swarsel/.dotfiles
1
0
Fork 0
mirror of https://github.com/Swarsel/.dotfiles.git synced 2025-12-06 09:07:21 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat: add minimal config support (WIP)

Browse source
This commit is contained in:
Leon Schwarzäugl 2025-07-04 19:54:45 +02:00
parent 34badc91d5
commit 49b557befa
Signed by: swarsel
GPG key ID: 26A54C31F2A4FD84
26 changed files with 726 additions and 599 deletions
Download patch file Download diff file Expand all files Collapse all files

769
SwarselSystems.org
View file

File diff suppressed because it is too large Load diff

2
files/scripts/swarsel-bootstrap.sh
View file

@ -218,7 +218,7 @@ $scp_cmd root@"$target_destination":/mnt/etc/nixos/hardware-configuration.nix "$
# ------------------------ # ------------------------
green "Deploying minimal NixOS installation on $target_destination" green "Deploying minimal NixOS installation on $target_destination"
SHELL=/bin/sh nix run github:nix-community/nixos-anywhere -- --ssh-port "$ssh_port" --extra-files "$temp" --flake .#"$target_hostname" root@"$target_destination" SHELL=/bin/sh nix run github:nix-community/nixos-anywhere -- --ssh-port "$ssh_port" --extra-files "$temp" --flake ./install#"$target_hostname" root@"$target_destination"
echo "Updating ssh host fingerprint at $target_destination to ~/.ssh/known_hosts" echo "Updating ssh host fingerprint at $target_destination to ~/.ssh/known_hosts"
ssh-keyscan -p "$ssh_port" "$target_destination" >> ~/.ssh/known_hosts || true ssh-keyscan -p "$ssh_port" "$target_destination" >> ~/.ssh/known_hosts || true

4
files/templates/hosts/nixos/default.nix
View file

@ -1,10 +1,10 @@
{ self, inputs, pkgs, lib, globals, ... }: { self, config, inputs, pkgs, lib, ... }:
let let
primaryUser = config.swarselsystems.mainUser;
modulesPath = "${self}/modules"; modulesPath = "${self}/modules";
sharedOptions = { sharedOptions = {
isBtrfs = true; isBtrfs = true;
}; };
primaryUser = globals.user.name;
in in
{ {

2
hosts/nixos/moonside/default.nix
View file

@ -1,6 +1,6 @@
{ lib, config, globals, ... }: { lib, config, globals, ... }:
let let
primaryUser = globals.user.name; primaryUser = config.swarselsystems.mainUser;
inherit (config.repo.secrets.common) workHostName; inherit (config.repo.secrets.common) workHostName;
inherit (config.repo.secrets.local.syncthing) dev1 dev2 dev3 loc1; inherit (config.repo.secrets.local.syncthing) dev1 dev2 dev3 loc1;
serviceDomain = config.repo.secrets.common.services.domains.syncthing3; serviceDomain = config.repo.secrets.common.services.domains.syncthing3;

11
hosts/nixos/nbl-imba-2/default.nix
View file

@ -1,14 +1,15 @@
{ self, config, inputs, lib, globals, ... }: { self, config, inputs, lib, ... }:
let let
primaryUser = globals.user.name; primaryUser = config.swarselsystems.mainUser;
sharedOptions = { sharedOptions = {
isBtrfs = true; isBtrfs = true;
isLinux = true; isLinux = true;
sharescreen = "eDP-2"; sharescreen = "eDP-2";
profiles = { profiles = {
personal = true; personal = lib.mkIf (!minimal) true;
work = true; minimal = lib.mkIf minimal true;
framework = true; work = lib.mkIf (!minimal) true;
framework = lib.mkIf (!minimal) true;
}; };
}; };
in in

2
hosts/nixos/sync/default.nix
View file

@ -1,6 +1,6 @@
{ lib, config, globals, ... }: { lib, config, globals, ... }:
let let
primaryUser = globals.user.name; primaryUser = config.swarselsystems.mainUser;
sharedOptions = { sharedOptions = {
isBtrfs = false; isBtrfs = false;
isLinux = true; isLinux = true;

