swarsel/.dotfiles
1
0
Fork 0
mirror of https://github.com/Swarsel/.dotfiles.git synced 2025-12-06 00:57:22 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

refactor: rename old profiles->modules [part 2]

Browse source
This commit is contained in:
Leon Schwarzäugl 2025-03-27 01:47:14 +01:00
parent de9b5cf40c
commit 289f072c13
Signed by: swarsel
GPG key ID: 26A54C31F2A4FD84
138 changed files with 355 additions and 355 deletions
Download patch file Download diff file Expand all files Collapse all files

10
profiles/darwin/home/default.nix
View file

@ -1,10 +0,0 @@
{ self, ... }:
let
profilesPath = "${self}/profiles";
in
{
imports = [
"${profilesPath}/home/common/settings.nix"
"${profilesPath}/home/common/sharedsetup.nix"
];
}

14
profiles/darwin/nixos/default.nix
View file

@ -1,14 +0,0 @@
_:
{
nix.settings.experimental-features = "nix-command flakes";
nixpkgs = {
hostPlatform = "x86_64-darwin";
overlays = [ outputs.overlays.default ];
config = {
allowUnfree = true;
};
};
system.stateVersion = 4;
}

30
profiles/home/common/custom-packages.nix
View file

@ -1,30 +0,0 @@
{ config, pkgs, ... }:
{
home.packages = with pkgs; lib.mkIf (!config.swarselsystems.isPublic) [
pass-fuzzel
cura5
cdw
cdb
bak
timer
e
swarselcheck
waybarupdate
opacitytoggle
fs-diff
github-notifications
hm-specialisation
t2ts
ts2t
vershell
eontimer
project
fhs
swarsel-bootstrap
swarsel-displaypower
swarselzellij
rustdesk-vbc
];
}

7
profiles/home/common/default.nix
View file

@ -1,7 +0,0 @@
{ lib, ... }:
let
importNames = lib.swarselsystems.readNix "profiles/home/common";
in
{
imports = lib.swarselsystems.mkImports importNames "profiles/home/common";
}

92
profiles/home/common/desktop.nix
View file

@ -1,92 +0,0 @@
_:
{
xdg.desktopEntries = {
cura = {
name = "Ultimaker Cura";
genericName = "Cura";
exec = "cura";
terminal = false;
categories = [ "Application" ];
};
rustdesk-vbc = {
name = "Rustdesk VBC";
genericName = "rustdesk-vbc";
exec = "rustdesk-vbc";
terminal = false;
categories = [ "Application" ];
};
anki = {
name = "Anki Flashcards";
genericName = "Anki";
exec = "anki";
terminal = false;
categories = [ "Application" ];
};
element = {
name = "Element Matrix Client";
genericName = "Element";
exec = "element-desktop -enable-features=UseOzonePlatform -ozone-platform=wayland --disable-gpu-driver-bug-workarounds";
terminal = false;
categories = [ "Application" ];
};
emacsclient-newframe = {
name = "Emacs (Client, New Frame)";
genericName = "Emacs (Client, New Frame)";
exec = "emacsclient -r %u";
icon = "emacs";
terminal = false;
categories = [ "Development" "TextEditor" ];
};
};
xdg.mimeApps = {
enable = true;
defaultApplications = {
"x-scheme-handler/http" = [ "firefox.desktop" ];
"x-scheme-handler/https" = [ "firefox.desktop" ];
"x-scheme-handler/chrome" = [ "firefox.desktop" ];
"text/plain" = [ "emacsclient.desktop" ];
"text/csv" = [ "emacsclient.desktop" ];
"text/html" = [ "firefox.desktop" ];
"application/x-extension-htm" = [ "firefox.desktop" ];
"application/x-extension-html" = [ "firefox.desktop" ];
"application/x-extension-shtml" = [ "firefox.desktop" ];
"application/xhtml+xml" = [ "firefox.desktop" ];
"application/x-extension-xhtml" = [ "firefox.desktop" ];
"application/x-extension-xht" = [ "firefox.desktop" ];
"image/png" = [ "imv.desktop" ];
"image/jpeg" = [ "imv.desktop" ];
"image/gif" = [ "imv.desktop" ];
"image/svg" = [ "imv.desktop" ];
"image/webp" = [ "firefox.desktop" ];
"image/vnd.adobe.photoshop" = [ "gimp.desktop" ];
"image/vnd.dxf" = [ "org.inkscape.Inkscape.desktop" ];
"audio/flac" = [ "mpv.desktop" ];
"audio/mp3" = [ "mpv.desktop" ];
"audio/ogg" = [ "mpv.desktop" ];
"audio/wav" = [ "mpv.desktop" ];
"video/mp4" = [ "umpv.desktop" ];
"video/mkv" = [ "umpv.desktop" ];
"video/flv" = [ "umpv.desktop" ];
"video/3gp" = [ "umpv.desktop" ];
"application/pdf" = [ "org.gnome.Evince.desktop" ];
"application/metalink+xml" = [ "emacsclient.desktop" ];
"application/sql" = [ "emacsclient.desktop" ];
"application/vnd.ms-powerpoint" = [ "impress.desktop" ];
"application/msword" = [ "writer.desktop" ];
"application/vnd.ms-excel" = [ "calc.desktop" ];
};
associations = {
added = {
"application/x-zerosize" = [ "emacsclient.desktop" ];
};
};
};
}

8
profiles/home/common/direnv.nix
View file

@ -1,8 +0,0 @@
_:
{
programs.direnv = {
enable = true;
silent = true;
nix-direnv.enable = true;
};
}

77
profiles/home/common/emacs.nix
View file

@ -1,77 +0,0 @@
{ self, lib, config, pkgs, ... }:
let
inherit (config.swarselsystems) homeDir isPublic;
in
{
# needed for elfeed
sops.secrets.fever = lib.mkIf (!isPublic) { path = "${homeDir}/.emacs.d/.fever"; };
# enable emacs overlay for bleeding edge features
# also read init.el file and install use-package packages
programs.emacs = {
enable = true;
package = pkgs.emacsWithPackagesFromUsePackage {
config = self + /programs/emacs/init.el;
package = pkgs.emacs-git-pgtk;
alwaysEnsure = true;
alwaysTangle = true;
extraEmacsPackages = epkgs: [
epkgs.mu4e
epkgs.use-package
epkgs.lsp-bridge
epkgs.doom-themes
epkgs.vterm
epkgs.treesit-grammars.with-all-grammars
# build the rest of the packages myself
# org-calfw is severely outdated on MELPA and throws many warnings on emacs startup
# build the package from the haji-ali fork, which is well-maintained
(epkgs.trivialBuild rec {
pname = "eglot-booster";
version = "main-29-10-2024";
src = pkgs.fetchFromGitHub {
owner = "jdtsmith";
repo = "eglot-booster";
rev = "e6daa6bcaf4aceee29c8a5a949b43eb1b89900ed";
hash = "sha256-PLfaXELkdX5NZcSmR1s/kgmU16ODF8bn56nfTh9g6bs=";
};
packageRequires = [ epkgs.jsonrpc epkgs.eglot ];
})
(epkgs.trivialBuild rec {
pname = "calfw";
version = "1.0.0-20231002";
src = pkgs.fetchFromGitHub {
owner = "haji-ali";
repo = "emacs-calfw";
rev = "bc99afee611690f85f0cd0bd33300f3385ddd3d3";
hash = "sha256-0xMII1KJhTBgQ57tXJks0ZFYMXIanrOl9XyqVmu7a7Y=";
};
packageRequires = [ epkgs.howm ];
})
(epkgs.trivialBuild rec {
pname = "fast-scroll";
version = "1.0.0-20191016";
src = pkgs.fetchFromGitHub {
owner = "ahungry";
repo = "fast-scroll";
rev = "3f6ca0d5556fe9795b74714304564f2295dcfa24";
hash = "sha256-w1wmJW7YwXyjvXJOWdN2+k+QmhXr4IflES/c2bCX3CI=";
};
packageRequires = [ ];
})
];
};
};
services.emacs = {
enable = true;
socketActivation.enable = false;
startWithUserSession = "graphical";
};
}

26
profiles/home/common/env.nix
View file

@ -1,26 +0,0 @@
{ lib, config, nix-secrets, ... }:
let
secretsDirectory = builtins.toString nix-secrets;
leonMail = lib.swarselsystems.getSecret "${secretsDirectory}/mail/leon";
nautilusMail = lib.swarselsystems.getSecret "${secretsDirectory}/mail/nautilus";
mrswarselMail = lib.swarselsystems.getSecret "${secretsDirectory}/mail/mrswarsel";
swarselMail = lib.swarselsystems.getSecret "${secretsDirectory}/mail/swarsel";
fullName = lib.swarselsystems.getSecret "${secretsDirectory}/info/fullname";
allMailAddresses = lib.swarselsystems.getSecret "${secretsDirectory}/mail/list";
in
{
home.sessionVariables = {
EDITOR = "e -w";
DISPLAY = ":0";
SWARSEL_LO_RES = config.swarselsystems.lowResolution;
SWARSEL_HI_RES = config.swarselsystems.highResolution;
};
systemd.user.sessionVariables = {
SWARSEL_LEON_MAIL = leonMail;
SWARSEL_NAUTILUS_MAIL = nautilusMail;
SWARSEL_MRSWARSEL_MAIL = mrswarselMail;
SWARSEL_SWARSEL_MAIL = swarselMail;
SWARSEL_FULLNAME = fullName;
SWARSEL_MAIL_ALL = allMailAddresses;
};
}

12
profiles/home/common/eza.nix
View file

@ -1,12 +0,0 @@
_:
{
programs.eza = {
enable = true;
icons = "auto";
git = true;
extraOptions = [
"-l"
"--group-directories-first"
];
};
}

147
profiles/home/common/firefox.nix
View file

@ -1,147 +0,0 @@
{ config, pkgs, lib, ... }:
{
programs.firefox = {
enable = true;
package = pkgs.firefox; # uses overrides
policies = {
# CaptivePortal = false;
AppAutoUpdate = false;
BackgroundAppUpdate = false;
DisableBuiltinPDFViewer = true;
DisableFirefoxStudies = true;
DisablePocket = true;
DisableFirefoxScreenshots = true;
DisableTelemetry = true;
DisableFirefoxAccounts = false;
DisableProfileImport = true;
DisableProfileRefresh = true;
DisplayBookmarksToolbar = "always";
DontCheckDefaultBrowser = true;
NoDefaultBookmarks = true;
OfferToSaveLogins = false;
OfferToSaveLoginsDefault = false;
PasswordManagerEnabled = false;
DisableMasterPasswordCreation = true;
ExtensionUpdate = false;
EnableTrackingProtection = {
Value = true;
Locked = true;
Cryptomining = true;
Fingerprinting = true;
EmailTracking = true;
# Exceptions = ["https://example.com"]
};
PDFjs = {
Enabled = false;
EnablePermissions = false;
};
Handlers = {
mimeTypes."application/pdf".action = "saveToDisk";
};
extensions = {
pdf = {
action = "useHelperApp";
ask = true;
handlers = [
{
name = "GNOME Document Viewer";
path = "${pkgs.evince}/bin/evince";
}
];
};
};
FirefoxHome = {
Search = true;
TopSites = true;
SponsoredTopSites = false;
Highlights = true;
Pocket = false;
SponsoredPocket = false;
Snippets = false;
Locked = true;
};
FirefoxSuggest = {
WebSuggestions = false;
SponsoredSuggestions = false;
ImproveSuggest = false;
Locked = true;
};
SanitizeOnShutdown = {
Cache = true;
Cookies = false;
Downloads = true;
FormData = true;
History = false;
Sessions = false;
SiteSettings = false;
OfflineApps = true;
Locked = true;
};
SearchEngines = {
PreventInstalls = true;
Remove = [
"Bing" # Fuck you
];
};
UserMessaging = {
ExtensionRecommendations = false; # Dont recommend extensions while the user is visiting web pages
FeatureRecommendations = false; # Dont recommend browser features
Locked = true; # Prevent the user from changing user messaging preferences
MoreFromMozilla = false; # Dont show the “More from Mozilla” section in Preferences
SkipOnboarding = true; # Dont show onboarding messages on the new tab page
UrlbarInterventions = false; # Dont offer suggestions in the URL bar
WhatsNew = false; # Remove the “Whats New” icon and menuitem
};
ExtensionSettings = {
"3rdparty".Extensions = {
# https://github.com/gorhill/uBlock/blob/master/platform/common/managed_storage.json
"uBlock0@raymondhill.net".adminSettings = {
userSettings = rec {
uiTheme = "dark";
uiAccentCustom = true;
uiAccentCustom0 = "#0C8084";
cloudStorageEnabled = lib.mkForce false;
importedLists = [
"https://filters.adtidy.org/extension/ublock/filters/3.txt"
"https://github.com/DandelionSprout/adfilt/raw/master/LegitimateURLShortener.txt"
];
externalLists = lib.concatStringsSep "\n" importedLists;
};
selectedFilterLists = [
"CZE-0"
"adguard-generic"
"adguard-annoyance"
"adguard-social"
"adguard-spyware-url"
"easylist"
"easyprivacy"
"https://github.com/DandelionSprout/adfilt/raw/master/LegitimateURLShortener.txt"
"plowe-0"
"ublock-abuse"
"ublock-badware"
"ublock-filters"
"ublock-privacy"
"ublock-quick-fixes"
"ublock-unbreak"
"urlhaus-1"
];
};
};
};
};
profiles = {
default = lib.recursiveUpdate
{
id = 0;
isDefault = true;
settings = {
"browser.startup.homepage" = "https://outlook.office.com|https://satellite.vbc.ac.at|https://bitbucket.vbc.ac.at|https://github.com";
};
}
config.swarselsystems.firefox;
};
};
}

14
profiles/home/common/fuzzel.nix
View file

@ -1,14 +0,0 @@
_:
{
programs.fuzzel = {
enable = true;
settings = {
main = {
layer = "overlay";
lines = "10";
width = "40";
};
border.radius = "0";
};
};
}

12
profiles/home/common/gammastep.nix
View file

@ -1,12 +0,0 @@
{ lib, nix-secrets, ... }:
let
secretsDirectory = builtins.toString nix-secrets;
in
{
services.gammastep = {
enable = true;
provider = "manual";
latitude = lib.swarselsystems.getSecret "${secretsDirectory}/home/gammastep-latitude";
longitude = lib.swarselsystems.getSecret "${secretsDirectory}/home/gammastep-longitude";
};
}

44
profiles/home/common/git.nix
View file

@ -1,44 +0,0 @@
{ lib, nix-secrets, ... }:
let
secretsDirectory = builtins.toString nix-secrets;
leonMail = lib.swarselsystems.getSecret "${secretsDirectory}/mail/leon";
fullName = lib.swarselsystems.getSecret "${secretsDirectory}/info/fullname";
in
{
programs.git = {
enable = true;
aliases = {
a = "add";
c = "commit";
cl = "clone";
co = "checkout";
b = "branch";
i = "init";
m = "merge";
s = "status";
r = "restore";
p = "pull";
pp = "push";
};
signing = {
key = "0x76FD3810215AE097";
signByDefault = true;
};
userEmail = lib.mkDefault leonMail;
userName = fullName;
difftastic.enable = true;
lfs.enable = true;
includes = [
{
contents = {
github = {
user = "Swarsel";
};
commit = {
template = "~/.gitmessage";
};
};
}
];
};
}

6
profiles/home/common/gnome-keyring.nix
View file

@ -1,6 +0,0 @@
{ lib, config, ... }:
{
services.gnome-keyring = lib.mkIf (!config.swarselsystems.isNixos) {
enable = true;
};
}

39
profiles/home/common/gpg-agent.nix
View file

@ -1,39 +0,0 @@
{ self, config, pkgs, ... }:
let
inherit (config.swarselsystems) mainUser homeDir;
in
{
services.gpg-agent = {
enable = true;
enableZshIntegration = true;
enableScDaemon = true;
enableSshSupport = true;
enableExtraSocket = true;
pinentryPackage = pkgs.pinentry.gtk2;
defaultCacheTtl = 600;
maxCacheTtl = 7200;
extraConfig = ''
allow-loopback-pinentry
allow-emacs-pinentry
'';
sshKeys = [
"4BE7925262289B476DBBC17B76FD3810215AE097"
];
};
programs.gpg = {
enable = true;
publicKeys = [
{
source = "${self}/secrets/keys/gpg/gpg-public-key-0x76FD3810215AE097.asc";
trust = 5;
}
];
};
# assure correct permissions
systemd.user.tmpfiles.rules = [
"d ${homeDir}/.gnupg 700 ${mainUser} users"
];
}

