swarsel/.dotfiles
1
0
Fork 0
mirror of https://github.com/Swarsel/.dotfiles.git synced 2025-12-06 09:07:21 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

chore: remove more unneeded info

Browse source
This commit is contained in:
Leon Schwarzäugl 2025-03-21 20:36:02 +01:00
parent c997e9174e
commit 1f47b46916
Signed by: swarsel
GPG key ID: 26A54C31F2A4FD84
18 changed files with 223 additions and 116 deletions
Download patch file Download diff file Expand all files Collapse all files

171
SwarselSystems.org
View file

@ -886,8 +886,8 @@ My work machine. Built for more security, this is the gold standard of my config
}; };
networking = { networking = {
hostName = lib.strings.trim (builtins.readFile "${secretsDirectory}/work/worklaptop-hostname"); hostName = lib.swarselsystems.getSecret "${secretsDirectory}/work/worklaptop-hostname";
fqdn = lib.strings.trim (builtins.readFile "${secretsDirectory}/work/worklaptop-fqdn"); fqdn = lib.swarselsystems.getSecret "${secretsDirectory}/work/worklaptop-fqdn";
firewall.enable = true; firewall.enable = true;
}; };
@ -1341,15 +1341,19 @@ This is my main server that I run at home. It handles most tasks that require bi
A Mac notebook that I have received from work. I use this machine for getting accustomed to the Apple ecosystem as well as as a sandbox for nix-darwin configurations. A Mac notebook that I have received from work. I use this machine for getting accustomed to the Apple ecosystem as well as as a sandbox for nix-darwin configurations.
#+begin_src nix :tangle hosts/darwin/nbm-imba-166/default.nix #+begin_src nix :tangle hosts/darwin/nbm-imba-166/default.nix
{ lib, ... }: { lib, inputs, ... }:
let
secretsDirectory = builtins.toString inputs.nix-secrets;
workUser = lib.swarselsystems.getSecret "${secretsDirectory}/work/work-user";
in
{ {
# Auto upgrade nix package and the daemon service. # Auto upgrade nix package and the daemon service.
services.nix-daemon.enable = true; services.nix-daemon.enable = true;
services.karabiner-elements.enable = true; services.karabiner-elements.enable = true;
home-manager.users."leon.schwarzaeugl".home = { home-manager.users.workUser.home = {
username = lib.mkForce "leon.schwarzaeugl"; username = lib.mkForce workUser;
swarselsystems = { swarselsystems = {
isDarwin = true; isDarwin = true;
isLaptop = true; isLaptop = true;
@ -1570,6 +1574,7 @@ This is a slim setup for developing base configuration. I do not track the hardw
"${profilesPath}/nixos/optional/autologin.nix" "${profilesPath}/nixos/optional/autologin.nix"
"${profilesPath}/nixos/common/settings.nix" "${profilesPath}/nixos/common/settings.nix"
"${profilesPath}/nixos/common/home-manager.nix" "${profilesPath}/nixos/common/home-manager.nix"
"${profilesPath}/nixos/common/home-manager-extra.nix"
"${profilesPath}/nixos/common/xserver.nix" "${profilesPath}/nixos/common/xserver.nix"
"${profilesPath}/nixos/common/users.nix" "${profilesPath}/nixos/common/users.nix"
"${profilesPath}/nixos/common/impermanence.nix" "${profilesPath}/nixos/common/impermanence.nix"
@ -3260,7 +3265,12 @@ This program sets up a new NixOS host locally.
yellow "The ssh key for this configuration is not available." yellow "The ssh key for this configuration is not available."
green "Adjusting flake.nix so that the configuration is buildable" green "Adjusting flake.nix so that the configuration is buildable"
sed -i '/nix-secrets = {/,/^[[:space:]]*};/d' flake.nix sed -i '/nix-secrets = {/,/^[[:space:]]*};/d' flake.nix
git add flake.nix rm profiles/home/common/env.nix
rm profiles/home/common/gammastep.nix
rm profiles/home/common/git.nix
rm profiles/home/common/mail.nix
rm profiles/nixos/common/home-manager-extra.nix
git add .
else else
green "Valid SSH key found! Continuing with installation" green "Valid SSH key found! Continuing with installation"
fi fi
@ -4487,6 +4497,8 @@ TODO
} }
); );
getSecret = filename: lib.strings.trim (builtins.readFile "${filename}");
forEachSystem = f: lib.genAttrs (import systems) (system: f lib.swarselsystems.pkgsFor.${system}); forEachSystem = f: lib.genAttrs (import systems) (system: f lib.swarselsystems.pkgsFor.${system});
mkFullHost = host: type: { mkFullHost = host: type: {
@ -4856,7 +4868,7 @@ Mostly used to install some compilers and lsp's that I want to have available wh
} }
#+end_src #+end_src
**** Setup home-manager **** Setup home-manager base
:PROPERTIES: :PROPERTIES:
:CUSTOM_ID: h:7f6d6908-4d02-4907-9c70-f802f4358520 :CUSTOM_ID: h:7f6d6908-4d02-4907-9c70-f802f4358520
:END: :END:
@ -4869,7 +4881,20 @@ We enable the use of =home-manager= as a NixoS module. A nice trick here is the
home-manager = lib.mkIf config.swarselsystems.withHomeManager { home-manager = lib.mkIf config.swarselsystems.withHomeManager {
useGlobalPkgs = true; useGlobalPkgs = true;
useUserPackages = true; useUserPackages = true;
extraSpecialArgs = { inherit (inputs) self nix-secrets; }; extraSpecialArgs = { inherit (inputs) self; };
};
}
#+end_src
**** Setup home-manager specialArgs
This sets up the =nix-secrets= extraSpeciaArgs. This should not be present on the =chaostheatre= configuration, which is why I split this section into its own file, which makes removal easier when setting that system up.
#+begin_src nix :tangle profiles/nixos/common/home-manager-extra.nix
