diff --git a/SwarselSystems.org b/SwarselSystems.org index a7f9baa..b61752f 100644 --- a/SwarselSystems.org +++ b/SwarselSystems.org @@ -318,6 +318,44 @@ Here I give a brief overview over the hostmachines that I am using. This is held <> #+end_src +#+RESULTS: +#+begin_export html +These steps are required when setting up a normal NixOS host: + +- setup yubikey (automatic yubikey enrollment is not yet supported by `disko`): + - `systemd-cryptenroll --fido2-device=auto /dev/` + +If the new machine is a work machine, these steps are additionally needed: + +- setup the work VPN: + - using the laptop certificate `.pem` as User cert and private key (CA cert: none) + - vpn gateway is found in `nixosConfig.repo.secrets.local.work.vpnGateway` +- setup gpgsm for signing of mails using S/MIME: + - `gpgsm --import ~/Certificates/.p12` + - `gpgsm --import ~/Certificates/harica-root.pem` + - `gpgsm --import ~/Certificates/harica-intermediate.pem` + - `gpgsm --list-keys --with-validation "HARICA Client RSA Root CA 2021"` + - trust the certificate and set passphrase +- setup pizauth for microsoft mail sync (account names are possibly `uni` and `work`): + - `pizauth auth ` + - `pizauth dump > ~/.pizauth.state` + +If the new machine is home-manager only, perform these steps: + +- (Optional) Install openssh-server +- Set hostname to the name specified in the home-manager configuration +- Install nix, either: + - (if upgrading existing nix) Install nix version matching with version that `nix-plugins` is compiled against: `nix-env --install --file '' cacert -I nixpkgs=channel:nixpkgs-unstable --attr nixVersions.nix_x_yy` + - (or installing nix freshly): + - Grab the link to the install script of the needed nix version from https://releases.nixos.org/?prefix=nix, e.g. https://releases.nixos.org/nix/nix-2.30.1/install + - `bash <(curl -L https://releases.nixos.org/nix/nix-x-yy-y/install) --daemon` +- add the following to /etc/nix/nix.conf to become a trusted user: `trusted-users = @wheel root swarsel` +- For the first build: + 1) Clone dotfile repo & change into it + 2) `nix --extra-experimental-features 'nix-command flakes' develop` + 3) `home-manager --extra-experimental-features 'nix-command flakes' switch --flake .#$(hostname) --show-trace` +#+end_export + ** Current issues #+begin_src markdown :noweb yes :exports both :results html @@ -1315,7 +1353,7 @@ Lastly, in the =perSystem= attribute set, we see that it is actually passed some inputs.pre-commit-hooks.flakeModule ]; - perSystem = { pkgs, system, ... }: + perSystem = { pkgs, config, system, ... }: { pre-commit = { check.enable = true; @@ -1473,7 +1511,8 @@ Lastly, in the =perSystem= attribute set, we see that it is actually passed some } ]; - devshell.startup.pre-commit-install.text = "pre-commit install"; + # devshell.startup.pre-commit-install.text = "pre-commit install"; + devshell.startup.pre-commit.text = config.pre-commit.installationScript; env = let @@ -5949,12 +5988,15 @@ Here I disable global completion to prevent redundant compinit calls and cache i let inherit (config.swarselsystems) mainUser homeDir; devices = config.swarselsystems.syncthing.syncDevices; + servicePort = 8384; in { options.swarselmodules.syncthing = lib.mkEnableOption "syncthing config"; config = lib.mkIf config.swarselmodules.syncthing { services.syncthing = { enable = true; + systemService = true; + guiAddress = "127.0.0.1:${builtins.toString servicePort}"; package = pkgs.syncthing; user = mainUser; dataDir = homeDir; @@ -11909,7 +11951,6 @@ The general structure here is the same as in the [[#h:6da812f5-358c-49cb-aff2-0a Steps to get a home-manager only setup up and running: #+begin_src markdown :noweb-ref homemanageronlysetup :exports both :results html - - (Optional) Install openssh-server - Set hostname to the name specified in the home-manager configuration - Install nix, either: @@ -11922,7 +11963,6 @@ Steps to get a home-manager only setup up and running: 1) Clone dotfile repo & change into it 2) `nix --extra-experimental-features 'nix-command flakes' develop` 3) `home-manager --extra-experimental-features 'nix-command flakes' switch --flake .#$(hostname) --show-trace` - #+end_src *** TODO Common @@ -14707,6 +14747,131 @@ Sets up a systemd user service for anki that does not stall the shutdown process } #+end_src +***** syncthing service for tray + +#+begin_src nix-ts :tangle modules/home/common/syncthing-tray.nix + { lib, config, pkgs, ... }: + { + options.swarselmodules.syncthing-tray = lib.mkEnableOption "enable syncthing applet for tray"; + config = lib.mkIf config.swarselmodules.syncthing-tray { + + home.activation.setupSyncthingIni = + let + syncthingApiEnvVarName = "SYNCTHING_API_KEY"; + syncthingIni = { + file = "${config.home.homeDirectory}/.config/syncthingtray.ini"; + content = '' + [General] + v=2.0.2 + + [qt] + customfont=false + customicontheme=false + customlocale=false + custompalette=false + customstylesheet=false + customwidgetstyle=false + font="Cantarell,11,-1,5,400,0,0,0,0,0,0,0,0,0,0,1" + icontheme=hicolor + iconthemepath= + locale=en_US + palette="@Variant(\0\0\0\x44\x1\x1\xff\xff\xa0\xa0\xb3\xb3\xc5\xc5\0\0\x1\x1\xff\xff jj\x86\x86\0\0\x1\x1\xff\xff\0\0::ff\0\0\x1\x1\xff\xff\0\0::ff\0\0\x1\x1\xff\xff\x1d\x1d%%,,\0\0\x1\x1\xff\xff\x1d\x1d%%,,\0\0\x1\x1\xff\xff\xa0\xa0\xb3\xb3\xc5\xc5\0\0\x1\x1\xff\xff\xff\xff\xff\xff\xff\xff\0\0\x1\x1\xff\xff\xa0\xa0\xb3\xb3\xc5\xc5\0\0\x1\x1\xff\xff\x1d\x1d%%,,\0\0\x1\x1\xff\xff\x17\x17\x1d\x1d##\0\0\x1\x1\xff\xff\0\0\0\0\0\0\0\0\x1\x1\xff\xff\0\0::ff\0\0\x1\x1\xff\xff\xa0\xa0\xb3\xb3\xc5\xc5\0\0\x1\x1\xff\xff^^\xc4\xc4\xff\xff\0\0\x1\x1\xff\xff\xc0\xc0nn\xce\xce\0\0\x1\x1\xff\xff\x17\x17\x1d\x1d##\0\0\x1\x1\xff\xff^^\xc4\xc4\xff\xff\0\0\x1\x1\xff\xff jj\x86\x86\0\0\x1\x1\xff\xff\0\0::ff\0\0\x1\x1\xff\xff\0\0::ff\0\0\x1\x1\xff\xff\x1d\x1d%%,,\0\0\x1\x1\xff\xff\x1d\x1d%%,,\0\0\x1\x1\xff\xff^^\xc4\xc4\xff\xff\0\0\x1\x1\xff\xff\xff\xff\xff\xff\xff\xff\0\0\x1\x1\xff\xff^^\xc4\xc4\xff\xff\0\0\x1\x1\xff\xff\x1d\x1d%%,,\0\0\x1\x1\xff\xff\x17\x17\x1d\x1d##\0\0\x1\x1\xff\xff\0\0\0\0\0\0\0\0\x1\x1\xff\xff\0\0::ff\0\0\x1\x1\x66\x66\xa0\xa0\xb3\xb3\xc5\xc5\0\0\x1\x1\xff\xff^^\xc4\xc4\xff\xff\0\0\x1\x1\xff\xff\xc0\xc0nn\xce\xce\0\0\x1\x1\xff\xff\x17\x17\x1d\x1d##\0\0\x1\x1\xff\xff\xa0\xa0\xb3\xb3\xc5\xc5\0\0\x1\x1\xff\xff