swarsel/.dotfiles
1
0
Fork 0
mirror of https://github.com/Swarsel/.dotfiles.git synced 2025-12-06 09:07:21 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

refactor: finish initial move to modules-only [WIP]

Browse source
This commit is contained in:
Leon Schwarzäugl 2025-04-05 02:16:21 +02:00
parent e7e59715d8
commit 27679d38fd
Signed by: swarsel
GPG key ID: 26A54C31F2A4FD84
34 changed files with 1934 additions and 1617 deletions
Download patch file Download diff file Expand all files Collapse all files

1777
SwarselSystems.org
View file

File diff suppressed because it is too large Load diff

7
hosts/nixos/nbl-imba-2/default.nix
View file

@ -6,7 +6,10 @@ let
isBtrfs = true; isBtrfs = true;
isLinux = true; isLinux = true;
sharescreen = "eDP-2"; sharescreen = "eDP-2";
profiles.personal = true; profiles = {
personal = true;
work = true;
};
}; };
in in
{ {
@ -25,11 +28,13 @@ in
"${modulesPath}/nixos/optional/gaming.nix" "${modulesPath}/nixos/optional/gaming.nix"
"${modulesPath}/nixos/optional/work.nix" "${modulesPath}/nixos/optional/work.nix"
"${self}/profiles/nixos" "${self}/profiles/nixos"
"${modulesPath}/nixos/server"
inputs.home-manager.nixosModules.home-manager inputs.home-manager.nixosModules.home-manager
{ {
home-manager.users."${primaryUser}".imports = [ home-manager.users."${primaryUser}".imports = [
"${self}/profiles/home" "${self}/profiles/home"
"${modulesPath}/home/server"
"${modulesPath}/home/optional/gaming.nix" "${modulesPath}/home/optional/gaming.nix"
"${modulesPath}/home/optional/work.nix" "${modulesPath}/home/optional/work.nix"
]; ];

15
modules/home/common/gammastep.nix
View file

@ -1,12 +1,15 @@
{ lib, nix-secrets, ... }: { lib, config, nix-secrets, ... }:
let let
secretsDirectory = builtins.toString nix-secrets; secretsDirectory = builtins.toString nix-secrets;
in in
{ {
services.gammastep = { options.swarselsystems.modules.gammastep = lib.mkEnableOption "gammastep settings";
enable = true; config = lib.mkIf config.swarselsystems.modules.gammastep {
provider = "manual"; services.gammastep = {
latitude = lib.swarselsystems.getSecret "${secretsDirectory}/home/gammastep-latitude"; enable = true;
longitude = lib.swarselsystems.getSecret "${secretsDirectory}/home/gammastep-longitude"; provider = "manual";
latitude = lib.swarselsystems.getSecret "${secretsDirectory}/home/gammastep-latitude";
longitude = lib.swarselsystems.getSecret "${secretsDirectory}/home/gammastep-longitude";
};
}; };
} }

65
modules/home/common/gpg-agent.nix
View file

@ -1,39 +1,42 @@
{ self, config, pkgs, ... }: { self, lib, config, pkgs, ... }:
let let
inherit (config.swarselsystems) mainUser homeDir; inherit (config.swarselsystems) mainUser homeDir;
in in
{ {
services.gpg-agent = { options.swarselsystems.modules.gpgagent = lib.mkEnableOption "gpg agent settings";
enable = true; config = lib.mkIf config.swarselsystems.modules.gpgagent {
enableZshIntegration = true; services.gpg-agent = {
enableScDaemon = true; enable = true;
enableSshSupport = true; enableZshIntegration = true;
enableExtraSocket = true; enableScDaemon = true;
pinentryPackage = pkgs.pinentry.gtk2; enableSshSupport = true;
defaultCacheTtl = 600; enableExtraSocket = true;
maxCacheTtl = 7200; pinentryPackage = pkgs.pinentry.gtk2;
extraConfig = '' defaultCacheTtl = 600;
allow-loopback-pinentry maxCacheTtl = 7200;
allow-emacs-pinentry extraConfig = ''
''; allow-loopback-pinentry
sshKeys = [ allow-emacs-pinentry
"4BE7925262289B476DBBC17B76FD3810215AE097" '';
sshKeys = [
"4BE7925262289B476DBBC17B76FD3810215AE097"
];
};
programs.gpg = {
enable = true;
publicKeys = [
{
source = "${self}/secrets/keys/gpg/gpg-public-key-0x76FD3810215AE097.asc";
trust = 5;
}
];
};
# assure correct permissions
systemd.user.tmpfiles.rules = [
"d ${homeDir}/.gnupg 700 ${mainUser} users"
]; ];
}; };
programs.gpg = {
enable = true;
publicKeys = [
{
source = "${self}/secrets/keys/gpg/gpg-public-key-0x76FD3810215AE097.asc";
trust = 5;
}
];
};
# assure correct permissions
systemd.user.tmpfiles.rules = [
"d ${homeDir}/.gnupg 700 ${mainUser} users"
];
} }

143
modules/home/common/kanshi.nix
View file

@ -1,73 +1,76 @@
{ config, ... }: { lib, config, ... }:
{ {
services.kanshi = { options.swarselsystems.modules.kanshi = lib.mkEnableOption "kanshi settings";
enable = true; config = lib.mkIf config.swarselsystems.modules.kanshi {
settings = [ services.kanshi = {
{ enable = true;
# laptop screen settings = [
output = { {
criteria = config.swarselsystems.sharescreen; # laptop screen
mode = config.swarselsystems.highResolution; output = {
scale = 1.0; criteria = config.swarselsystems.sharescreen;
}; mode = config.swarselsystems.highResolution;
} scale = 1.0;
{ };
# home main screen }
output = { {
criteria = "Philips Consumer Electronics Company PHL BDM3270 AU11806002320"; # home main screen
scale = 1.0; output = {
mode = "2560x1440"; criteria = "Philips Consumer Electronics Company PHL BDM3270 AU11806002320";
}; scale = 1.0;
} mode = "2560x1440";
{ };
profile = { }
name = "lidopen"; {
outputs = [ profile = {
{ name = "lidopen";
criteria = "eDP-2"; outputs = [
status = "enable"; {
scale = 1.0; criteria = "eDP-2";
} status = "enable";
]; scale = 1.0;
}; }
} ];
{ };
profile = { }
name = "lidopen"; {
outputs = [ profile = {
{ name = "lidopen";
criteria = config.swarselsystems.sharescreen; outputs = [
status = "enable"; {
scale = 1.7; criteria = config.swarselsystems.sharescreen;
position = "2560,0"; status = "enable";
} scale = 1.7;
{ position = "2560,0";
criteria = "Philips Consumer Electronics Company PHL BDM3270 AU11806002320"; }
scale = 1.0; {
mode = "2560x1440"; criteria = "Philips Consumer Electronics Company PHL BDM3270 AU11806002320";
position = "0,0"; scale = 1.0;
} mode = "2560x1440";
]; position = "0,0";
}; }
} ];
{ };
profile = { }
name = "lidclosed"; {
outputs = [ profile = {
{ name = "lidclosed";
criteria = config.swarselsystems.sharescreen; outputs = [
status = "disable"; {
position = "2560,0"; criteria = config.swarselsystems.sharescreen;
} status = "disable";
{ position = "2560,0";
criteria = "Philips Consumer Electronics Company PHL BDM3270 AU11806002320"; }
scale = 1.0; {
mode = "2560x1440"; criteria = "Philips Consumer Electronics Company PHL BDM3270 AU11806002320";
position = "0,0"; scale = 1.0;
} mode = "2560x1440";
]; position = "0,0";
}; }
} ];
]; };
}
];
};
}; };
} }