{ inputs, config, lib, ... }:
{
home-manager = lib.mkIf config.swarselsystems.withHomeManager {
extraSpecialArgs = { inherit (inputs) nix-secrets; };
}; };
} }
#+end_src #+end_src
@ -6293,6 +6318,7 @@ Also, the system state version is set here. No need to touch it.
imports = lib.swarselsystems.mkImports importNames "profiles/nixos/server" ++ [ imports = lib.swarselsystems.mkImports importNames "profiles/nixos/server" ++ [
"${profilesPath}/nixos/common/settings.nix" "${profilesPath}/nixos/common/settings.nix"
"${profilesPath}/nixos/common/home-manager.nix" "${profilesPath}/nixos/common/home-manager.nix"
"${profilesPath}/nixos/common/home-manager-extra.nix"
"${profilesPath}/nixos/common/xserver.nix" "${profilesPath}/nixos/common/xserver.nix"
"${profilesPath}/nixos/common/gc.nix" "${profilesPath}/nixos/common/gc.nix"
"${profilesPath}/nixos/common/store.nix" "${profilesPath}/nixos/common/store.nix"
@ -6671,10 +6697,10 @@ Here we just define some aliases for rebuilding the system, and we allow some in
}; };
# Switch using --impure as these credential files are not stored within the flake # Switch using --impure as these credential files are not stored within the flake
# sops-nix is not supported for these which is why we need to resort to these # sops-nix is not supported for these which is why we need to resort to these
LastFM.ApiKey = lib.strings.trim (builtins.readFile "${secretsDirectory}/navidrome/lastfm-secret"); LastFM.ApiKey = lib.swarselsystems.getSecret "${secretsDirectory}/navidrome/lastfm-secret";
LastFM.Secret = lib.strings.trim (builtins.readFile "${secretsDirectory}/navidrome/lastfm-key"); LastFM.Secret = lib.swarselsystems.getSecret "${secretsDirectory}/navidrome/lastfm-key";
Spotify.ID = lib.strings.trim (builtins.readFile "${secretsDirectory}/navidrome/spotify-id"); Spotify.ID = lib.swarselsystems.getSecret "${secretsDirectory}/navidrome/spotify-id";
Spotify.Secret = lib.strings.trim (builtins.readFile "${secretsDirectory}/navidrome/spotify-secret"); Spotify.Secret = lib.swarselsystems.getSecret "${secretsDirectory}/navidrome/spotify-secret";
UILoginBackgroundUrl = "https://i.imgur.com/OMLxi7l.png"; UILoginBackgroundUrl = "https://i.imgur.com/OMLxi7l.png";
UIWelcomeMessage = "~SwarselSound~"; UIWelcomeMessage = "~SwarselSound~";
}; };
@ -7489,7 +7515,7 @@ Here we just define some aliases for rebuilding the system, and we allow some in
{ lib, config, inputs, ... }: { lib, config, inputs, ... }:
let let
secretsDirectory = builtins.toString inputs.nix-secrets; secretsDirectory = builtins.toString inputs.nix-secrets;
workHostName = lib.strings.trim (builtins.readFile "${secretsDirectory}/work/worklaptop-hostname"); workHostName = lib.swarselsystems.getSecret "${secretsDirectory}/work/worklaptop-hostname";
in in
{ {
config = lib.mkIf config.swarselsystems.server.syncthing { config = lib.mkIf config.swarselsystems.server.syncthing {
@ -8990,13 +9016,29 @@ Also in firefox `about:config > toolkit.legacyUserProfileCustomizations.styleshe
Sets environment variables. Here I am only setting the EDITOR variable, most variables are set in the [[#h:02df9dfc-d1af-4a37-a7a0-d8da0af96a20][Sway]] section. Sets environment variables. Here I am only setting the EDITOR variable, most variables are set in the [[#h:02df9dfc-d1af-4a37-a7a0-d8da0af96a20][Sway]] section.
#+begin_src nix :tangle profiles/home/common/env.nix #+begin_src nix :tangle profiles/home/common/env.nix
{ config, ... }: { lib, config, nix-secrets, ... }:
let
secretsDirectory = builtins.toString nix-secrets;
leonMail = lib.swarselsystems.getSecret "${secretsDirectory}/mail/leon";
nautilusMail = lib.swarselsystems.getSecret "${secretsDirectory}/mail/nautilus";
mrswarselMail = lib.swarselsystems.getSecret "${secretsDirectory}/mail/mrswarsel";
swarselMail = lib.swarselsystems.getSecret "${secretsDirectory}/mail/swarsel";
fullName = lib.swarselsystems.getSecret "${secretsDirectory}/info/fullname";
allMailAddresses = lib.swarselsystems.getSecret "${secretsDirectory}/mail/list";
in
{ {
home.sessionVariables = { home.sessionVariables = {
EDITOR = "e -w"; EDITOR = "e -w";
DISPLAY = ":0"; DISPLAY = ":0";
SWARSEL_LO_RES = config.swarselsystems.lowResolution; SWARSEL_LO_RES = config.swarselsystems.lowResolution;
SWARSEL_HI_RES = config.swarselsystems.highResolution; SWARSEL_HI_RES = config.swarselsystems.highResolution;
SWARSEL_LEON_MAIL = leonMail;
SWARSEL_NAUTILUS_MAIL = nautilusMail;
SWARSEL_MRSWARSEL_MAIL = mrswarselMail;
SWARSEL_SWARSEL_MAIL = swarselMail;
SWARSEL_FULLNAME = fullName;
SWARSEL_MAIL_ALL = allMailAddresses;
}; };
} }
#+end_src #+end_src
@ -9132,7 +9174,12 @@ Eza provides me with a better =ls= command and some other useful aliases.
Here I set up my git config, automatic signing of commits, useful aliases for my ost used commands (for when I am not using [[#h:d2c7323d-f8c6-4f23-b70a-930e3e4ecce5][Magit]]) as well as a git template defined in [[#h:5ef03803-e150-41bc-b603-e80d60d96efc][Linking dotfiles]]. Here I set up my git config, automatic signing of commits, useful aliases for my ost used commands (for when I am not using [[#h:d2c7323d-f8c6-4f23-b70a-930e3e4ecce5][Magit]]) as well as a git template defined in [[#h:5ef03803-e150-41bc-b603-e80d60d96efc][Linking dotfiles]].
#+begin_src nix :tangle profiles/home/common/git.nix #+begin_src nix :tangle profiles/home/common/git.nix