jj\x86\x86\0\0\x1\x1\xff\xff\0\0::ff\0\0\x1\x1\xff\xff\0\0::ff\0\0\x1\x1\xff\xff\x1d\x1d%%,,\0\0\x1\x1\xff\xff\x1d\x1d%%,,\0\0\x1\x1\xff\xff\xa0\xa0\xb3\xb3\xc5\xc5\0\0\x1\x1\xff\xff\xff\xff\xff\xff\xff\xff\0\0\x1\x1\xff\xff\xa0\xa0\xb3\xb3\xc5\xc5\0\0\x1\x1\xff\xff\x1d\x1d%%,,\0\0\x1\x1\xff\xff\x17\x17\x1d\x1d##\0\0\x1\x1\xff\xff\0\0\0\0\0\0\0\0\x1\x2\xff\xffP\x14\xff\xff\x65\x65\0\0\x1\x1\xff\xff\xa0\xa0\xb3\xb3\xc5\xc5\0\0\x1\x1\xff\xff^^\xc4\xc4\xff\xff\0\0\x1\x1\xff\xff\xc0\xc0nn\xce\xce\0\0\x1\x1\xff\xff\x17\x17\x1d\x1d##\0\0)" + plugindir= + stylesheetpath= + trpath= + widgetstyle= + + [startup] + considerForReconnect=false + considerLauncherForReconnect=false + showButton=false + showLauncherButton=false + stopOnMetered=false + stopServiceOnMetered=false + syncthingArgs="serve --no-browser --logflags=3" + syncthingAutostart=false + syncthingPath=syncthing + syncthingUnit=syncthing.service + systemUnit=false + useLibSyncthing=false + + [tray] + connections\1\apiKey=@ByteArray(''$${syncthingApiEnvVarName}) + connections\1\authEnabled=falsex + connections\1\autoConnect=true + connections\1\devStatsPollInterval=60000 + connections\1\diskEventLimit=200 + connections\1\errorsPollInterval=30000 + connections\1\httpsCertPath=${config.home.homeDirectory}/.config/syncthing/https-cert.pem + connections\1\label=Primary instance + connections\1\localPath= + connections\1\longPollingTimeout=0 + connections\1\password= + connections\1\pauseOnMetered=false + connections\1\reconnectInterval=30000 + connections\1\requestTimeout=0 + connections\1\statusComputionFlags=123 + connections\1\syncthingUrl=http://${config.services.syncthing.guiAddress} + connections\1\trafficPollInterval=5000 + connections\1\userName= + connections\size=1 + dbusNotifications=true + distinguishTrayIcons=false + frameStyle=16 + ignoreInavailabilityAfterStart=15 + notifyOnDisconnect=true + notifyOnErrors=true + notifyOnLauncherErrors=true + notifyOnLocalSyncComplete=false + notifyOnNewDeviceConnects=false + notifyOnNewDirectoryShared=false + notifyOnRemoteSyncComplete=false + positioning\assumedIconPos=@Point(0 0) + positioning\useAssumedIconPosition=false + positioning\useCursorPos=true + preferIconsFromTheme=false + showDownloads=false + showSyncthingNotifications=true + showTabTexts=true + showTraffic=true + statusIcons="#ff26b6db,#ff0882c8,#ffffffff;#ffdb3c26,#ffc80828,#ffffffff;#ffc9ce3b,#ffebb83b,#ffffffff;#ff2d9d69,#ff2d9d69,#ffffffff;#ff26b6db,#ff0882c8,#ffffffff;#ff26b6db,#ff0882c8,#ffffffff;#ffa9a9a9,#ff58656c,#ffffffff;#ffa9a9a9,#ff58656c,#ffffffff;#ffa9a9a9,#ff58656c,#ffffffff" + statusIconsRenderSize=@Size(32 32) + statusIconsStrokeWidth=0 + tabPos=1 + trayIcons="#ff26b6db,#ff0882c8,#ffffffff;#ffdb3c26,#ffc80828,#ffffffff;#ffc9ce3b,#ffebb83b,#ffffffff;#ff2d9d69,#ff2d9d69,#ffffffff;#ff26b6db,#ff0882c8,#ffffffff;#ff26b6db,#ff0882c8,#ffffffff;#ffa9a9a9,#ff58656c,#ffffffff;#ffa9a9a9,#ff58656c,#ffffffff;#ffa9a9a9,#ff58656c,#ffffffff" + trayIconsRenderSize=@Size(32 32) + trayIconsStrokeWidth=0 + trayMenuSize=@Size(575 