73
profiles/home/common/kanshi.nix
View file

@ -1,73 +0,0 @@
{ config, ... }:
{
services.kanshi = {
enable = true;
settings = [
{
# laptop screen
output = {
criteria = config.swarselsystems.sharescreen;
mode = config.swarselsystems.highResolution;
scale = 1.0;
};
}
{
# home main screen
output = {
criteria = "Philips Consumer Electronics Company PHL BDM3270 AU11806002320";
scale = 1.0;
mode = "2560x1440";
};
}
{
profile = {
name = "lidopen";
outputs = [
{
criteria = "eDP-2";
status = "enable";
scale = 1.0;
}
];
};
}
{
profile = {
name = "lidopen";
outputs = [
{
criteria = config.swarselsystems.sharescreen;
status = "enable";
scale = 1.7;
position = "2560,0";
}
{
criteria = "Philips Consumer Electronics Company PHL BDM3270 AU11806002320";
scale = 1.0;
mode = "2560x1440";
position = "0,0";
}
];
};
}
{
profile = {
name = "lidclosed";
outputs = [
{
criteria = config.swarselsystems.sharescreen;
status = "disable";
position = "2560,0";
}
{
criteria = "Philips Consumer Electronics Company PHL BDM3270 AU11806002320";
scale = 1.0;
mode = "2560x1440";
position = "0,0";
}
];
};
}
];
};
}

8
profiles/home/common/kdeconnect.nix
View file

@ -1,8 +0,0 @@
_:
{
services.kdeconnect = {
enable = true;
indicator = true;
};
}

12
profiles/home/common/kitty.nix
View file

@ -1,12 +0,0 @@
_:
{
programs.kitty = {
enable = true;
keybindings = { };
settings = {
scrollback_lines = 10000;
enable_audio_bell = false;
notify_on_cmd_finish = "always 20";
};
};
}

145
profiles/home/common/mail.nix
View file

@ -1,145 +0,0 @@
{ lib, config, nix-secrets, ... }:
let
secretsDirectory = builtins.toString nix-secrets;
leonMail = lib.swarselsystems.getSecret "${secretsDirectory}/mail/leon";
nautilusMail = lib.swarselsystems.getSecret "${secretsDirectory}/mail/nautilus";
mrswarselMail = lib.swarselsystems.getSecret "${secretsDirectory}/mail/mrswarsel";
swarselMail = lib.swarselsystems.getSecret "${secretsDirectory}/mail/swarsel";
fullName = lib.swarselsystems.getSecret "${secretsDirectory}/info/fullname";
in
{
programs = {
mbsync = {
enable = true;
};
msmtp = {
enable = true;
};
mu = {
enable = true;
};
};
services.mbsync = {
enable = true;
};
# this is needed so that mbsync can use the passwords from sops
systemd.user.services.mbsync.Unit.After = [ "sops-nix.service" ];
accounts = lib.mkIf (!config.swarselsystems.isPublic) {
email = {
maildirBasePath = "Mail";
accounts = {
leon = {
primary = true;
address = leonMail;
userName = leonMail;
realName = fullName;
passwordCommand = "cat ${config.sops.secrets.leon.path}";
gpg = {
key = "0x76FD3810215AE097";
signByDefault = true;
};
imap.host = "imap.gmail.com";
smtp.host = "smtp.gmail.com";
mu.enable = true;
msmtp = {
enable = true;
};
mbsync = {
enable = true;
create = "maildir";
expunge = "both";
patterns = [ "*" "![Gmail]*" "[Gmail]/Sent Mail" "[Gmail]/Starred" "[Gmail]/All Mail" ];
extraConfig = {
channel = {
Sync = "All";
};
account = {
Timeout = 120;
PipelineDepth = 1;
};
};
};
};
swarsel = {
address = swarselMail;
userName = "8227dc594dd515ce232eda1471cb9a19";
realName = fullName;
passwordCommand = "cat ${config.sops.secrets.swarselmail.path}";
smtp = {
host = "in-v3.mailjet.com";
port = 587;
tls = {
enable = true;
useStartTls = true;
};
};
mu.enable = false;
msmtp = {
enable = true;
};
mbsync = {
enable = false;
};
};
nautilus = {
primary = false;
address = nautilusMail;
userName = nautilusMail;
realName = "Nautilus";
passwordCommand = "cat ${config.sops.secrets.nautilus.path}";
imap.host = "imap.gmail.com";
smtp.host = "smtp.gmail.com";
msmtp.enable = true;
mu.enable = true;
mbsync = {
enable = true;
create = "maildir";
expunge = "both";
patterns = [ "*" "![Gmail]*" "[Gmail]/Sent Mail" "[Gmail]/Starred" "[Gmail]/All Mail" ];
extraConfig = {
channel = {
Sync = "All";
};
account = {
Timeout = 120;
PipelineDepth = 1;
};
};
};
};
mrswarsel = {
primary = false;
address = mrswarselMail;
userName = mrswarselMail;
realName = "Swarsel";
passwordCommand = "cat ${config.sops.secrets.mrswarsel.path}";
imap.host = "imap.gmail.com";
smtp.host = "smtp.gmail.com";
msmtp.enable = true;
mu.enable = true;
mbsync = {
enable = true;
create = "maildir";
expunge = "both";
patterns = [ "*" "![Gmail]*" "[Gmail]/Sent Mail" "[Gmail]/Starred" "[Gmail]/All Mail" ];
extraConfig = {
channel = {
Sync = "All";
};
account = {
Timeout = 120;
PipelineDepth = 1;
};
};
};
};
};
};
};
}

31
profiles/home/common/mako.nix
View file

@ -1,31 +0,0 @@
_:
{
services.mako = {
enable = true;
# backgroundColor = "#2e3440";
# borderColor = "#88c0d0";
borderRadius = 15;
borderSize = 1;
defaultTimeout = 5000;
height = 150;
icons = true;
ignoreTimeout = true;
layer = "overlay";
maxIconSize = 64;
sort = "-time";
width = 300;
# font = "monospace 10";
extraConfig = ''
[urgency=low]
border-color=#cccccc
[urgency=normal]
border-color=#d08770
[urgency=high]
border-color=#bf616a
default-timeout=3000
[category=mpd]
default-timeout=2000
group-by=category
'';
};
}

21
profiles/home/common/nix-index.nix
View file

@ -1,21 +0,0 @@
{ self, pkgs, ... }:
{
programs.nix-index =
let
commandNotFound = pkgs.runCommandLocal "command-not-found.sh" { } ''
mkdir -p $out/etc/profile.d
substitute ${self + /scripts/command-not-found.sh} \
$out/etc/profile.d/command-not-found.sh \
--replace-fail @nix-locate@ ${pkgs.nix-index}/bin/nix-locate \
--replace-fail @tput@ ${pkgs.ncurses}/bin/tput
'';
in
{
enable = true;
package = pkgs.symlinkJoin {
name = "nix-index";
paths = [ commandNotFound ];
};
};
}

26
profiles/home/common/nixgl.nix
View file

@ -1,26 +0,0 @@
{ lib, config, nixgl, ... }:
{
options.swarselsystems = {
isSecondaryGpu = lib.mkEnableOption "device has a secondary GPU";
SecondaryGpuCard = lib.mkOption {
type = lib.types.str;
default = "";
};
};
config = {
nixGL = lib.mkIf (!config.swarselsystems.isNixos) {
inherit (nixgl) packages;
defaultWrapper = lib.mkDefault "mesa";
vulkan.enable = lib.mkDefault false;
prime = lib.mkIf config.swarselsystem.isSecondaryGpu {
card = config.swarselsystem.secondaryGpuCard;
installScript = "mesa";
};
offloadWrapper = lib.mkIf config.swarselsystem.isSecondaryGpu "mesaPrime";
installScripts = [
"mesa"
"mesaPrime"
];
};
};
}

179
profiles/home/common/packages.nix
View file

@ -1,179 +0,0 @@
{ pkgs, ... }:
{
home.packages = with pkgs; [
# audio stuff
spek # spectrum analyzer
losslessaudiochecker
ffmpeg_7-full
flac
mediainfo
picard-tools
audacity
sox
stable.feishin
calibre
# printing
cups
simple-scan
# dict
(aspellWithDicts (dicts: with dicts; [ de en en-computers en-science ]))
# browser
vieb
mgba
# utilities
util-linux
nmap
lsof
nvd
nix-output-monitor
hyprpicker # color picker
findutils
units
vim
sshfs
fuse
ventoy
poppler_utils
# nix
alejandra
nixpkgs-fmt
deadnix
statix
nix-tree
nix-diff
nix-visualize
nix-init
nix-inspect
nixpkgs-review
manix
comma
# shellscripts
shfmt
# local file sharing
wormhole-rs
# b2 backup @backblaze
restic
# "big" programs
gimp
inkscape
zoom-us
# nomacs
libreoffice-qt
xournalpp
obsidian
spotify
vesktop # discord client
nextcloud-client
spotify-player
element-desktop
nicotine-plus
stable.transmission_3
mktorrent
hexchat
hugo
# kyria
qmk
qmk-udev-rules
# firefox related
tridactyl-native
# mako related
mako
libnotify
# general utilities
unrar
samba
cifs-utils
zbar # qr codes
readline
autotiling
brightnessctl
libappindicator-gtk3
sqlite
speechd
networkmanagerapplet
psmisc # kill etc
lm_sensors
# jq # used for searching the i3 tree in check<xxx>.sh files
# specifically needed for anki
# mpv
anki-bin
# dirvish file previews
fd
imagemagick
# poppler
ffmpegthumbnailer
mediainfo
gnutar
unzip
#nautilus
stable.nautilus
xfce.tumbler
libgsf
# wayland stuff
wtype
wl-clipboard
stable.wl-mirror
wf-recorder
kanshi
# screenshotting tools
grim
slurp
# the following packages are used (in some way) by waybar
playerctl
pavucontrol
stable.pamixer
# gnome.gnome-clocks
# wlogout
# jdiskreport
# monitor
#keychain
qalculate-gtk
gcr # needed for gnome-secrets to work
seahorse
# sops-related
sops
ssh-to-age
# mail related packages
mu
# latex and related packages
(texlive.combine {
inherit (pkgs.texlive) scheme-full
dvisvgm dvipng# for preview and export as html
wrapfig amsmath ulem hyperref capt-of;
})
# font stuff
nerd-fonts.fira-mono
nerd-fonts.fira-code
nerd-fonts.symbols-only
noto-fonts-emoji
font-awesome_5
noto-fonts
noto-fonts-cjk-sans
];
}

10
profiles/home/common/password-store.nix
View file

@ -1,10 +0,0 @@
{ pkgs, ... }:
{
programs.password-store = {
enable = true;
settings = {
PASSWORD_STORE_DIR = "$HOME/.local/share/password-store";
};
package = pkgs.pass.withExtensions (exts: [ exts.pass-otp ]);
};
}

22
profiles/home/common/programs.nix
View file

@ -1,22 +0,0 @@
{ pkgs, ... }:
{
programs = {
bottom.enable = true;
imv.enable = true;
sioyek.enable = true;
bat = {
enable = true;
extraPackages = with pkgs.bat-extras; [ batdiff batman batgrep batwatch ];
};
carapace.enable = true;
wlogout.enable = true;
swayr.enable = true;
yt-dlp.enable = true;
mpv.enable = true;
jq.enable = true;
ripgrep.enable = true;
pandoc.enable = true;
fzf.enable = true;
zoxide.enable = true;
};
}

44
profiles/home/common/settings.nix
View file

@ -1,44 +0,0 @@
{ lib, config, ... }:
let
inherit (config.swarselsystems) mainUser;
in
{
nix = lib.mkIf (!config.swarselsystems.isNixos) {
settings = {
experimental-features = [
"nix-command"
"flakes"
"ca-derivations"
"cgroups"
"pipe-operators"
];
trusted-users = [ "@wheel" "${mainUser}" ];
connect-timeout = 5;
bash-prompt-prefix = "$SHLVL:\\w ";
bash-prompt = "$(if [[ $? -gt 0 ]]; then printf \"\"; else printf \"\"; fi)\[\e[1m\]λ\[\e[0m\] ";
fallback = true;
min-free = 128000000;
max-free = 1000000000;
auto-optimise-store = true;
warn-dirty = false;
max-jobs = 1;
use-cgroups = lib.mkIf config.swarselsystems.isLinux true;
};
};
nixpkgs.overlays = lib.mkIf config.swarselsystems.isNixos (lib.mkForce null);
programs.home-manager.enable = lib.mkIf (!config.swarselsystems.isNixos) true;
targets.genericLinux.enable = lib.mkIf (!config.swarselsystems.isNixos) true;
home = {
username = lib.mkDefault mainUser;
homeDirectory = lib.mkDefault "/home/${mainUser}";
stateVersion = lib.mkDefault "23.05";
keyboard.layout = "us";
sessionVariables = {
FLAKE = "/home/${mainUser}/.dotfiles";
};
};
}

255
profiles/home/common/sharedsetup.nix
View file

@ -1,255 +0,0 @@
{ self, lib, pkgs, ... }:
let
lock-false = {
Value = false;
Status = "locked";
};
lock-true = {
Value = true;
Status = "locked";
};
in
{
options.swarselsystems = {
isLaptop = lib.mkEnableOption "laptop host";
isNixos = lib.mkEnableOption "nixos host";
isPublic = lib.mkEnableOption "is a public machine (no secrets)";
isDarwin = lib.mkEnableOption "darwin host";
isLinux = lib.mkEnableOption "whether this is a linux machine";
isBtrfs = lib.mkEnableOption "use btrfs filesystem";
mainUser = lib.mkOption {
type = lib.types.str;
default = "swarsel";
};
homeDir = lib.mkOption {
type = lib.types.str;
default = "/home/swarsel";
};
xdgDir = lib.mkOption {
type = lib.types.str;
default = "/run/user/1000";
};
flakePath = lib.mkOption {
type = lib.types.str;
default = "/home/swarsel/.dotfiles";
};
wallpaper = lib.mkOption {
type = lib.types.path;
default = "${self}/wallpaper/lenovowp.png";
};
sharescreen = lib.mkOption {
type = lib.types.str;
default = "";
};
lowResolution = lib.mkOption {
type = lib.types.str;
default = "";
};
highResolution = lib.mkOption {
type = lib.types.str;
default = "";
};
stylix = lib.mkOption {
type = lib.types.attrs;
default = {
enable = true;
base16Scheme = "${self}/programs/stylix/swarsel.yaml";
polarity = "dark";
opacity.popups = 0.5;
cursor = {
package = pkgs.banana-cursor;
# package = pkgs.capitaine-cursors;
name = "Banana";
# name = "capitaine-cursors";
size = 16;
};
fonts = {
sizes = {
terminal = 10;
applications = 11;
};
serif = {
# package = (pkgs.nerdfonts.override { fonts = [ "FiraMono" "FiraCode"]; });
package = pkgs.cantarell-fonts;
# package = pkgs.montserrat;
name = "Cantarell";
# name = "FiraCode Nerd Font Propo";
# name = "Montserrat";
};
sansSerif = {
# package = (pkgs.nerdfonts.override { fonts = [ "FiraMono" "FiraCode"]; });
package = pkgs.cantarell-fonts;
# package = pkgs.montserrat;
name = "Cantarell";
# name = "FiraCode Nerd Font Propo";
# name = "Montserrat";
};
monospace = {
package = pkgs.nerd-fonts.fira-mono; # has overrides
name = "FiraCode Nerd Font Mono";
};
emoji = {
package = pkgs.noto-fonts-emoji;
name = "Noto Color Emoji";
};
};
};
};
stylixHomeTargets = lib.mkOption {
type = lib.types.attrs;
default = {
emacs.enable = false;
waybar.enable = false;
sway.useWallpaper = false;
firefox.profileNames = [ "default" ];
};
};
firefox = lib.mkOption {
type = lib.types.attrs;
default = {
userChrome = builtins.readFile "${self}/programs/firefox/chrome/userChrome.css";
extensions = {
packages = with pkgs.nur.repos.rycee.firefox-addons; [
tridactyl
tampermonkey
sidebery
browserpass
clearurls
darkreader
enhancer-for-youtube
istilldontcareaboutcookies
translate-web-pages
ublock-origin
reddit-enhancement-suite
sponsorblock
web-archives
onepassword-password-manager
single-file
widegithub
enhanced-github
unpaywall
don-t-fuck-with-paste
plasma-integration
noscript
# configure a shortcut 'ctrl+shift+c' with behaviour 'do nothing' in order to disable the dev console shortcut
(buildFirefoxXpiAddon {
pname = "shortkeys";
version = "4.0.2";
addonId = "Shortkeys@Shortkeys.com";
url = "https://addons.mozilla.org/firefox/downloads/file/3673761/shortkeys-4.0.2.xpi";
sha256 = "c6fe12efdd7a871787ac4526eea79ecc1acda8a99724aa2a2a55c88a9acf467c";
meta = with lib;
{
description = "Easily customizable custom keyboard shortcuts for Firefox. To configure this addon go to Addons (ctrl+shift+a) ->Shortkeys ->Options. Report issues here (please specify that the issue is found in Firefox): https://github.com/mikecrittenden/shortkeys";
mozPermissions = [
"tabs"
"downloads"
"clipboardWrite"
"browsingData"
"storage"
"bookmarks"
"sessions"
"<all_urls>"
];
platforms = platforms.all;
};
})
];
};
settings =
{
"extensions.autoDisableScopes" = 0;
"browser.bookmarks.showMobileBookmarks" = lock-true;
"toolkit.legacyUserProfileCustomizations.stylesheets" = lock-true;
"browser.search.suggest.enabled" = lock-false;
"browser.search.suggest.enabled.private" = lock-false;
"browser.urlbar.suggest.searches" = lock-false;
"browser.urlbar.showSearchSuggestionsFirst" = lock-false;
"browser.topsites.contile.enabled" = lock-false;
"browser.newtabpage.activity-stream.feeds.section.topstories" = lock-false;
"browser.newtabpage.activity-stream.feeds.snippets" = lock-false;
"browser.newtabpage.activity-stream.section.highlights.includePocket" = lock-false;
"browser.newtabpage.activity-stream.section.highlights.includeBookmarks" = lock-false;
"browser.newtabpage.activity-stream.section.highlights.includeDownloads" = lock-false;
"browser.newtabpage.activity-stream.section.highlights.includeVisited" = lock-false;
"browser.newtabpage.activity-stream.showSponsored" = lock-false;
"browser.newtabpage.activity-stream.system.showSponsored" = lock-false;
"browser.newtabpage.activity-stream.showSponsoredTopSites" = lock-false;
};
search = {
# default = "Kagi";
default = "Google";
# privateDefault = "Kagi";
privateDefault = "Google";
engines = {
"Kagi" = {
urls = [{
template = "https://kagi.com/search";
params = [
{ name = "q"; value = "{searchTerms}"; }
];
}];
iconUpdateURL = "https://kagi.com/favicon.ico";
updateInterval = 24 * 60 * 60 * 1000; # every day
definedAliases = [ "@k" ];
};
"Nix Packages" = {
urls = [{
template = "https://search.nixos.org/packages";
params = [
{ name = "type"; value = "packages"; }
{ name = "query"; value = "{searchTerms}"; }
];
}];
icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg";
definedAliases = [ "@np" ];
};
"NixOS Wiki" = {
urls = [{
template = "https://nixos.wiki/index.php?search={searchTerms}";
}];
iconUpdateURL = "https://nixos.wiki/favicon.png";
updateInterval = 24 * 60 * 60 * 1000; # every day
definedAliases = [ "@nw" ];
};
"NixOS Options" = {
urls = [{
template = "https://search.nixos.org/options";
params = [
{ name = "query"; value = "{searchTerms}"; }
];
}];
icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg";
definedAliases = [ "@no" ];
};
"Home Manager Options" = {
urls = [{
template = "https://home-manager-options.extranix.com/";
params = [
{ name = "query"; value = "{searchTerms}"; }
];
}];
icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg";
definedAliases = [ "@hm" "@ho" "@hmo" ];
};
"Google".metaData.alias = "@g";
};
force = true; # this is required because otherwise the search.json.mozlz4 symlink gets replaced on every firefox restart
};
};
};
};
}