45
hosts/nixos/toto/default.nix
View file

@ -1,11 +1,12 @@
{ self, inputs, pkgs, lib, ... }: { self, lib, minimal, ... }:
let let
modulesPath = "${self}/modules";
sharedOptions = { sharedOptions = {
isBtrfs = true; isBtrfs = true;
isLinux = true; isLinux = true;
profiles = { profiles = {
toto = true; toto = lib.mkIf (!minimal) true;
minimal = lib.mkIf minimal true;
btrfs = lib.mkIf minimal true;
}; };
}; };
in in
@ -14,41 +15,9 @@ in
imports = [ imports = [
./disk-config.nix ./disk-config.nix
./hardware-configuration.nix ./hardware-configuration.nix
"${modulesPath}/nixos/common/sharedsetup.nix"
"${modulesPath}/home/common/sharedsetup.nix"
"${self}/profiles/nixos"
inputs.home-manager.nixosModules.home-manager
{
home-manager.users."setup".imports = [
inputs.sops-nix.homeManagerModules.sops
"${modulesPath}/home/common/sharedsetup.nix"
"${self}/profiles/home"
];
}
]; ];
environment.systemPackages = with pkgs; [
curl
git
gnupg
rsync
ssh-to-age
sops
vim
just
sbctl
];
system.stateVersion = lib.mkForce "23.05";
boot = {
supportedFilesystems = [ "btrfs" ];
kernelPackages = lib.mkDefault pkgs.linuxPackages_latest;
};
networking = { networking = {
hostName = "toto"; hostName = "toto";
@ -60,10 +29,10 @@ in
info = "~SwarselSystems~ remote install helper"; info = "~SwarselSystems~ remote install helper";
wallpaper = self + /files/wallpaper/lenovowp.png; wallpaper = self + /files/wallpaper/lenovowp.png;
isImpermanence = true; isImpermanence = true;
isCrypted = false; isCrypted = true;
isSecureBoot = false; isSecureBoot = false;
isSwap = false; isSwap = true;
swapSize = "8G"; swapSize = "2G";
# rootDisk = "/dev/nvme0n1"; # rootDisk = "/dev/nvme0n1";
rootDisk = "/dev/sda"; rootDisk = "/dev/sda";
# rootDisk = "/dev/vda"; # rootDisk = "/dev/vda";

4
hosts/nixos/winters/default.nix
View file

@ -1,6 +1,6 @@
{ lib, config, globals, ... }: { lib, config, ... }:
let let
primaryUser = globals.user.name; primaryUser = config.swarselsystems.mainUser;
sharedOptions = { sharedOptions = {
isBtrfs = false; isBtrfs = false;
isLinux = true; isLinux = true;

7
install/flake.nix Normal file
View file

@ -0,0 +1,7 @@
{
description = "Minimal installer flake - not to be used manually";
inputs.swarsel.url = "github:Swarsel/.dotfiles";
outputs = { swarsel, ... }: { nixosConfigurations = swarsel.nixosConfigurationsMinimal; };
}

11
nix/installer-config.nix → install/installer-config.nix
View file

@ -1,6 +1,5 @@
{ pkgs, lib, ... }: { pkgs, lib, ... }:
{ {
config = { config = {
home-manager.users.root.home = { home-manager.users.root.home = {
stateVersion = "23.05"; stateVersion = "23.05";
@ -55,10 +54,10 @@
environment.etc."issue".text = '' environment.etc."issue".text = ''
~SwarselSystems~ ~SwarselSystems~
IP of primary interface: \4 IP of primary interface: \4
The Password for all users & root is 'setup'. The Password for all users & root is 'setup'.
Install the system remotely by running 'bootstrap -n <CONFIGURATION_NAME> -d <IP_FROM_ABOVE> ' on a machine with deployed secrets. Install the system remotely by running 'bootstrap -n <CONFIGURATION_NAME> -d <IP_FROM_ABOVE> ' on a machine with deployed secrets.
Alternatively, run 'swarsel-install -n <CONFIGURATION_NAME>' for a local install. For your convenience, an example call is in the bash history (press up on the keyboard to access). Alternatively, run 'swarsel-install -n <CONFIGURATION_NAME>' for a local install. For your convenience, an example call is in the bash history (press up on the keyboard to access).
''; '';
networking = { networking = {
@ -87,7 +86,7 @@
system.activationScripts.cache = { system.activationScripts.cache = {
text = '' text = ''
mkdir -p -m=0777 /home/setup/.local/state/nix/profiles mkdir -p -m=0777 /home/setup/.local/state/nix/profiles
mkdir -p -m=0777 /home/setup/.local/state/home-manager/gcroots mkdir -p -m=0777 /home/setup/.local/state/home-manager/gcroots
mkdir -p -m=0777 /home/setup/.local/share/nix/ mkdir -p -m=0777 /home/setup/.local/share/nix/
printf '{\"extra-substituters\":{\"https://nix-community.cachix.org\":true,\"https://nix-community.cachix.org https://cache.ngi0.nixos.org/\":true},\"extra-trusted-public-keys\":{\"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=\":true,\"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs= cache.ngi0.nixos.org-1:KqH5CBLNSyX184S9BKZJo1LxrxJ9ltnY2uAs5c/f1MA=\":true}}' | tee /home/setup/.local/share/nix/trusted-settings.json > /dev/null printf '{\"extra-substituters\":{\"https://nix-community.cachix.org\":true,\"https://nix-community.cachix.org https://cache.ngi0.nixos.org/\":true},\"extra-trusted-public-keys\":{\"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=\":true,\"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs= cache.ngi0.nixos.org-1:KqH5CBLNSyX184S9BKZJo1LxrxJ9ltnY2uAs5c/f1MA=\":true}}' | tee /home/setup/.local/share/nix/trusted-settings.json > /dev/null

