swarsel/.dotfiles
1
0
Fork 0
mirror of https://github.com/Swarsel/.dotfiles.git synced 2026-04-14 13:19:09 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

chore: update flake
Some checks failed
Build and Deploy / build (push) Has been cancelled
Details
Flake check / Check flake (push) Has been cancelled
Details
Build and Deploy / deploy (push) Has been cancelled
Details

Browse source
This commit is contained in:
Leon Schwarzäugl 2026-02-01 22:18:01 +01:00
parent edd2c61b17
commit 52554d4f92
Signed by: swarsel
GPG key ID: 26A54C31F2A4FD84
28 changed files with 1111 additions and 1025 deletions
Download patch file Download diff file Expand all files Collapse all files

4
.github/README.md vendored
View file

@ -135,7 +135,7 @@
|📼 **Videos** | [Jellyfin](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/jellyfin.nix) |
|🎵 **Music** | [Navidrome](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/navidrome.nix) + [Spotifyd](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/spotifyd.nix) + [MPD](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/mpd.nix) |
|🗨️ **Messaging** | [Matrix](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/matrix.nix) |
|📁 **Filesharing** | [Nectcloud](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/nextcloud.nix) |
|📁 **Filesharing** | [Nextcloud](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/nextcloud.nix) |
|🎞️ **Photos** | [Immich](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/immich.nix) |
|📄 **Documents** | [Paperless](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/paperless.nix) |
|🔄 **File Sync** | [Syncthing](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/syncthing.nix) |
@ -156,7 +156,7 @@
|⛏️ **Minecraft** | [Minecraft](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/minecraft.nix) |
|☁️ **S3** | [Garage](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/garage.nix) |
|🕸️ **Nix Binary Cache** | [Attic](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/attic.nix) |
|🐙 **Nix Build farm** | [Attic](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/hydra.nix) |
|🐙 **Nix Build farm** | [Hydra](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/hydra.nix) |
|🔑 **Cert-based SSH** | [OPKSSH](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/opkssh.nix) |
|🔨 **Home Asset Management**| [Homebox](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/homebox.nix) |
|👀 **DNS Records** | [NSD](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/nsd.nix) |