20
profiles/home/common/sops.nix
View file

@ -1,20 +0,0 @@
{ config, lib, ... }:
let
inherit (config.swarselsystems) homeDir xdgDir;
in
{
sops = lib.mkIf (!config.swarselsystems.isPublic) {
age.sshKeyPaths = [ "${homeDir}/.ssh/sops" "${homeDir}/.ssh/ssh_host_ed25519_key" ];
defaultSopsFile = lib.swarselsystems.mkIfElseList config.swarselsystems.isBtrfs "/persist/.dotfiles/secrets/general/secrets.yaml" "${homeDir}/.dotfiles/secrets/general/secrets.yaml";
validateSopsFiles = false;
secrets = {
mrswarsel = { path = "${xdgDir}/secrets/mrswarsel"; };
nautilus = { path = "${xdgDir}/secrets/nautilus"; };
leon = { path = "${xdgDir}/secrets/leon"; };
swarselmail = { path = "${xdgDir}/secrets/swarselmail"; };
github_notif = { path = "${xdgDir}/secrets/github_notif"; };
u2f_keys = { path = "${homeDir}/.config/Yubico/u2f_keys"; };
};
};
}

37
profiles/home/common/ssh.nix
View file

@ -1,37 +0,0 @@
_:
{
programs.ssh = {
enable = true;
forwardAgent = true;
extraConfig = ''
SetEnv TERM=xterm-256color
ServerAliveInterval 20
'';
matchBlocks = {
"pfsense" = {
hostname = "192.168.1.1";
user = "root";
};
"winters" = {
hostname = "192.168.1.2";
user = "swarsel";
};
"minecraft" = {
hostname = "130.61.119.129";
user = "opc";
};
"sync" = {
hostname = "193.122.53.173";
user = "root";
};
"songdiver" = {
hostname = "89.168.100.65";
user = "ubuntu";
};
"pkv" = {
hostname = "46.232.248.161";
user = "root";
};
};
};
}

121
profiles/home/common/starship.nix
View file

@ -1,121 +0,0 @@
_:
{
programs.starship = {
enable = true;
enableZshIntegration = true;
settings = {
add_newline = false;
format = "$shlvl$character";
right_format = "$all";
command_timeout = 3000;
directory.substitutions = {
"Documents" = "󰈙 ";
"Downloads" = " ";
"Music" = " ";
"Pictures" = " ";
};
git_status = {
style = "bg:#394260";
format = "[[($all_status$ahead_behind)](fg:#769ff0 bg:#394260)]($style) ";
};
character = {
success_symbol = "[λ](bold green)";
error_symbol = "[λ](bold red)";
};
shlvl = {
disabled = false;
symbol = "";
format = "[$symbol]($style) ";
repeat = true;
repeat_offset = 1;
style = "blue";
};
nix_shell = {
disabled = false;
heuristic = true;
format = "[$symbol$name]($style)";
symbol = " ";
};
aws.symbol = " ";
buf.symbol = " ";
c.symbol = " ";
conda.symbol = " ";
dart.symbol = " ";
directory.read_only = " 󰌾";
docker_context.symbol = " ";
elixir.symbol = " ";
elm.symbol = " ";
fossil_branch.symbol = " ";
git_branch.symbol = " ";
golang.symbol = " ";
guix_shell.symbol = " ";
haskell.symbol = " ";
haxe.symbol = " ";
hg_branch.symbol = " ";
hostname.ssh_symbol = " ";
java.symbol = " ";
julia.symbol = " ";
lua.symbol = " ";
memory_usage.symbol = "󰍛 ";
meson.symbol = "󰔷 ";
nim.symbol = "󰆥 ";
nodejs.symbol = " ";
os.symbols = {
Alpaquita = " ";
Alpine = " ";
Amazon = " ";
Android = " ";
Arch = " ";
Artix = " ";
CentOS = " ";
Debian = " ";
DragonFly = " ";
Emscripten = " ";
EndeavourOS = " ";
Fedora = " ";
FreeBSD = " ";
Garuda = "󰛓 ";
Gentoo = " ";
HardenedBSD = "󰞌 ";
Illumos = "󰈸 ";
Linux = " ";
Mabox = " ";
Macos = " ";
Manjaro = " ";
Mariner = " ";
MidnightBSD = " ";
Mint = " ";
NetBSD = " ";
NixOS = " ";
OpenBSD = "󰈺 ";
openSUSE = " ";
OracleLinux = "󰌷 ";
Pop = " ";
Raspbian = " ";
Redhat = " ";
RedHatEnterprise = " ";
Redox = "󰀘 ";
Solus = "󰠳 ";
SUSE = " ";
Ubuntu = " ";
Unknown = " ";
Windows = "󰍲 ";
};
package.symbol = "󰏗 ";
pijul_channel.symbol = " ";
python.symbol = " ";
rlang.symbol = "󰟔 ";
ruby.symbol = " ";
rust.symbol = " ";
scala.symbol = " ";
};
};
}

9
profiles/home/common/stylix.nix
View file

@ -1,9 +0,0 @@
{ lib, config, ... }:
{
stylix = lib.mkIf (!config.swarselsystems.isNixos) (lib.recursiveUpdate
{
image = config.swarselsystems.wallpaper;
targets = config.swarselsystems.stylixHomeTargets;
}
config.swarselsystems.stylix);
}

399
profiles/home/common/sway.nix
View file

@ -1,399 +0,0 @@
{ self, config, lib, ... }:
{
options.swarselsystems = {
inputs = lib.mkOption {
type = lib.types.attrsOf (lib.types.attrsOf lib.types.str);
default = { };
};
monitors = lib.mkOption {
type = lib.types.attrsOf (lib.types.attrsOf lib.types.str);
default = { };
};
keybindings = lib.mkOption {
type = lib.types.attrsOf lib.types.str;
default = { };
};
startup = lib.mkOption {
type = lib.types.listOf (lib.types.attrsOf lib.types.str);
default = [
{ command = "nextcloud --background"; }
{ command = "vesktop --start-minimized --enable-speech-dispatcher --ozone-platform-hint=auto --enable-features=WaylandWindowDecorations --enable-wayland-ime"; }
{ command = "element-desktop --hidden --enable-features=UseOzonePlatform --ozone-platform=wayland --disable-gpu-driver-bug-workarounds"; }
{ command = "ANKI_WAYLAND=1 anki"; }
{ command = "OBSIDIAN_USE_WAYLAND=1 obsidian"; }
{ command = "nm-applet"; }
{ command = "feishin"; }
];
};
kyria = lib.mkOption {
type = lib.types.attrsOf (lib.types.attrsOf lib.types.str);
default = {
"36125:53060:splitkb.com_splitkb.com_Kyria_rev3" = {
xkb_layout = "us";
xkb_variant = "altgr-intl";
};
"7504:24926:Kyria_Keyboard" = {
xkb_layout = "us";
xkb_variant = "altgr-intl";
};
};
internal = true;
};
standardinputs = lib.mkOption {
type = lib.types.attrsOf (lib.types.attrsOf lib.types.str);
default = lib.recursiveUpdate (lib.recursiveUpdate config.swarselsystems.touchpad config.swarselsystems.kyria) config.swarselsystems.inputs;
internal = true;
};
touchpad = lib.mkOption {
type = lib.types.attrsOf (lib.types.attrsOf lib.types.str);
default = { };
internal = true;
};
swayfxConfig = lib.mkOption {
type = lib.types.str;
default = "
blur enable
blur_xray disable
blur_passes 1
blur_radius 1
shadows enable
corner_radius 2
titlebar_separator disable
default_dim_inactive 0.02
";
internal = true;
};
};
config = {
swarselsystems = {
touchpad = lib.mkIf config.swarselsystems.isLaptop {
"type:touchpad" = {
dwt = "enabled";
tap = "enabled";
natural_scroll = "enabled";
middle_emulation = "enabled";
drag_lock = "disabled";
};
};
swayfxConfig = lib.mkIf (!config.swarselsystems.isNixos) " ";
};
wayland.windowManager.sway = {
enable = true;
checkConfig = false; # delete this line once SwayFX is fixed upstream
package = lib.mkIf config.swarselsystems.isNixos null;
systemd = {
enable = true;
xdgAutostart = true;
};
wrapperFeatures.gtk = true;
config = rec {
modifier = "Mod4";
# terminal = "kitty";
menu = "fuzzel";
bars = [{
command = "waybar";
mode = "hide";
hiddenState = "hide";
position = "top";
extraConfig = "modifier Mod4";
}];
keybindings =
let
inherit (config.wayland.windowManager.sway.config) modifier;
in
lib.recursiveUpdate
{
"${modifier}+q" = "kill";
"${modifier}+f" = "exec firefox";
"${modifier}+Shift+f" = "exec swaymsg fullscreen";
"${modifier}+Space" = "exec fuzzel";
"${modifier}+Shift+Space" = "floating toggle";
"${modifier}+e" = "exec emacsclient -nquc -a emacs -e \"(dashboard-open)\"";
"${modifier}+Shift+m" = "exec emacsclient -nquc -a emacs -e \"(mu4e)\"";
"${modifier}+Shift+c" = "exec emacsclient -nquc -a emacs -e \"(swarsel/open-calendar)\"";
"${modifier}+m" = "exec swaymsg workspace back_and_forth";
"${modifier}+a" = "exec swarselcheck -s";
"${modifier}+x" = "exec swarselcheck -k";
"${modifier}+d" = "exec swarselcheck -d";
"${modifier}+w" = "exec swarselcheck -e";
"${modifier}+Shift+t" = "exec opacitytoggle";
"${modifier}+Shift+F12" = "move scratchpad";
"${modifier}+F12" = "scratchpad show";
"${modifier}+c" = "exec qalculate-gtk";
"${modifier}+p" = "exec pass-fuzzel";
"${modifier}+o" = "exec pass-fuzzel --otp";
"${modifier}+Shift+p" = "exec pass-fuzzel --type";
"${modifier}+Shift+o" = "exec pass-fuzzel --otp --type";
"${modifier}+Ctrl+p" = "exec 1password --quick-acces";
"${modifier}+Escape" = "mode $exit";
"${modifier}+Shift+Escape" = "exec kitty -o confirm_os_window_close=0 btm";
"${modifier}+h" = "exec hyprpicker | wl-copy";
"${modifier}+s" = "exec grim -g \"$(slurp)\" -t png - | wl-copy -t image/png";
"${modifier}+Shift+s" = "exec slurp | grim -g - Pictures/Screenshots/$(date +'screenshot_%Y-%m-%d-%H%M%S.png')";
"${modifier}+Shift+v" = "exec wf-recorder -g '$(slurp -f %o -or)' -f ~/Videos/screenrecord_$(date +%Y-%m-%d-%H%M%S).mkv";
"${modifier}+1" = "workspace 1:";
"${modifier}+Shift+1" = "move container to workspace 1:";
"${modifier}+2" = "workspace 2:";
"${modifier}+Shift+2" = "move container to workspace 2:";
"${modifier}+3" = "workspace 3:";
"${modifier}+Shift+3" = "move container to workspace 3:";
"${modifier}+4" = "workspace 4:";
"${modifier}+Shift+4" = "move container to workspace 4:";
"${modifier}+5" = "workspace 5:";
"${modifier}+Shift+5" = "move container to workspace 5:";
"${modifier}+6" = "workspace 6:";
"${modifier}+Shift+6" = "move container to workspace 6:";
"${modifier}+7" = "workspace 7:";
"${modifier}+Shift+7" = "move container to workspace 7:";
"${modifier}+8" = "workspace 8:";
"${modifier}+Shift+8" = "move container to workspace 8:";
"${modifier}+9" = "workspace 9:";
"${modifier}+Shift+9" = "move container to workspace 9:";
"${modifier}+0" = "workspace 10:";
"${modifier}+Shift+0" = "move container to workspace 10:";
"${modifier}+Ctrl+m" = "workspace 11:M";
"${modifier}+Ctrl+Shift+m" = "move container to workspace 11:M";
"${modifier}+Ctrl+s" = "workspace 12:S";
"${modifier}+Ctrl+Shift+s" = "move container to workspace 12:S";
"${modifier}+Ctrl+e" = "workspace 13:E";
"${modifier}+Ctrl+Shift+e" = "move container to workspace 13:E";
"${modifier}+Ctrl+t" = "workspace 14:T";
"${modifier}+Ctrl+Shift+t" = "move container to workspace 14:T";
"${modifier}+Ctrl+l" = "workspace 15:L";
"${modifier}+Ctrl+Shift+l" = "move container to workspace 15:L";
"${modifier}+Ctrl+f" = "workspace 16:F";
"${modifier}+Ctrl+Shift+f" = "move container to workspace 16:F";
"${modifier}+Left" = "focus left";
"${modifier}+Right" = "focus right";
"${modifier}+Down" = "focus down";
"${modifier}+Up" = "focus up";
"${modifier}+Shift+Left" = "move left 40px";
"${modifier}+Shift+Right" = "move right 40px";
"${modifier}+Shift+Down" = "move down 40px";
"${modifier}+Shift+Up" = "move up 40px";
"${modifier}+Ctrl+Shift+c" = "reload";
"${modifier}+Ctrl+Shift+r" = "exec swarsel-displaypower";
"${modifier}+Shift+e" = "exec swaynag -t warning -m 'You pressed the exit shortcut. Do you really want to exit sway? This will end your Wayland session.' -b 'Yes, exit sway' 'swaymsg exit'";
"${modifier}+r" = "mode resize";
# "${modifier}+Return" = "exec kitty";
"${modifier}+Return" = "exec swarselzellij";
"${modifier}+Print" = "exec screenshare";
# exec swaymsg move workspace to "$(swaymsg -t get_outputs | jq '[.[] | select(.active == true)] | .[(map(.focused) | index(true) + 1) % length].name')"
# "XF86AudioRaiseVolume" = "exec pa 5%";
"XF86AudioRaiseVolume" = "exec pamixer -i 5";
# "XF86AudioLowerVolume" = "exec pactl set-sink-volume @DEFAULT_SINK@ -5%";
"XF86AudioLowerVolume" = "exec pamixer -d 5";
# "XF86AudioMute" = "exec pactl set-sink-mute @DEFAULT_SINK@ toggle";
"XF86AudioMute" = "exec pamixer -t";
"XF86MonBrightnessUp" = "exec brightnessctl set +5%";
"XF86MonBrightnessDown" = "exec brightnessctl set 5%-";
"XF86Display" = "exec wl-mirror eDP-1";
}
config.swarselsystems.keybindings;
modes = {
resize = {
Down = "resize grow height 10 px or 10 ppt";
Escape = "mode default";
Left = "resize shrink width 10 px or 10 ppt";
Return = "mode default";
Right = "resize grow width 10 px or 10 ppt";
Up = "resize shrink height 10 px or 10 ppt";
Tab = "move position center, resize set width 50 ppt height 50 ppt";
};
};
defaultWorkspace = "workspace 1:";
# output = lib.mapAttrs' lib.swarselsystems.eachMonitor monitors;
output = {
"${config.swarselsystems.sharescreen}" = {
bg = "${self}/wallpaper/lenovowp.png ${config.stylix.imageScalingMode}";
};
"Philips Consumer Electronics Company PHL BDM3270 AU11806002320" = {
bg = "${self}/wallpaper/standwp.png ${config.stylix.imageScalingMode}";
};
};
input = config.swarselsystems.standardinputs;
workspaceOutputAssign =
let
workplaceSets = lib.mapAttrs' lib.swarselsystems.eachOutput config.swarselsystems.monitors;
workplaceOutputs = map (key: lib.getAttr key workplaceSets) (lib.attrNames workplaceSets);
in
workplaceOutputs;
startup = config.swarselsystems.startup ++ [
{ command = "kitty -T kittyterm -o confirm_os_window_close=0 zellij attach --create kittyterm"; }
{ command = "sleep 60; kitty -T spotifytui -o confirm_os_window_close=0 spotify_player"; }
];
seat = {
"*" = {
hide_cursor = "when-typing enable";
};
};
window = {
border = 1;
titlebar = false;
};
assigns = {
"15:L" = [{ app_id = "teams-for-linux"; }];
};
floating = {
border = 1;
criteria = [
{ app_id = "qalculate-gtk"; }
{ app_id = "blueman"; }
{ app_id = "pavucontrol"; }
{ app_id = "syncthingtray"; }
{ app_id = "Element"; }
{ class = "1Password"; }
{ app_id = "com.nextcloud.desktopclient.nextcloud"; }
{ title = "(?:Open|Save) (?:File|Folder|As)"; }
{ title = "^Add$"; }
{ title = "^Picture-in-Picture$"; }
{ title = "Syncthing Tray"; }
{ title = "^spotifytui$"; }
{ title = "^kittyterm$"; }
{ app_id = "vesktop"; }
{ window_role = "pop-up"; }
{ window_role = "bubble"; }
{ window_role = "dialog"; }
{ window_role = "task_dialog"; }
{ window_role = "menu"; }
{ window_role = "Preferences"; }
];
titlebar = false;
};
window = {
commands = [
{
command = "opacity 0.95";
criteria = {
class = ".*";
};
}
{
command = "opacity 1";
criteria = {
app_id = "at.yrlf.wl_mirror";
};
}
{
command = "opacity 1";
criteria = {
app_id = "Gimp-2.10";
};
}
{
command = "opacity 0.99";
criteria = {
app_id = "firefox";
};
}
{
command = "opacity 0.99";
criteria = {
app_id = "chromium-browser";
};
}
{
command = "sticky enable, shadows enable";
criteria = {
title = "^Picture-in-Picture$";
};
}
{
command = "resize set width 60 ppt height 60 ppt, opacity 0.8, sticky enable, border normal, move container to scratchpad";
criteria = {
title = "^kittyterm$";
};
}
{
command = "resize set width 60 ppt height 60 ppt, opacity 0.95, sticky enable, border normal, move container to scratchpad";
criteria = {
title = "^spotifytui$";
};
}
{
command = "resize set width 60 ppt height 60 ppt, sticky enable, move container to scratchpad";
criteria = {
class = "Spotify";
};
}
{
command = "resize set width 60 ppt height 60 ppt, sticky enable";
criteria = {
app_id = "vesktop";
};
}
{
command = "resize set width 60 ppt height 60 ppt, sticky enable";
criteria = {
class = "Element";
};
}
# {
# command = "resize set width 60 ppt height 60 ppt, sticky enable, move container to scratchpad";
# criteria = {
# app_id="^$";
# class="^$";
# };
# }
];
};
gaps = {
inner = 5;
};
};
extraSessionCommands = ''
export SDL_VIDEODRIVER=wayland
export QT_QPA_PLATFORM=wayland
export QT_WAYLAND_DISABLE_WINDOWDECORATION="1"
export _JAVA_AWT_WM_NONREPARENTING=1
export XDG_CURRENT_DESKTOP=sway
export XDG_SESSION_DESKTOP=sway
export QTWEBENGINE_CHROMIUM_FLAGS="--no-sandbox";
export ANKI_WAYLAND=1;
export OBSIDIAN_USE_WAYLAND=1;
'';
# extraConfigEarly = "
# exec systemctl --user import-environment DISPLAY WAYLAND_DISPLAY SWAYSOCK
# exec hash dbus-update-activation-environment 2>/dev/null && dbus-update-activation-environment --systemd DISPLAY WAYLAND_DISPLAY SWAYSOCK
# ";
extraConfig =
let
inherit (config.wayland.windowManager.sway.config) modifier;
swayfxSettings = config.swarselsystems.swayfxConfig;
in
"
exec_always autotiling
set $exit \"exit: [s]leep, [l]ock, [p]oweroff, [r]eboot, [u]ser logout\"
mode $exit {
bindsym --to-code {
s exec \"systemctl suspend\", mode \"default\"
h exec \"systemctl hibernate\", mode \"default\"
l exec \"swaylock --screenshots --clock --effect-blur 7x5 --effect-vignette 0.5:0.5 --fade-in 0.2 --daemonize\", mode \"default\
p exec \"systemctl poweroff\"
r exec \"systemctl reboot\"
u exec \"swaymsg exit\"
Return mode \"default\"
Escape mode \"default\"
${modifier}+Escape mode \"default\"
}
}
exec systemctl --user import-environment
exec swayidle -w
seat * hide_cursor 2000
exec kanshi
exec_always kill -1 $(pidof kanshi)
bindswitch --locked lid:on exec kanshictl switch lidclosed
bindswitch --locked lid:off exec kanshictl switch lidopen
${swayfxSettings}
";
};
};
}

