swarsel/.dotfiles
1
0
Fork 0
mirror of https://github.com/Swarsel/.dotfiles.git synced 2026-04-14 13:19:09 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

chore: update flake

Browse source
This commit is contained in:
Leon Schwarzäugl 2026-03-05 23:09:50 +01:00
parent c1a5cfa20c
commit 2ea5b9c764
Signed by: swarsel
GPG key ID: 26A54C31F2A4FD84
25 changed files with 1527 additions and 1270 deletions
Download patch file Download diff file Expand all files Collapse all files

266
SwarselSystems.org
View file

@ -1738,7 +1738,9 @@ A short overview over each input and what it does:
smallpkgs.url = "github:nixos/nixpkgs/08fcb0dcb59df0344652b38ea6326a2d8271baff?narHash=sha256-HXIQzULIG/MEUW2Q/Ss47oE3QrjxvpUX7gUl4Xp6lnc%3D&shallow=1"; smallpkgs.url = "github:nixos/nixpkgs/08fcb0dcb59df0344652b38ea6326a2d8271baff?narHash=sha256-HXIQzULIG/MEUW2Q/Ss47oE3QrjxvpUX7gUl4Xp6lnc%3D&shallow=1";
nixpkgs-dev.url = "github:Swarsel/nixpkgs/main"; nixpkgs-dev.url = "github:Swarsel/nixpkgs/main";
nixpkgs-bisect.url = "github:nixos/nixpkgs/master"; nixpkgs-bisect.url = "github:nixos/nixpkgs/master";
nixpkgs-kernel.url = "github:NixOS/nixpkgs/063f43f2dbdef86376cc29ad646c45c46e93234c?narHash=sha256-6m1Y3/4pVw1RWTsrkAK2VMYSzG4MMIj7sqUy7o8th1o%3D"; #specifically pinned for kernel version nixpkgs-update.url = "github:r-ryantm/nixpkgs/auto-update/oauth2-proxy";
# nixpkgs-kernel.url = "github:NixOS/nixpkgs/063f43f2dbdef86376cc29ad646c45c46e93234c?narHash=sha256-6m1Y3/4pVw1RWTsrkAK2VMYSzG4MMIj7sqUy7o8th1o%3D"; #specifically pinned for kernel version
nixpkgs-kernel.url = "github:nixos/nixpkgs/dd9b079222d43e1943b6ebd802f04fd959dc8e61?narHash=sha256-I45esRSssFtJ8p/gLHUZ1OUaaTaVLluNkABkk6arQwE%3D"; #specifically pinned for kernel version
nixpkgs-stable.url = "github:NixOS/nixpkgs/nixos-25.11"; nixpkgs-stable.url = "github:NixOS/nixpkgs/nixos-25.11";
nixpkgs-oddlama.url = "github:oddlama/nixpkgs/update/firezone-server"; nixpkgs-oddlama.url = "github:oddlama/nixpkgs/update/firezone-server";
nixpkgs-stable24_05.url = "github:NixOS/nixpkgs/nixos-24.05"; nixpkgs-stable24_05.url = "github:NixOS/nixpkgs/nixos-24.05";
@ -1780,7 +1782,8 @@ A short overview over each input and what it does:
systems.url = "github:nix-systems/default"; systems.url = "github:nix-systems/default";
nur.url = "github:nix-community/NUR"; nur.url = "github:nix-community/NUR";
nixgl.url = "github:guibou/nixGL"; nixgl.url = "github:guibou/nixGL";
stylix.url = "github:danth/stylix"; # stylix.url = "github:danth/stylix";
stylix.url = "github:Swarsel/stylix";
sops.url = "github:Mic92/sops-nix"; sops.url = "github:Mic92/sops-nix";
lanzaboote.url = "github:nix-community/lanzaboote"; lanzaboote.url = "github:nix-community/lanzaboote";
nix-on-droid.url = "github:nix-community/nix-on-droid/release-24.05"; nix-on-droid.url = "github:nix-community/nix-on-droid/release-24.05";
@ -1797,6 +1800,7 @@ A short overview over each input and what it does:
flake-parts.url = "github:hercules-ci/flake-parts"; flake-parts.url = "github:hercules-ci/flake-parts";
devshell.url = "github:numtide/devshell"; devshell.url = "github:numtide/devshell";
spicetify-nix.url = "github:Gerg-l/spicetify-nix"; spicetify-nix.url = "github:Gerg-l/spicetify-nix";
# spicetify-nix.url = "github:Swarsel/spicetify-nix";
niri-flake.url = "github:sodiboo/niri-flake"; niri-flake.url = "github:sodiboo/niri-flake";
nixos-extra-modules.url = "github:oddlama/nixos-extra-modules/main"; nixos-extra-modules.url = "github:oddlama/nixos-extra-modules/main";
microvm.url = "github:astro/microvm.nix"; microvm.url = "github:astro/microvm.nix";
@ -3366,7 +3370,7 @@ This is an improvement to what I did earlier, where I did not use =nixos-generat
packages = { packages = {
# nix build --print-out-paths --no-link .#live-iso # nix build --print-out-paths --no-link .#live-iso
live-iso = inputs.nixos-generators.nixosGenerate { live-iso = inputs.nixos-generators.nixosGenerate {
inherit pkgs; inherit pkgs system;
specialArgs = { inherit self; }; specialArgs = { inherit self; };
modules = [ modules = [
inputs.home-manager.nixosModules.home-manager inputs.home-manager.nixosModules.home-manager
@ -3899,7 +3903,8 @@ This system is built with support for arm emulation, so it can build configurati
# ''; # '';
boot = { boot = {
kernelPackages = lib.mkDefault pkgs.kernel.linuxPackages; # kernelPackages = lib.mkDefault pkgs.kernel.linuxPackages;
kernelPackages = lib.mkDefault pkgs.kernel.linuxPackages_latest;
# kernelPackages = lib.mkDefault pkgs.linuxPackages_latest; # kernelPackages = lib.mkDefault pkgs.linuxPackages_latest;
binfmt.emulatedSystems = [ "aarch64-linux" ]; binfmt.emulatedSystems = [ "aarch64-linux" ];
initrd = { initrd = {
@ -10926,31 +10931,30 @@ When a program does not work, start with =nix-ldd <program>=. This will tell you
pipewire pipewire
pixman pixman
speex speex
# stable.cc.cc steam-fhsenv-without-steam
stable25_05.steam-fhsenv-without-steam
systemd systemd
tbb tbb
vulkan-loader vulkan-loader
xorg.libICE libice
xorg.libSM libsm
xorg.libX11 libx11
xorg.libXScrnSaver libxscrnsaver
xorg.libXcomposite libxcomposite
xorg.libXcursor libxcursor
xorg.libXdamage libxdamage
xorg.libXext libxext
xorg.libXfixes libxfixes
xorg.libXft libxft
xorg.libXi libxi
xorg.libXinerama libxinerama
xorg.libXmu libxmu
xorg.libXrandr libxrandr
xorg.libXrender libxrender
xorg.libXt libxt
xorg.libXtst libxtst
xorg.libXxf86vm libxxf86vm
xorg.libxcb libxcb
xorg.libxshmfence libxshmfence
zlib zlib
]; ];
}; };
@ -12934,7 +12938,7 @@ This is the configuration to make [[#h:58c7563e-6954-42e6-a622-9d06523e8e24][Hin
Kavita is the service I use for my library management. It seems more tailored towards comics/graphic novels, but still I prefer its interface to what calibre offers. Kavita is the service I use for my library management. It seems more tailored towards comics/graphic novels, but still I prefer its interface to what calibre offers.
#+begin_src nix-ts :tangle modules/nixos/server/kavita.nix #+begin_src nix-ts :tangle modules/nixos/server/kavita.nix
{ self, lib, config, pkgs, globals, dns, confLib, ... }: { lib, config, globals, dns, confLib, ... }:
let let
inherit (config.swarselsystems) sopsFile; inherit (config.swarselsystems) sopsFile;
@ -12944,9 +12948,6 @@ Kavita is the service I use for my library management. It seems more tailored to
{ {
options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
config = lib.mkIf config.swarselmodules.server.${serviceName} { config = lib.mkIf config.swarselmodules.server.${serviceName} {
environment.systemPackages = with pkgs; [
calibre
];
users = { users = {
persistentIds.kavita = confLib.mkIds 995; persistentIds.kavita = confLib.mkIds 995;
@ -13966,7 +13967,7 @@ My file server. I aim to decomission this as soon as I can, however, I need a re
inherit (confLib.gen { name = "nextcloud"; port = 80; }) servicePort serviceName serviceUser serviceGroup serviceDomain serviceAddress proxyAddress4 proxyAddress6; inherit (confLib.gen { name = "nextcloud"; port = 80; }) servicePort serviceName serviceUser serviceGroup serviceDomain serviceAddress proxyAddress4 proxyAddress6;
inherit (confLib.static) isHome dnsServer webProxy homeWebProxy homeServiceAddress nginxAccessRules; inherit (confLib.static) isHome dnsServer webProxy homeWebProxy homeServiceAddress nginxAccessRules;
nextcloudVersion = "32"; nextcloudVersion = "33";
in in
{ {
options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
@ -14243,11 +14244,12 @@ Also I install Tika and Gotenberg, which are needed to create PDFs out of =.eml=
gotenberg = { gotenberg = {
enable = true; enable = true;
package = pkgs.stable.gotenberg; package = pkgs.gotenberg;
libreoffice.package = pkgs.libreoffice;
port = gotenbergPort; port = gotenbergPort;
bindIP = "127.0.0.1"; bindIP = "127.0.0.1";
timeout = "600s"; timeout = "600s";
chromium.package = pkgs.stable.chromium; chromium.package = pkgs.chromium;
}; };