217
SwarselSystems.org
View file

@ -359,7 +359,7 @@ This is a comprehensive list of the services/components ran by my server machine
|📼 **Videos** | [Jellyfin](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/jellyfin.nix) |
|🎵 **Music** | [Navidrome](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/navidrome.nix) + [Spotifyd](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/spotifyd.nix) + [MPD](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/mpd.nix) |
|🗨️ **Messaging** | [Matrix](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/matrix.nix) |
|📁 **Filesharing** | [Nectcloud](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/nextcloud.nix) |
|📁 **Filesharing** | [Nextcloud](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/nextcloud.nix) |
|🎞️ **Photos** | [Immich](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/immich.nix) |
|📄 **Documents** | [Paperless](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/paperless.nix) |
|🔄 **File Sync** | [Syncthing](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/syncthing.nix) |
@ -380,7 +380,7 @@ This is a comprehensive list of the services/components ran by my server machine
|⛏️ **Minecraft** | [Minecraft](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/minecraft.nix) |
|☁️ **S3** | [Garage](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/garage.nix) |
|🕸️ **Nix Binary Cache** | [Attic](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/attic.nix) |
|🐙 **Nix Build farm** | [Attic](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/hydra.nix) |
|🐙 **Nix Build farm** | [Hydra](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/hydra.nix) |
|🔑 **Cert-based SSH** | [OPKSSH](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/opkssh.nix) |
|🔨 **Home Asset Management**| [Homebox](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/homebox.nix) |
|👀 **DNS Records** | [NSD](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/nsd.nix) |
@ -1737,13 +1737,22 @@ A short overview over each input and what it does:
home-manager = {
url = "github:nix-community/home-manager";
# url = "github:Swarsel/home-manager/main";
inputs.nixpkgs.follows = "nixpkgs";
};
nix-index-database = {
url = "github:nix-community/nix-index-database";
inputs.nixpkgs.follows = "nixpkgs";
};
dns = {
url = "github:kirelagin/dns.nix";
inputs.nixpkgs.follows = "nixpkgs";
};
nixos-generators = {
url = "github:nix-community/nixos-generators";
inputs.nixpkgs.follows = "nixpkgs";
};
topologyPrivate.url = "./files/topology/public";
# emacs-overlay.url = "github:nix-community/emacs-overlay";
emacs-overlay.url = "github:nix-community/emacs-overlay/aba8daa237dc07a3bb28a61c252a718e8eb38057?narHash=sha256-4OXXccXsY1sBXTXjYIthdjXLAotozSh4F8StGRuLyMQ%3D";
@ -1755,7 +1764,6 @@ A short overview over each input and what it does:
sops.url = "github:Mic92/sops-nix";
lanzaboote.url = "github:nix-community/lanzaboote";
nix-on-droid.url = "github:nix-community/nix-on-droid/release-24.05";
nixos-generators.url = "github:nix-community/nixos-generators";
nixos-images.url = "github:Swarsel/nixos-images/main";
nixos-hardware.url = "github:NixOS/nixos-hardware/master";
nswitch-rcm-nix.url = "github:Swarsel/nswitch-rcm-nix";
@ -1773,11 +1781,10 @@ A short overview over each input and what it does:
nixos-extra-modules.url = "github:oddlama/nixos-extra-modules/main";
microvm.url = "github:astro/microvm.nix";
treefmt-nix.url = "github:numtide/treefmt-nix";
dns.url = "github:kirelagin/dns.nix";
nix-minecraft.url = "github:Infinidoge/nix-minecraft";
simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/master";
nixos-nftables-firewall.url = "github:thelegy/nixos-nftables-firewall";
topologyPrivate.url = "./files/topology/public";
pia.url = "github:Swarsel/pia.nix/custom";
};
outputs =
@ -2279,6 +2286,7 @@ The rest of the functions are used to build full NixOS systems as well as halfCo
inputs.stylix.nixosModules.stylix
inputs.swarsel-nix.nixosModules.default
inputs.nixos-nftables-firewall.nixosModules.default
inputs.pia.nixosModules.default
(inputs.nixos-extra-modules + "/modules/guests")
(inputs.nixos-extra-modules + "/modules/interface-naming.nix")
"${self}/hosts/nixos/${arch}/${configName}"
@ -2627,7 +2635,7 @@ Another note concerning [[https://flake.parts/][flake-parts]]:
};
};
switch-bedroom = mkDevice "Switch Bedroom" {
switch-bedroom = mkSwitch "Switch Bedroom" {
info = "Cisco SG 200-08";
image = "${self}/files/topology-images/Cisco_SG_200-08.png";
interfaceGroups = [
@ -4961,6 +4969,7 @@ This is my main server that I run at home. It handles most tasks that require bi
{ self, lib, minimal, ... }:
{
imports = [
"${self}/profiles/nixos/microvm"
"${self}/modules/nixos"
];
@ -10207,6 +10216,20 @@ Here I disable global completion to prevent redundant compinit calls and cache i
};
}
#+end_src
***** nautilus
#+begin_src nix-ts :tangle modules/nixos/client/nautilus.nix
{ lib, config, ... }:
{
options.swarselmodules.nautilus = lib.mkEnableOption "nautilus config";
config = lib.mkIf config.swarselmodules.nautilus {
programs.nautilus-open-any-terminal = {
enable = true;
terminal = "kitty";
};
};
}
#+end_src
***** syncthing
:PROPERTIES:
:CUSTOM_ID: h:1e6d3d56-e415-43a2-8e80-3bad8062ecf8
@ -11672,17 +11695,19 @@ Here I am forcing =startWhenNeeded= to false so that the value will not be set t
:END:
#+begin_src nix-ts :tangle modules/nixos/server/bastion.nix
{ self, lib, config, withHomeManager, ... }:
{ self, lib, config, withHomeManager, confLib, ... }:
{
options.swarselmodules.server.bastion = lib.mkEnableOption "enable bastion on server";
config = lib.mkIf config.swarselmodules.server.bastion ({
users = {
persistentIds.jump = confLib.mkIds 1001;
groups = {
jump = { };
};
users = {
"jump" = {
jump = {
autoSubUidGidRange = false;
isNormalUser = true;
useDefaultShell = true;
group = lib.mkForce "jump";
@ -11750,7 +11775,7 @@ Here I am forcing =startWhenNeeded= to false so that the value will not be set t
Restricts access to the system by the nix build user as per https://discourse.nixos.org/t/wrapper-to-restrict-builder-access-through-ssh-worth-upstreaming/25834.
#+begin_src nix-ts :tangle modules/nixos/server/ssh-builder.nix
{ self, pkgs, lib, config, ... }:
{ self, pkgs, lib, config, confLib, ... }:
let
ssh-restrict = "restrict,pty,command=\"${wrapper-dispatch-ssh-nix}/bin/wrapper-dispatch-ssh-nix\" ";
@ -11772,6 +11797,7 @@ Restricts access to the system by the nix build user as per https://discourse.ni
options.swarselmodules.server.ssh-builder = lib.mkEnableOption "enable ssh-builder config on server";
config = lib.mkIf config.swarselmodules.server.ssh-builder {
users = {
persistentIds.builder = confLib.mkIds 965;
groups.builder = { };
users.builder = {
useDefaultShell = true;
@ -13098,7 +13124,7 @@ This is the configuration to make [[#h:58c7563e-6954-42e6-a622-9d06523e8e24][Hin
:END:
#+begin_src nix-ts :tangle modules/nixos/server/mpd.nix
{ self, lib, config, pkgs, confLib, ... }:
{ lib, config, pkgs, confLib, ... }:
let
inherit (config.swarselsystems) sopsFile;
inherit (confLib.gen { name = "mpd"; port = 3254; }) servicePort serviceName serviceUser serviceGroup;
@ -13130,10 +13156,10 @@ This is the configuration to make [[#h:58c7563e-6954-42e6-a622-9d06523e8e24][Hin
mpv
];
topology.self.services.${serviceName} = {
info = "http://localhost:${builtins.toString servicePort}";
icon = lib.mkForce "${self}/files/topology-images/mpd.png";
};
# topology.self.services.${serviceName} = {
# info = "http://localhost:${builtins.toString servicePort}";
# icon = lib.mkForce "${self}/files/topology-images/mpd.png";
# };
environment.persistence."/state" = lib.mkIf config.swarselsystems.isMicroVM {
directories = [{ directory = "/var/lib/${serviceName}"; user = "mpd"; group = "mpd"; }];
@ -13298,7 +13324,7 @@ This is the configuration to make [[#h:58c7563e-6954-42e6-a622-9d06523e8e24][Hin
:END:
#+begin_src nix-ts :tangle modules/nixos/server/matrix.nix
{ self, lib, config, pkgs, globals, dns, confLib, ... }:
{ lib, config, pkgs, globals, dns, confLib, ... }:
let
inherit (config.swarselsystems) sopsFile;
inherit (confLib.gen { name = "matrix"; user = "matrix-synapse"; port = 8008; }) servicePort serviceName serviceUser serviceGroup serviceDomain serviceAddress proxyAddress4 proxyAddress6;
@ -13363,14 +13389,6 @@ This is the configuration to make [[#h:58c7563e-6954-42e6-a622-9d06523e8e24][Hin
# networking.firewall.allowedTCPPorts = [ servicePort federationPort ];
topology.self.services = lib.listToAttrs (map
(service:
lib.nameValuePair "mautrix-${service}" {
name = "mautrix-${service}";
icon = "${self}/files/topology-images/mautrix.png";
})
[ "whatsapp" "signal" "telegram" ]);
systemd = {
timers."restart-bridges" = {
wantedBy = [ "timers.target" ];
@ -14036,6 +14054,7 @@ Also I install Tika and Gotenberg, which are needed to create PDFs out of =.eml=
let
inherit (confLib.gen { name = "transmission"; port = 9091; }) serviceName servicePort serviceDomain;
inherit (confLib.static) isHome homeServiceAddress homeWebProxy nginxAccessRules;
inherit (config.swarselsystems) sopsFile;
lidarrUser = "lidarr";
lidarrGroup = lidarrUser;
@ -14057,6 +14076,10 @@ Also I install Tika and Gotenberg, which are needed to create PDFs out of =.eml=
options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} and friends on server";
config = lib.mkIf config.swarselmodules.server.${serviceName} {
sops.secrets = {
pia = { inherit sopsFile; };
};
# this user/group section is probably unneeded
users = {
persistentIds = {
@ -14141,6 +14164,17 @@ Also I install Tika and Gotenberg, which are needed to create PDFs out of =.eml=
};
services = {
pia = {
enable = true;
credentials.credentialsFile = config.sops.secrets.pia.path;
protocol = "wireguard";
autoConnect = {
enable = true;
region = "sweden";
};
portForwarding.enable = true;
dns.enable = true;
};
radarr = {
enable = true;
user = radarrUser;
@ -15406,7 +15440,8 @@ kanidm person credential create-reset-token <user>
};
};
systemd.services."generateSSLCert-${serviceName}" =
systemd.services = {
"generateSSLCert-${serviceName}" =
let
daysValid = 3650;
renewBeforeDays = 365;
@ -15458,6 +15493,12 @@ kanidm person credential create-reset-token <user>
fi
'';
};
kanidm = {
environment.KANIDM_TRUST_X_FORWARD_FOR = "true";
serviceConfig.RestartSec = "30";
};
};
# system.activationScripts."createPersistentStorageDirs" = lib.mkIf config.swarselsystems.isImpermanence {
@ -15521,7 +15562,7 @@ kanidm person credential create-reset-token <user>
# tls_key = config.sops.secrets.kanidm-self-signed-key.path;
tls_key = keyPathBase;
bindaddress = "0.0.0.0:${toString servicePort}";
trust_x_forward_for = true;
# trust_x_forward_for = true;
};
enableClient = true;
clientSettings = {
@ -15718,7 +15759,6 @@ kanidm person credential create-reset-token <user>
};
};
systemd.services.${serviceName}.serviceConfig.RestartSec = "30";
nodes = let
extraConfig = ''
@ -16126,7 +16166,7 @@ kanidm person credential create-reset-token <user>
#+begin_src nix-ts :tangle modules/nixos/server/koillection.nix
{ self, lib, config, globals, dns, confLib, ... }:
let
inherit (confLib.gen { name = "koillection"; port = 2282; dir = "/var/lib/koillection"; }) servicePort serviceName serviceUser serviceDir serviceDomain serviceAddress proxyAddress4 proxyAddress6;
inherit (confLib.gen { name = "koillection"; port = 2282; dir = "/var/lib/koillection"; }) servicePort serviceName serviceUser serviceDir serviceDomain serviceAddress proxyAddress4 proxyAddress6 topologyContainerName;
inherit (confLib.static) isHome isProxied webProxy homeWebProxy dnsServer homeProxyIf webProxyIf homeServiceAddress nginxAccessRules;
serviceDB = "koillection";