11
modules/home/common/kdeconnect.nix
View file

@ -1,8 +1,11 @@
_: { lib, config, ... }:
{ {
services.kdeconnect = { options.swarselsystems.modules.kdeconnect = lib.mkEnableOption "kdeconnect settings";
enable = true; config = lib.mkIf config.swarselsystems.modules.kdeconnect {
indicator = true; services.kdeconnect = {
enable = true;
indicator = true;
};
}; };
} }

64
modules/home/common/mako.nix
View file

@ -1,37 +1,35 @@
_: { lib, config, ... }:
{ {
services.mako = { options.swarselsystems.modules.mako = lib.mkEnableOption "mako settings";
enable = true; config = lib.mkIf config.swarselsystems.modules.mako {
# backgroundColor = "#2e3440"; services.mako = {
# borderColor = "#88c0d0"; enable = true;
borderRadius = 15; # backgroundColor = "#2e3440";
borderSize = 1; # borderColor = "#88c0d0";
defaultTimeout = 5000; borderRadius = 15;
height = 150; borderSize = 1;
icons = true; defaultTimeout = 5000;
ignoreTimeout = true; height = 150;
layer = "overlay"; icons = true;
maxIconSize = 64; ignoreTimeout = true;
sort = "-time"; layer = "overlay";
width = 300; maxIconSize = 64;
# font = "monospace 10"; sort = "-time";
extraConfig = '' width = 300;
[urgency=low] # font = "monospace 10";
border-color=#cccccc extraConfig = ''
[urgency=normal] [urgency=low]
border-color=#d08770 border-color=#cccccc
[urgency=high] [urgency=normal]
border-color=#bf616a border-color=#d08770
default-timeout=3000 [urgency=high]
[category=mpd] border-color=#bf616a
default-timeout=2000 default-timeout=3000
group-by=category [category=mpd]
''; default-timeout=2000
}; group-by=category
'';
services.swayosd = { };
enable = true;
topMargin = 0.5;
}; };
} }

3
modules/home/common/sway.nix
View file

@ -1,6 +1,7 @@
{ self, config, lib, ... }: { self, config, lib, ... }:
{ {
options.swarselsystems = { options.swarselsystems = {
modules.sway = lib.mkEnableOption "sway settings";
inputs = lib.mkOption { inputs = lib.mkOption {
type = lib.types.attrsOf (lib.types.attrsOf lib.types.str); type = lib.types.attrsOf (lib.types.attrsOf lib.types.str);
default = { }; default = { };
@ -64,7 +65,7 @@
internal = true; internal = true;
}; };
}; };
config = { config = lib.mkIf config.swarselsystems.modules.sway {
swarselsystems = { swarselsystems = {
touchpad = lib.mkIf config.swarselsystems.isLaptop { touchpad = lib.mkIf config.swarselsystems.isLaptop {
"type:touchpad" = { "type:touchpad" = {

10
modules/home/common/swayosd.nix Normal file
View file

@ -0,0 +1,10 @@
{ lib, config, ... }:
{
options.swarselsystems.modules.swayosd = lib.mkEnableOption "swayosd settings";
config = lib.mkIf config.swarselsystems.modules.swayosd {
services.swayosd = {
enable = true;
topMargin = 0.5;
};
};
}

51
modules/home/common/yubikey-touch-detector.nix
View file

@ -1,29 +1,32 @@
{ pkgs, ... }: { lib, config, pkgs, ... }:
{ {
systemd.user.services.yubikey-touch-detector = { options.swarselsystems.modules.yubikeytouch = lib.mkEnableOption "yubikey touch detector service settings";
Unit = { config = lib.mkIf config.swarselsystems.modules.yubikeytouch {
Description = "Detects when your YubiKey is waiting for a touch"; systemd.user.services.yubikey-touch-detector = {
Requires = [ "yubikey-touch-detector.socket" ]; Unit = {
Description = "Detects when your YubiKey is waiting for a touch";
Requires = [ "yubikey-touch-detector.socket" ];
};
Service = {
ExecStart = "${pkgs.yubikey-touch-detector}/bin/yubikey-touch-detector --libnotify";
EnvironmentFile = "-%E/yubikey-touch-detector/service.conf";
};
Install = {
Also = [ "yubikey-touch-detector.socket" ];
WantedBy = [ "default.target" ];
};
}; };
Service = { systemd.user.sockets.yubikey-touch-detector = {
ExecStart = "${pkgs.yubikey-touch-detector}/bin/yubikey-touch-detector --libnotify"; Unit = {
EnvironmentFile = "-%E/yubikey-touch-detector/service.conf"; Description = "Unix socket activation for YubiKey touch detector service";
}; };
Install = { Socket = {
Also = [ "yubikey-touch-detector.socket" ]; ListenStream = "%t/yubikey-touch-detector.socket";
WantedBy = [ "default.target" ]; RemoveOnStop = true;
}; };
}; Install = {
systemd.user.sockets.yubikey-touch-detector = { WantedBy = [ "sockets.target" ];
Unit = { };
Description = "Unix socket activation for YubiKey touch detector service";
};
Socket = {
ListenStream = "%t/yubikey-touch-detector.socket";
RemoveOnStop = true;
};
Install = {
WantedBy = [ "sockets.target" ];
}; };
}; };
} }

61
modules/home/optional/gaming.nix
View file

@ -1,35 +1,38 @@
{ pkgs, ... }: { lib, config, pkgs, ... }:
{ {
# specialisation = { options.swarselsystems.modules.optional.gaming = lib.mkEnableOption "optional gaming settings";
# gaming.configuration = { config = lib.mkIf config.swarselsystems.modules.optional.gaming {
home.packages = with pkgs; [ # specialisation = {
lutris # gaming.configuration = {
wine home.packages = with pkgs; [
winetricks lutris
libudev-zero wine
dwarfs winetricks
fuse-overlayfs libudev-zero
# steam dwarfs
steam-run fuse-overlayfs
patchelf # steam
gamescope steam-run
vulkan-tools patchelf
moonlight-qt gamescope
ns-usbloader vulkan-tools
moonlight-qt
ns-usbloader
quark-goldleaf quark-goldleaf
# gog games installing # gog games installing
heroic heroic
# minecraft # minecraft
prismlauncher # has overrides prismlauncher # has overrides
temurin-bin-17 temurin-bin-17
pokefinder pokefinder
retroarch retroarch
flips flips
]; ];
# }; # };
# }; # };
};
} }