{ lib, ... }: { lib, nix-secrets, ... }:
let
secretsDirectory = builtins.toString nix-secrets;
leonMail = lib.swarselsystems.getSecret "${secretsDirectory}/mail/leon";
fullName = lib.swarselsystems.getSecret "${secretsDirectory}/info/fullname";
in
{ {
programs.git = { programs.git = {
enable = true; enable = true;
@ -9153,8 +9200,8 @@ Here I set up my git config, automatic signing of commits, useful aliases for my
key = "0x76FD3810215AE097"; key = "0x76FD3810215AE097";
signByDefault = true; signByDefault = true;
}; };
userEmail = lib.mkDefault "leon.schwarzaeugl@gmail.com"; userEmail = lib.mkDefault leonMail;
userName = "Leon Schwarzäugl"; userName = fullName;
difftastic.enable = true; difftastic.enable = true;
lfs.enable = true; lfs.enable = true;
includes = [ includes = [
@ -9603,35 +9650,43 @@ Here we set some aliases (some of them should be shellApplications instead) as w
Normally I use 4 mail accounts - here I set them all up. Three of them are Google accounts (sadly), which are a chore to setup. The last is just a sender account that I setup SMTP for here. Normally I use 4 mail accounts - here I set them all up. Three of them are Google accounts (sadly), which are a chore to setup. The last is just a sender account that I setup SMTP for here.
#+begin_src nix :tangle profiles/home/common/mail.nix #+begin_src nix :tangle profiles/home/common/mail.nix
{ lib, config, ... }: { lib, config, nix-secrets, ... }:
let
secretsDirectory = builtins.toString nix-secrets;
leonMail = lib.swarselsystems.getSecret "${secretsDirectory}/mail/leon";
nautilusMail = lib.swarselsystems.getSecret "${secretsDirectory}/mail/nautilus";
mrswarselMail = lib.swarselsystems.getSecret "${secretsDirectory}/mail/mrswarsel";
swarselMail = lib.swarselsystems.getSecret "${secretsDirectory}/mail/swarsel";
fullName = lib.swarselsystems.getSecret "${secretsDirectory}/info/fullname";
in
{ {
programs = { programs = {
mbsync = lib.mkIf (!config.swarselsystems.isPublic) { mbsync = {
enable = true; enable = true;
}; };
msmtp = lib.mkIf (!config.swarselsystems.isPublic) { msmtp = {
enable = true; enable = true;
}; };
mu = lib.mkIf (!config.swarselsystems.isPublic) { mu = {
enable = true; enable = true;
}; };
}; };
services.mbsync = lib.mkIf (!config.swarselsystems.isPublic) { services.mbsync = {
enable = true; enable = true;
}; };
# this is needed so that mbsync can use the passwords from sops # this is needed so that mbsync can use the passwords from sops
systemd.user.services.mbsync.Unit.After = lib.mkIf (!config.swarselsystems.isPublic) [ "sops-nix.service" ]; systemd.user.services.mbsync.Unit.After = [ "sops-nix.service" ];
accounts = { accounts = {
email = lib.mkIf (!config.swarselsystems.isPublic) { email = {
maildirBasePath = "Mail"; maildirBasePath = "Mail";
accounts = { accounts = {
leon = { leon = {
primary = true; primary = true;
address = "leon.schwarzaeugl@gmail.com"; address = leonMail;
userName = "leon.schwarzaeugl@gmail.com"; userName = leonMail;
realName = "Leon Schwarzäugl"; realName = fullName;
passwordCommand = "cat ${config.sops.secrets.leon.path}"; passwordCommand = "cat ${config.sops.secrets.leon.path}";
gpg = { gpg = {
key = "0x76FD3810215AE097"; key = "0x76FD3810215AE097";
@ -9660,10 +9715,10 @@ Normally I use 4 mail accounts - here I set them all up. Three of them are Googl
}; };
}; };
swarsel = lib.mkIf (!config.swarselsystems.isPublic) { swarsel = {
address = "leon@swarsel.win"; address = swarselMail;
userName = "8227dc594dd515ce232eda1471cb9a19"; userName = "8227dc594dd515ce232eda1471cb9a19";
realName = "Leon Schwarzäugl"; realName = fullName;
passwordCommand = "cat ${config.sops.secrets.swarselmail.path}"; passwordCommand = "cat ${config.sops.secrets.swarselmail.path}";
smtp = { smtp = {
host = "in-v3.mailjet.com"; host = "in-v3.mailjet.com";
@ -9682,10 +9737,10 @@ Normally I use 4 mail accounts - here I set them all up. Three of them are Googl
}; };
}; };
nautilus = lib.mkIf (!config.swarselsystems.isPublic) { nautilus = {
primary = false; primary = false;
address = "nautilus.dw@gmail.com"; address = nautilusMail;
userName = "nautilus.dw@gmail.com"; userName = nautilusMail;
realName = "Nautilus"; realName = "Nautilus";
passwordCommand = "cat ${config.sops.secrets.nautilus.path}"; passwordCommand = "cat ${config.sops.secrets.nautilus.path}";
imap.host = "imap.gmail.com"; imap.host = "imap.gmail.com";
@ -9709,10 +9764,10 @@ Normally I use 4 mail accounts - here I set them all up. Three of them are Googl
}; };
}; };
mrswarsel = lib.mkIf (!config.swarselsystems.isPublic) { mrswarsel = {
primary = false; primary = false;
address = "mrswarsel@gmail.com"; address = mrswarselMail;
userName = "mrswarsel@gmail.com"; userName = mrswarselMail;
realName = "Swarsel"; realName = "Swarsel";
passwordCommand = "cat ${config.sops.secrets.mrswarsel.path}"; passwordCommand = "cat ${config.sops.secrets.mrswarsel.path}";
imap.host = "imap.gmail.com"; imap.host = "imap.gmail.com";
@ -10990,16 +11045,16 @@ Settinfs that are needed for the gpg-agent. Also we are enabling emacs support f
This service changes the screen hue at night. I am not sure if that really does something, but I like the color anyways. This service changes the screen hue at night. I am not sure if that really does something, but I like the color anyways.