}; };
@ -14930,7 +14932,9 @@ This section exposes several metrics that I use to check the health of my server
analytics.reporting_enabled = false; analytics.reporting_enabled = false;
users.allow_sign_up = false; users.allow_sign_up = false;
security = { security = {
admin_password = "$__file{/run/secrets/grafana-admin-pw}"; # admin_password = "$__file{/run/secrets/grafana-admin-pw}";
disable_initial_admin_creation = true;
secret_key = "$__file{${config.sops.secrets.grafana-admin-pw.path}}";
cookie_secure = true; cookie_secure = true;
disable_gravatar = true; disable_gravatar = true;
}; };
@ -15799,9 +15803,10 @@ kanidm person credential create-reset-token <user>
services = { services = {
${serviceName} = { ${serviceName} = {
package = pkgs.kanidmWithSecretProvisioning_1_8; package = pkgs.kanidmWithSecretProvisioning_1_9;
enableServer = true; server = {
serverSettings = { enable = true;
settings = {
domain = serviceDomain; domain = serviceDomain;
origin = "https://${serviceDomain}"; origin = "https://${serviceDomain}";
# tls_chain = config.sops.secrets.kanidm-self-signed-crt.path; # tls_chain = config.sops.secrets.kanidm-self-signed-crt.path;
@ -15811,12 +15816,15 @@ kanidm person credential create-reset-token <user>
bindaddress = "0.0.0.0:${toString servicePort}"; bindaddress = "0.0.0.0:${toString servicePort}";
# trust_x_forward_for = true; # trust_x_forward_for = true;
}; };
enableClient = true; };
clientSettings = { client = {
uri = config.services.kanidm.serverSettings.origin; enable = true;
settings = {
uri = config.services.kanidm.server.settings.origin;
verify_ca = true; verify_ca = true;
verify_hostnames = true; verify_hostnames = true;
}; };
};
provision = { provision = {
enable = true; enable = true;
adminPasswordFile = config.sops.secrets.kanidm-admin-pw.path; adminPasswordFile = config.sops.secrets.kanidm-admin-pw.path;
@ -16205,9 +16213,9 @@ This can be used to add OIDC in a way to services that do not support it nativel
domain = ".${mainDomain}"; domain = ".${mainDomain}";
secure = true; secure = true;
expire = "900m"; expire = "900m";
secret = null; # set by service EnvironmentFile secretFile = null;
}; };
clientSecret = null; # set by service EnvironmentFile clientSecretFile = null;
reverseProxy = true; reverseProxy = true;
httpAddress = "0.0.0.0:${builtins.toString servicePort}"; httpAddress = "0.0.0.0:${builtins.toString servicePort}";
redirectURL = "https://${serviceDomain}/oauth2/callback"; redirectURL = "https://${serviceDomain}/oauth2/callback";
@ -18341,7 +18349,7 @@ When changing the hashed passwords, =dovecot= needs to be restarted manually, it
}; };
# the rest of the ports are managed by snm # the rest of the ports are managed by snm
networking.firewall.allowedTCPPorts = [ 80 servicePort ]; networking.firewall.allowedTCPPorts = [ 80 443 ];
services.nginx = { services.nginx = {
virtualHosts = { virtualHosts = {
@ -18372,8 +18380,8 @@ When changing the hashed passwords, =dovecot= needs to be restarted manually, it
"${globals.services.${serviceName}.subDomain}" = dns.lib.combinators.host endpointAddress4 endpointAddress6; "${globals.services.${serviceName}.subDomain}" = dns.lib.combinators.host endpointAddress4 endpointAddress6;
"${globals.services.roundcube.subDomain}" = dns.lib.combinators.host proxyAddress4 proxyAddress6; "${globals.services.roundcube.subDomain}" = dns.lib.combinators.host proxyAddress4 proxyAddress6;
}; };
${webProxy}.services.nginx = confLib.genNginx { inherit serviceAddress servicePort serviceName extraConfigLoc; serviceDomain = roundcubeDomain; maxBody = 0; }; ${webProxy}.services.nginx = confLib.genNginx { inherit serviceAddress servicePort serviceName extraConfigLoc; serviceDomain = roundcubeDomain; protocol = "https"; maxBody = 0; };
${homeWebProxy}.services.nginx = lib.mkIf isHome (confLib.genNginx { inherit servicePort serviceName extraConfigLoc; serviceDomain = roundcubeDomain; maxBody = 0; extraConfig = nginxAccessRules; serviceAddress = homeServiceAddress; }); ${homeWebProxy}.services.nginx = lib.mkIf isHome (confLib.genNginx { inherit servicePort serviceName extraConfigLoc; serviceDomain = roundcubeDomain; protocol = "https"; maxBody = 0; extraConfig = nginxAccessRules; serviceAddress = homeServiceAddress; });
}; };
}; };
@ -20851,7 +20859,6 @@ This holds packages that I can use as provided, or with small modifications (as
picard-tools picard-tools
audacity audacity
sox sox
# stable.feishin # does not work with oauth2-proxy
calibre calibre
# printing # printing
@ -21522,6 +21529,10 @@ This section is for programs that require no further configuration. zsh Integrat
]; ];
}; };
}; };
home.sessionVariables = {
_ZO_EXCLUDE_DIRS = "$HOME:$HOME/.ansible/*:$HOME/test/*:/persist";
};
}; };
} }
#+end_src #+end_src
@ -25863,7 +25874,7 @@ This service changes the screen hue at night. I am not sure if that really does
reduceMotion = true; reduceMotion = true;
spacebarRatesCard = true; spacebarRatesCard = true;
# videoDriver = "opengl"; # videoDriver = "opengl";
sync = { profiles."User 1".sync = {
autoSync = false; # sync on profile close will delay system shutdown autoSync = false; # sync on profile close will delay system shutdown
syncMedia = true; syncMedia = true;
autoSyncMediaMinutes = 5; autoSyncMediaMinutes = 5;
@ -27333,7 +27344,10 @@ When setting up a new machine:
prometheus.cli prometheus.cli
tigervnc tigervnc
# openstackclient # openstackclient
step-cli
vscode-fhs vscode-fhs
copilot-cli
antigravity antigravity
@ -27457,7 +27471,7 @@ When setting up a new machine:
programs = programs =
let let
inherit (confLib.getConfig.repo.secrets.local.work) user1 user1Long user2 user2Long user3 user3Long user4 path1 loc1 loc2 site1 site2 site3 site4 site5 site6 site7 lifecycle1 lifecycle2 domain1 domain2 gitMail clouds; inherit (confLib.getConfig.repo.secrets.local.work) user1 user1Long user2 user2Long user3 user3Long user4 path1 loc1 loc2 site1 site2 site3 site4 site5 site6 site7 lifecycle1 lifecycle2 domain1 domain2 clouds;
in in
{ {
openstackclient = { openstackclient = {
@ -27478,7 +27492,8 @@ When setting up a new machine:
# }; # };
# }; # };
}; };
git.settings.user.email = lib.mkForce gitMail; # this is no longer needed since moving away from bitbucket
# git.settings.user.email = lib.mkForce gitMail;
zsh = { zsh = {
shellAliases = { shellAliases = {
@ -28274,17 +28289,20 @@ This is where the theme for the whole OS is defined. Originally, this noweb-ref
In short, the options defined here are passed to the modules systems using =_modules.args= - they can then be used by passing =vars= as an attribute in the input attribute set of a modules system file (=basically all files in this configuration) In short, the options defined here are passed to the modules systems using =_modules.args= - they can then be used by passing =vars= as an attribute in the input attribute set of a modules system file (=basically all files in this configuration)
#+begin_src nix-ts :noweb yes :tangle modules/shared/vars.nix #+begin_src nix-ts :noweb yes :tangle modules/shared/vars.nix
{ self, lib, pkgs, ... }: { self, pkgs, ... }:
{ {
_module.args = { _module.args = {
vars = rec { vars = rec {
waylandSessionVariables = { waylandSessionVariables = {
SDL_VIDEODRIVER = "wayland";
QT_WAYLAND_DISABLE_WINDOWDECORATION = "1";
QT_QPA_PLATFORM = "wayland-egl";
ANKI_WAYLAND = "1"; ANKI_WAYLAND = "1";
OBSIDIAN_USE_WAYLAND = "1";
MOZ_ENABLE_WAYLAND = "1"; MOZ_ENABLE_WAYLAND = "1";
MOZ_WEBRENDER = "1";
NIXOS_OZONE_WL = "1";
OBSIDIAN_USE_WAYLAND = "1";
QT_QPA_PLATFORM = "wayland-egl";
QT_WAYLAND_DISABLE_WINDOWDECORATION = "1";
SDL_VIDEODRIVER = "wayland";
_JAVA_AWT_WM_NONREPARENTING = "1";
}; };
waylandExports = waylandExports =
@ -28370,28 +28388,28 @@ In short, the options defined here are passed to the modules systems using =_mod
noscript noscript
