From de9b5cf40cee9d5e72153866afe21cdb6eda0ebe Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leon=20Schwarz=C3=A4ugl?= Date: Thu, 27 Mar 2025 01:32:41 +0100 Subject: [PATCH 01/13] refactor: eliminate old module setup [part 1] --- SwarselSystems.org | 2925 ++++++++--------- flake.nix | 4 +- hosts/home/default/default.nix | 3 +- hosts/nixos/iso/default.nix | 7 +- hosts/nixos/nbl-imba-2/default.nix | 14 +- hosts/nixos/sync/default.nix | 6 +- hosts/nixos/toto/default.nix | 9 +- hosts/nixos/winters/default.nix | 3 - lib/default.nix | 6 +- modules/home/filesystem.nix | 6 - modules/home/hardware.nix | 25 - modules/home/input.nix | 39 - modules/home/laptop.nix | 35 - modules/home/monitors.nix | 21 - modules/home/nixos.nix | 34 - modules/home/setup.nix | 23 - modules/home/startup.nix | 17 - modules/home/stylix.nix | 52 - modules/home/wallpaper.nix | 9 - modules/home/waybar.nix | 35 - modules/nixos/hardware.nix | 15 - modules/nixos/server.nix | 26 - profiles/darwin/home/default.nix | 1 + profiles/home/common/firefox.nix | 164 +- profiles/home/common/nixgl.nix | 33 +- .../home/common/sharedsetup.nix | 101 +- profiles/home/common/stylix.nix | 7 +- profiles/home/common/sway.nix | 700 ++-- profiles/home/common/waybar.nix | 548 +-- profiles/home/common/zsh.nix | 196 +- profiles/home/optional/work.nix | 49 +- profiles/home/server/default.nix | 1 + profiles/nixos/common/default.nix | 7 +- profiles/nixos/common/hardware.nix | 65 +- .../nixos/common/sharedsetup.nix | 0 profiles/nixos/common/stylix.nix | 7 +- profiles/nixos/server/ankisync.nix | 1 + profiles/nixos/server/default.nix | 2 + profiles/nixos/server/emacs.nix | 1 + profiles/nixos/server/forgejo.nix | 1 + profiles/nixos/server/freshrss.nix | 1 + profiles/nixos/server/immich.nix | 1 + profiles/nixos/server/jellyfin.nix | 1 + profiles/nixos/server/jenkins.nix | 1 + profiles/nixos/server/kavita.nix | 1 + profiles/nixos/server/matrix.nix | 2 +- profiles/nixos/server/monitoring.nix | 1 + profiles/nixos/server/mpd.nix | 1 + profiles/nixos/server/navidrome.nix | 1 + profiles/nixos/server/nextcloud.nix | 1 + profiles/nixos/server/paperless.nix | 1 + profiles/nixos/server/pipewire.nix | 2 +- profiles/nixos/server/restic.nix | 1 + profiles/nixos/server/settings.nix | 49 +- profiles/nixos/server/spotifyd.nix | 1 + profiles/nixos/server/syncthing.nix | 1 + profiles/nixos/server/transmission.nix | 1 + templates/hosts/nixos/default.nix | 9 - 58 files changed, 2375 insertions(+), 2899 deletions(-) delete mode 100644 modules/home/filesystem.nix delete mode 100644 modules/home/hardware.nix delete mode 100644 modules/home/input.nix delete mode 100644 modules/home/laptop.nix delete mode 100644 modules/home/monitors.nix delete mode 100644 modules/home/nixos.nix delete mode 100644 modules/home/setup.nix delete mode 100644 modules/home/startup.nix delete mode 100644 modules/home/stylix.nix delete mode 100644 modules/home/wallpaper.nix delete mode 100644 modules/home/waybar.nix delete mode 100644 modules/nixos/hardware.nix delete mode 100644 modules/nixos/server.nix rename modules/home/firefox.nix => profiles/home/common/sharedsetup.nix (66%) rename modules/nixos/setup.nix => profiles/nixos/common/sharedsetup.nix (100%) diff --git a/SwarselSystems.org b/SwarselSystems.org index 57f0d7a..f9b56fd 100644 --- a/SwarselSystems.org +++ b/SwarselSystems.org @@ -340,8 +340,8 @@ In this section I am creating some attributes that define general concepts of my #+begin_src nix :tangle no :noweb-ref flakeoutputgeneral inherit lib; - nixosModules = import ./modules/nixos { inherit lib; }; - homeModules = import ./modules/home { inherit lib; }; + # nixosModules = import ./modules/nixos { inherit lib; }; + # homeModules = import ./modules/home { inherit lib; }; packages = lib.swarselsystems.forEachSystem (pkgs: import ./pkgs { inherit lib pkgs; }); formatter = lib.swarselsystems.forEachSystem (pkgs: pkgs.nixpkgs-fmt); overlays = import ./overlays { inherit self lib inputs; }; @@ -645,15 +645,6 @@ This is the template that I use for new deployments of personal machines. Server isLaptop = true; isNixos = true; cpuCount = 16; - startup = [ - { command = "nextcloud --background"; } - { command = "vesktop --start-minimized --enable-speech-dispatcher --ozone-platform-hint=auto --enable-features=WaylandWindowDecorations --enable-wayland-ime"; } - { command = "element-desktop --hidden --enable-features=UseOzonePlatform --ozone-platform=wayland --disable-gpu-driver-bug-workarounds"; } - { command = "ANKI_WAYLAND=1 anki"; } - { command = "OBSIDIAN_USE_WAYLAND=1 obsidian"; } - { command = "nm-applet"; } - { command = "feishin"; } - ]; } sharedOptions; } @@ -1010,13 +1001,13 @@ My work machine. Built for more security, this is the gold standard of my config xkb_layout = "us"; xkb_variant = "altgr-intl"; }; - "2362:628:PIXA3854:00_093A:0274_Touchpad" = { - dwt = "enabled"; - tap = "enabled"; - natural_scroll = "enabled"; - middle_emulation = "enabled"; - drag_lock = "disabled"; - }; + # "2362:628:PIXA3854:00_093A:0274_Touchpad" = { + # dwt = "enabled"; + # tap = "enabled"; + # natural_scroll = "enabled"; + # middle_emulation = "enabled"; + # drag_lock = "disabled"; + # }; "1133:50504:Logitech_USB_Receiver" = { xkb_layout = "us"; xkb_variant = "altgr-intl"; @@ -1248,13 +1239,10 @@ This is my main server that I run at home. It handles most tasks that require bi }; swarselsystems = { - hasBluetooth = false; - hasFingerprint = false; isImpermanence = false; isBtrfs = false; isLinux = true; server = { - enable = true; kavita = true; navidrome = true; jellyfin = true; @@ -1449,12 +1437,15 @@ This machine mainly acts as an external sync helper. It manages the following th imports = [ "${profilesPath}/nixos/server" + "${profilesPath}/nixos/common/sharedsetup.nix" + "${profilesPath}/home/common/sharedsetup.nix" ./hardware-configuration.nix inputs.home-manager.nixosModules.home-manager { home-manager.users."${primaryUser}".imports = [ "${profilesPath}/home/server" + "${profilesPath}/home/common/sharedsetup.nix" ]; } ]; @@ -1522,14 +1513,11 @@ This machine mainly acts as an external sync helper. It manages the following th swarselsystems = { - hasBluetooth = false; - hasFingerprint = false; isImpermanence = false; isLinux = true; isBtrfs = false; flakePath = "/root/.dotfiles"; server = { - enable = true; forgejo = true; ankisync = true; }; @@ -1554,7 +1542,7 @@ This is a slim setup for developing base configuration. I do not track the hardw :CUSTOM_ID: h:4e53b40b-98b2-4615-b1b0-3696a75edd6e :END: #+begin_src nix :tangle hosts/nixos/toto/default.nix - { self, inputs, outputs, pkgs, lib, primaryUser, ... }: + { self, inputs, pkgs, lib, primaryUser, ... }: let profilesPath = "${self}/profiles"; sharedOptions = { @@ -1570,6 +1558,7 @@ This is a slim setup for developing base configuration. I do not track the hardw "${profilesPath}/nixos/optional/autologin.nix" "${profilesPath}/nixos/common/settings.nix" + "${profilesPath}/nixos/common/sharedsetup.nix" "${profilesPath}/nixos/common/home-manager.nix" "${profilesPath}/nixos/common/home-manager-extra.nix" "${profilesPath}/nixos/common/xserver.nix" @@ -1578,6 +1567,7 @@ This is a slim setup for developing base configuration. I do not track the hardw "${profilesPath}/nixos/common/lanzaboote.nix" "${profilesPath}/nixos/common/sops.nix" "${profilesPath}/nixos/server/ssh.nix" + "${profilesPath}/home/common/sharedsetup.nix" inputs.home-manager.nixosModules.home-manager { @@ -1586,9 +1576,10 @@ This is a slim setup for developing base configuration. I do not track the hardw "${profilesPath}/home/common/settings.nix" "${profilesPath}/home/common/sops.nix" "${profilesPath}/home/common/ssh.nix" - ] ++ (builtins.attrValues outputs.homeModules); + "${profilesPath}/home/common/sharedsetup.nix" + ]; } - ] ++ (builtins.attrValues outputs.nixosModules) ++ (builtins.attrValues outputs.homeModules); + ]; environment.systemPackages = with pkgs; [ @@ -1804,7 +1795,7 @@ Also, an initial bash history is provided to allow for a very quick local deploy #+begin_src nix :tangle hosts/nixos/iso/default.nix - { self, pkgs, inputs, outputs, config, lib, modulesPath, primaryUser ? "swarsel", ... }: + { self, pkgs, inputs, config, lib, modulesPath, primaryUser ? "swarsel", ... }: let pubKeys = lib.filesystem.listFilesRecursive "${self}/secrets/keys/ssh"; in @@ -1815,12 +1806,15 @@ Also, an initial bash history is provided to allow for a very quick local deploy "${modulesPath}/installer/cd-dvd/channel.nix" "${self}/profiles/iso/minimal.nix" + "${self}/profiles/nixos/common/sharedsetup.nix" + "${self}/profiles/home/common/sharedsetup.nix" inputs.home-manager.nixosModules.home-manager { home-manager.users."${primaryUser}".imports = [ "${self}/profiles/home/common/settings.nix" - ] ++ (builtins.attrValues outputs.homeModules); + "${self}/profiles/home/common/sharedsetup.nix" + ]; } ]; @@ -1933,7 +1927,8 @@ This is the "reference implementation" of a setup that runs without NixOS, only inputs.sops-nix.homeManagerModules.sops inputs.nix-index-database.hmModules.nix-index ./profiles/home/common - ] ++ (builtins.attrValues outputs.homeModules); + "${self}/profiles/home/common/sharedsetup.nix" + ]; nixpkgs = { overlays = [ outputs.overlays.default ]; @@ -3806,111 +3801,14 @@ Note: The structure of generating the packages was changed in commit =2cf03a3 re Modules that need to be loaded on the NixOS level. Note that these will not be available on systems that are not running NixOS. #+begin_src nix :tangle modules/nixos/default.nix -{ lib, ... }: -let - moduleNames = lib.swarselsystems.readNix "modules/nixos"; -in -lib.swarselsystems.mkModules moduleNames "nixos" - -#+end_src - - -***** Hardware -:PROPERTIES: -:CUSTOM_ID: h:c6a138ff-f07f-4cae-95b9-b6daa2b11463 -:END: - -This lets me set some basic flags about the hardware of the configured systems. - -#+begin_src nix :tangle modules/nixos/hardware.nix { lib, ... }: + let + moduleNames = lib.swarselsystems.readNix "modules/nixos"; + in + lib.swarselsystems.mkModules moduleNames "nixos" - { - options.swarselsystems = { - hasBluetooth = lib.mkEnableOption "bluetooth availability"; - hasFingerprint = lib.mkEnableOption "fingerprint sensor availability"; - trackpoint = { - isAvailable = lib.mkEnableOption "trackpoint availability"; - trackpoint.device = lib.mkOption { - type = lib.types.str; - default = ""; - }; - }; - }; - } #+end_src -***** Setup -:PROPERTIES: -:CUSTOM_ID: h:f4f22166-e345-43e6-b15f-b7f5bb886554 -:END: - -I usually use =mutableUsers = false= in my NixOS configuration. However, on a new system where sops-keys have not been deployed, this would immediately lock me out of the system. Hence this flag can be used until sops-keys are created. - -#+begin_src nix :tangle modules/nixos/setup.nix - { lib, ... }: - { - options.swarselsystems = { - withHomeManager = lib.mkOption { - type = lib.types.bool; - default = true; - }; - isSwap = lib.mkOption { - type = lib.types.bool; - default = true; - }; - swapSize = lib.mkOption { - type = lib.types.str; - default = "8G"; - }; - rootDisk = lib.mkOption { - type = lib.types.str; - default = ""; - }; - isCrypted = lib.mkEnableOption "uses full disk encryption"; - initialSetup = lib.mkEnableOption "initial setup (no sops keys available)"; - - isImpermanence = lib.mkEnableOption "use impermanence on this system"; - isSecureBoot = lib.mkEnableOption "use secure boot on this system"; - }; - } -#+end_src - -***** Server -:PROPERTIES: -:CUSTOM_ID: h:d10f8aaf-2f71-4e80-ba05-37bfc98c99b6 -:END: - -#+begin_src nix :tangle modules/nixos/server.nix - { lib, ... }: - { - options.swarselsystems = { - server = { - enable = lib.mkEnableOption "is a server machine"; - kavita = lib.mkEnableOption "enable kavita on server"; - jellyfin = lib.mkEnableOption "enable jellyfin on server"; - navidrome = lib.mkEnableOption "enable navidrome on server"; - spotifyd = lib.mkEnableOption "enable spotifyd on server"; - mpd = lib.mkEnableOption "enable mpd on server"; - matrix = lib.mkEnableOption "enable matrix on server"; - nextcloud = lib.mkEnableOption "enable nextcloud on server"; - immich = lib.mkEnableOption "enable immich on server"; - paperless = lib.mkEnableOption "enable paperless on server"; - transmission = lib.mkEnableOption "enable transmission and friends on server"; - syncthing = lib.mkEnableOption "enable syncthing on server"; - restic = lib.mkEnableOption "enable restic backups on server"; - monitoring = lib.mkEnableOption "enable monitoring on server"; - jenkins = lib.mkEnableOption "enable jenkins on server"; - emacs = lib.mkEnableOption "enable emacs server on server"; - forgejo = lib.mkEnableOption "enable forgejo on server"; - ankisync = lib.mkEnableOption "enable ankisync on server"; - freshrss = lib.mkEnableOption "enable freshrss on server"; - }; - }; - } -#+end_src - - **** home-manager :PROPERTIES: :CUSTOM_ID: h:ced5841f-c088-4d88-b3a1-7d62aad8837b @@ -3926,601 +3824,6 @@ This holds modules that are to be used on most hosts. These are also the most im lib.swarselsystems.mkModules moduleNames "home" #+end_src -***** Laptop -:PROPERTIES: -:CUSTOM_ID: h:ec08cd7e-4a9a-419f-a0a7-6cc4576302a1 -:END: - -Laptops are not always plugged in, so they should show a battery icon in Waybar. Also, most laptops have a touchpad which usually needs to be configured: - - Tapping should be enabled. - - The touchpad should be disabled while typing (=dwt= option). - - Natural scrolling should be enabled. - - Tag-and-drag lock should be disbled - it gets in my way too much. - -#+begin_src nix :tangle modules/home/laptop.nix - { lib, config, ... }: - { - options.swarselsystems = { - isLaptop = lib.mkEnableOption "laptop host"; - }; - - config.swarselsystems = { - touchpad = lib.mkIf config.swarselsystems.isLaptop { - "type:touchpad" = { - dwt = "enabled"; - tap = "enabled"; - natural_scroll = "enabled"; - middle_emulation = "enabled"; - drag_lock = "disabled"; - }; - }; - waybarModules = lib.mkIf config.swarselsystems.isLaptop [ - "custom/outer-left-arrow-dark" - "mpris" - "custom/left-arrow-light" - "network" - "custom/vpn" - "custom/left-arrow-dark" - "pulseaudio" - "custom/left-arrow-light" - "battery" - "custom/left-arrow-dark" - "group/hardware" - "custom/left-arrow-light" - "clock#2" - "custom/left-arrow-dark" - "clock#1" - ]; - }; - } -#+end_src - -***** Hardware -:PROPERTIES: -:CUSTOM_ID: h:5f0bf0e2-a096-4b07-affb-6beba7786fab -:END: - -This section is mostly used to deliver the correct information to Waybar. AMD systems have changing hwmon paths that can be specifically set here. Also the cpu count can be set here for Waybars cpu module, but 8 is usually a good setting to show - -to get the info for the secondary gpu, use `lspci -nn | grep VGA` -It can be set to either: - - a number, selecting the n-th non-default GPU - - a PCI bus id in the form =pci-XXX_YY_ZZ_U= - - a PCI id in the form =vendor_id:device_id= - -#+begin_src nix :tangle modules/home/hardware.nix - { lib, ... }: - { - options.swarselsystems = { - cpuCount = lib.mkOption { - type = lib.types.int; - default = 8; - }; - isSecondaryGpu = lib.mkEnableOption "device has a secondary GPU"; - SecondaryGpuCard = lib.mkOption { - type = lib.types.str; - default = ""; - }; - temperatureHwmon = { - isAbsolutePath = lib.mkEnableOption "absolute temperature path"; - path = lib.mkOption { - type = lib.types.str; - default = ""; - }; - input-filename = lib.mkOption { - type = lib.types.str; - default = ""; - }; - }; - }; - } -#+end_src - -***** Waybar -:PROPERTIES: -:CUSTOM_ID: h:a9530c81-1976-442b-b597-0b4bed6baf25 -:END: - -These are explicit waybar options. Laptops do not need the battery module. However, this leads to a slight problem with theming: my waybar modules alternate their background-color between black and grey. The battery module is usually on grey background. If I were to simply delete that, I would now have two modules on black background. To avoid this, I define a pseudo-module =custom/pseudobat= that simply shows a static image and calls =wlogout= on right click. This wastes a little bit of screen space, but that is a price I am willing to pay for consistency. - -The most part of this configuration is done here: [[#h:0bf51f63-01c0-4053-a591-7f0c5697c690][Waybar]] - -#+begin_src nix :tangle modules/home/waybar.nix - { lib, config, ... }: - let - generateIcons = n: lib.concatStringsSep " " (builtins.map (x: "{icon" + toString x + "}") (lib.range 0 (n - 1))); - in - { - options.swarselsystems = { - cpuString = lib.mkOption { - type = lib.types.str; - default = generateIcons config.swarselsystems.cpuCount; - description = "The generated icons string for use by Waybar."; - internal = true; - }; - waybarModules = lib.mkOption { - type = lib.types.listOf lib.types.str; - default = [ - "custom/outer-left-arrow-dark" - "mpris" - "custom/left-arrow-light" - "network" - "custom/vpn" - "custom/left-arrow-dark" - "pulseaudio" - "custom/left-arrow-light" - "custom/pseudobat" - "battery" - "custom/left-arrow-dark" - "group/hardware" - "custom/left-arrow-light" - "clock#2" - "custom/left-arrow-dark" - "clock#1" - ]; - }; - }; - } -#+end_src - -***** Monitors -:PROPERTIES: -:CUSTOM_ID: h:dfd5c190-f213-45e1-b17c-e650b7b94b38 -:END: - -This allows me to define my monitors in the machine's =default.nix=. - -#+begin_src nix :tangle modules/home/monitors.nix - { lib, ... }: - { - options.swarselsystems = { - monitors = lib.mkOption { - type = lib.types.attrsOf (lib.types.attrsOf lib.types.str); - default = { }; - }; - sharescreen = lib.mkOption { - type = lib.types.str; - default = ""; - }; - lowResolution = lib.mkOption { - type = lib.types.str; - default = ""; - }; - highResolution = lib.mkOption { - type = lib.types.str; - default = ""; - }; - }; - } -#+end_src - -***** Input -:PROPERTIES: -:CUSTOM_ID: h:880df388-4050-4955-9663-9c1c197f5ae9 -:END: - -This allows me to configure input options. Here, I am globally defining my split keyboards. Then, I am joining some attribute sets so that they can be easier used in the rest of the configurations. - -#+begin_src nix :tangle modules/home/input.nix - { lib, config, ... }: - { - options.swarselsystems = { - inputs = lib.mkOption { - type = lib.types.attrsOf (lib.types.attrsOf lib.types.str); - default = { }; - }; - kyria = lib.mkOption { - type = lib.types.attrsOf (lib.types.attrsOf lib.types.str); - default = { - "36125:53060:splitkb.com_splitkb.com_Kyria_rev3" = { - xkb_layout = "us"; - xkb_variant = "altgr-intl"; - }; - "7504:24926:Kyria_Keyboard" = { - xkb_layout = "us"; - xkb_variant = "altgr-intl"; - }; - }; - }; - touchpad = lib.mkOption { - type = lib.types.attrsOf (lib.types.attrsOf lib.types.str); - default = { }; - }; - standardinputs = lib.mkOption { - type = lib.types.attrsOf (lib.types.attrsOf lib.types.str); - default = lib.recursiveUpdate (lib.recursiveUpdate config.swarselsystems.touchpad config.swarselsystems.kyria) config.swarselsystems.inputs; - internal = true; - }; - keybindings = lib.mkOption { - type = lib.types.attrsOf lib.types.str; - default = { }; - }; - shellAliases = lib.mkOption { - type = lib.types.attrsOf lib.types.str; - default = { }; - }; - }; - } -#+end_src - -***** Nixos -:PROPERTIES: -:CUSTOM_ID: h:e4a9e96f-ff9f-4fc2-8fc0-9913e03bd568 -:END: - -These are some extra options that will be used if the machine also runs NixOS. For example, non-NixOS hosts need =nixGL= prepended to most graphic commands, and =swayfx= works less nicely on these machines. - -#+begin_src nix :noweb yes :tangle modules/home/nixos.nix - { lib, config, ... }: - { - options.swarselsystems = { - isNixos = lib.mkEnableOption "nixos host"; - isPublic = lib.mkEnableOption "is a public machine (no secrets)"; - swayfxConfig = lib.mkOption { - type = lib.types.str; - default = " - blur enable - blur_xray disable - blur_passes 1 - blur_radius 1 - shadows enable - corner_radius 2 - titlebar_separator disable - default_dim_inactive 0.02 - "; - internal = true; - }; - }; - - config.swarselsystems = { - startup = lib.mkIf (!config.swarselsystems.isNixos) [ - { command = "sleep 60 && nixGL nextcloud --background"; } - { command = "sleep 60 && nixGL vesktop --start-minimized -enable-features=UseOzonePlatform -ozone-platform=wayland"; } - { command = "sleep 60 && nixGL syncthingtray --wait"; } - { command = "sleep 60 && ANKI_WAYLAND=1 nixGL anki"; } - { command = "nm-applet --indicator"; } - { command = "sleep 60 && OBSIDIAN_USE_WAYLAND=1 nixGL obsidian -enable-features=UseOzonePlatform -ozone-platform=wayland"; } - { command = "sleep 60 && element-desktop --hidden -enable-features=UseOzonePlatform -ozone-platform=wayland --disable-gpu-driver-bug-workarounds"; } - ]; - swayfxConfig = lib.mkIf (!config.swarselsystems.isNixos) " "; - }; - } -#+end_src - -***** setup -:PROPERTIES: -:CUSTOM_ID: h:79f7150f-b162-4f57-abdf-07f40dffd932 -:END: - -Provides settings related to nix-darwin systems. At the moment, I am only making use of a =isDarwin= flag. - -#+begin_src nix :noweb yes :tangle modules/home/setup.nix - { lib, ... }: - { - options.swarselsystems = { - isDarwin = lib.mkEnableOption "darwin host"; - isLinux = lib.mkEnableOption "whether this is a linux machine"; - mainUser = lib.mkOption { - type = lib.types.str; - default = "swarsel"; - }; - homeDir = lib.mkOption { - type = lib.types.str; - default = "/home/swarsel"; - }; - xdgDir = lib.mkOption { - type = lib.types.str; - default = "/run/user/1000"; - }; - flakePath = lib.mkOption { - type = lib.types.str; - default = "/home/swarsel/.dotfiles"; - }; - }; - } -#+end_src - -***** System startup -:PROPERTIES: -:CUSTOM_ID: h:0809445e-9a24-4700-8675-03fb8f4beab8 -:END: - -This defines programs I want to have starting when I start the system - -Part of the startup is also defined in [[#h:02df9dfc-d1af-4a37-a7a0-d8da0af96a20][Sway]]. The distinction is as follows. As this configuration also needs to work on systems that are running only home manager, I probably need to run nixGL or something similar on those systems to get these graphic apps to display properly. In this section we only define such graphical programs, in the other location we only put shell applications and such. - -These other apps currently include: -- spotifytui -- kitty - -Do not that =syncthingtray= is also not mentioned here. It is installed as a home manager package that automatically starts at system start. - -#+begin_src nix :tangle modules/home/startup.nix - { lib, ... }: - { - options.swarselsystems = { - startup = lib.mkOption { - type = lib.types.listOf (lib.types.attrsOf lib.types.str); - default = [ - { command = "nextcloud --background"; } - { command = "vesktop --start-minimized --enable-speech-dispatcher --ozone-platform-hint=auto --enable-features=WaylandWindowDecorations --enable-wayland-ime"; } - { command = "element-desktop --hidden --enable-features=UseOzonePlatform --ozone-platform=wayland --disable-gpu-driver-bug-workarounds"; } - { command = "ANKI_WAYLAND=1 anki"; } - { command = "OBSIDIAN_USE_WAYLAND=1 obsidian"; } - { command = "nm-applet"; } - { command = "feishin"; } - ]; - }; - }; - } -#+end_src - -***** Wallpaper -:PROPERTIES: -:CUSTOM_ID: h:21e344a8-8212-463f-9c01-7dbca28515b6 -:END: - -Again, I set the wallpaper here for =stylix=. - -#+begin_src nix :tangle modules/home/wallpaper.nix - { self, lib, ... }: - { - options.swarselsystems = { - wallpaper = lib.mkOption { - type = lib.types.path; - default = self + /wallpaper/lenovowp.png; - }; - }; - } - -#+end_src - -***** Filesystem -:PROPERTIES: -:CUSTOM_ID: h:c4982d06-1962-439c-9eed-cdec52491dee -:END: - -Another duplicated option for the filesystem. - -#+begin_src nix :tangle modules/home/filesystem.nix - { lib, ... }: - { - options.swarselsystems = { - isBtrfs = lib.mkEnableOption "use btrfs filesystem"; - }; - } -#+end_src - -***** firefox -:PROPERTIES: -:CUSTOM_ID: h:e7f98ad8-74a6-4860-a368-cce154285ff0 -:END: - - -At work I am using several services that are using SSO login - however, as I am using four different accounts at work, this becomes a chore here. Hence, I have defined multiple profiles in [[#h:f0b2ea93-94c8-48d8-8d47-6fe58f58e0e6][Work]] that are all practically using the same configuration. To save screen space, I template that profile here. -Set in firefox =about:config > toolkit.legacyUserProfileCustomizations.stylesheets= to true. This should in principle be set automatically using the below config, but it seems not to be working reliably - -#+begin_src nix :noweb yes :tangle modules/home/firefox.nix - { self, lib, pkgs, ... }: - let - lock-false = { - Value = false; - Status = "locked"; - }; - lock-true = { - Value = true; - Status = "locked"; - }; - in - { - options.swarselsystems = { - firefox = lib.mkOption { - type = lib.types.attrs; - default = { - isDefault = false; - userChrome = builtins.readFile "${self}/programs/firefox/chrome/userChrome.css"; - extensions = { - packages = with pkgs.nur.repos.rycee.firefox-addons; [ - tridactyl - tampermonkey - sidebery - browserpass - clearurls - darkreader - enhancer-for-youtube - istilldontcareaboutcookies - translate-web-pages - ublock-origin - reddit-enhancement-suite - sponsorblock - web-archives - onepassword-password-manager - single-file - widegithub - enhanced-github - unpaywall - don-t-fuck-with-paste - plasma-integration - (buildFirefoxXpiAddon { - pname = "shortkeys"; - version = "4.0.2"; - addonId = "Shortkeys@Shortkeys.com"; - url = "https://addons.mozilla.org/firefox/downloads/file/3673761/shortkeys-4.0.2.xpi"; - sha256 = "c6fe12efdd7a871787ac4526eea79ecc1acda8a99724aa2a2a55c88a9acf467c"; - meta = with lib; - { - description = "Easily customizable custom keyboard shortcuts for Firefox. To configure this addon go to Addons (ctrl+shift+a) ->Shortkeys ->Options. Report issues here (please specify that the issue is found in Firefox): https://github.com/mikecrittenden/shortkeys"; - mozPermissions = [ - "tabs" - "downloads" - "clipboardWrite" - "browsingData" - "storage" - "bookmarks" - "sessions" - "" - ]; - platforms = platforms.all; - }; - }) - ]; - }; - - settings = - { - "extensions.autoDisableScopes" = 0; - "browser.bookmarks.showMobileBookmarks" = lock-true; - "toolkit.legacyUserProfileCustomizations.stylesheets" = lock-true; - "browser.search.suggest.enabled" = lock-false; - "browser.search.suggest.enabled.private" = lock-false; - "browser.urlbar.suggest.searches" = lock-false; - "browser.urlbar.showSearchSuggestionsFirst" = lock-false; - "browser.topsites.contile.enabled" = lock-false; - "browser.newtabpage.activity-stream.feeds.section.topstories" = lock-false; - "browser.newtabpage.activity-stream.feeds.snippets" = lock-false; - "browser.newtabpage.activity-stream.section.highlights.includePocket" = lock-false; - "browser.newtabpage.activity-stream.section.highlights.includeBookmarks" = lock-false; - "browser.newtabpage.activity-stream.section.highlights.includeDownloads" = lock-false; - "browser.newtabpage.activity-stream.section.highlights.includeVisited" = lock-false; - "browser.newtabpage.activity-stream.showSponsored" = lock-false; - "browser.newtabpage.activity-stream.system.showSponsored" = lock-false; - "browser.newtabpage.activity-stream.showSponsoredTopSites" = lock-false; - }; - - search = { - # default = "Kagi"; - default = "Google"; - # privateDefault = "Kagi"; - privateDefault = "Google"; - engines = { - "Kagi" = { - urls = [{ - template = "https://kagi.com/search"; - params = [ - { name = "q"; value = "{searchTerms}"; } - ]; - }]; - iconUpdateURL = "https://kagi.com/favicon.ico"; - updateInterval = 24 * 60 * 60 * 1000; # every day - definedAliases = [ "@k" ]; - }; - - "Nix Packages" = { - urls = [{ - template = "https://search.nixos.org/packages"; - params = [ - { name = "type"; value = "packages"; } - { name = "query"; value = "{searchTerms}"; } - ]; - }]; - icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; - definedAliases = [ "@np" ]; - }; - - "NixOS Wiki" = { - urls = [{ - template = "https://nixos.wiki/index.php?search={searchTerms}"; - }]; - iconUpdateURL = "https://nixos.wiki/favicon.png"; - updateInterval = 24 * 60 * 60 * 1000; # every day - definedAliases = [ "@nw" ]; - }; - - "NixOS Options" = { - urls = [{ - template = "https://search.nixos.org/options"; - params = [ - { name = "query"; value = "{searchTerms}"; } - ]; - }]; - - icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; - definedAliases = [ "@no" ]; - }; - - "Home Manager Options" = { - urls = [{ - template = "https://home-manager-options.extranix.com/"; - params = [ - { name = "query"; value = "{searchTerms}"; } - ]; - }]; - - icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; - definedAliases = [ "@hm" "@ho" "@hmo" ]; - }; - - "Google".metaData.alias = "@g"; - }; - force = true; # this is required because otherwise the search.json.mozlz4 symlink gets replaced on every firefox restart - }; - }; - }; - }; - - } -#+end_src - -***** stylix -:PROPERTIES: -:CUSTOM_ID: h:1c4b1619-40a1-4120-8868-d213abf6a29e -:END: - -#+begin_src nix :noweb yes :tangle modules/home/stylix.nix - { self, lib, pkgs, ... }: - { - options.swarselsystems = { - stylix = lib.mkOption { - type = lib.types.attrs; - default = { - enable = true; - base16Scheme = "${self}/programs/stylix/swarsel.yaml"; - polarity = "dark"; - opacity.popups = 0.5; - cursor = { - package = pkgs.banana-cursor; - # package = pkgs.capitaine-cursors; - name = "Banana"; - # name = "capitaine-cursors"; - size = 16; - }; - fonts = { - sizes = { - terminal = 10; - applications = 11; - }; - serif = { - # package = (pkgs.nerdfonts.override { fonts = [ "FiraMono" "FiraCode"]; }); - package = pkgs.cantarell-fonts; - # package = pkgs.montserrat; - name = "Cantarell"; - # name = "FiraCode Nerd Font Propo"; - # name = "Montserrat"; - }; - sansSerif = { - # package = (pkgs.nerdfonts.override { fonts = [ "FiraMono" "FiraCode"]; }); - package = pkgs.cantarell-fonts; - # package = pkgs.montserrat; - name = "Cantarell"; - # name = "FiraCode Nerd Font Propo"; - # name = "Montserrat"; - }; - monospace = { - package = pkgs.nerd-fonts.fira-mono; # has overrides - name = "FiraCode Nerd Font Mono"; - }; - emoji = { - package = pkgs.noto-fonts-emoji; - name = "Noto Color Emoji"; - }; - }; - }; - }; - }; - - } -#+end_src - *** Library functions :PROPERTIES: :CUSTOM_ID: h:4d38c9f7-2680-4c02-a1f4-ed8db0d55ce4 @@ -4613,7 +3916,7 @@ TODO # put home-manager imports here that are for all servers and normal hosts inputs.sops-nix.homeManagerModules.sops inputs.nix-index-database.hmModules.nix-index - ] ++ (builtins.attrValues outputs.homeModules); + ]; } ] else [ # put nixos imports here that are for darwin hosts @@ -4623,9 +3926,9 @@ TODO home-manager.users."${macUser}".imports = [ # put home-manager imports here that are for darwin hosts "${self}/profiles/darwin/home" - ] ++ (builtins.attrValues outputs.homeModules); + ]; } - ]) ++ (builtins.attrValues outputs.nixosModules) ++ (builtins.attrValues outputs.homeModules) + ]) )); }; }; @@ -4721,12 +4024,15 @@ These are system-level settings specific to NixOS machines. All settings that ar This section is for setting things that should be used on hosts that are using the default NixOS configuration. This means that servers should NOT import this, as much of these imported modules are user-configured. #+begin_src nix :tangle profiles/nixos/common/default.nix - { lib, ... }: + { self, lib, ... }: let importNames = lib.swarselsystems.readNix "profiles/nixos/common"; + profilesPath = "${self}/profiles"; in { - imports = lib.swarselsystems.mkImports importNames "profiles/nixos/common"; + imports = lib.swarselsystems.mkImports importNames "profiles/nixos/common" ++ [ + "${profilesPath}/home/common/sharedsetup.nix" + ]; nixpkgs.config.permittedInsecurePackages = [ "jitsi-meet-1.0.8043" @@ -4738,6 +4044,42 @@ This section is for setting things that should be used on hosts that are using t #+end_src +**** Shared Configuration Options +:PROPERTIES: +:CUSTOM_ID: h:f4f22166-e345-43e6-b15f-b7f5bb886554 +:END: + +I usually use =mutableUsers = false= in my NixOS configuration. However, on a new system where sops-keys have not been deployed, this would immediately lock me out of the system. Hence this flag can be used until sops-keys are created. + +#+begin_src nix :tangle profiles/nixos/common/sharedsetup.nix + { lib, ... }: + { + options.swarselsystems = { + withHomeManager = lib.mkOption { + type = lib.types.bool; + default = true; + }; + isSwap = lib.mkOption { + type = lib.types.bool; + default = true; + }; + swapSize = lib.mkOption { + type = lib.types.str; + default = "8G"; + }; + rootDisk = lib.mkOption { + type = lib.types.str; + default = ""; + }; + isCrypted = lib.mkEnableOption "uses full disk encryption"; + initialSetup = lib.mkEnableOption "initial setup (no sops keys available)"; + + isImpermanence = lib.mkEnableOption "use impermanence on this system"; + isSecureBoot = lib.mkEnableOption "use secure boot on this system"; + }; + } +#+end_src + **** General NixOS settings (stateVersion) :PROPERTIES: :CUSTOM_ID: h:24c9146f-2147-4fd5-bafc-d5853e15cf12 @@ -5155,36 +4497,49 @@ Enable OpenGL, Sound, Bluetooth and various drivers. { pkgs, config, lib, ... }: { - hardware = { - # opengl.driSupport32Bit = true is replaced with graphics.enable32Bit and hence redundant - graphics = { - enable = true; - enable32Bit = true; - }; - - - trackpoint = lib.mkIf config.swarselsystems.trackpoint.isAvailable { - enable = true; - inherit (config.swarselsystems.trackpoint) device; - }; - - keyboard.qmk.enable = true; - - enableAllFirmware = true; - - bluetooth = lib.mkIf config.swarselsystems.hasBluetooth { - enable = true; - package = pkgs.stable.bluez; - powerOnBoot = true; - settings = { - General = { - Enable = "Source,Sink,Media,Socket"; - }; + options.swarselsystems = { + hasBluetooth = lib.mkEnableOption "bluetooth availability"; + hasFingerprint = lib.mkEnableOption "fingerprint sensor availability"; + trackpoint = { + isAvailable = lib.mkEnableOption "trackpoint availability"; + trackpoint.device = lib.mkOption { + type = lib.types.str; + default = ""; }; }; }; + config = { + hardware = { + # opengl.driSupport32Bit = true is replaced with graphics.enable32Bit and hence redundant + graphics = { + enable = true; + enable32Bit = true; + }; - services.fprintd.enable = lib.mkIf config.swarselsystems.hasFingerprint true; + + trackpoint = lib.mkIf config.swarselsystems.trackpoint.isAvailable { + enable = true; + inherit (config.swarselsystems.trackpoint) device; + }; + + keyboard.qmk.enable = true; + + enableAllFirmware = true; + + bluetooth = lib.mkIf config.swarselsystems.hasBluetooth { + enable = true; + package = pkgs.stable.bluez; + powerOnBoot = true; + settings = { + General = { + Enable = "Source,Sink,Media,Socket"; + }; + }; + }; + }; + + services.fprintd.enable = lib.mkIf config.swarselsystems.hasFingerprint true; + }; } #+end_src @@ -5602,12 +4957,7 @@ By default, [[https://github.com/danth/stylix][stylix]] wants to style GRUB as w config.swarselsystems.stylix; home-manager.users."${config.swarselsystems.mainUser}" = { stylix = { - targets = { - emacs.enable = false; - waybar.enable = false; - sway.useWallpaper = false; - firefox.profileNames = [ "default" ]; - }; + targets = config.swarselsystems.stylixHomeTargets; }; }; } @@ -6459,6 +5809,8 @@ Also, the system state version is set here. No need to touch it. "${profilesPath}/nixos/common/time.nix" "${profilesPath}/nixos/common/users.nix" "${profilesPath}/nixos/common/nix-ld.nix" + "${profilesPath}/nixos/common/sharedsetup.nix" + "${profilesPath}/home/common/sharedsetup.nix" ]; } #+end_src @@ -6476,28 +5828,35 @@ Here we just define some aliases for rebuilding the system, and we allow some in inherit (config.swarselsystems) flakePath; in { - environment.shellAliases = lib.recursiveUpdate - { - npswitch = "cd ${flakePath}; git pull; sudo nixos-rebuild --flake .#$(hostname) switch; cd -;"; - nswitch = "sudo nixos-rebuild --flake ${flakePath}#$(hostname) switch;"; - npiswitch = "cd ${flakePath}; git pull; sudo nixos-rebuild --flake .#$(hostname) switch --impure; cd -;"; - nipswitch = "cd ${flakePath}; git pull; sudo nixos-rebuild --flake .#$(hostname) switch --impure; cd -;"; - niswitch = "sudo nixos-rebuild --flake ${flakePath}#$(hostname) switch --impure;"; - } - config.swarselsystems.shellAliases; - - nixpkgs.config.permittedInsecurePackages = [ - # matrix - "olm-3.2.16" - # sonarr - "aspnetcore-runtime-wrapped-6.0.36" - "aspnetcore-runtime-6.0.36" - "dotnet-sdk-wrapped-6.0.428" - "dotnet-sdk-6.0.428" - # - "SDL_ttf-2.0.11" - ]; + options.swarselsystems = { + shellAliases = lib.mkOption { + type = lib.types.attrsOf lib.types.str; + default = { }; + }; + }; + config = { + environment.shellAliases = lib.recursiveUpdate + { + npswitch = "cd ${flakePath}; git pull; sudo nixos-rebuild --flake .#$(hostname) switch; cd -;"; + nswitch = "sudo nixos-rebuild --flake ${flakePath}#$(hostname) switch;"; + npiswitch = "cd ${flakePath}; git pull; sudo nixos-rebuild --flake .#$(hostname) switch --impure; cd -;"; + nipswitch = "cd ${flakePath}; git pull; sudo nixos-rebuild --flake .#$(hostname) switch --impure; cd -;"; + niswitch = "sudo nixos-rebuild --flake ${flakePath}#$(hostname) switch --impure;"; + } + config.swarselsystems.shellAliases; + nixpkgs.config.permittedInsecurePackages = [ + # matrix + "olm-3.2.16" + # sonarr + "aspnetcore-runtime-wrapped-6.0.36" + "aspnetcore-runtime-6.0.36" + "dotnet-sdk-wrapped-6.0.428" + "dotnet-sdk-6.0.428" + # + "SDL_ttf-2.0.11" + ]; + }; } #+end_src @@ -6673,6 +6032,7 @@ Here we just define some aliases for rebuilding the system, and we allow some in #+begin_src nix :tangle profiles/nixos/server/kavita.nix { pkgs, lib, config, ... }: { + options.swarselsystems.server.kavita = lib.mkEnableOption "enable kavita on server"; config = lib.mkIf config.swarselsystems.server.kavita { environment.systemPackages = with pkgs; [ calibre @@ -6723,6 +6083,7 @@ Here we just define some aliases for rebuilding the system, and we allow some in #+begin_src nix :tangle profiles/nixos/server/jellyfin.nix { pkgs, lib, config, ... }: { + options.swarselsystems.server.jellyfin = lib.mkEnableOption "enable jellyfin on server"; config = lib.mkIf config.swarselsystems.server.jellyfin { users.users.jellyfin = { extraGroups = [ "video" "render" "users" ]; @@ -6778,6 +6139,7 @@ Here we just define some aliases for rebuilding the system, and we allow some in secretsDirectory = builtins.toString inputs.nix-secrets; in { + options.swarselsystems.server.navidrome = lib.mkEnableOption "enable navidrome on server"; config = lib.mkIf config.swarselsystems.server.navidrome { environment.systemPackages = with pkgs; [ pciutils @@ -6880,6 +6242,7 @@ Here we just define some aliases for rebuilding the system, and we allow some in #+begin_src nix :tangle profiles/nixos/server/spotifyd.nix { lib, config, ... }: { + options.swarselsystems.server.spotifyd = lib.mkEnableOption "enable spotifyd on server"; config = lib.mkIf config.swarselsystems.server.spotifyd { users.groups.spotifyd = { gid = 65136; @@ -6922,6 +6285,7 @@ Here we just define some aliases for rebuilding the system, and we allow some in #+begin_src nix :tangle profiles/nixos/server/mpd.nix { pkgs, lib, config, ... }: { + options.swarselsystems.server.mpd = lib.mkEnableOption "enable mpd on server"; config = lib.mkIf config.swarselsystems.server.mpd { users = { groups = { @@ -6981,7 +6345,7 @@ Here we just define some aliases for rebuilding the system, and we allow some in #+begin_src nix :tangle profiles/nixos/server/pipewire.nix { lib, config, ... }: { - config = lib.mkIf (config.swarselsystems.server.mpd || config.swarselsystems.server.navidrome) { + config = lib.mkIf (config?swarselsystems.server.mpd || config?swarselsystems.server.navidrome) { security.rtkit.enable = true; # this is required for pipewire real-time access @@ -7020,7 +6384,7 @@ Here we just define some aliases for rebuilding the system, and we allow some in ''; in { - + options.swarselsystems.server.matrix = lib.mkEnableOption "enable matrix on server"; config = lib.mkIf config.swarselsystems.server.matrix { environment.systemPackages = with pkgs; [ matrix-synapse @@ -7342,6 +6706,7 @@ Here we just define some aliases for rebuilding the system, and we allow some in #+begin_src nix :tangle profiles/nixos/server/nextcloud.nix { pkgs, lib, config, ... }: { + options.swarselsystems.server.nextcloud = lib.mkEnableOption "enable nextcloud on server"; config = lib.mkIf config.swarselsystems.server.nextcloud { sops.secrets.nextcloudadminpass = { @@ -7395,6 +6760,7 @@ Here we just define some aliases for rebuilding the system, and we allow some in #+begin_src nix :tangle profiles/nixos/server/immich.nix { lib, config, ... }: { + options.swarselsystems.server.immich = lib.mkEnableOption "enable immich on server"; config = lib.mkIf config.swarselsystems.server.immich { users.users.immich = { @@ -7452,6 +6818,7 @@ Here we just define some aliases for rebuilding the system, and we allow some in #+begin_src nix :tangle profiles/nixos/server/paperless.nix { lib, config, ... }: { + options.swarselsystems.server.paperless = lib.mkEnableOption "enable paperless on server"; config = lib.mkIf config.swarselsystems.server.paperless { users.users.paperless = { @@ -7510,6 +6877,7 @@ Here we just define some aliases for rebuilding the system, and we allow some in #+begin_src nix :tangle profiles/nixos/server/transmission.nix { pkgs, lib, config, ... }: { + options.swarselsystems.server.transmission = lib.mkEnableOption "enable transmission and friends on server"; config = lib.mkIf config.swarselsystems.server.transmission { # this user/group section is probably unneeded @@ -7655,6 +7023,7 @@ Here we just define some aliases for rebuilding the system, and we allow some in workHostName = lib.swarselsystems.getSecret "${secretsDirectory}/work/worklaptop-hostname"; in { + options.swarselsystems.server.syncthing = lib.mkEnableOption "enable syncthing on server"; config = lib.mkIf config.swarselsystems.server.syncthing { users.users.syncthing = { @@ -7775,6 +7144,7 @@ Once this is finished, it will house a restic client that manages automatic back #+begin_src nix :tangle profiles/nixos/server/restic.nix { lib, config, ... }: { + options.swarselsystems.server.restic = lib.mkEnableOption "enable restic backups on server"; config = lib.mkIf config.swarselsystems.server.restic { # TODO @@ -7793,6 +7163,7 @@ This section exposes several metrics that I use to check the health of my server #+begin_src nix :tangle profiles/nixos/server/monitoring.nix { self, lib, config, ... }: { + options.swarselsystems.server.monitoring = lib.mkEnableOption "enable monitoring on server"; config = lib.mkIf config.swarselsystems.server.monitoring { sops.secrets = { @@ -7969,6 +7340,7 @@ This is a WIP Jenkins instance. It is used to automatically build a new system w #+begin_src nix :tangle profiles/nixos/server/jenkins.nix { pkgs, lib, config, ... }: { + options.swarselsystems.server.jenkins = lib.mkEnableOption "enable jenkins on server"; config = lib.mkIf config.swarselsystems.server.jenkins { services.jenkins = { @@ -8014,6 +7386,7 @@ This was an approach of hosting an RSS server from within emacs. That would have #+begin_src nix :tangle profiles/nixos/server/emacs.nix { lib, config, ... }: { + options.swarselsystems.server.emacs = lib.mkEnableOption "enable emacs server on server"; config = lib.mkIf config.swarselsystems.server.emacs { networking.firewall.allowedTCPPorts = [ 9812 ]; @@ -8041,6 +7414,7 @@ It serves both a Greader API at https://signpost.swarsel.win/api/greader.php, as #+begin_src nix :tangle profiles/nixos/server/freshrss.nix { lib, config, ... }: { + options.swarselsystems.server.freshrss = lib.mkEnableOption "enable freshrss on server"; config = lib.mkIf config.swarselsystems.server.freshrss { users.users.freshrss = { @@ -8085,6 +7459,7 @@ It serves both a Greader API at https://signpost.swarsel.win/api/greader.php, as #+begin_src nix :tangle profiles/nixos/server/forgejo.nix { lib, config, ... }: { + options.swarselsystems.server.forgejo = lib.mkEnableOption "enable forgejo on server"; config = lib.mkIf config.swarselsystems.server.forgejo { networking.firewall.allowedTCPPorts = [ 3000 ]; @@ -8139,6 +7514,7 @@ It serves both a Greader API at https://signpost.swarsel.win/api/greader.php, as #+begin_src nix :tangle profiles/nixos/server/ankisync.nix { lib, config, ... }: { + options.swarselsystems.server.ankisync = lib.mkEnableOption "enable ankisync on server"; config = lib.mkIf config.swarselsystems.server.ankisync { networking.firewall.allowedTCPPorts = [ 22701 ]; @@ -8642,6 +8018,274 @@ This section sets up all the imports that are used in the home-manager section. } #+end_src +**** Shared Configuration Options +:PROPERTIES: +:CUSTOM_ID: h:79f7150f-b162-4f57-abdf-07f40dffd932 +:END: + +Provides settings related to nix-darwin systems. At the moment, I am only making use of a =isDarwin= flag. + +At work I am using several services that are using SSO login - however, as I am using four different accounts at work, this becomes a chore here. Hence, I have defined multiple profiles in [[#h:f0b2ea93-94c8-48d8-8d47-6fe58f58e0e6][Work]] that are all practically using the same configuration. To save screen space, I template that profile here. +Set in firefox =about:config > toolkit.legacyUserProfileCustomizations.stylesheets= to true. This should in principle be set automatically using the below config, but it seems not to be working reliably + +#+begin_src nix :noweb yes :tangle profiles/home/common/sharedsetup.nix + { self, lib, pkgs, ... }: + let + lock-false = { + Value = false; + Status = "locked"; + }; + lock-true = { + Value = true; + Status = "locked"; + }; + in + { + options.swarselsystems = { + isLaptop = lib.mkEnableOption "laptop host"; + isNixos = lib.mkEnableOption "nixos host"; + isPublic = lib.mkEnableOption "is a public machine (no secrets)"; + isDarwin = lib.mkEnableOption "darwin host"; + isLinux = lib.mkEnableOption "whether this is a linux machine"; + isBtrfs = lib.mkEnableOption "use btrfs filesystem"; + mainUser = lib.mkOption { + type = lib.types.str; + default = "swarsel"; + }; + homeDir = lib.mkOption { + type = lib.types.str; + default = "/home/swarsel"; + }; + xdgDir = lib.mkOption { + type = lib.types.str; + default = "/run/user/1000"; + }; + flakePath = lib.mkOption { + type = lib.types.str; + default = "/home/swarsel/.dotfiles"; + }; + wallpaper = lib.mkOption { + type = lib.types.path; + default = "${self}/wallpaper/lenovowp.png"; + }; + sharescreen = lib.mkOption { + type = lib.types.str; + default = ""; + }; + lowResolution = lib.mkOption { + type = lib.types.str; + default = ""; + }; + highResolution = lib.mkOption { + type = lib.types.str; + default = ""; + }; + + stylix = lib.mkOption { + type = lib.types.attrs; + default = { + enable = true; + base16Scheme = "${self}/programs/stylix/swarsel.yaml"; + polarity = "dark"; + opacity.popups = 0.5; + cursor = { + package = pkgs.banana-cursor; + # package = pkgs.capitaine-cursors; + name = "Banana"; + # name = "capitaine-cursors"; + size = 16; + }; + fonts = { + sizes = { + terminal = 10; + applications = 11; + }; + serif = { + # package = (pkgs.nerdfonts.override { fonts = [ "FiraMono" "FiraCode"]; }); + package = pkgs.cantarell-fonts; + # package = pkgs.montserrat; + name = "Cantarell"; + # name = "FiraCode Nerd Font Propo"; + # name = "Montserrat"; + }; + sansSerif = { + # package = (pkgs.nerdfonts.override { fonts = [ "FiraMono" "FiraCode"]; }); + package = pkgs.cantarell-fonts; + # package = pkgs.montserrat; + name = "Cantarell"; + # name = "FiraCode Nerd Font Propo"; + # name = "Montserrat"; + }; + monospace = { + package = pkgs.nerd-fonts.fira-mono; # has overrides + name = "FiraCode Nerd Font Mono"; + }; + emoji = { + package = pkgs.noto-fonts-emoji; + name = "Noto Color Emoji"; + }; + }; + }; + }; + stylixHomeTargets = lib.mkOption { + type = lib.types.attrs; + default = { + emacs.enable = false; + waybar.enable = false; + sway.useWallpaper = false; + firefox.profileNames = [ "default" ]; + }; + }; + + firefox = lib.mkOption { + type = lib.types.attrs; + default = { + userChrome = builtins.readFile "${self}/programs/firefox/chrome/userChrome.css"; + extensions = { + packages = with pkgs.nur.repos.rycee.firefox-addons; [ + tridactyl + tampermonkey + sidebery + browserpass + clearurls + darkreader + enhancer-for-youtube + istilldontcareaboutcookies + translate-web-pages + ublock-origin + reddit-enhancement-suite + sponsorblock + web-archives + onepassword-password-manager + single-file + widegithub + enhanced-github + unpaywall + don-t-fuck-with-paste + plasma-integration + noscript + + # configure a shortcut 'ctrl+shift+c' with behaviour 'do nothing' in order to disable the dev console shortcut + (buildFirefoxXpiAddon { + pname = "shortkeys"; + version = "4.0.2"; + addonId = "Shortkeys@Shortkeys.com"; + url = "https://addons.mozilla.org/firefox/downloads/file/3673761/shortkeys-4.0.2.xpi"; + sha256 = "c6fe12efdd7a871787ac4526eea79ecc1acda8a99724aa2a2a55c88a9acf467c"; + meta = with lib; + { + description = "Easily customizable custom keyboard shortcuts for Firefox. To configure this addon go to Addons (ctrl+shift+a) ->Shortkeys ->Options. Report issues here (please specify that the issue is found in Firefox): https://github.com/mikecrittenden/shortkeys"; + mozPermissions = [ + "tabs" + "downloads" + "clipboardWrite" + "browsingData" + "storage" + "bookmarks" + "sessions" + "" + ]; + platforms = platforms.all; + }; + }) + ]; + }; + + settings = + { + "extensions.autoDisableScopes" = 0; + "browser.bookmarks.showMobileBookmarks" = lock-true; + "toolkit.legacyUserProfileCustomizations.stylesheets" = lock-true; + "browser.search.suggest.enabled" = lock-false; + "browser.search.suggest.enabled.private" = lock-false; + "browser.urlbar.suggest.searches" = lock-false; + "browser.urlbar.showSearchSuggestionsFirst" = lock-false; + "browser.topsites.contile.enabled" = lock-false; + "browser.newtabpage.activity-stream.feeds.section.topstories" = lock-false; + "browser.newtabpage.activity-stream.feeds.snippets" = lock-false; + "browser.newtabpage.activity-stream.section.highlights.includePocket" = lock-false; + "browser.newtabpage.activity-stream.section.highlights.includeBookmarks" = lock-false; + "browser.newtabpage.activity-stream.section.highlights.includeDownloads" = lock-false; + "browser.newtabpage.activity-stream.section.highlights.includeVisited" = lock-false; + "browser.newtabpage.activity-stream.showSponsored" = lock-false; + "browser.newtabpage.activity-stream.system.showSponsored" = lock-false; + "browser.newtabpage.activity-stream.showSponsoredTopSites" = lock-false; + }; + + search = { + # default = "Kagi"; + default = "Google"; + # privateDefault = "Kagi"; + privateDefault = "Google"; + engines = { + "Kagi" = { + urls = [{ + template = "https://kagi.com/search"; + params = [ + { name = "q"; value = "{searchTerms}"; } + ]; + }]; + iconUpdateURL = "https://kagi.com/favicon.ico"; + updateInterval = 24 * 60 * 60 * 1000; # every day + definedAliases = [ "@k" ]; + }; + + "Nix Packages" = { + urls = [{ + template = "https://search.nixos.org/packages"; + params = [ + { name = "type"; value = "packages"; } + { name = "query"; value = "{searchTerms}"; } + ]; + }]; + icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; + definedAliases = [ "@np" ]; + }; + + "NixOS Wiki" = { + urls = [{ + template = "https://nixos.wiki/index.php?search={searchTerms}"; + }]; + iconUpdateURL = "https://nixos.wiki/favicon.png"; + updateInterval = 24 * 60 * 60 * 1000; # every day + definedAliases = [ "@nw" ]; + }; + + "NixOS Options" = { + urls = [{ + template = "https://search.nixos.org/options"; + params = [ + { name = "query"; value = "{searchTerms}"; } + ]; + }]; + + icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; + definedAliases = [ "@no" ]; + }; + + "Home Manager Options" = { + urls = [{ + template = "https://home-manager-options.extranix.com/"; + params = [ + { name = "query"; value = "{searchTerms}"; } + ]; + }]; + + icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; + definedAliases = [ "@hm" "@ho" "@hmo" ]; + }; + + "Google".metaData.alias = "@g"; + }; + force = true; # this is required because otherwise the search.json.mozlz4 symlink gets replaced on every firefox restart + }; + }; + }; + + }; + } +#+end_src + **** General home-manager-settings :PROPERTIES: :CUSTOM_ID: h:4af4f67f-7c48-4754-b4bd-6800e3a66664 @@ -8703,22 +8347,37 @@ Again, we adapt =nix= to our needs, enable the home-manager command for non-NixO This integrates nixGL into home-manager. NixGL provies OpenGL and Vulkan APIs to nix installed utilities. This is needed for graphical applications on non-NixOS systems. +to get the info for the secondary gpu, use `lspci -nn | grep VGA` +It can be set to either: + - a number, selecting the n-th non-default GPU + - a PCI bus id in the form =pci-XXX_YY_ZZ_U= + - a PCI id in the form =vendor_id:device_id= + #+begin_src nix :tangle profiles/home/common/nixgl.nix { lib, config, nixgl, ... }: { - nixGL = lib.mkIf (!config.swarselsystems.isNixos) { - inherit (nixgl) packages; - defaultWrapper = lib.mkDefault "mesa"; - vulkan.enable = lib.mkDefault false; - prime = lib.mkIf config.swarselsystem.isSecondaryGpu { - card = config.swarselsystem.secondaryGpuCard; - installScript = "mesa"; + options.swarselsystems = { + isSecondaryGpu = lib.mkEnableOption "device has a secondary GPU"; + SecondaryGpuCard = lib.mkOption { + type = lib.types.str; + default = ""; + }; + }; + config = { + nixGL = lib.mkIf (!config.swarselsystems.isNixos) { + inherit (nixgl) packages; + defaultWrapper = lib.mkDefault "mesa"; + vulkan.enable = lib.mkDefault false; + prime = lib.mkIf config.swarselsystem.isSecondaryGpu { + card = config.swarselsystem.secondaryGpuCard; + installScript = "mesa"; + }; + offloadWrapper = lib.mkIf config.swarselsystem.isSecondaryGpu "mesaPrime"; + installScripts = [ + "mesa" + "mesaPrime" + ]; }; - offloadWrapper = lib.mkIf config.swarselsystem.isSecondaryGpu "mesaPrime"; - installScripts = [ - "mesa" - "mesaPrime" - ]; }; } #+end_src @@ -9086,12 +8745,7 @@ This section has been notably empty ever since switching to stylix. Only Emacs i stylix = lib.mkIf (!config.swarselsystems.isNixos) (lib.recursiveUpdate { image = config.swarselsystems.wallpaper; - targets = { - emacs.enable = false; - waybar.enable = false; - sway.useWallpaper = false; - firefox.profileNames = [ "default" ]; - }; + targets = config.swarselsystems.stylixHomeTargets; } config.swarselsystems.stylix); } @@ -9652,103 +9306,111 @@ Here we set some aliases (some of them should be shellApplications instead) as w inherit (config.swarselsystems) flakePath; in { - programs.zsh = { - enable = true; - shellAliases = lib.recursiveUpdate - { - hg = "history | grep"; - hmswitch = "home-manager --flake ${flakePath}#$(whoami)@$(hostname) switch |& nom"; - nswitch = "sudo nixos-rebuild --flake ${flakePath}#$(hostname) --show-trace --log-format internal-json -v switch |& nom --json"; - nboot = "sudo nixos-rebuild --flake ${flakePath}#$(hostname) --show-trace --log-format internal-json -v boot |& nom --json"; - magit = "emacsclient -nc -e \"(magit-status)\""; - config = "git --git-dir=$HOME/.cfg/ --work-tree=$HOME"; - g = "git"; - c = "git --git-dir=$FLAKE/.git --work-tree=$FLAKE/"; - passpush = "cd ~/.local/share/password-store; git add .; git commit -m 'pass file changes'; git push; cd -;"; - passpull = "cd ~/.local/share/password-store; git pull; cd -;"; - hotspot = "nmcli connection up local; nmcli device wifi hotspot;"; - cd = "z"; - youtube-dl = "yt-dlp"; - cd-orig = "cd"; - cat-orig = "cat"; - cdr = "cd \"$( (find $DOCUMENT_DIR_WORK $DOCUMENT_DIR_PRIV -maxdepth 1 && echo $FLAKE) | fzf )\""; - nix-ldd-ldd = "LD_LIBRARY_PATH=$NIX_LD_LIBRARY_PATH ldd"; - nix-ldd = "LD_LIBRARY_PATH=$NIX_LD_LIBRARY_PATH ldd"; - nix-ldd-locate = "nix-locate --minimal --top-level -w "; - nix-store-search = "ls /nix/store | grep"; - fs-diff = "sudo mount -o subvol=/ /dev/mapper/cryptroot /mnt ; fs-diff"; - lt = "eza -las modified --total-size"; - boot-diff = "nix store diff-closures /run/*-system"; - gen-diff = "nix profile diff-closures --profile /nix/var/nix/profiles/system"; - cc = "wl-copy"; - } - config.swarselsystems.shellAliases; - autosuggestion.enable = true; - enableCompletion = true; - syntaxHighlighting.enable = true; - autocd = false; - cdpath = [ - "~/.dotfiles" - # "~/Documents/GitHub" - ]; - defaultKeymap = "emacs"; - dirHashes = { - dl = "$HOME/Downloads"; - gh = "$HOME/Documents/GitHub"; + options.swarselsystems = { + shellAliases = lib.mkOption { + type = lib.types.attrsOf lib.types.str; + default = { }; }; - history = { - expireDuplicatesFirst = true; - path = "$HOME/.histfile"; - save = 10000; - size = 10000; - }; - historySubstringSearch = { + }; + config = { + programs.zsh = { enable = true; - searchDownKey = "^[OB"; - searchUpKey = "^[OA"; + shellAliases = lib.recursiveUpdate + { + hg = "history | grep"; + hmswitch = "home-manager --flake ${flakePath}#$(whoami)@$(hostname) switch |& nom"; + nswitch = "sudo nixos-rebuild --flake ${flakePath}#$(hostname) --show-trace --log-format internal-json -v switch |& nom --json"; + nboot = "sudo nixos-rebuild --flake ${flakePath}#$(hostname) --show-trace --log-format internal-json -v boot |& nom --json"; + magit = "emacsclient -nc -e \"(magit-status)\""; + config = "git --git-dir=$HOME/.cfg/ --work-tree=$HOME"; + g = "git"; + c = "git --git-dir=$FLAKE/.git --work-tree=$FLAKE/"; + passpush = "cd ~/.local/share/password-store; git add .; git commit -m 'pass file changes'; git push; cd -;"; + passpull = "cd ~/.local/share/password-store; git pull; cd -;"; + hotspot = "nmcli connection up local; nmcli device wifi hotspot;"; + cd = "z"; + youtube-dl = "yt-dlp"; + cd-orig = "cd"; + cat-orig = "cat"; + cdr = "cd \"$( (find $DOCUMENT_DIR_WORK $DOCUMENT_DIR_PRIV -maxdepth 1 && echo $FLAKE) | fzf )\""; + nix-ldd-ldd = "LD_LIBRARY_PATH=$NIX_LD_LIBRARY_PATH ldd"; + nix-ldd = "LD_LIBRARY_PATH=$NIX_LD_LIBRARY_PATH ldd"; + nix-ldd-locate = "nix-locate --minimal --top-level -w "; + nix-store-search = "ls /nix/store | grep"; + fs-diff = "sudo mount -o subvol=/ /dev/mapper/cryptroot /mnt ; fs-diff"; + lt = "eza -las modified --total-size"; + boot-diff = "nix store diff-closures /run/*-system"; + gen-diff = "nix profile diff-closures --profile /nix/var/nix/profiles/system"; + cc = "wl-copy"; + } + config.swarselsystems.shellAliases; + autosuggestion.enable = true; + enableCompletion = true; + syntaxHighlighting.enable = true; + autocd = false; + cdpath = [ + "~/.dotfiles" + # "~/Documents/GitHub" + ]; + defaultKeymap = "emacs"; + dirHashes = { + dl = "$HOME/Downloads"; + gh = "$HOME/Documents/GitHub"; + }; + history = { + expireDuplicatesFirst = true; + path = "$HOME/.histfile"; + save = 10000; + size = 10000; + }; + historySubstringSearch = { + enable = true; + searchDownKey = "^[OB"; + searchUpKey = "^[OA"; + }; + plugins = [ + { + name = "fzf-tab"; + src = pkgs.zsh-fzf-tab; + } + ]; + initExtra = '' + bindkey "^[[1;5D" backward-word + bindkey "^[[1;5C" forward-word + + my-backward-delete-word() { + # Copy the global WORDCHARS variable to a local variable. That way any + # modifications are scoped to this function only + local WORDCHARS=$WORDCHARS + # Use bash string manipulation to remove `:` so our delete will stop at it + WORDCHARS="''${WORDCHARS//:}" + # Use bash string manipulation to remove `/` so our delete will stop at it + WORDCHARS="''${WORDCHARS//\/}" + # Use bash string manipulation to remove `.` so our delete will stop at it + WORDCHARS="''${WORDCHARS//.}" + # zle will run an existing widget. + zle backward-delete-word + } + zle -N my-backward-delete-word + bindkey '^H' my-backward-delete-word + + # This will be our `ctrl+alt+w` command + my-backward-delete-whole-word() { + # Copy the global WORDCHARS variable to a local variable. That way any + # modifications are scoped to this function only + local WORDCHARS=$WORDCHARS + # Use bash string manipulation to add `:` to WORDCHARS if it's not present + # already. + [[ ! $WORDCHARS == *":"* ]] && WORDCHARS="$WORDCHARS"":" + # zle will run that widget. + zle backward-delete-word + } + # `zle -N` will create a new widget that we can use on the command line + zle -N my-backward-delete-whole-word + # bind this new widget to `ctrl+alt+w` + bindkey '^W' my-backward-delete-whole-word + ''; }; - plugins = [ - { - name = "fzf-tab"; - src = pkgs.zsh-fzf-tab; - } - ]; - initExtra = '' - bindkey "^[[1;5D" backward-word - bindkey "^[[1;5C" forward-word - - my-backward-delete-word() { - # Copy the global WORDCHARS variable to a local variable. That way any - # modifications are scoped to this function only - local WORDCHARS=$WORDCHARS - # Use bash string manipulation to remove `:` so our delete will stop at it - WORDCHARS="''${WORDCHARS//:}" - # Use bash string manipulation to remove `/` so our delete will stop at it - WORDCHARS="''${WORDCHARS//\/}" - # Use bash string manipulation to remove `.` so our delete will stop at it - WORDCHARS="''${WORDCHARS//.}" - # zle will run an existing widget. - zle backward-delete-word - } - zle -N my-backward-delete-word - bindkey '^H' my-backward-delete-word - - # This will be our `ctrl+alt+w` command - my-backward-delete-whole-word() { - # Copy the global WORDCHARS variable to a local variable. That way any - # modifications are scoped to this function only - local WORDCHARS=$WORDCHARS - # Use bash string manipulation to add `:` to WORDCHARS if it's not present - # already. - [[ ! $WORDCHARS == *":"* ]] && WORDCHARS="$WORDCHARS"":" - # zle will run that widget. - zle backward-delete-word - } - # `zle -N` will create a new widget that we can use on the command line - zle -N my-backward-delete-whole-word - # bind this new widget to `ctrl+alt+w` - bindkey '^W' my-backward-delete-whole-word - ''; }; } #+end_src @@ -10134,262 +9796,322 @@ Lastly, I am defining some more packages here that the parser has problems findi Again I am just using the first bar option here that I was able to find good understandable documentation for. Of note is that the `cpu` section's `format` is not defined here, but in section 1 (since not every machine has the same number of cores) +This section is mostly used to deliver the correct information to Waybar. AMD systems have changing hwmon paths that can be specifically set here. Also the cpu count can be set here for Waybars cpu module, but 8 is usually a good setting to show + +These are explicit waybar options. Laptops do not need the battery module. However, this leads to a slight problem with theming: my waybar modules alternate their background-color between black and grey. The battery module is usually on grey background. If I were to simply delete that, I would now have two modules on black background. To avoid this, I define a pseudo-module =custom/pseudobat= that simply shows a static image and calls =wlogout= on right click. This wastes a little bit of screen space, but that is a price I am willing to pay for consistency. + The rest of the related configuration is found here: - [[#h:a9530c81-1976-442b-b597-0b4bed6baf25][Waybar]] - [[#h:f93f66f9-6b8b-478e-b139-b2f382c1f25e][waybarupdate]] #+begin_src nix :tangle profiles/home/common/waybar.nix { self, config, lib, ... }: + let + generateIcons = n: lib.concatStringsSep " " (builtins.map (x: "{icon" + toString x + "}") (lib.range 0 (n - 1))); + modulesLeft = [ + "custom/outer-left-arrow-dark" + "mpris" + "custom/left-arrow-light" + "network" + "custom/vpn" + "custom/left-arrow-dark" + "pulseaudio" + "custom/left-arrow-light" + ]; + modulesRight = [ + "custom/left-arrow-dark" + "group/hardware" + "custom/left-arrow-light" + "clock#2" + "custom/left-arrow-dark" + "clock#1" + ]; + in { - programs.waybar = { - - enable = true; - systemd = { - enable = true; - target = "sway-sessions.target"; + options.swarselsystems = { + cpuCount = lib.mkOption { + type = lib.types.int; + default = 8; }; - settings = { - mainBar = { - ipc = true; - id = "bar-0"; - layer = "top"; - position = "top"; - modules-left = [ "sway/workspaces" "custom/outer-right-arrow-dark" "sway/window" ]; - modules-center = [ "sway/mode" "privacy" "custom/github" "custom/configwarn" "custom/nix-updates" ]; - "sway/mode" = { - format = "{}"; - }; - - modules-right = config.swarselsystems.waybarModules; - - "custom/pseudobat" = lib.mkIf (!config.swarselsystems.isLaptop) { - format = ""; - on-click-right = "wlogout -p layer-shell"; - }; - - "custom/configwarn" = { - exec = "waybarupdate"; - interval = 60; - }; - - "custom/scratchpad-indicator" = { - interval = 3; - exec = "swaymsg -t get_tree | jq 'recurse(.nodes[]) | first(select(.name==\"__i3_scratch\")) | .floating_nodes | length | select(. >= 1)'"; - format = "{} "; - on-click = "swaymsg 'scratchpad show'"; - on-click-right = "swaymsg 'move scratchpad'"; - }; - - "custom/github" = { - format = "{}  "; - return-type = "json"; - interval = 60; - exec = "github-notifications"; - on-click = "xdg-open https://github.com/notifications"; - }; - - idle_inhibitor = { - format = "{icon}"; - format-icons = { - activated = ""; - deactivated = ""; - }; - }; - - "group/hardware" = { - orientation = "inherit"; - drawer = { - "transition-left-to-right" = false; - }; - modules = [ - "tray" - "temperature" - "power-profiles-daemon" - "custom/left-arrow-light" - "custom/left-arrow-dark" - "custom/scratchpad-indicator" - "custom/left-arrow-light" - "disk" - "custom/left-arrow-dark" - "memory" - "custom/left-arrow-light" - "cpu" - "custom/left-arrow-dark" - "backlight/slider" - "idle_inhibitor" - ]; - }; - - "backlight/slider" = { - min = 0; - max = 100; - orientation = "horizontal"; - device = "intel_backlight"; - }; - - power-profiles-daemon = { - format = "{icon}"; - tooltip-format = "Power profile: {profile}\nDriver: {driver}"; - tooltip = true; - format-icons = { - "default" = ""; - "performance" = ""; - "balanced" = ""; - "power-saver" = ""; - }; - }; - - temperature = { - hwmon-path = lib.mkIf (!config.swarselsystems.temperatureHwmon.isAbsolutePath) config.swarselsystems.temperatureHwmon.path; - hwmon-path-abs = lib.mkIf config.swarselsystems.temperatureHwmon.isAbsolutePath config.swarselsystems.temperatureHwmon.path; - input-filename = lib.mkIf config.swarselsystems.temperatureHwmon.isAbsolutePath config.swarselsystems.temperatureHwmon.input-filename; - critical-threshold = 80; - format-critical = " {temperatureC}°C"; - format = " {temperatureC}°C"; - - }; - - mpris = { - format = "{player_icon} {title} [{position}/{length}]"; - format-paused = "{player_icon} {title} [{position}/{length}]"; - player-icons = { - "default" = "▶ "; - "mpv" = "🎵 "; - "spotify" = " "; - }; - status-icons = { - "paused" = " "; - }; - interval = 1; - title-len = 20; - artist-len = 20; - album-len = 10; - }; - "custom/left-arrow-dark" = { - format = ""; - tooltip = false; - }; - "custom/outer-left-arrow-dark" = { - format = ""; - tooltip = false; - }; - "custom/left-arrow-light" = { - format = ""; - tooltip = false; - }; - "custom/right-arrow-dark" = { - format = ""; - tooltip = false; - }; - "custom/outer-right-arrow-dark" = { - format = ""; - tooltip = false; - }; - "custom/right-arrow-light" = { - format = ""; - tooltip = false; - }; - "sway/workspaces" = { - disable-scroll = true; - format = "{name}"; - }; - - "clock#1" = { - min-length = 8; - interval = 1; - format = "{:%H:%M:%S}"; - # on-click-right= "gnome-clocks"; - tooltip-format = "{:%Y %B}\n{calendar}"; - }; - - "clock#2" = { - format = "{:%d. %B %Y}"; - # on-click-right= "gnome-clocks"; - tooltip-format = "{:%Y %B}\n{calendar}"; - }; - - pulseaudio = { - format = "{icon} {volume:2}%"; - format-bluetooth = "{icon} {volume}%"; - format-muted = "MUTE"; - format-icons = { - headphones = ""; - default = [ - "" - "" - ]; - }; - scroll-step = 1; - on-click = "pamixer -t"; - on-click-right = "pavucontrol"; - }; - - memory = { - interval = 5; - format = " {}%"; - tooltip-format = "Memory: {used:0.1f}G/{total:0.1f}G\nSwap: {swapUsed}G/{swapTotal}G"; - }; - cpu = { - format = config.swarselsystems.cpuString; - min-length = 6; - interval = 5; - format-icons = [ "▁" "▂" "▃" "▄" "▅" "▆" "▇" "█" ]; - # on-click-right= "com.github.stsdc.monitor"; - on-click-right = "kitty -o confirm_os_window_close=0 btm"; - - }; - "custom/vpn" = { - format = "()"; - exec = "echo '{\"class\": \"connected\"}'"; - exec-if = "test -d /proc/sys/net/ipv4/conf/tun0"; - return-type = "json"; - interval = 5; - }; - battery = { - states = { - "warning" = 60; - "error" = 30; - "critical" = 15; - }; - interval = 5; - format = "{icon} {capacity}%"; - format-charging = "{capacity}% "; - format-plugged = "{capacity}% "; - format-icons = [ - "" - "" - "" - "" - "" - ]; - on-click-right = "wlogout -p layer-shell"; - }; - disk = { - interval = 30; - format = "Disk {percentage_used:2}%"; - path = "/"; - states = { - "warning" = 80; - "critical" = 90; - }; - tooltip-format = "{used} used out of {total} on {path} ({percentage_used}%)\n{free} free on {path} ({percentage_free}%)"; - }; - tray = { - icon-size = 20; - }; - network = { - interval = 5; - format-wifi = "{signalStrength}% "; - format-ethernet = ""; - format-linked = "{ifname} (No IP) "; - format-disconnected = "Disconnected ⚠"; - format-alt = "{ifname}: {ipaddr}/{cidr}"; - tooltip-format-ethernet = "{ifname} via {gwaddr}: {essid} {ipaddr}/{cidr}\n\n⇡{bandwidthUpBytes} ⇣{bandwidthDownBytes}"; - tooltip-format-wifi = "{ifname} via {gwaddr}: {essid} {ipaddr}/{cidr} \n{signaldBm}dBm @ {frequency}MHz\n\n⇡{bandwidthUpBytes} ⇣{bandwidthDownBytes}"; - }; + temperatureHwmon = { + isAbsolutePath = lib.mkEnableOption "absolute temperature path"; + path = lib.mkOption { + type = lib.types.str; + default = ""; + }; + input-filename = lib.mkOption { + type = lib.types.str; + default = ""; }; }; - style = builtins.readFile (self + /programs/waybar/style.css); + waybarModules = lib.mkOption { + type = lib.types.listOf lib.types.str; + default = modulesLeft ++ [ + "custom/pseudobat" + ] ++ modulesRight; + }; + cpuString = lib.mkOption { + type = lib.types.str; + default = generateIcons config.swarselsystems.cpuCount; + description = "The generated icons string for use by Waybar."; + internal = true; + }; + }; + config = { + swarselsystems = { + waybarModules = lib.mkIf config.swarselsystems.isLaptop (modulesLeft ++ [ + "battery" + ] ++ modulesRight); + }; + programs.waybar = { + enable = true; + systemd = { + enable = true; + target = "sway-sessions.target"; + }; + settings = { + mainBar = { + ipc = true; + id = "bar-0"; + layer = "top"; + position = "top"; + modules-left = [ "sway/workspaces" "custom/outer-right-arrow-dark" "sway/window" ]; + modules-center = [ "sway/mode" "privacy" "custom/github" "custom/configwarn" "custom/nix-updates" ]; + "sway/mode" = { + format = "{}"; + }; + + modules-right = config.swarselsystems.waybarModules; + + "custom/pseudobat" = lib.mkIf (!config.swarselsystems.isLaptop) { + format = ""; + on-click-right = "wlogout -p layer-shell"; + }; + + "custom/configwarn" = { + exec = "waybarupdate"; + interval = 60; + }; + + "custom/scratchpad-indicator" = { + interval = 3; + exec = "swaymsg -t get_tree | jq 'recurse(.nodes[]) | first(select(.name==\"__i3_scratch\")) | .floating_nodes | length | select(. >= 1)'"; + format = "{} "; + on-click = "swaymsg 'scratchpad show'"; + on-click-right = "swaymsg 'move scratchpad'"; + }; + + "custom/github" = { + format = "{}  "; + return-type = "json"; + interval = 60; + exec = "github-notifications"; + on-click = "xdg-open https://github.com/notifications"; + }; + + idle_inhibitor = { + format = "{icon}"; + format-icons = { + activated = ""; + deactivated = ""; + }; + }; + + "group/hardware" = { + orientation = "inherit"; + drawer = { + "transition-left-to-right" = false; + }; + modules = [ + "tray" + "temperature" + "power-profiles-daemon" + "custom/left-arrow-light" + "custom/left-arrow-dark" + "custom/scratchpad-indicator" + "custom/left-arrow-light" + "disk" + "custom/left-arrow-dark" + "memory" + "custom/left-arrow-light" + "cpu" + "custom/left-arrow-dark" + "backlight/slider" + "idle_inhibitor" + ]; + }; + + "backlight/slider" = { + min = 0; + max = 100; + orientation = "horizontal"; + device = "intel_backlight"; + }; + + power-profiles-daemon = { + format = "{icon}"; + tooltip-format = "Power profile: {profile}\nDriver: {driver}"; + tooltip = true; + format-icons = { + "default" = ""; + "performance" = ""; + "balanced" = ""; + "power-saver" = ""; + }; + }; + + temperature = { + hwmon-path = lib.mkIf (!config.swarselsystems.temperatureHwmon.isAbsolutePath) config.swarselsystems.temperatureHwmon.path; + hwmon-path-abs = lib.mkIf config.swarselsystems.temperatureHwmon.isAbsolutePath config.swarselsystems.temperatureHwmon.path; + input-filename = lib.mkIf config.swarselsystems.temperatureHwmon.isAbsolutePath config.swarselsystems.temperatureHwmon.input-filename; + critical-threshold = 80; + format-critical = " {temperatureC}°C"; + format = " {temperatureC}°C"; + + }; + + mpris = { + format = "{player_icon} {title} [{position}/{length}]"; + format-paused = "{player_icon} {title} [{position}/{length}]"; + player-icons = { + "default" = "▶ "; + "mpv" = "🎵 "; + "spotify" = " "; + }; + status-icons = { + "paused" = " "; + }; + interval = 1; + title-len = 20; + artist-len = 20; + album-len = 10; + }; + "custom/left-arrow-dark" = { + format = ""; + tooltip = false; + }; + "custom/outer-left-arrow-dark" = { + format = ""; + tooltip = false; + }; + "custom/left-arrow-light" = { + format = ""; + tooltip = false; + }; + "custom/right-arrow-dark" = { + format = ""; + tooltip = false; + }; + "custom/outer-right-arrow-dark" = { + format = ""; + tooltip = false; + }; + "custom/right-arrow-light" = { + format = ""; + tooltip = false; + }; + "sway/workspaces" = { + disable-scroll = true; + format = "{name}"; + }; + + "clock#1" = { + min-length = 8; + interval = 1; + format = "{:%H:%M:%S}"; + # on-click-right= "gnome-clocks"; + tooltip-format = "{:%Y %B}\n{calendar}"; + }; + + "clock#2" = { + format = "{:%d. %B %Y}"; + # on-click-right= "gnome-clocks"; + tooltip-format = "{:%Y %B}\n{calendar}"; + }; + + pulseaudio = { + format = "{icon} {volume:2}%"; + format-bluetooth = "{icon} {volume}%"; + format-muted = "MUTE"; + format-icons = { + headphones = ""; + default = [ + "" + "" + ]; + }; + scroll-step = 1; + on-click = "pamixer -t"; + on-click-right = "pavucontrol"; + }; + + memory = { + interval = 5; + format = " {}%"; + tooltip-format = "Memory: {used:0.1f}G/{total:0.1f}G\nSwap: {swapUsed}G/{swapTotal}G"; + }; + cpu = { + format = config.swarselsystems.cpuString; + min-length = 6; + interval = 5; + format-icons = [ "▁" "▂" "▃" "▄" "▅" "▆" "▇" "█" ]; + # on-click-right= "com.github.stsdc.monitor"; + on-click-right = "kitty -o confirm_os_window_close=0 btm"; + + }; + "custom/vpn" = { + format = "()"; + exec = "echo '{\"class\": \"connected\"}'"; + exec-if = "test -d /proc/sys/net/ipv4/conf/tun0"; + return-type = "json"; + interval = 5; + }; + battery = { + states = { + "warning" = 60; + "error" = 30; + "critical" = 15; + }; + interval = 5; + format = "{icon} {capacity}%"; + format-charging = "{capacity}% "; + format-plugged = "{capacity}% "; + format-icons = [ + "" + "" + "" + "" + "" + ]; + on-click-right = "wlogout -p layer-shell"; + }; + disk = { + interval = 30; + format = "Disk {percentage_used:2}%"; + path = "/"; + states = { + "warning" = 80; + "critical" = 90; + }; + tooltip-format = "{used} used out of {total} on {path} ({percentage_used}%)\n{free} free on {path} ({percentage_free}%)"; + }; + tray = { + icon-size = 20; + }; + network = { + interval = 5; + format-wifi = "{signalStrength}% "; + format-ethernet = ""; + format-linked = "{ifname} (No IP) "; + format-disconnected = "Disconnected ⚠"; + format-alt = "{ifname}: {ipaddr}/{cidr}"; + tooltip-format-ethernet = "{ifname} via {gwaddr}: {essid} {ipaddr}/{cidr}\n\n⇡{bandwidthUpBytes} ⇣{bandwidthDownBytes}"; + tooltip-format-wifi = "{ifname} via {gwaddr}: {essid} {ipaddr}/{cidr} \n{signaldBm}dBm @ {frequency}MHz\n\n⇡{bandwidthUpBytes} ⇣{bandwidthDownBytes}"; + }; + }; + }; + style = builtins.readFile (self + /programs/waybar/style.css); + }; }; } #+end_src @@ -10408,17 +10130,7 @@ Also, I setup some search aliases for functions I often use, such as NixOS optio I used to build the firefox addon =bypass-paywalls-clean= myself here, but the maintainer always deletes old packages, and it became a chore for me to maintain here, so I no longer do that. #+begin_src nix :tangle profiles/home/common/firefox.nix - { self, pkgs, lib, ... }: - let - lock-false = { - Value = false; - Status = "locked"; - }; - lock-true = { - Value = true; - Status = "locked"; - }; - in + { config, pkgs, lib, ... }: { programs.firefox = { enable = true; @@ -10552,150 +10264,16 @@ I used to build the firefox addon =bypass-paywalls-clean= myself here, but the m }; - profiles.default = { - id = 0; - isDefault = true; - userChrome = builtins.readFile (self + /programs/firefox/chrome/userChrome.css); - extensions = { - packages = with pkgs.nur.repos.rycee.firefox-addons; [ - tridactyl - tampermonkey - sidebery - browserpass - clearurls - darkreader - enhancer-for-youtube - istilldontcareaboutcookies - translate-web-pages - ublock-origin - reddit-enhancement-suite - sponsorblock - web-archives - single-file - widegithub - enhanced-github - unpaywall - don-t-fuck-with-paste - plasma-integration - - # configure the default the same as trusted in order not to be annoyed - noscript - - # configure a shortcut 'ctrl+shift+c' with behaviour 'do nothing' in order to disable the dev console shortcut - (buildFirefoxXpiAddon { - pname = "shortkeys"; - version = "4.0.2"; - addonId = "Shortkeys@Shortkeys.com"; - url = "https://addons.mozilla.org/firefox/downloads/file/3673761/shortkeys-4.0.2.xpi"; - sha256 = "c6fe12efdd7a871787ac4526eea79ecc1acda8a99724aa2a2a55c88a9acf467c"; - meta = with lib; - { - description = "Easily customizable custom keyboard shortcuts for Firefox. To configure this addon go to Addons (ctrl+shift+a) ->Shortkeys ->Options. Report issues here (please specify that the issue is found in Firefox): https://github.com/mikecrittenden/shortkeys"; - mozPermissions = [ - "tabs" - "downloads" - "clipboardWrite" - "browsingData" - "storage" - "bookmarks" - "sessions" - "" - ]; - platforms = platforms.all; - }; - }) - - ]; - }; - - settings = { - "extensions.autoDisableScopes" = 0; - "browser.startup.homepage" = "https://outlook.office.com|https://satellite.vbc.ac.at|https://bitbucket.vbc.ac.at|https://github.com"; - "browser.bookmarks.showMobileBookmarks" = lock-true; - "toolkit.legacyUserProfileCustomizations.stylesheets" = lock-true; - "browser.search.suggest.enabled" = lock-false; - "browser.search.suggest.enabled.private" = lock-false; - "browser.urlbar.suggest.searches" = lock-false; - "browser.urlbar.showSearchSuggestionsFirst" = lock-false; - "browser.topsites.contile.enabled" = lock-false; - "browser.newtabpage.activity-stream.feeds.section.topstories" = lock-false; - "browser.newtabpage.activity-stream.feeds.snippets" = lock-false; - "browser.newtabpage.activity-stream.section.highlights.includePocket" = lock-false; - "browser.newtabpage.activity-stream.section.highlights.includeBookmarks" = lock-false; - "browser.newtabpage.activity-stream.section.highlights.includeDownloads" = lock-false; - "browser.newtabpage.activity-stream.section.highlights.includeVisited" = lock-false; - "browser.newtabpage.activity-stream.showSponsored" = lock-false; - "browser.newtabpage.activity-stream.system.showSponsored" = lock-false; - "browser.newtabpage.activity-stream.showSponsoredTopSites" = lock-false; - }; - - search = { - # default = "Kagi"; - default = "Google"; - # privateDefault = "Kagi"; - privateDefault = "Google"; - engines = { - "Kagi" = { - urls = [{ - template = "https://kagi.com/search"; - params = [ - { name = "q"; value = "{searchTerms}"; } - ]; - }]; - iconUpdateURL = "https://kagi.com/favicon.ico"; - updateInterval = 24 * 60 * 60 * 1000; # every day - definedAliases = [ "@k" ]; + profiles = { + default = lib.recursiveUpdate + { + id = 0; + isDefault = true; + settings = { + "browser.startup.homepage" = "https://outlook.office.com|https://satellite.vbc.ac.at|https://bitbucket.vbc.ac.at|https://github.com"; }; - - "Nix Packages" = { - urls = [{ - template = "https://search.nixos.org/packages"; - params = [ - { name = "type"; value = "packages"; } - { name = "query"; value = "{searchTerms}"; } - ]; - }]; - icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; - definedAliases = [ "@np" ]; - }; - - "NixOS Wiki" = { - urls = [{ - template = "https://nixos.wiki/index.php?search={searchTerms}"; - }]; - iconUpdateURL = "https://nixos.wiki/favicon.png"; - updateInterval = 24 * 60 * 60 * 1000; # every day - definedAliases = [ "@nw" ]; - }; - - "NixOS Options" = { - urls = [{ - template = "https://search.nixos.org/options"; - params = [ - { name = "query"; value = "{searchTerms}"; } - ]; - }]; - - icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; - definedAliases = [ "@no" ]; - }; - - "Home Manager Options" = { - urls = [{ - template = "https://home-manager-options.extranix.com/"; - params = [ - { name = "query"; value = "{searchTerms}"; } - ]; - }]; - - icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; - definedAliases = [ "@hm" "@ho" "@hmo" ]; - }; - - "Google".metaData.alias = "@g"; - }; - force = true; # this is required because otherwise the search.json.mozlz4 symlink gets replaced on every firefox restart - }; + } + config.swarselsystems.firefox; }; }; } @@ -10833,324 +10411,402 @@ Currently, I am too lazy to explain every option here, but most of it is very se #+begin_src nix :tangle profiles/home/common/sway.nix { self, config, lib, ... }: - let - inherit (config.swarselsystems) monitors; - workplaceSets = lib.mapAttrs' lib.swarselsystems.eachOutput monitors; - workplaceOutputs = map (key: lib.getAttr key workplaceSets) (lib.attrNames workplaceSets); - in { - wayland.windowManager.sway = { - enable = true; - checkConfig = false; # delete this line once SwayFX is fixed upstream - package = lib.mkIf config.swarselsystems.isNixos null; - systemd = { - enable = true; - xdgAutostart = true; + options.swarselsystems = { + inputs = lib.mkOption { + type = lib.types.attrsOf (lib.types.attrsOf lib.types.str); + default = { }; }; - wrapperFeatures.gtk = true; - config = rec { - modifier = "Mod4"; - # terminal = "kitty"; - menu = "fuzzel"; - bars = [{ - command = "waybar"; - mode = "hide"; - hiddenState = "hide"; - position = "top"; - extraConfig = "modifier Mod4"; - }]; - keybindings = + monitors = lib.mkOption { + type = lib.types.attrsOf (lib.types.attrsOf lib.types.str); + default = { }; + }; + keybindings = lib.mkOption { + type = lib.types.attrsOf lib.types.str; + default = { }; + }; + startup = lib.mkOption { + type = lib.types.listOf (lib.types.attrsOf lib.types.str); + default = [ + { command = "nextcloud --background"; } + { command = "vesktop --start-minimized --enable-speech-dispatcher --ozone-platform-hint=auto --enable-features=WaylandWindowDecorations --enable-wayland-ime"; } + { command = "element-desktop --hidden --enable-features=UseOzonePlatform --ozone-platform=wayland --disable-gpu-driver-bug-workarounds"; } + { command = "ANKI_WAYLAND=1 anki"; } + { command = "OBSIDIAN_USE_WAYLAND=1 obsidian"; } + { command = "nm-applet"; } + { command = "feishin"; } + ]; + }; + kyria = lib.mkOption { + type = lib.types.attrsOf (lib.types.attrsOf lib.types.str); + default = { + "36125:53060:splitkb.com_splitkb.com_Kyria_rev3" = { + xkb_layout = "us"; + xkb_variant = "altgr-intl"; + }; + "7504:24926:Kyria_Keyboard" = { + xkb_layout = "us"; + xkb_variant = "altgr-intl"; + }; + }; + internal = true; + }; + standardinputs = lib.mkOption { + type = lib.types.attrsOf (lib.types.attrsOf lib.types.str); + default = lib.recursiveUpdate (lib.recursiveUpdate config.swarselsystems.touchpad config.swarselsystems.kyria) config.swarselsystems.inputs; + internal = true; + }; + touchpad = lib.mkOption { + type = lib.types.attrsOf (lib.types.attrsOf lib.types.str); + default = { }; + internal = true; + }; + swayfxConfig = lib.mkOption { + type = lib.types.str; + default = " + blur enable + blur_xray disable + blur_passes 1 + blur_radius 1 + shadows enable + corner_radius 2 + titlebar_separator disable + default_dim_inactive 0.02 + "; + internal = true; + }; + }; + config = { + swarselsystems = { + touchpad = lib.mkIf config.swarselsystems.isLaptop { + "type:touchpad" = { + dwt = "enabled"; + tap = "enabled"; + natural_scroll = "enabled"; + middle_emulation = "enabled"; + drag_lock = "disabled"; + }; + }; + swayfxConfig = lib.mkIf (!config.swarselsystems.isNixos) " "; + }; + wayland.windowManager.sway = { + enable = true; + checkConfig = false; # delete this line once SwayFX is fixed upstream + package = lib.mkIf config.swarselsystems.isNixos null; + systemd = { + enable = true; + xdgAutostart = true; + }; + wrapperFeatures.gtk = true; + config = rec { + modifier = "Mod4"; + # terminal = "kitty"; + menu = "fuzzel"; + bars = [{ + command = "waybar"; + mode = "hide"; + hiddenState = "hide"; + position = "top"; + extraConfig = "modifier Mod4"; + }]; + keybindings = + let + inherit (config.wayland.windowManager.sway.config) modifier; + in + lib.recursiveUpdate + { + "${modifier}+q" = "kill"; + "${modifier}+f" = "exec firefox"; + "${modifier}+Shift+f" = "exec swaymsg fullscreen"; + "${modifier}+Space" = "exec fuzzel"; + "${modifier}+Shift+Space" = "floating toggle"; + "${modifier}+e" = "exec emacsclient -nquc -a emacs -e \"(dashboard-open)\""; + "${modifier}+Shift+m" = "exec emacsclient -nquc -a emacs -e \"(mu4e)\""; + "${modifier}+Shift+c" = "exec emacsclient -nquc -a emacs -e \"(swarsel/open-calendar)\""; + "${modifier}+m" = "exec swaymsg workspace back_and_forth"; + "${modifier}+a" = "exec swarselcheck -s"; + "${modifier}+x" = "exec swarselcheck -k"; + "${modifier}+d" = "exec swarselcheck -d"; + "${modifier}+w" = "exec swarselcheck -e"; + "${modifier}+Shift+t" = "exec opacitytoggle"; + "${modifier}+Shift+F12" = "move scratchpad"; + "${modifier}+F12" = "scratchpad show"; + "${modifier}+c" = "exec qalculate-gtk"; + "${modifier}+p" = "exec pass-fuzzel"; + "${modifier}+o" = "exec pass-fuzzel --otp"; + "${modifier}+Shift+p" = "exec pass-fuzzel --type"; + "${modifier}+Shift+o" = "exec pass-fuzzel --otp --type"; + "${modifier}+Ctrl+p" = "exec 1password --quick-acces"; + "${modifier}+Escape" = "mode $exit"; + "${modifier}+Shift+Escape" = "exec kitty -o confirm_os_window_close=0 btm"; + "${modifier}+h" = "exec hyprpicker | wl-copy"; + "${modifier}+s" = "exec grim -g \"$(slurp)\" -t png - | wl-copy -t image/png"; + "${modifier}+Shift+s" = "exec slurp | grim -g - Pictures/Screenshots/$(date +'screenshot_%Y-%m-%d-%H%M%S.png')"; + "${modifier}+Shift+v" = "exec wf-recorder -g '$(slurp -f %o -or)' -f ~/Videos/screenrecord_$(date +%Y-%m-%d-%H%M%S).mkv"; + "${modifier}+1" = "workspace 1:一"; + "${modifier}+Shift+1" = "move container to workspace 1:一"; + "${modifier}+2" = "workspace 2:二"; + "${modifier}+Shift+2" = "move container to workspace 2:二"; + "${modifier}+3" = "workspace 3:三"; + "${modifier}+Shift+3" = "move container to workspace 3:三"; + "${modifier}+4" = "workspace 4:四"; + "${modifier}+Shift+4" = "move container to workspace 4:四"; + "${modifier}+5" = "workspace 5:五"; + "${modifier}+Shift+5" = "move container to workspace 5:五"; + "${modifier}+6" = "workspace 6:六"; + "${modifier}+Shift+6" = "move container to workspace 6:六"; + "${modifier}+7" = "workspace 7:七"; + "${modifier}+Shift+7" = "move container to workspace 7:七"; + "${modifier}+8" = "workspace 8:八"; + "${modifier}+Shift+8" = "move container to workspace 8:八"; + "${modifier}+9" = "workspace 9:九"; + "${modifier}+Shift+9" = "move container to workspace 9:九"; + "${modifier}+0" = "workspace 10:十"; + "${modifier}+Shift+0" = "move container to workspace 10:十"; + "${modifier}+Ctrl+m" = "workspace 11:M"; + "${modifier}+Ctrl+Shift+m" = "move container to workspace 11:M"; + "${modifier}+Ctrl+s" = "workspace 12:S"; + "${modifier}+Ctrl+Shift+s" = "move container to workspace 12:S"; + "${modifier}+Ctrl+e" = "workspace 13:E"; + "${modifier}+Ctrl+Shift+e" = "move container to workspace 13:E"; + "${modifier}+Ctrl+t" = "workspace 14:T"; + "${modifier}+Ctrl+Shift+t" = "move container to workspace 14:T"; + "${modifier}+Ctrl+l" = "workspace 15:L"; + "${modifier}+Ctrl+Shift+l" = "move container to workspace 15:L"; + "${modifier}+Ctrl+f" = "workspace 16:F"; + "${modifier}+Ctrl+Shift+f" = "move container to workspace 16:F"; + "${modifier}+Left" = "focus left"; + "${modifier}+Right" = "focus right"; + "${modifier}+Down" = "focus down"; + "${modifier}+Up" = "focus up"; + "${modifier}+Shift+Left" = "move left 40px"; + "${modifier}+Shift+Right" = "move right 40px"; + "${modifier}+Shift+Down" = "move down 40px"; + "${modifier}+Shift+Up" = "move up 40px"; + "${modifier}+Ctrl+Shift+c" = "reload"; + "${modifier}+Ctrl+Shift+r" = "exec swarsel-displaypower"; + "${modifier}+Shift+e" = "exec swaynag -t warning -m 'You pressed the exit shortcut. Do you really want to exit sway? This will end your Wayland session.' -b 'Yes, exit sway' 'swaymsg exit'"; + "${modifier}+r" = "mode resize"; + # "${modifier}+Return" = "exec kitty"; + "${modifier}+Return" = "exec swarselzellij"; + "${modifier}+Print" = "exec screenshare"; + # exec swaymsg move workspace to "$(swaymsg -t get_outputs | jq '[.[] | select(.active == true)] | .[(map(.focused) | index(true) + 1) % length].name')" + # "XF86AudioRaiseVolume" = "exec pa 5%"; + "XF86AudioRaiseVolume" = "exec pamixer -i 5"; + # "XF86AudioLowerVolume" = "exec pactl set-sink-volume @DEFAULT_SINK@ -5%"; + "XF86AudioLowerVolume" = "exec pamixer -d 5"; + # "XF86AudioMute" = "exec pactl set-sink-mute @DEFAULT_SINK@ toggle"; + "XF86AudioMute" = "exec pamixer -t"; + "XF86MonBrightnessUp" = "exec brightnessctl set +5%"; + "XF86MonBrightnessDown" = "exec brightnessctl set 5%-"; + "XF86Display" = "exec wl-mirror eDP-1"; + } + config.swarselsystems.keybindings; + modes = { + resize = { + Down = "resize grow height 10 px or 10 ppt"; + Escape = "mode default"; + Left = "resize shrink width 10 px or 10 ppt"; + Return = "mode default"; + Right = "resize grow width 10 px or 10 ppt"; + Up = "resize shrink height 10 px or 10 ppt"; + Tab = "move position center, resize set width 50 ppt height 50 ppt"; + }; + }; + defaultWorkspace = "workspace 1:一"; + # output = lib.mapAttrs' lib.swarselsystems.eachMonitor monitors; + output = { + "${config.swarselsystems.sharescreen}" = { + bg = "${self}/wallpaper/lenovowp.png ${config.stylix.imageScalingMode}"; + }; + "Philips Consumer Electronics Company PHL BDM3270 AU11806002320" = { + bg = "${self}/wallpaper/standwp.png ${config.stylix.imageScalingMode}"; + }; + }; + input = config.swarselsystems.standardinputs; + workspaceOutputAssign = + let + workplaceSets = lib.mapAttrs' lib.swarselsystems.eachOutput config.swarselsystems.monitors; + workplaceOutputs = map (key: lib.getAttr key workplaceSets) (lib.attrNames workplaceSets); + in + workplaceOutputs; + startup = config.swarselsystems.startup ++ [ + { command = "kitty -T kittyterm -o confirm_os_window_close=0 zellij attach --create kittyterm"; } + { command = "sleep 60; kitty -T spotifytui -o confirm_os_window_close=0 spotify_player"; } + ]; + seat = { + "*" = { + hide_cursor = "when-typing enable"; + }; + }; + window = { + border = 1; + titlebar = false; + }; + assigns = { + "15:L" = [{ app_id = "teams-for-linux"; }]; + }; + floating = { + border = 1; + criteria = [ + { app_id = "qalculate-gtk"; } + { app_id = "blueman"; } + { app_id = "pavucontrol"; } + { app_id = "syncthingtray"; } + { app_id = "Element"; } + { class = "1Password"; } + { app_id = "com.nextcloud.desktopclient.nextcloud"; } + { title = "(?:Open|Save) (?:File|Folder|As)"; } + { title = "^Add$"; } + { title = "^Picture-in-Picture$"; } + { title = "Syncthing Tray"; } + { title = "^spotifytui$"; } + { title = "^kittyterm$"; } + { app_id = "vesktop"; } + { window_role = "pop-up"; } + { window_role = "bubble"; } + { window_role = "dialog"; } + { window_role = "task_dialog"; } + { window_role = "menu"; } + { window_role = "Preferences"; } + ]; + titlebar = false; + }; + window = { + commands = [ + { + command = "opacity 0.95"; + criteria = { + class = ".*"; + }; + } + { + command = "opacity 1"; + criteria = { + app_id = "at.yrlf.wl_mirror"; + }; + } + { + command = "opacity 1"; + criteria = { + app_id = "Gimp-2.10"; + }; + } + { + command = "opacity 0.99"; + criteria = { + app_id = "firefox"; + }; + } + { + command = "opacity 0.99"; + criteria = { + app_id = "chromium-browser"; + }; + } + { + command = "sticky enable, shadows enable"; + criteria = { + title = "^Picture-in-Picture$"; + }; + } + { + command = "resize set width 60 ppt height 60 ppt, opacity 0.8, sticky enable, border normal, move container to scratchpad"; + criteria = { + title = "^kittyterm$"; + }; + } + { + command = "resize set width 60 ppt height 60 ppt, opacity 0.95, sticky enable, border normal, move container to scratchpad"; + criteria = { + title = "^spotifytui$"; + }; + } + { + + command = "resize set width 60 ppt height 60 ppt, sticky enable, move container to scratchpad"; + criteria = { + class = "Spotify"; + }; + } + { + command = "resize set width 60 ppt height 60 ppt, sticky enable"; + criteria = { + app_id = "vesktop"; + }; + } + { + command = "resize set width 60 ppt height 60 ppt, sticky enable"; + criteria = { + class = "Element"; + }; + } + # { + # command = "resize set width 60 ppt height 60 ppt, sticky enable, move container to scratchpad"; + # criteria = { + # app_id="^$"; + # class="^$"; + # }; + # } + ]; + }; + gaps = { + inner = 5; + }; + }; + extraSessionCommands = '' + export SDL_VIDEODRIVER=wayland + export QT_QPA_PLATFORM=wayland + export QT_WAYLAND_DISABLE_WINDOWDECORATION="1" + export _JAVA_AWT_WM_NONREPARENTING=1 + export XDG_CURRENT_DESKTOP=sway + export XDG_SESSION_DESKTOP=sway + export QTWEBENGINE_CHROMIUM_FLAGS="--no-sandbox"; + export ANKI_WAYLAND=1; + export OBSIDIAN_USE_WAYLAND=1; + ''; + # extraConfigEarly = " + # exec systemctl --user import-environment DISPLAY WAYLAND_DISPLAY SWAYSOCK + # exec hash dbus-update-activation-environment 2>/dev/null && dbus-update-activation-environment --systemd DISPLAY WAYLAND_DISPLAY SWAYSOCK + # "; + extraConfig = let inherit (config.wayland.windowManager.sway.config) modifier; + swayfxSettings = config.swarselsystems.swayfxConfig; in - lib.recursiveUpdate - { - "${modifier}+q" = "kill"; - "${modifier}+f" = "exec firefox"; - "${modifier}+Shift+f" = "exec swaymsg fullscreen"; - "${modifier}+Space" = "exec fuzzel"; - "${modifier}+Shift+Space" = "floating toggle"; - "${modifier}+e" = "exec emacsclient -nquc -a emacs -e \"(dashboard-open)\""; - "${modifier}+Shift+m" = "exec emacsclient -nquc -a emacs -e \"(mu4e)\""; - "${modifier}+Shift+c" = "exec emacsclient -nquc -a emacs -e \"(swarsel/open-calendar)\""; - "${modifier}+m" = "exec swaymsg workspace back_and_forth"; - "${modifier}+a" = "exec swarselcheck -s"; - "${modifier}+x" = "exec swarselcheck -k"; - "${modifier}+d" = "exec swarselcheck -d"; - "${modifier}+w" = "exec swarselcheck -e"; - "${modifier}+Shift+t" = "exec opacitytoggle"; - "${modifier}+Shift+F12" = "move scratchpad"; - "${modifier}+F12" = "scratchpad show"; - "${modifier}+c" = "exec qalculate-gtk"; - "${modifier}+p" = "exec pass-fuzzel"; - "${modifier}+o" = "exec pass-fuzzel --otp"; - "${modifier}+Shift+p" = "exec pass-fuzzel --type"; - "${modifier}+Shift+o" = "exec pass-fuzzel --otp --type"; - "${modifier}+Ctrl+p" = "exec 1password --quick-acces"; - "${modifier}+Escape" = "mode $exit"; - "${modifier}+Shift+Escape" = "exec kitty -o confirm_os_window_close=0 btm"; - "${modifier}+h" = "exec hyprpicker | wl-copy"; - "${modifier}+s" = "exec grim -g \"$(slurp)\" -t png - | wl-copy -t image/png"; - "${modifier}+Shift+s" = "exec slurp | grim -g - Pictures/Screenshots/$(date +'screenshot_%Y-%m-%d-%H%M%S.png')"; - "${modifier}+Shift+v" = "exec wf-recorder -g '$(slurp -f %o -or)' -f ~/Videos/screenrecord_$(date +%Y-%m-%d-%H%M%S).mkv"; - "${modifier}+1" = "workspace 1:一"; - "${modifier}+Shift+1" = "move container to workspace 1:一"; - "${modifier}+2" = "workspace 2:二"; - "${modifier}+Shift+2" = "move container to workspace 2:二"; - "${modifier}+3" = "workspace 3:三"; - "${modifier}+Shift+3" = "move container to workspace 3:三"; - "${modifier}+4" = "workspace 4:四"; - "${modifier}+Shift+4" = "move container to workspace 4:四"; - "${modifier}+5" = "workspace 5:五"; - "${modifier}+Shift+5" = "move container to workspace 5:五"; - "${modifier}+6" = "workspace 6:六"; - "${modifier}+Shift+6" = "move container to workspace 6:六"; - "${modifier}+7" = "workspace 7:七"; - "${modifier}+Shift+7" = "move container to workspace 7:七"; - "${modifier}+8" = "workspace 8:八"; - "${modifier}+Shift+8" = "move container to workspace 8:八"; - "${modifier}+9" = "workspace 9:九"; - "${modifier}+Shift+9" = "move container to workspace 9:九"; - "${modifier}+0" = "workspace 10:十"; - "${modifier}+Shift+0" = "move container to workspace 10:十"; - "${modifier}+Ctrl+m" = "workspace 11:M"; - "${modifier}+Ctrl+Shift+m" = "move container to workspace 11:M"; - "${modifier}+Ctrl+s" = "workspace 12:S"; - "${modifier}+Ctrl+Shift+s" = "move container to workspace 12:S"; - "${modifier}+Ctrl+e" = "workspace 13:E"; - "${modifier}+Ctrl+Shift+e" = "move container to workspace 13:E"; - "${modifier}+Ctrl+t" = "workspace 14:T"; - "${modifier}+Ctrl+Shift+t" = "move container to workspace 14:T"; - "${modifier}+Ctrl+l" = "workspace 15:L"; - "${modifier}+Ctrl+Shift+l" = "move container to workspace 15:L"; - "${modifier}+Ctrl+f" = "workspace 16:F"; - "${modifier}+Ctrl+Shift+f" = "move container to workspace 16:F"; - "${modifier}+Left" = "focus left"; - "${modifier}+Right" = "focus right"; - "${modifier}+Down" = "focus down"; - "${modifier}+Up" = "focus up"; - "${modifier}+Shift+Left" = "move left 40px"; - "${modifier}+Shift+Right" = "move right 40px"; - "${modifier}+Shift+Down" = "move down 40px"; - "${modifier}+Shift+Up" = "move up 40px"; - "${modifier}+Ctrl+Shift+c" = "reload"; - "${modifier}+Ctrl+Shift+r" = "exec swarsel-displaypower"; - "${modifier}+Shift+e" = "exec swaynag -t warning -m 'You pressed the exit shortcut. Do you really want to exit sway? This will end your Wayland session.' -b 'Yes, exit sway' 'swaymsg exit'"; - "${modifier}+r" = "mode resize"; - # "${modifier}+Return" = "exec kitty"; - "${modifier}+Return" = "exec swarselzellij"; - "${modifier}+Print" = "exec screenshare"; - # exec swaymsg move workspace to "$(swaymsg -t get_outputs | jq '[.[] | select(.active == true)] | .[(map(.focused) | index(true) + 1) % length].name')" - # "XF86AudioRaiseVolume" = "exec pa 5%"; - "XF86AudioRaiseVolume" = "exec pamixer -i 5"; - # "XF86AudioLowerVolume" = "exec pactl set-sink-volume @DEFAULT_SINK@ -5%"; - "XF86AudioLowerVolume" = "exec pamixer -d 5"; - # "XF86AudioMute" = "exec pactl set-sink-mute @DEFAULT_SINK@ toggle"; - "XF86AudioMute" = "exec pamixer -t"; - "XF86MonBrightnessUp" = "exec brightnessctl set +5%"; - "XF86MonBrightnessDown" = "exec brightnessctl set 5%-"; - "XF86Display" = "exec wl-mirror eDP-1"; - } - config.swarselsystems.keybindings; - modes = { - resize = { - Down = "resize grow height 10 px or 10 ppt"; - Escape = "mode default"; - Left = "resize shrink width 10 px or 10 ppt"; - Return = "mode default"; - Right = "resize grow width 10 px or 10 ppt"; - Up = "resize shrink height 10 px or 10 ppt"; - Tab = "move position center, resize set width 50 ppt height 50 ppt"; - }; - }; - defaultWorkspace = "workspace 1:一"; - # output = lib.mapAttrs' lib.swarselsystems.eachMonitor monitors; - output = { - "${config.swarselsystems.sharescreen}" = { - bg = "${self}/wallpaper/lenovowp.png ${config.stylix.imageScalingMode}"; - }; - "Philips Consumer Electronics Company PHL BDM3270 AU11806002320" = { - bg = "${self}/wallpaper/standwp.png ${config.stylix.imageScalingMode}"; - }; - }; - input = config.swarselsystems.standardinputs; - workspaceOutputAssign = workplaceOutputs; - startup = config.swarselsystems.startup ++ [ - { command = "kitty -T kittyterm -o confirm_os_window_close=0 zellij attach --create kittyterm"; } - { command = "sleep 60; kitty -T spotifytui -o confirm_os_window_close=0 spotify_player"; } - ]; - seat = { - "*" = { - hide_cursor = "when-typing enable"; - }; - }; - window = { - border = 1; - titlebar = false; - }; - assigns = { - "15:L" = [{ app_id = "teams-for-linux"; }]; - }; - floating = { - border = 1; - criteria = [ - { app_id = "qalculate-gtk"; } - { app_id = "blueman"; } - { app_id = "pavucontrol"; } - { app_id = "syncthingtray"; } - { app_id = "Element"; } - { class = "1Password"; } - { app_id = "com.nextcloud.desktopclient.nextcloud"; } - { title = "(?:Open|Save) (?:File|Folder|As)"; } - { title = "^Add$"; } - { title = "^Picture-in-Picture$"; } - { title = "Syncthing Tray"; } - { title = "^spotifytui$"; } - { title = "^kittyterm$"; } - { app_id = "vesktop"; } - { window_role = "pop-up"; } - { window_role = "bubble"; } - { window_role = "dialog"; } - { window_role = "task_dialog"; } - { window_role = "menu"; } - { window_role = "Preferences"; } - ]; - titlebar = false; - }; - window = { - commands = [ - { - command = "opacity 0.95"; - criteria = { - class = ".*"; - }; - } - { - command = "opacity 1"; - criteria = { - app_id = "at.yrlf.wl_mirror"; - }; - } - { - command = "opacity 1"; - criteria = { - app_id = "Gimp-2.10"; - }; - } - { - command = "opacity 0.99"; - criteria = { - app_id = "firefox"; - }; - } - { - command = "opacity 0.99"; - criteria = { - app_id = "chromium-browser"; - }; - } - { - command = "sticky enable, shadows enable"; - criteria = { - title = "^Picture-in-Picture$"; - }; - } - { - command = "resize set width 60 ppt height 60 ppt, opacity 0.8, sticky enable, border normal, move container to scratchpad"; - criteria = { - title = "^kittyterm$"; - }; - } - { - command = "resize set width 60 ppt height 60 ppt, opacity 0.95, sticky enable, border normal, move container to scratchpad"; - criteria = { - title = "^spotifytui$"; - }; - } - { + " + exec_always autotiling + set $exit \"exit: [s]leep, [l]ock, [p]oweroff, [r]eboot, [u]ser logout\" - command = "resize set width 60 ppt height 60 ppt, sticky enable, move container to scratchpad"; - criteria = { - class = "Spotify"; - }; - } - { - command = "resize set width 60 ppt height 60 ppt, sticky enable"; - criteria = { - app_id = "vesktop"; - }; - } - { - command = "resize set width 60 ppt height 60 ppt, sticky enable"; - criteria = { - class = "Element"; - }; - } - # { - # command = "resize set width 60 ppt height 60 ppt, sticky enable, move container to scratchpad"; - # criteria = { - # app_id="^$"; - # class="^$"; - # }; - # } - ]; - }; - gaps = { - inner = 5; - }; + mode $exit { + bindsym --to-code { + s exec \"systemctl suspend\", mode \"default\" + h exec \"systemctl hibernate\", mode \"default\" + l exec \"swaylock --screenshots --clock --effect-blur 7x5 --effect-vignette 0.5:0.5 --fade-in 0.2 --daemonize\", mode \"default\ + p exec \"systemctl poweroff\" + r exec \"systemctl reboot\" + u exec \"swaymsg exit\" + + Return mode \"default\" + Escape mode \"default\" + ${modifier}+Escape mode \"default\" + } + } + + exec systemctl --user import-environment + exec swayidle -w + + seat * hide_cursor 2000 + + exec kanshi + exec_always kill -1 $(pidof kanshi) + + bindswitch --locked lid:on exec kanshictl switch lidclosed + bindswitch --locked lid:off exec kanshictl switch lidopen + + ${swayfxSettings} + "; }; - extraSessionCommands = '' - export SDL_VIDEODRIVER=wayland - export QT_QPA_PLATFORM=wayland - export QT_WAYLAND_DISABLE_WINDOWDECORATION="1" - export _JAVA_AWT_WM_NONREPARENTING=1 - export XDG_CURRENT_DESKTOP=sway - export XDG_SESSION_DESKTOP=sway - export QTWEBENGINE_CHROMIUM_FLAGS="--no-sandbox"; - export ANKI_WAYLAND=1; - export OBSIDIAN_USE_WAYLAND=1; - ''; - # extraConfigEarly = " - # exec systemctl --user import-environment DISPLAY WAYLAND_DISPLAY SWAYSOCK - # exec hash dbus-update-activation-environment 2>/dev/null && dbus-update-activation-environment --systemd DISPLAY WAYLAND_DISPLAY SWAYSOCK - # "; - extraConfig = - let - inherit (config.wayland.windowManager.sway.config) modifier; - swayfxSettings = config.swarselsystems.swayfxConfig; - in - " - exec_always autotiling - set $exit \"exit: [s]leep, [l]ock, [p]oweroff, [r]eboot, [u]ser logout\" - - mode $exit { - bindsym --to-code { - s exec \"systemctl suspend\", mode \"default\" - h exec \"systemctl hibernate\", mode \"default\" - l exec \"swaylock --screenshots --clock --effect-blur 7x5 --effect-vignette 0.5:0.5 --fade-in 0.2 --daemonize\", mode \"default\ - p exec \"systemctl poweroff\" - r exec \"systemctl reboot\" - u exec \"swaymsg exit\" - - Return mode \"default\" - Escape mode \"default\" - ${modifier}+Escape mode \"default\" - } - } - - exec systemctl --user import-environment - exec swayidle -w - - seat * hide_cursor 2000 - - exec kanshi - exec_always kill -1 $(pidof kanshi) - - bindswitch --locked lid:on exec kanshictl switch lidclosed - bindswitch --locked lid:off exec kanshictl switch lidopen - - ${swayfxSettings} - "; }; } #+end_src @@ -11329,6 +10985,7 @@ This section sets up all the imports that are used in the home-manager section. { imports = lib.swarselsystems.mkImports importNames "profiles/home/server" ++ [ "${profilesPath}/home/common/settings.nix" + "${profilesPath}/home/common/sharedsetup.nix" ]; } #+end_src @@ -11374,6 +11031,7 @@ This section sets up all the imports that are used in the home-manager section. { imports = [ "${profilesPath}/home/common/settings.nix" + "${profilesPath}/home/common/sharedsetup.nix" ]; } #+end_src @@ -11545,25 +11203,36 @@ The rest of the settings is at [[#h:bbf2ecb6-c8ff-4462-b5d5-d45b28604ddf][work]] }; firefox = { - profiles = { - dc = lib.recursiveUpdate - { - id = 1; - settings = { - "browser.startup.homepage" = "https://tower.vbc.ac.at|https://artifactory.vbc.ac.at"; - }; - } - config.swarselsystems.firefox; - cl = lib.recursiveUpdate - { - id = 2; - settings = { - "browser.startup.homepage" = "https://portal.azure.com"; - }; - } - config.swarselsystems.firefox; - ws = lib.recursiveUpdate { id = 3; } config.swarselsystems.firefox; - }; + profiles = + let + isDefault = false; + in + { + dc = lib.recursiveUpdate + { + inherit isDefault; + id = 1; + settings = { + "browser.startup.homepage" = "https://tower.vbc.ac.at|https://artifactory.vbc.ac.at"; + }; + } + config.swarselsystems.firefox; + cl = lib.recursiveUpdate + { + inherit isDefault; + id = 2; + settings = { + "browser.startup.homepage" = "https://portal.azure.com"; + }; + } + config.swarselsystems.firefox; + ws = lib.recursiveUpdate + { + inherit isDefault; + id = 3; + } + config.swarselsystems.firefox; + }; }; chromium = { diff --git a/flake.nix b/flake.nix index 192e18c..39ca86c 100644 --- a/flake.nix +++ b/flake.nix @@ -97,8 +97,8 @@ { inherit lib; - nixosModules = import ./modules/nixos { inherit lib; }; - homeModules = import ./modules/home { inherit lib; }; + # nixosModules = import ./modules/nixos { inherit lib; }; + # homeModules = import ./modules/home { inherit lib; }; packages = lib.swarselsystems.forEachSystem (pkgs: import ./pkgs { inherit lib pkgs; }); formatter = lib.swarselsystems.forEachSystem (pkgs: pkgs.nixpkgs-fmt); overlays = import ./overlays { inherit self lib inputs; }; diff --git a/hosts/home/default/default.nix b/hosts/home/default/default.nix index 18522ae..0299fdc 100644 --- a/hosts/home/default/default.nix +++ b/hosts/home/default/default.nix @@ -6,7 +6,8 @@ inputs.sops-nix.homeManagerModules.sops inputs.nix-index-database.hmModules.nix-index ./profiles/home/common - ] ++ (builtins.attrValues outputs.homeModules); + "${self}/profiles/home/common/sharedsetup.nix" + ]; nixpkgs = { overlays = [ outputs.overlays.default ]; diff --git a/hosts/nixos/iso/default.nix b/hosts/nixos/iso/default.nix index 3f119d4..2641d65 100644 --- a/hosts/nixos/iso/default.nix +++ b/hosts/nixos/iso/default.nix @@ -1,4 +1,4 @@ -{ self, pkgs, inputs, outputs, config, lib, modulesPath, primaryUser ? "swarsel", ... }: +{ self, pkgs, inputs, config, lib, modulesPath, primaryUser ? "swarsel", ... }: let pubKeys = lib.filesystem.listFilesRecursive "${self}/secrets/keys/ssh"; in @@ -9,12 +9,15 @@ in "${modulesPath}/installer/cd-dvd/channel.nix" "${self}/profiles/iso/minimal.nix" + "${self}/profiles/nixos/common/sharedsetup.nix" + "${self}/profiles/home/common/sharedsetup.nix" inputs.home-manager.nixosModules.home-manager { home-manager.users."${primaryUser}".imports = [ "${self}/profiles/home/common/settings.nix" - ] ++ (builtins.attrValues outputs.homeModules); + "${self}/profiles/home/common/sharedsetup.nix" + ]; } ]; diff --git a/hosts/nixos/nbl-imba-2/default.nix b/hosts/nixos/nbl-imba-2/default.nix index faac215..eeaa571 100644 --- a/hosts/nixos/nbl-imba-2/default.nix +++ b/hosts/nixos/nbl-imba-2/default.nix @@ -200,13 +200,13 @@ in xkb_layout = "us"; xkb_variant = "altgr-intl"; }; - "2362:628:PIXA3854:00_093A:0274_Touchpad" = { - dwt = "enabled"; - tap = "enabled"; - natural_scroll = "enabled"; - middle_emulation = "enabled"; - drag_lock = "disabled"; - }; + # "2362:628:PIXA3854:00_093A:0274_Touchpad" = { + # dwt = "enabled"; + # tap = "enabled"; + # natural_scroll = "enabled"; + # middle_emulation = "enabled"; + # drag_lock = "disabled"; + # }; "1133:50504:Logitech_USB_Receiver" = { xkb_layout = "us"; xkb_variant = "altgr-intl"; diff --git a/hosts/nixos/sync/default.nix b/hosts/nixos/sync/default.nix index 567e14d..6dfc4d7 100644 --- a/hosts/nixos/sync/default.nix +++ b/hosts/nixos/sync/default.nix @@ -6,12 +6,15 @@ in imports = [ "${profilesPath}/nixos/server" + "${profilesPath}/nixos/common/sharedsetup.nix" + "${profilesPath}/home/common/sharedsetup.nix" ./hardware-configuration.nix inputs.home-manager.nixosModules.home-manager { home-manager.users."${primaryUser}".imports = [ "${profilesPath}/home/server" + "${profilesPath}/home/common/sharedsetup.nix" ]; } ]; @@ -79,14 +82,11 @@ in swarselsystems = { - hasBluetooth = false; - hasFingerprint = false; isImpermanence = false; isLinux = true; isBtrfs = false; flakePath = "/root/.dotfiles"; server = { - enable = true; forgejo = true; ankisync = true; }; diff --git a/hosts/nixos/toto/default.nix b/hosts/nixos/toto/default.nix index b83448f..da5df33 100644 --- a/hosts/nixos/toto/default.nix +++ b/hosts/nixos/toto/default.nix @@ -1,4 +1,4 @@ -{ self, inputs, outputs, pkgs, lib, primaryUser, ... }: +{ self, inputs, pkgs, lib, primaryUser, ... }: let profilesPath = "${self}/profiles"; sharedOptions = { @@ -14,6 +14,7 @@ in "${profilesPath}/nixos/optional/autologin.nix" "${profilesPath}/nixos/common/settings.nix" + "${profilesPath}/nixos/common/sharedsetup.nix" "${profilesPath}/nixos/common/home-manager.nix" "${profilesPath}/nixos/common/home-manager-extra.nix" "${profilesPath}/nixos/common/xserver.nix" @@ -22,6 +23,7 @@ in "${profilesPath}/nixos/common/lanzaboote.nix" "${profilesPath}/nixos/common/sops.nix" "${profilesPath}/nixos/server/ssh.nix" + "${profilesPath}/home/common/sharedsetup.nix" inputs.home-manager.nixosModules.home-manager { @@ -30,9 +32,10 @@ in "${profilesPath}/home/common/settings.nix" "${profilesPath}/home/common/sops.nix" "${profilesPath}/home/common/ssh.nix" - ] ++ (builtins.attrValues outputs.homeModules); + "${profilesPath}/home/common/sharedsetup.nix" + ]; } - ] ++ (builtins.attrValues outputs.nixosModules) ++ (builtins.attrValues outputs.homeModules); + ]; environment.systemPackages = with pkgs; [ diff --git a/hosts/nixos/winters/default.nix b/hosts/nixos/winters/default.nix index 2c3e181..c3d6a3e 100644 --- a/hosts/nixos/winters/default.nix +++ b/hosts/nixos/winters/default.nix @@ -32,13 +32,10 @@ in }; swarselsystems = { - hasBluetooth = false; - hasFingerprint = false; isImpermanence = false; isBtrfs = false; isLinux = true; server = { - enable = true; kavita = true; navidrome = true; jellyfin = true; diff --git a/lib/default.nix b/lib/default.nix index 795d21a..03cea47 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -70,7 +70,7 @@ in # put home-manager imports here that are for all servers and normal hosts inputs.sops-nix.homeManagerModules.sops inputs.nix-index-database.hmModules.nix-index - ] ++ (builtins.attrValues outputs.homeModules); + ]; } ] else [ # put nixos imports here that are for darwin hosts @@ -80,9 +80,9 @@ in home-manager.users."${macUser}".imports = [ # put home-manager imports here that are for darwin hosts "${self}/profiles/darwin/home" - ] ++ (builtins.attrValues outputs.homeModules); + ]; } - ]) ++ (builtins.attrValues outputs.nixosModules) ++ (builtins.attrValues outputs.homeModules) + ]) )); }; }; diff --git a/modules/home/filesystem.nix b/modules/home/filesystem.nix deleted file mode 100644 index 261c0e7..0000000 --- a/modules/home/filesystem.nix +++ /dev/null @@ -1,6 +0,0 @@ -{ lib, ... }: -{ - options.swarselsystems = { - isBtrfs = lib.mkEnableOption "use btrfs filesystem"; - }; -} diff --git a/modules/home/hardware.nix b/modules/home/hardware.nix deleted file mode 100644 index 3bfb67b..0000000 --- a/modules/home/hardware.nix +++ /dev/null @@ -1,25 +0,0 @@ -{ lib, ... }: -{ - options.swarselsystems = { - cpuCount = lib.mkOption { - type = lib.types.int; - default = 8; - }; - isSecondaryGpu = lib.mkEnableOption "device has a secondary GPU"; - SecondaryGpuCard = lib.mkOption { - type = lib.types.str; - default = ""; - }; - temperatureHwmon = { - isAbsolutePath = lib.mkEnableOption "absolute temperature path"; - path = lib.mkOption { - type = lib.types.str; - default = ""; - }; - input-filename = lib.mkOption { - type = lib.types.str; - default = ""; - }; - }; - }; -} diff --git a/modules/home/input.nix b/modules/home/input.nix deleted file mode 100644 index c3f4c2e..0000000 --- a/modules/home/input.nix +++ /dev/null @@ -1,39 +0,0 @@ -{ lib, config, ... }: -{ - options.swarselsystems = { - inputs = lib.mkOption { - type = lib.types.attrsOf (lib.types.attrsOf lib.types.str); - default = { }; - }; - kyria = lib.mkOption { - type = lib.types.attrsOf (lib.types.attrsOf lib.types.str); - default = { - "36125:53060:splitkb.com_splitkb.com_Kyria_rev3" = { - xkb_layout = "us"; - xkb_variant = "altgr-intl"; - }; - "7504:24926:Kyria_Keyboard" = { - xkb_layout = "us"; - xkb_variant = "altgr-intl"; - }; - }; - }; - touchpad = lib.mkOption { - type = lib.types.attrsOf (lib.types.attrsOf lib.types.str); - default = { }; - }; - standardinputs = lib.mkOption { - type = lib.types.attrsOf (lib.types.attrsOf lib.types.str); - default = lib.recursiveUpdate (lib.recursiveUpdate config.swarselsystems.touchpad config.swarselsystems.kyria) config.swarselsystems.inputs; - internal = true; - }; - keybindings = lib.mkOption { - type = lib.types.attrsOf lib.types.str; - default = { }; - }; - shellAliases = lib.mkOption { - type = lib.types.attrsOf lib.types.str; - default = { }; - }; - }; -} diff --git a/modules/home/laptop.nix b/modules/home/laptop.nix deleted file mode 100644 index a476eec..0000000 --- a/modules/home/laptop.nix +++ /dev/null @@ -1,35 +0,0 @@ -{ lib, config, ... }: -{ - options.swarselsystems = { - isLaptop = lib.mkEnableOption "laptop host"; - }; - - config.swarselsystems = { - touchpad = lib.mkIf config.swarselsystems.isLaptop { - "type:touchpad" = { - dwt = "enabled"; - tap = "enabled"; - natural_scroll = "enabled"; - middle_emulation = "enabled"; - drag_lock = "disabled"; - }; - }; - waybarModules = lib.mkIf config.swarselsystems.isLaptop [ - "custom/outer-left-arrow-dark" - "mpris" - "custom/left-arrow-light" - "network" - "custom/vpn" - "custom/left-arrow-dark" - "pulseaudio" - "custom/left-arrow-light" - "battery" - "custom/left-arrow-dark" - "group/hardware" - "custom/left-arrow-light" - "clock#2" - "custom/left-arrow-dark" - "clock#1" - ]; - }; -} diff --git a/modules/home/monitors.nix b/modules/home/monitors.nix deleted file mode 100644 index 50138ab..0000000 --- a/modules/home/monitors.nix +++ /dev/null @@ -1,21 +0,0 @@ -{ lib, ... }: -{ - options.swarselsystems = { - monitors = lib.mkOption { - type = lib.types.attrsOf (lib.types.attrsOf lib.types.str); - default = { }; - }; - sharescreen = lib.mkOption { - type = lib.types.str; - default = ""; - }; - lowResolution = lib.mkOption { - type = lib.types.str; - default = ""; - }; - highResolution = lib.mkOption { - type = lib.types.str; - default = ""; - }; - }; -} diff --git a/modules/home/nixos.nix b/modules/home/nixos.nix deleted file mode 100644 index 6309b1b..0000000 --- a/modules/home/nixos.nix +++ /dev/null @@ -1,34 +0,0 @@ -{ lib, config, ... }: -{ - options.swarselsystems = { - isNixos = lib.mkEnableOption "nixos host"; - isPublic = lib.mkEnableOption "is a public machine (no secrets)"; - swayfxConfig = lib.mkOption { - type = lib.types.str; - default = " - blur enable - blur_xray disable - blur_passes 1 - blur_radius 1 - shadows enable - corner_radius 2 - titlebar_separator disable - default_dim_inactive 0.02 - "; - internal = true; - }; - }; - - config.swarselsystems = { - startup = lib.mkIf (!config.swarselsystems.isNixos) [ - { command = "sleep 60 && nixGL nextcloud --background"; } - { command = "sleep 60 && nixGL vesktop --start-minimized -enable-features=UseOzonePlatform -ozone-platform=wayland"; } - { command = "sleep 60 && nixGL syncthingtray --wait"; } - { command = "sleep 60 && ANKI_WAYLAND=1 nixGL anki"; } - { command = "nm-applet --indicator"; } - { command = "sleep 60 && OBSIDIAN_USE_WAYLAND=1 nixGL obsidian -enable-features=UseOzonePlatform -ozone-platform=wayland"; } - { command = "sleep 60 && element-desktop --hidden -enable-features=UseOzonePlatform -ozone-platform=wayland --disable-gpu-driver-bug-workarounds"; } - ]; - swayfxConfig = lib.mkIf (!config.swarselsystems.isNixos) " "; - }; -} diff --git a/modules/home/setup.nix b/modules/home/setup.nix deleted file mode 100644 index 5ccd2e1..0000000 --- a/modules/home/setup.nix +++ /dev/null @@ -1,23 +0,0 @@ -{ lib, ... }: -{ - options.swarselsystems = { - isDarwin = lib.mkEnableOption "darwin host"; - isLinux = lib.mkEnableOption "whether this is a linux machine"; - mainUser = lib.mkOption { - type = lib.types.str; - default = "swarsel"; - }; - homeDir = lib.mkOption { - type = lib.types.str; - default = "/home/swarsel"; - }; - xdgDir = lib.mkOption { - type = lib.types.str; - default = "/run/user/1000"; - }; - flakePath = lib.mkOption { - type = lib.types.str; - default = "/home/swarsel/.dotfiles"; - }; - }; -} diff --git a/modules/home/startup.nix b/modules/home/startup.nix deleted file mode 100644 index fadb50a..0000000 --- a/modules/home/startup.