#+begin_src nix :tangle profiles/home/common/gammastep.nix #+begin_src nix :tangle profiles/home/common/gammastep.nix
{ config, lib, nix-secrets, ... }: { lib, nix-secrets, ... }:
let let
secretsDirectory = builtins.toString nix-secrets; secretsDirectory = builtins.toString nix-secrets;
in in
{ {
services.gammastep = lib.mkIf (!config.swarselsystems.isPublic) { services.gammastep = {
enable = true; enable = true;
provider = "manual"; provider = "manual";
latitude = lib.strings.trim (builtins.readFile "${secretsDirectory}/home/gammastep-latitude"); latitude = lib.swarselsystems.getSecret "${secretsDirectory}/home/gammastep-latitude";
longitude = lib.strings.trim (builtins.readFile "${secretsDirectory}/home/gammastep-longitude"); longitude = lib.swarselsystems.getSecret "${secretsDirectory}/home/gammastep-longitude";
}; };
} }
#+end_src #+end_src
@ -11138,9 +11193,9 @@ The rest of the settings is at [[#h:bbf2ecb6-c8ff-4462-b5d5-d45b28604ddf][work]]
{ self, config, pkgs, lib, nix-secrets, ... }: { self, config, pkgs, lib, nix-secrets, ... }:
let let
secretsDirectory = builtins.toString nix-secrets; secretsDirectory = builtins.toString nix-secrets;
dcUser = lib.strings.trim (builtins.readFile "${secretsDirectory}/work/dc-user"); dcUser = lib.swarselsystems.getSecret "${secretsDirectory}/work/dc-user";
clUser = lib.strings.trim (builtins.readFile "${secretsDirectory}/work/cl-user"); clUser = lib.swarselsystems.getSecret "${secretsDirectory}/work/cl-user";
wsUser = lib.strings.trim (builtins.readFile "${secretsDirectory}/work/ws-user"); wsUser = lib.swarselsystems.getSecret "${secretsDirectory}/work/ws-user";
in in
{ {
home.packages = with pkgs; [ home.packages = with pkgs; [
@ -11183,7 +11238,7 @@ The rest of the settings is at [[#h:bbf2ecb6-c8ff-4462-b5d5-d45b28604ddf][work]]
]; ];
programs = { programs = {
git.userEmail = lib.strings.trim (builtins.readFile "${secretsDirectory}/work/git-email"); git.userEmail = lib.swarselsystems.getSecret "${secretsDirectory}/work/git-email";
zsh = { zsh = {
shellAliases = { shellAliases = {
@ -11206,31 +11261,31 @@ The rest of the settings is at [[#h:bbf2ecb6-c8ff-4462-b5d5-d45b28604ddf][work]]
ssh = { ssh = {
matchBlocks = { matchBlocks = {
"uc" = { "uc" = {
hostname = lib.strings.trim (builtins.readFile "${secretsDirectory}/work/uc-prod"); hostname = lib.swarselsystems.getSecret "${secretsDirectory}/work/uc-prod";
user = "stack"; user = "stack";
}; };
"uc.stg" = { "uc.stg" = {
hostname = lib.strings.trim (builtins.readFile "${secretsDirectory}/work/uc-stg"); hostname = lib.swarselsystems.getSecret "${secretsDirectory}/work/uc-stg";
user = "stack"; user = "stack";
}; };
"uc.staging" = { "uc.staging" = {
hostname = lib.strings.trim (builtins.readFile "${secretsDirectory}/work/uc-stg"); hostname = lib.swarselsystems.getSecret "${secretsDirectory}/work/uc-stg";
user = "stack"; user = "stack";
}; };
"uc.dev" = { "uc.dev" = {
hostname = lib.strings.trim (builtins.readFile "${secretsDirectory}/work/uc-dev"); hostname = lib.swarselsystems.getSecret "${secretsDirectory}/work/uc-dev";
user = "stack"; user = "stack";
}; };
"cbe" = { "cbe" = {
hostname = lib.strings.trim (builtins.readFile "${secretsDirectory}/work/cbe-prod"); hostname = lib.swarselsystems.getSecret "${secretsDirectory}/work/cbe-prod";
user = dcUser; user = dcUser;
}; };
"cbe.stg" = { "cbe.stg" = {
hostname = lib.strings.trim (builtins.readFile "${secretsDirectory}/work/cbe-stg"); hostname = lib.swarselsystems.getSecret "${secretsDirectory}/work/cbe-stg";
user = dcUser; user = dcUser;
}; };
"cbe.staging" = { "cbe.staging" = {
hostname = lib.strings.trim (builtins.readFile "${secretsDirectory}/work/cbe-stg"); hostname = lib.swarselsystems.getSecret "${secretsDirectory}/work/cbe-stg";
user = dcUser; user = dcUser;
}; };
"*.vbc.ac.at" = { "*.vbc.ac.at" = {
@ -11645,8 +11700,8 @@ Used here: [[#h:b92a18cf-eec3-4605-a8c2-37133ade3574][mu4e]]
(insert (format "%s <%s>" (or from-user user-full-name) from-addr))))))) (insert (format "%s <%s>" (or from-user user-full-name) from-addr)))))))
(defun swarsel/mu4e-restore-default () (defun swarsel/mu4e-restore-default ()
(setq user-mail-address "leon@swarsel.win" (setq user-mail-address (getenv "SWARSEL_SWARSEL_MAIL")
user-full-name "Leon Schwarzäugl")) user-full-name (getenv "SWARSEL_FULLNAME")))
#+end_src #+end_src
@ -14337,11 +14392,13 @@ The hook functions are defined here: [[#h:34506761-06b9-43b5-a818-506d9b3faf28][
(:maildir "/Drafts" :key ?d) (:maildir "/Drafts" :key ?d)
(:maildir "/All Mail" :key ?a))) (:maildir "/All Mail" :key ?a)))
(setq user-mail-address "leon@swarsel.win" (setq user-mail-address (getenv "SWARSEL_SWARSEL_MAIL")
user-full-name "Leon Schwarzäugl") user-full-name (getenv "SWARSEL_FULLNAME"))
;; this does the equivalent of (setq mu4e-user-mail-address-list '(address1@about.com address2@about.com [...])))
(setq mu4e-user-mail-address-list '(leon.schwarzaeugl@gmail.com leon@swarsel.win nautilus.dw@gmail.com mrswarsel@gmail.com))) (setq mu4e-user-mail-address-list
(mapcar #'intern (split-string (or (getenv "SWARSEL_MAIL_ALL") "") "[ ,]+" t)))
)
(add-hook 'mu4e-compose-mode-hook #'swarsel/mu4e-send-from-correct-address) (add-hook 'mu4e-compose-mode-hook #'swarsel/mu4e-send-from-correct-address)

