problem here was the bidirectional syncing using bjm/elfeed-updater. As I am using this both on a laptop client (using elfeed) as well as on a mobile phone (using elfeed-cljsrn over elfeed-web), I set up a Syncthing service to take care of the feeds as well as the db state. However, I could only either achieve changes propagating properly from the laptop to the server or from the phone to the server. Both would not work. This current state represents the state where from-laptop changes would propagate. To allow from-phone changes, change (elfeed-db-load) in bjm/elfeed-updater to (elfeed-db-save).
@@ -20733,7 +20958,7 @@ On my server, I use a reduced, self-contained emacs configuration that only serv
 
    
 
    
 
    
-
    6.2. tridactylrc
    
+
    5.2. tridactylrc
    
 
    
 
    
 This is the configuration file for tridactyl, which provides keyboard-driven navigation in firefox. Pay attention to the warnings in this file; depending on your browsing behaviour, you might expose yourself to some vulnerabilities by copying this configuration.
@@ -20878,7 +21103,7 @@ autocmd DocStart vc-impimba-1.m.imp.ac.at/ui/webconsole mode ignore
 
    
 
    
 
    
-
    6.3. tridactyl theme
    
+
    5.3. tridactyl theme
    
 
    
 
    
 
    @@ -21049,7 +21274,7 @@ autocmd DocStart vc-impimba-1.m.imp.ac.at/ui/webconsole mode ignore
 
    
 
    
 
    
-
    6.4. Waybar style.css
    
+
    5.4. Waybar style.css
    
 
    
 
    
 This is the stylesheet used by waybar.
@@ -21327,7 +21552,7 @@ window#waybar.hidden {
 
    
 
    
 
    
-
    6.5. justfile
    
+
    5.5. justfile
    
 
    
 
    
 This file defines a few workflows that I often need to run when working on my configuration. This works similar to make, but is geared towards general tasks and as such requires no extra handling (as long as there are no dependencies involved) or .PHONY recipes.
@@ -21375,7 +21600,7 @@ sync USER HOST:
 
    
 
    
 
    Author: Leon Schwarzäugl
    
-
    Created: 2025-06-29 So 15:39
    
+
    Created: 2025-06-30 Mo 23:10
    
 
    Validate