475) + usePaletteForStatusIcons=false + usePaletteForTrayIcons=false + windowType=0 + + [webview] + customCommand= + disabled=false + mode=0 + + ''; + }; + in + lib.hm.dag.entryAfter [ "writeBoundary" ] '' + set -eu + + if [ ! -f ${syncthingIni.file} ]; then + cat >${syncthingIni.file} <<'EOF' + ${syncthingIni.content} + EOF + export ${syncthingApiEnvVarName}=$(cat /run/syncthing-init/api_key) + ${lib.getExe pkgs.envsubst} -i ${syncthingIni.file} -o ${syncthingIni.file} + unset ${syncthingApiEnvVarName} + fi + ''; + + }; + + } +#+end_src + **** Sway :PROPERTIES: :CUSTOM_ID: h:02df9dfc-d1af-4a37-a7a0-d8da0af96a20 @@ -15487,7 +15652,7 @@ Settings that are needed for the gpg-agent. Also we are enabling emacs support f When setting up a new machine: -#+begin_src markdown :noweb-ref setup :exports both :results html +#+begin_src markdown :noweb-ref worksetup :exports both :results html - setup gpgsm for signing of mails using S/MIME: - `gpgsm --import ~/Certificates/.p12` - `gpgsm --import ~/Certificates/harica-root.pem` @@ -16337,7 +16502,7 @@ The rest of the settings is at [[#h:bbf2ecb6-c8ff-4462-b5d5-d45b28604ddf][work]] When setting up a new machine: -#+begin_src markdown :noweb-ref setup :exports both :results html +#+begin_src markdown :noweb-ref worksetup :exports both :results html - setup pizauth for microsoft mail sync (account names are possibly `uni` and `work`): - `pizauth auth ` - `pizauth dump > ~/.pizauth.state` @@ -19829,6 +19994,7 @@ This holds modules that are to be used on most hosts. These are also the most im tmux = lib.mkDefault true; vesktop = lib.mkDefault true; vesktop-tray = lib.mkDefault true; + syncthing-tray = lib.mkDefault true; waybar = lib.mkDefault true; yubikey = lib.mkDefault false; yubikeytouch = lib.mkDefault true; @@ -19901,6 +20067,7 @@ This holds modules that are to be used on most hosts. These are also the most im tmux = lib.mkDefault true; vesktop = lib.mkDefault false; vesktop-tray = lib.mkDefault false; + syncthing-tray = lib.mkDefault false; waybar = lib.mkDefault false; yubikey = lib.mkDefault false; yubikeytouch = lib.mkDefault false; @@ -22091,6 +22258,14 @@ Recently I have grown fond of holding presentations using Emacs :) (add-hook 'org-present-after-navigate-functions 'swarsel/org-present-slide) #+end_src + +**** Render markdown blocks as body to expand noweb blocks + +#+begin_src emacs-lisp +(defun org-babel-execute:markdown (body params) + "Just return BODY unchanged, allowing noweb expansion." + body) +#+end_src *** Nix Mode :PROPERTIES: :CUSTOM_ID: h:406c2ecc-0e3e-4d9f-9ae3-3eb1f8b87d1b diff --git a/files/emacs/init.el b/files/emacs/init.el index b947bff..5a013e3 100644 --- a/files/emacs/init.el +++ b/files/emacs/init.el @@ -1040,6 +1040,10 @@ create a new one." (add-hook 'org-present-mode-quit-hook 'swarsel/org-present-end) (add-hook 'org-present-after-navigate-functions 'swarsel/org-present-slide) +(defun org-babel-execute:markdown (body params) + "Just return BODY unchanged, allowing noweb expansion." + body) + (use-package nix-mode :after lsp-mode :ensure t diff --git a/hosts/nixos/aarch64-linux/moonside/default.nix