@ -16150,7 +16190,7 @@ kanidm person credential create-reset-token <user>
koillection-env-file = { inherit sopsFile; };
};
topology.self.services.${serviceName} = {
topology.nodes.${topologyContainerName}.services.${serviceName} = {
name = lib.swarselsystems.toCapitalized serviceName;
info = "https://${serviceDomain}";
icon = "${self}/files/topology-images/${serviceName}.png";
@ -16558,6 +16598,7 @@ kanidm person credential create-reset-token <user>
config = lib.mkIf config.swarselmodules.server.${serviceName} {
users = {
persistentIds.${serviceName} = confLib.mkIds 964;
groups.${serviceGroup} = { };
users.${serviceUser} = {
@ -16680,7 +16721,7 @@ kanidm person credential create-reset-token <user>
#+begin_src nix-ts :tangle modules/nixos/server/shlink.nix
{ self, lib, config, dns, globals, confLib, ... }:
let
inherit (confLib.gen { name = "shlink"; port = 8081; dir = "/var/lib/shlink"; }) servicePort serviceName serviceDomain serviceDir serviceAddress proxyAddress4 proxyAddress6;
inherit (confLib.gen { name = "shlink"; port = 8081; dir = "/var/lib/shlink"; }) servicePort serviceName serviceDomain serviceDir serviceAddress proxyAddress4 proxyAddress6 topologyContainerName;
inherit (confLib.static) isHome isProxied webProxy homeWebProxy dnsServer homeProxyIf webProxyIf homeServiceAddress nginxAccessRules;
containerRev = "sha256:1a697baca56ab8821783e0ce53eb4fb22e51bb66749ec50581adc0cb6d031d7a";
@ -16711,6 +16752,12 @@ kanidm person credential create-reset-token <user>
};
};
topology.nodes.${topologyContainerName}.services.${serviceName} = {
name = lib.swarselsystems.toCapitalized serviceName;
info = "https://${serviceDomain}";
icon = "${self}/files/topology-images/${serviceName}.png";
};
virtualisation.oci-containers.containers.${serviceName} = {
image = "shlinkio/shlink@${containerRev}";
environment = {
@ -16757,12 +16804,6 @@ kanidm person credential create-reset-token <user>
{ directory = "/var/lib/containers"; }
];
topology.self.services.${serviceName} = {
name = lib.swarselsystems.toCapitalized serviceName;
info = "https://${serviceDomain}";
icon = "${self}/files/topology-images/${serviceName}.png";
};
globals = {
networks = {
${webProxyIf}.hosts = lib.mkIf isProxied {
@ -16802,14 +16843,14 @@ Deployment notes:
- finally, disable new user registration in web ui
#+begin_src nix-ts :tangle modules/nixos/server/slink.nix
{ lib, config, dns, globals, confLib, ... }:
let
inherit (confLib.gen { name = "slink"; port = 3000; dir = "/var/lib/slink"; }) servicePort serviceName serviceDomain serviceDir serviceAddress proxyAddress4 proxyAddress6;
{ lib, config, dns, globals, confLib, ... }:
let
inherit (confLib.gen { name = "slink"; port = 3000; dir = "/var/lib/slink"; }) servicePort serviceName serviceDomain serviceDir serviceAddress proxyAddress4 proxyAddress6 topologyContainerName;
inherit (confLib.static) isHome isProxied webProxy homeWebProxy dnsServer homeProxyIf webProxyIf homeServiceAddress nginxAccessRules;
containerRev = "sha256:98b9442696f0a8cbc92f0447f54fa4bad227af5dcfd6680545fedab2ed28ddd9";
in
{
in
{
options = {
swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
};
@ -16819,6 +16860,12 @@ in
podman = true;
};
topology.nodes.${topologyContainerName}.services.${serviceName} = {
name = lib.swarselsystems.toCapitalized serviceName;
info = "https://${serviceDomain}";
icon = "services.not-available";
};
virtualisation.oci-containers.containers.${serviceName} = {
image = "anirdev/slink@${containerRev}";
environment = {
@ -16858,12 +16905,6 @@ in
{ directory = serviceDir; }
];
topology.self.services.${serviceName} = {
name = lib.swarselsystems.toCapitalized serviceName;
info = "https://${serviceDomain}";
icon = "services.not-available";
};
globals = {
networks = {
${webProxyIf}.hosts = lib.mkIf isProxied {
@ -16924,7 +16965,7 @@ in
};
};
}
}
#+end_src
**** Snipe-IT (currently unused)
@ -17901,6 +17942,15 @@ When changing the hashed passwords, =dovecot= needs to be restarted manually, it
};
config = lib.mkIf config.swarselmodules.server.${serviceName} {
users = {
persistentIds = {
knot-resolver = confLib.mkIds 963;
postfix-tlspol = confLib.mkIds 962;
roundcube = confLib.mkIds 961;
redis-rspamd = confLib.mkIds 960;
};
};
globals.services = {
${serviceName} = {
domain = serviceDomain;
@ -17950,11 +18000,12 @@ When changing the hashed passwords, =dovecot= needs to be restarted manually, it
domains = [ baseDomain ];
indexDir = "${serviceDir}/indices";
openFirewall = true;
certificateScheme = "acme";
# certificateScheme = "acme";
dmarcReporting.enable = true;
enableSubmission = true;
enableSubmissionSsl = true;
enableImapSsl = true;
x509.useACMEHost = globals.domains.main;
loginAccounts = {
"${user1}@${baseDomain}" = {
@ -19057,7 +19108,7 @@ This has some state:
homeDomains) ++ [
{
domain = "smb.${globals.domains.main}";
answer = globals.networks.home-lan.vlans.services.hosts.storage.ipv4;
answer = globals.networks.home-lan.vlans.services.hosts.summers-storage.ipv4;
enabled = true;
}
];
@ -19799,7 +19850,7 @@ Some standard options that should be set for every microvm host.
Some standard options that should be set for every microvm guest. We set the default
#+begin_src nix-ts :tangle modules/nixos/optional/microvm-guest.nix
{ self, lib, config, inputs, microVMParent, nodes, globals, confLib, ... }:
{ self, config, inputs, ... }:
{
imports = [
inputs.disko.nixosModules.disko
@ -19816,6 +19867,7 @@ Some standard options that should be set for every microvm guest. We set the def
inputs.stylix.nixosModules.stylix
inputs.swarsel-nix.nixosModules.default
inputs.nixos-nftables-firewall.nixosModules.default
inputs.pia.nixosModules.default
(inputs.nixos-extra-modules + "/modules/interface-naming.nix")
@ -21603,9 +21655,9 @@ To specify both content in Early initialization and General configuration, use l
Currently I only use it as before with =initExtra= though.
#+begin_src nix-ts :tangle modules/home/common/zsh.nix
{ self, config, pkgs, lib, minimal, globals, confLib, type, ... }:
{ self, config, pkgs, lib, minimal, globals, confLib, type, arch, ... }:
let
inherit (config.swarselsystems) flakePath isNixos;
inherit (config.swarselsystems) flakePath isNixos homeDir;
crocDomain = globals.services.croc.domain;
in
{
@ -21625,7 +21677,11 @@ Currently I only use it as before with =initExtra= though.
// lib.optionalAttrs (!minimal) {
shellAliases = lib.recursiveUpdate
{
hg = "history | grep";
nb = "nix build";
nbl = "nix build --builders \"\"";
nbo = "nix build --offline --builders \"\"";
nd = "nix develop";
ns = "nix shell";
hmswitch = lib.mkIf (!isNixos) "${lib.getExe pkgs.home-manager} --flake ${flakePath}#$(hostname) switch |& nom";
nswitch = lib.mkIf isNixos "cd ${flakePath}; swarsel-deploy $(hostname) switch; cd -;";
ntest = lib.mkIf isNixos "cd ${flakePath}; swarsel-deploy $(hostname) test; cd -;";
@ -21651,7 +21707,8 @@ Currently I only use it as before with =initExtra= though.
boot-diff = "nix store diff-closures /run/*-system";
gen-diff = "nix profile diff-closures --profile /nix/var/nix/profiles/system";
cc = "wl-copy";
build-topology = "nix build --override-input topologyPrivate ${self}/files/topology/private .#topology.x86_64-linux.config.output";
build-topology = "nix build --override-input topologyPrivate ${self}/files/topology/private ${flakePath}#topology.${arch}.config.output";
build-topology-dev = "nix build --show-trace --override-input nix-topology ${homeDir}/Documents/Private/nix-topology --override-input topologyPrivate ${self}/files/topology/private ${flakePath}#topology.${arch}.config.output";
build-iso = "nix build --print-out-paths .#live-iso";
nix-review-local = "nix run nixpkgs#nixpkgs-review -- rev HEAD";
nix-review-post = "nix run nixpkgs#nixpkgs-review -- pr --post-result --systems linux";
@ -24308,7 +24365,7 @@ Sets up a systemd user service for anki that does not stall the shutdown process
};
Service = {
ExecStart = "${pkgs.vesktop}/bin/vesktop --start-minimized --enable-speech-dispatcher --ozone-platform-hint=auto --enable-features=WaylandWindowDecorations --enable-wayland-ime";
ExecStart = "${pkgs.vesktop}/bin/vesktop --start-minimized --ozone-platform-hint=auto --enable-features=WaylandWindowDecorations --enable-wayland-ime";
};
};
};
@ -25714,12 +25771,12 @@ This service changes the screen hue at night. I am not sure if that really does
# { timeout = 600; command = ''${pkgs.sway}/bin/swaymsg "output * dpms off"; resumeCommand = "${pkgs.sway}/bin/swaymsg output * dpms on''; }
{ timeout = 600; command = "${suspend}"; }
];
events = [
events = {
# { event = "before-sleep"; command = "${lib.getExe pkgs.swaylock-effects} -f --screenshots --clock --effect-blur 7x5 --effect-vignette 0.5:0.5 --fade-in 0.2"; }
# { event = "after-resume"; command = "${swaylock} -f "; }
{ event = "before-sleep"; command = "${swaylock} -f "; }
{ event = "lock"; command = "${swaylock} -f "; }
];
before-sleep = "${swaylock} -f ";
lock = "${swaylock} -f ";
};
};
};
@ -27394,6 +27451,8 @@ In short, the options defined here are passed to the modules systems using =_mod
serviceDir = dir;
serviceAddress = address;
serviceProxy = proxy;
serviceNode = config.node.name;
topologyContainerName = "${serviceNode}-${config.virtualisation.oci-containers.backend}-${name}";
proxyAddress4 = globals.hosts.${proxy}.wanAddress4 or null;
proxyAddress6 = globals.hosts.${proxy}.wanAddress6 or null;
};
@ -29887,6 +29946,7 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a
lid = lib.mkDefault true;
login = lib.mkDefault true;
lowBattery = lib.mkDefault false;
nautilus = lib.mkDefault true;
network = lib.mkDefault true;
networkDevices = lib.mkDefault true;
nftables = lib.mkDefault true;
@ -30233,62 +30293,25 @@ This holds modules that are to be used on most hosts. These are also the most im
options.swarselprofiles.dgxspark = lib.mkEnableOption "is this a dgx spark host";
config = lib.mkIf config.swarselprofiles.dgxspark {
swarselmodules = {
anki = lib.mkDefault false;
anki-tray = lib.mkDefault false;
atuin = lib.mkDefault true;
autotiling = lib.mkDefault false;
batsignal = lib.mkDefault false;
bash = lib.mkDefault true;
blueman-applet = lib.mkDefault true;
desktop = lib.mkDefault false;
direnv = lib.mkDefault true;
element-desktop = lib.mkDefault false;
element-tray = lib.mkDefault false;
emacs = lib.mkDefault false;
env = lib.mkDefault false;
eza = lib.mkDefault true;
firefox = lib.mkDefault true;
fuzzel = lib.mkDefault true;
gammastep = lib.mkDefault false;
general = lib.mkDefault true;
git = lib.mkDefault true;
gnome-keyring = lib.mkDefault false;
gpgagent = lib.mkDefault true;
hexchat = lib.mkDefault false;
kanshi = lib.mkDefault false;
kdeconnect = lib.mkDefault false;
kitty = lib.mkDefault true;
mail = lib.mkDefault false;
mako = lib.mkDefault false;
nix-index = lib.mkDefault true;
nixgl = lib.mkDefault true;
nix-your-shell = lib.mkDefault true;
nm-applet = lib.mkDefault true;
obs-studio = lib.mkDefault false;
obsidian = lib.mkDefault false;
obsidian-tray = lib.mkDefault false;
ownpackages = lib.mkDefault false;
packages = lib.mkDefault false;
passwordstore = lib.mkDefault false;
programs = lib.mkDefault false;
sops = lib.mkDefault true;
spicetify = lib.mkDefault false;
spotify-player = lib.mkDefault false;
ssh = lib.mkDefault false;
starship = lib.mkDefault true;
stylix = lib.mkDefault true;
sway = lib.mkDefault false;
swayidle = lib.mkDefault false;
swaylock = lib.mkDefault false;
swayosd = lib.mkDefault false;
symlink = lib.mkDefault false;
tmux = lib.mkDefault true;
vesktop = lib.mkDefault false;
vesktop-tray = lib.mkDefault false;
syncthing-tray = lib.mkDefault false;
waybar = lib.mkDefault false;
yubikey = lib.mkDefault false;
yubikeytouch = lib.mkDefault false;
zellij = lib.mkDefault true;
zsh = lib.mkDefault true;
};

