diff --git a/SwarselSystems.org b/SwarselSystems.org index 3d74d82..46a788c 100644 --- a/SwarselSystems.org +++ b/SwarselSystems.org @@ -234,7 +234,7 @@ When setting this option normally, the password would normally be written world- #+begin_src nix :tangle no :noweb-ref flakeinputs - nixpkgs.url = "github:nixos/nixpkgs?rev=5f385baff93c728400d2c4ec8c9b0745b8f9e5b6"; + nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; nixpkgs-stable.url = "github:NixOS/nixpkgs/nixos-24.11"; nixpkgs-stable24_11.url = "github:NixOS/nixpkgs/nixos-24.11"; systems.url = "github:nix-systems/default-linux"; @@ -357,10 +357,11 @@ In this section I am creating some attributes that define general concepts of my ]; appSet = lib.swarselsystems.mkApps system appNames self; in - { - inherit appSet; - default = appSet.bootstrap; - }); + + appSet // { + default = appSet.swarsel-bootstrap; + } + ); devShells = lib.swarselsystems.forAllSystems (system: let @@ -398,7 +399,6 @@ In this section I am creating some attributes that define general concepts of my ); diskoConfigurations.default = import .templates/hosts/nixos/disk-config.nix; - #+end_src ** Pre-commit-hooks (Checks) @@ -810,6 +810,7 @@ My work machine. Built for more security, this is the gold standard of my config profiles = { personal = true; work = true; + framework = true; }; }; in @@ -817,7 +818,6 @@ My work machine. Built for more security, this is the gold standard of my config imports = [ inputs.nixos-hardware.nixosModules.framework-16-7040-amd - inputs.fw-fanctrl.nixosModules.default ./disk-config.nix ./hardware-configuration.nix @@ -826,67 +826,24 @@ My work machine. Built for more security, this is the gold standard of my config - networking.networkmanager.wifi.scanRandMacAddress = false; - - boot = { - supportedFilesystems = [ "btrfs" ]; - # kernelPackages = lib.mkDefault pkgs.linuxPackages_latest; - kernelParams = [ - "resume_offset=533760" - ]; - resumeDevice = "/dev/disk/by-label/nixos"; - }; - - hardware = { - enableAllFirmware = true; - cpu.amd.updateMicrocode = true; - amdgpu = { - opencl.enable = true; - amdvlk = { - enable = true; - support32Bit.enable = true; - }; - }; - }; - - programs.fw-fanctrl = { - enable = true; - config = { - defaultStrategy = "lazy"; - }; - }; - - networking = { - hostName = lib.swarselsystems.getSecret "${secretsDirectory}/work/worklaptop-hostname"; - fqdn = lib.swarselsystems.getSecret "${secretsDirectory}/work/worklaptop-fqdn"; - firewall.enable = true; - }; - - - services = { - fwupd = { - enable = true; - # framework also uses lvfs-testing, but I do not want to use it - extraRemotes = [ "lvfs" ]; - }; - udev.extraRules = '' - # disable Wakeup on Framework Laptop 16 Keyboard (ANSI) - ACTION=="add", SUBSYSTEM=="usb", ATTRS{idVendor}=="32ac", ATTRS{idProduct}=="0012", ATTR{power/wakeup}="disabled" - # disable Wakeup on Framework Laptop 16 Numpad Module - ACTION=="add", SUBSYSTEM=="usb", ATTRS{idVendor}=="32ac", ATTRS{idProduct}=="0014", ATTR{power/wakeup}="disabled" - # disable Wakeup on Framework Laptop 16 Trackpad - ACTION=="add", SUBSYSTEM=="i2c", DRIVERS=="i2c_hid_acpi", ATTRS{name}=="PIXA3854:00", ATTR{power/wakeup}="disabled" - ''; - }; - swarselsystems = lib.recursiveUpdate { + firewall = lib.mkForce true; wallpaper = self + /wallpaper/lenovowp.png; hasBluetooth = true; hasFingerprint = true; isImpermanence = false; isSecureBoot = true; isCrypted = true; + hostName = lib.swarselsystems.getSecret "${secretsDirectory}/work/worklaptop-hostname"; + fqdn = lib.swarselsystems.getSecret "${secretsDirectory}/work/worklaptop-fqdn"; + hibernation.offset = 533760; + profiles = { + amdcpu = true; + amdgpu = true; + hibernation = true; + btrfs = true; + }; } sharedOptions; @@ -904,17 +861,17 @@ My work machine. Built for more security, this is the gold standard of my config path = "/sys/devices/virtual/thermal/thermal_zone0/"; input-filename = "temp4_input"; }; - startup = [ - { command = "nextcloud --background"; } - { command = "vesktop --start-minimized --enable-speech-dispatcher --ozone-platform-hint=auto --enable-features=WaylandWindowDecorations --enable-wayland-ime"; } - { command = "element-desktop --hidden --enable-features=UseOzonePlatform --ozone-platform=wayland --disable-gpu-driver-bug-workarounds"; } - { command = "ANKI_WAYLAND=1 anki"; } - { command = "OBSIDIAN_USE_WAYLAND=1 obsidian"; } - { command = "nm-applet"; } - { command = "teams-for-linux"; } - { command = "1password"; } - { command = "feishin"; } - ]; + # startup = [ + # { command = "nextcloud --background"; } + # { command = "vesktop --start-minimized --enable-speech-dispatcher --ozone-platform-hint=auto --enable-features=WaylandWindowDecorations --enable-wayland-ime"; } + # { command = "element-desktop --hidden --enable-features=UseOzonePlatform --ozone-platform=wayland --disable-gpu-driver-bug-workarounds"; } + # { command = "ANKI_WAYLAND=1 anki"; } + # { command = "OBSIDIAN_USE_WAYLAND=1 obsidian"; } + # { command = "nm-applet"; } + # { command = "teams-for-linux"; } + # { command = "1password"; } + # { command = "feishin"; } + # ]; lowResolution = "1280x800"; highResolution = "2560x1600"; monitors = { @@ -926,97 +883,6 @@ My work machine. Built for more security, this is the gold standard of my config workspace = "15:L"; output = "eDP-2"; }; - homedesktop = { - name = "Philips Consumer Electronics Company PHL BDM3270 AU11806002320"; - mode = "2560x1440"; - scale = "1"; - position = "0,0"; - workspace = "1:一"; - output = "DP-11"; - }; - work_back_middle = { - name = "LG Electronics LG Ultra HD 0x000305A6"; - mode = "2560x1440"; - scale = "1"; - position = "5120,0"; - workspace = "1:一"; - output = "DP-10"; - }; - work_front_left = { - name = "LG Electronics LG Ultra HD 0x0007AB45"; - mode = "3840x2160"; - scale = "1"; - position = "5120,0"; - workspace = "1:一"; - output = "DP-7"; - }; - work_back_right = { - name = "HP Inc. HP Z32 CN41212T55"; - mode = "3840x2160"; - scale = "1"; - position = "5120,0"; - workspace = "1:一"; - output = "DP-3"; - }; - work_middle_middle_main = { - name = "HP Inc. HP 732pk CNC4080YL5"; - mode = "3840x2160"; - scale = "1"; - position = "-1280,0"; - workspace = "11:M"; - output = "DP-8"; - }; - work_middle_middle_side = { - name = "Hewlett Packard HP Z24i CN44250RDT"; - mode = "1920x1200"; - transform = "270"; - scale = "1"; - position = "-2480,0"; - workspace = "12:S"; - output = "DP-9"; - }; - work_seminary = { - name = "Applied Creative Technology Transmitter QUATTRO201811"; - mode = "1280x720"; - scale = "1"; - position = "10000,10000"; # i.e. this screen is inaccessible by moving the mouse - workspace = "14:T"; - output = "DP-4"; - }; - }; - inputs = { - "12972:18:Framework_Laptop_16_Keyboard_Module_-_ANSI_Keyboard" = { - xkb_layout = "us"; - xkb_variant = "altgr-intl"; - }; - "1133:45081:MX_Master_2S_Keyboard" = { - xkb_layout = "us"; - xkb_variant = "altgr-intl"; - }; - # "2362:628:PIXA3854:00_093A:0274_Touchpad" = { - # dwt = "enabled"; - # tap = "enabled"; - # natural_scroll = "enabled"; - # middle_emulation = "enabled"; - # drag_lock = "disabled"; - # }; - "1133:50504:Logitech_USB_Receiver" = { - xkb_layout = "us"; - xkb_variant = "altgr-intl"; - }; - "1133:45944:MX_KEYS_S" = { - xkb_layout = "us"; - xkb_variant = "altgr-intl"; - }; - }; - keybindings = { - "Mod4+Ctrl+Shift+p" = "exec screenshare"; - }; - shellAliases = { - ans2-15_3-9 = ". ~/.venvs/ansible39_2_15_0/bin/activate"; - ans3-9 = ". ~/.venvs/ansible39/bin/activate"; - ans = ". ~/.venvs/ansible/bin/activate"; - ans2-15 = ". ~/.venvs/ansible2.15.0/bin/activate"; }; } sharedOptions; @@ -2029,8 +1895,7 @@ I also set the =WLR_RENDERER_ALLOW_SOFTWARE=1= to allow this configuration to ru #+begin_src nix :tangle hosts/nixos/chaostheatre/options.nix _: - { - } + { } #+end_src @@ -2038,8 +1903,7 @@ I also set the =WLR_RENDERER_ALLOW_SOFTWARE=1= to allow this configuration to ru #+begin_src nix :tangle hosts/nixos/chaostheatre/options-home.nix _: - { - } + { } #+end_src @@ -3912,6 +3776,7 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a networkDevices = lib.mkDefault true; gvfs = lib.mkDefault true; interceptionTools = lib.mkDefault true; + swayosd = lib.mkDefault true; ppd = lib.mkDefault true; yubikey = lib.mkDefault true; ledger = lib.mkDefault true; @@ -3976,6 +3841,7 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a networkDevices = lib.mkDefault true; gvfs = lib.mkDefault true; interceptionTools = lib.mkDefault true; + swayosd = lib.mkDefault true; ppd = lib.mkDefault true; yubikey = lib.mkDefault true; ledger = lib.mkDefault true; @@ -4053,6 +3919,101 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a #+end_src +***** Framework + +#+begin_src nix :tangle profiles/nixos/framework/default.nix :mkdirp yes + { lib, config, ... }: + { + options.swarselsystems.profiles.framework = lib.mkEnableOption "is this a framework brand host"; + config = lib.mkIf config.swarselsystems.profiles.framework { + swarselsystems.modules = { + optional = { + framework = lib.mkDefault true; + }; + }; + + }; + + } + +#+end_src + +***** AMD CPU + +#+begin_src nix :tangle profiles/nixos/amdcpu/default.nix :mkdirp yes + { lib, config, ... }: + { + options.swarselsystems.profiles.amdcpu = lib.mkEnableOption "is this a host with amd cpu"; + config = lib.mkIf config.swarselsystems.profiles.amdcpu { + swarselsystems.modules = { + optional = { + amdcpu = lib.mkDefault true; + }; + }; + + }; + + } + +#+end_src + +***** AMD GPU + +#+begin_src nix :tangle profiles/nixos/amdgpu/default.nix :mkdirp yes + { lib, config, ... }: + { + options.swarselsystems.profiles.amdgpu = lib.mkEnableOption "is this a host with amd gpu"; + config = lib.mkIf config.swarselsystems.profiles.amdgpu { + swarselsystems.modules = { + optional = { + amdgpu = lib.mkDefault true; + }; + }; + + }; + + } + +#+end_src + +***** Hibernation + +#+begin_src nix :tangle profiles/nixos/hibernation/default.nix :mkdirp yes + { lib, config, ... }: + { + options.swarselsystems.profiles.hibernation = lib.mkEnableOption "is this a host using hibernation"; + config = lib.mkIf config.swarselsystems.profiles.hibernation { + swarselsystems.modules = { + optional = { + hibernation = lib.mkDefault true; + }; + }; + + }; + + } + +#+end_src + +***** BTRFS + +#+begin_src nix :tangle profiles/nixos/btrfs/default.nix :mkdirp yes + { lib, config, ... }: + { + options.swarselsystems.profiles.btrfs = lib.mkEnableOption "is this a host using btrfs"; + config = lib.mkIf config.swarselsystems.profiles.btrfs { + swarselsystems.modules = { + optional = { + btrfs = lib.mkDefault true; + }; + }; + + }; + + } + +#+end_src + ***** Local Server #+begin_src nix :tangle profiles/nixos/localserver/default.nix :mkdirp yes @@ -4173,6 +4134,7 @@ This holds modules that are to be used on most hosts. These are also the most im env = lib.mkDefault true; programs = lib.mkDefault true; nix-index = lib.mkDefault true; + passwordstore = lib.mkDefault true; direnv = lib.mkDefault true; eza = lib.mkDefault true; git = lib.mkDefault true; @@ -4292,6 +4254,25 @@ This holds modules that are to be used on most hosts. These are also the most im #+end_src +***** Framework + +#+begin_src nix :tangle profiles/home/framework/default.nix :mkdirp yes + { lib, config, ... }: + { + options.swarselsystems.profiles.framework = lib.mkEnableOption "is this a framework brand host"; + config = lib.mkIf config.swarselsystems.profiles.framework { + swarselsystems.modules = { + optional = { + framework = lib.mkDefault true; + }; + }; + + }; + + } + +#+end_src + ***** Darwin #+begin_src nix :tangle profiles/home/darwin/default.nix :mkdirp yes @@ -4380,6 +4361,8 @@ TODO default = true; }; + mkStrong = lib.mkOverride 60; + getSecret = filename: lib.strings.trim (builtins.readFile "${filename}"); forEachSystem = f: lib.genAttrs (import systems) (system: f lib.swarselsystems.pkgsFor.${system}); @@ -4397,6 +4380,7 @@ TODO inputs.sops-nix.nixosModules.sops inputs.impermanence.nixosModules.impermanence inputs.lanzaboote.nixosModules.lanzaboote + inputs.fw-fanctrl.nixosModules.default "${self}/hosts/${type}/${host}" { _module.args.primaryUser = linuxUser; @@ -4470,6 +4454,9 @@ TODO value = { type = "app"; program = "${self.packages.${system}.${name}}/bin/${name}"; + meta = { + description = "Custom app ${name}."; + }; }; }) names); @@ -4693,7 +4680,6 @@ Mostly used to install some compilers and lsp's that I want to have available wh yubico-pam yubioath-flutter yubikey-manager - yubikey-manager-qt yubikey-touch-detector yubico-piv-tool cfssl @@ -4708,6 +4694,7 @@ Mostly used to install some compilers and lsp's that I want to have available wh swaylock-effects syncthingtray-minimal wl-mirror + swayosd # secure boot sbctl @@ -5102,14 +5089,17 @@ Here I only enable =networkmanager= and a few default networks. The rest of the #+begin_src nix :tangle modules/nixos/common/network.nix { lib, config, ... }: { - options.swarselsystems.modules.network = lib.mkEnableOption "network config"; + options.swarselsystems = { + modules.network = lib.mkEnableOption "network config"; + firewall = lib.swarselsystems.mkTrueOption; + }; config = lib.mkIf config.swarselsystems.modules.network { networking = { nftables.enable = lib.mkDefault true; enableIPv6 = lib.mkDefault true; firewall = { + enable = lib.swarselsystems.mkStrong config.swarselsystems.firewall; checkReversePath = lib.mkDefault false; - enable = lib.mkDefault true; allowedUDPPorts = [ 51820 ]; # 51820: wireguard allowedTCPPortRanges = [ { from = 1714; to = 1764; } # kde-connect @@ -5739,6 +5729,33 @@ Most of the time I am using =power-saver=, however, it is good to be able to cho } #+end_src +***** SwayOSD + +#+begin_src nix :tangle modules/nixos/common/swayosd.nix + { lib, pkgs, config, ... }: + { + options.swarselsystems.modules.swayosd = lib.mkEnableOption "swayosd settings"; + config = lib.mkIf config.swarselsystems.modules.swayosd { + environment.systemPackages = [ pkgs.swayosd ]; + services.udev.packages = [ pkgs.swayosd ]; + systemd.services.swayosd-libinput-backend = { + description = "SwayOSD LibInput backend for listening to certain keys like CapsLock, ScrollLock, VolumeUp, etc."; + documentation = [ "https://github.com/ErikReider/SwayOSD" ]; + wantedBy = [ "graphical.target" ]; + partOf = [ "graphical.target" ]; + after = [ "graphical.target" ]; + + serviceConfig = { + Type = "dbus"; + BusName = "org.erikreider.swayosd"; + ExecStart = "${pkgs.swayosd}/bin/swayosd-libinput-backend"; + Restart = "on-failure"; + }; + }; + }; + } +#+end_src + **** Hardware compatibility settings (Yubikey, Ledger, Keyboards) - udev rules :PROPERTIES: :CUSTOM_ID: h:7a89b5e3-b700-4167-8b14-2b8172f33936 @@ -8341,6 +8358,118 @@ This smashes Atmosphere 1.3.2 on the switch, which is what I am currenty using. } #+end_src +**** Framework + +This holds configuration that is specific to framework laptops. + +#+begin_src nix :tangle modules/nixos/optional/framework.nix + { lib, config, ... }: + { + options.swarselsystems.modules.optional.framework = lib.mkEnableOption "optional framework machine settings"; + config = lib.mkIf config.swarselsystems.modules.optional.framework { + services = { + fwupd = { + enable = true; + # framework also uses lvfs-testing, but I do not want to use it + extraRemotes = [ "lvfs" ]; + }; + udev.extraRules = '' + # disable Wakeup on Framework Laptop 16 Keyboard (ANSI) + ACTION=="add", SUBSYSTEM=="usb", ATTRS{idVendor}=="32ac", ATTRS{idProduct}=="0012", ATTR{power/wakeup}="disabled" + # disable Wakeup on Framework Laptop 16 Numpad Module + ACTION=="add", SUBSYSTEM=="usb", ATTRS{idVendor}=="32ac", ATTRS{idProduct}=="0014", ATTR{power/wakeup}="disabled" + # disable Wakeup on Framework Laptop 16 Trackpad + ACTION=="add", SUBSYSTEM=="i2c", DRIVERS=="i2c_hid_acpi", ATTRS{name}=="PIXA3854:00", ATTR{power/wakeup}="disabled" + ''; + }; + programs.fw-fanctrl = { + enable = true; + config = { + defaultStrategy = "lazy"; + }; + }; + }; + } +#+end_src + +**** AMD CPU + +#+begin_src nix :tangle modules/nixos/optional/amdcpu.nix + { lib, config, ... }: + { + options.swarselsystems.modules.optional.amdcpu = lib.mkEnableOption "optional amd cpu settings"; + config = lib.mkIf config.swarselsystems.modules.optional.amdcpu { + hardware = { + cpu.amd.updateMicrocode = true; + }; + }; + } +#+end_src + +**** AMD GPU + + +#+begin_src nix :tangle modules/nixos/optional/amdgpu.nix + { lib, config, ... }: + { + options.swarselsystems.modules.optional.amdgpu = lib.mkEnableOption "optional amd gpu settings"; + config = lib.mkIf config.swarselsystems.modules.optional.amdgpu { + hardware = { + amdgpu = { + opencl.enable = true; + amdvlk = { + enable = true; + support32Bit.enable = true; + }; + }; + }; + }; + } +#+end_src + +**** Hibernation + +#+begin_src nix :tangle modules/nixos/optional/hibernation.nix + { lib, config, ... }: + { + options.swarselsystems = { + modules.optional.hibernation = lib.mkEnableOption "optional amd gpu settings"; + hibernation = { + offset = lib.mkOption { + type = lib.types.int; + default = 0; + }; + resumeDevice = lib.mkOption { + type = lib.types.str; + default = "/dev/disk/by-label/nixos"; + }; + }; + }; + config = lib.mkIf config.swarselsystems.modules.optional.hibernation { + boot = { + kernelParams = [ + "resume_offset=${builtins.toString config.swarselsystems.hibernation.offset}" + ]; + inherit (config.swarselsystems.hibernation) resumeDevice; + }; + }; + } +#+end_src + +**** BTRFS + +#+begin_src nix :tangle modules/nixos/optional/btrfs.nix + { lib, config, ... }: + { + options.swarselsystems.modules.optional.btrfs = lib.mkEnableOption "optional btrfs settings"; + config = lib.mkIf config.swarselsystems.modules.optional.btrfs { + boot = { + supportedFilesystems = [ "btrfs" ]; + }; + }; + } +#+end_src + **** work :PROPERTIES: :CUSTOM_ID: h:bbf2ecb6-c8ff-4462-b5d5-d45b28604ddf @@ -8375,7 +8504,17 @@ Options that I need specifically at work. There are more options at [[#h:f0b2ea9 }; in { - options.swarselsystems.modules.optional.work = lib.mkEnableOption "optional work settings"; + options.swarselsystems = { + modules.optional.work = lib.mkEnableOption "optional work settings"; + hostName = lib.mkOption { + type = lib.types.str; + default = ""; + }; + fqdn = lib.mkOption { + type = lib.types.str; + default = ""; + }; + }; config = lib.mkIf config.swarselsystems.modules.optional.work { sops = let @@ -8437,7 +8576,12 @@ Options that I need specifically at work. There are more options at [[#h:f0b2ea9 }; networking = { - firewall.trustedInterfaces = [ "virbr0" ]; + inherit (config.swarselsystems) hostName fqdn; + networkmanager.wifi.scanRandMacAddress = false; + firewall = { + enable = lib.mkDefault true; + trustedInterfaces = [ "virbr0" ]; + }; search = [ "vbc.ac.at" "clip.vbc.ac.at" @@ -8473,7 +8617,7 @@ Options that I need specifically at work. There are more options at [[#h:f0b2ea9 # cryptography # ])) # docker - python39 + stable.python39 qemu packer gnumake @@ -8908,6 +9052,28 @@ Set in firefox =about:config > toolkit.legacyUserProfileCustomizations.styleshee definedAliases = [ "@hm" "@ho" "@hmo" ]; }; + "Confluence search" = { + urls = [{ + template = "https://vbc.atlassian.net/wiki/search"; + params = [ + { name = "text"; value = "{searchTerms}"; } + ]; + }]; + + definedAliases = [ "@c" "@cf" "@confluence" ]; + }; + + "Jira search" = { + urls = [{ + template = "https://vbc.atlassian.net/issues/"; + params = [ + { name = "jql"; value = "textfields ~ \"{searchTerms}*\"&wildcardFlag=true"; } + ]; + }]; + + definedAliases = [ "@j" "@jire" ]; + }; + "google".metaData.alias = "@g"; }; force = true; # this is required because otherwise the search.json.mozlz4 symlink gets replaced on every firefox restart @@ -11166,6 +11332,7 @@ Currently, I am too lazy to explain every option here, but most of it is very se type = lib.types.attrsOf lib.types.str; default = { }; }; + startup = lib.mkOption { type = lib.types.listOf (lib.types.attrsOf lib.types.str); default = [ @@ -11567,6 +11734,18 @@ Currently, I am too lazy to explain every option here, but most of it is very se { options.swarselsystems.modules.kanshi = lib.mkEnableOption "kanshi settings"; config = lib.mkIf config.swarselsystems.modules.kanshi { + swarselsystems = { + monitors = { + homedesktop = { + name = "Philips Consumer Electronics Company PHL BDM3270 AU11806002320"; + mode = "2560x1440"; + scale = "1"; + position = "0,0"; + workspace = "1:一"; + output = "DP-11"; + }; + }; + }; services.kanshi = { enable = true; settings = [ @@ -12187,12 +12366,131 @@ The rest of the settings is at [[#h:bbf2ecb6-c8ff-4462-b5d5-d45b28604ddf][work]] }; }; + swarselsystems = { + startup = [ + { command = "teams-for-linux"; } + { command = "1password"; } + ]; + monitors = { + main = { + name = "BOE 0x0BC9 Unknown"; + mode = "2560x1600"; # TEMPLATE + scale = "1"; + position = "2560,0"; + workspace = "15:L"; + output = "eDP-2"; + }; + homedesktop = { + name = "Philips Consumer Electronics Company PHL BDM3270 AU11806002320"; + mode = "2560x1440"; + scale = "1"; + position = "0,0"; + workspace = "1:一"; + output = "DP-11"; + }; + work_back_middle = { + name = "LG Electronics LG Ultra HD 0x000305A6"; + mode = "2560x1440"; + scale = "1"; + position = "5120,0"; + workspace = "1:一"; + output = "DP-10"; + }; + work_front_left = { + name = "LG Electronics LG Ultra HD 0x0007AB45"; + mode = "3840x2160"; + scale = "1"; + position = "5120,0"; + workspace = "1:一"; + output = "DP-7"; + }; + work_back_right = { + name = "HP Inc. HP Z32 CN41212T55"; + mode = "3840x2160"; + scale = "1"; + position = "5120,0"; + workspace = "1:一"; + output = "DP-3"; + }; + work_middle_middle_main = { + name = "HP Inc. HP 732pk CNC4080YL5"; + mode = "3840x2160"; + scale = "1"; + position = "-1280,0"; + workspace = "11:M"; + output = "DP-8"; + }; + work_middle_middle_side = { + name = "Hewlett Packard HP Z24i CN44250RDT"; + mode = "1920x1200"; + transform = "270"; + scale = "1"; + position = "-2480,0"; + workspace = "12:S"; + output = "DP-9"; + }; + work_seminary = { + name = "Applied Creative Technology Transmitter QUATTRO201811"; + mode = "1280x720"; + scale = "1"; + position = "10000,10000"; # i.e. this screen is inaccessible by moving the mouse + workspace = "14:T"; + output = "DP-4"; + }; + }; + inputs = { + "1133:45081:MX_Master_2S_Keyboard" = { + xkb_layout = "us"; + xkb_variant = "altgr-intl"; + }; + # "2362:628:PIXA3854:00_093A:0274_Touchpad" = { + # dwt = "enabled"; + # tap = "enabled"; + # natural_scroll = "enabled"; + # middle_emulation = "enabled"; + # drag_lock = "disabled"; + # }; + "1133:50504:Logitech_USB_Receiver" = { + xkb_layout = "us"; + xkb_variant = "altgr-intl"; + }; + "1133:45944:MX_KEYS_S" = { + xkb_layout = "us"; + xkb_variant = "altgr-intl"; + }; + }; + keybindings = { + "Mod4+Ctrl+Shift+p" = "exec screenshare"; + }; + + }; }; } #+end_src +**** Framework + +This holds configuration that is specific to framework laptops. + +#+begin_src nix :tangle modules/home/optional/framework.nix + { lib, config, ... }: + { + options.swarselsystems.modules.optional.framework = lib.mkEnableOption "optional framework machine settings"; + config = lib.mkIf config.swarselsystems.modules.optional.framework { + swarselsystems = { + inputs = { + "12972:18:Framework_Laptop_16_Keyboard_Module_-_ANSI_Keyboard" = { + xkb_layout = "us"; + xkb_variant = "altgr-intl"; + }; + }; + }; + }; + } +#+end_src + * Emacs :PROPERTIES: :CUSTOM_ID: h:ed4cd05c-0879-41c6-bc39-3f1246a96f04 @@ -12616,9 +12914,7 @@ Used here: [[#h:877c9401-a354-4e44-a235-db1a90d19e00][General org-mode]] (defun swarsel/org-mode-setup () (variable-pitch-mode 1) (add-hook 'org-tab-first-hook 'org-end-of-line) - (org-indent-mode) - (visual-line-mode 1) - (org-mode)) + (visual-line-mode 1)) #+end_src **** org-mode: Visual-fill column @@ -15494,6 +15790,8 @@ set configversion 2.0 set searchurls.no https://search.nixos.org/options?query= set searchurls.np https://search.nixos.org/packages?query= set searchurls.hm https://home-manager-options.extranix.com/?query= +set searchurls.@c https://vbc.atlassian.net/wiki/search?text= +set searchurls.@j https://vbc.atlassian.net/issues/?jql=textfields%20~%20%22%s*%22&wildcardFlag=true set completions.Tab.statusstylepretty true set hintfiltermode vimperator-reflow set hintnames numeric @@ -15512,26 +15810,9 @@ bindurl ^http(s)?://lobste\.rs c hint -Jc [class="u-url"],[class="comments_label bindurl ^http(s)?://www\.google\.com gi composite focusinput -l ; text.end_of_line " Work -command tab_or_tabopen jsb -p (async () => { - let tabs = await browser.tabs.query({}); - let tab = tabs.find(t => t.url.includes(JS_ARG)); - if (tab) { - browser.tabs.update(tab.id, { active: true }); - } else { - tri.excmds.tabopen(JS_ARG); - } -})() +command tab_or_tabopen jsb -p (async () => {let tabs = await browser.tabs.query({}); let tab = tabs.find(t => t.url.includes(JS_ARG)); if (tab) {browser.tabs.update(tab.id, { active: true });} else {tri.excmds.tabopen(JS_ARG);}})() -command tab_or_tabopen_local jsb -p (async () => { - const currentWindow = await browser.windows.getCurrent(); - const tabs = await browser.tabs.query({ windowId: currentWindow.id }); - const tab = tabs.find(t => t.url.includes(JS_ARG)); - if (tab) { - browser.tabs.update(tab.id, { active: true }); - } else { - tri.excmds.tabopen(JS_ARG); - } -})() +command tab_or_tabopen_local jsb -p (async () => {const currentWindow = await browser.windows.getCurrent(); const tabs = await browser.tabs.query({ windowId: currentWindow.id }); const tab = tabs.find(t => t.url.includes(JS_ARG)); if (tab) {browser.tabs.update(tab.id, { active: true });} else {tri.excmds.tabopen(JS_ARG);}})() bind gwa tab_or_tabopen_local apic-impimba-1.m.imp.ac.at bind gwA tab_or_tabopen_local artifactory.imp.ac.at diff --git a/flake.lock b/flake.lock index c4b3ad4..73c688c 100644 --- a/flake.lock +++ b/flake.lock @@ -125,11 +125,11 @@ ] }, "locked": { - "lastModified": 1744145203, - "narHash": "sha256-I2oILRiJ6G+BOSjY+0dGrTPe080L3pbKpc+gCV3Nmyk=", + "lastModified": 1744940522, + "narHash": "sha256-TNoetfICvd29DhxRPpmyKItQBDlqSvKcV+wGNkn14jk=", "owner": "nix-community", "repo": "disko", - "rev": "76c0a6dba345490508f36c1aa3c7ba5b6b460989", + "rev": "51d33bbb7f1e74ba5f9d9a77357735149da99081", "type": "github" }, "original": { @@ -146,11 +146,11 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1744770066, - "narHash": "sha256-zzcONhPfZpJSla9Yzl/tFHxGecLXaLgOBicYl0W0Kl8=", + "lastModified": 1744967866, + "narHash": "sha256-jWHOSSZ03R1Dvru5rXEForMgkV1RAsCd+IjMmehpmFg=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "fd7813213109317254eeb74ff07ac6bf32c7d56b", + "rev": "c54fd7dc3e696136c8257abfe12815274b42660e", "type": "github" }, "original": { @@ -597,11 +597,11 @@ ] }, "locked": { - "lastModified": 1744735751, - "narHash": "sha256-OPpfgL3qUIbQdbmp1/ZwnlsuTLooHN4or0EABnZTFRY=", + "lastModified": 1744919155, + "narHash": "sha256-IJksPW32V9gid9vDxoloJMRk+YGjxq5drFHBFeBkKU8=", "owner": "nix-community", "repo": "home-manager", - "rev": "db7738e67a101ad945abbcb447e1310147afaf1b", + "rev": "72526a5f7cde2ef9075637802a1e2a8d2d658f70", "type": "github" }, "original": { @@ -1103,17 +1103,17 @@ }, "nixpkgs_5": { "locked": { - "lastModified": 1741680361, - "narHash": "sha256-SxKcbEuuLHlEc0GBO776DX+Zvi1ESe6avChu3uoA32w=", + "lastModified": 1745391562, + "narHash": "sha256-sPwcCYuiEopaafePqlG826tBhctuJsLx/mhKKM5Fmjo=", "owner": "nixos", "repo": "nixpkgs", - "rev": "5f385baff93c728400d2c4ec8c9b0745b8f9e5b6", + "rev": "8a2f738d9d1f1d986b5a4cd2fd2061a7127237d7", "type": "github" }, "original": { "owner": "nixos", + "ref": "nixos-unstable", "repo": "nixpkgs", - "rev": "5f385baff93c728400d2c4ec8c9b0745b8f9e5b6", "type": "github" } }, @@ -1261,11 +1261,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1744793674, - "narHash": "sha256-rYha6a3Austfc5bPmpio8UHaxlZn8XE38J5+VZ7s/KY=", + "lastModified": 1744971000, + "narHash": "sha256-WwJZZ1ChbwUWzsZWA4rUvWaISrZ9/+OB2qc3XZbbjTg=", "owner": "nix-community", "repo": "NUR", - "rev": "50c9703a2f9da7abf3f18b3941e127e546a7f4c4", + "rev": "c2d387e6f9e895853816a13d5c84f05f0675e1ea", "type": "github" }, "original": { @@ -1500,11 +1500,11 @@ "tinted-zed": "tinted-zed" }, "locked": { - "lastModified": 1744668092, - "narHash": "sha256-XDmpI3ywMkypsHKRF2am6BzZ5OjwpQMulAe8L87Ek8U=", + "lastModified": 1744910471, + "narHash": "sha256-HItOUMA2whFnPMJuyN2XHq9TZttgrgOAZcoUXsaD4Js=", "owner": "danth", "repo": "stylix", - "rev": "38aff11a7097f4da6b95d4c4d2c0438f25a08d52", + "rev": "8d5cd725ad591890c0cd804bf68cc842b8afca51", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 81e7add..bea27c7 100644 --- a/flake.nix +++ b/flake.nix @@ -13,7 +13,7 @@ }; inputs = { - nixpkgs.url = "github:nixos/nixpkgs?rev=5f385baff93c728400d2c4ec8c9b0745b8f9e5b6"; + nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; nixpkgs-stable.url = "github:NixOS/nixpkgs/nixos-24.11"; nixpkgs-stable24_11.url = "github:NixOS/nixpkgs/nixos-24.11"; systems.url = "github:nix-systems/default-linux"; @@ -114,10 +114,11 @@ ]; appSet = lib.swarselsystems.mkApps system appNames self; in - { - inherit appSet; - default = appSet.bootstrap; - }); + + appSet // { + default = appSet.swarsel-bootstrap; + } + ); devShells = lib.swarselsystems.forAllSystems (system: let @@ -156,7 +157,6 @@ diskoConfigurations.default = import .templates/hosts/nixos/disk-config.nix; - nixosConfigurations = lib.swarselsystems.mkFullHostConfigs (lib.swarselsystems.readHosts "nixos") "nixos"; homeConfigurations = diff --git a/hosts/nixos/nbl-imba-2/default.nix b/hosts/nixos/nbl-imba-2/default.nix index 0a3c021..fb78eb2 100644 --- a/hosts/nixos/nbl-imba-2/default.nix +++ b/hosts/nixos/nbl-imba-2/default.nix @@ -8,6 +8,7 @@ let profiles = { personal = true; work = true; + framework = true; }; }; in @@ -15,7 +16,6 @@ in imports = [ inputs.nixos-hardware.nixosModules.framework-16-7040-amd - inputs.fw-fanctrl.nixosModules.default ./disk-config.nix ./hardware-configuration.nix @@ -24,67 +24,24 @@ in - networking.networkmanager.wifi.scanRandMacAddress = false; - - boot = { - supportedFilesystems = [ "btrfs" ]; - # kernelPackages = lib.mkDefault pkgs.linuxPackages_latest; - kernelParams = [ - "resume_offset=533760" - ]; - resumeDevice = "/dev/disk/by-label/nixos"; - }; - - hardware = { - enableAllFirmware = true; - cpu.amd.updateMicrocode = true; - amdgpu = { - opencl.enable = true; - amdvlk = { - enable = true; - support32Bit.enable = true; - }; - }; - }; - - programs.fw-fanctrl = { - enable = true; - config = { - defaultStrategy = "lazy"; - }; - }; - - networking = { - hostName = lib.swarselsystems.getSecret "${secretsDirectory}/work/worklaptop-hostname"; - fqdn = lib.swarselsystems.getSecret "${secretsDirectory}/work/worklaptop-fqdn"; - firewall.enable = true; - }; - - - services = { - fwupd = { - enable = true; - # framework also uses lvfs-testing, but I do not want to use it - extraRemotes = [ "lvfs" ]; - }; - udev.extraRules = '' - # disable Wakeup on Framework Laptop 16 Keyboard (ANSI) - ACTION=="add", SUBSYSTEM=="usb", ATTRS{idVendor}=="32ac", ATTRS{idProduct}=="0012", ATTR{power/wakeup}="disabled" - # disable Wakeup on Framework Laptop 16 Numpad Module - ACTION=="add", SUBSYSTEM=="usb", ATTRS{idVendor}=="32ac", ATTRS{idProduct}=="0014", ATTR{power/wakeup}="disabled" - # disable Wakeup on Framework Laptop 16 Trackpad - ACTION=="add", SUBSYSTEM=="i2c", DRIVERS=="i2c_hid_acpi", ATTRS{name}=="PIXA3854:00", ATTR{power/wakeup}="disabled" - ''; - }; - swarselsystems = lib.recursiveUpdate { + firewall = lib.mkForce true; wallpaper = self + /wallpaper/lenovowp.png; hasBluetooth = true; hasFingerprint = true; isImpermanence = false; isSecureBoot = true; isCrypted = true; + hostName = lib.swarselsystems.getSecret "${secretsDirectory}/work/worklaptop-hostname"; + fqdn = lib.swarselsystems.getSecret "${secretsDirectory}/work/worklaptop-fqdn"; + hibernation.offset = 533760; + profiles = { + amdcpu = true; + amdgpu = true; + hibernation = true; + btrfs = true; + }; } sharedOptions; @@ -102,17 +59,17 @@ in path = "/sys/devices/virtual/thermal/thermal_zone0/"; input-filename = "temp4_input"; }; - startup = [ - { command = "nextcloud --background"; } - { command = "vesktop --start-minimized --enable-speech-dispatcher --ozone-platform-hint=auto --enable-features=WaylandWindowDecorations --enable-wayland-ime"; } - { command = "element-desktop --hidden --enable-features=UseOzonePlatform --ozone-platform=wayland --disable-gpu-driver-bug-workarounds"; } - { command = "ANKI_WAYLAND=1 anki"; } - { command = "OBSIDIAN_USE_WAYLAND=1 obsidian"; } - { command = "nm-applet"; } - { command = "teams-for-linux"; } - { command = "1password"; } - { command = "feishin"; } - ]; + # startup = [ + # { command = "nextcloud --background"; } + # { command = "vesktop --start-minimized --enable-speech-dispatcher --ozone-platform-hint=auto --enable-features=WaylandWindowDecorations --enable-wayland-ime"; } + # { command = "element-desktop --hidden --enable-features=UseOzonePlatform --ozone-platform=wayland --disable-gpu-driver-bug-workarounds"; } + # { command = "ANKI_WAYLAND=1 anki"; } + # { command = "OBSIDIAN_USE_WAYLAND=1 obsidian"; } + # { command = "nm-applet"; } + # { command = "teams-for-linux"; } + # { command = "1password"; } + # { command = "feishin"; } + # ]; lowResolution = "1280x800"; highResolution = "2560x1600"; monitors = { @@ -124,97 +81,6 @@ in workspace = "15:L"; output = "eDP-2"; }; - homedesktop = { - name = "Philips Consumer Electronics Company PHL BDM3270 AU11806002320"; - mode = "2560x1440"; - scale = "1"; - position = "0,0"; - workspace = "1:一"; - output = "DP-11"; - }; - work_back_middle = { - name = "LG Electronics LG Ultra HD 0x000305A6"; - mode = "2560x1440"; - scale = "1"; - position = "5120,0"; - workspace = "1:一"; - output = "DP-10"; - }; - work_front_left = { - name = "LG Electronics LG Ultra HD 0x0007AB45"; - mode = "3840x2160"; - scale = "1"; - position = "5120,0"; - workspace = "1:一"; - output = "DP-7"; - }; - work_back_right = { - name = "HP Inc. HP Z32 CN41212T55"; - mode = "3840x2160"; - scale = "1"; - position = "5120,0"; - workspace = "1:一"; - output = "DP-3"; - }; - work_middle_middle_main = { - name = "HP Inc. HP 732pk CNC4080YL5"; - mode = "3840x2160"; - scale = "1"; - position = "-1280,0"; - workspace = "11:M"; - output = "DP-8"; - }; - work_middle_middle_side = { - name = "Hewlett Packard HP Z24i