# configure a shortcut 'ctrl+shift+c' with behaviour 'do nothing' in order to disable the dev console shortcut # configure a shortcut 'ctrl+shift+c' with behaviour 'do nothing' in order to disable the dev console shortcut
(buildFirefoxXpiAddon { # (buildFirefoxXpiAddon {
pname = "shortkeys"; # pname = "shortkeys";
version = "4.0.2"; # version = "4.0.2";
addonId = "Shortkeys@Shortkeys.com"; # addonId = "Shortkeys@Shortkeys.com";
url = "https://addons.mozilla.org/firefox/downloads/file/3673761/shortkeys-4.0.2.xpi"; # url = "https://addons.mozilla.org/firefox/downloads/file/3673761/shortkeys-4.0.2.xpi";
sha256 = "c6fe12efdd7a871787ac4526eea79ecc1acda8a99724aa2a2a55c88a9acf467c"; # sha256 = "c6fe12efdd7a871787ac4526eea79ecc1acda8a99724aa2a2a55c88a9acf467c";
meta = with lib; # meta = with lib;
{ # {
description = "Easily customizable custom keyboard shortcuts for Firefox. To configure this addon go to Addons (ctrl+shift+a) ->Shortkeys ->Options. Report issues here (please specify that the issue is found in Firefox): https://github.com/mikecrittenden/shortkeys"; # description = "Easily customizable custom keyboard shortcuts for Firefox. To configure this addon go to Addons (ctrl+shift+a) ->Shortkeys ->Options. Report issues here (please specify that the issue is found in Firefox): https://github.com/mikecrittenden/shortkeys";
mozPermissions = [ # mozPermissions = [
"tabs" # "tabs"
"downloads" # "downloads"
"clipboardWrite" # "clipboardWrite"
"browsingData" # "browsingData"
"storage" # "storage"
"bookmarks" # "bookmarks"
"sessions" # "sessions"
"<all_urls>" # "<all_urls>"
]; # ];
platforms = platforms.all; # platforms = platforms.all;
}; # };
}) # })
]; ];
}; };
@ -31136,8 +31154,8 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a
security = lib.mkDefault true; security = lib.mkDefault true;
sops = lib.mkDefault true; sops = lib.mkDefault true;
stylix = lib.mkDefault true; stylix = lib.mkDefault true;
sway = lib.mkDefault true; sway = lib.mkDefault false; # niri
swayosd = lib.mkDefault true; swayosd = lib.mkDefault false; # niri
syncthing = lib.mkDefault true; syncthing = lib.mkDefault true;
systemdTimeout = lib.mkDefault true; systemdTimeout = lib.mkDefault true;
time = lib.mkDefault true; time = lib.mkDefault true;
@ -31211,48 +31229,9 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a
{ {
options.swarselprofiles.hotel = lib.mkEnableOption "is this a hotel host"; options.swarselprofiles.hotel = lib.mkEnableOption "is this a hotel host";
config = lib.mkIf config.swarselprofiles.hotel { config = lib.mkIf config.swarselprofiles.hotel {
swarselprofiles.personal = true;
swarselmodules = { swarselmodules = {
packages = lib.mkForce true; yubikey = false;
general = lib.mkForce true;
home-manager = lib.mkForce true;
xserver = lib.mkForce true;
users = lib.mkForce true;
sops = lib.mkForce true;
env = lib.mkForce true;
security = lib.mkForce true;
systemdTimeout = lib.mkForce true;
hardware = lib.mkForce true;
pulseaudio = lib.mkForce true;
pipewire = lib.mkForce true;
network = lib.mkForce true;
time = lib.mkForce true;
stylix = lib.mkForce true;
programs = lib.mkForce true;
zsh = lib.mkForce true;
syncthing = lib.mkForce true;
blueman = lib.mkForce true;
networkDevices = lib.mkForce true;
gvfs = lib.mkForce true;
interceptionTools = lib.mkForce true;
swayosd = lib.mkForce true;
ppd = lib.mkForce true;
yubikey = lib.mkForce false;
ledger = lib.mkForce true;
keyboards = lib.mkForce true;
login = lib.mkForce true;
nix-ld = lib.mkForce true;
impermanence = lib.mkForce true;
nvd = lib.mkForce true;
gnome-keyring = lib.mkForce true;
sway = lib.mkForce true;
xdg-portal = lib.mkForce true;
distrobox = lib.mkForce true;
appimage = lib.mkForce true;
lid = lib.mkForce true;
lowBattery = lib.mkForce true;
lanzaboote = lib.mkForce true;
autologin = lib.mkForce true;
nftables = lib.mkDefault true;
}; };
}; };
@ -31393,8 +31372,8 @@ This holds modules that are to be used on most hosts. These are also the most im
anki-tray = lib.mkDefault true; anki-tray = lib.mkDefault true;
attic-store-push = lib.mkDefault true; attic-store-push = lib.mkDefault true;
atuin = lib.mkDefault true; atuin = lib.mkDefault true;
autotiling = lib.mkDefault true; autotiling = lib.mkDefault false; # niri
batsignal = lib.mkDefault true; batsignal = lib.mkDefault false; # niri
blueman-applet = lib.mkDefault true; blueman-applet = lib.mkDefault true;
desktop = lib.mkDefault true; desktop = lib.mkDefault true;
direnv = lib.mkDefault true; direnv = lib.mkDefault true;
@ -31406,17 +31385,18 @@ This holds modules that are to be used on most hosts. These are also the most im
firefox = lib.mkDefault true; firefox = lib.mkDefault true;
firezone-tray = lib.mkDefault true; firezone-tray = lib.mkDefault true;
fuzzel = lib.mkDefault true; fuzzel = lib.mkDefault true;
gammastep = lib.mkDefault true; gammastep = lib.mkDefault false; # niri
general = lib.mkDefault true; general = lib.mkDefault true;
git = lib.mkDefault true; git = lib.mkDefault true;
gnome-keyring = lib.mkDefault true; gnome-keyring = lib.mkDefault true;
gpgagent = lib.mkDefault true; gpgagent = lib.mkDefault true;
hexchat = lib.mkDefault true; hexchat = lib.mkDefault true;
kanshi = lib.mkDefault true; kanshi = lib.mkDefault false; # niri
kdeconnect = lib.mkDefault true; kdeconnect = lib.mkDefault true;
kitty = lib.mkDefault true; kitty = lib.mkDefault true;
khal = lib.mkDefault true;
mail = lib.mkDefault true; mail = lib.mkDefault true;
mako = lib.mkDefault true; mako = lib.mkDefault false; # niri
nix-index = lib.mkDefault true; nix-index = lib.mkDefault true;
nixgl = lib.mkDefault true; nixgl = lib.mkDefault true;
nix-your-shell = lib.mkDefault true; nix-your-shell = lib.mkDefault true;
@ -31435,9 +31415,9 @@ This holds modules that are to be used on most hosts. These are also the most im
ssh = lib.mkDefault true; ssh = lib.mkDefault true;
starship = lib.mkDefault true; starship = lib.mkDefault true;
stylix = lib.mkDefault true; stylix = lib.mkDefault true;
sway = lib.mkDefault true; sway = lib.mkDefault false; # niri
swayidle = lib.mkDefault true; swayidle = lib.mkDefault true;
swaylock = lib.mkDefault true; swaylock = lib.mkDefault false; # niri
swayosd = lib.mkDefault true; swayosd = lib.mkDefault true;
symlink = lib.mkDefault true; symlink = lib.mkDefault true;
tmux = lib.mkDefault true; tmux = lib.mkDefault true;
@ -31529,41 +31509,15 @@ This holds modules that are to be used on most hosts. These are also the most im
{ {
options.swarselprofiles.hotel = lib.mkEnableOption "is this a hotel host"; options.swarselprofiles.hotel = lib.mkEnableOption "is this a hotel host";
config = lib.mkIf config.swarselprofiles.hotel { config = lib.mkIf config.swarselprofiles.hotel {
swarselprofiles.personal = true;
swarselmodules = { swarselmodules = {
packages = lib.mkForce true;
ownpackages = lib.mkForce true;
general = lib.mkForce true;
nixgl = lib.mkForce true;
sops = lib.mkForce true;
yubikey = lib.mkForce false; yubikey = lib.mkForce false;
ssh = lib.mkForce true; ssh = lib.mkForce false;
stylix = lib.mkForce true;
desktop = lib.mkForce true;
symlink = lib.mkForce true;
env = lib.mkForce false; env = lib.mkForce false;
programs = lib.mkForce true;
nix-index = lib.mkForce true;
direnv = lib.mkForce true;
eza = lib.mkForce true;
git = lib.mkForce false; git = lib.mkForce false;
fuzzel = lib.mkForce true;
starship = lib.mkForce true;
kitty = lib.mkForce true;
zsh = lib.mkForce true;
zellij = lib.mkForce true;
tmux = lib.mkForce true;
mail = lib.mkForce false; mail = lib.mkForce false;
emacs = lib.mkForce true; emacs = lib.mkForce false;
waybar = lib.mkForce true; obsidian = lib.mkForce false;
firefox = lib.mkForce true;
gnome-keyring = lib.mkForce true;
kdeconnect = lib.mkForce true;
mako = lib.mkForce true;
swayosd = lib.mkForce true;
yubikeytouch = lib.mkForce true;
sway = lib.mkForce true;
kanshi = lib.mkForce true;
gpgagent = lib.mkForce true;
gammastep = lib.mkForce false; gammastep = lib.mkForce false;
}; };
}; };