9
modules/home/common/mail.nix
View file

@ -2,10 +2,19 @@
let let
inherit (nixosConfig.repo.secrets.common.mail) address1 address2 add2Name address3 add3Name address4; inherit (nixosConfig.repo.secrets.common.mail) address1 address2 add2Name address3 add3Name address4;
inherit (nixosConfig.repo.secrets.common) fullName; inherit (nixosConfig.repo.secrets.common) fullName;
inherit (config.swarselsystems) xdgDir;
in in
{ {
options.swarselsystems.modules.mail = lib.mkEnableOption "mail settings"; options.swarselsystems.modules.mail = lib.mkEnableOption "mail settings";
config = lib.mkIf config.swarselsystems.modules.mail { config = lib.mkIf config.swarselsystems.modules.mail {
sops.secrets = lib.mkIf (!config.swarselsystems.isPublic) {
mrswarsel = { path = "${xdgDir}/secrets/mrswarsel"; };
nautilus = { path = "${xdgDir}/secrets/nautilus"; };
leon = { path = "${xdgDir}/secrets/leon"; };
swarselmail = { path = "${xdgDir}/secrets/swarselmail"; };
};
programs = { programs = {
mbsync = { mbsync = {
enable = true; enable = true;

4
modules/home/common/sharedsetup.nix
View file

@ -1,4 +1,4 @@
{ self, lib, pkgs, ... }: { self, lib, pkgs, globals, minimal, ... }:
{ {
options.swarselsystems = { options.swarselsystems = {
isLaptop = lib.mkEnableOption "laptop host"; isLaptop = lib.mkEnableOption "laptop host";
@ -9,7 +9,7 @@
isBtrfs = lib.mkEnableOption "use btrfs filesystem"; isBtrfs = lib.mkEnableOption "use btrfs filesystem";
mainUser = lib.mkOption { mainUser = lib.mkOption {
type = lib.types.str; type = lib.types.str;
default = "swarsel"; default = if (!minimal) then globals.user.name else "setup";
}; };
homeDir = lib.mkOption { homeDir = lib.mkOption {
type = lib.types.str; type = lib.types.str;

12
modules/home/common/sops.nix
View file

@ -1,23 +1,15 @@
{ config, lib, ... }: { config, lib, ... }:
let let
inherit (config.swarselsystems) homeDir xdgDir; inherit (config.swarselsystems) homeDir;
in in
{ {
options.swarselsystems.modules.sops = lib.mkEnableOption "sops settings"; options.swarselsystems.modules.sops = lib.mkEnableOption "sops settings";
config = lib.mkIf config.swarselsystems.modules.sops { config = lib.mkIf config.swarselsystems.modules.sops {
sops = { sops = {
age.sshKeyPaths = [ "${homeDir}/.ssh/sops" "${homeDir}/.ssh/ssh_host_ed25519_key" ]; age.sshKeyPaths = [ "${homeDir}/.ssh/sops" "${homeDir}/.ssh/ssh_host_ed25519_key" ];
defaultSopsFile = lib.swarselsystems.mkIfElseList config.swarselsystems.isBtrfs "/persist/.dotfiles/secrets/general/secrets.yaml" "${homeDir}/.dotfiles/secrets/general/secrets.yaml"; defaultSopsFile = "${homeDir}/.dotfiles/secrets/general/secrets.yaml";
validateSopsFiles = false; validateSopsFiles = false;
secrets = lib.mkIf (!config.swarselsystems.isPublic) {
mrswarsel = { path = "${xdgDir}/secrets/mrswarsel"; };
nautilus = { path = "${xdgDir}/secrets/nautilus"; };
leon = { path = "${xdgDir}/secrets/leon"; };
swarselmail = { path = "${xdgDir}/secrets/swarselmail"; };
github_notif = { path = "${xdgDir}/secrets/github_notif"; };
u2f_keys = { path = "${homeDir}/.config/Yubico/u2f_keys"; };
};
}; };
}; };
} }