CN44250RDT"; - mode = "1920x1200"; - transform = "270"; - scale = "1"; - position = "-2480,0"; - workspace = "12:S"; - output = "DP-9"; - }; - work_seminary = { - name = "Applied Creative Technology Transmitter QUATTRO201811"; - mode = "1280x720"; - scale = "1"; - position = "10000,10000"; # i.e. this screen is inaccessible by moving the mouse - workspace = "14:T"; - output = "DP-4"; - }; - }; - inputs = { - "12972:18:Framework_Laptop_16_Keyboard_Module_-_ANSI_Keyboard" = { - xkb_layout = "us"; - xkb_variant = "altgr-intl"; - }; - "1133:45081:MX_Master_2S_Keyboard" = { - xkb_layout = "us"; - xkb_variant = "altgr-intl"; - }; - # "2362:628:PIXA3854:00_093A:0274_Touchpad" = { - # dwt = "enabled"; - # tap = "enabled"; - # natural_scroll = "enabled"; - # middle_emulation = "enabled"; - # drag_lock = "disabled"; - # }; - "1133:50504:Logitech_USB_Receiver" = { - xkb_layout = "us"; - xkb_variant = "altgr-intl"; - }; - "1133:45944:MX_KEYS_S" = { - xkb_layout = "us"; - xkb_variant = "altgr-intl"; - }; - }; - keybindings = { - "Mod4+Ctrl+Shift+p" = "exec screenshare"; - }; - shellAliases = { - ans2-15_3-9 = ". ~/.venvs/ansible39_2_15_0/bin/activate"; - ans3-9 = ". ~/.venvs/ansible39/bin/activate"; - ans = ". ~/.venvs/ansible/bin/activate"; - ans2-15 = ". ~/.venvs/ansible2.15.0/bin/activate"; }; } sharedOptions; diff --git a/lib/default.nix b/lib/default.nix index 00970c6..5396f40 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -31,6 +31,8 @@ in default = true; }; + mkStrong = lib.mkOverride 60; + getSecret = filename: lib.strings.trim (builtins.readFile "${filename}"); forEachSystem = f: lib.genAttrs (import systems) (system: f lib.swarselsystems.pkgsFor.${system}); @@ -48,6 +50,7 @@ in inputs.sops-nix.nixosModules.sops inputs.impermanence.nixosModules.impermanence inputs.lanzaboote.nixosModules.lanzaboote + inputs.fw-fanctrl.nixosModules.default "${self}/hosts/${type}/${host}" { _module.args.primaryUser = linuxUser; @@ -121,6 +124,9 @@ in value = { type = "app"; program = "${self.packages.${system}.${name}}/bin/${name}"; + meta = { + description = "Custom app ${name}."; + }; }; }) names); diff --git a/modules/home/common/kanshi.nix b/modules/home/common/kanshi.nix index 0cb7480..352666d 100644 --- a/modules/home/common/kanshi.nix +++ b/modules/home/common/kanshi.nix @@ -2,6 +2,18 @@ { options.swarselsystems.modules.kanshi = lib.mkEnableOption "kanshi settings"; config = lib.mkIf config.swarselsystems.modules.kanshi { + swarselsystems = { + monitors = { + homedesktop = { + name = "Philips Consumer Electronics Company PHL BDM3270 AU11806002320"; + mode = "2560x1440"; + scale = "1"; + position = "0,0"; + workspace = "1:一"; + output = "DP-11"; + }; + }; + }; services.kanshi = { enable = true; settings = [ diff --git a/modules/home/common/sharedsetup.nix b/modules/home/common/sharedsetup.nix index eb46a89..919d451 100644 --- a/modules/home/common/sharedsetup.nix +++ b/modules/home/common/sharedsetup.nix @@ -244,6 +244,28 @@ in definedAliases = [ "@hm" "@ho" "@hmo" ]; }; + "Confluence search" = { + urls = [{ + template = "https://vbc.atlassian.net/wiki/search"; + params = [ + { name = "text"; value = "{searchTerms}"; } + ]; + }]; + + definedAliases = [ "@c" "@cf" "@confluence" ]; + }; + + "Jira search" = { + urls = [{ + template = "https://vbc.atlassian.net/issues/"; + params = [ + { name = "jql"; value = "textfields ~ \"{searchTerms}*\"&wildcardFlag=true"; } + ]; + }]; + + definedAliases = [ "@j" "@jire" ]; + }; + "google".metaData.alias = "@g"; }; force = true; # this is required because otherwise the search.json.mozlz4 symlink gets replaced on every firefox restart diff --git a/modules/home/common/sway.nix b/modules/home/common/sway.nix index f996935..e459dc6 100644 --- a/modules/home/common/sway.nix +++ b/modules/home/common/sway.nix @@ -14,6 +14,7 @@ type = lib.types.attrsOf lib.types.str; default = { }; }; + startup = lib.mkOption { type = lib.types.listOf (lib.types.attrsOf lib.types.str); default = [ diff --git a/modules/home/optional/framework.nix b/modules/home/optional/framework.nix new file mode 100644 index 0000000..46fe225 --- /dev/null +++ b/modules/home/optional/framework.nix @@ -0,0 +1,14 @@ +{ lib, config, ... }: +{ + options.swarselsystems.modules.optional.framework = lib.mkEnableOption "optional framework machine settings"; + config = lib.mkIf config.swarselsystems.modules.optional.framework { + swarselsystems = { + inputs = { + "12972:18:Framework_Laptop_16_Keyboard_Module_-_ANSI_Keyboard" = { + xkb_layout = "us"; + xkb_variant = "altgr-intl"; + }; + }; + }; + }; +} diff --git a/modules/home/optional/work.nix b/modules/home/optional/work.nix index d1f148f..b4bc237 100644 --- a/modules/home/optional/work.nix +++ b/modules/home/optional/work.nix @@ -327,6 +327,104 @@ in }; }; + swarselsystems = { + startup = [ + { command = "teams-for-linux"; } + { command = "1password"; } + ]; + monitors = { + main = { + name = "BOE 0x0BC9 Unknown"; + mode = "2560x1600"; # TEMPLATE + scale = "1"; + position = "2560,0"; + workspace = "15:L"; + output = "eDP-2"; + }; + homedesktop = { + name = "Philips Consumer Electronics Company PHL BDM3270 AU11806002320"; + mode = "2560x1440"; + scale = "1"; + position = "0,0"; + workspace = "1:一"; + output = "DP-11"; + }; + work_back_middle = { + name = "LG Electronics LG Ultra HD 0x000305A6"; + mode = "2560x1440"; + scale = "1"; + position = "5120,0"; + workspace = "1:一"; + output = "DP-10"; + }; + work_front_left = { + name = "LG Electronics LG Ultra HD 0x0007AB45"; + mode = "3840x2160"; + scale = "1"; + position = "5120,0"; + workspace = "1:一"; + output = "DP-7"; + }; + work_back_right = { + name = "HP Inc. HP Z32 CN41212T55"; + mode = "3840x2160"; + scale = "1"; + position = "5120,0"; + workspace = "1:一"; + output = "DP-3"; + }; + work_middle_middle_main = { + name = "HP Inc. HP 732pk CNC4080YL5"; + mode = "3840x2160"; + scale = "1"; + position = "-1280,0"; + workspace = "11:M"; + output = "DP-8"; + }; + work_middle_middle_side = { + name = "Hewlett Packard HP Z24i CN44250RDT"; + mode = "1920x1200"; + transform = "270"; + scale = "1"; + position = "-2480,0"; + workspace = "12:S"; + output = "DP-9"; + }; + work_seminary = { + name = "Applied Creative Technology Transmitter QUATTRO201811"; + mode = "1280x720"; + scale = "1"; + position = "10000,10000"; # i.e. this screen is inaccessible by moving the mouse + workspace = "14:T"; + output = "DP-4"; + }; + }; + inputs = { + "1133:45081:MX_Master_2S_Keyboard" = { + xkb_layout = "us"; + xkb_variant = "altgr-intl"; + }; + # "2362:628:PIXA3854:00_093A:0274_Touchpad" = { + # dwt = "enabled"; + # tap = "enabled"; + # natural_scroll = "enabled"; + # middle_emulation = "enabled"; + # drag_lock = "disabled"; + # }; + "1133:50504:Logitech_USB_Receiver" = { + xkb_layout = "us"; + xkb_variant = "altgr-intl"; + }; + "1133:45944:MX_KEYS_S" = { + xkb_layout = "us"; + xkb_variant = "altgr-intl"; + }; + }; + keybindings = { + "Mod4+Ctrl+Shift+p" = "exec screenshare"; + }; + + }; }; } diff --git a/modules/nixos/common/network.nix b/modules/nixos/common/network.nix index 25a417c..ae1a8ad 100644 --- a/modules/nixos/common/network.nix +++ b/modules/nixos/common/network.nix @@ -1,13 +1,16 @@ { lib, config, ... }: { - options.swarselsystems.modules.network = lib.mkEnableOption "network config"; + options.swarselsystems = { + modules.network = lib.mkEnableOption "network config"; + firewall = lib.swarselsystems.mkTrueOption; + }; config = lib.mkIf config.swarselsystems.modules.network { networking = { nftables.enable = lib.mkDefault true; enableIPv6 = lib.mkDefault true; firewall = { + enable = lib.swarselsystems.mkStrong config.swarselsystems.firewall; checkReversePath = lib.mkDefault false; - enable = lib.mkDefault true; allowedUDPPorts = [ 51820 ]; # 51820: wireguard allowedTCPPortRanges = [ { from = 1714; to = 1764; } # kde-connect diff --git a/modules/nixos/common/packages.nix b/modules/nixos/common/packages.nix index 8e0617c..3f08250 100644 --- a/modules/nixos/common/packages.nix +++ b/modules/nixos/common/packages.nix @@ -10,7 +10,6 @@ yubico-pam yubioath-flutter yubikey-manager - yubikey-manager-qt yubikey-touch-detector yubico-piv-tool cfssl @@ -25,6 +24,7 @@ swaylock-effects syncthingtray-minimal wl-mirror + swayosd # secure boot sbctl diff --git a/modules/nixos/common/swayosd.nix b/modules/nixos/common/swayosd.nix new file mode 100644 index 0000000..f1c0cdf --- /dev/null +++ b/modules/nixos/common/swayosd.nix @@ -0,0 +1,22 @@ +{ lib, pkgs, config, ... }: +{ + options.swarselsystems.modules.swayosd = lib.mkEnableOption "swayosd settings"; + config = lib.mkIf config.swarselsystems.modules.swayosd { + environment.systemPackages = [ pkgs.swayosd ]; + services.udev.packages = [ pkgs.swayosd ]; + systemd.services.swayosd-libinput-backend = { + description = "SwayOSD LibInput backend for listening to certain keys like CapsLock, ScrollLock, VolumeUp, etc."; + documentation = [ "https://github.com/ErikReider/SwayOSD" ]; + wantedBy = [ "graphical.target" ]; + partOf = [ "graphical.target" ]; + after = [ "graphical.target" ]; + + serviceConfig = { + Type = "dbus"; + BusName = "org.erikreider.swayosd"; + ExecStart = "${pkgs.swayosd}/bin/swayosd-libinput-backend"; + Restart = "on-failure"; + }; + }; + }; +} diff --git a/modules/nixos/optional/amdcpu.nix b/modules/nixos/optional/amdcpu.nix new file mode 100644 index 0000000..39028f5 --- /dev/null +++ b/modules/nixos/optional/amdcpu.nix @@ -0,0 +1,9 @@ +{ lib, config, ... }: +{ + options.swarselsystems.modules.optional.amdcpu = lib.mkEnableOption "optional amd cpu settings"; + config = lib.mkIf config.swarselsystems.modules.optional.amdcpu { + hardware = { + cpu.amd.updateMicrocode = true; + }; + }; +} diff --git a/modules/nixos/optional/amdgpu.nix b/modules/nixos/optional/amdgpu.nix new file mode 100644 index 0000000..59bebe3 --- /dev/null +++ b/modules/nixos/optional/amdgpu.nix @@ -0,0 +1,15 @@ +{ lib, config, ... }: +{ + options.swarselsystems.modules.optional.amdgpu = lib.mkEnableOption "optional amd gpu settings"; + config = lib.mkIf config.swarselsystems.modules.optional.amdgpu { + hardware = { + amdgpu = { + opencl.enable = true; + amdvlk = { + enable = true; + support32Bit.enable = true; + }; + }; + }; + }; +} diff --git a/modules/nixos/optional/btrfs.nix b/modules/nixos/optional/btrfs.nix new file mode 100644 index 0000000..5c6e9f6 --- /dev/null +++ b/modules/nixos/optional/btrfs.nix @@ -0,0 +1,9 @@ +{ lib, config, ... }: +{ + options.swarselsystems.modules.optional.btrfs = lib.mkEnableOption "optional btrfs settings"; + config = lib.mkIf config.swarselsystems.modules.optional.btrfs { + boot = { + supportedFilesystems = [ "btrfs" ]; + }; + }; +} diff --git a/modules/nixos/optional/framework.nix b/modules/nixos/optional/framework.nix new file mode 100644 index 0000000..8395d2e --- /dev/null +++ b/modules/nixos/optional/framework.nix @@ -0,0 +1,27 @@ +{ lib, config, ... }: +{ + options.swarselsystems.modules.optional.framework = lib.mkEnableOption "optional framework machine settings"; + config = lib.mkIf config.swarselsystems.modules.optional.framework { + services = { + fwupd = { + enable = true; + # framework also uses lvfs-testing, but I do not want to use it + extraRemotes = [ "lvfs" ]; + }; + udev.extraRules = '' + # disable Wakeup on Framework Laptop 16 Keyboard (ANSI) + ACTION=="add", SUBSYSTEM=="usb", ATTRS{idVendor}=="32ac", ATTRS{idProduct}=="0012", ATTR{power/wakeup}="disabled" + # disable Wakeup on Framework Laptop 16 Numpad Module + ACTION=="add", SUBSYSTEM=="usb", ATTRS{idVendor}=="32ac", ATTRS{idProduct}=="0014", ATTR{power/wakeup}="disabled" + # disable Wakeup on Framework Laptop 16 Trackpad + ACTION=="add", SUBSYSTEM=="i2c", DRIVERS=="i2c_hid_acpi", ATTRS{name}=="PIXA3854:00", ATTR{power/wakeup}="disabled" + ''; + }; + programs.fw-fanctrl = { + enable = true; + config = { + defaultStrategy = "lazy"; + }; + }; + }; +} diff --git a/modules/nixos/optional/hibernation.nix b/modules/nixos/optional/hibernation.nix new file mode 100644 index 0000000..d013598 --- /dev/null +++ b/modules/nixos/optional/hibernation.nix @@ -0,0 +1,24 @@ +{ lib, config, ... }: +{ + options.swarselsystems = { + modules.optional.hibernation = lib.mkEnableOption "optional amd gpu settings"; + hibernation = { + offset = lib.mkOption { + type = lib.types.int; + default = 0; + }; + resumeDevice = lib.mkOption { + type = lib.types.str; + default = "/dev/disk/by-label/nixos"; + }; + }; + }; + config = lib.mkIf config.swarselsystems.modules.optional.hibernation { + boot = { + kernelParams = [ + "resume_offset=${builtins.toString config.swarselsystems.hibernation.offset}" + ]; + inherit (config.swarselsystems.hibernation) resumeDevice; + }; + }; +} diff --git a/modules/nixos/optional/work.nix b/modules/nixos/optional/work.nix index 66af2ab..4d9536a 100644 --- a/modules/nixos/optional/work.nix +++ b/modules/nixos/optional/work.nix @@ -24,7 +24,17 @@ let }; in { - options.swarselsystems.modules.optional.work = lib.mkEnableOption "optional work settings"; + options.swarselsystems = { + modules.optional.work = lib.mkEnableOption "optional work settings"; + hostName = lib.mkOption { + type = lib.types.str; + default = ""; + }; + fqdn = lib.mkOption { + type = lib.types.str; + default = ""; + }; + }; config = lib.mkIf config.swarselsystems.modules.optional.work { sops = let @@ -86,7 +96,12 @@ in }; networking = { - firewall.trustedInterfaces = [ "virbr0" ]; + inherit (config.swarselsystems) hostName fqdn; + networkmanager.wifi.scanRandMacAddress = false; + firewall = { + enable = lib.mkDefault true; + trustedInterfaces = [ "virbr0" ]; + }; search = [ "vbc.ac.at" "clip.vbc.ac.at" @@ -122,7 +137,7 @@ in # cryptography # ])) # docker - python39 + stable.python39 qemu packer