297
flake.lock generated
View file

@ -298,7 +298,9 @@
"dns": {
"inputs": {
"flake-utils": "flake-utils",
"nixpkgs": "nixpkgs_3"
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1768143854,
@ -316,7 +318,7 @@
},
"emacs-overlay": {
"inputs": {
"nixpkgs": "nixpkgs_4",
"nixpkgs": "nixpkgs_3",
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
@ -337,7 +339,7 @@
},
"fenix": {
"inputs": {
"nixpkgs": "nixpkgs_16",
"nixpkgs": "nixpkgs_15",
"rust-analyzer-src": "rust-analyzer-src"
},
"locked": {
@ -696,7 +698,25 @@
},
"flake-utils_6": {
"inputs": {
"systems": "systems_8"
"systems": "systems_3"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_7": {
"inputs": {
"systems": "systems_9"
},
"locked": {
"lastModified": 1731533236,
@ -891,11 +911,11 @@
]
},
"locked": {
"lastModified": 1769102673,
"narHash": "sha256-/qvRFjn1s3bIJdSKG6IpaE6ML3j9anQKUqGhmt4Qe+E=",
"lastModified": 1769622371,
"narHash": "sha256-Cs1/+P3ntxl9mOIL7/QtItBAzQJ2xjvTMHv7qw0nFV0=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "b0491fe55680bd19be8e74847969dad9d7784658",
"rev": "02d763228d8aff317e6e5a319474b6d4d9d826a5",
"type": "github"
},
"original": {
@ -952,7 +972,7 @@
"nix-eval-jobs": [
"nix-eval-jobs"
],
"nixpkgs": "nixpkgs_5"
"nixpkgs": "nixpkgs_4"
},
"locked": {
"lastModified": 1759783173,
@ -972,7 +992,7 @@
"impermanence": {
"inputs": {
"home-manager": "home-manager_2",
"nixpkgs": "nixpkgs_6"
"nixpkgs": "nixpkgs_5"
},
"locked": {
"lastModified": 1768941735,
@ -1014,7 +1034,7 @@
"lanzaboote": {
"inputs": {
"crane": "crane",
"nixpkgs": "nixpkgs_7",
"nixpkgs": "nixpkgs_6",
"pre-commit": "pre-commit",
"rust-overlay": "rust-overlay"
},
@ -1034,7 +1054,7 @@
},
"microvm": {
"inputs": {
"nixpkgs": "nixpkgs_8",
"nixpkgs": "nixpkgs_7",
"spectrum": "spectrum"
},
"locked": {
@ -1116,7 +1136,7 @@
"inputs": {
"niri-stable": "niri-stable",
"niri-unstable": "niri-unstable",
"nixpkgs": "nixpkgs_9",
"nixpkgs": "nixpkgs_8",
"nixpkgs-stable": "nixpkgs-stable_2",
"xwayland-satellite-stable": "xwayland-satellite-stable",
"xwayland-satellite-unstable": "xwayland-satellite-unstable"
@ -1187,7 +1207,7 @@
},
"nix-darwin": {
"inputs": {
"nixpkgs": "nixpkgs_10"
"nixpkgs": "nixpkgs_9"
},
"locked": {
"lastModified": 1768764703,
@ -1267,7 +1287,7 @@
"inputs": {
"flake-compat": "flake-compat_2",
"flake-utils": "flake-utils_2",
"nixpkgs": "nixpkgs_11"
"nixpkgs": "nixpkgs_10"
},
"locked": {
"lastModified": 1768962252,
@ -1287,7 +1307,7 @@
"inputs": {
"home-manager": "home-manager_3",
"nix-formatter-pack": "nix-formatter-pack",
"nixpkgs": "nixpkgs_12",
"nixpkgs": "nixpkgs_11",
"nixpkgs-docs": "nixpkgs-docs",
"nixpkgs-for-bootstrap": "nixpkgs-for-bootstrap",
"nmd": "nmd_2"
@ -1310,7 +1330,7 @@
"nix-topology": {
"inputs": {
"flake-parts": "flake-parts_2",
"nixpkgs": "nixpkgs_13"
"nixpkgs": "nixpkgs_12"
},
"locked": {
"lastModified": 1769018862,
@ -1364,7 +1384,7 @@
"nixgl": {
"inputs": {
"flake-utils": "flake-utils_3",
"nixpkgs": "nixpkgs_14"
"nixpkgs": "nixpkgs_13"
},
"locked": {
"lastModified": 1762090880,
@ -1399,7 +1419,7 @@
"inputs": {
"devshell": "devshell_2",
"flake-parts": "flake-parts_3",
"nixpkgs": "nixpkgs_15",
"nixpkgs": "nixpkgs_14",
"nixt": "nixt",
"pre-commit-hooks": "pre-commit-hooks"
},
@ -1421,7 +1441,9 @@
"nixos-generators": {
"inputs": {
"nixlib": "nixlib",
"nixpkgs": "nixpkgs_17"
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1764234087,
@ -1476,7 +1498,7 @@
"nixos-nftables-firewall": {
"inputs": {
"dependencyDagOfSubmodule": "dependencyDagOfSubmodule",
"nixpkgs": "nixpkgs_18"
"nixpkgs": "nixpkgs_16"
},
"locked": {
"lastModified": 1715521768,
@ -1805,22 +1827,6 @@
}
},
"nixpkgs_10": {
"locked": {
"lastModified": 1765934234,
"narHash": "sha256-pJjWUzNnjbIAMIc5gRFUuKCDQ9S1cuh3b2hKgA7Mc4A=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "af84f9d270d404c17699522fab95bbf928a2d92f",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_11": {
"locked": {
"lastModified": 1748929857,
"narHash": "sha256-lcZQ8RhsmhsK8u7LIFsJhsLh/pzR9yZ8yqpTzyGdj+Q=",
@ -1836,7 +1842,7 @@
"type": "github"
}
},
"nixpkgs_12": {
"nixpkgs_11": {
"locked": {
"lastModified": 1708172716,
"narHash": "sha256-3M94oln0b61m3dUmLyECCA9hYAHXZEszM4saE3CmQO4=",
@ -1851,7 +1857,7 @@
"type": "github"
}
},
"nixpkgs_13": {
"nixpkgs_12": {
"locked": {
"lastModified": 1766651565,
"narHash": "sha256-QEhk0eXgyIqTpJ/ehZKg9IKS7EtlWxF3N7DXy42zPfU=",
@ -1867,7 +1873,7 @@
"type": "github"
}
},
"nixpkgs_14": {
"nixpkgs_13": {
"locked": {
"lastModified": 1746378225,
"narHash": "sha256-OeRSuL8PUjIfL3Q0fTbNJD/fmv1R+K2JAOqWJd3Oceg=",
@ -1882,7 +1888,7 @@
"type": "github"
}
},
"nixpkgs_15": {
"nixpkgs_14": {
"locked": {
"lastModified": 1737885589,
"narHash": "sha256-Zf0hSrtzaM1DEz8//+Xs51k/wdSajticVrATqDrfQjg=",
@ -1898,7 +1904,7 @@
"type": "github"
}
},
"nixpkgs_16": {
"nixpkgs_15": {
"locked": {
"lastModified": 1677063315,
"narHash": "sha256-qiB4ajTeAOVnVSAwCNEEkoybrAlA+cpeiBxLobHndE8=",
@ -1914,23 +1920,7 @@
"type": "github"
}
},
"nixpkgs_17": {
"locked": {
"lastModified": 1736657626,
"narHash": "sha256-FWlPMUzp0lkQBdhKlPqtQdqmp+/C+1MBiEytaYfrCTY=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "2f9e2f85cb14a46410a1399aa9ea7ecf433e422e",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_18": {
"nixpkgs_16": {
"locked": {
"lastModified": 1692638711,
"narHash": "sha256-J0LgSFgJVGCC1+j5R2QndadWI1oumusg6hCtYAzLID4=",
@ -1946,6 +1936,38 @@
"type": "github"
}
},
"nixpkgs_17": {
"locked": {
"lastModified": 1769018530,
"narHash": "sha256-MJ27Cy2NtBEV5tsK+YraYr2g851f3Fl1LpNHDzDX15c=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "88d3861acdd3d2f0e361767018218e51810df8a1",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_18": {
"locked": {
"lastModified": 1720957393,
"narHash": "sha256-oedh2RwpjEa+TNxhg5Je9Ch6d3W1NKi7DbRO1ziHemA=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "693bc46d169f5af9c992095736e82c3488bf7dbb",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_19": {
"locked": {
"lastModified": 1769018530,
@ -1980,37 +2002,21 @@
},
"nixpkgs_20": {
"locked": {
"lastModified": 1720957393,
"narHash": "sha256-oedh2RwpjEa+TNxhg5Je9Ch6d3W1NKi7DbRO1ziHemA=",
"owner": "nixos",
"lastModified": 1767892417,
"narHash": "sha256-dhhvQY67aboBk8b0/u0XB6vwHdgbROZT3fJAjyNh5Ww=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "693bc46d169f5af9c992095736e82c3488bf7dbb",
"rev": "3497aa5c9457a9d88d71fa93a4a8368816fbeeba",
"type": "github"
},
"original": {
"owner": "nixos",
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_21": {
"locked": {
"lastModified": 1769018530,
"narHash": "sha256-MJ27Cy2NtBEV5tsK+YraYr2g851f3Fl1LpNHDzDX15c=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "88d3861acdd3d2f0e361767018218e51810df8a1",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_22": {
"locked": {
"lastModified": 1764947035,
"narHash": "sha256-EYHSjVM4Ox4lvCXUMiKKs2vETUSL5mx+J2FfutM7T9w=",
@ -2026,7 +2032,7 @@
"type": "github"
}
},
"nixpkgs_23": {
"nixpkgs_22": {