7
modules/home/common/waybar.nix
View file

@ -1,5 +1,6 @@
{ self, config, lib, pkgs, ... }: { self, config, lib, pkgs, ... }:
let let
inherit (config.swarselsystems) xdgDir;
generateIcons = n: lib.concatStringsSep " " (builtins.map (x: "{icon" + toString x + "}") (lib.range 0 (n - 1))); generateIcons = n: lib.concatStringsSep " " (builtins.map (x: "{icon" + toString x + "}") (lib.range 0 (n - 1)));
modulesLeft = [ modulesLeft = [
"custom/outer-left-arrow-dark" "custom/outer-left-arrow-dark"
@ -52,11 +53,17 @@ in
}; };
}; };
config = lib.mkIf config.swarselsystems.modules.waybar { config = lib.mkIf config.swarselsystems.modules.waybar {
swarselsystems = { swarselsystems = {
waybarModules = lib.mkIf config.swarselsystems.isLaptop (modulesLeft ++ [ waybarModules = lib.mkIf config.swarselsystems.isLaptop (modulesLeft ++ [
"battery" "battery"
] ++ modulesRight); ] ++ modulesRight);
}; };
sops.secrets = lib.mkIf (!config.swarselsystems.isPublic) {
github_notif = { path = "${xdgDir}/secrets/github_notif"; };
};
programs.waybar = { programs.waybar = {
enable = true; enable = true;
systemd = { systemd = {

8
modules/home/common/yubikey.nix
View file

@ -1,8 +1,16 @@
{ lib, config, nixosConfig, ... }: { lib, config, nixosConfig, ... }:
let
inherit (config.swarselsystems) homeDir;
in
{ {
options.swarselsystems.modules.yubikey = lib.mkEnableOption "yubikey settings"; options.swarselsystems.modules.yubikey = lib.mkEnableOption "yubikey settings";
config = lib.mkIf config.swarselsystems.modules.yubikey { config = lib.mkIf config.swarselsystems.modules.yubikey {
sops.secrets = lib.mkIf (!config.swarselsystems.isPublic) {
u2f_keys = { path = "${homeDir}/.config/Yubico/u2f_keys"; };
};
pam.yubico.authorizedYubiKeys = lib.mkIf (config.swarselsystems.isNixos && !config.swarselsystems.isPublic) { pam.yubico.authorizedYubiKeys = lib.mkIf (config.swarselsystems.isNixos && !config.swarselsystems.isPublic) {
ids = [ ids = [
nixosConfig.repo.secrets.common.yubikeys.dev1 nixosConfig.repo.secrets.common.yubikeys.dev1