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ lib, ... }: -{ - options.swarselsystems = { - startup = lib.mkOption { - type = lib.types.listOf (lib.types.attrsOf lib.types.str); - default = [ - { command = "nextcloud --background"; } - { command = "vesktop --start-minimized --enable-speech-dispatcher --ozone-platform-hint=auto --enable-features=WaylandWindowDecorations --enable-wayland-ime"; } - { command = "element-desktop --hidden --enable-features=UseOzonePlatform --ozone-platform=wayland --disable-gpu-driver-bug-workarounds"; } - { command = "ANKI_WAYLAND=1 anki"; } - { command = "OBSIDIAN_USE_WAYLAND=1 obsidian"; } - { command = "nm-applet"; } - { command = "feishin"; } - ]; - }; - }; -} diff --git a/modules/home/stylix.nix b/modules/home/stylix.nix deleted file mode 100644 index 2585804..0000000 --- a/modules/home/stylix.nix +++ /dev/null @@ -1,52 +0,0 @@ -{ self, lib, pkgs, ... }: -{ - options.swarselsystems = { - stylix = lib.mkOption { - type = lib.types.attrs; - default = { - enable = true; - base16Scheme = "${self}/programs/stylix/swarsel.yaml"; - polarity = "dark"; - opacity.popups = 0.5; - cursor = { - package = pkgs.banana-cursor; - # package = pkgs.capitaine-cursors; - name = "Banana"; - # name = "capitaine-cursors"; - size = 16; - }; - fonts = { - sizes = { - terminal = 10; - applications = 11; - }; - serif = { - # package = (pkgs.nerdfonts.override { fonts = [ "FiraMono" "FiraCode"]; }); - package = pkgs.cantarell-fonts; - # package = pkgs.montserrat; - name = "Cantarell"; - # name = "FiraCode Nerd Font Propo"; - # name = "Montserrat"; - }; - sansSerif = { - # package = (pkgs.nerdfonts.override { fonts = [ "FiraMono" "FiraCode"]; }); - package = pkgs.cantarell-fonts; - # package = pkgs.montserrat; - name = "Cantarell"; - # name = "FiraCode Nerd Font Propo"; - # name = "Montserrat"; - }; - monospace = { - package = pkgs.nerd-fonts.fira-mono; # has overrides - name = "FiraCode Nerd Font Mono"; - }; - emoji = { - package = pkgs.noto-fonts-emoji; - name = "Noto Color Emoji"; - }; - }; - }; - }; - }; - -} diff --git a/modules/home/wallpaper.nix b/modules/home/wallpaper.nix deleted file mode 100644 index 24f0de7..0000000 --- a/modules/home/wallpaper.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ self, lib, ... }: -{ - options.swarselsystems = { - wallpaper = lib.mkOption { - type = lib.types.path; - default = self + /wallpaper/lenovowp.png; - }; - }; -} diff --git a/modules/home/waybar.nix b/modules/home/waybar.nix deleted file mode 100644 index dcb3a82..0000000 --- a/modules/home/waybar.nix +++ /dev/null @@ -1,35 +0,0 @@ -{ lib, config, ... }: -let - generateIcons = n: lib.concatStringsSep " " (builtins.map (x: "{icon" + toString x + "}") (lib.range 0 (n - 1))); -in -{ - options.swarselsystems = { - cpuString = lib.mkOption { - type = lib.types.str; - default = generateIcons config.swarselsystems.cpuCount; - description = "The generated icons string for use by Waybar."; - internal = true; - }; - waybarModules = lib.mkOption { - type = lib.types.listOf lib.types.str; - default = [ - "custom/outer-left-arrow-dark" - "mpris" - "custom/left-arrow-light" - "network" - "custom/vpn" - "custom/left-arrow-dark" - "pulseaudio" - "custom/left-arrow-light" - "custom/pseudobat" - "battery" - "custom/left-arrow-dark" - "group/hardware" - "custom/left-arrow-light" - "clock#2" - "custom/left-arrow-dark" - "clock#1" - ]; - }; - }; -} diff --git a/modules/nixos/hardware.nix b/modules/nixos/hardware.nix deleted file mode 100644 index 50a1c92..0000000 --- a/modules/nixos/hardware.nix +++ /dev/null @@ -1,15 +0,0 @@ -{ lib, ... }: - -{ - options.swarselsystems = { - hasBluetooth = lib.mkEnableOption "bluetooth availability"; - hasFingerprint = lib.mkEnableOption "fingerprint sensor availability"; - trackpoint = { - isAvailable = lib.mkEnableOption "trackpoint availability"; - trackpoint.device = lib.mkOption { - type = lib.types.str; - default = ""; - }; - }; - }; -} diff --git a/modules/nixos/server.nix b/modules/nixos/server.nix deleted file mode 100644 index 56e7614..0000000 --- a/modules/nixos/server.nix +++ /dev/null @@ -1,26 +0,0 @@ -{ lib, ... }: -{ - options.swarselsystems = { - server = { - enable = lib.mkEnableOption "is a server machine"; - kavita = lib.mkEnableOption "enable kavita on server"; - jellyfin = lib.mkEnableOption "enable jellyfin on server"; - navidrome = lib.mkEnableOption "enable navidrome on server"; - spotifyd = lib.mkEnableOption "enable spotifyd on server"; - mpd = lib.mkEnableOption "enable mpd on server"; - matrix = lib.mkEnableOption "enable matrix on server"; - nextcloud = lib.mkEnableOption "enable nextcloud on server"; - immich = lib.mkEnableOption "enable immich on server"; - paperless = lib.mkEnableOption "enable paperless on server"; - transmission = lib.mkEnableOption "enable transmission and friends on server"; - syncthing = lib.mkEnableOption "enable syncthing on server"; - restic = lib.mkEnableOption "enable restic backups on server"; - monitoring = lib.mkEnableOption "enable monitoring on server"; - jenkins = lib.mkEnableOption "enable jenkins on server"; - emacs = lib.mkEnableOption "enable emacs server on server"; - forgejo = lib.mkEnableOption "enable forgejo on server"; - ankisync = lib.mkEnableOption "enable ankisync on server"; - freshrss = lib.mkEnableOption "enable freshrss on server"; - }; - }; -} diff --git a/profiles/darwin/home/default.nix b/profiles/darwin/home/default.nix index 4d7e04e..7ddcb42 100644 --- a/profiles/darwin/home/default.nix +++ b/profiles/darwin/home/default.nix @@ -5,5 +5,6 @@ in { imports = [ "${profilesPath}/home/common/settings.nix" + "${profilesPath}/home/common/sharedsetup.nix" ]; } diff --git a/profiles/home/common/firefox.nix b/profiles/home/common/firefox.nix index 2f539a7..d594f66 100644 --- a/profiles/home/common/firefox.nix +++ b/profiles/home/common/firefox.nix @@ -1,14 +1,4 @@ -{ self, pkgs, lib, ... }: -let - lock-false = { - Value = false; - Status = "locked"; - }; - lock-true = { - Value = true; - Status = "locked"; - }; -in +{ config, pkgs, lib, ... }: { programs.firefox = { enable = true; @@ -142,150 +132,16 @@ in }; - profiles.default = { - id = 0; - isDefault = true; - userChrome = builtins.readFile (self + /programs/firefox/chrome/userChrome.css); - extensions = { - packages = with pkgs.nur.repos.rycee.firefox-addons; [ - tridactyl - tampermonkey - sidebery - browserpass - clearurls - darkreader - enhancer-for-youtube - istilldontcareaboutcookies - translate-web-pages - ublock-origin - reddit-enhancement-suite - sponsorblock - web-archives - single-file - widegithub - enhanced-github - unpaywall - don-t-fuck-with-paste - plasma-integration - - # configure the default the same as trusted in order not to be annoyed - noscript - - # configure a shortcut 'ctrl+shift+c' with behaviour 'do nothing' in order to disable the dev console shortcut - (buildFirefoxXpiAddon { - pname = "shortkeys"; - version = "4.0.2"; - addonId = "Shortkeys@Shortkeys.com"; - url = "https://addons.mozilla.org/firefox/downloads/file/3673761/shortkeys-4.0.2.xpi"; - sha256 = "c6fe12efdd7a871787ac4526eea79ecc1acda8a99724aa2a2a55c88a9acf467c"; - meta = with lib; - { - description = "Easily customizable custom keyboard shortcuts for Firefox. To configure this addon go to Addons (ctrl+shift+a) ->Shortkeys ->Options. Report issues here (please specify that the issue is found in Firefox): https://github.com/mikecrittenden/shortkeys"; - mozPermissions = [ - "tabs" - "downloads" - "clipboardWrite" - "browsingData" - "storage" - "bookmarks" - "sessions" - "" - ]; - platforms = platforms.all; - }; - }) - - ]; - }; - - settings = { - "extensions.autoDisableScopes" = 0; - "browser.startup.homepage" = "https://outlook.office.com|https://satellite.vbc.ac.at|https://bitbucket.vbc.ac.at|https://github.com"; - "browser.bookmarks.showMobileBookmarks" = lock-true; - "toolkit.legacyUserProfileCustomizations.stylesheets" = lock-true; - "browser.search.suggest.enabled" = lock-false; - "browser.search.suggest.enabled.private" = lock-false; - "browser.urlbar.suggest.searches" = lock-false; - "browser.urlbar.showSearchSuggestionsFirst" = lock-false; - "browser.topsites.contile.enabled" = lock-false; - "browser.newtabpage.activity-stream.feeds.section.topstories" = lock-false; - "browser.newtabpage.activity-stream.feeds.snippets" = lock-false; - "browser.newtabpage.activity-stream.section.highlights.includePocket" = lock-false; - "browser.newtabpage.activity-stream.section.highlights.includeBookmarks" = lock-false; - "browser.newtabpage.activity-stream.section.highlights.includeDownloads" = lock-false; - "browser.newtabpage.activity-stream.section.highlights.includeVisited" = lock-false; - "browser.newtabpage.activity-stream.showSponsored" = lock-false; - "browser.newtabpage.activity-stream.system.showSponsored" = lock-false; - "browser.newtabpage.activity-stream.showSponsoredTopSites" = lock-false; - }; - - search = { - # default = "Kagi"; - default = "Google"; - # privateDefault = "Kagi"; - privateDefault = "Google"; - engines = { - "Kagi" = { - urls = [{ - template = "https://kagi.com/search"; - params = [ - { name = "q"; value = "{searchTerms}"; } - ]; - }]; - iconUpdateURL = "https://kagi.com/favicon.ico"; - updateInterval = 24 * 60 * 60 * 1000; # every day - definedAliases = [ "@k" ]; + profiles = { + default = lib.recursiveUpdate + { + id = 0; + isDefault = true; + settings = { + "browser.startup.homepage" = "https://outlook.office.com|https://satellite.vbc.ac.at|https://bitbucket.vbc.ac.at|https://github.com"; }; - - "Nix Packages" = { - urls = [{ - template = "https://search.nixos.org/packages"; - params = [ - { name = "type"; value = "packages"; } - { name = "query"; value = "{searchTerms}"; } - ]; - }]; - icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; - definedAliases = [ "@np" ]; - }; - - "NixOS Wiki" = { - urls = [{ - template = "https://nixos.wiki/index.php?search={searchTerms}"; - }]; - iconUpdateURL = "https://nixos.wiki/favicon.png"; - updateInterval = 24 * 60 * 60 * 1000; # every day - definedAliases = [ "@nw" ]; - }; - - "NixOS Options" = { - urls = [{ - template = "https://search.nixos.org/options"; - params = [ - { name = "query"; value = "{searchTerms}"; } - ]; - }]; - - icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; - definedAliases = [ "@no" ]; - }; - - "Home Manager Options" = { - urls = [{ - template = "https://home-manager-options.extranix.com/"; - params = [ - { name = "query"; value = "{searchTerms}"; } - ]; - }]; - - icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; - definedAliases = [ "@hm" "@ho" "@hmo" ]; - }; - - "Google".metaData.alias = "@g"; - }; - force = true; # this is required because otherwise the search.json.mozlz4 symlink gets replaced on every firefox restart - }; + } + config.swarselsystems.firefox; }; }; } diff --git a/profiles/home/common/nixgl.nix b/profiles/home/common/nixgl.nix index 376f5bc..d500777 100644 --- a/profiles/home/common/nixgl.nix +++ b/profiles/home/common/nixgl.nix @@ -1,17 +1,26 @@ { lib, config, nixgl, ... }: { - nixGL = lib.mkIf (!config.swarselsystems.isNixos) { - inherit (nixgl) packages; - defaultWrapper = lib.mkDefault "mesa"; - vulkan.enable = lib.mkDefault false; - prime = lib.mkIf config.swarselsystem.isSecondaryGpu { - card = config.swarselsystem.secondaryGpuCard; - installScript = "mesa"; + options.swarselsystems = { + isSecondaryGpu = lib.mkEnableOption "device has a secondary GPU"; + SecondaryGpuCard = lib.mkOption { + type = lib.types.str; + default = ""; + }; + }; + config = { + nixGL = lib.mkIf (!config.swarselsystems.isNixos) { + inherit (nixgl) packages; + defaultWrapper = lib.mkDefault "mesa"; + vulkan.enable = lib.mkDefault false; + prime = lib.mkIf config.swarselsystem.isSecondaryGpu { + card = config.swarselsystem.secondaryGpuCard; + installScript = "mesa"; + }; + offloadWrapper = lib.mkIf config.swarselsystem.isSecondaryGpu "mesaPrime"; + installScripts = [ + "mesa" + "mesaPrime" + ]; }; - offloadWrapper = lib.mkIf config.swarselsystem.isSecondaryGpu "mesaPrime"; - installScripts = [ - "mesa" - "mesaPrime" - ]; }; } diff --git a/modules/home/firefox.nix b/profiles/home/common/sharedsetup.nix similarity index 66% rename from modules/home/firefox.nix rename to profiles/home/common/sharedsetup.nix index 71546b3..c017737 100644 --- a/modules/home/firefox.nix +++ b/profiles/home/common/sharedsetup.nix @@ -11,10 +11,104 @@ let in { options.swarselsystems = { + isLaptop = lib.mkEnableOption "laptop host"; + isNixos = lib.mkEnableOption "nixos host"; + isPublic = lib.mkEnableOption "is a public machine (no secrets)"; + isDarwin = lib.mkEnableOption "darwin host"; + isLinux = lib.mkEnableOption "whether this is a linux machine"; + isBtrfs = lib.mkEnableOption "use btrfs filesystem"; + mainUser = lib.mkOption { + type = lib.types.str; + default = "swarsel"; + }; + homeDir = lib.mkOption { + type = lib.types.str; + default = "/home/swarsel"; + }; + xdgDir = lib.mkOption { + type = lib.types.str; + default = "/run/user/1000"; + }; + flakePath = lib.mkOption { + type = lib.types.str; + default = "/home/swarsel/.dotfiles"; + }; + wallpaper = lib.mkOption { + type = lib.types.path; + default = "${self}/wallpaper/lenovowp.png"; + }; + sharescreen = lib.mkOption { + type = lib.types.str; + default = ""; + }; + lowResolution = lib.mkOption { + type = lib.types.str; + default = ""; + }; + highResolution = lib.mkOption { + type = lib.types.str; + default = ""; + }; + + stylix = lib.mkOption { + type = lib.types.attrs; + default = { + enable = true; + base16Scheme = "${self}/programs/stylix/swarsel.yaml"; + polarity = "dark"; + opacity.popups = 0.5; + cursor = { + package = pkgs.banana-cursor; + # package = pkgs.capitaine-cursors; + name = "Banana"; + # name = "capitaine-cursors"; + size = 16; + }; + fonts = { + sizes = { + terminal = 10; + applications = 11; + }; + serif = { + # package = (pkgs.nerdfonts.override { fonts = [ "FiraMono" "FiraCode"]; }); + package = pkgs.cantarell-fonts; + # package = pkgs.montserrat; + name = "Cantarell"; + # name = "FiraCode Nerd Font Propo"; + # name = "Montserrat"; + }; + sansSerif = { + # package = (pkgs.nerdfonts.override { fonts = [ "FiraMono" "FiraCode"]; }); + package = pkgs.cantarell-fonts; + # package = pkgs.montserrat; + name = "Cantarell"; + # name = "FiraCode Nerd Font Propo"; + # name = "Montserrat"; + }; + monospace = { + package = pkgs.nerd-fonts.fira-mono; # has overrides + name = "FiraCode Nerd Font Mono"; + }; + emoji = { + package = pkgs.noto-fonts-emoji; + name = "Noto Color Emoji"; + }; + }; + }; + }; + stylixHomeTargets = lib.mkOption { + type = lib.types.attrs; + default = { + emacs.enable = false; + waybar.enable = false; + sway.useWallpaper = false; + firefox.profileNames = [ "default" ]; + }; + }; + firefox = lib.mkOption { type = lib.types.attrs; default = { - isDefault = false; userChrome = builtins.readFile "${self}/programs/firefox/chrome/userChrome.css"; extensions = { packages = with pkgs.nur.repos.rycee.firefox-addons; [ @@ -38,6 +132,9 @@ in unpaywall don-t-fuck-with-paste plasma-integration + noscript + + # configure a shortcut 'ctrl+shift+c' with behaviour 'do nothing' in order to disable the dev console shortcut (buildFirefoxXpiAddon { pname = "shortkeys"; version = "4.0.2"; @@ -153,6 +250,6 @@ in }; }; }; - }; + }; } diff --git a/profiles/home/common/stylix.nix b/profiles/home/common/stylix.nix index 5eb8906..a1fd4ab 100644 --- a/profiles/home/common/stylix.nix +++ b/profiles/home/common/stylix.nix @@ -3,12 +3,7 @@ stylix = lib.mkIf (!config.swarselsystems.isNixos) (lib.recursiveUpdate { image = config.swarselsystems.wallpaper; - targets = { - emacs.enable = false; - waybar.enable = false; - sway.useWallpaper = false; - firefox.profileNames = [ "default" ]; - }; + targets = config.swarselsystems.stylixHomeTargets; } config.swarselsystems.stylix); } diff --git a/profiles/home/common/sway.nix b/profiles/home/common/sway.nix index 5fc8965..f997f93 100644 --- a/profiles/home/common/sway.nix +++ b/profiles/home/common/sway.nix @@ -1,321 +1,399 @@ { self, config, lib, ... }: -let - inherit (config.swarselsystems) monitors; - workplaceSets = lib.mapAttrs' lib.swarselsystems.eachOutput monitors; - workplaceOutputs = map (key: lib.getAttr key workplaceSets) (lib.attrNames workplaceSets); -in { - wayland.windowManager.sway = { - enable = true; - checkConfig = false; # delete this line once SwayFX is fixed upstream - package = lib.mkIf config.swarselsystems.isNixos null; - systemd = { - enable = true; - xdgAutostart = true; + options.swarselsystems = { + inputs = lib.mkOption { + type = lib.types.attrsOf (lib.types.attrsOf lib.types.str); + default = { }; }; - wrapperFeatures.gtk = true; - config = rec { - modifier = "Mod4"; - # terminal = "kitty"; - menu = "fuzzel"; - bars = [{ - command = "waybar"; - mode = "hide"; - hiddenState = "hide"; - position = "top"; - extraConfig = "modifier Mod4"; - }]; - keybindings = + monitors = lib.mkOption { + type = lib.types.attrsOf (lib.types.attrsOf lib.types.str); + default = { }; + }; + keybindings = lib.mkOption { + type = lib.types.attrsOf lib.types.str; + default = { }; + }; + startup = lib.mkOption { + type = lib.types.listOf (lib.types.attrsOf lib.types.str); + default = [ + { command = "nextcloud --background"; } + { command = "vesktop --start-minimized --enable-speech-dispatcher --ozone-platform-hint=auto --enable-features=WaylandWindowDecorations --enable-wayland-ime"; } + { command = "element-desktop --hidden --enable-features=UseOzonePlatform --ozone-platform=wayland --disable-gpu-driver-bug-workarounds"; } + { command = "ANKI_WAYLAND=1 anki"; } + { command = "OBSIDIAN_USE_WAYLAND=1 obsidian"; } + { command = "nm-applet"; } + { command = "feishin"; } + ]; + }; + kyria = lib.mkOption { + type = lib.types.attrsOf (lib.types.attrsOf lib.types.str); + default = { + "36125:53060:splitkb.com_splitkb.com_Kyria_rev3" = { + xkb_layout = "us"; + xkb_variant = "altgr-intl"; + }; + "7504:24926:Kyria_Keyboard" = { + xkb_layout = "us"; + xkb_variant = "altgr-intl"; + }; + }; + internal = true; + }; + standardinputs = lib.mkOption { + type = lib.types.attrsOf (lib.types.attrsOf lib.types.str); + default = lib.recursiveUpdate (lib.recursiveUpdate config.swarselsystems.touchpad config.swarselsystems.kyria) config.swarselsystems.inputs; + internal = true; + }; + touchpad = lib.mkOption { + type = lib.types.attrsOf (lib.types.attrsOf lib.types.str); + default = { }; + internal = true; + }; + swayfxConfig = lib.mkOption { + type = lib.types.str; + default = " + blur enable + blur_xray disable + blur_passes 1 + blur_radius 1 + shadows enable + corner_radius 2 + titlebar_separator disable + default_dim_inactive 0.02 + "; + internal = true; + }; + }; + config = { + swarselsystems = { + touchpad = lib.mkIf config.swarselsystems.isLaptop { + "type:touchpad" = { + dwt = "enabled"; + tap = "enabled"; + natural_scroll = "enabled"; + middle_emulation = "enabled"; + drag_lock = "disabled"; + }; + }; + swayfxConfig = lib.mkIf (!config.swarselsystems.isNixos) " "; + }; + wayland.windowManager.sway = { + enable = true; + checkConfig = false; # delete this line once SwayFX is fixed upstream + package = lib.mkIf config.swarselsystems.isNixos null; + systemd = { + enable = true; + xdgAutostart = true; + }; + wrapperFeatures.gtk = true; + config = rec { + modifier = "Mod4"; + # terminal = "kitty"; + menu = "fuzzel"; + bars = [{ + command = "waybar"; + mode = "hide"; + hiddenState = "hide"; + position = "top"; + extraConfig = "modifier Mod4"; + }]; + keybindings = + let + inherit (config.wayland.windowManager.sway.config) modifier; + in + lib.recursiveUpdate + { + "${modifier}+q" = "kill"; + "${modifier}+f" = "exec firefox"; + "${modifier}+Shift+f" = "exec swaymsg fullscreen"; + "${modifier}+Space" = "exec fuzzel"; + "${modifier}+Shift+Space" = "floating toggle"; + "${modifier}+e" = "exec emacsclient -nquc -a emacs -e \"(dashboard-open)\""; + "${modifier}+Shift+m" = "exec emacsclient -nquc -a emacs -e \"(mu4e)\""; + "${modifier}+Shift+c" = "exec emacsclient -nquc -a emacs -e \"(swarsel/open-calendar)\""; + "${modifier}+m" = "exec swaymsg workspace back_and_forth"; + "${modifier}+a" = "exec swarselcheck -s"; + "${modifier}+x" = "exec swarselcheck -k"; + "${modifier}+d" = "exec swarselcheck -d"; + "${modifier}+w" = "exec swarselcheck -e"; + "${modifier}+Shift+t" = "exec opacitytoggle"; + "${modifier}+Shift+F12" = "move scratchpad"; + "${modifier}+F12" = "scratchpad show"; + "${modifier}+c" = "exec qalculate-gtk"; + "${modifier}+p" = "exec pass-fuzzel"; + "${modifier}+o" = "exec pass-fuzzel --otp"; + "${modifier}+Shift+p" = "exec pass-fuzzel --type"; + "${modifier}+Shift+o" = "exec pass-fuzzel --otp --type"; + "${modifier}+Ctrl+p" = "exec 1password --quick-acces"; + "${modifier}+Escape" = "mode $exit"; + "${modifier}+Shift+Escape" = "exec kitty -o confirm_os_window_close=0 btm"; + "${modifier}+h" = "exec hyprpicker | wl-copy"; + "${modifier}+s" = "exec grim -g \"$(slurp)\" -t png - | wl-copy -t image/png"; + "${modifier}+Shift+s" = "exec slurp | grim -g - Pictures/Screenshots/$(date +'screenshot_%Y-%m-%d-%H%M%S.png')"; + "${modifier}+Shift+v" = "exec wf-recorder -g '$(slurp -f %o -or)' -f ~/Videos/screenrecord_$(date +%Y-%m-%d-%H%M%S).mkv"; + "${modifier}+1" = "workspace 1:一"; + "${modifier}+Shift+1" = "move container to workspace 1:一"; + "${modifier}+2" = "workspace 2:二"; + "${modifier}+Shift+2" = "move container to workspace 2:二"; + "${modifier}+3" = "workspace 3:三"; + "${modifier}+Shift+3" = "move container to workspace 3:三"; + "${modifier}+4" = "workspace 4:四"; + "${modifier}+Shift+4" = "move container to workspace 4:四"; + "${modifier}+5" = "workspace 5:五"; + "${modifier}+Shift+5" = "move container to workspace 5:五"; + "${modifier}+6" = "workspace 6:六"; + "${modifier}+Shift+6" = "move container to workspace 6:六"; + "${modifier}+7" = "workspace 7:七"; + "${modifier}+Shift+7" = "move container to workspace 7:七"; + "${modifier}+8" = "workspace 8:八"; + "${modifier}+Shift+8" = "move container to workspace 8:八"; + "${modifier}+9" = "workspace 9:九"; + "${modifier}+Shift+9" = "move container to workspace 9:九"; + "${modifier}+0" = "workspace 10:十"; + "${modifier}+Shift+0" = "move container to workspace 10:十"; + "${modifier}+Ctrl+m" = "workspace 11:M"; + "${modifier}+Ctrl+Shift+m" = "move container to workspace 11:M"; + "${modifier}+Ctrl+s" = "workspace 12:S"; + "${modifier}+Ctrl+Shift+s" = "move container to workspace 12:S"; + "${modifier}+Ctrl+e" = "workspace 13:E"; + "${modifier}+Ctrl+Shift+e" = "move container to workspace 13:E"; + "${modifier}+Ctrl+t" = "workspace 14:T"; + "${modifier}+Ctrl+Shift+t" = "move container to workspace 14:T"; + "${modifier}+Ctrl+l" = "workspace 15:L"; + "${modifier}+Ctrl+Shift+l" = "move container to workspace 15:L"; + "${modifier}+Ctrl+f" = "workspace 16:F"; + "${modifier}+Ctrl+Shift+f" = "move container to workspace 16:F"; + "${modifier}+Left" = "focus left"; + "${modifier}+Right" = "focus right"; + "${modifier}+Down" = "focus down"; + "${modifier}+Up" = "focus up"; + "${modifier}+Shift+Left" = "move left 40px"; + "${modifier}+Shift+Right" = "move right 40px"; + "${modifier}+Shift+Down" = "move down 40px"; + "${modifier}+Shift+Up" = "move up 40px"; + "${modifier}+Ctrl+Shift+c" = "reload"; + "${modifier}+Ctrl+Shift+r" = "exec swarsel-displaypower"; + "${modifier}+Shift+e" = "exec swaynag -t warning -m 'You pressed the exit shortcut. Do you really want to exit sway? This will end your Wayland session.' -b 'Yes, exit sway' 'swaymsg exit'"; + "${modifier}+r" = "mode resize"; + # "${modifier}+Return" = "exec kitty"; + "${modifier}+Return" = "exec swarselzellij"; + "${modifier}+Print" = "exec screenshare"; + # exec swaymsg move workspace to "$(swaymsg -t get_outputs | jq '[.[] | select(.active == true)] | .[(map(.focused) | index(true) + 1) % length].name')" + # "XF86AudioRaiseVolume" = "exec pa 5%"; + "XF86AudioRaiseVolume" = "exec pamixer -i 5"; + # "XF86AudioLowerVolume" = "exec pactl set-sink-volume @DEFAULT_SINK@ -5%"; + "XF86AudioLowerVolume" = "exec pamixer -d 5"; + # "XF86AudioMute" = "exec pactl set-sink-mute @DEFAULT_SINK@ toggle"; + "XF86AudioMute" = "exec pamixer -t"; + "XF86MonBrightnessUp" = "exec brightnessctl set +5%"; + "XF86MonBrightnessDown" = "exec brightnessctl set 5%-"; + "XF86Display" = "exec wl-mirror eDP-1"; + } + config.swarselsystems.keybindings; + modes = { + resize = { + Down = "resize grow height 10 px or 10 ppt"; + Escape = "mode default"; + Left = "resize shrink width 10 px or 10 ppt"; + Return = "mode default"; + Right = "resize grow width 10 px or 10 ppt"; + Up = "resize shrink height 10 px or 10 ppt"; + Tab = "move position center, resize set width 50 ppt height 50 ppt"; + }; + }; + defaultWorkspace = "workspace 1:一"; + # output = lib.mapAttrs' lib.swarselsystems.eachMonitor monitors; + output = { + "${config.swarselsystems.sharescreen}" = { + bg = "${self}/wallpaper/lenovowp.png ${config.stylix.imageScalingMode}"; + }; + "Philips Consumer Electronics Company PHL BDM3270 AU11806002320" = { + bg = "${self}/wallpaper/standwp.png ${config.stylix.imageScalingMode}"; + }; + }; + input = config.swarselsystems.standardinputs; + workspaceOutputAssign = + let + workplaceSets = lib.mapAttrs' lib.swarselsystems.eachOutput config.swarselsystems.monitors; + workplaceOutputs = map (key: lib.getAttr key workplaceSets) (lib.attrNames workplaceSets); + in + workplaceOutputs; + startup = config.swarselsystems.startup ++ [ + { command = "kitty -T kittyterm -o confirm_os_window_close=0 zellij attach --create kittyterm"; } + { command = "sleep 60; kitty -T spotifytui -o confirm_os_window_close=0 spotify_player"; } + ]; + seat = { + "*" = { + hide_cursor = "when-typing enable"; + }; + }; + window = { + border = 1; + titlebar = false; + }; + assigns = { + "15:L" = [{ app_id = "teams-for-linux"; }]; + }; + floating = { + border = 1; + criteria = [ + { app_id = "qalculate-gtk"; } + { app_id = "blueman"; } + { app_id = "pavucontrol"; } + { app_id = "syncthingtray"; } + { app_id = "Element"; } + { class = "1Password"; } + { app_id = "com.nextcloud.desktopclient.nextcloud"; } + { title = "(?:Open|Save) (?:File|Folder|As)"; } + { title = "^Add$"; } + { title = "^Picture-in-Picture$"; } + { title = "Syncthing Tray"; } + { title = "^spotifytui$"; } + { title = "^kittyterm$"; } + { app_id = "vesktop"; } + { window_role = "pop-up"; } + { window_role = "bubble"; } + { window_role = "dialog"; } + { window_role = "task_dialog"; } + { window_role = "menu"; } + { window_role = "Preferences"; } + ]; + titlebar = false; + }; + window = { + commands = [ + { + command = "opacity 0.95"; + criteria = { + class = ".*"; + }; + } + { + command = "opacity 1"; + criteria = { + app_id = "at.yrlf.wl_mirror"; + }; + } + { + command = "opacity 1"; + criteria = { + app_id = "Gimp-2.10"; + }; + } + { + command = "opacity 0.99"; + criteria = { + app_id = "firefox"; + }; + } + { + command = "opacity 0.99"; + criteria = { + app_id = "chromium-browser"; + }; + } + { + command = "sticky enable, shadows enable"; + criteria = { + title = "^Picture-in-Picture$"; + }; + } + { + command = "resize set width 60 ppt height 60 ppt, opacity 0.8, sticky enable, border normal, move container to scratchpad"; + criteria = { + title = "^kittyterm$"; + }; + } + { + command = "resize set width 60 ppt height 60 ppt, opacity 0.95, sticky enable, border normal, move container to scratchpad"; + criteria = { + title = "^spotifytui$"; + }; + } + { + + command = "resize set width 60 ppt height 60 ppt, sticky enable, move container to scratchpad"; + criteria = { + class = "Spotify"; + }; + } + { + command = "resize set width 60 ppt height 60 ppt, sticky enable"; + criteria = { + app_id = "vesktop"; + }; + } + { + command = "resize set width 60 ppt height 60 ppt, sticky enable"; + criteria = { + class = "Element"; + }; + } + # { + # command = "resize set width 60 ppt height 60 ppt, sticky enable, move container to scratchpad"; + # criteria = { + # app_id="^$"; + # class="^$"; + # }; + # } + ]; + }; + gaps = { + inner = 5; + }; + }; + extraSessionCommands = '' + export SDL_VIDEODRIVER=wayland + export QT_QPA_PLATFORM=wayland + export QT_WAYLAND_DISABLE_WINDOWDECORATION="1" + export _JAVA_AWT_WM_NONREPARENTING=1 + export XDG_CURRENT_DESKTOP=sway + export XDG_SESSION_DESKTOP=sway + export QTWEBENGINE_CHROMIUM_FLAGS="--no-sandbox"; + export ANKI_WAYLAND=1; + export OBSIDIAN_USE_WAYLAND=1; + ''; + # extraConfigEarly = " + # exec systemctl --user import-environment DISPLAY WAYLAND_DISPLAY SWAYSOCK + # exec hash dbus-update-activation-environment 2>/dev/null && dbus-update-activation-environment --systemd DISPLAY WAYLAND_DISPLAY SWAYSOCK + # "; + extraConfig = let inherit (config.wayland.windowManager.sway.config) modifier; + swayfxSettings = config.swarselsystems.swayfxConfig; in - lib.recursiveUpdate - { - "${modifier}+q" = "kill"; - "${modifier}+f" = "exec firefox"; - "${modifier}+Shift+f" = "exec swaymsg fullscreen"; - "${modifier}+Space" = "exec fuzzel"; - "${modifier}+Shift+Space" = "floating toggle"; - "${modifier}+e" = "exec emacsclient -nquc -a emacs -e \"(dashboard-open)\""; - "${modifier}+Shift+m" = "exec emacsclient -nquc -a emacs -e \"(mu4e)\""; - "${modifier}+Shift+c" = "exec emacsclient -nquc -a emacs -e \"(swarsel/open-calendar)\""; - "${modifier}+m" = "exec swaymsg workspace back_and_forth"; - "${modifier}+a" = "exec swarselcheck -s"; - "${modifier}+x" = "exec swarselcheck -k"; - "${modifier}+d" = "exec swarselcheck -d"; - "${modifier}+w" = "exec swarselcheck -e"; - "${modifier}+Shift+t" = "exec opacitytoggle"; - "${modifier}+Shift+F12" = "move scratchpad"; - "${modifier}+F12" = "scratchpad show"; - "${modifier}+c" = "exec qalculate-gtk"; - "${modifier}+p" = "exec pass-fuzzel"; - "${modifier}+o" = "exec pass-fuzzel --otp"; - "${modifier}+Shift+p" = "exec pass-fuzzel --type"; - "${modifier}+Shift+o" = "exec pass-fuzzel --otp --type"; - "${modifier}+Ctrl+p" = "exec 1password --quick-acces"; - "${modifier}+Escape" = "mode $exit"; - "${modifier}+Shift+Escape" = "exec kitty -o confirm_os_window_close=0 btm"; - "${modifier}+h" = "exec hyprpicker | wl-copy"; - "${modifier}+s" = "exec grim -g \"$(slurp)\" -t png - | wl-copy -t image/png"; - "${modifier}+Shift+s" = "exec slurp | grim -g - Pictures/Screenshots/$(date +'screenshot_%Y-%m-%d-%H%M%S.png')"; - "${modifier}+Shift+v" = "exec wf-recorder -g '$(slurp -f %o -or)' -f ~/Videos/screenrecord_$(date +%Y-%m-%d-%H%M%S).mkv"; - "${modifier}+1" = "workspace 1:一"; - "${modifier}+Shift+1" = "move container to workspace 1:一"; - "${modifier}+2" = "workspace 2:二"; - "${modifier}+Shift+2" = "move container to workspace 2:二"; - "${modifier}+3" = "workspace 3:三"; - "${modifier}+Shift+3" = "move container to workspace 3:三"; - "${modifier}+4" = "workspace 4:四"; - "${modifier}+Shift+4" = "move container to workspace 4:四"; - "${modifier}+5" = "workspace 5:五"; - "${modifier}+Shift+5" = "move container to workspace 5:五"; - "${modifier}+6" = "workspace 6:六"; - "${modifier}+Shift+6" = "move container to workspace 6:六"; - "${modifier}+7" = "workspace 7:七"; - "${modifier}+Shift+7" = "move container to workspace 7:七"; - "${modifier}+8" = "workspace 8:八"; - "${modifier}+Shift+8" = "move container to workspace 8:八"; - "${modifier}+9" = "workspace 9:九"; - "${modifier}+Shift+9" = "move container to workspace 9:九"; - "${modifier}+0" = "workspace 10:十"; - "${modifier}+Shift+0" = "move container to workspace 10:十"; - "${modifier}+Ctrl+m" = "workspace 11:M"; - "${modifier}+Ctrl+Shift+m" = "move container to workspace 11:M"; - "${modifier}+Ctrl+s" = "workspace 12:S"; - "${modifier}+Ctrl+Shift+s" = "move container to workspace 12:S"; - "${modifier}+Ctrl+e" = "workspace 13:E"; - "${modifier}+Ctrl+Shift+e" = "move container to workspace 13:E"; - "${modifier}+Ctrl+t" = "workspace 14:T"; - "${modifier}+Ctrl+Shift+t" = "move container to workspace 14:T"; - "${modifier}+Ctrl+l" = "workspace 15:L"; - "${modifier}+Ctrl+Shift+l" = "move container to workspace 15:L"; - "${modifier}+Ctrl+f" = "workspace 16:F"; - "${modifier}+Ctrl+Shift+f" = "move container to workspace 16:F"; - "${modifier}+Left" = "focus left"; - "${modifier}+Right" = "focus right"; - "${modifier}+Down" = "focus down"; - "${modifier}+Up" = "focus up"; - "${modifier}+Shift+Left" = "move left 40px"; - "${modifier}+Shift+Right" = "move right 40px"; - "${modifier}+Shift+Down" = "move down 40px"; - "${modifier}+Shift+Up" = "move up 40px"; - "${modifier}+Ctrl+Shift+c" = "reload"; - "${modifier}+Ctrl+Shift+r" = "exec swarsel-displaypower"; - "${modifier}+Shift+e" = "exec swaynag -t warning -m 'You pressed the exit shortcut. Do you really want to exit sway? This will end your Wayland session.' -b 'Yes, exit sway' 'swaymsg exit'"; - "${modifier}+r" = "mode resize"; - # "${modifier}+Return" = "exec kitty"; - "${modifier}+Return" = "exec swarselzellij"; - "${modifier}+Print" = "exec screenshare"; - # exec swaymsg move workspace to "$(swaymsg -t get_outputs | jq '[.[] | select(.active == true)] | .[(map(.focused) | index(true) + 1) % length].name')" - # "XF86AudioRaiseVolume" = "exec pa 5%"; - "XF86AudioRaiseVolume" = "exec pamixer -i 5"; - # "XF86AudioLowerVolume" = "exec pactl set-sink-volume @DEFAULT_SINK@ -5%"; - "XF86AudioLowerVolume" = "exec pamixer -d 5"; - # "XF86AudioMute" = "exec pactl set-sink-mute @DEFAULT_SINK@ toggle"; - "XF86AudioMute" = "exec pamixer -t"; - "XF86MonBrightnessUp" = "exec brightnessctl set +5%"; - "XF86MonBrightnessDown" = "exec brightnessctl set 5%-"; - "XF86Display" = "exec wl-mirror eDP-1"; - } - config.swarselsystems.keybindings; - modes = { - resize = { - Down = "resize grow height 10 px or 10 ppt"; - Escape = "mode default"; - Left = "resize shrink width 10 px or 10 ppt"; - Return = "mode default"; - Right = "resize grow width 10 px or 10 ppt"; - Up = "resize shrink height 10 px or 10 ppt"; - Tab = "move position center, resize set width 50 ppt height 50 ppt"; - }; - }; - defaultWorkspace = "workspace 1:一"; - # output = lib.mapAttrs' lib.swarselsystems.eachMonitor monitors; - output = { - "${config.swarselsystems.sharescreen}" = { - bg = "${self}/wallpaper/lenovowp.png ${config.stylix.imageScalingMode}"; - }; - "Philips Consumer Electronics Company PHL BDM3270 AU11806002320" = { - bg = "${self}/wallpaper/standwp.png ${config.stylix.imageScalingMode}"; - }; - }; - input = config.swarselsystems.standardinputs; - workspaceOutputAssign = workplaceOutputs; - startup = config.swarselsystems.startup ++ [ - { command = "kitty -T kittyterm -o confirm_os_window_close=0 zellij attach --create kittyterm"; } - { command = "sleep 60; kitty -T spotifytui -o confirm_os_window_close=0 spotify_player"; } - ]; - seat = { - "*" = { - hide_cursor = "when-typing enable"; - }; - }; - window = { - border = 1; - titlebar = false; - }; - assigns = { - "15:L" = [{ app_id = "teams-for-linux"; }]; - }; - floating = { - border = 1; - criteria = [ - { app_id = "qalculate-gtk"; } - { app_id = "blueman"; } - { app_id = "pavucontrol"; } - { app_id = "syncthingtray"; } - { app_id = "Element"; } - { class = "1Password"; } - { app_id = "com.nextcloud.desktopclient.nextcloud"; } - { title = "(?:Open|Save) (?:File|Folder|As)"; } - { title = "^Add$"; } - { title = "^Picture-in-Picture$"; } - { title = "Syncthing Tray"; } - { title = "^spotifytui$"; } - { title = "^kittyterm$"; } - { app_id = "vesktop"; } - { window_role = "pop-up"; } - { window_role = "bubble"; } - { window_role = "dialog"; } - { window_role = "task_dialog"; } - { window_role = "menu"; } - { window_role = "Preferences"; } - ]; - titlebar = false; - }; - window = { - commands = [ - { - command = "opacity 0.95"; - criteria = { - class = ".*"; - }; - } - { - command = "opacity 1"; - criteria = { - app_id = "at.yrlf.wl_mirror"; - }; - } - { - command = "opacity 1"; - criteria = { - app_id = "Gimp-2.10"; - }; - } - { - command = "opacity 0.99"; - criteria = { - app_id = "firefox"; - }; - } - { - command = "opacity 0.99"; - criteria = { - app_id = "chromium-browser"; - }; - } - { - command = "sticky enable, shadows enable"; - criteria = { - title = "^Picture-in-Picture$"; - }; - } - { - command = "resize set width 60 ppt height 60 ppt, opacity 0.8, sticky enable, border normal, move container to scratchpad"; - criteria = { - title = "^kittyterm$"; - }; - } - { - command = "resize set width 60 ppt height 60 ppt, opacity 0.95, sticky enable, border normal, move container to scratchpad"; - criteria = { - title = "^spotifytui$"; - }; - } - { + " + exec_always autotiling + set $exit \"exit: [s]leep, [l]ock, [p]oweroff, [r]eboot, [u]ser logout\" - command = "resize set width 60 ppt height 60 ppt, sticky enable, move container to scratchpad"; - criteria = { - class = "Spotify"; - }; - } - { - command = "resize set width 60 ppt height 60 ppt, sticky enable"; - criteria = { - app_id = "vesktop"; - }; - } - { - command = "resize set width 60 ppt height 60 ppt, sticky enable"; - criteria = { - class = "Element"; - }; - } - # { - # command = "resize set width 60 ppt height 60 ppt, sticky enable, move container to scratchpad"; - # criteria = { - # app_id="^$"; - # class="^$"; - # }; - # } - ]; - }; - gaps = { - inner = 5; - }; + mode $exit { + bindsym --to-code { + s exec \"systemctl suspend\", mode \"default\" + h exec \"systemctl hibernate\", mode \"default\" + l exec \"swaylock --screenshots --clock --effect-blur 7x5 --effect-vignette 0.5:0.5 --fade-in 0.2 --daemonize\", mode \"default\ + p exec \"systemctl poweroff\" + r exec \"systemctl reboot\" + u exec \"swaymsg exit\" + + Return mode \"default\" + Escape mode \"default\" + ${modifier}+Escape mode \"default\" + } + } + + exec systemctl --user import-environment + exec swayidle -w + + seat * hide_cursor 2000 + + exec kanshi + exec_always kill -1 $(pidof kanshi) + + bindswitch --locked lid:on exec kanshictl switch lidclosed + bindswitch --locked lid:off exec kanshictl switch lidopen + + ${swayfxSettings} + "; }; - extraSessionCommands = '' - export SDL_VIDEODRIVER=wayland - export QT_QPA_PLATFORM=wayland - export QT_WAYLAND_DISABLE_WINDOWDECORATION="1" - export _JAVA_AWT_WM_NONREPARENTING=1 - export XDG_CURRENT_DESKTOP=sway - export XDG_SESSION_DESKTOP=sway - export QTWEBENGINE_CHROMIUM_FLAGS="--no-sandbox"; - export ANKI_WAYLAND=1; - export OBSIDIAN_USE_WAYLAND=1; - ''; - # extraConfigEarly = " - # exec systemctl --user import-environment DISPLAY WAYLAND_DISPLAY SWAYSOCK - # exec hash dbus-update-activation-environment 2>/dev/null && dbus-update-activation-environment --systemd DISPLAY WAYLAND_DISPLAY SWAYSOCK - # "; - extraConfig = - let - inherit (config.wayland.windowManager.sway.config) modifier; - swayfxSettings = config.swarselsystems.swayfxConfig; - in - " - exec_always autotiling - set $exit \"exit: [s]leep, [l]ock, [p]oweroff, [r]eboot, [u]ser logout\" - - mode $exit { - bindsym --to-code { - s exec \"systemctl suspend\", mode \"default\" - h exec \"systemctl hibernate\", mode \"default\" - l exec \"swaylock --screenshots --clock --effect-blur 7x5 --effect-vignette 0.5:0.5 --fade-in 0.2 --daemonize\", mode \"default\ - p exec \"systemctl poweroff\" - r exec \"systemctl reboot\" - u exec \"swaymsg exit\" - - Return mode \"default\" - Escape mode \"default\" - ${modifier}+Escape mode \"default\" - } - } - - exec systemctl --user import-environment - exec swayidle -w - - seat * hide_cursor 2000 - - exec kanshi - exec_always kill -1 $(pidof kanshi) - - bindswitch --locked lid:on exec kanshictl switch lidclosed - bindswitch --locked lid:off exec kanshictl switch lidopen - - ${swayfxSettings} - "; }; } diff --git a/profiles/home/common/waybar.nix b/profiles/home/common/waybar.nix index 45de59e..9e9b9ed 100644 --- a/profiles/home/common/waybar.nix +++ b/profiles/home/common/waybar.nix @@ -1,253 +1,309 @@ { self, config, lib, ... }: +let + generateIcons = n: lib.concatStringsSep " " (builtins.map (x: "{icon" + toString x + "}") (lib.range 0 (n - 1))); + modulesLeft = [ + "custom/outer-left-arrow-dark" + "mpris" + "custom/left-arrow-light" + "network" + "custom/vpn" + "custom/left-arrow-dark" + "pulseaudio" + "custom/left-arrow-light" + ]; + modulesRight = [ + "custom/left-arrow-dark" + "group/hardware" + "custom/left-arrow-light" + "clock#2" + "custom/left-arrow-dark" + "clock#1" + ]; +in { - programs.waybar = { - - enable = true; - systemd = { - enable = true; - target = "sway-sessions.target"; + options.swarselsystems = { + cpuCount = lib.mkOption { + type = lib.types.int; + default = 8; }; - settings = { - mainBar = { - ipc = true; - id = "bar-0"; - layer = "top"; - position = "top"; - modules-left = [ "sway/workspaces" "custom/outer-right-arrow-dark" "sway/window" ]; - modules-center = [ "sway/mode" "privacy" "custom/github" "custom/configwarn" "custom/nix-updates" ]; - "sway/mode" = { - format = "{}"; - }; - - modules-right = config.swarselsystems.waybarModules; - - "custom/pseudobat" = lib.mkIf (!config.swarselsystems.isLaptop) { - format = ""; - on-click-right = "wlogout -p layer-shell"; - }; - - "custom/configwarn" = { - exec = "waybarupdate"; - interval = 60; - }; - - "custom/scratchpad-indicator" = { - interval = 3; - exec = "swaymsg -t get_tree | jq 'recurse(.nodes[]) | first(select(.name==\"__i3_scratch\")) | .floating_nodes | length | select(. >= 1)'"; - format = "{} "; - on-click = "swaymsg 'scratchpad show'"; - on-click-right = "swaymsg 'move scratchpad'"; - }; - - "custom/github" = { - format = "{}  "; - return-type = "json"; - interval = 60; - exec = "github-notifications"; - on-click = "xdg-open https://github.com/notifications"; - }; - - idle_inhibitor = { - format = "{icon}"; - format-icons = { - activated = ""; - deactivated = ""; - }; - }; - - "group/hardware" = { - orientation = "inherit"; - drawer = { - "transition-left-to-right" = false; - }; - modules = [ - "tray" - "temperature" - "power-profiles-daemon" - "custom/left-arrow-light" - "custom/left-arrow-dark" - "custom/scratchpad-indicator" - "custom/left-arrow-light" - "disk" - "custom/left-arrow-dark" - "memory" - "custom/left-arrow-light" - "cpu" - "custom/left-arrow-dark" - "backlight/slider" - "idle_inhibitor" - ]; - }; - - "backlight/slider" = { - min = 0; - max = 100; - orientation = "horizontal"; - device = "intel_backlight"; - }; - - power-profiles-daemon = { - format = "{icon}"; - tooltip-format = "Power profile: {profile}\nDriver: {driver}"; - tooltip = true; - format-icons = { - "default" = ""; - "performance" = ""; - "balanced" = ""; - "power-saver" = ""; - }; - }; - - temperature = { - hwmon-path = lib.mkIf (!config.swarselsystems.temperatureHwmon.isAbsolutePath) config.swarselsystems.temperatureHwmon.path; - hwmon-path-abs = lib.mkIf config.swarselsystems.temperatureHwmon.isAbsolutePath config.swarselsystems.temperatureHwmon.path; - input-filename = lib.mkIf config.swarselsystems.temperatureHwmon.isAbsolutePath config.swarselsystems.temperatureHwmon.input-filename; - critical-threshold = 80; - format-critical = " {temperatureC}°C"; - format = " {temperatureC}°C"; - - }; - - mpris = { - format = "{player_icon} {title} [{position}/{length}]"; - format-paused = "{player_icon} {title} [{position}/{length}]"; - player-icons = { - "default" = "▶ "; - "mpv" = "🎵 "; - "spotify" = " "; - }; - status-icons = { - "paused" = " "; - }; - interval = 1; - title-len = 20; - artist-len = 20; - album-len = 10; - }; - "custom/left-arrow-dark" = { - format = ""; - tooltip = false; - }; - "custom/outer-left-arrow-dark" = { - format = ""; - tooltip = false; - }; - "custom/left-arrow-light" = { - format = ""; - tooltip = false; - }; - "custom/right-arrow-dark" = { - format = ""; - tooltip = false; - }; - "custom/outer-right-arrow-dark" = { - format = ""; - tooltip = false; - }; - "custom/right-arrow-light" = { - format = ""; - tooltip = false; - }; - "sway/workspaces" = { - disable-scroll = true; - format = "{name}"; - }; - - "clock#1" = { - min-length = 8; - interval = 1; - format = "{:%H:%M:%S}"; - # on-click-right= "gnome-clocks"; - tooltip-format = "{:%Y %B}\n{calendar}"; - }; - - "clock#2" = { - format = "{:%d. %B %Y}"; - # on-click-right= "gnome-clocks"; - tooltip-format = "{:%Y %B}\n{calendar}"; - }; - - pulseaudio = { - format = "{icon} {volume:2}%"; - format-bluetooth = "{icon} {volume}%"; - format-muted = "MUTE"; - format-icons = { - headphones = ""; - default = [ - "" - "" - ]; - }; - scroll-step = 1; - on-click = "pamixer -t"; - on-click-right = "pavucontrol"; - }; - - memory = { - interval = 5; - format = " {}%"; - tooltip-format = "Memory: {used:0.1f}G/{total:0.1f}G\nSwap: {swapUsed}G/{swapTotal}G"; - }; - cpu = { - format = config.swarselsystems.cpuString; - min-length = 6; - interval = 5; - format-icons = [ "▁" "▂" "▃" "▄" "▅" "▆" "▇" "█" ]; - # on-click-right= "com.github.stsdc.monitor"; - on-click-right = "kitty -o confirm_os_window_close=0 btm"; - - }; - "custom/vpn" = { - format = "()"; - exec = "echo '{\"class\": \"connected\"}'"; - exec-if = "test -d /proc/sys/net/ipv4/conf/tun0"; - return-type = "json"; - interval = 5; - }; - battery = { - states = { - "warning" = 60; - "error" = 30; - "critical" = 15; - }; - interval = 5; - format = "{icon} {capacity}%"; - format-charging = "{capacity}% "; - format-plugged = "{capacity}% "; - format-icons = [ - "" - "" - "" - "" - "" - ]; - on-click-right = "wlogout -p layer-shell"; - }; - disk = { - interval = 30; - format = "Disk {percentage_used:2}%"; - path = "/"; - states = { - "warning" = 80; - "critical" = 90; - }; - tooltip-format = "{used} used out of {total} on {path} ({percentage_used}%)\n{free} free on {path} ({percentage_free}%)"; - }; - tray = { - icon-size = 20; - }; - network = { - interval = 5; - format-wifi = "{signalStrength}% "; - format-ethernet = ""; - format-linked = "{ifname} (No IP) "; - format-disconnected = "Disconnected ⚠"; - format-alt = "{ifname}: {ipaddr}/{cidr}"; - tooltip-format-ethernet = "{ifname} via {gwaddr}: {essid} {ipaddr}/{cidr}\n\n⇡{bandwidthUpBytes} ⇣{bandwidthDownBytes}"; - tooltip-format-wifi = "{ifname} via {gwaddr}: {essid} {ipaddr}/{cidr} \n{signaldBm}dBm @ {frequency}MHz\n\n⇡{bandwidthUpBytes} ⇣{bandwidthDownBytes}"; - }; + temperatureHwmon = { + isAbsolutePath = lib.mkEnableOption "absolute temperature path"; + path = lib.mkOption { + type = lib.types.str; + default = ""; + }; + input-filename = lib.mkOption { + type = lib.types.str; + default = ""; }; }; - style = builtins.readFile (self + /programs/waybar/style.css); + waybarModules = lib.mkOption { + type = lib.types.listOf lib.types.str; + default = modulesLeft ++ [ + "custom/pseudobat" + ] ++ modulesRight; + }; + cpuString = lib.mkOption { + type = lib.types.str; + default = generateIcons config.swarselsystems.cpuCount; + description = "The generated icons string for use by Waybar."; + internal = true; + }; + }; + config = { + swarselsystems = { + waybarModules = lib.mkIf config.swarselsystems.isLaptop (modulesLeft ++ [ + "battery" + ] ++ modulesRight); + }; + programs.waybar = { + enable = true; + systemd = { + enable = true; + target = "sway-sessions.target"; + }; + settings = { + mainBar = { + ipc = true; + id = "bar-0"; + layer = "top"; + position = "top"; + modules-left = [ "sway/workspaces" "custom/outer-right-arrow-dark" "sway/window" ]; + modules-center = [ "sway/mode" "privacy" "custom/github" "custom/configwarn" "custom/nix-updates" ]; + "sway/mode" = { + format = "{}"; + }; + + modules-right = config.swarselsystems.waybarModules; + + "custom/pseudobat" = lib.mkIf (!config.swarselsystems.isLaptop) { + format = ""; + on-click-right = "wlogout -p layer-shell"; + }; + + "custom/configwarn" = { + exec = "waybarupdate"; + interval = 60; + }; + + "custom/scratchpad-indicator" = { + interval = 3; + exec = "swaymsg -t get_tree | jq 'recurse(.nodes[]) | first(select(.name==\"__i3_scratch\")) | .floating_nodes | length | select(. >= 1)'"; + format = "{} "; + on-click = "swaymsg 'scratchpad show'"; + on-click-right = "swaymsg 'move scratchpad'"; + }; + + "custom/github" = { + format = "{}  "; + return-type = "json"; + interval = 60; + exec = "github-notifications"; + on-click = "xdg-open https://github.com/notifications"; + }; + + idle_inhibitor = { + format = "{icon}"; + format-icons = { + activated = ""; + deactivated = ""; + }; + }; + + "group/hardware" = { + orientation = "inherit"; + drawer = { + "transition-left-to-right" = false; + }; + modules = [ + "tray" + "temperature" + "power-profiles-daemon" + "custom/left-arrow-light" + "custom/left-arrow-dark" + "custom/scratchpad-indicator" + "custom/left-arrow-light" + "disk" + "custom/left-arrow-dark" + "memory" + "custom/left-arrow-light" + "cpu" + "custom/left-arrow-dark" + "backlight/slider" + "idle_inhibitor" + ]; + }; + + "backlight/slider" = { + min = 0; + max = 100; + orientation = "horizontal"; + device = "intel_backlight"; + }; + + power-profiles-daemon = { + format = "{icon}"; + tooltip-format = "Power profile: {profile}\nDriver: {driver}"; + tooltip = true; + format-icons = { + "default" = ""; + "performance" = ""; + "balanced" = ""; + "power-saver" = ""; + }; + }; + + temperature = { + hwmon-path = lib.mkIf (!config.swarselsystems.temperatureHwmon.isAbsolutePath) config.swarselsystems.temperatureHwmon.path; + hwmon-path-abs = lib.mkIf config.swarselsystems.temperatureHwmon.isAbsolutePath config.swarselsystems.temperatureHwmon.path; + input-filename = lib.mkIf config.swarselsystems.temperatureHwmon.isAbsolutePath config.swarselsystems.temperatureHwmon.input-filename; + critical-threshold = 80; + format-critical = " {temperatureC}°C"; + format = " {temperatureC}°C"; + + }; + + mpris = { + format = "{player_icon} {title} [{position}/{length}]"; + format-paused = "{player_icon} {title} [{position}/{length}]"; + player-icons = { + "default" = "▶ "; + "mpv" = "🎵 "; + "spotify" = " "; + }; + status-icons = { + "paused" = " "; + }; + interval = 1; + title-len = 20; + artist-len = 20; + album-len = 10; + }; + "custom/left-arrow-dark" = { + format = ""; + tooltip = false; + }; + "custom/outer-left-arrow-dark" = { + format = ""; + tooltip = false; + }; + "custom/left-arrow-light" = { + format = ""; + tooltip = false; + }; + "custom/right-arrow-dark" = { + format = ""; + tooltip = false; + }; + "custom/outer-right-arrow-dark" = { + format = ""; + tooltip = false; + }; + "custom/right-arrow-light" = { + format = ""; + tooltip = false; + }; + "sway/workspaces" = { + disable-scroll = true; + format = "{name}"; + }; + + "clock#1" = { + min-length = 8; + interval = 1; + format = "{:%H:%M:%S}"; + # on-click-right= "gnome-clocks"; + tooltip-format = "{:%Y %B}\n{calendar}"; + }; + + "clock#2" = { + format = "{:%d. %B %Y}"; + # on-click-right= "gnome-clocks"; + tooltip-format = "{:%Y %B}\n{calendar}"; + }; + + pulseaudio = { + format = "{icon} {volume:2}%"; + format-bluetooth = "{icon} {volume}%"; + format-muted = "MUTE"; + format-icons = { + headphones = ""; + default = [ + "" + "" + ]; + }; + scroll-step = 1; + on-click = "pamixer -t"; + on-click-right = "pavucontrol"; + }; + + memory = { + interval = 5; + format = " {}%"; + tooltip-format = "Memory: {used:0.1f}G/{total:0.1f}G\nSwap: {swapUsed}G/{swapTotal}G"; + }; + cpu = { + format = config.swarselsystems.cpuString; + min-length = 6; + interval = 5; + format-icons = [ "▁" "▂" "▃" "▄" "▅" "▆" "▇" "█" ]; + # on-click-right= "com.github.stsdc.monitor"; + on-click-right = "kitty -o confirm_os_window_close=0 btm"; + + }; + "custom/vpn" = { + format = "()"; + exec = "echo '{\"class\": \"connected\"}'"; + exec-if = "test -d /proc/sys/net/ipv4/conf/tun0"; + return-type = "json"; + interval = 5; + }; + battery = { + states = { + "warning" = 60; + "error" = 30; + "critical" = 15; + }; + interval = 5; + format = "{icon} {capacity}%"; + format-charging = "{capacity}% "; + format-plugged = "{capacity}% "; + format-icons = [ + "" + "" + "" + "" + "" + ]; + on-click-right = "wlogout -p layer-shell"; + }; + disk = { + interval = 30; + format = "Disk {percentage_used:2}%"; + path = "/"; + states = { + "warning" = 80; + "critical" = 90; + }; + tooltip-format = "{used} used out of {total} on {path} ({percentage_used}%)\n{free} free on {path} ({percentage_free}%)"; + }; + tray = { + icon-size = 20; + }; + network = { + interval = 5; + format-wifi = "{signalStrength}% "; + format-ethernet = ""; + format-linked = "{ifname} (No IP) "; + format-disconnected = "Disconnected ⚠"; + format-alt = "{ifname}: {ipaddr}/{cidr}"; + tooltip-format-ethernet = "{ifname} via {gwaddr}: {essid} {ipaddr}/{cidr}\n\n⇡{bandwidthUpBytes} ⇣{bandwidthDownBytes}"; + tooltip-format-wifi = "{ifname} via {gwaddr}: {essid} {ipaddr}/{cidr} \n{signaldBm}dBm @ {frequency}MHz\n\n⇡{bandwidthUpBytes} ⇣{bandwidthDownBytes}"; + }; + }; + }; + style = builtins.readFile (self + /programs/waybar/style.css); + }; }; } diff --git a/profiles/home/common/zsh.nix b/profiles/home/common/zsh.nix index eac382f..f4bc8d7 100644 --- a/profiles/home/common/zsh.nix +++ b/profiles/home/common/zsh.nix @@ -3,102 +3,110 @@ let inherit (config.swarselsystems) flakePath; in { - programs.zsh = { - enable = true; - shellAliases = lib.recursiveUpdate - { - hg = "history | grep"; - hmswitch = "home-manager --flake ${flakePath}#$(whoami)@$(hostname) switch |& nom"; - nswitch = "sudo nixos-rebuild --flake ${flakePath}#$(hostname) --show-trace --log-format internal-json -v switch |& nom --json"; - nboot = "sudo nixos-rebuild --flake ${flakePath}#$(hostname) --show-trace --log-format internal-json -v boot |& nom --json"; - magit = "emacsclient -nc -e \"(magit-status)\""; - config = "git --git-dir=$HOME/.cfg/ --work-tree=$HOME"; - g = "git"; - c = "git --git-dir=$FLAKE/.git --work-tree=$FLAKE/"; - passpush = "cd ~/.local/share/password-store; git add .; git commit -m 'pass file changes'; git push; cd -;"; - passpull = "cd ~/.local/share/password-store; git pull; cd -;"; - hotspot = "nmcli connection up local; nmcli device wifi hotspot;"; - cd = "z"; - youtube-dl = "yt-dlp"; - cd-orig = "cd"; - cat-orig = "cat"; - cdr = "cd \"$( (find $DOCUMENT_DIR_WORK $DOCUMENT_DIR_PRIV -maxdepth 1 && echo $FLAKE) | fzf )\""; - nix-ldd-ldd = "LD_LIBRARY_PATH=$NIX_LD_LIBRARY_PATH ldd"; - nix-ldd = "LD_LIBRARY_PATH=$NIX_LD_LIBRARY_PATH ldd"; - nix-ldd-locate = "nix-locate --minimal --top-level -w "; - nix-store-search = "ls /nix/store | grep"; - fs-diff = "sudo mount -o subvol=/ /dev/mapper/cryptroot /mnt ; fs-diff"; - lt = "eza -las modified --total-size"; - boot-diff = "nix store diff-closures /run/*-system"; - gen-diff = "nix profile diff-closures --profile /nix/var/nix/profiles/system"; - cc = "wl-copy"; - } - config.swarselsystems.shellAliases; - autosuggestion.enable = true; - enableCompletion = true; - syntaxHighlighting.enable = true; - autocd = false; - cdpath = [ - "~/.dotfiles" - # "~/Documents/GitHub" - ]; - defaultKeymap = "emacs"; - dirHashes = { - dl = "$HOME/Downloads"; - gh = "$HOME/Documents/GitHub"; + options.swarselsystems = { + shellAliases = lib.mkOption { + type = lib.types.attrsOf lib.types.str; + default = { }; }; - history = { - expireDuplicatesFirst = true; - path = "$HOME/.histfile"; - save = 10000; - size = 10000; - }; - historySubstringSearch = { + }; + config = { + programs.zsh = { enable = true; - searchDownKey = "^[OB"; - searchUpKey = "^[OA"; + shellAliases = lib.recursiveUpdate + { + hg = "history | grep"; + hmswitch = "home-manager --flake ${flakePath}#$(whoami)@$(hostname) switch |& nom"; + nswitch = "sudo nixos-rebuild --flake ${flakePath}#$(hostname) --show-trace --log-format internal-json -v switch |& nom --json"; + nboot = "sudo nixos-rebuild --flake ${flakePath}#$(hostname) --show-trace --log-format internal-json -v boot |& nom --json"; + magit = "emacsclient -nc -e \"(magit-status)\""; + config = "git --git-dir=$HOME/.cfg/ --work-tree=$HOME"; + g = "git"; + c = "git --git-dir=$FLAKE/.git --work-tree=$FLAKE/"; + passpush = "cd ~/.local/share/password-store; git add .; git commit -m 'pass file changes'; git push; cd -;"; + passpull = "cd ~/.local/share/password-store; git pull; cd -;"; + hotspot = "nmcli connection up local; nmcli device wifi hotspot;"; + cd = "z"; + youtube-dl = "yt-dlp"; + cd-orig = "cd"; + cat-orig = "cat"; + cdr = "cd \"$( (find $DOCUMENT_DIR_WORK $DOCUMENT_DIR_PRIV -maxdepth 1 && echo $FLAKE) | fzf )\""; + nix-ldd-ldd = "LD_LIBRARY_PATH=$NIX_LD_LIBRARY_PATH ldd"; + nix-ldd = "LD_LIBRARY_PATH=$NIX_LD_LIBRARY_PATH ldd"; + nix-ldd-locate = "nix-locate --minimal --top-level -w "; + nix-store-search = "ls /nix/store | grep"; + fs-diff = "sudo mount -o subvol=/ /dev/mapper/cryptroot /mnt ; fs-diff"; + lt = "eza -las modified --total-size"; + boot-diff = "nix store diff-closures /run/*-system"; + gen-diff = "nix profile diff-closures --profile /nix/var/nix/profiles/system"; + cc = "wl-copy"; + } + config.swarselsystems.shellAliases; + autosuggestion.enable = true; + enableCompletion = true; + syntaxHighlighting.enable = true; + autocd = false; + cdpath = [ + "~/.dotfiles" + # "~/Documents/GitHub" + ]; + defaultKeymap = "emacs"; + dirHashes = { + dl = "$HOME/Downloads"; + gh = "$HOME/Documents/GitHub"; + }; + history = { + expireDuplicatesFirst = true; + path = "$HOME/.histfile"; + save = 10000; + size = 10000; + }; + historySubstringSearch = { + enable = true; + searchDownKey = "^[OB"; + searchUpKey = "^[OA"; + }; + plugins = [ + { + name = "fzf-tab"; + src = pkgs.zsh-fzf-tab; + } + ]; + initExtra = '' + bindkey "^[[1;5D" backward-word + bindkey "^[[1;5C" forward-word + + my-backward-delete-word() { + # Copy the global WORDCHARS variable to a local variable. That way any + # modifications are scoped to this function only + local WORDCHARS=$WORDCHARS + # Use bash string manipulation to remove `:` so our delete will stop at it + WORDCHARS="''${WORDCHARS//:}" + # Use bash string manipulation to remove `/` so our delete will stop at it + WORDCHARS="''${WORDCHARS//\/}" + # Use bash string manipulation to remove `.` so our delete will stop at it + WORDCHARS="''${WORDCHARS//.}" + # zle will run an existing widget. + zle backward-delete-word + } + zle -N my-backward-delete-word + bindkey '^H' my-backward-delete-word + + # This will be our `ctrl+alt+w` command + my-backward-delete-whole-word() { + # Copy the global WORDCHARS variable to a local variable. That way any + # modifications are scoped to this function only + local WORDCHARS=$WORDCHARS + # Use bash string manipulation to add `:` to WORDCHARS if it's not present + # already. + [[ ! $WORDCHARS == *":"* ]] && WORDCHARS="$WORDCHARS"":" + # zle will run that widget. + zle backward-delete-word + } + # `zle -N` will create a new widget that we can use on the command line + zle -N my-backward-delete-whole-word + # bind this new widget to `ctrl+alt+w` + bindkey '^W' my-backward-delete-whole-word + ''; }; - plugins = [ - { - name = "fzf-tab"; - src = pkgs.zsh-fzf-tab; - } - ]; - initExtra = '' - bindkey "^[[1;5D" backward-word - bindkey "^[[1;5C" forward-word - - my-backward-delete-word() { - # Copy the global WORDCHARS variable to a local variable. That way any - # modifications are scoped to this function only - local WORDCHARS=$WORDCHARS - # Use bash string manipulation to remove `:` so our delete will stop at it - WORDCHARS="''${WORDCHARS//:}" - # Use bash string manipulation to remove `/` so our delete will stop at it - WORDCHARS="''${WORDCHARS//\/}" - # Use bash string manipulation to remove `.` so our delete will stop at it - WORDCHARS="''${WORDCHARS//.}" - # zle will run an existing widget. - zle backward-delete-word - } - zle -N my-backward-delete-word - bindkey '^H' my-backward-delete-word - - # This will be our `ctrl+alt+w` command - my-backward-delete-whole-word() { - # Copy the global WORDCHARS variable to a local variable. That way any - # modifications are scoped to this function only - local WORDCHARS=$WORDCHARS - # Use bash string manipulation to add `:` to WORDCHARS if it's not present - # already. - [[ ! $WORDCHARS == *":"* ]] && WORDCHARS="$WORDCHARS"":" - # zle will run that widget. - zle backward-delete-word - } - # `zle -N` will create a new widget that we can use on the command line - zle -N my-backward-delete-whole-word - # bind this new widget to `ctrl+alt+w` - bindkey '^W' my-backward-delete-whole-word - ''; }; } diff --git a/profiles/home/optional/work.nix b/profiles/home/optional/work.nix index 350cc83..9d67ca0 100644 --- a/profiles/home/optional/work.nix +++ b/profiles/home/optional/work.nix @@ -104,25 +104,36 @@ in }; firefox = { - profiles = { - dc = lib.recursiveUpdate - { - id = 1; - settings = { - "browser.startup.homepage" = "https://tower.vbc.ac.at|https://artifactory.vbc.ac.at"; - }; - } - config.swarselsystems.firefox; - cl = lib.recursiveUpdate - { - id = 2; - settings = { - "browser.startup.homepage" = "https://portal.azure.com"; - }; - } - config.swarselsystems.firefox; - ws = lib.recursiveUpdate { id = 3; } config.swarselsystems.firefox; - }; + profiles = + let + isDefault = false; + in + { + dc = lib.recursiveUpdate + { + inherit isDefault; + id = 1; + settings = { + "browser.startup.homepage" = "https://tower.vbc.ac.at|https://artifactory.vbc.ac.at"; + }; + } + config.swarselsystems.firefox; + cl = lib.recursiveUpdate + { + inherit isDefault; + id = 2; + settings = { + "browser.startup.homepage" = "https://portal.azure.com"; + }; + } + config.swarselsystems.firefox; + ws = lib.recursiveUpdate + { + inherit isDefault; + id = 3; + } + config.swarselsystems.firefox; + }; }; chromium = { diff --git a/profiles/home/server/default.nix b/profiles/home/server/default.nix index b0784a4..9dc5b33 100644 --- a/profiles/home/server/default.nix +++ b/profiles/home/server/default.nix @@ -6,5 +6,6 @@ in { imports = lib.swarselsystems.mkImports importNames "profiles/home/server" ++ [ "${profilesPath}/home/common/settings.nix" + "${profilesPath}/home/common/sharedsetup.nix" ]; } diff --git a/profiles/nixos/common/default.nix b/profiles/nixos/common/default.nix index 3664711..57a7817 100644 --- a/profiles/nixos/common/default.nix +++ b/profiles/nixos/common/default.nix @@ -1,9 +1,12 @@ -{ lib, ... }: +{ self, lib, ... }: let importNames = lib.swarselsystems.readNix "profiles/nixos/common"; + profilesPath = "${self}/profiles"; in { - imports = lib.swarselsystems.mkImports importNames "profiles/nixos/common"; + imports = lib.swarselsystems.mkImports importNames "profiles/nixos/common" ++ [ + "${profilesPath}/home/common/sharedsetup.nix" + ]; nixpkgs.config.permittedInsecurePackages = [ "jitsi-meet-1.0.8043" diff --git a/profiles/nixos/common/hardware.nix b/profiles/nixos/common/hardware.nix index ba57f3b..204cbc6 100644 --- a/profiles/nixos/common/hardware.nix +++ b/profiles/nixos/common/hardware.nix @@ -1,34 +1,47 @@ { pkgs, config, lib, ... }: { - hardware = { - # opengl.driSupport32Bit = true is replaced with graphics.enable32Bit and hence redundant - graphics = { - enable = true; - enable32Bit = true; - }; - - - trackpoint = lib.mkIf config.swarselsystems.trackpoint.isAvailable { - enable = true; - inherit (config.swarselsystems.trackpoint) device; - }; - - keyboard.qmk.enable = true; - - enableAllFirmware = true; - - bluetooth = lib.mkIf config.swarselsystems.hasBluetooth { - enable = true; - package = pkgs.stable.bluez; - powerOnBoot = true; - settings = { - General = { - Enable = "Source,Sink,Media,Socket"; - }; + options.swarselsystems = { + hasBluetooth = lib.mkEnableOption "bluetooth availability"; + hasFingerprint = lib.mkEnableOption "fingerprint sensor availability"; + trackpoint = { + isAvailable = lib.mkEnableOption "trackpoint availability"; + trackpoint.device = lib.mkOption { + type = lib.types.str; + default = ""; }; }; }; + config = { + hardware = { + # opengl.driSupport32Bit = true is replaced with graphics.enable32Bit and hence redundant + graphics = { + enable = true; + enable32Bit = true; + }; - services.fprintd.enable = lib.mkIf config.swarselsystems.hasFingerprint true; + + trackpoint = lib.mkIf config.swarselsystems.trackpoint.isAvailable { + enable = true; + inherit (config.swarselsystems.trackpoint) device; + }; + + keyboard.qmk.enable = true; + + enableAllFirmware = true; + + bluetooth = lib.mkIf config.swarselsystems.hasBluetooth { + enable = true; + package = pkgs.stable.bluez; + powerOnBoot = true; + settings = { + General = { + Enable = "Source,Sink,Media,Socket"; + }; + }; + }; + }; + + services.fprintd.enable = lib.mkIf config.swarselsystems.hasFingerprint true; + }; } diff --git a/modules/nixos/setup.nix b/profiles/nixos/common/sharedsetup.nix similarity index 100% rename from modules/nixos/setup.nix rename to profiles/nixos/common/sharedsetup.nix diff --git a/profiles/nixos/common/stylix.nix b/profiles/nixos/common/stylix.nix index 417ea6c..a94e6d8 100644 --- a/profiles/nixos/common/stylix.nix +++ b/profiles/nixos/common/stylix.nix @@ -8,12 +8,7 @@ config.swarselsystems.stylix; home-manager.users."${config.swarselsystems.mainUser}" = { stylix = { - targets = { - emacs.enable = false; - waybar.enable = false; - sway.useWallpaper = false; - firefox.profileNames = [ "default" ]; - }; + targets = config.swarselsystems.stylixHomeTargets; }; }; } diff --git a/profiles/nixos/server/ankisync.nix b/profiles/nixos/server/ankisync.nix index e3d8dbb..08dbbb5 100644 --- a/profiles/nixos/server/ankisync.nix +++ b/profiles/nixos/server/ankisync.nix @@ -1,5 +1,6 @@ { lib, config, ... }: { + options.swarselsystems.server.ankisync = lib.mkEnableOption "enable ankisync on server"; config = lib.mkIf config.swarselsystems.server.ankisync { networking.firewall.allowedTCPPorts = [ 22701 ]; diff --git a/profiles/nixos/server/default.nix b/profiles/nixos/server/default.nix index 3bdf181..55d7108 100644 --- a/profiles/nixos/server/default.nix +++ b/profiles/nixos/server/default.nix @@ -14,5 +14,7 @@ in "${profilesPath}/nixos/common/time.nix" "${profilesPath}/nixos/common/users.nix" "${profilesPath}/nixos/common/nix-ld.nix" + "${profilesPath}/nixos/common/sharedsetup.nix" + "${profilesPath}/home/common/sharedsetup.nix" ]; } diff --git a/profiles/nixos/server/emacs.nix b/profiles/nixos/server/emacs.nix index 88201a6..9744c4d 100644 --- a/profiles/nixos/server/emacs.nix +++ b/profiles/nixos/server/emacs.nix @@ -1,5 +1,6 @@ { lib, config, ... }: { + options.swarselsystems.server.emacs = lib.mkEnableOption "enable emacs server on server"; config = lib.mkIf config.swarselsystems.server.emacs { networking.firewall.allowedTCPPorts = [ 9812 ]; diff --git a/profiles/nixos/server/forgejo.nix b/profiles/nixos/server/forgejo.nix index 402a409..0b85e6c 100644 --- a/profiles/nixos/server/forgejo.nix +++ b/profiles/nixos/server/forgejo.nix @@ -1,5 +1,6 @@ { lib, config, ... }: { + options.swarselsystems.server.forgejo = lib.mkEnableOption "enable forgejo on server"; config = lib.mkIf config.swarselsystems.server.forgejo { networking.firewall.allowedTCPPorts = [ 3000 ]; diff --git a/profiles/nixos/server/freshrss.nix b/profiles/nixos/server/freshrss.nix index 0e42e15..ab8b783 100644 --- a/profiles/nixos/server/freshrss.nix +++ b/profiles/nixos/server/freshrss.nix @@ -1,5 +1,6 @@ { lib, config, ... }: { + options.swarselsystems.server.freshrss = lib.mkEnableOption "enable freshrss on server"; config = lib.mkIf config.swarselsystems.server.freshrss { users.users.freshrss = { diff --git a/profiles/nixos/server/immich.nix b/profiles/nixos/server/immich.nix index 385db13..9079710 100644 --- a/profiles/nixos/server/immich.nix +++ b/profiles/nixos/server/immich.nix @@ -1,5 +1,6 @@ { lib, config, ... }: { + options.swarselsystems.server.immich = lib.mkEnableOption "enable immich on server"; config = lib.mkIf config.swarselsystems.server.immich { users.users.immich = { diff --git a/profiles/nixos/server/jellyfin.nix b/profiles/nixos/server/jellyfin.nix index 8f07590..c61bdb6 100644 --- a/profiles/nixos/server/jellyfin.nix +++ b/profiles/nixos/server/jellyfin.nix @@ -1,5 +1,6 @@ { pkgs, lib, config, ... }: { + options.swarselsystems.server.jellyfin = lib.mkEnableOption "enable jellyfin on server"; config = lib.mkIf config.swarselsystems.server.jellyfin { users.users.jellyfin = { extraGroups = [ "video" "render" "users" ]; diff --git a/profiles/nixos/server/jenkins.nix b/profiles/nixos/server/jenkins.nix index 525a808..ea860bb 100644 --- a/profiles/nixos/server/jenkins.nix +++ b/profiles/nixos/server/jenkins.nix @@ -1,5 +1,6 @@ { pkgs, lib, config, ... }: { + options.swarselsystems.server.jenkins = lib.mkEnableOption "enable jenkins on server"; config = lib.mkIf config.swarselsystems.server.jenkins { services.jenkins = { diff --git a/profiles/nixos/server/kavita.nix b/profiles/nixos/server/kavita.nix index 1ec45a9..235f076 100644 --- a/profiles/nixos/server/kavita.nix +++ b/profiles/nixos/server/kavita.nix @@ -1,5 +1,6 @@ { pkgs, lib, config, ... }: { + options.swarselsystems.server.kavita = lib.mkEnableOption "enable kavita on server"; config = lib.mkIf config.swarselsystems.server.kavita { environment.systemPackages = with pkgs; [ calibre diff --git a/profiles/nixos/server/matrix.nix b/profiles/nixos/server/matrix.nix index 674742a..1d9626a 100644 --- a/profiles/nixos/server/matrix.nix +++ b/profiles/nixos/server/matrix.nix @@ -11,7 +11,7 @@ let ''; in { - + options.swarselsystems.server.matrix = lib.mkEnableOption "enable matrix on server"; config = lib.mkIf config.swarselsystems.server.matrix { environment.systemPackages = with pkgs; [ matrix-synapse diff --git a/profiles/nixos/server/monitoring.nix b/profiles/nixos/server/monitoring.nix index 373671a..55ad1e7 100644 --- a/profiles/nixos/server/monitoring.nix +++ b/profiles/nixos/server/monitoring.nix @@ -1,5 +1,6 @@ { self, lib, config, ... }: { + options.swarselsystems.server.monitoring = lib.mkEnableOption "enable monitoring on server"; config = lib.mkIf config.swarselsystems.server.monitoring { sops.secrets = { diff --git a/profiles/nixos/server/mpd.nix b/profiles/nixos/server/mpd.nix index 0380143..2a22e21 100644 --- a/profiles/nixos/server/mpd.nix +++ b/profiles/nixos/server/mpd.nix @@ -1,5 +1,6 @@ { pkgs, lib, config, ... }: { + options.swarselsystems.server.mpd = lib.mkEnableOption "enable mpd on server"; config = lib.mkIf config.swarselsystems.server.mpd { users = { groups = { diff --git a/profiles/nixos/server/navidrome.nix b/profiles/nixos/server/navidrome.nix index e32c59b..d787df6 100644 --- a/profiles/nixos/server/navidrome.nix +++ b/profiles/nixos/server/navidrome.nix @@ -3,6 +3,7 @@ let secretsDirectory = builtins.toString inputs.nix-secrets; in { + options.swarselsystems.server.navidrome = lib.mkEnableOption "enable navidrome on server"; config = lib.mkIf config.swarselsystems.server.navidrome { environment.systemPackages = with pkgs; [ pciutils diff --git a/profiles/nixos/server/nextcloud.nix b/profiles/nixos/server/nextcloud.nix index 5239755..5805fa5 100644 --- a/profiles/nixos/server/nextcloud.nix +++ b/profiles/nixos/server/nextcloud.nix @@ -1,5 +1,6 @@ { pkgs, lib, config, ... }: { + options.swarselsystems.server.nextcloud = lib.mkEnableOption "enable nextcloud on server"; config = lib.mkIf config.swarselsystems.server.nextcloud { sops.secrets.nextcloudadminpass = { diff --git a/profiles/nixos/server/paperless.nix b/profiles/nixos/server/paperless.nix index 26a2041..9fdb442 100644 --- a/profiles/nixos/server/paperless.nix +++ b/profiles/nixos/server/paperless.nix @@ -1,5 +1,6 @@ { lib, config, ... }: { + options.swarselsystems.server.paperless = lib.mkEnableOption "enable paperless on server"; config = lib.mkIf config.swarselsystems.server.paperless { users.users.paperless = { diff --git a/profiles/nixos/server/pipewire.nix b/profiles/nixos/server/pipewire.nix index 0234335..98ffe1a 100644 --- a/profiles/nixos/server/pipewire.nix +++ b/profiles/nixos/server/pipewire.nix @@ -1,6 +1,6 @@ { lib, config, ... }: { - config = lib.mkIf (config.swarselsystems.server.mpd || config.swarselsystems.server.navidrome) { + config = lib.mkIf (config?swarselsystems.server.mpd || config?swarselsystems.server.navidrome) { security.rtkit.enable = true; # this is required for pipewire real-time access diff --git a/profiles/nixos/server/restic.nix b/profiles/nixos/server/restic.nix index 7b5d6c5..5fb7c75 100644 --- a/profiles/nixos/server/restic.nix +++ b/profiles/nixos/server/restic.nix @@ -1,5 +1,6 @@ { lib, config, ... }: { + options.swarselsystems.server.restic = lib.mkEnableOption "enable restic backups on server"; config = lib.mkIf config.swarselsystems.server.restic { # TODO diff --git a/profiles/nixos/server/settings.nix b/profiles/nixos/server/settings.nix index d4323bf..1052e28 100644 --- a/profiles/nixos/server/settings.nix +++ b/profiles/nixos/server/settings.nix @@ -3,26 +3,33 @@ let inherit (config.swarselsystems) flakePath; in { - environment.shellAliases = lib.recursiveUpdate - { - npswitch = "cd ${flakePath}; git pull; sudo nixos-rebuild --flake .#$(hostname) switch; cd -;"; - nswitch = "sudo nixos-rebuild --flake ${flakePath}#$(hostname) switch;"; - npiswitch = "cd ${flakePath}; git pull; sudo nixos-rebuild --flake .#$(hostname) switch --impure; cd -;"; - nipswitch = "cd ${flakePath}; git pull; sudo nixos-rebuild --flake .#$(hostname) switch --impure; cd -;"; - niswitch = "sudo nixos-rebuild --flake ${flakePath}#$(hostname) switch --impure;"; - } - config.swarselsystems.shellAliases; - - nixpkgs.config.permittedInsecurePackages = [ - # matrix - "olm-3.2.16" - # sonarr - "aspnetcore-runtime-wrapped-6.0.36" - "aspnetcore-runtime-6.0.36" - "dotnet-sdk-wrapped-6.0.428" - "dotnet-sdk-6.0.428" - # - "SDL_ttf-2.0.11" - ]; + options.swarselsystems = { + shellAliases = lib.mkOption { + type = lib.types.attrsOf lib.types.str; + default = { }; + }; + }; + config = { + environment.shellAliases = lib.recursiveUpdate + { + npswitch = "cd ${flakePath}; git pull; sudo nixos-rebuild --flake .#$(hostname) switch; cd -;"; + nswitch = "sudo nixos-rebuild --flake ${flakePath}#$(hostname) switch;"; + npiswitch = "cd ${flakePath}; git pull; sudo nixos-rebuild --flake .#$(hostname) switch --impure; cd -;"; + nipswitch = "cd ${flakePath}; git pull; sudo nixos-rebuild --flake .#$(hostname) switch --impure; cd -;"; + niswitch = "sudo nixos-rebuild --flake ${flakePath}#$(hostname) switch --impure;"; + } + config.swarselsystems.shellAliases; + nixpkgs.config.permittedInsecurePackages = [ + # matrix + "olm-3.2.16" + # sonarr + "aspnetcore-runtime-wrapped-6.0.36" + "aspnetcore-runtime-6.0.36" + "dotnet-sdk-wrapped-6.0.428" + "dotnet-sdk-6.0.428" + # + "SDL_ttf-2.0.11" + ]; + }; } diff --git a/profiles/nixos/server/spotifyd.nix b/profiles/nixos/server/spotifyd.nix index 06eeb76..b48c595 100644 --- a/profiles/nixos/server/spotifyd.nix +++ b/profiles/nixos/server/spotifyd.nix @@ -1,5 +1,6 @@ { lib, config, ... }: { + options.swarselsystems.server.spotifyd = lib.mkEnableOption "enable spotifyd on server"; config = lib.mkIf config.swarselsystems.server.spotifyd { users.groups.spotifyd = { gid = 65136; diff --git a/profiles/nixos/server/syncthing.nix b/profiles/nixos/server/syncthing.nix index b87dcab..5509544 100644 --- a/profiles/nixos/server/syncthing.nix +++ b/profiles/nixos/server/syncthing.nix @@ -4,6 +4,7 @@ let workHostName = lib.swarselsystems.getSecret "${secretsDirectory}/work/worklaptop-hostname"; in { + options.swarselsystems.server.syncthing = lib.mkEnableOption "enable syncthing on server"; config = lib.mkIf config.swarselsystems.server.syncthing { users.users.syncthing = { diff --git a/profiles/nixos/server/transmission.nix b/profiles/nixos/server/transmission.nix index ee88608..bf0531d 100644 --- a/profiles/nixos/server/transmission.nix +++ b/profiles/nixos/server/transmission.nix @@ -1,5 +1,6 @@ { pkgs, lib, config, ... }: { + options.swarselsystems.server.transmission = lib.mkEnableOption "enable transmission and friends on server"; config = lib.mkIf config.swarselsystems.server.transmission { # this user/group section is probably unneeded diff --git a/templates/hosts/nixos/default.nix b/templates/hosts/nixos/default.nix index 36e9c5e..1256bde 100644 --- a/templates/hosts/nixos/default.nix +++ b/templates/hosts/nixos/default.nix @@ -55,15 +55,6 @@ in isLaptop = true; isNixos = true; cpuCount = 16; - startup = [ - { command = "nextcloud --background"; } - { command = "vesktop --start-minimized --enable-speech-dispatcher --ozone-platform-hint=auto --enable-features=WaylandWindowDecorations --enable-wayland-ime"; } - { command = "element-desktop --hidden --enable-features=UseOzonePlatform --ozone-platform=wayland --disable-gpu-driver-bug-workarounds"; } - { command = "ANKI_WAYLAND=1 anki"; } - { command = "OBSIDIAN_USE_WAYLAND=1 obsidian"; } - { command = "nm-applet"; } - { command = "feishin"; } - ]; } sharedOptions; } From 289f072c13c10ac12f151f96452847d74908afa8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leon=20Schwarz=C3=A4ugl?= Date: Thu, 27 Mar 2025 01:47:14 +0100 Subject: [PATCH 02/13] refactor: rename old profiles->modules [part 2] --- SwarselSystems.org | 440 +++++++++--------- hosts/home/default/default.nix | 4 +- hosts/nixos/chaostheatre/default.nix | 4 +- hosts/nixos/iso/default.nix | 10 +- hosts/nixos/nbl-imba-2/default.nix | 18 +- hosts/nixos/sync/default.nix | 12 +- hosts/nixos/toto/default.nix | 34 +- hosts/nixos/winters/default.nix | 8 +- lib/default.nix | 8 +- modules/darwin/home/default.nix | 10 + .../darwin/nixos/default.nix | 0 .../home/common/custom-packages.nix | 0 modules/home/common/default.nix | 7 + {profiles => modules}/home/common/desktop.nix | 0 {profiles => modules}/home/common/direnv.nix | 0 {profiles => modules}/home/common/emacs.nix | 0 {profiles => modules}/home/common/env.nix | 0 {profiles => modules}/home/common/eza.nix | 0 {profiles => modules}/home/common/firefox.nix | 0 {profiles => modules}/home/common/fuzzel.nix | 0 .../home/common/gammastep.nix | 0 {profiles => modules}/home/common/git.nix | 0 .../home/common/gnome-keyring.nix | 0 .../home/common/gpg-agent.nix | 0 {profiles => modules}/home/common/kanshi.nix | 0 .../home/common/kdeconnect.nix | 0 {profiles => modules}/home/common/kitty.nix | 0 {profiles => modules}/home/common/mail.nix | 0 {profiles => modules}/home/common/mako.nix | 0 .../home/common/nix-index.nix | 0 {profiles => modules}/home/common/nixgl.nix | 0 .../home/common/packages.nix | 0 .../home/common/password-store.nix | 0 .../home/common/programs.nix | 0 .../home/common/settings.nix | 0 .../home/common/sharedsetup.nix | 0 {profiles => modules}/home/common/sops.nix | 0 {profiles => modules}/home/common/ssh.nix | 0 .../home/common/starship.nix | 0 {profiles => modules}/home/common/stylix.nix | 0 {profiles => modules}/home/common/sway.nix | 0 {profiles => modules}/home/common/symlink.nix | 0 {profiles => modules}/home/common/tmux.nix | 0 {profiles => modules}/home/common/waybar.nix | 0 .../home/common/yubikey-touch-detector.nix | 0 {profiles => modules}/home/common/yubikey.nix | 0 {profiles => modules}/home/common/zellij.nix | 0 {profiles => modules}/home/common/zsh.nix | 0 .../home/optional/gaming.nix | 0 {profiles => modules}/home/optional/work.nix | 0 modules/home/server/default.nix | 11 + {profiles => modules}/home/server/symlink.nix | 0 {profiles => modules}/iso/minimal.nix | 0 .../nixos/common/appimage.nix | 0 .../nixos/common/blueman.nix | 0 modules/nixos/common/default.nix | 17 + .../nixos/common/distrobox.nix | 0 {profiles => modules}/nixos/common/env.nix | 0 {profiles => modules}/nixos/common/gc.nix | 0 .../nixos/common/gnome-keyring.nix | 0 {profiles => modules}/nixos/common/gvfs.nix | 0 .../nixos/common/hardware.nix | 0 .../hardwarecompatibility-keyboards.nix | 0 .../common/hardwarecompatibility-ledger.nix | 0 .../common/hardwarecompatibility-yubikey.nix | 0 .../nixos/common/home-manager-extra.nix | 0 .../nixos/common/home-manager.nix | 0 .../nixos/common/impermanence.nix | 0 .../nixos/common/interceptiontools.nix | 0 .../nixos/common/lanzaboote.nix | 0 {profiles => modules}/nixos/common/lid.nix | 0 {profiles => modules}/nixos/common/login.nix | 0 .../nixos/common/lowbattery.nix | 0 .../nixos/common/network.nix | 0 .../nixos/common/networkdevices.nix | 0 {profiles => modules}/nixos/common/nix-ld.nix | 0 .../nixos/common/nvd-rebuild.nix | 0 .../nixos/common/packages.nix | 0 .../nixos/common/pipewire.nix | 0 {profiles => modules}/nixos/common/polkit.nix | 0 .../nixos/common/power-profiles-daemon.nix | 0 .../nixos/common/programs.nix | 0 .../nixos/common/pulseaudio.nix | 0 .../nixos/common/settings.nix | 0 .../nixos/common/sharedsetup.nix | 0 {profiles => modules}/nixos/common/sops.nix | 0 {profiles => modules}/nixos/common/store.nix | 0 {profiles => modules}/nixos/common/stylix.nix | 0 {profiles => modules}/nixos/common/sway.nix | 0 .../nixos/common/syncthing.nix | 0 .../nixos/common/systemd.nix | 0 {profiles => modules}/nixos/common/time.nix | 0 {profiles => modules}/nixos/common/users.nix | 0 .../nixos/common/xdg-portal.nix | 0 .../nixos/common/xserver.nix | 0 {profiles => modules}/nixos/common/zsh.nix | 0 .../nixos/optional/autologin.nix | 0 .../nixos/optional/gaming.nix | 0 .../nixos/optional/nswitch-rcm.nix | 0 .../nixos/optional/virtualbox.nix | 0 .../nixos/optional/vmware.nix | 0 {profiles => modules}/nixos/optional/work.nix | 0 .../nixos/server/ankisync.nix | 0 modules/nixos/server/default.nix | 20 + {profiles => modules}/nixos/server/emacs.nix | 0 .../nixos/server/forgejo.nix | 0 .../nixos/server/freshrss.nix | 0 {profiles => modules}/nixos/server/immich.nix | 0 .../nixos/server/jellyfin.nix | 0 .../nixos/server/jenkins.nix | 0 {profiles => modules}/nixos/server/kavita.nix | 0 {profiles => modules}/nixos/server/matrix.nix | 0 .../nixos/server/monitoring.nix | 0 {profiles => modules}/nixos/server/mpd.nix | 0 .../nixos/server/navidrome.nix | 0 .../nixos/server/nextcloud.nix | 0 {profiles => modules}/nixos/server/nfs.nix | 0 {profiles => modules}/nixos/server/nginx.nix | 0 .../nixos/server/packages.nix | 0 .../nixos/server/paperless.nix | 0 .../nixos/server/pipewire.nix | 0 {profiles => modules}/nixos/server/restic.nix | 0 .../nixos/server/settings.nix | 0 {profiles => modules}/nixos/server/sops.nix | 0 .../nixos/server/spotifyd.nix | 0 {profiles => modules}/nixos/server/ssh.nix | 0 .../nixos/server/syncthing.nix | 0 .../nixos/server/transmission.nix | 0 profiles/darwin/home/default.nix | 10 - profiles/home/common/default.nix | 7 - {modules => profiles}/home/default.nix | 2 +- profiles/home/server/default.nix | 11 - profiles/nixos/common/default.nix | 17 - {modules => profiles}/nixos/default.nix | 2 +- profiles/nixos/server/default.nix | 20 - scripts/swarsel-install.sh | 12 +- scripts/swarsel-rebuild.sh | 12 +- templates/hosts/nixos/default.nix | 14 +- 138 files changed, 355 insertions(+), 355 deletions(-) create mode 100644 modules/darwin/home/default.nix rename {profiles => modules}/darwin/nixos/default.nix (100%) rename {profiles => modules}/home/common/custom-packages.nix (100%) create mode 100644 modules/home/common/default.nix rename {profiles => modules}/home/common/desktop.nix (100%) rename {profiles => modules}/home/common/direnv.nix (100%) rename {profiles => modules}/home/common/emacs.nix (100%) rename {profiles => modules}/home/common/env.nix (100%) rename {profiles => modules}/home/common/eza.nix (100%) rename {profiles => modules}/home/common/firefox.nix (100%) rename {profiles => modules}/home/common/fuzzel.nix (100%) rename {profiles => modules}/home/common/gammastep.nix (100%) rename {profiles => modules}/home/common/git.nix (100%) rename {profiles => modules}/home/common/gnome-keyring.nix (100%) rename {profiles => modules}/home/common/gpg-agent.nix (100%) rename {profiles => modules}/home/common/kanshi.nix (100%) rename {profiles => modules}/home/common/kdeconnect.nix (100%) rename {profiles => modules}/home/common/kitty.nix (100%) rename {profiles => modules}/home/common/mail.nix (100%) rename {profiles => modules}/home/common/mako.nix (100%) rename {profiles => modules}/home/common/nix-index.nix (100%) rename {profiles => modules}/home/common/nixgl.nix (100%) rename {profiles => modules}/home/common/packages.nix (100%) rename {profiles => modules}/home/common/password-store.nix (100%) rename {profiles => modules}/home/common/programs.nix (100%) rename {profiles => modules}/home/common/settings.nix (100%) rename {profiles => modules}/home/common/sharedsetup.nix (100%) rename {profiles => modules}/home/common/sops.nix (100%) rename {profiles => modules}/home/common/ssh.nix (100%) rename {profiles => modules}/home/common/starship.nix (100%) rename {profiles => modules}/home/common/stylix.nix (100%) rename {profiles => modules}/home/common/sway.nix (100%) rename {profiles => modules}/home/common/symlink.nix (100%) rename {profiles => modules}/home/common/tmux.nix (100%) rename {profiles => modules}/home/common/waybar.nix (100%) rename {profiles => modules}/home/common/yubikey-touch-detector.nix (100%) rename {profiles => modules}/home/common/yubikey.nix (100%) rename {profiles => modules}/home/common/zellij.nix (100%) rename {profiles => modules}/home/common/zsh.nix (100%) rename {profiles => modules}/home/optional/gaming.nix (100%) rename {profiles => modules}/home/optional/work.nix (100%) create mode 100644 modules/home/server/default.nix rename {profiles => modules}/home/server/symlink.nix (100%) rename {profiles => modules}/iso/minimal.nix (100%) rename {profiles => modules}/nixos/common/appimage.nix (100%) rename {profiles => modules}/nixos/common/blueman.nix (100%) create mode 100644 modules/nixos/common/default.nix rename {profiles => modules}/nixos/common/distrobox.nix (100%) rename {profiles => modules}/nixos/common/env.nix (100%) rename {profiles => modules}/nixos/common/gc.nix (100%) rename {profiles => modules}/nixos/common/gnome-keyring.nix (100%) rename {profiles => modules}/nixos/common/gvfs.nix (100%) rename {profiles => modules}/nixos/common/hardware.nix (100%) rename {profiles => modules}/nixos/common/hardwarecompatibility-keyboards.nix (100%) rename {profiles => modules}/nixos/common/hardwarecompatibility-ledger.nix (100%) rename {profiles => modules}/nixos/common/hardwarecompatibility-yubikey.nix (100%) rename {profiles => modules}/nixos/common/home-manager-extra.nix (100%) rename {profiles => modules}/nixos/common/home-manager.nix (100%) rename {profiles => modules}/nixos/common/impermanence.nix (100%) rename {profiles => modules}/nixos/common/interceptiontools.nix (100%) rename {profiles => modules}/nixos/common/lanzaboote.nix (100%) rename {profiles => modules}/nixos/common/lid.nix (100%) rename {profiles => modules}/nixos/common/login.nix (100%) rename {profiles => modules}/nixos/common/lowbattery.nix (100%) rename {profiles => modules}/nixos/common/network.nix (100%) rename {profiles => modules}/nixos/common/networkdevices.nix (100%) rename {profiles => modules}/nixos/common/nix-ld.nix (100%) rename {profiles => modules}/nixos/common/nvd-rebuild.nix (100%) rename {profiles => modules}/nixos/common/packages.nix (100%) rename {profiles => modules}/nixos/common/pipewire.nix (100%) rename {profiles => modules}/nixos/common/polkit.nix (100%) rename {profiles => modules}/nixos/common/power-profiles-daemon.nix (100%) rename {profiles => modules}/nixos/common/programs.nix (100%) rename {profiles => modules}/nixos/common/pulseaudio.nix (100%) rename {profiles => modules}/nixos/common/settings.nix (100%) rename {profiles => modules}/nixos/common/sharedsetup.nix (100%) rename {profiles => modules}/nixos/common/sops.nix (100%) rename {profiles => modules}/nixos/common/store.nix (100%) rename {profiles => modules}/nixos/common/stylix.nix (100%) rename {profiles => modules}/nixos/common/sway.nix (100%) rename {profiles => modules}/nixos/common/syncthing.nix (100%) rename {profiles => modules}/nixos/common/systemd.nix (100%) rename {profiles => modules}/nixos/common/time.nix (100%) rename {profiles => modules}/nixos/common/users.nix (100%) rename {profiles => modules}/nixos/common/xdg-portal.nix (100%) rename {profiles => modules}/nixos/common/xserver.nix (100%) rename {profiles => modules}/nixos/common/zsh.nix (100%) rename {profiles => modules}/nixos/optional/autologin.nix (100%) rename {profiles => modules}/nixos/optional/gaming.nix (100%) rename {profiles => modules}/nixos/optional/nswitch-rcm.nix (100%) rename {profiles => modules}/nixos/optional/virtualbox.nix (100%) rename {profiles => modules}/nixos/optional/vmware.nix (100%) rename {profiles => modules}/nixos/optional/work.nix (100%) rename {profiles => modules}/nixos/server/ankisync.nix (100%) create mode 100644 modules/nixos/server/default.nix rename {profiles => modules}/nixos/server/emacs.nix (100%) rename {profiles => modules}/nixos/server/forgejo.nix (100%) rename {profiles => modules}/nixos/server/freshrss.nix (100%) rename {profiles => modules}/nixos/server/immich.nix (100%) rename {profiles => modules}/nixos/server/jellyfin.nix (100%) rename {profiles => modules}/nixos/server/jenkins.nix (100%) rename {profiles => modules}/nixos/server/kavita.nix (100%) rename {profiles => modules}/nixos/server/matrix.nix (100%) rename {profiles => modules}/nixos/server/monitoring.nix (100%) rename {profiles => modules}/nixos/server/mpd.nix (100%) rename {profiles => modules}/nixos/server/navidrome.nix (100%) rename {profiles => modules}/nixos/server/nextcloud.nix (100%) rename {profiles => modules}/nixos/server/nfs.nix (100%) rename {profiles => modules}/nixos/server/nginx.nix (100%) rename {profiles => modules}/nixos/server/packages.nix (100%) rename {profiles => modules}/nixos/server/paperless.nix (100%) rename {profiles => modules}/nixos/server/pipewire.nix (100%) rename {profiles => modules}/nixos/server/restic.nix (100%) rename {profiles => modules}/nixos/server/settings.nix (100%) rename {profiles => modules}/nixos/server/sops.nix (100%) rename {profiles => modules}/nixos/server/spotifyd.nix (100%) rename {profiles => modules}/nixos/server/ssh.nix (100%) rename {profiles => modules}/nixos/server/syncthing.nix (100%) rename {profiles => modules}/nixos/server/transmission.nix (100%) delete mode 100644 profiles/darwin/home/default.nix delete mode 100644 profiles/home/common/default.nix rename {modules => profiles}/home/default.nix (53%) delete mode 100644 profiles/home/server/default.nix delete mode 100644 profiles/nixos/common/default.nix rename {modules => profiles}/nixos/default.nix (53%) delete mode 100644 profiles/nixos/server/default.nix diff --git a/SwarselSystems.org b/SwarselSystems.org index f9b56fd..8008f3e 100644 --- a/SwarselSystems.org +++ b/SwarselSystems.org @@ -590,7 +590,7 @@ This is the template that I use for new deployments of personal machines. Server #+begin_src nix :tangle templates/hosts/nixos/default.nix { self, inputs, pkgs, lib, primaryUser, ... }: let - profilesPath = "${self}/profiles"; + modulesPath = "${self}/modules"; sharedOptions = { isBtrfs = true; }; @@ -603,16 +603,16 @@ This is the template that I use for new deployments of personal machines. Server ./hardware-configuration.nix ./disk-config.nix - "${profilesPath}/nixos/optional/virtualbox.nix" - # "${profilesPath}/nixos/optional/vmware.nix" - "${profilesPath}/nixos/optional/autologin.nix" - "${profilesPath}/nixos/optional/nswitch-rcm.nix" - "${profilesPath}/nixos/optional/gaming.nix" + "${modulesPath}/nixos/optional/virtualbox.nix" + # "${modulesPath}/nixos/optional/vmware.nix" + "${modulesPath}/nixos/optional/autologin.nix" + "${modulesPath}/nixos/optional/nswitch-rcm.nix" + "${modulesPath}/nixos/optional/gaming.nix" inputs.home-manager.nixosModules.home-manager { home-manager.users."${primaryUser}".imports = [ - "${profilesPath}/home/optional/gaming.nix" + "${modulesPath}/home/optional/gaming.nix" ]; } ]; @@ -802,7 +802,7 @@ My work machine. Built for more security, this is the gold standard of my config { self, inputs, lib, primaryUser, ... }: let secretsDirectory = builtins.toString inputs.nix-secrets; - profilesPath = "${self}/profiles"; + modulesPath = "${self}/modules"; sharedOptions = { isBtrfs = true; isLinux = true; @@ -818,18 +818,18 @@ My work machine. Built for more security, this is the gold standard of my config ./disk-config.nix ./hardware-configuration.nix - "${profilesPath}/nixos/optional/virtualbox.nix" - # "${profilesPath}/nixos/optional/vmware.nix" - "${profilesPath}/nixos/optional/autologin.nix" - "${profilesPath}/nixos/optional/nswitch-rcm.nix" - "${profilesPath}/nixos/optional/gaming.nix" - "${profilesPath}/nixos/optional/work.nix" + "${modulesPath}/nixos/optional/virtualbox.nix" + # "${modulesPath}/nixos/optional/vmware.nix" + "${modulesPath}/nixos/optional/autologin.nix" + "${modulesPath}/nixos/optional/nswitch-rcm.nix" + "${modulesPath}/nixos/optional/gaming.nix" + "${modulesPath}/nixos/optional/work.nix" inputs.home-manager.nixosModules.home-manager { home-manager.users."${primaryUser}".imports = [ - "${profilesPath}/home/optional/gaming.nix" - "${profilesPath}/home/optional/work.nix" + "${modulesPath}/home/optional/gaming.nix" + "${modulesPath}/home/optional/work.nix" ]; } ]; @@ -1207,20 +1207,20 @@ This is my main server that I run at home. It handles most tasks that require bi #+begin_src nix :tangle hosts/nixos/winters/default.nix { self, inputs, primaryUser, ... }: let - profilesPath = "${self}/profiles"; + modulesPath = "${self}/modules"; in { imports = [ ./hardware-configuration.nix - "${profilesPath}/nixos/optional/autologin.nix" - "${profilesPath}/nixos/server" + "${modulesPath}/nixos/optional/autologin.nix" + "${modulesPath}/nixos/server" inputs.home-manager.nixosModules.home-manager { home-manager.users."${primaryUser}".imports = [ - "${profilesPath}/home/server" + "${modulesPath}/home/server" ]; } ]; @@ -1431,21 +1431,21 @@ This machine mainly acts as an external sync helper. It manages the following th #+begin_src nix :tangle hosts/nixos/sync/default.nix { self, inputs, lib, primaryUser, ... }: let - profilesPath = "${self}/profiles"; + modulesPath = "${self}/modules"; in { imports = [ - "${profilesPath}/nixos/server" - "${profilesPath}/nixos/common/sharedsetup.nix" - "${profilesPath}/home/common/sharedsetup.nix" + "${modulesPath}/nixos/server" + "${modulesPath}/nixos/common/sharedsetup.nix" + "${modulesPath}/home/common/sharedsetup.nix" ./hardware-configuration.nix inputs.home-manager.nixosModules.home-manager { home-manager.users."${primaryUser}".imports = [ - "${profilesPath}/home/server" - "${profilesPath}/home/common/sharedsetup.nix" + "${modulesPath}/home/server" + "${modulesPath}/home/common/sharedsetup.nix" ]; } ]; @@ -1544,7 +1544,7 @@ This is a slim setup for developing base configuration. I do not track the hardw #+begin_src nix :tangle hosts/nixos/toto/default.nix { self, inputs, pkgs, lib, primaryUser, ... }: let - profilesPath = "${self}/profiles"; + modulesPath = "${self}/modules"; sharedOptions = { isBtrfs = true; isLinux = true; @@ -1556,27 +1556,27 @@ This is a slim setup for developing base configuration. I do not track the hardw "${self}/hosts/nixos/toto/disk-config.nix" ./hardware-configuration.nix - "${profilesPath}/nixos/optional/autologin.nix" - "${profilesPath}/nixos/common/settings.nix" - "${profilesPath}/nixos/common/sharedsetup.nix" - "${profilesPath}/nixos/common/home-manager.nix" - "${profilesPath}/nixos/common/home-manager-extra.nix" - "${profilesPath}/nixos/common/xserver.nix" - "${profilesPath}/nixos/common/users.nix" - "${profilesPath}/nixos/common/impermanence.nix" - "${profilesPath}/nixos/common/lanzaboote.nix" - "${profilesPath}/nixos/common/sops.nix" - "${profilesPath}/nixos/server/ssh.nix" - "${profilesPath}/home/common/sharedsetup.nix" + "${modulesPath}/nixos/optional/autologin.nix" + "${modulesPath}/nixos/common/settings.nix" + "${modulesPath}/nixos/common/sharedsetup.nix" + "${modulesPath}/nixos/common/home-manager.nix" + "${modulesPath}/nixos/common/home-manager-extra.nix" + "${modulesPath}/nixos/common/xserver.nix" + "${modulesPath}/nixos/common/users.nix" + "${modulesPath}/nixos/common/impermanence.nix" + "${modulesPath}/nixos/common/lanzaboote.nix" + "${modulesPath}/nixos/common/sops.nix" + "${modulesPath}/nixos/server/ssh.nix" + "${modulesPath}/home/common/sharedsetup.nix" inputs.home-manager.nixosModules.home-manager { home-manager.users."${primaryUser}".imports = [ inputs.sops-nix.homeManagerModules.sops - "${profilesPath}/home/common/settings.nix" - "${profilesPath}/home/common/sops.nix" - "${profilesPath}/home/common/ssh.nix" - "${profilesPath}/home/common/sharedsetup.nix" + "${modulesPath}/home/common/settings.nix" + "${modulesPath}/home/common/sops.nix" + "${modulesPath}/home/common/ssh.nix" + "${modulesPath}/home/common/sharedsetup.nix" ]; } ]; @@ -1805,15 +1805,15 @@ Also, an initial bash history is provided to allow for a very quick local deploy "${modulesPath}/installer/cd-dvd/installation-cd-minimal.nix" "${modulesPath}/installer/cd-dvd/channel.nix" - "${self}/profiles/iso/minimal.nix" - "${self}/profiles/nixos/common/sharedsetup.nix" - "${self}/profiles/home/common/sharedsetup.nix" + "${self}/modules/iso/minimal.nix" + "${self}/modules/nixos/common/sharedsetup.nix" + "${self}/modules/home/common/sharedsetup.nix" inputs.home-manager.nixosModules.home-manager { home-manager.users."${primaryUser}".imports = [ - "${self}/profiles/home/common/settings.nix" - "${self}/profiles/home/common/sharedsetup.nix" + "${self}/modules/home/common/settings.nix" + "${self}/modules/home/common/sharedsetup.nix" ]; } ]; @@ -1926,8 +1926,8 @@ This is the "reference implementation" of a setup that runs without NixOS, only inputs.stylix.homeManagerModules.stylix inputs.sops-nix.homeManagerModules.sops inputs.nix-index-database.hmModules.nix-index - ./profiles/home/common - "${self}/profiles/home/common/sharedsetup.nix" + ./modules/home/common + "${self}/modules/home/common/sharedsetup.nix" ]; nixpkgs = { @@ -1974,7 +1974,7 @@ I also set the =WLR_RENDERER_ALLOW_SOFTWARE=1= to allow this configuration to ru #+begin_src nix :tangle hosts/nixos/chaostheatre/default.nix { self, config, pkgs, lib, primaryUser, ... }: let - profilesPath = "${self}/profiles"; + modulesPath = "${self}/modules"; in { @@ -1984,7 +1984,7 @@ I also set the =WLR_RENDERER_ALLOW_SOFTWARE=1= to allow this configuration to ru { _module.args.diskDevice = config.swarselsystems.rootDisk; } - "${profilesPath}/nixos/optional/autologin.nix" + "${modulesPath}/nixos/optional/autologin.nix" ]; environment.variables = { @@ -3118,12 +3118,12 @@ This program builds a configuration locally. sed -i '/nix-secrets = {/,/^[[:space:]]*};/d' flake.nix sed -i '/vbc-nix = {/,/^[[:space:]]*};/d' flake.nix sed -i '/[[:space:]]*\/\/ (inputs.vbc-nix.overlays.default final prev)/d' overlays/default.nix - rm profiles/home/common/env.nix - rm profiles/home/common/gammastep.nix - rm profiles/home/common/git.nix - rm profiles/home/common/mail.nix - rm profiles/home/common/yubikey.nix - rm profiles/nixos/common/home-manager-extra.nix + rm modules/home/common/env.nix + rm modules/home/common/gammastep.nix + rm modules/home/common/git.nix + rm modules/home/common/mail.nix + rm modules/home/common/yubikey.nix + rm modules/nixos/common/home-manager-extra.nix nix flake update vbc-nix git add . else @@ -3253,12 +3253,12 @@ This program sets up a new NixOS host locally. sed -i '/nix-secrets = {/,/^[[:space:]]*};/d' flake.nix sed -i '/vbc-nix = {/,/^[[:space:]]*};/d' flake.nix sed -i '/[[:space:]]*\/\/ (inputs.vbc-nix.overlays.default final prev)/d' overlays/default.nix - rm profiles/home/common/env.nix - rm profiles/home/common/gammastep.nix - rm profiles/home/common/git.nix - rm profiles/home/common/mail.nix - rm profiles/home/common/yubikey.nix - rm profiles/nixos/common/home-manager-extra.nix + rm modules/home/common/env.nix + rm modules/home/common/gammastep.nix + rm modules/home/common/git.nix + rm modules/home/common/mail.nix + rm modules/home/common/yubikey.nix + rm modules/nixos/common/home-manager-extra.nix nix flake update vbc-nix git add . else @@ -3784,7 +3784,7 @@ When adding a new entry here, do not forget to add it in the default output of t #+end_src -*** Modules +*** Profiles :PROPERTIES: :CUSTOM_ID: h:f0f1c961-3e7a-47b8-99ab-1654bb45dffc :END: @@ -3800,10 +3800,10 @@ Note: The structure of generating the packages was changed in commit =2cf03a3 re Modules that need to be loaded on the NixOS level. Note that these will not be available on systems that are not running NixOS. -#+begin_src nix :tangle modules/nixos/default.nix +#+begin_src nix :tangle profiles/nixos/default.nix { lib, ... }: let - moduleNames = lib.swarselsystems.readNix "modules/nixos"; + moduleNames = lib.swarselsystems.readNix "profiles/nixos"; in lib.swarselsystems.mkModules moduleNames "nixos" @@ -3816,10 +3816,10 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a This holds modules that are to be used on most hosts. These are also the most important options to configure, as these allow me easy access to monitor, keyboard, and other setups. -#+BEGIN_src nix :tangle modules/home/default.nix +#+BEGIN_src nix :tangle profiles/home/default.nix { lib, ... }: let - moduleNames = lib.swarselsystems.readNix "modules/home"; + moduleNames = lib.swarselsystems.readNix "profiles/home"; in lib.swarselsystems.mkModules moduleNames "home" #+end_src @@ -3901,7 +3901,7 @@ TODO ] ++ (if (host == "winters" || host == "sync") then [ ] else [ # put nixos imports here that are for all normal hosts - "${self}/profiles/${type}/common" + "${self}/modules/${type}/common" inputs.stylix.nixosModules.stylix inputs.nswitch-rcm-nix.nixosModules.nswitch-rcm ]) ++ (if (type == "nixos") then [ @@ -3910,7 +3910,7 @@ TODO home-manager.users."${linuxUser}".imports = ( if (host == "winters" || host == "sync") then [ ] else [ # put home-manager imports here that are for all normal hosts - "${self}/profiles/home/common" + "${self}/modules/home/common" ] ) ++ [ # put home-manager imports here that are for all servers and normal hosts @@ -3920,12 +3920,12 @@ TODO } ] else [ # put nixos imports here that are for darwin hosts - "${self}/profiles/darwin/nixos/common" + "${self}/modules/darwin/nixos/common" inputs.home-manager.darwinModules.home-manager { home-manager.users."${macUser}".imports = [ # put home-manager imports here that are for darwin hosts - "${self}/profiles/darwin/home" + "${self}/modules/darwin/home" ]; } ]) @@ -4023,15 +4023,15 @@ These are system-level settings specific to NixOS machines. All settings that ar This section is for setting things that should be used on hosts that are using the default NixOS configuration. This means that servers should NOT import this, as much of these imported modules are user-configured. -#+begin_src nix :tangle profiles/nixos/common/default.nix +#+begin_src nix :tangle modules/nixos/common/default.nix { self, lib, ... }: let - importNames = lib.swarselsystems.readNix "profiles/nixos/common"; - profilesPath = "${self}/profiles"; + importNames = lib.swarselsystems.readNix "modules/nixos/common"; + modulesPath = "${self}/modules"; in { - imports = lib.swarselsystems.mkImports importNames "profiles/nixos/common" ++ [ - "${profilesPath}/home/common/sharedsetup.nix" + imports = lib.swarselsystems.mkImports importNames "modules/nixos/common" ++ [ + "${modulesPath}/home/common/sharedsetup.nix" ]; nixpkgs.config.permittedInsecurePackages = [ @@ -4051,7 +4051,7 @@ This section is for setting things that should be used on hosts that are using t I usually use =mutableUsers = false= in my NixOS configuration. However, on a new system where sops-keys have not been deployed, this would immediately lock me out of the system. Hence this flag can be used until sops-keys are created. -#+begin_src nix :tangle profiles/nixos/common/sharedsetup.nix +#+begin_src nix :tangle modules/nixos/common/sharedsetup.nix { lib, ... }: { options.swarselsystems = { @@ -4112,7 +4112,7 @@ A breakdown of the flags being set: - nix.registry: Sets the registry for this flake, which I set to its inputs. This allows me to use e.g. =nixpkgs= directly in =nix repl= - nix.nixPath: Basically the same as =nix.registry=, but for the legacy nix commands -#+begin_src nix :tangle profiles/nixos/common/settings.nix +#+begin_src nix :tangle modules/nixos/common/settings.nix { lib, config, outputs, inputs, ... }: { @@ -4167,7 +4167,7 @@ A breakdown of the flags being set: Mostly used to install some compilers and lsp's that I want to have available when not using a devShell flake. Most other packages should go in [[#h:893a7f33-7715-415b-a895-2687ded31c18][Installed packages]]. -#+begin_src nix :tangle profiles/nixos/common/packages.nix +#+begin_src nix :tangle modules/nixos/common/packages.nix { pkgs, ... }: { environment.systemPackages = with pkgs; [ @@ -4300,7 +4300,7 @@ Mostly used to install some compilers and lsp's that I want to have available wh We enable the use of =home-manager= as a NixoS module. A nice trick here is the =extraSpecialArgs = inputs= line, which enables the use of =seflf= in most parts of the configuration. This is useful to refer to the root of the flake (which is otherwise quite hard while maintaining flake purity). -#+begin_src nix :tangle profiles/nixos/common/home-manager.nix +#+begin_src nix :tangle modules/nixos/common/home-manager.nix { inputs, config, lib, ... }: { home-manager = lib.mkIf config.swarselsystems.withHomeManager { @@ -4318,7 +4318,7 @@ We enable the use of =home-manager= as a NixoS module. A nice trick here is the This sets up the =nix-secrets= extraSpeciaArgs. This should not be present on the =chaostheatre= configuration, which is why I split this section into its own file, which makes removal easier when setting that system up. -#+begin_src nix :tangle profiles/nixos/common/home-manager-extra.nix +#+begin_src nix :tangle modules/nixos/common/home-manager-extra.nix { inputs, config, lib, ... }: { home-manager = lib.mkIf config.swarselsystems.withHomeManager { @@ -4334,7 +4334,7 @@ This sets up the =nix-secrets= extraSpeciaArgs. This should not be present on th Next, we setup the keymap in case we are not in a graphical session. At this point, I always resort to us/altgr-intl, as it is comfortable to use and I do not write too much German anyways. -#+begin_src nix :tangle profiles/nixos/common/xserver.nix +#+begin_src nix :tangle modules/nixos/common/xserver.nix _: { services.xserver = { @@ -4356,7 +4356,7 @@ In case of using a fully setup system, this makes also sure that no further user For that reason, make sure that =sops-nix= is properly working before setting the =initialSetup= flag, otherwise you might lose user access. -#+begin_src nix :tangle profiles/nixos/common/users.nix +#+begin_src nix :tangle modules/nixos/common/users.nix { pkgs, config, lib, ... }: { sops.secrets.swarseluser = lib.mkIf (!config.swarselsystems.isPublic) { neededForUsers = true; }; @@ -4382,7 +4382,7 @@ For that reason, make sure that =sops-nix= is properly working before setting th Next, we will setup some environment variables that need to be set on the system-side. We apply some compatibility options for chromium apps on wayland, enable the wordlist and make metadata reading possible for my file explorer (nautilus). -#+begin_src nix :tangle profiles/nixos/common/env.nix +#+begin_src nix :tangle modules/nixos/common/env.nix { lib, pkgs, ... }: { environment = { @@ -4408,7 +4408,7 @@ Next, we will setup some environment variables that need to be set on the system Needed for control over system-wide privileges etc. Also I make sure that the root user has access to =SSH_AUTH_SOCK= (without this, root will not be able to read my =nix-secrets= repository). -#+begin_src nix :tangle profiles/nixos/common/polkit.nix +#+begin_src nix :tangle modules/nixos/common/polkit.nix _: { @@ -4438,7 +4438,7 @@ Needed for control over system-wide privileges etc. Also I make sure that the ro The nix store fills up over time, until =/boot/efi= is filled. This snippet cleans it automatically on a weekly basis. -#+begin_src nix :tangle profiles/nixos/common/gc.nix +#+begin_src nix :tangle modules/nixos/common/gc.nix _: { nix.gc = { @@ -4457,7 +4457,7 @@ The nix store fills up over time, until =/boot/efi= is filled. This snippet clea This enables hardlinking identical files in the nix store, to save on disk space. I have read this incurs a significant I/O overhead, I need to keep an eye on this. -#+begin_src nix :tangle profiles/nixos/common/store.nix +#+begin_src nix :tangle modules/nixos/common/store.nix _: { nix.optimise = { @@ -4475,7 +4475,7 @@ This enables hardlinking identical files in the nix store, to save on disk space There is a persistent bug over Linux kernels that makes the user wait 1m30s on system shutdown due to the reason =a stop job is running for session 1 of user ...