"locked": {
"lastModified": 1764374374,
"narHash": "sha256-naS7hg/D1yLKSZoENx9gvsPLFiNEOTcqamJSu0OEvCA=",
@ -2042,7 +2048,7 @@
"type": "github"
}
},
"nixpkgs_24": {
"nixpkgs_23": {
"locked": {
"lastModified": 1768569498,
"narHash": "sha256-bB6Nt99Cj8Nu5nIUq0GLmpiErIT5KFshMQJGMZwgqUo=",
@ -2058,7 +2064,7 @@
"type": "github"
}
},
"nixpkgs_25": {
"nixpkgs_24": {
"locked": {
"lastModified": 1768564909,
"narHash": "sha256-Kell/SpJYVkHWMvnhqJz/8DqQg2b6PguxVWOuadbHCc=",
@ -2074,7 +2080,7 @@
"type": "github"
}
},
"nixpkgs_26": {
"nixpkgs_25": {
"locked": {
"lastModified": 1767767207,
"narHash": "sha256-Mj3d3PfwltLmukFal5i3fFt27L6NiKXdBezC1EBuZs4=",
@ -2090,7 +2096,7 @@
"type": "github"
}
},
"nixpkgs_27": {
"nixpkgs_26": {
"locked": {
"lastModified": 1759733170,
"narHash": "sha256-TXnlsVb5Z8HXZ6mZoeOAIwxmvGHp1g4Dw89eLvIwKVI=",
@ -2106,7 +2112,7 @@
"type": "github"
}
},
"nixpkgs_28": {
"nixpkgs_27": {
"locked": {
"lastModified": 1767364772,
"narHash": "sha256-fFUnEYMla8b7UKjijLnMe+oVFOz6HjijGGNS1l7dYaQ=",
@ -2122,7 +2128,7 @@
"type": "github"
}
},
"nixpkgs_29": {
"nixpkgs_28": {
"locked": {
"lastModified": 1742268799,
"narHash": "sha256-IhnK4LhkBlf14/F8THvUy3xi/TxSQkp9hikfDZRD4Ic=",
@ -2138,22 +2144,7 @@
"type": "github"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1616989418,
"narHash": "sha256-LcOn5wHR/1JwClfY/Ai/b+pSRY+d23QtIPQHwPAyHHI=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "9d8e05e088ad91b7c62886a2175f38bfa443db2c",
"type": "github"
},
"original": {
"owner": "NixOS",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_30": {
"nixpkgs_29": {
"locked": {
"lastModified": 1765934234,
"narHash": "sha256-pJjWUzNnjbIAMIc5gRFUuKCDQ9S1cuh3b2hKgA7Mc4A=",
@ -2169,7 +2160,7 @@
"type": "github"
}
},
"nixpkgs_4": {
"nixpkgs_3": {
"locked": {
"lastModified": 1760284886,
"narHash": "sha256-TK9Kr0BYBQ/1P5kAsnNQhmWWKgmZXwUQr4ZMjCzWf2c=",
@ -2185,7 +2176,7 @@
"type": "github"
}
},
"nixpkgs_5": {
"nixpkgs_4": {
"locked": {
"lastModified": 1759652726,
"narHash": "sha256-2VjnimOYDRb3DZHyQ2WH2KCouFqYm9h0Rr007Al/WSA=",
@ -2201,7 +2192,7 @@
"type": "github"
}
},
"nixpkgs_6": {
"nixpkgs_5": {
"locked": {
"lastModified": 1768564909,
"narHash": "sha256-Kell/SpJYVkHWMvnhqJz/8DqQg2b6PguxVWOuadbHCc=",
@ -2217,7 +2208,7 @@
"type": "github"
}
},
"nixpkgs_7": {
"nixpkgs_6": {
"locked": {
"lastModified": 1768127708,
"narHash": "sha256-1Sm77VfZh3mU0F5OqKABNLWxOuDeHIlcFjsXeeiPazs=",
@ -2233,7 +2224,7 @@
"type": "github"
}
},
"nixpkgs_8": {
"nixpkgs_7": {
"locked": {
"lastModified": 1759381078,
"narHash": "sha256-gTrEEp5gEspIcCOx9PD8kMaF1iEmfBcTbO0Jag2QhQs=",
@ -2249,7 +2240,7 @@
"type": "github"
}
},
"nixpkgs_9": {
"nixpkgs_8": {
"locked": {
"lastModified": 1769018530,
"narHash": "sha256-MJ27Cy2NtBEV5tsK+YraYr2g851f3Fl1LpNHDzDX15c=",
@ -2265,6 +2256,22 @@
"type": "github"
}
},
"nixpkgs_9": {
"locked": {
"lastModified": 1765934234,
"narHash": "sha256-pJjWUzNnjbIAMIc5gRFUuKCDQ9S1cuh3b2hKgA7Mc4A=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "af84f9d270d404c17699522fab95bbf928a2d92f",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixt": {
"inputs": {
"flake-compat": "flake-compat_3",
@ -2361,7 +2368,7 @@
"nswitch-rcm-nix": {
"inputs": {
"flake-parts": "flake-parts_4",
"nixpkgs": "nixpkgs_20"
"nixpkgs": "nixpkgs_18"
},
"locked": {
"lastModified": 1721304043,
@ -2380,7 +2387,7 @@
"nur": {
"inputs": {
"flake-parts": "flake-parts_5",
"nixpkgs": "nixpkgs_21"
"nixpkgs": "nixpkgs_19"
},
"locked": {
"lastModified": 1769114635,
@ -2535,6 +2542,26 @@
"type": "github"
}
},
"pia": {
"inputs": {
"flake-utils": "flake-utils_6",
"nixpkgs": "nixpkgs_20"
},
"locked": {
"lastModified": 1769674747,
"narHash": "sha256-fj6i2Xay3Jz8MJHcPiJslsL+YHh2JzaJtWr7rA0ckgY=",
"owner": "Swarsel",
"repo": "pia.nix",
"rev": "7b56baf2300e49bb05d7e24f2fcd5d8ce4a40143",
"type": "github"
},
"original": {
"owner": "Swarsel",
"ref": "custom",
"repo": "pia.nix",
"type": "github"
}
},
"pre-commit": {
"inputs": {
"flake-compat": "flake-compat",
@ -2585,7 +2612,7 @@
"inputs": {
"flake-compat": "flake-compat_6",
"gitignore": "gitignore_3",
"nixpkgs": "nixpkgs_22"
"nixpkgs": "nixpkgs_21"
},
"locked": {
"lastModified": 1769069492,
@ -2626,7 +2653,7 @@
"nixos-hardware": "nixos-hardware",
"nixos-images": "nixos-images",
"nixos-nftables-firewall": "nixos-nftables-firewall",
"nixpkgs": "nixpkgs_19",
"nixpkgs": "nixpkgs_17",
"nixpkgs-bisect": "nixpkgs-bisect",
"nixpkgs-dev": "nixpkgs-dev",
"nixpkgs-kernel": "nixpkgs-kernel",
@ -2637,6 +2664,7 @@
"nixpkgs-stable25_11": "nixpkgs-stable25_11",
"nswitch-rcm-nix": "nswitch-rcm-nix",
"nur": "nur",
"pia": "pia",
"pre-commit-hooks": "pre-commit-hooks_2",
"simple-nixos-mailserver": "simple-nixos-mailserver",
"smallpkgs": "smallpkgs",
@ -2644,7 +2672,7 @@
"spicetify-nix": "spicetify-nix",
"stylix": "stylix",
"swarsel-nix": "swarsel-nix",
"systems": "systems_6",
"systems": "systems_7",
"topologyPrivate": "topologyPrivate",
"treefmt-nix": "treefmt-nix",
"vbc-nix": "vbc-nix",
@ -2764,7 +2792,7 @@
"blobs": "blobs",
"flake-compat": "flake-compat_7",
"git-hooks": "git-hooks",
"nixpkgs": "nixpkgs_23"
"nixpkgs": "nixpkgs_22"
},
"locked": {
"lastModified": 1766321686,
@ -2800,7 +2828,7 @@
},
"sops": {
"inputs": {
"nixpkgs": "nixpkgs_24"
"nixpkgs": "nixpkgs_23"
},
"locked": {
"lastModified": 1768863606,
@ -2834,8 +2862,8 @@
},
"spicetify-nix": {
"inputs": {
"nixpkgs": "nixpkgs_25",
"systems": "systems_3"
"nixpkgs": "nixpkgs_24",
"systems": "systems_4"
},
"locked": {
"lastModified": 1768656845,
@ -2938,9 +2966,9 @@
"firefox-gnome-theme": "firefox-gnome-theme",
"flake-parts": "flake-parts_6",
"gnome-shell": "gnome-shell",
"nixpkgs": "nixpkgs_26",
"nixpkgs": "nixpkgs_25",
"nur": "nur_2",
"systems": "systems_4",
"systems": "systems_5",
"tinted-foot": "tinted-foot",
"tinted-kitty": "tinted-kitty",
"tinted-schemes": "tinted-schemes",
@ -2964,8 +2992,8 @@
"swarsel-nix": {
"inputs": {
"flake-parts": "flake-parts_7",
"nixpkgs": "nixpkgs_27",
"systems": "systems_5"
"nixpkgs": "nixpkgs_26",
"systems": "systems_6"
},
"locked": {
"lastModified": 1760190732,
@ -3073,6 +3101,21 @@
}
},
"systems_7": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_8": {
"locked": {
"lastModified": 1689347949,
"narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=",
@ -3087,7 +3130,7 @@
"type": "github"
}
},
"systems_8": {
"systems_9": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
@ -3196,7 +3239,7 @@
},
"treefmt-nix": {
"inputs": {
"nixpkgs": "nixpkgs_28"
"nixpkgs": "nixpkgs_27"
},
"locked": {
"lastModified": 1768158989,
@ -3214,8 +3257,8 @@
},
"vbc-nix": {
"inputs": {
"nixpkgs": "nixpkgs_29",
"systems": "systems_7"
"nixpkgs": "nixpkgs_28",
"systems": "systems_8"
},
"locked": {
"lastModified": 1742477270,
@ -3291,8 +3334,8 @@
"zjstatus": {
"inputs": {
"crane": "crane_3",
"flake-utils": "flake-utils_6",
"nixpkgs": "nixpkgs_30",
"flake-utils": "flake-utils_7",
"nixpkgs": "nixpkgs_29",
"rust-overlay": "rust-overlay_3"
},
"locked": {