217
modules/home/common/zsh.nix
View file

@ -1,4 +1,4 @@
{ config, lib, ... }: { config, lib, minimal, ... }:
let let
inherit (config.swarselsystems) flakePath; inherit (config.swarselsystems) flakePath;
in in
@ -10,115 +10,118 @@ in
default = { }; default = { };
}; };
}; };
config = lib.mkIf config.swarselsystems.modules.zsh { config = lib.mkIf config.swarselsystems.modules.zsh
{
sops.secrets = { sops.secrets = {
croc-password = { }; croc-password = { };
}; };
programs.zsh = { programs.zsh = {
enable = true;
shellAliases = lib.recursiveUpdate
{
hg = "history | grep";
hmswitch = "home-manager --flake ${flakePath}#$(whoami)@$(hostname) switch |& nom";
# nswitch = "sudo nixos-rebuild --flake ${flakePath}#$(hostname) --show-trace --log-format internal-json -v switch |& nom --json";
nswitch = "swarsel-deploy $(hostname) switch";
# nboot = "sudo nixos-rebuild --flake ${flakePath}#$(hostname) --show-trace --log-format internal-json -v boot |& nom --json";
nboot = "swarsel-deploy $(hostname) boot";
magit = "emacsclient -nc -e \"(magit-status)\"";
config = "git --git-dir=$HOME/.cfg/ --work-tree=$HOME";
g = "git";
c = "git --git-dir=$FLAKE/.git --work-tree=$FLAKE/";
passpush = "cd ~/.local/share/password-store; git add .; git commit -m 'pass file changes'; git push; cd -;";
passpull = "cd ~/.local/share/password-store; git pull; cd -;";
hotspot = "nmcli connection up local; nmcli device wifi hotspot;";
youtube-dl = "yt-dlp";
cat-orig = "cat";
cdr = "cd \"$( (find $DOCUMENT_DIR_WORK $DOCUMENT_DIR_PRIV -maxdepth 1 && echo $FLAKE) | fzf )\"";
nix-ldd-ldd = "LD_LIBRARY_PATH=$NIX_LD_LIBRARY_PATH ldd";
nix-ldd = "LD_LIBRARY_PATH=$NIX_LD_LIBRARY_PATH ldd";
nix-ldd-locate = "nix-locate --minimal --top-level -w ";
nix-store-search = "ls /nix/store | grep";
fs-diff = "sudo mount -o subvol=/ /dev/mapper/cryptroot /mnt ; fs-diff";
lt = "eza -las modified --total-size";
boot-diff = "nix store diff-closures /run/*-system";
gen-diff = "nix profile diff-closures --profile /nix/var/nix/profiles/system";
cc = "wl-copy";
}
config.swarselsystems.shellAliases;
autosuggestion.enable = true;
enableCompletion = true;
syntaxHighlighting.enable = true;
autocd = false;
cdpath = [
"~/.dotfiles"
# "~/Documents/GitHub"
];
defaultKeymap = "emacs";
dirHashes = {
dl = "$HOME/Downloads";
gh = "$HOME/Documents/GitHub";
};
history = {
expireDuplicatesFirst = true;
path = "$HOME/.histfile";
save = 100000;
size = 100000;
};
historySubstringSearch = {
enable = true; enable = true;
searchDownKey = "^[OB"; }
searchUpKey = "^[OA"; // lib.optionalAttrs (!minimal) {
shellAliases = lib.recursiveUpdate
{
hg = "history | grep";
hmswitch = "home-manager --flake ${flakePath}#$(whoami)@$(hostname) switch |& nom";
# nswitch = "sudo nixos-rebuild --flake ${flakePath}#$(hostname) --show-trace --log-format internal-json -v switch |& nom --json";
nswitch = "swarsel-deploy $(hostname) switch";
# nboot = "sudo nixos-rebuild --flake ${flakePath}#$(hostname) --show-trace --log-format internal-json -v boot |& nom --json";
nboot = "swarsel-deploy $(hostname) boot";
magit = "emacsclient -nc -e \"(magit-status)\"";
config = "git --git-dir=$HOME/.cfg/ --work-tree=$HOME";
g = "git";
c = "git --git-dir=$FLAKE/.git --work-tree=$FLAKE/";
passpush = "cd ~/.local/share/password-store; git add .; git commit -m 'pass file changes'; git push; cd -;";
passpull = "cd ~/.local/share/password-store; git pull; cd -;";
hotspot = "nmcli connection up local; nmcli device wifi hotspot;";
youtube-dl = "yt-dlp";
cat-orig = "cat";
cdr = "cd \"$( (find $DOCUMENT_DIR_WORK $DOCUMENT_DIR_PRIV -maxdepth 1 && echo $FLAKE) | fzf )\"";
nix-ldd-ldd = "LD_LIBRARY_PATH=$NIX_LD_LIBRARY_PATH ldd";
nix-ldd = "LD_LIBRARY_PATH=$NIX_LD_LIBRARY_PATH ldd";
nix-ldd-locate = "nix-locate --minimal --top-level -w ";
nix-store-search = "ls /nix/store | grep";
fs-diff = "sudo mount -o subvol=/ /dev/mapper/cryptroot /mnt ; fs-diff";
lt = "eza -las modified --total-size";
boot-diff = "nix store diff-closures /run/*-system";
gen-diff = "nix profile diff-closures --profile /nix/var/nix/profiles/system";
cc = "wl-copy";
}
config.swarselsystems.shellAliases;
autosuggestion.enable = true;
enableCompletion = true;
syntaxHighlighting.enable = true;
autocd = false;
cdpath = [
"~/.dotfiles"
# "~/Documents/GitHub"
];
defaultKeymap = "emacs";
dirHashes = {
dl = "$HOME/Downloads";
gh = "$HOME/Documents/GitHub";
};
history = {
expireDuplicatesFirst = true;
path = "$HOME/.histfile";
save = 100000;
size = 100000;
};
historySubstringSearch = {
enable = true;
searchDownKey = "^[OB";
searchUpKey = "^[OA";
};
plugins = [
# {
# name = "fzf-tab";
# src = pkgs.zsh-fzf-tab;
# }
];
initContent = lib.mkIf (!config.swarselsystems.isPublic) ''
my-forward-word() {
local WORDCHARS=$WORDCHARS
WORDCHARS="''${WORDCHARS//:}"
WORDCHARS="''${WORDCHARS//\/}"
WORDCHARS="''${WORDCHARS//.}"
zle forward-word
}
zle -N my-forward-word
# ctrl + right
bindkey "^[[1;5C" my-forward-word
# shift + right
bindkey "^[[1;2C" forward-word
my-backward-word() {
local WORDCHARS=$WORDCHARS
WORDCHARS="''${WORDCHARS//:}"
WORDCHARS="''${WORDCHARS//\/}"
WORDCHARS="''${WORDCHARS//.}"
zle backward-word
}
zle -N my-backward-word
# ctrl + left
bindkey "^[[1;5D" my-backward-word
# shift + left
bindkey "^[[1;2D" backward-word
my-backward-delete-word() {
local WORDCHARS=$WORDCHARS
WORDCHARS="''${WORDCHARS//:}"
WORDCHARS="''${WORDCHARS//\/}"
WORDCHARS="''${WORDCHARS//.}"
zle backward-delete-word
}
zle -N my-backward-delete-word
# ctrl + del
bindkey '^H' my-backward-delete-word
export CROC_PASS="$(cat ${config.sops.secrets.croc-password.path})"
'';
}; };
plugins = [
# {
# name = "fzf-tab";
# src = pkgs.zsh-fzf-tab;
# }
];
initContent = lib.mkIf (!config.swarselsystems.isPublic) ''
my-forward-word() {
local WORDCHARS=$WORDCHARS
WORDCHARS="''${WORDCHARS//:}"
WORDCHARS="''${WORDCHARS//\/}"
WORDCHARS="''${WORDCHARS//.}"
zle forward-word
}
zle -N my-forward-word
# ctrl + right
bindkey "^[[1;5C" my-forward-word
# shift + right
bindkey "^[[1;2C" forward-word
my-backward-word() {
local WORDCHARS=$WORDCHARS
WORDCHARS="''${WORDCHARS//:}"
WORDCHARS="''${WORDCHARS//\/}"
WORDCHARS="''${WORDCHARS//.}"
zle backward-word
}
zle -N my-backward-word
# ctrl + left
bindkey "^[[1;5D" my-backward-word
# shift + left
bindkey "^[[1;2D" backward-word
my-backward-delete-word() {
local WORDCHARS=$WORDCHARS
WORDCHARS="''${WORDCHARS//:}"
WORDCHARS="''${WORDCHARS//\/}"
WORDCHARS="''${WORDCHARS//.}"
zle backward-delete-word
}
zle -N my-backward-delete-word
# ctrl + del
bindkey '^H' my-backward-delete-word
export CROC_PASS="$(cat ${config.sops.secrets.croc-password.path})"
'';
}; };
};
} }