28
profiles/home/common/symlink.nix
View file

@ -1,28 +0,0 @@
{ self, lib, ... }:
{
home.file = {
"init.el" = lib.mkDefault {
source = self + /programs/emacs/init.el;
target = ".emacs.d/init.el";
};
"early-init.el" = {
source = self + /programs/emacs/early-init.el;
target = ".emacs.d/early-init.el";
};
# on NixOS, Emacs does not find the aspell dicts easily. Write the configuration manually
".aspell.conf" = {
source = self + /programs/config/.aspell.conf;
target = ".aspell.conf";
};
".gitmessage" = {
source = self + /programs/git/.gitmessage;
target = ".gitmessage";
};
};
xdg.configFile = {
"tridactyl/tridactylrc".source = self + /programs/firefox/tridactyl/tridactylrc;
"tridactyl/themes/base16-codeschool.css".source = self + /programs/firefox/tridactyl/themes/base16-codeschool.css;
"swayidle/config".source = self + /programs/swayidle/config;
};
}

97
profiles/home/common/tmux.nix
View file

@ -1,97 +0,0 @@
{ pkgs, ... }:
let
tmux-super-fingers = pkgs.tmuxPlugins.mkTmuxPlugin
{
pluginName = "tmux-super-fingers";
version = "unstable-2023-01-06";
src = pkgs.fetchFromGitHub {
owner = "artemave";
repo = "tmux_super_fingers";
rev = "2c12044984124e74e21a5a87d00f844083e4bdf7";
sha256 = "sha256-cPZCV8xk9QpU49/7H8iGhQYK6JwWjviL29eWabuqruc=";
};
};
in
{
home.packages = with pkgs; [
lsof
sesh
];
programs.tmux = {
enable = true;
shell = "${pkgs.zsh}/bin/zsh";
terminal = "tmux-256color";
historyLimit = 100000;
plugins = with pkgs;
[
tmuxPlugins.tmux-thumbs
{
plugin = tmux-super-fingers;
extraConfig = "set -g @super-fingers-key f";
}
tmuxPlugins.sensible
# must be before continuum edits right status bar
{
plugin = tmuxPlugins.catppuccin;
extraConfig = ''
set -g @catppuccin_flavour 'frappe'
set -g @catppuccin_window_tabs_enabled on
set -g @catppuccin_date_time "%H:%M"
'';
}
{
plugin = tmuxPlugins.resurrect;
extraConfig = ''
set -g @resurrect-strategy-vim 'session'
set -g @resurrect-strategy-nvim 'session'
set -g @resurrect-capture-pane-contents 'on'
'';
}
{
plugin = tmuxPlugins.continuum;
extraConfig = ''
set -g @continuum-restore 'on'
set -g @continuum-boot 'on'
set -g @continuum-save-interval '10'
'';
}
tmuxPlugins.better-mouse-mode
tmuxPlugins.yank
];
extraConfig = ''
set -g default-terminal "tmux-256color"
set -ag terminal-overrides ",xterm-256color:RGB"
set-option -g prefix C-a
unbind-key C-b
bind-key C-a send-prefix
set -g mouse on
# Open new split at cwd of current split
bind | split-window -h -c "#{pane_current_path}"
bind - split-window -v -c "#{pane_current_path}"
# Use vim keybindings in copy mode
set-window-option -g mode-keys vi
# v in copy mode starts making selection
bind-key -T copy-mode-vi v send-keys -X begin-selection
bind-key -T copy-mode-vi C-v send-keys -X rectangle-toggle
bind-key -T copy-mode-vi y send-keys -X copy-selection-and-cancel
# Escape turns on copy mode
bind Escape copy-mode
set-option -g status-position top
# make Prefix p paste the buffer.
unbind p
bind p paste-buffer
'';
};
}

309
profiles/home/common/waybar.nix
View file

@ -1,309 +0,0 @@
{ self, config, lib, ... }:
let
generateIcons = n: lib.concatStringsSep " " (builtins.map (x: "{icon" + toString x + "}") (lib.range 0 (n - 1)));
modulesLeft = [
"custom/outer-left-arrow-dark"
"mpris"
"custom/left-arrow-light"
"network"
"custom/vpn"
"custom/left-arrow-dark"
"pulseaudio"
"custom/left-arrow-light"
];
modulesRight = [
"custom/left-arrow-dark"
"group/hardware"
"custom/left-arrow-light"
"clock#2"
"custom/left-arrow-dark"
"clock#1"
];
in
{
options.swarselsystems = {
cpuCount = lib.mkOption {
type = lib.types.int;
default = 8;
};
temperatureHwmon = {
isAbsolutePath = lib.mkEnableOption "absolute temperature path";
path = lib.mkOption {
type = lib.types.str;
default = "";
};
input-filename = lib.mkOption {
type = lib.types.str;
default = "";
};
};
waybarModules = lib.mkOption {
type = lib.types.listOf lib.types.str;
default = modulesLeft ++ [
"custom/pseudobat"
] ++ modulesRight;
};
cpuString = lib.mkOption {
type = lib.types.str;
default = generateIcons config.swarselsystems.cpuCount;
description = "The generated icons string for use by Waybar.";
internal = true;
};
};
config = {
swarselsystems = {
waybarModules = lib.mkIf config.swarselsystems.isLaptop (modulesLeft ++ [
"battery"
] ++ modulesRight);
};
programs.waybar = {
enable = true;
systemd = {
enable = true;
target = "sway-sessions.target";
};
settings = {
mainBar = {
ipc = true;
id = "bar-0";
layer = "top";
position = "top";
modules-left = [ "sway/workspaces" "custom/outer-right-arrow-dark" "sway/window" ];
modules-center = [ "sway/mode" "privacy" "custom/github" "custom/configwarn" "custom/nix-updates" ];
"sway/mode" = {
format = "<span style=\"italic\" font-weight=\"bold\">{}</span>";
};
modules-right = config.swarselsystems.waybarModules;
"custom/pseudobat" = lib.mkIf (!config.swarselsystems.isLaptop) {
format = "";
on-click-right = "wlogout -p layer-shell";
};
"custom/configwarn" = {
exec = "waybarupdate";
interval = 60;
};
"custom/scratchpad-indicator" = {
interval = 3;
exec = "swaymsg -t get_tree | jq 'recurse(.nodes[]) | first(select(.name==\"__i3_scratch\")) | .floating_nodes | length | select(. >= 1)'";
format = "{} ";
on-click = "swaymsg 'scratchpad show'";
on-click-right = "swaymsg 'move scratchpad'";
};
"custom/github" = {
format = "{} ";
return-type = "json";
interval = 60;
exec = "github-notifications";
on-click = "xdg-open https://github.com/notifications";
};
idle_inhibitor = {
format = "{icon}";
format-icons = {
activated = "";
deactivated = "";
};
};
"group/hardware" = {
orientation = "inherit";
drawer = {
"transition-left-to-right" = false;
};
modules = [
"tray"
"temperature"
"power-profiles-daemon"
"custom/left-arrow-light"
"custom/left-arrow-dark"
"custom/scratchpad-indicator"
"custom/left-arrow-light"
"disk"
"custom/left-arrow-dark"
"memory"
"custom/left-arrow-light"
"cpu"
"custom/left-arrow-dark"
"backlight/slider"
"idle_inhibitor"
];
};
"backlight/slider" = {
min = 0;
max = 100;
orientation = "horizontal";
device = "intel_backlight";
};
power-profiles-daemon = {
format = "{icon}";
tooltip-format = "Power profile: {profile}\nDriver: {driver}";
tooltip = true;
format-icons = {
"default" = "";
"performance" = "";
"balanced" = "";
"power-saver" = "";
};
};
temperature = {
hwmon-path = lib.mkIf (!config.swarselsystems.temperatureHwmon.isAbsolutePath) config.swarselsystems.temperatureHwmon.path;
hwmon-path-abs = lib.mkIf config.swarselsystems.temperatureHwmon.isAbsolutePath config.swarselsystems.temperatureHwmon.path;
input-filename = lib.mkIf config.swarselsystems.temperatureHwmon.isAbsolutePath config.swarselsystems.temperatureHwmon.input-filename;
critical-threshold = 80;
format-critical = " {temperatureC}°C";
format = " {temperatureC}°C";
};
mpris = {
format = "{player_icon} {title} <small>[{position}/{length}]</small>";
format-paused = "{player_icon} <i>{title} <small>[{position}/{length}]</small></i>";
player-icons = {
"default" = " ";
"mpv" = "🎵 ";
"spotify" = " ";
};
status-icons = {
"paused" = " ";
};
interval = 1;
title-len = 20;
artist-len = 20;
album-len = 10;
};
"custom/left-arrow-dark" = {
format = "";
tooltip = false;
};
"custom/outer-left-arrow-dark" = {
format = "";
tooltip = false;
};
"custom/left-arrow-light" = {
format = "";
tooltip = false;
};
"custom/right-arrow-dark" = {
format = "";
tooltip = false;
};
"custom/outer-right-arrow-dark" = {
format = "";
tooltip = false;
};
"custom/right-arrow-light" = {
format = "";
tooltip = false;
};
"sway/workspaces" = {
disable-scroll = true;
format = "{name}";
};
"clock#1" = {
min-length = 8;
interval = 1;
format = "{:%H:%M:%S}";
# on-click-right= "gnome-clocks";
tooltip-format = "<big>{:%Y %B}</big>\n<tt><small>{calendar}</small></tt>";
};
"clock#2" = {
format = "{:%d. %B %Y}";
# on-click-right= "gnome-clocks";
tooltip-format = "<big>{:%Y %B}</big>\n<tt><small>{calendar}</small></tt>";
};
pulseaudio = {
format = "{icon} {volume:2}%";
format-bluetooth = "{icon} {volume}%";
format-muted = "MUTE";
format-icons = {
headphones = "";
default = [
""
""
];
};
scroll-step = 1;
on-click = "pamixer -t";
on-click-right = "pavucontrol";
};
memory = {
interval = 5;
format = " {}%";
tooltip-format = "Memory: {used:0.1f}G/{total:0.1f}G\nSwap: {swapUsed}G/{swapTotal}G";
};
cpu = {
format = config.swarselsystems.cpuString;
min-length = 6;
interval = 5;
format-icons = [ "" "" "" "" "" "" "" "" ];
# on-click-right= "com.github.stsdc.monitor";
on-click-right = "kitty -o confirm_os_window_close=0 btm";
};
"custom/vpn" = {
format = "()";
exec = "echo '{\"class\": \"connected\"}'";
exec-if = "test -d /proc/sys/net/ipv4/conf/tun0";
return-type = "json";
interval = 5;
};
battery = {
states = {
"warning" = 60;
"error" = 30;
"critical" = 15;
};
interval = 5;
format = "{icon} {capacity}%";
format-charging = "{capacity}% ";
format-plugged = "{capacity}% ";
format-icons = [
""
""
""
""
""
];
on-click-right = "wlogout -p layer-shell";
};
disk = {
interval = 30;
format = "Disk {percentage_used:2}%";
path = "/";
states = {
"warning" = 80;
"critical" = 90;
};
tooltip-format = "{used} used out of {total} on {path} ({percentage_used}%)\n{free} free on {path} ({percentage_free}%)";
};
tray = {
icon-size = 20;
};
network = {
interval = 5;
format-wifi = "{signalStrength}% ";
format-ethernet = "";
format-linked = "{ifname} (No IP) ";
format-disconnected = "Disconnected ";
format-alt = "{ifname}: {ipaddr}/{cidr}";
tooltip-format-ethernet = "{ifname} via {gwaddr}: {essid} {ipaddr}/{cidr}\n\n{bandwidthUpBytes} {bandwidthDownBytes}";
tooltip-format-wifi = "{ifname} via {gwaddr}: {essid} {ipaddr}/{cidr} \n{signaldBm}dBm @ {frequency}MHz\n\n{bandwidthUpBytes} {bandwidthDownBytes}";
};
};
};
style = builtins.readFile (self + /programs/waybar/style.css);
};
};
}