15
flake.nix
View file

@ -37,13 +37,22 @@
home-manager = {
url = "github:nix-community/home-manager";
# url = "github:Swarsel/home-manager/main";
inputs.nixpkgs.follows = "nixpkgs";
};
nix-index-database = {
url = "github:nix-community/nix-index-database";
inputs.nixpkgs.follows = "nixpkgs";
};
dns = {
url = "github:kirelagin/dns.nix";
inputs.nixpkgs.follows = "nixpkgs";
};
nixos-generators = {
url = "github:nix-community/nixos-generators";
inputs.nixpkgs.follows = "nixpkgs";
};
topologyPrivate.url = "./files/topology/public";
# emacs-overlay.url = "github:nix-community/emacs-overlay";
emacs-overlay.url = "github:nix-community/emacs-overlay/aba8daa237dc07a3bb28a61c252a718e8eb38057?narHash=sha256-4OXXccXsY1sBXTXjYIthdjXLAotozSh4F8StGRuLyMQ%3D";
@ -55,7 +64,6 @@
sops.url = "github:Mic92/sops-nix";
lanzaboote.url = "github:nix-community/lanzaboote";
nix-on-droid.url = "github:nix-community/nix-on-droid/release-24.05";
nixos-generators.url = "github:nix-community/nixos-generators";
nixos-images.url = "github:Swarsel/nixos-images/main";
nixos-hardware.url = "github:NixOS/nixos-hardware/master";
nswitch-rcm-nix.url = "github:Swarsel/nswitch-rcm-nix";
@ -73,11 +81,10 @@
nixos-extra-modules.url = "github:oddlama/nixos-extra-modules/main";
microvm.url = "github:astro/microvm.nix";
treefmt-nix.url = "github:numtide/treefmt-nix";
dns.url = "github:kirelagin/dns.nix";
nix-minecraft.url = "github:Infinidoge/nix-minecraft";
simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/master";
nixos-nftables-firewall.url = "github:thelegy/nixos-nftables-firewall";
topologyPrivate.url = "./files/topology/public";
pia.url = "github:Swarsel/pia.nix/custom";
};
outputs =

1
hosts/nixos/x86_64-linux/summers/guests/transmission/default.nix
View file

@ -1,6 +1,7 @@
{ self, lib, minimal, ... }:
{
imports = [
"${self}/profiles/nixos/microvm"
"${self}/modules/nixos"
];

5
hosts/nixos/x86_64-linux/summers/secrets/transmission/secrets.yaml
View file

@ -1,4 +1,5 @@
wireguard-private-key: ENC[AES256_GCM,data:o3wV7UI5BSV9YU0uaumgfFWBJlgMewpUqOusvcGWxOW8dSrT/aqpT9iu1K0=,iv:fNf6fOL8KcYBxmfFLi5K/qPmNfon16HE1fgQ86qNDNU=,tag:BoRbtrw7jvENAn5wiP/sWQ==,type:str]
pia: ENC[AES256_GCM,data:9bMMSavvHTC5UM24W+Gsy69VQdc=,iv:pRd18+/Yy8BWp/kybOqM1VPpIkS7vLSWXZ93PZT+mAk=,tag:DYiiv3+zl8N9UR2X4Yv58A==,type:str]
sops:
age:
- recipient: age14sjyqch8tzqexk2gv0qgrrg09f0s6hvwhsgjac3vs6sc5rzgpcxsyqda6u
@ -19,8 +20,8 @@ sops:
aEg5NzQxeVZPaUY1bTBBa1ZidXJrS2MKUCsDOnsmpOZTQsnvdYguDK8uH4FetcXq
nKzlSJ8zvYXzb91PfCcjYbp3ttUGeeJLVPnrD42+3i8H2U8btSrR8w==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2026-01-07T13:36:52Z"
mac: ENC[AES256_GCM,data:Sb9HItfMt5WaTYJw1/OcPVR3SBKzAifgK0NTwSb59ByxAsaOhkXrGL2cx+6p7QpVBw2V9duiFVmZhOp9vW2clCQX2RwiSAxaRLcDtVIoqB7YfmiNTdzrEDFHJNndbT6Vs0qOb42tjMyKXGZIcrA55G3Vh8S5Qy5w3IW4CSwI20U=,iv:pRjPa71yPRy4X29IPjk9Jju4JZkhIK2uucgK/dBX4L8=,tag:2RD746vX1mlQu3GyDELF8w==,type:str]
lastmodified: "2026-01-28T11:27:02Z"
mac: ENC[AES256_GCM,data:7QTzIr3m0Gip66y+RNZrmmbUTn1jm+7PrEPerH/iw1resKHU5g+I3cumNqPt+iJYIbvNJmzfi5g6qLyjvcIjMFK8gy+RAkQ86r3zd9O0sWd9Nyd8OWstl/8srxGQNK8gWNEFIF97Dz2Hs26WYHa5NTWrZkyblFjJ2a1EiL+mNzo=,iv:aTF8ew4Ucu+QqiOz10F+KyuLb1Ukz6Q674SoSdYQxOM=,tag:5UeUHsJlKiwKfC7VwoEltg==,type:str]
pgp:
- created_at: "2026-01-12T22:05:42Z"
enc: |-

8
modules/home/common/swayidle.nix
View file

@ -22,12 +22,12 @@ in
# { timeout = 600; command = ''${pkgs.sway}/bin/swaymsg "output * dpms off"; resumeCommand = "${pkgs.sway}/bin/swaymsg output * dpms on''; }
{ timeout = 600; command = "${suspend}"; }
];
events = [
events = {
# { event = "before-sleep"; command = "${lib.getExe pkgs.swaylock-effects} -f --screenshots --clock --effect-blur 7x5 --effect-vignette 0.5:0.5 --fade-in 0.2"; }
# { event = "after-resume"; command = "${swaylock} -f "; }
{ event = "before-sleep"; command = "${swaylock} -f "; }
{ event = "lock"; command = "${swaylock} -f "; }
];
before-sleep = "${swaylock} -f ";
lock = "${swaylock} -f ";
};
};
};

2
modules/home/common/vesktop-tray.nix
View file

@ -19,7 +19,7 @@
};
Service = {
ExecStart = "${pkgs.vesktop}/bin/vesktop --start-minimized --enable-speech-dispatcher --ozone-platform-hint=auto --enable-features=WaylandWindowDecorations --enable-wayland-ime";
ExecStart = "${pkgs.vesktop}/bin/vesktop --start-minimized --ozone-platform-hint=auto --enable-features=WaylandWindowDecorations --enable-wayland-ime";
};
};
};