6
flake.lock generated
View file

@ -823,10 +823,10 @@
"nix-secrets": { "nix-secrets": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1742580675, "lastModified": 1742594924,
"narHash": "sha256-f96bJitJyayT7gDDNJu6AAGYvRkFXMqAaoRdcHLHyAM=", "narHash": "sha256-3oLkbjXbOv6Xq3+LJsasyJq4jBS0VkwKsbVdTB8MGJM=",
"ref": "main", "ref": "main",
"rev": "441b5342995cabd6ef65fa4bffef973cab0ffdce", "rev": "4ecfe7a80064e0595f386a203ba179c1a3c8bca3",
"shallow": true, "shallow": true,
"type": "git", "type": "git",
"url": "ssh://git@github.com/Swarsel/nix-secrets.git" "url": "ssh://git@github.com/Swarsel/nix-secrets.git"

10
hosts/darwin/nbm-imba-166/default.nix
View file

@ -1,12 +1,16 @@
{ lib, ... }: { lib, inputs, ... }:
let
secretsDirectory = builtins.toString inputs.nix-secrets;
workUser = lib.swarselsystems.getSecret "${secretsDirectory}/work/work-user";
in
{ {
# Auto upgrade nix package and the daemon service. # Auto upgrade nix package and the daemon service.
services.nix-daemon.enable = true; services.nix-daemon.enable = true;
services.karabiner-elements.enable = true; services.karabiner-elements.enable = true;
home-manager.users."leon.schwarzaeugl".home = { home-manager.users.workUser.home = {
username = lib.mkForce "leon.schwarzaeugl"; username = lib.mkForce workUser;
swarselsystems = { swarselsystems = {
isDarwin = true; isDarwin = true;
isLaptop = true; isLaptop = true;

4
hosts/nixos/nbl-imba-2/default.nix
View file

@ -79,8 +79,8 @@ in
}; };
networking = { networking = {
hostName = lib.strings.trim (builtins.readFile "${secretsDirectory}/work/worklaptop-hostname"); hostName = lib.swarselsystems.getSecret "${secretsDirectory}/work/worklaptop-hostname";
fqdn = lib.strings.trim (builtins.readFile "${secretsDirectory}/work/worklaptop-fqdn"); fqdn = lib.swarselsystems.getSecret "${secretsDirectory}/work/worklaptop-fqdn";
firewall.enable = true; firewall.enable = true;
}; };

1
hosts/nixos/toto/default.nix
View file

@ -15,6 +15,7 @@ in
"${profilesPath}/nixos/optional/autologin.nix" "${profilesPath}/nixos/optional/autologin.nix"
"${profilesPath}/nixos/common/settings.nix" "${profilesPath}/nixos/common/settings.nix"
"${profilesPath}/nixos/common/home-manager.nix" "${profilesPath}/nixos/common/home-manager.nix"
"${profilesPath}/nixos/common/home-manager-extra.nix"
"${profilesPath}/nixos/common/xserver.nix" "${profilesPath}/nixos/common/xserver.nix"
"${profilesPath}/nixos/common/users.nix" "${profilesPath}/nixos/common/users.nix"
"${profilesPath}/nixos/common/impermanence.nix" "${profilesPath}/nixos/common/impermanence.nix"

2
lib/default.nix
View file

@ -22,6 +22,8 @@
} }
); );
getSecret = filename: lib.strings.trim (builtins.readFile "${filename}");
forEachSystem = f: lib.genAttrs (import systems) (system: f lib.swarselsystems.pkgsFor.${system}); forEachSystem = f: lib.genAttrs (import systems) (system: f lib.swarselsystems.pkgsFor.${system});
mkFullHost = host: type: { mkFullHost = host: type: {