1363
flake.lock generated
View file

File diff suppressed because it is too large Load diff

8
flake.nix
View file

@ -28,7 +28,9 @@
smallpkgs.url = "github:nixos/nixpkgs/08fcb0dcb59df0344652b38ea6326a2d8271baff?narHash=sha256-HXIQzULIG/MEUW2Q/Ss47oE3QrjxvpUX7gUl4Xp6lnc%3D&shallow=1"; smallpkgs.url = "github:nixos/nixpkgs/08fcb0dcb59df0344652b38ea6326a2d8271baff?narHash=sha256-HXIQzULIG/MEUW2Q/Ss47oE3QrjxvpUX7gUl4Xp6lnc%3D&shallow=1";
nixpkgs-dev.url = "github:Swarsel/nixpkgs/main"; nixpkgs-dev.url = "github:Swarsel/nixpkgs/main";
nixpkgs-bisect.url = "github:nixos/nixpkgs/master"; nixpkgs-bisect.url = "github:nixos/nixpkgs/master";
nixpkgs-kernel.url = "github:NixOS/nixpkgs/063f43f2dbdef86376cc29ad646c45c46e93234c?narHash=sha256-6m1Y3/4pVw1RWTsrkAK2VMYSzG4MMIj7sqUy7o8th1o%3D"; #specifically pinned for kernel version nixpkgs-update.url = "github:r-ryantm/nixpkgs/auto-update/oauth2-proxy";
# nixpkgs-kernel.url = "github:NixOS/nixpkgs/063f43f2dbdef86376cc29ad646c45c46e93234c?narHash=sha256-6m1Y3/4pVw1RWTsrkAK2VMYSzG4MMIj7sqUy7o8th1o%3D"; #specifically pinned for kernel version
nixpkgs-kernel.url = "github:nixos/nixpkgs/dd9b079222d43e1943b6ebd802f04fd959dc8e61?narHash=sha256-I45esRSssFtJ8p/gLHUZ1OUaaTaVLluNkABkk6arQwE%3D"; #specifically pinned for kernel version
nixpkgs-stable.url = "github:NixOS/nixpkgs/nixos-25.11"; nixpkgs-stable.url = "github:NixOS/nixpkgs/nixos-25.11";
nixpkgs-oddlama.url = "github:oddlama/nixpkgs/update/firezone-server"; nixpkgs-oddlama.url = "github:oddlama/nixpkgs/update/firezone-server";
nixpkgs-stable24_05.url = "github:NixOS/nixpkgs/nixos-24.05"; nixpkgs-stable24_05.url = "github:NixOS/nixpkgs/nixos-24.05";
@ -70,7 +72,8 @@
systems.url = "github:nix-systems/default"; systems.url = "github:nix-systems/default";
nur.url = "github:nix-community/NUR"; nur.url = "github:nix-community/NUR";
nixgl.url = "github:guibou/nixGL"; nixgl.url = "github:guibou/nixGL";
stylix.url = "github:danth/stylix"; # stylix.url = "github:danth/stylix";
stylix.url = "github:Swarsel/stylix";
sops.url = "github:Mic92/sops-nix"; sops.url = "github:Mic92/sops-nix";
lanzaboote.url = "github:nix-community/lanzaboote"; lanzaboote.url = "github:nix-community/lanzaboote";
nix-on-droid.url = "github:nix-community/nix-on-droid/release-24.05"; nix-on-droid.url = "github:nix-community/nix-on-droid/release-24.05";
@ -87,6 +90,7 @@
flake-parts.url = "github:hercules-ci/flake-parts"; flake-parts.url = "github:hercules-ci/flake-parts";
devshell.url = "github:numtide/devshell"; devshell.url = "github:numtide/devshell";
spicetify-nix.url = "github:Gerg-l/spicetify-nix"; spicetify-nix.url = "github:Gerg-l/spicetify-nix";
# spicetify-nix.url = "github:Swarsel/spicetify-nix";
niri-flake.url = "github:sodiboo/niri-flake"; niri-flake.url = "github:sodiboo/niri-flake";
nixos-extra-modules.url = "github:oddlama/nixos-extra-modules/main"; nixos-extra-modules.url = "github:oddlama/nixos-extra-modules/main";
microvm.url = "github:astro/microvm.nix"; microvm.url = "github:astro/microvm.nix";

3
hosts/nixos/x86_64-linux/pyramid/hardware-configuration.nix
View file

@ -22,7 +22,8 @@
# ''; # '';
boot = { boot = {
kernelPackages = lib.mkDefault pkgs.kernel.linuxPackages; # kernelPackages = lib.mkDefault pkgs.kernel.linuxPackages;
kernelPackages = lib.mkDefault pkgs.kernel.linuxPackages_latest;
# kernelPackages = lib.mkDefault pkgs.linuxPackages_latest; # kernelPackages = lib.mkDefault pkgs.linuxPackages_latest;
binfmt.emulatedSystems = [ "aarch64-linux" ]; binfmt.emulatedSystems = [ "aarch64-linux" ];
initrd = { initrd = {

2
modules/home/common/anki.nix
View file

@ -18,7 +18,7 @@ in
reduceMotion = true; reduceMotion = true;
spacebarRatesCard = true; spacebarRatesCard = true;
# videoDriver = "opengl"; # videoDriver = "opengl";
sync = { profiles."User 1".sync = {
autoSync = false; # sync on profile close will delay system shutdown autoSync = false; # sync on profile close will delay system shutdown
syncMedia = true; syncMedia = true;
autoSyncMediaMinutes = 5; autoSyncMediaMinutes = 5;

4
modules/home/common/programs.nix
View file

@ -87,5 +87,9 @@
]; ];
}; };
}; };
home.sessionVariables = {
_ZO_EXCLUDE_DIRS = "$HOME:$HOME/.ansible/*:$HOME/test/*:/persist";
};
}; };
} }

