diff --git a/SwarselSystems.org b/SwarselSystems.org index 745c2cd..684ed8d 100644 --- a/SwarselSystems.org +++ b/SwarselSystems.org @@ -317,9 +317,9 @@ This sections is for common NixoS settings that I use for my NixoS LXC images th services = { - xserver = { + xserver.xkb = { layout = "us"; - xkbVariant = "altgr-intl"; + variant = "altgr-intl"; }; openssh = { enable = true; @@ -417,6 +417,8 @@ A short overview over each input and what it does: Allows auto injection of payloads upon connecting a Nintendo Switch. - [[https://github.com/nix-community/nix-index-database][nix-index-database]] This provides a database for =nix-index= that is updated weekly. This allows for declarative management, without needing to run the =nix-index= command for database assembly. +- [[https://github.com/nix-community/disko][disko]] + disko provides declarative disk partitioning, which I use for impermanence as well as [[https://github.com/nix-community/nixos-anywhere][nixos-anywhere]]. #+begin_src nix :tangle no :noweb-ref flakeinputs @@ -425,6 +427,8 @@ A short overview over each input and what it does: nixpkgs-stable.url = "github:NixOS/nixpkgs/nixos-24.05"; + systems.url = "github:nix-systems/default-linux"; + # user-level configuration home-manager = { url = "github:nix-community/home-manager"; @@ -487,6 +491,10 @@ A short overview over each input and what it does: inputs.nixpkgs.follows = "nixpkgs"; }; + disko = { + url = "github:nix-community/disko"; + inputs.nixpkgs.follows = "nixpkgs"; + }; #+end_src *** let :PROPERTIES: @@ -498,49 +506,39 @@ Here I define a few variables that I need for my system specifications. First an Lastly I define some common module lists that I can simply load depending on the fundamental system (NixOS vs. non-NixOS). #+begin_src nix :tangle no :noweb-ref flakelet + inherit (self) outputs; + lib = nixpkgs.lib // home-manager.lib; - forAllSystems = nixpkgs.lib.genAttrs [ - "aarch64-linux" - "i686-linux" - "x86_64-linux" - "aarch64-darwin" - "x86_64-darwin" - ]; + forEachSystem = f: lib.genAttrs (import systems) (system: f pkgsFor.${system}); + pkgsFor = lib.genAttrs (import systems) ( + system: + import nixpkgs { + inherit system; + config.allowUnfree = true; + } + ); # pkgs for home-manager builds homepkgs = import nixpkgs { system = "x86_64-linux"; - overlays = [ emacs-overlay.overlay - nur.overlay - nixgl.overlay - (final: _prev: { - stable = import nixpkgs-stable { - inherit (final) system config; - }; - }) - ]; - config.allowUnfree = true; - }; + overlays = [ inputs.emacs-overlay.overlay + inputs.nur.overlay + inputs.nixgl.overlay + (final: _prev: { + stable = import inputs.nixpkgs-stable { + inherit (final) system config; + }; + }) + ]; + config.allowUnfree = true; + }; # NixOS modules that can only be used on NixOS systems nixModules = [ (_: { nix.extraOptions = "experimental-features = nix-command flakes"; }) - ({ inputs, config, ... }: { - nixpkgs = { - overlays = [ - (import ./overlays { inherit inputs; }).additions - (import ./overlays { inherit inputs; }).modifications - (import ./overlays { inherit inputs; }).nixpkgs-stable - inputs.nur.overlay - inputs.emacs-overlay.overlay - inputs.nixgl.overlay - ]; - config.allowUnfree = true; - }; - }) inputs.stylix.nixosModules.stylix inputs.sops-nix.nixosModules.sops inputs.nswitch-rcm-nix.nixosModules.nswitch-rcm - ./profiles/common/nixos.nix + ./profiles/common/nixos ]; # Home-Manager modules wanted on non-NixOS systems @@ -552,7 +550,7 @@ Lastly I define some common module lists that I can simply load depending on the mixedModules = [ inputs.sops-nix.homeManagerModules.sops inputs.nix-index-database.hmModules.nix-index - ./profiles/common/home.nix + ./profiles/common/home ]; #+end_src @@ -560,23 +558,28 @@ Lastly I define some common module lists that I can simply load depending on the #+begin_src nix :tangle no :noweb-ref flakeoutputgeneral - packages = forAllSystems (system: - let pkgs = nixpkgs.legacyPackages.${system}; in import ./pkgs { inherit pkgs; }); - devShells = forAllSystems - (system: - let pkgs = nixpkgs.legacyPackages.${system}; - in - { - default = pkgs.mkShell { - # Enable experimental features without having to specify the argument - NIX_CONFIG = "experimental-features = nix-command flakes"; - nativeBuildInputs = [ pkgs.nix pkgs.home-manager pkgs.git ]; - }; - }); - formatter = forAllSystems (system: - let pkgs = nixpkgs.legacyPackages.${system}; - in pkgs.nixpkgs-fmt); - overlays = import ./overlays { inherit inputs; }; + inherit lib; + inherit mixedModules; + packages = forEachSystem (pkgs: import ./pkgs { inherit pkgs; }); + devShells = forEachSystem + (pkgs: + { + default = pkgs.mkShell { + # Enable experimental features without having to specify the argument + NIX_CONFIG = "experimental-features = nix-command flakes"; + nativeBuildInputs = [ pkgs.nix pkgs.home-manager pkgs.git ]; + }; + }); + formatter = forEachSystem (pkgs: pkgs.nixpkgs-fmt); + overlays = [ + (import ./overlays { inherit inputs; }).additions + (import ./overlays { inherit inputs; }).modifications + (import ./overlays { inherit inputs; }).nixpkgs-stable + inputs.nur.overlay + inputs.emacs-overlay.overlay + inputs.nixgl.overlay + ]; + #+end_src @@ -594,6 +597,8 @@ This section is the biggest pain point of the configuration. For every system, I sandbox = nixpkgs.lib.nixosSystem { specialArgs = { inherit inputs; }; modules = [ + inputs.disko.nixosModules.disko + ./profiles/sandbox/disk-config.nix inputs.sops-nix.nixosModules.sops ./profiles/sandbox/nixos.nix ]; @@ -613,17 +618,10 @@ This section is the biggest pain point of the configuration. For every system, I ]; }; - fourside = nixpkgs.lib.nixosSystem { - specialArgs = { inherit inputs; }; - modules = nixModules ++ [ - inputs.nixos-hardware.nixosModules.lenovo-thinkpad-p14s-amd-gen2 - ./profiles/fourside/nixos.nix - inputs.home-manager.nixosModules.home-manager - { - home-manager.users.swarsel.imports = mixedModules ++ [ - ./profiles/fourside/home.nix - ]; - } + fourside = lib.nixosSystem { + specialArgs = { inherit inputs outputs; }; + modules = nixModules ++ [ + ./profiles/fourside ]; }; @@ -854,9 +852,9 @@ No matter what you do, check the initial /etc/nixos/configuration.nix for notabl <> # Configure keymap in X11 (only used for login) - services.xserver = { + services.xserver.xkb = { layout = "us"; - xkbVariant = "altgr-intl"; + variant = "altgr-intl"; }; users.users.TEMPLATE = { @@ -985,823 +983,826 @@ My old laptop, replaced by a new one, since most basic functions have stopped to :END: #+begin_src nix :noweb yes :tangle profiles/sandbox/nixos.nix -{ config, pkgs, sops, ... }: -let - matrixDomain = "swatrix.swarsel.win"; -in -{ + { config, pkgs, sops, ... }: + let + matrixDomain = "swatrix.swarsel.win"; + in + { - imports = [ - ./hardware-configuration.nix - ]; - - boot.loader.grub = { - enable = true; - device = "/dev/sda"; - useOSProber = true; - supportedFilesystems = [ "zfs" ]; - zfs.forceImportRoot = false; - kernelModules = [ "tun" ]; - kernel.sysctl = { - "net.ipv4.conf.all.rp_filter" = 2; - "net.ipv4.conf.default.rp_filter" = 2; - "net.ipv4.conf.enp7s0.rp_filter" = 2; - }; - }; - - networking = { - hostId = "8a8ad84a"; - hostName = "sandbox"; # Define your hostname. - enableIPv6 = true; - firewall.enable = false; - firewall.extraCommands = '' - sudo iptables -A OUTPUT ! -o lo -m owner --uid-owner vpn -j DROP - ''; - iproute2 = { - enable = true; - rttablesExtraConfig = '' - 200 vpn - ''; - }; - }; - - hardware.graphics = { - enable = true; - hardware.enableAllFirmware = true; - extraPackages = with pkgs; [ - intel-media-driver # LIBVA_DRIVER_NAME=iHD - vaapiIntel # LIBVA_DRIVER_NAME=i965 (older but works better for Firefox/Chromium) - vaapiVdpau - libvdpau-va-gl + imports = [ + ./hardware-configuration.nix ]; - }; - sound = { - enable = true; - }; - - users = { - groups = { - vpn = { }; - mpd = { }; - navidrome = { - gid = 61593; + boot = { + zfs.forceImportRoot = false; + supportedFilesystems = [ "zfs" ]; + kernelModules = [ "tun" ]; + kernel.sysctl = { + "net.ipv4.conf.all.rp_filter" = 2; + "net.ipv4.conf.default.rp_filter" = 2; + "net.ipv4.conf.enp7s0.rp_filter" = 2; }; - spotifyd = { - gid = 65136; + + loader.grub = { + enable = true; + device = "/dev/sda"; + useOSProber = true; }; }; - users = { - jellyfin = { - extraGroups = [ "video" "render" ]; + + networking = { + hostId = "8a8ad84a"; + hostName = "sandbox"; # Define your hostname. + enableIPv6 = true; + firewall.enable = false; + firewall.extraCommands = '' + sudo iptables -A OUTPUT ! -o lo -m owner --uid-owner vpn -j DROP + ''; + iproute2 = { + enable = true; + rttablesExtraConfig = '' + 200 vpn + ''; }; - vpn = { - isNormalUser = true; - group = "vpn"; - home = "/home/vpn"; - }; - navidrome = { - isSystemUser = true; - uid = 61593; - group = "navidrome"; - extraGroups = [ "audio" "utmp" ]; - }; - spotifyd = { - isSystemUser = true; - uid = 65136; - group = "spotifyd"; - extraGroups = [ "audio" "utmp" ]; - }; - mpd = { - isSystemUser = true; - group = "mpd"; - extraGroups = [ "audio" "utmp" ]; - }; - swarsel = { - isNormalUser = true; - description = "Leon S"; - extraGroups = [ "networkmanager" "wheel" "lp" ]; - packages = with pkgs; [ ]; - }; - root = { - openssh.authorizedKeys.keyFiles = [ - ../../secrets/keys/authorized_keys + }; + + nixpkgs.config.allowUnfree = true; + + hardware = { + enableAllFirmware = true; + graphics = { + enable = true; + extraPackages = with pkgs; [ + intel-media-driver # LIBVA_DRIVER_NAME=iHD + vaapiIntel # LIBVA_DRIVER_NAME=i965 (older but works better for Firefox/Chromium) + vaapiVdpau + libvdpau-va-gl ]; }; }; - }; - fileSystems."