18
profiles/home/common/env.nix
View file

@ -1,9 +1,25 @@
{ config, ... }: { lib, config, nix-secrets, ... }:
let
secretsDirectory = builtins.toString nix-secrets;
leonMail = lib.swarselsystems.getSecret "${secretsDirectory}/mail/leon";
nautilusMail = lib.swarselsystems.getSecret "${secretsDirectory}/mail/nautilus";
mrswarselMail = lib.swarselsystems.getSecret "${secretsDirectory}/mail/mrswarsel";
swarselMail = lib.swarselsystems.getSecret "${secretsDirectory}/mail/swarsel";
fullName = lib.swarselsystems.getSecret "${secretsDirectory}/info/fullname";
allMailAddresses = lib.swarselsystems.getSecret "${secretsDirectory}/mail/list";
in
{ {
home.sessionVariables = { home.sessionVariables = {
EDITOR = "e -w"; EDITOR = "e -w";
DISPLAY = ":0"; DISPLAY = ":0";
SWARSEL_LO_RES = config.swarselsystems.lowResolution; SWARSEL_LO_RES = config.swarselsystems.lowResolution;
SWARSEL_HI_RES = config.swarselsystems.highResolution; SWARSEL_HI_RES = config.swarselsystems.highResolution;
SWARSEL_LEON_MAIL = leonMail;
SWARSEL_NAUTILUS_MAIL = nautilusMail;
SWARSEL_MRSWARSEL_MAIL = mrswarselMail;
SWARSEL_SWARSEL_MAIL = swarselMail;
SWARSEL_FULLNAME = fullName;
SWARSEL_MAIL_ALL = allMailAddresses;
}; };
} }

8
profiles/home/common/gammastep.nix
View file

@ -1,12 +1,12 @@
{ config, lib, nix-secrets, ... }: { lib, nix-secrets, ... }:
let let
secretsDirectory = builtins.toString nix-secrets; secretsDirectory = builtins.toString nix-secrets;
in in
{ {
services.gammastep = lib.mkIf (!config.swarselsystems.isPublic) { services.gammastep = {
enable = true; enable = true;
provider = "manual"; provider = "manual";
latitude = lib.strings.trim (builtins.readFile "${secretsDirectory}/home/gammastep-latitude"); latitude = lib.swarselsystems.getSecret "${secretsDirectory}/home/gammastep-latitude";
longitude = lib.strings.trim (builtins.readFile "${secretsDirectory}/home/gammastep-longitude"); longitude = lib.swarselsystems.getSecret "${secretsDirectory}/home/gammastep-longitude";
}; };
} }

11
profiles/home/common/git.nix
View file

@ -1,4 +1,9 @@
{ lib, ... }: { lib, nix-secrets, ... }:
let
secretsDirectory = builtins.toString nix-secrets;
leonMail = lib.swarselsystems.getSecret "${secretsDirectory}/mail/leon";
fullName = lib.swarselsystems.getSecret "${secretsDirectory}/info/fullname";
in
{ {
programs.git = { programs.git = {
enable = true; enable = true;
@ -19,8 +24,8 @@
key = "0x76FD3810215AE097"; key = "0x76FD3810215AE097";
signByDefault = true; signByDefault = true;
}; };
userEmail = lib.mkDefault "leon.schwarzaeugl@gmail.com"; userEmail = lib.mkDefault leonMail;
userName = "Leon Schwarzäugl"; userName = fullName;
difftastic.enable = true; difftastic.enable = true;
lfs.enable = true; lfs.enable = true;
includes = [ includes = [

46
profiles/home/common/mail.nix
View file

@ -1,32 +1,40 @@
{ lib, config, ... }: { lib, config, nix-secrets, ... }:
let
secretsDirectory = builtins.toString nix-secrets;
leonMail = lib.swarselsystems.getSecret "${secretsDirectory}/mail/leon";
nautilusMail = lib.swarselsystems.getSecret "${secretsDirectory}/mail/nautilus";
mrswarselMail = lib.swarselsystems.getSecret "${secretsDirectory}/mail/mrswarsel";
swarselMail = lib.swarselsystems.getSecret "${secretsDirectory}/mail/swarsel";
fullName = lib.swarselsystems.getSecret "${secretsDirectory}/info/fullname";
in
{ {
programs = { programs = {
mbsync = lib.mkIf (!config.swarselsystems.isPublic) { mbsync = {
enable = true; enable = true;
}; };
msmtp = lib.mkIf (!config.swarselsystems.isPublic) { msmtp = {
enable = true; enable = true;
}; };
mu = lib.mkIf (!config.swarselsystems.isPublic) { mu = {
enable = true; enable = true;
}; };
}; };
services.mbsync = lib.mkIf (!config.swarselsystems.isPublic) { services.mbsync = {
enable = true; enable = true;
}; };
# this is needed so that mbsync can use the passwords from sops # this is needed so that mbsync can use the passwords from sops
systemd.user.services.mbsync.Unit.After = lib.mkIf (!config.swarselsystems.isPublic) [ "sops-nix.service" ]; systemd.user.services.mbsync.Unit.After = [ "sops-nix.service" ];
accounts = { accounts = {
email = lib.mkIf (!config.swarselsystems.isPublic) { email = {
maildirBasePath = "Mail"; maildirBasePath = "Mail";
accounts = { accounts = {
leon = { leon = {
primary = true; primary = true;
address = "leon.schwarzaeugl@gmail.com"; address = leonMail;
userName = "leon.schwarzaeugl@gmail.com"; userName = leonMail;
realName = "Leon Schwarzäugl"; realName = fullName;
passwordCommand = "cat ${config.sops.secrets.leon.path}"; passwordCommand = "cat ${config.sops.secrets.leon.path}";
gpg = { gpg = {
key = "0x76FD3810215AE097"; key = "0x76FD3810215AE097";
@ -55,10 +63,10 @@
}; };
}; };
swarsel = lib.mkIf (!config.swarselsystems.isPublic) { swarsel = {
address = "leon@swarsel.win"; address = swarselMail;
userName = "8227dc594dd515ce232eda1471cb9a19"; userName = "8227dc594dd515ce232eda1471cb9a19";
realName = "Leon Schwarzäugl"; realName = fullName;
passwordCommand = "cat ${config.sops.secrets.swarselmail.path}"; passwordCommand = "cat ${config.sops.secrets.swarselmail.path}";
smtp = { smtp = {
host = "in-v3.mailjet.com"; host = "in-v3.mailjet.com";
@ -77,10 +85,10 @@
}; };
}; };
nautilus = lib.mkIf (!config.swarselsystems.isPublic) { nautilus = {
primary = false; primary = false;
address = "nautilus.dw@gmail.com"; address = nautilusMail;
userName = "nautilus.dw@gmail.com"; userName = nautilusMail;
realName = "Nautilus"; realName = "Nautilus";
passwordCommand = "cat ${config.sops.secrets.nautilus.path}"; passwordCommand = "cat ${config.sops.secrets.nautilus.path}";
imap.host = "imap.gmail.com"; imap.host = "imap.gmail.com";
@ -104,10 +112,10 @@
}; };
}; };
mrswarsel = lib.mkIf (!config.swarselsystems.isPublic) { mrswarsel = {
primary = false; primary = false;
address = "mrswarsel@gmail.com"; address = mrswarselMail;
userName = "mrswarsel@gmail.com"; userName = mrswarselMail;
realName = "Swarsel"; realName = "Swarsel";
passwordCommand = "cat ${config.sops.secrets.mrswarsel.path}"; passwordCommand = "cat ${config.sops.secrets.mrswarsel.path}";
imap.host = "imap.gmail.com"; imap.host = "imap.gmail.com";