8
modules/home/optional/work.nix
View file

@ -21,7 +21,10 @@ in
prometheus.cli prometheus.cli
tigervnc tigervnc
# openstackclient # openstackclient
step-cli
vscode-fhs vscode-fhs
copilot-cli
antigravity antigravity
@ -145,7 +148,7 @@ in
programs = programs =
let let
inherit (confLib.getConfig.repo.secrets.local.work) user1 user1Long user2 user2Long user3 user3Long user4 path1 loc1 loc2 site1 site2 site3 site4 site5 site6 site7 lifecycle1 lifecycle2 domain1 domain2 gitMail clouds; inherit (confLib.getConfig.repo.secrets.local.work) user1 user1Long user2 user2Long user3 user3Long user4 path1 loc1 loc2 site1 site2 site3 site4 site5 site6 site7 lifecycle1 lifecycle2 domain1 domain2 clouds;
in in
{ {
openstackclient = { openstackclient = {
@ -166,7 +169,8 @@ in
# }; # };
# }; # };
}; };
git.settings.user.email = lib.mkForce gitMail; # this is no longer needed since moving away from bitbucket
# git.settings.user.email = lib.mkForce gitMail;
zsh = { zsh = {
shellAliases = { shellAliases = {

40
modules/nixos/client/nix-ld.nix
View file

@ -86,26 +86,26 @@
systemd systemd
tbb tbb
vulkan-loader vulkan-loader
xorg.libICE libice
xorg.libSM libsm
xorg.libX11 libx11
xorg.libXScrnSaver libxscrnsaver
xorg.libXcomposite libxcomposite
xorg.libXcursor libxcursor
xorg.libXdamage libxdamage
xorg.libXext libxext
xorg.libXfixes libxfixes
xorg.libXft libxft
xorg.libXi libxi
xorg.libXinerama libxinerama
xorg.libXmu libxmu
xorg.libXrandr libxrandr
xorg.libXrender libxrender
xorg.libXt libxt
xorg.libXtst libxtst
xorg.libXxf86vm libxxf86vm
xorg.libxcb libxcb
xorg.libxshmfence libxshmfence
zlib zlib
]; ];
}; };

1
modules/nixos/client/packages.nix
View file

@ -16,6 +16,7 @@
pcsc-tools pcsc-tools
pcscliteWithPolkit.out pcscliteWithPolkit.out
# ledger packages # ledger packages
ledger-live-desktop ledger-live-desktop

2
modules/nixos/common/home-manager-secrets.nix
View file

@ -29,6 +29,8 @@ in
github-forge-token = { owner = mainUser; }; github-forge-token = { owner = mainUser; };
}) // (lib.optionalAttrs (modules ? optional-work) { }) // (lib.optionalAttrs (modules ? optional-work) {
harica-root-ca = { sopsFile = certsSopsFile; path = "${homeDir}/.aws/certs/harica-root.pem"; owner = mainUser; }; harica-root-ca = { sopsFile = certsSopsFile; path = "${homeDir}/.aws/certs/harica-root.pem"; owner = mainUser; };
}) // (lib.optionalAttrs (modules ? optional-noctalia) {
radicale-token = { owner = mainUser; };
}) // (lib.optionalAttrs modules.anki { }) // (lib.optionalAttrs modules.anki {
anki-user = { owner = mainUser; }; anki-user = { owner = mainUser; };
anki-pw = { owner = mainUser; }; anki-pw = { owner = mainUser; };

16
modules/nixos/server/kanidm.nix
View file

@ -205,9 +205,10 @@ in
services = { services = {
${serviceName} = { ${serviceName} = {
package = pkgs.kanidmWithSecretProvisioning_1_8; package = pkgs.kanidmWithSecretProvisioning_1_9;
enableServer = true; server = {
serverSettings = { enable = true;
settings = {
domain = serviceDomain; domain = serviceDomain;
origin = "https://${serviceDomain}"; origin = "https://${serviceDomain}";
# tls_chain = config.sops.secrets.kanidm-self-signed-crt.path; # tls_chain = config.sops.secrets.kanidm-self-signed-crt.path;
@ -217,12 +218,15 @@ in
bindaddress = "0.0.0.0:${toString servicePort}"; bindaddress = "0.0.0.0:${toString servicePort}";
# trust_x_forward_for = true; # trust_x_forward_for = true;
}; };
enableClient = true; };
clientSettings = { client = {
uri = config.services.kanidm.serverSettings.origin; enable = true;
settings = {
uri = config.services.kanidm.server.settings.origin;
verify_ca = true; verify_ca = true;
verify_hostnames = true; verify_hostnames = true;
}; };
};
provision = { provision = {
enable = true; enable = true;
adminPasswordFile = config.sops.secrets.kanidm-admin-pw.path; adminPasswordFile = config.sops.secrets.kanidm-admin-pw.path;

5
modules/nixos/server/kavita.nix
View file

@ -1,4 +1,4 @@
{ self, lib, config, pkgs, globals, dns, confLib, ... }: { lib, config, globals, dns, confLib, ... }:
let let
inherit (config.swarselsystems) sopsFile; inherit (config.swarselsystems) sopsFile;
@ -8,9 +8,6 @@ in
{ {
options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
config = lib.mkIf config.swarselmodules.server.${serviceName} { config = lib.mkIf config.swarselmodules.server.${serviceName} {
environment.systemPackages = with pkgs; [
calibre
];
users = { users = {
persistentIds.kavita = confLib.mkIds 995; persistentIds.kavita = confLib.mkIds 995;

8
modules/nixos/server/mailserver.nix
View file

@ -1,7 +1,7 @@
{ self, lib, config, globals, dns, confLib, ... }: { self, lib, config, globals, dns, confLib, ... }:
let let
inherit (config.swarselsystems) sopsFile; inherit (config.swarselsystems) sopsFile;
inherit (confLib.gen { name = "mailserver"; dir = "/var/lib/dovecot"; user = "virtualMail"; group = "virtualMail"; port = 80; }) serviceName serviceDir servicePort serviceUser serviceGroup serviceAddress serviceDomain proxyAddress4 proxyAddress6; inherit (confLib.gen { name = "mailserver"; dir = "/var/lib/dovecot"; user = "virtualMail"; group = "virtualMail"; port = 443; }) serviceName serviceDir servicePort serviceUser serviceGroup serviceAddress serviceDomain proxyAddress4 proxyAddress6;
inherit (confLib.static) isHome webProxy homeWebProxy dnsServer homeServiceAddress nginxAccessRules; inherit (confLib.static) isHome webProxy homeWebProxy dnsServer homeServiceAddress nginxAccessRules;
inherit (config.repo.secrets.local.mailserver) user1 alias1_1 alias1_2 alias1_3 alias1_4 user2 alias2_1 alias2_2 alias2_3 user3; inherit (config.repo.secrets.local.mailserver) user1 alias1_1 alias1_2 alias1_3 alias1_4 user2 alias2_1 alias2_2 alias2_3 user3;
baseDomain = globals.domains.main; baseDomain = globals.domains.main;
@ -127,7 +127,7 @@ in
}; };
# the rest of the ports are managed by snm # the rest of the ports are managed by snm
networking.firewall.allowedTCPPorts = [ 80 servicePort ]; networking.firewall.allowedTCPPorts = [ 80 443 ];
services.nginx = { services.nginx = {
virtualHosts = { virtualHosts = {
@ -158,8 +158,8 @@ in
"${globals.services.${serviceName}.subDomain}" = dns.lib.combinators.host endpointAddress4 endpointAddress6; "${globals.services.${serviceName}.subDomain}" = dns.lib.combinators.host endpointAddress4 endpointAddress6;
"${globals.services.roundcube.subDomain}" = dns.lib.combinators.host proxyAddress4 proxyAddress6; "${globals.services.roundcube.subDomain}" = dns.lib.combinators.host proxyAddress4 proxyAddress6;
}; };
${webProxy}.services.nginx = confLib.genNginx { inherit serviceAddress servicePort serviceName extraConfigLoc; serviceDomain = roundcubeDomain; maxBody = 0; }; ${webProxy}.services.nginx = confLib.genNginx { inherit serviceAddress servicePort serviceName extraConfigLoc; serviceDomain = roundcubeDomain; protocol = "https"; maxBody = 0; };
${homeWebProxy}.services.nginx = lib.mkIf isHome (confLib.genNginx { inherit servicePort serviceName extraConfigLoc; serviceDomain = roundcubeDomain; maxBody = 0; extraConfig = nginxAccessRules; serviceAddress = homeServiceAddress; }); ${homeWebProxy}.services.nginx = lib.mkIf isHome (confLib.genNginx { inherit servicePort serviceName extraConfigLoc; serviceDomain = roundcubeDomain; protocol = "https"; maxBody = 0; extraConfig = nginxAccessRules; serviceAddress = homeServiceAddress; });
}; };
}; };