b/hosts/nixos/aarch64-linux/moonside/default.nix index 323109f..692c684 100644 --- a/hosts/nixos/aarch64-linux/moonside/default.nix +++ b/hosts/nixos/aarch64-linux/moonside/default.nix @@ -38,12 +38,9 @@ in }; networking = { - nftables.enable = lib.mkForce false; - hostName = "moonside"; - enableIPv6 = false; domain = "subnet03291956.vcn03291956.oraclevcn.com"; firewall = { - allowedTCPPorts = [ 80 443 8384 ]; + allowedTCPPorts = [ 8384 ]; }; wireguard = { enable = true; @@ -132,7 +129,7 @@ in swarselsystems = { flakePath = "/root/.dotfiles"; - info = "VM.Standard.A1.Flex, 4 OCPUs, 24GB RAM"; + info = "VM.Standard.A1.Flex, 4 vCPUs, 24GB RAM"; isImpermanence = true; isSecureBoot = false; isCrypted = false; @@ -152,11 +149,12 @@ in }; swarselmodules.server = { - oauth2-proxy = lib.mkDefault true; - croc = lib.mkDefault true; - microbin = lib.mkDefault true; - shlink = lib.mkDefault true; - slink = lib.mkDefault true; - syncthing = lib.mkDefault true; + oauth2-proxy = true; + croc = true; + microbin = true; + shlink = true; + slink = true; + syncthing = true; + diskEncryption = lib.mkForce false; }; } diff --git a/hosts/nixos/x86_64-linux/toto/default.nix b/hosts/nixos/x86_64-linux/toto/default.nix index 9bb9e39..635a1e8 100644 --- a/hosts/nixos/x86_64-linux/toto/default.nix +++ b/hosts/nixos/x86_64-linux/toto/default.nix @@ -15,6 +15,10 @@ minimal = lib.mkForce true; }; + swarselmodules = { + server.network = lib.mkForce false; + }; + swarselsystems = { info = "~SwarselSystems~ remote install helper"; wallpaper = self + /files/wallpaper/lenovowp.png; diff --git a/modules/home/common/syncthing-tray.nix b/modules/home/common/syncthing-tray.nix new file mode 100644 index 0000000..e0b5898 --- /dev/null +++ b/modules/home/common/syncthing-tray.nix @@ -0,0 +1,120 @@ +{ lib, config, pkgs, ... }: +{ + options.swarselmodules.syncthing-tray = lib.mkEnableOption "enable syncthing applet for tray"; + config = lib.mkIf config.swarselmodules.syncthing-tray { + + home.activation.setupSyncthingIni = + let + syncthingApiEnvVarName = "SYNCTHING_API_KEY"; + syncthingIni = { + file = "${config.home.homeDirectory}/.config/syncthingtray.ini"; + content = '' + [General] + v=2.0.2 + + [qt] + customfont=false + customicontheme=false + customlocale=false + custompalette=false + customstylesheet=false + customwidgetstyle=false + font="Cantarell,11,-1,5,400,0,0,0,0,0,0,0,0,0,0,1" + icontheme=hicolor + iconthemepath= + locale=en_US + palette="@Variant(\0\0\0\x44\x1\x1\xff\xff\xa0\xa0\xb3\xb3\xc5\xc5\0\0\x1\x1\xff\xff jj\x86\x86\0\0\x1\x1\xff\xff\0\0::ff\0\0\x1\x1\xff\xff\0\0::ff\0\0\x1\x1\xff\xff\x1d\x1d%%,,\0\0\x1\x1\xff\xff\x1d\x1d%%,,\0\0\x1\x1\xff\xff\xa0\xa0\xb3\xb3\xc5\xc5\0\0\x1\x1\xff\xff\xff\xff\xff\xff\xff\xff\0\0\x1\x1\xff\xff\xa0\xa0\xb3\xb3\xc5\xc5\0\0\x1\x1\xff\xff\x1d\x1d%%,,\0\0\x1\x1\xff\xff\x17\x17\x1d\x1d##\0\0\x1\x1\xff\xff\0\0\0\0\0\0\0\0\x1\x1\xff\xff\0\0::ff\0\0\x1\x1\xff\xff\xa0\xa0\xb3\xb3\xc5\xc5\0\0\x1\x1\xff\xff^^\xc4\xc4\xff\xff\0\0\x1\x1\xff\xff\xc0\xc0nn\xce\xce\0\0\x1\x1\xff\xff\x17\x17\x1d\x1d##\0\0\x1\x1\xff\xff^^\xc4\xc4\xff\xff\0\0\x1\x1\xff\xff