/mnt/Eternor" = { - device = "//192.168.1.3/Eternor"; - fsType = "cifs"; - options = - let - # this line prevents hanging on network split - automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s"; - in - [ "${automount_opts},credentials=/etc/nixos/smb-secrets,uid=1000,gid=100" ]; - }; - - environment = { - systemPackages = with pkgs; [ - git - gnupg - ssh-to-age - lego - nginx - calibre - openvpn - jq - iptables - busybox - wireguard-tools - matrix-synapse - lottieconverter - ffmpeg - pciutils - alsa-utils - mpv - zfs - ]; - etc = { - "openvpn/iptables.sh" = - { - source = ../../scripts/server1/iptables.sh; - mode = "0755"; + users = { + groups = { + vpn = { }; + mpd = { }; + navidrome = { + gid = 61593; }; - "openvpn/update-resolv-conf" = - { - source = ../../scripts/server1/update-resolv-conf; - mode = "0755"; - }; - "openvpn/routing.sh" = - { - source = ../../scripts/server1/routing.sh; - mode = "0755"; - }; - "openvpn/ca.rsa.2048.crt" = - { - source = ../../secrets/certs/ca.rsa.2048.crt; - mode = "0644"; - }; - "openvpn/crl.rsa.2048.pem" = - { - source = ../../secrets/certs/crl.rsa.2048.pem; - mode = "0644"; - }; - }; - shellAliases = { - nswitch = "cd ~/.dotfiles; git pull; nixos-rebuild --flake .#$(hostname) switch; cd -;"; - }; - }; - - systemd = { - timers."restart-bridges" = { - wantedBy = [ "timers.target" ]; - timerConfig = { - OnBootSec = "1d"; - OnUnitActiveSec = "1d"; - Unit = "restart-bridges.service"; - }; - }; - - services."restart-bridges" = { - script = '' - systemctl restart mautrix-whatsapp.service - systemctl restart mautrix-signal.service - systemctl restart mautrix-telegram.service - ''; - serviceConfig = { - Type = "oneshot"; - User = "root"; - }; - }; - }; - nix.settings.experimental-features = [ "nix-command" "flakes" ]; - - system.stateVersion = "23.05"; # TEMPLATE - but probably no need to change - - documentation = { - enable = false; - }; - - sops = { - age.sshKeyPaths = [ "/etc/ssh/sops" ]; - defaultSopsFile = "/root/.dotfiles/secrets/sandbox/secrets.yaml"; - validateSopsFiles = false; - secrets = { - dnstokenfull = { owner = "acme"; }; - kavita = { owner = "kavita"; }; - vpnuser = { }; - rpcuser = { owner = "vpn"; }; - vpnpass = { }; - rpcpass = { owner = "vpn"; }; - vpnprot = { }; - vpnloc = { }; - mpdpass = { owner = "mpd"; }; - }; - templates = { - "transmission-rpc" = { - owner = "vpn"; - content = builtins.toJSON { - rpc-username = config.sops.placeholder.rpcuser; - rpc-password = config.sops.placeholder.rpcpass; + spotifyd = { + gid = 65136; }; }; - - pia.content = '' - ${config.sops.placeholder.vpnuser} - ${config.sops.placeholder.vpnpass} - ''; - - vpn.content = '' - client - dev tun - proto ${config.sops.placeholder.vpnprot} - remote ${config.sops.placeholder.vpnloc} - resolv-retry infinite - nobind - persist-key - persist-tun - cipher aes-128-cbc - auth sha1 - tls-client - remote-cert-tls server - - auth-user-pass ${config.sops.templates.pia.path} - compress - verb 1 - reneg-sec 0 - - crl-verify /etc/openvpn/crl.rsa.2048.pem - ca /etc/openvpn/ca.rsa.2048.crt - - disable-occ - ''; - "certs.secret".content = '' - CF_DNS_API_TOKEN=${config.sops.placeholder.dnstokenfull} - ''; - }; - }; - - security.acme = { - acceptTerms = true; - preliminarySelfsigned = false; - defaults.email = "mrswarsel@gmail.com"; - defaults.dnsProvider = "cloudflare"; - defaults.environmentFile = "${config.sops.templates."certs.secret".path}"; - }; - - services = { - xserver = { - layout = "us"; - xkbVariant = "altgr-intl"; - }; - - openssh = { - enable = true; - settings.PermitRootLogin = "yes"; - listenAddresses = [{ - port = 22; - addr = "0.0.0.0"; - }]; - }; - - nginx = { - enable = true; - recommendedProxySettings = true; - recommendedTlsSettings = true; - recommendedOptimisation = true; - recommendedGzipSettings = true; - virtualHosts = { - - "stash.swarsel.win" = { - enableACME = true; - forceSSL = true; - acmeRoot = null; - locations = { - "/" = { - proxyPass = "https://192.168.1.5"; - extraConfig = '' - client_max_body_size 0; - ''; - }; - "/.well-known/carddav" = { - return = "301 $scheme://$host/remote.php/dav"; - }; - "/.well-known/caldav" = { - return = "301 $scheme://$host/remote.php/dav"; - }; - }; + users = { + jellyfin = { + extraGroups = [ "video" "render" ]; }; - - "swatrix.swarsel.win" = { - enableACME = true; - forceSSL = true; - acmeRoot = null; - locations = { - "~ ^(/_matrix|/_synapse/client)" = { - proxyPass = "http://127.0.0.1:8008"; - extraConfig = '' - client_max_body_size 0; - ''; - }; - }; + vpn = { + isNormalUser = true; + group = "vpn"; + home = "/home/vpn"; }; - - - "sound.swarsel.win" = { - enableACME = true; - forceSSL = true; - acmeRoot = null; - locations = { - "/" = { - proxyPass = "http://127.0.0.1:4040"; - proxyWebsockets = true; - extraConfig = '' - proxy_redirect http:// https://; - proxy_read_timeout 600s; - proxy_send_timeout 600s; - proxy_buffering off; - proxy_request_buffering off; - client_max_body_size 0; - ''; - }; - }; + navidrome = { + isSystemUser = true; + uid = 61593; + group = "navidrome"; + extraGroups = [ "audio" "utmp" ]; }; - - "scan.swarsel.win" = { - enableACME = true; - forceSSL = true; - acmeRoot = null; - locations = { - "/" = { - proxyPass = "http://127.0.0.1:28981"; - extraConfig = '' - client_max_body_size 0; - ''; - }; - }; + spotifyd = { + isSystemUser = true; + uid = 65136; + group = "spotifyd"; + extraGroups = [ "audio" "utmp" ]; }; - - "screen.swarsel.win" = { - enableACME = true; - forceSSL = true; - acmeRoot = null; - locations = { - "/" = { - proxyPass = "http://127.0.0.1:8096"; - extraConfig = '' - client_max_body_size 0; - ''; - }; - }; + mpd = { + isSystemUser = true; + group = "mpd"; + extraGroups = [ "audio" "utmp" ]; }; - - "scroll.swarsel.win" = { - enableACME = true; - forceSSL = true; - acmeRoot = null; - locations = { - "/" = { - proxyPass = "http://127.0.0.1:8080"; - extraConfig = '' - client_max_body_size 0; - ''; - }; - }; + swarsel = { + isNormalUser = true; + description = "Leon S"; + extraGroups = [ "networkmanager" "wheel" "lp" ]; + packages = with pkgs; [ ]; }; - }; - }; - - kavita = { - enable = true; - user = "kavita"; - port = 8080; - tokenKeyFile = config.sops.secrets.kavita.path; - }; - - jellyfin = { - enable = true; - user = "jellyfin"; - }; - - radarr = { - enable = true; - }; - readarr = { - enable = true; - }; - sonarr = { - enable = true; - }; - lidarr = { - enable = true; - }; - prowlarr = { - enable = true; - }; - openvpn.servers = { - pia = { - autoStart = true; - updateResolvConf = false; - config = "config ${config.sops.templates.vpn.path}"; - }; - }; - transmission = { - enable = true; - credentialsFile = config.sops.templates."transmission-rpc".path; - user = "vpn"; - settings = { - alt-speed-down = 8000; - alt-speed-enabled = false; - alt-speed-time-begin = 0; - alt-speed-time-day = 127; - alt-speed-time-enabled = true; - alt-speed-time-end = 360; - alt-speed-up = 2000; - bind-address-ipv4 = "0.0.0.0"; - bind-address-ipv6 = "::"; - blocklist-enabled = false; - blocklist-url = "http://www.example.com/blocklist"; - cache-size-mb = 256; - dht-enabled = false; - download-dir = "/test"; - download-limit = 100; - download-limit-enabled = 0; - download-queue-enabled = true; - download-queue-size = 5; - encryption = 2; - idle-seeding-limit = 30; - idle-seeding-limit-enabled = false; - incomplete-dir = "/var/lib/transmission-daemon/Downloads"; - incomplete-dir-enabled = false; - lpd-enabled = false; - max-peers-global = 200; - message-level = 1; - peer-congestion-algorithm = ""; - peer-id-ttl-hours = 6; - peer-limit-global = 100; - peer-limit-per-torrent = 40; - peer-port = 22371; - peer-port-random-high = 65535; - peer-port-random-low = 49152; - peer-port-random-on-start = false; - peer-socket-tos = "default"; - pex-enabled = false; - port-forwarding-enabled = false; - preallocation = 1; - prefetch-enabled = true; - queue-stalled-enabled = true; - queue-stalled-minutes = 30; - ratio-limit = 2; - ratio-limit-enabled = false; - rename-partial-files = true; - rpc-authentication-required = true; - rpc-bind-address = "0.0.0.0"; - rpc-enabled = true; - rpc-host-whitelist = ""; - rpc-host-whitelist-enabled = true; - rpc-port = 9091; - rpc-url = "/transmission/"; - rpc-whitelist = "127.0.0.1,192.168.3.2"; - rpc-whitelist-enabled = true; - scrape-paused-torrents-enabled = true; - script-torrent-done-enabled = false; - seed-queue-enabled = false; - seed-queue-size = 10; - speed-limit-down = 6000; - speed-limit-down-enabled = true; - speed-limit-up = 500; - speed-limit-up-enabled = true; - start-added-torrents = true; - trash-original-torrent-files = false; - umask = 2; - upload-limit = 100; - upload-limit-enabled = 0; - upload-slots-per-torrent = 14; - utp-enabled = false; - }; - }; - - # sops.secrets.matrixsharedsecret = {owner="matrix-synapse";}; - # sops.templates."matrix_user_register.sh".content = '' - # register_new_matrix_user -k ${config.sops.placeholder.matrixsharedsecret} http://localhost:8008 - # ''; - # sops.templates.matrixshared.owner = "matrix-synapse"; - # sops.templates.matrixshared.content = '' - # registration_shared_secret: ${config.sops.placeholder.matrixsharedsecret} - # ''; - # sops.secrets.mautrixtelegram_as = {owner="matrix-synapse";}; - # sops.secrets.mautrixtelegram_hs = {owner="matrix-synapse";}; - # sops.secrets.mautrixtelegram_api_id = {owner="matrix-synapse";}; - # sops.secrets.mautrixtelegram_api_hash = {owner="matrix-synapse";}; - # sops.templates.mautrixtelegram.owner = "matrix-synapse"; - # sops.templates.mautrixtelegram.content = '' - # MAUTRIX_TELEGRAM_APPSERVICE_AS_TOKEN=${config.sops.placeholder.mautrixtelegram_as} - # MAUTRIX_TELEGRAM_APPSERVICE_HS_TOKEN=${config.sops.placeholder.mautrixtelegram_hs} - # MAUTRIX_TELEGRAM_TELEGRAM_API_ID=${config.sops.placeholder.mautrixtelegram_api_id} - # MAUTRIX_TELEGRAM_TELEGRAM_API_HASH=${config.sops.placeholder.mautrixtelegram_api_hash} - # ''; - - - - - # ---------------- - # sops.secrets.mautrixwhatsapp_shared = {owner="matrix-synapse";}; - # sops.templates.mautrixwhatsapp.owner = "matrix-synapse"; - # sops.templates.mautrixwhatsapp.content = '' - # MAUTRIX_WHATSAPP_BRIDGE_LOGIN_SHARED_SECRET=${config.sops.placeholder.mautrixwhatsapp_shared} - # ''; - - postgresql = { - enable = true; - initialScript = pkgs.writeText "synapse-init.sql" '' - CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse'; - CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse" - TEMPLATE template0 - LC_COLLATE = "C" - LC_CTYPE = "C"; - CREATE ROLE "mautrix-telegram" WITH LOGIN PASSWORD 'telegram'; - CREATE DATABASE "mautrix-telegram" WITH OWNER "mautrix-telegram" - TEMPLATE template0 - LC_COLLATE = "C" - LC_CTYPE = "C"; - CREATE ROLE "mautrix-whatsapp" WITH LOGIN PASSWORD 'whatsapp'; - CREATE DATABASE "mautrix-whatsapp" WITH OWNER "mautrix-whatsapp" - TEMPLATE template0 - LC_COLLATE = "C" - LC_CTYPE = "C"; - CREATE ROLE "mautrix-signal" WITH LOGIN PASSWORD 'signal'; - CREATE DATABASE "mautrix-signal" WITH OWNER "mautrix-signal" - TEMPLATE template0 - LC_COLLATE = "C" - LC_CTYPE = "C"; - ''; - }; - matrix-synapse = { - settings.app_service_config_files = [ - "/var/lib/matrix-synapse/telegram-registration.yaml" - "/var/lib/matrix-synapse/whatsapp-registration.yaml" - "/var/lib/matrix-synapse/signal-registration.yaml" - "/var/lib/matrix-synapse/doublepuppet.yaml" - ]; - enable = false; - settings.server_name = matrixDomain; - settings.public_baseurl = "https://${matrixDomain}"; - extraConfigFiles = [ - config.sops.templates.matrixshared.path - ]; - settings.listeners = [ - { - port = 8008; - bind_addresses = [ "0.0.0.0" ]; - type = "http"; - tls = false; - x_forwarded = true; - resources = [ - { - names = [ "client" "federation" ]; - compress = true; - } + root = { + openssh.authorizedKeys.keyFiles = [ + ../../secrets/keys/authorized_keys ]; - } - ]; + }; + }; }; - mautrix-telegram = { + fileSystems."/mnt/Eternor" = { + device = "//192.168.1.3/Eternor"; + fsType = "cifs"; + options = + let + # this line prevents hanging on network split + automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s"; + in + [ "${automount_opts},credentials=/etc/nixos/smb-secrets,uid=1000,gid=100" ]; + }; + + environment = { + systemPackages = with pkgs; [ + git + gnupg + ssh-to-age + lego + nginx + calibre + openvpn + jq + iptables + busybox + wireguard-tools + matrix-synapse + lottieconverter + ffmpeg + pciutils + alsa-utils + mpv + zfs + ]; + etc = { + "openvpn/iptables.sh" = + { + source = ../../scripts/server1/iptables.sh; + mode = "0755"; + }; + "openvpn/update-resolv-conf" = + { + source = ../../scripts/server1/update-resolv-conf; + mode = "0755"; + }; + "openvpn/routing.sh" = + { + source = ../../scripts/server1/routing.sh; + mode = "0755"; + }; + "openvpn/ca.rsa.2048.crt" = + { + source = ../../secrets/certs/ca.rsa.2048.crt; + mode = "0644"; + }; + "openvpn/crl.rsa.2048.pem" = + { + source = ../../secrets/certs/crl.rsa.2048.pem; + mode = "0644"; + }; + }; + shellAliases = { + nswitch = "cd ~/.dotfiles; git pull; nixos-rebuild --flake .#$(hostname) switch; cd -;"; + }; + }; + + systemd = { + timers."restart-bridges" = { + wantedBy = [ "timers.target" ]; + timerConfig = { + OnBootSec = "1d"; + OnUnitActiveSec = "1d"; + Unit = "restart-bridges.service"; + }; + }; + + services."restart-bridges" = { + script = '' + systemctl restart mautrix-whatsapp.service + systemctl restart mautrix-signal.service + systemctl restart mautrix-telegram.service + ''; + serviceConfig = { + Type = "oneshot"; + User = "root"; + }; + }; + }; + nix.settings.experimental-features = [ "nix-command" "flakes" ]; + + system.stateVersion = "23.05"; # TEMPLATE - but probably no need to change + + documentation = { enable = false; - environmentFile = config.sops.templates.mautrixtelegram.path; - settings = { - homeserver = { - address = "http://localhost:8008"; - domain = matrixDomain; - }; - appservice = { - address = "http://localhost:29317"; - hostname = "0.0.0.0"; - port = "29317"; - provisioning.enabled = true; - id = "telegram"; - # ephemeral_events = true; # not needed due to double puppeting - public = { - enabled = false; + }; + + sops = { + age.sshKeyPaths = [ "/etc/ssh/sops" ]; + defaultSopsFile = "/root/.dotfiles/secrets/sandbox/secrets.yaml"; + validateSopsFiles = false; + secrets = { + dnstokenfull = { owner = "acme"; }; + kavita = { owner = "kavita"; }; + vpnuser = { }; + rpcuser = { owner = "vpn"; }; + vpnpass = { }; + rpcpass = { owner = "vpn"; }; + vpnprot = { }; + vpnloc = { }; + mpdpass = { owner = "mpd"; }; + }; + templates = { + "transmission-rpc" = { + owner = "vpn"; + content = builtins.toJSON { + rpc-username = config.sops.placeholder.rpcuser; + rpc-password = config.sops.placeholder.rpcpass; }; - database = "postgresql:///mautrix-telegram?host=/run/postgresql"; }; - bridge = { - # login_shared_secret_map = { - # matrixDomain = "as_token:doublepuppet"; - # }; - relaybot.authless_portals = true; - allow_avatar_remove = true; - allow_contact_info = true; - sync_channel_members = true; - startup_sync = true; - sync_create_limit = 0; - sync_direct_chats = true; - telegram_link_preview = true; - permissions = { - "*" = "relaybot"; - "@swarsel:${matrixDomain}" = "admin"; + + pia.content = '' + ${config.sops.placeholder.vpnuser} + ${config.sops.placeholder.vpnpass} + ''; + + vpn.content = '' + client + dev tun + proto ${config.sops.placeholder.vpnprot} + remote ${config.sops.placeholder.vpnloc} + resolv-retry infinite + nobind + persist-key + persist-tun + cipher aes-128-cbc + auth sha1 + tls-client + remote-cert-tls server + + auth-user-pass ${config.sops.templates.pia.path} + compress + verb 1 + reneg-sec 0 + + crl-verify /etc/openvpn/crl.rsa.2048.pem + ca /etc/openvpn/ca.rsa.2048.crt + + disable-occ + ''; + "certs.secret".content = '' + CF_DNS_API_TOKEN=${config.sops.placeholder.dnstokenfull} + ''; + }; + }; + + security.acme = { + acceptTerms = true; + preliminarySelfsigned = false; + defaults.email = "mrswarsel@gmail.com"; + defaults.dnsProvider = "cloudflare"; + defaults.environmentFile = "${config.sops.templates."certs.secret".path}"; + }; + + services = { + xserver.xkb = { + layout = "us"; + variant = "altgr-intl"; + }; + + openssh = { + enable = true; + settings.PermitRootLogin = "yes"; + listenAddresses = [{ + port = 22; + addr = "0.0.0.0"; + }]; + }; + + nginx = { + enable = true; + recommendedProxySettings = true; + recommendedTlsSettings = true; + recommendedOptimisation = true; + recommendedGzipSettings = true; + virtualHosts = { + + "stash.swarsel.win" = { + enableACME = true; + forceSSL = true; + acmeRoot = null; + locations = { + "/" = { + proxyPass = "https://192.168.1.5"; + extraConfig = '' + client_max_body_size 0; + ''; + }; + "/.well-known/carddav" = { + return = "301 $scheme://$host/remote.php/dav"; + }; + "/.well-known/caldav" = { + return = "301 $scheme://$host/remote.php/dav"; + }; + }; }; - animated_sticker = { - target = "gif"; - args = { - width = 256; - height = 256; - fps = 30; # only for webm - background = "020202"; # only for gif, transparency not supported + + "swatrix.swarsel.win" = { + enableACME = true; + forceSSL = true; + acmeRoot = null; + locations = { + "~ ^(/_matrix|/_synapse/client)" = { + proxyPass = "http://127.0.0.1:8008"; + extraConfig = '' + client_max_body_size 0; + ''; + }; + }; + }; + + + "sound.swarsel.win" = { + enableACME = true; + forceSSL = true; + acmeRoot = null; + locations = { + "/" = { + proxyPass = "http://127.0.0.1:4040"; + proxyWebsockets = true; + extraConfig = '' + proxy_redirect http:// https://; + proxy_read_timeout 600s; + proxy_send_timeout 600s; + proxy_buffering off; + proxy_request_buffering off; + client_max_body_size 0; + ''; + }; + }; + }; + + "scan.swarsel.win" = { + enableACME = true; + forceSSL = true; + acmeRoot = null; + locations = { + "/" = { + proxyPass = "http://127.0.0.1:28981"; + extraConfig = '' + client_max_body_size 0; + ''; + }; + }; + }; + + "screen.swarsel.win" = { + enableACME = true; + forceSSL = true; + acmeRoot = null; + locations = { + "/" = { + proxyPass = "http://127.0.0.1:8096"; + extraConfig = '' + client_max_body_size 0; + ''; + }; + }; + }; + + "scroll.swarsel.win" = { + enableACME = true; + forceSSL = true; + acmeRoot = null; + locations = { + "/" = { + proxyPass = "http://127.0.0.1:8080"; + extraConfig = '' + client_max_body_size 0; + ''; + }; }; }; }; }; - }; - mautrix-whatsapp = { - enable = false; - # environmentFile = config.sops.templates.mautrixwhatsapp.path; - settings = { - homeserver = { - address = "http://localhost:8008"; - domain = matrixDomain; + kavita = { + enable = true; + user = "kavita"; + settings.port = 8080; + tokenKeyFile = config.sops.secrets.kavita.path; + }; + + jellyfin = { + enable = true; + user = "jellyfin"; + }; + + radarr = { + enable = true; + }; + readarr = { + enable = true; + }; + sonarr = { + enable = true; + }; + lidarr = { + enable = true; + }; + prowlarr = { + enable = true; + }; + openvpn.servers = { + pia = { + autoStart = true; + updateResolvConf = false; + config = "config ${config.sops.templates.vpn.path}"; }; - appservice = { - address = "http://localhost:29318"; - hostname = "0.0.0.0"; - port = 29318; - database = { - type = "postgres"; - uri = "postgresql:///mautrix-whatsapp?host=/run/postgresql"; + }; + transmission = { + enable = true; + credentialsFile = config.sops.templates."transmission-rpc".path; + user = "vpn"; + settings = { + alt-speed-down = 8000; + alt-speed-enabled = false; + alt-speed-time-begin = 0; + alt-speed-time-day = 127; + alt-speed-time-enabled = true; + alt-speed-time-end = 360; + alt-speed-up = 2000; + bind-address-ipv4 = "0.0.0.0"; + bind-address-ipv6 = "::"; + blocklist-enabled = false; + blocklist-url = "http://www.example.com/blocklist"; + cache-size-mb = 256; + dht-enabled = false; + download-dir = "/test"; + download-limit = 100; + download-limit-enabled = 0; + download-queue-enabled = true; + download-queue-size = 5; + encryption = 2; + idle-seeding-limit = 30; + idle-seeding-limit-enabled = false; + incomplete-dir = "/var/lib/transmission-daemon/Downloads"; + incomplete-dir-enabled = false; + lpd-enabled = false; + max-peers-global = 200; + message-level = 1; + peer-congestion-algorithm = ""; + peer-id-ttl-hours = 6; + peer-limit-global = 100; + peer-limit-per-torrent = 40; + peer-port = 22371; + peer-port-random-high = 65535; + peer-port-random-low = 49152; + peer-port-random-on-start = false; + peer-socket-tos = "default"; + pex-enabled = false; + port-forwarding-enabled = false; + preallocation = 1; + prefetch-enabled = true; + queue-stalled-enabled = true; + queue-stalled-minutes = 30; + ratio-limit = 2; + ratio-limit-enabled = false; + rename-partial-files = true; + rpc-authentication-required = true; + rpc-bind-address = "0.0.0.0"; + rpc-enabled = true; + rpc-host-whitelist = ""; + rpc-host-whitelist-enabled = true; + rpc-port = 9091; + rpc-url = "/transmission/"; + rpc-whitelist = "127.0.0.1,192.168.3.2"; + rpc-whitelist-enabled = true; + scrape-paused-torrents-enabled = true; + script-torrent-done-enabled = false; + seed-queue-enabled = false; + seed-queue-size = 10; + speed-limit-down = 6000; + speed-limit-down-enabled = true; + speed-limit-up = 500; + speed-limit-up-enabled = true; + start-added-torrents = true; + trash-original-torrent-files = false; + umask = 2; + upload-limit = 100; + upload-limit-enabled = 0; + upload-slots-per-torrent = 14; + utp-enabled = false; + }; + }; + + # sops.secrets.matrixsharedsecret = {owner="matrix-synapse";}; + # sops.templates."matrix_user_register.sh".content = '' + # register_new_matrix_user -k ${config.sops.placeholder.matrixsharedsecret} http://localhost:8008 + # ''; + # sops.templates.matrixshared.owner = "matrix-synapse"; + # sops.templates.matrixshared.content = '' + # registration_shared_secret: ${config.sops.placeholder.matrixsharedsecret} + # ''; + # sops.secrets.mautrixtelegram_as = {owner="matrix-synapse";}; + # sops.secrets.mautrixtelegram_hs = {owner="matrix-synapse";}; + # sops.secrets.mautrixtelegram_api_id = {owner="matrix-synapse";}; + # sops.secrets.mautrixtelegram_api_hash = {owner="matrix-synapse";}; + # sops.templates.mautrixtelegram.owner = "matrix-synapse"; + # sops.templates.mautrixtelegram.content = '' + # MAUTRIX_TELEGRAM_APPSERVICE_AS_TOKEN=${config.sops.placeholder.mautrixtelegram_as} + # MAUTRIX_TELEGRAM_APPSERVICE_HS_TOKEN=${config.sops.placeholder.mautrixtelegram_hs} + # MAUTRIX_TELEGRAM_TELEGRAM_API_ID=${config.sops.placeholder.mautrixtelegram_api_id} + # MAUTRIX_TELEGRAM_TELEGRAM_API_HASH=${config.sops.placeholder.mautrixtelegram_api_hash} + # ''; + + + + + # ---------------- + # sops.secrets.mautrixwhatsapp_shared = {owner="matrix-synapse";}; + # sops.templates.mautrixwhatsapp.owner = "matrix-synapse"; + # sops.templates.mautrixwhatsapp.content = '' + # MAUTRIX_WHATSAPP_BRIDGE_LOGIN_SHARED_SECRET=${config.sops.placeholder.mautrixwhatsapp_shared} + # ''; + + postgresql = { + enable = true; + initialScript = pkgs.writeText "synapse-init.sql" '' + CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse'; + CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse" + TEMPLATE template0 + LC_COLLATE = "C" + LC_CTYPE = "C"; + CREATE ROLE "mautrix-telegram" WITH LOGIN PASSWORD 'telegram'; + CREATE DATABASE "mautrix-telegram" WITH OWNER "mautrix-telegram" + TEMPLATE template0 + LC_COLLATE = "C" + LC_CTYPE = "C"; + CREATE ROLE "mautrix-whatsapp" WITH LOGIN PASSWORD 'whatsapp'; + CREATE DATABASE "mautrix-whatsapp" WITH OWNER "mautrix-whatsapp" + TEMPLATE template0 + LC_COLLATE = "C" + LC_CTYPE = "C"; + CREATE ROLE "mautrix-signal" WITH LOGIN PASSWORD 'signal'; + CREATE DATABASE "mautrix-signal" WITH OWNER "mautrix-signal" + TEMPLATE template0 + LC_COLLATE = "C" + LC_CTYPE = "C"; + ''; + }; + matrix-synapse = { + settings.app_service_config_files = [ + "/var/lib/matrix-synapse/telegram-registration.yaml" + "/var/lib/matrix-synapse/whatsapp-registration.yaml" + "/var/lib/matrix-synapse/signal-registration.yaml" + "/var/lib/matrix-synapse/doublepuppet.yaml" + ]; + enable = false; + settings.server_name = matrixDomain; + settings.public_baseurl = "https://${matrixDomain}"; + extraConfigFiles = [ + config.sops.templates.matrixshared.path + ]; + settings.listeners = [ + { + port = 8008; + bind_addresses = [ "0.0.0.0" ]; + type = "http"; + tls = false; + x_forwarded = true; + resources = [ + { + names = [ "client" "federation" ]; + compress = true; + } + ]; + } + ]; + }; + + mautrix-telegram = { + enable = false; + environmentFile = config.sops.templates.mautrixtelegram.path; + settings = { + homeserver = { + address = "http://localhost:8008"; + domain = matrixDomain; }; - }; - bridge = { - displayname_template = "{{or .FullName .PushName .JID}} (WA)"; - history_sync = { - backfill = true; - max_initial_conversations = -1; - message_count = -1; - request_full_sync = true; - full_sync_config = { - days_limit = 900; - size_mb_limit = 5000; - storage_quota_mb = 5000; + appservice = { + address = "http://localhost:29317"; + hostname = "0.0.0.0"; + port = "29317"; + provisioning.enabled = true; + id = "telegram"; + # ephemeral_events = true; # not needed due to double puppeting + public = { + enabled = false; + }; + database = "postgresql:///mautrix-telegram?host=/run/postgresql"; + }; + bridge = { + # login_shared_secret_map = { + # matrixDomain = "as_token:doublepuppet"; + # }; + relaybot.authless_portals = true; + allow_avatar_remove = true; + allow_contact_info = true; + sync_channel_members = true; + startup_sync = true; + sync_create_limit = 0; + sync_direct_chats = true; + telegram_link_preview = true; + permissions = { + "*" = "relaybot"; + "@swarsel:${matrixDomain}" = "admin"; + }; + animated_sticker = { + target = "gif"; + args = { + width = 256; + height = 256; + fps = 30; # only for webm + background = "020202"; # only for gif, transparency not supported + }; }; }; - login_shared_secret_map = { - matrixDomain = "as_token:doublepuppet"; + }; + }; + + mautrix-whatsapp = { + enable = false; + # environmentFile = config.sops.templates.mautrixwhatsapp.path; + settings = { + homeserver = { + address = "http://localhost:8008"; + domain = matrixDomain; }; - sync_manual_marked_unread = true; - send_presence_on_typing = true; - parallel_member_sync = true; - url_previews = true; - caption_in_message = true; - extev_polls = true; - permissions = { - "*" = "relaybot"; - "@swarsel:${matrixDomain}" = "admin"; + appservice = { + address = "http://localhost:29318"; + hostname = "0.0.0.0"; + port = 29318; + database = { + type = "postgres"; + uri = "postgresql:///mautrix-whatsapp?host=/run/postgresql"; + }; + }; + bridge = { + displayname_template = "{{or .FullName .PushName .JID}} (WA)"; + history_sync = { + backfill = true; + max_initial_conversations = -1; + message_count = -1; + request_full_sync = true; + full_sync_config = { + days_limit = 900; + size_mb_limit = 5000; + storage_quota_mb = 5000; + }; + }; + login_shared_secret_map = { + matrixDomain = "as_token:doublepuppet"; + }; + sync_manual_marked_unread = true; + send_presence_on_typing = true; + parallel_member_sync = true; + url_previews = true; + caption_in_message = true; + extev_polls = true; + permissions = { + "*" = "relaybot"; + "@swarsel:${matrixDomain}" = "admin"; + }; }; }; }; - }; - mautrix-signal = { - enable = false; - settings = { - homeserver = { - address = "http://localhost:8008"; - domain = matrixDomain; - }; - appservice = { + mautrix-signal = { + enable = false; + settings = { + homeserver = { + address = "http://localhost:8008"; + domain = matrixDomain; + }; + appservice = { - address = "http://localhost:29328"; - hostname = "0.0.0.0"; - port = 29328; - database = { - type = "postgres"; - uri = "postgresql:///mautrix-signal?host=/run/postgresql"; + address = "http://localhost:29328"; + hostname = "0.0.0.0"; + port = 29328; + database = { + type = "postgres"; + uri = "postgresql:///mautrix-signal?host=/run/postgresql"; + }; }; - }; - bridge = { - displayname_template = "{{or .ContactName .ProfileName .PhoneNumber}} (Signal)"; - login_shared_secret_map = { - matrixDomain = "as_token:doublepuppet"; - }; - caption_in_message = true; - permissions = { - "*" = "relaybot"; - "@swarsel:${matrixDomain}" = "admin"; + bridge = { + displayname_template = "{{or .ContactName .ProfileName .PhoneNumber}} (Signal)"; + login_shared_secret_map = { + matrixDomain = "as_token:doublepuppet"; + }; + caption_in_message = true; + permissions = { + "*" = "relaybot"; + "@swarsel:${matrixDomain}" = "admin"; + }; }; }; }; - }; - navidrome = { - enable = true; - settings = { - Address = "0.0.0.0"; - Port = 4040; - MusicFolder = "/mnt/"; - EnableSharing = true; - EnableTranscodingConfig = true; - Scanner.GroupAlbumReleases = true; - ScanSchedule = "@every 24h"; - # Insert these values locally as sops-nix does not work for them - # LastFM.ApiKey = TEMPLATE; - # LastFM.Secret = TEMPLATE; - # Spotify.ID = TEMPLATE; - # Spotify.Secret = TEMPLATE; - UILoginBackgroundUrl = "https://i.imgur.com/OMLxi7l.png"; - UIWelcomeMessage = "~SwarselSound~"; - }; - }; - mpd = { - enable = true; - musicDirectory = "/mnt/Eternor/Musik"; - user = "mpd"; - group = "mpd"; - network = { - port = 3254; - listenAddress = "any"; - }; - credentials = [ - { - passwordFile = config.sops.secrets.mpdpass.path; - permissions = [ - "read" - "add" - "control" - "admin" - ]; - } - ]; - }; - - - spotifyd = { - enable = true; - settings = { - global = { - dbus_type = "session"; - use_mpris = false; - device = "default:CARD=PCH"; - device_name = "SwarselSpot"; - mixer = "alsa"; - zeroconf_port = 1025; + navidrome = { + enable = true; + settings = { + Address = "0.0.0.0"; + Port = 4040; + MusicFolder = "/mnt/"; + EnableSharing = true; + EnableTranscodingConfig = true; + Scanner.GroupAlbumReleases = true; + ScanSchedule = "@every 24h"; + # Insert these values locally as sops-nix does not work for them + # LastFM.ApiKey = TEMPLATE; + # LastFM.Secret = TEMPLATE; + # Spotify.ID = TEMPLATE; + # Spotify.Secret = TEMPLATE; + UILoginBackgroundUrl = "https://i.imgur.com/OMLxi7l.png"; + UIWelcomeMessage = "~SwarselSound~"; }; }; - }; + mpd = { + enable = true; + musicDirectory = "/mnt/Eternor/Musik"; + user = "mpd"; + group = "mpd"; + network = { + port = 3254; + listenAddress = "any"; + }; + credentials = [ + { + passwordFile = config.sops.secrets.mpdpass.path; + permissions = [ + "read" + "add" + "control" + "admin" + ]; + } + ]; + }; - # Network shares - # add a user with sudo smbpasswd -a - samba = { - package = pkgs.samba4Full; - extraConfig = '' - workgroup = WORKGROUP - server role = standalone server - dns proxy = no - pam password change = yes - map to guest = bad user - create mask = 0664 - force create mode = 0664 - directory mask = 0775 - force directory mode = 0775 - follow symlinks = yes - ''; + spotifyd = { + enable = true; + settings = { + global = { + dbus_type = "session"; + use_mpris = false; + device = "default:CARD=PCH"; + device_name = "SwarselSpot"; + mixer = "alsa"; + zeroconf_port = 1025; + }; + }; + }; - # ^^ `samba4Full` is compiled with avahi, ldap, AD etc support compared to the default package, `samba` - # Required for samba to register mDNS records for auto discovery - # See https://github.com/NixOS/nixpkgs/blob/592047fc9e4f7b74a4dc85d1b9f5243dfe4899e3/pkgs/top-level/all-packages.nix#L27268 - enable = true; - # openFirewall = true; - shares.test = { - browseable = "yes"; - "read only" = "no"; - "guest ok" = "no"; - path = "/test2"; - writable = "true"; - comment = "Eternor"; - "valid users" = "@smbtest2"; + # Network shares + # add a user with sudo smbpasswd -a + samba = { + package = pkgs.samba4Full; + extraConfig = '' + workgroup = WORKGROUP + server role = standalone server + dns proxy = no + + pam password change = yes + map to guest = bad user + create mask = 0664 + force create mode = 0664 + directory mask = 0775 + force directory mode = 0775 + follow symlinks = yes + ''; + + # ^^ `samba4Full` is compiled with avahi, ldap, AD etc support compared to the default package, `samba` + # Required for samba to register mDNS records for auto discovery + # See https://github.com/NixOS/nixpkgs/blob/592047fc9e4f7b74a4dc85d1b9f5243dfe4899e3/pkgs/top-level/all-packages.nix#L27268 + enable = true; + # openFirewall = true; + shares.test = { + browseable = "yes"; + "read only" = "no"; + "guest ok" = "no"; + path = "/test2"; + writable = "true"; + comment = "Eternor"; + "valid users" = "@smbtest2"; + }; + }; + + + avahi = { + publish.enable = true; + publish.userServices = true; + # ^^ Needed to allow samba to automatically register mDNS records without the need for an `extraServiceFile` + nssmdns4 = true; + # ^^ Not one hundred percent sure if this is needed- if it aint broke, don't fix it + enable = true; + }; + + samba-wsdd = { + # This enables autodiscovery on windows since SMB1 (and thus netbios) support was discontinued + enable = true; }; }; - - - avahi = { - publish.enable = true; - publish.userServices = true; - # ^^ Needed to allow samba to automatically register mDNS records without the need for an `extraServiceFile` - nssmdns = true; - # ^^ Not one hundred percent sure if this is needed- if it aint broke, don't fix it - enable = true; - }; - - samba-wsdd = { - # This enables autodiscovery on windows since SMB1 (and thus netbios) support was discontinued - enable = true; - }; - }; -} + } #+end_src @@ -1815,7 +1816,7 @@ Special things to note here: We are running xcape to allow =CAPS= to act as =CTR #+begin_src nix :noweb yes :tangle profiles/home-manager/home.nix - { config, pkgs, lib, fetchFromGitHub, ... }: + { config, pkgs, ... }: { programs.home-manager.enable = true; @@ -2078,6 +2079,35 @@ New setup for the SP3, this time using NixOS - another machine will take over th My new main machine. +#+begin_src nix :tangle profiles/fourside/default.nix + + { inputs, outputs, ... }: + { + + imports = [ + inputs.nixos-hardware.nixosModules.lenovo-thinkpad-p14s-amd-gen2 + ./hardware-configuration.nix + ./nixos.nix + inputs.home-manager.nixosModules.home-manager + { + home-manager.users.swarsel.imports = outputs.mixedModules ++ [ + ./home.nix + ]; + } + ]; + + nixpkgs = { + overlays = outputs.overlays; + config = { + allowUnfree = true; + }; + }; + + } + + +#+end_src + ***** NixOS :PROPERTIES: :CUSTOM_ID: h:ab6fefc4-aabd-456c-8a21-5fcb20c02869 @@ -2090,12 +2120,6 @@ Mostly just sets some opened ports for several games, enables virtualbox (which { - # <> - imports = - [ - ./hardware-configuration.nix - ]; - services = { getty.autologinUser = "swarsel"; greetd.settings.initial_session.user = "swarsel"; @@ -2184,13 +2208,6 @@ Mostly just sets some opened ports for several games, enables virtualbox (which }; }; - users.users.swarsel = { - isNormalUser = true; - description = "Leon S"; - hashedPasswordFile = config.sops.secrets.swarseluser.path; - extraGroups = [ "networkmanager" "wheel" "lp" "audio" "video" "vboxusers" "scanner" ]; - packages = with pkgs; [ ]; - }; environment.systemPackages = with pkgs; [ # gog games installing @@ -2269,7 +2286,7 @@ This is basically just adjusted to the core count, path to the =hwmon= (this was eDP-1 = { mode = "1920x1080"; # TEMPLATE scale = "1"; - position = "1920,0"; + position = "2560,0"; # bg = "~/.dotfiles/wallpaper/lenovowp.png fill"; }; DP-4 = { @@ -2551,9 +2568,9 @@ In the long run, I am thinking about a transition to kubernetes or using just a ssh-to-age ]; - services.xserver = { + services.xserver.xkb = { layout = "us"; - xkbVariant = "altgr-intl"; + variant = "altgr-intl"; }; nix.settings.experimental-features = [ "nix-command" "flakes" ]; @@ -2607,9 +2624,9 @@ In the long run, I am thinking about a transition to kubernetes or using just a nginx ]; - services.xserver = { + services.xserver.xkb = { layout = "us"; - xkbVariant = "altgr-intl"; + variant = "altgr-intl"; }; nix.settings.experimental-features = [ "nix-command" "flakes" ]; @@ -2850,9 +2867,9 @@ In general, I am not amazed by this setup; Kavita is the reader of choice, calib ]; }; - services.xserver = { + services.xserver.xkb = { layout = "us"; - xkbVariant = "altgr-intl"; + variant = "altgr-intl"; }; nix.settings.experimental-features = [ "nix-command" "flakes" ]; @@ -2935,9 +2952,9 @@ In general, I am not amazed by this setup; Kavita is the reader of choice, calib extraGroups = [ "video" "render" ]; }; - services.xserver = { + services.xserver.xkb = { layout = "us"; - xkbVariant = "altgr-intl"; + variant = "altgr-intl"; }; nix.settings.experimental-features = [ "nix-command" "flakes" ]; @@ -3041,9 +3058,9 @@ This stuff just does not work, I seem to be unable to create a working VPN Split home = "/home/vpn"; }; - services.xserver = { + services.xserver.xkb = { layout = "us"; - xkbVariant = "altgr-intl"; + variant = "altgr-intl"; }; nix.settings.experimental-features = [ "nix-command" "flakes" ]; @@ -3776,9 +3793,9 @@ Make sure to also do this for doublepuppet.yaml ssh-to-age ]; - services.xserver = { + services.xserver.xkb = { layout = "us"; - xkbVariant = "altgr-intl"; + variant = "altgr-intl"; }; nix.settings.experimental-features = [ "nix-command" "flakes" ]; @@ -4002,9 +4019,9 @@ Lastly, the machine that runs matrix needs to regularly update, as otherwise you ffmpeg ]; - services.xserver = { + services.xserver.xkb = { layout = "us"; - xkbVariant = "altgr-intl"; + variant = "altgr-intl"; }; nix.settings.experimental-features = [ "nix-command" "flakes" ]; @@ -4404,7 +4421,7 @@ As such, I also define three additional overlays: #+begin_src nix :tangle pkgs/default.nix - _ : { } + _ : rec { } #+end_src @@ -4451,22 +4468,48 @@ These are system-level settings specific to NixOS machines. All