17
modules/nixos/client/packages.nix
View file

@ -1,8 +1,9 @@
{ lib, config, pkgs, ... }: { lib, config, pkgs, minimal, ... }:
{ {
options.swarselsystems.modules.packages = lib.mkEnableOption "install packages"; options.swarselsystems.modules.packages = lib.mkEnableOption "install packages";
config = lib.mkIf config.swarselsystems.modules.packages { config = lib.mkIf config.swarselsystems.modules.packages {
environment.systemPackages = with pkgs; [
environment.systemPackages = with pkgs; lib.optionals (!minimal) [
# yubikey packages # yubikey packages
gnupg gnupg
yubikey-personalization yubikey-personalization
@ -73,9 +74,19 @@
elk-to-svg elk-to-svg
] ++ lib.optionals minimal [
curl
git
gnupg
rsync
ssh-to-age
sops
vim
just
sbctl
]; ];
nixpkgs.config.permittedInsecurePackages = [ nixpkgs.config.permittedInsecurePackages = lib.mkIf (!minimal) [
"jitsi-meet-1.0.8043" "jitsi-meet-1.0.8043"
"electron-29.4.6" "electron-29.4.6"
"SDL_ttf-2.0.11" "SDL_ttf-2.0.11"

7
modules/nixos/client/polkit.nix
View file

@ -1,19 +1,20 @@
{ lib, config, ... }: { lib, config, minimal, ... }:
{ {
options.swarselsystems.modules.security = lib.mkEnableOption "security config"; options.swarselsystems.modules.security = lib.mkEnableOption "security config";
config = lib.mkIf config.swarselsystems.modules.security { config = lib.mkIf config.swarselsystems.modules.security {
security = { security = {
pam.services = { pam.services = lib.mkIf (!minimal) {
login.u2fAuth = true; login.u2fAuth = true;
sudo.u2fAuth = true; sudo.u2fAuth = true;
swaylock.u2fAuth = true; swaylock.u2fAuth = true;
swaylock.fprintAuth = false; swaylock.fprintAuth = false;
}; };
polkit.enable = true; polkit.enable = lib.mkIf (!minimal) true;
sudo.extraConfig = '' sudo.extraConfig = ''
Defaults env_keep+=SSH_AUTH_SOCK Defaults env_keep+=SSH_AUTH_SOCK
'' + lib.optionalString (!minimal) ''
Defaults env_keep+=XDG_RUNTIME_DIR Defaults env_keep+=XDG_RUNTIME_DIR
Defaults env_keep+=WAYLAND_DISPLAY Defaults env_keep+=WAYLAND_DISPLAY
''; '';

6
modules/nixos/common/home-manager.nix
View file

@ -1,6 +1,6 @@
{ self, inputs, config, lib, outputs, globals, nodes, ... }: { self, inputs, config, lib, outputs, globals, nodes, minimal, ... }:
let let
mainUser = globals.user.name; inherit (config.swarselsystems) mainUser;
in in
{ {
options.swarselsystems.modules.home-manager = lib.mkEnableOption "home-manager"; options.swarselsystems.modules.home-manager = lib.mkEnableOption "home-manager";
@ -20,7 +20,7 @@ in
home.stateVersion = lib.mkDefault config.system.stateVersion; home.stateVersion = lib.mkDefault config.system.stateVersion;
} }
]; ];
extraSpecialArgs = { inherit (inputs) self nixgl; inherit inputs outputs globals nodes; }; extraSpecialArgs = { inherit (inputs) self nixgl; inherit inputs outputs globals nodes minimal; };
}; };
}; };
} }