13
modules/home/common/zsh.nix
View file

@ -1,6 +1,6 @@
{ self, config, pkgs, lib, minimal, globals, confLib, type, ... }:
{ self, config, pkgs, lib, minimal, globals, confLib, type, arch, ... }:
let
inherit (config.swarselsystems) flakePath isNixos;
inherit (config.swarselsystems) flakePath isNixos homeDir;
crocDomain = globals.services.croc.domain;
in
{
@ -20,7 +20,11 @@ in
// lib.optionalAttrs (!minimal) {
shellAliases = lib.recursiveUpdate
{
hg = "history | grep";
nb = "nix build";
nbl = "nix build --builders \"\"";
nbo = "nix build --offline --builders \"\"";
nd = "nix develop";
ns = "nix shell";
hmswitch = lib.mkIf (!isNixos) "${lib.getExe pkgs.home-manager} --flake ${flakePath}#$(hostname) switch |& nom";
nswitch = lib.mkIf isNixos "cd ${flakePath}; swarsel-deploy $(hostname) switch; cd -;";
ntest = lib.mkIf isNixos "cd ${flakePath}; swarsel-deploy $(hostname) test; cd -;";
@ -46,7 +50,8 @@ in
boot-diff = "nix store diff-closures /run/*-system";
gen-diff = "nix profile diff-closures --profile /nix/var/nix/profiles/system";
cc = "wl-copy";
build-topology = "nix build --override-input topologyPrivate ${self}/files/topology/private .#topology.x86_64-linux.config.output";
build-topology = "nix build --override-input topologyPrivate ${self}/files/topology/private ${flakePath}#topology.${arch}.config.output";
build-topology-dev = "nix build --show-trace --override-input nix-topology ${homeDir}/Documents/Private/nix-topology --override-input topologyPrivate ${self}/files/topology/private ${flakePath}#topology.${arch}.config.output";
build-iso = "nix build --print-out-paths .#live-iso";
nix-review-local = "nix run nixpkgs#nixpkgs-review -- rev HEAD";
nix-review-post = "nix run nixpkgs#nixpkgs-review -- pr --post-result --systems linux";

10
modules/nixos/client/nautilus.nix Normal file
View file

@ -0,0 +1,10 @@
{ lib, config, ... }:
{
options.swarselmodules.nautilus = lib.mkEnableOption "nautilus config";
config = lib.mkIf config.swarselmodules.nautilus {
programs.nautilus-open-any-terminal = {
enable = true;
terminal = "kitty";
};
};
}

3
modules/nixos/optional/microvm-guest.nix
View file

@ -1,4 +1,4 @@
{ self, lib, config, inputs, microVMParent, nodes, globals, confLib, ... }:
{ self, config, inputs, ... }:
{
imports = [
inputs.disko.nixosModules.disko
@ -15,6 +15,7 @@
inputs.stylix.nixosModules.stylix
inputs.swarsel-nix.nixosModules.default
inputs.nixos-nftables-firewall.nixosModules.default
inputs.pia.nixosModules.default
(inputs.nixos-extra-modules + "/modules/interface-naming.nix")

2
modules/nixos/server/adguardhome.nix
View file

@ -70,7 +70,7 @@ in
homeDomains) ++ [
{
domain = "smb.${globals.domains.main}";
answer = globals.networks.home-lan.vlans.services.hosts.storage.ipv4;
answer = globals.networks.home-lan.vlans.services.hosts.summers-storage.ipv4;
enabled = true;
}
];

6
modules/nixos/server/bastion.nix
View file

@ -1,14 +1,16 @@
{ self, lib, config, withHomeManager, ... }:
{ self, lib, config, withHomeManager, confLib, ... }:
{
options.swarselmodules.server.bastion = lib.mkEnableOption "enable bastion on server";
config = lib.mkIf config.swarselmodules.server.bastion ({
users = {
persistentIds.jump = confLib.mkIds 1001;
groups = {
jump = { };
};
users = {
"jump" = {
jump = {
autoSubUidGidRange = false;
isNormalUser = true;
useDefaultShell = true;
group = lib.mkForce "jump";

12
modules/nixos/server/kanidm.nix
View file

@ -93,7 +93,8 @@ in
};
};
systemd.services."generateSSLCert-${serviceName}" =
systemd.services = {
"generateSSLCert-${serviceName}" =
let
daysValid = 3650;
renewBeforeDays = 365;
@ -145,6 +146,12 @@ in
fi
'';
};
kanidm = {
environment.KANIDM_TRUST_X_FORWARD_FOR = "true";
serviceConfig.RestartSec = "30";
};
};
# system.activationScripts."createPersistentStorageDirs" = lib.mkIf config.swarselsystems.isImpermanence {
@ -208,7 +215,7 @@ in
# tls_key = config.sops.secrets.kanidm-self-signed-key.path;
tls_key = keyPathBase;
bindaddress = "0.0.0.0:${toString servicePort}";
trust_x_forward_for = true;
# trust_x_forward_for = true;
};
enableClient = true;
clientSettings = {
@ -405,7 +412,6 @@ in
};
};
systemd.services.${serviceName}.serviceConfig.RestartSec = "30";
nodes =
let

4
modules/nixos/server/koillection.nix
View file

@ -1,6 +1,6 @@
{ self, lib, config, globals, dns, confLib, ... }:
let
inherit (confLib.gen { name = "koillection"; port = 2282; dir = "/var/lib/koillection"; }) servicePort serviceName serviceUser serviceDir serviceDomain serviceAddress proxyAddress4 proxyAddress6;
inherit (confLib.gen { name = "koillection"; port = 2282; dir = "/var/lib/koillection"; }) servicePort serviceName serviceUser serviceDir serviceDomain serviceAddress proxyAddress4 proxyAddress6 topologyContainerName;
inherit (confLib.static) isHome isProxied webProxy homeWebProxy dnsServer homeProxyIf webProxyIf homeServiceAddress nginxAccessRules;
serviceDB = "koillection";
@ -24,7 +24,7 @@ in
koillection-env-file = { inherit sopsFile; };
};
topology.self.services.${serviceName} = {
topology.nodes.${topologyContainerName}.services.${serviceName} = {
name = lib.swarselsystems.toCapitalized serviceName;
info = "https://${serviceDomain}";
icon = "${self}/files/topology-images/${serviceName}.png";

12
modules/nixos/server/mailserver.nix
View file

@ -16,6 +16,15 @@ in
};
config = lib.mkIf config.swarselmodules.server.${serviceName} {
users = {
persistentIds = {
knot-resolver = confLib.mkIds 963;
postfix-tlspol = confLib.mkIds 962;
roundcube = confLib.mkIds 961;
redis-rspamd = confLib.mkIds 960;
};
};
globals.services = {
${serviceName} = {
domain = serviceDomain;
@ -65,11 +74,12 @@ in
domains = [ baseDomain ];
indexDir = "${serviceDir}/indices";
openFirewall = true;
certificateScheme = "acme";
# certificateScheme = "acme";
dmarcReporting.enable = true;
enableSubmission = true;
enableSubmissionSsl = true;
enableImapSsl = true;
x509.useACMEHost = globals.domains.main;
loginAccounts = {
"${user1}@${baseDomain}" = {

10
modules/nixos/server/matrix.nix
View file

@ -1,4 +1,4 @@
{ self, lib, config, pkgs, globals, dns, confLib, ... }:
{ lib, config, pkgs, globals, dns, confLib, ... }:
let
inherit (config.swarselsystems) sopsFile;
inherit (confLib.gen { name = "matrix"; user = "matrix-synapse"; port = 8008; }) servicePort serviceName serviceUser serviceGroup serviceDomain serviceAddress proxyAddress4 proxyAddress6;
@ -63,14 +63,6 @@ in
# networking.firewall.allowedTCPPorts = [ servicePort federationPort ];
topology.self.services = lib.listToAttrs (map
(service:
lib.nameValuePair "mautrix-${service}" {
name = "mautrix-${service}";
icon = "${self}/files/topology-images/mautrix.png";
})
[ "whatsapp" "signal" "telegram" ]);
systemd = {
timers."restart-bridges" = {
wantedBy = [ "timers.target" ];

1
modules/nixos/server/microbin.nix
View file

@ -12,6 +12,7 @@ in
config = lib.mkIf config.swarselmodules.server.${serviceName} {
users = {
persistentIds.${serviceName} = confLib.mkIds 964;
groups.${serviceGroup} = { };
users.${serviceUser} = {

10
modules/nixos/server/mpd.nix
View file

@ -1,4 +1,4 @@
{ self, lib, config, pkgs, confLib, ... }:
{ lib, config, pkgs, confLib, ... }:
let
inherit (config.swarselsystems) sopsFile;
inherit (confLib.gen { name = "mpd"; port = 3254; }) servicePort serviceName serviceUser serviceGroup;
@ -30,10 +30,10 @@ in
mpv
];
topology.self.services.${serviceName} = {
info = "http://localhost:${builtins.toString servicePort}";
icon = lib.mkForce "${self}/files/topology-images/mpd.png";
};
# topology.self.services.${serviceName} = {
# info = "http://localhost:${builtins.toString servicePort}";
# icon = lib.mkForce "${self}/files/topology-images/mpd.png";
# };
environment.persistence."/state" = lib.mkIf config.swarselsystems.isMicroVM {
directories = [{ directory = "/var/lib/${serviceName}"; user = "mpd"; group = "mpd"; }];