settings that ar :CUSTOM_ID: h:5a114da6-ef8d-404d-b31b-b51472908e77 :END: -**** Enable home-manager module +**** Imports, enable home-manager module :PROPERTIES: :CUSTOM_ID: h:45e4315b-0929-4c47-b65a-c8f0a685f4df :END: First, we enable the use of =home-manager= as a NixoS module -#+begin_src nix :tangle profiles/common/nixos.nix - - { config, lib, pkgs, ... }: +#+begin_src nix :tangle profiles/common/nixos/default.nix + { ... }: { + imports = [ + ./xserver.nix + ./users.nix + ./env.nix + ./stylix.nix + ./polkit.nix + ./gc.nix + ./store.nix + ./systemd.nix + ./network.nix + ./time.nix + ./hardware.nix + ./sops.nix + ./packages.nix + ./programs.nix + ./zsh.nix + ./syncthing.nix + ./blueman.nix + ./networkdevices.nix + ./gvfs.nix + ./interceptiontools.nix + ./hardwarecompatibility.nix + ./login.nix + ]; + + home-manager = { useGlobalPkgs = true; useUserPackages = true; }; + } #+end_src @@ -4477,29 +4520,18 @@ First, we enable the use of =home-manager= as a NixoS module Next, we setup the keymap in case we are not in a graphical session. At this point, I always resort to us/altgr-intl, as it is extremly comfortable to use -#+begin_src nix :tangle profiles/common/nixos.nix - - services.xserver = { - xkb = { - layout = "us"; - variant = "altgr-intl"; +#+begin_src nix :tangle profiles/common/nixos/xserver.nix + { ... }: + { + services.xserver = { + xkb = { + layout = "us"; + variant = "altgr-intl"; + }; }; - }; - + } #+end_src -**** Enable flakes and nix-command -:PROPERTIES: -:CUSTOM_ID: h:f9718641-adf7-4e5b-9e07-5b9413224971 -:END: - -Next, we need to make sure that flakes stay enabled when we rebuild the configuration. At the same time we enable the experimental =nix-command=, which enables commands such as the more powerful =nix shell= as opposed to =nix-shell=. - -#+begin_src nix :tangle profiles/common/nixos.nix - - # nix.settings.experimental-features = ["nix-command" "flakes"]; - -#+end_src **** Make users non-mutable :PROPERTIES: @@ -4508,10 +4540,20 @@ Next, we need to make sure that flakes stay enabled when we rebuild the configur This ensures that all user-configuration happens here in the config file. -#+begin_src nix :tangle profiles/common/nixos.nix - - users.mutableUsers = false; - +#+begin_src nix :tangle profiles/common/nixos/users.nix + { pkgs, config, ... }: + { + users = { + mutableUsers = false; + users.swarsel = { + isNormalUser = true; + description = "Leon S"; + hashedPasswordFile = config.sops.secrets.swarseluser.path; + extraGroups = [ "networkmanager" "wheel" "lp" "audio" "video" "vboxusers" "scanner" ]; + packages = with pkgs; [ ]; + }; + }; + } #+end_src **** Environment setup @@ -4521,35 +4563,23 @@ This ensures that all user-configuration happens here in the config file. Next, we will setup some environment variables that need to be set on the system-side. We apply some compatibility options for chromium apps on wayland, enable the wordlist and make metadata reading possible for my file explorer (nautilus). -#+begin_src nix :tangle profiles/common/nixos.nix - - environment = { - wordlist.enable = true; - sessionVariables = { - NIXOS_OZONE_WL = "1"; - GST_PLUGIN_SYSTEM_PATH_1_0 = lib.makeSearchPathOutput "lib" "lib/gstreamer-1.0" (with pkgs.gst_all_1; [ - gst-plugins-good - gst-plugins-bad - gst-plugins-ugly - gst-libav - ]); +#+begin_src nix :tangle profiles/common/nixos/env.nix + { lib, pkgs, ... }: + { + environment = { + wordlist.enable = true; + sessionVariables = { + NIXOS_OZONE_WL = "1"; + GST_PLUGIN_SYSTEM_PATH_1_0 = lib.makeSearchPathOutput "lib" "lib/gstreamer-1.0" (with pkgs.gst_all_1; [ + gst-plugins-good + gst-plugins-bad + gst-plugins-ugly + gst-libav + ]); + }; }; - }; - # gstreamer plugins for nautilus (used for file metadata) - -#+end_src - -**** Make sure time is consistent in windows dualboot -:PROPERTIES: -:CUSTOM_ID: h:c31f7900-f8b7-46aa-b501-c245ab889578 -:END: - -Windows/Linux dualboot has the quirk of ruining the system clock. Fix it on this side. - -#+begin_src nix :tangle profiles/common/nixos.nix - - time.hardwareClockInLocalTime = true; - + # gstreamer plugins for nautilus (used for file metadata) + } #+end_src **** Disallow stylix from styling grub @@ -4559,11 +4589,12 @@ Windows/Linux dualboot has the quirk of ruining the system clock. Fix it on this By default, [[https://github.com/danth/stylix][stylix]] wants to style GRUB as well. However, I think that looks horrible. -#+begin_src nix :tangle profiles/common/nixos.nix - - # dont style GRUB with stylix - stylix.targets.grub.enable = false; # the styling makes grub more ugly - +#+begin_src nix :tangle profiles/common/nixos/stylix.nix + { ... }: + { + # dont style GRUB with stylix + stylix.targets.grub.enable = false; # the styling makes grub more ugly + } #+end_src **** Enable PolicyKit @@ -4573,10 +4604,11 @@ By default, [[https://github.com/danth/stylix][stylix]] wants to style GRUB as w Needed for control over system-wide privileges etc. -#+begin_src nix :tangle profiles/common/nixos.nix - - security.polkit.enable = true; - +#+begin_src nix :tangle profiles/common/nixos/polkit.nix + { ... }: + { + security.polkit.enable = true; + } #+end_src **** Enable automatic garbage collection @@ -4586,15 +4618,16 @@ Needed for control over system-wide privileges etc. The nix store fills up over time, until =/boot/efi= is filled. This snippet cleans it automatically on a weekly basis. -#+begin_src nix :tangle profiles/common/nixos.nix - - nix.gc = { - automatic = true; - randomizedDelaySec = "14m"; - dates = "weekly"; - options = "--delete-older-than 10d"; - }; - +#+begin_src nix :tangle profiles/common/nixos/gc.nix + { ... }: + { + nix.gc = { + automatic = true; + randomizedDelaySec = "14m"; + dates = "weekly"; + options = "--delete-older-than 10d"; + }; + } #+end_src **** Enable automatic store optimisation @@ -4604,12 +4637,14 @@ The nix store fills up over time, until =/boot/efi= is filled. This snippet clea This enables hardlinking identical files in the nix store, to save on disk space. I have read this incurs a significant I/O overhead, I need to keep an eye on this. -#+begin_src nix :tangle profiles/common/nixos.nix - - nix.optimise = { - automatic = true; - dates = [ "weekly" ]; - }; +#+begin_src nix :tangle profiles/common/nixos/store.nix + { ... }: + { + nix.optimise = { + automatic = true; + dates = [ "weekly" ]; + }; + } #+end_src @@ -4620,15 +4655,15 @@ This enables hardlinking identical files in the nix store, to save on disk space There is a persistent bug over Linux kernels that makes the user wait 1m30s on system shutdown due to the reason =a stop job is running for session 1 of user ...=. I do not want to wait that long and am confident no important data is lost by doing this. -#+begin_src nix :tangle profiles/common/nixos.nix - - - # systemd - systemd.extraConfig = '' - DefaultTimeoutStartSec=60s - DefaultTimeoutStopSec=15s - ''; - +#+begin_src nix :tangle profiles/common/nixos/systemd.nix + { ... }: + { + # systemd + systemd.extraConfig = '' + DefaultTimeoutStartSec=60s + DefaultTimeoutStopSec=15s + ''; + } #+end_src **** Hardware settings @@ -4638,31 +4673,33 @@ There is a persistent bug over Linux kernels that makes the user wait 1m30s on s Enable OpenGL, Sound, Bluetooth and various drivers. -#+begin_src nix :tangle profiles/common/nixos.nix +#+begin_src nix :tangle profiles/common/nixos/hardware.nix + { pkgs, ...}: + { - hardware = { - graphics = { - enable = true; - enable32Bit = true; - }; + hardware = { + graphics = { + enable = true; + enable32Bit = true; + }; - pulseaudio= { - enable = true; - package = pkgs.pulseaudioFull; - }; + pulseaudio= { + enable = true; + package = pkgs.pulseaudioFull; + }; - enableAllFirmware = true; + enableAllFirmware = true; - bluetooth = { - powerOnBoot = true; - settings = { - General = { - Enable = "Source,Sink,Media,Socket"; + bluetooth = { + powerOnBoot = true; + settings = { + General = { + Enable = "Source,Sink,Media,Socket"; + }; }; }; }; - }; - + } #+end_src **** Common network settings @@ -4672,241 +4709,246 @@ Enable OpenGL, Sound, Bluetooth and various drivers. Here I only enable =networkmanager=. Most of the 'real' network config is done in [[#h:88bf4b90-e94b-46fb-aaf1-a381a512860d][System specific configuration]]. -#+begin_src nix :tangle profiles/common/nixos.nix +#+begin_src nix :tangle profiles/common/nixos/network.nix + { config, ...