6
modules/nixos/common/lanzaboote.nix
View file

@ -1,13 +1,13 @@
{ lib, config, ... }: { lib, config, minimal, ... }:
{ {
options.swarselsystems.modules.lanzaboote = lib.mkEnableOption "lanzaboote config"; options.swarselsystems.modules.lanzaboote = lib.mkEnableOption "lanzaboote config";
config = lib.mkIf config.swarselsystems.modules.lanzaboote { config = lib.mkIf config.swarselsystems.modules.lanzaboote {
boot = { boot = {
loader = { loader = {
efi.canTouchEfiVariables = true; efi.canTouchEfiVariables = true;
systemd-boot.enable = lib.swarselsystems.mkIfElse (config.swarselsystems.initialSetup || !config.swarselsystems.isSecureBoot) (lib.mkForce true) (lib.mkForce false); systemd-boot.enable = lib.swarselsystems.mkIfElse (config.swarselsystems.initialSetup || minimal || !config.swarselsystems.isSecureBoot) (lib.mkForce true) (lib.mkForce false);
}; };
lanzaboote = lib.mkIf (!config.swarselsystems.initialSetup && config.swarselsystems.isSecureBoot) { lanzaboote = lib.mkIf (!config.swarselsystems.initialSetup && !minimal && config.swarselsystems.isSecureBoot) {
enable = true; enable = true;
pkiBundle = "/var/lib/sbctl"; pkiBundle = "/var/lib/sbctl";
configurationLimit = 6; configurationLimit = 6;

122
modules/nixos/common/settings.nix
View file

@ -1,68 +1,74 @@
{ lib, pkgs, config, outputs, inputs, ... }: { lib, pkgs, config, outputs, inputs, minimal, ... }:
{ {
options.swarselsystems.modules.general = lib.mkEnableOption "general nix settings"; options.swarselsystems.modules.general = lib.mkEnableOption "general nix settings";
config = lib.mkIf config.swarselsystems.modules.general { config = lib.mkIf config.swarselsystems.modules.general
nixpkgs = { ({
overlays = [ outputs.overlays.default ];
config = {
allowUnfree = true;
};
};
environment.etc."nixos/configuration.nix".source = pkgs.writeText "configuration.nix" '' system.stateVersion = lib.mkDefault "23.05";
assert builtins.trace "This location is not used. The config is found in ${config.swarselsystems.flakePath}!" false;
{ }
'';
nix = nixpkgs = {
let overlays = [ outputs.overlays.default ];
flakeInputs = lib.filterAttrs (_: lib.isType "flake") inputs; config = {
in allowUnfree = true;
{
settings = {
experimental-features = [
"nix-command"
"flakes"
"ca-derivations"
"cgroups"
"pipe-operators"
];
trusted-users = [ "@wheel" "${config.swarselsystems.mainUser}" ];
connect-timeout = 5;
bash-prompt-prefix = "$SHLVL:\\w ";
bash-prompt = "$(if [[ $? -gt 0 ]]; then printf \"\"; else printf \"\"; fi)\[\e[1m\]λ\[\e[0m\] ";
fallback = true;
min-free = 128000000;
max-free = 1000000000;
flake-registry = "";
auto-optimise-store = true;
warn-dirty = false;
max-jobs = 1;
use-cgroups = lib.mkIf config.swarselsystems.isLinux true;
}; };
gc = {
automatic = true;
dates = "weekly";
options = "--delete-older-than 10d";
};
optimise = {
automatic = true;
dates = "weekly";
};
channel.enable = false;
registry = rec {
nixpkgs.flake = inputs.nixpkgs;
p = nixpkgs;
};
nixPath = lib.mapAttrsToList (n: _: "${n}=flake:${n}") flakeInputs;
}; };
services.dbus.implementation = "broker"; }
// lib.optionalAttrs (!minimal) {
systemd.services.nix-daemon = { environment.etc."nixos/configuration.nix".source = pkgs.writeText "configuration.nix" ''
environment.TMPDIR = "/var/tmp"; assert builtins.trace "This location is not used. The config is found in ${config.swarselsystems.flakePath}!" false;
}; { }
'';
system.stateVersion = lib.mkDefault "23.05"; nix =
}; let
flakeInputs = lib.filterAttrs (_: lib.isType "flake") inputs;
in
{
settings = {
experimental-features = [
"nix-command"
"flakes"
"ca-derivations"
"cgroups"
"pipe-operators"
];
trusted-users = [ "@wheel" "${config.swarselsystems.mainUser}" ];
connect-timeout = 5;
bash-prompt-prefix = "$SHLVL:\\w ";
bash-prompt = "$(if [[ $? -gt 0 ]]; then printf \"\"; else printf \"\"; fi)λ ";
fallback = true;
min-free = 128000000;
max-free = 1000000000;
flake-registry = "";
auto-optimise-store = true;
warn-dirty = false;
max-jobs = 1;
use-cgroups = lib.mkIf config.swarselsystems.isLinux true;
};
gc = {
automatic = true;
dates = "weekly";
options = "--delete-older-than 10d";
};
optimise = {
automatic = true;
dates = "weekly";
};
channel.enable = false;
registry = rec {
nixpkgs.flake = inputs.nixpkgs;
p = nixpkgs;
};
nixPath = lib.mapAttrsToList (n: _: "${n}=flake:${n}") flakeInputs;
};
services.dbus.implementation = "broker";
systemd.services.nix-daemon = {
environment.TMPDIR = "/var/tmp";
};
});
} }