29
profiles/home/common/yubikey-touch-detector.nix
View file

@ -1,29 +0,0 @@
{ pkgs, ... }:
{
systemd.user.services.yubikey-touch-detector = {
Unit = {
Description = "Detects when your YubiKey is waiting for a touch";
Requires = [ "yubikey-touch-detector.socket" ];
};
Service = {
ExecStart = "${pkgs.yubikey-touch-detector}/bin/yubikey-touch-detector --libnotify";
EnvironmentFile = "-%E/yubikey-touch-detector/service.conf";
};
Install = {
Also = [ "yubikey-touch-detector.socket" ];
WantedBy = [ "default.target" ];
};
};
systemd.user.sockets.yubikey-touch-detector = {
Unit = {
Description = "Unix socket activation for YubiKey touch detector service";
};
Socket = {
ListenStream = "%t/yubikey-touch-detector.socket";
RemoveOnStop = true;
};
Install = {
WantedBy = [ "sockets.target" ];
};
};
}

14
profiles/home/common/yubikey.nix
View file

@ -1,14 +0,0 @@
{ lib, nix-secrets, ... }:
let
secretsDirectory = builtins.toString nix-secrets;
yubikey1 = lib.swarselsystems.getSecret "${secretsDirectory}/yubikey/yubikey1";
yubikey2 = lib.swarselsystems.getSecret "${secretsDirectory}/yubikey/yubikey2";
in
{
pam.yubico.authorizedYubiKeys = {
ids = [
"${yubikey1}"
"${yubikey2}"
];
};
}

18
profiles/home/common/zellij.nix
View file

@ -1,18 +0,0 @@
{ self, config, pkgs, ... }:
{
programs.zellij = {
enable = true;
enableZshIntegration = true;
};
home.packages = with pkgs; [
zjstatus
];
xdg.configFile = {
"zellij/config.kdl".text = import "${self}/programs/zellij/config.kdl.nix" { inherit config; };
"zellij/layouts/default.kdl".text = import "${self}/programs/zellij/layouts/default.kdl.nix" { inherit config pkgs; };
};
}

112
profiles/home/common/zsh.nix
View file

@ -1,112 +0,0 @@
{ config, pkgs, lib, ... }:
let
inherit (config.swarselsystems) flakePath;
in
{
options.swarselsystems = {
shellAliases = lib.mkOption {
type = lib.types.attrsOf lib.types.str;
default = { };
};
};
config = {
programs.zsh = {
enable = true;
shellAliases = lib.recursiveUpdate
{
hg = "history | grep";
hmswitch = "home-manager --flake ${flakePath}#$(whoami)@$(hostname) switch |& nom";
nswitch = "sudo nixos-rebuild --flake ${flakePath}#$(hostname) --show-trace --log-format internal-json -v switch |& nom --json";
nboot = "sudo nixos-rebuild --flake ${flakePath}#$(hostname) --show-trace --log-format internal-json -v boot |& nom --json";
magit = "emacsclient -nc -e \"(magit-status)\"";
config = "git --git-dir=$HOME/.cfg/ --work-tree=$HOME";
g = "git";
c = "git --git-dir=$FLAKE/.git --work-tree=$FLAKE/";
passpush = "cd ~/.local/share/password-store; git add .; git commit -m 'pass file changes'; git push; cd -;";
passpull = "cd ~/.local/share/password-store; git pull; cd -;";
hotspot = "nmcli connection up local; nmcli device wifi hotspot;";
cd = "z";
youtube-dl = "yt-dlp";
cd-orig = "cd";
cat-orig = "cat";
cdr = "cd \"$( (find $DOCUMENT_DIR_WORK $DOCUMENT_DIR_PRIV -maxdepth 1 && echo $FLAKE) | fzf )\"";
nix-ldd-ldd = "LD_LIBRARY_PATH=$NIX_LD_LIBRARY_PATH ldd";
nix-ldd = "LD_LIBRARY_PATH=$NIX_LD_LIBRARY_PATH ldd";
nix-ldd-locate = "nix-locate --minimal --top-level -w ";
nix-store-search = "ls /nix/store | grep";
fs-diff = "sudo mount -o subvol=/ /dev/mapper/cryptroot /mnt ; fs-diff";
lt = "eza -las modified --total-size";
boot-diff = "nix store diff-closures /run/*-system";
gen-diff = "nix profile diff-closures --profile /nix/var/nix/profiles/system";
cc = "wl-copy";
}
config.swarselsystems.shellAliases;
autosuggestion.enable = true;
enableCompletion = true;
syntaxHighlighting.enable = true;
autocd = false;
cdpath = [
"~/.dotfiles"
# "~/Documents/GitHub"
];
defaultKeymap = "emacs";
dirHashes = {
dl = "$HOME/Downloads";
gh = "$HOME/Documents/GitHub";
};
history = {
expireDuplicatesFirst = true;
path = "$HOME/.histfile";
save = 10000;
size = 10000;
};
historySubstringSearch = {
enable = true;
searchDownKey = "^[OB";
searchUpKey = "^[OA";
};
plugins = [
{
name = "fzf-tab";
src = pkgs.zsh-fzf-tab;
}
];
initExtra = ''
bindkey "^[[1;5D" backward-word
bindkey "^[[1;5C" forward-word
my-backward-delete-word() {
# Copy the global WORDCHARS variable to a local variable. That way any
# modifications are scoped to this function only
local WORDCHARS=$WORDCHARS
# Use bash string manipulation to remove `:` so our delete will stop at it
WORDCHARS="''${WORDCHARS//:}"
# Use bash string manipulation to remove `/` so our delete will stop at it
WORDCHARS="''${WORDCHARS//\/}"
# Use bash string manipulation to remove `.` so our delete will stop at it
WORDCHARS="''${WORDCHARS//.}"
# zle <widget-name> will run an existing widget.
zle backward-delete-word
}
zle -N my-backward-delete-word
bindkey '^H' my-backward-delete-word
# This will be our `ctrl+alt+w` command
my-backward-delete-whole-word() {
# Copy the global WORDCHARS variable to a local variable. That way any
# modifications are scoped to this function only
local WORDCHARS=$WORDCHARS
# Use bash string manipulation to add `:` to WORDCHARS if it's not present
# already.
[[ ! $WORDCHARS == *":"* ]] && WORDCHARS="$WORDCHARS"":"
# zle <widget-name> will run that widget.
zle backward-delete-word
}
# `zle -N` will create a new widget that we can use on the command line
zle -N my-backward-delete-whole-word
# bind this new widget to `ctrl+alt+w`
bindkey '^W' my-backward-delete-whole-word
'';
};
};
}

5
profiles/home/default.nix Normal file
View file

@ -0,0 +1,5 @@
{ lib, ... }:
let
moduleNames = lib.swarselsystems.readNix "profiles/home";
in
lib.swarselsystems.mkModules moduleNames "home"

35
profiles/home/optional/gaming.nix
View file

@ -1,35 +0,0 @@
{ pkgs, ... }:
{
# specialisation = {
# gaming.configuration = {
home.packages = with pkgs; [
lutris
wine
winetricks
libudev-zero
dwarfs
fuse-overlayfs
# steam
steam-run
patchelf
gamescope
vulkan-tools
moonlight-qt
ns-usbloader
quark-goldleaf
# gog games installing
heroic
# minecraft
prismlauncher # has overrides
temurin-bin-17
pokefinder
retroarch
flips
];
# };
# };
}

313
profiles/home/optional/work.nix
View file

@ -1,313 +0,0 @@
{ self, config, pkgs, lib, nix-secrets, ... }:
let
inherit (config.swarselsystems) homeDir;
secretsDirectory = builtins.toString nix-secrets;
dcUser = lib.swarselsystems.getSecret "${secretsDirectory}/work/dc-user";
clUser = lib.swarselsystems.getSecret "${secretsDirectory}/work/cl-user";
wsUser = lib.swarselsystems.getSecret "${secretsDirectory}/work/ws-user";
in
{
home.packages = with pkgs; [
stable.teams-for-linux
shellcheck
dig
docker
postman
rclone
stable.awscli2
libguestfs-with-appliance
stable.prometheus.cli
tigervnc
openstackclient
];
home.sessionVariables = {
DOCUMENT_DIR_PRIV = lib.mkForce "${homeDir}/Documents/Private";
DOCUMENT_DIR_WORK = lib.mkForce "${homeDir}/Documents/Work";
};
wayland.windowManager.sway.config = {
output = {
"Applied Creative Technology Transmitter QUATTRO201811" = {
bg = "${self}/wallpaper/navidrome.png ${config.stylix.imageScalingMode}";
};
"Hewlett Packard HP Z24i CN44250RDT" = {
bg = "${self}/wallpaper/op6wp.png ${config.stylix.imageScalingMode}";
};
"HP Inc. HP 732pk CNC4080YL5" = {
bg = "${self}/wallpaper/botanicswp.png ${config.stylix.imageScalingMode}";
};
};
};
stylix.targets.firefox.profileNames = [
"dc"
"cl"
"ws"
];
programs = {
git.userEmail = lib.swarselsystems.getSecret "${secretsDirectory}/work/git-email";
zsh = {
shellAliases = {
dssh = "ssh -l ${dcUser}";
cssh = "ssh -l ${clUser}";
wssh = "ssh -l ${wsUser}";
};
cdpath = [
"~/Documents/Work"
];
dirHashes = {
d = "$HOME/.dotfiles";
w = "$HOME/Documents/Work";
s = "$HOME/.dotfiles/secrets";
pr = "$HOME/Documents/Private";
ac = "$HOME/.ansible/collections/ansible_collections/vbc/linux/roles";
};
};
ssh = {
matchBlocks = {
"uc" = {
hostname = lib.swarselsystems.getSecret "${secretsDirectory}/work/uc-prod";
user = "stack";
};
"uc.stg" = {
hostname = lib.swarselsystems.getSecret "${secretsDirectory}/work/uc-stg";
user = "stack";
};
"uc.staging" = {
hostname = lib.swarselsystems.getSecret "${secretsDirectory}/work/uc-stg";
user = "stack";
};
"uc.dev" = {
hostname = lib.swarselsystems.getSecret "${secretsDirectory}/work/uc-dev";
user = "stack";
};
"cbe" = {
hostname = lib.swarselsystems.getSecret "${secretsDirectory}/work/cbe-prod";
user = dcUser;
};
"cbe.stg" = {
hostname = lib.swarselsystems.getSecret "${secretsDirectory}/work/cbe-stg";
user = dcUser;
};
"cbe.staging" = {
hostname = lib.swarselsystems.getSecret "${secretsDirectory}/work/cbe-stg";
user = dcUser;
};
"*.vbc.ac.at" = {
user = dcUser;
};
};
};
firefox = {
profiles =
let
isDefault = false;
in
{
dc = lib.recursiveUpdate
{
inherit isDefault;
id = 1;
settings = {
"browser.startup.homepage" = "https://tower.vbc.ac.at|https://artifactory.vbc.ac.at";
};
}
config.swarselsystems.firefox;
cl = lib.recursiveUpdate
{
inherit isDefault;
id = 2;
settings = {
"browser.startup.homepage" = "https://portal.azure.com";
};
}
config.swarselsystems.firefox;
ws = lib.recursiveUpdate
{
inherit isDefault;
id = 3;
}
config.swarselsystems.firefox;
};
};
chromium = {
enable = true;
package = pkgs.chromium;
extensions = [
# 1password
"gejiddohjgogedgjnonbofjigllpkmbf"
# dark reader
"eimadpbcbfnmbkopoojfekhnkhdbieeh"
# ublock origin
"cjpalhdlnbpafiamejdnhcphjbkeiagm"
# i still dont care about cookies
"edibdbjcniadpccecjdfdjjppcpchdlm"
# browserpass
"naepdomgkenhinolocfifgehidddafch"
];
};
};
services = {
kanshi = {
settings = [
{
# seminary room
output = {
criteria = "Applied Creative Technology Transmitter QUATTRO201811";
scale = 1.0;
mode = "1280x720";
};
}
{
# work main screen
output = {
criteria = "HP Inc. HP 732pk CNC4080YL5";
scale = 1.0;
mode = "3840x2160";
};
}
{
# work side screen
output = {
criteria = "Hewlett Packard HP Z24i CN44250RDT";
scale = 1.0;
mode = "1920x1200";
transform = "270";
};
}
{
profile = {
name = "lidopen";
outputs = [
{
criteria = config.swarselsystems.sharescreen;
status = "enable";
scale = 1.5;
position = "1462,0";
}
{
criteria = "HP Inc. HP 732pk CNC4080YL5";
scale = 1.4;
mode = "3840x2160";
position = "-1280,0";
}
{
criteria = "Hewlett Packard HP Z24i CN44250RDT";
scale = 1.0;
mode = "1920x1200";
transform = "90";
position = "-2480,0";
}
];
};
}
{
profile = {
name = "lidopen";
outputs = [
{
criteria = config.swarselsystems.sharescreen;
status = "enable";
scale = 1.7;
position = "2560,0";
}
{
criteria = "Applied Creative Technology Transmitter QUATTRO201811";
scale = 1.0;
mode = "1280x720";
position = "10000,10000";
}
];
};
}
{
profile = {
name = "lidclosed";
outputs = [
{
criteria = config.swarselsystems.sharescreen;
status = "disable";
}
{
criteria = "HP Inc. HP 732pk CNC4080YL5";
scale = 1.4;
mode = "3840x2160";
position = "-1280,0";
}
{
criteria = "Hewlett Packard HP Z24i CN44250RDT";
scale = 1.0;
mode = "1920x1200";
transform = "270";
position = "-2480,0";
}
];
};
}
{
profile = {
name = "lidclosed";
outputs = [
{
criteria = config.swarselsystems.sharescreen;
status = "disable";
}
{
criteria = "Applied Creative Technology Transmitter QUATTRO201811";
scale = 1.0;
mode = "1280x720";
position = "10000,10000";
}
];
};
}
];
};
};
xdg = {
mimeApps = {
defaultApplications = {
"x-scheme-handler/msteams" = [ "teams-for-linux.desktop" ];
};
};
desktopEntries =
let
terminal = false;
categories = [ "Application" ];
icon = "firefox";
in
{
firefox_dc = {
name = "Firefox (dc)";
genericName = "Firefox dc";
exec = "firefox -p dc";
inherit terminal categories icon;
};
firefox_ws = {
name = "Firefox (ws)";
genericName = "Firefox ws";
exec = "firefox -p ws";
inherit terminal categories icon;
};
firefox_cl = {
name = "Firefox (cl)";
genericName = "Firefox cl";
exec = "firefox -p cl";
inherit terminal categories icon;
};
};
};
}