=. I do not want to wait that long and am confident no important data is lost by doing this. -#+begin_src nix :tangle profiles/nixos/common/systemd.nix +#+begin_src nix :tangle modules/nixos/common/systemd.nix _: { # systemd @@ -4493,7 +4493,7 @@ There is a persistent bug over Linux kernels that makes the user wait 1m30s on s Enable OpenGL, Sound, Bluetooth and various drivers. -#+begin_src nix :tangle profiles/nixos/common/hardware.nix +#+begin_src nix :tangle modules/nixos/common/hardware.nix { pkgs, config, lib, ... }: { @@ -4551,7 +4551,7 @@ Enable OpenGL, Sound, Bluetooth and various drivers. This is only used on systems not running Pipewire. -#+begin_src nix :tangle profiles/nixos/common/pulseaudio.nix +#+begin_src nix :tangle modules/nixos/common/pulseaudio.nix { config, pkgs, lib, ... }: { services.pulseaudio = { @@ -4568,7 +4568,7 @@ This is only used on systems not running Pipewire. Pipewire handles communication on Wayland. This enables several sound tools as well as screen sharing in combinaton with =xdg-desktop-portal-wlr=. -#+begin_src nix :tangle profiles/nixos/common/pipewire.nix +#+begin_src nix :tangle modules/nixos/common/pipewire.nix _: { security.rtkit.enable = true; # this is required for pipewire real-time access @@ -4592,7 +4592,7 @@ Pipewire handles communication on Wayland. This enables several sound tools as w Here I only enable =networkmanager= and a few default networks. The rest of the network config is done separately in [[#h:88bf4b90-e94b-46fb-aaf1-a381a512860d][System specific configuration]]. -#+begin_src nix :tangle profiles/nixos/common/network.nix +#+begin_src nix :tangle modules/nixos/common/network.nix { lib, config, ... }: { networking = { @@ -4847,7 +4847,7 @@ Here I only enable =networkmanager= and a few default networks. The rest of the Setup timezone and locale. I want to use the US layout, but have the rest adapted to my country and timezone. Also, there is an issue with running Windows/Linux dualboot on the same machine where the hardware clock desyncs between the two OS'es. We fix that bug here as well. -#+begin_src nix :tangle profiles/nixos/common/time.nix +#+begin_src nix :tangle modules/nixos/common/time.nix _: { time = { @@ -4884,7 +4884,7 @@ I use sops-nix to handle secrets that I want to have available on my machines at - cp ~/.ssh/sops.pub ~/.dotfiles/secrets/keys/NAME.pub - update entry for sops.age.sshKeyPaths -#+begin_src nix :tangle profiles/nixos/common/sops.nix +#+begin_src nix :tangle modules/nixos/common/sops.nix { self, config, lib, ... }: let certsSopsFile = self + /secrets/certs/secrets.yaml; @@ -4946,7 +4946,7 @@ I use sops-nix to handle secrets that I want to have available on my machines at By default, [[https://github.com/danth/stylix][stylix]] wants to style GRUB as well. However, I think that looks horrible. =theme= is defined in [[#h:5bc1b0c9-dc59-4c81-b5b5-e60699deda78][Theme (stylix)]]. -#+begin_src nix :noweb yes :tangle profiles/nixos/common/stylix.nix +#+begin_src nix :noweb yes :tangle modules/nixos/common/stylix.nix { lib, config, ... }: { stylix = lib.recursiveUpdate @@ -4970,7 +4970,7 @@ By default, [[https://github.com/danth/stylix][stylix]] wants to style GRUB as w Some programs profit from being installed through dedicated NixOS settings on system-level; these go here. Notably the zsh setup goes here and cannot be deleted under any circumstances. -#+begin_src nix :tangle profiles/nixos/common/programs.nix +#+begin_src nix :tangle modules/nixos/common/programs.nix _: { programs = { @@ -4987,7 +4987,7 @@ Some programs profit from being installed through dedicated NixOS settings on sy :END: Do not touch this. -#+begin_src nix :tangle profiles/nixos/common/zsh.nix +#+begin_src nix :tangle modules/nixos/common/zsh.nix { pkgs, ... }: { programs.zsh.enable = true; @@ -5001,7 +5001,7 @@ Do not touch this. :CUSTOM_ID: h:1e6d3d56-e415-43a2-8e80-3bad8062ecf8 :END: -#+begin_src nix :tangle profiles/nixos/common/syncthing.nix +#+begin_src nix :tangle modules/nixos/common/syncthing.nix { lib, config, ... }: let inherit (config.swarselsystems) mainUser homeDir; @@ -5071,7 +5071,7 @@ Setting up some hardware services as well as keyboard related settings. Here we Enables the blueman service including the nice system tray icon. -#+begin_src nix :tangle profiles/nixos/common/blueman.nix +#+begin_src nix :tangle modules/nixos/common/blueman.nix _: { services.blueman.enable = true; @@ -5090,7 +5090,7 @@ This allows me to use my big scanner/printer's scanning function over the networ This also allows me to use my big scanner/printer's printing function over the network. Most of the settings are driver related. Avahi is the service used for the network discovery. -#+begin_src nix :tangle profiles/nixos/common/networkdevices.nix +#+begin_src nix :tangle modules/nixos/common/networkdevices.nix { pkgs, ... }: { # enable scanners over network @@ -5130,7 +5130,7 @@ Avahi is the service used for the network discovery. This is being set to allow myself to use all functions of nautilus in NixOS -#+begin_src nix :tangle profiles/nixos/common/gvfs.nix +#+begin_src nix :tangle modules/nixos/common/gvfs.nix _: { services.gvfs.enable = true; @@ -5144,7 +5144,7 @@ This is being set to allow myself to use all functions of nautilus in NixOS This is a super-convenient package that lets my remap my =CAPS= key to =ESC= if pressed shortly, and =CTRL= if being held. -#+begin_src nix :tangle profiles/nixos/common/interceptiontools.nix +#+begin_src nix :tangle modules/nixos/common/interceptiontools.nix { pkgs, ... }: { # Make CAPS work as a dual function ESC/CTRL key @@ -5189,7 +5189,7 @@ This enables power profile management. The available modes are: Most of the time I am using =power-saver=, however, it is good to be able to choose. -#+begin_src nix :tangle profiles/nixos/common/power-profiles-daemon.nix +#+begin_src nix :tangle modules/nixos/common/power-profiles-daemon.nix _: { services.power-profiles-daemon.enable = true; @@ -5213,7 +5213,7 @@ Many guides state that it is needed to enable =pcscd= to use the smartcard mode Also, since I use a GPG key in sops, it seems that scdaemon creates an instance at boot which sometimes hogs the Yubikey, which leads to significant delays after e.g. locking the screen and unplugging the Yubikey. Since I do not need the GPG key for the actual sops secrets (I use machine age keys instead), I kill that process. -#+begin_src nix :tangle profiles/nixos/common/hardwarecompatibility-yubikey.nix +#+begin_src nix :tangle modules/nixos/common/hardwarecompatibility-yubikey.nix { pkgs, ... }: { programs.ssh.startAgent = false; @@ -5244,7 +5244,7 @@ Also, since I use a GPG key in sops, it seems that scdaemon creates an instance This performs the necessary configuration to support this hardware. -#+begin_src nix :tangle profiles/nixos/common/hardwarecompatibility-ledger.nix +#+begin_src nix :tangle modules/nixos/common/hardwarecompatibility-ledger.nix { pkgs, ... }: { hardware.ledger.enable = true; @@ -5263,7 +5263,7 @@ This performs the necessary configuration to support this hardware. This loads some udev rules that I need for my split keyboards. -#+begin_src nix :tangle profiles/nixos/common/hardwarecompatibility-keyboards.nix +#+begin_src nix :tangle modules/nixos/common/hardwarecompatibility-keyboards.nix { pkgs, ... }: { services.udev.packages = with pkgs; [ @@ -5281,7 +5281,7 @@ This loads some udev rules that I need for my split keyboards. This section houses the greetd related settings. I do not really want to use a display manager, but it is useful to have setup in some ways - in my case for starting sway on system startup. Notably the default user login setting that is commented out here goes into the *system specific* settings, make sure to update it there -#+begin_src nix :tangle profiles/nixos/common/login.nix +#+begin_src nix :tangle modules/nixos/common/login.nix { pkgs, ... }: { services.greetd = { @@ -5315,7 +5315,7 @@ Only some binaries that touch system settings might still not work, apart from t When a program does not work, start with =nix-ldd =. This will tell you which library is missing. Afterwards, continue with =nix-locate = to find which packages provide that library. Add it to libraries below and rebuild. After a reboot, it will be visible using =nix-ldd=. It can also be useful to take a look at =ldd= to see which libraries are needed in general. -#+begin_src nix :tangle profiles/nixos/common/nix-ld.nix +#+begin_src nix :tangle modules/nixos/common/nix-ld.nix { pkgs, ... }: { programs.nix-ld = { @@ -5437,7 +5437,7 @@ This is where the impermanence magic happens. When this is enabled, the root dir Normally, doing that also resets the lecture that happens on the first use of =sudo=, so we disable that at this point. Also, here we can set files to be persisted. Do note that you should still pay attention to files that need sudo access, as these need to be copied manually. -#+begin_src nix :tangle profiles/nixos/common/impermanence.nix +#+begin_src nix :tangle modules/nixos/common/impermanence.nix { config, lib, ... }: let mapperTarget = lib.swarselsystems.mkIfElse config.swarselsystems.isCrypted "/dev/mapper/cryptroot" "/dev/disk/by-label/nixos"; @@ -5538,7 +5538,7 @@ Normally, doing that also resets the lecture that happens on the first use of =s This snipped is added to the activation script that is run after every rebuild and shows what packages have been added and removed. This is actually not the optimal place to add that snipped, but the correct spot is in some perl file that I have not had the leisure to take a look at yet. -#+begin_src nix :tangle profiles/nixos/common/nvd-rebuild.nix +#+begin_src nix :tangle modules/nixos/common/nvd-rebuild.nix { pkgs, ... }: { system.activationScripts.diff = { @@ -5558,7 +5558,7 @@ This snipped is added to the activation script that is run after every rebuild a Used for storing sessions in e.g. Nextcloud. Using this on a system level keeps the login information when logging out of the session as well. -#+begin_src nix :tangle profiles/nixos/common/gnome-keyring.nix +#+begin_src nix :tangle modules/nixos/common/gnome-keyring.nix _: { services.gnome.gnome-keyring = { @@ -5576,7 +5576,7 @@ Used for storing sessions in e.g. Nextcloud. Using this on a system level keeps This is used to better integrate Sway into the system on NixOS hosts. On the home-manager side, the =package= attribute will be =null= for such an host, using the systems derivation instead. -#+begin_src nix :tangle profiles/nixos/common/sway.nix +#+begin_src nix :tangle modules/nixos/common/sway.nix { pkgs, ... }: { @@ -5609,7 +5609,7 @@ This is used to better integrate Sway into the system on NixOS hosts. On the hom This allows me to use screen sharing on Wayland. The implementation is a bit crude and only the whole screen can be shared. However, most of the time that is all I need to do anyways. -#+begin_src nix :tangle profiles/nixos/common/xdg-portal.nix +#+begin_src nix :tangle modules/nixos/common/xdg-portal.nix { pkgs, ... }: { @@ -5638,7 +5638,7 @@ This allows me to use screen sharing on Wayland. The implementation is a bit cru I am using distrobox to quickly circumvent isses that I cannot immediately solve on NixOS. It is always the goal to quickly get things working on NixOS, but this prevents me from getting completely stuck. -#+begin_src nix :tangle profiles/nixos/common/distrobox.nix +#+begin_src nix :tangle modules/nixos/common/distrobox.nix { pkgs, ... }: { environment.systemPackages = with pkgs; [ @@ -5661,7 +5661,7 @@ I am using distrobox to quickly circumvent isses that I cannot immediately solve :END: Adds the necessary tools to allow .appimage programs easily. -#+begin_src nix :tangle profiles/nixos/common/appimage.nix +#+begin_src nix :tangle modules/nixos/common/appimage.nix _: { @@ -5680,7 +5680,7 @@ Adds the necessary tools to allow .appimage programs easily. This turns off the display when the lid is closed. -#+begin_src nix :tangle profiles/nixos/common/lid.nix +#+begin_src nix :tangle modules/nixos/common/lid.nix _: { services.logind = { @@ -5724,7 +5724,7 @@ This turns off the display when the lid is closed. Since I hide the waybar completely during normal operation, I run the risk of not noticing when my battery is about to run out. This module sends a notification when the battery level falls below 10%. Written by [[https://gist.github.com/cafkafk][cafkafk]]. -#+begin_src nix :tangle profiles/nixos/common/lowbattery.nix +#+begin_src nix :tangle modules/nixos/common/lowbattery.nix { pkgs, lib, ... }: { systemd.user.services."battery-low" = { @@ -5760,7 +5760,7 @@ Since I hide the waybar completely during normal operation, I run the risk of no This dynamically uses systemd boot or Lanzaboote depending on `config.swarselsystems.initialSetup` and `config.swarselsystems.isSecureBoot`. -#+begin_src nix :tangle profiles/nixos/common/lanzaboote.nix +#+begin_src nix :tangle modules/nixos/common/lanzaboote.nix { lib, config, ... }: { boot = { @@ -5792,25 +5792,25 @@ Also, we disable the warnings that trigger when rebuilding with a dirty flake. A Also, the system state version is set here. No need to touch it. -#+begin_src nix :tangle profiles/nixos/server/default.nix +#+begin_src nix :tangle modules/nixos/server/default.nix { self, lib, ... }: let - importNames = lib.swarselsystems.readNix "profiles/nixos/server"; - profilesPath = "${self}/profiles"; + importNames = lib.swarselsystems.readNix "modules/nixos/server"; + modulesPath = "${self}/modules"; in { - imports = lib.swarselsystems.mkImports importNames "profiles/nixos/server" ++ [ - "${profilesPath}/nixos/common/settings.nix" - "${profilesPath}/nixos/common/home-manager.nix" - "${profilesPath}/nixos/common/home-manager-extra.nix" - "${profilesPath}/nixos/common/xserver.nix" - "${profilesPath}/nixos/common/gc.nix" - "${profilesPath}/nixos/common/store.nix" - "${profilesPath}/nixos/common/time.nix" - "${profilesPath}/nixos/common/users.nix" - "${profilesPath}/nixos/common/nix-ld.nix" - "${profilesPath}/nixos/common/sharedsetup.nix" - "${profilesPath}/home/common/sharedsetup.nix" + imports = lib.swarselsystems.mkImports importNames "modules/nixos/server" ++ [ + "${modulesPath}/nixos/common/settings.nix" + "${modulesPath}/nixos/common/home-manager.nix" + "${modulesPath}/nixos/common/home-manager-extra.nix" + "${modulesPath}/nixos/common/xserver.nix" + "${modulesPath}/nixos/common/gc.nix" + "${modulesPath}/nixos/common/store.nix" + "${modulesPath}/nixos/common/time.nix" + "${modulesPath}/nixos/common/users.nix" + "${modulesPath}/nixos/common/nix-ld.nix" + "${modulesPath}/nixos/common/sharedsetup.nix" + "${modulesPath}/home/common/sharedsetup.nix" ]; } #+end_src @@ -5822,7 +5822,7 @@ Also, the system state version is set here. No need to touch it. Here we just define some aliases for rebuilding the system, and we allow some insecure packages that are needed by some server derivations. It would be more elegant to define these in the respective module, but nixpkgs needs to be defined before we can evaluate modules within it, so this must be a top-level configuration. -#+begin_src nix :tangle profiles/nixos/server/settings.nix +#+begin_src nix :tangle modules/nixos/server/settings.nix { lib, config, ... }: let inherit (config.swarselsystems) flakePath; @@ -5865,7 +5865,7 @@ Here we just define some aliases for rebuilding the system, and we allow some in :CUSTOM_ID: h:6f2967d9-7e32-4605-bb5c-5e27770bec0f :END: -#+begin_src nix :tangle profiles/nixos/server/packages.nix +#+begin_src nix :tangle modules/nixos/server/packages.nix { pkgs, ... }: { environment.systemPackages = with pkgs; [ @@ -5884,7 +5884,7 @@ Here we just define some aliases for rebuilding the system, and we allow some in :CUSTOM_ID: h:313f7940-e8bb-4b5d-97cb-e2fea4e665e4 :END: -#+begin_src nix :tangle profiles/nixos/server/sops.nix +#+begin_src nix :tangle modules/nixos/server/sops.nix { config, lib, ... }: { sops = { @@ -5901,7 +5901,7 @@ Here we just define some aliases for rebuilding the system, and we allow some in :CUSTOM_ID: h:d6840d31-110c-465f-93fa-0306f755de28 :END: -#+begin_src nix :tangle profiles/nixos/server/nfs.nix +#+begin_src nix :tangle modules/nixos/server/nfs.nix { pkgs, ... }: { services = { @@ -5958,7 +5958,7 @@ Here we just define some aliases for rebuilding the system, and we allow some in :CUSTOM_ID: h:302468d2-106a-41c8-b2bc-9fdc40064a9c :END: -#+begin_src nix :tangle profiles/nixos/server/nginx.nix +#+begin_src nix :tangle modules/nixos/server/nginx.nix { pkgs, config, ... }: { environment.systemPackages = with pkgs; [ @@ -6003,7 +6003,7 @@ Here we just define some aliases for rebuilding the system, and we allow some in :CUSTOM_ID: h:f3db197d-1d03-4bf8-b59f-f9891b358f0b :END: -#+begin_src nix :tangle profiles/nixos/server/ssh.nix +#+begin_src nix :tangle modules/nixos/server/ssh.nix { self, config, ... }: { services.openssh = { @@ -6029,7 +6029,7 @@ Here we just define some aliases for rebuilding the system, and we allow some in :CUSTOM_ID: h:d33f5982-dfe6-42d0-9cf2-2cd8c7b04295 :END: -#+begin_src nix :tangle profiles/nixos/server/kavita.nix +#+begin_src nix :tangle modules/nixos/server/kavita.nix { pkgs, lib, config, ... }: { options.swarselsystems.server.kavita = lib.mkEnableOption "enable kavita on server"; @@ -6080,7 +6080,7 @@ Here we just define some aliases for rebuilding the system, and we allow some in :CUSTOM_ID: h:e0d4c16e-ab64-48ac-9734-1ab62953ad4b :END: -#+begin_src nix :tangle profiles/nixos/server/jellyfin.nix +#+begin_src nix :tangle modules/nixos/server/jellyfin.nix { pkgs, lib, config, ... }: { options.swarselsystems.server.jellyfin = lib.mkEnableOption "enable jellyfin on server"; @@ -6133,7 +6133,7 @@ Here we just define some aliases for rebuilding the system, and we allow some in :CUSTOM_ID: h:f347f3ad-5100-4c4f-8616-cfd7f8e14a72 :END: -#+begin_src nix :tangle profiles/nixos/server/navidrome.nix +#+begin_src nix :tangle modules/nixos/server/navidrome.nix { pkgs, lib, inputs, config, ... }: let secretsDirectory = builtins.toString inputs.nix-secrets; @@ -6239,7 +6239,7 @@ Here we just define some aliases for rebuilding the system, and we allow some in :CUSTOM_ID: h:ec9c5a7d-ea8b-46d5-809c-163c917f5c41 :END: -#+begin_src nix :tangle profiles/nixos/server/spotifyd.nix +#+begin_src nix :tangle modules/nixos/server/spotifyd.nix { lib, config, ... }: { options.swarselsystems.server.spotifyd = lib.mkEnableOption "enable spotifyd on server"; @@ -6282,7 +6282,7 @@ Here we just define some aliases for rebuilding the system, and we allow some in :CUSTOM_ID: h:baa4149b-3788-4b05-87ec-0ee9d0726117 :END: -#+begin_src nix :tangle profiles/nixos/server/mpd.nix +#+begin_src nix :tangle modules/nixos/server/mpd.nix { pkgs, lib, config, ... }: { options.swarselsystems.server.mpd = lib.mkEnableOption "enable mpd on server"; @@ -6342,7 +6342,7 @@ Here we just define some aliases for rebuilding the system, and we allow some in :CUSTOM_ID: h:ce6a4371-e44f-419a-be9e-e17c7abdaf3a :END: -#+begin_src nix :tangle profiles/nixos/server/pipewire.nix +#+begin_src nix :tangle modules/nixos/server/pipewire.nix { lib, config, ... }: { config = lib.mkIf (config?swarselsystems.server.mpd || config?swarselsystems.server.navidrome) { @@ -6370,7 +6370,7 @@ Here we just define some aliases for rebuilding the system, and we allow some in :CUSTOM_ID: h:1e68d84a-8f99-422f-89ac-78f664ac0013 :END: -#+begin_src nix :tangle profiles/nixos/server/matrix.nix +#+begin_src nix :tangle modules/nixos/server/matrix.nix { config, lib, pkgs, sops, ... }: let matrixDomain = "swatrix.swarsel.win"; @@ -6703,7 +6703,7 @@ Here we just define some aliases for rebuilding the system, and we allow some in :CUSTOM_ID: h:d11ad8d5-25d7-4691-b319-61c16ccef715 :END: -#+begin_src nix :tangle profiles/nixos/server/nextcloud.nix +#+begin_src nix :tangle modules/nixos/server/nextcloud.nix { pkgs, lib, config, ... }: { options.swarselsystems.server.nextcloud = lib.mkEnableOption "enable nextcloud on server"; @@ -6757,7 +6757,7 @@ Here we just define some aliases for rebuilding the system, and we allow some in :CUSTOM_ID: h:33bad8ad-b362-4bf1-8a49-b9df92329aed :END: -#+begin_src nix :tangle profiles/nixos/server/immich.nix +#+begin_src nix :tangle modules/nixos/server/immich.nix { lib, config, ... }: { options.swarselsystems.server.immich = lib.mkEnableOption "enable immich on server"; @@ -6815,7 +6815,7 @@ Here we just define some aliases for rebuilding the system, and we allow some in :CUSTOM_ID: h:89638fb5-0593-4420-9567-f85f0223e341 :END: -#+begin_src nix :tangle profiles/nixos/server/paperless.nix +#+begin_src nix :tangle modules/nixos/server/paperless.nix { lib, config, ... }: { options.swarselsystems.server.paperless = lib.mkEnableOption "enable paperless on server"; @@ -6874,7 +6874,7 @@ Here we just define some aliases for rebuilding the system, and we allow some in :CUSTOM_ID: h:5afeb311-ab86-4029-be53-2160f6d836c3 :END: -#+begin_src nix :tangle profiles/nixos/server/transmission.nix +#+begin_src nix :tangle modules/nixos/server/transmission.nix { pkgs, lib, config, ... }: { options.swarselsystems.server.transmission = lib.mkEnableOption "enable transmission and friends on server"; @@ -7016,7 +7016,7 @@ Here we just define some aliases for rebuilding the system, and we allow some in :CUSTOM_ID: h:ad2787a2-7b1c-4326-aeff-9d8d6c3f591d :END: -#+begin_src nix :tangle profiles/nixos/server/syncthing.nix +#+begin_src nix :tangle modules/nixos/server/syncthing.nix { lib, config, inputs, ... }: let secretsDirectory = builtins.toString inputs.nix-secrets; @@ -7141,7 +7141,7 @@ Here we just define some aliases for rebuilding the system, and we allow some in Once this is finished, it will house a restic client that manages automatic backups of my image library. Before I get to this however, I first need to organice my pictures in the first place. -#+begin_src nix :tangle profiles/nixos/server/restic.nix +#+begin_src nix :tangle modules/nixos/server/restic.nix { lib, config, ... }: { options.swarselsystems.server.restic = lib.mkEnableOption "enable restic backups on server"; @@ -7160,7 +7160,7 @@ Once this is finished, it will house a restic client that manages automatic back This section exposes several metrics that I use to check the health of my server. I need to expand on the exporters section at some point, but for now I have everything I need. -#+begin_src nix :tangle profiles/nixos/server/monitoring.nix +#+begin_src nix :tangle modules/nixos/server/monitoring.nix { self, lib, config, ... }: { options.swarselsystems.server.monitoring = lib.mkEnableOption "enable monitoring on server"; @@ -7337,7 +7337,7 @@ This section exposes several metrics that I use to check the health of my server This is a WIP Jenkins instance. It is used to automatically build a new system when pushes to the main repository are detected. I have turned this service off for now however, as I actually prefer to start my builds manually. -#+begin_src nix :tangle profiles/nixos/server/jenkins.nix +#+begin_src nix :tangle modules/nixos/server/jenkins.nix { pkgs, lib, config, ... }: { options.swarselsystems.server.jenkins = lib.mkEnableOption "enable jenkins on server"; @@ -7383,7 +7383,7 @@ This is a WIP Jenkins instance. It is used to automatically build a new system w This was an approach of hosting an RSS server from within emacs. That would have been useful as it would have allowed me to allow my feeds from any device. However, it proved impossible to do bidirectional syncing, so I abandoned this configuration in favor of [[#h:9da3df74-6fc5-4ee1-a345-23ab4e8a613d][FreshRSS]]. -#+begin_src nix :tangle profiles/nixos/server/emacs.nix +#+begin_src nix :tangle modules/nixos/server/emacs.nix { lib, config, ... }: { options.swarselsystems.server.emacs = lib.mkEnableOption "enable emacs server on server"; @@ -7411,7 +7411,7 @@ FreshRSS is a more 'classical' RSS aggregator that I can just host as a distinct It serves both a Greader API at https://signpost.swarsel.win/api/greader.php, as well as a Fever API at https://signpost.swarsel.win/api/fever.php. -#+begin_src nix :tangle profiles/nixos/server/freshrss.nix +#+begin_src nix :tangle modules/nixos/server/freshrss.nix { lib, config, ... }: { options.swarselsystems.server.freshrss = lib.mkEnableOption "enable freshrss on server"; @@ -7456,7 +7456,7 @@ It serves both a Greader API at https://signpost.swarsel.win/api/greader.php, as :CUSTOM_ID: h:a9965660-4358-4b9a-8c46-d55f28598344 :END: -#+begin_src nix :tangle profiles/nixos/server/forgejo.nix +#+begin_src nix :tangle modules/nixos/server/forgejo.nix { lib, config, ... }: { options.swarselsystems.server.forgejo = lib.mkEnableOption "enable forgejo on server"; @@ -7511,7 +7511,7 @@ It serves both a Greader API at https://signpost.swarsel.win/api/greader.php, as :CUSTOM_ID: h:cb3f6552-7751-4f9a-b4c7-8d8ba5b255c4 :END: -#+begin_src nix :tangle profiles/nixos/server/ankisync.nix +#+begin_src nix :tangle modules/nixos/server/ankisync.nix { lib, config, ... }: { options.swarselsystems.server.ankisync = lib.mkEnableOption "enable ankisync on server"; @@ -7567,7 +7567,7 @@ It serves both a Greader API at https://signpost.swarsel.win/api/greader.php, as This section sets up all the imports that are used in the home-manager section. -#+begin_src nix :tangle profiles/darwin/nixos/default.nix +#+begin_src nix :tangle modules/darwin/nixos/default.nix _: { @@ -7604,7 +7604,7 @@ These sets of configuration do not need to be deployed on every host, for a mult This opens a few gaming ports and installs the steam configuration suite for gaming. There are more options in [[#h:84fd7029-ecb6-4131-9333-289982f24ffa][Gaming]] (home-manager side). -#+begin_src nix :tangle profiles/nixos/optional/gaming.nix +#+begin_src nix :tangle modules/nixos/optional/gaming.nix { pkgs, lib, ... }: { specialisation = { @@ -7653,7 +7653,7 @@ This opens a few gaming ports and installs the steam configuration suite for gam This sets the VirtualBox configuration. Guest should not be enabled if not direly needed, it will make rebuilds unbearably slow. I only use this privately to run an old editor that does not run well under wine, so I put it into it's own specialisation. -#+begin_src nix :tangle profiles/nixos/optional/virtualbox.nix +#+begin_src nix :tangle modules/nixos/optional/virtualbox.nix { lib, pkgs, ... }: { @@ -7685,7 +7685,7 @@ This sets the VirtualBox configuration. Guest should not be enabled if not direl This sets the VirtualBox configuration. Guest should not be enabled if not direly needed, it will make rebuilds unbearably slow. -#+begin_src nix :tangle profiles/nixos/optional/vmware.nix +#+begin_src nix :tangle modules/nixos/optional/vmware.nix _: { @@ -7701,7 +7701,7 @@ This sets the VirtualBox configuration. Guest should not be enabled if not direl Auto login for the initial session. -#+begin_src nix :tangle profiles/nixos/optional/autologin.nix +#+begin_src nix :tangle modules/nixos/optional/autologin.nix { config, ... }: let inherit (config.swarselsystems) mainUser; @@ -7721,7 +7721,7 @@ Auto login for the initial session. This smashes Atmosphere 1.3.2 on the switch, which is what I am currenty using. -#+begin_src nix :tangle profiles/nixos/optional/nswitch-rcm.nix +#+begin_src nix :tangle modules/nixos/optional/nswitch-rcm.nix { pkgs, ... }: { services.nswitch-rcm = { @@ -7741,7 +7741,7 @@ This smashes Atmosphere 1.3.2 on the switch, which is what I am currenty using. Options that I need specifically at work. There are more options at [[#h:f0b2ea93-94c8-48d8-8d47-6fe58f58e0e6][Work]] (home-manager side). -#+begin_src nix :tangle profiles/nixos/optional/work.nix +#+begin_src nix :tangle modules/nixos/optional/work.nix { self, lib, pkgs, config, ... }: let inherit (config.swarselsystems) mainUser homeDir xdgDir; @@ -7919,7 +7919,7 @@ Options that I need specifically at work. There are more options at [[#h:f0b2ea9 These options are really only to be used on the iso image in order to run nixos-anywhere. -#+begin_src nix :tangle profiles/iso/minimal.nix +#+begin_src nix :tangle modules/iso/minimal.nix { lib, pkgs, ... }: { @@ -8008,13 +8008,13 @@ The general structure is the same as in the [[#h:6da812f5-358c-49cb-aff2-0a94f20 This section sets up all the imports that are used in the home-manager section. -#+begin_src nix :tangle profiles/home/common/default.nix +#+begin_src nix :tangle modules/home/common/default.nix { lib, ... }: let - importNames = lib.swarselsystems.readNix "profiles/home/common"; + importNames = lib.swarselsystems.readNix "modules/home/common"; in { - imports = lib.swarselsystems.mkImports importNames "profiles/home/common"; + imports = lib.swarselsystems.mkImports importNames "modules/home/common"; } #+end_src @@ -8028,7 +8028,7 @@ Provides settings related to nix-darwin systems. At the moment, I am only making At work I am using several services that are using SSO login - however, as I am using four different accounts at work, this becomes a chore here. Hence, I have defined multiple profiles in [[#h:f0b2ea93-94c8-48d8-8d47-6fe58f58e0e6][Work]] that are all practically using the same configuration. To save screen space, I template that profile here. Set in firefox =about:config > toolkit.legacyUserProfileCustomizations.stylesheets= to true. This should in principle be set automatically using the below config, but it seems not to be working reliably -#+begin_src nix :noweb yes :tangle profiles/home/common/sharedsetup.nix +#+begin_src nix :noweb yes :tangle modules/home/common/sharedsetup.nix { self, lib, pkgs, ... }: let lock-false = { @@ -8293,7 +8293,7 @@ Set in firefox =about:config > toolkit.legacyUserProfileCustomizations.styleshee Again, we adapt =nix= to our needs, enable the home-manager command for non-NixOS machines (NixOS machines are using it as a module) and setting user information that I always keep the same. -#+begin_src nix :tangle profiles/home/common/settings.nix +#+begin_src nix :tangle modules/home/common/settings.nix { lib, config, ... }: let inherit (config.swarselsystems) mainUser; @@ -8353,7 +8353,7 @@ It can be set to either: - a PCI bus id in the form =pci-XXX_YY_ZZ_U= - a PCI id in the form =vendor_id:device_id= -#+begin_src nix :tangle profiles/home/common/nixgl.nix +#+begin_src nix :tangle modules/home/common/nixgl.nix { lib, config, nixgl, ... }: { options.swarselsystems = { @@ -8400,7 +8400,7 @@ Programming languages and default lsp's are defined here: [[#h:0e7e8bea-ec58-499 This holds packages that I can use as provided, or with small modifications (as in the =texlive= package that needs special configuration). -#+begin_src nix :tangle profiles/home/common/packages.nix +#+begin_src nix :tangle modules/home/common/packages.nix { pkgs, ... }: { @@ -8589,7 +8589,7 @@ This holds packages that I can use as provided, or with small modifications (as This is just a separate container for derivations defined in [[#h:64a5cc16-6b16-4802-b421-c67ccef853e1][Packages]]. This is a good idea so that I do not lose track of package names I have defined myself, as this was once a problem in the past already. -#+begin_src nix :tangle profiles/home/common/custom-packages.nix +#+begin_src nix :tangle modules/home/common/custom-packages.nix { config, pkgs, ... }: { @@ -8636,7 +8636,7 @@ I use sops-nix to handle secrets that I want to have available on my machines at Since we are using the home-manager implementation here, we need to specify the runtime path. -#+begin_src nix :tangle profiles/home/common/sops.nix +#+begin_src nix :tangle modules/home/common/sops.nix { config, lib, ... }: let inherit (config.swarselsystems) homeDir xdgDir; @@ -8664,7 +8664,7 @@ I use sops-nix to handle secrets that I want to have available on my machines at :CUSTOM_ID: h:4c850b80-56e0-437b-b564-2dd897027b2f :END: -#+begin_src nix :tangle profiles/home/common/yubikey.nix +#+begin_src nix :tangle modules/home/common/yubikey.nix { lib, nix-secrets, ... }: let secretsDirectory = builtins.toString nix-secrets; @@ -8688,7 +8688,7 @@ I use sops-nix to handle secrets that I want to have available on my machines at It is very convenient to have SSH aliases in place for machines that I use. This is mainly used for some server machines and some university clusters. We also enable agent forwarding to have our Yubikey SSH key accessible on the remote host. -#+begin_src nix :tangle profiles/home/common/ssh.nix +#+begin_src nix :tangle modules/home/common/ssh.nix _: { programs.ssh = { @@ -8739,7 +8739,7 @@ This section has been notably empty ever since switching to stylix. Only Emacs i =theme= is defined in [[#h:5bc1b0c9-dc59-4c81-b5b5-e60699deda78][Theme (stylix)]]. -#+begin_src nix :noweb yes :tangle profiles/home/common/stylix.nix +#+begin_src nix :noweb yes :tangle modules/home/common/stylix.nix { lib, config, ... }: { stylix = lib.mkIf (!config.swarselsystems.isNixos) (lib.recursiveUpdate @@ -8760,7 +8760,7 @@ Some programs lack a dmenu launcher - I define them myself here. TODO: Non-NixOS machines (=sp3) should not use these by default, but instead the programs prefixed with "nixGL". I need to figure out how to automate this process, as it is not feasible to write desktop entries for all programs installed on that machine. -#+begin_src nix :tangle profiles/home/common/desktop.nix +#+begin_src nix :tangle modules/home/common/desktop.nix _: { @@ -8868,7 +8868,7 @@ As for the `home.sessionVariables`, it should be noted that environment variable Also, we link some files to the users XDG configuration home: Also in firefox `about:config > toolkit.legacyUserProfileCustomizations.stylesheets` to true. -#+begin_src nix :tangle profiles/home/common/symlink.nix +#+begin_src nix :tangle modules/home/common/symlink.nix { self, lib, ... }: { home.file = { @@ -8906,7 +8906,7 @@ Also in firefox `about:config > toolkit.legacyUserProfileCustomizations.styleshe Sets environment variables. Here I am only setting the EDITOR variable, most variables are set in the [[#h:02df9dfc-d1af-4a37-a7a0-d8da0af96a20][Sway]] section. -#+begin_src nix :tangle profiles/home/common/env.nix +#+begin_src nix :tangle modules/home/common/env.nix { lib, config, nix-secrets, ... }: let secretsDirectory = builtins.toString nix-secrets; @@ -8942,7 +8942,7 @@ Sets environment variables. Here I am only setting the EDITOR variable, most var This section is for programs that require no further configuration. zsh Integration is enabled by default for these. -#+begin_src nix :tangle profiles/home/common/programs.nix +#+begin_src nix :tangle modules/home/common/programs.nix { pkgs, ... }: { programs = { @@ -8974,7 +8974,7 @@ This section is for programs that require no further configuration. zsh Integrat nix-index provides a way to find out which packages are provided by which derivations. By default it also comes with a replacement for =command-not-found.sh=, however, the implementation is based on a channel based setup. I like consistency, so I replace the command with one that provides a flakes-based output. -#+begin_src nix :tangle profiles/home/common/nix-index.nix +#+begin_src nix :tangle modules/home/common/nix-index.nix { self, pkgs, ... }: { programs.nix-index = @@ -9005,7 +9005,7 @@ nix-index provides a way to find out which packages are provided by which deriva Enables password store with the =pass-otp= extension which allows me to store and generate one-time-passwords. -#+begin_src nix :tangle profiles/home/common/password-store.nix +#+begin_src nix :tangle modules/home/common/password-store.nix { pkgs, ... }: { programs.password-store = { @@ -9025,7 +9025,7 @@ Enables password store with the =pass-otp= extension which allows me to store an Enables direnv, which I use for nearly all of my nix dev flakes. -#+begin_src nix :tangle profiles/home/common/direnv.nix +#+begin_src nix :tangle modules/home/common/direnv.nix _: { programs.direnv = { @@ -9043,7 +9043,7 @@ Enables direnv, which I use for nearly all of my nix dev flakes. Eza provides me with a better =ls= command and some other useful aliases. -#+begin_src nix :tangle profiles/home/common/eza.nix +#+begin_src nix :tangle modules/home/common/eza.nix _: { programs.eza = { @@ -9065,7 +9065,7 @@ Eza provides me with a better =ls= command and some other useful aliases. Here I set up my git config, automatic signing of commits, useful aliases for my ost used commands (for when I am not using [[#h:d2c7323d-f8c6-4f23-b70a-930e3e4ecce5][Magit]]) as well as a git template defined in [[#h:5ef03803-e150-41bc-b603-e80d60d96efc][Linking dotfiles]]. -#+begin_src nix :tangle profiles/home/common/git.nix +#+begin_src nix :tangle modules/home/common/git.nix { lib, nix-secrets, ... }: let secretsDirectory = builtins.toString nix-secrets; @@ -9119,7 +9119,7 @@ Here I set up my git config, automatic signing of commits, useful aliases for my Here I only need to set basic layout options - the rest is being managed by stylix. -#+begin_src nix :tangle profiles/home/common/fuzzel.nix +#+begin_src nix :tangle modules/home/common/fuzzel.nix _: { programs.fuzzel = { @@ -9143,7 +9143,7 @@ Here I only need to set basic layout options - the rest is being managed by styl Starship makes my =zsh= look cooler! I have symbols for most programming languages and toolchains, also I build my own powerline. -#+begin_src nix :tangle profiles/home/common/starship.nix +#+begin_src nix :tangle modules/home/common/starship.nix _: { programs.starship = { @@ -9276,7 +9276,7 @@ Kitty is the terminal emulator of choice for me, it is nice to configure using n The theme is handled by stylix. -#+begin_src nix :tangle profiles/home/common/kitty.nix +#+begin_src nix :tangle modules/home/common/kitty.nix _: { programs.kitty = { @@ -9300,7 +9300,7 @@ zsh is the most convenient shell for me and it happens to be super neat to confi Here we set some aliases (some of them should be shellApplications instead) as well as some zsh plugins like =fzf-tab=. -#+begin_src nix :tangle profiles/home/common/zsh.nix +#+begin_src nix :tangle modules/home/common/zsh.nix { config, pkgs, lib, ... }: let inherit (config.swarselsystems) flakePath; @@ -9419,7 +9419,7 @@ Here we set some aliases (some of them should be shellApplications instead) as w :PROPERTIES: :CUSTOM_ID: h:00de4901-631c-4b4c-86ce-d9d6e62ed8c7 :END: -#+begin_src nix :tangle profiles/home/common/zellij.nix +#+begin_src nix :tangle modules/home/common/zellij.nix { self, config, pkgs, ... }: { @@ -9443,7 +9443,7 @@ Here we set some aliases (some of them should be shellApplications instead) as w :PROPERTIES: :CUSTOM_ID: h:45de9430-f925-4df6-9db6-bffb5b8f1604 :END: -#+begin_src nix :tangle profiles/home/common/tmux.nix +#+begin_src nix :tangle modules/home/common/tmux.nix { pkgs, ... }: let @@ -9552,7 +9552,7 @@ Here we set some aliases (some of them should be shellApplications instead) as w Normally I use 4 mail accounts - here I set them all up. Three of them are Google accounts (sadly), which are a chore to setup. The last is just a sender account that I setup SMTP for here. -#+begin_src nix :tangle profiles/home/common/mail.nix +#+begin_src nix :tangle modules/home/common/mail.nix { lib, config, nix-secrets, ... }: let secretsDirectory = builtins.toString nix-secrets; @@ -9709,7 +9709,7 @@ By using the emacs-overlay NixOS module, I can install all Emacs packages that I Lastly, I am defining some more packages here that the parser has problems finding. Also there are some packages that are not in ELPA or MELPA that I still want to use, like =calfw= and =fast-scroll=, so I build them here. -#+begin_src nix :tangle profiles/home/common/emacs.nix +#+begin_src nix :tangle modules/home/common/emacs.nix { self, lib, config, pkgs, ... }: let inherit (config.swarselsystems) homeDir isPublic; @@ -9804,7 +9804,7 @@ The rest of the related configuration is found here: - [[#h:a9530c81-1976-442b-b597-0b4bed6baf25][Waybar]] - [[#h:f93f66f9-6b8b-478e-b139-b2f382c1f25e][waybarupdate]] -#+begin_src nix :tangle profiles/home/common/waybar.nix +#+begin_src nix :tangle modules/home/common/waybar.nix { self, config, lib, ... }: let generateIcons = n: lib.concatStringsSep " " (builtins.map (x: "{icon" + toString x + "}") (lib.range 0 (n - 1))); @@ -10129,7 +10129,7 @@ Also, I setup some search aliases for functions I often use, such as NixOS optio I used to build the firefox addon =bypass-paywalls-clean= myself here, but the maintainer always deletes old packages, and it became a chore for me to maintain here, so I no longer do that. -#+begin_src nix :tangle profiles/home/common/firefox.nix +#+begin_src nix :tangle modules/home/common/firefox.nix { config, pkgs, lib, ... }: { programs.firefox = { @@ -10293,7 +10293,7 @@ Services that can be defined through home-manager should be defined here. Used for storing sessions in e.g. Nextcloud -#+begin_src nix :tangle profiles/home/common/gnome-keyring.nix +#+begin_src nix :tangle modules/home/common/gnome-keyring.nix { lib, config, ... }: { services.gnome-keyring = lib.mkIf (!config.swarselsystems.isNixos) { @@ -10309,7 +10309,7 @@ Used for storing sessions in e.g. Nextcloud This enables phone/computer communication, including sending clipboard, files etc. Sadly on Wayland many of the features are broken (like remote control). -#+begin_src nix :tangle profiles/home/common/kdeconnect.nix +#+begin_src nix :tangle modules/home/common/kdeconnect.nix _: { services.kdeconnect = { @@ -10329,7 +10329,7 @@ Desktop notifications! The `extraConfig` section here CANNOT be reindented. This has something to do with how nix handles multiline strings, when indented Mako will fail to start. This might be a mako bug as well. -#+begin_src nix :tangle profiles/home/common/mako.nix +#+begin_src nix :tangle modules/home/common/mako.nix _: { services.mako = { @@ -10368,7 +10368,7 @@ The `extraConfig` section here CANNOT be reindented. This has something to do wi :CUSTOM_ID: h:1598c90b-f195-41a0-9132-94612edf3586 :END: -#+begin_src nix :tangle profiles/home/common/yubikey-touch-detector.nix +#+begin_src nix :tangle modules/home/common/yubikey-touch-detector.nix { pkgs, ... }: { systemd.user.services.yubikey-touch-detector = { @@ -10409,7 +10409,7 @@ I am currently using SwayFX, which adds some nice effects to sway, like rounded Currently, I am too lazy to explain every option here, but most of it is very self-explaining in any case. -#+begin_src nix :tangle profiles/home/common/sway.nix +#+begin_src nix :tangle modules/home/common/sway.nix { self, config, lib, ... }: { options.swarselsystems = { @@ -10817,7 +10817,7 @@ Currently, I am too lazy to explain every option here, but most of it is very se :END: -#+begin_src nix :tangle profiles/home/common/kanshi.nix +#+begin_src nix :tangle modules/home/common/kanshi.nix { config, ... }: { services.kanshi = { @@ -10900,7 +10900,7 @@ Currently, I am too lazy to explain every option here, but most of it is very se Settinfs that are needed for the gpg-agent. Also we are enabling emacs support for unlocking my Yubikey here. -#+begin_src nix :tangle profiles/home/common/gpg-agent.nix +#+begin_src nix :tangle modules/home/common/gpg-agent.nix { self, config, pkgs, ... }: let inherit (config.swarselsystems) mainUser homeDir; @@ -10949,7 +10949,7 @@ Settinfs that are needed for the gpg-agent. Also we are enabling emacs support f This service changes the screen hue at night. I am not sure if that really does something, but I like the color anyways. -#+begin_src nix :tangle profiles/home/common/gammastep.nix +#+begin_src nix :tangle modules/home/common/gammastep.nix { lib, nix-secrets, ... }: let secretsDirectory = builtins.toString nix-secrets; @@ -10976,16 +10976,16 @@ This service changes the screen hue at night. I am not sure if that really does This section sets up all the imports that are used in the home-manager section. -#+begin_src nix :tangle profiles/home/server/default.nix +#+begin_src nix :tangle modules/home/server/default.nix { self, lib, ... }: let - importNames = lib.swarselsystems.readNix "profiles/home/server"; - profilesPath = "${self}/profiles"; + importNames = lib.swarselsystems.readNix "modules/home/server"; + modulesPath = "${self}/modules"; in { - imports = lib.swarselsystems.mkImports importNames "profiles/home/server" ++ [ - "${profilesPath}/home/common/settings.nix" - "${profilesPath}/home/common/sharedsetup.nix" + imports = lib.swarselsystems.mkImports importNames "modules/home/server" ++ [ + "${modulesPath}/home/common/settings.nix" + "${modulesPath}/home/common/sharedsetup.nix" ]; } #+end_src @@ -10999,7 +10999,7 @@ This section should be used in order to symlink already existing configuration f As for the `home.sessionVariables`, it should be noted that environment variables that are needed at system start should NOT be loaded here, but instead in `programs.zsh.config.extraSessionCommands` (in the home-manager programs section). This is also where all the wayland related variables are stored. -#+begin_src nix :tangle profiles/home/server/symlink.nix +#+begin_src nix :tangle modules/home/server/symlink.nix { self, lib, ... }: { home.file = { @@ -11023,15 +11023,15 @@ As for the `home.sessionVariables`, it should be noted that environment variable This section sets up all the imports that are used in the home-manager section. -#+begin_src nix :tangle profiles/darwin/home/default.nix +#+begin_src nix :tangle modules/darwin/home/default.nix { self, ... }: let - profilesPath = "${self}/profiles"; + modulesPath = "${self}/modules"; in { imports = [ - "${profilesPath}/home/common/settings.nix" - "${profilesPath}/home/common/sharedsetup.nix" + "${modulesPath}/home/common/settings.nix" + "${modulesPath}/home/common/sharedsetup.nix" ]; } #+end_src @@ -11050,7 +11050,7 @@ Akin to the optional NixOS modules. The rest of the settings is at [[#h:fb3f3e01-7df4-4b06-9e91-aa9cac61a431][gaming]]. -#+begin_src nix :tangle profiles/home/optional/gaming.nix +#+begin_src nix :tangle modules/home/optional/gaming.nix { pkgs, ... }: { # specialisation = { @@ -11096,7 +11096,7 @@ The rest of the settings is at [[#h:fb3f3e01-7df4-4b06-9e91-aa9cac61a431][gaming The rest of the settings is at [[#h:bbf2ecb6-c8ff-4462-b5d5-d45b28604ddf][work]]. Here, I am setting up the different firefox profiles that I need for the SSO sites that I need to access at work as well as a few ssh shorthands. -#+begin_src nix :tangle profiles/home/optional/work.nix :noweb yes +#+begin_src nix :tangle modules/home/optional/work.nix :noweb yes { self, config, pkgs, lib, nix-secrets, ... }: let inherit (config.swarselsystems) homeDir; diff --git a/hosts/home/default/default.nix b/hosts/home/default/default.nix index 0299fdc..805e16f 100644 --- a/hosts/home/default/default.nix +++ b/hosts/home/default/default.nix @@ -5,8 +5,8 @@ inputs.stylix.homeManagerModules.stylix inputs.sops-nix.homeManagerModules.sops inputs.nix-index-database.hmModules.nix-index - ./profiles/home/common - "${self}/profiles/home/common/sharedsetup.nix" + ./modules/home/common + "${self}/modules/home/common/sharedsetup.nix" ]; nixpkgs = { diff --git a/hosts/nixos/chaostheatre/default.nix b/hosts/nixos/chaostheatre/default.nix index ab0b860..78629e1 100644 --- a/hosts/nixos/chaostheatre/default.nix +++ b/hosts/nixos/chaostheatre/default.nix @@ -1,6 +1,6 @@ { self, config, pkgs, lib, primaryUser, ... }: let - profilesPath = "${self}/profiles"; + modulesPath = "${self}/modules"; in { @@ -10,7 +10,7 @@ in { _module.args.diskDevice = config.swarselsystems.rootDisk; } - "${profilesPath}/nixos/optional/autologin.nix" + "${modulesPath}/nixos/optional/autologin.nix" ]; environment.variables = { diff --git a/hosts/nixos/iso/default.nix b/hosts/nixos/iso/default.nix index 2641d65..34beaeb 100644 --- a/hosts/nixos/iso/default.nix +++ b/hosts/nixos/iso/default.nix @@ -8,15 +8,15 @@ in "${modulesPath}/installer/cd-dvd/installation-cd-minimal.nix" "${modulesPath}/installer/cd-dvd/channel.nix" - "${self}/profiles/iso/minimal.nix" - "${self}/profiles/nixos/common/sharedsetup.nix" - "${self}/profiles/home/common/sharedsetup.nix" + "${self}/modules/iso/minimal.nix" + "${self}/modules/nixos/common/sharedsetup.nix" + "${self}/modules/home/common/sharedsetup.nix" inputs.home-manager.nixosModules.home-manager { home-manager.users."${primaryUser}".imports = [ - "${self}/profiles/home/common/settings.nix" - "${self}/profiles/home/common/sharedsetup.nix" + "${self}/modules/home/common/settings.nix" + "${self}/modules/home/common/sharedsetup.nix" ]; } ]; diff --git a/hosts/nixos/nbl-imba-2/default.nix b/hosts/nixos/nbl-imba-2/default.nix index eeaa571..e656e73 100644 --- a/hosts/nixos/nbl-imba-2/default.nix +++ b/hosts/nixos/nbl-imba-2/default.nix @@ -1,7 +1,7 @@ { self, inputs, lib, primaryUser, ... }: let secretsDirectory = builtins.toString inputs.nix-secrets; - profilesPath = "${self}/profiles"; + modulesPath = "${self}/modules"; sharedOptions = { isBtrfs = true; isLinux = true; @@ -17,18 +17,18 @@ in ./disk-config.nix ./hardware-configuration.nix - "${profilesPath}/nixos/optional/virtualbox.nix" - # "${profilesPath}/nixos/optional/vmware.nix" - "${profilesPath}/nixos/optional/autologin.nix" - "${profilesPath}/nixos/optional/nswitch-rcm.nix" - "${profilesPath}/nixos/optional/gaming.nix" - "${profilesPath}/nixos/optional/work.nix" + "${modulesPath}/nixos/optional/virtualbox.nix" + # "${modulesPath}/nixos/optional/vmware.nix" + "${modulesPath}/nixos/optional/autologin.nix" + "${modulesPath}/nixos/optional/nswitch-rcm.nix" + "${modulesPath}/nixos/optional/gaming.nix" + "${modulesPath}/nixos/optional/work.nix" inputs.home-manager.nixosModules.home-manager { home-manager.users."${primaryUser}".imports = [ - "${profilesPath}/home/optional/gaming.nix" - "${profilesPath}/home/optional/work.nix" + "${modulesPath}/home/optional/gaming.nix" + "${modulesPath}/home/optional/work.nix" ]; } ]; diff --git a/hosts/nixos/sync/default.nix b/hosts/nixos/sync/default.nix index 6dfc4d7..1a8f47f 100644 --- a/hosts/nixos/sync/default.nix +++ b/hosts/nixos/sync/default.nix @@ -1,20 +1,20 @@ { self, inputs, lib, primaryUser, ... }: let - profilesPath = "${self}/profiles"; + modulesPath = "${self}/modules"; in { imports = [ - "${profilesPath}/nixos/server" - "${profilesPath}/nixos/common/sharedsetup.nix" - "${profilesPath}/home/common/sharedsetup.nix" + "${modulesPath}/nixos/server" + "${modulesPath}/nixos/common/sharedsetup.nix" + "${modulesPath}/home/common/sharedsetup.nix" ./hardware-configuration.nix inputs.home-manager.nixosModules.home-manager { home-manager.users."${primaryUser}".imports = [ - "${profilesPath}/home/server" - "${profilesPath}/home/common/sharedsetup.nix" + "${modulesPath}/home/server" + "${modulesPath}/home/common/sharedsetup.nix" ]; } ]; diff --git a/hosts/nixos/toto/default.nix b/hosts/nixos/toto/default.nix index da5df33..f2a50b3 100644 --- a/hosts/nixos/toto/default.nix +++ b/hosts/nixos/toto/default.nix @@ -1,6 +1,6 @@ { self, inputs, pkgs, lib, primaryUser, ... }: let - profilesPath = "${self}/profiles"; + modulesPath = "${self}/modules"; sharedOptions = { isBtrfs = true; isLinux = true; @@ -12,27 +12,27 @@ in "${self}/hosts/nixos/toto/disk-config.nix" ./hardware-configuration.nix - "${profilesPath}/nixos/optional/autologin.nix" - "${profilesPath}/nixos/common/settings.nix" - "${profilesPath}/nixos/common/sharedsetup.nix" - "${profilesPath}/nixos/common/home-manager.nix" - "${profilesPath}/nixos/common/home-manager-extra.nix" - "${profilesPath}/nixos/common/xserver.nix" - "${profilesPath}/nixos/common/users.nix" - "${profilesPath}/nixos/common/impermanence.nix" - "${profilesPath}/nixos/common/lanzaboote.nix" - "${profilesPath}/nixos/common/sops.nix" - "${profilesPath}/nixos/server/ssh.nix" - "${profilesPath}/home/common/sharedsetup.nix" + "${modulesPath}/nixos/optional/autologin.nix" + "${modulesPath}/nixos/common/settings.nix" + "${modulesPath}/nixos/common/sharedsetup.nix" + "${modulesPath}/nixos/common/home-manager.nix" + "${modulesPath}/nixos/common/home-manager-extra.nix" + "${modulesPath}/nixos/common/xserver.nix" + "${modulesPath}/nixos/common/users.nix" + "${modulesPath}/nixos/common/impermanence.nix" + "${modulesPath}/nixos/common/lanzaboote.nix" + "${modulesPath}/nixos/common/sops.nix" + "${modulesPath}/nixos/server/ssh.nix" + "${modulesPath}/home/common/sharedsetup.nix" inputs.home-manager.nixosModules.home-manager { home-manager.users."${primaryUser}".imports = [ inputs.sops-nix.homeManagerModules.sops - "${profilesPath}/home/common/settings.nix" - "${profilesPath}/home/common/sops.nix" - "${profilesPath}/home/common/ssh.nix" - "${profilesPath}/home/common/sharedsetup.nix" + "${modulesPath}/home/common/settings.nix" + "${modulesPath}/home/common/sops.nix" + "${modulesPath}/home/common/ssh.nix" + "${modulesPath}/home/common/sharedsetup.nix" ]; } ]; diff --git a/hosts/nixos/winters/default.nix b/hosts/nixos/winters/default.nix index c3d6a3e..c396364 100644 --- a/hosts/nixos/winters/default.nix +++ b/hosts/nixos/winters/default.nix @@ -1,19 +1,19 @@ { self, inputs, primaryUser, ... }: let - profilesPath = "${self}/profiles"; + modulesPath = "${self}/modules"; in { imports = [ ./hardware-configuration.nix - "${profilesPath}/nixos/optional/autologin.nix" - "${profilesPath}/nixos/server" + "${modulesPath}/nixos/optional/autologin.nix" + "${modulesPath}/nixos/server" inputs.home-manager.nixosModules.home-manager { home-manager.users."${primaryUser}".imports = [ - "${profilesPath}/home/server" + "${modulesPath}/home/server" ]; } ]; diff --git a/lib/default.nix b/lib/default.nix index 03cea47..c447c82 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -55,7 +55,7 @@ in ] ++ (if (host == "winters" || host == "sync") then [ ] else [ # put nixos imports here that are for all normal hosts - "${self}/profiles/${type}/common" + "${self}/modules/${type}/common" inputs.stylix.nixosModules.stylix inputs.nswitch-rcm-nix.nixosModules.nswitch-rcm ]) ++ (if (type == "nixos") then [ @@ -64,7 +64,7 @@ in home-manager.users."${linuxUser}".imports = ( if (host == "winters" || host == "sync") then [ ] else [ # put home-manager imports here that are for all normal hosts - "${self}/profiles/home/common" + "${self}/modules/home/common" ] ) ++ [ # put home-manager imports here that are for all servers and normal hosts @@ -74,12 +74,12 @@ in } ] else [ # put nixos imports here that are for darwin hosts - "${self}/profiles/darwin/nixos/common" + "${self}/modules/darwin/nixos/common" inputs.home-manager.darwinModules.home-manager { home-manager.users."${macUser}".imports = [ # put home-manager imports here that are for darwin hosts - "${self}/profiles/darwin/home" + "${self}/modules/darwin/home" ]; } ]) diff --git a/modules/darwin/home/default.nix b/modules/darwin/home/default.nix new file mode 100644 index 0000000..6ebc883 --- /dev/null +++ b/modules/darwin/home/default.nix @@ -0,0 +1,10 @@ +{ self, ... }: +let + modulesPath = "${self}/modules"; +in +{ + imports = [ + "${modulesPath}/home/common/settings.nix" + "${modulesPath}/home/common/sharedsetup.nix" + ]; +} diff --git a/profiles/darwin/nixos/default.nix b/modules/darwin/nixos/default.nix similarity index 100% rename from profiles/darwin/nixos/default.nix rename to modules/darwin/nixos/default.nix diff --git a/profiles/home/common/custom-packages.nix b/modules/home/common/custom-packages.nix similarity index 100% rename from profiles/home/common/custom-packages.nix rename to modules/home/common/custom-packages.nix diff --git a/modules/home/common/default.nix b/modules/home/common/default.nix new file mode 100644 index 0000000..18e0ee1 --- /dev/null +++ b/modules/home/common/default.nix @@ -0,0 +1,7 @@ +{ lib, ... }: +let + importNames = lib.swarselsystems.readNix "modules/home/common"; +in +{ + imports = lib.swarselsystems.mkImports importNames "modules/home/common"; +} diff --git a/profiles/home/common/desktop.nix b/modules/home/common/desktop.nix similarity index 100% rename from profiles/home/common/desktop.nix rename to modules/home/common/desktop.nix diff --git a/profiles/home/common/direnv.nix b/modules/home/common/direnv.nix similarity index 100% rename from profiles/home/common/direnv.nix rename to modules/home/common/direnv.nix diff --git a/profiles/home/common/emacs.nix b/modules/home/common/emacs.nix similarity index 100% rename from profiles/home/common/emacs.nix rename to modules/home/common/emacs.nix diff --git a/profiles/home/common/env.nix b/modules/home/common/env.nix similarity index 100% rename from profiles/home/common/env.nix rename to modules/home/common/env.nix diff --git a/profiles/home/common/eza.nix b/modules/home/common/eza.nix similarity index 100% rename from profiles/home/common/eza.nix rename to modules/home/common/eza.nix diff --git a/profiles/home/common/firefox.nix b/modules/home/common/firefox.nix similarity index 100% rename from profiles/home/common/firefox.nix rename to modules/home/common/firefox.nix diff --git a/profiles/home/common/fuzzel.nix b/modules/home/common/fuzzel.nix similarity index 100% rename from profiles/home/common/fuzzel.nix rename to modules/home/common/fuzzel.nix diff --git a/profiles/home/common/gammastep.nix b/modules/home/common/gammastep.nix similarity index 100% rename from profiles/home/common/gammastep.nix rename to modules/home/common/gammastep.nix diff --git a/profiles/home/common/git.nix b/modules/home/common/git.nix similarity index 100% rename from profiles/home/common/git.nix rename to modules/home/common/git.nix diff --git a/profiles/home/common/gnome-keyring.nix b/modules/home/common/gnome-keyring.nix similarity index 100% rename from profiles/home/common/gnome-keyring.nix rename to modules/home/common/gnome-keyring.nix diff --git a/profiles/home/common/gpg-agent.nix b/modules/home/common/gpg-agent.nix similarity index 100% rename from profiles/home/common/gpg-agent.nix rename to modules/home/common/gpg-agent.nix diff --git a/profiles/home/common/kanshi.nix b/modules/home/common/kanshi.nix similarity index 100% rename from profiles/home/common/kanshi.nix rename to modules/home/common/kanshi.nix diff --git a/profiles/home/common/kdeconnect.nix b/modules/home/common/kdeconnect.nix similarity index 100% rename from profiles/home/common/kdeconnect.nix rename to modules/home/common/kdeconnect.nix diff --git a/profiles/home/common/kitty.nix b/modules/home/common/kitty.nix similarity index 100% rename from profiles/home/common/kitty.nix rename to modules/home/common/kitty.nix diff --git a/profiles/home/common/mail.nix b/modules/home/common/mail.nix similarity index 100% rename from profiles/home/common/mail.nix rename to modules/home/common/mail.nix diff --git a/profiles/home/common/mako.nix b/modules/home/common/mako.nix similarity index 100% rename from profiles/home/common/mako.nix rename to modules/home/common/mako.nix diff --git a/profiles/home/common/nix-index.nix b/modules/home/common/nix-index.nix similarity index 100% rename from profiles/home/common/nix-index.nix rename to modules/home/common/nix-index.nix diff --git a/profiles/home/common/nixgl.nix b/modules/home/common/nixgl.nix similarity index 100% rename from profiles/home/common/nixgl.nix rename to modules/home/common/nixgl.nix diff --git a/profiles/home/common/packages.nix b/modules/home/common/packages.nix similarity index 100% rename from profiles/home/common/packages.nix rename to modules/home/common/packages.nix diff --git a/profiles/home/common/password-store.nix b/modules/home/common/password-store.nix similarity index 100% rename from profiles/home/common/password-store.nix rename to modules/home/common/password-store.nix diff --git a/profiles/home/common/programs.nix b/modules/home/common/programs.nix similarity index 100% rename from profiles/home/common/programs.nix rename to modules/home/common/programs.nix diff --git a/profiles/home/common/settings.nix b/modules/home/common/settings.nix similarity index 100% rename from profiles/home/common/settings.nix rename to modules/home/common/settings.nix diff --git a/profiles/home/common/sharedsetup.nix b/modules/home/common/sharedsetup.nix similarity index 100% rename from profiles/home/common/sharedsetup.nix rename to modules/home/common/sharedsetup.nix diff --git a/profiles/home/common/sops.nix b/modules/home/common/sops.nix similarity index 100% rename from profiles/home/common/sops.nix rename to modules/home/common/sops.nix diff --git a/profiles/home/common/ssh.nix b/modules/home/common/ssh.nix similarity index 100% rename from profiles/home/common/ssh.nix rename to modules/home/common/ssh.nix diff --git a/profiles/home/common/starship.nix b/modules/home/common/starship.nix similarity index 100% rename from profiles/home/common/starship.nix rename to modules/home/common/starship.nix diff --git a/profiles/home/common/stylix.nix b/modules/home/common/stylix.nix similarity index 100% rename from profiles/home/common/stylix.nix rename to modules/home/common/stylix.nix diff --git a/profiles/home/common/sway.nix b/modules/home/common/sway.nix similarity index 100% rename from profiles/home/common/sway.nix rename to modules/home/common/sway.nix diff --git a/profiles/home/common/symlink.nix b/modules/home/common/symlink.nix similarity index 100% rename from profiles/home/common/symlink.nix rename to modules/home/common/symlink.nix diff --git a/profiles/home/common/tmux.nix b/modules/home/common/tmux.nix similarity index 100% rename from profiles/home/common/tmux.nix rename to modules/home/common/tmux.nix diff --git a/profiles/home/common/waybar.nix b/modules/home/common/waybar.nix similarity index 100% rename from profiles/home/common/waybar.nix rename to modules/home/common/waybar.nix diff --git a/profiles/home/common/yubikey-touch-detector.nix b/modules/home/common/yubikey-touch-detector.nix similarity index 100% rename from profiles/home/common/yubikey-touch-detector.nix rename to modules/home/common/yubikey-touch-detector.nix diff --git a/profiles/home/common/yubikey.nix b/modules/home/common/yubikey.nix similarity index 100% rename from profiles/home/common/yubikey.nix rename to modules/home/common/yubikey.nix diff --git a/profiles/home/common/zellij.nix b/modules/home/common/zellij.nix similarity index 100% rename from profiles/home/common/zellij.nix rename to modules/home/common/zellij.nix diff --git a/profiles/home/common/zsh.nix b/modules/home/common/zsh.nix similarity index 100% rename from profiles/home/common/zsh.nix rename to modules/home/common/zsh.nix diff --git a/profiles/home/optional/gaming.nix b/modules/home/optional/gaming.nix similarity index 100% rename from profiles/home/optional/gaming.nix rename to modules/home/optional/gaming.nix diff --git a/profiles/home/optional/work.nix b/modules/home/optional/work.nix similarity index 100% rename from profiles/home/optional/work.nix rename to modules/home/optional/work.nix diff --git a/modules/home/server/default.nix b/modules/home/server/default.nix new file mode 100644 index 0000000..0d107f1 --- /dev/null +++ b/modules/home/server/default.nix @@ -0,0 +1,11 @@ +{ self, lib, ... }: +let + importNames = lib.swarselsystems.readNix "modules/home/server"; + modulesPath = "${self}/modules"; +in +{ + imports = lib.swarselsystems.mkImports importNames "modules/home/server" ++ [ + "${modulesPath}/home/common/settings.nix" + "${modulesPath}/home/common/sharedsetup.nix" + ]; +} diff --git a/profiles/home/server/symlink.nix b/modules/home/server/symlink.nix similarity index 100% rename from profiles/home/server/symlink.nix rename to modules/home/server/symlink.nix diff --git a/profiles/iso/minimal.nix b/modules/iso/minimal.nix similarity index 100% rename from profiles/iso/minimal.nix rename to modules/iso/minimal.nix diff --git a/profiles/nixos/common/appimage.nix b/modules/nixos/common/appimage.nix similarity index 100% rename from profiles/nixos/common/appimage.nix rename to modules/nixos/common/appimage.nix diff --git a/profiles/nixos/common/blueman.nix b/modules/nixos/common/blueman.nix similarity index 100% rename from profiles/nixos/common/blueman.nix rename to modules/nixos/common/blueman.nix diff --git a/modules/nixos/common/default.nix b/modules/nixos/common/default.nix new file mode 100644 index 0000000..49ac9ae --- /dev/null +++ b/modules/nixos/common/default.nix @@ -0,0 +1,17 @@ +{ self, lib, ... }: +let + importNames = lib.swarselsystems.readNix "modules/nixos/common"; + modulesPath = "${self}/modules"; +in +{ + imports = lib.swarselsystems.mkImports importNames "modules/nixos/common" ++ [ + "${modulesPath}/home/common/sharedsetup.nix" + ]; + + nixpkgs.config.permittedInsecurePackages = [ + "jitsi-meet-1.0.8043" + "electron-29.4.6" + "SDL_ttf-2.0.11" + ]; + +} diff --git a/profiles/nixos/common/distrobox.nix b/modules/nixos/common/distrobox.nix similarity index 100% rename from profiles/nixos/common/distrobox.nix rename to modules/nixos/common/distrobox.nix diff --git a/profiles/nixos/common/env.nix b/modules/nixos/common/env.nix similarity index 100% rename from profiles/nixos/common/env.nix rename to modules/nixos/common/env.nix diff --git a/profiles/nixos/common/gc.nix b/modules/nixos/common/gc.nix similarity index 100% rename from profiles/nixos/common/gc.nix rename to modules/nixos/common/gc.nix diff --git a/profiles/nixos/common/gnome-keyring.nix b/modules/nixos/common/gnome-keyring.nix similarity index 100% rename from profiles/nixos/common/gnome-keyring.nix rename to modules/nixos/common/gnome-keyring.nix diff --git a/profiles/nixos/common/gvfs.nix b/modules/nixos/common/gvfs.nix similarity index 100% rename from profiles/nixos/common/gvfs.nix rename to modules/nixos/common/gvfs.nix diff --git a/profiles/nixos/common/hardware.nix b/modules/nixos/common/hardware.nix similarity index 100% rename from profiles/nixos/common/hardware.nix rename to modules/nixos/common/hardware.nix diff --git a/profiles/nixos/common/hardwarecompatibility-keyboards.nix b/modules/nixos/common/hardwarecompatibility-keyboards.nix similarity index 100% rename from profiles/nixos/common/hardwarecompatibility-keyboards.nix rename to modules/nixos/common/hardwarecompatibility-keyboards.nix diff --git a/profiles/nixos/common/hardwarecompatibility-ledger.nix b/modules/nixos/common/hardwarecompatibility-ledger.nix similarity index 100% rename from profiles/nixos/common/hardwarecompatibility-ledger.nix rename to modules/nixos/common/hardwarecompatibility-ledger.nix diff --git a/profiles/nixos/common/hardwarecompatibility-yubikey.nix b/modules/nixos/common/hardwarecompatibility-yubikey.nix similarity index 100% rename from profiles/nixos/common/hardwarecompatibility-yubikey.nix rename to modules/nixos/common/hardwarecompatibility-yubikey.nix diff --git a/profiles/nixos/common/home-manager-extra.nix b/modules/nixos/common/home-manager-extra.nix similarity index 100% rename from profiles/nixos/common/home-manager-extra.nix rename to modules/nixos/common/home-manager-extra.nix diff --git a/profiles/nixos/common/home-manager.nix b/modules/nixos/common/home-manager.nix similarity index 100% rename from profiles/nixos/common/home-manager.nix rename to modules/nixos/common/home-manager.nix diff --git a/profiles/nixos/common/impermanence.nix b/modules/nixos/common/impermanence.nix similarity index 100% rename from profiles/nixos/common/impermanence.nix rename to modules/nixos/common/impermanence.nix diff --git a/profiles/nixos/common/interceptiontools.nix b/modules/nixos/common/interceptiontools.nix similarity index 100% rename from profiles/nixos/common/interceptiontools.nix rename to modules/nixos/common/interceptiontools.nix diff --git a/profiles/nixos/common/lanzaboote.nix b/modules/nixos/common/lanzaboote.nix similarity index 100% rename from profiles/nixos/common/lanzaboote.nix rename to modules/nixos/common/lanzaboote.nix diff --git a/profiles/nixos/common/lid.nix b/modules/nixos/common/lid.nix similarity index 100% rename from profiles/nixos/common/lid.nix rename to modules/nixos/common/lid.nix diff --git a/profiles/nixos/common/login.nix b/modules/nixos/common/login.nix similarity index 100% rename from profiles/nixos/common/login.nix rename to modules/nixos/common/login.nix diff --git a/profiles/nixos/common/lowbattery.nix b/modules/nixos/common/lowbattery.nix similarity index 100% rename from profiles/nixos/common/lowbattery.nix rename to modules/nixos/common/lowbattery.nix diff --git a/profiles/nixos/common/network.nix b/modules/nixos/common/network.nix similarity index 100% rename from profiles/nixos/common/network.nix rename to modules/nixos/common/network.nix diff --git a/profiles/nixos/common/networkdevices.nix b/modules/nixos/common/networkdevices.nix similarity index 100% rename from profiles/nixos/common/networkdevices.nix rename to modules/nixos/common/networkdevices.nix diff --git a/profiles/nixos/common/nix-ld.nix b/modules/nixos/common/nix-ld.nix similarity index 100% rename from profiles/nixos/common/nix-ld.nix rename to modules/nixos/common/nix-ld.nix diff --git a/profiles/nixos/common/nvd-rebuild.nix b/modules/nixos/common/nvd-rebuild.nix similarity index 100% rename from profiles/nixos/common/nvd-rebuild.nix rename to modules/nixos/common/nvd-rebuild.nix diff --git a/profiles/nixos/common/packages.nix b/modules/nixos/common/packages.nix similarity index 100% rename from profiles/nixos/common/packages.nix rename to modules/nixos/common/packages.nix diff --git a/profiles/nixos/common/pipewire.nix b/modules/nixos/common/pipewire.nix similarity index 100% rename from profiles/nixos/common/pipewire.nix rename to modules/nixos/common/pipewire.nix diff --git a/profiles/nixos/common/polkit.nix b/modules/nixos/common/polkit.nix similarity index 100% rename from profiles/nixos/common/polkit.nix rename to modules/nixos/common/polkit.nix diff --git a/profiles/nixos/common/power-profiles-daemon.nix b/modules/nixos/common/power-profiles-daemon.nix similarity index 100% rename from profiles/nixos/common/power-profiles-daemon.nix rename to modules/nixos/common/power-profiles-daemon.nix diff --git a/profiles/nixos/common/programs.nix b/modules/nixos/common/programs.nix similarity index 100% rename from profiles/nixos/common/programs.nix rename to modules/nixos/common/programs.nix diff --git a/profiles/nixos/common/pulseaudio.nix b/modules/nixos/common/pulseaudio.nix similarity index 100% rename from profiles/nixos/common/pulseaudio.nix rename to modules/nixos/common/pulseaudio.nix diff --git a/profiles/nixos/common/settings.nix b/modules/nixos/common/settings.nix similarity index 100% rename from profiles/nixos/common/settings.nix rename to modules/nixos/common/settings.nix diff --git a/profiles/nixos/common/sharedsetup.nix b/modules/nixos/common/sharedsetup.nix similarity index 100% rename from profiles/nixos/common/sharedsetup.nix rename to modules/nixos/common/sharedsetup.nix diff --git a/profiles/nixos/common/sops.nix b/modules/nixos/common/sops.nix similarity index 100% rename from profiles/nixos/common/sops.nix rename to modules/nixos/common/sops.nix diff --git a/profiles/nixos/common/store.nix b/modules/nixos/common/store.nix similarity index 100% rename from profiles/nixos/common/store.nix rename to modules/nixos/common/store.nix diff --git a/profiles/nixos/common/stylix.nix b/modules/nixos/common/stylix.nix similarity index 100% rename from profiles/nixos/common/stylix.nix rename to modules/nixos/common/stylix.nix diff --git a/profiles/nixos/common/sway.nix b/modules/nixos/common/sway.nix similarity index 100% rename from profiles/nixos/common/sway.nix rename to modules/nixos/common/sway.nix diff --git a/profiles/nixos/common/syncthing.nix b/modules/nixos/common/syncthing.nix similarity index 100% rename from profiles/nixos/common/syncthing.nix rename to modules/nixos/common/syncthing.nix diff --git a/profiles/nixos/common/systemd.nix b/modules/nixos/common/systemd.nix similarity index 100% rename from profiles/nixos/common/systemd.nix rename to modules/nixos/common/systemd.nix diff --git a/profiles/nixos/common/time.nix b/modules/nixos/common/time.nix similarity index 100% rename from profiles/nixos/common/time.nix rename to modules/nixos/common/time.nix diff --git a/profiles/nixos/common/users.nix b/modules/nixos/common/users.nix similarity index 100% rename from profiles/nixos/common/users.nix rename to modules/nixos/common/users.nix diff --git a/profiles/nixos/common/xdg-portal.nix b/modules/nixos/common/xdg-portal.nix similarity index 100% rename from profiles/nixos/common/xdg-portal.nix rename to modules/nixos/common/xdg-portal.nix diff --git a/profiles/nixos/common/xserver.nix b/modules/nixos/common/xserver.nix similarity index 100% rename from profiles/nixos/common/xserver.nix rename to modules/nixos/common/xserver.nix diff --git a/profiles/nixos/common/zsh.nix b/modules/nixos/common/zsh.nix similarity index 100% rename from profiles/nixos/common/zsh.nix rename to modules/nixos/common/zsh.nix diff --git a/profiles/nixos/optional/autologin.nix b/modules/nixos/optional/autologin.nix similarity index 100% rename from profiles/nixos/optional/autologin.nix rename to modules/nixos/optional/autologin.nix diff --git a/profiles/nixos/optional/gaming.nix b/modules/nixos/optional/gaming.nix similarity index 100% rename from profiles/nixos/optional/gaming.nix rename to modules/nixos/optional/gaming.nix diff --git a/profiles/nixos/optional/nswitch-rcm.nix b/modules/nixos/optional/nswitch-rcm.nix similarity index 100% rename from profiles/nixos/optional/nswitch-rcm.nix rename to modules/nixos/optional/nswitch-rcm.nix diff --git a/profiles/nixos/optional/virtualbox.nix b/modules/nixos/optional/virtualbox.nix similarity index 100% rename from profiles/nixos/optional/virtualbox.nix rename to modules/nixos/optional/virtualbox.nix diff --git a/profiles/nixos/optional/vmware.nix b/modules/nixos/optional/vmware.nix similarity index 100% rename from profiles/nixos/optional/vmware.nix rename to modules/nixos/optional/vmware.nix diff --git a/profiles/nixos/optional/work.nix b/modules/nixos/optional/work.nix similarity index 100% rename from profiles/nixos/optional/work.nix rename to modules/nixos/optional/work.nix diff --git a/profiles/nixos/server/ankisync.nix b/modules/nixos/server/ankisync.nix similarity index 100% rename from profiles/nixos/server/ankisync.nix rename to modules/nixos/server/ankisync.nix diff --git a/modules/nixos/server/default.nix b/modules/nixos/server/default.nix new file mode 100644 index 0000000..6829f0f --- /dev/null +++ b/modules/nixos/server/default.nix @@ -0,0 +1,20 @@ +{ self, lib, ... }: +let + importNames = lib.swarselsystems.readNix "modules/nixos/server"; + modulesPath = "${self}/modules"; +in +{ + imports = lib.swarselsystems.mkImports importNames "modules/nixos/server" ++ [ + "${modulesPath}/nixos/common/settings.nix" + "${modulesPath}/nixos/common/home-manager.nix" + "${modulesPath}/nixos/common/home-manager-extra.nix" + "${modulesPath}/nixos/common/xserver.nix" + "${modulesPath}/nixos/common/gc.nix" + "${modulesPath}/nixos/common/store.nix" + "${modulesPath}/nixos/common/time.nix" + "${modulesPath}/nixos/common/users.nix" + "${modulesPath}/nixos/common/nix-ld.nix" + "${modulesPath}/nixos/common/sharedsetup.nix" + "${modulesPath}/home/common/sharedsetup.nix" + ]; +} diff --git a/profiles/nixos/server/emacs.nix b/modules/nixos/server/emacs.nix similarity index 100% rename from profiles/nixos/server/emacs.nix rename to modules/nixos/server/emacs.nix diff --git a/profiles/nixos/server/forgejo.nix b/modules/nixos/server/forgejo.nix similarity index 100% rename from profiles/nixos/server/forgejo.nix rename to modules/nixos/server/forgejo.nix diff --git a/profiles/nixos/server/freshrss.nix b/modules/nixos/server/freshrss.nix similarity index 100% rename from profiles/nixos/server/freshrss.nix rename to modules/nixos/server/freshrss.nix diff --git a/profiles/nixos/server/immich.nix b/modules/nixos/server/immich.nix similarity index 100% rename from profiles/nixos/server/immich.nix rename to modules/nixos/server/immich.nix diff --git a/profiles/nixos/server/jellyfin.nix b/modules/nixos/server/jellyfin.nix similarity index 100% rename from profiles/nixos/server/jellyfin.nix rename to modules/nixos/server/jellyfin.nix diff --git a/profiles/nixos/server/jenkins.nix b/modules/nixos/server/jenkins.nix similarity index 100% rename from profiles/nixos/server/jenkins.nix rename to modules/nixos/server/jenkins.nix diff --git a/profiles/nixos/server/kavita.nix b/modules/nixos/server/kavita.nix similarity index 100% rename from profiles/nixos/server/kavita.nix rename to modules/nixos/server/kavita.nix diff --git a/profiles/nixos/server/matrix.nix b/modules/nixos/server/matrix.nix similarity index 100% rename from profiles/nixos/server/matrix.nix rename to modules/nixos/server/matrix.nix diff --git a/profiles/nixos/server/monitoring.nix b/modules/nixos/server/monitoring.nix similarity index 100% rename from profiles/nixos/server/monitoring.nix rename to modules/nixos/server/monitoring.nix diff --git a/profiles/nixos/server/mpd.nix b/modules/nixos/server/mpd.nix similarity index 100% rename from profiles/nixos/server/mpd.nix rename to modules/nixos/server/mpd.nix diff --git a/profiles/nixos/server/navidrome.nix b/modules/nixos/server/navidrome.nix similarity index 100% rename from profiles/nixos/server/navidrome.nix rename to modules/nixos/server/navidrome.nix diff --git a/profiles/nixos/server/nextcloud.nix b/modules/nixos/server/nextcloud.nix similarity index 100% rename from profiles/nixos/server/nextcloud.nix rename to modules/nixos/server/nextcloud.nix diff --git a/profiles/nixos/server/nfs.nix b/modules/nixos/server/nfs.nix similarity index 100% rename from profiles/nixos/server/nfs.nix rename to modules/nixos/server/nfs.nix diff --git a/profiles/nixos/server/nginx.nix b/modules/nixos/server/nginx.nix similarity index 100% rename from profiles/nixos/server/nginx.nix rename to modules/nixos/server/nginx.nix diff --git a/profiles/nixos/server/packages.nix b/modules/nixos/server/packages.nix similarity index 100% rename from profiles/nixos/server/packages.nix rename to modules/nixos/server/packages.nix diff --git a/profiles/nixos/server/paperless.nix b/modules/nixos/server/paperless.nix similarity index 100% rename from profiles/nixos/server/paperless.nix rename to modules/nixos/server/paperless.nix diff --git a/profiles/nixos/server/pipewire.nix b/modules/nixos/server/pipewire.nix similarity index 100% rename from profiles/nixos/server/pipewire.nix rename to modules/nixos/server/pipewire.nix diff --git a/profiles/nixos/server/restic.nix b/modules/nixos/server/restic.nix similarity index 100% rename from profiles/nixos/server/restic.nix rename to modules/nixos/server/restic.nix diff --git a/profiles/nixos/server/settings.nix b/modules/nixos/server/settings.nix similarity index 100% rename from profiles/nixos/server/settings.nix rename to modules/nixos/server/settings.nix diff --git a/profiles/nixos/server/sops.nix b/modules/nixos/server/sops.nix similarity index 100% rename from profiles/nixos/server/sops.nix rename to modules/nixos/server/sops.nix diff --git a/profiles/nixos/server/spotifyd.nix b/modules/nixos/server/spotifyd.nix similarity index 100% rename from profiles/nixos/server/spotifyd.nix rename to modules/nixos/server/spotifyd.nix diff --git a/profiles/nixos/server/ssh.nix b/modules/nixos/server/ssh.nix similarity index 100% rename from profiles/nixos/server/ssh.nix rename to modules/nixos/server/ssh.nix diff --git a/profiles/nixos/server/syncthing.nix b/modules/nixos/server/syncthing.nix similarity index 100% rename from profiles/nixos/server/syncthing.nix rename to modules/nixos/server/syncthing.nix diff --git a/profiles/nixos/server/transmission.nix b/modules/nixos/server/transmission.nix similarity index 100% rename from profiles/nixos/server/transmission.nix rename to modules/nixos/server/transmission.nix diff --git a/profiles/darwin/home/default.nix b/profiles/darwin/home/default.nix deleted file mode 100644 index 7ddcb42..0000000 --- a/profiles/darwin/home/default.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ self, ... }: -let - profilesPath = "${self}/profiles"; -in -{ - imports = [ - "${profilesPath}/home/common/settings.nix" - "${profilesPath}/home/common/sharedsetup.nix" - ]; -} diff --git a/profiles/home/common/default.nix b/profiles/home/common/default.nix deleted file mode 100644 index 12d068a..0000000 --- a/profiles/home/common/default.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ lib, ... }: -let - importNames = lib.swarselsystems.readNix "profiles/home/common"; -in -{ - imports = lib.swarselsystems.mkImports importNames "profiles/home/common"; -} diff --git a/modules/home/default.nix b/profiles/home/default.nix similarity index 53% rename from modules/home/default.nix rename to profiles/home/default.nix index 65c4bb6..50594fd 100644 --- a/modules/home/default.nix +++ b/profiles/home/default.nix @@ -1,5 +1,5 @@ { lib, ... }: let - moduleNames = lib.swarselsystems.readNix "modules/home"; + moduleNames = lib.swarselsystems.readNix "profiles/home"; in lib.swarselsystems.mkModules moduleNames "home" diff --git a/profiles/home/server/default.nix b/profiles/home/server/default.nix deleted file mode 100644 index 9dc5b33..0000000 --- a/profiles/home/server/default.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ self, lib, ... }: -let - importNames = lib.swarselsystems.readNix "profiles/home/server"; - profilesPath = "${self}/profiles"; -in -{ - imports = lib.swarselsystems.mkImports importNames "profiles/home/server" ++ [ - "${profilesPath}/home/common/settings.nix" - "${profilesPath}/home/common/sharedsetup.nix" - ]; -} diff --git a/profiles/nixos/common/default.nix b/profiles/nixos/common/default.nix deleted file mode 100644 index 57a7817..0000000 --- a/profiles/nixos/common/default.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ self, lib, ... }: -let - importNames = lib.swarselsystems.readNix "profiles/nixos/common"; - profilesPath = "${self}/profiles"; -in -{ - imports = lib.swarselsystems.mkImports importNames "profiles/nixos/common" ++ [ - "${profilesPath}/home/common/sharedsetup.nix" - ]; - - nixpkgs.config.permittedInsecurePackages = [ - "jitsi-meet-1.0.8043" - "electron-29.4.6" - "SDL_ttf-2.0.11" - ]; - -} diff --git a/modules/nixos/default.nix b/profiles/nixos/default.nix similarity index 53% rename from modules/nixos/default.nix rename to profiles/nixos/default.nix index 12606ea..51cd30d 100644 --- a/modules/nixos/default.nix +++ b/profiles/nixos/default.nix @@ -1,5 +1,5 @@ { lib, ... }: let - moduleNames = lib.swarselsystems.readNix "modules/nixos"; + moduleNames = lib.swarselsystems.readNix "profiles/nixos"; in lib.swarselsystems.mkModules moduleNames "nixos" diff --git a/profiles/nixos/server/default.nix b/profiles/nixos/server/default.nix deleted file mode 100644 index 55d7108..0000000 --- a/profiles/nixos/server/default.nix +++ /dev/null @@ -1,20 +0,0 @@ -{ self, lib, ... }: -let - importNames = lib.swarselsystems.readNix "profiles/nixos/server"; - profilesPath = "${self}/profiles"; -in -{ - imports = lib.swarselsystems.mkImports importNames "profiles/nixos/server" ++ [ - "${profilesPath}/nixos/common/settings.nix" - "${profilesPath}/nixos/common/home-manager.nix" - "${profilesPath}/nixos/common/home-manager-extra.nix" - "${profilesPath}/nixos/common/xserver.nix" - "${profilesPath}/nixos/common/gc.nix" - "${profilesPath}/nixos/common/store.nix" - "${profilesPath}/nixos/common/time.nix" - "${profilesPath}/nixos/common/users.nix" - "${profilesPath}/nixos/common/nix-ld.nix" - "${profilesPath}/nixos/common/sharedsetup.nix" - "${profilesPath}/home/common/sharedsetup.nix" - ]; -} diff --git a/scripts/swarsel-install.sh b/scripts/swarsel-install.sh index 6681f1f..6e7cb18 100644 --- a/scripts/swarsel-install.sh +++ b/scripts/swarsel-install.sh @@ -95,12 +95,12 @@ if [[ $local_keys != *"${pub_arr[1]}"* ]]; then sed -i '/nix-secrets = {/,/^[[:space:]]*};/d' flake.nix sed -i '/vbc-nix = {/,/^[[:space:]]*};/d' flake.nix sed -i '/[[:space:]]*\/\/ (inputs.vbc-nix.overlays.default final prev)/d' overlays/default.nix - rm profiles/home/common/env.nix - rm profiles/home/common/gammastep.nix - rm profiles/home/common/git.nix - rm profiles/home/common/mail.nix - rm profiles/home/common/yubikey.nix - rm profiles/nixos/common/home-manager-extra.nix + rm modules/home/common/env.nix + rm modules/home/common/gammastep.nix + rm modules/home/common/git.nix + rm modules/home/common/mail.nix + rm modules/home/common/yubikey.nix + rm modules/nixos/common/home-manager-extra.nix nix flake update vbc-nix git add . else diff --git a/scripts/swarsel-rebuild.sh b/scripts/swarsel-rebuild.sh index 29eb07e..0801648 100644 --- a/scripts/swarsel-rebuild.sh +++ b/scripts/swarsel-rebuild.sh @@ -77,12 +77,12 @@ if [[ $local_keys != *"${pub_arr[1]}"* ]]; then sed -i '/nix-secrets = {/,/^[[:space:]]*};/d' flake.nix sed -i '/vbc-nix = {/,/^[[:space:]]*};/d' flake.nix sed -i '/[[:space:]]*\/\/ (inputs.vbc-nix.overlays.default final prev)/d' overlays/default.nix - rm profiles/home/common/env.nix - rm profiles/home/common/gammastep.nix - rm profiles/home/common/git.nix - rm profiles/home/common/mail.nix - rm profiles/home/common/yubikey.nix - rm profiles/nixos/common/home-manager-extra.nix + rm modules/home/common/env.nix + rm modules/home/common/gammastep.nix + rm modules/home/common/git.nix + rm modules/home/common/mail.nix + rm modules/home/common/yubikey.nix + rm modules/nixos/common/home-manager-extra.nix nix flake update vbc-nix git add . else diff --git a/templates/hosts/nixos/default.nix b/templates/hosts/nixos/default.nix index 1256bde..bd3eee3 100644 --- a/templates/hosts/nixos/default.nix +++ b/templates/hosts/nixos/default.nix @@ -1,6 +1,6 @@ { self, inputs, pkgs, lib, primaryUser, ... }: let - profilesPath = "${self}/profiles"; + modulesPath = "${self}/modules"; sharedOptions = { isBtrfs = true; }; @@ -13,16 +13,16 @@ in ./hardware-configuration.nix ./disk-config.nix - "${profilesPath}/nixos/optional/virtualbox.nix" - # "${profilesPath}/nixos/optional/vmware.nix" - "${profilesPath}/nixos/optional/autologin.nix" - "${profilesPath}/nixos/optional/nswitch-rcm.nix" - "${profilesPath}/nixos/optional/gaming.nix" + "${modulesPath}/nixos/optional/virtualbox.nix" + # "${modulesPath}/nixos/optional/vmware.nix" + "${modulesPath}/nixos/optional/autologin.nix" + "${modulesPath}/nixos/optional/nswitch-rcm.nix" + "${modulesPath}/nixos/optional/gaming.nix" inputs.home-manager.nixosModules.home-manager { home-manager.users."${primaryUser}".imports = [ - "${profilesPath}/home/optional/gaming.nix" + "${modulesPath}/home/optional/gaming.nix" ]; } ]; From ecd37537ccf06eb4906a7d20371052f7c5daf093 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leon=20Schwarz=C3=A4ugl?= Date: Mon, 31 Mar 2025 18:29:07 +0200 Subject: [PATCH 03/13] refactor: WIP --- SwarselSystems.org | 2226 ++++++++++------- hosts/nixos/nbl-imba-2/default.nix | 2 + lib/default.nix | 12 + modules/home/common/symlink.nix | 1 + modules/nixos/common/appimage.nix | 12 +- modules/nixos/common/blueman.nix | 9 +- modules/nixos/common/default.nix | 5 - modules/nixos/common/distrobox.nix | 22 +- modules/nixos/common/env.nix | 26 +- modules/nixos/common/gc.nix | 15 +- modules/nixos/common/gnome-keyring.nix | 13 +- modules/nixos/common/gvfs.nix | 7 +- modules/nixos/common/hardware.nix | 3 +- .../hardwarecompatibility-keyboards.nix | 15 +- .../common/hardwarecompatibility-ledger.nix | 13 +- .../common/hardwarecompatibility-yubikey.nix | 25 +- modules/nixos/common/home-manager-extra.nix | 7 +- modules/nixos/common/home-manager.nix | 12 +- modules/nixos/common/impermanence.nix | 157 +- modules/nixos/common/interceptiontools.nix | 51 +- modules/nixos/common/lanzaboote.nix | 21 +- modules/nixos/common/lid.nix | 61 +- modules/nixos/common/login.nix | 35 +- modules/nixos/common/lowbattery.nix | 45 +- modules/nixos/common/network.nix | 443 ++-- modules/nixos/common/networkdevices.nix | 53 +- modules/nixos/common/nix-ld.nix | 217 +- modules/nixos/common/nvd-rebuild.nix | 17 +- modules/nixos/common/packages.nix | 170 +- modules/nixos/common/pipewire.nix | 24 +- modules/nixos/common/polkit.nix | 32 +- .../nixos/common/power-profiles-daemon.nix | 7 +- modules/nixos/common/programs.nix | 13 +- modules/nixos/common/pulseaudio.nix | 9 +- modules/nixos/common/settings.nix | 76 +- modules/nixos/common/sops.nix | 81 +- modules/nixos/common/store.nix | 11 +- modules/nixos/common/stylix.nix | 21 +- modules/nixos/common/sway.nix | 37 +- modules/nixos/common/syncthing.nix | 87 +- modules/nixos/common/systemd.nix | 15 +- modules/nixos/common/time.nix | 37 +- modules/nixos/common/users.nix | 23 +- modules/nixos/common/xdg-portal.nix | 29 +- modules/nixos/common/xserver.nix | 13 +- modules/nixos/common/zsh.nix | 13 +- profiles/home/default.nix | 2 +- profiles/nixos/default.nix | 2 +- profiles/nixos/personal/default.nix | 51 + programs/firefox/chrome/userChrome.css | 18 + .../tridactyl/themes/.#base16-codeschool.css | 1 + programs/firefox/tridactyl/tridactylrc | 4 +- programs/stylix/.#swarsel.yaml | 1 + 53 files changed, 2370 insertions(+), 1932 deletions(-) create mode 100644 profiles/nixos/personal/default.nix create mode 120000 programs/firefox/tridactyl/themes/.#base16-codeschool.css create mode 120000 programs/stylix/.#swarsel.yaml diff --git a/SwarselSystems.org b/SwarselSystems.org index 8008f3e..b37fa1f 100644 --- a/SwarselSystems.org +++ b/SwarselSystems.org @@ -824,6 +824,7 @@ My work machine. Built for more security, this is the gold standard of my config "${modulesPath}/nixos/optional/nswitch-rcm.nix" "${modulesPath}/nixos/optional/gaming.nix" "${modulesPath}/nixos/optional/work.nix" + "${self}/profiles/nixos" inputs.home-manager.nixosModules.home-manager { @@ -891,6 +892,7 @@ My work machine. Built for more security, this is the gold standard of my config swarselsystems = lib.recursiveUpdate { + profiles.personal = true; wallpaper = self + /wallpaper/lenovowp.png; hasBluetooth = true; hasFingerprint = true; @@ -3805,7 +3807,64 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a let moduleNames = lib.swarselsystems.readNix "profiles/nixos"; in - lib.swarselsystems.mkModules moduleNames "nixos" + lib.swarselsystems.mkProfiles moduleNames "nixos" + +#+end_src + +***** Personal + +#+begin_src nix :tangle profiles/nixos/personal/default.nix :mkdirp yes + { lib, config, ... }: + { + options.swarselsystems.profiles.personalz = lib.mkEnableOption "is this a personal host"; + config = lib.mkIf config.swarselsystems.profiles.personalz { + config.swarselsystems.modules = { + packages = lib.mkDefault true; + general = lib.mkDefault true; + home-manager = lib.mkDefault true; + home-managerExtra = lib.mkDefault true; + xserver = lib.mkDefault true; + users = lib.mkDefault true; + env = lib.mkDefault true; + security = lib.mkDefault true; + gc = lib.mkDefault true; + storeOptimize = lib.mkDefault true; + systemdTimeout = lib.mkDefault true; + hardware = lib.mkDefault true; + pulseaudio = lib.mkDefault true; + pipewire = lib.mkDefault true; + network = lib.mkDefault true; + time = lib.mkDefault true; + commonSops = lib.mkDefault true; + stylix = lib.mkDefault true; + programs = lib.mkDefault true; + zsh = lib.mkDefault true; + syncthing = lib.mkDefault true; + blueman = lib.mkDefault true; + networkDevices = lib.mkDefault true; + gvfs = lib.mkDefault true; + interceptionTools = lib.mkDefault true; + ppd = lib.mkDefault true; + yubikey = lib.mkDefault true; + ledger = lib.mkDefault true; + keyboards = lib.mkDefault true; + login = lib.mkDefault true; + nix-ld = lib.mkDefault true; + impermanence = lib.mkDefault true; + nvd = lib.mkDefault true; + gnome-keyring = lib.mkDefault true; + sway = lib.mkDefault true; + xdg-portal = lib.mkDefault true; + distrobox = lib.mkDefault true; + appimage = lib.mkDefault true; + lid = lib.mkDefault true; + lowBattery = lib.mkDefault true; + lanzaboote = lib.mkDefault true; + }; + + }; + + } #+end_src @@ -3821,7 +3880,7 @@ This holds modules that are to be used on most hosts. These are also the most im let moduleNames = lib.swarselsystems.readNix "profiles/home"; in - lib.swarselsystems.mkModules moduleNames "home" + lib.swarselsystems.mkProfiles moduleNames "home" #+end_src *** Library functions @@ -3872,6 +3931,11 @@ TODO } ); + mkTrueOption = lib.mkOption { + type = lib.types.bool; + default = true; + }; + getSecret = filename: lib.strings.trim (builtins.readFile "${filename}"); forEachSystem = f: lib.genAttrs (import systems) (system: f lib.swarselsystems.pkgsFor.${system}); @@ -3978,6 +4042,13 @@ TODO }) names); + mkProfiles = names: type: builtins.listToAttrs (map + (name: { + inherit name; + value = import "${self}/profiles/${type}/${name}"; + }) + names); + mkTemplates = names: builtins.listToAttrs (map (name: { inherit name; @@ -4034,11 +4105,6 @@ This section is for setting things that should be used on hosts that are using t "${modulesPath}/home/common/sharedsetup.nix" ]; - nixpkgs.config.permittedInsecurePackages = [ - "jitsi-meet-1.0.8043" - "electron-29.4.6" - "SDL_ttf-2.0.11" - ]; } @@ -4115,48 +4181,48 @@ A breakdown of the flags being set: #+begin_src nix :tangle modules/nixos/common/settings.nix { lib, config, outputs, inputs, ... }: { - - nixpkgs = { - overlays = [ outputs.overlays.default ]; - config = { - allowUnfree = true; - }; - }; - - nix = - let - flakeInputs = lib.filterAttrs (_: lib.isType "flake") inputs; - in - { - settings = { - experimental-features = [ - "nix-command" - "flakes" - "ca-derivations" - "cgroups" - "pipe-operators" - ]; - trusted-users = [ "@wheel" "${config.swarselsystems.mainUser}" ]; - connect-timeout = 5; - bash-prompt-prefix = "$SHLVL:\\w "; - bash-prompt = "$(if [[ $? -gt 0 ]]; then printf \"\"; else printf \"\"; fi)\[\e[1m\]λ\[\e[0m\] "; - fallback = true; - min-free = 128000000; - max-free = 1000000000; - flake-registry = ""; - auto-optimise-store = true; - warn-dirty = false; - max-jobs = 1; - use-cgroups = lib.mkIf config.swarselsystems.isLinux true; + options.swarselsystems.modules.general = lib.mkEnableOption "general nix settings"; + config = lib.mkIf config.swarselsystems.modules.general { + nixpkgs = { + overlays = [ outputs.overlays.default ]; + config = { + allowUnfree = true; }; - channel.enable = false; - registry = lib.mapAttrs (_: flake: { inherit flake; }) flakeInputs; - nixPath = lib.mapAttrsToList (n: _: "${n}=flake:${n}") flakeInputs; }; + nix = + let + flakeInputs = lib.filterAttrs (_: lib.isType "flake") inputs; + in + { + settings = { + experimental-features = [ + "nix-command" + "flakes" + "ca-derivations" + "cgroups" + "pipe-operators" + ]; + trusted-users = [ "@wheel" "${config.swarselsystems.mainUser}" ]; + connect-timeout = 5; + bash-prompt-prefix = "$SHLVL:\\w "; + bash-prompt = "$(if [[ $? -gt 0 ]]; then printf \"\"; else printf \"\"; fi)\[\e[1m\]λ\[\e[0m\] "; + fallback = true; + min-free = 128000000; + max-free = 1000000000; + flake-registry = ""; + auto-optimise-store = true; + warn-dirty = false; + max-jobs = 1; + use-cgroups = lib.mkIf config.swarselsystems.isLinux true; + }; + channel.enable = false; + registry = lib.mapAttrs (_: flake: { inherit flake; }) flakeInputs; + nixPath = lib.mapAttrsToList (n: _: "${n}=flake:${n}") flakeInputs; + }; - system.stateVersion = lib.mkDefault "23.05"; - + system.stateVersion = lib.mkDefault "23.05"; + }; } #+end_src @@ -4168,128 +4234,88 @@ A breakdown of the flags being set: Mostly used to install some compilers and lsp's that I want to have available when not using a devShell flake. Most other packages should go in [[#h:893a7f33-7715-415b-a895-2687ded31c18][Installed packages]]. #+begin_src nix :tangle modules/nixos/common/packages.nix - { pkgs, ... }: + { lib, config, pkgs, ... }: { - environment.systemPackages = with pkgs; [ - # yubikey packages - gnupg - yubikey-personalization - yubikey-personalization-gui - yubico-pam - yubioath-flutter - yubikey-manager - yubikey-manager-qt - yubikey-touch-detector - yubico-piv-tool - cfssl - pcsctools - pcscliteWithPolkit.out + options.swarselsystems.modules.packages = lib.mkEnableOption "install packages"; + config = lib.mkIf config.swarselsystems.modules.packages { + environment.systemPackages = with pkgs; [ + # yubikey packages + gnupg + yubikey-personalization + yubikey-personalization-gui + yubico-pam + yubioath-flutter + yubikey-manager + yubikey-manager-qt + yubikey-touch-detector + yubico-piv-tool + cfssl + pcsctools + pcscliteWithPolkit.out - # ledger packages - ledger-live-desktop + # ledger packages + ledger-live-desktop - # pinentry - dbus - swaylock-effects - syncthingtray-minimal - wl-mirror + # pinentry + dbus + swaylock-effects + syncthingtray-minimal + wl-mirror - # secure boot - sbctl + # secure boot + sbctl - libsForQt5.qt5.qtwayland + libsForQt5.qt5.qtwayland - # nix package database - nix-index - nixos-generators + # nix package database + nix-index + nixos-generators - # commit hooks - pre-commit + # commit hooks + pre-commit - # proc info - acpi + # proc info + acpi - # pci info - pciutils - usbutils + # pci info + pciutils + usbutils - # better make for general tasks - just + # better make for general tasks + just - screenshare - fullscreen + screenshare + fullscreen - # keyboards - qmk - vial - via + # keyboards + qmk + vial + via - # theme related - adwaita-icon-theme + # theme related + adwaita-icon-theme - # kde-connect - xdg-desktop-portal - xdg-desktop-portal-wlr + # kde-connect + xdg-desktop-portal + xdg-desktop-portal-wlr - # bluetooth - bluez + # bluetooth + bluez + ghostscript_headless + wireguard-tools + nixd + zig + zls + ansible-language-server - # lsp-related ------------------------------- - # nix - # latex - # texlab - ghostscript_headless - # wireguard - wireguard-tools - # rust - # rust-analyzer - # clippy - # rustfmt - # go - # go - # gopls - # nix - nixd - # zig - zig - zls - # cpp - # clang-tools - # + cuda - # cudatoolkit - # ansible - # ansible-lint - ansible-language-server - # molecule - #lsp-bridge / python - # gcc - # gdb - # (python3.withPackages (ps: with ps; [ jupyter ipython pyqt5 epc orjson sexpdata six setuptools paramiko numpy pandas scipy matplotlib requests debugpy flake8 gnureadline python-lsp-server ])) - # (python3.withPackages(ps: with ps; [ jupyter ipython pyqt5 numpy pandas scipy matplotlib requests debugpy flake8 gnureadline python-lsp-server])) - # -------------------------------------------- + ]; - # (stdenv.mkDerivation { - # name = "oama"; - - # src = pkgs.fetchurl { - # name = "oama"; - # url = "https://github.com/pdobsan/oama/releases/download/0.13.1/oama-0.13.1-Linux-x86_64-static.tgz"; - # sha256 = "sha256-OTdCObVfnMPhgZxVtZqehgUXtKT1iyqozdkPIV+i3Gc="; - # }; - - # phases = [ - # "unpackPhase" - # ]; - - # unpackPhase = '' - # mkdir -p $out/bin - # tar xvf $src -C $out/ - # mv $out/oama-0.13.1-Linux-x86_64-static/oama $out/bin/ - # ''; - - # }) - - ]; + nixpkgs.config.permittedInsecurePackages = [ + "jitsi-meet-1.0.8043" + "electron-29.4.6" + "SDL_ttf-2.0.11" + ]; + }; } #+end_src @@ -4303,10 +4329,14 @@ We enable the use of =home-manager= as a NixoS module. A nice trick here is the #+begin_src nix :tangle modules/nixos/common/home-manager.nix { inputs, config, lib, ... }: { - home-manager = lib.mkIf config.swarselsystems.withHomeManager { - useGlobalPkgs = true; - useUserPackages = true; - extraSpecialArgs = { inherit (inputs) self; }; + + options.swarselsystems.modules.home-manager = lib.mkEnableOption "home-manager"; + config = lib.mkIf config.swarselsystems.modules.home-manager { + home-manager = lib.mkIf config.swarselsystems.withHomeManager { + useGlobalPkgs = true; + useUserPackages = true; + extraSpecialArgs = { inherit (inputs) self; }; + }; }; } #+end_src @@ -4321,8 +4351,11 @@ This sets up the =nix-secrets= extraSpeciaArgs. This should not be present on th #+begin_src nix :tangle modules/nixos/common/home-manager-extra.nix { inputs, config, lib, ... }: { - home-manager = lib.mkIf config.swarselsystems.withHomeManager { - extraSpecialArgs = { inherit (inputs) nix-secrets nixgl; }; + options.swarselsystems.modules.home-managerExtra = lib.mkEnableOption "home-manager extras for non-chaostheatre"; + config = lib.mkIf config.swarselsystems.modules.home-managerExtra { + home-manager = lib.mkIf config.swarselsystems.withHomeManager { + extraSpecialArgs = { inherit (inputs) nix-secrets nixgl; }; + }; }; } #+end_src @@ -4335,12 +4368,15 @@ This sets up the =nix-secrets= extraSpeciaArgs. This should not be present on th Next, we setup the keymap in case we are not in a graphical session. At this point, I always resort to us/altgr-intl, as it is comfortable to use and I do not write too much German anyways. #+begin_src nix :tangle modules/nixos/common/xserver.nix - _: + { lib, config, ... }: { - services.xserver = { - xkb = { - layout = "us"; - variant = "altgr-intl"; + options.swarselsystems.modules.xserver = lib.mkEnableOption "xserver keymap"; + config = lib.mkIf config.swarselsystems.modules.packages { + services.xserver = { + xkb = { + layout = "us"; + variant = "altgr-intl"; + }; }; }; } @@ -4359,17 +4395,20 @@ For that reason, make sure that =sops-nix= is properly working before setting th #+begin_src nix :tangle modules/nixos/common/users.nix { pkgs, config, lib, ... }: { - sops.secrets.swarseluser = lib.mkIf (!config.swarselsystems.isPublic) { neededForUsers = true; }; + options.swarselsystems.modules.users = lib.mkEnableOption "user config"; + config = lib.mkIf config.swarselsystems.modules.users { + sops.secrets.swarseluser = lib.mkIf (!config.swarselsystems.isPublic) { neededForUsers = true; }; - users = { - mutableUsers = lib.mkIf (!config.swarselsystems.initialSetup) false; - users."${config.swarselsystems.mainUser}" = { - isNormalUser = true; - description = "Leon S"; - password = lib.mkIf config.swarselsystems.initialSetup "setup"; - hashedPasswordFile = lib.mkIf (!config.swarselsystems.initialSetup) config.sops.secrets.swarseluser.path; - extraGroups = [ "networkmanager" "syncthing" "docker" "wheel" "lp" "audio" "video" "vboxusers" "libvirtd" "scanner" ]; - packages = with pkgs; [ ]; + users = { + mutableUsers = lib.mkIf (!config.swarselsystems.initialSetup) false; + users."${config.swarselsystems.mainUser}" = { + isNormalUser = true; + description = "Leon S"; + password = lib.mkIf config.swarselsystems.initialSetup "setup"; + hashedPasswordFile = lib.mkIf (!config.swarselsystems.initialSetup) config.sops.secrets.swarseluser.path; + extraGroups = [ "networkmanager" "syncthing" "docker" "wheel" "lp" "audio" "video" "vboxusers" "libvirtd" "scanner" ]; + packages = with pkgs; [ ]; + }; }; }; } @@ -4383,21 +4422,23 @@ For that reason, make sure that =sops-nix= is properly working before setting th Next, we will setup some environment variables that need to be set on the system-side. We apply some compatibility options for chromium apps on wayland, enable the wordlist and make metadata reading possible for my file explorer (nautilus). #+begin_src nix :tangle modules/nixos/common/env.nix - { lib, pkgs, ... }: + { lib, config, pkgs, ... }: { - environment = { - wordlist.enable = true; - sessionVariables = { - NIXOS_OZONE_WL = "1"; - GST_PLUGIN_SYSTEM_PATH_1_0 = lib.makeSearchPathOutput "lib" "lib/gstreamer-1.0" (with pkgs.gst_all_1; [ - gst-plugins-good - gst-plugins-bad - gst-plugins-ugly - gst-libav - ]); + options.swarselsystems.modules.env = lib.mkEnableOption "environment config"; + config = lib.mkIf config.swarselsystems.modules.env { + environment = { + wordlist.enable = true; + sessionVariables = { + NIXOS_OZONE_WL = "1"; + GST_PLUGIN_SYSTEM_PATH_1_0 = lib.makeSearchPathOutput "lib" "lib/gstreamer-1.0" (with pkgs.gst_all_1; [ + gst-plugins-good + gst-plugins-bad + gst-plugins-ugly + gst-libav + ]); + }; }; }; - # gstreamer plugins for nautilus (used for file metadata) } #+end_src @@ -4409,25 +4450,27 @@ Next, we will setup some environment variables that need to be set on the system Needed for control over system-wide privileges etc. Also I make sure that the root user has access to =SSH_AUTH_SOCK= (without this, root will not be able to read my =nix-secrets= repository). #+begin_src nix :tangle modules/nixos/common/polkit.nix - _: + { lib, config, ... }: { + options.swarselsystems.modules.security = lib.mkEnableOption "security config"; + config = lib.mkIf config.swarselsystems.modules.security { - security = { - pam.services = { - login.u2fAuth = true; - sudo.u2fAuth = true; - swaylock.u2fAuth = true; - swaylock.fprintAuth = false; + security = { + pam.services = { + login.u2fAuth = true; + sudo.u2fAuth = true; + swaylock.u2fAuth = true; + swaylock.fprintAuth = false; + }; + polkit.enable = true; + + sudo.extraConfig = '' + Defaults env_keep+=SSH_AUTH_SOCK + Defaults env_keep+=XDG_RUNTIME_DIR + Defaults env_keep+=WAYLAND_DISPLAY + ''; }; - polkit.enable = true; - - sudo.extraConfig = '' - Defaults env_keep+=SSH_AUTH_SOCK - Defaults env_keep+=XDG_RUNTIME_DIR - Defaults env_keep+=WAYLAND_DISPLAY - ''; }; - } #+end_src @@ -4439,13 +4482,16 @@ Needed for control over system-wide privileges etc. Also I make sure that the ro The nix store fills up over time, until =/boot/efi= is filled. This snippet cleans it automatically on a weekly basis. #+begin_src nix :tangle modules/nixos/common/gc.nix - _: + { lib, config, ... }: { - nix.gc = { - automatic = true; - randomizedDelaySec = "14m"; - dates = "weekly"; - options = "--delete-older-than 10d"; + options.swarselsystems.modules.gc = lib.mkEnableOption "garbage collection config"; + config = lib.mkIf config.swarselsystems.modules.gc { + nix.gc = { + automatic = true; + randomizedDelaySec = "14m"; + dates = "weekly"; + options = "--delete-older-than 10d"; + }; }; } #+end_src @@ -4458,11 +4504,14 @@ The nix store fills up over time, until =/boot/efi= is filled. This snippet clea This enables hardlinking identical files in the nix store, to save on disk space. I have read this incurs a significant I/O overhead, I need to keep an eye on this. #+begin_src nix :tangle modules/nixos/common/store.nix - _: + { lib, config, ... }: { - nix.optimise = { - automatic = true; - dates = [ "weekly" ]; + options.swarselsystems.modules.storeOptimize = lib.mkEnableOption "store optimization config"; + config = lib.mkIf config.swarselsystems.modules.storeOptimize { + nix.optimise = { + automatic = true; + dates = [ "weekly" ]; + }; }; } @@ -4476,13 +4525,16 @@ This enables hardlinking identical files in the nix store, to save on disk space There is a persistent bug over Linux kernels that makes the user wait 1m30s on system shutdown due to the reason =a stop job is running for session 1 of user ...=. I do not want to wait that long and am confident no important data is lost by doing this. #+begin_src nix :tangle modules/nixos/common/systemd.nix - _: + { lib, config, ... }: { - # systemd - systemd.extraConfig = '' - DefaultTimeoutStartSec=60s - DefaultTimeoutStopSec=15s - ''; + options.swarselsystems.modules.systemdTimeout = lib.mkEnableOption "systemd timeout config"; + config = lib.mkIf config.swarselsystems.modules.systemdTimeout { + # systemd + systemd.extraConfig = '' + DefaultTimeoutStartSec=60s + DefaultTimeoutStopSec=15s + ''; + }; } #+end_src @@ -4498,6 +4550,7 @@ Enable OpenGL, Sound, Bluetooth and various drivers. { options.swarselsystems = { + modules.hardware = lib.mkEnableOption "hardware config"; hasBluetooth = lib.mkEnableOption "bluetooth availability"; hasFingerprint = lib.mkEnableOption "fingerprint sensor availability"; trackpoint = { @@ -4508,7 +4561,7 @@ Enable OpenGL, Sound, Bluetooth and various drivers. }; }; }; - config = { + config = lib.mkIf config.swarselsystems.modules.hardware { hardware = { # opengl.driSupport32Bit = true is replaced with graphics.enable32Bit and hence redundant graphics = { @@ -4554,9 +4607,12 @@ This is only used on systems not running Pipewire. #+begin_src nix :tangle modules/nixos/common/pulseaudio.nix { config, pkgs, lib, ... }: { - services.pulseaudio = { - enable = lib.mkIf (!config.services.pipewire.enable) true; - package = pkgs.pulseaudioFull; + options.swarselsystems.modules.pulseaudio = lib.mkEnableOption "pulseaudio config"; + config = lib.mkIf config.swarselsystems.modules.pulseaudio { + services.pulseaudio = { + enable = lib.mkIf (!config.services.pipewire.enable) true; + package = pkgs.pulseaudioFull; + }; }; } @@ -4569,18 +4625,22 @@ This is only used on systems not running Pipewire. Pipewire handles communication on Wayland. This enables several sound tools as well as screen sharing in combinaton with =xdg-desktop-portal-wlr=. #+begin_src nix :tangle modules/nixos/common/pipewire.nix - _: { - security.rtkit.enable = true; # this is required for pipewire real-time access + { lib, config, ... }: + { + options.swarselsystems.modules.pipewire = lib.mkEnableOption "pipewire config"; + config = lib.mkIf config.swarselsystems.modules.pipewire { + security.rtkit.enable = true; # this is required for pipewire real-time access - services.pipewire = { - enable = true; - pulse.enable = true; - jack.enable = true; - audio.enable = true; - wireplumber.enable = true; - alsa = { + services.pipewire = { enable = true; - support32Bit = true; + pulse.enable = true; + jack.enable = true; + audio.enable = true; + wireplumber.enable = true; + alsa = { + enable = true; + support32Bit = true; + }; }; }; } @@ -4595,248 +4655,251 @@ Here I only enable =networkmanager= and a few default networks. The rest of the #+begin_src nix :tangle modules/nixos/common/network.nix { lib, config, ... }: { - networking = { - nftables.enable = lib.mkDefault true; - enableIPv6 = lib.mkDefault true; - firewall = { - checkReversePath = lib.mkDefault false; - enable = lib.mkDefault true; - allowedUDPPorts = [ 51820 ]; # 51820: wireguard - allowedTCPPortRanges = [ - { from = 1714; to = 1764; } # kde-connect - ]; - allowedUDPPortRanges = [ - { from = 1714; to = 1764; } # kde-connect - ]; - }; - - networkmanager = { - enable = true; - ensureProfiles = lib.mkIf (!config.swarselsystems.isPublic) { - environmentFiles = [ - "${config.sops.templates."network-manager.env".path}" + options.swarselsystems.modules.network = lib.mkEnableOption "network config"; + config = lib.mkIf config.swarselsystems.modules.network { + networking = { + nftables.enable = lib.mkDefault true; + enableIPv6 = lib.mkDefault true; + firewall = { + checkReversePath = lib.mkDefault false; + enable = lib.mkDefault true; + allowedUDPPorts = [ 51820 ]; # 51820: wireguard + allowedTCPPortRanges = [ + { from = 1714; to = 1764; } # kde-connect ]; - profiles = { - "Ernest Routerford" = { - connection = { - id = "Ernest Routerford"; - permissions = ""; - type = "wifi"; - }; - ipv4 = { - dns-search = ""; - method = "auto"; - }; - ipv6 = { - addr-gen-mode = "stable-privacy"; - dns-search = ""; - method = "auto"; - }; - wifi = { - mac-address-blacklist = ""; - mode = "infrastructure"; - ssid = "Ernest Routerford"; - }; - wifi-security = { - auth-alg = "open"; - key-mgmt = "wpa-psk"; - psk = "$ERNEST"; - }; - }; + allowedUDPPortRanges = [ + { from = 1714; to = 1764; } # kde-connect + ]; + }; - LAN-Party = { - connection = { - autoconnect = "false"; - id = "LAN-Party"; - type = "ethernet"; + networkmanager = { + enable = true; + ensureProfiles = lib.mkIf (!config.swarselsystems.isPublic) { + environmentFiles = [ + "${config.sops.templates."network-manager.env".path}" + ]; + profiles = { + "Ernest Routerford" = { + connection = { + id = "Ernest Routerford"; + permissions = ""; + type = "wifi"; + }; + ipv4 = { + dns-search = ""; + method = "auto"; + }; + ipv6 = { + addr-gen-mode = "stable-privacy"; + dns-search = ""; + method = "auto"; + }; + wifi = { + mac-address-blacklist = ""; + mode = "infrastructure"; + ssid = "Ernest Routerford"; + }; + wifi-security = { + auth-alg = "open"; + key-mgmt = "wpa-psk"; + psk = "$ERNEST"; + }; }; - ethernet = { - auto-negotiate = "true"; - cloned-mac-address = "preserve"; - mac-address = "90:2E:16:D0:A1:87"; - }; - ipv4 = { method = "shared"; }; - ipv6 = { - addr-gen-mode = "stable-privacy"; - method = "auto"; - }; - proxy = { }; - }; - eduroam = { - "802-1x" = { - eap = "ttls;"; - identity = "$EDUID"; - password = "$EDUPASS"; - phase2-auth = "mschapv2"; + LAN-Party = { + connection = { + autoconnect = "false"; + id = "LAN-Party"; + type = "ethernet"; + }; + ethernet = { + auto-negotiate = "true"; + cloned-mac-address = "preserve"; + mac-address = "90:2E:16:D0:A1:87"; + }; + ipv4 = { method = "shared"; }; + ipv6 = { + addr-gen-mode = "stable-privacy"; + method = "auto"; + }; + proxy = { }; }; - connection = { - id = "eduroam"; - type = "wifi"; - }; - ipv4 = { method = "auto"; }; - ipv6 = { - addr-gen-mode = "default"; - method = "auto"; - }; - proxy = { }; - wifi = { - mode = "infrastructure"; - ssid = "eduroam"; - }; - wifi-security = { - auth-alg = "open"; - key-mgmt = "wpa-eap"; - }; - }; - local = { - connection = { - autoconnect = "false"; - id = "local"; - type = "ethernet"; + eduroam = { + "802-1x" = { + eap = "ttls;"; + identity = "$EDUID"; + password = "$EDUPASS"; + phase2-auth = "mschapv2"; + }; + connection = { + id = "eduroam"; + type = "wifi"; + }; + ipv4 = { method = "auto"; }; + ipv6 = { + addr-gen-mode = "default"; + method = "auto"; + }; + proxy = { }; + wifi = { + mode = "infrastructure"; + ssid = "eduroam"; + }; + wifi-security = { + auth-alg = "open"; + key-mgmt = "wpa-eap"; + }; }; - ethernet = { }; - ipv4 = { - address1 = "10.42.1.1/24"; - method = "shared"; - }; - ipv6 = { - addr-gen-mode = "stable-privacy"; - method = "auto"; - }; - proxy = { }; - }; - HH40V_39F5 = { - connection = { - id = "HH40V_39F5"; - type = "wifi"; + local = { + connection = { + autoconnect = "false"; + id = "local"; + type = "ethernet"; + }; + ethernet = { }; + ipv4 = { + address1 = "10.42.1.1/24"; + method = "shared"; + }; + ipv6 = { + addr-gen-mode = "stable-privacy"; + method = "auto"; + }; + proxy = { }; }; - ipv4 = { method = "auto"; }; - ipv6 = { - addr-gen-mode = "stable-privacy"; - method = "auto"; - }; - proxy = { }; - wifi = { - band = "bg"; - mode = "infrastructure"; - ssid = "HH40V_39F5"; - }; - wifi-security = { - key-mgmt = "wpa-psk"; - psk = "$FRAUNS"; - }; - }; - magicant = { - connection = { - id = "magicant"; - type = "wifi"; + HH40V_39F5 = { + connection = { + id = "HH40V_39F5"; + type = "wifi"; + }; + ipv4 = { method = "auto"; }; + ipv6 = { + addr-gen-mode = "stable-privacy"; + method = "auto"; + }; + proxy = { }; + wifi = { + band = "bg"; + mode = "infrastructure"; + ssid = "HH40V_39F5"; + }; + wifi-security = { + key-mgmt = "wpa-psk"; + psk = "$FRAUNS"; + }; }; - ipv4 = { method = "auto"; }; - ipv6 = { - addr-gen-mode = "default"; - method = "auto"; - }; - proxy = { }; - wifi = { - mode = "infrastructure"; - ssid = "magicant"; - }; - wifi-security = { - auth-alg = "open"; - key-mgmt = "wpa-psk"; - psk = "$HANDYHOTSPOT"; - }; - }; - wireguardvpn = { - connection = { - id = "HomeVPN"; - type = "wireguard"; - autoconnect = "false"; - interface-name = "wg1"; + magicant = { + connection = { + id = "magicant"; + type = "wifi"; + }; + ipv4 = { method = "auto"; }; + ipv6 = { + addr-gen-mode = "default"; + method = "auto"; + }; + proxy = { }; + wifi = { + mode = "infrastructure"; + ssid = "magicant"; + }; + wifi-security = { + auth-alg = "open"; + key-mgmt = "wpa-psk"; + psk = "$HANDYHOTSPOT"; + }; }; - wireguard = { private-key = "$WIREGUARDPRIV"; }; - "wireguard-peer.$WIREGUARDPUB" = { - endpoint = "$WIREGUARDENDPOINT"; - allowed-ips = "0.0.0.0/0"; - }; - ipv4 = { - method = "ignore"; - address1 = "192.168.3.3/32"; - }; - ipv6 = { - addr-gen-mode = "stable-privacy"; - method = "ignore"; - }; - proxy = { }; - }; - "sweden-aes-128-cbc-udp-dns" = { - connection = { - autoconnect = "false"; - id = "PIA Sweden"; - type = "vpn"; + wireguardvpn = { + connection = { + id = "HomeVPN"; + type = "wireguard"; + autoconnect = "false"; + interface-name = "wg1"; + }; + wireguard = { private-key = "$WIREGUARDPRIV"; }; + "wireguard-peer.$WIREGUARDPUB" = { + endpoint = "$WIREGUARDENDPOINT"; + allowed-ips = "0.0.0.0/0"; + }; + ipv4 = { + method = "ignore"; + address1 = "192.168.3.3/32"; + }; + ipv6 = { + addr-gen-mode = "stable-privacy"; + method = "ignore"; + }; + proxy = { }; }; - ipv4 = { method = "auto"; }; - ipv6 = { - addr-gen-mode = "stable-privacy"; - method = "auto"; - }; - proxy = { }; - vpn = { - auth = "sha1"; - ca = config.sops.secrets."sweden-aes-128-cbc-udp-dns-ca.pem".path; - challenge-response-flags = "2"; - cipher = "aes-128-cbc"; - compress = "yes"; - connection-type = "password"; - crl-verify-file = config.sops.secrets."sweden-aes-128-cbc-udp-dns-crl-verify.pem".path; - dev = "tun"; - password-flags = "0"; - remote = "sweden.privacy.network:1198"; - remote-cert-tls = "server"; - reneg-seconds = "0"; - service-type = "org.freedesktop.NetworkManager.openvpn"; - username = "$VPNUSER"; - }; - vpn-secrets = { password = "$VPNPASS"; }; - }; - Hotspot = { - connection = { - autoconnect = "false"; - id = "Hotspot"; - type = "wifi"; + "sweden-aes-128-cbc-udp-dns" = { + connection = { + autoconnect = "false"; + id = "PIA Sweden"; + type = "vpn"; + }; + ipv4 = { method = "auto"; }; + ipv6 = { + addr-gen-mode = "stable-privacy"; + method = "auto"; + }; + proxy = { }; + vpn = { + auth = "sha1"; + ca = config.sops.secrets."sweden-aes-128-cbc-udp-dns-ca.pem".path; + challenge-response-flags = "2"; + cipher = "aes-128-cbc"; + compress = "yes"; + connection-type = "password"; + crl-verify-file = config.sops.secrets."sweden-aes-128-cbc-udp-dns-crl-verify.pem".path; + dev = "tun"; + password-flags = "0"; + remote = "sweden.privacy.network:1198"; + remote-cert-tls = "server"; + reneg-seconds = "0"; + service-type = "org.freedesktop.NetworkManager.openvpn"; + username = "$VPNUSER"; + }; + vpn-secrets = { password = "$VPNPASS"; }; }; - ipv4 = { method = "shared"; }; - ipv6 = { - addr-gen-mode = "default"; - method = "ignore"; - }; - proxy = { }; - wifi = { - mode = "ap"; - ssid = "Hotspot-${config.swarselsystems.mainUser}"; - }; - wifi-security = { - group = "ccmp;"; - key-mgmt = "wpa-psk"; - pairwise = "ccmp;"; - proto = "rsn;"; - psk = "$HOTSPOT"; - }; - }; + Hotspot = { + connection = { + autoconnect = "false"; + id = "Hotspot"; + type = "wifi"; + }; + ipv4 = { method = "shared"; }; + ipv6 = { + addr-gen-mode = "default"; + method = "ignore"; + }; + proxy = { }; + wifi = { + mode = "ap"; + ssid = "Hotspot-${config.swarselsystems.mainUser}"; + }; + wifi-security = { + group = "ccmp;"; + key-mgmt = "wpa-psk"; + pairwise = "ccmp;"; + proto = "rsn;"; + psk = "$HOTSPOT"; + }; + }; + + }; }; }; }; - }; - systemd.services.NetworkManager-ensure-profiles.after = [ "NetworkManager.service" ]; + systemd.services.NetworkManager-ensure-profiles.after = [ "NetworkManager.service" ]; + }; } #+end_src @@ -4848,25 +4911,28 @@ Here I only enable =networkmanager= and a few default networks. The rest of the Setup timezone and locale. I want to use the US layout, but have the rest adapted to my country and timezone. Also, there is an issue with running Windows/Linux dualboot on the same machine where the hardware clock desyncs between the two OS'es. We fix that bug here as well. #+begin_src nix :tangle modules/nixos/common/time.nix - _: + { lib, config, ... }: { - time = { - timeZone = "Europe/Vienna"; - # hardwareClockInLocalTime = true; - }; + options.swarselsystems.modules.time = lib.mkEnableOption "time config"; + config = lib.mkIf config.swarselsystems.modules.time { + time = { + timeZone = "Europe/Vienna"; + # hardwareClockInLocalTime = true; + }; - i18n = { - defaultLocale = "en_US.UTF-8"; - extraLocaleSettings = { - LC_ADDRESS = "de_AT.UTF-8"; - LC_IDENTIFICATION = "de_AT.UTF-8"; - LC_MEASUREMENT = "de_AT.UTF-8"; - LC_MONETARY = "de_AT.UTF-8"; - LC_NAME = "de_AT.UTF-8"; - LC_NUMERIC = "de_AT.UTF-8"; - LC_PAPER = "de_AT.UTF-8"; - LC_TELEPHONE = "de_AT.UTF-8"; - LC_TIME = "de_AT.UTF-8"; + i18n = { + defaultLocale = "en_US.UTF-8"; + extraLocaleSettings = { + LC_ADDRESS = "de_AT.UTF-8"; + LC_IDENTIFICATION = "de_AT.UTF-8"; + LC_MEASUREMENT = "de_AT.UTF-8"; + LC_MONETARY = "de_AT.UTF-8"; + LC_NAME = "de_AT.UTF-8"; + LC_NUMERIC = "de_AT.UTF-8"; + LC_PAPER = "de_AT.UTF-8"; + LC_TELEPHONE = "de_AT.UTF-8"; + LC_TIME = "de_AT.UTF-8"; + }; }; }; } @@ -4891,48 +4957,51 @@ I use sops-nix to handle secrets that I want to have available on my machines at inherit (config.swarselsystems) mainUser homeDir; in { - sops = lib.mkIf (!config.swarselsystems.isPublic) { + options.swarselsystems.modules.commonSops = lib.mkEnableOption "sops config"; + config = lib.mkIf config.swarselsystems.modules.commonSops { + sops = lib.mkIf (!config.swarselsystems.isPublic) { - age.sshKeyPaths = lib.swarselsystems.mkIfElseList config.swarselsystems.isBtrfs [ "/persist/.ssh/sops" "/persist/.ssh/ssh_host_ed25519_key" ] [ "${homeDir}/.ssh/sops" "/etc/ssh/ssh_host_ed25519_key" ]; - defaultSopsFile = lib.swarselsystems.mkIfElseList config.swarselsystems.isBtrfs "/persist/.dotfiles/secrets/general/secrets.yaml" "${homeDir}/.dotfiles/secrets/general/secrets.yaml"; + age.sshKeyPaths = lib.swarselsystems.mkIfElseList config.swarselsystems.isBtrfs [ "/persist/.ssh/sops" "/persist/.ssh/ssh_host_ed25519_key" ] [ "${homeDir}/.ssh/sops" "/etc/ssh/ssh_host_ed25519_key" ]; + defaultSopsFile = lib.swarselsystems.mkIfElseList config.swarselsystems.isBtrfs "/persist/.dotfiles/secrets/general/secrets.yaml" "${homeDir}/.dotfiles/secrets/general/secrets.yaml"; - validateSopsFiles = false; + validateSopsFiles = false; - secrets = { - ernest = { }; - frauns = { }; - hotspot = { }; - eduid = { }; - edupass = { }; - handyhotspot = { }; - vpnuser = { }; - vpnpass = { }; - wireguardpriv = { }; - wireguardpub = { }; - wireguardendpoint = { }; - stashuser = { }; - stashpass = { }; - githubforgeuser = { }; - githubforgepass = { }; - gitlabforgeuser = { }; - gitlabforgepass = { }; - "sweden-aes-128-cbc-udp-dns-crl-verify.pem" = { sopsFile = certsSopsFile; owner = mainUser; }; - "sweden-aes-128-cbc-udp-dns-ca.pem" = { sopsFile = certsSopsFile; owner = mainUser; }; - }; - templates = { - "network-manager.env".content = '' - ERNEST=${config.sops.placeholder.ernest} - FRAUNS=${config.sops.placeholder.frauns} - HOTSPOT=${config.sops.placeholder.hotspot} - EDUID=${config.sops.placeholder.eduid} - EDUPASS=${config.sops.placeholder.edupass} - HANDYHOTSPOT=${config.sops.placeholder.handyhotspot} - VPNUSER=${config.sops.placeholder.vpnuser} - VPNPASS=${config.sops.placeholder.vpnpass} - WIREGUARDPRIV=${config.sops.placeholder.wireguardpriv} - WIREGUARDPUB=${config.sops.placeholder.wireguardpub} - WIREGUARDENDPOINT=${config.sops.placeholder.wireguardendpoint} - ''; + secrets = { + ernest = { }; + frauns = { }; + hotspot = { }; + eduid = { }; + edupass = { }; + handyhotspot = { }; + vpnuser = { }; + vpnpass = { }; + wireguardpriv = { }; + wireguardpub = { }; + wireguardendpoint = { }; + stashuser = { }; + stashpass = { }; + githubforgeuser = { }; + githubforgepass = { }; + gitlabforgeuser = { }; + gitlabforgepass = { }; + "sweden-aes-128-cbc-udp-dns-crl-verify.pem" = { sopsFile = certsSopsFile; owner = mainUser; }; + "sweden-aes-128-cbc-udp-dns-ca.pem" = { sopsFile = certsSopsFile; owner = mainUser; }; + }; + templates = { + "network-manager.env".content = '' + ERNEST=${config.sops.placeholder.ernest} + FRAUNS=${config.sops.placeholder.frauns} + HOTSPOT=${config.sops.placeholder.hotspot} + EDUID=${config.sops.placeholder.eduid} + EDUPASS=${config.sops.placeholder.edupass} + HANDYHOTSPOT=${config.sops.placeholder.handyhotspot} + VPNUSER=${config.sops.placeholder.vpnuser} + VPNPASS=${config.sops.placeholder.vpnpass} + WIREGUARDPRIV=${config.sops.placeholder.wireguardpriv} + WIREGUARDPUB=${config.sops.placeholder.wireguardpub} + WIREGUARDENDPOINT=${config.sops.placeholder.wireguardendpoint} + ''; + }; }; }; } @@ -4949,15 +5018,18 @@ By default, [[https://github.com/danth/stylix][stylix]] wants to style GRUB as w #+begin_src nix :noweb yes :tangle modules/nixos/common/stylix.nix { lib, config, ... }: { - stylix = lib.recursiveUpdate - { - targets.grub.enable = false; # the styling makes grub more ugly - image = config.swarselsystems.wallpaper; - } - config.swarselsystems.stylix; - home-manager.users."