jj\x86\x86\0\0\x1\x1\xff\xff\0\0::ff\0\0\x1\x1\xff\xff\0\0::ff\0\0\x1\x1\xff\xff\x1d\x1d%%,,\0\0\x1\x1\xff\xff\x1d\x1d%%,,\0\0\x1\x1\xff\xff^^\xc4\xc4\xff\xff\0\0\x1\x1\xff\xff\xff\xff\xff\xff\xff\xff\0\0\x1\x1\xff\xff^^\xc4\xc4\xff\xff\0\0\x1\x1\xff\xff\x1d\x1d%%,,\0\0\x1\x1\xff\xff\x17\x17\x1d\x1d##\0\0\x1\x1\xff\xff\0\0\0\0\0\0\0\0\x1\x1\xff\xff\0\0::ff\0\0\x1\x1\x66\x66\xa0\xa0\xb3\xb3\xc5\xc5\0\0\x1\x1\xff\xff^^\xc4\xc4\xff\xff\0\0\x1\x1\xff\xff\xc0\xc0nn\xce\xce\0\0\x1\x1\xff\xff\x17\x17\x1d\x1d##\0\0\x1\x1\xff\xff\xa0\xa0\xb3\xb3\xc5\xc5\0\0\x1\x1\xff\xff jj\x86\x86\0\0\x1\x1\xff\xff\0\0::ff\0\0\x1\x1\xff\xff\0\0::ff\0\0\x1\x1\xff\xff\x1d\x1d%%,,\0\0\x1\x1\xff\xff\x1d\x1d%%,,\0\0\x1\x1\xff\xff\xa0\xa0\xb3\xb3\xc5\xc5\0\0\x1\x1\xff\xff\xff\xff\xff\xff\xff\xff\0\0\x1\x1\xff\xff\xa0\xa0\xb3\xb3\xc5\xc5\0\0\x1\x1\xff\xff\x1d\x1d%%,,\0\0\x1\x1\xff\xff\x17\x17\x1d\x1d##\0\0\x1\x1\xff\xff\0\0\0\0\0\0\0\0\x1\x2\xff\xffP\x14\xff\xff\x65\x65\0\0\x1\x1\xff\xff\xa0\xa0\xb3\xb3\xc5\xc5\0\0\x1\x1\xff\xff^^\xc4\xc4\xff\xff\0\0\x1\x1\xff\xff\xc0\xc0nn\xce\xce\0\0\x1\x1\xff\xff\x17\x17\x1d\x1d##\0\0)" + plugindir= + stylesheetpath= + trpath= + widgetstyle= + + [startup] + considerForReconnect=false + considerLauncherForReconnect=false + showButton=false + showLauncherButton=false + stopOnMetered=false + stopServiceOnMetered=false + syncthingArgs="serve --no-browser --logflags=3" + syncthingAutostart=false + syncthingPath=syncthing + syncthingUnit=syncthing.service + systemUnit=false + useLibSyncthing=false + + [tray] + connections\1\apiKey=@ByteArray(''$${syncthingApiEnvVarName}) + connections\1\authEnabled=falsex + connections\1\autoConnect=true + connections\1\devStatsPollInterval=60000 + connections\1\diskEventLimit=200 + connections\1\errorsPollInterval=30000 + connections\1\httpsCertPath=${config.home.homeDirectory}/.config/syncthing/https-cert.pem + connections\1\label=Primary instance + connections\1\localPath= + connections\1\longPollingTimeout=0 + connections\1\password= + connections\1\pauseOnMetered=false + connections\1\reconnectInterval=30000 + connections\1\requestTimeout=0 + connections\1\statusComputionFlags=123 + connections\1\syncthingUrl=http://${config.services.syncthing.guiAddress} + connections\1\trafficPollInterval=5000 + connections\1\userName= + connections\size=1 + dbusNotifications=true + distinguishTrayIcons=false + frameStyle=16 + ignoreInavailabilityAfterStart=15 + notifyOnDisconnect=true + notifyOnErrors=true + notifyOnLauncherErrors=true + notifyOnLocalSyncComplete=false + notifyOnNewDeviceConnects=false + notifyOnNewDirectoryShared=false + notifyOnRemoteSyncComplete=false + positioning\assumedIconPos=@Point(0 0) + positioning\useAssumedIconPosition=false + positioning\useCursorPos=true + preferIconsFromTheme=false + showDownloads=false + showSyncthingNotifications=true + showTabTexts=true + showTraffic=true + statusIcons="#ff26b6db,#ff0882c8,#ffffffff;#ffdb3c26,#ffc80828,#ffffffff;#ffc9ce3b,#ffebb83b,#ffffffff;#ff2d9d69,#ff2d9d69,#ffffffff;#ff26b6db,#ff0882c8,#ffffffff;#ff26b6db,#ff0882c8,#ffffffff;#ffa9a9a9,#ff58656c,#ffffffff;#ffa9a9a9,#ff58656c,#ffffffff;#ffa9a9a9,#ff58656c,#ffffffff" + statusIconsRenderSize=@Size(32 