4
modules/nixos/server/monitoring.nix
View file

@ -124,7 +124,9 @@ in
analytics.reporting_enabled = false; analytics.reporting_enabled = false;
users.allow_sign_up = false; users.allow_sign_up = false;
security = { security = {
admin_password = "$__file{/run/secrets/grafana-admin-pw}"; # admin_password = "$__file{/run/secrets/grafana-admin-pw}";
disable_initial_admin_creation = true;
secret_key = "$__file{${config.sops.secrets.grafana-admin-pw.path}}";
cookie_secure = true; cookie_secure = true;
disable_gravatar = true; disable_gravatar = true;
}; };

1
modules/nixos/server/navidrome.nix
View file

@ -82,7 +82,6 @@ in
services.${serviceName} = { services.${serviceName} = {
enable = true; enable = true;
# openFirewall = true;
settings = { settings = {
LogLevel = "debug"; LogLevel = "debug";
Address = "0.0.0.0"; Address = "0.0.0.0";

2
modules/nixos/server/nextcloud.nix
View file

@ -5,7 +5,7 @@ let
inherit (confLib.gen { name = "nextcloud"; port = 80; }) servicePort serviceName serviceUser serviceGroup serviceDomain serviceAddress proxyAddress4 proxyAddress6; inherit (confLib.gen { name = "nextcloud"; port = 80; }) servicePort serviceName serviceUser serviceGroup serviceDomain serviceAddress proxyAddress4 proxyAddress6;
inherit (confLib.static) isHome dnsServer webProxy homeWebProxy homeServiceAddress nginxAccessRules; inherit (confLib.static) isHome dnsServer webProxy homeWebProxy homeServiceAddress nginxAccessRules;
nextcloudVersion = "32"; nextcloudVersion = "33";
in in
{ {
options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";

1
modules/nixos/server/paperless.nix
View file

@ -104,6 +104,7 @@ in
gotenberg = { gotenberg = {
enable = true; enable = true;
package = pkgs.gotenberg; package = pkgs.gotenberg;
libreoffice.package = pkgs.libreoffice;
port = gotenbergPort; port = gotenbergPort;
bindIP = "127.0.0.1"; bindIP = "127.0.0.1";
timeout = "600s"; timeout = "600s";

57
modules/shared/vars.nix
View file

@ -1,14 +1,17 @@
{ self, lib, pkgs, ... }: { self, pkgs, ... }:
{ {
_module.args = { _module.args = {
vars = rec { vars = rec {
waylandSessionVariables = { waylandSessionVariables = {
SDL_VIDEODRIVER = "wayland";
QT_WAYLAND_DISABLE_WINDOWDECORATION = "1";
QT_QPA_PLATFORM = "wayland-egl";
ANKI_WAYLAND = "1"; ANKI_WAYLAND = "1";
OBSIDIAN_USE_WAYLAND = "1";
MOZ_ENABLE_WAYLAND = "1"; MOZ_ENABLE_WAYLAND = "1";
MOZ_WEBRENDER = "1";
NIXOS_OZONE_WL = "1";
OBSIDIAN_USE_WAYLAND = "1";
QT_QPA_PLATFORM = "wayland-egl";
QT_WAYLAND_DISABLE_WINDOWDECORATION = "1";
SDL_VIDEODRIVER = "wayland";
_JAVA_AWT_WM_NONREPARENTING = "1";
}; };
waylandExports = waylandExports =
@ -94,28 +97,28 @@
noscript noscript
# configure a shortcut 'ctrl+shift+c' with behaviour 'do nothing' in order to disable the dev console shortcut # configure a shortcut 'ctrl+shift+c' with behaviour 'do nothing' in order to disable the dev console shortcut
(buildFirefoxXpiAddon { # (buildFirefoxXpiAddon {
pname = "shortkeys"; # pname = "shortkeys";
version = "4.0.2"; # version = "4.0.2";
addonId = "Shortkeys@Shortkeys.com"; # addonId = "Shortkeys@Shortkeys.com";
url = "https://addons.mozilla.org/firefox/downloads/file/3673761/shortkeys-4.0.2.xpi"; # url = "https://addons.mozilla.org/firefox/downloads/file/3673761/shortkeys-4.0.2.xpi";
sha256 = "c6fe12efdd7a871787ac4526eea79ecc1acda8a99724aa2a2a55c88a9acf467c"; # sha256 = "c6fe12efdd7a871787ac4526eea79ecc1acda8a99724aa2a2a55c88a9acf467c";
meta = with lib; # meta = with lib;
{ # {
description = "Easily customizable custom keyboard shortcuts for Firefox. To configure this addon go to Addons (ctrl+shift+a) ->Shortkeys ->Options. Report issues here (please specify that the issue is found in Firefox): https://github.com/mikecrittenden/shortkeys"; # description = "Easily customizable custom keyboard shortcuts for Firefox. To configure this addon go to Addons (ctrl+shift+a) ->Shortkeys ->Options. Report issues here (please specify that the issue is found in Firefox): https://github.com/mikecrittenden/shortkeys";
mozPermissions = [ # mozPermissions = [
"tabs" # "tabs"
"downloads" # "downloads"
"clipboardWrite" # "clipboardWrite"
"browsingData" # "browsingData"
"storage" # "storage"
"bookmarks" # "bookmarks"
"sessions" # "sessions"
"<all_urls>" # "<all_urls>"
]; # ];
platforms = platforms.all; # platforms = platforms.all;
}; # };
}) # })
]; ];
}; };

2
nix/iso.nix
View file

@ -5,7 +5,7 @@
packages = { packages = {
# nix build --print-out-paths --no-link .#live-iso # nix build --print-out-paths --no-link .#live-iso
live-iso = inputs.nixos-generators.nixosGenerate { live-iso = inputs.nixos-generators.nixosGenerate {
inherit pkgs; inherit pkgs system;
specialArgs = { inherit self; }; specialArgs = { inherit self; };
modules = [ modules = [
inputs.home-manager.nixosModules.home-manager inputs.home-manager.nixosModules.home-manager

34
profiles/home/hotel/default.nix
View file

@ -2,41 +2,15 @@
{ {
options.swarselprofiles.hotel = lib.mkEnableOption "is this a hotel host"; options.swarselprofiles.hotel = lib.mkEnableOption "is this a hotel host";
config = lib.mkIf config.swarselprofiles.hotel { config = lib.mkIf config.swarselprofiles.hotel {
swarselprofiles.personal = true;
swarselmodules = { swarselmodules = {
packages = lib.mkForce true;
ownpackages = lib.mkForce true;
general = lib.mkForce true;
nixgl = lib.mkForce true;
sops = lib.mkForce true;
yubikey = lib.mkForce false; yubikey = lib.mkForce false;
ssh = lib.mkForce true; ssh = lib.mkForce false;
stylix = lib.mkForce true;
desktop = lib.mkForce true;
symlink = lib.mkForce true;
env = lib.mkForce false; env = lib.mkForce false;
programs = lib.mkForce true;
nix-index = lib.mkForce true;
direnv = lib.mkForce true;
eza = lib.mkForce true;
git = lib.mkForce false; git = lib.mkForce false;
fuzzel = lib.mkForce true;
starship = lib.mkForce true;
kitty = lib.mkForce true;
zsh = lib.mkForce true;
zellij = lib.mkForce true;
tmux = lib.mkForce true;
mail = lib.mkForce false; mail = lib.mkForce false;
emacs = lib.mkForce true; emacs = lib.mkForce false;
waybar = lib.mkForce true; obsidian = lib.mkForce false;
firefox = lib.mkForce true;
gnome-keyring = lib.mkForce true;
kdeconnect = lib.mkForce true;
mako = lib.mkForce true;
swayosd = lib.mkForce true;
yubikeytouch = lib.mkForce true;
sway = lib.mkForce true;
kanshi = lib.mkForce true;
gpgagent = lib.mkForce true;
gammastep = lib.mkForce false; gammastep = lib.mkForce false;
}; };
}; };