8
modules/nixos/common/users.nix
View file

@ -1,4 +1,4 @@
{ self, pkgs, config, lib, ... }: { self, pkgs, config, lib, minimal, ... }:
let let
sopsFile = self + /secrets/general/secrets.yaml; sopsFile = self + /secrets/general/secrets.yaml;
in in
@ -12,9 +12,9 @@ in
users."${config.swarselsystems.mainUser}" = { users."${config.swarselsystems.mainUser}" = {
isNormalUser = true; isNormalUser = true;
description = "Leon S"; description = "Leon S";
password = lib.mkIf config.swarselsystems.initialSetup "setup"; password = lib.mkIf (config.swarselsystems.initialSetup || minimal) "setup";
hashedPasswordFile = lib.mkIf (!config.swarselsystems.initialSetup) config.sops.secrets.swarseluser.path; hashedPasswordFile = lib.mkIf (!config.swarselsystems.initialSetup && !minimal) config.sops.secrets.swarseluser.path;
extraGroups = [ "networkmanager" "syncthing" "docker" "wheel" "lp" "audio" "video" "vboxusers" "libvirtd" "scanner" ]; extraGroups = lib.mkIf (!minimal) [ "networkmanager" "syncthing" "docker" "wheel" "lp" "audio" "video" "vboxusers" "libvirtd" "scanner" ];
packages = with pkgs; [ ]; packages = with pkgs; [ ];
}; };
}; };

4
nix/iso.nix
View file

@ -1,4 +1,4 @@
{ inputs, ... }: { self, inputs, ... }:
{ {
perSystem = { pkgs, system, ... }: perSystem = { pkgs, system, ... }:
{ {
@ -7,7 +7,7 @@
inherit pkgs; inherit pkgs;
modules = [ modules = [
inputs.home-manager.nixosModules.home-manager inputs.home-manager.nixosModules.home-manager
./installer-config.nix "${self}/install/installer-config.nix"
]; ];
format = format =
{ {

13
profiles/home/minimal/default.nix Normal file
View file

@ -0,0 +1,13 @@
{ lib, config, ... }:
{
options.swarselsystems.profiles.minimal = lib.mkEnableOption "is this a personal host";
config = lib.mkIf config.swarselsystems.profiles.minimal {
swarselsystems.modules = {
general = lib.mkDefault true;
sops = lib.mkDefault true;
kitty = lib.mkDefault true;
zsh = lib.mkDefault true;
};
};
}

27
profiles/nixos/minimal/default.nix Normal file
View file

@ -0,0 +1,27 @@
{ lib, config, ... }:
{
options.swarselsystems.profiles.minimal = lib.mkEnableOption "declare this a minimal host";
config = lib.mkIf config.swarselsystems.profiles.minimal {
swarselsystems.modules = {
general = lib.mkDefault true;
home-manager = lib.mkDefault true;
xserver = lib.mkDefault true;
lanzaboote = lib.mkDefault true;
time = lib.mkDefault true;
users = lib.mkDefault true;
impermanence = lib.mkDefault true;
security = lib.mkDefault true;
sops = lib.mkDefault true;
pii = lib.mkDefault true;
zsh = lib.mkDefault true;
yubikey = lib.mkDefault true;
autologin = lib.mkDefault true;
server = {
ssh = lib.mkDefault true;
};
};
};
}

1
profiles/nixos/toto/default.nix
View file

@ -4,6 +4,7 @@
config = lib.mkIf config.swarselsystems.profiles.toto { config = lib.mkIf config.swarselsystems.profiles.toto {
swarselsystems.modules = { swarselsystems.modules = {
general = lib.mkDefault true; general = lib.mkDefault true;
packages = lib.mkDefault true;
home-manager = lib.mkDefault true; home-manager = lib.mkDefault true;
xserver = lib.mkDefault true; xserver = lib.mkDefault true;
users = lib.mkDefault true; users = lib.mkDefault true;