577
modules/home/optional/work.nix
View file

@ -7,307 +7,310 @@ let
wsUser = lib.swarselsystems.getSecret "${secretsDirectory}/work/ws-user"; wsUser = lib.swarselsystems.getSecret "${secretsDirectory}/work/ws-user";
in in
{ {
home.packages = with pkgs; [ options.swarselsystems.modules.optional.work = lib.mkEnableOption "optional work settings";
stable.teams-for-linux config = lib.mkIf config.swarselsystems.modules.optional.work {
shellcheck home.packages = with pkgs; [
dig stable.teams-for-linux
docker shellcheck
postman dig
rclone docker
stable.awscli2 postman
libguestfs-with-appliance rclone
stable.prometheus.cli stable.awscli2
tigervnc libguestfs-with-appliance
openstackclient stable.prometheus.cli
]; tigervnc
openstackclient
];
home.sessionVariables = { home.sessionVariables = {
DOCUMENT_DIR_PRIV = lib.mkForce "${homeDir}/Documents/Private"; DOCUMENT_DIR_PRIV = lib.mkForce "${homeDir}/Documents/Private";
DOCUMENT_DIR_WORK = lib.mkForce "${homeDir}/Documents/Work"; DOCUMENT_DIR_WORK = lib.mkForce "${homeDir}/Documents/Work";
};
wayland.windowManager.sway.config = {
output = {
"Applied Creative Technology Transmitter QUATTRO201811" = {
bg = "${self}/wallpaper/navidrome.png ${config.stylix.imageScalingMode}";
};
"Hewlett Packard HP Z24i CN44250RDT" = {
bg = "${self}/wallpaper/op6wp.png ${config.stylix.imageScalingMode}";
};
"HP Inc. HP 732pk CNC4080YL5" = {
bg = "${self}/wallpaper/botanicswp.png ${config.stylix.imageScalingMode}";
};
};
};
stylix.targets.firefox.profileNames = [
"dc"
"cl"
"ws"
];
programs = {
git.userEmail = lib.swarselsystems.getSecret "${secretsDirectory}/work/git-email";
zsh = {
shellAliases = {
dssh = "ssh -l ${dcUser}";
cssh = "ssh -l ${clUser}";
wssh = "ssh -l ${wsUser}";
};
cdpath = [
"~/Documents/Work"
];
dirHashes = {
d = "$HOME/.dotfiles";
w = "$HOME/Documents/Work";
s = "$HOME/.dotfiles/secrets";
pr = "$HOME/Documents/Private";
ac = "$HOME/.ansible/collections/ansible_collections/vbc/linux/roles";
};
}; };
ssh = { wayland.windowManager.sway.config = {
matchBlocks = { output = {
"uc" = { "Applied Creative Technology Transmitter QUATTRO201811" = {
hostname = lib.swarselsystems.getSecret "${secretsDirectory}/work/uc-prod"; bg = "${self}/wallpaper/navidrome.png ${config.stylix.imageScalingMode}";
user = "stack";
}; };
"uc.stg" = { "Hewlett Packard HP Z24i CN44250RDT" = {
hostname = lib.swarselsystems.getSecret "${secretsDirectory}/work/uc-stg"; bg = "${self}/wallpaper/op6wp.png ${config.stylix.imageScalingMode}";
user = "stack";
}; };
"uc.staging" = { "HP Inc. HP 732pk CNC4080YL5" = {
hostname = lib.swarselsystems.getSecret "${secretsDirectory}/work/uc-stg"; bg = "${self}/wallpaper/botanicswp.png ${config.stylix.imageScalingMode}";
user = "stack";
};
"uc.dev" = {
hostname = lib.swarselsystems.getSecret "${secretsDirectory}/work/uc-dev";
user = "stack";
};
"cbe" = {
hostname = lib.swarselsystems.getSecret "${secretsDirectory}/work/cbe-prod";
user = dcUser;
};
"cbe.stg" = {
hostname = lib.swarselsystems.getSecret "${secretsDirectory}/work/cbe-stg";
user = dcUser;
};
"cbe.staging" = {
hostname = lib.swarselsystems.getSecret "${secretsDirectory}/work/cbe-stg";
user = dcUser;
};
"*.vbc.ac.at" = {
user = dcUser;
}; };
}; };
}; };
firefox = { stylix.targets.firefox.profileNames = [
profiles = "dc"
"cl"
"ws"
];
programs = {
git.userEmail = lib.swarselsystems.getSecret "${secretsDirectory}/work/git-email";
zsh = {
shellAliases = {
dssh = "ssh -l ${dcUser}";
cssh = "ssh -l ${clUser}";
wssh = "ssh -l ${wsUser}";
};
cdpath = [
"~/Documents/Work"
];
dirHashes = {
d = "$HOME/.dotfiles";
w = "$HOME/Documents/Work";
s = "$HOME/.dotfiles/secrets";
pr = "$HOME/Documents/Private";
ac = "$HOME/.ansible/collections/ansible_collections/vbc/linux/roles";
};
};
ssh = {
matchBlocks = {
"uc" = {
hostname = lib.swarselsystems.getSecret "${secretsDirectory}/work/uc-prod";
user = "stack";
};
"uc.stg" = {
hostname = lib.swarselsystems.getSecret "${secretsDirectory}/work/uc-stg";
user = "stack";
};
"uc.staging" = {
hostname = lib.swarselsystems.getSecret "${secretsDirectory}/work/uc-stg";
user = "stack";
};
"uc.dev" = {
hostname = lib.swarselsystems.getSecret "${secretsDirectory}/work/uc-dev";
user = "stack";
};
"cbe" = {
hostname = lib.swarselsystems.getSecret "${secretsDirectory}/work/cbe-prod";
user = dcUser;
};
"cbe.stg" = {
hostname = lib.swarselsystems.getSecret "${secretsDirectory}/work/cbe-stg";
user = dcUser;
};
"cbe.staging" = {
hostname = lib.swarselsystems.getSecret "${secretsDirectory}/work/cbe-stg";
user = dcUser;
};
"*.vbc.ac.at" = {
user = dcUser;
};
};
};
firefox = {
profiles =
let
isDefault = false;
in
{
dc = lib.recursiveUpdate
{
inherit isDefault;
id = 1;
settings = {
"browser.startup.homepage" = "https://tower.vbc.ac.at|https://artifactory.vbc.ac.at";
};
}
config.swarselsystems.firefox;
cl = lib.recursiveUpdate
{
inherit isDefault;
id = 2;
settings = {
"browser.startup.homepage" = "https://portal.azure.com";
};
}
config.swarselsystems.firefox;
ws = lib.recursiveUpdate
{
inherit isDefault;
id = 3;
}
config.swarselsystems.firefox;
};
};
chromium = {
enable = true;
package = pkgs.chromium;
extensions = [
# 1password
"gejiddohjgogedgjnonbofjigllpkmbf"
# dark reader
"eimadpbcbfnmbkopoojfekhnkhdbieeh"
# ublock origin
"cjpalhdlnbpafiamejdnhcphjbkeiagm"
# i still dont care about cookies
"edibdbjcniadpccecjdfdjjppcpchdlm"
# browserpass
"naepdomgkenhinolocfifgehidddafch"
];
};
};
services = {