15
profiles/home/personal/default.nix
View file

@ -7,8 +7,8 @@
anki-tray = lib.mkDefault true; anki-tray = lib.mkDefault true;
attic-store-push = lib.mkDefault true; attic-store-push = lib.mkDefault true;
atuin = lib.mkDefault true; atuin = lib.mkDefault true;
autotiling = lib.mkDefault true; autotiling = lib.mkDefault false; # niri
batsignal = lib.mkDefault true; batsignal = lib.mkDefault false; # niri
blueman-applet = lib.mkDefault true; blueman-applet = lib.mkDefault true;
desktop = lib.mkDefault true; desktop = lib.mkDefault true;
direnv = lib.mkDefault true; direnv = lib.mkDefault true;
@ -20,17 +20,18 @@
firefox = lib.mkDefault true; firefox = lib.mkDefault true;
firezone-tray = lib.mkDefault true; firezone-tray = lib.mkDefault true;
fuzzel = lib.mkDefault true; fuzzel = lib.mkDefault true;
gammastep = lib.mkDefault true; gammastep = lib.mkDefault false; # niri
general = lib.mkDefault true; general = lib.mkDefault true;
git = lib.mkDefault true; git = lib.mkDefault true;
gnome-keyring = lib.mkDefault true; gnome-keyring = lib.mkDefault true;
gpgagent = lib.mkDefault true; gpgagent = lib.mkDefault true;
hexchat = lib.mkDefault true; hexchat = lib.mkDefault true;
kanshi = lib.mkDefault true; kanshi = lib.mkDefault false; # niri
kdeconnect = lib.mkDefault true; kdeconnect = lib.mkDefault true;
kitty = lib.mkDefault true; kitty = lib.mkDefault true;
khal = lib.mkDefault true;
mail = lib.mkDefault true; mail = lib.mkDefault true;
mako = lib.mkDefault true; mako = lib.mkDefault false; # niri
nix-index = lib.mkDefault true; nix-index = lib.mkDefault true;
nixgl = lib.mkDefault true; nixgl = lib.mkDefault true;
nix-your-shell = lib.mkDefault true; nix-your-shell = lib.mkDefault true;
@ -49,9 +50,9 @@
ssh = lib.mkDefault true; ssh = lib.mkDefault true;
starship = lib.mkDefault true; starship = lib.mkDefault true;
stylix = lib.mkDefault true; stylix = lib.mkDefault true;
sway = lib.mkDefault true; sway = lib.mkDefault false; # niri
swayidle = lib.mkDefault true; swayidle = lib.mkDefault true;
swaylock = lib.mkDefault true; swaylock = lib.mkDefault false; # niri
swayosd = lib.mkDefault true; swayosd = lib.mkDefault true;
symlink = lib.mkDefault true; symlink = lib.mkDefault true;
tmux = lib.mkDefault true; tmux = lib.mkDefault true;

43
profiles/nixos/hotel/default.nix
View file

@ -2,48 +2,9 @@
{ {
options.swarselprofiles.hotel = lib.mkEnableOption "is this a hotel host"; options.swarselprofiles.hotel = lib.mkEnableOption "is this a hotel host";
config = lib.mkIf config.swarselprofiles.hotel { config = lib.mkIf config.swarselprofiles.hotel {
swarselprofiles.personal = true;
swarselmodules = { swarselmodules = {
packages = lib.mkForce true; yubikey = false;
general = lib.mkForce true;
home-manager = lib.mkForce true;
xserver = lib.mkForce true;
users = lib.mkForce true;
sops = lib.mkForce true;
env = lib.mkForce true;
security = lib.mkForce true;
systemdTimeout = lib.mkForce true;
hardware = lib.mkForce true;
pulseaudio = lib.mkForce true;
pipewire = lib.mkForce true;
network = lib.mkForce true;
time = lib.mkForce true;
stylix = lib.mkForce true;
programs = lib.mkForce true;
zsh = lib.mkForce true;
syncthing = lib.mkForce true;
blueman = lib.mkForce true;
networkDevices = lib.mkForce true;
gvfs = lib.mkForce true;
interceptionTools = lib.mkForce true;
swayosd = lib.mkForce true;
ppd = lib.mkForce true;
yubikey = lib.mkForce false;
ledger = lib.mkForce true;
keyboards = lib.mkForce true;
login = lib.mkForce true;
nix-ld = lib.mkForce true;
impermanence = lib.mkForce true;
nvd = lib.mkForce true;
gnome-keyring = lib.mkForce true;
sway = lib.mkForce true;
xdg-portal = lib.mkForce true;
distrobox = lib.mkForce true;
appimage = lib.mkForce true;
lid = lib.mkForce true;
lowBattery = lib.mkForce true;
lanzaboote = lib.mkForce true;
autologin = lib.mkForce true;
nftables = lib.mkDefault true;
}; };
}; };

4
profiles/nixos/personal/default.nix
View file

@ -41,8 +41,8 @@
security = lib.mkDefault true; security = lib.mkDefault true;
sops = lib.mkDefault true; sops = lib.mkDefault true;
stylix = lib.mkDefault true; stylix = lib.mkDefault true;
sway = lib.mkDefault true; sway = lib.mkDefault false; # niri
swayosd = lib.mkDefault true; swayosd = lib.mkDefault false; # niri
syncthing = lib.mkDefault true; syncthing = lib.mkDefault true;
systemdTimeout = lib.mkDefault true; systemdTimeout = lib.mkDefault true;
time = lib.mkDefault true; time = lib.mkDefault true;