11
profiles/home/server/default.nix
View file

@ -1,11 +0,0 @@
{ self, lib, ... }:
let
importNames = lib.swarselsystems.readNix "profiles/home/server";
profilesPath = "${self}/profiles";
in
{
imports = lib.swarselsystems.mkImports importNames "profiles/home/server" ++ [
"${profilesPath}/home/common/settings.nix"
"${profilesPath}/home/common/sharedsetup.nix"
];
}

9
profiles/home/server/symlink.nix
View file

@ -1,9 +0,0 @@
{ self, lib, ... }:
{
home.file = {
"init.el" = lib.mkForce {
source = self + /programs/emacs/server.el;
target = ".emacs.d/init.el";
};
};
}

68
profiles/iso/minimal.nix
View file

@ -1,68 +0,0 @@
{ lib, pkgs, ... }:
{
nix.settings = {
experimental-features = [ "nix-command" "flakes" ];
warn-dirty = false;
};
boot = {
# initrd.systemd.enable = true;
kernelPackages = pkgs.linuxPackages_latest;
supportedFilesystems = lib.mkForce [ "brtfs" "vfat" ];
loader = {
efi.canTouchEfiVariables = true;
systemd-boot = {
enable = true;
configurationLimit = lib.mkDefault 5;
consoleMode = lib.mkDefault "max";
};
};
};
services = {
qemuGuest.enable = true;
openssh = {
enable = true;
ports = lib.mkDefault [ 22 ];
settings.PermitRootLogin = "yes";
authorizedKeysFiles = lib.mkForce [
"/etc/ssh/authorized_keys.d/%u"
];
};
};
security.sudo.extraConfig = ''
Defaults env_keep+=SSH_AUTH_SOCK
Defaults lecture = never
'';
security.pam = {
sshAgentAuth.enable = true;
services = {
sudo.u2fAuth = true;
};
};
environment.systemPackages = with pkgs; [
curl
git
gnupg
rsync
ssh-to-age
sops
vim
just
sbctl
];
programs = {
git.enable = true;
};
fileSystems."/boot".options = [ "umask=0077" ];
networking.networkmanager.enable = true;
}

9
profiles/nixos/common/appimage.nix
View file

@ -1,9 +0,0 @@
_:
{
programs.appimage = {
enable = true;
binfmt = true;
};
}

5
profiles/nixos/common/blueman.nix
View file

@ -1,5 +0,0 @@
_:
{
services.blueman.enable = true;
services.hardware.bolt.enable = true;
}

17
profiles/nixos/common/default.nix
View file

@ -1,17 +0,0 @@
{ self, lib, ... }:
let
importNames = lib.swarselsystems.readNix "profiles/nixos/common";
profilesPath = "${self}/profiles";
in
{
imports = lib.swarselsystems.mkImports importNames "profiles/nixos/common" ++ [
"${profilesPath}/home/common/sharedsetup.nix"
];
nixpkgs.config.permittedInsecurePackages = [
"jitsi-meet-1.0.8043"
"electron-29.4.6"
"SDL_ttf-2.0.11"
];
}

14
profiles/nixos/common/distrobox.nix
View file

@ -1,14 +0,0 @@
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [
distrobox
boxbuddy
];
virtualisation.podman = {
enable = true;
dockerCompat = true;
package = pkgs.stable.podman;
};
}

16
profiles/nixos/common/env.nix
View file

@ -1,16 +0,0 @@
{ lib, pkgs, ... }:
{
environment = {
wordlist.enable = true;
sessionVariables = {
NIXOS_OZONE_WL = "1";
GST_PLUGIN_SYSTEM_PATH_1_0 = lib.makeSearchPathOutput "lib" "lib/gstreamer-1.0" (with pkgs.gst_all_1; [
gst-plugins-good
gst-plugins-bad
gst-plugins-ugly
gst-libav
]);
};
};
# gstreamer plugins for nautilus (used for file metadata)
}

9
profiles/nixos/common/gc.nix
View file

@ -1,9 +0,0 @@
_:
{
nix.gc = {
automatic = true;
randomizedDelaySec = "14m";
dates = "weekly";
options = "--delete-older-than 10d";
};
}

8
profiles/nixos/common/gnome-keyring.nix
View file

@ -1,8 +0,0 @@
_:
{
services.gnome.gnome-keyring = {
enable = true;
};
programs.seahorse.enable = true;
}

4
profiles/nixos/common/gvfs.nix
View file

@ -1,4 +0,0 @@
_:
{
services.gvfs.enable = true;
}

47
profiles/nixos/common/hardware.nix
View file

@ -1,47 +0,0 @@
{ pkgs, config, lib, ... }:
{
options.swarselsystems = {
hasBluetooth = lib.mkEnableOption "bluetooth availability";
hasFingerprint = lib.mkEnableOption "fingerprint sensor availability";
trackpoint = {
isAvailable = lib.mkEnableOption "trackpoint availability";
trackpoint.device = lib.mkOption {
type = lib.types.str;
default = "";
};
};
};
config = {
hardware = {
# opengl.driSupport32Bit = true is replaced with graphics.enable32Bit and hence redundant
graphics = {
enable = true;
enable32Bit = true;
};
trackpoint = lib.mkIf config.swarselsystems.trackpoint.isAvailable {
enable = true;
inherit (config.swarselsystems.trackpoint) device;
};
keyboard.qmk.enable = true;
enableAllFirmware = true;
bluetooth = lib.mkIf config.swarselsystems.hasBluetooth {
enable = true;
package = pkgs.stable.bluez;
powerOnBoot = true;
settings = {
General = {
Enable = "Source,Sink,Media,Socket";
};
};
};
};
services.fprintd.enable = lib.mkIf config.swarselsystems.hasFingerprint true;
};
}

8
profiles/nixos/common/hardwarecompatibility-keyboards.nix
View file

@ -1,8 +0,0 @@
{ pkgs, ... }:
{
services.udev.packages = with pkgs; [
qmk-udev-rules
vial
via
];
}

9
profiles/nixos/common/hardwarecompatibility-ledger.nix
View file

@ -1,9 +0,0 @@
{ pkgs, ... }:
{
hardware.ledger.enable = true;
services.udev.packages = with pkgs; [
ledger-udev-rules
];
}

21
profiles/nixos/common/hardwarecompatibility-yubikey.nix
View file

@ -1,21 +0,0 @@
{ pkgs, ... }:
{
programs.ssh.startAgent = false;
services.pcscd.enable = false;
hardware.gpgSmartcards.enable = true;
services.udev.packages = with pkgs; [
yubikey-personalization
];
# systemd.services.shutdownSopsGpg = {
# path = [ pkgs.gnupg ];
# script = ''
# gpgconf --homedir /var/lib/sops --kill gpg-agent
# '';
# wantedBy = [ "multi-user.target" ];
# };
}

6
profiles/nixos/common/home-manager-extra.nix
View file

@ -1,6 +0,0 @@
{ inputs, config, lib, ... }:
{
home-manager = lib.mkIf config.swarselsystems.withHomeManager {
extraSpecialArgs = { inherit (inputs) nix-secrets nixgl; };
};
}

8
profiles/nixos/common/home-manager.nix
View file

@ -1,8 +0,0 @@
{ inputs, config, lib, ... }:
{
home-manager = lib.mkIf config.swarselsystems.withHomeManager {
useGlobalPkgs = true;
useUserPackages = true;
extraSpecialArgs = { inherit (inputs) self; };
};
}

91
profiles/nixos/common/impermanence.nix
View file

@ -1,91 +0,0 @@
{ config, lib, ... }:
let
mapperTarget = lib.swarselsystems.mkIfElse config.swarselsystems.isCrypted "/dev/mapper/cryptroot" "/dev/disk/by-label/nixos";
inherit (config.swarselsystems) homeDir isImpermanence isCrypted;
in
{
security.sudo.extraConfig = lib.mkIf isImpermanence ''
# rollback results in sudo lectures after each reboot
Defaults lecture = never
'';
# This script does the actual wipe of the system
# So if it doesn't run, the btrfs system effectively acts like a normal system
# Taken from https://github.com/NotAShelf/nyx/blob/2a8273ed3f11a4b4ca027a68405d9eb35eba567b/modules/core/common/system/impermanence/default.nix
boot.initrd.systemd.enable = lib.mkIf isImpermanence true;
boot.initrd.systemd.services.rollback = lib.mkIf isImpermanence {
description = "Rollback BTRFS root subvolume to a pristine state";
wantedBy = [ "initrd.target" ];
# make sure it's done after encryption
# i.e. LUKS/TPM process
after = lib.swarselsystems.mkIfElseList isCrypted [ "systemd-cryptsetup@cryptroot.service" ] [ "dev-disk-by\\x2dlabel-nixos.device" ];
requires = lib.mkIf (!isCrypted) [ "dev-disk-by\\x2dlabel-nixos.device" ];
# mount the root fs before clearing
before = [ "sysroot.mount" ];
unitConfig.DefaultDependencies = "no";
serviceConfig.Type = "oneshot";
script = ''
mkdir -p /mnt
# We first mount the btrfs root to /mnt
# so we can manipulate btrfs subvolumes.
mount -o subvolid=5 -t btrfs ${mapperTarget} /mnt
btrfs subvolume list -o /mnt/root
# While we're tempted to just delete /root and create
# a new snapshot from /root-blank, /root is already
# populated at this point with a number of subvolumes,
# which makes `btrfs subvolume delete` fail.
# So, we remove them first.
#
# /root contains subvolumes:
# - /root/var/lib/portables
# - /root/var/lib/machines
btrfs subvolume list -o /mnt/root |
cut -f9 -d' ' |
while read subvolume; do
echo "deleting /$subvolume subvolume..."
btrfs subvolume delete "/mnt/$subvolume"
done &&
echo "deleting /root subvolume..." &&
btrfs subvolume delete /mnt/root
echo "restoring blank /root subvolume..."
btrfs subvolume snapshot /mnt/root-blank /mnt/root
# Once we're done rolling back to a blank snapshot,
# we can unmount /mnt and continue on the boot process.
umount /mnt
'';
};
environment.persistence."/persist" = lib.mkIf isImpermanence {
hideMounts = true;
directories =
[
"/.cache/nix"
"/srv"
"/etc/nixos"
"/etc/nix"
"/etc/NetworkManager/system-connections"
# "/etc/secureboot"
"${homeDir}/.dotfiles"
"/var/db/sudo"
"/var/cache"
"/var/lib"
];
files = [
"/etc/ssh/ssh_host_ed25519_key"
"/etc/ssh/ssh_host_ed25519_key.pub"
"/etc/ssh/ssh_host_rsa_key"
"/etc/ssh/ssh_host_rsa_key.pub"
];
};
}

29
profiles/nixos/common/interceptiontools.nix
View file

@ -1,29 +0,0 @@
{ pkgs, ... }:
{
# Make CAPS work as a dual function ESC/CTRL key
services.interception-tools = {
enable = true;
udevmonConfig =
let
dualFunctionKeysConfig = builtins.toFile "dual-function-keys.yaml" ''
TIMING:
TAP_MILLISEC: 200
DOUBLE_TAP_MILLISEC: 0
MAPPINGS:
- KEY: KEY_CAPSLOCK
TAP: KEY_ESC
HOLD: KEY_LEFTCTRL
'';
in
''
- JOB: |
${pkgs.interception-tools}/bin/intercept -g $DEVNODE \
| ${pkgs.interception-tools-plugins.dual-function-keys}/bin/dual-function-keys -c ${dualFunctionKeysConfig} \
| ${pkgs.interception-tools}/bin/uinput -d $DEVNODE
DEVICE:
EVENTS:
EV_KEY: [KEY_CAPSLOCK]
'';
};
}

14
profiles/nixos/common/lanzaboote.nix
View file

@ -1,14 +0,0 @@
{ lib, config, ... }:
{
boot = {
loader = {
efi.canTouchEfiVariables = true;
systemd-boot.enable = lib.swarselsystems.mkIfElse (config.swarselsystems.initialSetup || !config.swarselsystems.isSecureBoot) (lib.mkForce true) (lib.mkForce false);
};
lanzaboote = lib.mkIf (!config.swarselsystems.initialSetup && config.swarselsystems.isSecureBoot) {
enable = true;
pkiBundle = "/var/lib/sbctl";
configurationLimit = 3;
};
};
}

34
profiles/nixos/common/lid.nix
View file

@ -1,34 +0,0 @@
_:
{
services.logind = {
lidSwitch = "suspend";
lidSwitchDocked = "ignore";
};
services.acpid = {
enable = true;
handlers.lidClosed = {
event = "button/lid \\w+ close";
action = ''
cat /sys/class/backlight/amdgpu_bl1/device/enabled
if grep -Fxq disabled /sys/class/backlight/amdgpu_bl1/device/enabled
then
echo "Lid closed. Disabling fprintd."
systemctl stop fprintd
ln -s /dev/null /run/systemd/transient/fprintd.service
systemctl daemon-reload
fi
'';
};
handlers.lidOpen = {
event = "button/lid \\w+ open";
action = ''
if ! $(systemctl is-active --quiet fprintd); then
echo "Lid open. Enabling fprintd."
rm -f /run/systemd/transient/fprintd.service
systemctl daemon-reload
systemctl start fprintd
fi
'';
};
};
}

20
profiles/nixos/common/login.nix
View file

@ -1,20 +0,0 @@
{ pkgs, ... }:
{
services.greetd = {
enable = true;
settings = {
initial_session.command = "sway";
default_session.command = ''
${pkgs.greetd.tuigreet}/bin/tuigreet \
--time \
--asterisks \
--user-menu \
--cmd sway
'';
};
};
environment.etc."greetd/environments".text = ''
sway
'';
}

26
profiles/nixos/common/lowbattery.nix
View file

@ -1,26 +0,0 @@
{ pkgs, lib, ... }:
{
systemd.user.services."battery-low" = {
enable = true;
description = "Timer for battery check that alerts at 10% or less";
partOf = [ "graphical-session.target" ];
wantedBy = [ "graphical-session.target" ];
serviceConfig = {
Type = "simple";
ExecStart = pkgs.writeShellScript "battery-low-notification"
''
if (( 10 >= $(${lib.getExe pkgs.acpi} -b | head -n 1 | ${lib.getExe pkgs.ripgrep} -o "\d+%" | ${lib.getExe pkgs.ripgrep} -o "\d+") && $(${lib.getExe pkgs.acpi} -b | head -n 1 | ${lib.getExe pkgs.ripgrep} -o "\d+%" | ${lib.getExe pkgs.ripgrep} -o "\d+") > 0 ));
then ${lib.getExe pkgs.libnotify} --urgency=critical "low battery" "$(${lib.getExe pkgs.acpi} -b | head -n 1 | ${lib.getExe pkgs.ripgrep} -o "\d+%")";
fi;
'';
};
};
systemd.user.timers."battery-low" = {
wantedBy = [ "timers.target" ];
timerConfig = {
# Every Minute
OnCalendar = "*-*-* *:*:00";
Unit = "battery-low.service";
};
};
}