kanshi = {
settings = [
{
# seminary room
output = {
criteria = "Applied Creative Technology Transmitter QUATTRO201811";
scale = 1.0;
mode = "1280x720";
};
}
{
# work main screen
output = {
criteria = "HP Inc. HP 732pk CNC4080YL5";
scale = 1.0;
mode = "3840x2160";
};
}
{
# work side screen
output = {
criteria = "Hewlett Packard HP Z24i CN44250RDT";
scale = 1.0;
mode = "1920x1200";
transform = "270";
};
}
{
profile = {
name = "lidopen";
outputs = [
{
criteria = config.swarselsystems.sharescreen;
status = "enable";
scale = 1.5;
position = "1462,0";
}
{
criteria = "HP Inc. HP 732pk CNC4080YL5";
scale = 1.4;
mode = "3840x2160";
position = "-1280,0";
}
{
criteria = "Hewlett Packard HP Z24i CN44250RDT";
scale = 1.0;
mode = "1920x1200";
transform = "90";
position = "-2480,0";
}
];
};
}
{
profile = {
name = "lidopen";
outputs = [
{
criteria = config.swarselsystems.sharescreen;
status = "enable";
scale = 1.7;
position = "2560,0";
}
{
criteria = "Applied Creative Technology Transmitter QUATTRO201811";
scale = 1.0;
mode = "1280x720";
position = "10000,10000";
}
];
};
}
{
profile = {
name = "lidclosed";
outputs = [
{
criteria = config.swarselsystems.sharescreen;
status = "disable";
}
{
criteria = "HP Inc. HP 732pk CNC4080YL5";
scale = 1.4;
mode = "3840x2160";
position = "-1280,0";
}
{
criteria = "Hewlett Packard HP Z24i CN44250RDT";
scale = 1.0;
mode = "1920x1200";
transform = "270";
position = "-2480,0";
}
];
};
}
{
profile = {
name = "lidclosed";
outputs = [
{
criteria = config.swarselsystems.sharescreen;
status = "disable";
}
{
criteria = "Applied Creative Technology Transmitter QUATTRO201811";
scale = 1.0;
mode = "1280x720";
position = "10000,10000";
}
];
};
}
];
};
};
xdg = {
mimeApps = {
defaultApplications = {
"x-scheme-handler/msteams" = [ "teams-for-linux.desktop" ];
};
};
desktopEntries =
let let
isDefault = false; terminal = false;
categories = [ "Application" ];
icon = "firefox";
in in
{ {
dc = lib.recursiveUpdate firefox_dc = {
{ name = "Firefox (dc)";
inherit isDefault; genericName = "Firefox dc";
id = 1; exec = "firefox -p dc";
settings = { inherit terminal categories icon;
"browser.startup.homepage" = "https://tower.vbc.ac.at|https://artifactory.vbc.ac.at"; };
};
} firefox_ws = {
config.swarselsystems.firefox; name = "Firefox (ws)";
cl = lib.recursiveUpdate genericName = "Firefox ws";
{ exec = "firefox -p ws";
inherit isDefault; inherit terminal categories icon;
id = 2; };
settings = {
"browser.startup.homepage" = "https://portal.azure.com"; firefox_cl = {
}; name = "Firefox (cl)";
} genericName = "Firefox cl";
config.swarselsystems.firefox; exec = "firefox -p cl";
ws = lib.recursiveUpdate inherit terminal categories icon;
{ };
inherit isDefault;
id = 3;
}
config.swarselsystems.firefox;
}; };
}; };
chromium = {
enable = true;
package = pkgs.chromium;
extensions = [
# 1password
"gejiddohjgogedgjnonbofjigllpkmbf"
# dark reader
"eimadpbcbfnmbkopoojfekhnkhdbieeh"
# ublock origin
"cjpalhdlnbpafiamejdnhcphjbkeiagm"
# i still dont care about cookies
"edibdbjcniadpccecjdfdjjppcpchdlm"
# browserpass
"naepdomgkenhinolocfifgehidddafch"
];
};
};
services = {
kanshi = {
settings = [
{
# seminary room
output = {
criteria = "Applied Creative Technology Transmitter QUATTRO201811";
scale = 1.0;
mode = "1280x720";
};
}
{
# work main screen
output = {
criteria = "HP Inc. HP 732pk CNC4080YL5";
scale = 1.0;
mode = "3840x2160";
};
}
{
# work side screen
output = {
criteria = "Hewlett Packard HP Z24i CN44250RDT";
scale = 1.0;
mode = "1920x1200";
transform = "270";
};
}
{
profile = {
name = "lidopen";
outputs = [
{
criteria = config.swarselsystems.sharescreen;
status = "enable";
scale = 1.5;
position = "1462,0";
}
{
criteria = "HP Inc. HP 732pk CNC4080YL5";
scale = 1.4;
mode = "3840x2160";
position = "-1280,0";
}
{
criteria = "Hewlett Packard HP Z24i CN44250RDT";
scale = 1.0;
mode = "1920x1200";
transform = "90";
position = "-2480,0";
}
];
};
}
{
profile = {
name = "lidopen";
outputs = [
{
criteria = config.swarselsystems.sharescreen;
status = "enable";
scale = 1.7;
position = "2560,0";
}
{
criteria = "Applied Creative Technology Transmitter QUATTRO201811";
scale = 1.0;
mode = "1280x720";
position = "10000,10000";
}
];
};
}
{
profile = {
name = "lidclosed";
outputs = [
{
criteria = config.swarselsystems.sharescreen;
status = "disable";
}
{
criteria = "HP Inc. HP 732pk CNC4080YL5";
scale = 1.4;
mode = "3840x2160";
position = "-1280,0";
}
{
criteria = "Hewlett Packard HP Z24i CN44250RDT";
scale = 1.0;
mode = "1920x1200";
transform = "270";
position = "-2480,0";
}
];
};
}
{
profile = {
name = "lidclosed";
outputs = [
{
criteria = config.swarselsystems.sharescreen;
status = "disable";
}
{
criteria = "Applied Creative Technology Transmitter QUATTRO201811";
scale = 1.0;
mode = "1280x720";
position = "10000,10000";
}
];
};
}
];
};
};
xdg = {
mimeApps = {
defaultApplications = {
"x-scheme-handler/msteams" = [ "teams-for-linux.desktop" ];
};
};
desktopEntries =
let
terminal = false;
categories = [ "Application" ];
icon = "firefox";
in
{
firefox_dc = {
name = "Firefox (dc)";
genericName = "Firefox dc";
exec = "firefox -p dc";
inherit terminal categories icon;
};
firefox_ws = {
name = "Firefox (ws)";
genericName = "Firefox ws";
exec = "firefox -p ws";
inherit terminal categories icon;
};
firefox_cl = {
name = "Firefox (cl)";
genericName = "Firefox cl";
exec = "firefox -p cl";
inherit terminal categories icon;
};
};
}; };
} }