22
profiles/home/optional/work.nix
View file

@ -1,9 +1,9 @@
{ self, config, pkgs, lib, nix-secrets, ... }: { self, config, pkgs, lib, nix-secrets, ... }:
let let
secretsDirectory = builtins.toString nix-secrets; secretsDirectory = builtins.toString nix-secrets;
dcUser = lib.strings.trim (builtins.readFile "${secretsDirectory}/work/dc-user"); dcUser = lib.swarselsystems.getSecret "${secretsDirectory}/work/dc-user";
clUser = lib.strings.trim (builtins.readFile "${secretsDirectory}/work/cl-user"); clUser = lib.swarselsystems.getSecret "${secretsDirectory}/work/cl-user";
wsUser = lib.strings.trim (builtins.readFile "${secretsDirectory}/work/ws-user"); wsUser = lib.swarselsystems.getSecret "${secretsDirectory}/work/ws-user";
in in
{ {
home.packages = with pkgs; [ home.packages = with pkgs; [
@ -46,7 +46,7 @@ in
]; ];
programs = { programs = {
git.userEmail = lib.strings.trim (builtins.readFile "${secretsDirectory}/work/git-email"); git.userEmail = lib.swarselsystems.getSecret "${secretsDirectory}/work/git-email";
zsh = { zsh = {
shellAliases = { shellAliases = {
@ -69,31 +69,31 @@ in
ssh = { ssh = {
matchBlocks = { matchBlocks = {
"uc" = { "uc" = {
hostname = lib.strings.trim (builtins.readFile "${secretsDirectory}/work/uc-prod"); hostname = lib.swarselsystems.getSecret "${secretsDirectory}/work/uc-prod";
user = "stack"; user = "stack";
}; };
"uc.stg" = { "uc.stg" = {
hostname = lib.strings.trim (builtins.readFile "${secretsDirectory}/work/uc-stg"); hostname = lib.swarselsystems.getSecret "${secretsDirectory}/work/uc-stg";
user = "stack"; user = "stack";
}; };
"uc.staging" = { "uc.staging" = {
hostname = lib.strings.trim (builtins.readFile "${secretsDirectory}/work/uc-stg"); hostname = lib.swarselsystems.getSecret "${secretsDirectory}/work/uc-stg";
user = "stack"; user = "stack";
}; };
"uc.dev" = { "uc.dev" = {
hostname = lib.strings.trim (builtins.readFile "${secretsDirectory}/work/uc-dev"); hostname = lib.swarselsystems.getSecret "${secretsDirectory}/work/uc-dev";
user = "stack"; user = "stack";
}; };
"cbe" = { "cbe" = {
hostname = lib.strings.trim (builtins.readFile "${secretsDirectory}/work/cbe-prod"); hostname = lib.swarselsystems.getSecret "${secretsDirectory}/work/cbe-prod";
user = dcUser; user = dcUser;
}; };
"cbe.stg" = { "cbe.stg" = {
hostname = lib.strings.trim (builtins.readFile "${secretsDirectory}/work/cbe-stg"); hostname = lib.swarselsystems.getSecret "${secretsDirectory}/work/cbe-stg";
user = dcUser; user = dcUser;
}; };
"cbe.staging" = { "cbe.staging" = {
hostname = lib.strings.trim (builtins.readFile "${secretsDirectory}/work/cbe-stg"); hostname = lib.swarselsystems.getSecret "${secretsDirectory}/work/cbe-stg";
user = dcUser; user = dcUser;
}; };
"*.vbc.ac.at" = { "*.vbc.ac.at" = {

6
profiles/nixos/common/home-manager-extra.nix Normal file
View file

@ -0,0 +1,6 @@
{ inputs, config, lib, ... }:
{
home-manager = lib.mkIf config.swarselsystems.withHomeManager {
extraSpecialArgs = { inherit (inputs) nix-secrets; };
};
}

2
profiles/nixos/common/home-manager.nix
View file

@ -3,6 +3,6 @@
home-manager = lib.mkIf config.swarselsystems.withHomeManager { home-manager = lib.mkIf config.swarselsystems.withHomeManager {
useGlobalPkgs = true; useGlobalPkgs = true;
useUserPackages = true; useUserPackages = true;
extraSpecialArgs = { inherit (inputs) self nix-secrets; }; extraSpecialArgs = { inherit (inputs) self; };
}; };
} }