245
profiles/nixos/common/network.nix
View file

@ -1,245 +0,0 @@
{ lib, config, ... }:
{
networking = {
nftables.enable = lib.mkDefault true;
enableIPv6 = lib.mkDefault true;
firewall = {
checkReversePath = lib.mkDefault false;
enable = lib.mkDefault true;
allowedUDPPorts = [ 51820 ]; # 51820: wireguard
allowedTCPPortRanges = [
{ from = 1714; to = 1764; } # kde-connect
];
allowedUDPPortRanges = [
{ from = 1714; to = 1764; } # kde-connect
];
};
networkmanager = {
enable = true;
ensureProfiles = lib.mkIf (!config.swarselsystems.isPublic) {
environmentFiles = [
"${config.sops.templates."network-manager.env".path}"
];
profiles = {
"Ernest Routerford" = {
connection = {
id = "Ernest Routerford";
permissions = "";
type = "wifi";
};
ipv4 = {
dns-search = "";
method = "auto";
};
ipv6 = {
addr-gen-mode = "stable-privacy";
dns-search = "";
method = "auto";
};
wifi = {
mac-address-blacklist = "";
mode = "infrastructure";
ssid = "Ernest Routerford";
};
wifi-security = {
auth-alg = "open";
key-mgmt = "wpa-psk";
psk = "$ERNEST";
};
};
LAN-Party = {
connection = {
autoconnect = "false";
id = "LAN-Party";
type = "ethernet";
};
ethernet = {
auto-negotiate = "true";
cloned-mac-address = "preserve";
mac-address = "90:2E:16:D0:A1:87";
};
ipv4 = { method = "shared"; };
ipv6 = {
addr-gen-mode = "stable-privacy";
method = "auto";
};
proxy = { };
};
eduroam = {
"802-1x" = {
eap = "ttls;";
identity = "$EDUID";
password = "$EDUPASS";
phase2-auth = "mschapv2";
};
connection = {
id = "eduroam";
type = "wifi";
};
ipv4 = { method = "auto"; };
ipv6 = {
addr-gen-mode = "default";
method = "auto";
};
proxy = { };
wifi = {
mode = "infrastructure";
ssid = "eduroam";
};
wifi-security = {
auth-alg = "open";
key-mgmt = "wpa-eap";
};
};
local = {
connection = {
autoconnect = "false";
id = "local";
type = "ethernet";
};
ethernet = { };
ipv4 = {
address1 = "10.42.1.1/24";
method = "shared";
};
ipv6 = {
addr-gen-mode = "stable-privacy";
method = "auto";
};
proxy = { };
};
HH40V_39F5 = {
connection = {
id = "HH40V_39F5";
type = "wifi";
};
ipv4 = { method = "auto"; };
ipv6 = {
addr-gen-mode = "stable-privacy";
method = "auto";
};
proxy = { };
wifi = {
band = "bg";
mode = "infrastructure";
ssid = "HH40V_39F5";
};
wifi-security = {
key-mgmt = "wpa-psk";
psk = "$FRAUNS";
};
};
magicant = {
connection = {
id = "magicant";
type = "wifi";
};
ipv4 = { method = "auto"; };
ipv6 = {
addr-gen-mode = "default";
method = "auto";
};
proxy = { };
wifi = {
mode = "infrastructure";
ssid = "magicant";
};
wifi-security = {
auth-alg = "open";
key-mgmt = "wpa-psk";
psk = "$HANDYHOTSPOT";
};
};
wireguardvpn = {
connection = {
id = "HomeVPN";
type = "wireguard";
autoconnect = "false";
interface-name = "wg1";
};
wireguard = { private-key = "$WIREGUARDPRIV"; };
"wireguard-peer.$WIREGUARDPUB" = {
endpoint = "$WIREGUARDENDPOINT";
allowed-ips = "0.0.0.0/0";
};
ipv4 = {
method = "ignore";
address1 = "192.168.3.3/32";
};
ipv6 = {
addr-gen-mode = "stable-privacy";
method = "ignore";
};
proxy = { };
};
"sweden-aes-128-cbc-udp-dns" = {
connection = {
autoconnect = "false";
id = "PIA Sweden";
type = "vpn";
};
ipv4 = { method = "auto"; };
ipv6 = {
addr-gen-mode = "stable-privacy";
method = "auto";
};
proxy = { };
vpn = {
auth = "sha1";
ca = config.sops.secrets."sweden-aes-128-cbc-udp-dns-ca.pem".path;
challenge-response-flags = "2";
cipher = "aes-128-cbc";
compress = "yes";
connection-type = "password";
crl-verify-file = config.sops.secrets."sweden-aes-128-cbc-udp-dns-crl-verify.pem".path;
dev = "tun";
password-flags = "0";
remote = "sweden.privacy.network:1198";
remote-cert-tls = "server";
reneg-seconds = "0";
service-type = "org.freedesktop.NetworkManager.openvpn";
username = "$VPNUSER";
};
vpn-secrets = { password = "$VPNPASS"; };
};
Hotspot = {
connection = {
autoconnect = "false";
id = "Hotspot";
type = "wifi";
};
ipv4 = { method = "shared"; };
ipv6 = {
addr-gen-mode = "default";
method = "ignore";
};
proxy = { };
wifi = {
mode = "ap";
ssid = "Hotspot-${config.swarselsystems.mainUser}";
};
wifi-security = {
group = "ccmp;";
key-mgmt = "wpa-psk";
pairwise = "ccmp;";
proto = "rsn;";
psk = "$HOTSPOT";
};
};
};
};
};
};
systemd.services.NetworkManager-ensure-profiles.after = [ "NetworkManager.service" ];
}

30
profiles/nixos/common/networkdevices.nix
View file

@ -1,30 +0,0 @@
{ pkgs, ... }:
{
# enable scanners over network
hardware.sane = {
enable = true;
extraBackends = [ pkgs.sane-airscan ];
};
# enable discovery and usage of network devices (esp. printers)
services.printing = {
enable = true;
drivers = [
pkgs.gutenprint
pkgs.gutenprintBin
];
browsedConf = ''
BrowseDNSSDSubTypes _cups,_print
BrowseLocalProtocols all
BrowseRemoteProtocols all
CreateIPPPrinterQueues All
BrowseProtocols all
'';
};
services.avahi = {
enable = true;
nssmdns4 = true;
openFirewall = true;
};
}

110
profiles/nixos/common/nix-ld.nix
View file

@ -1,110 +0,0 @@
{ pkgs, ... }:
{
programs.nix-ld = {
enable = true;
libraries = with pkgs; [
SDL
SDL2
SDL2_image
SDL2_mixer
SDL2_ttf
SDL_image
SDL_mixer
SDL_ttf
alsa-lib
at-spi2-atk
at-spi2-core
atk
bzip2
cairo
cups
curl
dbus
dbus-glib
expat
ffmpeg
flac
fontconfig
freeglut
freetype
fuse3
gdk-pixbuf
glew110
glib
stable.gnome2.GConf
pango
gtk2
gtk3
icu
libGL
libappindicator-gtk2
libappindicator-gtk3
libcaca
libcanberra
libcap
libdbusmenu-gtk2
libdrm
libelf
libgcrypt
libglvnd
libidn
libindicator-gtk2
libjpeg
libmikmod
libnotify
libogg
libpng
libpng12
libpulseaudio
librsvg
libsamplerate
libtheora
libtiff
libudev0-shim
libunwind
libusb1
libuuid
libva
libvdpau
libvorbis
libvpx
libxkbcommon
libxml2
libz
mesa
nspr
nss
openssl
pango
pipewire
pixman
speex
stdenv.cc.cc
steam-fhsenv-without-steam
systemd
tbb
vulkan-loader
xorg.libICE
xorg.libSM
xorg.libX11
xorg.libXScrnSaver
xorg.libXcomposite
xorg.libXcursor
xorg.libXdamage
xorg.libXext
xorg.libXfixes
xorg.libXft
xorg.libXi
xorg.libXinerama
xorg.libXmu
xorg.libXrandr
xorg.libXrender
xorg.libXt
xorg.libXtst
xorg.libXxf86vm
xorg.libxcb
xorg.libxshmfence
zlib
];
};
}

10
profiles/nixos/common/nvd-rebuild.nix
View file

@ -1,10 +0,0 @@
{ pkgs, ... }:
{
system.activationScripts.diff = {
supportsDryActivation = true;
text = ''
${pkgs.nvd}/bin/nvd --color=always --nix-bin-dir=${pkgs.nix}/bin diff \
/run/current-system "$systemConfig"
'';
};
}

123
profiles/nixos/common/packages.nix
View file

@ -1,123 +0,0 @@
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [
# yubikey packages
gnupg
yubikey-personalization
yubikey-personalization-gui
yubico-pam
yubioath-flutter
yubikey-manager
yubikey-manager-qt
yubikey-touch-detector
yubico-piv-tool
cfssl
pcsctools
pcscliteWithPolkit.out
# ledger packages
ledger-live-desktop
# pinentry
dbus
swaylock-effects
syncthingtray-minimal
wl-mirror
# secure boot
sbctl
libsForQt5.qt5.qtwayland
# nix package database
nix-index
nixos-generators
# commit hooks
pre-commit
# proc info
acpi
# pci info
pciutils
usbutils
# better make for general tasks
just
screenshare
fullscreen
# keyboards
qmk
vial
via
# theme related
adwaita-icon-theme
# kde-connect
xdg-desktop-portal
xdg-desktop-portal-wlr
# bluetooth
bluez
# lsp-related -------------------------------
# nix
# latex
# texlab
ghostscript_headless
# wireguard
wireguard-tools
# rust
# rust-analyzer
# clippy
# rustfmt
# go
# go
# gopls
# nix
nixd
# zig
zig
zls
# cpp
# clang-tools
# + cuda
# cudatoolkit
# ansible
# ansible-lint
ansible-language-server
# molecule
#lsp-bridge / python
# gcc
# gdb
# (python3.withPackages (ps: with ps; [ jupyter ipython pyqt5 epc orjson sexpdata six setuptools paramiko numpy pandas scipy matplotlib requests debugpy flake8 gnureadline python-lsp-server ]))
# (python3.withPackages(ps: with ps; [ jupyter ipython pyqt5 numpy pandas scipy matplotlib requests debugpy flake8 gnureadline python-lsp-server]))
# --------------------------------------------
# (stdenv.mkDerivation {
# name = "oama";
# src = pkgs.fetchurl {
# name = "oama";
# url = "https://github.com/pdobsan/oama/releases/download/0.13.1/oama-0.13.1-Linux-x86_64-static.tgz";
# sha256 = "sha256-OTdCObVfnMPhgZxVtZqehgUXtKT1iyqozdkPIV+i3Gc=";
# };
# phases = [
# "unpackPhase"
# ];
# unpackPhase = ''
# mkdir -p $out/bin
# tar xvf $src -C $out/
# mv $out/oama-0.13.1-Linux-x86_64-static/oama $out/bin/
# '';
# })
];
}

15
profiles/nixos/common/pipewire.nix
View file

@ -1,15 +0,0 @@
_: {
security.rtkit.enable = true; # this is required for pipewire real-time access
services.pipewire = {
enable = true;
pulse.enable = true;
jack.enable = true;
audio.enable = true;
wireplumber.enable = true;
alsa = {
enable = true;
support32Bit = true;
};
};
}

20
profiles/nixos/common/polkit.nix
View file

@ -1,20 +0,0 @@
_:
{
security = {
pam.services = {
login.u2fAuth = true;
sudo.u2fAuth = true;
swaylock.u2fAuth = true;
swaylock.fprintAuth = false;
};
polkit.enable = true;
sudo.extraConfig = ''
Defaults env_keep+=SSH_AUTH_SOCK
Defaults env_keep+=XDG_RUNTIME_DIR
Defaults env_keep+=WAYLAND_DISPLAY
'';
};
}

4
profiles/nixos/common/power-profiles-daemon.nix
View file

@ -1,4 +0,0 @@
_:
{
services.power-profiles-daemon.enable = true;
}

8
profiles/nixos/common/programs.nix
View file

@ -1,8 +0,0 @@
_:
{
programs = {
dconf.enable = true;
evince.enable = true;
kdeconnect.enable = true;
};
}

8
profiles/nixos/common/pulseaudio.nix
View file

@ -1,8 +0,0 @@
{ config, pkgs, lib, ... }: {
services.pulseaudio = {
enable = lib.mkIf (!config.services.pipewire.enable) true;
package = pkgs.pulseaudioFull;
};
}

45
profiles/nixos/common/settings.nix
View file

@ -1,45 +0,0 @@
{ lib, config, outputs, inputs, ... }:
{
nixpkgs = {
overlays = [ outputs.overlays.default ];
config = {
allowUnfree = true;
};
};
nix =
let
flakeInputs = lib.filterAttrs (_: lib.isType "flake") inputs;
in
{
settings = {
experimental-features = [
"nix-command"
"flakes"
"ca-derivations"
"cgroups"
"pipe-operators"
];
trusted-users = [ "@wheel" "${config.swarselsystems.mainUser}" ];
connect-timeout = 5;
bash-prompt-prefix = "$SHLVL:\\w ";
bash-prompt = "$(if [[ $? -gt 0 ]]; then printf \"\"; else printf \"\"; fi)\[\e[1m\]λ\[\e[0m\] ";
fallback = true;
min-free = 128000000;
max-free = 1000000000;
flake-registry = "";
auto-optimise-store = true;
warn-dirty = false;
max-jobs = 1;
use-cgroups = lib.mkIf config.swarselsystems.isLinux true;
};
channel.enable = false;
registry = lib.mapAttrs (_: flake: { inherit flake; }) flakeInputs;
nixPath = lib.mapAttrsToList (n: _: "${n}=flake:${n}") flakeInputs;
};
system.stateVersion = lib.mkDefault "23.05";
}

26
profiles/nixos/common/sharedsetup.nix
View file

@ -1,26 +0,0 @@
{ lib, ... }:
{
options.swarselsystems = {
withHomeManager = lib.mkOption {
type = lib.types.bool;
default = true;
};
isSwap = lib.mkOption {
type = lib.types.bool;
default = true;
};
swapSize = lib.mkOption {
type = lib.types.str;
default = "8G";
};
rootDisk = lib.mkOption {
type = lib.types.str;
default = "";
};
isCrypted = lib.mkEnableOption "uses full disk encryption";
initialSetup = lib.mkEnableOption "initial setup (no sops keys available)";
isImpermanence = lib.mkEnableOption "use impermanence on this system";
isSecureBoot = lib.mkEnableOption "use secure boot on this system";
};
}

51
profiles/nixos/common/sops.nix
View file

@ -1,51 +0,0 @@
{ self, config, lib, ... }:
let
certsSopsFile = self + /secrets/certs/secrets.yaml;
inherit (config.swarselsystems) mainUser homeDir;
in
{
sops = lib.mkIf (!config.swarselsystems.isPublic) {
age.sshKeyPaths = lib.swarselsystems.mkIfElseList config.swarselsystems.isBtrfs [ "/persist/.ssh/sops" "/persist/.ssh/ssh_host_ed25519_key" ] [ "${homeDir}/.ssh/sops" "/etc/ssh/ssh_host_ed25519_key" ];
defaultSopsFile = lib.swarselsystems.mkIfElseList config.swarselsystems.isBtrfs "/persist/.dotfiles/secrets/general/secrets.yaml" "${homeDir}/.dotfiles/secrets/general/secrets.yaml";
validateSopsFiles = false;
secrets = {
ernest = { };
frauns = { };
hotspot = { };
eduid = { };
edupass = { };
handyhotspot = { };
vpnuser = { };
vpnpass = { };
wireguardpriv = { };
wireguardpub = { };
wireguardendpoint = { };
stashuser = { };
stashpass = { };
githubforgeuser = { };
githubforgepass = { };
gitlabforgeuser = { };
gitlabforgepass = { };
"sweden-aes-128-cbc-udp-dns-crl-verify.pem" = { sopsFile = certsSopsFile; owner = mainUser; };
"sweden-aes-128-cbc-udp-dns-ca.pem" = { sopsFile = certsSopsFile; owner = mainUser; };
};
templates = {
"network-manager.env".content = ''
ERNEST=${config.sops.placeholder.ernest}
FRAUNS=${config.sops.placeholder.frauns}
HOTSPOT=${config.sops.placeholder.hotspot}
EDUID=${config.sops.placeholder.eduid}
EDUPASS=${config.sops.placeholder.edupass}
HANDYHOTSPOT=${config.sops.placeholder.handyhotspot}
VPNUSER=${config.sops.placeholder.vpnuser}
VPNPASS=${config.sops.placeholder.vpnpass}
WIREGUARDPRIV=${config.sops.placeholder.wireguardpriv}
WIREGUARDPUB=${config.sops.placeholder.wireguardpub}
WIREGUARDENDPOINT=${config.sops.placeholder.wireguardendpoint}
'';
};
};
}

7
profiles/nixos/common/store.nix
View file

@ -1,7 +0,0 @@
_:
{
nix.optimise = {
automatic = true;
dates = [ "weekly" ];
};
}

14
profiles/nixos/common/stylix.nix
View file

@ -1,14 +0,0 @@
{ lib, config, ... }:
{
stylix = lib.recursiveUpdate
{
targets.grub.enable = false; # the styling makes grub more ugly
image = config.swarselsystems.wallpaper;
}
config.swarselsystems.stylix;
home-manager.users."${config.swarselsystems.mainUser}" = {
stylix = {
targets = config.swarselsystems.stylixHomeTargets;
};
};
}