${config.swarselsystems.mainUser}" = { - stylix = { - targets = config.swarselsystems.stylixHomeTargets; + options.swarselsystems.modules.stylix = lib.mkEnableOption "stylix config"; + config = lib.mkIf config.swarselsystems.modules.stylix { + stylix = lib.recursiveUpdate + { + targets.grub.enable = false; # the styling makes grub more ugly + image = config.swarselsystems.wallpaper; + } + config.swarselsystems.stylix; + home-manager.users."${config.swarselsystems.mainUser}" = { + stylix = { + targets = config.swarselsystems.stylixHomeTargets; + }; }; }; } @@ -4971,12 +5043,15 @@ By default, [[https://github.com/danth/stylix][stylix]] wants to style GRUB as w Some programs profit from being installed through dedicated NixOS settings on system-level; these go here. Notably the zsh setup goes here and cannot be deleted under any circumstances. #+begin_src nix :tangle modules/nixos/common/programs.nix - _: + { lib, config, ... }: { - programs = { - dconf.enable = true; - evince.enable = true; - kdeconnect.enable = true; + options.swarselsystems.modules.programs = lib.mkEnableOption "small program modules config"; + config = lib.mkIf config.swarselsystems.modules.programs { + programs = { + dconf.enable = true; + evince.enable = true; + kdeconnect.enable = true; + }; }; } #+end_src @@ -4988,12 +5063,15 @@ Some programs profit from being installed through dedicated NixOS settings on sy Do not touch this. #+begin_src nix :tangle modules/nixos/common/zsh.nix - { pkgs, ... }: + { lib, config, pkgs, ... }: { - programs.zsh.enable = true; - users.defaultUserShell = pkgs.zsh; - environment.shells = with pkgs; [ zsh ]; - environment.pathsToLink = [ "/share/zsh" ]; + options.swarselsystems.modules.zsh = lib.mkEnableOption "zsh base config"; + config = lib.mkIf config.swarselsystems.modules.zsh { + programs.zsh.enable = true; + users.defaultUserShell = pkgs.zsh; + environment.shells = with pkgs; [ zsh ]; + environment.pathsToLink = [ "/share/zsh" ]; + }; } #+end_src ***** syncthing @@ -5007,49 +5085,52 @@ Do not touch this. inherit (config.swarselsystems) mainUser homeDir; in { - services.syncthing = { - enable = true; - user = mainUser; - dataDir = homeDir; - configDir = "${homeDir}/.config/syncthing"; - openDefaultPorts = true; - settings = { - devices = { - "magicant" = { - id = "VMWGEE2-4HDS2QO-KNQOVGN-LXLX6LA-666E4EK-ZBRYRRO-XFEX6FB-6E3XLQO"; + options.swarselsystems.modules.syncthing = lib.mkEnableOption "syncthing config"; + config = lib.mkIf config.swarselsystems.modules.syncthing { + services.syncthing = { + enable = true; + user = mainUser; + dataDir = homeDir; + configDir = "${homeDir}/.config/syncthing"; + openDefaultPorts = true; + settings = { + devices = { + "magicant" = { + id = "VMWGEE2-4HDS2QO-KNQOVGN-LXLX6LA-666E4EK-ZBRYRRO-XFEX6FB-6E3XLQO"; + }; + "sync (@oracle)" = { + id = "ETW6TST-NPK7MKZ-M4LXMHA-QUPQHDT-VTSHH5X-CR5EIN2-YU7E55F-MGT7DQB"; + }; + "winters" = { + id = "O7RWDMD-AEAHPP7-7TAVLKZ-BSWNBTU-2VA44MS-EYGUNBB-SLHKB3C-ZSLMOAA"; + }; }; - "sync (@oracle)" = { - id = "ETW6TST-NPK7MKZ-M4LXMHA-QUPQHDT-VTSHH5X-CR5EIN2-YU7E55F-MGT7DQB"; - }; - "winters" = { - id = "O7RWDMD-AEAHPP7-7TAVLKZ-BSWNBTU-2VA44MS-EYGUNBB-SLHKB3C-ZSLMOAA"; - }; - }; - folders = { - "Default Folder" = lib.mkDefault { - path = "${homeDir}/Sync"; - devices = [ "sync (@oracle)" "magicant" "winters" ]; - id = "default"; - }; - "Obsidian" = { - path = "${homeDir}/Nextcloud/Obsidian"; - devices = [ "sync (@oracle)" "magicant" "winters" ]; - id = "yjvni-9eaa7"; - }; - "Org" = { - path = "${homeDir}/Nextcloud/Org"; - devices = [ "sync (@oracle)" "magicant" "winters" ]; - id = "a7xnl-zjj3d"; - }; - "Vpn" = { - path = "${homeDir}/Vpn"; - devices = [ "sync (@oracle)" "magicant" "winters" ]; - id = "hgp9s-fyq3p"; - }; - ".elfeed" = { - path = "${homeDir}/.elfeed"; - devices = [ "sync (@oracle)" "magicant" "winters" ]; - id = "h7xbs-fs9v1"; + folders = { + "Default Folder" = lib.mkDefault { + path = "${homeDir}/Sync"; + devices = [ "sync (@oracle)" "magicant" "winters" ]; + id = "default"; + }; + "Obsidian" = { + path = "${homeDir}/Nextcloud/Obsidian"; + devices = [ "sync (@oracle)" "magicant" "winters" ]; + id = "yjvni-9eaa7"; + }; + "Org" = { + path = "${homeDir}/Nextcloud/Org"; + devices = [ "sync (@oracle)" "magicant" "winters" ]; + id = "a7xnl-zjj3d"; + }; + "Vpn" = { + path = "${homeDir}/Vpn"; + devices = [ "sync (@oracle)" "magicant" "winters" ]; + id = "hgp9s-fyq3p"; + }; + ".elfeed" = { + path = "${homeDir}/.elfeed"; + devices = [ "sync (@oracle)" "magicant" "winters" ]; + id = "h7xbs-fs9v1"; + }; }; }; }; @@ -5072,10 +5153,13 @@ Setting up some hardware services as well as keyboard related settings. Here we Enables the blueman service including the nice system tray icon. #+begin_src nix :tangle modules/nixos/common/blueman.nix - _: + { lib, config, ... }: { - services.blueman.enable = true; - services.hardware.bolt.enable = true; + options.swarselsystems.modules.blueman = lib.mkEnableOption "blueman config"; + config = lib.mkIf config.swarselsystems.modules.blueman { + services.blueman.enable = true; + services.hardware.bolt.enable = true; + }; } #+end_src @@ -5091,34 +5175,37 @@ This also allows me to use my big scanner/printer's printing function over the n Avahi is the service used for the network discovery. #+begin_src nix :tangle modules/nixos/common/networkdevices.nix - { pkgs, ... }: + { lib, config, pkgs, ... }: { - # enable scanners over network - hardware.sane = { - enable = true; - extraBackends = [ pkgs.sane-airscan ]; - }; + options.swarselsystems.modules.networkDevices = lib.mkEnableOption "network device config"; + config = lib.mkIf config.swarselsystems.modules.networkDevices { + # enable scanners over network + hardware.sane = { + enable = true; + extraBackends = [ pkgs.sane-airscan ]; + }; - # enable discovery and usage of network devices (esp. printers) - services.printing = { - enable = true; - drivers = [ - pkgs.gutenprint - pkgs.gutenprintBin - ]; - browsedConf = '' - BrowseDNSSDSubTypes _cups,_print - BrowseLocalProtocols all - BrowseRemoteProtocols all - CreateIPPPrinterQueues All - BrowseProtocols all - ''; - }; + # enable discovery and usage of network devices (esp. printers) + services.printing = { + enable = true; + drivers = [ + pkgs.gutenprint + pkgs.gutenprintBin + ]; + browsedConf = '' + BrowseDNSSDSubTypes _cups,_print + BrowseLocalProtocols all + BrowseRemoteProtocols all + CreateIPPPrinterQueues All + BrowseProtocols all + ''; + }; - services.avahi = { - enable = true; - nssmdns4 = true; - openFirewall = true; + services.avahi = { + enable = true; + nssmdns4 = true; + openFirewall = true; + }; }; } #+end_src @@ -5131,9 +5218,12 @@ Avahi is the service used for the network discovery. This is being set to allow myself to use all functions of nautilus in NixOS #+begin_src nix :tangle modules/nixos/common/gvfs.nix - _: + { lib, config, ... }: { - services.gvfs.enable = true; + options.swarselsystems.modules.gvfs = lib.mkEnableOption "gvfs config for nautilus"; + config = lib.mkIf config.swarselsystems.modules.gvfs { + services.gvfs.enable = true; + }; } #+end_src @@ -5145,33 +5235,36 @@ This is being set to allow myself to use all functions of nautilus in NixOS This is a super-convenient package that lets my remap my =CAPS= key to =ESC= if pressed shortly, and =CTRL= if being held. #+begin_src nix :tangle modules/nixos/common/interceptiontools.nix - { pkgs, ... }: + { lib, config, pkgs, ... }: { - # Make CAPS work as a dual function ESC/CTRL key - services.interception-tools = { - enable = true; - udevmonConfig = - let - dualFunctionKeysConfig = builtins.toFile "dual-function-keys.yaml" '' - TIMING: - TAP_MILLISEC: 200 - DOUBLE_TAP_MILLISEC: 0 + options.swarselsystems.modules.interceptionTools = lib.mkEnableOption "interception tools config"; + config = lib.mkIf config.swarselsystems.modules.interceptionTools { + # Make CAPS work as a dual function ESC/CTRL key + services.interception-tools = { + enable = true; + udevmonConfig = + let + dualFunctionKeysConfig = builtins.toFile "dual-function-keys.yaml" '' + TIMING: + TAP_MILLISEC: 200 + DOUBLE_TAP_MILLISEC: 0 - MAPPINGS: - - KEY: KEY_CAPSLOCK - TAP: KEY_ESC - HOLD: KEY_LEFTCTRL + MAPPINGS: + - KEY: KEY_CAPSLOCK + TAP: KEY_ESC + HOLD: KEY_LEFTCTRL + ''; + in + '' + - JOB: | + ${pkgs.interception-tools}/bin/intercept -g $DEVNODE \ + | ${pkgs.interception-tools-plugins.dual-function-keys}/bin/dual-function-keys -c ${dualFunctionKeysConfig} \ + | ${pkgs.interception-tools}/bin/uinput -d $DEVNODE + DEVICE: + EVENTS: + EV_KEY: [KEY_CAPSLOCK] ''; - in - '' - - JOB: | - ${pkgs.interception-tools}/bin/intercept -g $DEVNODE \ - | ${pkgs.interception-tools-plugins.dual-function-keys}/bin/dual-function-keys -c ${dualFunctionKeysConfig} \ - | ${pkgs.interception-tools}/bin/uinput -d $DEVNODE - DEVICE: - EVENTS: - EV_KEY: [KEY_CAPSLOCK] - ''; + }; }; } #+end_src @@ -5190,9 +5283,12 @@ This enables power profile management. The available modes are: Most of the time I am using =power-saver=, however, it is good to be able to choose. #+begin_src nix :tangle modules/nixos/common/power-profiles-daemon.nix - _: + { lib, config, ... }: { - services.power-profiles-daemon.enable = true; + options.swarselsystems.modules.ppd = lib.mkEnableOption "power profiles daemon config"; + config = lib.mkIf config.swarselsystems.modules.ppd { + services.power-profiles-daemon.enable = true; + }; } #+end_src @@ -5214,26 +5310,21 @@ Many guides state that it is needed to enable =pcscd= to use the smartcard mode Also, since I use a GPG key in sops, it seems that scdaemon creates an instance at boot which sometimes hogs the Yubikey, which leads to significant delays after e.g. locking the screen and unplugging the Yubikey. Since I do not need the GPG key for the actual sops secrets (I use machine age keys instead), I kill that process. #+begin_src nix :tangle modules/nixos/common/hardwarecompatibility-yubikey.nix - { pkgs, ... }: + { lib, config, pkgs, ... }: { - programs.ssh.startAgent = false; + options.swarselsystems.modules.yubikey = lib.mkEnableOption "yubikey config"; + config = lib.mkIf config.swarselsystems.modules.yubikey { + programs.ssh.startAgent = false; - services.pcscd.enable = false; + services.pcscd.enable = false; - hardware.gpgSmartcards.enable = true; + hardware.gpgSmartcards.enable = true; - services.udev.packages = with pkgs; [ - yubikey-personalization - ]; - - # systemd.services.shutdownSopsGpg = { - # path = [ pkgs.gnupg ]; - # script = '' - # gpgconf --homedir /var/lib/sops --kill gpg-agent - # ''; - # wantedBy = [ "multi-user.target" ]; - # }; + services.udev.packages = with pkgs; [ + yubikey-personalization + ]; + }; } #+end_src @@ -5245,13 +5336,16 @@ Also, since I use a GPG key in sops, it seems that scdaemon creates an instance This performs the necessary configuration to support this hardware. #+begin_src nix :tangle modules/nixos/common/hardwarecompatibility-ledger.nix - { pkgs, ... }: + { lib, config, pkgs, ... }: { - hardware.ledger.enable = true; + options.swarselsystems.modules.ledger = lib.mkEnableOption "ledger config"; + config = lib.mkIf config.swarselsystems.modules.ledger { + hardware.ledger.enable = true; - services.udev.packages = with pkgs; [ - ledger-udev-rules - ]; + services.udev.packages = with pkgs; [ + ledger-udev-rules + ]; + }; } #+end_src @@ -5264,13 +5358,16 @@ This performs the necessary configuration to support this hardware. This loads some udev rules that I need for my split keyboards. #+begin_src nix :tangle modules/nixos/common/hardwarecompatibility-keyboards.nix - { pkgs, ... }: + { lib, config, pkgs, ... }: { - services.udev.packages = with pkgs; [ - qmk-udev-rules - vial - via - ]; + options.swarselsystems.modules.keyboards = lib.mkEnableOption "keyboards config"; + config = lib.mkIf config.swarselsystems.modules.keyboards { + services.udev.packages = with pkgs; [ + qmk-udev-rules + vial + via + ]; + }; } #+end_src @@ -5282,25 +5379,28 @@ This loads some udev rules that I need for my split keyboards. This section houses the greetd related settings. I do not really want to use a display manager, but it is useful to have setup in some ways - in my case for starting sway on system startup. Notably the default user login setting that is commented out here goes into the *system specific* settings, make sure to update it there #+begin_src nix :tangle modules/nixos/common/login.nix - { pkgs, ... }: + { lib, config, pkgs, ... }: { - services.greetd = { - enable = true; - settings = { - initial_session.command = "sway"; - default_session.command = '' - ${pkgs.greetd.tuigreet}/bin/tuigreet \ - --time \ - --asterisks \ - --user-menu \ - --cmd sway - ''; + options.swarselsystems.modules.login = lib.mkEnableOption "login config"; + config = lib.mkIf config.swarselsystems.modules.login { + services.greetd = { + enable = true; + settings = { + initial_session.command = "sway"; + default_session.command = '' + ${pkgs.greetd.tuigreet}/bin/tuigreet \ + --time \ + --asterisks \ + --user-menu \ + --cmd sway + ''; + }; }; - }; - environment.etc."greetd/environments".text = '' - sway - ''; + environment.etc."greetd/environments".text = '' + sway + ''; + }; } #+end_src @@ -5316,114 +5416,117 @@ Only some binaries that touch system settings might still not work, apart from t When a program does not work, start with =nix-ldd =. This will tell you which library is missing. Afterwards, continue with =nix-locate = to find which packages provide that library. Add it to libraries below and rebuild. After a reboot, it will be visible using =nix-ldd=. It can also be useful to take a look at =ldd= to see which libraries are needed in general. #+begin_src nix :tangle modules/nixos/common/nix-ld.nix - { pkgs, ... }: + { lib, config, pkgs, ... }: { - programs.nix-ld = { - enable = true; - libraries = with pkgs; [ - SDL - SDL2 - SDL2_image - SDL2_mixer - SDL2_ttf - SDL_image - SDL_mixer - SDL_ttf - alsa-lib - at-spi2-atk - at-spi2-core - atk - bzip2 - cairo - cups - curl - dbus - dbus-glib - expat - ffmpeg - flac - fontconfig - freeglut - freetype - fuse3 - gdk-pixbuf - glew110 - glib - stable.gnome2.GConf - pango - gtk2 - gtk3 - icu - libGL - libappindicator-gtk2 - libappindicator-gtk3 - libcaca - libcanberra - libcap - libdbusmenu-gtk2 - libdrm - libelf - libgcrypt - libglvnd - libidn - libindicator-gtk2 - libjpeg - libmikmod - libnotify - libogg - libpng - libpng12 - libpulseaudio - librsvg - libsamplerate - libtheora - libtiff - libudev0-shim - libunwind - libusb1 - libuuid - libva - libvdpau - libvorbis - libvpx - libxkbcommon - libxml2 - libz - mesa - nspr - nss - openssl - pango - pipewire - pixman - speex - stdenv.cc.cc - steam-fhsenv-without-steam - systemd - tbb - vulkan-loader - xorg.libICE - xorg.libSM - xorg.libX11 - xorg.libXScrnSaver - xorg.libXcomposite - xorg.libXcursor - xorg.libXdamage - xorg.libXext - xorg.libXfixes - xorg.libXft - xorg.libXi - xorg.libXinerama - xorg.libXmu - xorg.libXrandr - xorg.libXrender - xorg.libXt - xorg.libXtst - xorg.libXxf86vm - xorg.libxcb - xorg.libxshmfence - zlib - ]; + options.swarselsystems.modules.nix-ld = lib.mkEnableOption "nix-ld config"; + config = lib.mkIf config.swarselsystems.modules.nix-ld { + programs.nix-ld = { + enable = true; + libraries = with pkgs; [ + SDL + SDL2 + SDL2_image + SDL2_mixer + SDL2_ttf + SDL_image + SDL_mixer + SDL_ttf + alsa-lib + at-spi2-atk + at-spi2-core + atk + bzip2 + cairo + cups + curl + dbus + dbus-glib + expat + ffmpeg + flac + fontconfig + freeglut + freetype + fuse3 + gdk-pixbuf + glew110 + glib + stable.gnome2.GConf + pango + gtk2 + gtk3 + icu + libGL + libappindicator-gtk2 + libappindicator-gtk3 + libcaca + libcanberra + libcap + libdbusmenu-gtk2 + libdrm + libelf + libgcrypt + libglvnd + libidn + libindicator-gtk2 + libjpeg + libmikmod + libnotify + libogg + libpng + libpng12 + libpulseaudio + librsvg + libsamplerate + libtheora + libtiff + libudev0-shim + libunwind + libusb1 + libuuid + libva + libvdpau + libvorbis + libvpx + libxkbcommon + libxml2 + libz + mesa + nspr + nss + openssl + pango + pipewire + pixman + speex + stdenv.cc.cc + steam-fhsenv-without-steam + systemd + tbb + vulkan-loader + xorg.libICE + xorg.libSM + xorg.libX11 + xorg.libXScrnSaver + xorg.libXcomposite + xorg.libXcursor + xorg.libXdamage + xorg.libXext + xorg.libXfixes + xorg.libXft + xorg.libXi + xorg.libXinerama + xorg.libXmu + xorg.libXrandr + xorg.libXrender + xorg.libXt + xorg.libXtst + xorg.libXxf86vm + xorg.libxcb + xorg.libxshmfence + zlib + ]; + }; }; } #+end_src @@ -5444,88 +5547,91 @@ Normally, doing that also resets the lecture that happens on the first use of =s inherit (config.swarselsystems) homeDir isImpermanence isCrypted; in { + options.swarselsystems.modules.impermanence = lib.mkEnableOption "impermanence config"; + config = lib.mkIf config.swarselsystems.modules.impermanence { - security.sudo.extraConfig = lib.mkIf isImpermanence '' - # rollback results in sudo lectures after each reboot - Defaults lecture = never - ''; - - # This script does the actual wipe of the system - # So if it doesn't run, the btrfs system effectively acts like a normal system - # Taken from https://github.com/NotAShelf/nyx/blob/2a8273ed3f11a4b4ca027a68405d9eb35eba567b/modules/core/common/system/impermanence/default.nix - - boot.initrd.systemd.enable = lib.mkIf isImpermanence true; - - boot.initrd.systemd.services.rollback = lib.mkIf isImpermanence { - description = "Rollback BTRFS root subvolume to a pristine state"; - wantedBy = [ "initrd.target" ]; - # make sure it's done after encryption - # i.e. LUKS/TPM process - after = lib.swarselsystems.mkIfElseList isCrypted [ "systemd-cryptsetup@cryptroot.service" ] [ "dev-disk-by\\x2dlabel-nixos.device" ]; - requires = lib.mkIf (!isCrypted) [ "dev-disk-by\\x2dlabel-nixos.device" ]; - # mount the root fs before clearing - before = [ "sysroot.mount" ]; - unitConfig.DefaultDependencies = "no"; - serviceConfig.Type = "oneshot"; - script = '' - mkdir -p /mnt - - # We first mount the btrfs root to /mnt - # so we can manipulate btrfs subvolumes. - mount -o subvolid=5 -t btrfs ${mapperTarget} /mnt - btrfs subvolume list -o /mnt/root - - # While we're tempted to just delete /root and create - # a new snapshot from /root-blank, /root is already - # populated at this point with a number of subvolumes, - # which makes `btrfs subvolume delete` fail. - # So, we remove them first. - # - # /root contains subvolumes: - # - /root/var/lib/portables - # - /root/var/lib/machines - - btrfs subvolume list -o /mnt/root | - cut -f9 -d' ' | - while read subvolume; do - echo "deleting /$subvolume subvolume..." - btrfs subvolume delete "/mnt/$subvolume" - done && - echo "deleting /root subvolume..." && - btrfs subvolume delete /mnt/root - - echo "restoring blank /root subvolume..." - btrfs subvolume snapshot /mnt/root-blank /mnt/root - - # Once we're done rolling back to a blank snapshot, - # we can unmount /mnt and continue on the boot process. - umount /mnt + security.sudo.extraConfig = lib.mkIf isImpermanence '' + # rollback results in sudo lectures after each reboot + Defaults lecture = never ''; - }; + + # This script does the actual wipe of the system + # So if it doesn't run, the btrfs system effectively acts like a normal system + # Taken from https://github.com/NotAShelf/nyx/blob/2a8273ed3f11a4b4ca027a68405d9eb35eba567b/modules/core/common/system/impermanence/default.nix + + boot.initrd.systemd.enable = lib.mkIf isImpermanence true; + + boot.initrd.systemd.services.rollback = lib.mkIf isImpermanence { + description = "Rollback BTRFS root subvolume to a pristine state"; + wantedBy = [ "initrd.target" ]; + # make sure it's done after encryption + # i.e. LUKS/TPM process + after = lib.swarselsystems.mkIfElseList isCrypted [ "systemd-cryptsetup@cryptroot.service" ] [ "dev-disk-by\\x2dlabel-nixos.device" ]; + requires = lib.mkIf (!isCrypted) [ "dev-disk-by\\x2dlabel-nixos.device" ]; + # mount the root fs before clearing + before = [ "sysroot.mount" ]; + unitConfig.DefaultDependencies = "no"; + serviceConfig.Type = "oneshot"; + script = '' + mkdir -p /mnt + + # We first mount the btrfs root to /mnt + # so we can manipulate btrfs subvolumes. + mount -o subvolid=5 -t btrfs ${mapperTarget} /mnt + btrfs subvolume list -o /mnt/root + + # While we're tempted to just delete /root and create + # a new snapshot from /root-blank, /root is already + # populated at this point with a number of subvolumes, + # which makes `btrfs subvolume delete` fail. + # So, we remove them first. + # + # /root contains subvolumes: + # - /root/var/lib/portables + # - /root/var/lib/machines + + btrfs subvolume list -o /mnt/root | + cut -f9 -d' ' | + while read subvolume; do + echo "deleting /$subvolume subvolume..." + btrfs subvolume delete "/mnt/$subvolume" + done && + echo "deleting /root subvolume..." && + btrfs subvolume delete /mnt/root + + echo "restoring blank /root subvolume..." + btrfs subvolume snapshot /mnt/root-blank /mnt/root + + # Once we're done rolling back to a blank snapshot, + # we can unmount /mnt and continue on the boot process. + umount /mnt + ''; + }; - environment.persistence."/persist" = lib.mkIf isImpermanence { - hideMounts = true; - directories = - [ - "/.cache/nix" - "/srv" - "/etc/nixos" - "/etc/nix" - "/etc/NetworkManager/system-connections" - # "/etc/secureboot" - "${homeDir}/.dotfiles" - "/var/db/sudo" - "/var/cache" - "/var/lib" + environment.persistence."/persist" = lib.mkIf isImpermanence { + hideMounts = true; + directories = + [ + "/.cache/nix" + "/srv" + "/etc/nixos" + "/etc/nix" + "/etc/NetworkManager/system-connections" + # "/etc/secureboot" + "${homeDir}/.dotfiles" + "/var/db/sudo" + "/var/cache" + "/var/lib" + ]; + + files = [ + "/etc/ssh/ssh_host_ed25519_key" + "/etc/ssh/ssh_host_ed25519_key.pub" + "/etc/ssh/ssh_host_rsa_key" + "/etc/ssh/ssh_host_rsa_key.pub" ]; - - files = [ - "/etc/ssh/ssh_host_ed25519_key" - "/etc/ssh/ssh_host_ed25519_key.pub" - "/etc/ssh/ssh_host_rsa_key" - "/etc/ssh/ssh_host_rsa_key.pub" - ]; + }; }; } @@ -5539,14 +5645,17 @@ Normally, doing that also resets the lecture that happens on the first use of =s This snipped is added to the activation script that is run after every rebuild and shows what packages have been added and removed. This is actually not the optimal place to add that snipped, but the correct spot is in some perl file that I have not had the leisure to take a look at yet. #+begin_src nix :tangle modules/nixos/common/nvd-rebuild.nix - { pkgs, ... }: + { lib, config, pkgs, ... }: { - system.activationScripts.diff = { - supportsDryActivation = true; - text = '' - ${pkgs.nvd}/bin/nvd --color=always --nix-bin-dir=${pkgs.nix}/bin diff \ - /run/current-system "$systemConfig" - ''; + options.swarselsystems.modules.nvd = lib.mkEnableOption "nvd config"; + config = lib.mkIf config.swarselsystems.modules.nvd { + system.activationScripts.diff = { + supportsDryActivation = true; + text = '' + ${pkgs.nvd}/bin/nvd --color=always --nix-bin-dir=${pkgs.nix}/bin diff \ + /run/current-system "$systemConfig" + ''; + }; }; } #+end_src @@ -5559,13 +5668,16 @@ This snipped is added to the activation script that is run after every rebuild a Used for storing sessions in e.g. Nextcloud. Using this on a system level keeps the login information when logging out of the session as well. #+begin_src nix :tangle modules/nixos/common/gnome-keyring.nix - _: + { lib, config, ... }: { - services.gnome.gnome-keyring = { - enable = true; - }; + options.swarselsystems.modules.gnome-keyring = lib.mkEnableOption "gnome-keyring config"; + config = lib.mkIf config.swarselsystems.modules.gnome-keyring { + services.gnome.gnome-keyring = { + enable = true; + }; - programs.seahorse.enable = true; + programs.seahorse.enable = true; + }; } #+end_src @@ -5577,28 +5689,29 @@ Used for storing sessions in e.g. Nextcloud. Using this on a system level keeps This is used to better integrate Sway into the system on NixOS hosts. On the home-manager side, the =package= attribute will be =null= for such an host, using the systems derivation instead. #+begin_src nix :tangle modules/nixos/common/sway.nix - { pkgs, ... }: + { lib, config, pkgs, ... }: { + options.swarselsystems.modules.sway = lib.mkEnableOption "sway config"; + config = lib.mkIf config.swarselsystems.modules.sway { + programs.sway = { + enable = true; + package = pkgs.swayfx; + wrapperFeatures = { + base = true; + gtk = true; + }; - programs.sway = { - enable = true; - package = pkgs.swayfx; - wrapperFeatures = { - base = true; - gtk = true; + extraSessionCommands = '' + export XDG_SESSION_DESKTOP=sway + export SDL_VIDEODRIVER=wayland + export QT_QPA_PLATFORM=wayland-egl + export QT_WAYLAND_DISABLE_WINDOWDECORATION=1 + export QT_QPA_PLATFORM_PLUGIN_PATH="${pkgs.libsForQt5.qt5.qtbase.bin}/lib/qt-${pkgs.libsForQt5.qt5.qtbase.version}/plugins"; + export MOZ_ENABLE_WAYLAND=1 + export MOZ_DISABLE_RDD_SANDBOX=1 + ''; }; - - extraSessionCommands = '' - export XDG_SESSION_DESKTOP=sway - export SDL_VIDEODRIVER=wayland - export QT_QPA_PLATFORM=wayland-egl - export QT_WAYLAND_DISABLE_WINDOWDECORATION=1 - export QT_QPA_PLATFORM_PLUGIN_PATH="${pkgs.libsForQt5.qt5.qtbase.bin}/lib/qt-${pkgs.libsForQt5.qt5.qtbase.version}/plugins"; - export MOZ_ENABLE_WAYLAND=1 - export MOZ_DISABLE_RDD_SANDBOX=1 - ''; }; - } #+end_src @@ -5610,24 +5723,25 @@ This is used to better integrate Sway into the system on NixOS hosts. On the hom This allows me to use screen sharing on Wayland. The implementation is a bit crude and only the whole screen can be shared. However, most of the time that is all I need to do anyways. #+begin_src nix :tangle modules/nixos/common/xdg-portal.nix - { pkgs, ... }: + { lib, config, pkgs, ... }: { - - xdg.portal = { - enable = true; - config = { - common = { - default = "wlr"; + options.swarselsystems.modules.xdg-portal = lib.mkEnableOption "xdg portal config"; + config = lib.mkIf config.swarselsystems.modules.xdg-portal { + xdg.portal = { + enable = true; + config = { + common = { + default = "wlr"; + }; + }; + wlr.enable = true; + wlr.settings.screencast = { + output_name = "eDP-1"; + chooser_type = "simple"; + chooser_cmd = "${pkgs.slurp}/bin/slurp -f %o -or"; }; }; - wlr.enable = true; - wlr.settings.screencast = { - output_name = "eDP-1"; - chooser_type = "simple"; - chooser_cmd = "${pkgs.slurp}/bin/slurp -f %o -or"; - }; }; - } #+end_src @@ -5639,19 +5753,21 @@ This allows me to use screen sharing on Wayland. The implementation is a bit cru I am using distrobox to quickly circumvent isses that I cannot immediately solve on NixOS. It is always the goal to quickly get things working on NixOS, but this prevents me from getting completely stuck. #+begin_src nix :tangle modules/nixos/common/distrobox.nix - { pkgs, ... }: + { lib, config, pkgs, ... }: { - environment.systemPackages = with pkgs; [ - distrobox - boxbuddy - ]; + options.swarselsystems.modules.distrobox = lib.mkEnableOption "distrobox config"; + config = lib.mkIf config.swarselsystems.modules.distrobox { + environment.systemPackages = with pkgs; [ + distrobox + boxbuddy + ]; - virtualisation.podman = { - enable = true; - dockerCompat = true; - package = pkgs.stable.podman; + virtualisation.podman = { + enable = true; + dockerCompat = true; + package = pkgs.stable.podman; + }; }; - } #+end_src @@ -5662,12 +5778,14 @@ I am using distrobox to quickly circumvent isses that I cannot immediately solve Adds the necessary tools to allow .appimage programs easily. #+begin_src nix :tangle modules/nixos/common/appimage.nix - _: + { lib, config, ... }: { - - programs.appimage = { - enable = true; - binfmt = true; + options.swarselsystems.modules.appimage = lib.mkEnableOption "appimage config"; + config = lib.mkIf config.swarselsystems.modules.appimage { + programs.appimage = { + enable = true; + binfmt = true; + }; }; } @@ -5681,37 +5799,40 @@ Adds the necessary tools to allow .appimage programs easily. This turns off the display when the lid is closed. #+begin_src nix :tangle modules/nixos/common/lid.nix - _: + { lib, config, ... }: { - services.logind = { - lidSwitch = "suspend"; - lidSwitchDocked = "ignore"; - }; - services.acpid = { - enable = true; - handlers.lidClosed = { - event = "button/lid \\w+ close"; - action = '' - cat /sys/class/backlight/amdgpu_bl1/device/enabled - if grep -Fxq disabled /sys/class/backlight/amdgpu_bl1/device/enabled - then - echo "Lid closed. Disabling fprintd." - systemctl stop fprintd - ln -s /dev/null /run/systemd/transient/fprintd.service - systemctl daemon-reload - fi - ''; + options.swarselsystems.modules.lid = lib.mkEnableOption "lid config"; + config = lib.mkIf config.swarselsystems.modules.lid { + services.logind = { + lidSwitch = "suspend"; + lidSwitchDocked = "ignore"; }; - handlers.lidOpen = { - event = "button/lid \\w+ open"; - action = '' - if ! $(systemctl is-active --quiet fprintd); then - echo "Lid open. Enabling fprintd." - rm -f /run/systemd/transient/fprintd.service - systemctl daemon-reload - systemctl start fprintd - fi - ''; + services.acpid = { + enable = true; + handlers.lidClosed = { + event = "button/lid \\w+ close"; + action = '' + cat /sys/class/backlight/amdgpu_bl1/device/enabled + if grep -Fxq disabled /sys/class/backlight/amdgpu_bl1/device/enabled + then + echo "Lid closed. Disabling fprintd." + systemctl stop fprintd + ln -s /dev/null /run/systemd/transient/fprintd.service + systemctl daemon-reload + fi + ''; + }; + handlers.lidOpen = { + event = "button/lid \\w+ open"; + action = '' + if ! $(systemctl is-active --quiet fprintd); then + echo "Lid open. Enabling fprintd." + rm -f /run/systemd/transient/fprintd.service + systemctl daemon-reload + systemctl start fprintd + fi + ''; + }; }; }; } @@ -5725,29 +5846,32 @@ This turns off the display when the lid is closed. Since I hide the waybar completely during normal operation, I run the risk of not noticing when my battery is about to run out. This module sends a notification when the battery level falls below 10%. Written by [[https://gist.github.com/cafkafk][cafkafk]]. #+begin_src nix :tangle modules/nixos/common/lowbattery.nix - { pkgs, lib, ... }: + { pkgs, lib, config, ... }: { - systemd.user.services."battery-low" = { - enable = true; - description = "Timer for battery check that alerts at 10% or less"; - partOf = [ "graphical-session.target" ]; - wantedBy = [ "graphical-session.target" ]; - serviceConfig = { - Type = "simple"; - ExecStart = pkgs.writeShellScript "battery-low-notification" - '' - if (( 10 >= $(${lib.getExe pkgs.acpi} -b | head -n 1 | ${lib.getExe pkgs.ripgrep} -o "\d+%" | ${lib.getExe pkgs.ripgrep} -o "\d+") && $(${lib.getExe pkgs.acpi} -b | head -n 1 | ${lib.getExe pkgs.ripgrep} -o "\d+%" | ${lib.getExe pkgs.ripgrep} -o "\d+") > 0 )); - then ${lib.getExe pkgs.libnotify} --urgency=critical "low battery" "$(${lib.getExe pkgs.acpi} -b | head -n 1 | ${lib.getExe pkgs.ripgrep} -o "\d+%")"; - fi; - ''; + options.swarselsystems.modules.lowBattery = lib.mkEnableOption "low battery notification config"; + config = lib.mkIf config.swarselsystems.modules.lowBattery { + systemd.user.services."battery-low" = { + enable = true; + description = "Timer for battery check that alerts at 10% or less"; + partOf = [ "graphical-session.target" ]; + wantedBy = [ "graphical-session.target" ]; + serviceConfig = { + Type = "simple"; + ExecStart = pkgs.writeShellScript "battery-low-notification" + '' + if (( 10 >= $(${lib.getExe pkgs.acpi} -b | head -n 1 | ${lib.getExe pkgs.ripgrep} -o "\d+%" | ${lib.getExe pkgs.ripgrep} -o "\d+") && $(${lib.getExe pkgs.acpi} -b | head -n 1 | ${lib.getExe pkgs.ripgrep} -o "\d+%" | ${lib.getExe pkgs.ripgrep} -o "\d+") > 0 )); + then ${lib.getExe pkgs.libnotify} --urgency=critical "low battery" "$(${lib.getExe pkgs.acpi} -b | head -n 1 | ${lib.getExe pkgs.ripgrep} -o "\d+%")"; + fi; + ''; + }; }; - }; - systemd.user.timers."battery-low" = { - wantedBy = [ "timers.target" ]; - timerConfig = { - # Every Minute - OnCalendar = "*-*-* *:*:00"; - Unit = "battery-low.service"; + systemd.user.timers."battery-low" = { + wantedBy = [ "timers.target" ]; + timerConfig = { + # Every Minute + OnCalendar = "*-*-* *:*:00"; + Unit = "battery-low.service"; + }; }; }; } @@ -5763,15 +5887,18 @@ This dynamically uses systemd boot or Lanzaboote depending on `config.swarselsys #+begin_src nix :tangle modules/nixos/common/lanzaboote.nix { lib, config, ... }: { - boot = { - loader = { - efi.canTouchEfiVariables = true; - systemd-boot.enable = lib.swarselsystems.mkIfElse (config.swarselsystems.initialSetup || !config.swarselsystems.isSecureBoot) (lib.mkForce true) (lib.mkForce false); - }; - lanzaboote = lib.mkIf (!config.swarselsystems.initialSetup && config.swarselsystems.isSecureBoot) { - enable = true; - pkiBundle = "/var/lib/sbctl"; - configurationLimit = 3; + options.swarselsystems.modules.lanzaboote = lib.mkEnableOption "lanzaboote config"; + config = lib.mkIf config.swarselsystems.modules.lanzaboote { + boot = { + loader = { + efi.canTouchEfiVariables = true; + systemd-boot.enable = lib.swarselsystems.mkIfElse (config.swarselsystems.initialSetup || !config.swarselsystems.isSecureBoot) (lib.mkForce true) (lib.mkForce false); + }; + lanzaboote = lib.mkIf (!config.swarselsystems.initialSetup && config.swarselsystems.isSecureBoot) { + enable = true; + pkiBundle = "/var/lib/sbctl"; + configurationLimit = 3; + }; }; }; } @@ -8894,6 +9021,7 @@ Also in firefox `about:config > toolkit.legacyUserProfileCustomizations.styleshe xdg.configFile = { "tridactyl/tridactylrc".source = self + /programs/firefox/tridactyl/tridactylrc; "tridactyl/themes/base16-codeschool.css".source = self + /programs/firefox/tridactyl/themes/base16-codeschool.css; + "tridactyl/themes/swarsel.css".source = self + /programs/firefox/tridactyl/themes/swarsel.css; "swayidle/config".source = self + /programs/swayidle/config; }; } @@ -14699,7 +14827,7 @@ The =command= command can be supplied with a =-p= flag that will take a single a sanitise tridactyllocal tridactylsync -colourscheme base16-codeschool +colourscheme swarsel " General Settings set update.lastchecktime 1720629386560 @@ -14820,6 +14948,172 @@ autocmd DocStart vc-impimba-1.m.imp.ac.at/ui/webconsole mode ignore " For syntax highlighting see https://github.com/tridactyl/vim-tridactyl " vim: set filetype=tridactyl +#+end_src +** tridactyl theme +#+begin_src :tangle programs/firefox/tridactyl/themes/swarsel.css :mkdirp yes + +:root { + + --base00: #1D252C; + --base01: #171D23; + --base02: #5EC4FF; + --base03: #566C7D; + --base04: #5EC4FF; + --base05: #A0B3C5; + --base06: #C06ECE; + --base07: #A0B3C5; + --base08: #D95468; + --base09: #FFA880; + --base0A: #5EC4FF; + --base0B: #8BD49C; + --base0C: #008B94; + --base0D: #5EC4FF; + --base0E: #C06ECE; + --base0F: #5EC4FF; + + --tridactyl-def-fg: var(--base02); + --tridactyl-cmdl-bg: var(--base00); + --tridactyl-cmdl-fg: var(--base0C); + + --tridactyl-font-family: "San Francisco", sans-serif; + + --tridactyl-cmdl-font-size: 1.5rem; + --tridactyl-cmdl-line-height: 1.5; + + --tridactyl-cmplt-option-height: 1.4em; + --tridactyl-cmplt-font-size: var(--tridactyl-small-font-size); + --tridactyl-cmplt-border-top: unset; + + --tridactyl-status-font-size: 9px; + --tridactyl-status-font-family: "Fira Code", monospace; + --tridactyl-status-border: 1px var(--tridactyl-fg) solid; + + --tridactyl-header-font-size: var(--tridactyl-small-font-size); + --tridactyl-header-font-weight: 200; + --tridactyl-header-border-bottom: unset; + + --tridactyl-hintspan-font-size: var(--tridactyl-font-size); + --tridactyl-hint-active-fg: none; + +} + +:root #command-line-holder { + order: 1; + border: 2px solid var(--tridactyl-cmdl-fg); + color: var(--tridactyl-cmdl-bg); +} + +:root #tridactyl-input { + width: 90%; + padding: 1rem; + color: var(--tridactyl-def-fg); +} + +:root #completions table { + font-size: 0.8rem; + font-weight: 200; + border-spacing: 0; + table-layout: fixed; + padding: 1rem; + padding-top: 0; +} + +:root #completions > div { + max-height: calc(20 * var(--tridactyl-cmplt-option-height)); + min-height: calc(10 * var(--tridactyl-cmplt-option-height)); +} + +/* COMPLETIONS */ + +:root #completions { + font-weight: 200; + order: 2; + color: var(--tridactyl-def-fg); + background: var(--tridactyl-cmdl-bg); + +} + +/* Olie doesn't know how CSS inheritance works */ +:root #completions .HistoryCompletionSource { + max-height: unset; + min-height: unset; +} + +:root #completions .HistoryCompletionSource table { + width: 100%; + font-size: 9pt; + border-spacing: 0; + table-layout: fixed; +} + +/* redundancy 2: redundancy 2: more redundancy */ +:root #completions .BmarkCompletionSource { + max-height: unset; + min-height: unset; +} + +:root #completions table tr { white-space: nowrap; + overflow: hidden; + text-overflow: ellipsis; +} + +:root #completions .url { + background: var(--tridactyl-cmdl-bg); +} + +:root #completions .focused { + background: #44391F; +} +:root #completions .focused .url { + background: #44391F; +} + +:root #completions .BufferCompletionSource table { + width: unset; + font-size: unset; + border-spacing: unset; + table-layout: unset; +} + +:root #completions table tr { + white-space: nowrap; + overflow: hidden; + text-overflow: ellipsis; +} + +:root #completions .sectionHeader { + background: unset; + padding: 1rem !important; + padding-left: unset; + padding-bottom: 0.2rem; +} + +:root #cmdline_iframe { + position: fixed !important; + bottom: unset; + top: 25% !important; + left: 10% !important; + z-index: 2147483647 !important; + width: 80% !important; + box-shadow: rgba(0, 0, 0, 0.5) 0px 0px 15px !important; +} + +:root .TridactylStatusIndicator { + position: fixed !important; + bottom: 0 !important; + font-weight: 200 !important; + padding: 0.8ex !important; +} + +/* #Shydactyl-normal { */ +/* border-color: green !important; */ +/* } */ + +/* #Shydactyl-insert { */ +/* border-color: yellow !important; */ +/* } */ + + #+end_src ** Waybar style.css :PROPERTIES: diff --git a/hosts/nixos/nbl-imba-2/default.nix b/hosts/nixos/nbl-imba-2/default.nix index e656e73..70f78bf 100644 --- a/hosts/nixos/nbl-imba-2/default.nix +++ b/hosts/nixos/nbl-imba-2/default.nix @@ -23,6 +23,7 @@ in "${modulesPath}/nixos/optional/nswitch-rcm.nix" "${modulesPath}/nixos/optional/gaming.nix" "${modulesPath}/nixos/optional/work.nix" + "${self}/profiles/nixos" inputs.home-manager.nixosModules.home-manager { @@ -90,6 +91,7 @@ in swarselsystems = lib.recursiveUpdate { + profiles.personal = true; wallpaper = self + /wallpaper/lenovowp.png; hasBluetooth = true; hasFingerprint = true; diff --git a/lib/default.nix b/lib/default.nix index c447c82..e792cdd 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -26,6 +26,11 @@ in } ); + mkTrueOption = lib.mkOption { + type = lib.types.bool; + default = true; + }; + getSecret = filename: lib.strings.trim (builtins.readFile "${filename}"); forEachSystem = f: lib.genAttrs (import systems) (system: f lib.swarselsystems.pkgsFor.${system}); @@ -132,6 +137,13 @@ in }) names); + mkProfiles = names: type: builtins.listToAttrs (map + (name: { + inherit name; + value = import "${self}/profiles/${type}/${name}"; + }) + names); + mkTemplates = names: builtins.listToAttrs (map (name: { inherit name; diff --git a/modules/home/common/symlink.nix b/modules/home/common/symlink.nix index e842f9e..4f0e71e 100644 --- a/modules/home/common/symlink.nix +++ b/modules/home/common/symlink.nix @@ -23,6 +23,7 @@ xdg.configFile = { "tridactyl/tridactylrc".source = self + /programs/firefox/tridactyl/tridactylrc; "tridactyl/themes/base16-codeschool.css".source = self + /programs/firefox/tridactyl/themes/base16-codeschool.css; + "tridactyl/themes/swarsel.css".source = self + /programs/firefox/tridactyl/themes/swarsel.css; "swayidle/config".source = self + /programs/swayidle/config; }; } diff --git a/modules/nixos/common/appimage.nix b/modules/nixos/common/appimage.nix index 5d4606e..209fda0 100644 --- a/modules/nixos/common/appimage.nix +++ b/modules/nixos/common/appimage.nix @@ -1,9 +1,11 @@ -_: +{ lib, config, ... }: { - - programs.appimage = { - enable = true; - binfmt = true; + options.swarselsystems.modules.appimage = lib.mkEnableOption "appimage config"; + config = lib.mkIf config.swarselsystems.modules.appimage { + programs.appimage = { + enable = true; + binfmt = true; + }; }; } diff --git a/modules/nixos/common/blueman.nix b/modules/nixos/common/blueman.nix index 63ce655..ad4513c 100644 --- a/modules/nixos/common/blueman.nix +++ b/modules/nixos/common/blueman.nix @@ -1,5 +1,8 @@ -_: +{ lib, config, ... }: { - services.blueman.enable = true; - services.hardware.bolt.enable = true; + options.swarselsystems.modules.blueman = lib.mkEnableOption "blueman config"; + config = lib.mkIf config.swarselsystems.modules.blueman { + services.blueman.enable = true; + services.hardware.bolt.enable = true; + }; } diff --git a/modules/nixos/common/default.nix b/modules/nixos/common/default.nix index 49ac9ae..3dcc6b6 100644 --- a/modules/nixos/common/default.nix +++ b/modules/nixos/common/default.nix @@ -8,10 +8,5 @@ in "${modulesPath}/home/common/sharedsetup.nix" ]; - nixpkgs.config.permittedInsecurePackages = [ - "jitsi-meet-1.0.8043" - "electron-29.4.6" - "SDL_ttf-2.0.11" - ]; } diff --git a/modules/nixos/common/distrobox.nix b/modules/nixos/common/distrobox.nix index 74ce53b..cfe367b 100644 --- a/modules/nixos/common/distrobox.nix +++ b/modules/nixos/common/distrobox.nix @@ -1,14 +1,16 @@ -{ pkgs, ... }: +{ lib, config, pkgs, ... }: { - environment.systemPackages = with pkgs; [ - distrobox - boxbuddy - ]; + options.swarselsystems.modules.distrobox = lib.mkEnableOption "distrobox config"; + config = lib.mkIf config.swarselsystems.modules.distrobox { + environment.systemPackages = with pkgs; [ + distrobox + boxbuddy + ]; - virtualisation.podman = { - enable = true; - dockerCompat = true; - package = pkgs.stable.podman; + virtualisation.podman = { + enable = true; + dockerCompat = true; + package = pkgs.stable.podman; + }; }; - } diff --git a/modules/nixos/common/env.nix b/modules/nixos/common/env.nix index 610f984..687efb3 100644 --- a/modules/nixos/common/env.nix +++ b/modules/nixos/common/env.nix @@ -1,16 +1,18 @@ -{ lib, pkgs, ... }: +{ lib, config, pkgs, ... }: { - environment = { - wordlist.enable = true; - sessionVariables = { - NIXOS_OZONE_WL = "1"; - GST_PLUGIN_SYSTEM_PATH_1_0 = lib.makeSearchPathOutput "lib" "lib/gstreamer-1.0" (with pkgs.gst_all_1; [ - gst-plugins-good - gst-plugins-bad - gst-plugins-ugly - gst-libav - ]); + options.swarselsystems.modules.env = lib.mkEnableOption "environment config"; + config = lib.mkIf config.swarselsystems.modules.env { + environment = { + wordlist.enable = true; + sessionVariables = { + NIXOS_OZONE_WL = "1"; + GST_PLUGIN_SYSTEM_PATH_1_0 = lib.makeSearchPathOutput "lib" "lib/gstreamer-1.0" (with pkgs.gst_all_1; [ + gst-plugins-good + gst-plugins-bad + gst-plugins-ugly + gst-libav + ]); + }; }; }; - # gstreamer plugins for nautilus (used for file metadata) } diff --git a/modules/nixos/common/gc.nix b/modules/nixos/common/gc.nix index 3004bd8..d7c7482 100644 --- a/modules/nixos/common/gc.nix +++ b/modules/nixos/common/gc.nix @@ -1,9 +1,12 @@ -_: +{ lib, config, ... }: { - nix.gc = { - automatic = true; - randomizedDelaySec = "14m"; - dates = "weekly"; - options = "--delete-older-than 10d"; + options.swarselsystems.modules.gc = lib.mkEnableOption "garbage collection config"; + config = lib.mkIf config.swarselsystems.modules.gc { + nix.gc = { + automatic = true; + randomizedDelaySec = "14m"; + dates = "weekly"; + options = "--delete-older-than 10d"; + }; }; } diff --git a/modules/nixos/common/gnome-keyring.nix b/modules/nixos/common/gnome-keyring.nix index 539484b..07131eb 100644 --- a/modules/nixos/common/gnome-keyring.nix +++ b/modules/nixos/common/gnome-keyring.nix @@ -1,8 +1,11 @@ -_: +{ lib, config, ... }: { - services.gnome.gnome-keyring = { - enable = true; - }; + options.swarselsystems.modules.gnome-keyring = lib.mkEnableOption "gnome-keyring config"; + config = lib.mkIf config.swarselsystems.modules.gnome-keyring { + services.gnome.gnome-keyring = { + enable = true; + }; - programs.seahorse.enable = true; + programs.seahorse.enable = true; + }; } diff --git a/modules/nixos/common/gvfs.nix b/modules/nixos/common/gvfs.nix index bf4a62e..1f6bbd0 100644 --- a/modules/nixos/common/gvfs.nix +++ b/modules/nixos/common/gvfs.nix @@ -1,4 +1,7 @@ -_: +{ lib, config, ... }: { - services.gvfs.enable = true; + options.swarselsystems.modules.gvfs = lib.mkEnableOption "gvfs config for nautilus"; + config = lib.mkIf config.swarselsystems.modules.gvfs { + services.gvfs.enable = true; + }; } diff --git a/modules/nixos/common/hardware.nix b/modules/nixos/common/hardware.nix index 204cbc6..6badc2a 100644 --- a/modules/nixos/common/hardware.nix +++ b/modules/nixos/common/hardware.nix @@ -2,6 +2,7 @@ { options.swarselsystems = { + modules.hardware = lib.mkEnableOption "hardware config"; hasBluetooth = lib.mkEnableOption "bluetooth availability"; hasFingerprint = lib.mkEnableOption "fingerprint sensor availability"; trackpoint = { @@ -12,7 +13,7 @@ }; }; }; - config = { + config = lib.mkIf config.swarselsystems.modules.hardware { hardware = { # opengl.driSupport32Bit = true is replaced with graphics.enable32Bit and hence redundant graphics = { diff --git a/modules/nixos/common/hardwarecompatibility-keyboards.nix b/modules/nixos/common/hardwarecompatibility-keyboards.nix index 57475b3..8a17a5f 100644 --- a/modules/nixos/common/hardwarecompatibility-keyboards.nix +++ b/modules/nixos/common/hardwarecompatibility-keyboards.nix @@ -1,8 +1,11 @@ -{ pkgs, ... }: +{ lib, config, pkgs, ... }: { - services.udev.packages = with pkgs; [ - qmk-udev-rules - vial - via - ]; + options.swarselsystems.modules.keyboards = lib.mkEnableOption "keyboards config"; + config = lib.mkIf config.swarselsystems.modules.keyboards { + services.udev.packages = with pkgs; [ + qmk-udev-rules + vial + via + ]; + }; } diff --git a/modules/nixos/common/hardwarecompatibility-ledger.nix b/modules/nixos/common/hardwarecompatibility-ledger.nix index 097bd69..85e87a1 100644 --- a/modules/nixos/common/hardwarecompatibility-ledger.nix +++ b/modules/nixos/common/hardwarecompatibility-ledger.nix @@ -1,9 +1,12 @@ -{ pkgs, ... }: +{ lib, config, pkgs, ... }: { - hardware.ledger.enable = true; + options.swarselsystems.modules.ledger = lib.mkEnableOption "ledger config"; + config = lib.mkIf config.swarselsystems.modules.ledger { + hardware.ledger.enable = true; - services.udev.packages = with pkgs; [ - ledger-udev-rules - ]; + services.udev.packages = with pkgs; [ + ledger-udev-rules + ]; + }; } diff --git a/modules/nixos/common/hardwarecompatibility-yubikey.nix b/modules/nixos/common/hardwarecompatibility-yubikey.nix index c9fa165..a20af81 100644 --- a/modules/nixos/common/hardwarecompatibility-yubikey.nix +++ b/modules/nixos/common/hardwarecompatibility-yubikey.nix @@ -1,21 +1,16 @@ -{ pkgs, ... }: +{ lib, config, pkgs, ... }: { - programs.ssh.startAgent = false; + options.swarselsystems.modules.yubikey = lib.mkEnableOption "yubikey config"; + config = lib.mkIf config.swarselsystems.modules.yubikey { + programs.ssh.startAgent = false; - services.pcscd.enable = false; + services.pcscd.enable = false; - hardware.gpgSmartcards.enable = true; + hardware.gpgSmartcards.enable = true; - services.udev.packages = with pkgs; [ - yubikey-personalization - ]; - - # systemd.services.shutdownSopsGpg = { - # path = [ pkgs.gnupg ]; - # script = '' - # gpgconf --homedir /var/lib/sops --kill gpg-agent - # ''; - # wantedBy = [ "multi-user.target" ]; - # }; + services.udev.packages = with pkgs; [ + yubikey-personalization + ]; + }; } diff --git a/modules/nixos/common/home-manager-extra.nix b/modules/nixos/common/home-manager-extra.nix index 4367226..96b9089 100644 --- a/modules/nixos/common/home-manager-extra.nix +++ b/modules/nixos/common/home-manager-extra.nix @@ -1,6 +1,9 @@ { inputs, config, lib, ... }: { - home-manager = lib.mkIf config.swarselsystems.withHomeManager { - extraSpecialArgs = { inherit (inputs) nix-secrets nixgl; }; + options.swarselsystems.modules.home-managerExtra = lib.mkEnableOption "home-manager extras for non-chaostheatre"; + config = lib.mkIf config.swarselsystems.modules.home-managerExtra { + home-manager = lib.mkIf config.swarselsystems.withHomeManager { + extraSpecialArgs = { inherit (inputs) nix-secrets nixgl; }; + }; }; } diff --git a/modules/nixos/common/home-manager.nix b/modules/nixos/common/home-manager.nix index e8ebd6c..070f94f 100644 --- a/modules/nixos/common/home-manager.nix +++ b/modules/nixos/common/home-manager.nix @@ -1,8 +1,12 @@ { inputs, config, lib, ... }: { - home-manager = lib.mkIf config.swarselsystems.withHomeManager { - useGlobalPkgs = true; - useUserPackages = true; - extraSpecialArgs = { inherit (inputs) self; }; + + options.swarselsystems.modules.home-manager = lib.mkEnableOption "home-manager"; + config = lib.mkIf config.swarselsystems.modules.home-manager { + home-manager = lib.mkIf config.swarselsystems.withHomeManager { + useGlobalPkgs = true; + useUserPackages = true; + extraSpecialArgs = { inherit (inputs) self; }; + }; }; } diff --git a/modules/nixos/common/impermanence.nix b/modules/nixos/common/impermanence.nix index c3201b0..00a2956 100644 --- a/modules/nixos/common/impermanence.nix +++ b/modules/nixos/common/impermanence.nix @@ -4,88 +4,91 @@ let inherit (config.swarselsystems) homeDir isImpermanence isCrypted; in { + options.swarselsystems.modules.impermanence = lib.mkEnableOption "impermanence config"; + config = lib.mkIf config.swarselsystems.modules.impermanence { - security.sudo.extraConfig = lib.mkIf isImpermanence '' - # rollback results in sudo lectures after each reboot - Defaults lecture = never - ''; - - # This script does the actual wipe of the system - # So if it doesn't run, the btrfs system effectively acts like a normal system - # Taken from https://github.com/NotAShelf/nyx/blob/2a8273ed3f11a4b4ca027a68405d9eb35eba567b/modules/core/common/system/impermanence/default.nix - - boot.initrd.systemd.enable = lib.mkIf isImpermanence true; - - boot.initrd.systemd.services.rollback = lib.mkIf isImpermanence { - description = "Rollback BTRFS root subvolume to a pristine state"; - wantedBy = [ "initrd.target" ]; - # make sure it's done after encryption - # i.e. LUKS/TPM process - after = lib.swarselsystems.mkIfElseList isCrypted [ "systemd-cryptsetup@cryptroot.service" ] [ "dev-disk-by\\x2dlabel-nixos.device" ]; - requires = lib.mkIf (!isCrypted) [ "dev-disk-by\\x2dlabel-nixos.device" ]; - # mount the root fs before clearing - before = [ "sysroot.mount" ]; - unitConfig.DefaultDependencies = "no"; - serviceConfig.Type = "oneshot"; - script = '' - mkdir -p /mnt - - # We first mount the btrfs root to /mnt - # so we can manipulate btrfs subvolumes. - mount -o subvolid=5 -t btrfs ${mapperTarget} /mnt - btrfs subvolume list -o /mnt/root - - # While we're tempted to just delete /root and create - # a new snapshot from /root-blank, /root is already - # populated at this point with a number of subvolumes, - # which makes `btrfs subvolume delete` fail. - # So, we remove them first. - # - # /root contains subvolumes: - # - /root/var/lib/portables - # - /root/var/lib/machines - - btrfs subvolume list -o /mnt/root | - cut -f9 -d' ' | - while read subvolume; do - echo "deleting /$subvolume subvolume..." - btrfs subvolume delete "/mnt/$subvolume" - done && - echo "deleting /root subvolume..." && - btrfs subvolume delete /mnt/root - - echo "restoring blank /root subvolume..." - btrfs subvolume snapshot /mnt/root-blank /mnt/root - - # Once we're done rolling back to a blank snapshot, - # we can unmount /mnt and continue on the boot process. - umount /mnt + security.sudo.extraConfig = lib.mkIf isImpermanence '' + # rollback results in sudo lectures after each reboot + Defaults lecture = never ''; - }; + + # This script does the actual wipe of the system + # So if it doesn't run, the btrfs system effectively acts like a normal system + # Taken from https://github.com/NotAShelf/nyx/blob/2a8273ed3f11a4b4ca027a68405d9eb35eba567b/modules/core/common/system/impermanence/default.nix + + boot.initrd.systemd.enable = lib.mkIf isImpermanence true; + + boot.initrd.systemd.services.rollback = lib.mkIf isImpermanence { + description = "Rollback BTRFS root subvolume to a pristine state"; + wantedBy = [ "initrd.target" ]; + # make sure it's done after encryption + # i.e. LUKS/TPM process + after = lib.swarselsystems.mkIfElseList isCrypted [ "systemd-cryptsetup@cryptroot.service" ] [ "dev-disk-by\\x2dlabel-nixos.device" ]; + requires = lib.mkIf (!isCrypted) [ "dev-disk-by\\x2dlabel-nixos.device" ]; + # mount the root fs before clearing + before = [ "sysroot.mount" ]; + unitConfig.DefaultDependencies = "no"; + serviceConfig.Type = "oneshot"; + script = '' + mkdir -p /mnt + + # We first mount the btrfs root to /mnt + # so we can manipulate btrfs subvolumes. + mount -o subvolid=5 -t btrfs ${mapperTarget} /mnt + btrfs subvolume list -o /mnt/root + + # While we're tempted to just delete /root and create + # a new snapshot from /root-blank, /root is already + # populated at this point with a number of subvolumes, + # which makes `btrfs subvolume delete` fail. + # So, we remove them first. + # + # /root contains subvolumes: + # - /root/var/lib/portables + # - /root/var/lib/machines + + btrfs subvolume list -o /mnt/root | + cut -f9 -d' ' | + while read subvolume; do + echo "deleting /$subvolume subvolume..." + btrfs subvolume delete "/mnt/$subvolume" + done && + echo "deleting /root subvolume..." && + btrfs subvolume delete /mnt/root + + echo "restoring blank /root subvolume..." + btrfs subvolume snapshot /mnt/root-blank /mnt/root + + # Once we're done rolling back to a blank snapshot, + # we can unmount /mnt and continue on the boot process. + umount /mnt + ''; + }; - environment.persistence."/persist" = lib.mkIf isImpermanence { - hideMounts = true; - directories = - [ - "/.cache/nix" - "/srv" - "/etc/nixos" - "/etc/nix" - "/etc/NetworkManager/system-connections" - # "/etc/secureboot" - "${homeDir}/.dotfiles" - "/var/db/sudo" - "/var/cache" - "/var/lib" + environment.persistence."/persist" = lib.mkIf isImpermanence { + hideMounts = true; + directories = + [ + "/.cache/nix" + "/srv" + "/etc/nixos" + "/etc/nix" + "/etc/NetworkManager/system-connections" + # "/etc/secureboot" + "${homeDir}/.dotfiles" + "/var/db/sudo" + "/var/cache" + "/var/lib" + ]; + + files = [ + "/etc/ssh/ssh_host_ed25519_key" + "/etc/ssh/ssh_host_ed25519_key.pub" + "/etc/ssh/ssh_host_rsa_key" + "/etc/ssh/ssh_host_rsa_key.pub" ]; - - files = [ - "/etc/ssh/ssh_host_ed25519_key" - "/etc/ssh/ssh_host_ed25519_key.pub" - "/etc/ssh/ssh_host_rsa_key" - "/etc/ssh/ssh_host_rsa_key.pub" - ]; + }; }; } diff --git a/modules/nixos/common/interceptiontools.nix b/modules/nixos/common/interceptiontools.nix index b773406..5be8b9a 100644 --- a/modules/nixos/common/interceptiontools.nix +++ b/modules/nixos/common/interceptiontools.nix @@ -1,29 +1,32 @@ -{ pkgs, ... }: +{ lib, config, pkgs, ... }: { - # Make CAPS work as a dual function ESC/CTRL key - services.interception-tools = { - enable = true; - udevmonConfig = - let - dualFunctionKeysConfig = builtins.toFile "dual-function-keys.yaml" '' - TIMING: - TAP_MILLISEC: 200 - DOUBLE_TAP_MILLISEC: 0 + options.swarselsystems.modules.interceptionTools = lib.mkEnableOption "interception tools config"; + config = lib.mkIf config.swarselsystems.modules.interceptionTools { + # Make CAPS work as a dual function ESC/CTRL key + services.interception-tools = { + enable = true; + udevmonConfig = + let + dualFunctionKeysConfig = builtins.toFile "dual-function-keys.yaml" '' + TIMING: + TAP_MILLISEC: 200 + DOUBLE_TAP_MILLISEC: 0 - MAPPINGS: - - KEY: KEY_CAPSLOCK - TAP: KEY_ESC - HOLD: KEY_LEFTCTRL + MAPPINGS: + - KEY: KEY_CAPSLOCK + TAP: KEY_ESC + HOLD: KEY_LEFTCTRL + ''; + in + '' + - JOB: | + ${pkgs.interception-tools}/bin/intercept -g $DEVNODE \ + | ${pkgs.interception-tools-plugins.dual-function-keys}/bin/dual-function-keys -c ${dualFunctionKeysConfig} \ + | ${pkgs.interception-tools}/bin/uinput -d $DEVNODE + DEVICE: + EVENTS: + EV_KEY: [KEY_CAPSLOCK] ''; - in - '' - - JOB: | - ${pkgs.interception-tools}/bin/intercept -g $DEVNODE \ - | ${pkgs.interception-tools-plugins.dual-function-keys}/bin/dual-function-keys -c ${dualFunctionKeysConfig} \ - | ${pkgs.interception-tools}/bin/uinput -d $DEVNODE - DEVICE: - EVENTS: - EV_KEY: [KEY_CAPSLOCK] - ''; + }; }; } diff --git a/modules/nixos/common/lanzaboote.nix b/modules/nixos/common/lanzaboote.nix index 1b2ebf4..6801eda 100644 --- a/modules/nixos/common/lanzaboote.nix +++ b/modules/nixos/common/lanzaboote.nix @@ -1,14 +1,17 @@ { lib, config, ... }: { - boot = { - loader = { - efi.canTouchEfiVariables = true; - systemd-boot.enable = lib.swarselsystems.mkIfElse (config.swarselsystems.initialSetup || !config.swarselsystems.isSecureBoot) (lib.mkForce true) (lib.mkForce false); - }; - lanzaboote = lib.mkIf (!config.swarselsystems.initialSetup && config.swarselsystems.isSecureBoot) { - enable = true; - pkiBundle = "/var/lib/sbctl"; - configurationLimit = 3; + options.swarselsystems.modules.lanzaboote = lib.mkEnableOption "lanzaboote config"; + config = lib.mkIf config.swarselsystems.modules.lanzaboote { + boot = { + loader = { + efi.canTouchEfiVariables = true; + systemd-boot.enable = lib.swarselsystems.mkIfElse (config.swarselsystems.initialSetup || !config.swarselsystems.isSecureBoot) (lib.mkForce true) (lib.mkForce false); + }; + lanzaboote = lib.mkIf (!config.swarselsystems.initialSetup && config.swarselsystems.isSecureBoot) { + enable = true; + pkiBundle = "/var/lib/sbctl"; + configurationLimit = 3; + }; }; }; } diff --git a/modules/nixos/common/lid.nix b/modules/nixos/common/lid.nix index 824f29b..b2d579d 100644 --- a/modules/nixos/common/lid.nix +++ b/modules/nixos/common/lid.nix @@ -1,34 +1,37 @@ -_: +{ lib, config, ... }: { - services.logind = { - lidSwitch = "suspend"; - lidSwitchDocked = "ignore"; - }; - services.acpid = { - enable = true; - handlers.lidClosed = { - event = "button/lid \\w+ close"; - action = '' - cat /sys/class/backlight/amdgpu_bl1/device/enabled - if grep -Fxq disabled /sys/class/backlight/amdgpu_bl1/device/enabled - then - echo "Lid closed. Disabling fprintd." - systemctl stop fprintd - ln -s /dev/null /run/systemd/transient/fprintd.service - systemctl daemon-reload - fi - ''; + options.swarselsystems.modules.lid = lib.mkEnableOption "lid config"; + config = lib.mkIf config.swarselsystems.modules.lid { + services.logind = { + lidSwitch = "suspend"; + lidSwitchDocked = "ignore"; }; - handlers.lidOpen = { - event = "button/lid \\w+ open"; - action = '' - if ! $(systemctl is-active --quiet fprintd); then - echo "Lid open. Enabling fprintd." - rm -f /run/systemd/transient/fprintd.service - systemctl daemon-reload - systemctl start fprintd - fi - ''; + services.acpid = { + enable = true; + handlers.lidClosed = { + event = "button/lid \\w+ close"; + action = '' + cat /sys/class/backlight/amdgpu_bl1/device/enabled + if grep -Fxq disabled /sys/class/backlight/amdgpu_bl1/device/enabled + then + echo "Lid closed. Disabling fprintd." + systemctl stop fprintd + ln -s /dev/null /run/systemd/transient/fprintd.service + systemctl daemon-reload + fi + ''; + }; + handlers.lidOpen = { + event = "button/lid \\w+ open"; + action = '' + if ! $(systemctl is-active --quiet fprintd); then + echo "Lid open. Enabling fprintd." + rm -f /run/systemd/transient/fprintd.service + systemctl daemon-reload + systemctl start fprintd + fi + ''; + }; }; }; } diff --git a/modules/nixos/common/login.nix b/modules/nixos/common/login.nix index 1d47d69..5b1748f 100644 --- a/modules/nixos/common/login.nix +++ b/modules/nixos/common/login.nix @@ -1,20 +1,23 @@ -{ pkgs, ... }: +{ lib, config, pkgs, ... }: { - services.greetd = { - enable = true; - settings = { - initial_session.command = "sway"; - default_session.command = '' - ${pkgs.greetd.tuigreet}/bin/tuigreet \ - --time \ - --asterisks \ - --user-menu \ - --cmd sway - ''; + options.swarselsystems.modules.login = lib.mkEnableOption "login config"; + config = lib.mkIf config.swarselsystems.modules.login { + services.greetd = { + enable = true; + settings = { + initial_session.command = "sway"; + default_session.command = '' + ${pkgs.greetd.tuigreet}/bin/tuigreet \ + --time \ + --asterisks \ + --user-menu \ + --cmd sway + ''; + }; }; - }; - environment.etc."greetd/environments".text = '' - sway - ''; + environment.etc."greetd/environments".text = '' + sway + ''; + }; } diff --git a/modules/nixos/common/lowbattery.nix b/modules/nixos/common/lowbattery.nix index 14ad6a3..12bad22 100644 --- a/modules/nixos/common/lowbattery.nix +++ b/modules/nixos/common/lowbattery.nix @@ -1,26 +1,29 @@ -{ pkgs, lib, ... }: +{ pkgs, lib, config, ... }: { - systemd.user.services."battery-low" = { - enable = true; - description = "Timer for battery check that alerts at 10% or less"; - partOf = [ "graphical-session.target" ]; - wantedBy = [ "graphical-session.target" ]; - serviceConfig = { - Type = "simple"; - ExecStart = pkgs.writeShellScript "battery-low-notification" - '' - if (( 10 >= $(${lib.getExe pkgs.acpi} -b | head -n 1 | ${lib.getExe pkgs.ripgrep} -o "\d+%" | ${lib.getExe pkgs.ripgrep} -o "\d+") && $(${lib.getExe pkgs.acpi} -b | head -n 1 | ${lib.getExe pkgs.ripgrep} -o "\d+%" | ${lib.getExe pkgs.ripgrep} -o "\d+") > 0 )); - then ${lib.getExe pkgs.libnotify} --urgency=critical "low battery" "$(${lib.getExe pkgs.acpi} -b | head -n 1 | ${lib.getExe pkgs.ripgrep} -o "\d+%")"; - fi; - ''; + options.swarselsystems.modules.lowBattery = lib.mkEnableOption "low battery notification config"; + config = lib.mkIf config.swarselsystems.modules.lowBattery { + systemd.user.services."battery-low" = { + enable = true; + description = "Timer for battery check that alerts at 10% or less"; + partOf = [ "graphical-session.target" ]; + wantedBy = [ "graphical-session.target" ]; + serviceConfig = { + Type = "simple"; + ExecStart = pkgs.writeShellScript "battery-low-notification" + '' + if (( 10 >= $(${lib.getExe pkgs.acpi} -b | head -n 1 | ${lib.getExe pkgs.ripgrep} -o "\d+%" | ${lib.getExe pkgs.ripgrep} -o "\d+") && $(${lib.getExe pkgs.acpi} -b | head -n 1 | ${lib.getExe pkgs.ripgrep} -o "\d+%" | ${lib.getExe pkgs.ripgrep} -o "\d+") > 0 )); + then ${lib.getExe pkgs.libnotify} --urgency=critical "low battery" "$(${lib.getExe pkgs.acpi} -b | head -n 1 | ${lib.getExe pkgs.ripgrep} -o "\d+%")"; + fi; + ''; + }; }; - }; - systemd.user.timers."battery-low" = { - wantedBy = [ "timers.target" ]; - timerConfig = { - # Every Minute - OnCalendar = "*-*-* *:*:00"; - Unit = "battery-low.service"; + systemd.user.timers."battery-low" = { + wantedBy = [ "timers.target" ]; + timerConfig = { + # Every Minute + OnCalendar = "*-*-* *:*:00"; + Unit = "battery-low.service"; + }; }; }; } diff --git a/modules/nixos/common/network.nix b/modules/nixos/common/network.nix index 8d4908f..25a417c 100644 --- a/modules/nixos/common/network.nix +++ b/modules/nixos/common/network.nix @@ -1,245 +1,248 @@ { lib, config, ... }: { - networking = { - nftables.enable = lib.mkDefault true; - enableIPv6 = lib.mkDefault true; - firewall = { - checkReversePath = lib.mkDefault false; - enable = lib.mkDefault true; - allowedUDPPorts = [ 51820 ]; # 51820: wireguard - allowedTCPPortRanges = [ - { from = 1714; to = 1764; } # kde-connect - ]; - allowedUDPPortRanges = [ - { from = 1714; to = 1764; } # kde-connect - ]; - }; - - networkmanager = { - enable = true; - ensureProfiles = lib.mkIf (!config.swarselsystems.isPublic) { - environmentFiles = [ - "${config.sops.templates."network-manager.env".path}" + options.swarselsystems.modules.network = lib.mkEnableOption "network config"; + config = lib.mkIf config.swarselsystems.modules.network { + networking = { + nftables.enable = lib.mkDefault true; + enableIPv6 = lib.mkDefault true; + firewall = { + checkReversePath = lib.mkDefault false; + enable = lib.mkDefault true; + allowedUDPPorts = [ 51820 ]; # 51820: wireguard + allowedTCPPortRanges = [ + { from = 1714; to = 1764; } # kde-connect ]; - profiles = { - "Ernest Routerford" = { - connection = { - id = "Ernest Routerford"; - permissions = ""; - type = "wifi"; - }; - ipv4 = { - dns-search = ""; - method = "auto"; - }; - ipv6 = { - addr-gen-mode = "stable-privacy"; - dns-search = ""; - method = "auto"; - }; - wifi = { - mac-address-blacklist = ""; - mode = "infrastructure"; - ssid = "Ernest Routerford"; - }; - wifi-security = { - auth-alg = "open"; - key-mgmt = "wpa-psk"; - psk = "$ERNEST"; - }; - }; + allowedUDPPortRanges = [ + { from = 1714; to = 1764; } # kde-connect + ]; + }; - LAN-Party = { - connection = { - autoconnect = "false"; - id = "LAN-Party"; - type = "ethernet"; + networkmanager = { + enable = true; + ensureProfiles = lib.mkIf (!config.swarselsystems.isPublic) { + environmentFiles = [ + "${config.sops.templates."network-manager.env".path}" + ]; + profiles = { + "Ernest Routerford" = { + connection = { + id = "Ernest Routerford"; + permissions = ""; + type = "wifi"; + }; + ipv4 = { + dns-search = ""; + method = "auto"; + }; + ipv6 = { + addr-gen-mode = "stable-privacy"; + dns-search = ""; + method = "auto"; + }; + wifi = { + mac-address-blacklist = ""; + mode = "infrastructure"; + ssid = "Ernest Routerford"; + }; + wifi-security = { + auth-alg = "open"; + key-mgmt = "wpa-psk"; + psk = "$ERNEST"; + }; }; - ethernet = { - auto-negotiate = "true"; - cloned-mac-address = "preserve"; - mac-address = "90:2E:16:D0:A1:87"; - }; - ipv4 = { method = "shared"; }; - ipv6 = { - addr-gen-mode = "stable-privacy"; - method = "auto"; - }; - proxy = { }; - }; - eduroam = { - "802-1x" = { - eap = "ttls;"; - identity = "$EDUID"; - password = "$EDUPASS"; - phase2-auth = "mschapv2"; + LAN-Party = { + connection = { + autoconnect = "false"; + id = "LAN-Party"; + type = "ethernet"; + }; + ethernet = { + auto-negotiate = "true"; + cloned-mac-address = "preserve"; + mac-address = "90:2E:16:D0:A1:87"; + }; + ipv4 = { method = "shared"; }; + ipv6 = { + addr-gen-mode = "stable-privacy"; + method = "auto"; + }; + proxy = { }; }; - connection = { - id = "eduroam"; - type = "wifi"; - }; - ipv4 = { method = "auto"; }; - ipv6 = { - addr-gen-mode = "default"; - method = "auto"; - }; - proxy = { }; - wifi = { - mode = "infrastructure"; - ssid = "eduroam"; - }; - wifi-security = { - auth-alg = "open"; - key-mgmt = "wpa-eap"; - }; - }; - local = { - connection = { - autoconnect = "false"; - id = "local"; - type = "ethernet"; + eduroam = { + "802-1x" = { + eap = "ttls;"; + identity = "$EDUID"; + password = "$EDUPASS"; + phase2-auth = "mschapv2"; + }; + connection = { + id = "eduroam"; + type = "wifi"; + }; + ipv4 = { method = "auto"; }; + ipv6 = { + addr-gen-mode = "default"; + method = "auto"; + }; + proxy = { }; + wifi = { + mode = "infrastructure"; + ssid = "eduroam"; + }; + wifi-security = { + auth-alg = "open"; + key-mgmt = "wpa-eap"; + }; }; - ethernet = { }; - ipv4 = { - address1 = "10.42.1.1/24"; - method = "shared"; - }; - ipv6 = { - addr-gen-mode = "stable-privacy"; - method = "auto"; - }; - proxy = { }; - }; - HH40V_39F5 = { - connection = { - id = "HH40V_39F5"; - type = "wifi"; + local = { + connection = { + autoconnect = "false"; + id = "local"; + type = "ethernet"; + }; + ethernet = { }; + ipv4 = { + address1 = "10.42.1.1/24"; + method = "shared"; + }; + ipv6 = { + addr-gen-mode = "stable-privacy"; + method = "auto"; + }; + proxy = { }; }; - ipv4 = { method = "auto"; }; - ipv6 = { - addr-gen-mode = "stable-privacy"; - method = "auto"; - }; - proxy = { }; - wifi = { - band = "bg"; - mode = "infrastructure"; - ssid = "HH40V_39F5"; - }; - wifi-security = { - key-mgmt = "wpa-psk"; - psk = "$FRAUNS"; - }; - }; - magicant = { - connection = { - id = "magicant"; - type = "wifi"; + HH40V_39F5 = { + connection = { + id = "HH40V_39F5"; + type = "wifi"; + }; + ipv4 = { method = "auto"; }; + ipv6 = { + addr-gen-mode = "stable-privacy"; + method = "auto"; + }; + proxy = { }; + wifi = { + band = "bg"; + mode = "infrastructure"; + ssid = "HH40V_39F5"; + }; + wifi-security = { + key-mgmt = "wpa-psk"; + psk = "$FRAUNS"; + }; }; - ipv4 = { method = "auto"; }; - ipv6 = { - addr-gen-mode = "default"; - method = "auto"; - }; - proxy = { }; - wifi = { - mode = "infrastructure"; - ssid = "magicant"; - }; - wifi-security = { - auth-alg = "open"; - key-mgmt = "wpa-psk"; - psk = "$HANDYHOTSPOT"; - }; - }; - wireguardvpn = { - connection = { - id = "HomeVPN"; - type = "wireguard"; - autoconnect = "false"; - interface-name = "wg1"; + magicant = { + connection = { + id = "magicant"; + type = "wifi"; + }; + ipv4 = { method = "auto"; }; + ipv6 = { + addr-gen-mode = "default"; + method = "auto"; + }; + proxy = { }; + wifi = { + mode = "infrastructure"; + ssid = "magicant"; + }; + wifi-security = { + auth-alg = "open"; + key-mgmt = "wpa-psk"; + psk = "$HANDYHOTSPOT"; + }; }; - wireguard = { private-key = "$WIREGUARDPRIV"; }; - "wireguard-peer.$WIREGUARDPUB" = { - endpoint = "$WIREGUARDENDPOINT"; - allowed-ips = "0.0.0.0/0"; - }; - ipv4 = { - method = "ignore"; - address1 = "192.168.3.3/32"; - }; - ipv6 = { - addr-gen-mode = "stable-privacy"; - method = "ignore"; - }; - proxy = { }; - }; - "sweden-aes-128-cbc-udp-dns" = { - connection = { - autoconnect = "false"; - id = "PIA Sweden"; - type = "vpn"; + wireguardvpn = { + connection = { + id = "HomeVPN"; + type = "wireguard"; + autoconnect = "false"; + interface-name = "wg1"; + }; + wireguard = { private-key = "$WIREGUARDPRIV"; }; + "wireguard-peer.$WIREGUARDPUB" = { + endpoint = "$WIREGUARDENDPOINT"; + allowed-ips = "0.0.0.0/0"; + }; + ipv4 = { + method = "ignore"; + address1 = "192.168.3.3/32"; + }; + ipv6 = { + addr-gen-mode = "stable-privacy"; + method = "ignore"; + }; + proxy = { }; }; - ipv4 = { method = "auto"; }; - ipv6 = { - addr-gen-mode = "stable-privacy"; - method = "auto"; - }; - proxy = { }; - vpn = { - auth = "sha1"; - ca = config.sops.secrets."sweden-aes-128-cbc-udp-dns-ca.pem".path; - challenge-response-flags = "2"; - cipher = "aes-128-cbc"; - compress = "yes"; - connection-type = "password"; - crl-verify-file = config.sops.secrets."sweden-aes-128-cbc-udp-dns-crl-verify.pem".path; - dev = "tun"; - password-flags = "0"; - remote = "sweden.privacy.network:1198"; - remote-cert-tls = "server"; - reneg-seconds = "0"; - service-type = "org.freedesktop.NetworkManager.openvpn"; - username = "$VPNUSER"; - }; - vpn-secrets = { password = "$VPNPASS"; }; - }; - Hotspot = { - connection = { - autoconnect = "false"; - id = "Hotspot"; - type = "wifi"; + "sweden-aes-128-cbc-udp-dns" = { + connection = { + autoconnect = "false"; + id = "PIA Sweden"; + type = "vpn"; + }; + ipv4 = { method = "auto"; }; + ipv6 = { + addr-gen-mode = "stable-privacy"; + method = "auto"; + }; + proxy = { }; + vpn = { + auth = "sha1"; + ca = config.sops.secrets."sweden-aes-128-cbc-udp-dns-ca.pem".path; + challenge-response-flags = "2"; + cipher = "aes-128-cbc"; + compress = "yes"; + connection-type = "password"; + crl-verify-file = config.sops.secrets."sweden-aes-128-cbc-udp-dns-crl-verify.pem".path; + dev = "tun"; + password-flags = "0"; + remote = "sweden.privacy.network:1198"; + remote-cert-tls = "server"; + reneg-seconds = "0"; + service-type = "org.freedesktop.NetworkManager.openvpn"; + username = "$VPNUSER"; + }; + vpn-secrets = { password = "$VPNPASS"; }; }; - ipv4 = { method = "shared"; }; - ipv6 = { - addr-gen-mode = "default"; - method = "ignore"; - }; - proxy = { }; - wifi = { - mode = "ap"; - ssid = "Hotspot-${config.swarselsystems.mainUser}"; - }; - wifi-security = { - group = "ccmp;"; - key-mgmt = "wpa-psk"; - pairwise = "ccmp;"; - proto = "rsn;"; - psk = "$HOTSPOT"; - }; - }; + Hotspot = { + connection = { + autoconnect = "false"; + id = "Hotspot"; + type = "wifi"; + }; + ipv4 = { method = "shared"; }; + ipv6 = { + addr-gen-mode = "default"; + method = "ignore"; + }; + proxy = { }; + wifi = { + mode = "ap"; + ssid = "Hotspot-${config.swarselsystems.mainUser}"; + }; + wifi-security = { + group = "ccmp;"; + key-mgmt = "wpa-psk"; + pairwise = "ccmp;"; + proto = "rsn;"; + psk = "$HOTSPOT"; + }; + }; + + }; }; }; }; - }; - systemd.services.NetworkManager-ensure-profiles.after = [ "NetworkManager.service" ]; + systemd.services.NetworkManager-ensure-profiles.after = [ "NetworkManager.service" ]; + }; } diff --git a/modules/nixos/common/networkdevices.nix b/modules/nixos/common/networkdevices.nix index 0ae49eb..07b2b9c 100644 --- a/modules/nixos/common/networkdevices.nix +++ b/modules/nixos/common/networkdevices.nix @@ -1,30 +1,33 @@ -{ pkgs, ... }: +{ lib, config, pkgs, ... }: { - # enable scanners over network - hardware.sane = { - enable = true; - extraBackends = [ pkgs.sane-airscan ]; - }; + options.swarselsystems.modules.networkDevices = lib.mkEnableOption "network device config"; + config = lib.mkIf config.swarselsystems.modules.networkDevices { + # enable scanners over network + hardware.sane = { + enable = true; + extraBackends = [ pkgs.sane-airscan ]; + }; - # enable discovery and usage of network devices (esp. printers) - services.printing = { - enable = true; - drivers = [ - pkgs.gutenprint - pkgs.gutenprintBin - ]; - browsedConf = '' - BrowseDNSSDSubTypes _cups,_print - BrowseLocalProtocols all - BrowseRemoteProtocols all - CreateIPPPrinterQueues All - BrowseProtocols all - ''; - }; + # enable discovery and usage of network devices (esp. printers) + services.printing = { + enable = true; + drivers = [ + pkgs.gutenprint + pkgs.gutenprintBin + ]; + browsedConf = '' + BrowseDNSSDSubTypes _cups,_print + BrowseLocalProtocols all + BrowseRemoteProtocols all + CreateIPPPrinterQueues All + BrowseProtocols all + ''; + }; - services.avahi = { - enable = true; - nssmdns4 = true; - openFirewall = true; + services.avahi = { + enable = true; + nssmdns4 = true; + openFirewall = true; + }; }; } diff --git a/modules/nixos/common/nix-ld.nix b/modules/nixos/common/nix-ld.nix index ac5514e..5b38b9d 100644 --- a/modules/nixos/common/nix-ld.nix +++ b/modules/nixos/common/nix-ld.nix @@ -1,110 +1,113 @@ -{ pkgs, ... }: +{ lib, config, pkgs, ... }: { - programs.nix-ld = { - enable = true; - libraries = with pkgs; [ - SDL - SDL2 - SDL2_image - SDL2_mixer - SDL2_ttf - SDL_image - SDL_mixer - SDL_ttf - alsa-lib - at-spi2-atk - at-spi2-core - atk - bzip2 - cairo - cups - curl - dbus - dbus-glib - expat - ffmpeg - flac - fontconfig - freeglut - freetype - fuse3 - gdk-pixbuf - glew110 - glib - stable.gnome2.GConf - pango - gtk2 - gtk3 - icu - libGL - libappindicator-gtk2 - libappindicator-gtk3 - libcaca - libcanberra - libcap - libdbusmenu-gtk2 - libdrm - libelf - libgcrypt - libglvnd - libidn - libindicator-gtk2 - libjpeg - libmikmod - libnotify - libogg - libpng - libpng12 - libpulseaudio - librsvg - libsamplerate - libtheora - libtiff - libudev0-shim - libunwind - libusb1 - libuuid - libva - libvdpau - libvorbis - libvpx - libxkbcommon - libxml2 - libz - mesa - nspr - nss - openssl - pango - pipewire - pixman - speex - stdenv.cc.cc - steam-fhsenv-without-steam - systemd - tbb - vulkan-loader - xorg.libICE - xorg.libSM - xorg.libX11 - xorg.libXScrnSaver - xorg.libXcomposite - xorg.libXcursor - xorg.libXdamage - xorg.libXext - xorg.libXfixes - xorg.libXft - xorg.libXi - xorg.libXinerama - xorg.libXmu - xorg.libXrandr - xorg.libXrender - xorg.libXt - xorg.libXtst - xorg.libXxf86vm - xorg.libxcb - xorg.libxshmfence - zlib - ]; + options.swarselsystems.modules.nix-ld = lib.mkEnableOption "nix-ld config"; + config = lib.mkIf config.swarselsystems.modules.nix-ld { + programs.nix-ld = { + enable = true; + libraries = with pkgs; [ + SDL + SDL2 + SDL2_image + SDL2_mixer + SDL2_ttf + SDL_image + SDL_mixer + SDL_ttf + alsa-lib + at-spi2-atk + at-spi2-core + atk + bzip2 + cairo + cups + curl + dbus + dbus-glib + expat + ffmpeg + flac + fontconfig + freeglut + freetype + fuse3 + gdk-pixbuf + glew110 + glib + stable.gnome2.GConf + pango + gtk2 + gtk3 + icu + libGL + libappindicator-gtk2 + libappindicator-gtk3 + libcaca + libcanberra + libcap + libdbusmenu-gtk2 + libdrm + libelf + libgcrypt + libglvnd + libidn + libindicator-gtk2 + libjpeg + libmikmod + libnotify + libogg + libpng + libpng12 + libpulseaudio + librsvg + libsamplerate + libtheora + libtiff + libudev0-shim + libunwind + libusb1 + libuuid + libva + libvdpau + libvorbis + libvpx + libxkbcommon + libxml2 + libz + mesa + nspr + nss + openssl + pango + pipewire + pixman + speex + stdenv.cc.cc + steam-fhsenv-without-steam + systemd + tbb + vulkan-loader + xorg.libICE + xorg.libSM + xorg.libX11 + xorg.libXScrnSaver + xorg.libXcomposite + xorg.libXcursor + xorg.libXdamage + xorg.libXext + xorg.libXfixes + xorg.libXft + xorg.libXi + xorg.libXinerama + xorg.libXmu + xorg.libXrandr + xorg.libXrender + xorg.libXt + xorg.libXtst + xorg.libXxf86vm + xorg.libxcb + xorg.libxshmfence + zlib + ]; + }; }; } diff --git a/modules/nixos/common/nvd-rebuild.nix b/modules/nixos/common/nvd-rebuild.nix index e8e0938..9b2b482 100644 --- a/modules/nixos/common/nvd-rebuild.nix +++ b/modules/nixos/common/nvd-rebuild.nix @@ -1,10 +1,13 @@ -{ pkgs, ... }: +{ lib, config, pkgs, ... }: { - system.activationScripts.diff = { - supportsDryActivation = true; - text = '' - ${pkgs.nvd}/bin/nvd --color=always --nix-bin-dir=${pkgs.nix}/bin diff \ - /run/current-system "$systemConfig" - ''; + options.swarselsystems.modules.nvd = lib.mkEnableOption "nvd config"; + config = lib.mkIf config.swarselsystems.modules.nvd { + system.activationScripts.diff = { + supportsDryActivation = true; + text = '' + ${pkgs.nvd}/bin/nvd --color=always --nix-bin-dir=${pkgs.nix}/bin diff \ + /run/current-system "$systemConfig" + ''; + }; }; } diff --git a/modules/nixos/common/packages.nix b/modules/nixos/common/packages.nix index 438f3ea..8e0617c 100644 --- a/modules/nixos/common/packages.nix +++ b/modules/nixos/common/packages.nix @@ -1,123 +1,83 @@ -{ pkgs, ... }: +{ lib, config, pkgs, ... }: { - environment.systemPackages = with pkgs; [ - # yubikey packages - gnupg - yubikey-personalization - yubikey-personalization-gui - yubico-pam - yubioath-flutter - yubikey-manager - yubikey-manager-qt - yubikey-touch-detector - yubico-piv-tool - cfssl - pcsctools - pcscliteWithPolkit.out + options.swarselsystems.modules.packages = lib.mkEnableOption "install packages"; + config = lib.mkIf config.swarselsystems.modules.packages { + environment.systemPackages = with pkgs; [ + # yubikey packages + gnupg + yubikey-personalization + yubikey-personalization-gui + yubico-pam + yubioath-flutter + yubikey-manager + yubikey-manager-qt + yubikey-touch-detector + yubico-piv-tool + cfssl + pcsctools + pcscliteWithPolkit.out - # ledger packages - ledger-live-desktop + # ledger packages + ledger-live-desktop - # pinentry - dbus - swaylock-effects - syncthingtray-minimal - wl-mirror + # pinentry + dbus + swaylock-effects + syncthingtray-minimal + wl-mirror - # secure boot - sbctl + # secure boot + sbctl - libsForQt5.qt5.qtwayland + libsForQt5.qt5.qtwayland - # nix package database - nix-index - nixos-generators + # nix package database + nix-index + nixos-generators - # commit hooks - pre-commit + # commit hooks + pre-commit - # proc info - acpi + # proc info + acpi - # pci info - pciutils - usbutils + # pci info + pciutils + usbutils - # better make for general tasks - just + # better make for general tasks + just - screenshare - fullscreen + screenshare + fullscreen - # keyboards - qmk - vial - via + # keyboards + qmk + vial + via - # theme related - adwaita-icon-theme + # theme related + adwaita-icon-theme - # kde-connect - xdg-desktop-portal - xdg-desktop-portal-wlr + # kde-connect + xdg-desktop-portal + xdg-desktop-portal-wlr - # bluetooth - bluez + # bluetooth + bluez + ghostscript_headless + wireguard-tools + nixd + zig + zls + ansible-language-server - # lsp-related ------------------------------- - # nix - # latex - # texlab - ghostscript_headless - # wireguard - wireguard-tools - # rust - # rust-analyzer - # clippy - # rustfmt - # go - # go - # gopls - # nix - nixd - # zig - zig - zls - # cpp - # clang-tools - # + cuda - # cudatoolkit - # ansible - # ansible-lint - ansible-language-server - # molecule - #lsp-bridge / python - # gcc - # gdb - # (python3.withPackages (ps: with ps; [ jupyter ipython pyqt5 epc orjson sexpdata six setuptools paramiko numpy pandas scipy matplotlib requests debugpy flake8 gnureadline python-lsp-server ])) - # (python3.withPackages(ps: with ps; [ jupyter ipython pyqt5 numpy pandas scipy matplotlib requests debugpy flake8 gnureadline python-lsp-server])) - # -------------------------------------------- + ]; - # (stdenv.mkDerivation { - # name = "oama"; - - # src = pkgs.fetchurl { - # name = "oama"; - # url = "https://github.com/pdobsan/oama/releases/download/0.13.1/oama-0.13.1-Linux-x86_64-static.tgz"; - # sha256 = "sha256-OTdCObVfnMPhgZxVtZqehgUXtKT1iyqozdkPIV+i3Gc="; - # }; - - # phases = [ - # "unpackPhase" - # ]; - - # unpackPhase = '' - # mkdir -p $out/bin - # tar xvf $src -C $out/ - # mv $out/oama-0.13.1-Linux-x86_64-static/oama $out/bin/ - # ''; - - # }) - - ]; + nixpkgs.config.permittedInsecurePackages = [ + "jitsi-meet-1.0.8043" + "electron-29.4.6" + "SDL_ttf-2.0.11" + ]; + }; } diff --git a/modules/nixos/common/pipewire.nix b/modules/nixos/common/pipewire.nix index d4e29f5..431e89a 100644 --- a/modules/nixos/common/pipewire.nix +++ b/modules/nixos/common/pipewire.nix @@ -1,15 +1,19 @@ -_: { - security.rtkit.enable = true; # this is required for pipewire real-time access +{ lib, config, ... }: +{ + options.swarselsystems.modules.pipewire = lib.mkEnableOption "pipewire config"; + config = lib.mkIf config.swarselsystems.modules.pipewire { + security.rtkit.enable = true; # this is required for pipewire real-time access - services.pipewire = { - enable = true; - pulse.enable = true; - jack.enable = true; - audio.enable = true; - wireplumber.enable = true; - alsa = { + services.pipewire = { enable = true; - support32Bit = true; + pulse.enable = true; + jack.enable = true; + audio.enable = true; + wireplumber.enable = true; + alsa = { + enable = true; + support32Bit = true; + }; }; }; } diff --git a/modules/nixos/common/polkit.nix b/modules/nixos/common/polkit.nix index 60a1a81..95f7074 100644 --- a/modules/nixos/common/polkit.nix +++ b/modules/nixos/common/polkit.nix @@ -1,20 +1,22 @@ -_: +{ lib, config, ... }: { + options.swarselsystems.modules.security = lib.mkEnableOption "security config"; + config = lib.mkIf config.swarselsystems.modules.security { - security = { - pam.services = { - login.u2fAuth = true; - sudo.u2fAuth = true; - swaylock.u2fAuth = true; - swaylock.fprintAuth = false; + security = { + pam.services = { + login.u2fAuth = true; + sudo.u2fAuth = true; + swaylock.u2fAuth = true; + swaylock.fprintAuth = false; + }; + polkit.enable = true; + + sudo.extraConfig = '' + Defaults env_keep+=SSH_AUTH_SOCK + Defaults env_keep+=XDG_RUNTIME_DIR + Defaults env_keep+=WAYLAND_DISPLAY + ''; }; - polkit.enable = true; - - sudo.extraConfig = '' - Defaults env_keep+=SSH_AUTH_SOCK - Defaults env_keep+=XDG_RUNTIME_DIR - Defaults env_keep+=WAYLAND_DISPLAY - ''; }; - } diff --git a/modules/nixos/common/power-profiles-daemon.nix b/modules/nixos/common/power-profiles-daemon.nix index 7dede63..86b0676 100644 --- a/modules/nixos/common/power-profiles-daemon.nix +++ b/modules/nixos/common/power-profiles-daemon.nix @@ -1,4 +1,7 @@ -_: +{ lib, config, ... }: { - services.power-profiles-daemon.enable = true; + options.swarselsystems.modules.ppd = lib.mkEnableOption "power profiles daemon config"; + config = lib.mkIf config.swarselsystems.modules.ppd { + services.power-profiles-daemon.enable = true; + }; } diff --git a/modules/nixos/common/programs.nix b/modules/nixos/common/programs.nix index fbbd2f1..fb0b82d 100644 --- a/modules/nixos/common/programs.nix +++ b/modules/nixos/common/programs.nix @@ -1,8 +1,11 @@ -_: +{ lib, config, ... }: { - programs = { - dconf.enable = true; - evince.enable = true; - kdeconnect.enable = true; + options.swarselsystems.modules.programs = lib.mkEnableOption "small program modules config"; + config = lib.mkIf config.swarselsystems.modules.programs { + programs = { + dconf.enable = true; + evince.enable = true; + kdeconnect.enable = true; + }; }; } diff --git a/modules/nixos/common/pulseaudio.nix b/modules/nixos/common/pulseaudio.nix index 4411274..7e26a1c 100644 --- a/modules/nixos/common/pulseaudio.nix +++ b/modules/nixos/common/pulseaudio.nix @@ -1,8 +1,11 @@ { config, pkgs, lib, ... }: { - services.pulseaudio = { - enable = lib.mkIf (!config.services.pipewire.enable) true; - package = pkgs.pulseaudioFull; + options.swarselsystems.modules.pulseaudio = lib.mkEnableOption "pulseaudio config"; + config = lib.mkIf config.swarselsystems.modules.pulseaudio { + services.pulseaudio = { + enable = lib.mkIf (!config.services.pipewire.enable) true; + package = pkgs.pulseaudioFull; + }; }; } diff --git a/modules/nixos/common/settings.nix b/modules/nixos/common/settings.nix index 0d6330c..7ab39f8 100644 --- a/modules/nixos/common/settings.nix +++ b/modules/nixos/common/settings.nix @@ -1,45 +1,45 @@ { lib, config, outputs, inputs, ... }: { - - nixpkgs = { - overlays = [ outputs.overlays.default ]; - config = { - allowUnfree = true; - }; - }; - - nix = - let - flakeInputs = lib.filterAttrs (_: lib.isType "flake") inputs; - in - { - settings = { - experimental-features = [ - "nix-command" - "flakes" - "ca-derivations" - "cgroups" - "pipe-operators" - ]; - trusted-users = [ "@wheel" "${config.swarselsystems.mainUser}" ]; - connect-timeout = 5; - bash-prompt-prefix = "$SHLVL:\\w "; - bash-prompt = "$(if [[ $? -gt 0 ]]; then printf \"\"; else printf \"\"; fi)\[\e[1m\]λ\[\e[0m\] "; - fallback = true; - min-free = 128000000; - max-free = 1000000000; - flake-registry = ""; - auto-optimise-store = true; - warn-dirty = false; - max-jobs = 1; - use-cgroups = lib.mkIf config.swarselsystems.isLinux true; + options.swarselsystems.modules.general = lib.mkEnableOption "general nix settings"; + config = lib.mkIf config.swarselsystems.modules.general { + nixpkgs = { + overlays = [ outputs.overlays.default ]; + config = { + allowUnfree = true; }; - channel.enable = false; - registry = lib.mapAttrs (_: flake: { inherit flake; }) flakeInputs; - nixPath = lib.mapAttrsToList (n: _: "${n}=flake:${n}") flakeInputs; }; + nix = + let + flakeInputs = lib.filterAttrs (_: lib.isType "flake") inputs; + in + { + settings = { + experimental-features = [ + "nix-command" + "flakes" + "ca-derivations" + "cgroups" + "pipe-operators" + ]; + trusted-users = [ "@wheel" "${config.swarselsystems.mainUser}" ]; + connect-timeout = 5; + bash-prompt-prefix = "$SHLVL:\\w "; + bash-prompt = "$(if [[ $? -gt 0 ]]; then printf \"\"; else printf \"\"; fi)\[\e[1m\]λ\[\e[0m\] "; + fallback = true; + min-free = 128000000; + max-free = 1000000000; + flake-registry = ""; + auto-optimise-store = true; + warn-dirty = false; + max-jobs = 1; + use-cgroups = lib.mkIf config.swarselsystems.isLinux true; + }; + channel.enable = false; + registry = lib.mapAttrs (_: flake: { inherit flake; }) flakeInputs; + nixPath = lib.mapAttrsToList (n: _: "${n}=flake:${n}") flakeInputs; + }; - system.stateVersion = lib.mkDefault "23.05"; - + system.stateVersion = lib.mkDefault "23.05"; + }; } diff --git a/modules/nixos/common/sops.nix b/modules/nixos/common/sops.nix index 3f32cd7..f16cafc 100644 --- a/modules/nixos/common/sops.nix +++ b/modules/nixos/common/sops.nix @@ -4,48 +4,51 @@ let inherit (config.swarselsystems) mainUser homeDir; in { - sops = lib.mkIf (!config.swarselsystems.isPublic) { + options.swarselsystems.modules.commonSops = lib.mkEnableOption "sops config"; + config = lib.mkIf config.swarselsystems.modules.commonSops { + sops = lib.mkIf (!config.swarselsystems.isPublic) { - age.sshKeyPaths = lib.swarselsystems.mkIfElseList config.swarselsystems.isBtrfs [ "/persist/.ssh/sops" "/persist/.ssh/ssh_host_ed25519_key" ] [ "${homeDir}/.ssh/sops" "/etc/ssh/ssh_host_ed25519_key" ]; - defaultSopsFile = lib.swarselsystems.mkIfElseList config.swarselsystems.isBtrfs "/persist/.dotfiles/secrets/general/secrets.yaml" "${homeDir}/.dotfiles/secrets/general/secrets.yaml"; + age.sshKeyPaths = lib.swarselsystems.mkIfElseList config.swarselsystems.isBtrfs [ "/persist/.ssh/sops" "/persist/.ssh/ssh_host_ed25519_key" ] [ "${homeDir}/.ssh/sops" "/etc/ssh/ssh_host_ed25519_key" ]; + defaultSopsFile = lib.swarselsystems.mkIfElseList config.swarselsystems.isBtrfs "/persist/.dotfiles/secrets/general/secrets.yaml" "${homeDir}/.dotfiles/secrets/general/secrets.yaml"; - validateSopsFiles = false; + validateSopsFiles = false; - secrets = { - ernest = { }; - frauns = { }; - hotspot = { }; - eduid = { }; - edupass = { }; - handyhotspot = { }; - vpnuser = { }; - vpnpass = { }; - wireguardpriv = { }; - wireguardpub = { }; - wireguardendpoint = { }; - stashuser = { }; - stashpass = { }; - githubforgeuser = { }; - githubforgepass = { }; - gitlabforgeuser = { }; - gitlabforgepass = { }; - "sweden-aes-128-cbc-udp-dns-crl-verify.pem" = { sopsFile = certsSopsFile; owner = mainUser; }; - "sweden-aes-128-cbc-udp-dns-ca.pem" = { sopsFile = certsSopsFile; owner = mainUser; }; - }; - templates = { - "network-manager.env".content = '' - ERNEST=${config.sops.placeholder.ernest} - FRAUNS=${config.sops.placeholder.frauns} - HOTSPOT=${config.sops.placeholder.hotspot} - EDUID=${config.sops.placeholder.eduid} - EDUPASS=${config.sops.placeholder.edupass} - HANDYHOTSPOT=${config.sops.placeholder.handyhotspot} - VPNUSER=${config.sops.placeholder.vpnuser} - VPNPASS=${config.sops.placeholder.vpnpass} - WIREGUARDPRIV=${config.sops.placeholder.wireguardpriv} - WIREGUARDPUB=${config.sops.placeholder.wireguardpub} - WIREGUARDENDPOINT=${config.sops.placeholder.wireguardendpoint} - ''; + secrets = { + ernest = { }; + frauns = { }; + hotspot = { }; + eduid = { }; + edupass = { }; + handyhotspot = { }; + vpnuser = { }; + vpnpass = { }; + wireguardpriv = { }; + wireguardpub = { }; + wireguardendpoint = { }; + stashuser = { }; + stashpass = { }; + githubforgeuser = { }; + githubforgepass = { }; + gitlabforgeuser = { }; + gitlabforgepass = { }; + "sweden-aes-128-cbc-udp-dns-crl-verify.pem" = { sopsFile = certsSopsFile; owner = mainUser; }; + "sweden-aes-128-cbc-udp-dns-ca.pem" = { sopsFile = certsSopsFile; owner = mainUser; }; + }; + templates = { + "network-manager.env".content = '' + ERNEST=${config.sops.placeholder.ernest} + FRAUNS=${config.sops.placeholder.frauns} + HOTSPOT=${config.sops.placeholder.hotspot} + EDUID=${config.sops.placeholder.eduid} + EDUPASS=${config.sops.placeholder.edupass} + HANDYHOTSPOT=${config.sops.placeholder.handyhotspot} + VPNUSER=${config.sops.placeholder.vpnuser} + VPNPASS=${config.sops.placeholder.vpnpass} + WIREGUARDPRIV=${config.sops.placeholder.wireguardpriv} + WIREGUARDPUB=${config.sops.placeholder.wireguardpub} + WIREGUARDENDPOINT=${config.sops.placeholder.wireguardendpoint} + ''; + }; }; }; } diff --git a/modules/nixos/common/store.nix b/modules/nixos/common/store.nix index 9839769..e122ac0 100644 --- a/modules/nixos/common/store.nix +++ b/modules/nixos/common/store.nix @@ -1,7 +1,10 @@ -_: +{ lib, config, ... }: { - nix.optimise = { - automatic = true; - dates = [ "weekly" ]; + options.swarselsystems.modules.storeOptimize = lib.mkEnableOption "store optimization config"; + config = lib.mkIf config.swarselsystems.modules.storeOptimize { + nix.optimise = { + automatic = true; + dates = [ "weekly" ]; + }; }; } diff --git a/modules/nixos/common/stylix.nix b/modules/nixos/common/stylix.nix index a94e6d8..849f295 100644 --- a/modules/nixos/common/stylix.nix +++ b/modules/nixos/common/stylix.nix @@ -1,14 +1,17 @@ { lib, config, ... }: { - stylix = lib.recursiveUpdate - { - targets.grub.enable = false; # the styling makes grub more ugly - image = config.swarselsystems.wallpaper; - } - config.swarselsystems.stylix; - home-manager.users."${config.swarselsystems.mainUser}" = { - stylix = { - targets = config.swarselsystems.stylixHomeTargets; + options.swarselsystems.modules.stylix = lib.mkEnableOption "stylix config"; + config = lib.mkIf config.swarselsystems.modules.stylix { + stylix = lib.recursiveUpdate + { + targets.grub.enable = false; # the styling makes grub more ugly + image = config.swarselsystems.wallpaper; + } + config.swarselsystems.stylix; + home-manager.users."${config.swarselsystems.mainUser}" = { + stylix = { + targets = config.swarselsystems.stylixHomeTargets; + }; }; }; } diff --git a/modules/nixos/common/sway.nix b/modules/nixos/common/sway.nix index ba9673c..a71a8a2 100644 --- a/modules/nixos/common/sway.nix +++ b/modules/nixos/common/sway.nix @@ -1,23 +1,24 @@ -{ pkgs, ... }: +{ lib, config, pkgs, ... }: { + options.swarselsystems.modules.sway = lib.mkEnableOption "sway config"; + config = lib.mkIf config.swarselsystems.modules.sway { + programs.sway = { + enable = true; + package = pkgs.swayfx; + wrapperFeatures = { + base = true; + gtk = true; + }; - programs.sway = { - enable = true; - package = pkgs.swayfx; - wrapperFeatures = { - base = true; - gtk = true; + extraSessionCommands = '' + export XDG_SESSION_DESKTOP=sway + export SDL_VIDEODRIVER=wayland + export QT_QPA_PLATFORM=wayland-egl + export QT_WAYLAND_DISABLE_WINDOWDECORATION=1 + export QT_QPA_PLATFORM_PLUGIN_PATH="${pkgs.libsForQt5.qt5.qtbase.bin}/lib/qt-${pkgs.libsForQt5.qt5.qtbase.version}/plugins"; + export MOZ_ENABLE_WAYLAND=1 + export MOZ_DISABLE_RDD_SANDBOX=1 + ''; }; - - extraSessionCommands = '' - export XDG_SESSION_DESKTOP=sway - export SDL_VIDEODRIVER=wayland - export QT_QPA_PLATFORM=wayland-egl - export QT_WAYLAND_DISABLE_WINDOWDECORATION=1 - export QT_QPA_PLATFORM_PLUGIN_PATH="${pkgs.libsForQt5.qt5.qtbase.bin}/lib/qt-${pkgs.libsForQt5.qt5.qtbase.version}/plugins"; - export MOZ_ENABLE_WAYLAND=1 - export MOZ_DISABLE_RDD_SANDBOX=1 - ''; }; - } diff --git a/modules/nixos/common/syncthing.nix b/modules/nixos/common/syncthing.nix index 30899e9..2dd4ccc 100644 --- a/modules/nixos/common/syncthing.nix +++ b/modules/nixos/common/syncthing.nix @@ -3,49 +3,52 @@ let inherit (config.swarselsystems) mainUser homeDir; in { - services.syncthing = { - enable = true; - user = mainUser; - dataDir = homeDir; - configDir = "${homeDir}/.config/syncthing"; - openDefaultPorts = true; - settings = { - devices = { - "magicant" = { - id = "VMWGEE2-4HDS2QO-KNQOVGN-LXLX6LA-666E4EK-ZBRYRRO-XFEX6FB-6E3XLQO"; + options.swarselsystems.modules.syncthing = lib.mkEnableOption "syncthing config"; + config = lib.mkIf config.swarselsystems.modules.syncthing { + services.syncthing = { + enable = true; + user = mainUser; + dataDir = homeDir; + configDir = "${homeDir}/.config/syncthing"; + openDefaultPorts = true; + settings = { + devices = { + "magicant" = { + id = "VMWGEE2-4HDS2QO-KNQOVGN-LXLX6LA-666E4EK-ZBRYRRO-XFEX6FB-6E3XLQO"; + }; + "sync (@oracle)" = { + id = "ETW6TST-NPK7MKZ-M4LXMHA-QUPQHDT-VTSHH5X-CR5EIN2-YU7E55F-MGT7DQB"; + }; + "winters" = { + id = "O7RWDMD-AEAHPP7-7TAVLKZ-BSWNBTU-2VA44MS-EYGUNBB-SLHKB3C-ZSLMOAA"; + }; }; - "sync (@oracle)" = { - id = "ETW6TST-NPK7MKZ-M4LXMHA-QUPQHDT-VTSHH5X-CR5EIN2-YU7E55F-MGT7DQB"; - }; - "winters" = { - id = "O7RWDMD-AEAHPP7-7TAVLKZ-BSWNBTU-2VA44MS-EYGUNBB-SLHKB3C-ZSLMOAA"; - }; - }; - folders = { - "Default Folder" = lib.mkDefault { - path = "${homeDir}/Sync"; - devices = [ "sync (@oracle)" "magicant" "winters" ]; - id = "default"; - }; - "Obsidian" = { - path = "${homeDir}/Nextcloud/Obsidian"; - devices = [ "sync (@oracle)" "magicant" "winters" ]; - id = "yjvni-9eaa7"; - }; - "Org" = { - path = "${homeDir}/Nextcloud/Org"; - devices = [ "sync (@oracle)" "magicant" "winters" ]; - id = "a7xnl-zjj3d"; - }; - "Vpn" = { - path = "${homeDir}/Vpn"; - devices = [ "sync (@oracle)" "magicant" "winters" ]; - id = "hgp9s-fyq3p"; - }; - ".elfeed" = { - path = "${homeDir}/.elfeed"; - devices = [ "sync (@oracle)" "magicant" "winters" ]; - id = "h7xbs-fs9v1"; + folders = { + "Default Folder" = lib.mkDefault { + path = "${homeDir}/Sync"; + devices = [ "sync (@oracle)" "magicant" "winters" ]; + id = "default"; + }; + "Obsidian" = { + path = "${homeDir}/Nextcloud/Obsidian"; + devices = [ "sync (@oracle)" "magicant" "winters" ]; + id = "yjvni-9eaa7"; + }; + "Org" = { + path = "${homeDir}/Nextcloud/Org"; + devices = [ "sync (@oracle)" "magicant" "winters" ]; + id = "a7xnl-zjj3d"; + }; + "Vpn" = { + path = "${homeDir}/Vpn"; + devices = [ "sync (@oracle)" "magicant" "winters" ]; + id = "hgp9s-fyq3p"; + }; + ".elfeed" = { + path = "${homeDir}/.elfeed"; + devices = [ "sync (@oracle)" "magicant" "winters" ]; + id = "h7xbs-fs9v1"; + }; }; }; }; diff --git a/modules/nixos/common/systemd.nix b/modules/nixos/common/systemd.nix index b41b6e2..56da8a1 100644 --- a/modules/nixos/common/systemd.nix +++ b/modules/nixos/common/systemd.nix @@ -1,8 +1,11 @@ -_: +{ lib, config, ... }: { - # systemd - systemd.extraConfig = '' - DefaultTimeoutStartSec=60s - DefaultTimeoutStopSec=15s - ''; + options.swarselsystems.modules.systemdTimeout = lib.mkEnableOption "systemd timeout config"; + config = lib.mkIf config.swarselsystems.modules.systemdTimeout { + # systemd + systemd.extraConfig = '' + DefaultTimeoutStartSec=60s + DefaultTimeoutStopSec=15s + ''; + }; } diff --git a/modules/nixos/common/time.nix b/modules/nixos/common/time.nix index 5d95d2b..21c951a 100644 --- a/modules/nixos/common/time.nix +++ b/modules/nixos/common/time.nix @@ -1,22 +1,25 @@ -_: +{ lib, config, ... }: { - time = { - timeZone = "Europe/Vienna"; - # hardwareClockInLocalTime = true; - }; + options.swarselsystems.modules.time = lib.mkEnableOption "time config"; + config = lib.mkIf config.swarselsystems.modules.time { + time = { + timeZone = "Europe/Vienna"; + # hardwareClockInLocalTime = true; + }; - i18n = { - defaultLocale = "en_US.UTF-8"; - extraLocaleSettings = { - LC_ADDRESS = "de_AT.UTF-8"; - LC_IDENTIFICATION = "de_AT.UTF-8"; - LC_MEASUREMENT = "de_AT.UTF-8"; - LC_MONETARY = "de_AT.UTF-8"; - LC_NAME = "de_AT.UTF-8"; - LC_NUMERIC = "de_AT.UTF-8"; - LC_PAPER = "de_AT.UTF-8"; - LC_TELEPHONE = "de_AT.UTF-8"; - LC_TIME = "de_AT.UTF-8"; + i18n = { + defaultLocale = "en_US.UTF-8"; + extraLocaleSettings = { + LC_ADDRESS = "de_AT.UTF-8"; + LC_IDENTIFICATION = "de_AT.UTF-8"; + LC_MEASUREMENT = "de_AT.UTF-8"; + LC_MONETARY = "de_AT.UTF-8"; + LC_NAME = "de_AT.UTF-8"; + LC_NUMERIC = "de_AT.UTF-8"; + LC_PAPER = "de_AT.UTF-8"; + LC_TELEPHONE = "de_AT.UTF-8"; + LC_TIME = "de_AT.UTF-8"; + }; }; }; } diff --git a/modules/nixos/common/users.nix b/modules/nixos/common/users.nix index ef836f6..0baf845 100644 --- a/modules/nixos/common/users.nix +++ b/modules/nixos/common/users.nix @@ -1,16 +1,19 @@ { pkgs, config, lib, ... }: { - sops.secrets.swarseluser = lib.mkIf (!config.swarselsystems.isPublic) { neededForUsers = true; }; + options.swarselsystems.modules.users = lib.mkEnableOption "user config"; + config = lib.mkIf config.swarselsystems.modules.users { + sops.secrets.swarseluser = lib.mkIf (!config.swarselsystems.isPublic) { neededForUsers = true; }; - users = { - mutableUsers = lib.mkIf (!config.swarselsystems.initialSetup) false; - users."${config.swarselsystems.mainUser}" = { - isNormalUser = true; - description = "Leon S"; - password = lib.mkIf config.swarselsystems.initialSetup "setup"; - hashedPasswordFile = lib.mkIf (!config.swarselsystems.initialSetup) config.sops.secrets.swarseluser.path; - extraGroups = [ "networkmanager" "syncthing" "docker" "wheel" "lp" "audio" "video" "vboxusers" "libvirtd" "scanner" ]; - packages = with pkgs; [ ]; + users = { + mutableUsers = lib.mkIf (!config.swarselsystems.initialSetup) false; + users."${config.swarselsystems.mainUser}" = { + isNormalUser = true; + description = "Leon S"; + password = lib.mkIf config.swarselsystems.initialSetup "setup"; + hashedPasswordFile = lib.mkIf (!config.swarselsystems.initialSetup) config.sops.secrets.swarseluser.path; + extraGroups = [ "networkmanager" "syncthing" "docker" "wheel" "lp" "audio" "video" "vboxusers" "libvirtd" "scanner" ]; + packages = with pkgs; [ ]; + }; }; }; } diff --git a/modules/nixos/common/xdg-portal.nix b/modules/nixos/common/xdg-portal.nix index 88729d4..22abdb7 100644 --- a/modules/nixos/common/xdg-portal.nix +++ b/modules/nixos/common/xdg-portal.nix @@ -1,19 +1,20 @@ -{ pkgs, ... }: +{ lib, config, pkgs, ... }: { - - xdg.portal = { - enable = true; - config = { - common = { - default = "wlr"; + options.swarselsystems.modules.xdg-portal = lib.mkEnableOption "xdg portal config"; + config = lib.mkIf config.swarselsystems.modules.xdg-portal { + xdg.portal = { + enable = true; + config = { + common = { + default = "wlr"; + }; + }; + wlr.enable = true; + wlr.settings.screencast = { + output_name = "eDP-1"; + chooser_type = "simple"; + chooser_cmd = "${pkgs.slurp}/bin/slurp -f %o -or"; }; }; - wlr.enable = true; - wlr.settings.screencast = { - output_name = "eDP-1"; - chooser_type = "simple"; - chooser_cmd = "${pkgs.slurp}/bin/slurp -f %o -or"; - }; }; - } diff --git a/modules/nixos/common/xserver.nix b/modules/nixos/common/xserver.nix index 66c4730..b529f9b 100644 --- a/modules/nixos/common/xserver.nix +++ b/modules/nixos/common/xserver.nix @@ -1,9 +1,12 @@ -_: +{ lib, config, ... }: { - services.xserver = { - xkb = { - layout = "us"; - variant = "altgr-intl"; + options.swarselsystems.modules.xserver = lib.mkEnableOption "xserver keymap"; + config = lib.mkIf config.swarselsystems.modules.packages { + services.xserver = { + xkb = { + layout = "us"; + variant = "altgr-intl"; + }; }; }; } diff --git a/modules/nixos/common/zsh.nix b/modules/nixos/common/zsh.nix index db2ced4..fd9ffd5 100644 --- a/modules/nixos/common/zsh.nix +++ b/modules/nixos/common/zsh.nix @@ -1,7 +1,10 @@ -{ pkgs, ... }: +{ lib, config, pkgs, ... }: { - programs.zsh.enable = true; - users.defaultUserShell = pkgs.zsh; - environment.shells = with pkgs; [ zsh ]; - environment.pathsToLink = [ "/share/zsh" ]; + options.swarselsystems.modules.zsh = lib.mkEnableOption "zsh base config"; + config = lib.mkIf config.swarselsystems.modules.zsh { + programs.zsh.enable = true; + users.defaultUserShell = pkgs.zsh; + environment.shells = with pkgs; [ zsh ]; + environment.pathsToLink = [ "/share/zsh" ]; + }; } diff --git a/profiles/home/default.nix b/profiles/home/default.nix index 50594fd..f1a34f8 100644 --- a/profiles/home/default.nix +++ b/profiles/home/default.nix @@ -2,4 +2,4 @@ let moduleNames = lib.swarselsystems.readNix "profiles/home"; in -lib.swarselsystems.mkModules moduleNames "home" +lib.swarselsystems.mkProfiles moduleNames "home" diff --git a/profiles/nixos/default.nix b/profiles/nixos/default.nix index 51cd30d..aa058d7 100644 --- a/profiles/nixos/default.nix +++ b/profiles/nixos/default.nix @@ -2,4 +2,4 @@ let moduleNames = lib.swarselsystems.readNix "profiles/nixos"; in -lib.swarselsystems.mkModules moduleNames "nixos" +lib.swarselsystems.mkProfiles moduleNames "nixos" diff --git a/profiles/nixos/personal/default.nix b/profiles/nixos/personal/default.nix new file mode 100644 index 0000000..d3cf248 --- /dev/null +++ b/profiles/nixos/personal/default.nix @@ -0,0 +1,51 @@ +{ lib, config, ... }: +{ + options.swarselsystems.profiles.personalz = lib.mkEnableOption "is this a personal host"; + config = lib.mkIf config.swarselsystems.profiles.personalz { + config.swarselsystems.modules = { + packages = lib.mkDefault true; + general = lib.mkDefault true; + home-manager = lib.mkDefault true; + home-managerExtra = lib.mkDefault true; + xserver = lib.mkDefault true; + users = lib.mkDefault true; + env = lib.mkDefault true; + security = lib.mkDefault true; + gc = lib.mkDefault true; + storeOptimize = lib.mkDefault true; + systemdTimeout = lib.mkDefault true; + hardware = lib.mkDefault true; + pulseaudio = lib.mkDefault true; + pipewire = lib.mkDefault true; + network = lib.mkDefault true; + time = lib.mkDefault true; + commonSops = lib.mkDefault true; + stylix = lib.mkDefault true; + programs = lib.mkDefault true; + zsh = lib.mkDefault true; + syncthing = lib.mkDefault true; + blueman = lib.mkDefault true; + networkDevices = lib.mkDefault true; + gvfs = lib.mkDefault true; + interceptionTools = lib.mkDefault true; + ppd = lib.mkDefault true; + yubikey = lib.mkDefault true; + ledger = lib.mkDefault true; + keyboards = lib.mkDefault true; + login = lib.mkDefault true; + nix-ld = lib.mkDefault true; + impermanence = lib.mkDefault true; + nvd = lib.mkDefault true; + gnome-keyring = lib.mkDefault true; + sway = lib.mkDefault true; + xdg-portal = lib.mkDefault true; + distrobox = lib.mkDefault true; + appimage = lib.mkDefault true; + lid = lib.mkDefault true; + lowBattery = lib.mkDefault true; + lanzaboote = lib.mkDefault true; + }; + + }; + +} diff --git a/programs/firefox/chrome/userChrome.css b/programs/firefox/chrome/userChrome.css index f657cdd..3427fa9 100644 --- a/programs/firefox/chrome/userChrome.css +++ b/programs/firefox/chrome/userChrome.css @@ -8,6 +8,24 @@ See the above repository for updates as well as full license text. */ :root{ --uc-autohide-toolbox-delay: 0ms; /* Wait 0.1s before hiding toolbars */ --uc-toolbox-rotation: 107deg; /* This may need to be lower on mac - like 75 or so */ + + --base00: #1D252C; + --base01: #171D23; + --base02: #5EC4FF; + --base03: #566C7D; + --base04: #5EC4FF; + --base05: #A0B3C5; + --base06: #C06ECE; + --base07: #A0B3C5; + --base08: #D95468; + --base09: #FFA880; + --base0A: #5EC4FF; + --base0B: #8BD49C; + --base0C: #008B94; + --base0D: #5EC4FF; + --base0E: #C06ECE; + --base0F: #5EC4FF; + } :root[sizemode="maximized"]{ diff --git a/programs/firefox/tridactyl/themes/.#base16-codeschool.css b/programs/firefox/tridactyl/themes/.#base16-codeschool.css new file mode 120000 index 0000000..d94e40c --- /dev/null +++ b/programs/firefox/tridactyl/themes/.#base16-codeschool.css @@ -0,0 +1 @@ +swarsel@nbl-imba-2.3038:1743148454 \ No newline at end of file diff --git a/programs/firefox/tridactyl/tridactylrc b/programs/firefox/tridactyl/tridactylrc index 067a588..84c06fe 100644 --- a/programs/firefox/tridactyl/tridactylrc +++ b/programs/firefox/tridactyl/tridactylrc @@ -15,6 +15,7 @@ set searchurls.hm https://home-manager-options.extranix.com/?query= set completions.Tab.statusstylepretty true set hintfiltermode vimperator-reflow set hintnames numeric +unbind --mode=hint " Binds bind buffer # @@ -47,6 +48,7 @@ bind gwm tab_or_tabopen monitoring.vbc.ac.at/grafana bind gwM tab_or_tabopen monitoring.vbc.ac.at/prometheus bind gwn tab_or_tabopen netbox.vbc.ac.at bind gwN tab_or_tabopen nap.imp.ac.at + bind gwo tab_or_tabopen outlook.office.com bind gws tab_or_tabopen satellite.vbc.ac.at bind gwt tab_or_tabopen tower.vbc.ac.at @@ -102,7 +104,7 @@ set allowautofocus false jsb browser.webRequest.onHeadersReceived.addListener(tri.request.clobberCSP,{urls:[""],types:["main_frame"]},["blocking","responseHeaders"]) " default is 300ms -set hintdelay 100 +" set hintdelay 500 " Some pages like github break on the tridactyl quick search. have this as a fallback unbind diff --git a/programs/stylix/.#swarsel.yaml b/programs/stylix/.#swarsel.yaml new file mode 120000 index 0000000..d94e40c --- /dev/null +++ b/programs/stylix/.#swarsel.yaml @@ -0,0 +1 @@ +swarsel@nbl-imba-2.3038:1743148454 \ No newline at end of file From 14de7e4f7e563d12aee9bce60f8070972ce6aae8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leon=20Schwarz=C3=A4ugl?= Date: Thu, 3 Apr 2025 00:18:39 +0200 Subject: [PATCH 04/13] feat: add better tridactyl theme --- SwarselSystems.org | 6 +- programs/firefox/tridactyl/themes/swarsel.css | 160 ++++++++++++++++++ programs/firefox/tridactyl/tridactylrc | 6 +- 3 files changed, 167 insertions(+), 5 deletions(-) create mode 100644 programs/firefox/tridactyl/themes/swarsel.css diff --git a/SwarselSystems.org b/SwarselSystems.org index b37fa1f..7048d9d 100644 --- a/SwarselSystems.org +++ b/SwarselSystems.org @@ -14823,7 +14823,7 @@ This is the configuration file for tridactyl, which provides keyboard-driven nav The =command= command can be supplied with a =-p= flag that will take a single argmuent which is exposed as =JS_ARG=. I use this in a function that switches to an open tab if it exists and otherwise creates it. -#+begin_src :tangle programs/firefox/tridactyl/tridactylrc :mkdirp yes +#+begin_src config :tangle programs/firefox/tridactyl/tridactylrc :mkdirp yes sanitise tridactyllocal tridactylsync @@ -14842,6 +14842,7 @@ set searchurls.hm https://home-manager-options.extranix.com/?query= set completions.Tab.statusstylepretty true set hintfiltermode vimperator-reflow set hintnames numeric +unbind --mode=hint " Binds bind buffer # @@ -14950,7 +14951,7 @@ autocmd DocStart vc-impimba-1.m.imp.ac.at/ui/webconsole mode ignore #+end_src ** tridactyl theme -#+begin_src :tangle programs/firefox/tridactyl/themes/swarsel.css :mkdirp yes +#+begin_src config :tangle programs/firefox/tridactyl/themes/swarsel.css :mkdirp yes :root { @@ -15115,6 +15116,7 @@ autocmd DocStart vc-impimba-1.m.imp.ac.at/ui/webconsole mode ignore #+end_src + ** Waybar style.css :PROPERTIES: :CUSTOM_ID: h:77b1c523-5074-4610-b320-90af95e6134d diff --git a/programs/firefox/tridactyl/themes/swarsel.css b/programs/firefox/tridactyl/themes/swarsel.css new file mode 100644 index 0000000..2c20123 --- /dev/null +++ b/programs/firefox/tridactyl/themes/swarsel.css @@ -0,0 +1,160 @@ +:root { + + --base00: #1D252C; + --base01: #171D23; + --base02: #5EC4FF; + --base03: #566C7D; + --base04: #5EC4FF; + --base05: #A0B3C5; + --base06: #C06ECE; + --base07: #A0B3C5; + --base08: #D95468; + --base09: #FFA880; + --base0A: #5EC4FF; + --base0B: #8BD49C; + --base0C: #008B94; + --base0D: #5EC4FF; + --base0E: #C06ECE; + --base0F: #5EC4FF; + + --tridactyl-def-fg: var(--base02); + --tridactyl-cmdl-bg: var(--base00); + --tridactyl-cmdl-fg: var(--base0C); + + --tridactyl-font-family: "San Francisco", sans-serif; + + --tridactyl-cmdl-font-size: 1.5rem; + --tridactyl-cmdl-line-height: 1.5; + + --tridactyl-cmplt-option-height: 1.4em; + --tridactyl-cmplt-font-size: var(--tridactyl-small-font-size); + --tridactyl-cmplt-border-top: unset; + + --tridactyl-status-font-size: 9px; + --tridactyl-status-font-family: "Fira Code", monospace; + --tridactyl-status-border: 1px var(--tridactyl-fg) solid; + + --tridactyl-header-font-size: var(--tridactyl-small-font-size); + --tridactyl-header-font-weight: 200; + --tridactyl-header-border-bottom: unset; + + --tridactyl-hintspan-font-size: var(--tridactyl-font-size); + --tridactyl-hint-active-fg: none; + +} + +:root #command-line-holder { + order: 1; + border: 2px solid var(--tridactyl-cmdl-fg); + color: var(--tridactyl-cmdl-bg); +} + +:root #tridactyl-input { + width: 90%; + padding: 1rem; + color: var(--tridactyl-def-fg); +} + +:root #completions table { + font-size: 0.8rem; + font-weight: 200; + border-spacing: 0; + table-layout: fixed; + padding: 1rem; + padding-top: 0; +} + +:root #completions > div { + max-height: calc(20 * var(--tridactyl-cmplt-option-height)); + min-height: calc(10 * var(--tridactyl-cmplt-option-height)); +} + +/* COMPLETIONS */ + +:root #completions { + font-weight: 200; + order: 2; + color: var(--tridactyl-def-fg); + background: var(--tridactyl-cmdl-bg); + +} + +/* Olie doesn't know how CSS inheritance works */ +:root #completions .HistoryCompletionSource { + max-height: unset; + min-height: unset; +} + +:root #completions .HistoryCompletionSource table { + width: 100%; + font-size: 9pt; + border-spacing: 0; + table-layout: fixed; +} + +/* redundancy 2: redundancy 2: more redundancy */ +:root #completions .BmarkCompletionSource { + max-height: unset; + min-height: unset; +} + +:root #completions table tr { white-space: nowrap; + overflow: hidden; + text-overflow: ellipsis; +} + +:root #completions .url { + background: var(--tridactyl-cmdl-bg); +} + +:root #completions .focused { + background: #44391F; +} +:root #completions .focused .url { + background: #44391F; +} + +:root #completions .BufferCompletionSource table { + width: unset; + font-size: unset; + border-spacing: unset; + table-layout: unset; +} + +:root #completions table tr { + white-space: nowrap; + overflow: hidden; + text-overflow: ellipsis; +} + +:root #completions .sectionHeader { + background: unset; + padding: 1rem !important; + padding-left: unset; + padding-bottom: 0.2rem; +} + +:root #cmdline_iframe { + position: fixed !important; + bottom: unset; + top: 25% !important; + left: 10% !important; + z-index: 2147483647 !important; + width: 80% !important; + box-shadow: rgba(0, 0, 0, 0.5) 0px 0px 15px !important; +} + +:root .TridactylStatusIndicator { + position: fixed !important; + bottom: 0 !important; + font-weight: 200 !important; + padding: 0.8ex !important; +} + +/* #Shydactyl-normal { */ +/* border-color: green !important; */ +/* } */ + +/* #Shydactyl-insert { */ +/* border-color: yellow !important; */ +/* } */ diff --git a/programs/firefox/tridactyl/tridactylrc b/programs/firefox/tridactyl/tridactylrc index 84c06fe..d374856 100644 --- a/programs/firefox/tridactyl/tridactylrc +++ b/programs/firefox/tridactyl/tridactylrc @@ -1,6 +1,6 @@ sanitise tridactyllocal tridactylsync -colourscheme base16-codeschool +colourscheme swarsel " General Settings set update.lastchecktime 1720629386560 @@ -39,6 +39,7 @@ bind gwc tab_or_tabopen vbc.atlassian.net/wiki bind gwd tab_or_tabopen datadomain-impimba-2.imp.ac.at bind gwe tab_or_tabopen exivity.vbc.ac.at bind gwg tab_or_tabopen github.com +bind gwG tab_or_tabopen goc.egi.eu bind gwh tab_or_tabopen jupyterhub.vbc.ac.at bind gwH tab_or_tabopen test-jupyterhub.vbc.ac.at bind gwj tab_or_tabopen jenkins.vbc.ac.at @@ -48,7 +49,6 @@ bind gwm tab_or_tabopen monitoring.vbc.ac.at/grafana bind gwM tab_or_tabopen monitoring.vbc.ac.at/prometheus bind gwn tab_or_tabopen netbox.vbc.ac.at bind gwN tab_or_tabopen nap.imp.ac.at - bind gwo tab_or_tabopen outlook.office.com bind gws tab_or_tabopen satellite.vbc.ac.at bind gwt tab_or_tabopen tower.vbc.ac.at @@ -104,7 +104,7 @@ set allowautofocus false jsb browser.webRequest.onHeadersReceived.addListener(tri.request.clobberCSP,{urls:[""],types:["main_frame"]},["blocking","responseHeaders"]) " default is 300ms -" set hintdelay 500 +set hintdelay 100 " Some pages like github break on the tridactyl quick search. have this as a fallback unbind From bd95ef4c9ba908d033c01ef02d51cfba015577eb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leon=20Schwarz=C3=A4ugl?= Date: Thu, 3 Apr 2025 00:20:06 +0200 Subject: [PATCH 05/13] feat: add swayosc --- SwarselSystems.org | 88 ++++++++++++++++++++---------------- modules/home/common/mako.nix | 6 +++ modules/home/common/sway.nix | 18 ++++---- 3 files changed, 65 insertions(+), 47 deletions(-) diff --git a/SwarselSystems.org b/SwarselSystems.org index 7048d9d..c2808c8 100644 --- a/SwarselSystems.org +++ b/SwarselSystems.org @@ -10488,6 +10488,12 @@ The `extraConfig` section here CANNOT be reindented. This has something to do wi group-by=category ''; }; + + services.swayosd = { + enable = true; + topMargin = 0.5; + }; + } #+end_src @@ -10592,15 +10598,15 @@ Currently, I am too lazy to explain every option here, but most of it is very se swayfxConfig = lib.mkOption { type = lib.types.str; default = " - blur enable - blur_xray disable - blur_passes 1 - blur_radius 1 - shadows enable - corner_radius 2 - titlebar_separator disable - default_dim_inactive 0.02 - "; + blur enable + blur_xray disable + blur_passes 1 + blur_radius 1 + shadows enable + corner_radius 2 + titlebar_separator disable + default_dim_inactive 0.02 + "; internal = true; }; }; @@ -10720,13 +10726,18 @@ Currently, I am too lazy to explain every option here, but most of it is very se "${modifier}+Print" = "exec screenshare"; # exec swaymsg move workspace to "$(swaymsg -t get_outputs | jq '[.[] | select(.active == true)] | .