1
profiles/nixos/server/default.nix
View file

@ -7,6 +7,7 @@ in
imports = lib.swarselsystems.mkImports importNames "profiles/nixos/server" ++ [ imports = lib.swarselsystems.mkImports importNames "profiles/nixos/server" ++ [
"${profilesPath}/nixos/common/settings.nix" "${profilesPath}/nixos/common/settings.nix"
"${profilesPath}/nixos/common/home-manager.nix" "${profilesPath}/nixos/common/home-manager.nix"
"${profilesPath}/nixos/common/home-manager-extra.nix"
"${profilesPath}/nixos/common/xserver.nix" "${profilesPath}/nixos/common/xserver.nix"
"${profilesPath}/nixos/common/gc.nix" "${profilesPath}/nixos/common/gc.nix"
"${profilesPath}/nixos/common/store.nix" "${profilesPath}/nixos/common/store.nix"

8
profiles/nixos/server/navidrome.nix
View file

@ -59,10 +59,10 @@ in
}; };
# Switch using --impure as these credential files are not stored within the flake # Switch using --impure as these credential files are not stored within the flake
# sops-nix is not supported for these which is why we need to resort to these # sops-nix is not supported for these which is why we need to resort to these
LastFM.ApiKey = lib.strings.trim (builtins.readFile "${secretsDirectory}/navidrome/lastfm-secret"); LastFM.ApiKey = lib.swarselsystems.getSecret "${secretsDirectory}/navidrome/lastfm-secret";
LastFM.Secret = lib.strings.trim (builtins.readFile "${secretsDirectory}/navidrome/lastfm-key"); LastFM.Secret = lib.swarselsystems.getSecret "${secretsDirectory}/navidrome/lastfm-key";
Spotify.ID = lib.strings.trim (builtins.readFile "${secretsDirectory}/navidrome/spotify-id"); Spotify.ID = lib.swarselsystems.getSecret "${secretsDirectory}/navidrome/spotify-id";
Spotify.Secret = lib.strings.trim (builtins.readFile "${secretsDirectory}/navidrome/spotify-secret"); Spotify.Secret = lib.swarselsystems.getSecret "${secretsDirectory}/navidrome/spotify-secret";
UILoginBackgroundUrl = "https://i.imgur.com/OMLxi7l.png"; UILoginBackgroundUrl = "https://i.imgur.com/OMLxi7l.png";
UIWelcomeMessage = "~SwarselSound~"; UIWelcomeMessage = "~SwarselSound~";
}; };

2
profiles/nixos/server/syncthing.nix
View file

@ -1,7 +1,7 @@
{ lib, config, inputs, ... }: { lib, config, inputs, ... }:
let let
secretsDirectory = builtins.toString inputs.nix-secrets; secretsDirectory = builtins.toString inputs.nix-secrets;
workHostName = lib.strings.trim (builtins.readFile "${secretsDirectory}/work/worklaptop-hostname"); workHostName = lib.swarselsystems.getSecret "${secretsDirectory}/work/worklaptop-hostname";
in in
{ {
config = lib.mkIf config.swarselsystems.server.syncthing { config = lib.mkIf config.swarselsystems.server.syncthing {

14
programs/emacs/init.el
View file

@ -34,8 +34,8 @@
(insert (format "%s <%s>" (or from-user user-full-name) from-addr))))))) (insert (format "%s <%s>" (or from-user user-full-name) from-addr)))))))
(defun swarsel/mu4e-restore-default () (defun swarsel/mu4e-restore-default ()
(setq user-mail-address "leon@swarsel.win" (setq user-mail-address (getenv "SWARSEL_SWARSEL_MAIL")
user-full-name "Leon Schwarzäugl")) user-full-name (getenv "SWARSEL_FULLNAME")))
(defun swarsel/with-buffer-name-prompt-and-make-subdirs () (defun swarsel/with-buffer-name-prompt-and-make-subdirs ()
(let ((parent-directory (file-name-directory buffer-file-name))) (let ((parent-directory (file-name-directory buffer-file-name)))
@ -1501,11 +1501,13 @@ create a new one."
(:maildir "/Drafts" :key ?d) (:maildir "/Drafts" :key ?d)
(:maildir "/All Mail" :key ?a))) (:maildir "/All Mail" :key ?a)))
(setq user-mail-address "leon@swarsel.win" (setq user-mail-address (getenv "SWARSEL_SWARSEL_MAIL")
user-full-name "Leon Schwarzäugl") user-full-name (getenv "SWARSEL_FULLNAME"))
;; this does the equivalent of (setq mu4e-user-mail-address-list '(address1@about.com address2@about.com [...])))
(setq mu4e-user-mail-address-list '(leon.schwarzaeugl@gmail.com leon@swarsel.win nautilus.dw@gmail.com mrswarsel@gmail.com))) (setq mu4e-user-mail-address-list
(mapcar #'intern (split-string (or (getenv "SWARSEL_MAIL_ALL") "") "[ ,]+" t)))
)
(add-hook 'mu4e-compose-mode-hook #'swarsel/mu4e-send-from-correct-address) (add-hook 'mu4e-compose-mode-hook #'swarsel/mu4e-send-from-correct-address)

7
scripts/swarsel-install.sh
View file

@ -123,7 +123,12 @@ if [[ $local_keys != *"${pub_arr[1]}"* ]]; then
yellow "The ssh key for this configuration is not available." yellow "The ssh key for this configuration is not available."
green "Adjusting flake.nix so that the configuration is buildable" green "Adjusting flake.nix so that the configuration is buildable"
sed -i '/nix-secrets = {/,/^[[:space:]]*};/d' flake.nix sed -i '/nix-secrets = {/,/^[[:space:]]*};/d' flake.nix
git add flake.nix rm profiles/home/common/env.nix
rm profiles/home/common/gammastep.nix
rm profiles/home/common/git.nix
rm profiles/home/common/mail.nix
rm profiles/nixos/common/home-manager-extra.nix
git add .
else else
green "Valid SSH key found! Continuing with installation" green "Valid SSH key found! Continuing with installation"
fi fi