13
modules/home/server/symlink.nix
View file

@ -1,9 +1,12 @@
{ self, lib, ... }: { self, lib, config, ... }:
{ {
home.file = { options.swarselsystems.modules.server.dotfiles = lib.mkEnableOption "server dotfiles settings";
"init.el" = lib.mkForce { config = lib.mkIf config.swarselsystems.modules.server.dotfiles {
source = self + /programs/emacs/server.el; home.file = {
target = ".emacs.d/init.el"; "init.el" = lib.mkForce {
source = self + /programs/emacs/server.el;
target = ".emacs.d/init.el";
};
}; };
}; };
} }

11
modules/nixos/optional/autologin.nix
View file

@ -1,10 +1,13 @@
{ config, ... }: { lib, config, ... }:
let let
inherit (config.swarselsystems) mainUser; inherit (config.swarselsystems) mainUser;
in in
{ {
services = { options.swarselsystems.modules.optional.autologin = lib.mkEnableOption "optional autologin settings";
getty.autologinUser = mainUser; config = lib.mkIf config.swarselsystems.modules.optional.autologin {
greetd.settings.initial_session.user = mainUser; services = {
getty.autologinUser = mainUser;
greetd.settings.initial_session.user = mainUser;
};
}; };
} }

57
modules/nixos/optional/gaming.nix
View file

@ -1,36 +1,39 @@
{ pkgs, lib, ... }: { pkgs, lib, config, ... }:
{ {
specialisation = { options.swarselsystems.modules.optional.gaming = lib.mkEnableOption "optional gaming settings";
gaming.configuration = { config = lib.mkIf config.swarselsystems.modules.optional.gaming {
networking = { specialisation = {
firewall.enable = lib.mkForce false; gaming.configuration = {
firewall = { networking = {
allowedUDPPorts = [ 4380 27036 14242 34197 ]; # 34197: factorio; 4380 27036 14242: barotrauma; firewall.enable = lib.mkForce false;
allowedTCPPorts = [ ]; # 34197: factorio; 4380 27036 14242: barotrauma; 51820: wireguard firewall = {
allowedTCPPortRanges = [ allowedUDPPorts = [ 4380 27036 14242 34197 ]; # 34197: factorio; 4380 27036 14242: barotrauma;
{ from = 27015; to = 27030; } # barotrauma allowedTCPPorts = [ ]; # 34197: factorio; 4380 27036 14242: barotrauma; 51820: wireguard
{ from = 27036; to = 27037; } # barotrauma allowedTCPPortRanges = [
]; { from = 27015; to = 27030; } # barotrauma
allowedUDPPortRanges = [ { from = 27036; to = 27037; } # barotrauma
{ from = 27000; to = 27031; } # barotrauma ];
{ from = 58962; to = 58964; } # barotrauma allowedUDPPortRanges = [
{ from = 27000; to = 27031; } # barotrauma
{ from = 58962; to = 58964; } # barotrauma
];
};
};
programs.steam = {
enable = true;
package = pkgs.steam;
extraCompatPackages = [
pkgs.proton-ge-bin
]; ];
}; };
};
programs.steam = { hardware.xone.enable = true;
enable = true;
package = pkgs.steam; environment.systemPackages = [
extraCompatPackages = [ pkgs.linuxKernel.packages.linux_6_12.xone
pkgs.proton-ge-bin
]; ];
}; };
hardware.xone.enable = true;
environment.systemPackages = [
pkgs.linuxKernel.packages.linux_6_12.xone
];
}; };
}; };

15
modules/nixos/optional/nswitch-rcm.nix
View file

@ -1,10 +1,13 @@
{ pkgs, ... }: { lib, config, pkgs, ... }:
{ {
services.nswitch-rcm = { options.swarselsystems.modules.optional.nswitch-rcm = lib.mkEnableOption "optional nswitch-rcm settings";
enable = true; config = lib.mkIf config.swarselsystems.modules.optional.nswitch-rcm {
package = pkgs.fetchurl { services.nswitch-rcm = {
url = "https://github.com/Atmosphere-NX/Atmosphere/releases/download/1.3.2/fusee.bin"; enable = true;
hash = "sha256-5AXzNsny45SPLIrvWJA9/JlOCal5l6Y++Cm+RtlJppI="; package = pkgs.fetchurl {
url = "https://github.com/Atmosphere-NX/Atmosphere/releases/download/1.3.2/fusee.bin";
hash = "sha256-5AXzNsny45SPLIrvWJA9/JlOCal5l6Y++Cm+RtlJppI=";
};
}; };
}; };
} }

30
modules/nixos/optional/virtualbox.nix
View file

@ -1,20 +1,22 @@
{ lib, pkgs, ... }: { lib, config, pkgs, ... }:
{ {
options.swarselsystems.modules.optional.virtualbox = lib.mkEnableOption "optional VBox settings";
specialisation = { config = lib.mkIf config.swarselsystems.modules.optional.virtualbox {
VBox.configuration = { specialisation = {
virtualisation.virtualbox = { VBox.configuration = {
host = { virtualisation.virtualbox = {
enable = true; host = {
enableExtensionPack = true; enable = true;
}; enableExtensionPack = true;
# leaving this here for future notice. setting guest.enable = true will make 'restarting sysinit-reactivation.target' take till timeout on nixos-rebuild switch };
guest = { # leaving this here for future notice. setting guest.enable = true will make 'restarting sysinit-reactivation.target' take till timeout on nixos-rebuild switch
enable = false; guest = {
enable = false;
};
}; };
# run an older kernel to provide compatibility with windows vm
boot.kernelPackages = lib.mkForce pkgs.linuxPackages;
}; };
# run an older kernel to provide compatibility with windows vm
boot.kernelPackages = lib.mkForce pkgs.linuxPackages;
}; };
}; };

9
modules/nixos/optional/vmware.nix
View file

@ -1,6 +1,9 @@
_: { lib, config, ... }:
{ {
virtualisation.vmware.host.enable = true; options.swarselsystems.modules.optional.vmware = lib.mkEnableOption "optional vmware settings";
virtualisation.vmware.guest.enable = true; config = lib.mkIf config.swarselsystems.modules.optional.vmware {
virtualisation.vmware.host.enable = true;
virtualisation.vmware.guest.enable = true;
};
} }