[(map(.focused) | index(true) + 1) % length].name')" # "XF86AudioRaiseVolume" = "exec pa 5%"; - "XF86AudioRaiseVolume" = "exec pamixer -i 5"; + # "XF86AudioRaiseVolume" = "exec pamixer -i 5"; + "XF86AudioRaiseVolume" = "exec swayosd-client --output-volume raise"; # "XF86AudioLowerVolume" = "exec pactl set-sink-volume @DEFAULT_SINK@ -5%"; - "XF86AudioLowerVolume" = "exec pamixer -d 5"; + # "XF86AudioLowerVolume" = "exec pamixer -d 5"; + "XF86AudioLowerVolume" = "exec swayosd-client --output-volume lower"; # "XF86AudioMute" = "exec pactl set-sink-mute @DEFAULT_SINK@ toggle"; - "XF86AudioMute" = "exec pamixer -t"; - "XF86MonBrightnessUp" = "exec brightnessctl set +5%"; - "XF86MonBrightnessDown" = "exec brightnessctl set 5%-"; + # "XF86AudioMute" = "exec pamixer -t"; + "XF86AudioMute" = "exec swayosd-client --output-volume mute-toggle"; + # "XF86MonBrightnessUp" = "exec brightnessctl set +5%"; + "XF86MonBrightnessUp" = "exec swayosd-client --brightness raise"; + # "XF86MonBrightnessDown" = "exec brightnessctl set 5%-"; + "XF86MonBrightnessDown" = "exec swayosd-client --brightness lower"; "XF86Display" = "exec wl-mirror eDP-1"; } config.swarselsystems.keybindings; @@ -10903,37 +10914,38 @@ Currently, I am too lazy to explain every option here, but most of it is very se swayfxSettings = config.swarselsystems.swayfxConfig; in " - exec_always autotiling - set $exit \"exit: [s]leep, [l]ock, [p]oweroff, [r]eboot, [u]ser logout\" + exec_always autotiling + set $exit \"exit: [s]leep, [l]ock, [p]oweroff, [r]eboot, [u]ser logout\" - mode $exit { - bindsym --to-code { - s exec \"systemctl suspend\", mode \"default\" - h exec \"systemctl hibernate\", mode \"default\" - l exec \"swaylock --screenshots --clock --effect-blur 7x5 --effect-vignette 0.5:0.5 --fade-in 0.2 --daemonize\", mode \"default\ - p exec \"systemctl poweroff\" - r exec \"systemctl reboot\" - u exec \"swaymsg exit\" + mode $exit { + bindsym --to-code { + s exec \"systemctl suspend\", mode \"default\" + h exec \"systemctl hibernate\", mode \"default\" + l exec \"swaylock --screenshots --clock --effect-blur 7x5 --effect-vignette 0.5:0.5 --fade-in 0.2 --daemonize\", mode \"default\ + p exec \"systemctl poweroff\" + r exec \"systemctl reboot\" + u exec \"swaymsg exit\" - Return mode \"default\" - Escape mode \"default\" - ${modifier}+Escape mode \"default\" - } - } + Return mode \"default\" + Escape mode \"default\" + ${modifier}+Escape mode \"default\" + } + } - exec systemctl --user import-environment - exec swayidle -w + exec systemctl --user import-environment + exec swayidle -w - seat * hide_cursor 2000 + seat * hide_cursor 2000 - exec kanshi - exec_always kill -1 $(pidof kanshi) + exec kanshi + exec_always kill -1 $(pidof kanshi) + exec swayosd-server - bindswitch --locked lid:on exec kanshictl switch lidclosed - bindswitch --locked lid:off exec kanshictl switch lidopen + bindswitch --locked lid:on exec kanshictl switch lidclosed + bindswitch --locked lid:off exec kanshictl switch lidopen - ${swayfxSettings} - "; + ${swayfxSettings} + "; }; }; } diff --git a/modules/home/common/mako.nix b/modules/home/common/mako.nix index 6c0034c..0e46f7e 100644 --- a/modules/home/common/mako.nix +++ b/modules/home/common/mako.nix @@ -28,4 +28,10 @@ _: group-by=category ''; }; + + services.swayosd = { + enable = true; + topMargin = 0.5; + }; + } diff --git a/modules/home/common/sway.nix b/modules/home/common/sway.nix index f997f93..94601b6 100644 --- a/modules/home/common/sway.nix +++ b/modules/home/common/sway.nix @@ -52,15 +52,15 @@ swayfxConfig = lib.mkOption { type = lib.types.str; default = " - blur enable - blur_xray disable - blur_passes 1 - blur_radius 1 - shadows enable - corner_radius 2 - titlebar_separator disable - default_dim_inactive 0.02 - "; + blur enable + blur_xray disable + blur_passes 1 + blur_radius 1 + shadows enable + corner_radius 2 + titlebar_separator disable + default_dim_inactive 0.02 + "; internal = true; }; }; From 9034735f847a10d8c58c1b07743b8bb1931ef1ff Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leon=20Schwarz=C3=A4ugl?= Date: Thu, 3 Apr 2025 00:20:26 +0200 Subject: [PATCH 06/13] refactor: [WIP] add hm and server profiles --- SwarselSystems.org | 2220 ++++++++++++----------- hosts/nixos/nbl-imba-2/default.nix | 252 +-- modules/home/common/custom-packages.nix | 55 +- modules/home/common/desktop.nix | 169 +- modules/home/common/direnv.nix | 13 +- modules/home/common/emacs.nix | 124 +- modules/home/common/env.nix | 29 +- modules/home/common/eza.nix | 21 +- modules/home/common/firefox.nix | 273 +-- modules/home/common/fuzzel.nix | 21 +- modules/home/common/git.nix | 73 +- modules/home/common/gnome-keyring.nix | 7 +- modules/home/common/kitty.nix | 19 +- modules/home/common/mail.nix | 235 +-- modules/home/common/nix-index.nix | 37 +- modules/home/common/nixgl.nix | 3 +- modules/home/common/packages.nix | 305 ++-- modules/home/common/password-store.nix | 15 +- modules/home/common/programs.nix | 39 +- modules/home/common/settings.nix | 65 +- modules/home/common/sops.nix | 25 +- modules/home/common/ssh.nix | 67 +- modules/home/common/starship.nix | 233 +-- modules/home/common/stylix.nix | 15 +- modules/home/common/sway.nix | 64 +- modules/home/common/symlink.nix | 51 +- modules/home/common/tmux.nix | 142 +- modules/home/common/waybar.nix | 3 +- modules/home/common/yubikey.nix | 15 +- modules/home/common/zellij.nix | 26 +- modules/home/common/zsh.nix | 3 +- modules/nixos/optional/work.nix | 2 +- profiles/home/default.nix | 6 +- profiles/home/personal/default.nix | 36 + profiles/nixos/default.nix | 6 +- profiles/nixos/localserver/default.nix | 37 + profiles/nixos/personal/default.nix | 6 +- profiles/nixos/syncserver/default.nix | 25 + 38 files changed, 2559 insertions(+), 2178 deletions(-) create mode 100644 profiles/home/personal/default.nix create mode 100644 profiles/nixos/localserver/default.nix create mode 100644 profiles/nixos/syncserver/default.nix diff --git a/SwarselSystems.org b/SwarselSystems.org index c2808c8..904d6a9 100644 --- a/SwarselSystems.org +++ b/SwarselSystems.org @@ -807,6 +807,7 @@ My work machine. Built for more security, this is the gold standard of my config isBtrfs = true; isLinux = true; sharescreen = "eDP-2"; + profiles.personal = true; }; in { @@ -829,6 +830,7 @@ My work machine. Built for more security, this is the gold standard of my config inputs.home-manager.nixosModules.home-manager { home-manager.users."${primaryUser}".imports = [ + "${self}/profiles/home" "${modulesPath}/home/optional/gaming.nix" "${modulesPath}/home/optional/work.nix" ]; @@ -892,7 +894,6 @@ My work machine. Built for more security, this is the gold standard of my config swarselsystems = lib.recursiveUpdate { - profiles.personal = true; wallpaper = self + /wallpaper/lenovowp.png; hasBluetooth = true; hasFingerprint = true; @@ -902,134 +903,137 @@ My work machine. Built for more security, this is the gold standard of my config } sharedOptions; - home-manager.users."${primaryUser}".swarselsystems = lib.recursiveUpdate - { - isLaptop = true; - isNixos = true; - isSecondaryGpu = true; - SecondaryGpuCard = "pci-0000_03_00_0"; - cpuCount = 16; - temperatureHwmon = { - isAbsolutePath = true; - path = "/sys/devices/virtual/thermal/thermal_zone0/"; - input-filename = "temp4_input"; - }; - startup = [ - { command = "nextcloud --background"; } - { command = "vesktop --start-minimized --enable-speech-dispatcher --ozone-platform-hint=auto --enable-features=WaylandWindowDecorations --enable-wayland-ime"; } - { command = "element-desktop --hidden --enable-features=UseOzonePlatform --ozone-platform=wayland --disable-gpu-driver-bug-workarounds"; } - { command = "ANKI_WAYLAND=1 anki"; } - { command = "OBSIDIAN_USE_WAYLAND=1 obsidian"; } - { command = "nm-applet"; } - { command = "teams-for-linux"; } - { command = "1password"; } - { command = "feishin"; } - ]; - lowResolution = "1280x800"; - highResolution = "2560x1600"; - monitors = { - main = { - name = "BOE 0x0BC9 Unknown"; - mode = "2560x1600"; # TEMPLATE - scale = "1"; - position = "2560,0"; - workspace = "15:L"; - output = "eDP-2"; + home-manager.users."${primaryUser}" = { + home.stateVersion = lib.mkForce "23.05"; + swarselsystems = lib.recursiveUpdate + { + isLaptop = true; + isNixos = true; + isSecondaryGpu = true; + SecondaryGpuCard = "pci-0000_03_00_0"; + cpuCount = 16; + temperatureHwmon = { + isAbsolutePath = true; + path = "/sys/devices/virtual/thermal/thermal_zone0/"; + input-filename = "temp4_input"; }; - homedesktop = { - name = "Philips Consumer Electronics Company PHL BDM3270 AU11806002320"; - mode = "2560x1440"; - scale = "1"; - position = "0,0"; - workspace = "1:一"; - output = "DP-11"; + startup = [ + { command = "nextcloud --background"; } + { command = "vesktop --start-minimized --enable-speech-dispatcher --ozone-platform-hint=auto --enable-features=WaylandWindowDecorations --enable-wayland-ime"; } + { command = "element-desktop --hidden --enable-features=UseOzonePlatform --ozone-platform=wayland --disable-gpu-driver-bug-workarounds"; } + { command = "ANKI_WAYLAND=1 anki"; } + { command = "OBSIDIAN_USE_WAYLAND=1 obsidian"; } + { command = "nm-applet"; } + { command = "teams-for-linux"; } + { command = "1password"; } + { command = "feishin"; } + ]; + lowResolution = "1280x800"; + highResolution = "2560x1600"; + monitors = { + main = { + name = "BOE 0x0BC9 Unknown"; + mode = "2560x1600"; # TEMPLATE + scale = "1"; + position = "2560,0"; + workspace = "15:L"; + output = "eDP-2"; + }; + homedesktop = { + name = "Philips Consumer Electronics Company PHL BDM3270 AU11806002320"; + mode = "2560x1440"; + scale = "1"; + position = "0,0"; + workspace = "1:一"; + output = "DP-11"; + }; + work_back_middle = { + name = "LG Electronics LG Ultra HD 0x000305A6"; + mode = "2560x1440"; + scale = "1"; + position = "5120,0"; + workspace = "1:一"; + output = "DP-10"; + }; + work_front_left = { + name = "LG Electronics LG Ultra HD 0x0007AB45"; + mode = "3840x2160"; + scale = "1"; + position = "5120,0"; + workspace = "1:一"; + output = "DP-7"; + }; + work_back_right = { + name = "HP Inc. HP Z32 CN41212T55"; + mode = "3840x2160"; + scale = "1"; + position = "5120,0"; + workspace = "1:一"; + output = "DP-3"; + }; + work_middle_middle_main = { + name = "HP Inc. HP 732pk CNC4080YL5"; + mode = "3840x2160"; + scale = "1"; + position = "-1280,0"; + workspace = "11:M"; + output = "DP-8"; + }; + work_middle_middle_side = { + name = "Hewlett Packard HP Z24i CN44250RDT"; + mode = "1920x1200"; + transform = "270"; + scale = "1"; + position = "-2480,0"; + workspace = "12:S"; + output = "DP-9"; + }; + work_seminary = { + name = "Applied Creative Technology Transmitter QUATTRO201811"; + mode = "1280x720"; + scale = "1"; + position = "10000,10000"; # i.e. this screen is inaccessible by moving the mouse + workspace = "14:T"; + output = "DP-4"; + }; }; - work_back_middle = { - name = "LG Electronics LG Ultra HD 0x000305A6"; - mode = "2560x1440"; - scale = "1"; - position = "5120,0"; - workspace = "1:一"; - output = "DP-10"; + inputs = { + "12972:18:Framework_Laptop_16_Keyboard_Module_-_ANSI_Keyboard" = { + xkb_layout = "us"; + xkb_variant = "altgr-intl"; + }; + "1133:45081:MX_Master_2S_Keyboard" = { + xkb_layout = "us"; + xkb_variant = "altgr-intl"; + }; + # "2362:628:PIXA3854:00_093A:0274_Touchpad" = { + # dwt = "enabled"; + # tap = "enabled"; + # natural_scroll = "enabled"; + # middle_emulation = "enabled"; + # drag_lock = "disabled"; + # }; + "1133:50504:Logitech_USB_Receiver" = { + xkb_layout = "us"; + xkb_variant = "altgr-intl"; + }; + "1133:45944:MX_KEYS_S" = { + xkb_layout = "us"; + xkb_variant = "altgr-intl"; + }; }; - work_front_left = { - name = "LG Electronics LG Ultra HD 0x0007AB45"; - mode = "3840x2160"; - scale = "1"; - position = "5120,0"; - workspace = "1:一"; - output = "DP-7"; + keybindings = { + "Mod4+Ctrl+Shift+p" = "exec screenshare"; }; - work_back_right = { - name = "HP Inc. HP Z32 CN41212T55"; - mode = "3840x2160"; - scale = "1"; - position = "5120,0"; - workspace = "1:一"; - output = "DP-3"; + shellAliases = { + ans2-15_3-9 = ". ~/.venvs/ansible39_2_15_0/bin/activate"; + ans3-9 = ". ~/.venvs/ansible39/bin/activate"; + ans = ". ~/.venvs/ansible/bin/activate"; + ans2-15 = ". ~/.venvs/ansible2.15.0/bin/activate"; }; - work_middle_middle_main = { - name = "HP Inc. HP 732pk CNC4080YL5"; - mode = "3840x2160"; - scale = "1"; - position = "-1280,0"; - workspace = "11:M"; - output = "DP-8"; - }; - work_middle_middle_side = { - name = "Hewlett Packard HP Z24i CN44250RDT"; - mode = "1920x1200"; - transform = "270"; - scale = "1"; - position = "-2480,0"; - workspace = "12:S"; - output = "DP-9"; - }; - work_seminary = { - name = "Applied Creative Technology Transmitter QUATTRO201811"; - mode = "1280x720"; - scale = "1"; - position = "10000,10000"; # i.e. this screen is inaccessible by moving the mouse - workspace = "14:T"; - output = "DP-4"; - }; - }; - inputs = { - "12972:18:Framework_Laptop_16_Keyboard_Module_-_ANSI_Keyboard" = { - xkb_layout = "us"; - xkb_variant = "altgr-intl"; - }; - "1133:45081:MX_Master_2S_Keyboard" = { - xkb_layout = "us"; - xkb_variant = "altgr-intl"; - }; - # "2362:628:PIXA3854:00_093A:0274_Touchpad" = { - # dwt = "enabled"; - # tap = "enabled"; - # natural_scroll = "enabled"; - # middle_emulation = "enabled"; - # drag_lock = "disabled"; - # }; - "1133:50504:Logitech_USB_Receiver" = { - xkb_layout = "us"; - xkb_variant = "altgr-intl"; - }; - "1133:45944:MX_KEYS_S" = { - xkb_layout = "us"; - xkb_variant = "altgr-intl"; - }; - }; - keybindings = { - "Mod4+Ctrl+Shift+p" = "exec screenshare"; - }; - shellAliases = { - ans2-15_3-9 = ". ~/.venvs/ansible39_2_15_0/bin/activate"; - ans3-9 = ". ~/.venvs/ansible39/bin/activate"; - ans = ". ~/.venvs/ansible/bin/activate"; - ans2-15 = ". ~/.venvs/ansible2.15.0/bin/activate"; - }; - } - sharedOptions; + } + sharedOptions; + }; } @@ -3805,10 +3809,11 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a #+begin_src nix :tangle profiles/nixos/default.nix { lib, ... }: let - moduleNames = lib.swarselsystems.readNix "profiles/nixos"; + profileNames = lib.swarselsystems.readNix "profiles/nixos"; in - lib.swarselsystems.mkProfiles moduleNames "nixos" - + { + imports = lib.swarselsystems.mkImports profileNames "profiles/nixos"; + } #+end_src ***** Personal @@ -3816,9 +3821,9 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a #+begin_src nix :tangle profiles/nixos/personal/default.nix :mkdirp yes { lib, config, ... }: { - options.swarselsystems.profiles.personalz = lib.mkEnableOption "is this a personal host"; - config = lib.mkIf config.swarselsystems.profiles.personalz { - config.swarselsystems.modules = { + options.swarselsystems.profiles.personal = lib.mkEnableOption "is this a personal host"; + config = lib.mkIf config.swarselsystems.profiles.personal { + swarselsystems.modules = { packages = lib.mkDefault true; general = lib.mkDefault true; home-manager = lib.mkDefault true; @@ -3868,6 +3873,78 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a #+end_src +***** Local Server + +#+begin_src nix :tangle profiles/nixos/localserver/default.nix :mkdirp yes + { lib, config, ... }: + { + options.swarselsystems.profiles.server.local = lib.mkEnableOption "is this a local server"; + config = lib.mkIf config.swarselsystems.profiles.server.local { + swarselsystems = { + # common modules + modules = { + nix-ld = lib.mkDefault true; + home-manager = lib.mkDefault true; + home-managerExtra = lib.mkDefault true; + xserver = lib.mkDefault true; + gc = lib.mkDefault true; + storeOptimize = lib.mkDefault true; + time = lib.mkDefault true; + users = lib.mkDefault true; + }; + # server modules + # server = { + # kavita = lib.mkDefault true; + # jellyfin = lib.mkDefault true; + # navidrome = lib.mkDefault true; + # spotifyd = lib.mkDefault true; + # mpd = lib.mkDefault true; + # matrix = lib.mkDefault true; + # nextcloud = lib.mkDefault true; + # immich = lib.mkDefault true; + # paperless = lib.mkDefault true; + # transmission = lib.mkDefault true; + # syncthing = lib.mkDefault true; + # monitoring = lib.mkDefault true; + # emacs = lib.mkDefault true; + # freshrss = lib.mkDefault true; + # }; + }; + }; + + } + +#+end_src +***** OCI Sync Server + +#+begin_src nix :tangle profiles/nixos/syncserver/default.nix :mkdirp yes + { lib, config, ... }: + { + options.swarselsystems.profiles.server.sync = lib.mkEnableOption "is this a oci sync server"; + config = lib.mkIf config.swarselsystems.profiles.server.sync { + swarselsystems = { + # common modules + modules = { + nix-ld = lib.mkDefault true; + home-manager = lib.mkDefault true; + home-managerExtra = lib.mkDefault true; + xserver = lib.mkDefault true; + gc = lib.mkDefault true; + storeOptimize = lib.mkDefault true; + time = lib.mkDefault true; + users = lib.mkDefault true; + }; + # server modules + # server = { + # forgejo = lib.mkDefault true; + # ankisync = lib.mkDefault true; + # }; + }; + }; + + } + +#+end_src **** home-manager :PROPERTIES: :CUSTOM_ID: h:ced5841f-c088-4d88-b3a1-7d62aad8837b @@ -3878,9 +3955,53 @@ This holds modules that are to be used on most hosts. These are also the most im #+BEGIN_src nix :tangle profiles/home/default.nix { lib, ... }: let - moduleNames = lib.swarselsystems.readNix "profiles/home"; + profileNames = lib.swarselsystems.readNix "profiles/home"; in - lib.swarselsystems.mkProfiles moduleNames "home" + { + imports = lib.swarselsystems.mkImports profileNames "profiles/home"; + } +#+end_src + +***** Personal + +#+begin_src nix :tangle profiles/home/personal/default.nix :mkdirp yes + { lib, config, ... }: + { + options.swarselsystems.profiles.personal = lib.mkEnableOption "is this a personal host"; + config = lib.mkIf config.swarselsystems.profiles.personal { + swarselsystems.modules = { + packages = lib.mkDefault true; + ownpackages = lib.mkDefault true; + general = lib.mkDefault true; + nixgl = lib.mkDefault true; + sops = lib.mkDefault true; + yubikey = lib.mkDefault true; + ssh = lib.mkDefault true; + stylix = lib.mkDefault true; + desktop = lib.mkDefault true; + symlink = lib.mkDefault true; + env = lib.mkDefault true; + programs = lib.mkDefault true; + nix-index = lib.mkDefault true; + direnv = lib.mkDefault true; + eza = lib.mkDefault true; + git = lib.mkDefault true; + fuzzel = lib.mkDefault true; + starship = lib.mkDefault true; + kitty = lib.mkDefault true; + zsh = lib.mkDefault true; + zellij = lib.mkDefault true; + tmux = lib.mkDefault true; + mail = lib.mkDefault true; + emacs = lib.mkDefault true; + waybar = lib.mkDefault true; + firefox = lib.mkDefault true; + gnome-keyring = lib.mkDefault true; + }; + }; + + } + #+end_src *** Library functions @@ -8014,7 +8135,7 @@ Options that I need specifically at work. There are more options at [[#h:f0b2ea9 udev.extraRules = '' # share screen when dongle detected - SUBSYSTEM=="usb", ACTION=="add", ATTRS{idVendor}=="04e8", ATTRS{idProduct}=="6860", TAG+="systemd", ENV{SYSTEMD_WANTS}="swarsel-screenshare.service" + SUBSYSTEM=="usb", ACTION=="add", ATTRS{idVendor}=="343c", ATTRS{idProduct}=="0000", TAG+="systemd", ENV{SYSTEMD_WANTS}="swarsel-screenshare.service" # lock screen when yubikey removed ACTION=="remove", ENV{PRODUCT}=="3/1050/407/110", RUN+="${pkgs.systemd}/bin/systemctl suspend" @@ -8426,41 +8547,44 @@ Again, we adapt =nix= to our needs, enable the home-manager command for non-NixO inherit (config.swarselsystems) mainUser; in { - nix = lib.mkIf (!config.swarselsystems.isNixos) { - settings = { - experimental-features = [ - "nix-command" - "flakes" - "ca-derivations" - "cgroups" - "pipe-operators" - ]; - trusted-users = [ "@wheel" "${mainUser}" ]; - connect-timeout = 5; - bash-prompt-prefix = "$SHLVL:\\w "; - bash-prompt = "$(if [[ $? -gt 0 ]]; then printf \"\"; else printf \"\"; fi)\[\e[1m\]λ\[\e[0m\] "; - fallback = true; - min-free = 128000000; - max-free = 1000000000; - auto-optimise-store = true; - warn-dirty = false; - max-jobs = 1; - use-cgroups = lib.mkIf config.swarselsystems.isLinux true; + options.swarselsystems.modules.general = lib.mkEnableOption "general nix settings"; + config = lib.mkIf config.swarselsystems.modules.general { + nix = lib.mkIf (!config.swarselsystems.isNixos) { + settings = { + experimental-features = [ + "nix-command" + "flakes" + "ca-derivations" + "cgroups" + "pipe-operators" + ]; + trusted-users = [ "@wheel" "${mainUser}" ]; + connect-timeout = 5; + bash-prompt-prefix = "$SHLVL:\\w "; + bash-prompt = "$(if [[ $? -gt 0 ]]; then printf \"\"; else printf \"\"; fi)\[\e[1m\]λ\[\e[0m\] "; + fallback = true; + min-free = 128000000; + max-free = 1000000000; + auto-optimise-store = true; + warn-dirty = false; + max-jobs = 1; + use-cgroups = lib.mkIf config.swarselsystems.isLinux true; + }; }; - }; - nixpkgs.overlays = lib.mkIf config.swarselsystems.isNixos (lib.mkForce null); + nixpkgs.overlays = lib.mkIf config.swarselsystems.isNixos (lib.mkForce null); - programs.home-manager.enable = lib.mkIf (!config.swarselsystems.isNixos) true; - targets.genericLinux.enable = lib.mkIf (!config.swarselsystems.isNixos) true; + programs.home-manager.enable = lib.mkIf (!config.swarselsystems.isNixos) true; + targets.genericLinux.enable = lib.mkIf (!config.swarselsystems.isNixos) true; - home = { - username = lib.mkDefault mainUser; - homeDirectory = lib.mkDefault "/home/${mainUser}"; - stateVersion = lib.mkDefault "23.05"; - keyboard.layout = "us"; - sessionVariables = { - FLAKE = "/home/${mainUser}/.dotfiles"; + home = { + username = lib.mkDefault mainUser; + homeDirectory = lib.mkDefault "/home/${mainUser}"; + stateVersion = lib.mkDefault "23.05"; + keyboard.layout = "us"; + sessionVariables = { + FLAKE = "/home/${mainUser}/.dotfiles"; + }; }; }; @@ -8481,32 +8605,33 @@ It can be set to either: - a PCI id in the form =vendor_id:device_id= #+begin_src nix :tangle modules/home/common/nixgl.nix - { lib, config, nixgl, ... }: - { - options.swarselsystems = { - isSecondaryGpu = lib.mkEnableOption "device has a secondary GPU"; - SecondaryGpuCard = lib.mkOption { - type = lib.types.str; - default = ""; - }; +{ lib, config, nixgl, ... }: +{ + options.swarselsystems = { + modules.nixgl = lib.mkEnableOption "nixgl settings"; + isSecondaryGpu = lib.mkEnableOption "device has a secondary GPU"; + SecondaryGpuCard = lib.mkOption { + type = lib.types.str; + default = ""; }; - config = { - nixGL = lib.mkIf (!config.swarselsystems.isNixos) { - inherit (nixgl) packages; - defaultWrapper = lib.mkDefault "mesa"; - vulkan.enable = lib.mkDefault false; - prime = lib.mkIf config.swarselsystem.isSecondaryGpu { - card = config.swarselsystem.secondaryGpuCard; - installScript = "mesa"; - }; - offloadWrapper = lib.mkIf config.swarselsystem.isSecondaryGpu "mesaPrime"; - installScripts = [ - "mesa" - "mesaPrime" - ]; + }; + config = lib.mkIf config.swarselsystems.modules.nixgl { + nixGL = lib.mkIf (!config.swarselsystems.isNixos) { + inherit (nixgl) packages; + defaultWrapper = lib.mkDefault "mesa"; + vulkan.enable = lib.mkDefault false; + prime = lib.mkIf config.swarselsystem.isSecondaryGpu { + card = config.swarselsystem.secondaryGpuCard; + installScript = "mesa"; }; + offloadWrapper = lib.mkIf config.swarselsystem.isSecondaryGpu "mesaPrime"; + installScripts = [ + "mesa" + "mesaPrime" + ]; }; - } + }; +} #+end_src **** Installed packages @@ -8528,9 +8653,11 @@ Programming languages and default lsp's are defined here: [[#h:0e7e8bea-ec58-499 This holds packages that I can use as provided, or with small modifications (as in the =texlive= package that needs special configuration). #+begin_src nix :tangle modules/home/common/packages.nix - { pkgs, ... }: +{ lib, config, pkgs, ... }: - { +{ + options.swarselsystems.modules.packages = lib.mkEnableOption "packages settings"; + config = lib.mkIf config.swarselsystems.modules.packages { home.packages = with pkgs; [ # audio stuff @@ -8706,7 +8833,8 @@ This holds packages that I can use as provided, or with small modifications (as noto-fonts noto-fonts-cjk-sans ]; - } + }; +} #+end_src ***** Self-defined @@ -8717,35 +8845,38 @@ This holds packages that I can use as provided, or with small modifications (as This is just a separate container for derivations defined in [[#h:64a5cc16-6b16-4802-b421-c67ccef853e1][Packages]]. This is a good idea so that I do not lose track of package names I have defined myself, as this was once a problem in the past already. #+begin_src nix :tangle modules/home/common/custom-packages.nix - { config, pkgs, ... }: + { lib, config, pkgs, ... }: { - home.packages = with pkgs; lib.mkIf (!config.swarselsystems.isPublic) [ - pass-fuzzel - cura5 - cdw - cdb - bak - timer - e - swarselcheck - waybarupdate - opacitytoggle - fs-diff - github-notifications - hm-specialisation - t2ts - ts2t - vershell - eontimer - project - fhs - swarsel-bootstrap - swarsel-displaypower - swarselzellij + options.swarselsystems.modules.ownpackages = lib.mkEnableOption "own packages settings"; + config = lib.mkIf config.swarselsystems.modules.ownpackages { + home.packages = with pkgs; lib.mkIf (!config.swarselsystems.isPublic) [ + pass-fuzzel + cura5 + cdw + cdb + bak + timer + e + swarselcheck + waybarupdate + opacitytoggle + fs-diff + github-notifications + hm-specialisation + t2ts + ts2t + vershell + eontimer + project + fhs + swarsel-bootstrap + swarsel-displaypower + swarselzellij - rustdesk-vbc - ]; + rustdesk-vbc + ]; + }; } #+end_src @@ -8769,18 +8900,21 @@ I use sops-nix to handle secrets that I want to have available on my machines at inherit (config.swarselsystems) homeDir xdgDir; in { - sops = lib.mkIf (!config.swarselsystems.isPublic) { - age.sshKeyPaths = [ "${homeDir}/.ssh/sops" "${homeDir}/.ssh/ssh_host_ed25519_key" ]; - defaultSopsFile = lib.swarselsystems.mkIfElseList config.swarselsystems.isBtrfs "/persist/.dotfiles/secrets/general/secrets.yaml" "${homeDir}/.dotfiles/secrets/general/secrets.yaml"; + options.swarselsystems.modules.sops = lib.mkEnableOption "sops settings"; + config = lib.mkIf config.swarselsystems.modules.sops { + sops = lib.mkIf (!config.swarselsystems.isPublic) { + age.sshKeyPaths = [ "${homeDir}/.ssh/sops" "${homeDir}/.ssh/ssh_host_ed25519_key" ]; + defaultSopsFile = lib.swarselsystems.mkIfElseList config.swarselsystems.isBtrfs "/persist/.dotfiles/secrets/general/secrets.yaml" "${homeDir}/.dotfiles/secrets/general/secrets.yaml"; - validateSopsFiles = false; - secrets = { - mrswarsel = { path = "${xdgDir}/secrets/mrswarsel"; }; - nautilus = { path = "${xdgDir}/secrets/nautilus"; }; - leon = { path = "${xdgDir}/secrets/leon"; }; - swarselmail = { path = "${xdgDir}/secrets/swarselmail"; }; - github_notif = { path = "${xdgDir}/secrets/github_notif"; }; - u2f_keys = { path = "${homeDir}/.config/Yubico/u2f_keys"; }; + validateSopsFiles = false; + secrets = { + mrswarsel = { path = "${xdgDir}/secrets/mrswarsel"; }; + nautilus = { path = "${xdgDir}/secrets/nautilus"; }; + leon = { path = "${xdgDir}/secrets/leon"; }; + swarselmail = { path = "${xdgDir}/secrets/swarselmail"; }; + github_notif = { path = "${xdgDir}/secrets/github_notif"; }; + u2f_keys = { path = "${homeDir}/.config/Yubico/u2f_keys"; }; + }; }; }; } @@ -8792,18 +8926,21 @@ I use sops-nix to handle secrets that I want to have available on my machines at :END: #+begin_src nix :tangle modules/home/common/yubikey.nix - { lib, nix-secrets, ... }: + { lib, config, nix-secrets, ... }: let secretsDirectory = builtins.toString nix-secrets; yubikey1 = lib.swarselsystems.getSecret "${secretsDirectory}/yubikey/yubikey1"; yubikey2 = lib.swarselsystems.getSecret "${secretsDirectory}/yubikey/yubikey2"; in { - pam.yubico.authorizedYubiKeys = { - ids = [ - "${yubikey1}" - "${yubikey2}" - ]; + options.swarselsystems.modules.yubikey = lib.mkEnableOption "yubikey settings"; + config = lib.mkIf config.swarselsystems.modules.yubikey { + pam.yubico.authorizedYubiKeys = { + ids = [ + "${yubikey1}" + "${yubikey2}" + ]; + }; }; } #+end_src @@ -8816,39 +8953,42 @@ I use sops-nix to handle secrets that I want to have available on my machines at It is very convenient to have SSH aliases in place for machines that I use. This is mainly used for some server machines and some university clusters. We also enable agent forwarding to have our Yubikey SSH key accessible on the remote host. #+begin_src nix :tangle modules/home/common/ssh.nix - _: + { lib, config, ... }: { - programs.ssh = { - enable = true; - forwardAgent = true; - extraConfig = '' - SetEnv TERM=xterm-256color - ServerAliveInterval 20 - ''; - matchBlocks = { - "pfsense" = { - hostname = "192.168.1.1"; - user = "root"; - }; - "winters" = { - hostname = "192.168.1.2"; - user = "swarsel"; - }; - "minecraft" = { - hostname = "130.61.119.129"; - user = "opc"; - }; - "sync" = { - hostname = "193.122.53.173"; - user = "root"; - }; - "songdiver" = { - hostname = "89.168.100.65"; - user = "ubuntu"; - }; - "pkv" = { - hostname = "46.232.248.161"; - user = "root"; + options.swarselsystems.modules.ssh = lib.mkEnableOption "ssh settings"; + config = lib.mkIf config.swarselsystems.modules.ssh { + programs.ssh = { + enable = true; + forwardAgent = true; + extraConfig = '' + SetEnv TERM=xterm-256color + ServerAliveInterval 20 + ''; + matchBlocks = { + "pfsense" = { + hostname = "192.168.1.1"; + user = "root"; + }; + "winters" = { + hostname = "192.168.1.2"; + user = "swarsel"; + }; + "minecraft" = { + hostname = "130.61.119.129"; + user = "opc"; + }; + "sync" = { + hostname = "193.122.53.173"; + user = "root"; + }; + "songdiver" = { + hostname = "89.168.100.65"; + user = "ubuntu"; + }; + "pkv" = { + hostname = "46.232.248.161"; + user = "root"; + }; }; }; }; @@ -8869,12 +9009,15 @@ This section has been notably empty ever since switching to stylix. Only Emacs i #+begin_src nix :noweb yes :tangle modules/home/common/stylix.nix { lib, config, ... }: { - stylix = lib.mkIf (!config.swarselsystems.isNixos) (lib.recursiveUpdate - { - image = config.swarselsystems.wallpaper; - targets = config.swarselsystems.stylixHomeTargets; - } - config.swarselsystems.stylix); + options.swarselsystems.modules.stylix = lib.mkEnableOption "stylix settings"; + config = lib.mkIf config.swarselsystems.modules.stylix { + stylix = lib.mkIf (!config.swarselsystems.isNixos) (lib.recursiveUpdate + { + image = config.swarselsystems.wallpaper; + targets = config.swarselsystems.stylixHomeTargets; + } + config.swarselsystems.stylix); + }; } #+end_src @@ -8888,95 +9031,97 @@ Some programs lack a dmenu launcher - I define them myself here. TODO: Non-NixOS machines (=sp3) should not use these by default, but instead the programs prefixed with "nixGL". I need to figure out how to automate this process, as it is not feasible to write desktop entries for all programs installed on that machine. #+begin_src nix :tangle modules/home/common/desktop.nix - - _: + { lib, config, ... }: { - xdg.desktopEntries = { + options.swarselsystems.modules.desktop = lib.mkEnableOption "desktop settings"; + config = lib.mkIf config.swarselsystems.modules.desktop { + xdg.desktopEntries = { + + cura = { + name = "Ultimaker Cura"; + genericName = "Cura"; + exec = "cura"; + terminal = false; + categories = [ "Application" ]; + }; + + rustdesk-vbc = { + name = "Rustdesk VBC"; + genericName = "rustdesk-vbc"; + exec = "rustdesk-vbc"; + terminal = false; + categories = [ "Application" ]; + }; + + anki = { + name = "Anki Flashcards"; + genericName = "Anki"; + exec = "anki"; + terminal = false; + categories = [ "Application" ]; + }; + + element = { + name = "Element Matrix Client"; + genericName = "Element"; + exec = "element-desktop -enable-features=UseOzonePlatform -ozone-platform=wayland --disable-gpu-driver-bug-workarounds"; + terminal = false; + categories = [ "Application" ]; + }; + + emacsclient-newframe = { + name = "Emacs (Client, New Frame)"; + genericName = "Emacs (Client, New Frame)"; + exec = "emacsclient -r %u"; + icon = "emacs"; + terminal = false; + categories = [ "Development" "TextEditor" ]; + }; - cura = { - name = "Ultimaker Cura"; - genericName = "Cura"; - exec = "cura"; - terminal = false; - categories = [ "Application" ]; }; - rustdesk-vbc = { - name = "Rustdesk VBC"; - genericName = "rustdesk-vbc"; - exec = "rustdesk-vbc"; - terminal = false; - categories = [ "Application" ]; - }; + xdg.mimeApps = { - anki = { - name = "Anki Flashcards"; - genericName = "Anki"; - exec = "anki"; - terminal = false; - categories = [ "Application" ]; - }; - - element = { - name = "Element Matrix Client"; - genericName = "Element"; - exec = "element-desktop -enable-features=UseOzonePlatform -ozone-platform=wayland --disable-gpu-driver-bug-workarounds"; - terminal = false; - categories = [ "Application" ]; - }; - - emacsclient-newframe = { - name = "Emacs (Client, New Frame)"; - genericName = "Emacs (Client, New Frame)"; - exec = "emacsclient -r %u"; - icon = "emacs"; - terminal = false; - categories = [ "Development" "TextEditor" ]; - }; - - }; - - xdg.mimeApps = { - - enable = true; - defaultApplications = { - "x-scheme-handler/http" = [ "firefox.desktop" ]; - "x-scheme-handler/https" = [ "firefox.desktop" ]; - "x-scheme-handler/chrome" = [ "firefox.desktop" ]; - "text/plain" = [ "emacsclient.desktop" ]; - "text/csv" = [ "emacsclient.desktop" ]; - "text/html" = [ "firefox.desktop" ]; - "application/x-extension-htm" = [ "firefox.desktop" ]; - "application/x-extension-html" = [ "firefox.desktop" ]; - "application/x-extension-shtml" = [ "firefox.desktop" ]; - "application/xhtml+xml" = [ "firefox.desktop" ]; - "application/x-extension-xhtml" = [ "firefox.desktop" ]; - "application/x-extension-xht" = [ "firefox.desktop" ]; - "image/png" = [ "imv.desktop" ]; - "image/jpeg" = [ "imv.desktop" ]; - "image/gif" = [ "imv.desktop" ]; - "image/svg" = [ "imv.desktop" ]; - "image/webp" = [ "firefox.desktop" ]; - "image/vnd.adobe.photoshop" = [ "gimp.desktop" ]; - "image/vnd.dxf" = [ "org.inkscape.Inkscape.desktop" ]; - "audio/flac" = [ "mpv.desktop" ]; - "audio/mp3" = [ "mpv.desktop" ]; - "audio/ogg" = [ "mpv.desktop" ]; - "audio/wav" = [ "mpv.desktop" ]; - "video/mp4" = [ "umpv.desktop" ]; - "video/mkv" = [ "umpv.desktop" ]; - "video/flv" = [ "umpv.desktop" ]; - "video/3gp" = [ "umpv.desktop" ]; - "application/pdf" = [ "org.gnome.Evince.desktop" ]; - "application/metalink+xml" = [ "emacsclient.desktop" ]; - "application/sql" = [ "emacsclient.desktop" ]; - "application/vnd.ms-powerpoint" = [ "impress.desktop" ]; - "application/msword" = [ "writer.desktop" ]; - "application/vnd.ms-excel" = [ "calc.desktop" ]; - }; - associations = { - added = { - "application/x-zerosize" = [ "emacsclient.desktop" ]; + enable = true; + defaultApplications = { + "x-scheme-handler/http" = [ "firefox.desktop" ]; + "x-scheme-handler/https" = [ "firefox.desktop" ]; + "x-scheme-handler/chrome" = [ "firefox.desktop" ]; + "text/plain" = [ "emacsclient.desktop" ]; + "text/csv" = [ "emacsclient.desktop" ]; + "text/html" = [ "firefox.desktop" ]; + "application/x-extension-htm" = [ "firefox.desktop" ]; + "application/x-extension-html" = [ "firefox.desktop" ]; + "application/x-extension-shtml" = [ "firefox.desktop" ]; + "application/xhtml+xml" = [ "firefox.desktop" ]; + "application/x-extension-xhtml" = [ "firefox.desktop" ]; + "application/x-extension-xht" = [ "firefox.desktop" ]; + "image/png" = [ "imv.desktop" ]; + "image/jpeg" = [ "imv.desktop" ]; + "image/gif" = [ "imv.desktop" ]; + "image/svg" = [ "imv.desktop" ]; + "image/webp" = [ "firefox.desktop" ]; + "image/vnd.adobe.photoshop" = [ "gimp.desktop" ]; + "image/vnd.dxf" = [ "org.inkscape.Inkscape.desktop" ]; + "audio/flac" = [ "mpv.desktop" ]; + "audio/mp3" = [ "mpv.desktop" ]; + "audio/ogg" = [ "mpv.desktop" ]; + "audio/wav" = [ "mpv.desktop" ]; + "video/mp4" = [ "umpv.desktop" ]; + "video/mkv" = [ "umpv.desktop" ]; + "video/flv" = [ "umpv.desktop" ]; + "video/3gp" = [ "umpv.desktop" ]; + "application/pdf" = [ "org.gnome.Evince.desktop" ]; + "application/metalink+xml" = [ "emacsclient.desktop" ]; + "application/sql" = [ "emacsclient.desktop" ]; + "application/vnd.ms-powerpoint" = [ "impress.desktop" ]; + "application/msword" = [ "writer.desktop" ]; + "application/vnd.ms-excel" = [ "calc.desktop" ]; + }; + associations = { + added = { + "application/x-zerosize" = [ "emacsclient.desktop" ]; + }; }; }; }; @@ -8996,33 +9141,36 @@ Also, we link some files to the users XDG configuration home: Also in firefox `about:config > toolkit.legacyUserProfileCustomizations.stylesheets` to true. #+begin_src nix :tangle modules/home/common/symlink.nix - { self, lib, ... }: + { self, lib, config, ... }: { - home.file = { - "init.el" = lib.mkDefault { - source = self + /programs/emacs/init.el; - target = ".emacs.d/init.el"; + options.swarselsystems.modules.symlink = lib.mkEnableOption "symlink settings"; + config = lib.mkIf config.swarselsystems.modules.symlink { + home.file = { + "init.el" = lib.mkDefault { + source = self + /programs/emacs/init.el; + target = ".emacs.d/init.el"; + }; + "early-init.el" = { + source = self + /programs/emacs/early-init.el; + target = ".emacs.d/early-init.el"; + }; + # on NixOS, Emacs does not find the aspell dicts easily. Write the configuration manually + ".aspell.conf" = { + source = self + /programs/config/.aspell.conf; + target = ".aspell.conf"; + }; + ".gitmessage" = { + source = self + /programs/git/.gitmessage; + target = ".gitmessage"; + }; }; - "early-init.el" = { - source = self + /programs/emacs/early-init.el; - target = ".emacs.d/early-init.el"; - }; - # on NixOS, Emacs does not find the aspell dicts easily. Write the configuration manually - ".aspell.conf" = { - source = self + /programs/config/.aspell.conf; - target = ".aspell.conf"; - }; - ".gitmessage" = { - source = self + /programs/git/.gitmessage; - target = ".gitmessage"; - }; - }; - xdg.configFile = { - "tridactyl/tridactylrc".source = self + /programs/firefox/tridactyl/tridactylrc; - "tridactyl/themes/base16-codeschool.css".source = self + /programs/firefox/tridactyl/themes/base16-codeschool.css; - "tridactyl/themes/swarsel.css".source = self + /programs/firefox/tridactyl/themes/swarsel.css; - "swayidle/config".source = self + /programs/swayidle/config; + xdg.configFile = { + "tridactyl/tridactylrc".source = self + /programs/firefox/tridactyl/tridactylrc; + "tridactyl/themes/base16-codeschool.css".source = self + /programs/firefox/tridactyl/themes/base16-codeschool.css; + "tridactyl/themes/swarsel.css".source = self + /programs/firefox/tridactyl/themes/swarsel.css; + "swayidle/config".source = self + /programs/swayidle/config; + }; }; } #+end_src @@ -9046,19 +9194,22 @@ Sets environment variables. Here I am only setting the EDITOR variable, most var allMailAddresses = lib.swarselsystems.getSecret "${secretsDirectory}/mail/list"; in { - home.sessionVariables = { - EDITOR = "e -w"; - DISPLAY = ":0"; - SWARSEL_LO_RES = config.swarselsystems.lowResolution; - SWARSEL_HI_RES = config.swarselsystems.highResolution; - }; - systemd.user.sessionVariables = { - SWARSEL_LEON_MAIL = leonMail; - SWARSEL_NAUTILUS_MAIL = nautilusMail; - SWARSEL_MRSWARSEL_MAIL = mrswarselMail; - SWARSEL_SWARSEL_MAIL = swarselMail; - SWARSEL_FULLNAME = fullName; - SWARSEL_MAIL_ALL = allMailAddresses; + options.swarselsystems.modules.env = lib.mkEnableOption "env settings"; + config = lib.mkIf config.swarselsystems.modules.env { + home.sessionVariables = { + EDITOR = "e -w"; + DISPLAY = ":0"; + SWARSEL_LO_RES = config.swarselsystems.lowResolution; + SWARSEL_HI_RES = config.swarselsystems.highResolution; + }; + systemd.user.sessionVariables = { + SWARSEL_LEON_MAIL = leonMail; + SWARSEL_NAUTILUS_MAIL = nautilusMail; + SWARSEL_MRSWARSEL_MAIL = mrswarselMail; + SWARSEL_SWARSEL_MAIL = swarselMail; + SWARSEL_FULLNAME = fullName; + SWARSEL_MAIL_ALL = allMailAddresses; + }; }; } #+end_src @@ -9071,26 +9222,29 @@ Sets environment variables. Here I am only setting the EDITOR variable, most var This section is for programs that require no further configuration. zsh Integration is enabled by default for these. #+begin_src nix :tangle modules/home/common/programs.nix - { pkgs, ... }: + { lib, config, pkgs, ... }: { - programs = { - bottom.enable = true; - imv.enable = true; - sioyek.enable = true; - bat = { - enable = true; - extraPackages = with pkgs.bat-extras; [ batdiff batman batgrep batwatch ]; + options.swarselsystems.modules.programs = lib.mkEnableOption "programs settings"; + config = lib.mkIf config.swarselsystems.modules.programs { + programs = { + bottom.enable = true; + imv.enable = true; + sioyek.enable = true; + bat = { + enable = true; + extraPackages = with pkgs.bat-extras; [ batdiff batman batgrep batwatch ]; + }; + carapace.enable = true; + wlogout.enable = true; + swayr.enable = true; + yt-dlp.enable = true; + mpv.enable = true; + jq.enable = true; + ripgrep.enable = true; + pandoc.enable = true; + fzf.enable = true; + zoxide.enable = true; }; - carapace.enable = true; - wlogout.enable = true; - swayr.enable = true; - yt-dlp.enable = true; - mpv.enable = true; - jq.enable = true; - ripgrep.enable = true; - pandoc.enable = true; - fzf.enable = true; - zoxide.enable = true; }; } #+end_src @@ -9103,26 +9257,29 @@ This section is for programs that require no further configuration. zsh Integrat nix-index provides a way to find out which packages are provided by which derivations. By default it also comes with a replacement for =command-not-found.sh=, however, the implementation is based on a channel based setup. I like consistency, so I replace the command with one that provides a flakes-based output. #+begin_src nix :tangle modules/home/common/nix-index.nix - { self, pkgs, ... }: + { self, lib, config, pkgs, ... }: { - programs.nix-index = - let - commandNotFound = pkgs.runCommandLocal "command-not-found.sh" { } '' - mkdir -p $out/etc/profile.d - substitute ${self + /scripts/command-not-found.sh} \ - $out/etc/profile.d/command-not-found.sh \ - --replace-fail @nix-locate@ ${pkgs.nix-index}/bin/nix-locate \ - --replace-fail @tput@ ${pkgs.ncurses}/bin/tput - ''; - in + options.swarselsystems.modules.nix-index = lib.mkEnableOption "nix-index settings"; + config = lib.mkIf config.swarselsystems.modules.nix-index { + programs.nix-index = + let + commandNotFound = pkgs.runCommandLocal "command-not-found.sh" { } '' + mkdir -p $out/etc/profile.d + substitute ${self + /scripts/command-not-found.sh} \ + $out/etc/profile.d/command-not-found.sh \ + --replace-fail @nix-locate@ ${pkgs.nix-index}/bin/nix-locate \ + --replace-fail @tput@ ${pkgs.ncurses}/bin/tput + ''; + in - { - enable = true; - package = pkgs.symlinkJoin { - name = "nix-index"; - paths = [ commandNotFound ]; + { + enable = true; + package = pkgs.symlinkJoin { + name = "nix-index"; + paths = [ commandNotFound ]; + }; }; - }; + }; } #+end_src @@ -9134,14 +9291,17 @@ nix-index provides a way to find out which packages are provided by which deriva Enables password store with the =pass-otp= extension which allows me to store and generate one-time-passwords. #+begin_src nix :tangle modules/home/common/password-store.nix - { pkgs, ... }: + { lib, config, pkgs, ... }: { - programs.password-store = { - enable = true; - settings = { - PASSWORD_STORE_DIR = "$HOME/.local/share/password-store"; + options.swarselsystems.modules.passwordstore = lib.mkEnableOption "passwordstore settings"; + config = lib.mkIf config.swarselsystems.modules.passwordstore { + programs.password-store = { + enable = true; + settings = { + PASSWORD_STORE_DIR = "$HOME/.local/share/password-store"; + }; + package = pkgs.pass.withExtensions (exts: [ exts.pass-otp ]); }; - package = pkgs.pass.withExtensions (exts: [ exts.pass-otp ]); }; } #+end_src @@ -9154,12 +9314,15 @@ Enables password store with the =pass-otp= extension which allows me to store an Enables direnv, which I use for nearly all of my nix dev flakes. #+begin_src nix :tangle modules/home/common/direnv.nix - _: + { lib, config, ... }: { - programs.direnv = { - enable = true; - silent = true; - nix-direnv.enable = true; + options.swarselsystems.modules.direnv = lib.mkEnableOption "direnv settings"; + config = lib.mkIf config.swarselsystems.modules.direnv { + programs.direnv = { + enable = true; + silent = true; + nix-direnv.enable = true; + }; }; } #+end_src @@ -9172,16 +9335,19 @@ Enables direnv, which I use for nearly all of my nix dev flakes. Eza provides me with a better =ls= command and some other useful aliases. #+begin_src nix :tangle modules/home/common/eza.nix - _: + { lib, config, ... }: { - programs.eza = { - enable = true; - icons = "auto"; - git = true; - extraOptions = [ - "-l" - "--group-directories-first" - ]; + options.swarselsystems.modules.eza = lib.mkEnableOption "eza settings"; + config = lib.mkIf config.swarselsystems.modules.eza { + programs.eza = { + enable = true; + icons = "auto"; + git = true; + extraOptions = [ + "-l" + "--group-directories-first" + ]; + }; }; } #+end_src @@ -9194,48 +9360,51 @@ Eza provides me with a better =ls= command and some other useful aliases. Here I set up my git config, automatic signing of commits, useful aliases for my ost used commands (for when I am not using [[#h:d2c7323d-f8c6-4f23-b70a-930e3e4ecce5][Magit]]) as well as a git template defined in [[#h:5ef03803-e150-41bc-b603-e80d60d96efc][Linking dotfiles]]. #+begin_src nix :tangle modules/home/common/git.nix - { lib, nix-secrets, ... }: + { lib, config, nix-secrets, ... }: let secretsDirectory = builtins.toString nix-secrets; leonMail = lib.swarselsystems.getSecret "${secretsDirectory}/mail/leon"; fullName = lib.swarselsystems.getSecret "${secretsDirectory}/info/fullname"; in { - programs.git = { - enable = true; - aliases = { - a = "add"; - c = "commit"; - cl = "clone"; - co = "checkout"; - b = "branch"; - i = "init"; - m = "merge"; - s = "status"; - r = "restore"; - p = "pull"; - pp = "push"; - }; - signing = { - key = "0x76FD3810215AE097"; - signByDefault = true; - }; - userEmail = lib.mkDefault leonMail; - userName = fullName; - difftastic.enable = true; - lfs.enable = true; - includes = [ - { - contents = { - github = { - user = "Swarsel"; + options.swarselsystems.modules.git = lib.mkEnableOption "git settings"; + config = lib.mkIf config.swarselsystems.modules.git { + programs.git = { + enable = true; + aliases = { + a = "add"; + c = "commit"; + cl = "clone"; + co = "checkout"; + b = "branch"; + i = "init"; + m = "merge"; + s = "status"; + r = "restore"; + p = "pull"; + pp = "push"; + }; + signing = { + key = "0x76FD3810215AE097"; + signByDefault = true; + }; + userEmail = lib.mkDefault leonMail; + userName = fullName; + difftastic.enable = true; + lfs.enable = true; + includes = [ + { + contents = { + github = { + user = "Swarsel"; + }; + commit = { + template = "~/.gitmessage"; + }; }; - commit = { - template = "~/.gitmessage"; - }; - }; - } - ]; + } + ]; + }; }; } #+end_src @@ -9248,17 +9417,20 @@ Here I set up my git config, automatic signing of commits, useful aliases for my Here I only need to set basic layout options - the rest is being managed by stylix. #+begin_src nix :tangle modules/home/common/fuzzel.nix - _: + { lib, config, ... }: { - programs.fuzzel = { - enable = true; - settings = { - main = { - layer = "overlay"; - lines = "10"; - width = "40"; + options.swarselsystems.modules.fuzzel = lib.mkEnableOption "fuzzel settings"; + config = lib.mkIf config.swarselsystems.modules.fuzzel { + programs.fuzzel = { + enable = true; + settings = { + main = { + layer = "overlay"; + lines = "10"; + width = "40"; + }; + border.radius = "0"; }; - border.radius = "0"; }; }; } @@ -9272,124 +9444,127 @@ Here I only need to set basic layout options - the rest is being managed by styl Starship makes my =zsh= look cooler! I have symbols for most programming languages and toolchains, also I build my own powerline. #+begin_src nix :tangle modules/home/common/starship.nix - _: + { lib, config, ... }: { - programs.starship = { - enable = true; - enableZshIntegration = true; - settings = { - add_newline = false; - format = "$shlvl$character"; - right_format = "$all"; - command_timeout = 3000; + options.swarselsystems.modules.starship = lib.mkEnableOption "starship settings"; + config = lib.mkIf config.swarselsystems.modules.starship { + programs.starship = { + enable = true; + enableZshIntegration = true; + settings = { + add_newline = false; + format = "$shlvl$character"; + right_format = "$all"; + command_timeout = 3000; - directory.substitutions = { - "Documents" = "󰈙 "; - "Downloads" = " "; - "Music" = " "; - "Pictures" = " "; + directory.substitutions = { + "Documents" = "󰈙 "; + "Downloads" = " "; + "Music" = " "; + "Pictures" = " "; + }; + + git_status = { + style = "bg:#394260"; + format = "[[($all_status$ahead_behind)](fg:#769ff0 bg:#394260)]($style) "; + }; + + character = { + success_symbol = "[λ](bold green)"; + error_symbol = "[λ](bold red)"; + }; + + shlvl = { + disabled = false; + symbol = "↳"; + format = "[$symbol]($style) "; + repeat = true; + repeat_offset = 1; + style = "blue"; + }; + + nix_shell = { + disabled = false; + heuristic = true; + format = "[$symbol$name]($style)"; + symbol = " "; + }; + + aws.symbol = " "; + buf.symbol = " "; + c.symbol = " "; + conda.symbol = " "; + dart.symbol = " "; + directory.read_only = " 󰌾"; + docker_context.symbol = " "; + elixir.symbol = " "; + elm.symbol = " "; + fossil_branch.symbol = " "; + git_branch.symbol = " "; + golang.symbol = " "; + guix_shell.symbol = " "; + haskell.symbol = " "; + haxe.symbol = " "; + hg_branch.symbol = " "; + hostname.ssh_symbol = " "; + java.symbol = " "; + julia.symbol = " "; + lua.symbol = " "; + memory_usage.symbol = "󰍛 "; + meson.symbol = "󰔷 "; + nim.symbol = "󰆥 "; + nodejs.symbol = " "; + + os.symbols = { + Alpaquita = " "; + Alpine = " "; + Amazon = " "; + Android = " "; + Arch = " "; + Artix = " "; + CentOS = " "; + Debian = " "; + DragonFly = " "; + Emscripten = " "; + EndeavourOS = " "; + Fedora = " "; + FreeBSD = " "; + Garuda = "󰛓 "; + Gentoo = " "; + HardenedBSD = "󰞌 "; + Illumos = "󰈸 "; + Linux = " "; + Mabox = " "; + Macos = " "; + Manjaro = " "; + Mariner = " "; + MidnightBSD = " "; + Mint = " "; + NetBSD = " "; + NixOS = " "; + OpenBSD = "󰈺 "; + openSUSE = " "; + OracleLinux = "󰌷 "; + Pop = " "; + Raspbian = " "; + Redhat = " "; + RedHatEnterprise = " "; + Redox = "󰀘 "; + Solus = "󰠳 "; + SUSE = " "; + Ubuntu = " "; + Unknown = " "; + Windows = "󰍲 "; + }; + + package.symbol = "󰏗 "; + pijul_channel.symbol = " "; + python.symbol = " "; + rlang.symbol = "󰟔 "; + ruby.symbol = " "; + rust.symbol = " "; + scala.symbol = " "; }; - - git_status = { - style = "bg:#394260"; - format = "[[($all_status$ahead_behind)](fg:#769ff0 bg:#394260)]($style) "; - }; - - character = { - success_symbol = "[λ](bold green)"; - error_symbol = "[λ](bold red)"; - }; - - shlvl = { - disabled = false; - symbol = "↳"; - format = "[$symbol]($style) "; - repeat = true; - repeat_offset = 1; - style = "blue"; - }; - - nix_shell = { - disabled = false; - heuristic = true; - format = "[$symbol$name]($style)"; - symbol = " "; - }; - - aws.symbol = " "; - buf.symbol = " "; - c.symbol = " "; - conda.symbol = " "; - dart.symbol = " "; - directory.read_only = " 󰌾"; - docker_context.symbol = " "; - elixir.symbol = " "; - elm.symbol = " "; - fossil_branch.symbol = " "; - git_branch.symbol = " "; - golang.symbol = " "; - guix_shell.symbol = " "; - haskell.symbol = " "; - haxe.symbol = " "; - hg_branch.symbol = " "; - hostname.ssh_symbol = " "; - java.symbol = " "; - julia.symbol = " "; - lua.symbol = " "; - memory_usage.symbol = "󰍛 "; - meson.symbol = "󰔷 "; - nim.symbol = "󰆥 "; - nodejs.symbol = " "; - - os.symbols = { - Alpaquita = " "; - Alpine = " "; - Amazon = " "; - Android = " "; - Arch = " "; - Artix = " "; - CentOS = " "; - Debian = " "; - DragonFly = " "; - Emscripten = " "; - EndeavourOS = " "; - Fedora = " "; - FreeBSD = " "; - Garuda = "󰛓 "; - Gentoo = " "; - HardenedBSD = "󰞌 "; - Illumos = "󰈸 "; - Linux = " "; - Mabox = " "; - Macos = " "; - Manjaro = " "; - Mariner = " "; - MidnightBSD = " "; - Mint = " "; - NetBSD = " "; - NixOS = " "; - OpenBSD = "󰈺 "; - openSUSE = " "; - OracleLinux = "󰌷 "; - Pop = " "; - Raspbian = " "; - Redhat = " "; - RedHatEnterprise = " "; - Redox = "󰀘 "; - Solus = "󰠳 "; - SUSE = " "; - Ubuntu = " "; - Unknown = " "; - Windows = "󰍲 "; - }; - - package.symbol = "󰏗 "; - pijul_channel.symbol = " "; - python.symbol = " "; - rlang.symbol = "󰟔 "; - ruby.symbol = " "; - rust.symbol = " "; - scala.symbol = " "; }; }; } @@ -9405,15 +9580,18 @@ Kitty is the terminal emulator of choice for me, it is nice to configure using n The theme is handled by stylix. #+begin_src nix :tangle modules/home/common/kitty.nix - _: + { lib, config, ... }: { - programs.kitty = { - enable = true; - keybindings = { }; - settings = { - scrollback_lines = 10000; - enable_audio_bell = false; - notify_on_cmd_finish = "always 20"; + options.swarselsystems.modules.kitty = lib.mkEnableOption "kitty settings"; + config = lib.mkIf config.swarselsystems.modules.kitty { + programs.kitty = { + enable = true; + keybindings = { }; + settings = { + scrollback_lines = 10000; + enable_audio_bell = false; + notify_on_cmd_finish = "always 20"; + }; }; }; } @@ -9435,12 +9613,13 @@ Here we set some aliases (some of them should be shellApplications instead) as w in { options.swarselsystems = { + modules.zsh = lib.mkEnableOption "zsh settings"; shellAliases = lib.mkOption { type = lib.types.attrsOf lib.types.str; default = { }; }; }; - config = { + config = lib.mkIf config.swarselsystems.modules.zsh { programs.zsh = { enable = true; shellAliases = lib.recursiveUpdate @@ -9548,21 +9727,23 @@ Here we set some aliases (some of them should be shellApplications instead) as w :CUSTOM_ID: h:00de4901-631c-4b4c-86ce-d9d6e62ed8c7 :END: #+begin_src nix :tangle modules/home/common/zellij.nix - { self, config, pkgs, ... }: + { self, lib, config, pkgs, ... }: { + options.swarselsystems.modules.zellij = lib.mkEnableOption "zellij settings"; + config = lib.mkIf config.swarselsystems.modules.zellij { + programs.zellij = { + enable = true; + enableZshIntegration = true; + }; - programs.zellij = { - enable = true; - enableZshIntegration = true; - }; + home.packages = with pkgs; [ + zjstatus + ]; - home.packages = with pkgs; [ - zjstatus - ]; - - xdg.configFile = { - "zellij/config.kdl".text = import "${self}/programs/zellij/config.kdl.nix" { inherit config; }; - "zellij/layouts/default.kdl".text = import "${self}/programs/zellij/layouts/default.kdl.nix" { inherit config pkgs; }; + xdg.configFile = { + "zellij/config.kdl".text = import "${self}/programs/zellij/config.kdl.nix" { inherit config; }; + "zellij/layouts/default.kdl".text = import "${self}/programs/zellij/layouts/default.kdl.nix" { inherit config pkgs; }; + }; }; } @@ -9572,8 +9753,7 @@ Here we set some aliases (some of them should be shellApplications instead) as w :CUSTOM_ID: h:45de9430-f925-4df6-9db6-bffb5b8f1604 :END: #+begin_src nix :tangle modules/home/common/tmux.nix - - { pkgs, ... }: + { lib, config, pkgs, ... }: let tmux-super-fingers = pkgs.tmuxPlugins.mkTmuxPlugin { @@ -9588,86 +9768,88 @@ Here we set some aliases (some of them should be shellApplications instead) as w }; in { + options.swarselsystems.modules.tmux = lib.mkEnableOption "tmux settings"; + config = lib.mkIf config.swarselsystems.modules.tmux { + home.packages = with pkgs; [ + lsof + sesh + ]; - home.packages = with pkgs; [ - lsof - sesh - ]; + programs.tmux = { + enable = true; + shell = "${pkgs.zsh}/bin/zsh"; + terminal = "tmux-256color"; + historyLimit = 100000; + plugins = with pkgs; + [ + tmuxPlugins.tmux-thumbs + { + plugin = tmux-super-fingers; + extraConfig = "set -g @super-fingers-key f"; + } - programs.tmux = { - enable = true; - shell = "${pkgs.zsh}/bin/zsh"; - terminal = "tmux-256color"; - historyLimit = 100000; - plugins = with pkgs; - [ - tmuxPlugins.tmux-thumbs - { - plugin = tmux-super-fingers; - extraConfig = "set -g @super-fingers-key f"; - } + tmuxPlugins.sensible + # must be before continuum edits right status bar + { + plugin = tmuxPlugins.catppuccin; + extraConfig = '' + set -g @catppuccin_flavour 'frappe' + set -g @catppuccin_window_tabs_enabled on + set -g @catppuccin_date_time "%H:%M" + ''; + } + { + plugin = tmuxPlugins.resurrect; + extraConfig = '' + set -g @resurrect-strategy-vim 'session' + set -g @resurrect-strategy-nvim 'session' + set -g @resurrect-capture-pane-contents 'on' + ''; + } + { + plugin = tmuxPlugins.continuum; + extraConfig = '' + set -g @continuum-restore 'on' + set -g @continuum-boot 'on' + set -g @continuum-save-interval '10' + ''; + } + tmuxPlugins.better-mouse-mode + tmuxPlugins.yank + ]; + extraConfig = '' + set -g default-terminal "tmux-256color" + set -ag terminal-overrides ",xterm-256color:RGB" - tmuxPlugins.sensible - # must be before continuum edits right status bar - { - plugin = tmuxPlugins.catppuccin; - extraConfig = '' - set -g @catppuccin_flavour 'frappe' - set -g @catppuccin_window_tabs_enabled on - set -g @catppuccin_date_time "%H:%M" - ''; - } - { - plugin = tmuxPlugins.resurrect; - extraConfig = '' - set -g @resurrect-strategy-vim 'session' - set -g @resurrect-strategy-nvim 'session' - set -g @resurrect-capture-pane-contents 'on' - ''; - } - { - plugin = tmuxPlugins.continuum; - extraConfig = '' - set -g @continuum-restore 'on' - set -g @continuum-boot 'on' - set -g @continuum-save-interval '10' - ''; - } - tmuxPlugins.better-mouse-mode - tmuxPlugins.yank - ]; - extraConfig = '' - set -g default-terminal "tmux-256color" - set -ag terminal-overrides ",xterm-256color:RGB" + set-option -g prefix C-a + unbind-key C-b + bind-key C-a send-prefix - set-option -g prefix C-a - unbind-key C-b - bind-key C-a send-prefix + set -g mouse on - set -g mouse on + # Open new split at cwd of current split + bind | split-window -h -c "#{pane_current_path}" + bind - split-window -v -c "#{pane_current_path}" - # Open new split at cwd of current split - bind | split-window -h -c "#{pane_current_path}" - bind - split-window -v -c "#{pane_current_path}" + # Use vim keybindings in copy mode + set-window-option -g mode-keys vi - # Use vim keybindings in copy mode - set-window-option -g mode-keys vi + # v in copy mode starts making selection + bind-key -T copy-mode-vi v send-keys -X begin-selection + bind-key -T copy-mode-vi C-v send-keys -X rectangle-toggle + bind-key -T copy-mode-vi y send-keys -X copy-selection-and-cancel - # v in copy mode starts making selection - bind-key -T copy-mode-vi v send-keys -X begin-selection - bind-key -T copy-mode-vi C-v send-keys -X rectangle-toggle - bind-key -T copy-mode-vi y send-keys -X copy-selection-and-cancel + # Escape turns on copy mode + bind Escape copy-mode - # Escape turns on copy mode - bind Escape copy-mode + set-option -g status-position top - set-option -g status-position top + # make Prefix p paste the buffer. + unbind p + bind p paste-buffer - # make Prefix p paste the buffer. - unbind p - bind p paste-buffer - - ''; + ''; + }; }; } @@ -9691,137 +9873,140 @@ Normally I use 4 mail accounts - here I set them all up. Three of them are Googl fullName = lib.swarselsystems.getSecret "${secretsDirectory}/info/fullname"; in { - programs = { - mbsync = { - enable = true; + options.swarselsystems.modules.mail = lib.mkEnableOption "mail settings"; + config = lib.mkIf config.swarselsystems.modules.mail { + programs = { + mbsync = { + enable = true; + }; + msmtp = { + enable = true; + }; + mu = { + enable = true; + }; }; - msmtp = { - enable = true; - }; - mu = { - enable = true; - }; - }; - services.mbsync = { - enable = true; - }; - # this is needed so that mbsync can use the passwords from sops - systemd.user.services.mbsync.Unit.After = [ "sops-nix.service" ]; + services.mbsync = { + enable = true; + }; + # this is needed so that mbsync can use the passwords from sops + systemd.user.services.mbsync.Unit.After = [ "sops-nix.service" ]; - accounts = lib.mkIf (!config.swarselsystems.isPublic) { - email = { - maildirBasePath = "Mail"; - accounts = { - leon = { - primary = true; - address = leonMail; - userName = leonMail; - realName = fullName; - passwordCommand = "cat ${config.sops.secrets.leon.path}"; - gpg = { - key = "0x76FD3810215AE097"; - signByDefault = true; - }; - imap.host = "imap.gmail.com"; - smtp.host = "smtp.gmail.com"; - mu.enable = true; - msmtp = { - enable = true; - }; - mbsync = { - enable = true; - create = "maildir"; - expunge = "both"; - patterns = [ "*" "![Gmail]*" "[Gmail]/Sent Mail" "[Gmail]/Starred" "[Gmail]/All Mail" ]; - extraConfig = { - channel = { - Sync = "All"; - }; - account = { - Timeout = 120; - PipelineDepth = 1; - }; + accounts = lib.mkIf (!config.swarselsystems.isPublic) { + email = { + maildirBasePath = "Mail"; + accounts = { + leon = { + primary = true; + address = leonMail; + userName = leonMail; + realName = fullName; + passwordCommand = "cat ${config.sops.secrets.leon.path}"; + gpg = { + key = "0x76FD3810215AE097"; + signByDefault = true; }; - }; - }; - - swarsel = { - address = swarselMail; - userName = "8227dc594dd515ce232eda1471cb9a19"; - realName = fullName; - passwordCommand = "cat ${config.sops.secrets.swarselmail.path}"; - smtp = { - host = "in-v3.mailjet.com"; - port = 587; - tls = { + imap.host = "imap.gmail.com"; + smtp.host = "smtp.gmail.com"; + mu.enable = true; + msmtp = { enable = true; - useStartTls = true; }; - }; - mu.enable = false; - msmtp = { - enable = true; - }; - mbsync = { - enable = false; - }; - }; - - nautilus = { - primary = false; - address = nautilusMail; - userName = nautilusMail; - realName = "Nautilus"; - passwordCommand = "cat ${config.sops.secrets.nautilus.path}"; - imap.host = "imap.gmail.com"; - smtp.host = "smtp.gmail.com"; - msmtp.enable = true; - mu.enable = true; - mbsync = { - enable = true; - create = "maildir"; - expunge = "both"; - patterns = [ "*" "![Gmail]*" "[Gmail]/Sent Mail" "[Gmail]/Starred" "[Gmail]/All Mail" ]; - extraConfig = { - channel = { - Sync = "All"; - }; - account = { - Timeout = 120; - PipelineDepth = 1; + mbsync = { + enable = true; + create = "maildir"; + expunge = "both"; + patterns = [ "*" "![Gmail]*" "[Gmail]/Sent Mail" "[Gmail]/Starred" "[Gmail]/All Mail" ]; + extraConfig = { + channel = { + Sync = "All"; + }; + account = { + Timeout = 120; + PipelineDepth = 1; + }; }; }; }; - }; - mrswarsel = { - primary = false; - address = mrswarselMail; - userName = mrswarselMail; - realName = "Swarsel"; - passwordCommand = "cat ${config.sops.secrets.mrswarsel.path}"; - imap.host = "imap.gmail.com"; - smtp.host = "smtp.gmail.com"; - msmtp.enable = true; - mu.enable = true; - mbsync = { - enable = true; - create = "maildir"; - expunge = "both"; - patterns = [ "*" "![Gmail]*" "[Gmail]/Sent Mail" "[Gmail]/Starred" "[Gmail]/All Mail" ]; - extraConfig = { - channel = { - Sync = "All"; + swarsel = { + address = swarselMail; + userName = "8227dc594dd515ce232eda1471cb9a19"; + realName = fullName; + passwordCommand = "cat ${config.sops.secrets.swarselmail.path}"; + smtp = { + host = "in-v3.mailjet.com"; + port = 587; + tls = { + enable = true; + useStartTls = true; }; - account = { - Timeout = 120; - PipelineDepth = 1; + }; + mu.enable = false; + msmtp = { + enable = true; + }; + mbsync = { + enable = false; + }; + }; + + nautilus = { + primary = false; + address = nautilusMail; + userName = nautilusMail; + realName = "Nautilus"; + passwordCommand = "cat ${config.sops.secrets.nautilus.path}"; + imap.host = "imap.gmail.com"; + smtp.host = "smtp.gmail.com"; + msmtp.enable = true; + mu.enable = true; + mbsync = { + enable = true; + create = "maildir"; + expunge = "both"; + patterns = [ "*" "![Gmail]*" "[Gmail]/Sent Mail" "[Gmail]/Starred" "[Gmail]/All Mail" ]; + extraConfig = { + channel = { + Sync = "All"; + }; + account = { + Timeout = 120; + PipelineDepth = 1; + }; }; }; }; - }; + mrswarsel = { + primary = false; + address = mrswarselMail; + userName = mrswarselMail; + realName = "Swarsel"; + passwordCommand = "cat ${config.sops.secrets.mrswarsel.path}"; + imap.host = "imap.gmail.com"; + smtp.host = "smtp.gmail.com"; + msmtp.enable = true; + mu.enable = true; + mbsync = { + enable = true; + create = "maildir"; + expunge = "both"; + patterns = [ "*" "![Gmail]*" "[Gmail]/Sent Mail" "[Gmail]/Starred" "[Gmail]/All Mail" ]; + extraConfig = { + channel = { + Sync = "All"; + }; + account = { + Timeout = 120; + PipelineDepth = 1; + }; + }; + }; + }; + + }; }; }; }; @@ -9843,76 +10028,78 @@ Lastly, I am defining some more packages here that the parser has problems findi inherit (config.swarselsystems) homeDir isPublic; in { + options.swarselsystems.modules.emacs = lib.mkEnableOption "emacs settings"; + config = lib.mkIf config.swarselsystems.modules.emacs { + # needed for elfeed + sops.secrets.fever = lib.mkIf (!isPublic) { path = "${homeDir}/.emacs.d/.fever"; }; - # needed for elfeed - sops.secrets.fever = lib.mkIf (!isPublic) { path = "${homeDir}/.emacs.d/.fever"; }; + # enable emacs overlay for bleeding edge features + # also read init.el file and install use-package packages + programs.emacs = { + enable = true; + package = pkgs.emacsWithPackagesFromUsePackage { + config = self + /programs/emacs/init.el; + package = pkgs.emacs-git-pgtk; + alwaysEnsure = true; + alwaysTangle = true; + extraEmacsPackages = epkgs: [ + epkgs.mu4e + epkgs.use-package + epkgs.lsp-bridge + epkgs.doom-themes + epkgs.vterm + epkgs.treesit-grammars.with-all-grammars - # enable emacs overlay for bleeding edge features - # also read init.el file and install use-package packages - programs.emacs = { - enable = true; - package = pkgs.emacsWithPackagesFromUsePackage { - config = self + /programs/emacs/init.el; - package = pkgs.emacs-git-pgtk; - alwaysEnsure = true; - alwaysTangle = true; - extraEmacsPackages = epkgs: [ - epkgs.mu4e - epkgs.use-package - epkgs.lsp-bridge - epkgs.doom-themes - epkgs.vterm - epkgs.treesit-grammars.with-all-grammars + # build the rest of the packages myself + # org-calfw is severely outdated on MELPA and throws many warnings on emacs startup + # build the package from the haji-ali fork, which is well-maintained - # build the rest of the packages myself - # org-calfw is severely outdated on MELPA and throws many warnings on emacs startup - # build the package from the haji-ali fork, which is well-maintained + (epkgs.trivialBuild rec { + pname = "eglot-booster"; + version = "main-29-10-2024"; - (epkgs.trivialBuild rec { - pname = "eglot-booster"; - version = "main-29-10-2024"; + src = pkgs.fetchFromGitHub { + owner = "jdtsmith"; + repo = "eglot-booster"; + rev = "e6daa6bcaf4aceee29c8a5a949b43eb1b89900ed"; + hash = "sha256-PLfaXELkdX5NZcSmR1s/kgmU16ODF8bn56nfTh9g6bs="; + }; - src = pkgs.fetchFromGitHub { - owner = "jdtsmith"; - repo = "eglot-booster"; - rev = "e6daa6bcaf4aceee29c8a5a949b43eb1b89900ed"; - hash = "sha256-PLfaXELkdX5NZcSmR1s/kgmU16ODF8bn56nfTh9g6bs="; - }; + packageRequires = [ epkgs.jsonrpc epkgs.eglot ]; + }) + (epkgs.trivialBuild rec { + pname = "calfw"; + version = "1.0.0-20231002"; + src = pkgs.fetchFromGitHub { + owner = "haji-ali"; + repo = "emacs-calfw"; + rev = "bc99afee611690f85f0cd0bd33300f3385ddd3d3"; + hash = "sha256-0xMII1KJhTBgQ57tXJks0ZFYMXIanrOl9XyqVmu7a7Y="; + }; + packageRequires = [ epkgs.howm ]; + }) - packageRequires = [ epkgs.jsonrpc epkgs.eglot ]; - }) - (epkgs.trivialBuild rec { - pname = "calfw"; - version = "1.0.0-20231002"; - src = pkgs.fetchFromGitHub { - owner = "haji-ali"; - repo = "emacs-calfw"; - rev = "bc99afee611690f85f0cd0bd33300f3385ddd3d3"; - hash = "sha256-0xMII1KJhTBgQ57tXJks0ZFYMXIanrOl9XyqVmu7a7Y="; - }; - packageRequires = [ epkgs.howm ]; - }) + (epkgs.trivialBuild rec { + pname = "fast-scroll"; + version = "1.0.0-20191016"; + src = pkgs.fetchFromGitHub { + owner = "ahungry"; + repo = "fast-scroll"; + rev = "3f6ca0d5556fe9795b74714304564f2295dcfa24"; + hash = "sha256-w1wmJW7YwXyjvXJOWdN2+k+QmhXr4IflES/c2bCX3CI="; + }; + packageRequires = [ ]; + }) - (epkgs.trivialBuild rec { - pname = "fast-scroll"; - version = "1.0.0-20191016"; - src = pkgs.fetchFromGitHub { - owner = "ahungry"; - repo = "fast-scroll"; - rev = "3f6ca0d5556fe9795b74714304564f2295dcfa24"; - hash = "sha256-w1wmJW7YwXyjvXJOWdN2+k+QmhXr4IflES/c2bCX3CI="; - }; - packageRequires = [ ]; - }) - - ]; + ]; + }; }; - }; - services.emacs = { - enable = true; - socketActivation.enable = false; - startWithUserSession = "graphical"; + services.emacs = { + enable = true; + socketActivation.enable = false; + startWithUserSession = "graphical"; + }; }; } #+end_src @@ -9957,6 +10144,7 @@ The rest of the related configuration is found here: in { options.swarselsystems = { + modules.waybar = lib.mkEnableOption "waybar settings"; cpuCount = lib.mkOption { type = lib.types.int; default = 8; @@ -9985,7 +10173,7 @@ The rest of the related configuration is found here: internal = true; }; }; - config = { + config = lib.mkIf config.swarselsystems.modules.waybar { swarselsystems = { waybarModules = lib.mkIf config.swarselsystems.isLaptop (modulesLeft ++ [ "battery" @@ -10260,148 +10448,151 @@ I used to build the firefox addon =bypass-paywalls-clean= myself here, but the m #+begin_src nix :tangle modules/home/common/firefox.nix { config, pkgs, lib, ... }: { - programs.firefox = { - enable = true; - package = pkgs.firefox; # uses overrides - policies = { - # CaptivePortal = false; - AppAutoUpdate = false; - BackgroundAppUpdate = false; - DisableBuiltinPDFViewer = true; - DisableFirefoxStudies = true; - DisablePocket = true; - DisableFirefoxScreenshots = true; - DisableTelemetry = true; - DisableFirefoxAccounts = false; - DisableProfileImport = true; - DisableProfileRefresh = true; - DisplayBookmarksToolbar = "always"; - DontCheckDefaultBrowser = true; - NoDefaultBookmarks = true; - OfferToSaveLogins = false; - OfferToSaveLoginsDefault = false; - PasswordManagerEnabled = false; - DisableMasterPasswordCreation = true; - ExtensionUpdate = false; - EnableTrackingProtection = { - Value = true; - Locked = true; - Cryptomining = true; - Fingerprinting = true; - EmailTracking = true; - # Exceptions = ["https://example.com"] - }; - PDFjs = { - Enabled = false; - EnablePermissions = false; - }; - Handlers = { - mimeTypes."application/pdf".action = "saveToDisk"; - }; - extensions = { - pdf = { - action = "useHelperApp"; - ask = true; - handlers = [ - { - name = "GNOME Document Viewer"; - path = "${pkgs.evince}/bin/evince"; - } - ]; + options.swarselsystems.modules.firefox = lib.mkEnableOption "firefox settings"; + config = lib.mkIf config.swarselsystems.modules.firefox { + programs.firefox = { + enable = true; + package = pkgs.firefox; # uses overrides + policies = { + # CaptivePortal = false; + AppAutoUpdate = false; + BackgroundAppUpdate = false; + DisableBuiltinPDFViewer = true; + DisableFirefoxStudies = true; + DisablePocket = true; + DisableFirefoxScreenshots = true; + DisableTelemetry = true; + DisableFirefoxAccounts = false; + DisableProfileImport = true; + DisableProfileRefresh = true; + DisplayBookmarksToolbar = "always"; + DontCheckDefaultBrowser = true; + NoDefaultBookmarks = true; + OfferToSaveLogins = false; + OfferToSaveLoginsDefault = false; + PasswordManagerEnabled = false; + DisableMasterPasswordCreation = true; + ExtensionUpdate = false; + EnableTrackingProtection = { + Value = true; + Locked = true; + Cryptomining = true; + Fingerprinting = true; + EmailTracking = true; + # Exceptions = ["https://example.com"] }; - }; - FirefoxHome = { - Search = true; - TopSites = true; - SponsoredTopSites = false; - Highlights = true; - Pocket = false; - SponsoredPocket = false; - Snippets = false; - Locked = true; - }; - FirefoxSuggest = { - WebSuggestions = false; - SponsoredSuggestions = false; - ImproveSuggest = false; - Locked = true; - }; - SanitizeOnShutdown = { - Cache = true; - Cookies = false; - Downloads = true; - FormData = true; - History = false; - Sessions = false; - SiteSettings = false; - OfflineApps = true; - Locked = true; - }; - SearchEngines = { - PreventInstalls = true; - Remove = [ - "Bing" # Fuck you - ]; - }; - UserMessaging = { - ExtensionRecommendations = false; # Don’t recommend extensions while the user is visiting web pages - FeatureRecommendations = false; # Don’t recommend browser features - Locked = true; # Prevent the user from changing user messaging preferences - MoreFromMozilla = false; # Don’t show the “More from Mozilla” section in Preferences - SkipOnboarding = true; # Don’t show onboarding messages on the new tab page - UrlbarInterventions = false; # Don’t offer suggestions in the URL bar - WhatsNew = false; # Remove the “What’s New” icon and menuitem - }; - ExtensionSettings = { - "3rdparty".Extensions = { - # https://github.com/gorhill/uBlock/blob/master/platform/common/managed_storage.json - "uBlock0@raymondhill.net".adminSettings = { - userSettings = rec { - uiTheme = "dark"; - uiAccentCustom = true; - uiAccentCustom0 = "#0C8084"; - cloudStorageEnabled = lib.mkForce false; - importedLists = [ - "https://filters.adtidy.org/extension/ublock/filters/3.txt" - "https://github.com/DandelionSprout/adfilt/raw/master/LegitimateURLShortener.txt" - ]; - externalLists = lib.concatStringsSep "\n" importedLists; - }; - selectedFilterLists = [ - "CZE-0" - "adguard-generic" - "adguard-annoyance" - "adguard-social" - "adguard-spyware-url" - "easylist" - "easyprivacy" - "https://github.com/DandelionSprout/adfilt/raw/master/LegitimateURLShortener.txt" - "plowe-0" - "ublock-abuse" - "ublock-badware" - "ublock-filters" - "ublock-privacy" - "ublock-quick-fixes" - "ublock-unbreak" - "urlhaus-1" + PDFjs = { + Enabled = false; + EnablePermissions = false; + }; + Handlers = { + mimeTypes."application/pdf".action = "saveToDisk"; + }; + extensions = { + pdf = { + action = "useHelperApp"; + ask = true; + handlers = [ + { + name = "GNOME Document Viewer"; + path = "${pkgs.evince}/bin/evince"; + } ]; }; }; + FirefoxHome = { + Search = true; + TopSites = true; + SponsoredTopSites = false; + Highlights = true; + Pocket = false; + SponsoredPocket = false; + Snippets = false; + Locked = true; + }; + FirefoxSuggest = { + WebSuggestions = false; + SponsoredSuggestions = false; + ImproveSuggest = false; + Locked = true; + }; + SanitizeOnShutdown = { + Cache = true; + Cookies = false; + Downloads = true; + FormData = true; + History = false; + Sessions = false; + SiteSettings = false; + OfflineApps = true; + Locked = true; + }; + SearchEngines = { + PreventInstalls = true; + Remove = [ + "Bing" # Fuck you + ]; + }; + UserMessaging = { + ExtensionRecommendations = false; # Don’t recommend extensions while the user is visiting web pages + FeatureRecommendations = false; # Don’t recommend browser features + Locked = true; # Prevent the user from changing user messaging preferences + MoreFromMozilla = false; # Don’t show the “More from Mozilla” section in Preferences + SkipOnboarding = true; # Don’t show onboarding messages on the new tab page + UrlbarInterventions = false; # Don’t offer suggestions in the URL bar + WhatsNew = false; # Remove the “What’s New” icon and menuitem + }; + ExtensionSettings = { + "3rdparty".Extensions = { + # https://github.com/gorhill/uBlock/blob/master/platform/common/managed_storage.json + "uBlock0@raymondhill.net".adminSettings = { + userSettings = rec { + uiTheme = "dark"; + uiAccentCustom = true; + uiAccentCustom0 = "#0C8084"; + cloudStorageEnabled = lib.mkForce false; + importedLists = [ + "https://filters.adtidy.org/extension/ublock/filters/3.txt" + "https://github.com/DandelionSprout/adfilt/raw/master/LegitimateURLShortener.txt" + ]; + externalLists = lib.concatStringsSep "\n" importedLists; + }; + selectedFilterLists = [ + "CZE-0" + "adguard-generic" + "adguard-annoyance" + "adguard-social" + "adguard-spyware-url" + "easylist" + "easyprivacy" + "https://github.com/DandelionSprout/adfilt/raw/master/LegitimateURLShortener.txt" + "plowe-0" + "ublock-abuse" + "ublock-badware" + "ublock-filters" + "ublock-privacy" + "ublock-quick-fixes" + "ublock-unbreak" + "urlhaus-1" + ]; + }; + }; + + }; }; - }; - - profiles = { - default = lib.recursiveUpdate - { - id = 0; - isDefault = true; - settings = { - "browser.startup.homepage" = "https://outlook.office.com|https://satellite.vbc.ac.at|https://bitbucket.vbc.ac.at|https://github.com"; - }; - } - config.swarselsystems.firefox; + profiles = { + default = lib.recursiveUpdate + { + id = 0; + isDefault = true; + settings = { + "browser.startup.homepage" = "https://outlook.office.com|https://satellite.vbc.ac.at|https://bitbucket.vbc.ac.at|https://github.com"; + }; + } + config.swarselsystems.firefox; + }; }; }; } @@ -10424,8 +10615,11 @@ Used for storing sessions in e.g. Nextcloud #+begin_src nix :tangle modules/home/common/gnome-keyring.nix { lib, config, ... }: { - services.gnome-keyring = lib.mkIf (!config.swarselsystems.isNixos) { - enable = true; + options.swarselsystems.modules.gnome-keyring = lib.mkEnableOption "gnome keyring settings"; + config = lib.mkIf config.swarselsystems.modules.gnome-keyring { + services.gnome-keyring = lib.mkIf (!config.swarselsystems.isNixos) { + enable = true; + }; }; } #+end_src diff --git a/hosts/nixos/nbl-imba-2/default.nix b/hosts/nixos/nbl-imba-2/default.nix index 70f78bf..31b35dc 100644 --- a/hosts/nixos/nbl-imba-2/default.nix +++ b/hosts/nixos/nbl-imba-2/default.nix @@ -6,6 +6,7 @@ let isBtrfs = true; isLinux = true; sharescreen = "eDP-2"; + profiles.personal = true; }; in { @@ -28,6 +29,7 @@ in inputs.home-manager.nixosModules.home-manager { home-manager.users."${primaryUser}".imports = [ + "${self}/profiles/home" "${modulesPath}/home/optional/gaming.nix" "${modulesPath}/home/optional/work.nix" ]; @@ -91,7 +93,6 @@ in swarselsystems = lib.recursiveUpdate { - profiles.personal = true; wallpaper = self + /wallpaper/lenovowp.png; hasBluetooth = true; hasFingerprint = true; @@ -101,132 +102,135 @@ in } sharedOptions; - home-manager.users."${primaryUser}".swarselsystems = lib.recursiveUpdate - { - isLaptop = true; - isNixos = true; - isSecondaryGpu = true; - SecondaryGpuCard = "pci-0000_03_00_0"; - cpuCount = 16; - temperatureHwmon = { - isAbsolutePath = true; - path = "/sys/devices/virtual/thermal/thermal_zone0/"; - input-filename = "temp4_input"; - }; - startup = [ - { command = "nextcloud --background"; } - { command = "vesktop --start-minimized --enable-speech-dispatcher --ozone-platform-hint=auto --enable-features=WaylandWindowDecorations --enable-wayland-ime"; } - { command = "element-desktop --hidden --enable-features=UseOzonePlatform --ozone-platform=wayland --disable-gpu-driver-bug-workarounds"; } - { command = "ANKI_WAYLAND=1 anki"; } - { command = "OBSIDIAN_USE_WAYLAND=1 obsidian"; } - { command = "nm-applet"; } - { command = "teams-for-linux"; } - { command = "1password"; } - { command = "feishin"; } - ]; - lowResolution = "1280x800"; - highResolution = "2560x1600"; - monitors = { - main = { - name = "BOE 0x0BC9 Unknown"; - mode = "2560x1600"; # TEMPLATE - scale = "1"; - position = "2560,0"; - workspace = "15:L"; - output = "eDP-2"; + home-manager.users."${primaryUser}" = { + home.stateVersion = lib.mkForce "23.05"; + swarselsystems = lib.recursiveUpdate + { + isLaptop = true; + isNixos = true; + isSecondaryGpu = true; + SecondaryGpuCard = "pci-0000_03_00_0"; + cpuCount = 16; + temperatureHwmon = { + isAbsolutePath = true; + path = "/sys/devices/virtual/thermal/thermal_zone0/"; + input-filename = "temp4_input"; }; - homedesktop = { - name = "Philips Consumer Electronics Company PHL BDM3270 AU11806002320"; - mode = "2560x1440"; - scale = "1"; - position = "0,0"; - workspace = "1:一"; - output = "DP-11"; + startup = [ + { command = "nextcloud --background"; } + { command = "vesktop --start-minimized --enable-speech-dispatcher --ozone-platform-hint=auto --enable-features=WaylandWindowDecorations --enable-wayland-ime"; } + { command = "element-desktop --hidden --enable-features=UseOzonePlatform --ozone-platform=wayland --disable-gpu-driver-bug-workarounds"; } + { command = "ANKI_WAYLAND=1 anki"; } + { command = "OBSIDIAN_USE_WAYLAND=1 obsidian"; } + { command = "nm-applet"; } + { command = "teams-for-linux"; } + { command = "1password"; } + { command = "feishin"; } + ]; + lowResolution = "1280x800"; + highResolution = "2560x1600"; + monitors = { + main = { + name = "BOE 0x0BC9 Unknown"; + mode = "2560x1600"; # TEMPLATE + scale = "1"; + position = "2560,0"; + workspace = "15:L"; + output = "eDP-2"; + }; + homedesktop = { + name = "Philips Consumer Electronics Company PHL BDM3270 AU11806002320"; + mode = "2560x1440"; + scale = "1"; + position = "0,0"; + workspace = "1:一"; + output = "DP-11"; + }; + work_back_middle = { + name = "LG Electronics LG Ultra HD 0x000305A6"; + mode = "2560x1440"; + scale = "1"; + position = "5120,0"; + workspace = "1:一"; + output = "DP-10"; + }; + work_front_left = { + name = "LG Electronics LG Ultra HD 0x0007AB45"; + mode = "3840x2160"; + scale = "1"; + position = "5120,0"; + workspace = "1:一"; + output = "DP-7"; + }; + work_back_right = { + name = "HP Inc. HP Z32 CN41212T55"; + mode = "3840x2160"; + scale = "1"; + position = "5120,0"; + workspace = "1:一"; + output = "DP-3"; + }; + work_middle_middle_main = { + name = "HP Inc. HP 732pk CNC4080YL5"; + mode = "3840x2160"; + scale = "1"; + position = "-1280,0"; + workspace = "11:M"; + output = "DP-8"; + }; + work_middle_middle_side = { + name = "Hewlett Packard HP Z24i CN44250RDT"; + mode = "1920x1200"; + transform = "270"; + scale = "1"; + position = "-2480,0"; + workspace = "12:S"; + output = "DP-9"; + }; + work_seminary = { + name = "Applied Creative Technology Transmitter QUATTRO201811"; + mode = "1280x720"; + scale = "1"; + position = "10000,10000"; # i.e. this screen is inaccessible by moving the mouse + workspace = "14:T"; + output = "DP-4"; + }; }; - work_back_middle = { - name = "LG Electronics LG Ultra HD 0x000305A6"; - mode = "2560x1440"; - scale = "1"; - position = "5120,0"; - workspace = "1:一"; - output = "DP-10"; + inputs = { + "12972:18:Framework_Laptop_16_Keyboard_Module_-_ANSI_Keyboard" = { + xkb_layout = "us"; + xkb_variant = "altgr-intl"; + }; + "1133:45081:MX_Master_2S_Keyboard" = { + xkb_layout = "us"; + xkb_variant = "altgr-intl"; + }; + # "2362:628:PIXA3854:00_093A:0274_Touchpad" = { + # dwt = "enabled"; + # tap = "enabled"; + # natural_scroll = "enabled"; + # middle_emulation = "enabled"; + # drag_lock = "disabled"; + # }; + "1133:50504:Logitech_USB_Receiver" = { + xkb_layout = "us"; + xkb_variant = "altgr-intl"; + }; + "1133:45944:MX_KEYS_S" = { + xkb_layout = "us"; + xkb_variant = "altgr-intl"; + }; }; - work_front_left = { - name = "LG Electronics LG Ultra HD 0x0007AB45"; - mode = "3840x2160"; - scale = "1"; - position = "5120,0"; - workspace = "1:一"; - output = "DP-7"; + keybindings = { + "Mod4+Ctrl+Shift+p" = "exec screenshare"; }; - work_back_right = { - name = "HP Inc. HP Z32 CN41212T55"; - mode = "3840x2160"; - scale = "1"; - position = "5120,0"; - workspace = "1:一"; - output = "DP-3"; + shellAliases = { + ans2-15_3-9 = ". ~/.venvs/ansible39_2_15_0/bin/activate"; + ans3-9 = ". ~/.venvs/ansible39/bin/activate"; + ans = ". ~/.venvs/ansible/bin/activate"; + ans2-15 = ". ~/.venvs/ansible2.15.0/bin/activate"; }; - work_middle_middle_main = { - name = "HP Inc. HP 732pk CNC4080YL5"; - mode = "3840x2160"; - scale = "1"; - position = "-1280,0"; - workspace = "11:M"; - output = "DP-8"; - }; - work_middle_middle_side = { - name = "Hewlett Packard HP Z24i CN44250RDT"; - mode = "1920x1200"; - transform = "270"; - scale = "1"; - position = "-2480,0"; - workspace = "12:S"; - output = "DP-9"; - }; - work_seminary = { - name = "Applied Creative Technology Transmitter QUATTRO201811"; - mode = "1280x720"; - scale = "1"; - position = "10000,10000"; # i.e. this screen is inaccessible by moving the mouse - workspace = "14:T"; - output = "DP-4"; - }; - }; - inputs = { - "12972:18:Framework_Laptop_16_Keyboard_Module_-_ANSI_Keyboard" = { - xkb_layout = "us"; - xkb_variant = "altgr-intl"; - }; - "1133:45081:MX_Master_2S_Keyboard" = { - xkb_layout = "us"; - xkb_variant = "altgr-intl"; - }; - # "2362:628:PIXA3854:00_093A:0274_Touchpad" = { - # dwt = "enabled"; - # tap = "enabled"; - # natural_scroll = "enabled"; - # middle_emulation = "enabled"; - # drag_lock = "disabled"; - # }; - "1133:50504:Logitech_USB_Receiver" = { - xkb_layout = "us"; - xkb_variant = "altgr-intl"; - }; - "1133:45944:MX_KEYS_S" = { - xkb_layout = "us"; - xkb_variant = "altgr-intl"; - }; - }; - keybindings = { - "Mod4+Ctrl+Shift+p" = "exec screenshare"; - }; - shellAliases = { - ans2-15_3-9 = ". ~/.venvs/ansible39_2_15_0/bin/activate"; - ans3-9 = ". ~/.venvs/ansible39/bin/activate"; - ans = ". ~/.venvs/ansible/bin/activate"; - ans2-15 = ". ~/.venvs/ansible2.15.0/bin/activate"; - }; - } - sharedOptions; + } + sharedOptions; + }; } diff --git a/modules/home/common/custom-packages.nix b/modules/home/common/custom-packages.nix index 12c0116..df4253a 100644 --- a/modules/home/common/custom-packages.nix +++ b/modules/home/common/custom-packages.nix @@ -1,30 +1,33 @@ -{ config, pkgs, ... }: +{ lib, config, pkgs, ... }: { - home.packages = with pkgs; lib.mkIf (!config.swarselsystems.isPublic) [ - pass-fuzzel - cura5 - cdw - cdb - bak - timer - e - swarselcheck - waybarupdate - opacitytoggle - fs-diff - github-notifications - hm-specialisation - t2ts - ts2t - vershell - eontimer - project - fhs - swarsel-bootstrap - swarsel-displaypower - swarselzellij + options.swarselsystems.modules.ownpackages = lib.mkEnableOption "own packages settings"; + config = lib.mkIf config.swarselsystems.modules.ownpackages { + home.packages = with pkgs; lib.mkIf (!config.swarselsystems.isPublic) [ + pass-fuzzel + cura5 + cdw + cdb + bak + timer + e + swarselcheck + waybarupdate + opacitytoggle + fs-diff + github-notifications + hm-specialisation + t2ts + ts2t + vershell + eontimer + project + fhs + swarsel-bootstrap + swarsel-displaypower + swarselzellij - rustdesk-vbc - ]; + rustdesk-vbc + ]; + }; } diff --git a/modules/home/common/desktop.nix b/modules/home/common/desktop.nix index 4af7039..8686d6f 100644 --- a/modules/home/common/desktop.nix +++ b/modules/home/common/desktop.nix @@ -1,91 +1,94 @@ -_: +{ lib, config, ... }: { - xdg.desktopEntries = { + options.swarselsystems.modules.desktop = lib.mkEnableOption "desktop settings"; + config = lib.mkIf config.swarselsystems.modules.desktop { + xdg.desktopEntries = { + + cura = { + name = "Ultimaker Cura"; + genericName = "Cura"; + exec = "cura"; + terminal = false; + categories = [ "Application" ]; + }; + + rustdesk-vbc = { + name = "Rustdesk VBC"; + genericName = "rustdesk-vbc"; + exec = "rustdesk-vbc"; + terminal = false; + categories = [ "Application" ]; + }; + + anki = { + name = "Anki Flashcards"; + genericName = "Anki"; + exec = "anki"; + terminal = false; + categories = [ "Application" ]; + }; + + element = { + name = "Element Matrix Client"; + genericName = "Element"; + exec = "element-desktop -enable-features=UseOzonePlatform -ozone-platform=wayland --disable-gpu-driver-bug-workarounds"; + terminal = false; + categories = [ "Application" ]; + }; + + emacsclient-newframe = { + name = "Emacs (Client, New Frame)"; + genericName = "Emacs (Client, New Frame)"; + exec = "emacsclient -r %u"; + icon = "emacs"; + terminal = false; + categories = [ "Development" "TextEditor" ]; + }; - cura = { - name = "Ultimaker Cura"; - genericName = "Cura"; - exec = "cura"; - terminal = false; - categories = [ "Application" ]; }; - rustdesk-vbc = { - name = "Rustdesk VBC"; - genericName = "rustdesk-vbc"; - exec = "rustdesk-vbc"; - terminal = false; - categories = [ "Application" ]; - }; + xdg.mimeApps = { - anki = { - name = "Anki Flashcards"; - genericName = "Anki"; - exec = "anki"; - terminal = false; - categories = [ "Application" ]; - }; - - element = { - name = "Element Matrix Client"; - genericName = "Element"; - exec = "element-desktop -enable-features=UseOzonePlatform -ozone-platform=wayland --disable-gpu-driver-bug-workarounds"; - terminal = false; - categories = [ "Application" ]; - }; - - emacsclient-newframe = { - name = "Emacs (Client, New Frame)"; - genericName = "Emacs (Client, New Frame)"; - exec = "emacsclient -r %u"; - icon = "emacs"; - terminal = false; - categories = [ "Development" "TextEditor" ]; - }; - - }; - - xdg.mimeApps = { - - enable = true; - defaultApplications = { - "x-scheme-handler/http" = [ "firefox.desktop" ]; - "x-scheme-handler/https" = [ "firefox.desktop" ]; - "x-scheme-handler/chrome" = [ "firefox.desktop" ]; - "text/plain" = [ "emacsclient.desktop" ]; - "text/csv" = [ "emacsclient.desktop" ]; - "text/html" = [ "firefox.desktop" ]; - "application/x-extension-htm" = [ "firefox.desktop" ]; - "application/x-extension-html" = [ "firefox.desktop" ]; - "application/x-extension-shtml" = [ "firefox.desktop" ]; - "application/xhtml+xml" = [ "firefox.desktop" ]; - "application/x-extension-xhtml" = [ "firefox.desktop" ]; - "application/x-extension-xht" = [ "firefox.desktop" ]; - "image/png" = [ "imv.desktop" ]; - "image/jpeg" = [ "imv.desktop" ]; - "image/gif" = [ "imv.desktop" ]; - "image/svg" = [ "imv.desktop" ]; - "image/webp" = [ "firefox.desktop" ]; - "image/vnd.adobe.photoshop" = [ "gimp.desktop" ]; - "image/vnd.dxf" = [ "org.inkscape.Inkscape.desktop" ]; - "audio/flac" = [ "mpv.desktop" ]; - "audio/mp3" = [ "mpv.desktop" ]; - "audio/ogg" = [ "mpv.desktop" ]; - "audio/wav" = [ "mpv.desktop" ]; - "video/mp4" = [ "umpv.desktop" ]; - "video/mkv" = [ "umpv.desktop" ]; - "video/flv" = [ "umpv.desktop" ]; - "video/3gp" = [ "umpv.desktop" ]; - "application/pdf" = [ "org.gnome.Evince.desktop" ]; - "application/metalink+xml" = [ "emacsclient.desktop" ]; - "application/sql" = [ "emacsclient.desktop" ]; - "application/vnd.ms-powerpoint" = [ "impress.desktop" ]; - "application/msword" = [ "writer.desktop" ]; - "application/vnd.ms-excel" = [ "calc.desktop" ]; - }; - associations = { - added = { - "application/x-zerosize" = [ "emacsclient.desktop" ]; + enable = true; + defaultApplications = { + "x-scheme-handler/http" = [ "firefox.desktop" ]; + "x-scheme-handler/https" = [ "firefox.desktop" ]; + "x-scheme-handler/chrome" = [ "firefox.desktop" ]; + "text/plain" = [ "emacsclient.desktop" ]; + "text/csv" = [ "emacsclient.desktop" ]; + "text/html" = [ "firefox.desktop" ]; + "application/x-extension-htm" = [ "firefox.desktop" ]; + "application/x-extension-html" = [ "firefox.desktop" ]; + "application/x-extension-shtml" = [ "firefox.desktop" ]; + "application/xhtml+xml" = [ "firefox.desktop" ]; + "application/x-extension-xhtml" = [ "firefox.desktop" ]; + "application/x-extension-xht" = [ "firefox.desktop" ]; + "image/png" = [ "imv.desktop" ]; + "image/jpeg" = [ "imv.desktop" ]; + "image/gif" = [ "imv.desktop" ]; + "image/svg" = [ "imv.desktop" ]; + "image/webp" = [ "firefox.desktop" ]; + "image/vnd.adobe.photoshop" = [ "gimp.desktop" ]; + "image/vnd.dxf" = [ "org.inkscape.Inkscape.desktop" ]; + "audio/flac" = [ "mpv.desktop" ]; + "audio/mp3" = [ "mpv.desktop" ]; + "audio/ogg" = [ "mpv.desktop" ]; + "audio/wav" = [ "mpv.desktop" ]; + "video/mp4" = [ "umpv.desktop" ]; + "video/mkv" = [ "umpv.desktop" ]; + "video/flv" = [ "umpv.desktop" ]; + "video/3gp" = [ "umpv.desktop" ]; + "application/pdf" = [ "org.gnome.Evince.desktop" ]; + "application/metalink+xml" = [ "emacsclient.desktop" ]; + "application/sql" = [ "emacsclient.desktop" ]; + "application/vnd.ms-powerpoint" = [ "impress.desktop" ]; + "application/msword" = [ "writer.desktop" ]; + "application/vnd.ms-excel" = [ "calc.desktop" ]; + }; + associations = { + added = { + "application/x-zerosize" = [ "emacsclient.desktop" ]; + }; }; }; }; diff --git a/modules/home/common/direnv.nix b/modules/home/common/direnv.nix index 47a14a2..0e84503 100644 --- a/modules/home/common/direnv.nix +++ b/modules/home/common/direnv.nix @@ -1,8 +1,11 @@ -_: +{ lib, config, ... }: { - programs.direnv = { - enable = true; - silent = true; - nix-direnv.enable = true; + options.swarselsystems.modules.direnv = lib.mkEnableOption "direnv settings"; + config = lib.mkIf config.swarselsystems.modules.direnv { + programs.direnv = { + enable = true; + silent = true; + nix-direnv.enable = true; + }; }; } diff --git a/modules/home/common/emacs.nix b/modules/home/common/emacs.nix index 0cc128d..f1e3ba5 100644 --- a/modules/home/common/emacs.nix +++ b/modules/home/common/emacs.nix @@ -3,75 +3,77 @@ let inherit (config.swarselsystems) homeDir isPublic; in { + options.swarselsystems.modules.emacs = lib.mkEnableOption "emacs settings"; + config = lib.mkIf config.swarselsystems.modules.emacs { + # needed for elfeed + sops.secrets.fever = lib.mkIf (!isPublic) { path = "${homeDir}/.emacs.d/.fever"; }; - # needed for elfeed - sops.secrets.fever = lib.mkIf (!isPublic) { path = "${homeDir}/.emacs.d/.fever"; }; + # enable emacs overlay for bleeding edge features + # also read init.el file and install use-package packages + programs.emacs = { + enable = true; + package = pkgs.emacsWithPackagesFromUsePackage { + config = self + /programs/emacs/init.el; + package = pkgs.emacs-git-pgtk; + alwaysEnsure = true; + alwaysTangle = true; + extraEmacsPackages = epkgs: [ + epkgs.mu4e + epkgs.use-package + epkgs.lsp-bridge + epkgs.doom-themes + epkgs.vterm + epkgs.treesit-grammars.with-all-grammars - # enable emacs overlay for bleeding edge features - # also read init.el file and install use-package packages - programs.emacs = { - enable = true; - package = pkgs.emacsWithPackagesFromUsePackage { - config = self + /programs/emacs/init.el; - package = pkgs.emacs-git-pgtk; - alwaysEnsure = true; - alwaysTangle = true; - extraEmacsPackages = epkgs: [ - epkgs.mu4e - epkgs.use-package - epkgs.lsp-bridge - epkgs.doom-themes - epkgs.vterm - epkgs.treesit-grammars.with-all-grammars + # build the rest of the packages myself + # org-calfw is severely outdated on MELPA and throws many warnings on emacs startup + # build the package from the haji-ali fork, which is well-maintained - # build the rest of the packages myself - # org-calfw is severely outdated on MELPA and throws many warnings on emacs startup - # build the package from the haji-ali fork, which is well-maintained + (epkgs.trivialBuild rec { + pname = "eglot-booster"; + version = "main-29-10-2024"; - (epkgs.trivialBuild rec { - pname = "eglot-booster"; - version = "main-29-10-2024"; + src = pkgs.fetchFromGitHub { + owner = "jdtsmith"; + repo = "eglot-booster"; + rev = "e6daa6bcaf4aceee29c8a5a949b43eb1b89900ed"; + hash = "sha256-PLfaXELkdX5NZcSmR1s/kgmU16ODF8bn56nfTh9g6bs="; + }; - src = pkgs.fetchFromGitHub { - owner = "jdtsmith"; - repo = "eglot-booster"; - rev = "e6daa6bcaf4aceee29c8a5a949b43eb1b89900ed"; - hash = "sha256-PLfaXELkdX5NZcSmR1s/kgmU16ODF8bn56nfTh9g6bs="; - }; + packageRequires = [ epkgs.jsonrpc epkgs.eglot ]; + }) + (epkgs.trivialBuild rec { + pname = "calfw"; + version = "1.0.0-20231002"; + src = pkgs.fetchFromGitHub { + owner = "haji-ali"; + repo = "emacs-calfw"; + rev = "bc99afee611690f85f0cd0bd33300f3385ddd3d3"; + hash = "sha256-0xMII1KJhTBgQ57tXJks0ZFYMXIanrOl9XyqVmu7a7Y="; + }; + packageRequires = [ epkgs.howm ]; + }) - packageRequires = [ epkgs.jsonrpc epkgs.eglot ]; - }) - (epkgs.trivialBuild rec { - pname = "calfw"; - version = "1.0.0-20231002"; - src = pkgs.fetchFromGitHub { - owner = "haji-ali"; - repo = "emacs-calfw"; - rev = "bc99afee611690f85f0cd0bd33300f3385ddd3d3"; - hash = "sha256-0xMII1KJhTBgQ57tXJks0ZFYMXIanrOl9XyqVmu7a7Y="; - }; - packageRequires = [ epkgs.howm ]; - }) + (epkgs.trivialBuild rec { + pname = "fast-scroll"; + version = "1.0.0-20191016"; + src = pkgs.fetchFromGitHub { + owner = "ahungry"; + repo = "fast-scroll"; + rev = "3f6ca0d5556fe9795b74714304564f2295dcfa24"; + hash = "sha256-w1wmJW7YwXyjvXJOWdN2+k+QmhXr4IflES/c2bCX3CI="; + }; + packageRequires = [ ]; + }) - (epkgs.trivialBuild rec { - pname = "fast-scroll"; - version = "1.0.0-20191016"; - src = pkgs.fetchFromGitHub { - owner = "ahungry"; - repo = "fast-scroll"; - rev = "3f6ca0d5556fe9795b74714304564f2295dcfa24"; - hash = "sha256-w1wmJW7YwXyjvXJOWdN2+k+QmhXr4IflES/c2bCX3CI="; - }; - packageRequires = [ ]; - }) + ]; + }; + }; - ]; + services.emacs = { + enable = true; + socketActivation.enable = false; + startWithUserSession = "graphical"; }; }; - - services.emacs = { - enable = true; - socketActivation.enable = false; - startWithUserSession = "graphical"; - }; } diff --git a/modules/home/common/env.nix b/modules/home/common/env.nix index cfcba4d..424df5e 100644 --- a/modules/home/common/env.nix +++ b/modules/home/common/env.nix @@ -9,18 +9,21 @@ let allMailAddresses = lib.swarselsystems.getSecret "${secretsDirectory}/mail/list"; in { - home.sessionVariables = { - EDITOR = "e -w"; - DISPLAY = ":0"; - SWARSEL_LO_RES = config.swarselsystems.lowResolution; - SWARSEL_HI_RES = config.swarselsystems.highResolution; - }; - systemd.user.sessionVariables = { - SWARSEL_LEON_MAIL = leonMail; - SWARSEL_NAUTILUS_MAIL = nautilusMail; - SWARSEL_MRSWARSEL_MAIL = mrswarselMail; - SWARSEL_SWARSEL_MAIL = swarselMail; - SWARSEL_FULLNAME = fullName; - SWARSEL_MAIL_ALL = allMailAddresses; + options.swarselsystems.modules.env = lib.mkEnableOption "env settings"; + config = lib.mkIf config.swarselsystems.modules.env { + home.sessionVariables = { + EDITOR = "e -w"; + DISPLAY = ":0"; + SWARSEL_LO_RES = config.swarselsystems.lowResolution; + SWARSEL_HI_RES = config.swarselsystems.highResolution; + }; + systemd.user.sessionVariables = { + SWARSEL_LEON_MAIL = leonMail; + SWARSEL_NAUTILUS_MAIL = nautilusMail; + SWARSEL_MRSWARSEL_MAIL = mrswarselMail; + SWARSEL_SWARSEL_MAIL = swarselMail; + SWARSEL_FULLNAME = fullName; + SWARSEL_MAIL_ALL = allMailAddresses; + }; }; } diff --git a/modules/home/common/eza.nix b/modules/home/common/eza.nix index 2281e17..c78a30b 100644 --- a/modules/home/common/eza.nix +++ b/modules/home/common/eza.nix @@ -1,12 +1,15 @@ -_: +{ lib, config, ... }: { - programs.eza = { - enable = true; - icons = "auto"; - git = true; - extraOptions = [ - "-l" - "--group-directories-first" - ]; + options.swarselsystems.modules.eza = lib.mkEnableOption "eza settings"; + config = lib.mkIf config.swarselsystems.modules.eza { + programs.eza = { + enable = true; + icons = "auto"; + git = true; + extraOptions = [ + "-l" + "--group-directories-first" + ]; + }; }; } diff --git a/modules/home/common/firefox.nix b/modules/home/common/firefox.nix index d594f66..9fd99d2 100644 --- a/modules/home/common/firefox.nix +++ b/modules/home/common/firefox.nix @@ -1,147 +1,150 @@ { config, pkgs, lib, ... }: { - programs.firefox = { - enable = true; - package = pkgs.firefox; # uses overrides - policies = { - # CaptivePortal = false; - AppAutoUpdate = false; - BackgroundAppUpdate = false; - DisableBuiltinPDFViewer = true; - DisableFirefoxStudies = true; - DisablePocket = true; - DisableFirefoxScreenshots = true; - DisableTelemetry = true; - DisableFirefoxAccounts = false; - DisableProfileImport = true; - DisableProfileRefresh = true; - DisplayBookmarksToolbar = "always"; - DontCheckDefaultBrowser = true; - NoDefaultBookmarks = true; - OfferToSaveLogins = false; - OfferToSaveLoginsDefault = false; - PasswordManagerEnabled = false; - DisableMasterPasswordCreation = true; - ExtensionUpdate = false; - EnableTrackingProtection = { - Value = true; - Locked = true; - Cryptomining = true; - Fingerprinting = true; - EmailTracking = true; - # Exceptions = ["https://example.com"] - }; - PDFjs = { - Enabled = false; - EnablePermissions = false; - }; - Handlers = { - mimeTypes."application/pdf".action = "saveToDisk"; - }; - extensions = { - pdf = { - action = "useHelperApp"; - ask = true; - handlers = [ - { - name = "GNOME Document Viewer"; - path = "${pkgs.evince}/bin/evince"; - } - ]; + options.swarselsystems.modules.firefox = lib.mkEnableOption "firefox settings"; + config = lib.mkIf config.swarselsystems.modules.firefox { + programs.firefox = { + enable = true; + package = pkgs.firefox; # uses overrides + policies = { + # CaptivePortal = false; + AppAutoUpdate = false; + BackgroundAppUpdate = false; + DisableBuiltinPDFViewer = true; + DisableFirefoxStudies = true; + DisablePocket = true; + DisableFirefoxScreenshots = true; + DisableTelemetry = true; + DisableFirefoxAccounts = false; + DisableProfileImport = true; + DisableProfileRefresh = true; + DisplayBookmarksToolbar = "always"; + DontCheckDefaultBrowser = true; + NoDefaultBookmarks = true; + OfferToSaveLogins = false; + OfferToSaveLoginsDefault = false; + PasswordManagerEnabled = false; + DisableMasterPasswordCreation = true; + ExtensionUpdate = false; + EnableTrackingProtection = { + Value = true; + Locked = true; + Cryptomining = true; + Fingerprinting = true; + EmailTracking = true; + # Exceptions = ["https://example.com"] }; - }; - FirefoxHome = { - Search = true; - TopSites = true; - SponsoredTopSites = false; - Highlights = true; - Pocket = false; - SponsoredPocket = false; - Snippets = false; - Locked = true; - }; - FirefoxSuggest = { - WebSuggestions = false; - SponsoredSuggestions = false; - ImproveSuggest = false; - Locked = true; - }; - SanitizeOnShutdown = { - Cache = true; - Cookies = false; - Downloads = true; - FormData = true; - History = false; - Sessions = false; - SiteSettings = false; - OfflineApps = true; - Locked = true; - }; - SearchEngines = { - PreventInstalls = true; - Remove = [ - "Bing" # Fuck you - ]; - }; - UserMessaging = { - ExtensionRecommendations = false; # Don’t recommend extensions while the user is visiting web pages - FeatureRecommendations = false; # Don’t recommend browser features - Locked = true; # Prevent the user from changing user messaging preferences - MoreFromMozilla = false; # Don’t show the “More from Mozilla” section in Preferences - SkipOnboarding = true; # Don’t show onboarding messages on the new tab page - UrlbarInterventions = false; # Don’t offer suggestions in the URL bar - WhatsNew = false; # Remove the “What’s New” icon and menuitem - }; - ExtensionSettings = { - "3rdparty".Extensions = { - # https://github.com/gorhill/uBlock/blob/master/platform/common/managed_storage.json - "uBlock0@raymondhill.net".adminSettings = { - userSettings = rec { - uiTheme = "dark"; - uiAccentCustom = true; - uiAccentCustom0 = "#0C8084"; - cloudStorageEnabled = lib.mkForce false; - importedLists = [ - "https://filters.adtidy.org/extension/ublock/filters/3.txt" - "https://github.com/DandelionSprout/adfilt/raw/master/LegitimateURLShortener.txt" - ]; - externalLists = lib.concatStringsSep "\n" importedLists; - }; - selectedFilterLists = [ - "CZE-0" - "adguard-generic" - "adguard-annoyance" - "adguard-social" - "adguard-spyware-url" - "easylist" - "easyprivacy" - "https://github.com/DandelionSprout/adfilt/raw/master/LegitimateURLShortener.txt" - "plowe-0" - "ublock-abuse" - "ublock-badware" - "ublock-filters" - "ublock-privacy" - "ublock-quick-fixes" - "ublock-unbreak" - "urlhaus-1" + PDFjs = { + Enabled = false; + EnablePermissions = false; + }; + Handlers = { + mimeTypes."application/pdf".action = "saveToDisk"; + }; + extensions = { + pdf = { + action = "useHelperApp"; + ask = true; + handlers = [ + { + name = "GNOME Document Viewer"; + path = "${pkgs.evince}/bin/evince"; + } ]; }; }; + FirefoxHome = { + Search = true; + TopSites = true; + SponsoredTopSites = false; + Highlights = true; + Pocket = false; + SponsoredPocket = false; + Snippets = false; + Locked = true; + }; + FirefoxSuggest = { + WebSuggestions = false; + SponsoredSuggestions = false; + ImproveSuggest = false; + Locked = true; + }; + SanitizeOnShutdown = { + Cache = true; + Cookies = false; + Downloads = true; + FormData = true; + History = false; + Sessions = false; + SiteSettings = false; + OfflineApps = true; + Locked = true; + }; + SearchEngines = { + PreventInstalls = true; + Remove = [ + "Bing" # Fuck you + ]; + }; + UserMessaging = { + ExtensionRecommendations = false; # Don’t recommend extensions while the user is visiting web pages + FeatureRecommendations = false; # Don’t recommend browser features + Locked = true; # Prevent the user from changing user messaging preferences + MoreFromMozilla = false; # Don’t show the “More from Mozilla” section in Preferences + SkipOnboarding = true; # Don’t show onboarding messages on the new tab page + UrlbarInterventions = false; # Don’t offer suggestions in the URL bar + WhatsNew = false; # Remove the “What’s New” icon and menuitem + }; + ExtensionSettings = { + "3rdparty".Extensions = { + # https://github.com/gorhill/uBlock/blob/master/platform/common/managed_storage.json + "uBlock0@raymondhill.net".adminSettings = { + userSettings = rec { + uiTheme = "dark"; + uiAccentCustom = true; + uiAccentCustom0 = "#0C8084"; + cloudStorageEnabled = lib.mkForce false; + importedLists = [ + "https://filters.adtidy.org/extension/ublock/filters/3.txt" + "https://github.com/DandelionSprout/adfilt/raw/master/LegitimateURLShortener.txt" + ]; + externalLists = lib.concatStringsSep "\n" importedLists; + }; + selectedFilterLists = [ + "CZE-0" + "adguard-generic" + "adguard-annoyance" + "adguard-social" + "adguard-spyware-url" + "easylist" + "easyprivacy" + "https://github.com/DandelionSprout/adfilt/raw/master/LegitimateURLShortener.txt" + "plowe-0" + "ublock-abuse" + "ublock-badware" + "ublock-filters" + "ublock-privacy" + "ublock-quick-fixes" + "ublock-unbreak" + "urlhaus-1" + ]; + }; + }; + + }; }; - }; - - profiles = { - default = lib.recursiveUpdate - { - id = 0; - isDefault = true; - settings = { - "browser.startup.homepage" = "https://outlook.office.com|https://satellite.vbc.ac.at|https://bitbucket.vbc.ac.at|https://github.com"; - }; - } - config.swarselsystems.firefox; + profiles = { + default = lib.recursiveUpdate + { + id = 0; + isDefault = true; + settings = { + "browser.startup.homepage" = "https://outlook.office.com|https://satellite.vbc.ac.at|https://bitbucket.vbc.ac.at|https://github.com"; + }; + } + config.swarselsystems.firefox; + }; }; }; } diff --git a/modules/home/common/fuzzel.nix b/modules/home/common/fuzzel.nix index ba46edf..8c646ca 100644 --- a/modules/home/common/fuzzel.nix +++ b/modules/home/common/fuzzel.nix @@ -1,14 +1,17 @@ -_: +{ lib, config, ... }: { - programs.fuzzel = { - enable = true; - settings = { - main = { - layer = "overlay"; - lines = "10"; - width = "40"; + options.swarselsystems.modules.fuzzel = lib.mkEnableOption "fuzzel settings"; + config = lib.mkIf config.swarselsystems.modules.fuzzel { + programs.fuzzel = { + enable = true; + settings = { + main = { + layer = "overlay"; + lines = "10"; + width = "40"; + }; + border.radius = "0"; }; - border.radius = "0"; }; }; } diff --git a/modules/home/common/git.nix b/modules/home/common/git.nix index 793158e..3a88d2d 100644 --- a/modules/home/common/git.nix +++ b/modules/home/common/git.nix @@ -1,44 +1,47 @@ -{ lib, nix-secrets, ... }: +{ lib, config, nix-secrets, ... }: let secretsDirectory = builtins.toString nix-secrets; leonMail = lib.swarselsystems.getSecret "${secretsDirectory}/mail/leon"; fullName = lib.swarselsystems.getSecret "${secretsDirectory}/info/fullname"; in { - programs.git = { - enable = true; - aliases = { - a = "add"; - c = "commit"; - cl = "clone"; - co = "checkout"; - b = "branch"; - i = "init"; - m = "merge"; - s = "status"; - r = "restore"; - p = "pull"; - pp = "push"; - }; - signing = { - key = "0x76FD3810215AE097"; - signByDefault = true; - }; - userEmail = lib.mkDefault leonMail; - userName = fullName; - difftastic.enable = true; - lfs.enable = true; - includes = [ - { - contents = { - github = { - user = "Swarsel"; + options.swarselsystems.modules.git = lib.mkEnableOption "git settings"; + config = lib.mkIf config.swarselsystems.modules.git { + programs.git = { + enable = true; + aliases = { + a = "add"; + c = "commit"; + cl = "clone"; + co = "checkout"; + b = "branch"; + i = "init"; + m = "merge"; + s = "status"; + r = "restore"; + p = "pull"; + pp = "push"; + }; + signing = { + key = "0x76FD3810215AE097"; + signByDefault = true; + }; + userEmail = lib.mkDefault leonMail; + userName = fullName; + difftastic.enable = true; + lfs.enable = true; + includes = [ + { + contents = { + github = { + user = "Swarsel"; + }; + commit = { + template = "~/.gitmessage"; + }; }; - commit = { - template = "~/.gitmessage"; - }; - }; - } - ]; + } + ]; + }; }; } diff --git a/modules/home/common/gnome-keyring.nix b/modules/home/common/gnome-keyring.nix index 393649c..9fb5ec6 100644 --- a/modules/home/common/gnome-keyring.nix +++ b/modules/home/common/gnome-keyring.nix @@ -1,6 +1,9 @@ { lib, config, ... }: { - services.gnome-keyring = lib.mkIf (!config.swarselsystems.isNixos) { - enable = true; + options.swarselsystems.modules.gnome-keyring = lib.mkEnableOption "gnome keyring settings"; + config = lib.mkIf config.swarselsystems.modules.gnome-keyring { + services.gnome-keyring = lib.mkIf (!config.swarselsystems.isNixos) { + enable = true; + }; }; } diff --git a/modules/home/common/kitty.nix b/modules/home/common/kitty.nix index 58d073e..a7774ec 100644 --- a/modules/home/common/kitty.nix +++ b/modules/home/common/kitty.nix @@ -1,12 +1,15 @@ -_: +{ lib, config, ... }: { - programs.kitty = { - enable = true; - keybindings = { }; - settings = { - scrollback_lines = 10000; - enable_audio_bell = false; - notify_on_cmd_finish = "always 20"; + options.swarselsystems.modules.kitty = lib.mkEnableOption "kitty settings"; + config = lib.mkIf config.swarselsystems.modules.kitty { + programs.kitty = { + enable = true; + keybindings = { }; + settings = { + scrollback_lines = 10000; + enable_audio_bell = false; + notify_on_cmd_finish = "always 20"; + }; }; }; } diff --git a/modules/home/common/mail.nix b/modules/home/common/mail.nix index a8bf830..ce98fba 100644 --- a/modules/home/common/mail.nix +++ b/modules/home/common/mail.nix @@ -8,137 +8,140 @@ let fullName = lib.swarselsystems.getSecret "${secretsDirectory}/info/fullname"; in { - programs = { - mbsync = { - enable = true; + options.swarselsystems.modules.mail = lib.mkEnableOption "mail settings"; + config = lib.mkIf config.swarselsystems.modules.mail { + programs = { + mbsync = { + enable = true; + }; + msmtp = { + enable = true; + }; + mu = { + enable = true; + }; }; - msmtp = { - enable = true; - }; - mu = { - enable = true; - }; - }; - services.mbsync = { - enable = true; - }; - # this is needed so that mbsync can use the passwords from sops - systemd.user.services.mbsync.Unit.After = [ "sops-nix.service" ]; + services.mbsync = { + enable = true; + }; + # this is needed so that mbsync can use the passwords from sops + systemd.user.services.mbsync.Unit.After = [ "sops-nix.service" ]; - accounts = lib.mkIf (!config.swarselsystems.isPublic) { - email = { - maildirBasePath = "Mail"; - accounts = { - leon = { - primary = true; - address = leonMail; - userName = leonMail; - realName = fullName; - passwordCommand = "cat ${config.sops.secrets.leon.path}"; - gpg = { - key = "0x76FD3810215AE097"; - signByDefault = true; - }; - imap.host = "imap.gmail.com"; - smtp.host = "smtp.gmail.com"; - mu.enable = true; - msmtp = { - enable = true; - }; - mbsync = { - enable = true; - create = "maildir"; - expunge = "both"; - patterns = [ "*" "![Gmail]*" "[Gmail]/Sent Mail" "[Gmail]/Starred" "[Gmail]/All Mail" ]; - extraConfig = { - channel = { - Sync = "All"; - }; - account = { - Timeout = 120; - PipelineDepth = 1; - }; + accounts = lib.mkIf (!config.swarselsystems.isPublic) { + email = { + maildirBasePath = "Mail"; + accounts = { + leon = { + primary = true; + address = leonMail; + userName = leonMail; + realName = fullName; + passwordCommand = "cat ${config.sops.secrets.leon.path}"; + gpg = { + key = "0x76FD3810215AE097"; + signByDefault = true; }; - }; - }; - - swarsel = { - address = swarselMail; - userName = "8227dc594dd515ce232eda1471cb9a19"; - realName = fullName; - passwordCommand = "cat ${config.sops.secrets.swarselmail.path}"; - smtp = { - host = "in-v3.mailjet.com"; - port = 587; - tls = { + imap.host = "imap.gmail.com"; + smtp.host = "smtp.gmail.com"; + mu.enable = true; + msmtp = { enable = true; - useStartTls = true; }; - }; - mu.enable = false; - msmtp = { - enable = true; - }; - mbsync = { - enable = false; - }; - }; - - nautilus = { - primary = false; - address = nautilusMail; - userName = nautilusMail; - realName = "Nautilus"; - passwordCommand = "cat ${config.sops.secrets.nautilus.path}"; - imap.host = "imap.gmail.com"; - smtp.host = "smtp.gmail.com"; - msmtp.enable = true; - mu.enable = true; - mbsync = { - enable = true; - create = "maildir"; - expunge = "both"; - patterns = [ "*" "![Gmail]*" "[Gmail]/Sent Mail" "[Gmail]/Starred" "[Gmail]/All Mail" ]; - extraConfig = { - channel = { - Sync = "All"; - }; - account = { - Timeout = 120; - PipelineDepth = 1; + mbsync = { + enable = true; + create = "maildir"; + expunge = "both"; + patterns = [ "*" "![Gmail]*" "[Gmail]/Sent Mail" "[Gmail]/Starred" "[Gmail]/All Mail" ]; + extraConfig = { + channel = { + Sync = "All"; + }; + account = { + Timeout = 120; + PipelineDepth = 1; + }; }; }; }; - }; - mrswarsel = { - primary = false; - address = mrswarselMail; - userName = mrswarselMail; - realName = "Swarsel"; - passwordCommand = "cat ${config.sops.secrets.mrswarsel.path}"; - imap.host = "imap.gmail.com"; - smtp.host = "smtp.gmail.com"; - msmtp.enable = true; - mu.enable = true; - mbsync = { - enable = true; - create = "maildir"; - expunge = "both"; - patterns = [ "*" "![Gmail]*" "[Gmail]/Sent Mail" "[Gmail]/Starred" "[Gmail]/All Mail" ]; - extraConfig = { - channel = { - Sync = "All"; + swarsel = { + address = swarselMail; + userName = "8227dc594dd515ce232eda1471cb9a19"; + realName = fullName; + passwordCommand = "cat ${config.sops.secrets.swarselmail.path}"; + smtp = { + host = "in-v3.mailjet.com"; + port = 587; + tls = { + enable = true; + useStartTls = true; }; - account = { - Timeout = 120; - PipelineDepth = 1; + }; + mu.enable = false; + msmtp = { + enable = true; + }; + mbsync = { + enable = false; + }; + }; + + nautilus = { + primary = false; + address = nautilusMail; + userName = nautilusMail; + realName = "Nautilus"; + passwordCommand = "cat ${config.sops.secrets.nautilus.path}"; + imap.host = "imap.gmail.com"; + smtp.host = "smtp.gmail.com"; + msmtp.enable = true; + mu.enable = true; + mbsync = { + enable = true; + create = "maildir"; + expunge = "both"; + patterns = [ "*" "![Gmail]*" "[Gmail]/Sent Mail" "[Gmail]/Starred" "[Gmail]/All Mail" ]; + extraConfig = { + channel = { + Sync = "All"; + }; + account = { + Timeout = 120; + PipelineDepth = 1; + }; }; }; }; - }; + mrswarsel = { + primary = false; + address = mrswarselMail; + userName = mrswarselMail; + realName = "Swarsel"; + passwordCommand = "cat ${config.sops.secrets.mrswarsel.path}"; + imap.host = "imap.gmail.com"; + smtp.host = "smtp.gmail.com"; + msmtp.enable = true; + mu.enable = true; + mbsync = { + enable = true; + create = "maildir"; + expunge = "both"; + patterns = [ "*" "![Gmail]*" "[Gmail]/Sent Mail" "[Gmail]/Starred" "[Gmail]/All Mail" ]; + extraConfig = { + channel = { + Sync = "All"; + }; + account = { + Timeout = 120; + PipelineDepth = 1; + }; + }; + }; + }; + + }; }; }; }; diff --git a/modules/home/common/nix-index.nix b/modules/home/common/nix-index.nix index a5efaf6..0ac40f2 100644 --- a/modules/home/common/nix-index.nix +++ b/modules/home/common/nix-index.nix @@ -1,21 +1,24 @@ -{ self, pkgs, ... }: +{ self, lib, config, pkgs, ... }: { - programs.nix-index = - let - commandNotFound = pkgs.runCommandLocal "command-not-found.sh" { } '' - mkdir -p $out/etc/profile.d - substitute ${self + /scripts/command-not-found.sh} \ - $out/etc/profile.d/command-not-found.sh \ - --replace-fail @nix-locate@ ${pkgs.nix-index}/bin/nix-locate \ - --replace-fail @tput@ ${pkgs.ncurses}/bin/tput - ''; - in + options.swarselsystems.modules.nix-index = lib.mkEnableOption "nix-index settings"; + config = lib.mkIf config.swarselsystems.modules.nix-index { + programs.nix-index = + let + commandNotFound = pkgs.runCommandLocal "command-not-found.sh" { } '' + mkdir -p $out/etc/profile.d + substitute ${self + /scripts/command-not-found.sh} \ + $out/etc/profile.d/command-not-found.sh \ + --replace-fail @nix-locate@ ${pkgs.nix-index}/bin/nix-locate \ + --replace-fail @tput@ ${pkgs.ncurses}/bin/tput + ''; + in - { - enable = true; - package = pkgs.symlinkJoin { - name = "nix-index"; - paths = [ commandNotFound ]; + { + enable = true; + package = pkgs.symlinkJoin { + name = "nix-index"; + paths = [ commandNotFound ]; + }; }; - }; + }; } diff --git a/modules/home/common/nixgl.nix b/modules/home/common/nixgl.nix index d500777..4fac380 100644 --- a/modules/home/common/nixgl.nix +++ b/modules/home/common/nixgl.nix @@ -1,13 +1,14 @@ { lib, config, nixgl, ... }: { options.swarselsystems = { + modules.nixgl = lib.mkEnableOption "nixgl settings"; isSecondaryGpu = lib.mkEnableOption "device has a secondary GPU"; SecondaryGpuCard = lib.mkOption { type = lib.types.str; default = ""; }; }; - config = { + config = lib.mkIf config.swarselsystems.modules.nixgl { nixGL = lib.mkIf (!config.swarselsystems.isNixos) { inherit (nixgl) packages; defaultWrapper = lib.mkDefault "mesa"; diff --git a/modules/home/common/packages.nix b/modules/home/common/packages.nix index 316970b..220a665 100644 --- a/modules/home/common/packages.nix +++ b/modules/home/common/packages.nix @@ -1,179 +1,182 @@ -{ pkgs, ... }: +{ lib, config, pkgs, ... }: { - home.packages = with pkgs; [ + options.swarselsystems.modules.packages = lib.mkEnableOption "packages settings"; + config = lib.mkIf config.swarselsystems.modules.packages { + home.packages = with pkgs; [ - # audio stuff - spek # spectrum analyzer - losslessaudiochecker - ffmpeg_7-full - flac - mediainfo - picard-tools - audacity - sox - stable.feishin - calibre + # audio stuff + spek # spectrum analyzer + losslessaudiochecker + ffmpeg_7-full + flac + mediainfo + picard-tools + audacity + sox + stable.feishin + calibre - # printing - cups - simple-scan + # printing + cups + simple-scan - # dict - (aspellWithDicts (dicts: with dicts; [ de en en-computers en-science ])) + # dict + (aspellWithDicts (dicts: with dicts; [ de en en-computers en-science ])) - # browser - vieb - mgba + # browser + vieb + mgba - # utilities - util-linux - nmap - lsof - nvd - nix-output-monitor - hyprpicker # color picker - findutils - units - vim - sshfs - fuse - ventoy - poppler_utils + # utilities + util-linux + nmap + lsof + nvd + nix-output-monitor + hyprpicker # color picker + findutils + units + vim + sshfs + fuse + ventoy + poppler_utils - # nix - alejandra - nixpkgs-fmt - deadnix - statix - nix-tree - nix-diff - nix-visualize - nix-init - nix-inspect - nixpkgs-review - manix - comma + # nix + alejandra + nixpkgs-fmt + deadnix + statix + nix-tree + nix-diff + nix-visualize + nix-init + nix-inspect + nixpkgs-review + manix + comma - # shellscripts - shfmt + # shellscripts + shfmt - # local file sharing - wormhole-rs + # local file sharing + wormhole-rs - # b2 backup @backblaze - restic + # b2 backup @backblaze + restic - # "big" programs - gimp - inkscape - zoom-us - # nomacs - libreoffice-qt - xournalpp - obsidian - spotify - vesktop # discord client - nextcloud-client - spotify-player - element-desktop - nicotine-plus - stable.transmission_3 - mktorrent - hexchat - hugo + # "big" programs + gimp + inkscape + zoom-us + # nomacs + libreoffice-qt + xournalpp + obsidian + spotify + vesktop # discord client + nextcloud-client + spotify-player + element-desktop + nicotine-plus + stable.transmission_3 + mktorrent + hexchat + hugo - # kyria - qmk - qmk-udev-rules + # kyria + qmk + qmk-udev-rules - # firefox related - tridactyl-native + # firefox related + tridactyl-native - # mako related - mako - libnotify + # mako related + mako + libnotify - # general utilities - unrar - samba - cifs-utils - zbar # qr codes - readline - autotiling - brightnessctl - libappindicator-gtk3 - sqlite - speechd - networkmanagerapplet - psmisc # kill etc - lm_sensors - # jq # used for searching the i3 tree in check.sh files + # general utilities + unrar + samba + cifs-utils + zbar # qr codes + readline + autotiling + brightnessctl + libappindicator-gtk3 + sqlite + speechd + networkmanagerapplet + psmisc # kill etc + lm_sensors + # jq # used for searching the i3 tree in check.sh files - # specifically needed for anki - # mpv - anki-bin + # specifically needed for anki + # mpv + anki-bin - # dirvish file previews - fd - imagemagick - # poppler - ffmpegthumbnailer - mediainfo - gnutar - unzip + # dirvish file previews + fd + imagemagick + # poppler + ffmpegthumbnailer + mediainfo + gnutar + unzip - #nautilus - stable.nautilus - xfce.tumbler - libgsf + #nautilus + stable.nautilus + xfce.tumbler + libgsf - # wayland stuff - wtype - wl-clipboard - stable.wl-mirror - wf-recorder - kanshi + # wayland stuff + wtype + wl-clipboard + stable.wl-mirror + wf-recorder + kanshi - # screenshotting tools - grim - slurp + # screenshotting tools + grim + slurp - # the following packages are used (in some way) by waybar - playerctl - pavucontrol - stable.pamixer - # gnome.gnome-clocks - # wlogout - # jdiskreport - # monitor + # the following packages are used (in some way) by waybar + playerctl + pavucontrol + stable.pamixer + # gnome.gnome-clocks + # wlogout + # jdiskreport + # monitor - #keychain - qalculate-gtk - gcr # needed for gnome-secrets to work - seahorse + #keychain + qalculate-gtk + gcr # needed for gnome-secrets to work + seahorse - # sops-related - sops - ssh-to-age + # sops-related + sops + ssh-to-age - # mail related packages - mu + # mail related packages + mu - # latex and related packages - (texlive.combine { - inherit (pkgs.texlive) scheme-full - dvisvgm dvipng# for preview and export as html - wrapfig amsmath ulem hyperref capt-of; - }) + # latex and related packages + (texlive.combine { + inherit (pkgs.texlive) scheme-full + dvisvgm dvipng# for preview and export as html + wrapfig amsmath ulem hyperref capt-of; + }) - # font stuff - nerd-fonts.fira-mono - nerd-fonts.fira-code - nerd-fonts.symbols-only - noto-fonts-emoji - font-awesome_5 - noto-fonts - noto-fonts-cjk-sans - ]; + # font stuff + nerd-fonts.fira-mono + nerd-fonts.fira-code + nerd-fonts.symbols-only + noto-fonts-emoji + font-awesome_5 + noto-fonts + noto-fonts-cjk-sans + ]; + }; } diff --git a/modules/home/common/password-store.nix b/modules/home/common/password-store.nix index 90c1a1b..a6f05b7 100644 --- a/modules/home/common/password-store.nix +++ b/modules/home/common/password-store.nix @@ -1,10 +1,13 @@ -{ pkgs, ... }: +{ lib, config, pkgs, ... }: { - programs.password-store = { - enable = true; - settings = { - PASSWORD_STORE_DIR = "$HOME/.local/share/password-store"; + options.swarselsystems.modules.passwordstore = lib.mkEnableOption "passwordstore settings"; + config = lib.mkIf config.swarselsystems.modules.passwordstore { + programs.password-store = { + enable = true; + settings = { + PASSWORD_STORE_DIR = "$HOME/.local/share/password-store"; + }; + package = pkgs.pass.withExtensions (exts: [ exts.pass-otp ]); }; - package = pkgs.pass.withExtensions (exts: [ exts.pass-otp ]); }; } diff --git a/modules/home/common/programs.nix b/modules/home/common/programs.nix index be8bac8..44da2a5 100644 --- a/modules/home/common/programs.nix +++ b/modules/home/common/programs.nix @@ -1,22 +1,25 @@ -{ pkgs, ... }: +{ lib, config, pkgs, ... }: { - programs = { - bottom.enable = true; - imv.enable = true; - sioyek.enable = true; - bat = { - enable = true; - extraPackages = with pkgs.bat-extras; [ batdiff batman batgrep batwatch ]; + options.swarselsystems.modules.programs = lib.mkEnableOption "programs settings"; + config = lib.mkIf config.swarselsystems.modules.programs { + programs = { + bottom.enable = true; + imv.enable = true; + sioyek.enable = true; + bat = { + enable = true; + extraPackages = with pkgs.bat-extras; [ batdiff batman batgrep batwatch ]; + }; + carapace.enable = true; + wlogout.enable = true; + swayr.enable = true; + yt-dlp.enable = true; + mpv.enable = true; + jq.enable = true; + ripgrep.enable = true; + pandoc.enable = true; + fzf.enable = true; + zoxide.enable = true; }; - carapace.enable = true; - wlogout.enable = true; - swayr.enable = true; - yt-dlp.enable = true; - mpv.enable = true; - jq.enable = true; - ripgrep.enable = true; - pandoc.enable = true; - fzf.enable = true; - zoxide.enable = true; }; } diff --git a/modules/home/common/settings.nix b/modules/home/common/settings.nix index 5cb80a4..0c263c2 100644 --- a/modules/home/common/settings.nix +++ b/modules/home/common/settings.nix @@ -3,41 +3,44 @@ let inherit (config.swarselsystems) mainUser; in { - nix = lib.mkIf (!config.swarselsystems.isNixos) { - settings = { - experimental-features = [ - "nix-command" - "flakes" - "ca-derivations" - "cgroups" - "pipe-operators" - ]; - trusted-users = [ "@wheel" "${mainUser}" ]; - connect-timeout = 5; - bash-prompt-prefix = "$SHLVL:\\w "; - bash-prompt = "$(if [[ $? -gt 0 ]]; then printf \"\"; else printf \"\"; fi)\[\e[1m\]λ\[\e[0m\] "; - fallback = true; - min-free = 128000000; - max-free = 1000000000; - auto-optimise-store = true; - warn-dirty = false; - max-jobs = 1; - use-cgroups = lib.mkIf config.swarselsystems.isLinux true; + options.swarselsystems.modules.general = lib.mkEnableOption "general nix settings"; + config = lib.mkIf config.swarselsystems.modules.general { + nix = lib.mkIf (!config.swarselsystems.isNixos) { + settings = { + experimental-features = [ + "nix-command" + "flakes" + "ca-derivations" + "cgroups" + "pipe-operators" + ]; + trusted-users = [ "@wheel" "${mainUser}" ]; + connect-timeout = 5; + bash-prompt-prefix = "$SHLVL:\\w "; + bash-prompt = "$(if [[ $? -gt 0 ]]; then printf \"\"; else printf \"\"; fi)\[\e[1m\]λ\[\e[0m\] "; + fallback = true; + min-free = 128000000; + max-free = 1000000000; + auto-optimise-store = true; + warn-dirty = false; + max-jobs = 1; + use-cgroups = lib.mkIf config.swarselsystems.isLinux true; + }; }; - }; - nixpkgs.overlays = lib.mkIf config.swarselsystems.isNixos (lib.mkForce null); + nixpkgs.overlays = lib.mkIf config.swarselsystems.isNixos (lib.mkForce null); - programs.home-manager.enable = lib.mkIf (!config.swarselsystems.isNixos) true; - targets.genericLinux.enable = lib.mkIf (!config.swarselsystems.isNixos) true; + programs.home-manager.enable = lib.mkIf (!config.swarselsystems.isNixos) true; + targets.genericLinux.enable = lib.mkIf (!config.swarselsystems.isNixos) true; - home = { - username = lib.mkDefault mainUser; - homeDirectory = lib.mkDefault "/home/${mainUser}"; - stateVersion = lib.mkDefault "23.05"; - keyboard.layout = "us"; - sessionVariables = { - FLAKE = "/home/${mainUser}/.dotfiles"; + home = { + username = lib.mkDefault mainUser; + homeDirectory = lib.mkDefault "/home/${mainUser}"; + stateVersion = lib.mkDefault "23.05"; + keyboard.layout = "us"; + sessionVariables = { + FLAKE = "/home/${mainUser}/.dotfiles"; + }; }; }; diff --git a/modules/home/common/sops.nix b/modules/home/common/sops.nix index 248918e..28ac87f 100644 --- a/modules/home/common/sops.nix +++ b/modules/home/common/sops.nix @@ -3,18 +3,21 @@ let inherit (config.swarselsystems) homeDir xdgDir; in { - sops = lib.mkIf (!config.swarselsystems.isPublic) { - age.sshKeyPaths = [ "${homeDir}/.ssh/sops" "${homeDir}/.ssh/ssh_host_ed25519_key" ]; - defaultSopsFile = lib.swarselsystems.mkIfElseList config.swarselsystems.isBtrfs "/persist/.dotfiles/secrets/general/secrets.yaml" "${homeDir}/.dotfiles/secrets/general/secrets.yaml"; + options.swarselsystems.modules.sops = lib.mkEnableOption "sops settings"; + config = lib.mkIf config.swarselsystems.modules.sops { + sops = lib.mkIf (!config.swarselsystems.isPublic) { + age.sshKeyPaths = [ "${homeDir}/.ssh/sops" "${homeDir}/.ssh/ssh_host_ed25519_key" ]; + defaultSopsFile = lib.swarselsystems.mkIfElseList config.swarselsystems.isBtrfs "/persist/.dotfiles/secrets/general/secrets.yaml" "${homeDir}/.dotfiles/secrets/general/secrets.yaml"; - validateSopsFiles = false; - secrets = { - mrswarsel = { path = "${xdgDir}/secrets/mrswarsel"; }; - nautilus = { path = "${xdgDir}/secrets/nautilus"; }; - leon = { path = "${xdgDir}/secrets/leon"; }; - swarselmail = { path = "${xdgDir}/secrets/swarselmail"; }; - github_notif = { path = "${xdgDir}/secrets/github_notif"; }; - u2f_keys = { path = "${homeDir}/.config/Yubico/u2f_keys"; }; + validateSopsFiles = false; + secrets = { + mrswarsel = { path = "${xdgDir}/secrets/mrswarsel"; }; + nautilus = { path = "${xdgDir}/secrets/nautilus"; }; + leon = { path = "${xdgDir}/secrets/leon"; }; + swarselmail = { path = "${xdgDir}/secrets/swarselmail"; }; + github_notif = { path = "${xdgDir}/secrets/github_notif"; }; + u2f_keys = { path = "${homeDir}/.config/Yubico/u2f_keys"; }; + }; }; }; } diff --git a/modules/home/common/ssh.nix b/modules/home/common/ssh.nix index dae7787..af34294 100644 --- a/modules/home/common/ssh.nix +++ b/modules/home/common/ssh.nix @@ -1,36 +1,39 @@ -_: +{ lib, config, ... }: { - programs.ssh = { - enable = true; - forwardAgent = true; - extraConfig = '' - SetEnv TERM=xterm-256color - ServerAliveInterval 20 - ''; - matchBlocks = { - "pfsense" = { - hostname = "192.168.1.1"; - user = "root"; - }; - "winters" = { - hostname = "192.168.1.2"; - user = "swarsel"; - }; - "minecraft" = { - hostname = "130.61.119.129"; - user = "opc"; - }; - "sync" = { - hostname = "193.122.53.173"; - user = "root"; - }; - "songdiver" = { - hostname = "89.168.100.65"; - user = "ubuntu"; - }; - "pkv" = { - hostname = "46.232.248.161"; - user = "root"; + options.swarselsystems.modules.ssh = lib.mkEnableOption "ssh settings"; + config = lib.mkIf config.swarselsystems.modules.ssh { + programs.ssh = { + enable = true; + forwardAgent = true; + extraConfig = '' + SetEnv TERM=xterm-256color + ServerAliveInterval 20 + ''; + matchBlocks = { + "pfsense" = { + hostname = "192.168.1.1"; + user = "root"; + }; + "winters" = { + hostname = "192.168.1.2"; + user = "swarsel"; + }; + "minecraft" = { + hostname = "130.61.119.129"; + user = "opc"; + }; + "sync" = { + hostname = "193.122.53.173"; + user = "root"; + }; + "songdiver" = { + hostname = "89.168.100.65"; + user = "ubuntu"; + }; + "pkv" = { + hostname = "46.232.248.161"; + user = "root"; + }; }; }; }; diff --git a/modules/home/common/starship.nix b/modules/home/common/starship.nix index 5a7767d..bee6aeb 100644 --- a/modules/home/common/starship.nix +++ b/modules/home/common/starship.nix @@ -1,121 +1,124 @@ -_: +{ lib, config, ... }: { - programs.starship = { - enable = true; - enableZshIntegration = true; - settings = { - add_newline = false; - format = "$shlvl$character"; - right_format = "$all"; - command_timeout = 3000; + options.swarselsystems.modules.starship = lib.mkEnableOption "starship settings"; + config = lib.mkIf config.swarselsystems.modules.starship { + programs.starship = { + enable = true; + enableZshIntegration = true; + settings = { + add_newline = false; + format = "$shlvl$character"; + right_format = "$all"; + command_timeout = 3000; - directory.substitutions = { - "Documents" = "󰈙 "; - "Downloads" = " "; - "Music" = " "; - "Pictures" = " "; + directory.substitutions = { + "Documents" = "󰈙 "; + "Downloads" = " "; + "Music" = " "; + "Pictures" = " "; + }; + + git_status = { + style = "bg:#394260"; + format = "[[($all_status$ahead_behind)](fg:#769ff0 bg:#394260)]($style) "; + }; + + character = { + success_symbol = "[λ](bold green)"; + error_symbol = "[λ](bold red)"; + }; + + shlvl = { + disabled = false; + symbol = "↳"; + format = "[$symbol]($style) "; + repeat = true; + repeat_offset = 1; + style = "blue"; + }; + + nix_shell = { + disabled = false; + heuristic = true; + format = "[$symbol$name]($style)"; + symbol = " "; + }; + + aws.symbol = " "; + buf.symbol = " "; + c.symbol = " "; + conda.symbol = " "; + dart.symbol = " "; + directory.read_only = " 󰌾"; + docker_context.symbol = " "; + elixir.symbol = " "; + elm.symbol = " "; + fossil_branch.symbol = " "; + git_branch.symbol = " "; + golang.symbol = " "; + guix_shell.symbol = " "; + haskell.symbol = " "; + haxe.symbol = " "; + hg_branch.symbol = " "; + hostname.ssh_symbol = " "; + java.symbol = " "; + julia.symbol = " "; + lua.symbol = " "; + memory_usage.symbol = "󰍛 "; + meson.symbol = "󰔷 "; + nim.symbol = "󰆥 "; + nodejs.symbol = " "; + + os.symbols = { + Alpaquita = " "; + Alpine = " "; + Amazon = " "; + Android = " "; + Arch = " "; + Artix = " "; + CentOS = " "; + Debian = " "; + DragonFly = " "; + Emscripten = " "; + EndeavourOS = " "; + Fedora = " "; + FreeBSD = " "; + Garuda = "󰛓 "; + Gentoo = " "; + HardenedBSD = "󰞌 "; + Illumos = "󰈸 "; + Linux = " "; + Mabox = " "; + Macos = " "; + Manjaro = " "; + Mariner = " "; + MidnightBSD = " "; + Mint = " "; + NetBSD = " "; + NixOS = " "; + OpenBSD = "󰈺 "; + openSUSE = " "; + OracleLinux = "󰌷 "; + Pop = " "; + Raspbian = " "; + Redhat = " "; + RedHatEnterprise = " "; + Redox = "󰀘 "; + Solus = "󰠳 "; + SUSE = " "; + Ubuntu = " "; + Unknown = " "; + Windows = "󰍲 "; + }; + + package.symbol = "󰏗 "; + pijul_channel.symbol = " "; + python.symbol = " "; + rlang.symbol = "󰟔 "; + ruby.symbol = " "; + rust.symbol = " "; + scala.symbol = " "; }; - - git_status = { - style = "bg:#394260"; - format = "[[($all_status$ahead_behind)](fg:#769ff0 bg:#394260)]($style) "; - }; - - character = { - success_symbol = "[λ](bold green)"; - error_symbol = "[λ](bold red)"; - }; - - shlvl = { - disabled = false; - symbol = "↳"; - format = "[$symbol]($style) "; - repeat = true; - repeat_offset = 1; - style = "blue"; - }; - - nix_shell = { - disabled = false; - heuristic = true; - format = "[$symbol$name]($style)"; - symbol = " "; - }; - - aws.symbol = " "; - buf.symbol = " "; - c.symbol = " "; - conda.symbol = " "; - dart.symbol = " "; - directory.read_only = " 󰌾"; - docker_context.symbol = " "; - elixir.symbol = " "; - elm.symbol = " "; - fossil_branch.symbol = " "; - git_branch.symbol = " "; - golang.symbol = " "; - guix_shell.symbol = " "; - haskell.symbol = " "; - haxe.symbol = " "; - hg_branch.symbol = " "; - hostname.ssh_symbol = " "; - java.symbol = " "; - julia.symbol = " "; - lua.symbol = " "; - memory_usage.symbol = "󰍛 "; - meson.symbol = "󰔷 "; - nim.symbol = "󰆥 "; - nodejs.symbol = " "; - - os.symbols = { - Alpaquita = " "; - Alpine = " "; - Amazon = " "; - Android = " "; - Arch = " "; - Artix = " "; - CentOS = " "; - Debian = " "; - DragonFly = " "; - Emscripten = " "; - EndeavourOS = " "; - Fedora = " "; - FreeBSD = " "; - Garuda = "󰛓 "; - Gentoo = " "; - HardenedBSD = "󰞌 "; - Illumos = "󰈸 "; - Linux = " "; - Mabox = " "; - Macos = " "; - Manjaro = " "; - Mariner = " "; - MidnightBSD = " "; - Mint = " "; - NetBSD = " "; - NixOS = " "; - OpenBSD = "󰈺 "; - openSUSE = " "; - OracleLinux = "󰌷 "; - Pop = " "; - Raspbian = " "; - Redhat = " "; - RedHatEnterprise = " "; - Redox = "󰀘 "; - Solus = "󰠳 "; - SUSE = " "; - Ubuntu = " "; - Unknown = " "; - Windows = "󰍲 "; - }; - - package.symbol = "󰏗 "; - pijul_channel.symbol = " "; - python.symbol = " "; - rlang.symbol = "󰟔 "; - ruby.symbol = " "; - rust.symbol = " "; - scala.symbol = " "; }; }; } diff --git a/modules/home/common/stylix.nix b/modules/home/common/stylix.nix index a1fd4ab..eecdb83 100644 --- a/modules/home/common/stylix.nix +++ b/modules/home/common/stylix.nix @@ -1,9 +1,12 @@ { lib, config, ... }: { - stylix = lib.mkIf (!config.swarselsystems.isNixos) (lib.recursiveUpdate - { - image = config.swarselsystems.wallpaper; - targets = config.swarselsystems.stylixHomeTargets; - } - config.swarselsystems.stylix); + options.swarselsystems.modules.stylix = lib.mkEnableOption "stylix settings"; + config = lib.mkIf config.swarselsystems.modules.stylix { + stylix = lib.mkIf (!config.swarselsystems.isNixos) (lib.recursiveUpdate + { + image = config.swarselsystems.wallpaper; + targets = config.swarselsystems.stylixHomeTargets; + } + config.swarselsystems.stylix); + }; } diff --git a/modules/home/common/sway.nix b/modules/home/common/sway.nix index 94601b6..054aaf1 100644 --- a/modules/home/common/sway.nix +++ b/modules/home/common/sway.nix @@ -180,13 +180,18 @@ "${modifier}+Print" = "exec screenshare"; # exec swaymsg move workspace to "$(swaymsg -t get_outputs | jq '[.[] | select(.active == true)] | .[(map(.focused) | index(true) + 1) % length].name')" # "XF86AudioRaiseVolume" = "exec pa 5%"; - "XF86AudioRaiseVolume" = "exec pamixer -i 5"; + # "XF86AudioRaiseVolume" = "exec pamixer -i 5"; + "XF86AudioRaiseVolume" = "exec swayosd-client --output-volume raise"; # "XF86AudioLowerVolume" = "exec pactl set-sink-volume @DEFAULT_SINK@ -5%"; - "XF86AudioLowerVolume" = "exec pamixer -d 5"; + # "XF86AudioLowerVolume" = "exec pamixer -d 5"; + "XF86AudioLowerVolume" = "exec swayosd-client --output-volume lower"; # "XF86AudioMute" = "exec pactl set-sink-mute @DEFAULT_SINK@ toggle"; - "XF86AudioMute" = "exec pamixer -t"; - "XF86MonBrightnessUp" = "exec brightnessctl set +5%"; - "XF86MonBrightnessDown" = "exec brightnessctl set 5%-"; + # "XF86AudioMute" = "exec pamixer -t"; + "XF86AudioMute" = "exec swayosd-client --output-volume mute-toggle"; + # "XF86MonBrightnessUp" = "exec brightnessctl set +5%"; + "XF86MonBrightnessUp" = "exec swayosd-client --brightness raise"; + # "XF86MonBrightnessDown" = "exec brightnessctl set 5%-"; + "XF86MonBrightnessDown" = "exec swayosd-client --brightness lower"; "XF86Display" = "exec wl-mirror eDP-1"; } config.swarselsystems.keybindings; @@ -363,37 +368,38 @@ swayfxSettings = config.swarselsystems.swayfxConfig; in " - exec_always autotiling - set $exit \"exit: [s]leep, [l]ock, [p]oweroff, [r]eboot, [u]ser logout\" + exec_always autotiling + set $exit \"exit: [s]leep, [l]ock, [p]oweroff, [r]eboot, [u]ser logout\" - mode $exit { - bindsym --to-code { - s exec \"systemctl suspend\", mode \"default\" - h exec \"systemctl hibernate\", mode \"default\" - l exec \"swaylock --screenshots --clock --effect-blur 7x5 --effect-vignette 0.5:0.5 --fade-in 0.2 --daemonize\", mode \"default\ - p exec \"systemctl poweroff\" - r exec \"systemctl reboot\" - u exec \"swaymsg exit\" + mode $exit { + bindsym --to-code { + s exec \"systemctl suspend\", mode \"default\" + h exec \"systemctl hibernate\", mode \"default\" + l exec \"swaylock --screenshots --clock --effect-blur 7x5 --effect-vignette 0.5:0.5 --fade-in 0.2 --daemonize\", mode \"default\ + p exec \"systemctl poweroff\" + r exec \"systemctl reboot\" + u exec \"swaymsg exit\" - Return mode \"default\" - Escape mode \"default\" - ${modifier}+Escape mode \"default\" - } - } + Return mode \"default\" + Escape mode \"default\" + ${modifier}+Escape mode \"default\" + } + } - exec systemctl --user import-environment - exec swayidle -w + exec systemctl --user import-environment + exec swayidle -w - seat * hide_cursor 2000 + seat * hide_cursor 2000 - exec kanshi - exec_always kill -1 $(pidof kanshi) + exec kanshi + exec_always kill -1 $(pidof kanshi) + exec swayosd-server - bindswitch --locked lid:on exec kanshictl switch lidclosed - bindswitch --locked lid:off exec kanshictl switch lidopen + bindswitch --locked lid:on exec kanshictl switch lidclosed + bindswitch --locked lid:off exec kanshictl switch lidopen - ${swayfxSettings} - "; + ${swayfxSettings} + "; }; }; } diff --git a/modules/home/common/symlink.nix b/modules/home/common/symlink.nix index 4f0e71e..15d8636 100644 --- a/modules/home/common/symlink.nix +++ b/modules/home/common/symlink.nix @@ -1,29 +1,32 @@ -{ self, lib, ... }: +{ self, lib, config, ... }: { - home.file = { - "init.el" = lib.mkDefault { - source = self + /programs/emacs/init.el; - target = ".emacs.d/init.el"; + options.swarselsystems.modules.symlink = lib.mkEnableOption "symlink settings"; + config = lib.mkIf config.swarselsystems.modules.symlink { + home.file = { + "init.el" = lib.mkDefault { + source = self + /programs/emacs/init.el; + target = ".emacs.d/init.el"; + }; + "early-init.el" = { + source = self + /programs/emacs/early-init.el; + target = ".emacs.d/early-init.el"; + }; + # on NixOS, Emacs does not find the aspell dicts easily. Write the configuration manually + ".aspell.conf" = { + source = self + /programs/config/.aspell.conf; + target = ".aspell.conf"; + }; + ".gitmessage" = { + source = self + /programs/git/.gitmessage; + target = ".gitmessage"; + }; }; - "early-init.el" = { - source = self + /programs/emacs/early-init.el; - target = ".emacs.d/early-init.el"; - }; - # on NixOS, Emacs does not find the aspell dicts easily. Write the configuration manually - ".aspell.conf" = { - source = self + /programs/config/.aspell.conf; - target = ".aspell.conf"; - }; - ".gitmessage" = { - source = self + /programs/git/.gitmessage; - target = ".gitmessage"; - }; - }; - xdg.configFile = { - "tridactyl/tridactylrc".source = self + /programs/firefox/tridactyl/tridactylrc; - "tridactyl/themes/base16-codeschool.css".source = self + /programs/firefox/tridactyl/themes/base16-codeschool.css; - "tridactyl/themes/swarsel.css".source = self + /programs/firefox/tridactyl/themes/swarsel.css; - "swayidle/config".source = self + /programs/swayidle/config; + xdg.configFile = { + "tridactyl/tridactylrc".source = self + /programs/firefox/tridactyl/tridactylrc; + "tridactyl/themes/base16-codeschool.css".source = self + /programs/firefox/tridactyl/themes/base16-codeschool.css; + "tridactyl/themes/swarsel.css".source = self + /programs/firefox/tridactyl/themes/swarsel.css; + "swayidle/config".source = self + /programs/swayidle/config; + }; }; } diff --git a/modules/home/common/tmux.nix b/modules/home/common/tmux.nix index dbe1dad..f5daa4d 100644 --- a/modules/home/common/tmux.nix +++ b/modules/home/common/tmux.nix @@ -1,4 +1,4 @@ -{ pkgs, ... }: +{ lib, config, pkgs, ... }: let tmux-super-fingers = pkgs.tmuxPlugins.mkTmuxPlugin { @@ -13,85 +13,87 @@ let }; in { + options.swarselsystems.modules.tmux = lib.mkEnableOption "tmux settings"; + config = lib.mkIf config.swarselsystems.modules.tmux { + home.packages = with pkgs; [ + lsof + sesh + ]; - home.packages = with pkgs; [ - lsof - sesh - ]; + programs.tmux = { + enable = true; + shell = "${pkgs.zsh}/bin/zsh"; + terminal = "tmux-256color"; + historyLimit = 100000; + plugins = with pkgs; + [ + tmuxPlugins.tmux-thumbs + { + plugin = tmux-super-fingers; + extraConfig = "set -g @super-fingers-key f"; + } - programs.tmux = { - enable = true; - shell = "${pkgs.zsh}/bin/zsh"; - terminal = "tmux-256color"; - historyLimit = 100000; - plugins = with pkgs; - [ - tmuxPlugins.tmux-thumbs - { - plugin = tmux-super-fingers; - extraConfig = "set -g @super-fingers-key f"; - } + tmuxPlugins.sensible + # must be before continuum edits right status bar + { + plugin = tmuxPlugins.catppuccin; + extraConfig = '' + set -g @catppuccin_flavour 'frappe' + set -g @catppuccin_window_tabs_enabled on + set -g @catppuccin_date_time "%H:%M" + ''; + } + { + plugin = tmuxPlugins.resurrect; + extraConfig = '' + set -g @resurrect-strategy-vim 'session' + set -g @resurrect-strategy-nvim 'session' + set -g @resurrect-capture-pane-contents 'on' + ''; + } + { + plugin = tmuxPlugins.continuum; + extraConfig = '' + set -g @continuum-restore 'on' + set -g @continuum-boot 'on' + set -g @continuum-save-interval '10' + ''; + } + tmuxPlugins.better-mouse-mode + tmuxPlugins.yank + ]; + extraConfig = '' + set -g default-terminal "tmux-256color" + set -ag terminal-overrides ",xterm-256color:RGB" - tmuxPlugins.sensible - # must be before continuum edits right status bar - { - plugin = tmuxPlugins.catppuccin; - extraConfig = '' - set -g @catppuccin_flavour 'frappe' - set -g @catppuccin_window_tabs_enabled on - set -g @catppuccin_date_time "%H:%M" - ''; - } - { - plugin = tmuxPlugins.resurrect; - extraConfig = '' - set -g @resurrect-strategy-vim 'session' - set -g @resurrect-strategy-nvim 'session' - set -g @resurrect-capture-pane-contents 'on' - ''; - } - { - plugin = tmuxPlugins.continuum; - extraConfig = '' - set -g @continuum-restore 'on' - set -g @continuum-boot 'on' - set -g @continuum-save-interval '10' - ''; - } - tmuxPlugins.better-mouse-mode - tmuxPlugins.yank - ]; - extraConfig = '' - set -g default-terminal "tmux-256color" - set -ag terminal-overrides ",xterm-256color:RGB" + set-option -g prefix C-a + unbind-key C-b + bind-key C-a send-prefix - set-option -g prefix C-a - unbind-key C-b - bind-key C-a send-prefix + set -g mouse on - set -g mouse on + # Open new split at cwd of current split + bind | split-window -h -c "#{pane_current_path}" + bind - split-window -v -c "#{pane_current_path}" - # Open new split at cwd of current split - bind | split-window -h -c "#{pane_current_path}" - bind - split-window -v -c "#{pane_current_path}" + # Use vim keybindings in copy mode + set-window-option -g mode-keys vi - # Use vim keybindings in copy mode - set-window-option -g mode-keys vi + # v in copy mode starts making selection + bind-key -T copy-mode-vi v send-keys -X begin-selection + bind-key -T copy-mode-vi C-v send-keys -X rectangle-toggle + bind-key -T copy-mode-vi y send-keys -X copy-selection-and-cancel - # v in copy mode starts making selection - bind-key -T copy-mode-vi v send-keys -X begin-selection - bind-key -T copy-mode-vi C-v send-keys -X rectangle-toggle - bind-key -T copy-mode-vi y send-keys -X copy-selection-and-cancel + # Escape turns on copy mode + bind Escape copy-mode - # Escape turns on copy mode - bind Escape copy-mode + set-option -g status-position top - set-option -g status-position top + # make Prefix p paste the buffer. + unbind p + bind p paste-buffer - # make Prefix p paste the buffer. - unbind p - bind p paste-buffer - - ''; + ''; + }; }; } diff --git a/modules/home/common/waybar.nix b/modules/home/common/waybar.nix index 9e9b9ed..064b403 100644 --- a/modules/home/common/waybar.nix +++ b/modules/home/common/waybar.nix @@ -22,6 +22,7 @@ let in { options.swarselsystems = { + modules.waybar = lib.mkEnableOption "waybar settings"; cpuCount = lib.mkOption { type = lib.types.int; default = 8; @@ -50,7 +51,7 @@ in internal = true; }; }; - config = { + config = lib.mkIf config.swarselsystems.modules.waybar { swarselsystems = { waybarModules = lib.mkIf config.swarselsystems.isLaptop (modulesLeft ++ [ "battery" diff --git a/modules/home/common/yubikey.nix b/modules/home/common/yubikey.nix index 4486ec5..7476c21 100644 --- a/modules/home/common/yubikey.nix +++ b/modules/home/common/yubikey.nix @@ -1,14 +1,17 @@ -{ lib, nix-secrets, ... }: +{ lib, config, nix-secrets, ... }: let secretsDirectory = builtins.toString nix-secrets; yubikey1 = lib.swarselsystems.getSecret "${secretsDirectory}/yubikey/yubikey1"; yubikey2 = lib.swarselsystems.getSecret "${secretsDirectory}/yubikey/yubikey2"; in { - pam.yubico.authorizedYubiKeys = { - ids = [ - "${yubikey1}" - "${yubikey2}" - ]; + options.swarselsystems.modules.yubikey = lib.mkEnableOption "yubikey settings"; + config = lib.mkIf config.swarselsystems.modules.yubikey { + pam.yubico.authorizedYubiKeys = { + ids = [ + "${yubikey1}" + "${yubikey2}" + ]; + }; }; } diff --git a/modules/home/common/zellij.nix b/modules/home/common/zellij.nix index 9b0523e..19e9e7f 100644 --- a/modules/home/common/zellij.nix +++ b/modules/home/common/zellij.nix @@ -1,18 +1,20 @@ -{ self, config, pkgs, ... }: +{ self, lib, config, pkgs, ... }: { + options.swarselsystems.modules.zellij = lib.mkEnableOption "zellij settings"; + config = lib.mkIf config.swarselsystems.modules.zellij { + programs.zellij = { + enable = true; + enableZshIntegration = true; + }; - programs.zellij = { - enable = true; - enableZshIntegration = true; - }; + home.packages = with pkgs; [ + zjstatus + ]; - home.packages = with pkgs; [ - zjstatus - ]; - - xdg.configFile = { - "zellij/config.kdl".text = import "${self}/programs/zellij/config.kdl.nix" { inherit config; }; - "zellij/layouts/default.kdl".text = import "${self}/programs/zellij/layouts/default.kdl.nix" { inherit config pkgs; }; + xdg.configFile = { + "zellij/config.kdl".text = import "${self}/programs/zellij/config.kdl.nix" { inherit config; }; + "zellij/layouts/default.kdl".text = import "${self}/programs/zellij/layouts/default.kdl.nix" { inherit config pkgs; }; + }; }; } diff --git a/modules/home/common/zsh.nix b/modules/home/common/zsh.nix index f4bc8d7..e00f235 100644 --- a/modules/home/common/zsh.nix +++ b/modules/home/common/zsh.nix @@ -4,12 +4,13 @@ let in { options.swarselsystems = { + modules.zsh = lib.mkEnableOption "zsh settings"; shellAliases = lib.mkOption { type = lib.types.attrsOf lib.types.str; default = { }; }; }; - config = { + config = lib.mkIf config.swarselsystems.modules.zsh { programs.zsh = { enable = true; shellAliases = lib.recursiveUpdate diff --git a/modules/nixos/optional/work.nix b/modules/nixos/optional/work.nix index 355b89e..5207bae 100644 --- a/modules/nixos/optional/work.nix +++ b/modules/nixos/optional/work.nix @@ -143,7 +143,7 @@ in udev.extraRules = '' # share screen when dongle detected - SUBSYSTEM=="usb", ACTION=="add", ATTRS{idVendor}=="04e8", ATTRS{idProduct}=="6860", TAG+="systemd", ENV{SYSTEMD_WANTS}="swarsel-screenshare.service" + SUBSYSTEM=="usb", ACTION=="add", ATTRS{idVendor}=="343c", ATTRS{idProduct}=="0000", TAG+="systemd", ENV{SYSTEMD_WANTS}="swarsel-screenshare.service" # lock screen when yubikey removed ACTION=="remove", ENV{PRODUCT}=="3/1050/407/110", RUN+="${pkgs.systemd}/bin/systemctl suspend" diff --git a/profiles/home/default.nix b/profiles/home/default.nix index f1a34f8..e0ec43b 100644 --- a/profiles/home/default.nix +++ b/profiles/home/default.nix @@ -1,5 +1,7 @@ { lib, ... }: let - moduleNames = lib.swarselsystems.readNix "profiles/home"; + profileNames = lib.swarselsystems.readNix "profiles/home"; in -lib.swarselsystems.mkProfiles moduleNames "home" +{ + imports = lib.swarselsystems.mkImports profileNames "profiles/home"; +} diff --git a/profiles/home/personal/default.nix b/profiles/home/personal/default.nix new file mode 100644 index 0000000..e5dae81 --- /dev/null +++ b/profiles/home/personal/default.nix @@ -0,0 +1,36 @@ +{ lib, config, ... }: +{ + options.swarselsystems.profiles.personal = lib.mkEnableOption "is this a personal host"; + config = lib.mkIf config.swarselsystems.profiles.personal { + swarselsystems.modules = { + packages = lib.mkDefault true; + ownpackages = lib.mkDefault true; + general = lib.mkDefault true; + nixgl = lib.mkDefault true; + sops = lib.mkDefault true; + yubikey = lib.mkDefault true; + ssh = lib.mkDefault true; + stylix = lib.mkDefault true; + desktop = lib.mkDefault true; + symlink = lib.mkDefault true; + env = lib.mkDefault true; + programs = lib.mkDefault true; + nix-index = lib.mkDefault true; + direnv = lib.mkDefault true; + eza = lib.mkDefault true; + git = lib.mkDefault true; + fuzzel = lib.mkDefault true; + starship = lib.mkDefault true; + kitty = lib.mkDefault true; + zsh = lib.mkDefault true; + zellij = lib.mkDefault true; + tmux = lib.mkDefault true; + mail = lib.mkDefault true; + emacs = lib.mkDefault true; + waybar = lib.mkDefault true; + firefox = lib.mkDefault true; + gnome-keyring = lib.mkDefault true; + }; + }; + +} diff --git a/profiles/nixos/default.nix b/profiles/nixos/default.nix index aa058d7..8ea84bf 100644 --- a/profiles/nixos/default.nix +++ b/profiles/nixos/default.nix @@ -1,5 +1,7 @@ { lib, ... }: let - moduleNames = lib.swarselsystems.readNix "profiles/nixos"; + profileNames = lib.swarselsystems.readNix "profiles/nixos"; in -lib.swarselsystems.mkProfiles moduleNames "nixos" +{ + imports = lib.swarselsystems.mkImports profileNames "profiles/nixos"; +} diff --git a/profiles/nixos/localserver/default.nix b/profiles/nixos/localserver/default.nix new file mode 100644 index 0000000..876e97a --- /dev/null +++ b/profiles/nixos/localserver/default.nix @@ -0,0 +1,37 @@ +{ lib, config, ... }: +{ + options.swarselsystems.profiles.server.local = lib.mkEnableOption "is this a local server"; + config = lib.mkIf config.swarselsystems.profiles.server.local { + swarselsystems = { + # common modules + modules = { + nix-ld = lib.mkDefault true; + home-manager = lib.mkDefault true; + home-managerExtra = lib.mkDefault true; + xserver = lib.mkDefault true; + gc = lib.mkDefault true; + storeOptimize = lib.mkDefault true; + time = lib.mkDefault true; + users = lib.mkDefault true; + }; + # server modules + # server = { + # kavita = lib.mkDefault true; + # jellyfin = lib.mkDefault true; + # navidrome = lib.mkDefault true; + # spotifyd = lib.mkDefault true; + # mpd = lib.mkDefault true; + # matrix = lib.mkDefault true; + # nextcloud = lib.mkDefault true; + # immich = lib.mkDefault true; + # paperless = lib.mkDefault true; + # transmission = lib.mkDefault true; + # syncthing = lib.mkDefault true; + # monitoring = lib.mkDefault true; + # emacs = lib.mkDefault true; + # freshrss = lib.mkDefault true; + # }; + }; + }; + +} diff --git a/profiles/nixos/personal/default.nix b/profiles/nixos/personal/default.nix index d3cf248..d719c28 100644 --- a/profiles/nixos/personal/default.nix +++ b/profiles/nixos/personal/default.nix @@ -1,8 +1,8 @@ { lib, config, ... }: { - options.swarselsystems.profiles.personalz = lib.mkEnableOption "is this a personal host"; - config = lib.mkIf config.swarselsystems.profiles.personalz { - config.swarselsystems.modules = { + options.swarselsystems.profiles.personal = lib.mkEnableOption "is this a personal host"; + config = lib.mkIf config.swarselsystems.profiles.personal { + swarselsystems.modules = { packages = lib.mkDefault true; general = lib.mkDefault true; home-manager = lib.mkDefault true; diff --git a/profiles/nixos/syncserver/default.nix b/profiles/nixos/syncserver/default.nix new file mode 100644 index 0000000..82ade9d --- /dev/null +++ b/profiles/nixos/syncserver/default.nix @@ -0,0 +1,25 @@ +{ lib, config, ... }: +{ + options.swarselsystems.profiles.server.sync = lib.mkEnableOption "is this a oci sync server"; + config = lib.mkIf config.swarselsystems.profiles.server.sync { + swarselsystems = { + # common modules + modules = { + nix-ld = lib.mkDefault true; + home-manager = lib.mkDefault true; + home-managerExtra = lib.mkDefault true; + xserver = lib.mkDefault true; + gc = lib.mkDefault true; + storeOptimize = lib.mkDefault true; + time = lib.mkDefault true; + users = lib.mkDefault true; + }; + # server modules + # server = { + # forgejo = lib.mkDefault true; + # ankisync = lib.mkDefault true; + # }; + }; + }; + +} From e7e59715d867424d217044d9e660f7f0a698a9f5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leon=20Schwarz=C3=A4ugl?= Date: Thu, 3 Apr 2025 17:43:15 +0200 Subject: [PATCH 07/13] feat: add govc qol env --- SwarselSystems.org | 43 +++++++++++++++++++++++++-------- modules/nixos/optional/work.nix | 43 +++++++++++++++++++++++++-------- secrets/work/secrets.yaml | 12 +++++++-- 3 files changed, 76 insertions(+), 22 deletions(-) diff --git a/SwarselSystems.org b/SwarselSystems.org index 904d6a9..dad3199 100644 --- a/SwarselSystems.org +++ b/SwarselSystems.org @@ -8016,16 +8016,31 @@ Options that I need specifically at work. There are more options at [[#h:f0b2ea9 }; in { - sops = { - secrets = { - vcuser = { - inherit owner sopsFile; - }; - vcpw = { - inherit owner sopsFile; - }; + sops = + let + secretNames = [ + "vcuser" + "vcpw" + "govcuser" + "govcpw" + "govcurl" + "govcdc" + "govcds" + "govchost" + "govcnetwork" + "govcpool" + ]; + in + { + secrets = builtins.listToAttrs ( + map + (name: { + inherit name; + value = { inherit owner sopsFile; }; + }) + secretNames + ); }; - }; boot.initrd = { systemd.enable = lib.mkForce true; # make sure we are using initrd systemd even when not using Impermanence @@ -8042,6 +8057,14 @@ Options that I need specifically at work. There are more options at [[#h:f0b2ea9 zsh.shellInit = '' export VSPHERE_USER="$(cat ${config.sops.secrets.vcuser.path})" export VSPHERE_PW="$(cat ${config.sops.secrets.vcpw.path})" + export GOVC_USERNAME="$(cat ${config.sops.secrets.govcuser.path})" + export GOVC_PASSWORD="$(cat ${config.sops.secrets.govcpw.path})" + export GOVC_URL="$(cat ${config.sops.secrets.govcurl.path})" + export GOVC_DATACENTER="$(cat ${config.sops.secrets.govcdc.path})" + export GOVC_DATASTORE="$(cat ${config.sops.secrets.govcds.path})" + export GOVC_HOST="$(cat ${config.sops.secrets.govchost.path})" + export GOVC_RESOURCE_POOL="$(cat ${config.sops.secrets.govcpool.path})" + export GOVC_NETWORK="$(cat ${config.sops.secrets.govcnetwork.path})" ''; browserpass.enable = true; @@ -8115,7 +8138,7 @@ Options that I need specifically at work. There are more options at [[#h:f0b2ea9 openssh = { enable = true; extraConfig = '' - ''; + ''; }; syncthing = { diff --git a/modules/nixos/optional/work.nix b/modules/nixos/optional/work.nix index 5207bae..78d65fe 100644 --- a/modules/nixos/optional/work.nix +++ b/modules/nixos/optional/work.nix @@ -24,16 +24,31 @@ let }; in { - sops = { - secrets = { - vcuser = { - inherit owner sopsFile; - }; - vcpw = { - inherit owner sopsFile; - }; + sops = + let + secretNames = [ + "vcuser" + "vcpw" + "govcuser" + "govcpw" + "govcurl" + "govcdc" + "govcds" + "govchost" + "govcnetwork" + "govcpool" + ]; + in + { + secrets = builtins.listToAttrs ( + map + (name: { + inherit name; + value = { inherit owner sopsFile; }; + }) + secretNames + ); }; - }; boot.initrd = { systemd.enable = lib.mkForce true; # make sure we are using initrd systemd even when not using Impermanence @@ -50,6 +65,14 @@ in zsh.shellInit = '' export VSPHERE_USER="$(cat ${config.sops.secrets.vcuser.path})" export VSPHERE_PW="$(cat ${config.sops.secrets.vcpw.path})" + export GOVC_USERNAME="$(cat ${config.sops.secrets.govcuser.path})" + export GOVC_PASSWORD="$(cat ${config.sops.secrets.govcpw.path})" + export GOVC_URL="$(cat ${config.sops.secrets.govcurl.path})" + export GOVC_DATACENTER="$(cat ${config.sops.secrets.govcdc.path})" + export GOVC_DATASTORE="$(cat ${config.sops.secrets.govcds.path})" + export GOVC_HOST="$(cat ${config.sops.secrets.govchost.path})" + export GOVC_RESOURCE_POOL="$(cat ${config.sops.secrets.govcpool.path})" + export GOVC_NETWORK="$(cat ${config.sops.secrets.govcnetwork.path})" ''; browserpass.enable = true; @@ -123,7 +146,7 @@ in openssh = { enable = true; extraConfig = '' - ''; + ''; }; syncthing = { diff --git a/secrets/work/secrets.yaml b/secrets/work/secrets.yaml index e616fed..d7345a3 100644 --- a/secrets/work/secrets.yaml +++ b/secrets/work/secrets.yaml @@ -1,5 +1,13 @@ vcuser: ENC[AES256_GCM,data:M2LmjWGI6boQtOdTZz3dZ9Qb,iv:/KAC1RF0bqviHzPFP8F8GlX32f/8Qp07iXz2Yz5UO5o=,tag:rYzeylJIWtoQrSGy8OZqQg==,type:str] vcpw: ENC[AES256_GCM,data:bgqPbdJMVZXPWXiNsr9GxFRE1Q==,iv:5HuagCnNWLBvw7Z+nmLhCfMFV6b9mOd+afqCBUvWjNc=,tag:LfMOFvQZtNUh+7z6a+mpZA==,type:str] +govcuser: ENC[AES256_GCM,data:4uJfzjBYgFJhskgxr4hN4GjlsOQyTRPF5Vmxlfs=,iv:/XsJeDUxvxjYythNKcEztmuKaC8yJALCV2N9ni2q46k=,tag:rtC/7SZlJsRQ2uMJs0nZXw==,type:str] +govcpw: ENC[AES256_GCM,data:qNscuAkxb4cp0AJneh7oSfCO0PQL4g==,iv:Ch9vlo4B6dYmF3jg7Bi9FhQNlGHmMizFIhmijBP5cnA=,tag:HD4wMsH57+dBFAAS9DPN8A==,type:str] +govcurl: ENC[AES256_GCM,data:vjYrQLIY7z0XS20NUDx+g4KFVbSXVIJMdFpS9NU+z7U=,iv:lQJkDAPBKvsf48V/w0pPSyYaueNR6rwEGIX0TGVXIV4=,tag:7rjFW180OUJ4zDaiHinA2Q==,type:str] +govcdc: ENC[AES256_GCM,data:I2sL,iv:ORJ4/fKYgc2CqfC93+soNBVqnh5++E4xVataKfGKJ38=,tag:eUUBBMS1iZaTb62C0pZmlg==,type:str] +govcds: ENC[AES256_GCM,data:X5R+N9A1ZkCMGJb4yNiAcfPxzQ==,iv:8Yx06B/R/9p6oTOnqPodNPRjadRhhxHbKiXGfavG1aU=,tag:PjVsbCBgdmbX8+TyDr1L3Q==,type:str] +govchost: ENC[AES256_GCM,data:l/5kcvUQkT/4TYl1j7Ws,iv:Lc+D4ukKkTrIIg8sKy/9NYX1D6xMgL8oEGWZ9DzJtFM=,tag:MuvEJEVYNchT1iDTRPwvbQ==,type:str] +govcnetwork: ENC[AES256_GCM,data:Hevnb0fAMbXTrg1CCmAgwZbJ+sxaTUgJLRc=,iv:UoNyPYuKnACv/euoE5SGlsF4/0ni32+ysLc7nM/pCrQ=,tag:jSHYFecVUvmTKr6AmNLbgw==,type:str] +govcpool: ENC[AES256_GCM,data:sfglbCi3,iv:UdvDgyI8AAFdfOxKD1sVYCof7rXFPavq8eYDaK6Kp2I=,tag:iMn7XPf0rmql2EiaqsAn8w==,type:str] sops: kms: [] gcp_kms: [] @@ -15,8 +23,8 @@ sops: Z0dpTnpXcnRub2NWU21PblBtUnBXTnMKfmW5I2G+XhXEi8ssdnlavppxhgI4G56B 555YBJ8mLRXKINtd37nUyfydEUYiM4zUbTFlJ+83VVF//+4KUeOCYw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-03-21T17:17:55Z" - mac: ENC[AES256_GCM,data:6jF3PUfhVaLe1pIlCYlGHOqXhetWij1WijaSt63x/9m81QIcPlrlihpL3jN6d8P57PpnQU0ZHk6vwotmzDH3fsqiYzBaNK7oPuJFQotnm1eHR2NVLCO8zQLY47XN2kjuOSl6N2WNociux0oiOssw5BTFym0uInDlX9Lt9+/YlHI=,iv:J40e5Aoi++2oTrx7JpUL8HdVumWrnLRDsbBfp8YjzCA=,tag:jiHu4mG5PLrrB3FGekpKYw==,type:str] + lastmodified: "2025-04-03T15:35:39Z" + mac: ENC[AES256_GCM,data:SKVgG2bNNYik+oUpJehJaWSjZb9ltl8MEAFmbUu2ZfPN4GEarXcscvMuoRdYa58xWRnzpDg23/85+cKhK2MpXjfe5r7oE43xZbPyUA1aCy0XoygcezNbcS7kYx6vyWaBIJEnVGM1EXWrD+f45SmNc3jT0yUdQS+H0Tt1hWNmleQ=,iv:zpEGVcLsjo7PEEiFyM4W+JeT6ODJ4xXV0ToFACnom6o=,tag:rFWZTs8pPTJza/PyLckvug==,type:str] pgp: - created_at: "2024-12-17T11:38:28Z" enc: |- From 27679d38fd7725bfe541b06e85a4cddd01258dc7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leon=20Schwarz=C3=A4ugl?= Date: Sat, 5 Apr 2025 02:16:21 +0200 Subject: [PATCH 08/13] refactor: finish initial move to modules-only [WIP] --- SwarselSystems.org | 1777 +++++++++-------- hosts/nixos/nbl-imba-2/default.nix | 7 +- modules/home/common/gammastep.nix | 15 +- modules/home/common/gpg-agent.nix | 65 +- modules/home/common/kanshi.nix | 143 +- modules/home/common/kdeconnect.nix | 11 +- modules/home/common/mako.nix | 64 +- modules/home/common/sway.nix | 3 +- modules/home/common/swayosd.nix | 10 + .../home/common/yubikey-touch-detector.nix | 51 +- modules/home/optional/gaming.nix | 61 +- modules/home/optional/work.nix | 577 +++--- modules/home/server/symlink.nix | 13 +- modules/nixos/optional/autologin.nix | 11 +- modules/nixos/optional/gaming.nix | 57 +- modules/nixos/optional/nswitch-rcm.nix | 15 +- modules/nixos/optional/virtualbox.nix | 30 +- modules/nixos/optional/vmware.nix | 9 +- modules/nixos/optional/work.nix | 293 +-- modules/nixos/server/nfs.nix | 81 +- modules/nixos/server/nginx.nix | 62 +- modules/nixos/server/packages.nix | 21 +- modules/nixos/server/settings.nix | 3 +- modules/nixos/server/sops.nix | 12 +- modules/nixos/server/ssh.nix | 32 +- profiles/home/darwin/default.nix | 10 + profiles/home/localserver/default.nix | 13 + profiles/home/personal/default.nix | 12 + profiles/home/work/default.nix | 12 + profiles/nixos/localserver/default.nix | 41 +- profiles/nixos/personal/default.nix | 7 + profiles/nixos/syncserver/default.nix | 16 +- profiles/nixos/work/default.nix | 13 + programs/zellij/layouts/default.kdl.nix | 4 +- 34 files changed, 1934 insertions(+), 1617 deletions(-) create mode 100644 modules/home/common/swayosd.nix create mode 100644 profiles/home/darwin/default.nix create mode 100644 profiles/home/localserver/default.nix create mode 100644 profiles/home/work/default.nix create mode 100644 profiles/nixos/work/default.nix diff --git a/SwarselSystems.org b/SwarselSystems.org index dad3199..d9e5b39 100644 --- a/SwarselSystems.org +++ b/SwarselSystems.org @@ -807,7 +807,10 @@ My work machine. Built for more security, this is the gold standard of my config isBtrfs = true; isLinux = true; sharescreen = "eDP-2"; - profiles.personal = true; + profiles = { + personal = true; + work = true; + }; }; in { @@ -826,11 +829,13 @@ My work machine. Built for more security, this is the gold standard of my config "${modulesPath}/nixos/optional/gaming.nix" "${modulesPath}/nixos/optional/work.nix" "${self}/profiles/nixos" + "${modulesPath}/nixos/server" inputs.home-manager.nixosModules.home-manager { home-manager.users."${primaryUser}".imports = [ "${self}/profiles/home" + "${modulesPath}/home/server" "${modulesPath}/home/optional/gaming.nix" "${modulesPath}/home/optional/work.nix" ]; @@ -3865,6 +3870,32 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a lid = lib.mkDefault true; lowBattery = lib.mkDefault true; lanzaboote = lib.mkDefault true; + + optional = { + gaming = lib.mkDefault true; + virtualbox = lib.mkDefault true; + autologin = lib.mkDefault true; + nswitch-rcm = lib.mkDefault true; + }; + }; + + }; + + } + +#+end_src + +***** Work + +#+begin_src nix :tangle profiles/nixos/work/default.nix :mkdirp yes + { lib, config, ... }: + { + options.swarselsystems.profiles.work = lib.mkEnableOption "is this a work host"; + config = lib.mkIf config.swarselsystems.profiles.work { + swarselsystems.modules = { + optional = { + work = lib.mkDefault true; + }; }; }; @@ -3881,7 +3912,6 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a options.swarselsystems.profiles.server.local = lib.mkEnableOption "is this a local server"; config = lib.mkIf config.swarselsystems.profiles.server.local { swarselsystems = { - # common modules modules = { nix-ld = lib.mkDefault true; home-manager = lib.mkDefault true; @@ -3892,23 +3922,29 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a time = lib.mkDefault true; users = lib.mkDefault true; }; - # server modules - # server = { - # kavita = lib.mkDefault true; - # jellyfin = lib.mkDefault true; - # navidrome = lib.mkDefault true; - # spotifyd = lib.mkDefault true; - # mpd = lib.mkDefault true; - # matrix = lib.mkDefault true; - # nextcloud = lib.mkDefault true; - # immich = lib.mkDefault true; - # paperless = lib.mkDefault true; - # transmission = lib.mkDefault true; - # syncthing = lib.mkDefault true; - # monitoring = lib.mkDefault true; - # emacs = lib.mkDefault true; - # freshrss = lib.mkDefault true; - # }; + server = { + general = lib.mkDefault true; + packages = lib.mkDefault true; + sops = lib.mkDefault true; + nfs = lib.mkDefault true; + nginx = lib.mkDefault true; + ssh = lib.mkDefault true; + kavita = lib.mkDefault true; + jellyfin = lib.mkDefault true; + navidrome = lib.mkDefault true; + spotifyd = lib.mkDefault true; + mpd = lib.mkDefault true; + matrix = lib.mkDefault true; + nextcloud = lib.mkDefault true; + immich = lib.mkDefault true; + paperless = lib.mkDefault true; + transmission = lib.mkDefault true; + syncthing = lib.mkDefault true; + monitoring = lib.mkDefault true; + emacs = lib.mkDefault true; + freshrss = lib.mkDefault true; + + }; }; }; @@ -3923,7 +3959,6 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a options.swarselsystems.profiles.server.sync = lib.mkEnableOption "is this a oci sync server"; config = lib.mkIf config.swarselsystems.profiles.server.sync { swarselsystems = { - # common modules modules = { nix-ld = lib.mkDefault true; home-manager = lib.mkDefault true; @@ -3934,11 +3969,16 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a time = lib.mkDefault true; users = lib.mkDefault true; }; - # server modules - # server = { - # forgejo = lib.mkDefault true; - # ankisync = lib.mkDefault true; - # }; + server = { + general = lib.mkDefault true; + packages = lib.mkDefault true; + sops = lib.mkDefault true; + nfs = lib.mkDefault true; + nginx = lib.mkDefault true; + ssh = lib.mkDefault true; + forgejo = lib.mkDefault true; + ankisync = lib.mkDefault true; + }; }; }; @@ -3997,6 +4037,71 @@ This holds modules that are to be used on most hosts. These are also the most im waybar = lib.mkDefault true; firefox = lib.mkDefault true; gnome-keyring = lib.mkDefault true; + kdeconnect = lib.mkDefault true; + mako = lib.mkDefault true; + swayosd = lib.mkDefault true; + yubikeytouch = lib.mkDefault true; + sway = lib.mkDefault true; + kanshi = lib.mkDefault true; + gpgagent = lib.mkDefault true; + gammastep = lib.mkDefault true; + + optional = { + gaming = lib.mkDefault true; + }; + }; + }; + + } + +#+end_src + +***** Work + +#+begin_src nix :tangle profiles/home/work/default.nix :mkdirp yes + { lib, config, ... }: + { + options.swarselsystems.profiles.work = lib.mkEnableOption "is this a work host"; + config = lib.mkIf config.swarselsystems.profiles.work { + swarselsystems.modules = { + optional = { + work = lib.mkDefault true; + }; + }; + }; + + } + +#+end_src + +***** Darwin + +#+begin_src nix :tangle profiles/home/darwin/default.nix :mkdirp yes + { lib, config, ... }: + { + options.swarselsystems.profiles.darwin = lib.mkEnableOption "is this a darwin host"; + config = lib.mkIf config.swarselsystems.profiles.darwin { + swarselsystems.modules = { + general = lib.mkDefault true; + }; + }; + + } + +#+end_src + +***** Local Server + +#+begin_src nix :tangle profiles/home/localserver/default.nix :mkdirp yes + { lib, config, ... }: + { + options.swarselsystems.profiles.server.local = lib.mkEnableOption "is this a local server"; + config = lib.mkIf config.swarselsystems.profiles.server.local { + swarselsystems.modules = { + general = lib.mkDefault true; + server = { + dotfiles = lib.mkDefault true; + }; }; }; @@ -6077,12 +6182,13 @@ Here we just define some aliases for rebuilding the system, and we allow some in in { options.swarselsystems = { + server.general = lib.mkEnableOption "general setting on server"; shellAliases = lib.mkOption { type = lib.types.attrsOf lib.types.str; default = { }; }; }; - config = { + config = lib.mkIf config.swarselsystems.server.general { environment.shellAliases = lib.recursiveUpdate { npswitch = "cd ${flakePath}; git pull; sudo nixos-rebuild --flake .#$(hostname) switch; cd -;"; @@ -6114,16 +6220,19 @@ Here we just define some aliases for rebuilding the system, and we allow some in :END: #+begin_src nix :tangle modules/nixos/server/packages.nix - { pkgs, ... }: + { lib, config, pkgs, ... }: { - environment.systemPackages = with pkgs; [ - gnupg - nix-index - ssh-to-age - git - emacs - vim - ]; + options.swarselsystems.server.packages = lib.mkEnableOption "enable packages on server"; + config = lib.mkIf config.swarselsystems.server.packages { + environment.systemPackages = with pkgs; [ + gnupg + nix-index + ssh-to-age + git + emacs + vim + ]; + }; } #+end_src @@ -6135,12 +6244,14 @@ Here we just define some aliases for rebuilding the system, and we allow some in #+begin_src nix :tangle modules/nixos/server/sops.nix { config, lib, ... }: { - sops = { - age.sshKeyPaths = lib.mkDefault [ "/etc/ssh/sops" ]; - defaultSopsFile = lib.mkDefault "${config.swarselsystems.flakePath}/secrets/winters/secrets.yaml"; - validateSopsFiles = false; + options.swarselsystems.server.sops = lib.mkEnableOption "enable sops on server"; + config = lib.mkIf config.swarselsystems.server.sops { + sops = { + age.sshKeyPaths = lib.mkDefault [ "/etc/ssh/sops" ]; + defaultSopsFile = lib.mkDefault "${config.swarselsystems.flakePath}/secrets/winters/secrets.yaml"; + validateSopsFiles = false; + }; }; - } #+end_src @@ -6150,52 +6261,55 @@ Here we just define some aliases for rebuilding the system, and we allow some in :END: #+begin_src nix :tangle modules/nixos/server/nfs.nix - { pkgs, ... }: + { lib, config, pkgs, ... }: { - services = { - # add a user with sudo smbpasswd -a - samba = { - package = pkgs.samba4Full; - # extraConfig = '' - # workgroup = WORKGROUP - # server role = standalone server - # dns proxy = no + options.swarselsystems.server.nfs = lib.mkEnableOption "enable nfs on server"; + config = lib.mkIf config.swarselsystems.server.nfs { + services = { + # add a user with sudo smbpasswd -a + samba = { + package = pkgs.samba4Full; + # extraConfig = '' + # workgroup = WORKGROUP + # server role = standalone server + # dns proxy = no - # pam password change = yes - # map to guest = bad user - # create mask = 0664 - # force create mode = 0664 - # directory mask = 0775 - # force directory mode = 0775 - # follow symlinks = yes - # ''; + # pam password change = yes + # map to guest = bad user + # create mask = 0664 + # force create mode = 0664 + # directory mask = 0775 + # force directory mode = 0775 + # follow symlinks = yes + # ''; - enable = true; - openFirewall = true; - settings.Eternor = { - browseable = "yes"; - "read only" = "no"; - "guest ok" = "no"; - path = "/Vault/Eternor"; - writable = "true"; - comment = "Eternor"; - "valid users" = "Swarsel"; + enable = true; + openFirewall = true; + settings.Eternor = { + browseable = "yes"; + "read only" = "no"; + "guest ok" = "no"; + path = "/Vault/Eternor"; + writable = "true"; + comment = "Eternor"; + "valid users" = "Swarsel"; + }; }; - }; - avahi = { - publish.enable = true; - publish.userServices = true; # Needed to allow samba to automatically register mDNS records without the need for an `extraServiceFile` - nssmdns4 = true; - enable = true; - openFirewall = true; - }; + avahi = { + publish.enable = true; + publish.userServices = true; # Needed to allow samba to automatically register mDNS records without the need for an `extraServiceFile` + nssmdns4 = true; + enable = true; + openFirewall = true; + }; - # This enables autodiscovery on windows since SMB1 (and thus netbios) support was discontinued - samba-wsdd = { - enable = true; - openFirewall = true; + # This enables autodiscovery on windows since SMB1 (and thus netbios) support was discontinued + samba-wsdd = { + enable = true; + openFirewall = true; + }; }; }; } @@ -6207,42 +6321,44 @@ Here we just define some aliases for rebuilding the system, and we allow some in :END: #+begin_src nix :tangle modules/nixos/server/nginx.nix - { pkgs, config, ... }: + { pkgs, lib, config, ... }: { - environment.systemPackages = with pkgs; [ - lego - ]; + options.swarselsystems.server.nginx = lib.mkEnableOption "enable nginx on server"; + config = lib.mkIf config.swarselsystems.server.nginx { + environment.systemPackages = with pkgs; [ + lego + ]; - # users.users.acme = {}; + # users.users.acme = {}; - sops = { - # secrets.dnstokenfull = { owner = "acme"; }; - secrets.dnstokenfull = { }; - templates."certs.secret".content = '' - CF_DNS_API_TOKEN=${config.sops.placeholder.dnstokenfull} - ''; - }; + sops = { + # secrets.dnstokenfull = { owner = "acme"; }; + secrets.dnstokenfull = { }; + templates."certs.secret".content = '' + CF_DNS_API_TOKEN=${config.sops.placeholder.dnstokenfull} + ''; + }; - security.acme = { - acceptTerms = true; - preliminarySelfsigned = false; - defaults = { - email = "mrswarsel@gmail.com"; - dnsProvider = "cloudflare"; - environmentFile = "${config.sops.templates."certs.secret".path}"; + security.acme = { + acceptTerms = true; + preliminarySelfsigned = false; + defaults = { + email = "mrswarsel@gmail.com"; + dnsProvider = "cloudflare"; + environmentFile = "${config.sops.templates."certs.secret".path}"; + }; + }; + + services.nginx = { + enable = true; + statusPage = true; + recommendedProxySettings = true; + recommendedTlsSettings = true; + recommendedOptimisation = true; + recommendedGzipSettings = true; + # virtualHosts are defined in the respective sections }; }; - - services.nginx = { - enable = true; - statusPage = true; - recommendedProxySettings = true; - recommendedTlsSettings = true; - recommendedOptimisation = true; - recommendedGzipSettings = true; - # virtualHosts are defined in the respective sections - }; - } #+end_src @@ -6252,23 +6368,25 @@ Here we just define some aliases for rebuilding the system, and we allow some in :END: #+begin_src nix :tangle modules/nixos/server/ssh.nix - { self, config, ... }: + { self, lib, config, ... }: { - services.openssh = { - enable = true; + options.swarselsystems.server.ssh = lib.mkEnableOption "enable ssh on server"; + config = lib.mkIf config.swarselsystems.server.ssh { + services.openssh = { + enable = true; + }; + users.users."${config.swarselsystems.mainUser}".openssh.authorizedKeys.keyFiles = [ + (self + /secrets/keys/ssh/yubikey.pub) + (self + /secrets/keys/ssh/magicant.pub) + ]; + users.users.root.openssh.authorizedKeys.keyFiles = [ + (self + /secrets/keys/ssh/yubikey.pub) + (self + /secrets/keys/ssh/magicant.pub) + ]; + security.sudo.extraConfig = '' + Defaults env_keep+=SSH_AUTH_SOCK + ''; }; - users.users."${config.swarselsystems.mainUser}".openssh.authorizedKeys.keyFiles = [ - (self + /secrets/keys/ssh/yubikey.pub) - (self + /secrets/keys/ssh/magicant.pub) - ]; - users.users.root.openssh.authorizedKeys.keyFiles = [ - (self + /secrets/keys/ssh/yubikey.pub) - (self + /secrets/keys/ssh/magicant.pub) - ]; - security.sudo.extraConfig = '' - Defaults env_keep+=SSH_AUTH_SOCK - ''; - } #+end_src @@ -7853,39 +7971,42 @@ These sets of configuration do not need to be deployed on every host, for a mult This opens a few gaming ports and installs the steam configuration suite for gaming. There are more options in [[#h:84fd7029-ecb6-4131-9333-289982f24ffa][Gaming]] (home-manager side). #+begin_src nix :tangle modules/nixos/optional/gaming.nix - { pkgs, lib, ... }: + { pkgs, lib, config, ... }: { - specialisation = { - gaming.configuration = { - networking = { - firewall.enable = lib.mkForce false; - firewall = { - allowedUDPPorts = [ 4380 27036 14242 34197 ]; # 34197: factorio; 4380 27036 14242: barotrauma; - allowedTCPPorts = [ ]; # 34197: factorio; 4380 27036 14242: barotrauma; 51820: wireguard - allowedTCPPortRanges = [ - { from = 27015; to = 27030; } # barotrauma - { from = 27036; to = 27037; } # barotrauma - ]; - allowedUDPPortRanges = [ - { from = 27000; to = 27031; } # barotrauma - { from = 58962; to = 58964; } # barotrauma + options.swarselsystems.modules.optional.gaming = lib.mkEnableOption "optional gaming settings"; + config = lib.mkIf config.swarselsystems.modules.optional.gaming { + specialisation = { + gaming.configuration = { + networking = { + firewall.enable = lib.mkForce false; + firewall = { + allowedUDPPorts = [ 4380 27036 14242 34197 ]; # 34197: factorio; 4380 27036 14242: barotrauma; + allowedTCPPorts = [ ]; # 34197: factorio; 4380 27036 14242: barotrauma; 51820: wireguard + allowedTCPPortRanges = [ + { from = 27015; to = 27030; } # barotrauma + { from = 27036; to = 27037; } # barotrauma + ]; + allowedUDPPortRanges = [ + { from = 27000; to = 27031; } # barotrauma + { from = 58962; to = 58964; } # barotrauma + ]; + }; + }; + + programs.steam = { + enable = true; + package = pkgs.steam; + extraCompatPackages = [ + pkgs.proton-ge-bin ]; }; - }; - programs.steam = { - enable = true; - package = pkgs.steam; - extraCompatPackages = [ - pkgs.proton-ge-bin + hardware.xone.enable = true; + + environment.systemPackages = [ + pkgs.linuxKernel.packages.linux_6_12.xone ]; }; - - hardware.xone.enable = true; - - environment.systemPackages = [ - pkgs.linuxKernel.packages.linux_6_12.xone - ]; }; }; @@ -7902,9 +8023,10 @@ This opens a few gaming ports and installs the steam configuration suite for gam This sets the VirtualBox configuration. Guest should not be enabled if not direly needed, it will make rebuilds unbearably slow. I only use this privately to run an old editor that does not run well under wine, so I put it into it's own specialisation. #+begin_src nix :tangle modules/nixos/optional/virtualbox.nix - { lib, pkgs, ... }: - { - +{ lib, config, pkgs, ... }: +{ + options.swarselsystems.modules.optional.virtualbox = lib.mkEnableOption "optional VBox settings"; + config = lib.mkIf config.swarselsystems.modules.optional.virtualbox { specialisation = { VBox.configuration = { virtualisation.virtualbox = { @@ -7921,8 +8043,9 @@ This sets the VirtualBox configuration. Guest should not be enabled if not direl boot.kernelPackages = lib.mkForce pkgs.linuxPackages; }; }; + }; - } +} #+end_src **** VmWare @@ -7934,11 +8057,14 @@ This sets the VirtualBox configuration. Guest should not be enabled if not direl This sets the VirtualBox configuration. Guest should not be enabled if not direly needed, it will make rebuilds unbearably slow. #+begin_src nix :tangle modules/nixos/optional/vmware.nix - _: + { lib, config, ... }: { - virtualisation.vmware.host.enable = true; - virtualisation.vmware.guest.enable = true; + options.swarselsystems.modules.optional.vmware = lib.mkEnableOption "optional vmware settings"; + config = lib.mkIf config.swarselsystems.modules.optional.vmware { + virtualisation.vmware.host.enable = true; + virtualisation.vmware.guest.enable = true; + }; } #+end_src @@ -7950,14 +8076,17 @@ This sets the VirtualBox configuration. Guest should not be enabled if not direl Auto login for the initial session. #+begin_src nix :tangle modules/nixos/optional/autologin.nix - { config, ... }: + { lib, config, ... }: let inherit (config.swarselsystems) mainUser; in { - services = { - getty.autologinUser = mainUser; - greetd.settings.initial_session.user = mainUser; + options.swarselsystems.modules.optional.autologin = lib.mkEnableOption "optional autologin settings"; + config = lib.mkIf config.swarselsystems.modules.optional.autologin { + services = { + getty.autologinUser = mainUser; + greetd.settings.initial_session.user = mainUser; + }; }; } #+end_src @@ -7970,13 +8099,16 @@ Auto login for the initial session. This smashes Atmosphere 1.3.2 on the switch, which is what I am currenty using. #+begin_src nix :tangle modules/nixos/optional/nswitch-rcm.nix - { pkgs, ... }: + { lib, config, pkgs, ... }: { - services.nswitch-rcm = { - enable = true; - package = pkgs.fetchurl { - url = "https://github.com/Atmosphere-NX/Atmosphere/releases/download/1.3.2/fusee.bin"; - hash = "sha256-5AXzNsny45SPLIrvWJA9/JlOCal5l6Y++Cm+RtlJppI="; + options.swarselsystems.modules.optional.nswitch-rcm = lib.mkEnableOption "optional nswitch-rcm settings"; + config = lib.mkIf config.swarselsystems.modules.optional.nswitch-rcm { + services.nswitch-rcm = { + enable = true; + package = pkgs.fetchurl { + url = "https://github.com/Atmosphere-NX/Atmosphere/releases/download/1.3.2/fusee.bin"; + hash = "sha256-5AXzNsny45SPLIrvWJA9/JlOCal5l6Y++Cm+RtlJppI="; + }; }; }; } @@ -8016,167 +8148,170 @@ Options that I need specifically at work. There are more options at [[#h:f0b2ea9 }; in { - sops = - let - secretNames = [ - "vcuser" - "vcpw" - "govcuser" - "govcpw" - "govcurl" - "govcdc" - "govcds" - "govchost" - "govcnetwork" - "govcpool" - ]; - in - { - secrets = builtins.listToAttrs ( - map - (name: { - inherit name; - value = { inherit owner sopsFile; }; - }) - secretNames - ); - }; + options.swarselsystems.modules.optional.work = lib.mkEnableOption "optional work settings"; + config = lib.mkIf config.swarselsystems.modules.optional.work { + sops = + let + secretNames = [ + "vcuser" + "vcpw" + "govcuser" + "govcpw" + "govcurl" + "govcdc" + "govcds" + "govchost" + "govcnetwork" + "govcpool" + ]; + in + { + secrets = builtins.listToAttrs ( + map + (name: { + inherit name; + value = { inherit owner sopsFile; }; + }) + secretNames + ); + }; - boot.initrd = { - systemd.enable = lib.mkForce true; # make sure we are using initrd systemd even when not using Impermanence - luks = { - # disable "support" since we use systemd-cryptenroll - # make sure yubikeys are enrolled using - # sudo systemd-cryptenroll --fido2-device=auto --fido2-with-user-verification=no --fido2-with-user-presence=true --fido2-with-client-pin=no /dev/nvme0n1p2 - yubikeySupport = false; - fido2Support = false; - }; - }; - - programs = { - zsh.shellInit = '' - export VSPHERE_USER="$(cat ${config.sops.secrets.vcuser.path})" - export VSPHERE_PW="$(cat ${config.sops.secrets.vcpw.path})" - export GOVC_USERNAME="$(cat ${config.sops.secrets.govcuser.path})" - export GOVC_PASSWORD="$(cat ${config.sops.secrets.govcpw.path})" - export GOVC_URL="$(cat ${config.sops.secrets.govcurl.path})" - export GOVC_DATACENTER="$(cat ${config.sops.secrets.govcdc.path})" - export GOVC_DATASTORE="$(cat ${config.sops.secrets.govcds.path})" - export GOVC_HOST="$(cat ${config.sops.secrets.govchost.path})" - export GOVC_RESOURCE_POOL="$(cat ${config.sops.secrets.govcpool.path})" - export GOVC_NETWORK="$(cat ${config.sops.secrets.govcnetwork.path})" - ''; - - browserpass.enable = true; - _1password.enable = true; - _1password-gui = { - enable = true; - polkitPolicyOwners = [ "${mainUser}" ]; - }; - }; - - networking = { - firewall.trustedInterfaces = [ "virbr0" ]; - search = [ - "vbc.ac.at" - "clip.vbc.ac.at" - "imp.univie.ac.at" - ]; - }; - - virtualisation = { - docker.enable = lib.mkIf (!config.virtualisation.podman.dockerCompat) true; - spiceUSBRedirection.enable = true; - libvirtd = { - enable = true; - qemu = { - package = pkgs.qemu_kvm; - runAsRoot = true; - swtpm.enable = true; - vhostUserPackages = with pkgs; [ virtiofsd ]; - ovmf = { - enable = true; - packages = [ - (pkgs.OVMFFull.override { - secureBoot = true; - tpmSupport = true; - }).fd - ]; - }; + boot.initrd = { + systemd.enable = lib.mkForce true; # make sure we are using initrd systemd even when not using Impermanence + luks = { + # disable "support" since we use systemd-cryptenroll + # make sure yubikeys are enrolled using + # sudo systemd-cryptenroll --fido2-device=auto --fido2-with-user-verification=no --fido2-with-user-presence=true --fido2-with-client-pin=no /dev/nvme0n1p2 + yubikeySupport = false; + fido2Support = false; }; }; - }; - environment.systemPackages = with pkgs; [ - # (python39.withPackages (ps: with ps; [ - # cryptography - # ])) - # docker - python39 - qemu - packer - gnumake - libisoburn - govc - terraform - graphviz + programs = { + zsh.shellInit = '' + export VSPHERE_USER="$(cat ${config.sops.secrets.vcuser.path})" + export VSPHERE_PW="$(cat ${config.sops.secrets.vcpw.path})" + export GOVC_USERNAME="$(cat ${config.sops.secrets.govcuser.path})" + export GOVC_PASSWORD="$(cat ${config.sops.secrets.govcpw.path})" + export GOVC_URL="$(cat ${config.sops.secrets.govcurl.path})" + export GOVC_DATACENTER="$(cat ${config.sops.secrets.govcdc.path})" + export GOVC_DATASTORE="$(cat ${config.sops.secrets.govcds.path})" + export GOVC_HOST="$(cat ${config.sops.secrets.govchost.path})" + export GOVC_RESOURCE_POOL="$(cat ${config.sops.secrets.govcpool.path})" + export GOVC_NETWORK="$(cat ${config.sops.secrets.govcnetwork.path})" + ''; - # vm - virt-manager - virt-viewer - virtiofsd - spice - spice-gtk - spice-protocol - win-virtio - win-spice - ]; - - - services = { - spice-vdagentd.enable = true; - openssh = { - enable = true; - extraConfig = '' - ''; + browserpass.enable = true; + _1password.enable = true; + _1password-gui = { + enable = true; + polkitPolicyOwners = [ "${mainUser}" ]; + }; }; - syncthing = { - settings = { - "winters" = { - id = "O7RWDMD-AEAHPP7-7TAVLKZ-BSWNBTU-2VA44MS-EYGUNBB-SLHKB3C-ZSLMOAA"; - }; - folders = { - "Documents" = { - path = "${homeDir}/Documents"; - devices = [ "magicant" "winters" ]; - id = "hgr3d-pfu3w"; + networking = { + firewall.trustedInterfaces = [ "virbr0" ]; + search = [ + "vbc.ac.at" + "clip.vbc.ac.at" + "imp.univie.ac.at" + ]; + }; + + virtualisation = { + docker.enable = lib.mkIf (!config.virtualisation.podman.dockerCompat) true; + spiceUSBRedirection.enable = true; + libvirtd = { + enable = true; + qemu = { + package = pkgs.qemu_kvm; + runAsRoot = true; + swtpm.enable = true; + vhostUserPackages = with pkgs; [ virtiofsd ]; + ovmf = { + enable = true; + packages = [ + (pkgs.OVMFFull.override { + secureBoot = true; + tpmSupport = true; + }).fd + ]; }; }; }; }; - udev.extraRules = '' - # share screen when dongle detected - SUBSYSTEM=="usb", ACTION=="add", ATTRS{idVendor}=="343c", ATTRS{idProduct}=="0000", TAG+="systemd", ENV{SYSTEMD_WANTS}="swarsel-screenshare.service" + environment.systemPackages = with pkgs; [ + # (python39.withPackages (ps: with ps; [ + # cryptography + # ])) + # docker + python39 + qemu + packer + gnumake + libisoburn + govc + terraform + graphviz - # lock screen when yubikey removed - ACTION=="remove", ENV{PRODUCT}=="3/1050/407/110", RUN+="${pkgs.systemd}/bin/systemctl suspend" - ''; + # vm + virt-manager + virt-viewer + virtiofsd + spice + spice-gtk + spice-protocol + win-virtio + win-spice + ]; - }; - systemd.services = lib.mkMerge [ - (swarselService "swarsel-screenshare" "Start screensharing after HDMI dongle is detected" "${pkgs.screenshare}/bin/screenshare -h") - ]; + services = { + spice-vdagentd.enable = true; + openssh = { + enable = true; + extraConfig = '' + ''; + }; - # cgroups v1 is required for centos7 dockers - specialisation = { - cgroup_v1.configuration = { - boot.kernelParams = [ - "SYSTEMD_CGROUP_ENABLE_LEGACY_FORCE=1" - "systemd.unified_cgroup_hierarchy=0" - ]; + syncthing = { + settings = { + "winters" = { + id = "O7RWDMD-AEAHPP7-7TAVLKZ-BSWNBTU-2VA44MS-EYGUNBB-SLHKB3C-ZSLMOAA"; + }; + folders = { + "Documents" = { + path = "${homeDir}/Documents"; + devices = [ "magicant" "winters" ]; + id = "hgr3d-pfu3w"; + }; + }; + }; + }; + + udev.extraRules = '' + # share screen when dongle detected + SUBSYSTEM=="usb", ACTION=="add", ATTRS{idVendor}=="343c", ATTRS{idProduct}=="0000", TAG+="systemd", ENV{SYSTEMD_WANTS}="swarsel-screenshare.service" + + # lock screen when yubikey removed + ACTION=="remove", ENV{PRODUCT}=="3/1050/407/110", RUN+="${pkgs.systemd}/bin/systemctl suspend" + ''; + + }; + + systemd.services = lib.mkMerge [ + (swarselService "swarsel-screenshare" "Start screensharing after HDMI dongle is detected" "${pkgs.screenshare}/bin/screenshare -h") + ]; + + # cgroups v1 is required for centos7 dockers + specialisation = { + cgroup_v1.configuration = { + boot.kernelParams = [ + "SYSTEMD_CGROUP_ENABLE_LEGACY_FORCE=1" + "systemd.unified_cgroup_hierarchy=0" + ]; + }; }; }; @@ -10655,11 +10790,14 @@ Used for storing sessions in e.g. Nextcloud This enables phone/computer communication, including sending clipboard, files etc. Sadly on Wayland many of the features are broken (like remote control). #+begin_src nix :tangle modules/home/common/kdeconnect.nix - _: + { lib, config, ... }: { - services.kdeconnect = { - enable = true; - indicator = true; + options.swarselsystems.modules.kdeconnect = lib.mkEnableOption "kdeconnect settings"; + config = lib.mkIf config.swarselsystems.modules.kdeconnect { + services.kdeconnect = { + enable = true; + indicator = true; + }; }; } @@ -10675,42 +10813,55 @@ Desktop notifications! The `extraConfig` section here CANNOT be reindented. This has something to do with how nix handles multiline strings, when indented Mako will fail to start. This might be a mako bug as well. #+begin_src nix :tangle modules/home/common/mako.nix - _: + { lib, config, ... }: { - services.mako = { - enable = true; - # backgroundColor = "#2e3440"; - # borderColor = "#88c0d0"; - borderRadius = 15; - borderSize = 1; - defaultTimeout = 5000; - height = 150; - icons = true; - ignoreTimeout = true; - layer = "overlay"; - maxIconSize = 64; - sort = "-time"; - width = 300; - # font = "monospace 10"; - extraConfig = '' - [urgency=low] - border-color=#cccccc - [urgency=normal] - border-color=#d08770 - [urgency=high] - border-color=#bf616a - default-timeout=3000 - [category=mpd] - default-timeout=2000 - group-by=category - ''; + options.swarselsystems.modules.mako = lib.mkEnableOption "mako settings"; + config = lib.mkIf config.swarselsystems.modules.mako { + services.mako = { + enable = true; + # backgroundColor = "#2e3440"; + # borderColor = "#88c0d0"; + borderRadius = 15; + borderSize = 1; + defaultTimeout = 5000; + height = 150; + icons = true; + ignoreTimeout = true; + layer = "overlay"; + maxIconSize = 64; + sort = "-time"; + width = 300; + # font = "monospace 10"; + extraConfig = '' + [urgency=low] + border-color=#cccccc + [urgency=normal] + border-color=#d08770 + [urgency=high] + border-color=#bf616a + default-timeout=3000 + [category=mpd] + default-timeout=2000 + group-by=category + ''; + }; }; - services.swayosd = { - enable = true; - topMargin = 0.5; - }; + } +#+end_src +***** SwayOSD + +#+begin_src nix :tangle modules/home/common/swayosd.nix + { lib, config, ... }: + { + options.swarselsystems.modules.swayosd = lib.mkEnableOption "swayosd settings"; + config = lib.mkIf config.swarselsystems.modules.swayosd { + services.swayosd = { + enable = true; + topMargin = 0.5; + }; + }; } #+end_src @@ -10720,32 +10871,35 @@ The `extraConfig` section here CANNOT be reindented. This has something to do wi :END: #+begin_src nix :tangle modules/home/common/yubikey-touch-detector.nix - { pkgs, ... }: + { lib, config, pkgs, ... }: { - systemd.user.services.yubikey-touch-detector = { - Unit = { - Description = "Detects when your YubiKey is waiting for a touch"; - Requires = [ "yubikey-touch-detector.socket" ]; + options.swarselsystems.modules.yubikeytouch = lib.mkEnableOption "yubikey touch detector service settings"; + config = lib.mkIf config.swarselsystems.modules.yubikeytouch { + systemd.user.services.yubikey-touch-detector = { + Unit = { + Description = "Detects when your YubiKey is waiting for a touch"; + Requires = [ "yubikey-touch-detector.socket" ]; + }; + Service = { + ExecStart = "${pkgs.yubikey-touch-detector}/bin/yubikey-touch-detector --libnotify"; + EnvironmentFile = "-%E/yubikey-touch-detector/service.conf"; + }; + Install = { + Also = [ "yubikey-touch-detector.socket" ]; + WantedBy = [ "default.target" ]; + }; }; - Service = { - ExecStart = "${pkgs.yubikey-touch-detector}/bin/yubikey-touch-detector --libnotify"; - EnvironmentFile = "-%E/yubikey-touch-detector/service.conf"; - }; - Install = { - Also = [ "yubikey-touch-detector.socket" ]; - WantedBy = [ "default.target" ]; - }; - }; - systemd.user.sockets.yubikey-touch-detector = { - Unit = { - Description = "Unix socket activation for YubiKey touch detector service"; - }; - Socket = { - ListenStream = "%t/yubikey-touch-detector.socket"; - RemoveOnStop = true; - }; - Install = { - WantedBy = [ "sockets.target" ]; + systemd.user.sockets.yubikey-touch-detector = { + Unit = { + Description = "Unix socket activation for YubiKey touch detector service"; + }; + Socket = { + ListenStream = "%t/yubikey-touch-detector.socket"; + RemoveOnStop = true; + }; + Install = { + WantedBy = [ "sockets.target" ]; + }; }; }; } @@ -10764,6 +10918,7 @@ Currently, I am too lazy to explain every option here, but most of it is very se { self, config, lib, ... }: { options.swarselsystems = { + modules.sway = lib.mkEnableOption "sway settings"; inputs = lib.mkOption { type = lib.types.attrsOf (lib.types.attrsOf lib.types.str); default = { }; @@ -10827,7 +10982,7 @@ Currently, I am too lazy to explain every option here, but most of it is very se internal = true; }; }; - config = { + config = lib.mkIf config.swarselsystems.modules.sway { swarselsystems = { touchpad = lib.mkIf config.swarselsystems.isLaptop { "type:touchpad" = { @@ -11175,77 +11330,80 @@ Currently, I am too lazy to explain every option here, but most of it is very se #+begin_src nix :tangle modules/home/common/kanshi.nix - { config, ... }: + { lib, config, ... }: { - services.kanshi = { - enable = true; - settings = [ - { - # laptop screen - output = { - criteria = config.swarselsystems.sharescreen; - mode = config.swarselsystems.highResolution; - scale = 1.0; - }; - } - { - # home main screen - output = { - criteria = "Philips Consumer Electronics Company PHL BDM3270 AU11806002320"; - scale = 1.0; - mode = "2560x1440"; - }; - } - { - profile = { - name = "lidopen"; - outputs = [ - { - criteria = "eDP-2"; - status = "enable"; - scale = 1.0; - } - ]; - }; - } - { - profile = { - name = "lidopen"; - outputs = [ - { - criteria = config.swarselsystems.sharescreen; - status = "enable"; - scale = 1.7; - position = "2560,0"; - } - { - criteria = "Philips Consumer Electronics Company PHL BDM3270 AU11806002320"; - scale = 1.0; - mode = "2560x1440"; - position = "0,0"; - } - ]; - }; - } - { - profile = { - name = "lidclosed"; - outputs = [ - { - criteria = config.swarselsystems.sharescreen; - status = "disable"; - position = "2560,0"; - } - { - criteria = "Philips Consumer Electronics Company PHL BDM3270 AU11806002320"; - scale = 1.0; - mode = "2560x1440"; - position = "0,0"; - } - ]; - }; - } - ]; + options.swarselsystems.modules.kanshi = lib.mkEnableOption "kanshi settings"; + config = lib.mkIf config.swarselsystems.modules.kanshi { + services.kanshi = { + enable = true; + settings = [ + { + # laptop screen + output = { + criteria = config.swarselsystems.sharescreen; + mode = config.swarselsystems.highResolution; + scale = 1.0; + }; + } + { + # home main screen + output = { + criteria = "Philips Consumer Electronics Company PHL BDM3270 AU11806002320"; + scale = 1.0; + mode = "2560x1440"; + }; + } + { + profile = { + name = "lidopen"; + outputs = [ + { + criteria = "eDP-2"; + status = "enable"; + scale = 1.0; + } + ]; + }; + } + { + profile = { + name = "lidopen"; + outputs = [ + { + criteria = config.swarselsystems.sharescreen; + status = "enable"; + scale = 1.7; + position = "2560,0"; + } + { + criteria = "Philips Consumer Electronics Company PHL BDM3270 AU11806002320"; + scale = 1.0; + mode = "2560x1440"; + position = "0,0"; + } + ]; + }; + } + { + profile = { + name = "lidclosed"; + outputs = [ + { + criteria = config.swarselsystems.sharescreen; + status = "disable"; + position = "2560,0"; + } + { + criteria = "Philips Consumer Electronics Company PHL BDM3270 AU11806002320"; + scale = 1.0; + mode = "2560x1440"; + position = "0,0"; + } + ]; + }; + } + ]; + }; }; } #+end_src @@ -11258,44 +11416,47 @@ Currently, I am too lazy to explain every option here, but most of it is very se Settinfs that are needed for the gpg-agent. Also we are enabling emacs support for unlocking my Yubikey here. #+begin_src nix :tangle modules/home/common/gpg-agent.nix - { self, config, pkgs, ... }: + { self, lib, config, pkgs, ... }: let inherit (config.swarselsystems) mainUser homeDir; in { - services.gpg-agent = { - enable = true; - enableZshIntegration = true; - enableScDaemon = true; - enableSshSupport = true; - enableExtraSocket = true; - pinentryPackage = pkgs.pinentry.gtk2; - defaultCacheTtl = 600; - maxCacheTtl = 7200; - extraConfig = '' - allow-loopback-pinentry - allow-emacs-pinentry - ''; - sshKeys = [ - "4BE7925262289B476DBBC17B76FD3810215AE097" + options.swarselsystems.modules.gpgagent = lib.mkEnableOption "gpg agent settings"; + config = lib.mkIf config.swarselsystems.modules.gpgagent { + services.gpg-agent = { + enable = true; + enableZshIntegration = true; + enableScDaemon = true; + enableSshSupport = true; + enableExtraSocket = true; + pinentryPackage = pkgs.pinentry.gtk2; + defaultCacheTtl = 600; + maxCacheTtl = 7200; + extraConfig = '' + allow-loopback-pinentry + allow-emacs-pinentry + ''; + sshKeys = [ + "4BE7925262289B476DBBC17B76FD3810215AE097" + ]; + }; + + programs.gpg = { + enable = true; + publicKeys = [ + { + source = "${self}/secrets/keys/gpg/gpg-public-key-0x76FD3810215AE097.asc"; + trust = 5; + } + ]; + }; + + # assure correct permissions + systemd.user.tmpfiles.rules = [ + "d ${homeDir}/.gnupg 700 ${mainUser} users" ]; }; - programs.gpg = { - enable = true; - publicKeys = [ - { - source = "${self}/secrets/keys/gpg/gpg-public-key-0x76FD3810215AE097.asc"; - trust = 5; - } - ]; - }; - - # assure correct permissions - systemd.user.tmpfiles.rules = [ - "d ${homeDir}/.gnupg 700 ${mainUser} users" - ]; - } #+end_src @@ -11307,16 +11468,19 @@ Settinfs that are needed for the gpg-agent. Also we are enabling emacs support f This service changes the screen hue at night. I am not sure if that really does something, but I like the color anyways. #+begin_src nix :tangle modules/home/common/gammastep.nix - { lib, nix-secrets, ... }: + { lib, config, nix-secrets, ... }: let secretsDirectory = builtins.toString nix-secrets; in { - services.gammastep = { - enable = true; - provider = "manual"; - latitude = lib.swarselsystems.getSecret "${secretsDirectory}/home/gammastep-latitude"; - longitude = lib.swarselsystems.getSecret "${secretsDirectory}/home/gammastep-longitude"; + options.swarselsystems.modules.gammastep = lib.mkEnableOption "gammastep settings"; + config = lib.mkIf config.swarselsystems.modules.gammastep { + services.gammastep = { + enable = true; + provider = "manual"; + latitude = lib.swarselsystems.getSecret "${secretsDirectory}/home/gammastep-latitude"; + longitude = lib.swarselsystems.getSecret "${secretsDirectory}/home/gammastep-longitude"; + }; }; } #+end_src @@ -11357,12 +11521,15 @@ This section should be used in order to symlink already existing configuration f As for the `home.sessionVariables`, it should be noted that environment variables that are needed at system start should NOT be loaded here, but instead in `programs.zsh.config.extraSessionCommands` (in the home-manager programs section). This is also where all the wayland related variables are stored. #+begin_src nix :tangle modules/home/server/symlink.nix - { self, lib, ... }: + { self, lib, config, ... }: { - home.file = { - "init.el" = lib.mkForce { - source = self + /programs/emacs/server.el; - target = ".emacs.d/init.el"; + options.swarselsystems.modules.server.dotfiles = lib.mkEnableOption "server dotfiles settings"; + config = lib.mkIf config.swarselsystems.modules.server.dotfiles { + home.file = { + "init.el" = lib.mkForce { + source = self + /programs/emacs/server.el; + target = ".emacs.d/init.el"; + }; }; }; } @@ -11408,40 +11575,43 @@ Akin to the optional NixOS modules. The rest of the settings is at [[#h:fb3f3e01-7df4-4b06-9e91-aa9cac61a431][gaming]]. #+begin_src nix :tangle modules/home/optional/gaming.nix - { pkgs, ... }: + { lib, config, pkgs, ... }: { - # specialisation = { - # gaming.configuration = { - home.packages = with pkgs; [ - lutris - wine - winetricks - libudev-zero - dwarfs - fuse-overlayfs - # steam - steam-run - patchelf - gamescope - vulkan-tools - moonlight-qt - ns-usbloader + options.swarselsystems.modules.optional.gaming = lib.mkEnableOption "optional gaming settings"; + config = lib.mkIf config.swarselsystems.modules.optional.gaming { + # specialisation = { + # gaming.configuration = { + home.packages = with pkgs; [ + lutris + wine + winetricks + libudev-zero + dwarfs + fuse-overlayfs + # steam + steam-run + patchelf + gamescope + vulkan-tools + moonlight-qt + ns-usbloader - quark-goldleaf + quark-goldleaf - # gog games installing - heroic + # gog games installing + heroic - # minecraft - prismlauncher # has overrides - temurin-bin-17 + # minecraft + prismlauncher # has overrides + temurin-bin-17 - pokefinder - retroarch - flips - ]; - # }; - # }; + pokefinder + retroarch + flips + ]; + # }; + # }; + }; } #+end_src @@ -11463,307 +11633,310 @@ The rest of the settings is at [[#h:bbf2ecb6-c8ff-4462-b5d5-d45b28604ddf][work]] wsUser = lib.swarselsystems.getSecret "${secretsDirectory}/work/ws-user"; in { - home.packages = with pkgs; [ - stable.teams-for-linux - shellcheck - dig - docker - postman - rclone - stable.awscli2 - libguestfs-with-appliance - stable.prometheus.cli - tigervnc - openstackclient - ]; + options.swarselsystems.modules.optional.work = lib.mkEnableOption "optional work settings"; + config = lib.mkIf config.swarselsystems.modules.optional.work { + home.packages = with pkgs; [ + stable.teams-for-linux + shellcheck + dig + docker + postman + rclone + stable.awscli2 + libguestfs-with-appliance + stable.prometheus.cli + tigervnc + openstackclient + ]; - home.sessionVariables = { - DOCUMENT_DIR_PRIV = lib.mkForce "${homeDir}/Documents/Private"; - DOCUMENT_DIR_WORK = lib.mkForce "${homeDir}/Documents/Work"; - }; - - wayland.windowManager.sway.config = { - output = { - "Applied Creative Technology Transmitter QUATTRO201811" = { - bg = "${self}/wallpaper/navidrome.png ${config.stylix.imageScalingMode}"; - }; - "Hewlett Packard HP Z24i CN44250RDT" = { - bg = "${self}/wallpaper/op6wp.png ${config.stylix.imageScalingMode}"; - }; - "HP Inc. HP 732pk CNC4080YL5" = { - bg = "${self}/wallpaper/botanicswp.png ${config.stylix.imageScalingMode}"; - }; - }; - }; - - stylix.targets.firefox.profileNames = [ - "dc" - "cl" - "ws" - ]; - - programs = { - git.userEmail = lib.swarselsystems.getSecret "${secretsDirectory}/work/git-email"; - - zsh = { - shellAliases = { - dssh = "ssh -l ${dcUser}"; - cssh = "ssh -l ${clUser}"; - wssh = "ssh -l ${wsUser}"; - }; - cdpath = [ - "~/Documents/Work" - ]; - dirHashes = { - d = "$HOME/.dotfiles"; - w = "$HOME/Documents/Work"; - s = "$HOME/.dotfiles/secrets"; - pr = "$HOME/Documents/Private"; - ac = "$HOME/.ansible/collections/ansible_collections/vbc/linux/roles"; - }; + home.sessionVariables = { + DOCUMENT_DIR_PRIV = lib.mkForce "${homeDir}/Documents/Private"; + DOCUMENT_DIR_WORK = lib.mkForce "${homeDir}/Documents/Work"; }; - ssh = { - matchBlocks = { - "uc" = { - hostname = lib.swarselsystems.getSecret "${secretsDirectory}/work/uc-prod"; - user = "stack"; + wayland.windowManager.sway.config = { + output = { + "Applied Creative Technology Transmitter QUATTRO201811" = { + bg = "${self}/wallpaper/navidrome.png ${config.stylix.imageScalingMode}"; }; - "uc.stg" = { - hostname = lib.swarselsystems.getSecret "${secretsDirectory}/work/uc-stg"; - user = "stack"; + "Hewlett Packard HP Z24i CN44250RDT" = { + bg = "${self}/wallpaper/op6wp.png ${config.stylix.imageScalingMode}"; }; - "uc.staging" = { - hostname = lib.swarselsystems.getSecret "${secretsDirectory}/work/uc-stg"; - user = "stack"; - }; - "uc.dev" = { - hostname = lib.swarselsystems.getSecret "${secretsDirectory}/work/uc-dev"; - user = "stack"; - }; - "cbe" = { - hostname = lib.swarselsystems.getSecret "${secretsDirectory}/work/cbe-prod"; - user = dcUser; - }; - "cbe.stg" = { - hostname = lib.swarselsystems.getSecret "${secretsDirectory}/work/cbe-stg"; - user = dcUser; - }; - "cbe.staging" = { - hostname = lib.swarselsystems.getSecret "${secretsDirectory}/work/cbe-stg"; - user = dcUser; - }; - "*.vbc.ac.at" = { - user = dcUser; + "HP Inc. HP 732pk CNC4080YL5" = { + bg = "${self}/wallpaper/botanicswp.png ${config.stylix.imageScalingMode}"; }; }; }; - firefox = { - profiles = + stylix.targets.firefox.profileNames = [ + "dc" + "cl" + "ws" + ]; + + programs = { + git.userEmail = lib.swarselsystems.getSecret "${secretsDirectory}/work/git-email"; + + zsh = { + shellAliases = { + dssh = "ssh -l ${dcUser}"; + cssh = "ssh -l ${clUser}"; + wssh = "ssh -l ${wsUser}"; + }; + cdpath = [ + "~/Documents/Work" + ]; + dirHashes = { + d = "$HOME/.dotfiles"; + w = "$HOME/Documents/Work"; + s = "$HOME/.dotfiles/secrets"; + pr = "$HOME/Documents/Private"; + ac = "$HOME/.ansible/collections/ansible_collections/vbc/linux/roles"; + }; + }; + + ssh = { + matchBlocks = { + "uc" = { + hostname = lib.swarselsystems.getSecret "${secretsDirectory}/work/uc-prod"; + user = "stack"; + }; + "uc.stg" = { + hostname = lib.swarselsystems.getSecret "${secretsDirectory}/work/uc-stg"; + user = "stack"; + }; + "uc.staging" = { + hostname = lib.swarselsystems.getSecret "${secretsDirectory}/work/uc-stg"; + user = "stack"; + }; + "uc.dev" = { + hostname = lib.swarselsystems.getSecret "${secretsDirectory}/work/uc-dev"; + user = "stack"; + }; + "cbe" = { + hostname = lib.swarselsystems.getSecret "${secretsDirectory}/work/cbe-prod"; + user = dcUser; + }; + "cbe.stg" = { + hostname = lib.swarselsystems.getSecret "${secretsDirectory}/work/cbe-stg"; + user = dcUser; + }; + "cbe.staging" = { + hostname = lib.swarselsystems.getSecret "${secretsDirectory}/work/cbe-stg"; + user = dcUser; + }; + "*.vbc.ac.at" = { + user = dcUser; + }; + }; + }; + + firefox = { + profiles = + let + isDefault = false; + in + { + dc = lib.recursiveUpdate + { + inherit isDefault; + id = 1; + settings = { + "browser.startup.homepage" = "https://tower.vbc.ac.at|https://artifactory.vbc.ac.at"; + }; + } + config.swarselsystems.firefox; + cl = lib.recursiveUpdate + { + inherit isDefault; + id = 2; + settings = { + "browser.startup.homepage" = "https://portal.azure.com"; + }; + } + config.swarselsystems.firefox; + ws = lib.recursiveUpdate + { + inherit isDefault; + id = 3; + } + config.swarselsystems.firefox; + }; + }; + + chromium = { + enable = true; + package = pkgs.chromium; + + extensions = [ + # 1password + "gejiddohjgogedgjnonbofjigllpkmbf" + # dark reader + "eimadpbcbfnmbkopoojfekhnkhdbieeh" + # ublock origin + "cjpalhdlnbpafiamejdnhcphjbkeiagm" + # i still dont care about cookies + "edibdbjcniadpccecjdfdjjppcpchdlm" + # browserpass + "naepdomgkenhinolocfifgehidddafch" + ]; + }; + }; + + services = { + kanshi = { + settings = [ + { + # seminary room + output = { + criteria = "Applied Creative Technology Transmitter QUATTRO201811"; + scale = 1.0; + mode = "1280x720"; + }; + } + { + # work main screen + output = { + criteria = "HP Inc. HP 732pk CNC4080YL5"; + scale = 1.0; + mode = "3840x2160"; + }; + } + { + # work side screen + output = { + criteria = "Hewlett Packard HP Z24i CN44250RDT"; + scale = 1.0; + mode = "1920x1200"; + transform = "270"; + }; + } + { + profile = { + name = "lidopen"; + outputs = [ + { + criteria = config.swarselsystems.sharescreen; + status = "enable"; + scale = 1.5; + position = "1462,0"; + } + { + criteria = "HP Inc. HP 732pk CNC4080YL5"; + scale = 1.4; + mode = "3840x2160"; + position = "-1280,0"; + } + { + criteria = "Hewlett Packard HP Z24i CN44250RDT"; + scale = 1.0; + mode = "1920x1200"; + transform = "90"; + position = "-2480,0"; + } + ]; + }; + } + { + profile = { + name = "lidopen"; + outputs = [ + { + criteria = config.swarselsystems.sharescreen; + status = "enable"; + scale = 1.7; + position = "2560,0"; + } + { + criteria = "Applied Creative Technology Transmitter QUATTRO201811"; + scale = 1.0; + mode = "1280x720"; + position = "10000,10000"; + } + ]; + }; + } + { + profile = { + name = "lidclosed"; + outputs = [ + { + criteria = config.swarselsystems.sharescreen; + status = "disable"; + } + { + criteria = "HP Inc. HP 732pk CNC4080YL5"; + scale = 1.4; + mode = "3840x2160"; + position = "-1280,0"; + } + { + criteria = "Hewlett Packard HP Z24i CN44250RDT"; + scale = 1.0; + mode = "1920x1200"; + transform = "270"; + position = "-2480,0"; + } + ]; + }; + } + { + profile = { + name = "lidclosed"; + outputs = [ + { + criteria = config.swarselsystems.sharescreen; + status = "disable"; + } + { + criteria = "Applied Creative Technology Transmitter QUATTRO201811"; + scale = 1.0; + mode = "1280x720"; + position = "10000,10000"; + } + ]; + }; + } + ]; + }; + }; + + xdg = { + mimeApps = { + defaultApplications = { + "x-scheme-handler/msteams" = [ "teams-for-linux.desktop" ]; + }; + }; + desktopEntries = let - isDefault = false; + terminal = false; + categories = [ "Application" ]; + icon = "firefox"; in { - dc = lib.recursiveUpdate - { - inherit isDefault; - id = 1; - settings = { - "browser.startup.homepage" = "https://tower.vbc.ac.at|https://artifactory.vbc.ac.at"; - }; - } - config.swarselsystems.firefox; - cl = lib.recursiveUpdate - { - inherit isDefault; - id = 2; - settings = { - "browser.startup.homepage" = "https://portal.azure.com"; - }; - } - config.swarselsystems.firefox; - ws = lib.recursiveUpdate - { - inherit isDefault; - id = 3; - } - config.swarselsystems.firefox; + firefox_dc = { + name = "Firefox (dc)"; + genericName = "Firefox dc"; + exec = "firefox -p dc"; + inherit terminal categories icon; + }; + + firefox_ws = { + name = "Firefox (ws)"; + genericName = "Firefox ws"; + exec = "firefox -p ws"; + inherit terminal categories icon; + }; + + firefox_cl = { + name = "Firefox (cl)"; + genericName = "Firefox cl"; + exec = "firefox -p cl"; + inherit terminal categories icon; + }; + }; }; - - chromium = { - enable = true; - package = pkgs.chromium; - - extensions = [ - # 1password - "gejiddohjgogedgjnonbofjigllpkmbf" - # dark reader - "eimadpbcbfnmbkopoojfekhnkhdbieeh" - # ublock origin - "cjpalhdlnbpafiamejdnhcphjbkeiagm" - # i still dont care about cookies - "edibdbjcniadpccecjdfdjjppcpchdlm" - # browserpass - "naepdomgkenhinolocfifgehidddafch" - ]; - }; - }; - - services = { - kanshi = { - settings = [ - { - # seminary room - output = { - criteria = "Applied Creative Technology Transmitter QUATTRO201811"; - scale = 1.0; - mode = "1280x720"; - }; - } - { - # work main screen - output = { - criteria = "HP Inc. HP 732pk CNC4080YL5"; - scale = 1.0; - mode = "3840x2160"; - }; - } - { - # work side screen - output = { - criteria = "Hewlett Packard HP Z24i CN44250RDT"; - scale = 1.0; - mode = "1920x1200"; - transform = "270"; - }; - } - { - profile = { - name = "lidopen"; - outputs = [ - { - criteria = config.swarselsystems.sharescreen; - status = "enable"; - scale = 1.5; - position = "1462,0"; - } - { - criteria = "HP Inc. HP 732pk CNC4080YL5"; - scale = 1.4; - mode = "3840x2160"; - position = "-1280,0"; - } - { - criteria = "Hewlett Packard HP Z24i CN44250RDT"; - scale = 1.0; - mode = "1920x1200"; - transform = "90"; - position = "-2480,0"; - } - ]; - }; - } - { - profile = { - name = "lidopen"; - outputs = [ - { - criteria = config.swarselsystems.sharescreen; - status = "enable"; - scale = 1.7; - position = "2560,0"; - } - { - criteria = "Applied Creative Technology Transmitter QUATTRO201811"; - scale = 1.0; - mode = "1280x720"; - position = "10000,10000"; - } - ]; - }; - } - { - profile = { - name = "lidclosed"; - outputs = [ - { - criteria = config.swarselsystems.sharescreen; - status = "disable"; - } - { - criteria = "HP Inc. HP 732pk CNC4080YL5"; - scale = 1.4; - mode = "3840x2160"; - position = "-1280,0"; - } - { - criteria = "Hewlett Packard HP Z24i CN44250RDT"; - scale = 1.0; - mode = "1920x1200"; - transform = "270"; - position = "-2480,0"; - } - ]; - }; - } - { - profile = { - name = "lidclosed"; - outputs = [ - { - criteria = config.swarselsystems.sharescreen; - status = "disable"; - } - { - criteria = "Applied Creative Technology Transmitter QUATTRO201811"; - scale = 1.0; - mode = "1280x720"; - position = "10000,10000"; - } - ]; - }; - } - ]; - }; - }; - - xdg = { - mimeApps = { - defaultApplications = { - "x-scheme-handler/msteams" = [ "teams-for-linux.desktop" ]; - }; - }; - desktopEntries = - let - terminal = false; - categories = [ "Application" ]; - icon = "firefox"; - in - { - firefox_dc = { - name = "Firefox (dc)"; - genericName = "Firefox dc"; - exec = "firefox -p dc"; - inherit terminal categories icon; - }; - - firefox_ws = { - name = "Firefox (ws)"; - genericName = "Firefox ws"; - exec = "firefox -p ws"; - inherit terminal categories icon; - }; - - firefox_cl = { - name = "Firefox (cl)"; - genericName = "Firefox cl"; - exec = "firefox -p cl"; - inherit terminal categories icon; - }; - - }; }; } diff --git a/hosts/nixos/nbl-imba-2/default.nix b/hosts/nixos/nbl-imba-2/default.nix index 31b35dc..9d3f41d 100644 --- a/hosts/nixos/nbl-imba-2/default.nix +++ b/hosts/nixos/nbl-imba-2/default.nix @@ -6,7 +6,10 @@ let isBtrfs = true; isLinux = true; sharescreen = "eDP-2"; - profiles.personal = true; + profiles = { + personal = true; + work = true; + }; }; in { @@ -25,11 +28,13 @@ in "${modulesPath}/nixos/optional/gaming.nix" "${modulesPath}/nixos/optional/work.nix" "${self}/profiles/nixos" + "${modulesPath}/nixos/server" inputs.home-manager.nixosModules.home-manager { home-manager.users."${primaryUser}".imports = [ "${self}/profiles/home" + "${modulesPath}/home/server" "${modulesPath}/home/optional/gaming.nix" "${modulesPath}/home/optional/work.nix" ]; diff --git a/modules/home/common/gammastep.nix b/modules/home/common/gammastep.nix index 55bf1bf..d2fbbb5 100644 --- a/modules/home/common/gammastep.nix +++ b/modules/home/common/gammastep.nix @@ -1,12 +1,15 @@ -{ lib, nix-secrets, ... }: +{ lib, config, nix-secrets, ... }: let secretsDirectory = builtins.toString nix-secrets; in { - services.gammastep = { - enable = true; - provider = "manual"; - latitude = lib.swarselsystems.getSecret "${secretsDirectory}/home/gammastep-latitude"; - longitude = lib.swarselsystems.getSecret "${secretsDirectory}/home/gammastep-longitude"; + options.swarselsystems.modules.gammastep = lib.mkEnableOption "gammastep settings"; + config = lib.mkIf config.swarselsystems.modules.gammastep { + services.gammastep = { + enable = true; + provider = "manual"; + latitude = lib.swarselsystems.getSecret "${secretsDirectory}/home/gammastep-latitude"; + longitude = lib.swarselsystems.getSecret "${secretsDirectory}/home/gammastep-longitude"; + }; }; } diff --git a/modules/home/common/gpg-agent.nix b/modules/home/common/gpg-agent.nix index c70a572..b17f204 100644 --- a/modules/home/common/gpg-agent.nix +++ b/modules/home/common/gpg-agent.nix @@ -1,39 +1,42 @@ -{ self, config, pkgs, ... }: +{ self, lib, config, pkgs, ... }: let inherit (config.swarselsystems) mainUser homeDir; in { - services.gpg-agent = { - enable = true; - enableZshIntegration = true; - enableScDaemon = true; - enableSshSupport = true; - enableExtraSocket = true; - pinentryPackage = pkgs.pinentry.gtk2; - defaultCacheTtl = 600; - maxCacheTtl = 7200; - extraConfig = '' - allow-loopback-pinentry - allow-emacs-pinentry - ''; - sshKeys = [ - "4BE7925262289B476DBBC17B76FD3810215AE097" + options.swarselsystems.modules.gpgagent = lib.mkEnableOption "gpg agent settings"; + config = lib.mkIf config.swarselsystems.modules.gpgagent { + services.gpg-agent = { + enable = true; + enableZshIntegration = true; + enableScDaemon = true; + enableSshSupport = true; + enableExtraSocket = true; + pinentryPackage = pkgs.pinentry.gtk2; + defaultCacheTtl = 600; + maxCacheTtl = 7200; + extraConfig = '' + allow-loopback-pinentry + allow-emacs-pinentry + ''; + sshKeys = [ + "4BE7925262289B476DBBC17B76FD3810215AE097" + ]; + }; + + programs.gpg = { + enable = true; + publicKeys = [ + { + source = "${self}/secrets/keys/gpg/gpg-public-key-0x76FD3810215AE097.asc"; + trust = 5; + } + ]; + }; + + # assure correct permissions + systemd.user.tmpfiles.rules = [ + "d ${homeDir}/.gnupg 700 ${mainUser} users" ]; }; - programs.gpg = { - enable = true; - publicKeys = [ - { - source = "${self}/secrets/keys/gpg/gpg-public-key-0x76FD3810215AE097.asc"; - trust = 5; - } - ]; - }; - - # assure correct permissions - systemd.user.tmpfiles.rules = [ - "d ${homeDir}/.gnupg 700 ${mainUser} users" - ]; - } diff --git a/modules/home/common/kanshi.nix b/modules/home/common/kanshi.nix index 2a4ba89..0cb7480 100644 --- a/modules/home/common/kanshi.nix +++ b/modules/home/common/kanshi.nix @@ -1,73 +1,76 @@ -{ config, ... }: +{ lib, config, ... }: { - services.kanshi = { - enable = true; - settings = [ - { - # laptop screen - output = { - criteria = config.swarselsystems.sharescreen; - mode = config.swarselsystems.highResolution; - scale = 1.0; - }; - } - { - # home main screen - output = { - criteria = "Philips Consumer Electronics Company PHL BDM3270 AU11806002320"; - scale = 1.0; - mode = "2560x1440"; - }; - } - { - profile = { - name = "lidopen"; - outputs = [ - { - criteria = "eDP-2"; - status = "enable"; - scale = 1.0; - } - ]; - }; - } - { - profile = { - name = "lidopen"; - outputs = [ - { - criteria = config.swarselsystems.sharescreen; - status = "enable"; - scale = 1.7; - position = "2560,0"; - } - { - criteria = "Philips Consumer Electronics Company PHL BDM3270 AU11806002320"; - scale = 1.0; - mode = "2560x1440"; - position = "0,0"; - } - ]; - }; - } - { - profile = { - name = "lidclosed"; - outputs = [ - { - criteria = config.swarselsystems.sharescreen; - status = "disable"; - position = "2560,0"; - } - { - criteria = "Philips Consumer Electronics Company PHL BDM3270 AU11806002320"; - scale = 1.0; - mode = "2560x1440"; - position = "0,0"; - } - ]; - }; - } - ]; + options.swarselsystems.modules.kanshi = lib.mkEnableOption "kanshi settings"; + config = lib.mkIf config.swarselsystems.modules.kanshi { + services.kanshi = { + enable = true; + settings = [ + { + # laptop screen + output = { + criteria = config.swarselsystems.sharescreen; + mode = config.swarselsystems.highResolution; + scale = 1.0; + }; + } + { + # home main screen + output = { + criteria = "Philips Consumer Electronics Company PHL BDM3270 AU11806002320"; + scale = 1.0; + mode = "2560x1440"; + }; + } + { + profile = { + name = "lidopen"; + outputs = [ + { + criteria = "eDP-2"; + status = "enable"; + scale = 1.0; + } + ]; + }; + } + { + profile = { + name = "lidopen"; + outputs = [ + { + criteria = config.swarselsystems.sharescreen; + status = "enable"; + scale = 1.7; + position = "2560,0"; + } + { + criteria = "Philips Consumer Electronics Company PHL BDM3270 AU11806002320"; + scale = 1.0; + mode = "2560x1440"; + position = "0,0"; + } + ]; + }; + } + { + profile = { + name = "lidclosed"; + outputs = [ + { + criteria = config.swarselsystems.sharescreen; + status = "disable"; + position = "2560,0"; + } + { + criteria = "Philips Consumer Electronics Company PHL BDM3270 AU11806002320"; + scale = 1.0; + mode = "2560x1440"; + position = "0,0"; + } + ]; + }; + } + ]; + }; }; } diff --git a/modules/home/common/kdeconnect.nix b/modules/home/common/kdeconnect.nix index 1687db4..b36122e 100644 --- a/modules/home/common/kdeconnect.nix +++ b/modules/home/common/kdeconnect.nix @@ -1,8 +1,11 @@ -_: +{ lib, config, ... }: { - services.kdeconnect = { - enable = true; - indicator = true; + options.swarselsystems.modules.kdeconnect = lib.mkEnableOption "kdeconnect settings"; + config = lib.mkIf config.swarselsystems.modules.kdeconnect { + services.kdeconnect = { + enable = true; + indicator = true; + }; }; } diff --git a/modules/home/common/mako.nix b/modules/home/common/mako.nix index 0e46f7e..6388674 100644 --- a/modules/home/common/mako.nix +++ b/modules/home/common/mako.nix @@ -1,37 +1,35 @@ -_: +{ lib, config, ... }: { - services.mako = { - enable = true; - # backgroundColor = "#2e3440"; - # borderColor = "#88c0d0"; - borderRadius = 15; - borderSize = 1; - defaultTimeout = 5000; - height = 150; - icons = true; - ignoreTimeout = true; - layer = "overlay"; - maxIconSize = 64; - sort = "-time"; - width = 300; - # font = "monospace 10"; - extraConfig = '' - [urgency=low] - border-color=#cccccc - [urgency=normal] - border-color=#d08770 - [urgency=high] - border-color=#bf616a - default-timeout=3000 - [category=mpd] - default-timeout=2000 - group-by=category - ''; - }; - - services.swayosd = { - enable = true; - topMargin = 0.5; + options.swarselsystems.modules.mako = lib.mkEnableOption "mako settings"; + config = lib.mkIf config.swarselsystems.modules.mako { + services.mako = { + enable = true; + # backgroundColor = "#2e3440"; + # borderColor = "#88c0d0"; + borderRadius = 15; + borderSize = 1; + defaultTimeout = 5000; + height = 150; + icons = true; + ignoreTimeout = true; + layer = "overlay"; + maxIconSize = 64; + sort = "-time"; + width = 300; + # font = "monospace 10"; + extraConfig = '' + [urgency=low] + border-color=#cccccc + [urgency=normal] + border-color=#d08770 + [urgency=high] + border-color=#bf616a + default-timeout=3000 + [category=mpd] + default-timeout=2000 + group-by=category + ''; + }; }; } diff --git a/modules/home/common/sway.nix b/modules/home/common/sway.nix index 054aaf1..ad71d02 100644 --- a/modules/home/common/sway.nix +++ b/modules/home/common/sway.nix @@ -1,6 +1,7 @@ { self, config, lib, ... }: { options.swarselsystems = { + modules.sway = lib.mkEnableOption "sway settings"; inputs = lib.mkOption { type = lib.types.attrsOf (lib.types.attrsOf lib.types.str); default = { }; @@ -64,7 +65,7 @@ internal = true; }; }; - config = { + config = lib.mkIf config.swarselsystems.modules.sway { swarselsystems = { touchpad = lib.mkIf config.swarselsystems.isLaptop { "type:touchpad" = { diff --git a/modules/home/common/swayosd.nix b/modules/home/common/swayosd.nix new file mode 100644 index 0000000..9af1ac8 --- /dev/null +++ b/modules/home/common/swayosd.nix @@ -0,0 +1,10 @@ +{ lib, config, ... }: +{ + options.swarselsystems.modules.swayosd = lib.mkEnableOption "swayosd settings"; + config = lib.mkIf config.swarselsystems.modules.swayosd { + services.swayosd = { + enable = true; + topMargin = 0.5; + }; + }; +} diff --git a/modules/home/common/yubikey-touch-detector.nix b/modules/home/common/yubikey-touch-detector.nix index 2ca5fd6..53e5721 100644 --- a/modules/home/common/yubikey-touch-detector.nix +++ b/modules/home/common/yubikey-touch-detector.nix @@ -1,29 +1,32 @@ -{ pkgs, ... }: +{ lib, config, pkgs, ... }: { - systemd.user.services.yubikey-touch-detector = { - Unit = { - Description = "Detects when your YubiKey is waiting for a touch"; - Requires = [ "yubikey-touch-detector.socket" ]; + options.swarselsystems.modules.yubikeytouch = lib.mkEnableOption "yubikey touch detector service settings"; + config = lib.mkIf config.swarselsystems.modules.yubikeytouch { + systemd.user.services.yubikey-touch-detector = { + Unit = { + Description = "Detects when your YubiKey is waiting for a touch"; + Requires = [ "yubikey-touch-detector.socket" ]; + }; + Service = { + ExecStart = "${pkgs.yubikey-touch-detector}/bin/yubikey-touch-detector --libnotify"; + EnvironmentFile = "-%E/yubikey-touch-detector/service.conf"; + }; + Install = { + Also = [ "yubikey-touch-detector.socket" ]; + WantedBy = [ "default.target" ]; + }; }; - Service = { - ExecStart = "${pkgs.yubikey-touch-detector}/bin/yubikey-touch-detector --libnotify"; - EnvironmentFile = "-%E/yubikey-touch-detector/service.conf"; - }; - Install = { - Also = [ "yubikey-touch-detector.socket" ]; - WantedBy = [ "default.target" ]; - }; - }; - systemd.user.sockets.yubikey-touch-detector = { - Unit = { - Description = "Unix socket activation for YubiKey touch detector service"; - }; - Socket = { - ListenStream = "%t/yubikey-touch-detector.socket"; - RemoveOnStop = true; - }; - Install = { - WantedBy = [ "sockets.target" ]; + systemd.user.sockets.yubikey-touch-detector = { + Unit = { + Description = "Unix socket activation for YubiKey touch detector service"; + }; + Socket = { + ListenStream = "%t/yubikey-touch-detector.socket"; + RemoveOnStop = true; + }; + Install = { + WantedBy = [ "sockets.target" ]; + }; }; }; } diff --git a/modules/home/optional/gaming.nix b/modules/home/optional/gaming.nix index 58fe580..9891806 100644 --- a/modules/home/optional/gaming.nix +++ b/modules/home/optional/gaming.nix @@ -1,35 +1,38 @@ -{ pkgs, ... }: +{ lib, config, pkgs, ... }: { - # specialisation = { - # gaming.configuration = { - home.packages = with pkgs; [ - lutris - wine - winetricks - libudev-zero - dwarfs - fuse-overlayfs - # steam - steam-run - patchelf - gamescope - vulkan-tools - moonlight-qt - ns-usbloader + options.swarselsystems.modules.optional.gaming = lib.mkEnableOption "optional gaming settings"; + config = lib.mkIf config.swarselsystems.modules.optional.gaming { + # specialisation = { + # gaming.configuration = { + home.packages = with pkgs; [ + lutris + wine + winetricks + libudev-zero + dwarfs + fuse-overlayfs + # steam + steam-run + patchelf + gamescope + vulkan-tools + moonlight-qt + ns-usbloader - quark-goldleaf + quark-goldleaf - # gog games installing - heroic + # gog games installing + heroic - # minecraft - prismlauncher # has overrides - temurin-bin-17 + # minecraft + prismlauncher # has overrides + temurin-bin-17 - pokefinder - retroarch - flips - ]; - # }; - # }; + pokefinder + retroarch + flips + ]; + # }; + # }; + }; } diff --git a/modules/home/optional/work.nix b/modules/home/optional/work.nix index 9d67ca0..407aa37 100644 --- a/modules/home/optional/work.nix +++ b/modules/home/optional/work.nix @@ -7,307 +7,310 @@ let wsUser = lib.swarselsystems.getSecret "${secretsDirectory}/work/ws-user"; in { - home.packages = with pkgs; [ - stable.teams-for-linux - shellcheck - dig - docker - postman - rclone - stable.awscli2 - libguestfs-with-appliance - stable.prometheus.cli - tigervnc - openstackclient - ]; + options.swarselsystems.modules.optional.work = lib.mkEnableOption "optional work settings"; + config = lib.mkIf config.swarselsystems.modules.optional.work { + home.packages = with pkgs; [ + stable.teams-for-linux + shellcheck + dig + docker + postman + rclone + stable.awscli2 + libguestfs-with-appliance + stable.prometheus.cli + tigervnc + openstackclient + ]; - home.sessionVariables = { - DOCUMENT_DIR_PRIV = lib.mkForce "${homeDir}/Documents/Private"; - DOCUMENT_DIR_WORK = lib.mkForce "${homeDir}/Documents/Work"; - }; - - wayland.windowManager.sway.config = { - output = { - "Applied Creative Technology Transmitter QUATTRO201811" = { - bg = "${self}/wallpaper/navidrome.png ${config.stylix.imageScalingMode}"; - }; - "Hewlett Packard HP Z24i CN44250RDT" = { - bg = "${self}/wallpaper/op6wp.png ${config.stylix.imageScalingMode}"; - }; - "HP Inc. HP 732pk CNC4080YL5" = { - bg = "${self}/wallpaper/botanicswp.png ${config.stylix.imageScalingMode}"; - }; - }; - }; - - stylix.targets.firefox.profileNames = [ - "dc" - "cl" - "ws" - ]; - - programs = { - git.userEmail = lib.swarselsystems.getSecret "${secretsDirectory}/work/git-email"; - - zsh = { - shellAliases = { - dssh = "ssh -l ${dcUser}"; - cssh = "ssh -l ${clUser}"; - wssh = "ssh -l ${wsUser}"; - }; - cdpath = [ - "~/Documents/Work" - ]; - dirHashes = { - d = "$HOME/.dotfiles"; - w = "$HOME/Documents/Work"; - s = "$HOME/.dotfiles/secrets"; - pr = "$HOME/Documents/Private"; - ac = "$HOME/.ansible/collections/ansible_collections/vbc/linux/roles"; - }; + home.sessionVariables = { + DOCUMENT_DIR_PRIV = lib.mkForce "${homeDir}/Documents/Private"; + DOCUMENT_DIR_WORK = lib.mkForce "${homeDir}/Documents/Work"; }; - ssh = { - matchBlocks = { - "uc" = { - hostname = lib.swarselsystems.getSecret "${secretsDirectory}/work/uc-prod"; - user = "stack"; + wayland.windowManager.sway.config = { + output = { + "Applied Creative Technology Transmitter QUATTRO201811" = { + bg = "${self}/wallpaper/navidrome.png ${config.stylix.imageScalingMode}"; }; - "uc.stg" = { - hostname = lib.swarselsystems.getSecret "${secretsDirectory}/work/uc-stg"; - user = "stack"; + "Hewlett Packard HP Z24i CN44250RDT" = { + bg = "${self}/wallpaper/op6wp.png ${config.stylix.imageScalingMode}"; }; - "uc.staging" = { - hostname = lib.swarselsystems.getSecret "${secretsDirectory}/work/uc-stg"; - user = "stack"; - }; - "uc.dev" = { - hostname = lib.swarselsystems.getSecret "${secretsDirectory}/work/uc-dev"; - user = "stack"; - }; - "cbe" = { - hostname = lib.swarselsystems.getSecret "${secretsDirectory}/work/cbe-prod"; - user = dcUser; - }; - "cbe.stg" = { - hostname = lib.swarselsystems.getSecret "${secretsDirectory}/work/cbe-stg"; - user = dcUser; - }; - "cbe.staging" = { - hostname = lib.swarselsystems.getSecret "${secretsDirectory}/work/cbe-stg"; - user = dcUser; - }; - "*.vbc.ac.at" = { - user = dcUser; + "HP Inc. HP 732pk CNC4080YL5" = { + bg = "${self}/wallpaper/botanicswp.png ${config.stylix.imageScalingMode}"; }; }; }; - firefox = { - profiles = + stylix.targets.firefox.profileNames = [ + "dc" + "cl" + "ws" + ]; + + programs = { + git.userEmail = lib.swarselsystems.getSecret "${secretsDirectory}/work/git-email"; + + zsh = { + shellAliases = { + dssh = "ssh -l ${dcUser}"; + cssh = "ssh -l ${clUser}"; + wssh = "ssh -l ${wsUser}"; + }; + cdpath = [ + "~/Documents/Work" + ]; + dirHashes = { + d = "$HOME/.dotfiles"; + w = "$HOME/Documents/Work"; + s = "$HOME/.dotfiles/secrets"; + pr = "$HOME/Documents/Private"; + ac = "$HOME/.ansible/collections/ansible_collections/vbc/linux/roles"; + }; + }; + + ssh = { + matchBlocks = { + "uc" = { + hostname = lib.swarselsystems.getSecret "${secretsDirectory}/work/uc-prod"; + user = "stack"; + }; + "uc.stg" = { + hostname = lib.swarselsystems.getSecret "${secretsDirectory}/work/uc-stg"; + user = "stack"; + }; + "uc.staging" = { + hostname = lib.swarselsystems.getSecret "${secretsDirectory}/work/uc-stg"; + user = "stack"; + }; + "uc.dev" = { + hostname = lib.swarselsystems.getSecret "${secretsDirectory}/work/uc-dev"; + user = "stack"; + }; + "cbe" = { + hostname = lib.swarselsystems.getSecret "${secretsDirectory}/work/cbe-prod"; + user = dcUser; + }; + "cbe.stg" = { + hostname = lib.swarselsystems.getSecret "${secretsDirectory}/work/cbe-stg"; + user = dcUser; + }; + "cbe.staging" = { + hostname = lib.swarselsystems.getSecret "${secretsDirectory}/work/cbe-stg"; + user = dcUser; + }; + "*.vbc.ac.at" = { + user = dcUser; + }; + }; + }; + + firefox = { + profiles = + let + isDefault = false; + in + { + dc = lib.recursiveUpdate + { + inherit isDefault; + id = 1; + settings = { + "browser.startup.homepage" = "https://tower.vbc.ac.at|https://artifactory.vbc.ac.at"; + }; + } + config.swarselsystems.firefox; + cl = lib.recursiveUpdate + { + inherit isDefault; + id = 2; + settings = { + "browser.startup.homepage" = "https://portal.azure.com"; + }; + } + config.swarselsystems.firefox; + ws = lib.recursiveUpdate + { + inherit isDefault; + id = 3; + } + config.swarselsystems.firefox; + }; + }; + + chromium = { + enable = true; + package = pkgs.chromium; + + extensions = [ + # 1password + "gejiddohjgogedgjnonbofjigllpkmbf" + # dark reader + "eimadpbcbfnmbkopoojfekhnkhdbieeh" + # ublock origin + "cjpalhdlnbpafiamejdnhcphjbkeiagm" + # i still dont care about cookies + "edibdbjcniadpccecjdfdjjppcpchdlm" + # browserpass + "naepdomgkenhinolocfifgehidddafch" + ]; + }; + }; + + services = { + kanshi = { + settings = [ + { + # seminary room + output = { + criteria = "Applied Creative Technology Transmitter QUATTRO201811"; + scale = 1.0; + mode = "1280x720"; + }; + } + { + # work main screen + output = { + criteria = "HP Inc. HP 732pk CNC4080YL5"; + scale = 1.0; + mode = "3840x2160"; + }; + } + { + # work side screen + output = { + criteria = "Hewlett Packard HP Z24i CN44250RDT"; + scale = 1.0; + mode = "1920x1200"; + transform = "270"; + }; + } + { + profile = { + name = "lidopen"; + outputs = [ + { + criteria = config.swarselsystems.sharescreen; + status = "enable"; + scale = 1.5; + position = "1462,0"; + } + { + criteria = "HP Inc. HP 732pk CNC4080YL5"; + scale = 1.4; + mode = "3840x2160"; + position = "-1280,0"; + } + { + criteria = "Hewlett Packard HP Z24i CN44250RDT"; + scale = 1.0; + mode = "1920x1200"; + transform = "90"; + position = "-2480,0"; + } + ]; + }; + } + { + profile = { + name = "lidopen"; + outputs = [ + { + criteria = config.swarselsystems.sharescreen; + status = "enable"; + scale = 1.7; + position = "2560,0"; + } + { + criteria = "Applied Creative Technology Transmitter QUATTRO201811"; + scale = 1.0; + mode = "1280x720"; + position = "10000,10000"; + } + ]; + }; + } + { + profile = { + name = "lidclosed"; + outputs = [ + { + criteria = config.swarselsystems.sharescreen; + status = "disable"; + } + { + criteria = "HP Inc. HP 732pk CNC4080YL5"; + scale = 1.4; + mode = "3840x2160"; + position = "-1280,0"; + } + { + criteria = "Hewlett Packard HP Z24i CN44250RDT"; + scale = 1.0; + mode = "1920x1200"; + transform = "270"; + position = "-2480,0"; + } + ]; + }; + } + { + profile = { + name = "lidclosed"; + outputs = [ + { + criteria = config.swarselsystems.sharescreen; + status = "disable"; + } + { + criteria = "Applied Creative Technology Transmitter QUATTRO201811"; + scale = 1.0; + mode = "1280x720"; + position = "10000,10000"; + } + ]; + }; + } + ]; + }; + }; + + xdg = { + mimeApps = { + defaultApplications = { + "x-scheme-handler/msteams" = [ "teams-for-linux.desktop" ]; + }; + }; + desktopEntries = let - isDefault = false; + terminal = false; + categories = [ "Application" ]; + icon = "firefox"; in { - dc = lib.recursiveUpdate - { - inherit isDefault; - id = 1; - settings = { - "browser.startup.homepage" = "https://tower.vbc.ac.at|https://artifactory.vbc.ac.at"; - }; - } - config.swarselsystems.firefox; - cl = lib.recursiveUpdate - { - inherit isDefault; - id = 2; - settings = { - "browser.startup.homepage" = "https://portal.azure.com"; - }; - } - config.swarselsystems.firefox; - ws = lib.recursiveUpdate - { - inherit isDefault; - id = 3; - } - config.swarselsystems.firefox; + firefox_dc = { + name = "Firefox (dc)"; + genericName = "Firefox dc"; + exec = "firefox -p dc"; + inherit terminal categories icon; + }; + + firefox_ws = { + name = "Firefox (ws)"; + genericName = "Firefox ws"; + exec = "firefox -p ws"; + inherit terminal categories icon; + }; + + firefox_cl = { + name = "Firefox (cl)"; + genericName = "Firefox cl"; + exec = "firefox -p cl"; + inherit terminal categories icon; + }; + }; }; - - chromium = { - enable = true; - package = pkgs.chromium; - - extensions = [ - # 1password - "gejiddohjgogedgjnonbofjigllpkmbf" - # dark reader - "eimadpbcbfnmbkopoojfekhnkhdbieeh" - # ublock origin - "cjpalhdlnbpafiamejdnhcphjbkeiagm" - # i still dont care about cookies - "edibdbjcniadpccecjdfdjjppcpchdlm" - # browserpass - "naepdomgkenhinolocfifgehidddafch" - ]; - }; - }; - - services = { - kanshi = { - settings = [ - { - # seminary room - output = { - criteria = "Applied Creative Technology Transmitter QUATTRO201811"; - scale = 1.0; - mode = "1280x720"; - }; - } - { - # work main screen - output = { - criteria = "HP Inc. HP 732pk CNC4080YL5"; - scale = 1.0; - mode = "3840x2160"; - }; - } - { - # work side screen - output = { - criteria = "Hewlett Packard HP Z24i CN44250RDT"; - scale = 1.0; - mode = "1920x1200"; - transform = "270"; - }; - } - { - profile = { - name = "lidopen"; - outputs = [ - { - criteria = config.swarselsystems.sharescreen; - status = "enable"; - scale = 1.5; - position = "1462,0"; - } - { - criteria = "HP Inc. HP 732pk CNC4080YL5"; - scale = 1.4; - mode = "3840x2160"; - position = "-1280,0"; - } - { - criteria = "Hewlett Packard HP Z24i CN44250RDT"; - scale = 1.0; - mode = "1920x1200"; - transform = "90"; - position = "-2480,0"; - } - ]; - }; - } - { - profile = { - name = "lidopen"; - outputs = [ - { - criteria = config.swarselsystems.sharescreen; - status = "enable"; - scale = 1.7; - position = "2560,0"; - } - { - criteria = "Applied Creative Technology Transmitter QUATTRO201811"; - scale = 1.0; - mode = "1280x720"; - position = "10000,10000"; - } - ]; - }; - } - { - profile = { - name = "lidclosed"; - outputs = [ - { - criteria = config.swarselsystems.sharescreen; - status = "disable"; - } - { - criteria = "HP Inc. HP 732pk CNC4080YL5"; - scale = 1.4; - mode = "3840x2160"; - position = "-1280,0"; - } - { - criteria = "Hewlett Packard HP Z24i CN44250RDT"; - scale = 1.0; - mode = "1920x1200"; - transform = "270"; - position = "-2480,0"; - } - ]; - }; - } - { - profile = { - name = "lidclosed"; - outputs = [ - { - criteria = config.swarselsystems.sharescreen; - status = "disable"; - } - { - criteria = "Applied Creative Technology Transmitter QUATTRO201811"; - scale = 1.0; - mode = "1280x720"; - position = "10000,10000"; - } - ]; - }; - } - ]; - }; - }; - - xdg = { - mimeApps = { - defaultApplications = { - "x-scheme-handler/msteams" = [ "teams-for-linux.desktop" ]; - }; - }; - desktopEntries = - let - terminal = false; - categories = [ "Application" ]; - icon = "firefox"; - in - { - firefox_dc = { - name = "Firefox (dc)"; - genericName = "Firefox dc"; - exec = "firefox -p dc"; - inherit terminal categories icon; - }; - - firefox_ws = { - name = "Firefox (ws)"; - genericName = "Firefox ws"; - exec = "firefox -p ws"; - inherit terminal categories icon; - }; - - firefox_cl = { - name = "Firefox (cl)"; - genericName = "Firefox cl"; - exec = "firefox -p cl"; - inherit terminal categories icon; - }; - - }; }; } diff --git a/modules/home/server/symlink.nix b/modules/home/server/symlink.nix index ae15c8f..bbacf96 100644 --- a/modules/home/server/symlink.nix +++ b/modules/home/server/symlink.nix @@ -1,9 +1,12 @@ -{ self, lib, ... }: +{ self, lib, config, ... }: { - home.file = { - "init.el" = lib.mkForce { - source = self + /programs/emacs/server.el; - target = ".emacs.d/init.el"; + options.swarselsystems.modules.server.dotfiles = lib.mkEnableOption "server dotfiles settings"; + config = lib.mkIf config.swarselsystems.modules.server.dotfiles { + home.file = { + "init.el" = lib.mkForce { + source = self + /programs/emacs/server.el; + target = ".emacs.d/init.el"; + }; }; }; } diff --git a/modules/nixos/optional/autologin.nix b/modules/nixos/optional/autologin.nix index 6283235..d7f4c9c 100644 --- a/modules/nixos/optional/autologin.nix +++ b/modules/nixos/optional/autologin.nix @@ -1,10 +1,13 @@ -{ config, ... }: +{ lib, config, ... }: let inherit (config.swarselsystems) mainUser; in { - services = { - getty.autologinUser = mainUser; - greetd.settings.initial_session.user = mainUser; + options.swarselsystems.modules.optional.autologin = lib.mkEnableOption "optional autologin settings"; + config = lib.mkIf config.swarselsystems.modules.optional.autologin { + services = { + getty.autologinUser = mainUser; + greetd.settings.initial_session.user = mainUser; + }; }; } diff --git a/modules/nixos/optional/gaming.nix b/modules/nixos/optional/gaming.nix index 38f1c0e..5e601d0 100644 --- a/modules/nixos/optional/gaming.nix +++ b/modules/nixos/optional/gaming.nix @@ -1,36 +1,39 @@ -{ pkgs, lib, ... }: +{ pkgs, lib, config, ... }: { - specialisation = { - gaming.configuration = { - networking = { - firewall.enable = lib.mkForce false; - firewall = { - allowedUDPPorts = [ 4380 27036 14242 34197 ]; # 34197: factorio; 4380 27036 14242: barotrauma; - allowedTCPPorts = [ ]; # 34197: factorio; 4380 27036 14242: barotrauma; 51820: wireguard - allowedTCPPortRanges = [ - { from = 27015; to = 27030; } # barotrauma - { from = 27036; to = 27037; } # barotrauma - ]; - allowedUDPPortRanges = [ - { from = 27000; to = 27031; } # barotrauma - { from = 58962; to = 58964; } # barotrauma + options.swarselsystems.modules.optional.gaming = lib.mkEnableOption "optional gaming settings"; + config = lib.mkIf config.swarselsystems.modules.optional.gaming { + specialisation = { + gaming.configuration = { + networking = { + firewall.enable = lib.mkForce false; + firewall = { + allowedUDPPorts = [ 4380 27036 14242 34197 ]; # 34197: factorio; 4380 27036 14242: barotrauma; + allowedTCPPorts = [ ]; # 34197: factorio; 4380 27036 14242: barotrauma; 51820: wireguard + allowedTCPPortRanges = [ + { from = 27015; to = 27030; } # barotrauma + { from = 27036; to = 27037; } # barotrauma + ]; + allowedUDPPortRanges = [ + { from = 27000; to = 27031; } # barotrauma + { from = 58962; to = 58964; } # barotrauma + ]; + }; + }; + + programs.steam = { + enable = true; + package = pkgs.steam; + extraCompatPackages = [ + pkgs.proton-ge-bin ]; }; - }; - programs.steam = { - enable = true; - package = pkgs.steam; - extraCompatPackages = [ - pkgs.proton-ge-bin + hardware.xone.enable = true; + + environment.systemPackages = [ + pkgs.linuxKernel.packages.linux_6_12.xone ]; }; - - hardware.xone.enable = true; - - environment.systemPackages = [ - pkgs.linuxKernel.packages.linux_6_12.xone - ]; }; }; diff --git a/modules/nixos/optional/nswitch-rcm.nix b/modules/nixos/optional/nswitch-rcm.nix index 6af5a91..095524e 100644 --- a/modules/nixos/optional/nswitch-rcm.nix +++ b/modules/nixos/optional/nswitch-rcm.nix @@ -1,10 +1,13 @@ -{ pkgs, ... }: +{ lib, config, pkgs, ... }: { - services.nswitch-rcm = { - enable = true; - package = pkgs.fetchurl { - url = "https://github.com/Atmosphere-NX/Atmosphere/releases/download/1.3.2/fusee.bin"; - hash = "sha256-5AXzNsny45SPLIrvWJA9/JlOCal5l6Y++Cm+RtlJppI="; + options.swarselsystems.modules.optional.nswitch-rcm = lib.mkEnableOption "optional nswitch-rcm settings"; + config = lib.mkIf config.swarselsystems.modules.optional.nswitch-rcm { + services.nswitch-rcm = { + enable = true; + package = pkgs.fetchurl { + url = "https://github.com/Atmosphere-NX/Atmosphere/releases/download/1.3.2/fusee.bin"; + hash = "sha256-5AXzNsny45SPLIrvWJA9/JlOCal5l6Y++Cm+RtlJppI="; + }; }; }; } diff --git a/modules/nixos/optional/virtualbox.nix b/modules/nixos/optional/virtualbox.nix index 3eaa64a..060f2bb 100644 --- a/modules/nixos/optional/virtualbox.nix +++ b/modules/nixos/optional/virtualbox.nix @@ -1,20 +1,22 @@ -{ lib, pkgs, ... }: +{ lib, config, pkgs, ... }: { - - specialisation = { - VBox.configuration = { - virtualisation.virtualbox = { - host = { - enable = true; - enableExtensionPack = true; - }; - # leaving this here for future notice. setting guest.enable = true will make 'restarting sysinit-reactivation.target' take till timeout on nixos-rebuild switch - guest = { - enable = false; + options.swarselsystems.modules.optional.virtualbox = lib.mkEnableOption "optional VBox settings"; + config = lib.mkIf config.swarselsystems.modules.optional.virtualbox { + specialisation = { + VBox.configuration = { + virtualisation.virtualbox = { + host = { + enable = true; + enableExtensionPack = true; + }; + # leaving this here for future notice. setting guest.enable = true will make 'restarting sysinit-reactivation.target' take till timeout on nixos-rebuild switch + guest = { + enable = false; + }; }; + # run an older kernel to provide compatibility with windows vm + boot.kernelPackages = lib.mkForce pkgs.linuxPackages; }; - # run an older kernel to provide compatibility with windows vm - boot.kernelPackages = lib.mkForce pkgs.linuxPackages; }; }; diff --git a/modules/nixos/optional/vmware.nix b/modules/nixos/optional/vmware.nix index 5e80c8f..d328f38 100644 --- a/modules/nixos/optional/vmware.nix +++ b/modules/nixos/optional/vmware.nix @@ -1,6 +1,9 @@ -_: +{ lib, config, ... }: { - virtualisation.vmware.host.enable = true; - virtualisation.vmware.guest.enable = true; + options.swarselsystems.modules.optional.vmware = lib.mkEnableOption "optional vmware settings"; + config = lib.mkIf config.swarselsystems.modules.optional.vmware { + virtualisation.vmware.host.enable = true; + virtualisation.vmware.guest.enable = true; + }; } diff --git a/modules/nixos/optional/work.nix b/modules/nixos/optional/work.nix index 78d65fe..66af2ab 100644 --- a/modules/nixos/optional/work.nix +++ b/modules/nixos/optional/work.nix @@ -24,167 +24,170 @@ let }; in { - sops = - let - secretNames = [ - "vcuser" - "vcpw" - "govcuser" - "govcpw" - "govcurl" - "govcdc" - "govcds" - "govchost" - "govcnetwork" - "govcpool" - ]; - in - { - secrets = builtins.listToAttrs ( - map - (name: { - inherit name; - value = { inherit owner sopsFile; }; - }) - secretNames - ); - }; + options.swarselsystems.modules.optional.work = lib.mkEnableOption "optional work settings"; + config = lib.mkIf config.swarselsystems.modules.optional.work { + sops = + let + secretNames = [ + "vcuser" + "vcpw" + "govcuser" + "govcpw" + "govcurl" + "govcdc" + "govcds" + "govchost" + "govcnetwork" + "govcpool" + ]; + in + { + secrets = builtins.listToAttrs ( + map + (name: { + inherit name; + value = { inherit owner sopsFile; }; + }) + secretNames + ); + }; - boot.initrd = { - systemd.enable = lib.mkForce true; # make sure we are using initrd systemd even when not using Impermanence - luks = { - # disable "support" since we use systemd-cryptenroll - # make sure yubikeys are enrolled using - # sudo systemd-cryptenroll --fido2-device=auto --fido2-with-user-verification=no --fido2-with-user-presence=true --fido2-with-client-pin=no /dev/nvme0n1p2 - yubikeySupport = false; - fido2Support = false; - }; - }; - - programs = { - zsh.shellInit = '' - export VSPHERE_USER="$(cat ${config.sops.secrets.vcuser.path})" - export VSPHERE_PW="$(cat ${config.sops.secrets.vcpw.path})" - export GOVC_USERNAME="$(cat ${config.sops.secrets.govcuser.path})" - export GOVC_PASSWORD="$(cat ${config.sops.secrets.govcpw.path})" - export GOVC_URL="$(cat ${config.sops.secrets.govcurl.path})" - export GOVC_DATACENTER="$(cat ${config.sops.secrets.govcdc.path})" - export GOVC_DATASTORE="$(cat ${config.sops.secrets.govcds.path})" - export GOVC_HOST="$(cat ${config.sops.secrets.govchost.path})" - export GOVC_RESOURCE_POOL="$(cat ${config.sops.secrets.govcpool.path})" - export GOVC_NETWORK="$(cat ${config.sops.secrets.govcnetwork.path})" - ''; - - browserpass.enable = true; - _1password.enable = true; - _1password-gui = { - enable = true; - polkitPolicyOwners = [ "${mainUser}" ]; - }; - }; - - networking = { - firewall.trustedInterfaces = [ "virbr0" ]; - search = [ - "vbc.ac.at" - "clip.vbc.ac.at" - "imp.univie.ac.at" - ]; - }; - - virtualisation = { - docker.enable = lib.mkIf (!config.virtualisation.podman.dockerCompat) true; - spiceUSBRedirection.enable = true; - libvirtd = { - enable = true; - qemu = { - package = pkgs.qemu_kvm; - runAsRoot = true; - swtpm.enable = true; - vhostUserPackages = with pkgs; [ virtiofsd ]; - ovmf = { - enable = true; - packages = [ - (pkgs.OVMFFull.override { - secureBoot = true; - tpmSupport = true; - }).fd - ]; - }; + boot.initrd = { + systemd.enable = lib.mkForce true; # make sure we are using initrd systemd even when not using Impermanence + luks = { + # disable "support" since we use systemd-cryptenroll + # make sure yubikeys are enrolled using + # sudo systemd-cryptenroll --fido2-device=auto --fido2-with-user-verification=no --fido2-with-user-presence=true --fido2-with-client-pin=no /dev/nvme0n1p2 + yubikeySupport = false; + fido2Support = false; }; }; - }; - environment.systemPackages = with pkgs; [ - # (python39.withPackages (ps: with ps; [ - # cryptography - # ])) - # docker - python39 - qemu - packer - gnumake - libisoburn - govc - terraform - graphviz + programs = { + zsh.shellInit = '' + export VSPHERE_USER="$(cat ${config.sops.secrets.vcuser.path})" + export VSPHERE_PW="$(cat ${config.sops.secrets.vcpw.path})" + export GOVC_USERNAME="$(cat ${config.sops.secrets.govcuser.path})" + export GOVC_PASSWORD="$(cat ${config.sops.secrets.govcpw.path})" + export GOVC_URL="$(cat ${config.sops.secrets.govcurl.path})" + export GOVC_DATACENTER="$(cat ${config.sops.secrets.govcdc.path})" + export GOVC_DATASTORE="$(cat ${config.sops.secrets.govcds.path})" + export GOVC_HOST="$(cat ${config.sops.secrets.govchost.path})" + export GOVC_RESOURCE_POOL="$(cat ${config.sops.secrets.govcpool.path})" + export GOVC_NETWORK="$(cat ${config.sops.secrets.govcnetwork.path})" + ''; - # vm - virt-manager - virt-viewer - virtiofsd - spice - spice-gtk - spice-protocol - win-virtio - win-spice - ]; - - - services = { - spice-vdagentd.enable = true; - openssh = { - enable = true; - extraConfig = '' - ''; + browserpass.enable = true; + _1password.enable = true; + _1password-gui = { + enable = true; + polkitPolicyOwners = [ "${mainUser}" ]; + }; }; - syncthing = { - settings = { - "winters" = { - id = "O7RWDMD-AEAHPP7-7TAVLKZ-BSWNBTU-2VA44MS-EYGUNBB-SLHKB3C-ZSLMOAA"; - }; - folders = { - "Documents" = { - path = "${homeDir}/Documents"; - devices = [ "magicant" "winters" ]; - id = "hgr3d-pfu3w"; + networking = { + firewall.trustedInterfaces = [ "virbr0" ]; + search = [ + "vbc.ac.at" + "clip.vbc.ac.at" + "imp.univie.ac.at" + ]; + }; + + virtualisation = { + docker.enable = lib.mkIf (!config.virtualisation.podman.dockerCompat) true; + spiceUSBRedirection.enable = true; + libvirtd = { + enable = true; + qemu = { + package = pkgs.qemu_kvm; + runAsRoot = true; + swtpm.enable = true; + vhostUserPackages = with pkgs; [ virtiofsd ]; + ovmf = { + enable = true; + packages = [ + (pkgs.OVMFFull.override { + secureBoot = true; + tpmSupport = true; + }).fd + ]; }; }; }; }; - udev.extraRules = '' - # share screen when dongle detected - SUBSYSTEM=="usb", ACTION=="add", ATTRS{idVendor}=="343c", ATTRS{idProduct}=="0000", TAG+="systemd", ENV{SYSTEMD_WANTS}="swarsel-screenshare.service" + environment.systemPackages = with pkgs; [ + # (python39.withPackages (ps: with ps; [ + # cryptography + # ])) + # docker + python39 + qemu + packer + gnumake + libisoburn + govc + terraform + graphviz - # lock screen when yubikey removed - ACTION=="remove", ENV{PRODUCT}=="3/1050/407/110", RUN+="${pkgs.systemd}/bin/systemctl suspend" - ''; + # vm + virt-manager + virt-viewer + virtiofsd + spice + spice-gtk + spice-protocol + win-virtio + win-spice + ]; - }; - systemd.services = lib.mkMerge [ - (swarselService "swarsel-screenshare" "Start screensharing after HDMI dongle is detected" "${pkgs.screenshare}/bin/screenshare -h") - ]; + services = { + spice-vdagentd.enable = true; + openssh = { + enable = true; + extraConfig = '' + ''; + }; - # cgroups v1 is required for centos7 dockers - specialisation = { - cgroup_v1.configuration = { - boot.kernelParams = [ - "SYSTEMD_CGROUP_ENABLE_LEGACY_FORCE=1" - "systemd.unified_cgroup_hierarchy=0" - ]; + syncthing = { + settings = { + "winters" = { + id = "O7RWDMD-AEAHPP7-7TAVLKZ-BSWNBTU-2VA44MS-EYGUNBB-SLHKB3C-ZSLMOAA"; + }; + folders = { + "Documents" = { + path = "${homeDir}/Documents"; + devices = [ "magicant" "winters" ]; + id = "hgr3d-pfu3w"; + }; + }; + }; + }; + + udev.extraRules = '' + # share screen when dongle detected + SUBSYSTEM=="usb", ACTION=="add", ATTRS{idVendor}=="343c", ATTRS{idProduct}=="0000", TAG+="systemd", ENV{SYSTEMD_WANTS}="swarsel-screenshare.service" + + # lock screen when yubikey removed + ACTION=="remove", ENV{PRODUCT}=="3/1050/407/110", RUN+="${pkgs.systemd}/bin/systemctl suspend" + ''; + + }; + + systemd.services = lib.mkMerge [ + (swarselService "swarsel-screenshare" "Start screensharing after HDMI dongle is detected" "${pkgs.screenshare}/bin/screenshare -h") + ]; + + # cgroups v1 is required for centos7 dockers + specialisation = { + cgroup_v1.configuration = { + boot.kernelParams = [ + "SYSTEMD_CGROUP_ENABLE_LEGACY_FORCE=1" + "systemd.unified_cgroup_hierarchy=0" + ]; + }; }; }; diff --git a/modules/nixos/server/nfs.nix b/modules/nixos/server/nfs.nix index 3506e8c..f7f1f65 100644 --- a/modules/nixos/server/nfs.nix +++ b/modules/nixos/server/nfs.nix @@ -1,49 +1,52 @@ -{ pkgs, ... }: +{ lib, config, pkgs, ... }: { - services = { - # add a user with sudo smbpasswd -a - samba = { - package = pkgs.samba4Full; - # extraConfig = '' - # workgroup = WORKGROUP - # server role = standalone server - # dns proxy = no + options.swarselsystems.server.nfs = lib.mkEnableOption "enable nfs on server"; + config = lib.mkIf config.swarselsystems.server.nfs { + services = { + # add a user with sudo smbpasswd -a + samba = { + package = pkgs.samba4Full; + # extraConfig = '' + # workgroup = WORKGROUP + # server role = standalone server + # dns proxy = no - # pam password change = yes - # map to guest = bad user - # create mask = 0664 - # force create mode = 0664 - # directory mask = 0775 - # force directory mode = 0775 - # follow symlinks = yes - # ''; + # pam password change = yes + # map to guest = bad user + # create mask = 0664 + # force create mode = 0664 + # directory mask = 0775 + # force directory mode = 0775 + # follow symlinks = yes + # ''; - enable = true; - openFirewall = true; - settings.Eternor = { - browseable = "yes"; - "read only" = "no"; - "guest ok" = "no"; - path = "/Vault/Eternor"; - writable = "true"; - comment = "Eternor"; - "valid users" = "Swarsel"; + enable = true; + openFirewall = true; + settings.Eternor = { + browseable = "yes"; + "read only" = "no"; + "guest ok" = "no"; + path = "/Vault/Eternor"; + writable = "true"; + comment = "Eternor"; + "valid users" = "Swarsel"; + }; }; - }; - avahi = { - publish.enable = true; - publish.userServices = true; # Needed to allow samba to automatically register mDNS records without the need for an `extraServiceFile` - nssmdns4 = true; - enable = true; - openFirewall = true; - }; + avahi = { + publish.enable = true; + publish.userServices = true; # Needed to allow samba to automatically register mDNS records without the need for an `extraServiceFile` + nssmdns4 = true; + enable = true; + openFirewall = true; + }; - # This enables autodiscovery on windows since SMB1 (and thus netbios) support was discontinued - samba-wsdd = { - enable = true; - openFirewall = true; + # This enables autodiscovery on windows since SMB1 (and thus netbios) support was discontinued + samba-wsdd = { + enable = true; + openFirewall = true; + }; }; }; } diff --git a/modules/nixos/server/nginx.nix b/modules/nixos/server/nginx.nix index 9af9f9a..e4c8f9d 100644 --- a/modules/nixos/server/nginx.nix +++ b/modules/nixos/server/nginx.nix @@ -1,37 +1,39 @@ -{ pkgs, config, ... }: +{ pkgs, lib, config, ... }: { - environment.systemPackages = with pkgs; [ - lego - ]; + options.swarselsystems.server.nginx = lib.mkEnableOption "enable nginx on server"; + config = lib.mkIf config.swarselsystems.server.nginx { + environment.systemPackages = with pkgs; [ + lego + ]; - # users.users.acme = {}; + # users.users.acme = {}; - sops = { - # secrets.dnstokenfull = { owner = "acme"; }; - secrets.dnstokenfull = { }; - templates."certs.secret".content = '' - CF_DNS_API_TOKEN=${config.sops.placeholder.dnstokenfull} - ''; - }; + sops = { + # secrets.dnstokenfull = { owner = "acme"; }; + secrets.dnstokenfull = { }; + templates."certs.secret".content = '' + CF_DNS_API_TOKEN=${config.sops.placeholder.dnstokenfull} + ''; + }; - security.acme = { - acceptTerms = true; - preliminarySelfsigned = false; - defaults = { - email = "mrswarsel@gmail.com"; - dnsProvider = "cloudflare"; - environmentFile = "${config.sops.templates."certs.secret".path}"; + security.acme = { + acceptTerms = true; + preliminarySelfsigned = false; + defaults = { + email = "mrswarsel@gmail.com"; + dnsProvider = "cloudflare"; + environmentFile = "${config.sops.templates."certs.secret".path}"; + }; + }; + + services.nginx = { + enable = true; + statusPage = true; + recommendedProxySettings = true; + recommendedTlsSettings = true; + recommendedOptimisation = true; + recommendedGzipSettings = true; + # virtualHosts are defined in the respective sections }; }; - - services.nginx = { - enable = true; - statusPage = true; - recommendedProxySettings = true; - recommendedTlsSettings = true; - recommendedOptimisation = true; - recommendedGzipSettings = true; - # virtualHosts are defined in the respective sections - }; - } diff --git a/modules/nixos/server/packages.nix b/modules/nixos/server/packages.nix index 108a727..4acbd22 100644 --- a/modules/nixos/server/packages.nix +++ b/modules/nixos/server/packages.nix @@ -1,11 +1,14 @@ -{ pkgs, ... }: +{ lib, config, pkgs, ... }: { - environment.systemPackages = with pkgs; [ - gnupg - nix-index - ssh-to-age - git - emacs - vim - ]; + options.swarselsystems.server.packages = lib.mkEnableOption "enable packages on server"; + config = lib.mkIf config.swarselsystems.server.packages { + environment.systemPackages = with pkgs; [ + gnupg + nix-index + ssh-to-age + git + emacs + vim + ]; + }; } diff --git a/modules/nixos/server/settings.nix b/modules/nixos/server/settings.nix index 1052e28..68fd267 100644 --- a/modules/nixos/server/settings.nix +++ b/modules/nixos/server/settings.nix @@ -4,12 +4,13 @@ let in { options.swarselsystems = { + server.general = lib.mkEnableOption "general setting on server"; shellAliases = lib.mkOption { type = lib.types.attrsOf lib.types.str; default = { }; }; }; - config = { + config = lib.mkIf config.swarselsystems.server.general { environment.shellAliases = lib.recursiveUpdate { npswitch = "cd ${flakePath}; git pull; sudo nixos-rebuild --flake .#$(hostname) switch; cd -;"; diff --git a/modules/nixos/server/sops.nix b/modules/nixos/server/sops.nix index 3b8bd2d..cfe40e4 100644 --- a/modules/nixos/server/sops.nix +++ b/modules/nixos/server/sops.nix @@ -1,9 +1,11 @@ { config, lib, ... }: { - sops = { - age.sshKeyPaths = lib.mkDefault [ "/etc/ssh/sops" ]; - defaultSopsFile = lib.mkDefault "${config.swarselsystems.flakePath}/secrets/winters/secrets.yaml"; - validateSopsFiles = false; + options.swarselsystems.server.sops = lib.mkEnableOption "enable sops on server"; + config = lib.mkIf config.swarselsystems.server.sops { + sops = { + age.sshKeyPaths = lib.mkDefault [ "/etc/ssh/sops" ]; + defaultSopsFile = lib.mkDefault "${config.swarselsystems.flakePath}/secrets/winters/secrets.yaml"; + validateSopsFiles = false; + }; }; - } diff --git a/modules/nixos/server/ssh.nix b/modules/nixos/server/ssh.nix index 5315cbe..0c1b376 100644 --- a/modules/nixos/server/ssh.nix +++ b/modules/nixos/server/ssh.nix @@ -1,18 +1,20 @@ -{ self, config, ... }: +{ self, lib, config, ... }: { - services.openssh = { - enable = true; + options.swarselsystems.server.ssh = lib.mkEnableOption "enable ssh on server"; + config = lib.mkIf config.swarselsystems.server.ssh { + services.openssh = { + enable = true; + }; + users.users."${config.swarselsystems.mainUser}".openssh.authorizedKeys.keyFiles = [ + (self + /secrets/keys/ssh/yubikey.pub) + (self + /secrets/keys/ssh/magicant.pub) + ]; + users.users.root.openssh.authorizedKeys.keyFiles = [ + (self + /secrets/keys/ssh/yubikey.pub) + (self + /secrets/keys/ssh/magicant.pub) + ]; + security.sudo.extraConfig = '' + Defaults env_keep+=SSH_AUTH_SOCK + ''; }; - users.users."${config.swarselsystems.mainUser}".openssh.authorizedKeys.keyFiles = [ - (self + /secrets/keys/ssh/yubikey.pub) - (self + /secrets/keys/ssh/magicant.pub) - ]; - users.users.root.openssh.authorizedKeys.keyFiles = [ - (self + /secrets/keys/ssh/yubikey.pub) - (self + /secrets/keys/ssh/magicant.pub) - ]; - security.sudo.extraConfig = '' - Defaults env_keep+=SSH_AUTH_SOCK - ''; - } diff --git a/profiles/home/darwin/default.nix b/profiles/home/darwin/default.nix new file mode 100644 index 0000000..29c8307 --- /dev/null +++ b/profiles/home/darwin/default.nix @@ -0,0 +1,10 @@ +{ lib, config, ... }: +{ + options.swarselsystems.profiles.darwin = lib.mkEnableOption "is this a darwin host"; + config = lib.mkIf config.swarselsystems.profiles.darwin { + swarselsystems.modules = { + general = lib.mkDefault true; + }; + }; + +} diff --git a/profiles/home/localserver/default.nix b/profiles/home/localserver/default.nix new file mode 100644 index 0000000..2a87f51 --- /dev/null +++ b/profiles/home/localserver/default.nix @@ -0,0 +1,13 @@ +{ lib, config, ... }: +{ + options.swarselsystems.profiles.server.local = lib.mkEnableOption "is this a local server"; + config = lib.mkIf config.swarselsystems.profiles.server.local { + swarselsystems.modules = { + general = lib.mkDefault true; + server = { + dotfiles = lib.mkDefault true; + }; + }; + }; + +} diff --git a/profiles/home/personal/default.nix b/profiles/home/personal/default.nix index e5dae81..8ed4b08 100644 --- a/profiles/home/personal/default.nix +++ b/profiles/home/personal/default.nix @@ -30,6 +30,18 @@ waybar = lib.mkDefault true; firefox = lib.mkDefault true; gnome-keyring = lib.mkDefault true; + kdeconnect = lib.mkDefault true; + mako = lib.mkDefault true; + swayosd = lib.mkDefault true; + yubikeytouch = lib.mkDefault true; + sway = lib.mkDefault true; + kanshi = lib.mkDefault true; + gpgagent = lib.mkDefault true; + gammastep = lib.mkDefault true; + + optional = { + gaming = lib.mkDefault true; + }; }; }; diff --git a/profiles/home/work/default.nix b/profiles/home/work/default.nix new file mode 100644 index 0000000..4653f87 --- /dev/null +++ b/profiles/home/work/default.nix @@ -0,0 +1,12 @@ +{ lib, config, ... }: +{ + options.swarselsystems.profiles.work = lib.mkEnableOption "is this a work host"; + config = lib.mkIf config.swarselsystems.profiles.work { + swarselsystems.modules = { + optional = { + work = lib.mkDefault true; + }; + }; + }; + +} diff --git a/profiles/nixos/localserver/default.nix b/profiles/nixos/localserver/default.nix index 876e97a..09af340 100644 --- a/profiles/nixos/localserver/default.nix +++ b/profiles/nixos/localserver/default.nix @@ -3,7 +3,6 @@ options.swarselsystems.profiles.server.local = lib.mkEnableOption "is this a local server"; config = lib.mkIf config.swarselsystems.profiles.server.local { swarselsystems = { - # common modules modules = { nix-ld = lib.mkDefault true; home-manager = lib.mkDefault true; @@ -14,23 +13,29 @@ time = lib.mkDefault true; users = lib.mkDefault true; }; - # server modules - # server = { - # kavita = lib.mkDefault true; - # jellyfin = lib.mkDefault true; - # navidrome = lib.mkDefault true; - # spotifyd = lib.mkDefault true; - # mpd = lib.mkDefault true; - # matrix = lib.mkDefault true; - # nextcloud = lib.mkDefault true; - # immich = lib.mkDefault true; - # paperless = lib.mkDefault true; - # transmission = lib.mkDefault true; - # syncthing = lib.mkDefault true; - # monitoring = lib.mkDefault true; - # emacs = lib.mkDefault true; - # freshrss = lib.mkDefault true; - # }; + server = { + general = lib.mkDefault true; + packages = lib.mkDefault true; + sops = lib.mkDefault true; + nfs = lib.mkDefault true; + nginx = lib.mkDefault true; + ssh = lib.mkDefault true; + kavita = lib.mkDefault true; + jellyfin = lib.mkDefault true; + navidrome = lib.mkDefault true; + spotifyd = lib.mkDefault true; + mpd = lib.mkDefault true; + matrix = lib.mkDefault true; + nextcloud = lib.mkDefault true; + immich = lib.mkDefault true; + paperless = lib.mkDefault true; + transmission = lib.mkDefault true; + syncthing = lib.mkDefault true; + monitoring = lib.mkDefault true; + emacs = lib.mkDefault true; + freshrss = lib.mkDefault true; + + }; }; }; diff --git a/profiles/nixos/personal/default.nix b/profiles/nixos/personal/default.nix index d719c28..715ab88 100644 --- a/profiles/nixos/personal/default.nix +++ b/profiles/nixos/personal/default.nix @@ -44,6 +44,13 @@ lid = lib.mkDefault true; lowBattery = lib.mkDefault true; lanzaboote = lib.mkDefault true; + + optional = { + gaming = lib.mkDefault true; + virtualbox = lib.mkDefault true; + autologin = lib.mkDefault true; + nswitch-rcm = lib.mkDefault true; + }; }; }; diff --git a/profiles/nixos/syncserver/default.nix b/profiles/nixos/syncserver/default.nix index 82ade9d..6782556 100644 --- a/profiles/nixos/syncserver/default.nix +++ b/profiles/nixos/syncserver/default.nix @@ -3,7 +3,6 @@ options.swarselsystems.profiles.server.sync = lib.mkEnableOption "is this a oci sync server"; config = lib.mkIf config.swarselsystems.profiles.server.sync { swarselsystems = { - # common modules modules = { nix-ld = lib.mkDefault true; home-manager = lib.mkDefault true; @@ -14,11 +13,16 @@ time = lib.mkDefault true; users = lib.mkDefault true; }; - # server modules - # server = { - # forgejo = lib.mkDefault true; - # ankisync = lib.mkDefault true; - # }; + server = { + general = lib.mkDefault true; + packages = lib.mkDefault true; + sops = lib.mkDefault true; + nfs = lib.mkDefault true; + nginx = lib.mkDefault true; + ssh = lib.mkDefault true; + forgejo = lib.mkDefault true; + ankisync = lib.mkDefault true; + }; }; }; diff --git a/profiles/nixos/work/default.nix b/profiles/nixos/work/default.nix new file mode 100644 index 0000000..dca896e --- /dev/null +++ b/profiles/nixos/work/default.nix @@ -0,0 +1,13 @@ +{ lib, config, ... }: +{ + options.swarselsystems.profiles.work = lib.mkEnableOption "is this a work host"; + config = lib.mkIf config.swarselsystems.profiles.work { + swarselsystems.modules = { + optional = { + work = lib.mkDefault true; + }; + }; + + }; + +} diff --git a/programs/zellij/layouts/default.kdl.nix b/programs/zellij/layouts/default.kdl.nix index 941c3e9..170115a 100644 --- a/programs/zellij/layouts/default.kdl.nix +++ b/programs/zellij/layouts/default.kdl.nix @@ -103,8 +103,8 @@ in format_center "" format_right "#[bg=#${colors.base00},fg=#${colors.base02}]#[bg=#${colors.base02},fg=#${colors.base01},bold] #[bg=#${colors.base02},fg=#${colors.base01},bold] {session} #[bg=#${colors.base02},fg=#${colors.base01},bold]" format_space "" - format_hide_on_overlength "true" - format_precedence "crl" + format_hide_on_overlength "false" + format_precedence "lcr" border_enabled "false" border_char "─" From e8c405b3f140c7027645221b9c726faefa61baa3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leon=20Schwarz=C3=A4ugl?= Date: Tue, 15 Apr 2025 17:59:20 +0200 Subject: [PATCH 09/13] feat: finalize initial modules, some qol changes --- SwarselSystems.org | 725 +++++++++++++----------- checks/default.nix | 2 +- flake.lock | 17 + flake.nix | 1 + hosts/nixos/sync/default.nix | 2 +- modules/home/common/custom-packages.nix | 1 + modules/home/common/firefox.nix | 2 +- modules/home/common/packages.nix | 3 +- modules/home/common/sway.nix | 2 - modules/home/common/zsh.nix | 54 +- modules/home/optional/gaming.nix | 1 + modules/home/optional/work.nix | 16 + modules/nixos/optional/gaming.nix | 14 +- modules/nixos/optional/virtualbox.nix | 7 +- modules/nixos/server/ankisync.nix | 4 +- modules/nixos/server/emacs.nix | 4 +- modules/nixos/server/forgejo.nix | 4 +- modules/nixos/server/freshrss.nix | 4 +- modules/nixos/server/immich.nix | 4 +- modules/nixos/server/jellyfin.nix | 4 +- modules/nixos/server/jenkins.nix | 4 +- modules/nixos/server/kavita.nix | 4 +- modules/nixos/server/matrix.nix | 4 +- modules/nixos/server/monitoring.nix | 6 +- modules/nixos/server/mpd.nix | 4 +- modules/nixos/server/navidrome.nix | 4 +- modules/nixos/server/nextcloud.nix | 4 +- modules/nixos/server/nfs.nix | 4 +- modules/nixos/server/nginx.nix | 4 +- modules/nixos/server/packages.nix | 4 +- modules/nixos/server/paperless.nix | 4 +- modules/nixos/server/pipewire.nix | 2 +- modules/nixos/server/restic.nix | 4 +- modules/nixos/server/settings.nix | 4 +- modules/nixos/server/sops.nix | 4 +- modules/nixos/server/spotifyd.nix | 4 +- modules/nixos/server/ssh.nix | 4 +- modules/nixos/server/syncthing.nix | 4 +- modules/nixos/server/transmission.nix | 4 +- overlays/default.nix | 8 + pkgs/sshrm/default.nix | 6 + profiles/nixos/localserver/default.nix | 45 +- profiles/nixos/syncserver/default.nix | 20 +- programs/firefox/tridactyl/tridactylrc | 65 ++- scripts/sshrm.sh | 11 + 45 files changed, 632 insertions(+), 470 deletions(-) create mode 100644 pkgs/sshrm/default.nix create mode 100644 scripts/sshrm.sh diff --git a/SwarselSystems.org b/SwarselSystems.org index d9e5b39..a73bec9 100644 --- a/SwarselSystems.org +++ b/SwarselSystems.org @@ -236,6 +236,7 @@ When setting this option normally, the password would normally be written world- nixpkgs.url = "github:nixos/nixpkgs?rev=5f385baff93c728400d2c4ec8c9b0745b8f9e5b6"; nixpkgs-stable.url = "github:NixOS/nixpkgs/nixos-24.11"; + nixpkgs-stable24_11.url = "github:NixOS/nixpkgs/nixos-24.11"; systems.url = "github:nix-systems/default-linux"; home-manager = { url = "github:nix-community/home-manager"; @@ -1528,7 +1529,7 @@ This machine mainly acts as an external sync helper. It manages the following th isLinux = true; isBtrfs = false; flakePath = "/root/.dotfiles"; - server = { + modules.server = { forgejo = true; ankisync = true; }; @@ -3047,8 +3048,6 @@ This program sets up a new NixOS host remotely. It also takes care of secret man :CUSTOM_ID: h:1eabdc59-8832-44ca-a22b-11f848ab150a :END: -This program builds a configuration locally. - #+begin_src shell :tangle scripts/swarsel-rebuild.sh set -eo pipefail @@ -3164,8 +3163,6 @@ This program builds a configuration locally. :CUSTOM_ID: h:fbd8aaf2-9dca-4ca3-aca1-19d0d188a435 :END: -This program sets up a new NixOS host locally. - #+begin_src shell :tangle scripts/swarsel-install.sh set -eo pipefail @@ -3367,8 +3364,6 @@ This program sets up a new NixOS host locally. :CUSTOM_ID: h:c98a7615-e5da-4f47-8ed1-2b2ea65519e9 :END: -This program sets up a new NixOS host locally. - #+begin_src shell :tangle scripts/swarsel-postinstall.sh set -eo pipefail @@ -3462,8 +3457,6 @@ This program sets up a new NixOS host locally. :CUSTOM_ID: h:5ad99997-e54c-4f0b-9ab7-15f76b1e16e1 :END: -This script allows for quick git branch switching. - #+begin_src nix :tangle pkgs/t2ts/default.nix { name, writeShellApplication, ... }: @@ -3482,8 +3475,6 @@ This script allows for quick git branch switching. :CUSTOM_ID: h:5ad99997-e54c-4f0b-9ab7-15f76b1e16e1 :END: -This script allows for quick git branch switching. - #+begin_src nix :tangle pkgs/ts2t/default.nix { name, writeShellApplication, ... }: @@ -3502,8 +3493,6 @@ This script allows for quick git branch switching. :CUSTOM_ID: h:7806b129-a4a5-4d10-af27-6cbeafbcb294 :END: -This script allows for quick git branch switching. - #+begin_src nix :tangle pkgs/vershell/default.nix { name, writeShellApplication, ... }: @@ -3522,8 +3511,6 @@ This script allows for quick git branch switching. :CUSTOM_ID: h:9fda7829-09a4-4b8f-86f6-08b078ab2874 :END: -This script allows for quick git branch switching. - #+begin_src nix :tangle pkgs/eontimer/default.nix { lib , python3 @@ -3720,6 +3707,33 @@ AppImage version of mgba in which the lua scripting works. #+end_src +**** sshrm + +This programs simply runs ssh-keygen on the last host that I tried to ssh into. I need this frequently when working with cloud-init usually. + +#+begin_src shell :tangle scripts/sshrm.sh + HISTFILE="$HOME"/.histfile + + last_ssh_cmd=$(grep -E "ssh " "$HISTFILE" | sed -E 's/^: [0-9]+:[0-9]+;//' | grep "^ssh " | tail -1) + host=$(echo "$last_ssh_cmd" | sed -E 's/.*ssh ([^@ ]+@)?([^ ]+).*/\2/') + + if [[ -n $host ]]; then + echo "Removing SSH host key for: $host" + ssh-keygen -R "$host" + else + echo "No valid SSH command found in history." + fi +#+end_src + +#+begin_src nix :tangle pkgs/sshrm/default.nix + { self, name, writeShellApplication, openssh }: + writeShellApplication { + inherit name; + runtimeInputs = [ openssh ]; + text = builtins.readFile "${self}/scripts/${name}.sh"; + } +#+end_src + *** Overlays (additions, overrides, nixpkgs-stable) :PROPERTIES: :CUSTOM_ID: h:5e3e21e0-57af-4dad-b32f-6400af9b7aab @@ -3772,6 +3786,13 @@ When adding a new entry here, do not forget to add it in the default output of t }; }; + nixpkgs-stable24_05 = final: _: { + stable24_05 = import inputs.nixpkgs-stable { + inherit (final) system; + config.allowUnfree = true; + }; + }; + zjstatus = _: prev: { zjstatus = inputs.zjstatus.packages.${prev.system}.default; }; @@ -3784,6 +3805,7 @@ When adding a new entry here, do not forget to add it in the default output of t (additions final prev) // (modifications final prev) // (nixpkgs-stable final prev) + // (nixpkgs-stable24_05 final prev) // (zjstatus final prev) // (inputs.vbc-nix.overlays.default final prev) // (inputs.nur.overlays.default final prev) @@ -3921,29 +3943,28 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a storeOptimize = lib.mkDefault true; time = lib.mkDefault true; users = lib.mkDefault true; - }; - server = { - general = lib.mkDefault true; - packages = lib.mkDefault true; - sops = lib.mkDefault true; - nfs = lib.mkDefault true; - nginx = lib.mkDefault true; - ssh = lib.mkDefault true; - kavita = lib.mkDefault true; - jellyfin = lib.mkDefault true; - navidrome = lib.mkDefault true; - spotifyd = lib.mkDefault true; - mpd = lib.mkDefault true; - matrix = lib.mkDefault true; - nextcloud = lib.mkDefault true; - immich = lib.mkDefault true; - paperless = lib.mkDefault true; - transmission = lib.mkDefault true; - syncthing = lib.mkDefault true; - monitoring = lib.mkDefault true; - emacs = lib.mkDefault true; - freshrss = lib.mkDefault true; - + server = { + general = lib.mkDefault true; + packages = lib.mkDefault true; + sops = lib.mkDefault true; + nfs = lib.mkDefault true; + nginx = lib.mkDefault true; + ssh = lib.mkDefault true; + kavita = lib.mkDefault true; + jellyfin = lib.mkDefault true; + navidrome = lib.mkDefault true; + spotifyd = lib.mkDefault true; + mpd = lib.mkDefault true; + matrix = lib.mkDefault true; + nextcloud = lib.mkDefault true; + immich = lib.mkDefault true; + paperless = lib.mkDefault true; + transmission = lib.mkDefault true; + syncthing = lib.mkDefault true; + monitoring = lib.mkDefault true; + emacs = lib.mkDefault true; + freshrss = lib.mkDefault true; + }; }; }; }; @@ -3968,16 +3989,16 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a storeOptimize = lib.mkDefault true; time = lib.mkDefault true; users = lib.mkDefault true; - }; - server = { - general = lib.mkDefault true; - packages = lib.mkDefault true; - sops = lib.mkDefault true; - nfs = lib.mkDefault true; - nginx = lib.mkDefault true; - ssh = lib.mkDefault true; - forgejo = lib.mkDefault true; - ankisync = lib.mkDefault true; + server = { + general = lib.mkDefault true; + packages = lib.mkDefault true; + sops = lib.mkDefault true; + nfs = lib.mkDefault true; + nginx = lib.mkDefault true; + ssh = lib.mkDefault true; + forgejo = lib.mkDefault true; + ankisync = lib.mkDefault true; + }; }; }; }; @@ -6182,13 +6203,13 @@ Here we just define some aliases for rebuilding the system, and we allow some in in { options.swarselsystems = { - server.general = lib.mkEnableOption "general setting on server"; + modules.server.general = lib.mkEnableOption "general setting on server"; shellAliases = lib.mkOption { type = lib.types.attrsOf lib.types.str; default = { }; }; }; - config = lib.mkIf config.swarselsystems.server.general { + config = lib.mkIf config.swarselsystems.modules.server.general { environment.shellAliases = lib.recursiveUpdate { npswitch = "cd ${flakePath}; git pull; sudo nixos-rebuild --flake .#$(hostname) switch; cd -;"; @@ -6222,8 +6243,8 @@ Here we just define some aliases for rebuilding the system, and we allow some in #+begin_src nix :tangle modules/nixos/server/packages.nix { lib, config, pkgs, ... }: { - options.swarselsystems.server.packages = lib.mkEnableOption "enable packages on server"; - config = lib.mkIf config.swarselsystems.server.packages { + options.swarselsystems.modules.server.packages = lib.mkEnableOption "enable packages on server"; + config = lib.mkIf config.swarselsystems.modules.server.packages { environment.systemPackages = with pkgs; [ gnupg nix-index @@ -6244,8 +6265,8 @@ Here we just define some aliases for rebuilding the system, and we allow some in #+begin_src nix :tangle modules/nixos/server/sops.nix { config, lib, ... }: { - options.swarselsystems.server.sops = lib.mkEnableOption "enable sops on server"; - config = lib.mkIf config.swarselsystems.server.sops { + options.swarselsystems.modules.server.sops = lib.mkEnableOption "enable sops on server"; + config = lib.mkIf config.swarselsystems.modules.server.sops { sops = { age.sshKeyPaths = lib.mkDefault [ "/etc/ssh/sops" ]; defaultSopsFile = lib.mkDefault "${config.swarselsystems.flakePath}/secrets/winters/secrets.yaml"; @@ -6263,8 +6284,8 @@ Here we just define some aliases for rebuilding the system, and we allow some in #+begin_src nix :tangle modules/nixos/server/nfs.nix { lib, config, pkgs, ... }: { - options.swarselsystems.server.nfs = lib.mkEnableOption "enable nfs on server"; - config = lib.mkIf config.swarselsystems.server.nfs { + options.swarselsystems.modules.server.nfs = lib.mkEnableOption "enable nfs on server"; + config = lib.mkIf config.swarselsystems.modules.server.nfs { services = { # add a user with sudo smbpasswd -a samba = { @@ -6323,8 +6344,8 @@ Here we just define some aliases for rebuilding the system, and we allow some in #+begin_src nix :tangle modules/nixos/server/nginx.nix { pkgs, lib, config, ... }: { - options.swarselsystems.server.nginx = lib.mkEnableOption "enable nginx on server"; - config = lib.mkIf config.swarselsystems.server.nginx { + options.swarselsystems.modules.server.nginx = lib.mkEnableOption "enable nginx on server"; + config = lib.mkIf config.swarselsystems.modules.server.nginx { environment.systemPackages = with pkgs; [ lego ]; @@ -6370,8 +6391,8 @@ Here we just define some aliases for rebuilding the system, and we allow some in #+begin_src nix :tangle modules/nixos/server/ssh.nix { self, lib, config, ... }: { - options.swarselsystems.server.ssh = lib.mkEnableOption "enable ssh on server"; - config = lib.mkIf config.swarselsystems.server.ssh { + options.swarselsystems.modules.server.ssh = lib.mkEnableOption "enable ssh on server"; + config = lib.mkIf config.swarselsystems.modules.server.ssh { services.openssh = { enable = true; }; @@ -6398,8 +6419,8 @@ Here we just define some aliases for rebuilding the system, and we allow some in #+begin_src nix :tangle modules/nixos/server/kavita.nix { pkgs, lib, config, ... }: { - options.swarselsystems.server.kavita = lib.mkEnableOption "enable kavita on server"; - config = lib.mkIf config.swarselsystems.server.kavita { + options.swarselsystems.modules.server.kavita = lib.mkEnableOption "enable kavita on server"; + config = lib.mkIf config.swarselsystems.modules.server.kavita { environment.systemPackages = with pkgs; [ calibre ]; @@ -6449,8 +6470,8 @@ Here we just define some aliases for rebuilding the system, and we allow some in #+begin_src nix :tangle modules/nixos/server/jellyfin.nix { pkgs, lib, config, ... }: { - options.swarselsystems.server.jellyfin = lib.mkEnableOption "enable jellyfin on server"; - config = lib.mkIf config.swarselsystems.server.jellyfin { + options.swarselsystems.modules.server.jellyfin = lib.mkEnableOption "enable jellyfin on server"; + config = lib.mkIf config.swarselsystems.modules.server.jellyfin { users.users.jellyfin = { extraGroups = [ "video" "render" "users" ]; }; @@ -6505,8 +6526,8 @@ Here we just define some aliases for rebuilding the system, and we allow some in secretsDirectory = builtins.toString inputs.nix-secrets; in { - options.swarselsystems.server.navidrome = lib.mkEnableOption "enable navidrome on server"; - config = lib.mkIf config.swarselsystems.server.navidrome { + options.swarselsystems.modules.server.navidrome = lib.mkEnableOption "enable navidrome on server"; + config = lib.mkIf config.swarselsystems.modules.server.navidrome { environment.systemPackages = with pkgs; [ pciutils alsa-utils @@ -6608,8 +6629,8 @@ Here we just define some aliases for rebuilding the system, and we allow some in #+begin_src nix :tangle modules/nixos/server/spotifyd.nix { lib, config, ... }: { - options.swarselsystems.server.spotifyd = lib.mkEnableOption "enable spotifyd on server"; - config = lib.mkIf config.swarselsystems.server.spotifyd { + options.swarselsystems.modules.server.spotifyd = lib.mkEnableOption "enable spotifyd on server"; + config = lib.mkIf config.swarselsystems.modules.server.spotifyd { users.groups.spotifyd = { gid = 65136; }; @@ -6651,8 +6672,8 @@ Here we just define some aliases for rebuilding the system, and we allow some in #+begin_src nix :tangle modules/nixos/server/mpd.nix { pkgs, lib, config, ... }: { - options.swarselsystems.server.mpd = lib.mkEnableOption "enable mpd on server"; - config = lib.mkIf config.swarselsystems.server.mpd { + options.swarselsystems.modules.server.mpd = lib.mkEnableOption "enable mpd on server"; + config = lib.mkIf config.swarselsystems.modules.server.mpd { users = { groups = { mpd = { }; @@ -6711,7 +6732,7 @@ Here we just define some aliases for rebuilding the system, and we allow some in #+begin_src nix :tangle modules/nixos/server/pipewire.nix { lib, config, ... }: { - config = lib.mkIf (config?swarselsystems.server.mpd || config?swarselsystems.server.navidrome) { + config = lib.mkIf (config?swarselsystems.modules.server.mpd || config?swarselsystems.modules.server.navidrome) { security.rtkit.enable = true; # this is required for pipewire real-time access @@ -6750,8 +6771,8 @@ Here we just define some aliases for rebuilding the system, and we allow some in ''; in { - options.swarselsystems.server.matrix = lib.mkEnableOption "enable matrix on server"; - config = lib.mkIf config.swarselsystems.server.matrix { + options.swarselsystems.modules.server.matrix = lib.mkEnableOption "enable matrix on server"; + config = lib.mkIf config.swarselsystems.modules.server.matrix { environment.systemPackages = with pkgs; [ matrix-synapse lottieconverter @@ -7072,8 +7093,8 @@ Here we just define some aliases for rebuilding the system, and we allow some in #+begin_src nix :tangle modules/nixos/server/nextcloud.nix { pkgs, lib, config, ... }: { - options.swarselsystems.server.nextcloud = lib.mkEnableOption "enable nextcloud on server"; - config = lib.mkIf config.swarselsystems.server.nextcloud { + options.swarselsystems.modules.server.nextcloud = lib.mkEnableOption "enable nextcloud on server"; + config = lib.mkIf config.swarselsystems.modules.server.nextcloud { sops.secrets.nextcloudadminpass = { owner = "nextcloud"; @@ -7126,8 +7147,8 @@ Here we just define some aliases for rebuilding the system, and we allow some in #+begin_src nix :tangle modules/nixos/server/immich.nix { lib, config, ... }: { - options.swarselsystems.server.immich = lib.mkEnableOption "enable immich on server"; - config = lib.mkIf config.swarselsystems.server.immich { + options.swarselsystems.modules.server.immich = lib.mkEnableOption "enable immich on server"; + config = lib.mkIf config.swarselsystems.modules.server.immich { users.users.immich = { extraGroups = [ "video" "render" "users" ]; @@ -7184,8 +7205,8 @@ Here we just define some aliases for rebuilding the system, and we allow some in #+begin_src nix :tangle modules/nixos/server/paperless.nix { lib, config, ... }: { - options.swarselsystems.server.paperless = lib.mkEnableOption "enable paperless on server"; - config = lib.mkIf config.swarselsystems.server.paperless { + options.swarselsystems.modules.server.paperless = lib.mkEnableOption "enable paperless on server"; + config = lib.mkIf config.swarselsystems.modules.server.paperless { users.users.paperless = { extraGroups = [ "users" ]; @@ -7243,8 +7264,8 @@ Here we just define some aliases for rebuilding the system, and we allow some in #+begin_src nix :tangle modules/nixos/server/transmission.nix { pkgs, lib, config, ... }: { - options.swarselsystems.server.transmission = lib.mkEnableOption "enable transmission and friends on server"; - config = lib.mkIf config.swarselsystems.server.transmission { + options.swarselsystems.modules.server.transmission = lib.mkEnableOption "enable transmission and friends on server"; + config = lib.mkIf config.swarselsystems.modules.server.transmission { # this user/group section is probably unneeded users = { @@ -7389,8 +7410,8 @@ Here we just define some aliases for rebuilding the system, and we allow some in workHostName = lib.swarselsystems.getSecret "${secretsDirectory}/work/worklaptop-hostname"; in { - options.swarselsystems.server.syncthing = lib.mkEnableOption "enable syncthing on server"; - config = lib.mkIf config.swarselsystems.server.syncthing { + options.swarselsystems.modules.server.syncthing = lib.mkEnableOption "enable syncthing on server"; + config = lib.mkIf config.swarselsystems.modules.server.syncthing { users.users.syncthing = { extraGroups = [ "users" ]; @@ -7510,8 +7531,8 @@ Once this is finished, it will house a restic client that manages automatic back #+begin_src nix :tangle modules/nixos/server/restic.nix { lib, config, ... }: { - options.swarselsystems.server.restic = lib.mkEnableOption "enable restic backups on server"; - config = lib.mkIf config.swarselsystems.server.restic { + options.swarselsystems.modules.server.restic = lib.mkEnableOption "enable restic backups on server"; + config = lib.mkIf config.swarselsystems.modules.server.restic { # TODO @@ -7529,8 +7550,8 @@ This section exposes several metrics that I use to check the health of my server #+begin_src nix :tangle modules/nixos/server/monitoring.nix { self, lib, config, ... }: { - options.swarselsystems.server.monitoring = lib.mkEnableOption "enable monitoring on server"; - config = lib.mkIf config.swarselsystems.server.monitoring { + options.swarselsystems.modules.server.monitoring = lib.mkEnableOption "enable monitoring on server"; + config = lib.mkIf config.swarselsystems.modules.server.monitoring { sops.secrets = { grafanaadminpass = { @@ -7656,7 +7677,7 @@ This section exposes several metrics that I use to check the health of my server sslVerify = false; scrapeUri = "http://localhost/nginx_status"; }; - nextcloud = lib.mkIf config.swarselsystems.server.nextcloud { + nextcloud = lib.mkIf config.swarselsystems.modules.server.nextcloud { enable = true; port = 9205; url = "https://stash.swarsel.win/ocs/v2.php/apps/serverinfo/api/v1/info"; @@ -7706,8 +7727,8 @@ This is a WIP Jenkins instance. It is used to automatically build a new system w #+begin_src nix :tangle modules/nixos/server/jenkins.nix { pkgs, lib, config, ... }: { - options.swarselsystems.server.jenkins = lib.mkEnableOption "enable jenkins on server"; - config = lib.mkIf config.swarselsystems.server.jenkins { + options.swarselsystems.modules.server.jenkins = lib.mkEnableOption "enable jenkins on server"; + config = lib.mkIf config.swarselsystems.modules.server.jenkins { services.jenkins = { enable = true; @@ -7752,8 +7773,8 @@ This was an approach of hosting an RSS server from within emacs. That would have #+begin_src nix :tangle modules/nixos/server/emacs.nix { lib, config, ... }: { - options.swarselsystems.server.emacs = lib.mkEnableOption "enable emacs server on server"; - config = lib.mkIf config.swarselsystems.server.emacs { + options.swarselsystems.modules.server.emacs = lib.mkEnableOption "enable emacs server on server"; + config = lib.mkIf config.swarselsystems.modules.server.emacs { networking.firewall.allowedTCPPorts = [ 9812 ]; @@ -7780,8 +7801,8 @@ It serves both a Greader API at https://signpost.swarsel.win/api/greader.php, as #+begin_src nix :tangle modules/nixos/server/freshrss.nix { lib, config, ... }: { - options.swarselsystems.server.freshrss = lib.mkEnableOption "enable freshrss on server"; - config = lib.mkIf config.swarselsystems.server.freshrss { + options.swarselsystems.modules.server.freshrss = lib.mkEnableOption "enable freshrss on server"; + config = lib.mkIf config.swarselsystems.modules.server.freshrss { users.users.freshrss = { extraGroups = [ "users" ]; @@ -7825,8 +7846,8 @@ It serves both a Greader API at https://signpost.swarsel.win/api/greader.php, as #+begin_src nix :tangle modules/nixos/server/forgejo.nix { lib, config, ... }: { - options.swarselsystems.server.forgejo = lib.mkEnableOption "enable forgejo on server"; - config = lib.mkIf config.swarselsystems.server.forgejo { + options.swarselsystems.modules.server.forgejo = lib.mkEnableOption "enable forgejo on server"; + config = lib.mkIf config.swarselsystems.modules.server.forgejo { networking.firewall.allowedTCPPorts = [ 3000 ]; @@ -7880,8 +7901,8 @@ It serves both a Greader API at https://signpost.swarsel.win/api/greader.php, as #+begin_src nix :tangle modules/nixos/server/ankisync.nix { lib, config, ... }: { - options.swarselsystems.server.ankisync = lib.mkEnableOption "enable ankisync on server"; - config = lib.mkIf config.swarselsystems.server.ankisync { + options.swarselsystems.modules.server.ankisync = lib.mkEnableOption "enable ankisync on server"; + config = lib.mkIf config.swarselsystems.modules.server.ankisync { networking.firewall.allowedTCPPorts = [ 22701 ]; @@ -7975,6 +7996,13 @@ This opens a few gaming ports and installs the steam configuration suite for gam { options.swarselsystems.modules.optional.gaming = lib.mkEnableOption "optional gaming settings"; config = lib.mkIf config.swarselsystems.modules.optional.gaming { + programs.steam = { + enable = true; + package = pkgs.steam; + extraCompatPackages = [ + pkgs.proton-ge-bin + ]; + }; specialisation = { gaming.configuration = { networking = { @@ -7993,13 +8021,6 @@ This opens a few gaming ports and installs the steam configuration suite for gam }; }; - programs.steam = { - enable = true; - package = pkgs.steam; - extraCompatPackages = [ - pkgs.proton-ge-bin - ]; - }; hardware.xone.enable = true; @@ -8023,29 +8044,34 @@ This opens a few gaming ports and installs the steam configuration suite for gam This sets the VirtualBox configuration. Guest should not be enabled if not direly needed, it will make rebuilds unbearably slow. I only use this privately to run an old editor that does not run well under wine, so I put it into it's own specialisation. #+begin_src nix :tangle modules/nixos/optional/virtualbox.nix -{ lib, config, pkgs, ... }: -{ - options.swarselsystems.modules.optional.virtualbox = lib.mkEnableOption "optional VBox settings"; - config = lib.mkIf config.swarselsystems.modules.optional.virtualbox { - specialisation = { - VBox.configuration = { - virtualisation.virtualbox = { - host = { - enable = true; - enableExtensionPack = true; + { lib, config, pkgs, ... }: + { + options.swarselsystems.modules.optional.virtualbox = lib.mkEnableOption "optional VBox settings"; + config = lib.mkIf config.swarselsystems.modules.optional.virtualbox { + specialisation = { + VBox.configuration = { + virtualisation.virtualbox = { + host = { + enable = true; + enableExtensionPack = true; + }; + # leaving this here for future notice. setting guest.enable = true will make 'restarting sysinit-reactivation.target' take till timeout on nixos-rebuild switch + guest = { + enable = false; + }; }; - # leaving this here for future notice. setting guest.enable = true will make 'restarting sysinit-reactivation.target' take till timeout on nixos-rebuild switch - guest = { - enable = false; + # run an older kernel to provide compatibility with windows vm + boot = { + kernelPackages = lib.mkForce pkgs.stable24_05.linuxPackages; + # kernelParams = [ + # "amd_iommu=on" + # ]; }; }; - # run an older kernel to provide compatibility with windows vm - boot.kernelPackages = lib.mkForce pkgs.linuxPackages; }; }; - }; -} + } #+end_src **** VmWare @@ -8811,188 +8837,189 @@ Programming languages and default lsp's are defined here: [[#h:0e7e8bea-ec58-499 This holds packages that I can use as provided, or with small modifications (as in the =texlive= package that needs special configuration). #+begin_src nix :tangle modules/home/common/packages.nix -{ lib, config, pkgs, ... }: + { lib, config, pkgs, ... }: -{ - options.swarselsystems.modules.packages = lib.mkEnableOption "packages settings"; - config = lib.mkIf config.swarselsystems.modules.packages { - home.packages = with pkgs; [ + { + options.swarselsystems.modules.packages = lib.mkEnableOption "packages settings"; + config = lib.mkIf config.swarselsystems.modules.packages { + home.packages = with pkgs; [ - # audio stuff - spek # spectrum analyzer - losslessaudiochecker - ffmpeg_7-full - flac - mediainfo - picard-tools - audacity - sox - stable.feishin - calibre + # audio stuff + spek # spectrum analyzer + losslessaudiochecker + ffmpeg_7-full + flac + mediainfo + picard-tools + audacity + sox + stable.feishin + calibre - # printing - cups - simple-scan + # printing + cups + simple-scan - # dict - (aspellWithDicts (dicts: with dicts; [ de en en-computers en-science ])) + # dict + (aspellWithDicts (dicts: with dicts; [ de en en-computers en-science ])) - # browser - vieb - mgba + # browser + vieb + mgba - # utilities - util-linux - nmap - lsof - nvd - nix-output-monitor - hyprpicker # color picker - findutils - units - vim - sshfs - fuse - ventoy - poppler_utils + # utilities + util-linux + nmap + lsof + nvd + nix-output-monitor + hyprpicker # color picker + findutils + units + vim + sshfs + fuse + ventoy + poppler_utils + vdhcoapp - # nix - alejandra - nixpkgs-fmt - deadnix - statix - nix-tree - nix-diff - nix-visualize - nix-init - nix-inspect - nixpkgs-review - manix - comma + # nix + alejandra + nixpkgs-fmt + deadnix + statix + nix-tree + nix-diff + nix-visualize + nix-init + nix-inspect + nixpkgs-review + manix + comma - # shellscripts - shfmt + # shellscripts + shfmt - # local file sharing - wormhole-rs + # local file sharing + wormhole-rs - # b2 backup @backblaze - restic + # b2 backup @backblaze + restic - # "big" programs - gimp - inkscape - zoom-us - # nomacs - libreoffice-qt - xournalpp - obsidian - spotify - vesktop # discord client - nextcloud-client - spotify-player - element-desktop - nicotine-plus - stable.transmission_3 - mktorrent - hexchat - hugo + # "big" programs + gimp + inkscape + zoom-us + # nomacs + libreoffice-qt + xournalpp + obsidian + spotify + vesktop # discord client + nextcloud-client + spotify-player + element-desktop + nicotine-plus + stable.transmission_3 + mktorrent + hexchat + hugo - # kyria - qmk - qmk-udev-rules + # kyria + qmk + qmk-udev-rules - # firefox related - tridactyl-native + # firefox related + tridactyl-native - # mako related - mako - libnotify + # mako related + mako + libnotify - # general utilities - unrar - samba - cifs-utils - zbar # qr codes - readline - autotiling - brightnessctl - libappindicator-gtk3 - sqlite - speechd - networkmanagerapplet - psmisc # kill etc - lm_sensors - # jq # used for searching the i3 tree in check.sh files + # general utilities + unrar + # samba + cifs-utils + zbar # qr codes + readline + autotiling + brightnessctl + libappindicator-gtk3 + sqlite + speechd + networkmanagerapplet + psmisc # kill etc + lm_sensors + # jq # used for searching the i3 tree in check.sh files - # specifically needed for anki - # mpv - anki-bin + # specifically needed for anki + # mpv + anki-bin - # dirvish file previews - fd - imagemagick - # poppler - ffmpegthumbnailer - mediainfo - gnutar - unzip + # dirvish file previews + fd + imagemagick + # poppler + ffmpegthumbnailer + mediainfo + gnutar + unzip - #nautilus - stable.nautilus - xfce.tumbler - libgsf + #nautilus + stable.nautilus + xfce.tumbler + libgsf - # wayland stuff - wtype - wl-clipboard - stable.wl-mirror - wf-recorder - kanshi + # wayland stuff + wtype + wl-clipboard + stable.wl-mirror + wf-recorder + kanshi - # screenshotting tools - grim - slurp + # screenshotting tools + grim + slurp - # the following packages are used (in some way) by waybar - playerctl - pavucontrol - stable.pamixer - # gnome.gnome-clocks - # wlogout - # jdiskreport - # monitor + # the following packages are used (in some way) by waybar + playerctl + pavucontrol + stable.pamixer + # gnome.gnome-clocks + # wlogout + # jdiskreport + # monitor - #keychain - qalculate-gtk - gcr # needed for gnome-secrets to work - seahorse + #keychain + qalculate-gtk + gcr # needed for gnome-secrets to work + seahorse - # sops-related - sops - ssh-to-age + # sops-related + sops + ssh-to-age - # mail related packages - mu + # mail related packages + mu - # latex and related packages - (texlive.combine { - inherit (pkgs.texlive) scheme-full - dvisvgm dvipng# for preview and export as html - wrapfig amsmath ulem hyperref capt-of; - }) + # latex and related packages + (texlive.combine { + inherit (pkgs.texlive) scheme-full + dvisvgm dvipng# for preview and export as html + wrapfig amsmath ulem hyperref capt-of; + }) - # font stuff - nerd-fonts.fira-mono - nerd-fonts.fira-code - nerd-fonts.symbols-only - noto-fonts-emoji - font-awesome_5 - noto-fonts - noto-fonts-cjk-sans - ]; - }; -} + # font stuff + nerd-fonts.fira-mono + nerd-fonts.fira-code + nerd-fonts.symbols-only + noto-fonts-emoji + font-awesome_5 + noto-fonts + noto-fonts-cjk-sans + ]; + }; + } #+end_src ***** Self-defined @@ -9031,6 +9058,7 @@ This is just a separate container for derivations defined in [[#h:64a5cc16-6b16- swarsel-bootstrap swarsel-displaypower swarselzellij + sshrm rustdesk-vbc ]; @@ -9763,6 +9791,7 @@ The theme is handled by stylix. zsh is the most convenient shell for me and it happens to be super neat to configure within home manager. Here we set some aliases (some of them should be shellApplications instead) as well as some zsh plugins like =fzf-tab=. +Concerning the shell extensions, =zle = will run an existing widget and =zle -N = will make a function available for use. The =my-= functions all remove =.= =/= and =:= from the =WORDCHARS= so that functions will stop there. #+begin_src nix :tangle modules/home/common/zsh.nix { config, pkgs, lib, ... }: @@ -9840,40 +9869,48 @@ Here we set some aliases (some of them should be shellApplications instead) as w } ]; initExtra = '' - bindkey "^[[1;5D" backward-word - bindkey "^[[1;5C" forward-word + my-forward-word() { + local WORDCHARS=$WORDCHARS + WORDCHARS="''${WORDCHARS//:}" + WORDCHARS="''${WORDCHARS//\/}" + WORDCHARS="''${WORDCHARS//.}" + zle backward-word + } + zle -N my-forward-word + # ctrl + right + bindkey "^[[1;5C" my-forward-word + + # shift + right + bindkey "^[[1;2D" forward-word + + my-backward-word() { + local WORDCHARS=$WORDCHARS + WORDCHARS="''${WORDCHARS//:}" + WORDCHARS="''${WORDCHARS//\/}" + WORDCHARS="''${WORDCHARS//.}" + zle forward-word + } + zle -N my-backward-word + # ctrl + left + bindkey "^[[1;5D" -mybackward-word + + # shift + left + bindkey "^[[1;2C" backward-word my-backward-delete-word() { - # Copy the global WORDCHARS variable to a local variable. That way any - # modifications are scoped to this function only local WORDCHARS=$WORDCHARS - # Use bash string manipulation to remove `:` so our delete will stop at it WORDCHARS="''${WORDCHARS//:}" - # Use bash string manipulation to remove `/` so our delete will stop at it WORDCHARS="''${WORDCHARS//\/}" - # Use bash string manipulation to remove `.` so our delete will stop at it WORDCHARS="''${WORDCHARS//.}" - # zle will run an existing widget. zle backward-delete-word } zle -N my-backward-delete-word + # ctrl + del bindkey '^H' my-backward-delete-word - # This will be our `ctrl+alt+w` command - my-backward-delete-whole-word() { - # Copy the global WORDCHARS variable to a local variable. That way any - # modifications are scoped to this function only - local WORDCHARS=$WORDCHARS - # Use bash string manipulation to add `:` to WORDCHARS if it's not present - # already. - [[ ! $WORDCHARS == *":"* ]] && WORDCHARS="$WORDCHARS"":" - # zle will run that widget. - zle backward-delete-word - } - # `zle -N` will create a new widget that we can use on the command line - zle -N my-backward-delete-whole-word - # bind this new widget to `ctrl+alt+w` - bindkey '^W' my-backward-delete-whole-word + # shift + del + bindkey '^?' backward-delete-word + ''; }; }; @@ -10746,7 +10783,7 @@ I used to build the firefox addon =bypass-paywalls-clean= myself here, but the m id = 0; isDefault = true; settings = { - "browser.startup.homepage" = "https://outlook.office.com|https://satellite.vbc.ac.at|https://bitbucket.vbc.ac.at|https://github.com"; + "browser.startup.homepage" = "https://lobste.rs"; }; } config.swarselsystems.firefox; @@ -11309,9 +11346,7 @@ Currently, I am too lazy to explain every option here, but most of it is very se seat * hide_cursor 2000 - exec kanshi exec_always kill -1 $(pidof kanshi) - exec swayosd-server bindswitch --locked lid:on exec kanshictl switch lidclosed bindswitch --locked lid:off exec kanshictl switch lidopen @@ -11584,6 +11619,7 @@ The rest of the settings is at [[#h:fb3f3e01-7df4-4b06-9e91-aa9cac61a431][gaming home.packages = with pkgs; [ lutris wine + protonplus winetricks libudev-zero dwarfs @@ -11672,6 +11708,7 @@ The rest of the settings is at [[#h:bbf2ecb6-c8ff-4462-b5d5-d45b28604ddf][work]] "dc" "cl" "ws" + "work" ]; programs = { @@ -11761,6 +11798,15 @@ The rest of the settings is at [[#h:bbf2ecb6-c8ff-4462-b5d5-d45b28604ddf][work]] id = 3; } config.swarselsystems.firefox; + work = lib.recursiveUpdate + { + inherit isDefault; + id = 4; + settings = { + "browser.startup.homepage" = "https://outlook.office.com|https://satellite.vbc.ac.at|https://bitbucket.vbc.ac.at|https://github.com"; + }; + } + config.swarselsystems.firefox; }; }; @@ -11914,6 +11960,12 @@ The rest of the settings is at [[#h:bbf2ecb6-c8ff-4462-b5d5-d45b28604ddf][work]] icon = "firefox"; in { + firefox_work = { + name = "Firefox (work)"; + genericName = "Firefox work"; + exec = "firefox -p work"; + inherit terminal categories icon; + }; firefox_dc = { name = "Firefox (dc)"; genericName = "Firefox dc"; @@ -15259,30 +15311,49 @@ bindurl ^http(s)?://lobste\.rs c hint -Jc [class="u-url"],[class="comments_label bindurl ^http(s)?://www\.google\.com gi composite focusinput -l ; text.end_of_line " Work -command tab_or_tabopen jsb -p (async () => { let tabs = await browser.tabs.query({}); let tab = tabs.find(t => t.url.includes(JS_ARG)); if (tab) {browser.tabs.update(tab.id, { active: true });} else {tri.excmds.tabopen(JS_ARG);}})() +command tab_or_tabopen jsb -p (async () => { + let tabs = await browser.tabs.query({}); + let tab = tabs.find(t => t.url.includes(JS_ARG)); + if (tab) { + browser.tabs.update(tab.id, { active: true }); + } else { + tri.excmds.tabopen(JS_ARG); + } +})() -bind gwa tab_or_tabopen apic-impimba-1.m.imp.ac.at -bind gwA tab_or_tabopen artifactory.imp.ac.at -bind gwb tab_or_tabopen bitbucket.vbc.ac.at -bind gwc tab_or_tabopen vbc.atlassian.net/wiki -bind gwd tab_or_tabopen datadomain-impimba-2.imp.ac.at -bind gwe tab_or_tabopen exivity.vbc.ac.at -bind gwg tab_or_tabopen github.com -bind gwG tab_or_tabopen goc.egi.eu -bind gwh tab_or_tabopen jupyterhub.vbc.ac.at -bind gwH tab_or_tabopen test-jupyterhub.vbc.ac.at -bind gwj tab_or_tabopen jenkins.vbc.ac.at -bind gwJ tab_or_tabopen test-jenkins.vbc.ac.at -bind gwl tab_or_tabopen lucid.app -bind gwm tab_or_tabopen monitoring.vbc.ac.at/grafana -bind gwM tab_or_tabopen monitoring.vbc.ac.at/prometheus -bind gwn tab_or_tabopen netbox.vbc.ac.at -bind gwN tab_or_tabopen nap.imp.ac.at -bind gwo tab_or_tabopen outlook.office.com -bind gws tab_or_tabopen satellite.vbc.ac.at -bind gwt tab_or_tabopen tower.vbc.ac.at -bind gwv tab_or_tabopen vc-impimba-1.m.imp.ac.at/ui -bind gwx tab_or_tabopen xclarity.vbc.ac.at +command tab_or_tabopen_local jsb -p (async () => { + const currentWindow = await browser.windows.getCurrent(); + const tabs = await browser.tabs.query({ windowId: currentWindow.id }); + const tab = tabs.find(t => t.url.includes(JS_ARG)); + if (tab) { + browser.tabs.update(tab.id, { active: true }); + } else { + tri.excmds.tabopen(JS_ARG); + } +})() + +bind gwa tab_or_tabopen_local apic-impimba-1.m.imp.ac.at +bind gwA tab_or_tabopen_local artifactory.imp.ac.at +bind gwb tab_or_tabopen_local bitbucket.vbc.ac.at +bind gwc tab_or_tabopen_local vbc.atlassian.net/wiki +bind gwd tab_or_tabopen_local datadomain-impimba-2.imp.ac.at +bind gwe tab_or_tabopen_local exivity.vbc.ac.at +bind gwg tab_or_tabopen_local github.com +bind gwG tab_or_tabopen_local goc.egi.eu +bind gwh tab_or_tabopen_local jupyterhub.vbc.ac.at +bind gwH tab_or_tabopen_local test-jupyterhub.vbc.ac.at +bind gwj tab_or_tabopen_local jenkins.vbc.ac.at +bind gwJ tab_or_tabopen_local test-jenkins.vbc.ac.at +bind gwl tab_or_tabopen_local lucid.app +bind gwm tab_or_tabopen_local monitoring.vbc.ac.at/grafana +bind gwM tab_or_tabopen_local monitoring.vbc.ac.at/prometheus +bind gwn tab_or_tabopen_local netbox.vbc.ac.at +bind gwN tab_or_tabopen_local nap.imp.ac.at +bind gwo tab_or_tabopen_local outlook.office.com +bind gws tab_or_tabopen_local satellite.vbc.ac.at +bind gwt tab_or_tabopen_local tower.vbc.ac.at +bind gwv tab_or_tabopen_local vc-impimba-1.m.imp.ac.at/ui +bind gwx tab_or_tabopen_local xclarity.vbc.ac.at " Search in page set findcase smart diff --git a/checks/default.nix b/checks/default.nix index 4830423..bc7b41c 100644 --- a/checks/default.nix +++ b/checks/default.nix @@ -12,7 +12,7 @@ detect-private-keys.enable = true; end-of-file-fixer.enable = true; fix-byte-order-marker.enable = true; - flake-checker.enable = true; + flake-checker.enable = false; forbid-new-submodules.enable = true; mixed-line-endings.enable = true; nixpkgs-fmt.enable = true; diff --git a/flake.lock b/flake.lock index a9c1666..f33e468 100644 --- a/flake.lock +++ b/flake.lock @@ -1006,6 +1006,22 @@ "type": "github" } }, + "nixpkgs-stable24_11": { + "locked": { + "lastModified": 1744309437, + "narHash": "sha256-QZnNHM823am8apCqKSPdtnzPGTy2ZB4zIXOVoBp5+W0=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "f9ebe33a928b5d529c895202263a5ce46bdf12f7", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-24.11", + "repo": "nixpkgs", + "type": "github" + } + }, "nixpkgs-stable_2": { "locked": { "lastModified": 1741600792, @@ -1375,6 +1391,7 @@ "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs_5", "nixpkgs-stable": "nixpkgs-stable_2", + "nixpkgs-stable24_11": "nixpkgs-stable24_11", "nswitch-rcm-nix": "nswitch-rcm-nix", "nur": "nur", "pre-commit-hooks": "pre-commit-hooks_2", diff --git a/flake.nix b/flake.nix index 39ca86c..81e7add 100644 --- a/flake.nix +++ b/flake.nix @@ -15,6 +15,7 @@ nixpkgs.url = "github:nixos/nixpkgs?rev=5f385baff93c728400d2c4ec8c9b0745b8f9e5b6"; nixpkgs-stable.url = "github:NixOS/nixpkgs/nixos-24.11"; + nixpkgs-stable24_11.url = "github:NixOS/nixpkgs/nixos-24.11"; systems.url = "github:nix-systems/default-linux"; home-manager = { url = "github:nix-community/home-manager"; diff --git a/hosts/nixos/sync/default.nix b/hosts/nixos/sync/default.nix index 1a8f47f..2967f59 100644 --- a/hosts/nixos/sync/default.nix +++ b/hosts/nixos/sync/default.nix @@ -86,7 +86,7 @@ in isLinux = true; isBtrfs = false; flakePath = "/root/.dotfiles"; - server = { + modules.server = { forgejo = true; ankisync = true; }; diff --git a/modules/home/common/custom-packages.nix b/modules/home/common/custom-packages.nix index df4253a..70dc90d 100644 --- a/modules/home/common/custom-packages.nix +++ b/modules/home/common/custom-packages.nix @@ -26,6 +26,7 @@ swarsel-bootstrap swarsel-displaypower swarselzellij + sshrm rustdesk-vbc ]; diff --git a/modules/home/common/firefox.nix b/modules/home/common/firefox.nix index 9fd99d2..0095a39 100644 --- a/modules/home/common/firefox.nix +++ b/modules/home/common/firefox.nix @@ -140,7 +140,7 @@ id = 0; isDefault = true; settings = { - "browser.startup.homepage" = "https://outlook.office.com|https://satellite.vbc.ac.at|https://bitbucket.vbc.ac.at|https://github.com"; + "browser.startup.homepage" = "https://lobste.rs"; }; } config.swarselsystems.firefox; diff --git a/modules/home/common/packages.nix b/modules/home/common/packages.nix index 220a665..9498224 100644 --- a/modules/home/common/packages.nix +++ b/modules/home/common/packages.nix @@ -42,6 +42,7 @@ fuse ventoy poppler_utils + vdhcoapp # nix alejandra @@ -98,7 +99,7 @@ # general utilities unrar - samba + # samba cifs-utils zbar # qr codes readline diff --git a/modules/home/common/sway.nix b/modules/home/common/sway.nix index ad71d02..f996935 100644 --- a/modules/home/common/sway.nix +++ b/modules/home/common/sway.nix @@ -392,9 +392,7 @@ seat * hide_cursor 2000 - exec kanshi exec_always kill -1 $(pidof kanshi) - exec swayosd-server bindswitch --locked lid:on exec kanshictl switch lidclosed bindswitch --locked lid:off exec kanshictl switch lidopen diff --git a/modules/home/common/zsh.nix b/modules/home/common/zsh.nix index e00f235..d1b53ac 100644 --- a/modules/home/common/zsh.nix +++ b/modules/home/common/zsh.nix @@ -73,40 +73,48 @@ in } ]; initExtra = '' - bindkey "^[[1;5D" backward-word - bindkey "^[[1;5C" forward-word + my-forward-word() { + local WORDCHARS=$WORDCHARS + WORDCHARS="''${WORDCHARS//:}" + WORDCHARS="''${WORDCHARS//\/}" + WORDCHARS="''${WORDCHARS//.}" + zle backward-word + } + zle -N my-forward-word + # ctrl + right + bindkey "^[[1;5C" my-forward-word + + # shift + right + bindkey "^[[1;2D" forward-word + + my-backward-word() { + local WORDCHARS=$WORDCHARS + WORDCHARS="''${WORDCHARS//:}" + WORDCHARS="''${WORDCHARS//\/}" + WORDCHARS="''${WORDCHARS//.}" + zle forward-word + } + zle -N my-backward-word + # ctrl + left + bindkey "^[[1;5D" -mybackward-word + + # shift + left + bindkey "^[[1;2C" backward-word my-backward-delete-word() { - # Copy the global WORDCHARS variable to a local variable. That way any - # modifications are scoped to this function only local WORDCHARS=$WORDCHARS - # Use bash string manipulation to remove `:` so our delete will stop at it WORDCHARS="''${WORDCHARS//:}" - # Use bash string manipulation to remove `/` so our delete will stop at it WORDCHARS="''${WORDCHARS//\/}" - # Use bash string manipulation to remove `.` so our delete will stop at it WORDCHARS="''${WORDCHARS//.}" - # zle will run an existing widget. zle backward-delete-word } zle -N my-backward-delete-word + # ctrl + del bindkey '^H' my-backward-delete-word - # This will be our `ctrl+alt+w` command - my-backward-delete-whole-word() { - # Copy the global WORDCHARS variable to a local variable. That way any - # modifications are scoped to this function only - local WORDCHARS=$WORDCHARS - # Use bash string manipulation to add `:` to WORDCHARS if it's not present - # already. - [[ ! $WORDCHARS == *":"* ]] && WORDCHARS="$WORDCHARS"":" - # zle will run that widget. - zle backward-delete-word - } - # `zle -N` will create a new widget that we can use on the command line - zle -N my-backward-delete-whole-word - # bind this new widget to `ctrl+alt+w` - bindkey '^W' my-backward-delete-whole-word + # shift + del + bindkey '^?' backward-delete-word + ''; }; }; diff --git a/modules/home/optional/gaming.nix b/modules/home/optional/gaming.nix index 9891806..e55718c 100644 --- a/modules/home/optional/gaming.nix +++ b/modules/home/optional/gaming.nix @@ -7,6 +7,7 @@ home.packages = with pkgs; [ lutris wine + protonplus winetricks libudev-zero dwarfs diff --git a/modules/home/optional/work.nix b/modules/home/optional/work.nix index 407aa37..d1f148f 100644 --- a/modules/home/optional/work.nix +++ b/modules/home/optional/work.nix @@ -46,6 +46,7 @@ in "dc" "cl" "ws" + "work" ]; programs = { @@ -135,6 +136,15 @@ in id = 3; } config.swarselsystems.firefox; + work = lib.recursiveUpdate + { + inherit isDefault; + id = 4; + settings = { + "browser.startup.homepage" = "https://outlook.office.com|https://satellite.vbc.ac.at|https://bitbucket.vbc.ac.at|https://github.com"; + }; + } + config.swarselsystems.firefox; }; }; @@ -288,6 +298,12 @@ in icon = "firefox"; in { + firefox_work = { + name = "Firefox (work)"; + genericName = "Firefox work"; + exec = "firefox -p work"; + inherit terminal categories icon; + }; firefox_dc = { name = "Firefox (dc)"; genericName = "Firefox dc"; diff --git a/modules/nixos/optional/gaming.nix b/modules/nixos/optional/gaming.nix index 5e601d0..16f0e55 100644 --- a/modules/nixos/optional/gaming.nix +++ b/modules/nixos/optional/gaming.nix @@ -2,6 +2,13 @@ { options.swarselsystems.modules.optional.gaming = lib.mkEnableOption "optional gaming settings"; config = lib.mkIf config.swarselsystems.modules.optional.gaming { + programs.steam = { + enable = true; + package = pkgs.steam; + extraCompatPackages = [ + pkgs.proton-ge-bin + ]; + }; specialisation = { gaming.configuration = { networking = { @@ -20,13 +27,6 @@ }; }; - programs.steam = { - enable = true; - package = pkgs.steam; - extraCompatPackages = [ - pkgs.proton-ge-bin - ]; - }; hardware.xone.enable = true; diff --git a/modules/nixos/optional/virtualbox.nix b/modules/nixos/optional/virtualbox.nix index 060f2bb..4953b74 100644 --- a/modules/nixos/optional/virtualbox.nix +++ b/modules/nixos/optional/virtualbox.nix @@ -15,7 +15,12 @@ }; }; # run an older kernel to provide compatibility with windows vm - boot.kernelPackages = lib.mkForce pkgs.linuxPackages; + boot = { + kernelPackages = lib.mkForce pkgs.stable24_05.linuxPackages; + # kernelParams = [ + # "amd_iommu=on" + # ]; + }; }; }; }; diff --git a/modules/nixos/server/ankisync.nix b/modules/nixos/server/ankisync.nix index 08dbbb5..70e242c 100644 --- a/modules/nixos/server/ankisync.nix +++ b/modules/nixos/server/ankisync.nix @@ -1,7 +1,7 @@ { lib, config, ... }: { - options.swarselsystems.server.ankisync = lib.mkEnableOption "enable ankisync on server"; - config = lib.mkIf config.swarselsystems.server.ankisync { + options.swarselsystems.modules.server.ankisync = lib.mkEnableOption "enable ankisync on server"; + config = lib.mkIf config.swarselsystems.modules.server.ankisync { networking.firewall.allowedTCPPorts = [ 22701 ]; diff --git a/modules/nixos/server/emacs.nix b/modules/nixos/server/emacs.nix index 9744c4d..0313ca1 100644 --- a/modules/nixos/server/emacs.nix +++ b/modules/nixos/server/emacs.nix @@ -1,7 +1,7 @@ { lib, config, ... }: { - options.swarselsystems.server.emacs = lib.mkEnableOption "enable emacs server on server"; - config = lib.mkIf config.swarselsystems.server.emacs { + options.swarselsystems.modules.server.emacs = lib.mkEnableOption "enable emacs server on server"; + config = lib.mkIf config.swarselsystems.modules.server.emacs { networking.firewall.allowedTCPPorts = [ 9812 ]; diff --git a/modules/nixos/server/forgejo.nix b/modules/nixos/server/forgejo.nix index 0b85e6c..7d67777 100644 --- a/modules/nixos/server/forgejo.nix +++ b/modules/nixos/server/forgejo.nix @@ -1,7 +1,7 @@ { lib, config, ... }: { - options.swarselsystems.server.forgejo = lib.mkEnableOption "enable forgejo on server"; - config = lib.mkIf config.swarselsystems.server.forgejo { + options.swarselsystems.modules.server.forgejo = lib.mkEnableOption "enable forgejo on server"; + config = lib.mkIf config.swarselsystems.modules.server.forgejo { networking.firewall.allowedTCPPorts = [ 3000 ]; diff --git a/modules/nixos/server/freshrss.nix b/modules/nixos/server/freshrss.nix index ab8b783..9687b0f 100644 --- a/modules/nixos/server/freshrss.nix +++ b/modules/nixos/server/freshrss.nix @@ -1,7 +1,7 @@ { lib, config, ... }: { - options.swarselsystems.server.freshrss = lib.mkEnableOption "enable freshrss on server"; - config = lib.mkIf config.swarselsystems.server.freshrss { + options.swarselsystems.modules.server.freshrss = lib.mkEnableOption "enable freshrss on server"; + config = lib.mkIf config.swarselsystems.modules.server.freshrss { users.users.freshrss = { extraGroups = [ "users" ]; diff --git a/modules/nixos/server/immich.nix b/modules/nixos/server/immich.nix index 9079710..b3b5696 100644 --- a/modules/nixos/server/immich.nix +++ b/modules/nixos/server/immich.nix @@ -1,7 +1,7 @@ { lib, config, ... }: { - options.swarselsystems.server.immich = lib.mkEnableOption "enable immich on server"; - config = lib.mkIf config.swarselsystems.server.immich { + options.swarselsystems.modules.server.immich = lib.mkEnableOption "enable immich on server"; + config = lib.mkIf config.swarselsystems.modules.server.immich { users.users.immich = { extraGroups = [ "video" "render" "users" ]; diff --git a/modules/nixos/server/jellyfin.nix b/modules/nixos/server/jellyfin.nix index c61bdb6..fed9749 100644 --- a/modules/nixos/server/jellyfin.nix +++ b/modules/nixos/server/jellyfin.nix @@ -1,7 +1,7 @@ { pkgs, lib, config, ... }: { - options.swarselsystems.server.jellyfin = lib.mkEnableOption "enable jellyfin on server"; - config = lib.mkIf config.swarselsystems.server.jellyfin { + options.swarselsystems.modules.server.jellyfin = lib.mkEnableOption "enable jellyfin on server"; + config = lib.mkIf config.swarselsystems.modules.server.jellyfin { users.users.jellyfin = { extraGroups = [ "video" "render" "users" ]; }; diff --git a/modules/nixos/server/jenkins.nix b/modules/nixos/server/jenkins.nix index ea860bb..09e4655 100644 --- a/modules/nixos/server/jenkins.nix +++ b/modules/nixos/server/jenkins.nix @@ -1,7 +1,7 @@ { pkgs, lib, config, ... }: { - options.swarselsystems.server.jenkins = lib.mkEnableOption "enable jenkins on server"; - config = lib.mkIf config.swarselsystems.server.jenkins { + options.swarselsystems.modules.server.jenkins = lib.mkEnableOption "enable jenkins on server"; + config = lib.mkIf config.swarselsystems.modules.server.jenkins { services.jenkins = { enable = true; diff --git a/modules/nixos/server/kavita.nix b/modules/nixos/server/kavita.nix index 235f076..718729a 100644 --- a/modules/nixos/server/kavita.nix +++ b/modules/nixos/server/kavita.nix @@ -1,7 +1,7 @@ { pkgs, lib, config, ... }: { - options.swarselsystems.server.kavita = lib.mkEnableOption "enable kavita on server"; - config = lib.mkIf config.swarselsystems.server.kavita { + options.swarselsystems.modules.server.kavita = lib.mkEnableOption "enable kavita on server"; + config = lib.mkIf config.swarselsystems.modules.server.kavita { environment.systemPackages = with pkgs; [ calibre ]; diff --git a/modules/nixos/server/matrix.nix b/modules/nixos/server/matrix.nix index 1d9626a..1fd743c 100644 --- a/modules/nixos/server/matrix.nix +++ b/modules/nixos/server/matrix.nix @@ -11,8 +11,8 @@ let ''; in { - options.swarselsystems.server.matrix = lib.mkEnableOption "enable matrix on server"; - config = lib.mkIf config.swarselsystems.server.matrix { + options.swarselsystems.modules.server.matrix = lib.mkEnableOption "enable matrix on server"; + config = lib.mkIf config.swarselsystems.modules.server.matrix { environment.systemPackages = with pkgs; [ matrix-synapse lottieconverter diff --git a/modules/nixos/server/monitoring.nix b/modules/nixos/server/monitoring.nix index 55ad1e7..13444ca 100644 --- a/modules/nixos/server/monitoring.nix +++ b/modules/nixos/server/monitoring.nix @@ -1,7 +1,7 @@ { self, lib, config, ... }: { - options.swarselsystems.server.monitoring = lib.mkEnableOption "enable monitoring on server"; - config = lib.mkIf config.swarselsystems.server.monitoring { + options.swarselsystems.modules.server.monitoring = lib.mkEnableOption "enable monitoring on server"; + config = lib.mkIf config.swarselsystems.modules.server.monitoring { sops.secrets = { grafanaadminpass = { @@ -127,7 +127,7 @@ sslVerify = false; scrapeUri = "http://localhost/nginx_status"; }; - nextcloud = lib.mkIf config.swarselsystems.server.nextcloud { + nextcloud = lib.mkIf config.swarselsystems.modules.server.nextcloud { enable = true; port = 9205; url = "https://stash.swarsel.win/ocs/v2.php/apps/serverinfo/api/v1/info"; diff --git a/modules/nixos/server/mpd.nix b/modules/nixos/server/mpd.nix index 2a22e21..2188ec8 100644 --- a/modules/nixos/server/mpd.nix +++ b/modules/nixos/server/mpd.nix @@ -1,7 +1,7 @@ { pkgs, lib, config, ... }: { - options.swarselsystems.server.mpd = lib.mkEnableOption "enable mpd on server"; - config = lib.mkIf config.swarselsystems.server.mpd { + options.swarselsystems.modules.server.mpd = lib.mkEnableOption "enable mpd on server"; + config = lib.mkIf config.swarselsystems.modules.server.mpd { users = { groups = { mpd = { }; diff --git a/modules/nixos/server/navidrome.nix b/modules/nixos/server/navidrome.nix index d787df6..338fe02 100644 --- a/modules/nixos/server/navidrome.nix +++ b/modules/nixos/server/navidrome.nix @@ -3,8 +3,8 @@ let secretsDirectory = builtins.toString inputs.nix-secrets; in { - options.swarselsystems.server.navidrome = lib.mkEnableOption "enable navidrome on server"; - config = lib.mkIf config.swarselsystems.server.navidrome { + options.swarselsystems.modules.server.navidrome = lib.mkEnableOption "enable navidrome on server"; + config = lib.mkIf config.swarselsystems.modules.server.navidrome { environment.systemPackages = with pkgs; [ pciutils alsa-utils diff --git a/modules/nixos/server/nextcloud.nix b/modules/nixos/server/nextcloud.nix index 5805fa5..fa815cb 100644 --- a/modules/nixos/server/nextcloud.nix +++ b/modules/nixos/server/nextcloud.nix @@ -1,7 +1,7 @@ { pkgs, lib, config, ... }: { - options.swarselsystems.server.nextcloud = lib.mkEnableOption "enable nextcloud on server"; - config = lib.mkIf config.swarselsystems.server.nextcloud { + options.swarselsystems.modules.server.nextcloud = lib.mkEnableOption "enable nextcloud on server"; + config = lib.mkIf config.swarselsystems.modules.server.nextcloud { sops.secrets.nextcloudadminpass = { owner = "nextcloud"; diff --git a/modules/nixos/server/nfs.nix b/modules/nixos/server/nfs.nix index f7f1f65..edd061c 100644 --- a/modules/nixos/server/nfs.nix +++ b/modules/nixos/server/nfs.nix @@ -1,7 +1,7 @@ { lib, config, pkgs, ... }: { - options.swarselsystems.server.nfs = lib.mkEnableOption "enable nfs on server"; - config = lib.mkIf config.swarselsystems.server.nfs { + options.swarselsystems.modules.server.nfs = lib.mkEnableOption "enable nfs on server"; + config = lib.mkIf config.swarselsystems.modules.server.nfs { services = { # add a user with sudo smbpasswd -a samba = { diff --git a/modules/nixos/server/nginx.nix b/modules/nixos/server/nginx.nix index e4c8f9d..1538550 100644 --- a/modules/nixos/server/nginx.nix +++ b/modules/nixos/server/nginx.nix @@ -1,7 +1,7 @@ { pkgs, lib, config, ... }: { - options.swarselsystems.server.nginx = lib.mkEnableOption "enable nginx on server"; - config = lib.mkIf config.swarselsystems.server.nginx { + options.swarselsystems.modules.server.nginx = lib.mkEnableOption "enable nginx on server"; + config = lib.mkIf config.swarselsystems.modules.server.nginx { environment.systemPackages = with pkgs; [ lego ]; diff --git a/modules/nixos/server/packages.nix b/modules/nixos/server/packages.nix index 4acbd22..61c8bf5 100644 --- a/modules/nixos/server/packages.nix +++ b/modules/nixos/server/packages.nix @@ -1,7 +1,7 @@ { lib, config, pkgs, ... }: { - options.swarselsystems.server.packages = lib.mkEnableOption "enable packages on server"; - config = lib.mkIf config.swarselsystems.server.packages { + options.swarselsystems.modules.server.packages = lib.mkEnableOption "enable packages on server"; + config = lib.mkIf config.swarselsystems.modules.server.packages { environment.systemPackages = with pkgs; [ gnupg nix-index diff --git a/modules/nixos/server/paperless.nix b/modules/nixos/server/paperless.nix index 9fdb442..04b931a 100644 --- a/modules/nixos/server/paperless.nix +++ b/modules/nixos/server/paperless.nix @@ -1,7 +1,7 @@ { lib, config, ... }: { - options.swarselsystems.server.paperless = lib.mkEnableOption "enable paperless on server"; - config = lib.mkIf config.swarselsystems.server.paperless { + options.swarselsystems.modules.server.paperless = lib.mkEnableOption "enable paperless on server"; + config = lib.mkIf config.swarselsystems.modules.server.paperless { users.users.paperless = { extraGroups = [ "users" ]; diff --git a/modules/nixos/server/pipewire.nix b/modules/nixos/server/pipewire.nix index 98ffe1a..faf8e90 100644 --- a/modules/nixos/server/pipewire.nix +++ b/modules/nixos/server/pipewire.nix @@ -1,6 +1,6 @@ { lib, config, ... }: { - config = lib.mkIf (config?swarselsystems.server.mpd || config?swarselsystems.server.navidrome) { + config = lib.mkIf (config?swarselsystems.modules.server.mpd || config?swarselsystems.modules.server.navidrome) { security.rtkit.enable = true; # this is required for pipewire real-time access diff --git a/modules/nixos/server/restic.nix b/modules/nixos/server/restic.nix index 5fb7c75..e5b092c 100644 --- a/modules/nixos/server/restic.nix +++ b/modules/nixos/server/restic.nix @@ -1,7 +1,7 @@ { lib, config, ... }: { - options.swarselsystems.server.restic = lib.mkEnableOption "enable restic backups on server"; - config = lib.mkIf config.swarselsystems.server.restic { + options.swarselsystems.modules.server.restic = lib.mkEnableOption "enable restic backups on server"; + config = lib.mkIf config.swarselsystems.modules.server.restic { # TODO diff --git a/modules/nixos/server/settings.nix b/modules/nixos/server/settings.nix index 68fd267..e3e9043 100644 --- a/modules/nixos/server/settings.nix +++ b/modules/nixos/server/settings.nix @@ -4,13 +4,13 @@ let in { options.swarselsystems = { - server.general = lib.mkEnableOption "general setting on server"; + modules.server.general = lib.mkEnableOption "general setting on server"; shellAliases = lib.mkOption { type = lib.types.attrsOf lib.types.str; default = { }; }; }; - config = lib.mkIf config.swarselsystems.server.general { + config = lib.mkIf config.swarselsystems.modules.server.general { environment.shellAliases = lib.recursiveUpdate { npswitch = "cd ${flakePath}; git pull; sudo nixos-rebuild --flake .#$(hostname) switch; cd -;"; diff --git a/modules/nixos/server/sops.nix b/modules/nixos/server/sops.nix index cfe40e4..ca01032 100644 --- a/modules/nixos/server/sops.nix +++ b/modules/nixos/server/sops.nix @@ -1,7 +1,7 @@ { config, lib, ... }: { - options.swarselsystems.server.sops = lib.mkEnableOption "enable sops on server"; - config = lib.mkIf config.swarselsystems.server.sops { + options.swarselsystems.modules.server.sops = lib.mkEnableOption "enable sops on server"; + config = lib.mkIf config.swarselsystems.modules.server.sops { sops = { age.sshKeyPaths = lib.mkDefault [ "/etc/ssh/sops" ]; defaultSopsFile = lib.mkDefault "${config.swarselsystems.flakePath}/secrets/winters/secrets.yaml"; diff --git a/modules/nixos/server/spotifyd.nix b/modules/nixos/server/spotifyd.nix index b48c595..329d712 100644 --- a/modules/nixos/server/spotifyd.nix +++ b/modules/nixos/server/spotifyd.nix @@ -1,7 +1,7 @@ { lib, config, ... }: { - options.swarselsystems.server.spotifyd = lib.mkEnableOption "enable spotifyd on server"; - config = lib.mkIf config.swarselsystems.server.spotifyd { + options.swarselsystems.modules.server.spotifyd = lib.mkEnableOption "enable spotifyd on server"; + config = lib.mkIf config.swarselsystems.modules.server.spotifyd { users.groups.spotifyd = { gid = 65136; }; diff --git a/modules/nixos/server/ssh.nix b/modules/nixos/server/ssh.nix index 0c1b376..09f5eef 100644 --- a/modules/nixos/server/ssh.nix +++ b/modules/nixos/server/ssh.nix @@ -1,7 +1,7 @@ { self, lib, config, ... }: { - options.swarselsystems.server.ssh = lib.mkEnableOption "enable ssh on server"; - config = lib.mkIf config.swarselsystems.server.ssh { + options.swarselsystems.modules.server.ssh = lib.mkEnableOption "enable ssh on server"; + config = lib.mkIf config.swarselsystems.modules.server.ssh { services.openssh = { enable = true; }; diff --git a/modules/nixos/server/syncthing.nix b/modules/nixos/server/syncthing.nix index 5509544..8837dd7 100644 --- a/modules/nixos/server/syncthing.nix +++ b/modules/nixos/server/syncthing.nix @@ -4,8 +4,8 @@ let workHostName = lib.swarselsystems.getSecret "${secretsDirectory}/work/worklaptop-hostname"; in { - options.swarselsystems.server.syncthing = lib.mkEnableOption "enable syncthing on server"; - config = lib.mkIf config.swarselsystems.server.syncthing { + options.swarselsystems.modules.server.syncthing = lib.mkEnableOption "enable syncthing on server"; + config = lib.mkIf config.swarselsystems.modules.server.syncthing { users.users.syncthing = { extraGroups = [ "users" ]; diff --git a/modules/nixos/server/transmission.nix b/modules/nixos/server/transmission.nix index bf0531d..cf22e77 100644 --- a/modules/nixos/server/transmission.nix +++ b/modules/nixos/server/transmission.nix @@ -1,7 +1,7 @@ { pkgs, lib, config, ... }: { - options.swarselsystems.server.transmission = lib.mkEnableOption "enable transmission and friends on server"; - config = lib.mkIf config.swarselsystems.server.transmission { + options.swarselsystems.modules.server.transmission = lib.mkEnableOption "enable transmission and friends on server"; + config = lib.mkIf config.swarselsystems.modules.server.transmission { # this user/group section is probably unneeded users = { diff --git a/overlays/default.nix b/overlays/default.nix index dc93f8e..83625a9 100644 --- a/overlays/default.nix +++ b/overlays/default.nix @@ -40,6 +40,13 @@ let }; }; + nixpkgs-stable24_05 = final: _: { + stable24_05 = import inputs.nixpkgs-stable { + inherit (final) system; + config.allowUnfree = true; + }; + }; + zjstatus = _: prev: { zjstatus = inputs.zjstatus.packages.${prev.system}.default; }; @@ -52,6 +59,7 @@ in (additions final prev) // (modifications final prev) // (nixpkgs-stable final prev) + // (nixpkgs-stable24_05 final prev) // (zjstatus final prev) // (inputs.vbc-nix.overlays.default final prev) // (inputs.nur.overlays.default final prev) diff --git a/pkgs/sshrm/default.nix b/pkgs/sshrm/default.nix new file mode 100644 index 0000000..6c3749b --- /dev/null +++ b/pkgs/sshrm/default.nix @@ -0,0 +1,6 @@ +{ self, name, writeShellApplication, openssh }: +writeShellApplication { + inherit name; + runtimeInputs = [ openssh ]; + text = builtins.readFile "${self}/scripts/${name}.sh"; +} diff --git a/profiles/nixos/localserver/default.nix b/profiles/nixos/localserver/default.nix index 09af340..d7b3329 100644 --- a/profiles/nixos/localserver/default.nix +++ b/profiles/nixos/localserver/default.nix @@ -12,29 +12,28 @@ storeOptimize = lib.mkDefault true; time = lib.mkDefault true; users = lib.mkDefault true; - }; - server = { - general = lib.mkDefault true; - packages = lib.mkDefault true; - sops = lib.mkDefault true; - nfs = lib.mkDefault true; - nginx = lib.mkDefault true; - ssh = lib.mkDefault true; - kavita = lib.mkDefault true; - jellyfin = lib.mkDefault true; - navidrome = lib.mkDefault true; - spotifyd = lib.mkDefault true; - mpd = lib.mkDefault true; - matrix = lib.mkDefault true; - nextcloud = lib.mkDefault true; - immich = lib.mkDefault true; - paperless = lib.mkDefault true; - transmission = lib.mkDefault true; - syncthing = lib.mkDefault true; - monitoring = lib.mkDefault true; - emacs = lib.mkDefault true; - freshrss = lib.mkDefault true; - + server = { + general = lib.mkDefault true; + packages = lib.mkDefault true; + sops = lib.mkDefault true; + nfs = lib.mkDefault true; + nginx = lib.mkDefault true; + ssh = lib.mkDefault true; + kavita = lib.mkDefault true; + jellyfin = lib.mkDefault true; + navidrome = lib.mkDefault true; + spotifyd = lib.mkDefault true; + mpd = lib.mkDefault true; + matrix = lib.mkDefault true; + nextcloud = lib.mkDefault true; + immich = lib.mkDefault true; + paperless = lib.mkDefault true; + transmission = lib.mkDefault true; + syncthing = lib.mkDefault true; + monitoring = lib.mkDefault true; + emacs = lib.mkDefault true; + freshrss = lib.mkDefault true; + }; }; }; }; diff --git a/profiles/nixos/syncserver/default.nix b/profiles/nixos/syncserver/default.nix index 6782556..a26ce36 100644 --- a/profiles/nixos/syncserver/default.nix +++ b/profiles/nixos/syncserver/default.nix @@ -12,16 +12,16 @@ storeOptimize = lib.mkDefault true; time = lib.mkDefault true; users = lib.mkDefault true; - }; - server = { - general = lib.mkDefault true; - packages = lib.mkDefault true; - sops = lib.mkDefault true; - nfs = lib.mkDefault true; - nginx = lib.mkDefault true; - ssh = lib.mkDefault true; - forgejo = lib.mkDefault true; - ankisync = lib.mkDefault true; + server = { + general = lib.mkDefault true; + packages = lib.mkDefault true; + sops = lib.mkDefault true; + nfs = lib.mkDefault true; + nginx = lib.mkDefault true; + ssh = lib.mkDefault true; + forgejo = lib.mkDefault true; + ankisync = lib.mkDefault true; + }; }; }; }; diff --git a/programs/firefox/tridactyl/tridactylrc b/programs/firefox/tridactyl/tridactylrc index d374856..5d63b9a 100644 --- a/programs/firefox/tridactyl/tridactylrc +++ b/programs/firefox/tridactyl/tridactylrc @@ -30,30 +30,49 @@ bindurl ^http(s)?://lobste\.rs c hint -Jc [class="u-url"],[class="comments_label bindurl ^http(s)?://www\.google\.com gi composite focusinput -l ; text.end_of_line " Work -command tab_or_tabopen jsb -p (async () => { let tabs = await browser.tabs.query({}); let tab = tabs.find(t => t.url.includes(JS_ARG)); if (tab) {browser.tabs.update(tab.id, { active: true });} else {tri.excmds.tabopen(JS_ARG);}})() +command tab_or_tabopen jsb -p (async () => { + let tabs = await browser.tabs.query({}); + let tab = tabs.find(t => t.url.includes(JS_ARG)); + if (tab) { + browser.tabs.update(tab.id, { active: true }); + } else { + tri.excmds.tabopen(JS_ARG); + } +})() -bind gwa tab_or_tabopen apic-impimba-1.m.imp.ac.at -bind gwA tab_or_tabopen artifactory.imp.ac.at -bind gwb tab_or_tabopen bitbucket.vbc.ac.at -bind gwc tab_or_tabopen vbc.atlassian.net/wiki -bind gwd tab_or_tabopen datadomain-impimba-2.imp.ac.at -bind gwe tab_or_tabopen exivity.vbc.ac.at -bind gwg tab_or_tabopen github.com -bind gwG tab_or_tabopen goc.egi.eu -bind gwh tab_or_tabopen jupyterhub.vbc.ac.at -bind gwH tab_or_tabopen test-jupyterhub.vbc.ac.at -bind gwj tab_or_tabopen jenkins.vbc.ac.at -bind gwJ tab_or_tabopen test-jenkins.vbc.ac.at -bind gwl tab_or_tabopen lucid.app -bind gwm tab_or_tabopen monitoring.vbc.ac.at/grafana -bind gwM tab_or_tabopen monitoring.vbc.ac.at/prometheus -bind gwn tab_or_tabopen netbox.vbc.ac.at -bind gwN tab_or_tabopen nap.imp.ac.at -bind gwo tab_or_tabopen outlook.office.com -bind gws tab_or_tabopen satellite.vbc.ac.at -bind gwt tab_or_tabopen tower.vbc.ac.at -bind gwv tab_or_tabopen vc-impimba-1.m.imp.ac.at/ui -bind gwx tab_or_tabopen xclarity.vbc.ac.at +command tab_or_tabopen_local jsb -p (async () => { + const currentWindow = await browser.windows.getCurrent(); + const tabs = await browser.tabs.query({ windowId: currentWindow.id }); + const tab = tabs.find(t => t.url.includes(JS_ARG)); + if (tab) { + browser.tabs.update(tab.id, { active: true }); + } else { + tri.excmds.tabopen(JS_ARG); + } +})() + +bind gwa tab_or_tabopen_local apic-impimba-1.m.imp.ac.at +bind gwA tab_or_tabopen_local artifactory.imp.ac.at +bind gwb tab_or_tabopen_local bitbucket.vbc.ac.at +bind gwc tab_or_tabopen_local vbc.atlassian.net/wiki +bind gwd tab_or_tabopen_local datadomain-impimba-2.imp.ac.at +bind gwe tab_or_tabopen_local exivity.vbc.ac.at +bind gwg tab_or_tabopen_local github.com +bind gwG tab_or_tabopen_local goc.egi.eu +bind gwh tab_or_tabopen_local jupyterhub.vbc.ac.at +bind gwH tab_or_tabopen_local test-jupyterhub.vbc.ac.at +bind gwj tab_or_tabopen_local jenkins.vbc.ac.at +bind gwJ tab_or_tabopen_local test-jenkins.vbc.ac.at +bind gwl tab_or_tabopen_local lucid.app +bind gwm tab_or_tabopen_local monitoring.vbc.ac.at/grafana +bind gwM tab_or_tabopen_local monitoring.vbc.ac.at/prometheus +bind gwn tab_or_tabopen_local netbox.vbc.ac.at +bind gwN tab_or_tabopen_local nap.imp.ac.at +bind gwo tab_or_tabopen_local outlook.office.com +bind gws tab_or_tabopen_local satellite.vbc.ac.at +bind gwt tab_or_tabopen_local tower.vbc.ac.at +bind gwv tab_or_tabopen_local vc-impimba-1.m.imp.ac.at/ui +bind gwx tab_or_tabopen_local xclarity.vbc.ac.at " Search in page set findcase smart diff --git a/scripts/sshrm.sh b/scripts/sshrm.sh new file mode 100644 index 0000000..4e616c0 --- /dev/null +++ b/scripts/sshrm.sh @@ -0,0 +1,11 @@ +HISTFILE="$HOME"/.histfile + +last_ssh_cmd=$(grep -E "ssh " "$HISTFILE" | sed -E 's/^: [0-9]+:[0-9]+;//' | grep "^ssh " | tail -1) +host=$(echo "$last_ssh_cmd" | sed -E 's/.*ssh ([^@ ]+@)?([^ ]+).*/\2/') + +if [[ -n $host ]]; then + echo "Removing SSH host key for: $host" + ssh-keygen -R "$host" +else + echo "No valid SSH command found in history." +fi From cf9349168f0c6fccdbc8ecc29b20922aefc03be1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leon=20Schwarz=C3=A4ugl?= Date: Wed, 16 Apr 2025 11:02:06 +0200 Subject: [PATCH 10/13] feat: improve zsh --- SwarselSystems.org | 45 +++++++++++++++++-------------------- modules/home/common/zsh.nix | 43 +++++++++++++++++------------------ 2 files changed, 41 insertions(+), 47 deletions(-) diff --git a/SwarselSystems.org b/SwarselSystems.org index a73bec9..7843339 100644 --- a/SwarselSystems.org +++ b/SwarselSystems.org @@ -9791,7 +9791,7 @@ The theme is handled by stylix. zsh is the most convenient shell for me and it happens to be super neat to configure within home manager. Here we set some aliases (some of them should be shellApplications instead) as well as some zsh plugins like =fzf-tab=. -Concerning the shell extensions, =zle = will run an existing widget and =zle -N = will make a function available for use. The =my-= functions all remove =.= =/= and =:= from the =WORDCHARS= so that functions will stop there. +Concerning the shell extensions, =zle = will run an existing widget and =zle -N = will make a function available for use. The =my-= functions all remove =.= =/= and =:= from the =WORDCHARS= so that functions will stop there. The keycodes can be found using =showkeys -a= #+begin_src nix :tangle modules/home/common/zsh.nix { config, pkgs, lib, ... }: @@ -9854,8 +9854,8 @@ Concerning the shell extensions, =zle = will run an existing widget history = { expireDuplicatesFirst = true; path = "$HOME/.histfile"; - save = 10000; - size = 10000; + save = 100000; + size = 100000; }; historySubstringSearch = { enable = true; @@ -9870,47 +9870,44 @@ Concerning the shell extensions, =zle = will run an existing widget ]; initExtra = '' my-forward-word() { - local WORDCHARS=$WORDCHARS - WORDCHARS="''${WORDCHARS//:}" - WORDCHARS="''${WORDCHARS//\/}" - WORDCHARS="''${WORDCHARS//.}" - zle backward-word + local WORDCHARS=$WORDCHARS + WORDCHARS="''${WORDCHARS//:}" + WORDCHARS="''${WORDCHARS//\/}" + WORDCHARS="''${WORDCHARS//.}" + zle forward-word } zle -N my-forward-word # ctrl + right bindkey "^[[1;5C" my-forward-word # shift + right - bindkey "^[[1;2D" forward-word + bindkey "^[[1;2C" forward-word my-backward-word() { - local WORDCHARS=$WORDCHARS - WORDCHARS="''${WORDCHARS//:}" - WORDCHARS="''${WORDCHARS//\/}" - WORDCHARS="''${WORDCHARS//.}" - zle forward-word + local WORDCHARS=$WORDCHARS + WORDCHARS="''${WORDCHARS//:}" + WORDCHARS="''${WORDCHARS//\/}" + WORDCHARS="''${WORDCHARS//.}" + zle backward-word } zle -N my-backward-word # ctrl + left - bindkey "^[[1;5D" -mybackward-word + bindkey "^[[1;5D" my-backward-word # shift + left - bindkey "^[[1;2C" backward-word + bindkey "^[[1;2D" backward-word my-backward-delete-word() { - local WORDCHARS=$WORDCHARS - WORDCHARS="''${WORDCHARS//:}" - WORDCHARS="''${WORDCHARS//\/}" - WORDCHARS="''${WORDCHARS//.}" - zle backward-delete-word + local WORDCHARS=$WORDCHARS + WORDCHARS="''${WORDCHARS//:}" + WORDCHARS="''${WORDCHARS//\/}" + WORDCHARS="''${WORDCHARS//.}" + zle backward-delete-word } zle -N my-backward-delete-word # ctrl + del bindkey '^H' my-backward-delete-word - # shift + del - bindkey '^?' backward-delete-word - ''; }; }; diff --git a/modules/home/common/zsh.nix b/modules/home/common/zsh.nix index d1b53ac..2fcc6c7 100644 --- a/modules/home/common/zsh.nix +++ b/modules/home/common/zsh.nix @@ -58,8 +58,8 @@ in history = { expireDuplicatesFirst = true; path = "$HOME/.histfile"; - save = 10000; - size = 10000; + save = 100000; + size = 100000; }; historySubstringSearch = { enable = true; @@ -74,47 +74,44 @@ in ]; initExtra = '' my-forward-word() { - local WORDCHARS=$WORDCHARS - WORDCHARS="''${WORDCHARS//:}" - WORDCHARS="''${WORDCHARS//\/}" - WORDCHARS="''${WORDCHARS//.}" - zle backward-word + local WORDCHARS=$WORDCHARS + WORDCHARS="''${WORDCHARS//:}" + WORDCHARS="''${WORDCHARS//\/}" + WORDCHARS="''${WORDCHARS//.}" + zle forward-word } zle -N my-forward-word # ctrl + right bindkey "^[[1;5C" my-forward-word # shift + right - bindkey "^[[1;2D" forward-word + bindkey "^[[1;2C" forward-word my-backward-word() { - local WORDCHARS=$WORDCHARS - WORDCHARS="''${WORDCHARS//:}" - WORDCHARS="''${WORDCHARS//\/}" - WORDCHARS="''${WORDCHARS//.}" - zle forward-word + local WORDCHARS=$WORDCHARS + WORDCHARS="''${WORDCHARS//:}" + WORDCHARS="''${WORDCHARS//\/}" + WORDCHARS="''${WORDCHARS//.}" + zle backward-word } zle -N my-backward-word # ctrl + left - bindkey "^[[1;5D" -mybackward-word + bindkey "^[[1;5D" my-backward-word # shift + left - bindkey "^[[1;2C" backward-word + bindkey "^[[1;2D" backward-word my-backward-delete-word() { - local WORDCHARS=$WORDCHARS - WORDCHARS="''${WORDCHARS//:}" - WORDCHARS="''${WORDCHARS//\/}" - WORDCHARS="''${WORDCHARS//.}" - zle backward-delete-word + local WORDCHARS=$WORDCHARS + WORDCHARS="''${WORDCHARS//:}" + WORDCHARS="''${WORDCHARS//\/}" + WORDCHARS="''${WORDCHARS//.}" + zle backward-delete-word } zle -N my-backward-delete-word # ctrl + del bindkey '^H' my-backward-delete-word - # shift + del - bindkey '^?' backward-delete-word - ''; }; }; From e15ab08adf006ef9ef8758fb0f99b349efba177f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leon=20Schwarz=C3=A4ugl?= Date: Thu, 17 Apr 2025 11:03:15 +0200 Subject: [PATCH 11/13] refactor: full module system implemented --- SwarselSystems.org | 818 ++++++++++++++-------- checks/default.nix | 2 +- flake.lock | 192 ++--- hosts/nixos/chaostheatre/default.nix | 55 +- hosts/nixos/chaostheatre/options-home.nix | 2 + hosts/nixos/chaostheatre/options.nix | 2 + hosts/nixos/iso/default.nix | 12 +- hosts/nixos/nbl-imba-2/default.nix | 19 - hosts/nixos/sync/default.nix | 46 +- hosts/nixos/toto/default.nix | 36 +- hosts/nixos/winters/default.nix | 54 +- lib/default.nix | 27 +- modules/home/common/sharedsetup.nix | 10 +- modules/home/optional/default.nix | 7 + modules/nixos/optional/default.nix | 12 + modules/nixos/server/settings.nix | 1 + profiles/home/chaostheatre/default.nix | 44 ++ profiles/home/toto/default.nix | 12 + profiles/nixos/chaostheatre/default.nix | 55 ++ profiles/nixos/localserver/default.nix | 1 + profiles/nixos/syncserver/default.nix | 1 + profiles/nixos/toto/default.nix | 24 + programs/emacs/init.el | 17 +- scripts/swarsel-install.sh | 30 + 24 files changed, 933 insertions(+), 546 deletions(-) create mode 100644 hosts/nixos/chaostheatre/options-home.nix create mode 100644 hosts/nixos/chaostheatre/options.nix create mode 100644 modules/home/optional/default.nix create mode 100644 modules/nixos/optional/default.nix create mode 100644 profiles/home/chaostheatre/default.nix create mode 100644 profiles/home/toto/default.nix create mode 100644 profiles/nixos/chaostheatre/default.nix create mode 100644 profiles/nixos/toto/default.nix diff --git a/SwarselSystems.org b/SwarselSystems.org index 7843339..3d74d82 100644 --- a/SwarselSystems.org +++ b/SwarselSystems.org @@ -803,7 +803,6 @@ My work machine. Built for more security, this is the gold standard of my config { self, inputs, lib, primaryUser, ... }: let secretsDirectory = builtins.toString inputs.nix-secrets; - modulesPath = "${self}/modules"; sharedOptions = { isBtrfs = true; isLinux = true; @@ -823,24 +822,6 @@ My work machine. Built for more security, this is the gold standard of my config ./disk-config.nix ./hardware-configuration.nix - "${modulesPath}/nixos/optional/virtualbox.nix" - # "${modulesPath}/nixos/optional/vmware.nix" - "${modulesPath}/nixos/optional/autologin.nix" - "${modulesPath}/nixos/optional/nswitch-rcm.nix" - "${modulesPath}/nixos/optional/gaming.nix" - "${modulesPath}/nixos/optional/work.nix" - "${self}/profiles/nixos" - "${modulesPath}/nixos/server" - - inputs.home-manager.nixosModules.home-manager - { - home-manager.users."${primaryUser}".imports = [ - "${self}/profiles/home" - "${modulesPath}/home/server" - "${modulesPath}/home/optional/gaming.nix" - "${modulesPath}/home/optional/work.nix" - ]; - } ]; @@ -1217,24 +1198,20 @@ This is my main server that I run at home. It handles most tasks that require bi :CUSTOM_ID: h:8ad68406-4a75-45ba-97ad-4c310b921124 :END: #+begin_src nix :tangle hosts/nixos/winters/default.nix - { self, inputs, primaryUser, ... }: + { lib, primaryUser, ... }: let - modulesPath = "${self}/modules"; + sharedOptions = { + isBtrfs = false; + isLinux = true; + profiles = { + server.local = true; + }; + }; in { imports = [ ./hardware-configuration.nix - - "${modulesPath}/nixos/optional/autologin.nix" - "${modulesPath}/nixos/server" - - inputs.home-manager.nixosModules.home-manager - { - home-manager.users."${primaryUser}".imports = [ - "${modulesPath}/home/server" - ]; - } ]; boot = { @@ -1250,27 +1227,21 @@ This is my main server that I run at home. It handles most tasks that require bi firewall.allowedTCPPorts = [ 80 443 ]; }; - swarselsystems = { - isImpermanence = false; - isBtrfs = false; - isLinux = true; - server = { - kavita = true; - navidrome = true; - jellyfin = true; - spotifyd = true; - mpd = false; - matrix = true; - nextcloud = true; - immich = true; - paperless = true; - transmission = true; - syncthing = true; - monitoring = true; - freshrss = true; - }; - }; + swarselsystems = lib.recursiveUpdate + { + isImpermanence = false; + isSecureBoot = true; + isCrypted = true; + } + sharedOptions; + + home-manager.users."${primaryUser}" = { + home.stateVersion = lib.mkForce "23.05"; + swarselsystems = lib.recursiveUpdate + { } + sharedOptions; + }; } @@ -1441,25 +1412,16 @@ This machine mainly acts as an external sync helper. It manages the following th All of these are processes that use little cpu but can take a lot of storage. For this I use a free Ampere instance from OCI with 50G of space. In case my account gets terminated, all of this data is easily replaceable or backed up regularly anyways. #+begin_src nix :tangle hosts/nixos/sync/default.nix - { self, inputs, lib, primaryUser, ... }: + { lib, primaryUser, ... }: let - modulesPath = "${self}/modules"; + sharedOptions = { + isBtrfs = false; + isLinux = true; + }; in { imports = [ - - "${modulesPath}/nixos/server" - "${modulesPath}/nixos/common/sharedsetup.nix" - "${modulesPath}/home/common/sharedsetup.nix" ./hardware-configuration.nix - - inputs.home-manager.nixosModules.home-manager - { - home-manager.users."${primaryUser}".imports = [ - "${modulesPath}/home/server" - "${modulesPath}/home/common/sharedsetup.nix" - ]; - } ]; sops = { @@ -1494,7 +1456,7 @@ This machine mainly acts as an external sync helper. It manages the following th }; }; - # system.stateVersion = "23.11"; # TEMPLATE - but probably no need to change + system.stateVersion = "23.11"; # TEMPLATE - but probably no need to change services = { nginx = { @@ -1523,16 +1485,23 @@ This machine mainly acts as an external sync helper. It manages the following th }; }; + swarselsystems = lib.recursiveUpdate + { + flakePath = "/root/.dotfiles"; + isImpermanence = false; + isSecureBoot = false; + isCrypted = false; + profiles = { + server.sync = true; + }; + } + sharedOptions; - swarselsystems = { - isImpermanence = false; - isLinux = true; - isBtrfs = false; - flakePath = "/root/.dotfiles"; - modules.server = { - forgejo = true; - ankisync = true; - }; + home-manager.users."${primaryUser}" = { + home.stateVersion = lib.mkForce "23.05"; + swarselsystems = lib.recursiveUpdate + { } + sharedOptions; }; } @@ -1560,35 +1529,27 @@ This is a slim setup for developing base configuration. I do not track the hardw sharedOptions = { isBtrfs = true; isLinux = true; + profiles = { + toto = true; + }; }; in { imports = [ - "${self}/hosts/nixos/toto/disk-config.nix" + ./disk-config.nix ./hardware-configuration.nix - "${modulesPath}/nixos/optional/autologin.nix" - "${modulesPath}/nixos/common/settings.nix" "${modulesPath}/nixos/common/sharedsetup.nix" - "${modulesPath}/nixos/common/home-manager.nix" - "${modulesPath}/nixos/common/home-manager-extra.nix" - "${modulesPath}/nixos/common/xserver.nix" - "${modulesPath}/nixos/common/users.nix" - "${modulesPath}/nixos/common/impermanence.nix" - "${modulesPath}/nixos/common/lanzaboote.nix" - "${modulesPath}/nixos/common/sops.nix" - "${modulesPath}/nixos/server/ssh.nix" "${modulesPath}/home/common/sharedsetup.nix" + "${self}/profiles/nixos" inputs.home-manager.nixosModules.home-manager { home-manager.users."${primaryUser}".imports = [ inputs.sops-nix.homeManagerModules.sops - "${modulesPath}/home/common/settings.nix" - "${modulesPath}/home/common/sops.nix" - "${modulesPath}/home/common/ssh.nix" "${modulesPath}/home/common/sharedsetup.nix" + "${self}/profiles/home" ]; } ]; @@ -1632,13 +1593,15 @@ This is a slim setup for developing base configuration. I do not track the hardw } sharedOptions; - home-manager.users."${primaryUser}".swarselsystems = lib.recursiveUpdate - { - isLaptop = false; - isNixos = true; - } - sharedOptions; - + home-manager.users."${primaryUser}" = { + home.stateVersion = lib.mkForce "23.05"; + swarselsystems = lib.recursiveUpdate + { + isLaptop = false; + isNixos = true; + } + sharedOptions; + }; } @@ -1830,12 +1793,16 @@ Also, an initial bash history is provided to allow for a very quick local deploy } ]; - home-manager.users."${primaryUser}".home = { - file = { - ".bash_history" = { - source = self + /programs/bash/.bash_history; + home-manager.users."${primaryUser}" = { + home = { + stateVersion = "23.05"; + file = { + ".bash_history" = { + source = self + /programs/bash/.bash_history; + }; }; }; + swarselsystems.modules.general = lib.mkForce true; }; home-manager.users.root.home = { stateVersion = "23.05"; @@ -1981,12 +1948,19 @@ This is the "reference implementation" of a setup that runs without NixOS, only This is just a demo host. It applies all the configuration found in the common parts of the flake, but disables all secrets-related features (as they would not work without the proper SSH keys). I also set the =WLR_RENDERER_ALLOW_SOFTWARE=1= to allow this configuration to run in a virtualized environment. I also enable =qemuGuest= for a smoother experience when testing on QEMU. - +***** Main configuration #+begin_src nix :tangle hosts/nixos/chaostheatre/default.nix - { self, config, pkgs, lib, primaryUser, ... }: + { self, inputs, config, pkgs, lib, primaryUser, ... }: let - modulesPath = "${self}/modules"; + sharedOptions = { + isBtrfs = false; + isLinux = true; + isPublic = true; + profiles = { + chaostheatre = true; + }; + }; in { @@ -1996,7 +1970,15 @@ I also set the =WLR_RENDERER_ALLOW_SOFTWARE=1= to allow this configuration to ru { _module.args.diskDevice = config.swarselsystems.rootDisk; } - "${modulesPath}/nixos/optional/autologin.nix" + "${self}/hosts/nixos/chaostheatre/options.nix" + inputs.home-manager.nixosModules.home-manager + { + home-manager.users."${primaryUser}".imports = [ + "${self}/modules/home/common/settings.nix" + "${self}/hosts/nixos/chaostheatre/options-home.nix" + "${self}/modules/home/common/sharedsetup.nix" + ]; + } ]; environment.variables = { @@ -2017,28 +1999,50 @@ I also set the =WLR_RENDERER_ALLOW_SOFTWARE=1= to allow this configuration to ru }; - swarselsystems = { - wallpaper = self + /wallpaper/lenovowp.png; - initialSetup = true; - isPublic = true; - isLinux = true; - isImpermanence = true; - isCrypted = true; - isSecureBoot = false; - isSwap = true; - swapSize = "4G"; - rootDisk = "/dev/vda"; - }; + swarselsystems = lib.recursiveUpdate + { + wallpaper = self + /wallpaper/lenovowp.png; + initialSetup = true; + isImpermanence = true; + isCrypted = true; + isSecureBoot = false; + isSwap = true; + swapSize = "4G"; + rootDisk = "/dev/vda"; + } + sharedOptions; - home-manager.users."${primaryUser}".swarselsystems = { - isNixos = true; - isPublic = true; + home-manager.users."