32) + statusIconsStrokeWidth=0 + tabPos=1 + trayIcons="#ff26b6db,#ff0882c8,#ffffffff;#ffdb3c26,#ffc80828,#ffffffff;#ffc9ce3b,#ffebb83b,#ffffffff;#ff2d9d69,#ff2d9d69,#ffffffff;#ff26b6db,#ff0882c8,#ffffffff;#ff26b6db,#ff0882c8,#ffffffff;#ffa9a9a9,#ff58656c,#ffffffff;#ffa9a9a9,#ff58656c,#ffffffff;#ffa9a9a9,#ff58656c,#ffffffff" + trayIconsRenderSize=@Size(32 32) + trayIconsStrokeWidth=0 + trayMenuSize=@Size(575 475) + usePaletteForStatusIcons=false + usePaletteForTrayIcons=false + windowType=0 + + [webview] + customCommand= + disabled=false + mode=0 + + ''; + }; + in + lib.hm.dag.entryAfter [ "writeBoundary" ] '' + set -eu + + if [ ! -f ${syncthingIni.file} ]; then + cat >${syncthingIni.file} <<'EOF' + ${syncthingIni.content} + EOF + export ${syncthingApiEnvVarName}=$(cat /run/syncthing-init/api_key) + ${lib.getExe pkgs.envsubst} -i ${syncthingIni.file} -o ${syncthingIni.file} + unset ${syncthingApiEnvVarName} + fi + ''; + + }; + +} diff --git a/modules/nixos/client/syncthing.nix b/modules/nixos/client/syncthing.nix index 4d53550..407379d 100644 --- a/modules/nixos/client/syncthing.nix +++ b/modules/nixos/client/syncthing.nix @@ -2,12 +2,15 @@ let inherit (config.swarselsystems) mainUser homeDir; devices = config.swarselsystems.syncthing.syncDevices; + servicePort = 8384; in { options.swarselmodules.syncthing = lib.mkEnableOption "syncthing config"; config = lib.mkIf config.swarselmodules.syncthing { services.syncthing = { enable = true; + systemService = true; + guiAddress = "127.0.0.1:${builtins.toString servicePort}"; package = pkgs.syncthing; user = mainUser; dataDir = homeDir; diff --git a/nix/devshell.nix b/nix/devshell.nix index a1ce6f6..a32661b 100644 --- a/nix/devshell.nix +++ b/nix/devshell.nix @@ -5,7 +5,7 @@ inputs.pre-commit-hooks.flakeModule ]; - perSystem = { pkgs, system, ... }: + perSystem = { pkgs, config, system, ... }: { pre-commit = { check.enable = true; @@ -164,7 +164,8 @@ } ]; - devshell.startup.pre-commit-install.text = "pre-commit install"; + # devshell.startup.pre-commit-install.text = "pre-commit install"; + devshell.startup.pre-commit.text = config.pre-commit.installationScript; env = let diff --git a/profiles/home/dgxspark/default.nix b/profiles/home/dgxspark/default.nix index ace298c..a0d261a 100644 --- a/profiles/home/dgxspark/default.nix +++ b/profiles/home/dgxspark/default.nix @@ -55,6 +55,7 @@ tmux = lib.mkDefault true; vesktop = lib.mkDefault false; vesktop-tray = lib.mkDefault false; + syncthing-tray = lib.mkDefault false; waybar = lib.mkDefault false; yubikey = lib.mkDefault false; yubikeytouch = lib.mkDefault false; diff --git a/profiles/home/personal/default.nix b/profiles/home/personal/default.nix index 2ba5287..e04e2af 100644 --- a/profiles/home/personal/default.nix +++ b/profiles/home/personal/default.nix @@ -56,6 +56,7 @@ tmux = lib.mkDefault true; vesktop = lib.mkDefault true; vesktop-tray = lib.mkDefault true; + syncthing-tray = lib.mkDefault true; waybar = lib.mkDefault true; yubikey = lib.mkDefault false; yubikeytouch = lib.mkDefault true;