293
modules/nixos/optional/work.nix
View file

@ -24,167 +24,170 @@ let
}; };
in in
{ {
sops = options.swarselsystems.modules.optional.work = lib.mkEnableOption "optional work settings";
let config = lib.mkIf config.swarselsystems.modules.optional.work {
secretNames = [ sops =
"vcuser" let
"vcpw" secretNames = [
"govcuser" "vcuser"
"govcpw" "vcpw"
"govcurl" "govcuser"
"govcdc" "govcpw"
"govcds" "govcurl"
"govchost" "govcdc"
"govcnetwork" "govcds"
"govcpool" "govchost"
]; "govcnetwork"
in "govcpool"
{ ];
secrets = builtins.listToAttrs ( in
map {
(name: { secrets = builtins.listToAttrs (
inherit name; map
value = { inherit owner sopsFile; }; (name: {
}) inherit name;
secretNames value = { inherit owner sopsFile; };
); })
}; secretNames
);
};
boot.initrd = { boot.initrd = {
systemd.enable = lib.mkForce true; # make sure we are using initrd systemd even when not using Impermanence systemd.enable = lib.mkForce true; # make sure we are using initrd systemd even when not using Impermanence
luks = { luks = {
# disable "support" since we use systemd-cryptenroll # disable "support" since we use systemd-cryptenroll
# make sure yubikeys are enrolled using # make sure yubikeys are enrolled using
# sudo systemd-cryptenroll --fido2-device=auto --fido2-with-user-verification=no --fido2-with-user-presence=true --fido2-with-client-pin=no /dev/nvme0n1p2 # sudo systemd-cryptenroll --fido2-device=auto --fido2-with-user-verification=no --fido2-with-user-presence=true --fido2-with-client-pin=no /dev/nvme0n1p2
yubikeySupport = false; yubikeySupport = false;
fido2Support = false; fido2Support = false;
};
};
programs = {
zsh.shellInit = ''
export VSPHERE_USER="$(cat ${config.sops.secrets.vcuser.path})"
export VSPHERE_PW="$(cat ${config.sops.secrets.vcpw.path})"
export GOVC_USERNAME="$(cat ${config.sops.secrets.govcuser.path})"
export GOVC_PASSWORD="$(cat ${config.sops.secrets.govcpw.path})"
export GOVC_URL="$(cat ${config.sops.secrets.govcurl.path})"
export GOVC_DATACENTER="$(cat ${config.sops.secrets.govcdc.path})"
export GOVC_DATASTORE="$(cat ${config.sops.secrets.govcds.path})"
export GOVC_HOST="$(cat ${config.sops.secrets.govchost.path})"
export GOVC_RESOURCE_POOL="$(cat ${config.sops.secrets.govcpool.path})"
export GOVC_NETWORK="$(cat ${config.sops.secrets.govcnetwork.path})"
'';
browserpass.enable = true;
_1password.enable = true;
_1password-gui = {
enable = true;
polkitPolicyOwners = [ "${mainUser}" ];
};
};
networking = {
firewall.trustedInterfaces = [ "virbr0" ];
search = [
"vbc.ac.at"
"clip.vbc.ac.at"
"imp.univie.ac.at"
];
};
virtualisation = {
docker.enable = lib.mkIf (!config.virtualisation.podman.dockerCompat) true;
spiceUSBRedirection.enable = true;
libvirtd = {
enable = true;
qemu = {
package = pkgs.qemu_kvm;
runAsRoot = true;
swtpm.enable = true;
vhostUserPackages = with pkgs; [ virtiofsd ];
ovmf = {
enable = true;
packages = [
(pkgs.OVMFFull.override {
secureBoot = true;
tpmSupport = true;
}).fd
];
};
}; };
}; };
};
environment.systemPackages = with pkgs; [ programs = {
# (python39.withPackages (ps: with ps; [ zsh.shellInit = ''
# cryptography export VSPHERE_USER="$(cat ${config.sops.secrets.vcuser.path})"
# ])) export VSPHERE_PW="$(cat ${config.sops.secrets.vcpw.path})"
# docker export GOVC_USERNAME="$(cat ${config.sops.secrets.govcuser.path})"
python39 export GOVC_PASSWORD="$(cat ${config.sops.secrets.govcpw.path})"
qemu export GOVC_URL="$(cat ${config.sops.secrets.govcurl.path})"
packer export GOVC_DATACENTER="$(cat ${config.sops.secrets.govcdc.path})"
gnumake export GOVC_DATASTORE="$(cat ${config.sops.secrets.govcds.path})"
libisoburn export GOVC_HOST="$(cat ${config.sops.secrets.govchost.path})"
govc export GOVC_RESOURCE_POOL="$(cat ${config.sops.secrets.govcpool.path})"
terraform export GOVC_NETWORK="$(cat ${config.sops.secrets.govcnetwork.path})"
graphviz '';
# vm browserpass.enable = true;
virt-manager _1password.enable = true;
virt-viewer _1password-gui = {
virtiofsd enable = true;
spice polkitPolicyOwners = [ "${mainUser}" ];
spice-gtk };
spice-protocol
win-virtio
win-spice
];
services = {
spice-vdagentd.enable = true;
openssh = {
enable = true;
extraConfig = ''
'';
}; };
syncthing = { networking = {
settings = { firewall.trustedInterfaces = [ "virbr0" ];
"winters" = { search = [
id = "O7RWDMD-AEAHPP7-7TAVLKZ-BSWNBTU-2VA44MS-EYGUNBB-SLHKB3C-ZSLMOAA"; "vbc.ac.at"
}; "clip.vbc.ac.at"
folders = { "imp.univie.ac.at"
"Documents" = { ];
path = "${homeDir}/Documents"; };
devices = [ "magicant" "winters" ];
id = "hgr3d-pfu3w"; virtualisation = {
docker.enable = lib.mkIf (!config.virtualisation.podman.dockerCompat) true;
spiceUSBRedirection.enable = true;
libvirtd = {
enable = true;
qemu = {
package = pkgs.qemu_kvm;
runAsRoot = true;
swtpm.enable = true;
vhostUserPackages = with pkgs; [ virtiofsd ];
ovmf = {
enable = true;
packages = [
(pkgs.OVMFFull.override {
secureBoot = true;
tpmSupport = true;
}).fd
];
}; };
}; };
}; };
}; };
udev.extraRules = '' environment.systemPackages = with pkgs; [
# share screen when dongle detected # (python39.withPackages (ps: with ps; [
SUBSYSTEM=="usb", ACTION=="add", ATTRS{idVendor}=="343c", ATTRS{idProduct}=="0000", TAG+="systemd", ENV{SYSTEMD_WANTS}="swarsel-screenshare.service" # cryptography
# ]))
# docker
python39
qemu
packer
gnumake
libisoburn
govc
terraform
graphviz
# lock screen when yubikey removed # vm
ACTION=="remove", ENV{PRODUCT}=="3/1050/407/110", RUN+="${pkgs.systemd}/bin/systemctl suspend" virt-manager
''; virt-viewer
virtiofsd
spice
spice-gtk
spice-protocol
win-virtio
win-spice
];
};
systemd.services = lib.mkMerge [ services = {
(swarselService "swarsel-screenshare" "Start screensharing after HDMI dongle is detected" "${pkgs.screenshare}/bin/screenshare -h") spice-vdagentd.enable = true;
]; openssh = {
enable = true;
extraConfig = ''
'';
};
# cgroups v1 is required for centos7 dockers syncthing = {
specialisation = { settings = {
cgroup_v1.configuration = { "winters" = {
boot.kernelParams = [ id = "O7RWDMD-AEAHPP7-7TAVLKZ-BSWNBTU-2VA44MS-EYGUNBB-SLHKB3C-ZSLMOAA";
"SYSTEMD_CGROUP_ENABLE_LEGACY_FORCE=1" };
"systemd.unified_cgroup_hierarchy=0" folders = {
]; "Documents" = {
path = "${homeDir}/Documents";
devices = [ "magicant" "winters" ];
id = "hgr3d-pfu3w";
};
};
};
};
udev.extraRules = ''
# share screen when dongle detected
SUBSYSTEM=="usb", ACTION=="add", ATTRS{idVendor}=="343c", ATTRS{idProduct}=="0000", TAG+="systemd", ENV{SYSTEMD_WANTS}="swarsel-screenshare.service"
# lock screen when yubikey removed
ACTION=="remove", ENV{PRODUCT}=="3/1050/407/110", RUN+="${pkgs.systemd}/bin/systemctl suspend"
'';
};
systemd.services = lib.mkMerge [
(swarselService "swarsel-screenshare" "Start screensharing after HDMI dongle is detected" "${pkgs.screenshare}/bin/screenshare -h")
];
# cgroups v1 is required for centos7 dockers
specialisation = {
cgroup_v1.configuration = {
boot.kernelParams = [
"SYSTEMD_CGROUP_ENABLE_LEGACY_FORCE=1"
"systemd.unified_cgroup_hierarchy=0"
];
};
}; };
}; };