${primaryUser}" = { + home.stateVersion = lib.mkForce "23.05"; + swarselsystems = lib.recursiveUpdate + { + isNixos = true; + } + sharedOptions; }; } #+end_src +***** NixOS dummy options configuration + +#+begin_src nix :tangle hosts/nixos/chaostheatre/options.nix + _: + { + } + +#+end_src + +***** home-manager dummy options configuration + +#+begin_src nix :tangle hosts/nixos/chaostheatre/options-home.nix + _: + { + } + +#+end_src + ** Additions and modifications :PROPERTIES: :CUSTOM_ID: h:ab272ab4-3c93-48b1-8f1e-f710aa9aae5d @@ -3163,189 +3167,221 @@ This program sets up a new NixOS host remotely. It also takes care of secret man :CUSTOM_ID: h:fbd8aaf2-9dca-4ca3-aca1-19d0d188a435 :END: +Autoformatting always puts the =EOF= with indentation, which makes shfmt check fail. When editing this block, unindent them manually. + #+begin_src shell :tangle scripts/swarsel-install.sh - set -eo pipefail +set -eo pipefail - target_config="chaostheatre" - target_hostname="chaostheatre" - target_user="swarsel" - persist_dir="" - target_disk="/dev/vda" - disk_encryption=0 +target_config="chaostheatre" +target_hostname="chaostheatre" +target_user="swarsel" +persist_dir="" +target_disk="/dev/vda" +disk_encryption=0 - function help_and_exit() { - echo - echo "Locally installs SwarselSystem on this machine." - echo - echo "USAGE: $0 -n -d [OPTIONS]" - echo - echo "ARGS:" - echo " -n specify the nixos config to deploy." - echo " Default: chaostheatre" - echo " -d specify disk to install on." - echo " Default: /dev/vda" - echo " -u specify user to deploy for." - echo " Default: swarsel" - echo " -h | --help Print this help." - exit 0 - } +function help_and_exit() { + echo + echo "Locally installs SwarselSystem on this machine." + echo + echo "USAGE: $0 -n -d [OPTIONS]" + echo + echo "ARGS:" + echo " -n specify the nixos config to deploy." + echo " Default: chaostheatre" + echo " -d specify disk to install on." + echo " Default: /dev/vda" + echo " -u specify user to deploy for." + echo " Default: swarsel" + echo " -h | --help Print this help." + exit 0 +} - function red() { - echo -e "\x1B[31m[!] $1 \x1B[0m" - if [ -n "${2-}" ]; then - echo -e "\x1B[31m[!] $($2) \x1B[0m" - fi - } - function green() { - echo -e "\x1B[32m[+] $1 \x1B[0m" - if [ -n "${2-}" ]; then - echo -e "\x1B[32m[+] $($2) \x1B[0m" - fi - } - function yellow() { - echo -e "\x1B[33m[*] $1 \x1B[0m" - if [ -n "${2-}" ]; then - echo -e "\x1B[33m[*] $($2) \x1B[0m" - fi - } +function red() { + echo -e "\x1B[31m[!] $1 \x1B[0m" + if [ -n "${2-}" ]; then + echo -e "\x1B[31m[!] $($2) \x1B[0m" + fi +} +function green() { + echo -e "\x1B[32m[+] $1 \x1B[0m" + if [ -n "${2-}" ]; then + echo -e "\x1B[32m[+] $($2) \x1B[0m" + fi +} +function yellow() { + echo -e "\x1B[33m[*] $1 \x1B[0m" + if [ -n "${2-}" ]; then + echo -e "\x1B[33m[*] $($2) \x1B[0m" + fi +} - while [[ $# -gt 0 ]]; do - case "$1" in - -n) - shift - target_config=$1 - target_hostname=$1 - ;; - -u) - shift - target_user=$1 - ;; - -d) - shift - target_disk=$1 - ;; - -h | --help) help_and_exit ;; - ,*) - echo "Invalid option detected." - help_and_exit - ;; - esac - shift - done +while [[ $# -gt 0 ]]; do + case "$1" in + -n) + shift + target_config=$1 + target_hostname=$1 + ;; + -u) + shift + target_user=$1 + ;; + -d) + shift + target_disk=$1 + ;; + -h | --help) help_and_exit ;; + ,*) + echo "Invalid option detected." + help_and_exit + ;; + esac + shift +done - function cleanup() { - sudo rm -rf .cache/nix - sudo rm -rf /root/.cache/nix - } - trap cleanup exit +function cleanup() { + sudo rm -rf .cache/nix + sudo rm -rf /root/.cache/nix +} +trap cleanup exit - green "~SwarselSystems~ local installer" +green "~SwarselSystems~ local installer" - cd /home/"$target_user" +cd /home/"$target_user" - sudo rm -rf /root/.cache/nix - sudo rm -rf .cache/nix - sudo rm -rf .dotfiles +sudo rm -rf /root/.cache/nix +sudo rm -rf .cache/nix +sudo rm -rf .dotfiles - green "Cloning repository from GitHub" - git clone https://github.com/Swarsel/.dotfiles.git +green "Cloning repository from GitHub" +git clone https://github.com/Swarsel/.dotfiles.git - local_keys=$(ssh-add -L || true) - pub_key=$(cat /home/"$target_user"/.dotfiles/secrets/keys/ssh/yubikey.pub) - read -ra pub_arr <<< "$pub_key" +local_keys=$(ssh-add -L || true) +pub_key=$(cat /home/"$target_user"/.dotfiles/secrets/keys/ssh/yubikey.pub) +read -ra pub_arr <<< "$pub_key" - cd .dotfiles - if [[ $local_keys != *"${pub_arr[1]}"* ]]; then - yellow "The ssh key for this configuration is not available." - green "Adjusting flake.nix so that the configuration is buildable ..." - sed -i '/nix-secrets = {/,/^[[:space:]]*};/d' flake.nix - sed -i '/vbc-nix = {/,/^[[:space:]]*};/d' flake.nix - sed -i '/[[:space:]]*\/\/ (inputs.vbc-nix.overlays.default final prev)/d' overlays/default.nix - rm modules/home/common/env.nix - rm modules/home/common/gammastep.nix - rm modules/home/common/git.nix - rm modules/home/common/mail.nix - rm modules/home/common/yubikey.nix - rm modules/nixos/common/home-manager-extra.nix - nix flake update vbc-nix - git add . - else - green "Valid SSH key found! Continuing with installation" - fi +cd .dotfiles +if [[ $local_keys != *"${pub_arr[1]}"* ]]; then + yellow "The ssh key for this configuration is not available." + green "Adjusting flake.nix so that the configuration is buildable ..." + sed -i '/nix-secrets = {/,/^[[:space:]]*};/d' flake.nix + sed -i '/vbc-nix = {/,/^[[:space:]]*};/d' flake.nix + sed -i '/[[:space:]]*\/\/ (inputs.vbc-nix.overlays.default final prev)/d' overlays/default.nix + rm modules/home/common/env.nix + rm modules/home/common/gammastep.nix + rm modules/home/common/git.nix + rm modules/home/common/mail.nix + rm modules/home/common/yubikey.nix + rm modules/nixos/common/home-manager-extra.nix + rm -rf modules/nixos/server + rm -rf modules/home/server + cat > hosts/nixos/chaostheatre/options.nix << EOF + { self, lib, ... }: + { + options = { + swarselsystems = { + modules = { + home-managerExtra = lib.mkEnableOption "dummy option for chaostheatre"; + }; + }; + }; + } +EOF + cat > hosts/nixos/chaostheatre/options-home.nix << EOF + { self, lib, ... }: + { + options = { + swarselsystems = { + modules = { + yubikey = lib.mkEnableOption "dummy option for chaostheatre"; + env = lib.mkEnableOption "dummy option for chaostheatre"; + git = lib.mkEnableOption "dummy option for chaostheatre"; + mail = lib.mkEnableOption "dummy option for chaostheatre"; + gammastep = lib.mkEnableOption "dummy option for chaostheatre"; + }; + }; + }; + } +EOF + nix flake update vbc-nix + git add . +else + green "Valid SSH key found! Continuing with installation" +fi - green "Reading system information for $target_config ..." - DISK="$(nix eval --raw ~/.dotfiles#nixosConfigurations."$target_hostname".config.swarselsystems.rootDisk)" - green "Root Disk in config: $DISK - Root Disk passed in cli: $target_disk" +green "Reading system information for $target_config ..." +DISK="$(nix eval --raw ~/.dotfiles#nixosConfigurations."$target_hostname".config.swarselsystems.rootDisk)" +green "Root Disk in config: $DISK - Root Disk passed in cli: $target_disk" - CRYPTED="$(nix eval ~/.dotfiles#nixosConfigurations."$target_hostname".config.swarselsystems.isCrypted)" - if [[ $CRYPTED == "true" ]]; then - green "Encryption: ✓" - disk_encryption=1 - else - red "Encryption: X" - disk_encryption=0 - fi +CRYPTED="$(nix eval ~/.dotfiles#nixosConfigurations."$target_hostname".config.swarselsystems.isCrypted)" +if [[ $CRYPTED == "true" ]]; then + green "Encryption: ✓" + disk_encryption=1 +else + red "Encryption: X" + disk_encryption=0 +fi - IMPERMANENCE="$(nix eval ~/.dotfiles#nixosConfigurations."$target_hostname".config.swarselsystems.isImpermanence)" - if [[ $IMPERMANENCE == "true" ]]; then - green "Impermanence: ✓" - persist_dir="/persist" - else - red "Impermanence: X" - persist_dir="" - fi +IMPERMANENCE="$(nix eval ~/.dotfiles#nixosConfigurations."$target_hostname".config.swarselsystems.isImpermanence)" +if [[ $IMPERMANENCE == "true" ]]; then + green "Impermanence: ✓" + persist_dir="/persist" +else + red "Impermanence: X" + persist_dir="" +fi - SWAP="$(nix eval ~/.dotfiles#nixosConfigurations."$target_hostname".config.swarselsystems.isSwap)" - if [[ $SWAP == "true" ]]; then - green "Swap: ✓" - else - red "Swap: X" - fi +SWAP="$(nix eval ~/.dotfiles#nixosConfigurations."$target_hostname".config.swarselsystems.isSwap)" +if [[ $SWAP == "true" ]]; then + green "Swap: ✓" +else + red "Swap: X" +fi - SECUREBOOT="$(nix eval ~/.dotfiles#nixosConfigurations."$target_hostname".config.swarselsystems.isSecureBoot)" - if [[ $SECUREBOOT == "true" ]]; then - green "Secure Boot: ✓" - else - red "Secure Boot: X" - fi +SECUREBOOT="$(nix eval ~/.dotfiles#nixosConfigurations."$target_hostname".config.swarselsystems.isSecureBoot)" +if [[ $SECUREBOOT == "true" ]]; then + green "Secure Boot: ✓" +else + red "Secure Boot: X" +fi - if [ "$disk_encryption" -eq 1 ]; then - while true; do - green "Set disk encryption passphrase:" - read -rs luks_passphrase - green "Please confirm passphrase:" - read -rs luks_passphrase_confirm - if [[ $luks_passphrase == "$luks_passphrase_confirm" ]]; then - echo "$luks_passphrase" > /tmp/disko-password - break - else - red "Passwords do not match" - fi - done - fi +if [ "$disk_encryption" -eq 1 ]; then + while true; do + green "Set disk encryption passphrase:" + read -rs luks_passphrase + green "Please confirm passphrase:" + read -rs luks_passphrase_confirm + if [[ $luks_passphrase == "$luks_passphrase_confirm" ]]; then + echo "$luks_passphrase" > /tmp/disko-password + break + else + red "Passwords do not match" + fi + done +fi - green "Setting up disk ..." - if [[ $target_config == "chaostheatre" ]]; then - sudo nix --experimental-features "nix-command flakes" run github:nix-community/disko/v1.10.0 -- --mode destroy,format,mount --flake .#"$target_config" --yes-wipe-all-disks --arg diskDevice "$target_disk" - else - sudo nix --experimental-features "nix-command flakes" run github:nix-community/disko/latest -- --mode destroy,format,mount --flake .#"$target_config" --yes-wipe-all-disks - fi - sudo mkdir -p /mnt/"$persist_dir"/home/"$target_user"/ - sudo cp -r /home/"$target_user"/.dotfiles /mnt/"$persist_dir"/home/"$target_user"/ - sudo chown -R 1000:100 /mnt/"$persist_dir"/home/"$target_user" +green "Setting up disk ..." +if [[ $target_config == "chaostheatre" ]]; then + sudo nix --experimental-features "nix-command flakes" run github:nix-community/disko/v1.10.0 -- --mode destroy,format,mount --flake .#"$target_config" --yes-wipe-all-disks --arg diskDevice "$target_disk" +else + sudo nix --experimental-features "nix-command flakes" run github:nix-community/disko/latest -- --mode destroy,format,mount --flake .#"$target_config" --yes-wipe-all-disks +fi +sudo mkdir -p /mnt/"$persist_dir"/home/"$target_user"/ +sudo cp -r /home/"$target_user"/.dotfiles /mnt/"$persist_dir"/home/"$target_user"/ +sudo chown -R 1000:100 /mnt/"$persist_dir"/home/"$target_user" - green "Generating hardware configuration ..." - sudo nixos-generate-config --root /mnt --no-filesystems --dir /home/"$target_user"/.dotfiles/hosts/nixos/"$target_config"/ +green "Generating hardware configuration ..." +sudo nixos-generate-config --root /mnt --no-filesystems --dir /home/"$target_user"/.dotfiles/hosts/nixos/"$target_config"/ - green "Injecting initialSetup ..." - sudo sed -i '/ boot.extraModulePackages /a \ swarselsystems.initialSetup = true;' /home/"$target_user"/.dotfiles/hosts/nixos/"$target_config"/hardware-configuration.nix +green "Injecting initialSetup ..." +sudo sed -i '/ boot.extraModulePackages /a \ swarselsystems.initialSetup = true;' /home/"$target_user"/.dotfiles/hosts/nixos/"$target_config"/hardware-configuration.nix - git add /home/"$target_user"/.dotfiles/hosts/nixos/"$target_config"/hardware-configuration.nix - sudo mkdir -p /root/.local/share/nix/ - printf '{\"extra-substituters\":{\"https://nix-community.cachix.org\":true,\"https://nix-community.cachix.org https://cache.ngi0.nixos.org/\":true},\"extra-trusted-public-keys\":{\"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=\":true,\"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs= cache.ngi0.nixos.org-1:KqH5CBLNSyX184S9BKZJo1LxrxJ9ltnY2uAs5c/f1MA=\":true}}' | sudo tee /root/.local/share/nix/trusted-settings.json > /dev/null - green "Installing flake $target_config" - sudo nixos-install --flake .#"$target_config" - green "Installation finished! Reboot to see changes" +git add /home/"$target_user"/.dotfiles/hosts/nixos/"$target_config"/hardware-configuration.nix +sudo mkdir -p /root/.local/share/nix/ +printf '{\"extra-substituters\":{\"https://nix-community.cachix.org\":true,\"https://nix-community.cachix.org https://cache.ngi0.nixos.org/\":true},\"extra-trusted-public-keys\":{\"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=\":true,\"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs= cache.ngi0.nixos.org-1:KqH5CBLNSyX184S9BKZJo1LxrxJ9ltnY2uAs5c/f1MA=\":true}}' | sudo tee /root/.local/share/nix/trusted-settings.json > /dev/null +green "Installing flake $target_config" +sudo nixos-install --flake .#"$target_config" +green "Installation finished! Reboot to see changes" #+end_src @@ -3907,6 +3943,97 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a #+end_src +***** Chaostheatre + +#+begin_src nix :tangle profiles/nixos/chaostheatre/default.nix :mkdirp yes + { lib, config, ... }: + { + options.swarselsystems.profiles.chaostheatre = lib.mkEnableOption "is this a chaostheatre host"; + config = lib.mkIf config.swarselsystems.profiles.chaostheatre { + swarselsystems.modules = { + packages = lib.mkDefault true; + general = lib.mkDefault true; + home-manager = lib.mkDefault true; + home-managerExtra = lib.mkDefault false; + xserver = lib.mkDefault true; + users = lib.mkDefault true; + env = lib.mkDefault true; + security = lib.mkDefault true; + gc = lib.mkDefault true; + storeOptimize = lib.mkDefault true; + systemdTimeout = lib.mkDefault true; + hardware = lib.mkDefault true; + pulseaudio = lib.mkDefault true; + pipewire = lib.mkDefault true; + network = lib.mkDefault true; + time = lib.mkDefault true; + commonSops = lib.mkDefault true; + stylix = lib.mkDefault true; + programs = lib.mkDefault true; + zsh = lib.mkDefault true; + syncthing = lib.mkDefault true; + blueman = lib.mkDefault true; + networkDevices = lib.mkDefault true; + gvfs = lib.mkDefault true; + interceptionTools = lib.mkDefault true; + ppd = lib.mkDefault true; + yubikey = lib.mkDefault true; + ledger = lib.mkDefault true; + keyboards = lib.mkDefault true; + login = lib.mkDefault true; + nix-ld = lib.mkDefault true; + impermanence = lib.mkDefault true; + nvd = lib.mkDefault true; + gnome-keyring = lib.mkDefault true; + sway = lib.mkDefault true; + xdg-portal = lib.mkDefault true; + distrobox = lib.mkDefault true; + appimage = lib.mkDefault true; + lid = lib.mkDefault true; + lowBattery = lib.mkDefault true; + lanzaboote = lib.mkDefault true; + + optional = { + autologin = lib.mkDefault true; + }; + }; + + }; + + } + +#+end_src + +***** toto + +#+begin_src nix :tangle profiles/nixos/toto/default.nix :mkdirp yes + { lib, config, ... }: + { + options.swarselsystems.profiles.toto = lib.mkEnableOption "is this a toto (setup) host"; + config = lib.mkIf config.swarselsystems.profiles.toto { + swarselsystems.modules = { + general = lib.mkDefault true; + home-manager = lib.mkDefault true; + home-managerExtra = lib.mkDefault true; + xserver = lib.mkDefault true; + users = lib.mkDefault true; + commonSops = lib.mkDefault true; + impermanence = lib.mkDefault true; + lanzaboote = lib.mkDefault true; + server = { + ssh = lib.mkDefault true; + }; + optional = { + autologin = lib.mkDefault true; + }; + }; + + }; + + } + +#+end_src + ***** Work #+begin_src nix :tangle profiles/nixos/work/default.nix :mkdirp yes @@ -3935,6 +4062,7 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a config = lib.mkIf config.swarselsystems.profiles.server.local { swarselsystems = { modules = { + general = lib.mkDefault true; nix-ld = lib.mkDefault true; home-manager = lib.mkDefault true; home-managerExtra = lib.mkDefault true; @@ -3981,6 +4109,7 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a config = lib.mkIf config.swarselsystems.profiles.server.sync { swarselsystems = { modules = { + general = lib.mkDefault true; nix-ld = lib.mkDefault true; home-manager = lib.mkDefault true; home-managerExtra = lib.mkDefault true; @@ -4077,6 +4206,74 @@ This holds modules that are to be used on most hosts. These are also the most im #+end_src +***** Chaostheatre + +#+begin_src nix :tangle profiles/home/chaostheatre/default.nix :mkdirp yes + { lib, config, ... }: + { + options.swarselsystems.profiles.chaostheatre = lib.mkEnableOption "is this a chaostheatre host"; + config = lib.mkIf config.swarselsystems.profiles.chaostheatre { + swarselsystems.modules = { + packages = lib.mkDefault true; + ownpackages = lib.mkDefault true; + general = lib.mkDefault true; + nixgl = lib.mkDefault true; + sops = lib.mkDefault true; + yubikey = lib.mkDefault false; + ssh = lib.mkDefault true; + stylix = lib.mkDefault true; + desktop = lib.mkDefault true; + symlink = lib.mkDefault true; + env = lib.mkDefault false; + programs = lib.mkDefault true; + nix-index = lib.mkDefault true; + direnv = lib.mkDefault true; + eza = lib.mkDefault true; + git = lib.mkDefault false; + fuzzel = lib.mkDefault true; + starship = lib.mkDefault true; + kitty = lib.mkDefault true; + zsh = lib.mkDefault true; + zellij = lib.mkDefault true; + tmux = lib.mkDefault true; + mail = lib.mkDefault false; + emacs = lib.mkDefault true; + waybar = lib.mkDefault true; + firefox = lib.mkDefault true; + gnome-keyring = lib.mkDefault true; + kdeconnect = lib.mkDefault true; + mako = lib.mkDefault true; + swayosd = lib.mkDefault true; + yubikeytouch = lib.mkDefault true; + sway = lib.mkDefault true; + kanshi = lib.mkDefault true; + gpgagent = lib.mkDefault true; + gammastep = lib.mkDefault false; + }; + }; + + } + +#+end_src + +***** toto + +#+begin_src nix :tangle profiles/home/toto/default.nix :mkdirp yes + { lib, config, ... }: + { + options.swarselsystems.profiles.toto = lib.mkEnableOption "is this a toto (setup) host"; + config = lib.mkIf config.swarselsystems.profiles.toto { + swarselsystems.modules = { + general = lib.mkDefault true; + sops = lib.mkDefault true; + ssh = lib.mkDefault true; + }; + }; + + } + +#+end_src + ***** Work #+begin_src nix :tangle profiles/home/work/default.nix :mkdirp yes @@ -4205,38 +4402,41 @@ TODO _module.args.primaryUser = linuxUser; } ] ++ - (if (host == "toto" || host == "iso") then [ ] else + (if (host == "iso") then [ ] else ([ # put nixos imports here that are for all servers and normal hosts inputs.nix-topology.nixosModules.default - ] ++ - (if (host == "winters" || host == "sync") then [ ] else [ - # put nixos imports here that are for all normal hosts "${self}/modules/${type}/common" inputs.stylix.nixosModules.stylix inputs.nswitch-rcm-nix.nixosModules.nswitch-rcm - ]) ++ (if (type == "nixos") then [ + ] ++ (if (type == "nixos") then [ inputs.home-manager.nixosModules.home-manager + "${self}/profiles/nixos" + "${self}/modules/nixos/server" + "${self}/modules/nixos/optional" { - home-manager.users."${linuxUser}".imports = ( - if (host == "winters" || host == "sync") then [ ] else [ - # put home-manager imports here that are for all normal hosts - "${self}/modules/home/common" - ] - ) ++ [ - # put home-manager imports here that are for all servers and normal hosts + home-manager.users."${linuxUser}".imports = [ + # put home-manager imports here that are for all normal hosts inputs.sops-nix.homeManagerModules.sops inputs.nix-index-database.hmModules.nix-index + "${self}/modules/home/common" + "${self}/modules/home/server" + "${self}/modules/home/optional" + "${self}/profiles/home" ]; } ] else [ # put nixos imports here that are for darwin hosts "${self}/modules/darwin/nixos/common" + "${self}/profiles/darwin" inputs.home-manager.darwinModules.home-manager { home-manager.users."${macUser}".imports = [ # put home-manager imports here that are for darwin hosts "${self}/modules/darwin/home" + "${self}/modules/home/server" + "${self}/modules/home/optional" + "${self}/profiles/home" ]; } ]) @@ -6210,6 +6410,7 @@ Here we just define some aliases for rebuilding the system, and we allow some in }; }; config = lib.mkIf config.swarselsystems.modules.server.general { + environment.shellAliases = lib.recursiveUpdate { npswitch = "cd ${flakePath}; git pull; sudo nixos-rebuild --flake .#$(hostname) switch; cd -;"; @@ -8646,9 +8847,9 @@ Set in firefox =about:config > toolkit.legacyUserProfileCustomizations.styleshee search = { # default = "Kagi"; - default = "Google"; + default = "google"; # privateDefault = "Kagi"; - privateDefault = "Google"; + privateDefault = "google"; engines = { "Kagi" = { urls = [{ @@ -8657,7 +8858,7 @@ Set in firefox =about:config > toolkit.legacyUserProfileCustomizations.styleshee { name = "q"; value = "{searchTerms}"; } ]; }]; - iconUpdateURL = "https://kagi.com/favicon.ico"; + icon = "https://kagi.com/favicon.ico"; updateInterval = 24 * 60 * 60 * 1000; # every day definedAliases = [ "@k" ]; }; @@ -8678,7 +8879,7 @@ Set in firefox =about:config > toolkit.legacyUserProfileCustomizations.styleshee urls = [{ template = "https://nixos.wiki/index.php?search={searchTerms}"; }]; - iconUpdateURL = "https://nixos.wiki/favicon.png"; + icon = "https://nixos.wiki/favicon.png"; updateInterval = 24 * 60 * 60 * 1000; # every day definedAliases = [ "@nw" ]; }; @@ -8707,7 +8908,7 @@ Set in firefox =about:config > toolkit.legacyUserProfileCustomizations.styleshee definedAliases = [ "@hm" "@ho" "@hmo" ]; }; - "Google".metaData.alias = "@g"; + "google".metaData.alias = "@g"; }; force = true; # this is required because otherwise the search.json.mozlz4 symlink gets replaced on every firefox restart }; @@ -12412,10 +12613,12 @@ Used here: [[#h:877c9401-a354-4e44-a235-db1a90d19e00][General org-mode]] #+begin_src emacs-lisp - (defun swarsel/org-mode-setup () - (variable-pitch-mode 1) - (add-hook 'org-tab-first-hook 'org-end-of-line) - (visual-line-mode 1)) + (defun swarsel/org-mode-setup () + (variable-pitch-mode 1) + (add-hook 'org-tab-first-hook 'org-end-of-line) + (org-indent-mode) + (visual-line-mode 1) + (org-mode)) #+end_src **** org-mode: Visual-fill column @@ -13603,6 +13806,7 @@ This part of the configuration mostly makes some aesthetic changes, enables neat (use-package org ;;:diminish (org-indent-mode) :hook (org-mode . swarsel/org-mode-setup) + ;; :mode "\\.nix\\'" :bind (("C-" . org-fold-outer) ("C-c s" . org-store-link)) @@ -14751,12 +14955,12 @@ Dirvish is an improvement upon the dired-framework and has more features like fi :config (dirvish-peek-mode) (dirvish-side-follow-mode) - (setq dirvish-open-with-programs - (append dirvish-open-with-programs '( - (("xlsx" "docx" "doc" "odt" "ods") "libreoffice" "%f") - (("jpg" "jpeg" "png") "imv" "%f") - (("pdf") "sioyek" "%f") - (("xopp") "xournalpp" "%f")))) + ;; (setq dirvish-open-with-programs + ;; (append dirvish-open-with-programs '( + ;; (("xlsx" "docx" "doc" "odt" "ods") "libreoffice" "%f") + ;; (("jpg" "jpeg" "png") "imv" "%f") + ;; (("pdf") "sioyek" "%f") + ;; (("xopp") "xournalpp" "%f")))) :custom (delete-by-moving-to-trash t) (dired-listing-switches diff --git a/checks/default.nix b/checks/default.nix index bc7b41c..4830423 100644 --- a/checks/default.nix +++ b/checks/default.nix @@ -12,7 +12,7 @@ detect-private-keys.enable = true; end-of-file-fixer.enable = true; fix-byte-order-marker.enable = true; - flake-checker.enable = false; + flake-checker.enable = true; forbid-new-submodules.enable = true; mixed-line-endings.enable = true; nixpkgs-fmt.enable = true; diff --git a/flake.lock b/flake.lock index f33e468..c4b3ad4 100644 --- a/flake.lock +++ b/flake.lock @@ -84,11 +84,11 @@ }, "crane_2": { "locked": { - "lastModified": 1739053031, - "narHash": "sha256-LrMDRuwAlRFD2T4MgBSRd1s2VtOE+Vl1oMCNu3RpPE0=", + "lastModified": 1743700120, + "narHash": "sha256-8BjG/P0xnuCyVOXlYRwdI1B8nVtyYLf3oDwPSimqREY=", "owner": "ipetkov", "repo": "crane", - "rev": "112e6591b2d6313b1bd05a80a754a8ee42432a7e", + "rev": "e316f19ee058e6db50075115783be57ac549c389", "type": "github" }, "original": { @@ -125,11 +125,11 @@ ] }, "locked": { - "lastModified": 1741684000, - "narHash": "sha256-NQykaWIrn5zilncefIvW4jPQ76YMXVK/dMTzkSVDmdk=", + "lastModified": 1744145203, + "narHash": "sha256-I2oILRiJ6G+BOSjY+0dGrTPe080L3pbKpc+gCV3Nmyk=", "owner": "nix-community", "repo": "disko", - "rev": "2db1d64fc084b1d15e3871dffc02c62a94ed6ed7", + "rev": "76c0a6dba345490508f36c1aa3c7ba5b6b460989", "type": "github" }, "original": { @@ -146,11 +146,11 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1741710368, - "narHash": "sha256-P9Qt8QQC6cFssiIvNEmj8BabRZS7EWMqCrA3oNj70x4=", + "lastModified": 1744770066, + "narHash": "sha256-zzcONhPfZpJSla9Yzl/tFHxGecLXaLgOBicYl0W0Kl8=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "2695d53827b4200a195f932a5beb47fe5f9e3213", + "rev": "fd7813213109317254eeb74ff07ac6bf32c7d56b", "type": "github" }, "original": { @@ -162,11 +162,11 @@ "firefox-gnome-theme": { "flake": false, "locked": { - "lastModified": 1741628778, - "narHash": "sha256-RsvHGNTmO2e/eVfgYK7g+eYEdwwh7SbZa+gZkT24MEA=", + "lastModified": 1743774811, + "narHash": "sha256-oiHLDHXq7ymsMVYSg92dD1OLnKLQoU/Gf2F1GoONLCE=", "owner": "rafaelmardojai", "repo": "firefox-gnome-theme", - "rev": "5a81d390bb64afd4e81221749ec4bffcbeb5fa80", + "rev": "df53a7a31872faf5ca53dd0730038a62ec63ca9e", "type": "github" }, "original": { @@ -446,11 +446,11 @@ ] }, "locked": { - "lastModified": 1741868525, - "narHash": "sha256-jikLF3o6cmIwTq3BNE1KZADzL/OprjACoVkrJEKf8hQ=", + "lastModified": 1743661097, + "narHash": "sha256-ZSx9BdbW+/4k3Pmecl7ZhpHXnpreuAgYxrRaJC8VmuU=", "owner": "TamtamHero", "repo": "fw-fanctrl", - "rev": "f97a5e9447c6def10f097d8dbd449ebb4e3ed253", + "rev": "473575cd1753cb4ec429ea085975e48d32970894", "type": "github" }, "original": { @@ -473,11 +473,11 @@ ] }, "locked": { - "lastModified": 1741379162, - "narHash": "sha256-srpAbmJapkaqGRE3ytf3bj4XshspVR5964OX5LfjDWc=", + "lastModified": 1742649964, + "narHash": "sha256-DwOTp7nvfi8mRfuL1escHDXabVXFGT1VlPD1JHrtrco=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "b5a62751225b2f62ff3147d0a334055ebadcd5cc", + "rev": "dcf5072734cb576d2b0c59b2ac44f5050b5eac82", "type": "github" }, "original": { @@ -597,11 +597,11 @@ ] }, "locked": { - "lastModified": 1741701235, - "narHash": "sha256-gBlb8R9gnjUAT5XabJeel3C2iEUiBHx3+91651y3Sqo=", + "lastModified": 1744735751, + "narHash": "sha256-OPpfgL3qUIbQdbmp1/ZwnlsuTLooHN4or0EABnZTFRY=", "owner": "nix-community", "repo": "home-manager", - "rev": "c630dfa8abcc65984cc1e47fb25d4552c81dd37e", + "rev": "db7738e67a101ad945abbcb447e1310147afaf1b", "type": "github" }, "original": { @@ -639,11 +639,11 @@ ] }, "locked": { - "lastModified": 1741635347, - "narHash": "sha256-2aYfV44h18alHXopyfL4D9GsnpE5XlSVkp4MGe586VU=", + "lastModified": 1743869639, + "narHash": "sha256-Xhe3whfRW/Ay05z9m1EZ1/AkbV1yo0tm1CbgjtCi4rQ=", "owner": "nix-community", "repo": "home-manager", - "rev": "7fb8678716c158642ac42f9ff7a18c0800fea551", + "rev": "d094c6763c6ddb860580e7d3b4201f8f496a6836", "type": "github" }, "original": { @@ -697,11 +697,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1740094523, - "narHash": "sha256-vGxTGexcKN8BVunczdqps1dbu0khOFp0++Gvip9QZJ8=", + "lastModified": 1744704014, + "narHash": "sha256-UGq8nYSq/feyP0bUjd88jHXA7wJMaSPbtRByp7ZOD30=", "owner": "thiagokokada", "repo": "nix-alien", - "rev": "ab175cdbbad2a93afc86125eb0835694b005b2fb", + "rev": "9b92bd3b3d54e02aa0b1881af435802567c2dca9", "type": "github" }, "original": { @@ -717,11 +717,11 @@ ] }, "locked": { - "lastModified": 1741229100, - "narHash": "sha256-0HwrTDXp9buEwal/1ymK9uQmzUD5ozIA7CJGqnT/gLs=", + "lastModified": 1744478979, + "narHash": "sha256-dyN+teG9G82G+m+PX/aSAagkC+vUv0SgUw3XkPhQodQ=", "owner": "lnl7", "repo": "nix-darwin", - "rev": "adf5c88ba1fe21af5c083b4d655004431f20c5ab", + "rev": "43975d782b418ebf4969e9ccba82466728c2851b", "type": "github" }, "original": { @@ -761,11 +761,11 @@ ] }, "locked": { - "lastModified": 1739071773, - "narHash": "sha256-/Ak+Quinhmdxa9m3shjm4lwwwqmzG8zzGhhhhgR1k9I=", + "lastModified": 1744518957, + "narHash": "sha256-RLBSWQfTL0v+7uyskC5kP6slLK1jvIuhaAh8QvB75m4=", "owner": "nix-community", "repo": "nix-index-database", - "rev": "895d81b6228bbd50a6ef22f5a58a504ca99763ea", + "rev": "4fc9ea78c962904f4ea11046f3db37c62e8a02fd", "type": "github" }, "original": { @@ -781,11 +781,11 @@ ] }, "locked": { - "lastModified": 1741619381, - "narHash": "sha256-koZtlJRqi0/MD/AKd0KrXLA2NuBOVzlIyAJprjzpxZE=", + "lastModified": 1744518957, + "narHash": "sha256-RLBSWQfTL0v+7uyskC5kP6slLK1jvIuhaAh8QvB75m4=", "owner": "nix-community", "repo": "nix-index-database", - "rev": "66537fb185462ba9b07f4e6f2d54894a1b2d04ab", + "rev": "4fc9ea78c962904f4ea11046f3db37c62e8a02fd", "type": "github" }, "original": { @@ -846,11 +846,11 @@ "pre-commit-hooks": "pre-commit-hooks" }, "locked": { - "lastModified": 1738246091, - "narHash": "sha256-2+KkZsRO+XlOFbXbRgMZbRtlqn5MBNYj4HNmZ/2Tojg=", + "lastModified": 1744142264, + "narHash": "sha256-h5KyodobZm8dx/HSNN+basgdmjxrQxudjrss4gAQpZk=", "owner": "oddlama", "repo": "nix-topology", - "rev": "5526269fa3eedf4f4bc00c0bf7a03db31d24b029", + "rev": "f49121cbbf4a86c560638ade406d99ee58deb7aa", "type": "github" }, "original": { @@ -901,11 +901,11 @@ ] }, "locked": { - "lastModified": 1740947705, - "narHash": "sha256-Co2kAD2SZalOm+5zoxmzEVZNvZ17TyafuFsD46BwSdY=", + "lastModified": 1742568034, + "narHash": "sha256-QaMEhcnscfF2MqB7flZr+sLJMMYZPnvqO4NYf9B4G38=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "507911df8c35939050ae324caccc7cf4ffb76565", + "rev": "42ee229088490e3777ed7d1162cb9e9d8c3dbb11", "type": "github" }, "original": { @@ -916,11 +916,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1741325094, - "narHash": "sha256-RUAdT8dZ6k/486vnu3tiNRrNW6+Q8uSD2Mq7gTX4jlo=", + "lastModified": 1744633460, + "narHash": "sha256-fbWE4Xpw6eH0Q6in+ymNuDwTkqmFmtxcQEmtRuKDTTk=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "b48cc4dab0f9711af296fc367b6108cf7b8ccb16", + "rev": "9a049b4a421076d27fee3eec664a18b2066824cb", "type": "github" }, "original": { @@ -992,11 +992,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1741600792, - "narHash": "sha256-yfDy6chHcM7pXpMF4wycuuV+ILSTG486Z/vLx/Bdi6Y=", + "lastModified": 1744440957, + "narHash": "sha256-FHlSkNqFmPxPJvy+6fNLaNeWnF1lZSgqVCl/eWaJRc4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "ebe2788eafd539477f83775ef93c3c7e244421d3", + "rev": "26d499fc9f1d567283d5d56fcf367edd815dba1d", "type": "github" }, "original": { @@ -1008,11 +1008,11 @@ }, "nixpkgs-stable24_11": { "locked": { - "lastModified": 1744309437, - "narHash": "sha256-QZnNHM823am8apCqKSPdtnzPGTy2ZB4zIXOVoBp5+W0=", + "lastModified": 1744440957, + "narHash": "sha256-FHlSkNqFmPxPJvy+6fNLaNeWnF1lZSgqVCl/eWaJRc4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "f9ebe33a928b5d529c895202263a5ce46bdf12f7", + "rev": "26d499fc9f1d567283d5d56fcf367edd815dba1d", "type": "github" }, "original": { @@ -1024,11 +1024,11 @@ }, "nixpkgs-stable_2": { "locked": { - "lastModified": 1741600792, - "narHash": "sha256-yfDy6chHcM7pXpMF4wycuuV+ILSTG486Z/vLx/Bdi6Y=", + "lastModified": 1744440957, + "narHash": "sha256-FHlSkNqFmPxPJvy+6fNLaNeWnF1lZSgqVCl/eWaJRc4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "ebe2788eafd539477f83775ef93c3c7e244421d3", + "rev": "26d499fc9f1d567283d5d56fcf367edd815dba1d", "type": "github" }, "original": { @@ -1040,11 +1040,11 @@ }, "nixpkgs_10": { "locked": { - "lastModified": 1739138025, - "narHash": "sha256-M4ilIfGxzbBZuURokv24aqJTbdjPA9K+DtKUzrJaES4=", + "lastModified": 1743689281, + "narHash": "sha256-y7Hg5lwWhEOgflEHRfzSH96BOt26LaYfrYWzZ+VoVdg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "b2243f41e860ac85c0b446eadc6930359b294e79", + "rev": "2bfc080955153be0be56724be6fa5477b4eefabb", "type": "github" }, "original": { @@ -1056,11 +1056,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1739446958, - "narHash": "sha256-+/bYK3DbPxMIvSL4zArkMX0LQvS7rzBKXnDXLfKyRVc=", + "lastModified": 1744463964, + "narHash": "sha256-LWqduOgLHCFxiTNYi3Uj5Lgz0SR+Xhw3kr/3Xd0GPTM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "2ff53fe64443980e139eaa286017f53f88336dd0", + "rev": "2631b0b7abcea6e640ce31cd78ea58910d31e650", "type": "github" }, "original": { @@ -1135,11 +1135,11 @@ }, "nixpkgs_7": { "locked": { - "lastModified": 1741513245, - "narHash": "sha256-7rTAMNTY1xoBwz0h7ZMtEcd8LELk9R5TzBPoHuhNSCk=", + "lastModified": 1744463964, + "narHash": "sha256-LWqduOgLHCFxiTNYi3Uj5Lgz0SR+Xhw3kr/3Xd0GPTM=", "owner": "nixos", "repo": "nixpkgs", - "rev": "e3e32b642a31e6714ec1b712de8c91a3352ce7e1", + "rev": "2631b0b7abcea6e640ce31cd78ea58910d31e650", "type": "github" }, "original": { @@ -1151,11 +1151,11 @@ }, "nixpkgs_8": { "locked": { - "lastModified": 1731763621, - "narHash": "sha256-ddcX4lQL0X05AYkrkV2LMFgGdRvgap7Ho8kgon3iWZk=", + "lastModified": 1744502386, + "narHash": "sha256-QAd1L37eU7ktL2WeLLLTmI6P9moz9+a/ONO8qNBYJgM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "c69a9bffbecde46b4b939465422ddc59493d3e4d", + "rev": "f6db44a8daa59c40ae41ba6e5823ec77fe0d2124", "type": "github" }, "original": { @@ -1167,11 +1167,11 @@ }, "nixpkgs_9": { "locked": { - "lastModified": 1741513245, - "narHash": "sha256-7rTAMNTY1xoBwz0h7ZMtEcd8LELk9R5TzBPoHuhNSCk=", + "lastModified": 1743583204, + "narHash": "sha256-F7n4+KOIfWrwoQjXrL2wD9RhFYLs2/GGe/MQY1sSdlE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e3e32b642a31e6714ec1b712de8c91a3352ce7e1", + "rev": "2c8d3f48d33929642c1c12cd243df4cc7d2ce434", "type": "github" }, "original": { @@ -1261,11 +1261,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1741723036, - "narHash": "sha256-L9tVnZpa6Cb0DgSStIbV5QPRAQ8F94UvKcfiQ1ZZSAA=", + "lastModified": 1744793674, + "narHash": "sha256-rYha6a3Austfc5bPmpio8UHaxlZn8XE38J5+VZ7s/KY=", "owner": "nix-community", "repo": "NUR", - "rev": "20ff961c7fbaf9ecb7a808c0e27bb0984d93f74f", + "rev": "50c9703a2f9da7abf3f18b3941e127e546a7f4c4", "type": "github" }, "original": { @@ -1284,11 +1284,11 @@ "treefmt-nix": "treefmt-nix_2" }, "locked": { - "lastModified": 1741693509, - "narHash": "sha256-emkxnsZstiJWmGACimyAYqIKz2Qz5We5h1oBVDyQjLw=", + "lastModified": 1743884191, + "narHash": "sha256-foVcginhVvjg8ZnTzY5wwMeZ4wjJ8yX66PW5kgyivPE=", "owner": "nix-community", "repo": "NUR", - "rev": "5479646b2574837f1899da78bdf9a48b75a9fb27", + "rev": "fde90f5f52e13eed110a0e53a2818a2b09e4d37c", "type": "github" }, "original": { @@ -1359,11 +1359,11 @@ ] }, "locked": { - "lastModified": 1741379162, - "narHash": "sha256-srpAbmJapkaqGRE3ytf3bj4XshspVR5964OX5LfjDWc=", + "lastModified": 1742649964, + "narHash": "sha256-DwOTp7nvfi8mRfuL1escHDXabVXFGT1VlPD1JHrtrco=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "b5a62751225b2f62ff3147d0a334055ebadcd5cc", + "rev": "dcf5072734cb576d2b0c59b2ac44f5050b5eac82", "type": "github" }, "original": { @@ -1431,11 +1431,11 @@ ] }, "locked": { - "lastModified": 1739240901, - "narHash": "sha256-YDtl/9w71m5WcZvbEroYoWrjECDhzJZLZ8E68S3BYok=", + "lastModified": 1743682350, + "narHash": "sha256-S/MyKOFajCiBm5H5laoE59wB6w0NJ4wJG53iAPfYW3k=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "03473e2af8a4b490f4d2cdb2e4d3b75f82c8197c", + "rev": "c4a8327b0f25d1d81edecbb6105f74d7cf9d7382", "type": "github" }, "original": { @@ -1465,11 +1465,11 @@ "nixpkgs": "nixpkgs_8" }, "locked": { - "lastModified": 1741644481, - "narHash": "sha256-E0RrMykMtEv15V3QhpsFutgoSKhL1JBhidn+iZajOyg=", + "lastModified": 1744669848, + "narHash": "sha256-pXyanHLUzLNd3MX9vsWG+6Z2hTU8niyphWstYEP3/GU=", "owner": "Mic92", "repo": "sops-nix", - "rev": "e653d71e82575a43fe9d228def8eddb73887b866", + "rev": "61154300d945f0b147b30d24ddcafa159148026a", "type": "github" }, "original": { @@ -1500,11 +1500,11 @@ "tinted-zed": "tinted-zed" }, "locked": { - "lastModified": 1741706258, - "narHash": "sha256-Frn1vjiJlyzI9QcosZNWDrgKQjoCbsNAkCrLw2pUYZ4=", + "lastModified": 1744668092, + "narHash": "sha256-XDmpI3ywMkypsHKRF2am6BzZ5OjwpQMulAe8L87Ek8U=", "owner": "danth", "repo": "stylix", - "rev": "4a8718e5a14faeef3e57ededb4efb88b0deed329", + "rev": "38aff11a7097f4da6b95d4c4d2c0438f25a08d52", "type": "github" }, "original": { @@ -1625,11 +1625,11 @@ "tinted-schemes": { "flake": false, "locked": { - "lastModified": 1741468895, - "narHash": "sha256-YKM1RJbL68Yp2vESBqeZQBjTETXo8mCTTzLZyckCfZk=", + "lastModified": 1742851696, + "narHash": "sha256-sR4K+OVFKeUOvNIqcCr5Br7NLxOBEwoAgsIyjsZmb8s=", "owner": "tinted-theming", "repo": "schemes", - "rev": "47c8c7726e98069cade5827e5fb2bfee02ce6991", + "rev": "c37771c4ae8ff1667e27ddcf24991ebeb94a4e77", "type": "github" }, "original": { @@ -1641,11 +1641,11 @@ "tinted-tmux": { "flake": false, "locked": { - "lastModified": 1740877430, - "narHash": "sha256-zWcCXgdC4/owfH/eEXx26y5BLzTrefjtSLFHWVD5KxU=", + "lastModified": 1743296873, + "narHash": "sha256-8IQulrb1OBSxMwdKijO9fB70ON//V32dpK9Uioy7FzY=", "owner": "tinted-theming", "repo": "tinted-tmux", - "rev": "d48ee86394cbe45b112ba23ab63e33656090edb4", + "rev": "af5152c8d7546dfb4ff6df94080bf5ff54f64e3a", "type": "github" }, "original": { @@ -1743,11 +1743,11 @@ "rust-overlay": "rust-overlay_2" }, "locked": { - "lastModified": 1740510704, - "narHash": "sha256-AMGLqcSS9eNWM1K2lm7lZz5t6RFHgLSNTAGI1vYF2VY=", + "lastModified": 1743838985, + "narHash": "sha256-7fmg1fPEJWdCrw2QsanIAA0TT10IvUImZyWbvoSPebA=", "owner": "dj95", "repo": "zjstatus", - "rev": "331ae24595e0c1c612f343547559d1e058128646", + "rev": "d27f0819903b5f31d527affa875c71cb5c2a8578", "type": "github" }, "original": { diff --git a/hosts/nixos/chaostheatre/default.nix b/hosts/nixos/chaostheatre/default.nix index 78629e1..6531933 100644 --- a/hosts/nixos/chaostheatre/default.nix +++ b/hosts/nixos/chaostheatre/default.nix @@ -1,6 +1,13 @@ -{ self, config, pkgs, lib, primaryUser, ... }: +{ self, inputs, config, pkgs, lib, primaryUser, ... }: let - modulesPath = "${self}/modules"; + sharedOptions = { + isBtrfs = false; + isLinux = true; + isPublic = true; + profiles = { + chaostheatre = true; + }; + }; in { @@ -10,7 +17,15 @@ in { _module.args.diskDevice = config.swarselsystems.rootDisk; } - "${modulesPath}/nixos/optional/autologin.nix" + "${self}/hosts/nixos/chaostheatre/options.nix" + inputs.home-manager.nixosModules.home-manager + { + home-manager.users."${primaryUser}".imports = [ + "${self}/modules/home/common/settings.nix" + "${self}/hosts/nixos/chaostheatre/options-home.nix" + "${self}/modules/home/common/sharedsetup.nix" + ]; + } ]; environment.variables = { @@ -31,21 +46,25 @@ in }; - swarselsystems = { - wallpaper = self + /wallpaper/lenovowp.png; - initialSetup = true; - isPublic = true; - isLinux = true; - isImpermanence = true; - isCrypted = true; - isSecureBoot = false; - isSwap = true; - swapSize = "4G"; - rootDisk = "/dev/vda"; - }; + swarselsystems = lib.recursiveUpdate + { + wallpaper = self + /wallpaper/lenovowp.png; + initialSetup = true; + isImpermanence = true; + isCrypted = true; + isSecureBoot = false; + isSwap = true; + swapSize = "4G"; + rootDisk = "/dev/vda"; + } + sharedOptions; - home-manager.users."${primaryUser}".swarselsystems = { - isNixos = true; - isPublic = true; + home-manager.users."${primaryUser}" = { + home.stateVersion = lib.mkForce "23.05"; + swarselsystems = lib.recursiveUpdate + { + isNixos = true; + } + sharedOptions; }; } diff --git a/hosts/nixos/chaostheatre/options-home.nix b/hosts/nixos/chaostheatre/options-home.nix new file mode 100644 index 0000000..4fdd76d --- /dev/null +++ b/hosts/nixos/chaostheatre/options-home.nix @@ -0,0 +1,2 @@ +_: +{ } diff --git a/hosts/nixos/chaostheatre/options.nix b/hosts/nixos/chaostheatre/options.nix new file mode 100644 index 0000000..4fdd76d --- /dev/null +++ b/hosts/nixos/chaostheatre/options.nix @@ -0,0 +1,2 @@ +_: +{ } diff --git a/hosts/nixos/iso/default.nix b/hosts/nixos/iso/default.nix index 34beaeb..28829b7 100644 --- a/hosts/nixos/iso/default.nix +++ b/hosts/nixos/iso/default.nix @@ -21,12 +21,16 @@ in } ]; - home-manager.users."${primaryUser}".home = { - file = { - ".bash_history" = { - source = self + /programs/bash/.bash_history; + home-manager.users."${primaryUser}" = { + home = { + stateVersion = "23.05"; + file = { + ".bash_history" = { + source = self + /programs/bash/.bash_history; + }; }; }; + swarselsystems.modules.general = lib.mkForce true; }; home-manager.users.root.home = { stateVersion = "23.05"; diff --git a/hosts/nixos/nbl-imba-2/default.nix b/hosts/nixos/nbl-imba-2/default.nix index 9d3f41d..0a3c021 100644 --- a/hosts/nixos/nbl-imba-2/default.nix +++ b/hosts/nixos/nbl-imba-2/default.nix @@ -1,7 +1,6 @@ { self, inputs, lib, primaryUser, ... }: let secretsDirectory = builtins.toString inputs.nix-secrets; - modulesPath = "${self}/modules"; sharedOptions = { isBtrfs = true; isLinux = true; @@ -21,24 +20,6 @@ in ./disk-config.nix ./hardware-configuration.nix - "${modulesPath}/nixos/optional/virtualbox.nix" - # "${modulesPath}/nixos/optional/vmware.nix" - "${modulesPath}/nixos/optional/autologin.nix" - "${modulesPath}/nixos/optional/nswitch-rcm.nix" - "${modulesPath}/nixos/optional/gaming.nix" - "${modulesPath}/nixos/optional/work.nix" - "${self}/profiles/nixos" - "${modulesPath}/nixos/server" - - inputs.home-manager.nixosModules.home-manager - { - home-manager.users."${primaryUser}".imports = [ - "${self}/profiles/home" - "${modulesPath}/home/server" - "${modulesPath}/home/optional/gaming.nix" - "${modulesPath}/home/optional/work.nix" - ]; - } ]; diff --git a/hosts/nixos/sync/default.nix b/hosts/nixos/sync/default.nix index 2967f59..d233fdd 100644 --- a/hosts/nixos/sync/default.nix +++ b/hosts/nixos/sync/default.nix @@ -1,22 +1,13 @@ -{ self, inputs, lib, primaryUser, ... }: +{ lib, primaryUser, ... }: let - modulesPath = "${self}/modules"; + sharedOptions = { + isBtrfs = false; + isLinux = true; + }; in { imports = [ - - "${modulesPath}/nixos/server" - "${modulesPath}/nixos/common/sharedsetup.nix" - "${modulesPath}/home/common/sharedsetup.nix" ./hardware-configuration.nix - - inputs.home-manager.nixosModules.home-manager - { - home-manager.users."${primaryUser}".imports = [ - "${modulesPath}/home/server" - "${modulesPath}/home/common/sharedsetup.nix" - ]; - } ]; sops = { @@ -51,7 +42,7 @@ in }; }; - # system.stateVersion = "23.11"; # TEMPLATE - but probably no need to change + system.stateVersion = "23.11"; # TEMPLATE - but probably no need to change services = { nginx = { @@ -80,16 +71,23 @@ in }; }; + swarselsystems = lib.recursiveUpdate + { + flakePath = "/root/.dotfiles"; + isImpermanence = false; + isSecureBoot = false; + isCrypted = false; + profiles = { + server.sync = true; + }; + } + sharedOptions; - swarselsystems = { - isImpermanence = false; - isLinux = true; - isBtrfs = false; - flakePath = "/root/.dotfiles"; - modules.server = { - forgejo = true; - ankisync = true; - }; + home-manager.users."${primaryUser}" = { + home.stateVersion = lib.mkForce "23.05"; + swarselsystems = lib.recursiveUpdate + { } + sharedOptions; }; } diff --git a/hosts/nixos/toto/default.nix b/hosts/nixos/toto/default.nix index f2a50b3..c20aa2e 100644 --- a/hosts/nixos/toto/default.nix +++ b/hosts/nixos/toto/default.nix @@ -4,35 +4,27 @@ let sharedOptions = { isBtrfs = true; isLinux = true; + profiles = { + toto = true; + }; }; in { imports = [ - "${self}/hosts/nixos/toto/disk-config.nix" + ./disk-config.nix ./hardware-configuration.nix - "${modulesPath}/nixos/optional/autologin.nix" - "${modulesPath}/nixos/common/settings.nix" "${modulesPath}/nixos/common/sharedsetup.nix" - "${modulesPath}/nixos/common/home-manager.nix" - "${modulesPath}/nixos/common/home-manager-extra.nix" - "${modulesPath}/nixos/common/xserver.nix" - "${modulesPath}/nixos/common/users.nix" - "${modulesPath}/nixos/common/impermanence.nix" - "${modulesPath}/nixos/common/lanzaboote.nix" - "${modulesPath}/nixos/common/sops.nix" - "${modulesPath}/nixos/server/ssh.nix" "${modulesPath}/home/common/sharedsetup.nix" + "${self}/profiles/nixos" inputs.home-manager.nixosModules.home-manager { home-manager.users."${primaryUser}".imports = [ inputs.sops-nix.homeManagerModules.sops - "${modulesPath}/home/common/settings.nix" - "${modulesPath}/home/common/sops.nix" - "${modulesPath}/home/common/ssh.nix" "${modulesPath}/home/common/sharedsetup.nix" + "${self}/profiles/home" ]; } ]; @@ -76,11 +68,13 @@ in } sharedOptions; - home-manager.users."${primaryUser}".swarselsystems = lib.recursiveUpdate - { - isLaptop = false; - isNixos = true; - } - sharedOptions; - + home-manager.users."${primaryUser}" = { + home.stateVersion = lib.mkForce "23.05"; + swarselsystems = lib.recursiveUpdate + { + isLaptop = false; + isNixos = true; + } + sharedOptions; + }; } diff --git a/hosts/nixos/winters/default.nix b/hosts/nixos/winters/default.nix index c396364..eabf9de 100644 --- a/hosts/nixos/winters/default.nix +++ b/hosts/nixos/winters/default.nix @@ -1,21 +1,17 @@ -{ self, inputs, primaryUser, ... }: +{ lib, primaryUser, ... }: let - modulesPath = "${self}/modules"; + sharedOptions = { + isBtrfs = false; + isLinux = true; + profiles = { + server.local = true; + }; + }; in { imports = [ ./hardware-configuration.nix - - "${modulesPath}/nixos/optional/autologin.nix" - "${modulesPath}/nixos/server" - - inputs.home-manager.nixosModules.home-manager - { - home-manager.users."${primaryUser}".imports = [ - "${modulesPath}/home/server" - ]; - } ]; boot = { @@ -31,25 +27,19 @@ in firewall.allowedTCPPorts = [ 80 443 ]; }; - swarselsystems = { - isImpermanence = false; - isBtrfs = false; - isLinux = true; - server = { - kavita = true; - navidrome = true; - jellyfin = true; - spotifyd = true; - mpd = false; - matrix = true; - nextcloud = true; - immich = true; - paperless = true; - transmission = true; - syncthing = true; - monitoring = true; - freshrss = true; - }; - }; + swarselsystems = lib.recursiveUpdate + { + isImpermanence = false; + isSecureBoot = true; + isCrypted = true; + } + sharedOptions; + + home-manager.users."${primaryUser}" = { + home.stateVersion = lib.mkForce "23.05"; + swarselsystems = lib.recursiveUpdate + { } + sharedOptions; + }; } diff --git a/lib/default.nix b/lib/default.nix index e792cdd..00970c6 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -53,38 +53,41 @@ in _module.args.primaryUser = linuxUser; } ] ++ - (if (host == "toto" || host == "iso") then [ ] else + (if (host == "iso") then [ ] else ([ # put nixos imports here that are for all servers and normal hosts inputs.nix-topology.nixosModules.default - ] ++ - (if (host == "winters" || host == "sync") then [ ] else [ - # put nixos imports here that are for all normal hosts "${self}/modules/${type}/common" inputs.stylix.nixosModules.stylix inputs.nswitch-rcm-nix.nixosModules.nswitch-rcm - ]) ++ (if (type == "nixos") then [ + ] ++ (if (type == "nixos") then [ inputs.home-manager.nixosModules.home-manager + "${self}/profiles/nixos" + "${self}/modules/nixos/server" + "${self}/modules/nixos/optional" { - home-manager.users."${linuxUser}".imports = ( - if (host == "winters" || host == "sync") then [ ] else [ - # put home-manager imports here that are for all normal hosts - "${self}/modules/home/common" - ] - ) ++ [ - # put home-manager imports here that are for all servers and normal hosts + home-manager.users."${linuxUser}".imports = [ + # put home-manager imports here that are for all normal hosts inputs.sops-nix.homeManagerModules.sops inputs.nix-index-database.hmModules.nix-index + "${self}/modules/home/common" + "${self}/modules/home/server" + "${self}/modules/home/optional" + "${self}/profiles/home" ]; } ] else [ # put nixos imports here that are for darwin hosts "${self}/modules/darwin/nixos/common" + "${self}/profiles/darwin" inputs.home-manager.darwinModules.home-manager { home-manager.users."${macUser}".imports = [ # put home-manager imports here that are for darwin hosts "${self}/modules/darwin/home" + "${self}/modules/home/server" + "${self}/modules/home/optional" + "${self}/profiles/home" ]; } ]) diff --git a/modules/home/common/sharedsetup.nix b/modules/home/common/sharedsetup.nix index c017737..eb46a89 100644 --- a/modules/home/common/sharedsetup.nix +++ b/modules/home/common/sharedsetup.nix @@ -183,9 +183,9 @@ in search = { # default = "Kagi"; - default = "Google"; + default = "google"; # privateDefault = "Kagi"; - privateDefault = "Google"; + privateDefault = "google"; engines = { "Kagi" = { urls = [{ @@ -194,7 +194,7 @@ in { name = "q"; value = "{searchTerms}"; } ]; }]; - iconUpdateURL = "https://kagi.com/favicon.ico"; + icon = "https://kagi.com/favicon.ico"; updateInterval = 24 * 60 * 60 * 1000; # every day definedAliases = [ "@k" ]; }; @@ -215,7 +215,7 @@ in urls = [{ template = "https://nixos.wiki/index.php?search={searchTerms}"; }]; - iconUpdateURL = "https://nixos.wiki/favicon.png"; + icon = "https://nixos.wiki/favicon.png"; updateInterval = 24 * 60 * 60 * 1000; # every day definedAliases = [ "@nw" ]; }; @@ -244,7 +244,7 @@ in definedAliases = [ "@hm" "@ho" "@hmo" ]; }; - "Google".metaData.alias = "@g"; + "google".metaData.alias = "@g"; }; force = true; # this is required because otherwise the search.json.mozlz4 symlink gets replaced on every firefox restart }; diff --git a/modules/home/optional/default.nix b/modules/home/optional/default.nix new file mode 100644 index 0000000..59351fd --- /dev/null +++ b/modules/home/optional/default.nix @@ -0,0 +1,7 @@ +{ lib, ... }: +let + importNames = lib.swarselsystems.readNix "modules/home/optional"; +in +{ + imports = lib.swarselsystems.mkImports importNames "modules/home/optional"; +} diff --git a/modules/nixos/optional/default.nix b/modules/nixos/optional/default.nix new file mode 100644 index 0000000..a6237f7 --- /dev/null +++ b/modules/nixos/optional/default.nix @@ -0,0 +1,12 @@ +{ self, lib, ... }: +let + importNames = lib.swarselsystems.readNix "modules/nixos/optional"; + modulesPath = "${self}/modules"; +in +{ + imports = lib.swarselsystems.mkImports importNames "modules/nixos/optional" ++ [ + "${modulesPath}/home/common/sharedsetup.nix" + ]; + + +} diff --git a/modules/nixos/server/settings.nix b/modules/nixos/server/settings.nix index e3e9043..11ddcac 100644 --- a/modules/nixos/server/settings.nix +++ b/modules/nixos/server/settings.nix @@ -11,6 +11,7 @@ in }; }; config = lib.mkIf config.swarselsystems.modules.server.general { + environment.shellAliases = lib.recursiveUpdate { npswitch = "cd ${flakePath}; git pull; sudo nixos-rebuild --flake .#$(hostname) switch; cd -;"; diff --git a/profiles/home/chaostheatre/default.nix b/profiles/home/chaostheatre/default.nix new file mode 100644 index 0000000..37bd0c4 --- /dev/null +++ b/profiles/home/chaostheatre/default.nix @@ -0,0 +1,44 @@ +{ lib, config, ... }: +{ + options.swarselsystems.profiles.chaostheatre = lib.mkEnableOption "is this a chaostheatre host"; + config = lib.mkIf config.swarselsystems.profiles.chaostheatre { + swarselsystems.modules = { + packages = lib.mkDefault true; + ownpackages = lib.mkDefault true; + general = lib.mkDefault true; + nixgl = lib.mkDefault true; + sops = lib.mkDefault true; + yubikey = lib.mkDefault false; + ssh = lib.mkDefault true; + stylix = lib.mkDefault true; + desktop = lib.mkDefault true; + symlink = lib.mkDefault true; + env = lib.mkDefault false; + programs = lib.mkDefault true; + nix-index = lib.mkDefault true; + direnv = lib.mkDefault true; + eza = lib.mkDefault true; + git = lib.mkDefault false; + fuzzel = lib.mkDefault true; + starship = lib.mkDefault true; + kitty = lib.mkDefault true; + zsh = lib.mkDefault true; + zellij = lib.mkDefault true; + tmux = lib.mkDefault true; + mail = lib.mkDefault false; + emacs = lib.mkDefault true; + waybar = lib.mkDefault true; + firefox = lib.mkDefault true; + gnome-keyring = lib.mkDefault true; + kdeconnect = lib.mkDefault true; + mako = lib.mkDefault true; + swayosd = lib.mkDefault true; + yubikeytouch = lib.mkDefault true; + sway = lib.mkDefault true; + kanshi = lib.mkDefault true; + gpgagent = lib.mkDefault true; + gammastep = lib.mkDefault false; + }; + }; + +} diff --git a/profiles/home/toto/default.nix b/profiles/home/toto/default.nix new file mode 100644 index 0000000..97814f1 --- /dev/null +++ b/profiles/home/toto/default.nix @@ -0,0 +1,12 @@ +{ lib, config, ... }: +{ + options.swarselsystems.profiles.toto = lib.mkEnableOption "is this a toto (setup) host"; + config = lib.mkIf config.swarselsystems.profiles.toto { + swarselsystems.modules = { + general = lib.mkDefault true; + sops = lib.mkDefault true; + ssh = lib.mkDefault true; + }; + }; + +} diff --git a/profiles/nixos/chaostheatre/default.nix b/profiles/nixos/chaostheatre/default.nix new file mode 100644 index 0000000..4904a0e --- /dev/null +++ b/profiles/nixos/chaostheatre/default.nix @@ -0,0 +1,55 @@ +{ lib, config, ... }: +{ + options.swarselsystems.profiles.chaostheatre = lib.mkEnableOption "is this a chaostheatre host"; + config = lib.mkIf config.swarselsystems.profiles.chaostheatre { + swarselsystems.modules = { + packages = lib.mkDefault true; + general = lib.mkDefault true; + home-manager = lib.mkDefault true; + home-managerExtra = lib.mkDefault false; + xserver = lib.mkDefault true; + users = lib.mkDefault true; + env = lib.mkDefault true; + security = lib.mkDefault true; + gc = lib.mkDefault true; + storeOptimize = lib.mkDefault true; + systemdTimeout = lib.mkDefault true; + hardware = lib.mkDefault true; + pulseaudio = lib.mkDefault true; + pipewire = lib.mkDefault true; + network = lib.mkDefault true; + time = lib.mkDefault true; + commonSops = lib.mkDefault true; + stylix = lib.mkDefault true; + programs = lib.mkDefault true; + zsh = lib.mkDefault true; + syncthing = lib.mkDefault true; + blueman = lib.mkDefault true; + networkDevices = lib.mkDefault true; + gvfs = lib.mkDefault true; + interceptionTools = lib.mkDefault true; + ppd = lib.mkDefault true; + yubikey = lib.mkDefault true; + ledger = lib.mkDefault true; + keyboards = lib.mkDefault true; + login = lib.mkDefault true; + nix-ld = lib.mkDefault true; + impermanence = lib.mkDefault true; + nvd = lib.mkDefault true; + gnome-keyring = lib.mkDefault true; + sway = lib.mkDefault true; + xdg-portal = lib.mkDefault true; + distrobox = lib.mkDefault true; + appimage = lib.mkDefault true; + lid = lib.mkDefault true; + lowBattery = lib.mkDefault true; + lanzaboote = lib.mkDefault true; + + optional = { + autologin = lib.mkDefault true; + }; + }; + + }; + +} diff --git a/profiles/nixos/localserver/default.nix b/profiles/nixos/localserver/default.nix index d7b3329..fb1bb29 100644 --- a/profiles/nixos/localserver/default.nix +++ b/profiles/nixos/localserver/default.nix @@ -4,6 +4,7 @@ config = lib.mkIf config.swarselsystems.profiles.server.local { swarselsystems = { modules = { + general = lib.mkDefault true; nix-ld = lib.mkDefault true; home-manager = lib.mkDefault true; home-managerExtra = lib.mkDefault true; diff --git a/profiles/nixos/syncserver/default.nix b/profiles/nixos/syncserver/default.nix index a26ce36..93ab5a7 100644 --- a/profiles/nixos/syncserver/default.nix +++ b/profiles/nixos/syncserver/default.nix @@ -4,6 +4,7 @@ config = lib.mkIf config.swarselsystems.profiles.server.sync { swarselsystems = { modules = { + general = lib.mkDefault true; nix-ld = lib.mkDefault true; home-manager = lib.mkDefault true; home-managerExtra = lib.mkDefault true; diff --git a/profiles/nixos/toto/default.nix b/profiles/nixos/toto/default.nix new file mode 100644 index 0000000..0f8db97 --- /dev/null +++ b/profiles/nixos/toto/default.nix @@ -0,0 +1,24 @@ +{ lib, config, ... }: +{ + options.swarselsystems.profiles.toto = lib.mkEnableOption "is this a toto (setup) host"; + config = lib.mkIf config.swarselsystems.profiles.toto { + swarselsystems.modules = { + general = lib.mkDefault true; + home-manager = lib.mkDefault true; + home-managerExtra = lib.mkDefault true; + xserver = lib.mkDefault true; + users = lib.mkDefault true; + commonSops = lib.mkDefault true; + impermanence = lib.mkDefault true; + lanzaboote = lib.mkDefault true; + server = { + ssh = lib.mkDefault true; + }; + optional = { + autologin = lib.mkDefault true; + }; + }; + + }; + +} diff --git a/programs/emacs/init.el b/programs/emacs/init.el index 8bdef99..8b896c1 100644 --- a/programs/emacs/init.el +++ b/programs/emacs/init.el @@ -159,7 +159,9 @@ create a new one." (defun swarsel/org-mode-setup () (variable-pitch-mode 1) (add-hook 'org-tab-first-hook 'org-end-of-line) - (visual-line-mode 1)) + (org-indent-mode) + (visual-line-mode 1) + (org-mode)) (defun swarsel/org-mode-visual-fill () (setq visual-fill-column-width 150 @@ -802,6 +804,7 @@ create a new one." (use-package org ;;:diminish (org-indent-mode) :hook (org-mode . swarsel/org-mode-setup) + ;; :mode "\\.nix\\'" :bind (("C-" . org-fold-outer) ("C-c s" . org-store-link)) @@ -1401,12 +1404,12 @@ create a new one." :config (dirvish-peek-mode) (dirvish-side-follow-mode) - (setq dirvish-open-with-programs - (append dirvish-open-with-programs '( - (("xlsx" "docx" "doc" "odt" "ods") "libreoffice" "%f") - (("jpg" "jpeg" "png") "imv" "%f") - (("pdf") "sioyek" "%f") - (("xopp") "xournalpp" "%f")))) + ;; (setq dirvish-open-with-programs + ;; (append dirvish-open-with-programs '( + ;; (("xlsx" "docx" "doc" "odt" "ods") "libreoffice" "%f") + ;; (("jpg" "jpeg" "png") "imv" "%f") + ;; (("pdf") "sioyek" "%f") + ;; (("xopp") "xournalpp" "%f")))) :custom (delete-by-moving-to-trash t) (dired-listing-switches diff --git a/scripts/swarsel-install.sh b/scripts/swarsel-install.sh index 6e7cb18..5f105b8 100644 --- a/scripts/swarsel-install.sh +++ b/scripts/swarsel-install.sh @@ -101,6 +101,36 @@ if [[ $local_keys != *"${pub_arr[1]}"* ]]; then rm modules/home/common/mail.nix rm modules/home/common/yubikey.nix rm modules/nixos/common/home-manager-extra.nix + rm -rf modules/nixos/server + rm -rf modules/home/server + cat > hosts/nixos/chaostheatre/options.nix << EOF + { self, lib, ... }: + { + options = { + swarselsystems = { + modules = { + home-managerExtra = lib.mkEnableOption "dummy option for chaostheatre"; + }; + }; + }; + } +EOF + cat > hosts/nixos/chaostheatre/options-home.nix << EOF + { self, lib, ... }: + { + options = { + swarselsystems = { + modules = { + yubikey = lib.mkEnableOption "dummy option for chaostheatre"; + env = lib.mkEnableOption "dummy option for chaostheatre"; + git = lib.mkEnableOption "dummy option for chaostheatre"; + mail = lib.mkEnableOption "dummy option for chaostheatre"; + gammastep = lib.mkEnableOption "dummy option for chaostheatre"; + }; + }; + }; + } +EOF nix flake update vbc-nix git add . else From 36d97926e61885063e772aced37ed485a7f49acd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leon=20Schwarz=C3=A4ugl?= Date: Wed, 30 Apr 2025 19:34:28 +0200 Subject: [PATCH 12/13] feat: add profiles for all work host options --- SwarselSystems.org | 669 +++++++++++++++++------- flake.lock | 38 +- flake.nix | 12 +- hosts/nixos/nbl-imba-2/default.nix | 178 +------ lib/default.nix | 6 + modules/home/common/kanshi.nix | 12 + modules/home/common/sharedsetup.nix | 22 + modules/home/common/sway.nix | 1 + modules/home/optional/framework.nix | 14 + modules/home/optional/work.nix | 98 ++++ modules/nixos/common/network.nix | 7 +- modules/nixos/common/packages.nix | 2 +- modules/nixos/common/swayosd.nix | 22 + modules/nixos/optional/amdcpu.nix | 9 + modules/nixos/optional/amdgpu.nix | 15 + modules/nixos/optional/btrfs.nix | 9 + modules/nixos/optional/framework.nix | 27 + modules/nixos/optional/hibernation.nix | 24 + modules/nixos/optional/work.nix | 21 +- profiles/home/framework/default.nix | 13 + profiles/home/personal/default.nix | 1 + profiles/nixos/amdcpu/default.nix | 13 + profiles/nixos/amdgpu/default.nix | 13 + profiles/nixos/btrfs/default.nix | 13 + profiles/nixos/chaostheatre/default.nix | 1 + profiles/nixos/framework/default.nix | 13 + profiles/nixos/hibernation/default.nix | 13 + profiles/nixos/personal/default.nix | 1 + programs/emacs/init.el | 4 +- programs/firefox/tridactyl/tridactylrc | 23 +- 30 files changed, 891 insertions(+), 403 deletions(-) create mode 100644 modules/home/optional/framework.nix create mode 100644 modules/nixos/common/swayosd.nix create mode 100644 modules/nixos/optional/amdcpu.nix create mode 100644 modules/nixos/optional/amdgpu.nix create mode 100644 modules/nixos/optional/btrfs.nix create mode 100644 modules/nixos/optional/framework.nix create mode 100644 modules/nixos/optional/hibernation.nix create mode 100644 profiles/home/framework/default.nix create mode 100644 profiles/nixos/amdcpu/default.nix create mode 100644 profiles/nixos/amdgpu/default.nix create mode 100644 profiles/nixos/btrfs/default.nix create mode 100644 profiles/nixos/framework/default.nix create mode 100644 profiles/nixos/hibernation/default.nix diff --git a/SwarselSystems.org b/SwarselSystems.org index 3d74d82..46a788c 100644 --- a/SwarselSystems.org +++ b/SwarselSystems.org @@ -234,7 +234,7 @@ When setting this option normally, the password would normally be written world- #+begin_src nix :tangle no :noweb-ref flakeinputs - nixpkgs.url = "github:nixos/nixpkgs?rev=5f385baff93c728400d2c4ec8c9b0745b8f9e5b6"; + nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; nixpkgs-stable.url = "github:NixOS/nixpkgs/nixos-24.11"; nixpkgs-stable24_11.url = "github:NixOS/nixpkgs/nixos-24.11"; systems.url = "github:nix-systems/default-linux"; @@ -357,10 +357,11 @@ In this section I am creating some attributes that define general concepts of my ]; appSet = lib.swarselsystems.mkApps system appNames self; in - { - inherit appSet; - default = appSet.bootstrap; - }); + + appSet // { + default = appSet.swarsel-bootstrap; + } + ); devShells = lib.swarselsystems.forAllSystems (system: let @@ -398,7 +399,6 @@ In this section I am creating some attributes that define general concepts of my ); diskoConfigurations.default = import .templates/hosts/nixos/disk-config.nix; - #+end_src ** Pre-commit-hooks (Checks) @@ -810,6 +810,7 @@ My work machine. Built for more security, this is the gold standard of my config profiles = { personal = true; work = true; + framework = true; }; }; in @@ -817,7 +818,6 @@ My work machine. Built for more security, this is the gold standard of my config imports = [ inputs.nixos-hardware.nixosModules.framework-16-7040-amd - inputs.fw-fanctrl.nixosModules.default ./disk-config.nix ./hardware-configuration.nix @@ -826,67 +826,24 @@ My work machine. Built for more security, this is the gold standard of my config - networking.networkmanager.wifi.scanRandMacAddress = false; - - boot = { - supportedFilesystems = [ "btrfs" ]; - # kernelPackages = lib.mkDefault pkgs.linuxPackages_latest; - kernelParams = [ - "resume_offset=533760" - ]; - resumeDevice = "/dev/disk/by-label/nixos"; - }; - - hardware = { - enableAllFirmware = true; - cpu.amd.updateMicrocode = true; - amdgpu = { - opencl.enable = true; - amdvlk = { - enable = true; - support32Bit.enable = true; - }; - }; - }; - - programs.fw-fanctrl = { - enable = true; - config = { - defaultStrategy = "lazy"; - }; - }; - - networking = { - hostName = lib.swarselsystems.getSecret "${secretsDirectory}/work/worklaptop-hostname"; - fqdn = lib.swarselsystems.getSecret "${secretsDirectory}/work/worklaptop-fqdn"; - firewall.enable = true; - }; - - - services = { - fwupd = { - enable = true; - # framework also uses lvfs-testing, but I do not want to use it - extraRemotes = [ "lvfs" ]; - }; - udev.extraRules = '' - # disable Wakeup on Framework Laptop 16 Keyboard (ANSI) - ACTION=="add", SUBSYSTEM=="usb", ATTRS{idVendor}=="32ac", ATTRS{idProduct}=="0012", ATTR{power/wakeup}="disabled" - # disable Wakeup on Framework Laptop 16 Numpad Module - ACTION=="add", SUBSYSTEM=="usb", ATTRS{idVendor}=="32ac", ATTRS{idProduct}=="0014", ATTR{power/wakeup}="disabled" - # disable Wakeup on Framework Laptop 16 Trackpad - ACTION=="add", SUBSYSTEM=="i2c", DRIVERS=="i2c_hid_acpi", ATTRS{name}=="PIXA3854:00", ATTR{power/wakeup}="disabled" - ''; - }; - swarselsystems = lib.recursiveUpdate { + firewall = lib.mkForce true; wallpaper = self + /wallpaper/lenovowp.png; hasBluetooth = true; hasFingerprint = true; isImpermanence = false; isSecureBoot = true; isCrypted = true; + hostName = lib.swarselsystems.getSecret "${secretsDirectory}/work/worklaptop-hostname"; + fqdn = lib.swarselsystems.getSecret "${secretsDirectory}/work/worklaptop-fqdn"; + hibernation.offset = 533760; + profiles = { + amdcpu = true; + amdgpu = true; + hibernation = true; + btrfs = true; + }; } sharedOptions; @@ -904,17 +861,17 @@ My work machine. Built for more security, this is the gold standard of my config path = "/sys/devices/virtual/thermal/thermal_zone0/"; input-filename = "temp4_input"; }; - startup = [ - { command = "nextcloud --background"; } - { command = "vesktop --start-minimized --enable-speech-dispatcher --ozone-platform-hint=auto --enable-features=WaylandWindowDecorations --enable-wayland-ime"; } - { command = "element-desktop --hidden --enable-features=UseOzonePlatform --ozone-platform=wayland --disable-gpu-driver-bug-workarounds"; } - { command = "ANKI_WAYLAND=1 anki"; } - { command = "OBSIDIAN_USE_WAYLAND=1 obsidian"; } - { command = "nm-applet"; } - { command = "teams-for-linux"; } - { command = "1password"; } - { command = "feishin"; } - ]; + # startup = [ + # { command = "nextcloud --background"; } + # { command = "vesktop --start-minimized --enable-speech-dispatcher --ozone-platform-hint=auto --enable-features=WaylandWindowDecorations --enable-wayland-ime"; } + # { command = "element-desktop --hidden --enable-features=UseOzonePlatform --ozone-platform=wayland --disable-gpu-driver-bug-workarounds"; } + # { command = "ANKI_WAYLAND=1 anki"; } + # { command = "OBSIDIAN_USE_WAYLAND=1 obsidian"; } + # { command = "nm-applet"; } + # { command = "teams-for-linux"; } + # { command = "1password"; } + # { command = "feishin"; } + # ]; lowResolution = "1280x800"; highResolution = "2560x1600"; monitors = { @@ -926,97 +883,6 @@ My work machine. Built for more security, this is the gold standard of my config workspace = "15:L"; output = "eDP-2"; }; - homedesktop = { - name = "Philips Consumer Electronics Company PHL BDM3270 AU11806002320"; - mode = "2560x1440"; - scale = "1"; - position = "0,0"; - workspace = "1:一"; - output = "DP-11"; - }; - work_back_middle = { - name = "LG Electronics LG Ultra HD 0x000305A6"; - mode = "2560x1440"; - scale = "1"; - position = "5120,0"; - workspace = "1:一"; - output = "DP-10"; - }; - work_front_left = { - name = "LG Electronics LG Ultra HD 0x0007AB45"; - mode = "3840x2160"; - scale = "1"; - position = "5120,0"; - workspace = "1:一"; - output = "DP-7"; - }; - work_back_right = { - name = "HP Inc. HP Z32 CN41212T55"; - mode = "3840x2160"; - scale = "1"; - position = "5120,0"; - workspace = "1:一"; - output = "DP-3"; - }; - work_middle_middle_main = { - name = "HP Inc. HP 732pk CNC4080YL5"; - mode = "3840x2160"; - scale = "1"; - position = "-1280,0"; - workspace = "11:M"; - output = "DP-8"; - }; - work_middle_middle_side = { - name = "Hewlett Packard HP Z24i CN44250RDT"; - mode = "1920x1200"; - transform = "270"; - scale = "1"; - position = "-2480,0"; - workspace = "12:S"; - output = "DP-9"; - }; - work_seminary = { - name = "Applied Creative Technology Transmitter QUATTRO201811"; - mode = "1280x720"; - scale = "1"; - position = "10000,10000"; # i.e. this screen is inaccessible by moving the mouse - workspace = "14:T"; - output = "DP-4"; - }; - }; - inputs = { - "12972:18:Framework_Laptop_16_Keyboard_Module_-_ANSI_Keyboard" = { - xkb_layout = "us"; - xkb_variant = "altgr-intl"; - }; - "1133:45081:MX_Master_2S_Keyboard" = { - xkb_layout = "us"; - xkb_variant = "altgr-intl"; - }; - # "2362:628:PIXA3854:00_093A:0274_Touchpad" = { - # dwt = "enabled"; - # tap = "enabled"; - # natural_scroll = "enabled"; - # middle_emulation = "enabled"; - # drag_lock = "disabled"; - # }; - "1133:50504:Logitech_USB_Receiver" = { - xkb_layout = "us"; - xkb_variant = "altgr-intl"; - }; - "1133:45944:MX_KEYS_S" = { - xkb_layout = "us"; - xkb_variant = "altgr-intl"; - }; - }; - keybindings = { - "Mod4+Ctrl+Shift+p" = "exec screenshare"; - }; - shellAliases = { - ans2-15_3-9 = ". ~/.venvs/ansible39_2_15_0/bin/activate"; - ans3-9 = ". ~/.venvs/ansible39/bin/activate"; - ans = ". ~/.venvs/ansible/bin/activate"; - ans2-15 = ". ~/.venvs/ansible2.15.0/bin/activate"; }; } sharedOptions; @@ -2029,8 +1895,7 @@ I also set the =WLR_RENDERER_ALLOW_SOFTWARE=1= to allow this configuration to ru #+begin_src nix :tangle hosts/nixos/chaostheatre/options.nix _: - { - } + { } #+end_src @@ -2038,8 +1903,7 @@ I also set the =WLR_RENDERER_ALLOW_SOFTWARE=1= to allow this configuration to ru #+begin_src nix :tangle hosts/nixos/chaostheatre/options-home.nix _: - { - } + { } #+end_src @@ -3912,6 +3776,7 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a networkDevices = lib.mkDefault true; gvfs = lib.mkDefault true; interceptionTools = lib.mkDefault true; + swayosd = lib.mkDefault true; ppd = lib.mkDefault true; yubikey = lib.mkDefault true; ledger = lib.mkDefault true; @@ -3976,6 +3841,7 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a networkDevices = lib.mkDefault true; gvfs = lib.mkDefault true; interceptionTools = lib.mkDefault true; + swayosd = lib.mkDefault true; ppd = lib.mkDefault true; yubikey = lib.mkDefault true; ledger = lib.mkDefault true; @@ -4053,6 +3919,101 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a #+end_src +***** Framework + +#+begin_src nix :tangle profiles/nixos/framework/default.nix :mkdirp yes + { lib, config, ... }: + { + options.swarselsystems.profiles.framework = lib.mkEnableOption "is this a framework brand host"; + config = lib.mkIf config.swarselsystems.profiles.framework { + swarselsystems.modules = { + optional = { + framework = lib.mkDefault true; + }; + }; + + }; + + } + +#+end_src + +***** AMD CPU + +#+begin_src nix :tangle profiles/nixos/amdcpu/default.nix :mkdirp yes + { lib, config, ... }: + { + options.swarselsystems.profiles.amdcpu = lib.mkEnableOption "is this a host with amd cpu"; + config = lib.mkIf config.swarselsystems.profiles.amdcpu { + swarselsystems.modules = { + optional = { + amdcpu = lib.mkDefault true; + }; + }; + + }; + + } + +#+end_src + +***** AMD GPU + +#+begin_src nix :tangle profiles/nixos/amdgpu/default.nix :mkdirp yes + { lib, config, ... }: + { + options.swarselsystems.profiles.amdgpu = lib.mkEnableOption "is this a host with amd gpu"; + config = lib.mkIf config.swarselsystems.profiles.amdgpu { + swarselsystems.modules = { + optional = { + amdgpu = lib.mkDefault true; + }; + }; + + }; + + } + +#+end_src + +***** Hibernation + +#+begin_src nix :tangle profiles/nixos/hibernation/default.nix :mkdirp yes + { lib, config, ... }: + { + options.swarselsystems.profiles.hibernation = lib.mkEnableOption "is this a host using hibernation"; + config = lib.mkIf config.swarselsystems.profiles.hibernation { + swarselsystems.modules = { + optional = { + hibernation = lib.mkDefault true; + }; + }; + + }; + + } + +#+end_src + +***** BTRFS + +#+begin_src nix :tangle profiles/nixos/btrfs/default.nix :mkdirp yes + { lib, config, ... }: + { + options.swarselsystems.profiles.btrfs = lib.mkEnableOption "is this a host using btrfs"; + config = lib.mkIf config.swarselsystems.profiles.btrfs { + swarselsystems.modules = { + optional = { + btrfs = lib.mkDefault true; + }; + }; + + }; + + } + +#+end_src + ***** Local Server #+begin_src nix :tangle profiles/nixos/localserver/default.nix :mkdirp yes @@ -4173,6 +4134,7 @@ This holds modules that are to be used on most hosts. These are also the most im env = lib.mkDefault true; programs = lib.mkDefault true; nix-index = lib.mkDefault true; + passwordstore = lib.mkDefault true; direnv = lib.mkDefault true; eza = lib.mkDefault true; git = lib.mkDefault true; @@ -4292,6 +4254,25 @@ This holds modules that are to be used on most hosts. These are also the most im #+end_src +***** Framework + +#+begin_src nix :tangle profiles/home/framework/default.nix :mkdirp yes + { lib, config, ... }: + { + options.swarselsystems.profiles.framework = lib.mkEnableOption "is this a framework brand host"; + config = lib.mkIf config.swarselsystems.profiles.framework { + swarselsystems.modules = { + optional = { + framework = lib.mkDefault true; + }; + }; + + }; + + } + +#+end_src + ***** Darwin #+begin_src nix :tangle profiles/home/darwin/default.nix :mkdirp yes @@ -4380,6 +4361,8 @@ TODO default = true; }; + mkStrong = lib.mkOverride 60; + getSecret = filename: lib.strings.trim (builtins.readFile "${filename}"); forEachSystem = f: lib.genAttrs (import systems) (system: f lib.swarselsystems.pkgsFor.${system}); @@ -4397,6 +4380,7 @@ TODO inputs.sops-nix.nixosModules.sops inputs.impermanence.nixosModules.impermanence inputs.lanzaboote.nixosModules.lanzaboote + inputs.fw-fanctrl.nixosModules.default "${self}/hosts/${type}/${host}" { _module.args.primaryUser = linuxUser; @@ -4470,6 +4454,9 @@ TODO value = { type = "app"; program = "${self.packages.${system}.${name}}/bin/${name}"; + meta = { + description = "Custom app ${name}."; + }; }; }) names); @@ -4693,7 +4680,6 @@ Mostly used to install some compilers and lsp's that I want to have available wh yubico-pam yubioath-flutter yubikey-manager - yubikey-manager-qt yubikey-touch-detector yubico-piv-tool cfssl @@ -4708,6 +4694,7 @@ Mostly used to install some compilers and lsp's that I want to have available wh swaylock-effects syncthingtray-minimal wl-mirror + swayosd # secure boot sbctl @@ -5102,14 +5089,17 @@ Here I only enable =networkmanager= and a few default networks. The rest of the #+begin_src nix :tangle modules/nixos/common/network.nix { lib, config, ... }: { - options.swarselsystems.modules.network = lib.mkEnableOption "network config"; + options.swarselsystems = { + modules.network = lib.mkEnableOption "network config"; + firewall = lib.swarselsystems.mkTrueOption; + }; config = lib.mkIf config.swarselsystems.modules.network { networking = { nftables.enable = lib.mkDefault true; enableIPv6 = lib.mkDefault true; firewall = { + enable = lib.swarselsystems.mkStrong config.swarselsystems.firewall; checkReversePath = lib.mkDefault false; - enable = lib.mkDefault true; allowedUDPPorts = [ 51820 ]; # 51820: wireguard allowedTCPPortRanges = [ { from = 1714; to = 1764; } # kde-connect @@ -5739,6 +5729,33 @@ Most of the time I am using =power-saver=, however, it is good to be able to cho } #+end_src +***** SwayOSD + +#+begin_src nix :tangle modules/nixos/common/swayosd.nix + { lib, pkgs, config, ... }: + { + options.swarselsystems.modules.swayosd = lib.mkEnableOption "swayosd settings"; + config = lib.mkIf config.swarselsystems.modules.swayosd { + environment.systemPackages = [ pkgs.swayosd ]; + services.udev.packages = [ pkgs.swayosd ]; + systemd.services.swayosd-libinput-backend = { + description = "SwayOSD LibInput backend for listening to certain keys like CapsLock, ScrollLock, VolumeUp, etc."; + documentation = [ "https://github.com/ErikReider/SwayOSD" ]; + wantedBy = [ "graphical.target" ]; + partOf = [ "graphical.target" ]; + after = [ "graphical.target" ]; + + serviceConfig = { + Type = "dbus"; + BusName = "org.erikreider.swayosd"; + ExecStart = "${pkgs.swayosd}/bin/swayosd-libinput-backend"; + Restart = "on-failure"; + }; + }; + }; + } +#+end_src + **** Hardware compatibility settings (Yubikey, Ledger, Keyboards) - udev rules :PROPERTIES: :CUSTOM_ID: h:7a89b5e3-b700-4167-8b14-2b8172f33936 @@ -8341,6 +8358,118 @@ This smashes Atmosphere 1.3.2 on the switch, which is what I am currenty using. } #+end_src +**** Framework + +This holds configuration that is specific to framework laptops. + +#+begin_src nix :tangle modules/nixos/optional/framework.nix + { lib, config, ... }: + { + options.swarselsystems.modules.optional.framework = lib.mkEnableOption "optional framework machine settings"; + config = lib.mkIf config.swarselsystems.modules.optional.framework { + services = { + fwupd = { + enable = true; + # framework also uses lvfs-testing, but I do not want to use it + extraRemotes = [ "lvfs" ]; + }; + udev.extraRules = '' + # disable Wakeup on Framework Laptop 16 Keyboard (ANSI) + ACTION=="add", SUBSYSTEM=="usb", ATTRS{idVendor}=="32ac", ATTRS{idProduct}=="0012", ATTR{power/wakeup}="disabled" + # disable Wakeup on Framework Laptop 16 Numpad Module + ACTION=="add", SUBSYSTEM=="usb", ATTRS{idVendor}=="32ac", ATTRS{idProduct}=="0014", ATTR{power/wakeup}="disabled" + # disable Wakeup on Framework Laptop 16 Trackpad + ACTION=="add", SUBSYSTEM=="i2c", DRIVERS=="i2c_hid_acpi", ATTRS{name}=="PIXA3854:00", ATTR{power/wakeup}="disabled" + ''; + }; + programs.fw-fanctrl = { + enable = true; + config = { + defaultStrategy = "lazy"; + }; + }; + }; + } +#+end_src + +**** AMD CPU + +#+begin_src nix :tangle modules/nixos/optional/amdcpu.nix + { lib, config, ... }: + { + options.swarselsystems.modules.optional.amdcpu = lib.mkEnableOption "optional amd cpu settings"; + config = lib.mkIf config.swarselsystems.modules.optional.amdcpu { + hardware = { + cpu.amd.updateMicrocode = true; + }; + }; + } +#+end_src + +**** AMD GPU + + +#+begin_src nix :tangle modules/nixos/optional/amdgpu.nix + { lib, config, ... }: + { + options.swarselsystems.modules.optional.amdgpu = lib.mkEnableOption "optional amd gpu settings"; + config = lib.mkIf config.swarselsystems.modules.optional.amdgpu { + hardware = { + amdgpu = { + opencl.enable = true; + amdvlk = { + enable = true; + support32Bit.enable = true; + }; + }; + }; + }; + } +#+end_src + +**** Hibernation + +#+begin_src nix :tangle modules/nixos/optional/hibernation.nix + { lib, config, ... }: + { + options.swarselsystems = { + modules.optional.hibernation = lib.mkEnableOption "optional amd gpu settings"; + hibernation = { + offset = lib.mkOption { + type = lib.types.int; + default = 0; + }; + resumeDevice = lib.mkOption { + type = lib.types.str; + default = "/dev/disk/by-label/nixos"; + }; + }; + }; + config = lib.mkIf config.swarselsystems.modules.optional.hibernation { + boot = { + kernelParams = [ + "resume_offset=${builtins.toString config.swarselsystems.hibernation.offset}" + ]; + inherit (config.swarselsystems.hibernation) resumeDevice; + }; + }; + } +#+end_src + +**** BTRFS + +#+begin_src nix :tangle modules/nixos/optional/btrfs.nix + { lib, config, ... }: + { + options.swarselsystems.modules.optional.btrfs = lib.mkEnableOption "optional btrfs settings"; + config = lib.mkIf config.swarselsystems.modules.optional.btrfs { + boot = { + supportedFilesystems = [ "btrfs" ]; + }; + }; + } +#+end_src + **** work :PROPERTIES: :CUSTOM_ID: h:bbf2ecb6-c8ff-4462-b5d5-d45b28604ddf @@ -8375,7 +8504,17 @@ Options that I need specifically at work. There are more options at [[#h:f0b2ea9 }; in { - options.swarselsystems.modules.optional.work = lib.mkEnableOption "optional work settings"; + options.swarselsystems = { + modules.optional.work = lib.mkEnableOption "optional work settings"; + hostName = lib.mkOption { + type = lib.types.str; + default = ""; + }; + fqdn = lib.mkOption { + type = lib.types.str; + default = ""; + }; + }; config = lib.mkIf config.swarselsystems.modules.optional.work { sops = let @@ -8437,7 +8576,12 @@ Options that I need specifically at work. There are more options at [[#h:f0b2ea9 }; networking = { - firewall.trustedInterfaces = [ "virbr0" ]; + inherit (config.swarselsystems) hostName fqdn; + networkmanager.wifi.scanRandMacAddress = false; + firewall = { + enable = lib.mkDefault true; + trustedInterfaces = [ "virbr0" ]; + }; search = [ "vbc.ac.at" "clip.vbc.ac.at" @@ -8473,7 +8617,7 @@ Options that I need specifically at work. There are more options at [[#h:f0b2ea9 # cryptography # ])) # docker - python39 + stable.python39 qemu packer gnumake @@ -8908,6 +9052,28 @@ Set in firefox =about:config > toolkit.legacyUserProfileCustomizations.styleshee definedAliases = [ "@hm" "@ho" "@hmo" ]; }; + "Confluence search" = { + urls = [{ + template = "https://vbc.atlassian.net/wiki/search"; + params = [ + { name = "text"; value = "{searchTerms}"; } + ]; + }]; + + definedAliases = [ "@c" "@cf" "@confluence" ]; + }; + + "Jira search" = { + urls = [{ + template = "https://vbc.atlassian.net/issues/"; + params = [ + { name = "jql"; value = "textfields ~ \"{searchTerms}*\"&wildcardFlag=true"; } + ]; + }]; + + definedAliases = [ "@j" "@jire" ]; + }; + "google".metaData.alias = "@g"; }; force = true; # this is required because otherwise the search.json.mozlz4 symlink gets replaced on every firefox restart @@ -11166,6 +11332,7 @@ Currently, I am too lazy to explain every option here, but most of it is very se type = lib.types.attrsOf lib.types.str; default = { }; }; + startup = lib.mkOption { type = lib.types.listOf (lib.types.attrsOf lib.types.str); default = [ @@ -11567,6 +11734,18 @@ Currently, I am too lazy to explain every option here, but most of it is very se { options.swarselsystems.modules.kanshi = lib.mkEnableOption "kanshi settings"; config = lib.mkIf config.swarselsystems.modules.kanshi { + swarselsystems = { + monitors = { + homedesktop = { + name = "Philips Consumer Electronics Company PHL BDM3270 AU11806002320"; + mode = "2560x1440"; + scale = "1"; + position = "0,0"; + workspace = "1:一"; + output = "DP-11"; + }; + }; + }; services.kanshi = { enable = true; settings = [ @@ -12187,12 +12366,131 @@ The rest of the settings is at [[#h:bbf2ecb6-c8ff-4462-b5d5-d45b28604ddf][work]] }; }; + swarselsystems = { + startup = [ + { command = "teams-for-linux"; } + { command = "1password"; } + ]; + monitors = { + main = { + name = "BOE 0x0BC9 Unknown"; + mode = "2560x1600"; # TEMPLATE + scale = "1"; + position = "2560,0"; + workspace = "15:L"; + output = "eDP-2"; + }; + homedesktop = { + name = "Philips Consumer Electronics Company PHL BDM3270 AU11806002320"; + mode = "2560x1440"; + scale = "1"; + position = "0,0"; + workspace = "1:一"; + output = "DP-11"; + }; + work_back_middle = { + name = "LG Electronics LG Ultra HD 0x000305A6"; + mode = "2560x1440"; + scale = "1"; + position = "5120,0"; + workspace = "1:一"; + output = "DP-10"; + }; + work_front_left = { + name = "LG Electronics LG Ultra HD 0x0007AB45"; + mode = "3840x2160"; + scale = "1"; + position = "5120,0"; + workspace = "1:一"; + output = "DP-7"; + }; + work_back_right = { + name = "HP Inc. HP Z32 CN41212T55"; + mode = "3840x2160"; + scale = "1"; + position = "5120,0"; + workspace = "1:一"; + output = "DP-3"; + }; + work_middle_middle_main = { + name = "HP Inc. HP 732pk CNC4080YL5"; + mode = "3840x2160"; + scale = "1"; + position = "-1280,0"; + workspace = "11:M"; + output = "DP-8"; + }; + work_middle_middle_side = { + name = "Hewlett Packard HP Z24i CN44250RDT"; + mode = "1920x1200"; + transform = "270"; + scale = "1"; + position = "-2480,0"; + workspace = "12:S"; + output = "DP-9"; + }; + work_seminary = { + name = "Applied Creative Technology Transmitter QUATTRO201811"; + mode = "1280x720"; + scale = "1"; + position = "10000,10000"; # i.e. this screen is inaccessible by moving the mouse + workspace = "14:T"; + output = "DP-4"; + }; + }; + inputs = { + "1133:45081:MX_Master_2S_Keyboard" = { + xkb_layout = "us"; + xkb_variant = "altgr-intl"; + }; + # "2362:628:PIXA3854:00_093A:0274_Touchpad" = { + # dwt = "enabled"; + # tap = "enabled"; + # natural_scroll = "enabled"; + # middle_emulation = "enabled"; + # drag_lock = "disabled"; + # }; + "1133:50504:Logitech_USB_Receiver" = { + xkb_layout = "us"; + xkb_variant = "altgr-intl"; + }; + "1133:45944:MX_KEYS_S" = { + xkb_layout = "us"; + xkb_variant = "altgr-intl"; + }; + }; + keybindings = { + "Mod4+Ctrl+Shift+p" = "exec screenshare"; + }; + + }; }; } #+end_src +**** Framework + +This holds configuration that is specific to framework laptops. + +#+begin_src nix :tangle modules/home/optional/framework.nix + { lib, config, ... }: + { + options.swarselsystems.modules.optional.framework = lib.mkEnableOption "optional framework machine settings"; + config = lib.mkIf config.swarselsystems.modules.optional.framework { + swarselsystems = { + inputs = { + "12972:18:Framework_Laptop_16_Keyboard_Module_-_ANSI_Keyboard" = { + xkb_layout = "us"; + xkb_variant = "altgr-intl"; + }; + }; + }; + }; + } +#+end_src + * Emacs :PROPERTIES: :CUSTOM_ID: h:ed4cd05c-0879-41c6-bc39-3f1246a96f04 @@ -12616,9 +12914,7 @@ Used here: [[#h:877c9401-a354-4e44-a235-db1a90d19e00][General org-mode]] (defun swarsel/org-mode-setup () (variable-pitch-mode 1) (add-hook 'org-tab-first-hook 'org-end-of-line) - (org-indent-mode) - (visual-line-mode 1) - (org-mode)) + (visual-line-mode 1)) #+end_src **** org-mode: Visual-fill column @@ -15494,6 +15790,8 @@ set configversion 2.0 set searchurls.no https://search.nixos.org/options?query= set searchurls.np https://search.nixos.org/packages?query= set searchurls.hm https://home-manager-options.extranix.com/?query= +set searchurls.@c https://vbc.atlassian.net/wiki/search?text= +set searchurls.@j https://vbc.atlassian.net/issues/?jql=textfields%20~%20%22%s*%22&wildcardFlag=true set completions.Tab.statusstylepretty true set hintfiltermode vimperator-reflow set hintnames numeric @@ -15512,26 +15810,9 @@ bindurl ^http(s)?://lobste\.rs c hint -Jc [class="u-url"],[class="comments_label bindurl ^http(s)?://www\.google\.com gi composite focusinput -l ; text.end_of_line " Work -command tab_or_tabopen jsb -p (async () => { - let tabs = await browser.tabs.query({}); - let tab = tabs.find(t => t.url.includes(JS_ARG)); - if (tab) { - browser.tabs.update(tab.id, { active: true }); - } else { - tri.excmds.tabopen(JS_ARG); - } -})() +command tab_or_tabopen jsb -p (async () => {let tabs = await browser.tabs.query({}); let tab = tabs.find(t => t.url.includes(JS_ARG)); if (tab) {browser.tabs.update(tab.id, { active: true });} else {tri.excmds.tabopen(JS_ARG);}})() -command tab_or_tabopen_local jsb -p (async () => { - const currentWindow = await browser.windows.getCurrent(); - const tabs = await browser.tabs.query({ windowId: currentWindow.id }); - const tab = tabs.find(t => t.url.includes(JS_ARG)); - if (tab) { - browser.tabs.update(tab.id, { active: true }); - } else { - tri.excmds.tabopen(JS_ARG); - } -})() +command tab_or_tabopen_local jsb -p (async () => {const currentWindow = await browser.windows.getCurrent(); const tabs = await browser.tabs.query({ windowId: currentWindow.id }); const tab = tabs.find(t => t.url.includes(JS_ARG)); if (tab) {browser.tabs.update(tab.id, { active: true });} else {tri.excmds.tabopen(JS_ARG);}})() bind gwa tab_or_tabopen_local apic-impimba-1.m.imp.ac.at bind gwA tab_or_tabopen_local artifactory.imp.ac.at diff --git a/flake.lock b/flake.lock index c4b3ad4..73c688c 100644 --- a/flake.lock +++ b/flake.lock @@ -125,11 +125,11 @@ ] }, "locked": { - "lastModified": 1744145203, - "narHash": "sha256-I2oILRiJ6G+BOSjY+0dGrTPe080L3pbKpc+gCV3Nmyk=", + "lastModified": 1744940522, + "narHash": "sha256-TNoetfICvd29DhxRPpmyKItQBDlqSvKcV+wGNkn14jk=", "owner": "nix-community", "repo": "disko", - "rev": "76c0a6dba345490508f36c1aa3c7ba5b6b460989", + "rev": "51d33bbb7f1e74ba5f9d9a77357735149da99081", "type": "github" }, "original": { @@ -146,11 +146,11 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1744770066, - "narHash": "sha256-zzcONhPfZpJSla9Yzl/tFHxGecLXaLgOBicYl0W0Kl8=", + "lastModified": 1744967866, + "narHash": "sha256-jWHOSSZ03R1Dvru5rXEForMgkV1RAsCd+IjMmehpmFg=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "fd7813213109317254eeb74ff07ac6bf32c7d56b", + "rev": "c54fd7dc3e696136c8257abfe12815274b42660e", "type": "github" }, "original": { @@ -597,11 +597,11 @@ ] }, "locked": { - "lastModified": 1744735751, - "narHash": "sha256-OPpfgL3qUIbQdbmp1/ZwnlsuTLooHN4or0EABnZTFRY=", + "lastModified": 1744919155, + "narHash": "sha256-IJksPW32V9gid9vDxoloJMRk+YGjxq5drFHBFeBkKU8=", "owner": "nix-community", "repo": "home-manager", - "rev": "db7738e67a101ad945abbcb447e1310147afaf1b", + "rev": "72526a5f7cde2ef9075637802a1e2a8d2d658f70", "type": "github" }, "original": { @@ -1103,17 +1103,17 @@ }, "nixpkgs_5": { "locked": { - "lastModified": 1741680361, - "narHash": "sha256-SxKcbEuuLHlEc0GBO776DX+Zvi1ESe6avChu3uoA32w=", + "lastModified": 1745391562, + "narHash": "sha256-sPwcCYuiEopaafePqlG826tBhctuJsLx/mhKKM5Fmjo=", "owner": "nixos", "repo": "nixpkgs", - "rev": "5f385baff93c728400d2c4ec8c9b0745b8f9e5b6", + "rev": "8a2f738d9d1f1d986b5a4cd2fd2061a7127237d7", "type": "github" }, "original": { "owner": "nixos", + "ref": "nixos-unstable", "repo": "nixpkgs", - "rev": "5f385baff93c728400d2c4ec8c9b0745b8f9e5b6", "type": "github" } }, @@ -1261,11 +1261,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1744793674, - "narHash": "sha256-rYha6a3Austfc5bPmpio8UHaxlZn8XE38J5+VZ7s/KY=", + "lastModified": 1744971000, + "narHash": "sha256-WwJZZ1ChbwUWzsZWA4rUvWaISrZ9/+OB2qc3XZbbjTg=", "owner": "nix-community", "repo": "NUR", - "rev": "50c9703a2f9da7abf3f18b3941e127e546a7f4c4", + "rev": "c2d387e6f9e895853816a13d5c84f05f0675e1ea", "type": "github" }, "original": { @@ -1500,11 +1500,11 @@ "tinted-zed": "tinted-zed" }, "locked": { - "lastModified": 1744668092, - "narHash": "sha256-XDmpI3ywMkypsHKRF2am6BzZ5OjwpQMulAe8L87Ek8U=", + "lastModified": 1744910471, + "narHash": "sha256-HItOUMA2whFnPMJuyN2XHq9TZttgrgOAZcoUXsaD4Js=", "owner": "danth", "repo": "stylix", - "rev": "38aff11a7097f4da6b95d4c4d2c0438f25a08d52", + "rev": "8d5cd725ad591890c0cd804bf68cc842b8afca51", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 81e7add..bea27c7 100644 --- a/flake.nix +++ b/flake.nix @@ -13,7 +13,7 @@ }; inputs = { - nixpkgs.url = "github:nixos/nixpkgs?rev=5f385baff93c728400d2c4ec8c9b0745b8f9e5b6"; + nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; nixpkgs-stable.url = "github:NixOS/nixpkgs/nixos-24.11"; nixpkgs-stable24_11.url = "github:NixOS/nixpkgs/nixos-24.11"; systems.url = "github:nix-systems/default-linux"; @@ -114,10 +114,11 @@ ]; appSet = lib.swarselsystems.mkApps system appNames self; in - { - inherit appSet; - default = appSet.bootstrap; - }); + + appSet // { + default = appSet.swarsel-bootstrap; + } + ); devShells = lib.swarselsystems.forAllSystems (system: let @@ -156,7 +157,6 @@ diskoConfigurations.default = import .templates/hosts/nixos/disk-config.nix; - nixosConfigurations = lib.swarselsystems.mkFullHostConfigs (lib.swarselsystems.readHosts "nixos") "nixos"; homeConfigurations = diff --git a/hosts/nixos/nbl-imba-2/default.nix b/hosts/nixos/nbl-imba-2/default.nix index 0a3c021..fb78eb2 100644 --- a/hosts/nixos/nbl-imba-2/default.nix +++ b/hosts/nixos/nbl-imba-2/default.nix @@ -8,6 +8,7 @@ let profiles = { personal = true; work = true; + framework = true; }; }; in @@ -15,7 +16,6 @@ in imports = [ inputs.nixos-hardware.nixosModules.framework-16-7040-amd - inputs.fw-fanctrl.nixosModules.default ./disk-config.nix ./hardware-configuration.nix @@ -24,67 +24,24 @@ in - networking.networkmanager.wifi.scanRandMacAddress = false; - - boot = { - supportedFilesystems = [ "btrfs" ]; - # kernelPackages = lib.mkDefault pkgs.linuxPackages_latest; - kernelParams = [ - "resume_offset=533760" - ]; - resumeDevice = "/dev/disk/by-label/nixos"; - }; - - hardware = { - enableAllFirmware = true; - cpu.amd.updateMicrocode = true; - amdgpu = { - opencl.enable = true; - amdvlk = { - enable = true; - support32Bit.enable = true; - }; - }; - }; - - programs.fw-fanctrl = { - enable = true; - config = { - defaultStrategy = "lazy"; - }; - }; - - networking = { - hostName = lib.swarselsystems.getSecret "${secretsDirectory}/work/worklaptop-hostname"; - fqdn = lib.swarselsystems.getSecret "${secretsDirectory}/work/worklaptop-fqdn"; - firewall.enable = true; - }; - - - services = { - fwupd = { - enable = true; - # framework also uses lvfs-testing, but I do not want to use it - extraRemotes = [ "lvfs" ]; - }; - udev.extraRules = '' - # disable Wakeup on Framework Laptop 16 Keyboard (ANSI) - ACTION=="add", SUBSYSTEM=="usb", ATTRS{idVendor}=="32ac", ATTRS{idProduct}=="0012", ATTR{power/wakeup}="disabled" - # disable Wakeup on Framework Laptop 16 Numpad Module - ACTION=="add", SUBSYSTEM=="usb", ATTRS{idVendor}=="32ac", ATTRS{idProduct}=="0014", ATTR{power/wakeup}="disabled" - # disable Wakeup on Framework Laptop 16 Trackpad - ACTION=="add", SUBSYSTEM=="i2c", DRIVERS=="i2c_hid_acpi", ATTRS{name}=="PIXA3854:00", ATTR{power/wakeup}="disabled" - ''; - }; - swarselsystems = lib.recursiveUpdate { + firewall = lib.mkForce true; wallpaper = self + /wallpaper/lenovowp.png; hasBluetooth = true; hasFingerprint = true; isImpermanence = false; isSecureBoot = true; isCrypted = true; + hostName = lib.swarselsystems.getSecret "${secretsDirectory}/work/worklaptop-hostname"; + fqdn = lib.swarselsystems.getSecret "${secretsDirectory}/work/worklaptop-fqdn"; + hibernation.offset = 533760; + profiles = { + amdcpu = true; + amdgpu = true; + hibernation = true; + btrfs = true; + }; } sharedOptions; @@ -102,17 +59,17 @@ in path = "/sys/devices/virtual/thermal/thermal_zone0/"; input-filename = "temp4_input"; }; - startup = [ - { command = "nextcloud --background"; } - { command = "vesktop --start-minimized --enable-speech-dispatcher --ozone-platform-hint=auto --enable-features=WaylandWindowDecorations --enable-wayland-ime"; } - { command = "element-desktop --hidden --enable-features=UseOzonePlatform --ozone-platform=wayland --disable-gpu-driver-bug-workarounds"; } - { command = "ANKI_WAYLAND=1 anki"; } - { command = "OBSIDIAN_USE_WAYLAND=1 obsidian"; } - { command = "nm-applet"; } - { command = "teams-for-linux"; } - { command = "1password"; } - { command = "feishin"; } - ]; + # startup = [ + # { command = "nextcloud --background"; } + # { command = "vesktop --start-minimized --enable-speech-dispatcher --ozone-platform-hint=auto --enable-features=WaylandWindowDecorations --enable-wayland-ime"; } + # { command = "element-desktop --hidden --enable-features=UseOzonePlatform --ozone-platform=wayland --disable-gpu-driver-bug-workarounds"; } + # { command = "ANKI_WAYLAND=1 anki"; } + # { command = "OBSIDIAN_USE_WAYLAND=1 obsidian"; } + # { command = "nm-applet"; } + # { command = "teams-for-linux"; } + # { command = "1password"; } + # { command = "feishin"; } + # ]; lowResolution = "1280x800"; highResolution = "2560x1600"; monitors = { @@ -124,97 +81,6 @@ in workspace = "15:L"; output = "eDP-2"; }; - homedesktop = { - name = "Philips Consumer Electronics Company PHL BDM3270 AU11806002320"; - mode = "2560x1440"; - scale = "1"; - position = "0,0"; - workspace = "1:一"; - output = "DP-11"; - }; - work_back_middle = { - name = "LG Electronics LG Ultra HD 0x000305A6"; - mode = "2560x1440"; - scale = "1"; - position = "5120,0"; - workspace = "1:一"; - output = "DP-10"; - }; - work_front_left = { - name = "LG Electronics LG Ultra HD 0x0007AB45"; - mode = "3840x2160"; - scale = "1"; - position = "5120,0"; - workspace = "1:一"; - output = "DP-7"; - }; - work_back_right = { - name = "HP Inc. HP Z32 CN41212T55"; - mode = "3840x2160"; - scale = "1"; - position = "5120,0"; - workspace = "1:一"; - output = "DP-3"; - }; - work_middle_middle_main = { - name = "HP Inc. HP 732pk CNC4080YL5"; - mode = "3840x2160"; - scale = "1"; - position = "-1280,0"; - workspace = "11:M"; - output = "DP-8"; - }; - work_middle_middle_side = { - name = "Hewlett Packard HP Z24i CN44250RDT"; - mode = "1920x1200"; - transform = "270"; - scale = "1"; - position = "-2480,0"; - workspace = "12:S"; - output = "DP-9"; - }; - work_seminary = { - name = "Applied Creative Technology Transmitter QUATTRO201811"; - mode = "1280x720"; - scale = "1"; - position = "10000,10000"; # i.e. this screen is inaccessible by moving the mouse - workspace = "14:T"; - output = "DP-4"; - }; - }; - inputs = { - "12972:18:Framework_Laptop_16_Keyboard_Module_-_ANSI_Keyboard" = { - xkb_layout = "us"; - xkb_variant = "altgr-intl"; - }; - "1133:45081:MX_Master_2S_Keyboard" = { - xkb_layout = "us"; - xkb_variant = "altgr-intl"; - }; - # "2362:628:PIXA3854:00_093A:0274_Touchpad" = { - # dwt = "enabled"; - # tap = "enabled"; - # natural_scroll = "enabled"; - # middle_emulation = "enabled"; - # drag_lock = "disabled"; - # }; - "1133:50504:Logitech_USB_Receiver" = { - xkb_layout = "us"; - xkb_variant = "altgr-intl"; - }; - "1133:45944:MX_KEYS_S" = { - xkb_layout = "us"; - xkb_variant = "altgr-intl"; - }; - }; - keybindings = { - "Mod4+Ctrl+Shift+p" = "exec screenshare"; - }; - shellAliases = { - ans2-15_3-9 = ". ~/.venvs/ansible39_2_15_0/bin/activate"; - ans3-9 = ". ~/.venvs/ansible39/bin/activate"; - ans = ". ~/.venvs/ansible/bin/activate"; - ans2-15 = ". ~/.venvs/ansible2.15.0/bin/activate"; }; } sharedOptions; diff --git a/lib/default.nix b/lib/default.nix index 00970c6..5396f40 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -31,6 +31,8 @@ in default = true; }; + mkStrong = lib.mkOverride 60; + getSecret = filename: lib.strings.trim (builtins.readFile "${filename}"); forEachSystem = f: lib.genAttrs (import systems) (system: f lib.swarselsystems.pkgsFor.${system}); @@ -48,6 +50,7 @@ in inputs.sops-nix.nixosModules.sops inputs.impermanence.nixosModules.impermanence inputs.lanzaboote.nixosModules.lanzaboote + inputs.fw-fanctrl.nixosModules.default "${self}/hosts/${type}/${host}" { _module.args.primaryUser = linuxUser; @@ -121,6 +124,9 @@ in value = { type = "app"; program = "${self.packages.${system}.${name}}/bin/${name}"; + meta = { + description = "Custom app ${name}."; + }; }; }) names); diff --git a/modules/home/common/kanshi.nix b/modules/home/common/kanshi.nix index 0cb7480..352666d 100644 --- a/modules/home/common/kanshi.nix +++ b/modules/home/common/kanshi.nix @@ -2,6 +2,18 @@ { options.swarselsystems.modules.kanshi = lib.mkEnableOption "kanshi settings"; config = lib.mkIf config.swarselsystems.modules.kanshi { + swarselsystems = { + monitors = { + homedesktop = { + name = "Philips Consumer Electronics Company PHL BDM3270 AU11806002320"; + mode = "2560x1440"; + scale = "1"; + position = "0,0"; + workspace = "1:一"; + output = "DP-11"; + }; + }; + }; services.kanshi = { enable = true; settings = [ diff --git a/modules/home/common/sharedsetup.nix b/modules/home/common/sharedsetup.nix index eb46a89..919d451 100644 --- a/modules/home/common/sharedsetup.nix +++ b/modules/home/common/sharedsetup.nix @@ -244,6 +244,28 @@ in definedAliases = [ "@hm" "@ho" "@hmo" ]; }; + "Confluence search" = { + urls = [{ + template = "https://vbc.atlassian.net/wiki/search"; + params = [ + { name = "text"; value = "{searchTerms}"; } + ]; + }]; + + definedAliases = [ "@c" "@cf" "@confluence" ]; + }; + + "Jira search" = { + urls = [{ + template = "https://vbc.atlassian.net/issues/"; + params = [ + { name = "jql"; value = "textfields ~ \"{searchTerms}*\"&wildcardFlag=true"; } + ]; + }]; + + definedAliases = [ "@j" "@jire" ]; + }; + "google".metaData.alias = "@g"; }; force = true; # this is required because otherwise the search.json.mozlz4 symlink gets replaced on every firefox restart diff --git a/modules/home/common/sway.nix b/modules/home/common/sway.nix index f996935..e459dc6 100644 --- a/modules/home/common/sway.nix +++ b/modules/home/common/sway.nix @@ -14,6 +14,7 @@ type = lib.types.attrsOf lib.types.str; default = { }; }; + startup = lib.mkOption { type = lib.types.listOf (lib.types.attrsOf lib.types.str); default = [ diff --git a/modules/home/optional/framework.nix b/modules/home/optional/framework.nix new file mode 100644 index 0000000..46fe225 --- /dev/null +++ b/modules/home/optional/framework.nix @@ -0,0 +1,14 @@ +{ lib, config, ... }: +{ + options.swarselsystems.modules.optional.framework = lib.mkEnableOption "optional framework machine settings"; + config = lib.mkIf config.swarselsystems.modules.optional.framework { + swarselsystems = { + inputs = { + "12972:18:Framework_Laptop_16_Keyboard_Module_-_ANSI_Keyboard" = { + xkb_layout = "us"; + xkb_variant = "altgr-intl"; + }; + }; + }; + }; +} diff --git a/modules/home/optional/work.nix b/modules/home/optional/work.nix index d1f148f..b4bc237 100644 --- a/modules/home/optional/work.nix +++ b/modules/home/optional/work.nix @@ -327,6 +327,104 @@ in }; }; + swarselsystems = { + startup = [ + { command = "teams-for-linux"; } + { command = "1password"; } + ]; + monitors = { + main = { + name = "BOE 0x0BC9 Unknown"; + mode = "2560x1600"; # TEMPLATE + scale = "1"; + position = "2560,0"; + workspace = "15:L"; + output = "eDP-2"; + }; + homedesktop = { + name = "Philips Consumer Electronics Company PHL BDM3270 AU11806002320"; + mode = "2560x1440"; + scale = "1"; + position = "0,0"; + workspace = "1:一"; + output = "DP-11"; + }; + work_back_middle = { + name = "LG Electronics LG Ultra HD 0x000305A6"; + mode = "2560x1440"; + scale = "1"; + position = "5120,0"; + workspace = "1:一"; + output = "DP-10"; + }; + work_front_left = { + name = "LG Electronics LG Ultra HD 0x0007AB45"; + mode = "3840x2160"; + scale = "1"; + position = "5120,0"; + workspace = "1:一"; + output = "DP-7"; + }; + work_back_right = { + name = "HP Inc. HP Z32 CN41212T55"; + mode = "3840x2160"; + scale = "1"; + position = "5120,0"; + workspace = "1:一"; + output = "DP-3"; + }; + work_middle_middle_main = { + name = "HP Inc. HP 732pk CNC4080YL5"; + mode = "3840x2160"; + scale = "1"; + position = "-1280,0"; + workspace = "11:M"; + output = "DP-8"; + }; + work_middle_middle_side = { + name = "Hewlett Packard HP Z24i CN44250RDT"; + mode = "1920x1200"; + transform = "270"; + scale = "1"; + position = "-2480,0"; + workspace = "12:S"; + output = "DP-9"; + }; + work_seminary = { + name = "Applied Creative Technology Transmitter QUATTRO201811"; + mode = "1280x720"; + scale = "1"; + position = "10000,10000"; # i.e. this screen is inaccessible by moving the mouse + workspace = "14:T"; + output = "DP-4"; + }; + }; + inputs = { + "1133:45081:MX_Master_2S_Keyboard" = { + xkb_layout = "us"; + xkb_variant = "altgr-intl"; + }; + # "2362:628:PIXA3854:00_093A:0274_Touchpad" = { + # dwt = "enabled"; + # tap = "enabled"; + # natural_scroll = "enabled"; + # middle_emulation = "enabled"; + # drag_lock = "disabled"; + # }; + "1133:50504:Logitech_USB_Receiver" = { + xkb_layout = "us"; + xkb_variant = "altgr-intl"; + }; + "1133:45944:MX_KEYS_S" = { + xkb_layout = "us"; + xkb_variant = "altgr-intl"; + }; + }; + keybindings = { + "Mod4+Ctrl+Shift+p" = "exec screenshare"; + }; + + }; }; } diff --git a/modules/nixos/common/network.nix b/modules/nixos/common/network.nix index 25a417c..ae1a8ad 100644 --- a/modules/nixos/common/network.nix +++ b/modules/nixos/common/network.nix @@ -1,13 +1,16 @@ { lib, config, ... }: { - options.swarselsystems.modules.network = lib.mkEnableOption "network config"; + options.swarselsystems = { + modules.network = lib.mkEnableOption "network config"; + firewall = lib.swarselsystems.mkTrueOption; + }; config = lib.mkIf config.swarselsystems.modules.network { networking = { nftables.enable = lib.mkDefault true; enableIPv6 = lib.mkDefault true; firewall = { + enable = lib.swarselsystems.mkStrong config.swarselsystems.firewall; checkReversePath = lib.mkDefault false; - enable = lib.mkDefault true; allowedUDPPorts = [ 51820 ]; # 51820: wireguard allowedTCPPortRanges = [ { from = 1714; to = 1764; } # kde-connect diff --git a/modules/nixos/common/packages.nix b/modules/nixos/common/packages.nix index 8e0617c..3f08250 100644 --- a/modules/nixos/common/packages.nix +++ b/modules/nixos/common/packages.nix @@ -10,7 +10,6 @@ yubico-pam yubioath-flutter yubikey-manager - yubikey-manager-qt yubikey-touch-detector yubico-piv-tool cfssl @@ -25,6 +24,7 @@ swaylock-effects syncthingtray-minimal wl-mirror + swayosd # secure boot sbctl diff --git a/modules/nixos/common/swayosd.nix b/modules/nixos/common/swayosd.nix new file mode 100644 index 0000000..f1c0cdf --- /dev/null +++ b/modules/nixos/common/swayosd.nix @@ -0,0 +1,22 @@ +{ lib, pkgs, config, ... }: +{ + options.swarselsystems.modules.swayosd = lib.mkEnableOption "swayosd settings"; + config = lib.mkIf config.swarselsystems.modules.swayosd { + environment.systemPackages = [ pkgs.swayosd ]; + services.udev.packages = [ pkgs.swayosd ]; + systemd.services.swayosd-libinput-backend = { + description = "SwayOSD LibInput backend for listening to certain keys like CapsLock, ScrollLock, VolumeUp, etc."; + documentation = [ "https://github.com/ErikReider/SwayOSD" ]; + wantedBy = [ "graphical.target" ]; + partOf = [ "graphical.target" ]; + after = [ "graphical.target" ]; + + serviceConfig = { + Type = "dbus"; + BusName = "org.erikreider.swayosd"; + ExecStart = "${pkgs.swayosd}/bin/swayosd-libinput-backend"; + Restart = "on-failure"; + }; + }; + }; +} diff --git a/modules/nixos/optional/amdcpu.nix b/modules/nixos/optional/amdcpu.nix new file mode 100644 index 0000000..39028f5 --- /dev/null +++ b/modules/nixos/optional/amdcpu.nix @@ -0,0 +1,9 @@ +{ lib, config, ... }: +{ + options.swarselsystems.modules.optional.amdcpu = lib.mkEnableOption "optional amd cpu settings"; + config = lib.mkIf config.swarselsystems.modules.optional.amdcpu { + hardware = { + cpu.amd.updateMicrocode = true; + }; + }; +} diff --git a/modules/nixos/optional/amdgpu.nix b/modules/nixos/optional/amdgpu.nix new file mode 100644 index 0000000..59bebe3 --- /dev/null +++ b/modules/nixos/optional/amdgpu.nix @@ -0,0 +1,15 @@ +{ lib, config, ... }: +{ + options.swarselsystems.modules.optional.amdgpu = lib.mkEnableOption "optional amd gpu settings"; + config = lib.mkIf config.swarselsystems.modules.optional.amdgpu { + hardware = { + amdgpu = { + opencl.enable = true; + amdvlk = { + enable = true; + support32Bit.enable = true; + }; + }; + }; + }; +} diff --git a/modules/nixos/optional/btrfs.nix b/modules/nixos/optional/btrfs.nix new file mode 100644 index 0000000..5c6e9f6 --- /dev/null +++ b/modules/nixos/optional/btrfs.nix @@ -0,0 +1,9 @@ +{ lib, config, ... }: +{ + options.swarselsystems.modules.optional.btrfs = lib.mkEnableOption "optional btrfs settings"; + config = lib.mkIf config.swarselsystems.modules.optional.btrfs { + boot = { + supportedFilesystems = [ "btrfs" ]; + }; + }; +} diff --git a/modules/nixos/optional/framework.nix b/modules/nixos/optional/framework.nix new file mode 100644 index 0000000..8395d2e --- /dev/null +++ b/modules/nixos/optional/framework.nix @@ -0,0 +1,27 @@ +{ lib, config, ... }: +{ + options.swarselsystems.modules.optional.framework = lib.mkEnableOption "optional framework machine settings"; + config = lib.mkIf config.swarselsystems.modules.optional.framework { + services = { + fwupd = { + enable = true; + # framework also uses lvfs-testing, but I do not want to use it + extraRemotes = [ "lvfs" ]; + }; + udev.extraRules = '' + # disable Wakeup on Framework Laptop 16 Keyboard (ANSI) + ACTION=="add", SUBSYSTEM=="usb", ATTRS{idVendor}=="32ac", ATTRS{idProduct}=="0012", ATTR{power/wakeup}="disabled" + # disable Wakeup on Framework Laptop 16 Numpad Module + ACTION=="add", SUBSYSTEM=="usb", ATTRS{idVendor}=="32ac", ATTRS{idProduct}=="0014", ATTR{power/wakeup}="disabled" + # disable Wakeup on Framework Laptop 16 Trackpad + ACTION=="add", SUBSYSTEM=="i2c", DRIVERS=="i2c_hid_acpi", ATTRS{name}=="PIXA3854:00", ATTR{power/wakeup}="disabled" + ''; + }; + programs.fw-fanctrl = { + enable = true; + config = { + defaultStrategy = "lazy"; + }; + }; + }; +} diff --git a/modules/nixos/optional/hibernation.nix b/modules/nixos/optional/hibernation.nix new file mode 100644 index 0000000..d013598 --- /dev/null +++ b/modules/nixos/optional/hibernation.nix @@ -0,0 +1,24 @@ +{ lib, config, ... }: +{ + options.swarselsystems = { + modules.optional.hibernation = lib.mkEnableOption "optional amd gpu settings"; + hibernation = { + offset = lib.mkOption { + type = lib.types.int; + default = 0; + }; + resumeDevice = lib.mkOption { + type = lib.types.str; + default = "/dev/disk/by-label/nixos"; + }; + }; + }; + config = lib.mkIf config.swarselsystems.modules.optional.hibernation { + boot = { + kernelParams = [ + "resume_offset=${builtins.toString config.swarselsystems.hibernation.offset}" + ]; + inherit (config.swarselsystems.hibernation) resumeDevice; + }; + }; +} diff --git a/modules/nixos/optional/work.nix b/modules/nixos/optional/work.nix index 66af2ab..4d9536a 100644 --- a/modules/nixos/optional/work.nix +++ b/modules/nixos/optional/work.nix @@ -24,7 +24,17 @@ let }; in { - options.swarselsystems.modules.optional.work = lib.mkEnableOption "optional work settings"; + options.swarselsystems = { + modules.optional.work = lib.mkEnableOption "optional work settings"; + hostName = lib.mkOption { + type = lib.types.str; + default = ""; + }; + fqdn = lib.mkOption { + type = lib.types.str; + default = ""; + }; + }; config = lib.mkIf config.swarselsystems.modules.optional.work { sops = let @@ -86,7 +96,12 @@ in }; networking = { - firewall.trustedInterfaces = [ "virbr0" ]; + inherit (config.swarselsystems) hostName fqdn; + networkmanager.wifi.scanRandMacAddress = false; + firewall = { + enable = lib.mkDefault true; + trustedInterfaces = [ "virbr0" ]; + }; search = [ "vbc.ac.at" "clip.vbc.ac.at" @@ -122,7 +137,7 @@ in # cryptography # ])) # docker - python39 + stable.python39 qemu packer gnumake diff --git a/profiles/home/framework/default.nix b/profiles/home/framework/default.nix new file mode 100644 index 0000000..cbde9f0 --- /dev/null +++ b/profiles/home/framework/default.nix @@ -0,0 +1,13 @@ +{ lib, config, ... }: +{ + options.swarselsystems.profiles.framework = lib.mkEnableOption "is this a framework brand host"; + config = lib.mkIf config.swarselsystems.profiles.framework { + swarselsystems.modules = { + optional = { + framework = lib.mkDefault true; + }; + }; + + }; + +} diff --git a/profiles/home/personal/default.nix b/profiles/home/personal/default.nix index 8ed4b08..46cafc7 100644 --- a/profiles/home/personal/default.nix +++ b/profiles/home/personal/default.nix @@ -16,6 +16,7 @@ env = lib.mkDefault true; programs = lib.mkDefault true; nix-index = lib.mkDefault true; + passwordstore = lib.mkDefault true; direnv = lib.mkDefault true; eza = lib.mkDefault true; git = lib.mkDefault true; diff --git a/profiles/nixos/amdcpu/default.nix b/profiles/nixos/amdcpu/default.nix new file mode 100644 index 0000000..7d6177b --- /dev/null +++ b/profiles/nixos/amdcpu/default.nix @@ -0,0 +1,13 @@ +{ lib, config, ... }: +{ + options.swarselsystems.profiles.amdcpu = lib.mkEnableOption "is this a host with amd cpu"; + config = lib.mkIf config.swarselsystems.profiles.amdcpu { + swarselsystems.modules = { + optional = { + amdcpu = lib.mkDefault true; + }; + }; + + }; + +} diff --git a/profiles/nixos/amdgpu/default.nix b/profiles/nixos/amdgpu/default.nix new file mode 100644 index 0000000..339451f --- /dev/null +++ b/profiles/nixos/amdgpu/default.nix @@ -0,0 +1,13 @@ +{ lib, config, ... }: +{ + options.swarselsystems.profiles.amdgpu = lib.mkEnableOption "is this a host with amd gpu"; + config = lib.mkIf config.swarselsystems.profiles.amdgpu { + swarselsystems.modules = { + optional = { + amdgpu = lib.mkDefault true; + }; + }; + + }; + +} diff --git a/profiles/nixos/btrfs/default.nix b/profiles/nixos/btrfs/default.nix new file mode 100644 index 0000000..ec959ed --- /dev/null +++ b/profiles/nixos/btrfs/default.nix @@ -0,0 +1,13 @@ +{ lib, config, ... }: +{ + options.swarselsystems.profiles.btrfs = lib.mkEnableOption "is this a host using btrfs"; + config = lib.mkIf config.swarselsystems.profiles.btrfs { + swarselsystems.modules = { + optional = { + btrfs = lib.mkDefault true; + }; + }; + + }; + +} diff --git a/profiles/nixos/chaostheatre/default.nix b/profiles/nixos/chaostheatre/default.nix index 4904a0e..f7bdd1c 100644 --- a/profiles/nixos/chaostheatre/default.nix +++ b/profiles/nixos/chaostheatre/default.nix @@ -28,6 +28,7 @@ networkDevices = lib.mkDefault true; gvfs = lib.mkDefault true; interceptionTools = lib.mkDefault true; + swayosd = lib.mkDefault true; ppd = lib.mkDefault true; yubikey = lib.mkDefault true; ledger = lib.mkDefault true; diff --git a/profiles/nixos/framework/default.nix b/profiles/nixos/framework/default.nix new file mode 100644 index 0000000..cbde9f0 --- /dev/null +++ b/profiles/nixos/framework/default.nix @@ -0,0 +1,13 @@ +{ lib, config, ... }: +{ + options.swarselsystems.profiles.framework = lib.mkEnableOption "is this a framework brand host"; + config = lib.mkIf config.swarselsystems.profiles.framework { + swarselsystems.modules = { + optional = { + framework = lib.mkDefault true; + }; + }; + + }; + +} diff --git a/profiles/nixos/hibernation/default.nix b/profiles/nixos/hibernation/default.nix new file mode 100644 index 0000000..6105cae --- /dev/null +++ b/profiles/nixos/hibernation/default.nix @@ -0,0 +1,13 @@ +{ lib, config, ... }: +{ + options.swarselsystems.profiles.hibernation = lib.mkEnableOption "is this a host using hibernation"; + config = lib.mkIf config.swarselsystems.profiles.hibernation { + swarselsystems.modules = { + optional = { + hibernation = lib.mkDefault true; + }; + }; + + }; + +} diff --git a/profiles/nixos/personal/default.nix b/profiles/nixos/personal/default.nix index 715ab88..570fe3e 100644 --- a/profiles/nixos/personal/default.nix +++ b/profiles/nixos/personal/default.nix @@ -28,6 +28,7 @@ networkDevices = lib.mkDefault true; gvfs = lib.mkDefault true; interceptionTools = lib.mkDefault true; + swayosd = lib.mkDefault true; ppd = lib.mkDefault true; yubikey = lib.mkDefault true; ledger = lib.mkDefault true; diff --git a/programs/emacs/init.el b/programs/emacs/init.el index 8b896c1..eeb6a0f 100644 --- a/programs/emacs/init.el +++ b/programs/emacs/init.el @@ -159,9 +159,7 @@ create a new one." (defun swarsel/org-mode-setup () (variable-pitch-mode 1) (add-hook 'org-tab-first-hook 'org-end-of-line) - (org-indent-mode) - (visual-line-mode 1) - (org-mode)) + (visual-line-mode 1)) (defun swarsel/org-mode-visual-fill () (setq visual-fill-column-width 150 diff --git a/programs/firefox/tridactyl/tridactylrc b/programs/firefox/tridactyl/tridactylrc index 5d63b9a..1f050ef 100644 --- a/programs/firefox/tridactyl/tridactylrc +++ b/programs/firefox/tridactyl/tridactylrc @@ -12,6 +12,8 @@ set configversion 2.0 set searchurls.no https://search.nixos.org/options?query= set searchurls.np https://search.nixos.org/packages?query= set searchurls.hm https://home-manager-options.extranix.com/?query= +set searchurls.@c https://vbc.atlassian.net/wiki/search?text= +set searchurls.@j https://vbc.atlassian.net/issues/?jql=textfields%20~%20%22%s*%22&wildcardFlag=true set completions.Tab.statusstylepretty true set hintfiltermode vimperator-reflow set hintnames numeric @@ -30,26 +32,9 @@ bindurl ^http(s)?://lobste\.rs c hint -Jc [class="u-url"],[class="comments_label bindurl ^http(s)?://www\.google\.com gi composite focusinput -l ; text.end_of_line " Work -command tab_or_tabopen jsb -p (async () => { - let tabs = await browser.tabs.query({}); - let tab = tabs.find(t => t.url.includes(JS_ARG)); - if (tab) { - browser.tabs.update(tab.id, { active: true }); - } else { - tri.excmds.tabopen(JS_ARG); - } -})() +command tab_or_tabopen jsb -p (async () => {let tabs = await browser.tabs.query({}); let tab = tabs.find(t => t.url.includes(JS_ARG)); if (tab) {browser.tabs.update(tab.id, { active: true });} else {tri.excmds.tabopen(JS_ARG);}})() -command tab_or_tabopen_local jsb -p (async () => { - const currentWindow = await browser.windows.getCurrent(); - const tabs = await browser.tabs.query({ windowId: currentWindow.id }); - const tab = tabs.find(t => t.url.includes(JS_ARG)); - if (tab) { - browser.tabs.update(tab.id, { active: true }); - } else { - tri.excmds.tabopen(JS_ARG); - } -})() +command tab_or_tabopen_local jsb -p (async () => {const currentWindow = await browser.windows.getCurrent(); const tabs = await browser.tabs.query({ windowId: currentWindow.id }); const tab = tabs.find(t => t.url.includes(JS_ARG)); if (tab) {browser.tabs.update(tab.id, { active: true });} else {tri.excmds.tabopen(JS_ARG);}})() bind gwa tab_or_tabopen_local apic-impimba-1.m.imp.ac.at bind gwA tab_or_tabopen_local artifactory.imp.ac.at From a2306d4a160f7cb2d6874cdebc5c8ee29891d0a0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leon=20Schwarz=C3=A4ugl?= Date: Wed, 30 Apr 2025 20:02:46 +0200 Subject: [PATCH 13/13] chore: remove obsolete comments --- SwarselSystems.org | 11 ----------- hosts/nixos/nbl-imba-2/default.nix | 11 ----------- 2 files changed, 22 deletions(-) diff --git a/SwarselSystems.org b/SwarselSystems.org index 46a788c..26fde66 100644 --- a/SwarselSystems.org +++ b/SwarselSystems.org @@ -861,17 +861,6 @@ My work machine. Built for more security, this is the gold standard of my config path = "/sys/devices/virtual/thermal/thermal_zone0/"; input-filename = "temp4_input"; }; - # startup = [ - # { command = "nextcloud --background"; } - # { command = "vesktop --start-minimized --enable-speech-dispatcher --ozone-platform-hint=auto --enable-features=WaylandWindowDecorations --enable-wayland-ime"; } - # { command = "element-desktop --hidden --enable-features=UseOzonePlatform --ozone-platform=wayland --disable-gpu-driver-bug-workarounds"; } - # { command = "ANKI_WAYLAND=1 anki"; } - # { command = "OBSIDIAN_USE_WAYLAND=1 obsidian"; } - # { command = "nm-applet"; } - # { command = "teams-for-linux"; } - # { command = "1password"; } - # { command = "feishin"; } - # ]; lowResolution = "1280x800"; highResolution = "2560x1600"; monitors = { diff --git a/hosts/nixos/nbl-imba-2/default.nix b/hosts/nixos/nbl-imba-2/default.nix index fb78eb2..060f47c 100644 --- a/hosts/nixos/nbl-imba-2/default.nix +++ b/hosts/nixos/nbl-imba-2/default.nix @@ -59,17 +59,6 @@ in path = "/sys/devices/virtual/thermal/thermal_zone0/"; input-filename = "temp4_input"; }; - # startup = [ - # { command = "nextcloud --background"; } - # { command = "vesktop --start-minimized --enable-speech-dispatcher --ozone-platform-hint=auto --enable-features=WaylandWindowDecorations --enable-wayland-ime"; } - # { command = "element-desktop --hidden --enable-features=UseOzonePlatform --ozone-platform=wayland --disable-gpu-driver-bug-workarounds"; } - # { command = "ANKI_WAYLAND=1 anki"; } - # { command = "OBSIDIAN_USE_WAYLAND=1 obsidian"; } - # { command = "nm-applet"; } - # { command = "teams-for-linux"; } - # { command = "1password"; } - # { command = "feishin"; } - # ]; lowResolution = "1280x800"; highResolution = "2560x1600"; monitors = {