8
secrets/repo/common.yaml
View file

@ -31,6 +31,8 @@ github-nixpkgs-review-token: ENC[AES256_GCM,data:/4ssZAEwEc9fZeR69GCvLMm4eRv4uab
#ENC[AES256_GCM,data:PI5MX6PgK1y0lqyoYA0=,iv:25UAvFaANHFD04GRafGlCzOc5h+15YPtSES2z2tmpXw=,tag:+XLwQ01+AtGWjtsSQhQ1AQ==,type:comment] #ENC[AES256_GCM,data:PI5MX6PgK1y0lqyoYA0=,iv:25UAvFaANHFD04GRafGlCzOc5h+15YPtSES2z2tmpXw=,tag:+XLwQ01+AtGWjtsSQhQ1AQ==,type:comment]
anki-user: ENC[AES256_GCM,data:WoGaNDAHFw==,iv:ZSjHfKMIjlgOuvGl7hVxJc1fE80nfxxXYLgsKangBCs=,tag:UP8ZI7gzOrJJjNDHovIkyg==,type:str] anki-user: ENC[AES256_GCM,data:WoGaNDAHFw==,iv:ZSjHfKMIjlgOuvGl7hVxJc1fE80nfxxXYLgsKangBCs=,tag:UP8ZI7gzOrJJjNDHovIkyg==,type:str]
anki-pw: ENC[AES256_GCM,data:z2SCsSvZIqN2/2VK1EdmcAnl42x5A15PAiK932k3n50Vj1jczGRoSw==,iv:keQCutY4vizVzu5YzPBJLgDLveYDb2VGeEnYmO7CeQw=,tag:KGplFfC5xktNAOTbIlt+Tg==,type:str] anki-pw: ENC[AES256_GCM,data:z2SCsSvZIqN2/2VK1EdmcAnl42x5A15PAiK932k3n50Vj1jczGRoSw==,iv:keQCutY4vizVzu5YzPBJLgDLveYDb2VGeEnYmO7CeQw=,tag:KGplFfC5xktNAOTbIlt+Tg==,type:str]
#ENC[AES256_GCM,data:mjwlHRe0Rx9p83eK/LGR,iv:KclQ4xwJMH5HJ9AcmglOCvFIBP6WyEJLyencUdDpzt0=,tag:nRhwhIRPUNmhSZM7ZzUfFA==,type:comment]
radicale-token: ENC[AES256_GCM,data:WEL8Z3gOs/7MAQQ=,iv:osgMVisr/03I+IHI+3jLIn8p5dnZwyja3lQUi+wcH5g=,tag:F1yzI0rZS4sON6T9TuuG9A==,type:str]
#ENC[AES256_GCM,data:veUC1sj6BSqHBA==,iv:L36lv9aQ38/WEaIccQDgOw2PB9U9k/t8x00wIw2Y858=,tag:3s2LBCwGzYpUk8WBj70UGQ==,type:comment] #ENC[AES256_GCM,data:veUC1sj6BSqHBA==,iv:L36lv9aQ38/WEaIccQDgOw2PB9U9k/t8x00wIw2Y858=,tag:3s2LBCwGzYpUk8WBj70UGQ==,type:comment]
attic-cache-key: ENC[AES256_GCM,data:2Xw8YX6wiQg2yb2pbZ/UowmzUdhtb2iRTVZZD2ypGaiwhI3mteG3qUgQm1oCz0bp+5jip6+kVzt576qVbUGim/m+dUZYU6mqm64/78bfuTvd/UBlJnmjNtWE2ILjnP+M4EodzbYlBlxwGhFS28wrVOHo77rzbcrPJEwZiqIzSgGIWKdNzzo5AXL2b1lKAngXO6Bi5Jc9W4lkTVFJ/Ixh6aOoHpq9TzsHHx2Aak22969pnxmFFpXKof4eiNGnoGBZDAr8pC7oSwVqDYbZwxH1ulRq863KVQkve+HBR2JJLAQjYHHUJJGhJG9jWYT03WjBNHwIDMTTvC9Fiw9Cr0TG0B8Bxwm3dhgLirjUyLOiST2CbDxxld1M8DJFkBwrih6hMJXmJw8Dlqy/D+3EZXT947BI8ythYjuL3jIHHQhUjfEf+sLdqPSngHolAAKqKE84Xv2FDn2wXGwe8UY3NMmIeaWYZsyDu77KnQR2R+6TuJTOw6vOdDoUJ55YRPdb9UR186b+TiSrP0SZOujoSYGs9dattEvN3XKlm3cQztB9UygmdEk/stDZ/CJIRUNXsu46o1nR5FWPkgoW91Fzxs00QgQMpYlnXM2CWknYMSHL45t0BYA7yuFwq9MYNUK/vrdCr3mtHxA6R28HajDUWoZA6uS+DF/i1nF79sYfam7SdKNCqu2r/1CGLblHQwKT27HmrTCXdjeLqe+Yv7sJzlEbV+sKD+ccW8jI4NZRjCbVJVKydK23YWj94NEt/M2rtxzV30XKw8GClqsdEF+v4nu48oB894RPZCy9qQjaFHnqYpiqSa0oXluiQQmRfA0jtQLRTXN5ri7U/GtfH1za179MFWwMorRMK6qdTt3pi8Fie4UgzGyGq6CugN8HxeMNl70pPVIKjGNO8Npezk6T3YDUpB3/OGY56jhSYxIEadBvW9CqDS7al7zEKgD1wx1gzT2mQh60H2B/InWg9p96qOqVEQxOFDklxlcnygLu3z7Y0mAds/HXOJJnJbagjfxVi+qROOtVrR5y/kySR0pM9Syk8GvqdtRct7qorONAV/yonarEgz+eEFj10kderSsPdz1sgiYe93VLmPp07cdVsUsaDtLW8gXafc3aWOZ8JIkSUhYDbR49pf2bTeoMDoyi9d6pgLr+cJGQbJC/1LmsAIqOQ7WPiTeAZG2lStNf3bwClpUuL0t78UabZyNzJJN5TFDZqGkwXlaJmQ==,iv:6sa44WnyrXW3KQHdGIKuiGWwqp3qtQu4Q9RSXA45PYs=,tag:MbtS4Xx5K8O3mFAlriuuIA==,type:str] attic-cache-key: ENC[AES256_GCM,data:2Xw8YX6wiQg2yb2pbZ/UowmzUdhtb2iRTVZZD2ypGaiwhI3mteG3qUgQm1oCz0bp+5jip6+kVzt576qVbUGim/m+dUZYU6mqm64/78bfuTvd/UBlJnmjNtWE2ILjnP+M4EodzbYlBlxwGhFS28wrVOHo77rzbcrPJEwZiqIzSgGIWKdNzzo5AXL2b1lKAngXO6Bi5Jc9W4lkTVFJ/Ixh6aOoHpq9TzsHHx2Aak22969pnxmFFpXKof4eiNGnoGBZDAr8pC7oSwVqDYbZwxH1ulRq863KVQkve+HBR2JJLAQjYHHUJJGhJG9jWYT03WjBNHwIDMTTvC9Fiw9Cr0TG0B8Bxwm3dhgLirjUyLOiST2CbDxxld1M8DJFkBwrih6hMJXmJw8Dlqy/D+3EZXT947BI8ythYjuL3jIHHQhUjfEf+sLdqPSngHolAAKqKE84Xv2FDn2wXGwe8UY3NMmIeaWYZsyDu77KnQR2R+6TuJTOw6vOdDoUJ55YRPdb9UR186b+TiSrP0SZOujoSYGs9dattEvN3XKlm3cQztB9UygmdEk/stDZ/CJIRUNXsu46o1nR5FWPkgoW91Fzxs00QgQMpYlnXM2CWknYMSHL45t0BYA7yuFwq9MYNUK/vrdCr3mtHxA6R28HajDUWoZA6uS+DF/i1nF79sYfam7SdKNCqu2r/1CGLblHQwKT27HmrTCXdjeLqe+Yv7sJzlEbV+sKD+ccW8jI4NZRjCbVJVKydK23YWj94NEt/M2rtxzV30XKw8GClqsdEF+v4nu48oB894RPZCy9qQjaFHnqYpiqSa0oXluiQQmRfA0jtQLRTXN5ri7U/GtfH1za179MFWwMorRMK6qdTt3pi8Fie4UgzGyGq6CugN8HxeMNl70pPVIKjGNO8Npezk6T3YDUpB3/OGY56jhSYxIEadBvW9CqDS7al7zEKgD1wx1gzT2mQh60H2B/InWg9p96qOqVEQxOFDklxlcnygLu3z7Y0mAds/HXOJJnJbagjfxVi+qROOtVrR5y/kySR0pM9Syk8GvqdtRct7qorONAV/yonarEgz+eEFj10kderSsPdz1sgiYe93VLmPp07cdVsUsaDtLW8gXafc3aWOZ8JIkSUhYDbR49pf2bTeoMDoyi9d6pgLr+cJGQbJC/1LmsAIqOQ7WPiTeAZG2lStNf3bwClpUuL0t78UabZyNzJJN5TFDZqGkwXlaJmQ==,iv:6sa44WnyrXW3KQHdGIKuiGWwqp3qtQu4Q9RSXA45PYs=,tag:MbtS4Xx5K8O3mFAlriuuIA==,type:str]
#ENC[AES256_GCM,data:KCqwghIJ8tlGFxMt94svo6285cA1YRbYoeivx6A=,iv:qlZCGrCn5fU1xPQF9wfOMarU6Z7oa3mLtd1LzVzMbuI=,tag:Qq5lBtUsd3lQMx6ffk+kzQ==,type:comment] #ENC[AES256_GCM,data:KCqwghIJ8tlGFxMt94svo6285cA1YRbYoeivx6A=,iv:qlZCGrCn5fU1xPQF9wfOMarU6Z7oa3mLtd1LzVzMbuI=,tag:Qq5lBtUsd3lQMx6ffk+kzQ==,type:comment]
@ -353,8 +355,8 @@ sops:
OVRuazF6YzBRckJQdVlJZWZrbThyZGsKxMDtLfQDPiHN934xE98if3cFHLwFpNdm OVRuazF6YzBRckJQdVlJZWZrbThyZGsKxMDtLfQDPiHN934xE98if3cFHLwFpNdm
/RGFLObFn2saTI86D83xmmjgjeosxPX47JvGHyzCHSVeA8Hd+Qp93A== /RGFLObFn2saTI86D83xmmjgjeosxPX47JvGHyzCHSVeA8Hd+Qp93A==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2025-12-23T01:11:36Z" lastmodified: "2026-02-26T10:38:07Z"
mac: ENC[AES256_GCM,data:e0WoFBQSR5q3GOQ+GMJGBd4lNBAMqlnVjtUq3snxrdvcytb9YvKnoYQH+GjbdGIiqrND8pOVnZt34AjkR8YfpWe+VrkP3Vj/3l+1GjF1XIHbzBNKOQHdYPSVsH2NZwftcAdphbStf3GTlb+b+cpTn4a9Y4pTNGVoOaOA1tBr8bM=,iv:sPXktitTNMkBhHr6E/QRZCVKrgyED9/o9hiivbObACI=,tag:tTNr4UEf92UrtI0Jvi5o3g==,type:str] mac: ENC[AES256_GCM,data:pxaR0X3f5oiCwnrr8jjs8mQDWbjuUkNpFoyQxaC61rRnoLvbkEzxSxmI0zDv2VEcua4Eqfoj7Q4H+qcsR5tM3SjPc0KuYE5eFW4RDv+FIr+XA9om3B4uMy+bIleSvSXroBD+1bLhzJsacudjBpVA6r+INrZKvtjO+L16nNylTSc=,iv:CgOc3ht5zwZGEoxJF6d9ZMwiiNQ2fcnLVFxUxJs6pHY=,tag:4JZgLJlyTbqacIHryciPFg==,type:str]
pgp: pgp:
- created_at: "2026-01-12T22:05:05Z" - created_at: "2026-01-12T22:05:05Z"
enc: |- enc: |-
@ -388,4 +390,4 @@ sops:
-----END PGP MESSAGE----- -----END PGP MESSAGE-----
fp: 4BE7925262289B476DBBC17B76FD3810215AE097 fp: 4BE7925262289B476DBBC17B76FD3810215AE097
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.11.0 version: 3.12.0

8
secrets/repo/pii.nix.enc
View file

File diff suppressed because one or more lines are too long