81
modules/nixos/server/nfs.nix
View file

@ -1,49 +1,52 @@
{ pkgs, ... }: { lib, config, pkgs, ... }:
{ {
services = { options.swarselsystems.server.nfs = lib.mkEnableOption "enable nfs on server";
# add a user with sudo smbpasswd -a <user> config = lib.mkIf config.swarselsystems.server.nfs {
samba = { services = {
package = pkgs.samba4Full; # add a user with sudo smbpasswd -a <user>
# extraConfig = '' samba = {
# workgroup = WORKGROUP package = pkgs.samba4Full;
# server role = standalone server # extraConfig = ''
# dns proxy = no # workgroup = WORKGROUP
# server role = standalone server
# dns proxy = no
# pam password change = yes # pam password change = yes
# map to guest = bad user # map to guest = bad user
# create mask = 0664 # create mask = 0664
# force create mode = 0664 # force create mode = 0664
# directory mask = 0775 # directory mask = 0775
# force directory mode = 0775 # force directory mode = 0775
# follow symlinks = yes # follow symlinks = yes
# ''; # '';
enable = true; enable = true;
openFirewall = true; openFirewall = true;
settings.Eternor = { settings.Eternor = {
browseable = "yes"; browseable = "yes";
"read only" = "no"; "read only" = "no";
"guest ok" = "no"; "guest ok" = "no";
path = "/Vault/Eternor"; path = "/Vault/Eternor";
writable = "true"; writable = "true";
comment = "Eternor"; comment = "Eternor";
"valid users" = "Swarsel"; "valid users" = "Swarsel";
};
}; };
};
avahi = { avahi = {
publish.enable = true; publish.enable = true;
publish.userServices = true; # Needed to allow samba to automatically register mDNS records without the need for an `extraServiceFile` publish.userServices = true; # Needed to allow samba to automatically register mDNS records without the need for an `extraServiceFile`
nssmdns4 = true; nssmdns4 = true;
enable = true; enable = true;
openFirewall = true; openFirewall = true;
}; };
# This enables autodiscovery on windows since SMB1 (and thus netbios) support was discontinued # This enables autodiscovery on windows since SMB1 (and thus netbios) support was discontinued
samba-wsdd = { samba-wsdd = {
enable = true; enable = true;
openFirewall = true; openFirewall = true;
};
}; };
}; };
} }

62
modules/nixos/server/nginx.nix
View file

@ -1,37 +1,39 @@
{ pkgs, config, ... }: { pkgs, lib, config, ... }:
{ {
environment.systemPackages = with pkgs; [ options.swarselsystems.server.nginx = lib.mkEnableOption "enable nginx on server";
lego config = lib.mkIf config.swarselsystems.server.nginx {
]; environment.systemPackages = with pkgs; [
lego
];
# users.users.acme = {}; # users.users.acme = {};
sops = { sops = {
# secrets.dnstokenfull = { owner = "acme"; }; # secrets.dnstokenfull = { owner = "acme"; };
secrets.dnstokenfull = { }; secrets.dnstokenfull = { };
templates."certs.secret".content = '' templates."certs.secret".content = ''
CF_DNS_API_TOKEN=${config.sops.placeholder.dnstokenfull} CF_DNS_API_TOKEN=${config.sops.placeholder.dnstokenfull}
''; '';
}; };
security.acme = { security.acme = {
acceptTerms = true; acceptTerms = true;
preliminarySelfsigned = false; preliminarySelfsigned = false;
defaults = { defaults = {
email = "mrswarsel@gmail.com"; email = "mrswarsel@gmail.com";
dnsProvider = "cloudflare"; dnsProvider = "cloudflare";
environmentFile = "${config.sops.templates."certs.secret".path}"; environmentFile = "${config.sops.templates."certs.secret".path}";
};
};
services.nginx = {
enable = true;
statusPage = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
recommendedOptimisation = true;
recommendedGzipSettings = true;
# virtualHosts are defined in the respective sections
}; };
}; };
services.nginx = {
enable = true;
statusPage = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
recommendedOptimisation = true;
recommendedGzipSettings = true;
# virtualHosts are defined in the respective sections
};
} }

21
modules/nixos/server/packages.nix
View file

@ -1,11 +1,14 @@
{ pkgs, ... }: { lib, config, pkgs, ... }:
{ {
environment.systemPackages = with pkgs; [ options.swarselsystems.server.packages = lib.mkEnableOption "enable packages on server";
gnupg config = lib.mkIf config.swarselsystems.server.packages {
nix-index environment.systemPackages = with pkgs; [
ssh-to-age gnupg
git nix-index
emacs ssh-to-age
vim git
]; emacs
vim
];
};
} }

3
modules/nixos/server/settings.nix
View file

@ -4,12 +4,13 @@ let
in in
{ {
options.swarselsystems = { options.swarselsystems = {
server.general = lib.mkEnableOption "general setting on server";
shellAliases = lib.mkOption { shellAliases = lib.mkOption {
type = lib.types.attrsOf lib.types.str; type = lib.types.attrsOf lib.types.str;
default = { }; default = { };
}; };
}; };
config = { config = lib.mkIf config.swarselsystems.server.general {
environment.shellAliases = lib.recursiveUpdate environment.shellAliases = lib.recursiveUpdate
{ {
npswitch = "cd ${flakePath}; git pull; sudo nixos-rebuild --flake .#$(hostname) switch; cd -;"; npswitch = "cd ${flakePath}; git pull; sudo nixos-rebuild --flake .#$(hostname) switch; cd -;";

12
modules/nixos/server/sops.nix
View file

@ -1,9 +1,11 @@
{ config, lib, ... }: { config, lib, ... }:
{ {
sops = { options.swarselsystems.server.sops = lib.mkEnableOption "enable sops on server";
age.sshKeyPaths = lib.mkDefault [ "/etc/ssh/sops" ]; config = lib.mkIf config.swarselsystems.server.sops {
defaultSopsFile = lib.mkDefault "${config.swarselsystems.flakePath}/secrets/winters/secrets.yaml"; sops = {
validateSopsFiles = false; age.sshKeyPaths = lib.mkDefault [ "/etc/ssh/sops" ];
defaultSopsFile = lib.mkDefault "${config.swarselsystems.flakePath}/secrets/winters/secrets.yaml";
validateSopsFiles = false;
};
}; };
} }

32
modules/nixos/server/ssh.nix
View file

@ -1,18 +1,20 @@
{ self, config, ... }: { self, lib, config, ... }:
{ {
services.openssh = { options.swarselsystems.server.ssh = lib.mkEnableOption "enable ssh on server";
enable = true; config = lib.mkIf config.swarselsystems.server.ssh {
services.openssh = {
enable = true;
};
users.users."${config.swarselsystems.mainUser}".openssh.authorizedKeys.keyFiles = [
(self + /secrets/keys/ssh/yubikey.pub)
(self + /secrets/keys/ssh/magicant.pub)
];
users.users.root.openssh.authorizedKeys.keyFiles = [
(self + /secrets/keys/ssh/yubikey.pub)
(self + /secrets/keys/ssh/magicant.pub)
];
security.sudo.extraConfig = ''
Defaults env_keep+=SSH_AUTH_SOCK
'';
}; };
users.users."${config.swarselsystems.mainUser}".openssh.authorizedKeys.keyFiles = [
(self + /secrets/keys/ssh/yubikey.pub)
(self + /secrets/keys/ssh/magicant.pub)
];
users.users.root.openssh.authorizedKeys.keyFiles = [
(self + /secrets/keys/ssh/yubikey.pub)
(self + /secrets/keys/ssh/magicant.pub)
];
security.sudo.extraConfig = ''
Defaults env_keep+=SSH_AUTH_SOCK
'';
} }