23
profiles/nixos/common/sway.nix
View file

@ -1,23 +0,0 @@
{ pkgs, ... }:
{
programs.sway = {
enable = true;
package = pkgs.swayfx;
wrapperFeatures = {
base = true;
gtk = true;
};
extraSessionCommands = ''
export XDG_SESSION_DESKTOP=sway
export SDL_VIDEODRIVER=wayland
export QT_QPA_PLATFORM=wayland-egl
export QT_WAYLAND_DISABLE_WINDOWDECORATION=1
export QT_QPA_PLATFORM_PLUGIN_PATH="${pkgs.libsForQt5.qt5.qtbase.bin}/lib/qt-${pkgs.libsForQt5.qt5.qtbase.version}/plugins";
export MOZ_ENABLE_WAYLAND=1
export MOZ_DISABLE_RDD_SANDBOX=1
'';
};
}

53
profiles/nixos/common/syncthing.nix
View file

@ -1,53 +0,0 @@
{ lib, config, ... }:
let
inherit (config.swarselsystems) mainUser homeDir;
in
{
services.syncthing = {
enable = true;
user = mainUser;
dataDir = homeDir;
configDir = "${homeDir}/.config/syncthing";
openDefaultPorts = true;
settings = {
devices = {
"magicant" = {
id = "VMWGEE2-4HDS2QO-KNQOVGN-LXLX6LA-666E4EK-ZBRYRRO-XFEX6FB-6E3XLQO";
};
"sync (@oracle)" = {
id = "ETW6TST-NPK7MKZ-M4LXMHA-QUPQHDT-VTSHH5X-CR5EIN2-YU7E55F-MGT7DQB";
};
"winters" = {
id = "O7RWDMD-AEAHPP7-7TAVLKZ-BSWNBTU-2VA44MS-EYGUNBB-SLHKB3C-ZSLMOAA";
};
};
folders = {
"Default Folder" = lib.mkDefault {
path = "${homeDir}/Sync";
devices = [ "sync (@oracle)" "magicant" "winters" ];
id = "default";
};
"Obsidian" = {
path = "${homeDir}/Nextcloud/Obsidian";
devices = [ "sync (@oracle)" "magicant" "winters" ];
id = "yjvni-9eaa7";
};
"Org" = {
path = "${homeDir}/Nextcloud/Org";
devices = [ "sync (@oracle)" "magicant" "winters" ];
id = "a7xnl-zjj3d";
};
"Vpn" = {
path = "${homeDir}/Vpn";
devices = [ "sync (@oracle)" "magicant" "winters" ];
id = "hgp9s-fyq3p";
};
".elfeed" = {
path = "${homeDir}/.elfeed";
devices = [ "sync (@oracle)" "magicant" "winters" ];
id = "h7xbs-fs9v1";
};
};
};
};
}

8
profiles/nixos/common/systemd.nix
View file

@ -1,8 +0,0 @@
_:
{
# systemd
systemd.extraConfig = ''
DefaultTimeoutStartSec=60s
DefaultTimeoutStopSec=15s
'';
}

22
profiles/nixos/common/time.nix
View file

@ -1,22 +0,0 @@
_:
{
time = {
timeZone = "Europe/Vienna";
# hardwareClockInLocalTime = true;
};
i18n = {
defaultLocale = "en_US.UTF-8";
extraLocaleSettings = {
LC_ADDRESS = "de_AT.UTF-8";
LC_IDENTIFICATION = "de_AT.UTF-8";
LC_MEASUREMENT = "de_AT.UTF-8";
LC_MONETARY = "de_AT.UTF-8";
LC_NAME = "de_AT.UTF-8";
LC_NUMERIC = "de_AT.UTF-8";
LC_PAPER = "de_AT.UTF-8";
LC_TELEPHONE = "de_AT.UTF-8";
LC_TIME = "de_AT.UTF-8";
};
};
}

16
profiles/nixos/common/users.nix
View file

@ -1,16 +0,0 @@
{ pkgs, config, lib, ... }:
{
sops.secrets.swarseluser = lib.mkIf (!config.swarselsystems.isPublic) { neededForUsers = true; };
users = {
mutableUsers = lib.mkIf (!config.swarselsystems.initialSetup) false;
users."${config.swarselsystems.mainUser}" = {
isNormalUser = true;
description = "Leon S";
password = lib.mkIf config.swarselsystems.initialSetup "setup";
hashedPasswordFile = lib.mkIf (!config.swarselsystems.initialSetup) config.sops.secrets.swarseluser.path;
extraGroups = [ "networkmanager" "syncthing" "docker" "wheel" "lp" "audio" "video" "vboxusers" "libvirtd" "scanner" ];
packages = with pkgs; [ ];
};
};
}

19
profiles/nixos/common/xdg-portal.nix
View file

@ -1,19 +0,0 @@
{ pkgs, ... }:
{
xdg.portal = {
enable = true;
config = {
common = {
default = "wlr";
};
};
wlr.enable = true;
wlr.settings.screencast = {
output_name = "eDP-1";
chooser_type = "simple";
chooser_cmd = "${pkgs.slurp}/bin/slurp -f %o -or";
};
};
}

9
profiles/nixos/common/xserver.nix
View file

@ -1,9 +0,0 @@
_:
{
services.xserver = {
xkb = {
layout = "us";
variant = "altgr-intl";
};
};
}

7
profiles/nixos/common/zsh.nix
View file

@ -1,7 +0,0 @@
{ pkgs, ... }:
{
programs.zsh.enable = true;
users.defaultUserShell = pkgs.zsh;
environment.shells = with pkgs; [ zsh ];
environment.pathsToLink = [ "/share/zsh" ];
}

5
profiles/nixos/default.nix Normal file
View file

@ -0,0 +1,5 @@
{ lib, ... }:
let
moduleNames = lib.swarselsystems.readNix "profiles/nixos";
in
lib.swarselsystems.mkModules moduleNames "nixos"

10
profiles/nixos/optional/autologin.nix
View file

@ -1,10 +0,0 @@
{ config, ... }:
let
inherit (config.swarselsystems) mainUser;
in
{
services = {
getty.autologinUser = mainUser;
greetd.settings.initial_session.user = mainUser;
};
}

37
profiles/nixos/optional/gaming.nix
View file

@ -1,37 +0,0 @@
{ pkgs, lib, ... }:
{
specialisation = {
gaming.configuration = {
networking = {
firewall.enable = lib.mkForce false;
firewall = {
allowedUDPPorts = [ 4380 27036 14242 34197 ]; # 34197: factorio; 4380 27036 14242: barotrauma;
allowedTCPPorts = [ ]; # 34197: factorio; 4380 27036 14242: barotrauma; 51820: wireguard
allowedTCPPortRanges = [
{ from = 27015; to = 27030; } # barotrauma
{ from = 27036; to = 27037; } # barotrauma
];
allowedUDPPortRanges = [
{ from = 27000; to = 27031; } # barotrauma
{ from = 58962; to = 58964; } # barotrauma
];
};
};
programs.steam = {
enable = true;
package = pkgs.steam;
extraCompatPackages = [
pkgs.proton-ge-bin
];
};
hardware.xone.enable = true;
environment.systemPackages = [
pkgs.linuxKernel.packages.linux_6_12.xone
];
};
};
}

10
profiles/nixos/optional/nswitch-rcm.nix
View file

@ -1,10 +0,0 @@
{ pkgs, ... }:
{
services.nswitch-rcm = {
enable = true;
package = pkgs.fetchurl {
url = "https://github.com/Atmosphere-NX/Atmosphere/releases/download/1.3.2/fusee.bin";
hash = "sha256-5AXzNsny45SPLIrvWJA9/JlOCal5l6Y++Cm+RtlJppI=";
};
};
}

21
profiles/nixos/optional/virtualbox.nix
View file

@ -1,21 +0,0 @@
{ lib, pkgs, ... }:
{
specialisation = {
VBox.configuration = {
virtualisation.virtualbox = {
host = {
enable = true;
enableExtensionPack = true;
};
# leaving this here for future notice. setting guest.enable = true will make 'restarting sysinit-reactivation.target' take till timeout on nixos-rebuild switch
guest = {
enable = false;
};
};
# run an older kernel to provide compatibility with windows vm
boot.kernelPackages = lib.mkForce pkgs.linuxPackages;
};
};
}

6
profiles/nixos/optional/vmware.nix
View file

@ -1,6 +0,0 @@
_:
{
virtualisation.vmware.host.enable = true;
virtualisation.vmware.guest.enable = true;
}

168
profiles/nixos/optional/work.nix
View file

@ -1,168 +0,0 @@
{ self, lib, pkgs, config, ... }:
let
inherit (config.swarselsystems) mainUser homeDir xdgDir;
owner = mainUser;
sopsFile = self + /secrets/work/secrets.yaml;
swarselService = name: description: execStart: {
"${name}" = {
enable = true;
inherit description;
serviceConfig = {
ExecStart = execStart;
User = mainUser;
Group = "users";
Environment = [
"PATH=/run/current-system/sw/bin:/etc/profiles/per-user/${mainUser}/bin"
"XDG_RUNTIME_DIR=${xdgDir}"
"WAYLAND_DISPLAY=wayland-1"
];
Type = "oneshot";
StandardOutput = "journal";
StandardError = "journal";
};
};
};
in
{
sops = {
secrets = {
vcuser = {
inherit owner sopsFile;
};
vcpw = {
inherit owner sopsFile;
};
};
};
boot.initrd = {
systemd.enable = lib.mkForce true; # make sure we are using initrd systemd even when not using Impermanence
luks = {
# disable "support" since we use systemd-cryptenroll
# make sure yubikeys are enrolled using
# sudo systemd-cryptenroll --fido2-device=auto --fido2-with-user-verification=no --fido2-with-user-presence=true --fido2-with-client-pin=no /dev/nvme0n1p2
yubikeySupport = false;
fido2Support = false;
};
};
programs = {
zsh.shellInit = ''
export VSPHERE_USER="$(cat ${config.sops.secrets.vcuser.path})"
export VSPHERE_PW="$(cat ${config.sops.secrets.vcpw.path})"
'';
browserpass.enable = true;
_1password.enable = true;
_1password-gui = {
enable = true;
polkitPolicyOwners = [ "${mainUser}" ];
};
};
networking = {
firewall.trustedInterfaces = [ "virbr0" ];
search = [
"vbc.ac.at"
"clip.vbc.ac.at"
"imp.univie.ac.at"
];
};
virtualisation = {
docker.enable = lib.mkIf (!config.virtualisation.podman.dockerCompat) true;
spiceUSBRedirection.enable = true;
libvirtd = {
enable = true;
qemu = {
package = pkgs.qemu_kvm;
runAsRoot = true;
swtpm.enable = true;
vhostUserPackages = with pkgs; [ virtiofsd ];
ovmf = {
enable = true;
packages = [
(pkgs.OVMFFull.override {
secureBoot = true;
tpmSupport = true;
}).fd
];
};
};
};
};
environment.systemPackages = with pkgs; [
# (python39.withPackages (ps: with ps; [
# cryptography
# ]))
# docker
python39
qemu
packer
gnumake
libisoburn
govc
terraform
graphviz
# vm
virt-manager
virt-viewer
virtiofsd
spice
spice-gtk
spice-protocol
win-virtio
win-spice
];
services = {
spice-vdagentd.enable = true;
openssh = {
enable = true;
extraConfig = ''
'';
};
syncthing = {
settings = {
"winters" = {
id = "O7RWDMD-AEAHPP7-7TAVLKZ-BSWNBTU-2VA44MS-EYGUNBB-SLHKB3C-ZSLMOAA";
};
folders = {
"Documents" = {
path = "${homeDir}/Documents";
devices = [ "magicant" "winters" ];
id = "hgr3d-pfu3w";
};
};
};
};
udev.extraRules = ''
# share screen when dongle detected
SUBSYSTEM=="usb", ACTION=="add", ATTRS{idVendor}=="04e8", ATTRS{idProduct}=="6860", TAG+="systemd", ENV{SYSTEMD_WANTS}="swarsel-screenshare.service"
# lock screen when yubikey removed
ACTION=="remove", ENV{PRODUCT}=="3/1050/407/110", RUN+="${pkgs.systemd}/bin/systemctl suspend"
'';
};
systemd.services = lib.mkMerge [
(swarselService "swarsel-screenshare" "Start screensharing after HDMI dongle is detected" "${pkgs.screenshare}/bin/screenshare -h")
];
# cgroups v1 is required for centos7 dockers
specialisation = {
cgroup_v1.configuration = {
boot.kernelParams = [
"SYSTEMD_CGROUP_ENABLE_LEGACY_FORCE=1"
"systemd.unified_cgroup_hierarchy=0"
];
};
};
}

42
profiles/nixos/server/ankisync.nix
View file

@ -1,42 +0,0 @@
{ lib, config, ... }:
{
options.swarselsystems.server.ankisync = lib.mkEnableOption "enable ankisync on server";
config = lib.mkIf config.swarselsystems.server.ankisync {
networking.firewall.allowedTCPPorts = [ 22701 ];
sops.secrets.swarsel = { owner = "root"; };
services.anki-sync-server = {
enable = true;
port = 27701;
address = "0.0.0.0";
openFirewall = true;
users = [
{
username = "Swarsel";
passwordFile = config.sops.secrets.swarsel.path;
}
];
};
services.nginx = {
virtualHosts = {
"synki.swarsel.win" = {
enableACME = true;
forceSSL = true;
acmeRoot = null;
locations = {
"/" = {
proxyPass = "http://localhost:27701";
extraConfig = ''
client_max_body_size 0;
'';
};
};
};
};
};
};
}

20
profiles/nixos/server/default.nix
View file

@ -1,20 +0,0 @@
{ self, lib, ... }:
let
importNames = lib.swarselsystems.readNix "profiles/nixos/server";
profilesPath = "${self}/profiles";
in
{
imports = lib.swarselsystems.mkImports importNames "profiles/nixos/server" ++ [
"${profilesPath}/nixos/common/settings.nix"
"${profilesPath}/nixos/common/home-manager.nix"
"${profilesPath}/nixos/common/home-manager-extra.nix"
"${profilesPath}/nixos/common/xserver.nix"
"${profilesPath}/nixos/common/gc.nix"
"${profilesPath}/nixos/common/store.nix"
"${profilesPath}/nixos/common/time.nix"
"${profilesPath}/nixos/common/users.nix"
"${profilesPath}/nixos/common/nix-ld.nix"
"${profilesPath}/nixos/common/sharedsetup.nix"
"${profilesPath}/home/common/sharedsetup.nix"
];
}

16
profiles/nixos/server/emacs.nix
View file

@ -1,16 +0,0 @@
{ lib, config, ... }:
{
options.swarselsystems.server.emacs = lib.mkEnableOption "enable emacs server on server";
config = lib.mkIf config.swarselsystems.server.emacs {
networking.firewall.allowedTCPPorts = [ 9812 ];
services.emacs = {
enable = true;
install = true;
startWithGraphical = false;
};
};
}

47
profiles/nixos/server/forgejo.nix
View file

@ -1,47 +0,0 @@
{ lib, config, ... }:
{
options.swarselsystems.server.forgejo = lib.mkEnableOption "enable forgejo on server";
config = lib.mkIf config.swarselsystems.server.forgejo {
networking.firewall.allowedTCPPorts = [ 3000 ];
services.forgejo = {
enable = true;
settings = {
DEFAULT = {
APP_NAME = "~SwaGit~";
};
server = {
PROTOCOL = "http";
HTTP_PORT = 3000;
HTTP_ADDR = "0.0.0.0";
DOMAIN = "swagit.swarsel.win";
ROOT_URL = "https://swagit.swarsel.win";
};
service = {
DISABLE_REGISTRATION = true;
SHOW_REGISTRATION_BUTTON = false;
};
};
};
services.nginx = {
virtualHosts = {
"swagit.swarsel.win" = {
enableACME = true;
forceSSL = true;
acmeRoot = null;
locations = {
"/" = {
proxyPass = "http://localhost:3000";
extraConfig = ''
client_max_body_size 0;
'';
};
};
};
};
};
};
}

37
profiles/nixos/server/freshrss.nix
View file

@ -1,37 +0,0 @@
{ lib, config, ... }:
{
options.swarselsystems.server.freshrss = lib.mkEnableOption "enable freshrss on server";
config = lib.mkIf config.swarselsystems.server.freshrss {
users.users.freshrss = {
extraGroups = [ "users" ];
group = "freshrss";
isSystemUser = true;
};
users.groups.freshrss = { };
sops.secrets.fresh = { owner = "freshrss"; };
services.freshrss = {
enable = true;
virtualHost = "signpost.swarsel.win";
baseUrl = "https://signpost.swarsel.win";
# authType = "none";
dataDir = "/Vault/data/tt-rss";
defaultUser = "Swarsel";
passwordFile = config.sops.secrets.fresh.path;
};
services.nginx = {
virtualHosts = {
"signpost.swarsel.win" = {
enableACME = true;
forceSSL = true;
acmeRoot = null;
};
};
};
};
}

Some files were not shown because too many files have changed in this diff Show more