14
modules/nixos/server/shlink.nix
View file

@ -1,6 +1,6 @@
{ self, lib, config, dns, globals, confLib, ... }:
let
inherit (confLib.gen { name = "shlink"; port = 8081; dir = "/var/lib/shlink"; }) servicePort serviceName serviceDomain serviceDir serviceAddress proxyAddress4 proxyAddress6;
inherit (confLib.gen { name = "shlink"; port = 8081; dir = "/var/lib/shlink"; }) servicePort serviceName serviceDomain serviceDir serviceAddress proxyAddress4 proxyAddress6 topologyContainerName;
inherit (confLib.static) isHome isProxied webProxy homeWebProxy dnsServer homeProxyIf webProxyIf homeServiceAddress nginxAccessRules;
containerRev = "sha256:1a697baca56ab8821783e0ce53eb4fb22e51bb66749ec50581adc0cb6d031d7a";
@ -31,6 +31,12 @@ in
};
};
topology.nodes.${topologyContainerName}.services.${serviceName} = {
name = lib.swarselsystems.toCapitalized serviceName;
info = "https://${serviceDomain}";
icon = "${self}/files/topology-images/${serviceName}.png";
};
virtualisation.oci-containers.containers.${serviceName} = {
image = "shlinkio/shlink@${containerRev}";
environment = {
@ -77,12 +83,6 @@ in
{ directory = "/var/lib/containers"; }
];
topology.self.services.${serviceName} = {
name = lib.swarselsystems.toCapitalized serviceName;
info = "https://${serviceDomain}";
icon = "${self}/files/topology-images/${serviceName}.png";
};
globals = {
networks = {
${webProxyIf}.hosts = lib.mkIf isProxied {

14
modules/nixos/server/slink.nix
View file

@ -1,6 +1,6 @@
{ lib, config, dns, globals, confLib, ... }:
let
inherit (confLib.gen { name = "slink"; port = 3000; dir = "/var/lib/slink"; }) servicePort serviceName serviceDomain serviceDir serviceAddress proxyAddress4 proxyAddress6;
inherit (confLib.gen { name = "slink"; port = 3000; dir = "/var/lib/slink"; }) servicePort serviceName serviceDomain serviceDir serviceAddress proxyAddress4 proxyAddress6 topologyContainerName;
inherit (confLib.static) isHome isProxied webProxy homeWebProxy dnsServer homeProxyIf webProxyIf homeServiceAddress nginxAccessRules;
containerRev = "sha256:98b9442696f0a8cbc92f0447f54fa4bad227af5dcfd6680545fedab2ed28ddd9";
@ -15,6 +15,12 @@ in
podman = true;
};
topology.nodes.${topologyContainerName}.services.${serviceName} = {
name = lib.swarselsystems.toCapitalized serviceName;
info = "https://${serviceDomain}";
icon = "services.not-available";
};
virtualisation.oci-containers.containers.${serviceName} = {
image = "anirdev/slink@${containerRev}";
environment = {
@ -54,12 +60,6 @@ in
{ directory = serviceDir; }
];
topology.self.services.${serviceName} = {
name = lib.swarselsystems.toCapitalized serviceName;
info = "https://${serviceDomain}";
icon = "services.not-available";
};
globals = {
networks = {
${webProxyIf}.hosts = lib.mkIf isProxied {

3
modules/nixos/server/ssh-builder.nix
View file

@ -1,4 +1,4 @@
{ self, pkgs, lib, config, ... }:
{ self, pkgs, lib, config, confLib, ... }:
let
ssh-restrict = "restrict,pty,command=\"${wrapper-dispatch-ssh-nix}/bin/wrapper-dispatch-ssh-nix\" ";
@ -20,6 +20,7 @@ in
options.swarselmodules.server.ssh-builder = lib.mkEnableOption "enable ssh-builder config on server";
config = lib.mkIf config.swarselmodules.server.ssh-builder {
users = {
persistentIds.builder = confLib.mkIds 965;
groups.builder = { };
users.builder = {
useDefaultShell = true;

16
modules/nixos/server/transmission.nix
View file

@ -2,6 +2,7 @@
let
inherit (confLib.gen { name = "transmission"; port = 9091; }) serviceName servicePort serviceDomain;
inherit (confLib.static) isHome homeServiceAddress homeWebProxy nginxAccessRules;
inherit (config.swarselsystems) sopsFile;
lidarrUser = "lidarr";
lidarrGroup = lidarrUser;
@ -23,6 +24,10 @@ in
options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} and friends on server";
config = lib.mkIf config.swarselmodules.server.${serviceName} {
sops.secrets = {
pia = { inherit sopsFile; };
};
# this user/group section is probably unneeded
users = {
persistentIds = {
@ -107,6 +112,17 @@ in
};
services = {
pia = {
enable = true;
credentials.credentialsFile = config.sops.secrets.pia.path;
protocol = "wireguard";
autoConnect = {
enable = true;
region = "sweden";
};
portForwarding.enable = true;
dns.enable = true;
};
radarr = {
enable = true;
user = radarrUser;

2
modules/shared/config-lib.nix
View file

@ -33,6 +33,8 @@ in
serviceDir = dir;
serviceAddress = address;
serviceProxy = proxy;
serviceNode = config.node.name;
topologyContainerName = "${serviceNode}-${config.virtualisation.oci-containers.backend}-${name}";
proxyAddress4 = globals.hosts.${proxy}.wanAddress4 or null;
proxyAddress6 = globals.hosts.${proxy}.wanAddress6 or null;
};

1
nix/hosts.nix
View file

@ -33,6 +33,7 @@
inputs.stylix.nixosModules.stylix
inputs.swarsel-nix.nixosModules.default
inputs.nixos-nftables-firewall.nixosModules.default
inputs.pia.nixosModules.default
(inputs.nixos-extra-modules + "/modules/guests")
(inputs.nixos-extra-modules + "/modules/interface-naming.nix")
"${self}/hosts/nixos/${arch}/${configName}"

2
nix/topology.nix
View file

@ -157,7 +157,7 @@
};
};
switch-bedroom = mkDevice "Switch Bedroom" {
switch-bedroom = mkSwitch "Switch Bedroom" {
info = "Cisco SG 200-08";
image = "${self}/files/topology-images/Cisco_SG_200-08.png";
interfaceGroups = [

37
profiles/home/dgxspark/default.nix
View file

@ -3,62 +3,25 @@
options.swarselprofiles.dgxspark = lib.mkEnableOption "is this a dgx spark host";
config = lib.mkIf config.swarselprofiles.dgxspark {
swarselmodules = {
anki = lib.mkDefault false;
anki-tray = lib.mkDefault false;
atuin = lib.mkDefault true;
autotiling = lib.mkDefault false;
batsignal = lib.mkDefault false;
bash = lib.mkDefault true;
blueman-applet = lib.mkDefault true;
desktop = lib.mkDefault false;
direnv = lib.mkDefault true;
element-desktop = lib.mkDefault false;
element-tray = lib.mkDefault false;
emacs = lib.mkDefault false;
env = lib.mkDefault false;
eza = lib.mkDefault true;
firefox = lib.mkDefault true;
fuzzel = lib.mkDefault true;
gammastep = lib.mkDefault false;
general = lib.mkDefault true;
git = lib.mkDefault true;
gnome-keyring = lib.mkDefault false;
gpgagent = lib.mkDefault true;
hexchat = lib.mkDefault false;
kanshi = lib.mkDefault false;
kdeconnect = lib.mkDefault false;
kitty = lib.mkDefault true;
mail = lib.mkDefault false;
mako = lib.mkDefault false;
nix-index = lib.mkDefault true;
nixgl = lib.mkDefault true;
nix-your-shell = lib.mkDefault true;
nm-applet = lib.mkDefault true;
obs-studio = lib.mkDefault false;
obsidian = lib.mkDefault false;
obsidian-tray = lib.mkDefault false;
ownpackages = lib.mkDefault false;
packages = lib.mkDefault false;
passwordstore = lib.mkDefault false;
programs = lib.mkDefault false;
sops = lib.mkDefault true;
spicetify = lib.mkDefault false;
spotify-player = lib.mkDefault false;
ssh = lib.mkDefault false;
starship = lib.mkDefault true;
stylix = lib.mkDefault true;
sway = lib.mkDefault false;
swayidle = lib.mkDefault false;
swaylock = lib.mkDefault false;
swayosd = lib.mkDefault false;
symlink = lib.mkDefault false;
tmux = lib.mkDefault true;
vesktop = lib.mkDefault false;
vesktop-tray = lib.mkDefault false;
syncthing-tray = lib.mkDefault false;
waybar = lib.mkDefault false;
yubikey = lib.mkDefault false;
yubikeytouch = lib.mkDefault false;
zellij = lib.mkDefault true;
zsh = lib.mkDefault true;
};

1
profiles/nixos/personal/default.nix
View file

@ -25,6 +25,7 @@
lid = lib.mkDefault true;
login = lib.mkDefault true;
lowBattery = lib.mkDefault false;
nautilus = lib.mkDefault true;
network = lib.mkDefault true;
networkDevices = lib.mkDefault true;
nftables = lib.mkDefault true;