10
profiles/home/darwin/default.nix Normal file
View file

@ -0,0 +1,10 @@
{ lib, config, ... }:
{
options.swarselsystems.profiles.darwin = lib.mkEnableOption "is this a darwin host";
config = lib.mkIf config.swarselsystems.profiles.darwin {
swarselsystems.modules = {
general = lib.mkDefault true;
};
};
}

13
profiles/home/localserver/default.nix Normal file
View file

@ -0,0 +1,13 @@
{ lib, config, ... }:
{
options.swarselsystems.profiles.server.local = lib.mkEnableOption "is this a local server";
config = lib.mkIf config.swarselsystems.profiles.server.local {
swarselsystems.modules = {
general = lib.mkDefault true;
server = {
dotfiles = lib.mkDefault true;
};
};
};
}

12
profiles/home/personal/default.nix
View file

@ -30,6 +30,18 @@
waybar = lib.mkDefault true; waybar = lib.mkDefault true;
firefox = lib.mkDefault true; firefox = lib.mkDefault true;
gnome-keyring = lib.mkDefault true; gnome-keyring = lib.mkDefault true;
kdeconnect = lib.mkDefault true;
mako = lib.mkDefault true;
swayosd = lib.mkDefault true;
yubikeytouch = lib.mkDefault true;
sway = lib.mkDefault true;
kanshi = lib.mkDefault true;
gpgagent = lib.mkDefault true;
gammastep = lib.mkDefault true;
optional = {
gaming = lib.mkDefault true;
};
}; };
}; };

12
profiles/home/work/default.nix Normal file
View file

@ -0,0 +1,12 @@
{ lib, config, ... }:
{
options.swarselsystems.profiles.work = lib.mkEnableOption "is this a work host";
config = lib.mkIf config.swarselsystems.profiles.work {
swarselsystems.modules = {
optional = {
work = lib.mkDefault true;
};
};
};
}

41
profiles/nixos/localserver/default.nix
View file

@ -3,7 +3,6 @@
options.swarselsystems.profiles.server.local = lib.mkEnableOption "is this a local server"; options.swarselsystems.profiles.server.local = lib.mkEnableOption "is this a local server";
config = lib.mkIf config.swarselsystems.profiles.server.local { config = lib.mkIf config.swarselsystems.profiles.server.local {
swarselsystems = { swarselsystems = {
# common modules
modules = { modules = {
nix-ld = lib.mkDefault true; nix-ld = lib.mkDefault true;
home-manager = lib.mkDefault true; home-manager = lib.mkDefault true;
@ -14,23 +13,29 @@
time = lib.mkDefault true; time = lib.mkDefault true;
users = lib.mkDefault true; users = lib.mkDefault true;
}; };
# server modules server = {
# server = { general = lib.mkDefault true;
# kavita = lib.mkDefault true; packages = lib.mkDefault true;
# jellyfin = lib.mkDefault true; sops = lib.mkDefault true;
# navidrome = lib.mkDefault true; nfs = lib.mkDefault true;
# spotifyd = lib.mkDefault true; nginx = lib.mkDefault true;
# mpd = lib.mkDefault true; ssh = lib.mkDefault true;
# matrix = lib.mkDefault true; kavita = lib.mkDefault true;
# nextcloud = lib.mkDefault true; jellyfin = lib.mkDefault true;
# immich = lib.mkDefault true; navidrome = lib.mkDefault true;
# paperless = lib.mkDefault true; spotifyd = lib.mkDefault true;
# transmission = lib.mkDefault true; mpd = lib.mkDefault true;
# syncthing = lib.mkDefault true; matrix = lib.mkDefault true;
# monitoring = lib.mkDefault true; nextcloud = lib.mkDefault true;
# emacs = lib.mkDefault true; immich = lib.mkDefault true;
# freshrss = lib.mkDefault true; paperless = lib.mkDefault true;
# }; transmission = lib.mkDefault true;
syncthing = lib.mkDefault true;
monitoring = lib.mkDefault true;
emacs = lib.mkDefault true;
freshrss = lib.mkDefault true;
};
}; };
}; };

7
profiles/nixos/personal/default.nix
View file

@ -44,6 +44,13 @@
lid = lib.mkDefault true; lid = lib.mkDefault true;
lowBattery = lib.mkDefault true; lowBattery = lib.mkDefault true;
lanzaboote = lib.mkDefault true; lanzaboote = lib.mkDefault true;
optional = {
gaming = lib.mkDefault true;
virtualbox = lib.mkDefault true;
autologin = lib.mkDefault true;
nswitch-rcm = lib.mkDefault true;
};
}; };
}; };

16
profiles/nixos/syncserver/default.nix
View file

@ -3,7 +3,6 @@
options.swarselsystems.profiles.server.sync = lib.mkEnableOption "is this a oci sync server"; options.swarselsystems.profiles.server.sync = lib.mkEnableOption "is this a oci sync server";
config = lib.mkIf config.swarselsystems.profiles.server.sync { config = lib.mkIf config.swarselsystems.profiles.server.sync {
swarselsystems = { swarselsystems = {
# common modules
modules = { modules = {
nix-ld = lib.mkDefault true; nix-ld = lib.mkDefault true;
home-manager = lib.mkDefault true; home-manager = lib.mkDefault true;
@ -14,11 +13,16 @@
time = lib.mkDefault true; time = lib.mkDefault true;
users = lib.mkDefault true; users = lib.mkDefault true;
}; };
# server modules server = {
# server = { general = lib.mkDefault true;
# forgejo = lib.mkDefault true; packages = lib.mkDefault true;
# ankisync = lib.mkDefault true; sops = lib.mkDefault true;
# }; nfs = lib.mkDefault true;
nginx = lib.mkDefault true;
ssh = lib.mkDefault true;
forgejo = lib.mkDefault true;
ankisync = lib.mkDefault true;
};
}; };
}; };

13
profiles/nixos/work/default.nix Normal file
View file

@ -0,0 +1,13 @@
{ lib, config, ... }:
{
options.swarselsystems.profiles.work = lib.mkEnableOption "is this a work host";
config = lib.mkIf config.swarselsystems.profiles.work {
swarselsystems.modules = {
optional = {
work = lib.mkDefault true;
};
};
};
}

4
programs/zellij/layouts/default.kdl.nix
View file

@ -103,8 +103,8 @@ in
format_center "" format_center ""
format_right "#[bg=#${colors.base00},fg=#${colors.base02}]#[bg=#${colors.base02},fg=#${colors.base01},bold] #[bg=#${colors.base02},fg=#${colors.base01},bold] {session} #[bg=#${colors.base02},fg=#${colors.base01},bold]" format_right "#[bg=#${colors.base00},fg=#${colors.base02}]#[bg=#${colors.base02},fg=#${colors.base01},bold] #[bg=#${colors.base02},fg=#${colors.base01},bold] {session} #[bg=#${colors.base02},fg=#${colors.base01},bold]"
format_space "" format_space ""
format_hide_on_overlength "true" format_hide_on_overlength "false"
format_precedence "crl" format_precedence "lcr"
border_enabled "false" border_enabled "false"
border_char "" border_char ""