gnumake diff --git a/profiles/home/framework/default.nix b/profiles/home/framework/default.nix new file mode 100644 index 0000000..cbde9f0 --- /dev/null +++ b/profiles/home/framework/default.nix @@ -0,0 +1,13 @@ +{ lib, config, ... }: +{ + options.swarselsystems.profiles.framework = lib.mkEnableOption "is this a framework brand host"; + config = lib.mkIf config.swarselsystems.profiles.framework { + swarselsystems.modules = { + optional = { + framework = lib.mkDefault true; + }; + }; + + }; + +} diff --git a/profiles/home/personal/default.nix b/profiles/home/personal/default.nix index 8ed4b08..46cafc7 100644 --- a/profiles/home/personal/default.nix +++ b/profiles/home/personal/default.nix @@ -16,6 +16,7 @@ env = lib.mkDefault true; programs = lib.mkDefault true; nix-index = lib.mkDefault true; + passwordstore = lib.mkDefault true; direnv = lib.mkDefault true; eza = lib.mkDefault true; git = lib.mkDefault true; diff --git a/profiles/nixos/amdcpu/default.nix b/profiles/nixos/amdcpu/default.nix new file mode 100644 index 0000000..7d6177b --- /dev/null +++ b/profiles/nixos/amdcpu/default.nix @@ -0,0 +1,13 @@ +{ lib, config, ... }: +{ + options.swarselsystems.profiles.amdcpu = lib.mkEnableOption "is this a host with amd cpu"; + config = lib.mkIf config.swarselsystems.profiles.amdcpu { + swarselsystems.modules = { + optional = { + amdcpu = lib.mkDefault true; + }; + }; + + }; + +} diff --git a/profiles/nixos/amdgpu/default.nix b/profiles/nixos/amdgpu/default.nix new file mode 100644 index 0000000..339451f --- /dev/null +++ b/profiles/nixos/amdgpu/default.nix @@ -0,0 +1,13 @@ +{ lib, config, ... }: +{ + options.swarselsystems.profiles.amdgpu = lib.mkEnableOption "is this a host with amd gpu"; + config = lib.mkIf config.swarselsystems.profiles.amdgpu { + swarselsystems.modules = { + optional = { + amdgpu = lib.mkDefault true; + }; + }; + + }; + +} diff --git a/profiles/nixos/btrfs/default.nix b/profiles/nixos/btrfs/default.nix new file mode 100644 index 0000000..ec959ed --- /dev/null +++ b/profiles/nixos/btrfs/default.nix @@ -0,0 +1,13 @@ +{ lib, config, ... }: +{ + options.swarselsystems.profiles.btrfs = lib.mkEnableOption "is this a host using btrfs"; + config = lib.mkIf config.swarselsystems.profiles.btrfs { + swarselsystems.modules = { + optional = { + btrfs = lib.mkDefault true; + }; + }; + + }; + +} diff --git a/profiles/nixos/chaostheatre/default.nix b/profiles/nixos/chaostheatre/default.nix index 4904a0e..f7bdd1c 100644 --- a/profiles/nixos/chaostheatre/default.nix +++ b/profiles/nixos/chaostheatre/default.nix @@ -28,6 +28,7 @@ networkDevices = lib.mkDefault true; gvfs = lib.mkDefault true; interceptionTools = lib.mkDefault true; + swayosd = lib.mkDefault true; ppd = lib.mkDefault true; yubikey = lib.mkDefault true; ledger = lib.mkDefault true; diff --git a/profiles/nixos/framework/default.nix b/profiles/nixos/framework/default.nix new file mode 100644 index 0000000..cbde9f0 --- /dev/null +++ b/profiles/nixos/framework/default.nix @@ -0,0 +1,13 @@ +{ lib, config, ... }: +{ + options.swarselsystems.profiles.framework = lib.mkEnableOption "is this a framework brand host"; + config = lib.mkIf config.swarselsystems.profiles.framework { + swarselsystems.modules = { + optional = { + framework = lib.mkDefault true; + }; + }; + + }; + +} diff --git a/profiles/nixos/hibernation/default.nix b/profiles/nixos/hibernation/default.nix new file mode 100644 index 0000000..6105cae --- /dev/null +++ b/profiles/nixos/hibernation/default.nix @@ -0,0 +1,13 @@ +{ lib, config, ... }: +{ + options.swarselsystems.profiles.hibernation = lib.mkEnableOption "is this a host using hibernation"; + config = lib.mkIf config.swarselsystems.profiles.hibernation { + swarselsystems.modules = { + optional = { + hibernation = lib.mkDefault true; + }; + }; + + }; + +} diff --git a/profiles/nixos/personal/default.nix b/profiles/nixos/personal/default.nix index 715ab88..570fe3e 100644 --- a/profiles/nixos/personal/default.nix +++ b/profiles/nixos/personal/default.nix @@ -28,6 +28,7 @@ networkDevices = lib.mkDefault true; gvfs = lib.mkDefault true; interceptionTools = lib.mkDefault true; + swayosd = lib.mkDefault true; ppd = lib.mkDefault true; yubikey = lib.mkDefault true; ledger = lib.mkDefault true; diff --git a/programs/emacs/init.el b/programs/emacs/init.el index 8b896c1..eeb6a0f 100644 --- a/programs/emacs/init.el +++ b/programs/emacs/init.el @@ -159,9 +159,7 @@ create a new one." (defun swarsel/org-mode-setup () (variable-pitch-mode 1) (add-hook 'org-tab-first-hook 'org-end-of-line) - (org-indent-mode) - (visual-line-mode 1) - (org-mode)) + (visual-line-mode 1)) (defun swarsel/org-mode-visual-fill () (setq visual-fill-column-width 150 diff --git a/programs/firefox/tridactyl/tridactylrc b/programs/firefox/tridactyl/tridactylrc index 5d63b9a..1f050ef 100644 --- a/programs/firefox/tridactyl/tridactylrc +++ b/programs/firefox/tridactyl/tridactylrc @@ -12,6 +12,8 @@ set configversion 2.0 set searchurls.no https://search.nixos.org/options?query= set searchurls.np https://search.nixos.org/packages?query= set searchurls.hm https://home-manager-options.extranix.com/?query= +set searchurls.@c https://vbc.atlassian.net/wiki/search?text= +set searchurls.@j https://vbc.atlassian.net/issues/?jql=textfields%20~%20%22%s*%22&wildcardFlag=true set completions.Tab.statusstylepretty true set hintfiltermode vimperator-reflow set hintnames numeric @@ -30,26 +32,9 @@ bindurl ^http(s)?://lobste\.rs c hint -Jc [class="u-url"],[class="comments_label bindurl ^http(s)?://www\.google\.com gi composite focusinput -l ; text.end_of_line " Work -command tab_or_tabopen jsb -p (async () => { - let tabs = await browser.tabs.query({}); - let tab = tabs.find(t => t.url.includes(JS_ARG)); - if (tab) { - browser.tabs.update(tab.id, { active: true }); - } else { - tri.excmds.tabopen(JS_ARG); - } -})() +command tab_or_tabopen jsb -p (async () => {let tabs = await browser.tabs.query({}); let tab = tabs.find(t => t.url.includes(JS_ARG)); if (tab) {browser.tabs.update(tab.id, { active: true });} else {tri.excmds.tabopen(JS_ARG);}})() -command tab_or_tabopen_local jsb -p (async () => { - const currentWindow = await browser.windows.getCurrent(); - const tabs = await browser.tabs.query({ windowId: currentWindow.id }); - const tab = tabs.find(t => t.url.includes(JS_ARG)); - if (tab) { - browser.tabs.update(tab.id, { active: true }); - } else { - tri.excmds.tabopen(JS_ARG); - } -})() +command tab_or_tabopen_local jsb -p (async () => {const currentWindow = await browser.windows.getCurrent(); const tabs = await browser.tabs.query({ windowId: currentWindow.id }); const tab = tabs.find(t => t.url.includes(JS_ARG)); if (tab) {browser.tabs.update(tab.id, { active: true });} else {tri.excmds.tabopen(JS_ARG);}})() bind gwa tab_or_tabopen_local apic-impimba-1.m.imp.ac.at bind gwA tab_or_tabopen_local artifactory.imp.ac.at