}: + { + networking.networkmanager = { + enable = true; + ensureProfiles = { + environmentFiles = [ + "${config.sops.templates."network-manager.env".path}" + ]; + profiles = { + "Ernest Routerford" = { + connection = { + id = "Ernest Routerford"; + permissions = ""; + type = "wifi"; + }; + ipv4 = { + dns-search = ""; + method = "auto"; + }; + ipv6 = { + addr-gen-mode = "stable-privacy"; + dns-search = ""; + method = "auto"; + }; + wifi = { + mac-address-blacklist = ""; + mode = "infrastructure"; + ssid = "Ernest Routerford"; + }; + wifi-security = { + auth-alg = "open"; + key-mgmt = "wpa-psk"; + psk = "$ERNEST"; + }; + }; - networking.networkmanager = { - enable = true; - ensureProfiles = { - environmentFiles = [ - "${config.sops.templates."network-manager.env".path}" - ]; - profiles = { - "Ernest Routerford" = { - connection = { - id = "Ernest Routerford"; - permissions = ""; - type = "wifi"; + LAN-Party = { + connection = { + autoconnect = "false"; + id = "LAN-Party"; + type = "ethernet"; + }; + ethernet = { + auto-negotiate = "true"; + cloned-mac-address = "preserve"; + mac-address = "90:2E:16:D0:A1:87"; + }; + ipv4 = { method = "shared"; }; + ipv6 = { + addr-gen-mode = "stable-privacy"; + method = "auto"; + }; + proxy = { }; }; - ipv4 = { - dns-search = ""; - method = "auto"; + + eduroam = { + "802-1x" = { + eap = "ttls;"; + identity = "$EDUID"; + password = "$EDUPASS"; + phase2-auth = "mschapv2"; + }; + connection = { + id = "eduroam"; + type = "wifi"; + }; + ipv4 = { method = "auto"; }; + ipv6 = { + addr-gen-mode = "default"; + method = "auto"; + }; + proxy = { }; + wifi = { + mode = "infrastructure"; + ssid = "eduroam"; + }; + wifi-security = { + auth-alg = "open"; + key-mgmt = "wpa-eap"; + }; }; - ipv6 = { - addr-gen-mode = "stable-privacy"; - dns-search = ""; - method = "auto"; + + local = { + connection = { + autoconnect = "false"; + id = "local"; + type = "ethernet"; + }; + ethernet = { }; + ipv4 = { + address1 = "10.42.1.1/24"; + method = "shared"; + }; + ipv6 = { + addr-gen-mode = "stable-privacy"; + method = "auto"; + }; + proxy = { }; }; - wifi = { - mac-address-blacklist = ""; - mode = "infrastructure"; - ssid = "Ernest Routerford"; + + HH40V_39F5 = { + connection = { + id = "HH40V_39F5"; + type = "wifi"; + }; + ipv4 = { method = "auto"; }; + ipv6 = { + addr-gen-mode = "stable-privacy"; + method = "auto"; + }; + proxy = { }; + wifi = { + band = "bg"; + mode = "infrastructure"; + ssid = "HH40V_39F5"; + }; + wifi-security = { + key-mgmt = "wpa-psk"; + psk = "$FRAUNS"; + }; }; - wifi-security = { - auth-alg = "open"; - key-mgmt = "wpa-psk"; - psk = "$ERNEST"; + + magicant = { + connection = { + id = "magicant"; + type = "wifi"; + }; + ipv4 = { method = "auto"; }; + ipv6 = { + addr-gen-mode = "default"; + method = "auto"; + }; + proxy = { }; + wifi = { + mode = "infrastructure"; + ssid = "magicant"; + }; + wifi-security = { + auth-alg = "open"; + key-mgmt = "wpa-psk"; + psk = "$HANDYHOTSPOT"; + }; }; + + "sweden-aes-128-cbc-udp-dns" = { + connection = { + autoconnect = "false"; + id = "PIA Sweden"; + type = "vpn"; + }; + ipv4 = { method = "auto"; }; + ipv6 = { + addr-gen-mode = "stable-privacy"; + method = "auto"; + }; + proxy = { }; + vpn = { + auth = "sha1"; + ca = + "${config.users.users.swarsel.home}/.dotfiles/secrets/certs/sweden-aes-128-cbc-udp-dns-ca.pem"; + challenge-response-flags = "2"; + cipher = "aes-128-cbc"; + compress = "yes"; + connection-type = "password"; + crl-verify-file = "${config.users.users.swarsel.home}/.dotfiles/secrets/certs/sweden-aes-128-cbc-udp-dns-crl-verify.pem"; + dev = "tun"; + password-flags = "0"; + remote = "sweden.privacy.network:1198"; + remote-cert-tls = "server"; + reneg-seconds = "0"; + service-type = "org.freedesktop.NetworkManager.openvpn"; + username = "$VPNUSER"; + }; + vpn-secrets = { password = "$VPNPASS"; }; + }; + + Hotspot = { + connection = { + autoconnect = "false"; + id = "Hotspot"; + type = "wifi"; + }; + ipv4 = { method = "shared"; }; + ipv6 = { + addr-gen-mode = "default"; + method = "ignore"; + }; + proxy = { }; + wifi = { + mode = "ap"; + ssid = "Hotspot-fourside"; + }; + wifi-security = { + group = "ccmp;"; + key-mgmt = "wpa-psk"; + pairwise = "ccmp;"; + proto = "rsn;"; + psk = "$HOTSPOT"; + }; + }; + }; - - LAN-Party = { - connection = { - autoconnect = "false"; - id = "LAN-Party"; - type = "ethernet"; - }; - ethernet = { - auto-negotiate = "true"; - cloned-mac-address = "preserve"; - mac-address = "90:2E:16:D0:A1:87"; - }; - ipv4 = { method = "shared"; }; - ipv6 = { - addr-gen-mode = "stable-privacy"; - method = "auto"; - }; - proxy = { }; - }; - - eduroam = { - "802-1x" = { - eap = "ttls;"; - identity = "$EDUID"; - password = "$EDUPASS"; - phase2-auth = "mschapv2"; - }; - connection = { - id = "eduroam"; - type = "wifi"; - }; - ipv4 = { method = "auto"; }; - ipv6 = { - addr-gen-mode = "default"; - method = "auto"; - }; - proxy = { }; - wifi = { - mode = "infrastructure"; - ssid = "eduroam"; - }; - wifi-security = { - auth-alg = "open"; - key-mgmt = "wpa-eap"; - }; - }; - - local = { - connection = { - autoconnect = "false"; - id = "local"; - type = "ethernet"; - }; - ethernet = { }; - ipv4 = { - address1 = "10.42.1.1/24"; - method = "shared"; - }; - ipv6 = { - addr-gen-mode = "stable-privacy"; - method = "auto"; - }; - proxy = { }; - }; - - HH40V_39F5 = { - connection = { - id = "HH40V_39F5"; - type = "wifi"; - }; - ipv4 = { method = "auto"; }; - ipv6 = { - addr-gen-mode = "stable-privacy"; - method = "auto"; - }; - proxy = { }; - wifi = { - band = "bg"; - mode = "infrastructure"; - ssid = "HH40V_39F5"; - }; - wifi-security = { - key-mgmt = "wpa-psk"; - psk = "$FRAUNS"; - }; - }; - - magicant = { - connection = { - id = "magicant"; - type = "wifi"; - }; - ipv4 = { method = "auto"; }; - ipv6 = { - addr-gen-mode = "default"; - method = "auto"; - }; - proxy = { }; - wifi = { - mode = "infrastructure"; - ssid = "magicant"; - }; - wifi-security = { - auth-alg = "open"; - key-mgmt = "wpa-psk"; - psk = "$HANDYHOTSPOT"; - }; - }; - - "sweden-aes-128-cbc-udp-dns" = { - connection = { - autoconnect = "false"; - id = "PIA Sweden"; - type = "vpn"; - }; - ipv4 = { method = "auto"; }; - ipv6 = { - addr-gen-mode = "stable-privacy"; - method = "auto"; - }; - proxy = { }; - vpn = { - auth = "sha1"; - ca = - "${config.users.users.swarsel.home}/.dotfiles/secrets/certs/sweden-aes-128-cbc-udp-dns-ca.pem"; - challenge-response-flags = "2"; - cipher = "aes-128-cbc"; - compress = "yes"; - connection-type = "password"; - crl-verify-file = "${config.users.users.swarsel.home}/.dotfiles/secrets/certs/sweden-aes-128-cbc-udp-dns-crl-verify.pem"; - dev = "tun"; - password-flags = "0"; - remote = "sweden.privacy.network:1198"; - remote-cert-tls = "server"; - reneg-seconds = "0"; - service-type = "org.freedesktop.NetworkManager.openvpn"; - username = "$VPNUSER"; - }; - vpn-secrets = { password = "$VPNPASS"; }; - }; - - Hotspot = { - connection = { - autoconnect = "false"; - id = "Hotspot"; - type = "wifi"; - }; - ipv4 = { method = "shared"; }; - ipv6 = { - addr-gen-mode = "default"; - method = "ignore"; - }; - proxy = { }; - wifi = { - mode = "ap"; - ssid = "Hotspot-fourside"; - }; - wifi-security = { - group = "ccmp;"; - key-mgmt = "wpa-psk"; - pairwise = "ccmp;"; - proto = "rsn;"; - psk = "$HOTSPOT"; - }; - }; - }; }; - }; - - systemd.services.NetworkManager-ensure-profiles.after = [ "NetworkManager.service" ]; + systemd.services.NetworkManager-ensure-profiles.after = [ "NetworkManager.service" ]; + } #+end_src -**** Locale settings +**** Time, locale settings :PROPERTIES: :CUSTOM_ID: h:852d59ab-63c3-4831-993d-b5e23b877796 :END: -Setup timezone and locale. I want to use the US layout, but have the rest adapted to my country and timezone. +Setup timezone and locale. I want to use the US layout, but have the rest adapted to my country and timezone. Also, there is an issue with running Windows/Linux dualboot on the same machine where the hardware clock desyncs between the two OS'es. We fix that bug here as well. -#+begin_src nix :tangle profiles/common/nixos.nix - - time.timeZone = "Europe/Vienna"; - - i18n = { - defaultLocale = "en_US.UTF-8"; - extraLocaleSettings = { - LC_ADDRESS = "de_AT.UTF-8"; - LC_IDENTIFICATION = "de_AT.UTF-8"; - LC_MEASUREMENT = "de_AT.UTF-8"; - LC_MONETARY = "de_AT.UTF-8"; - LC_NAME = "de_AT.UTF-8"; - LC_NUMERIC = "de_AT.UTF-8"; - LC_PAPER = "de_AT.UTF-8"; - LC_TELEPHONE = "de_AT.UTF-8"; - LC_TIME = "de_AT.UTF-8"; +#+begin_src nix :tangle profiles/common/nixos/time.nix + { ... }: + { + time = { + timeZone = "Europe/Vienna"; + hardwareClockInLocalTime = true; }; - }; + i18n = { + defaultLocale = "en_US.UTF-8"; + extraLocaleSettings = { + LC_ADDRESS = "de_AT.UTF-8"; + LC_IDENTIFICATION = "de_AT.UTF-8"; + LC_MEASUREMENT = "de_AT.UTF-8"; + LC_MONETARY = "de_AT.UTF-8"; + LC_NAME = "de_AT.UTF-8"; + LC_NUMERIC = "de_AT.UTF-8"; + LC_PAPER = "de_AT.UTF-8"; + LC_TELEPHONE = "de_AT.UTF-8"; + LC_TIME = "de_AT.UTF-8"; + }; + }; + } #+end_src *** sops @@ -4921,38 +4963,39 @@ I use sops-nix to handle secrets that I want to have available on my machines at - cp ~/.ssh/sops.pub ~/.dotfiles/secrets/keys/NAME.pub - update entry for sops.age.sshKeyPaths -#+begin_src nix :tangle profiles/common/nixos.nix +#+begin_src nix :tangle profiles/common/nixos/sops.nix + { config, ... }: + { + sops = { - sops = { + defaultSopsFile = "${config.users.users.swarsel.home}/.dotfiles/secrets/general/secrets.yaml"; + validateSopsFiles = false; - defaultSopsFile = "${config.users.users.swarsel.home}/.dotfiles/secrets/general/secrets.yaml"; - validateSopsFiles = false; - - secrets = { - swarseluser = { neededForUsers = true; }; - ernest = { }; - frauns = { }; - hotspot = { }; - eduid = { }; - edupass = { }; - handyhotspot = { }; - vpnuser = { }; - vpnpass = { }; + secrets = { + swarseluser = { neededForUsers = true; }; + ernest = { }; + frauns = { }; + hotspot = { }; + eduid = { }; + edupass = { }; + handyhotspot = { }; + vpnuser = { }; + vpnpass = { }; + }; + templates = { + "network-manager.env".content = '' + ERNEST=${config.sops.placeholder.ernest} + FRAUNS=${config.sops.placeholder.frauns} + HOTSPOT=${config.sops.placeholder.hotspot} + EDUID=${config.sops.placeholder.eduid} + EDUPASS=${config.sops.placeholder.edupass} + HANDYHOTSPOT=${config.sops.placeholder.handyhotspot} + VPNUSER=${config.sops.placeholder.vpnuser} + VPNPASS=${config.sops.placeholder.vpnpass} + ''; + }; }; - templates = { - "network-manager.env".content = '' - ERNEST=${config.sops.placeholder.ernest} - FRAUNS=${config.sops.placeholder.frauns} - HOTSPOT=${config.sops.placeholder.hotspot} - EDUID=${config.sops.placeholder.eduid} - EDUPASS=${config.sops.placeholder.edupass} - HANDYHOTSPOT=${config.sops.placeholder.handyhotspot} - VPNUSER=${config.sops.placeholder.vpnuser} - VPNPASS=${config.sops.placeholder.vpnpass} - ''; - }; - }; - + } #+end_src *** System Packages @@ -4962,87 +5005,88 @@ I use sops-nix to handle secrets that I want to have available on my machines at Mostly used to install some compilers and lsp's that I want to have available when not using a devShell flake. Most other packages should go in [[#h:893a7f33-7715-415b-a895-2687ded31c18][Installed packages]]. -#+begin_src nix :tangle profiles/common/nixos.nix +#+begin_src nix :tangle profiles/common/nixos/packages.nix + { pkgs, ... }: + { + environment.systemPackages = with pkgs; [ + # yubikey packages + gnupg + yubikey-personalization + yubikey-personalization-gui + yubico-pam + yubioath-flutter + yubikey-manager + yubikey-manager-qt + yubico-piv-tool + cfssl + pcsctools + pcscliteWithPolkit.out - environment.systemPackages = with pkgs; [ - # yubikey packages - gnupg - yubikey-personalization - yubikey-personalization-gui - yubico-pam - yubioath-flutter - yubikey-manager - yubikey-manager-qt - yubico-piv-tool - cfssl - pcsctools - pcscliteWithPolkit.out + # ledger packages + ledger-live-desktop - # ledger packages - ledger-live-desktop + # pinentry - # pinentry + # theme related + adwaita-icon-theme - # theme related - adwaita-icon-theme + # kde-connect + xdg-desktop-portal - # kde-connect - xdg-desktop-portal + # bluetooth + bluez - # bluetooth - bluez + # lsp-related ------------------------------- + # nix + # latex + texlab + ghostscript_headless + # wireguard + wireguard-tools + # rust + rust-analyzer + clippy + rustfmt + # go + go + gopls + # zig + zig + zls + # cpp + clang-tools + # + cuda + cudatoolkit + #lsp-bridge / python + gcc + gdb + (python3.withPackages (ps: with ps; [ jupyter ipython pyqt5 epc orjson sexpdata six setuptools paramiko numpy pandas scipy matplotlib requests debugpy flake8 gnureadline python-lsp-server ])) + # (python3.withPackages(ps: with ps; [ jupyter ipython pyqt5 numpy pandas scipy matplotlib requests debugpy flake8 gnureadline python-lsp-server])) + # -------------------------------------------- - # lsp-related ------------------------------- - # nix - # latex - texlab - ghostscript_headless - # wireguard - wireguard-tools - # rust - rust-analyzer - clippy - rustfmt - # go - go - gopls - # zig - zig - zls - # cpp - clang-tools - # + cuda - cudatoolkit - #lsp-bridge / python - gcc - gdb - (python3.withPackages (ps: with ps; [ jupyter ipython pyqt5 epc orjson sexpdata six setuptools paramiko numpy pandas scipy matplotlib requests debugpy flake8 gnureadline python-lsp-server ])) - # (python3.withPackages(ps: with ps; [ jupyter ipython pyqt5 numpy pandas scipy matplotlib requests debugpy flake8 gnureadline python-lsp-server])) - # -------------------------------------------- - - (stdenv.mkDerivation { - name = "oama"; - - src = pkgs.fetchurl { + (stdenv.mkDerivation { name = "oama"; - url = "https://github.com/pdobsan/oama/releases/download/0.13.1/oama-0.13.1-Linux-x86_64-static.tgz"; - sha256 = "sha256-OTdCObVfnMPhgZxVtZqehgUXtKT1iyqozdkPIV+i3Gc="; - }; - phases = [ - "unpackPhase" - ]; + src = pkgs.fetchurl { + name = "oama"; + url = "https://github.com/pdobsan/oama/releases/download/0.13.1/oama-0.13.1-Linux-x86_64-static.tgz"; + sha256 = "sha256-OTdCObVfnMPhgZxVtZqehgUXtKT1iyqozdkPIV+i3Gc="; + }; - unpackPhase = '' - mkdir -p $out/bin - tar xvf $src -C $out/ - mv $out/oama-0.13.1-Linux-x86_64-static/oama $out/bin/ - ''; + phases = [ + "unpackPhase" + ]; - }) + unpackPhase = '' + mkdir -p $out/bin + tar xvf $src -C $out/ + mv $out/oama-0.13.1-Linux-x86_64-static/oama $out/bin/ + ''; - ]; + }) + ]; + } #+end_src *** Programs (including zsh setup) @@ -5052,73 +5096,78 @@ Mostly used to install some compilers and lsp's that I want to have available wh Some programs profit from being installed through dedicated NixOS settings on system-level; these go here. Notably the zsh setup goes here and cannot be deleted under any circumstances. -#+begin_src nix :tangle profiles/common/nixos.nix - - programs = { - dconf.enable = true; - evince.enable = true; - kdeconnect.enable = true; - }; +#+begin_src nix :tangle profiles/common/nixos/programs.nix + { ... }: + { + programs = { + dconf.enable = true; + evince.enable = true; + kdeconnect.enable = true; + }; + } #+end_src **** zsh Do not touch this. -#+begin_src nix :tangle profiles/common/nixos.nix - - programs.zsh.enable = true; - users.defaultUserShell = pkgs.zsh; - environment.shells = with pkgs; [ zsh ]; - environment.pathsToLink = [ "/share/zsh" ]; - +#+begin_src nix :tangle profiles/common/nixos/zsh.nix + { pkgs, ... }: + { + programs.zsh.enable = true; + users.defaultUserShell = pkgs.zsh; + environment.shells = with pkgs; [ zsh ]; + environment.pathsToLink = [ "/share/zsh" ]; + } #+end_src **** syncthing -#+begin_src nix :tangle profiles/common/nixos.nix +#+begin_src nix :tangle profiles/common/nixos/syncthing.nix - services.syncthing = { - enable = true; - user = "swarsel"; - dataDir = "/home/swarsel"; - configDir = "/home/swarsel/.config/syncthing"; - openDefaultPorts = true; - settings = { - devices = { - "magicant" = { - id = "SEH2NMT-IVRQUU5-VPW2HUQ-3GQYDBF-F6H6OY6-X3DZTUZ-LCRE2DJ-QNIXIQ2"; + { ... }: + { + services.syncthing = { + enable = true; + user = "swarsel"; + dataDir = "/home/swarsel"; + configDir = "/home/swarsel/.config/syncthing"; + openDefaultPorts = true; + settings = { + devices = { + "magicant" = { + id = "SEH2NMT-IVRQUU5-VPW2HUQ-3GQYDBF-F6H6OY6-X3DZTUZ-LCRE2DJ-QNIXIQ2"; + }; + "sync (@oracle)" = { + id = "ETW6TST-NPK7MKZ-M4LXMHA-QUPQHDT-VTSHH5X-CR5EIN2-YU7E55F-MGT7DQB"; + }; + "server1" = { + id = "ZXWVC4X-IIARITZ-MERZPHN-HD55Y6G-QJM2GTB-6BWYXMR-DTO3TS2-QDBREQQ"; + }; }; - "sync (@oracle)" = { - id = "ETW6TST-NPK7MKZ-M4LXMHA-QUPQHDT-VTSHH5X-CR5EIN2-YU7E55F-MGT7DQB"; - }; - "server1" = { - id = "ZXWVC4X-IIARITZ-MERZPHN-HD55Y6G-QJM2GTB-6BWYXMR-DTO3TS2-QDBREQQ"; - }; - }; - folders = { - "Default Folder" = { - path = "/home/swarsel/Sync"; - devices = [ "sync (@oracle)" ]; - id = "default"; - }; - "Obsidian" = { - path = "/home/swarsel/Nextcloud/Obsidian"; - devices = [ "sync (@oracle)" ]; - id = "yjvni-9eaa7"; - }; - "Org" = { - path = "/home/swarsel/Nextcloud/Org"; - devices = [ "sync (@oracle)" ]; - id = "a7xnl-zjj3d"; - }; - "Vpn" = { - path = "/home/swarsel/Vpn"; - devices = [ "sync (@oracle)" ]; - id = "hgp9s-fyq3p"; + folders = { + "Default Folder" = { + path = "/home/swarsel/Sync"; + devices = [ "sync (@oracle)" ]; + id = "default"; + }; + "Obsidian" = { + path = "/home/swarsel/Nextcloud/Obsidian"; + devices = [ "sync (@oracle)" ]; + id = "yjvni-9eaa7"; + }; + "Org" = { + path = "/home/swarsel/Nextcloud/Org"; + devices = [ "sync (@oracle)" ]; + id = "a7xnl-zjj3d"; + }; + "Vpn" = { + path = "/home/swarsel/Vpn"; + devices = [ "sync (@oracle)" ]; + id = "hgp9s-fyq3p"; + }; }; }; }; - }; - + } #+end_src *** Services @@ -5135,66 +5184,71 @@ Setting up some hardware services as well as keyboard related settings. Here we Enables the blueman service including the nice system tray icon. -#+begin_src nix :tangle profiles/common/nixos.nix - - services.blueman.enable = true; - +#+begin_src nix :tangle profiles/common/nixos/blueman.nix + { ... }: + { + services.blueman.enable = true; + } #+end_src -**** Detect Scanners over network +**** Network devices + +In this section we enable compatibility with several network devices I have at home, mainly printers and scanners. +***** Scanners :PROPERTIES: :CUSTOM_ID: h:fae5939e-22ac-4532-a10e-0b86013d20ce :END: This allows me to use my big scanner/printer's scanning function over the network. -#+begin_src nix :tangle profiles/common/nixos.nix - - # enable scanners over network - hardware.sane = { - enable = true; - extraBackends = [ pkgs.sane-airscan ]; - }; +#+begin_src nix :tangle profiles/common/nixos/networkdevices.nix + {pkgs, ...}: + { + # enable scanners over network + hardware.sane = { + enable = true; + extraBackends = [ pkgs.sane-airscan ]; + }; #+end_src -**** Detect Printers over network +***** Printers :PROPERTIES: :CUSTOM_ID: h:8c13df62-c6d9-4a0a-83be-d77e71628f0b :END: This allows me to use my big scanner/printer's printing function over the network. Most of the settings are driver related. -#+begin_src nix :tangle profiles/common/nixos.nix - - # enable discovery and usage of network devices (esp. printers) - services.printing = { - enable = true; - drivers = [ - pkgs.gutenprint - pkgs.gutenprintBin - ]; - browsedConf = '' - BrowseDNSSDSubTypes _cups,_print - BrowseLocalProtocols all - BrowseRemoteProtocols all - CreateIPPPrinterQueues All - BrowseProtocols all - ''; - }; - +#+begin_src nix :tangle profiles/common/nixos/networkdevices.nix + # enable discovery and usage of network devices (esp. printers) + services.printing = { + enable = true; + drivers = [ + pkgs.gutenprint + pkgs.gutenprintBin + ]; + browsedConf = '' + BrowseDNSSDSubTypes _cups,_print + BrowseLocalProtocols all + BrowseRemoteProtocols all + CreateIPPPrinterQueues All + BrowseProtocols all + ''; + }; #+end_src -Avahi is the service used for the network discovery +***** Avahi (device discovery) -#+begin_src nix :tangle profiles/common/nixos.nix +Avahi is the service used for the network discovery. + +#+begin_src nix :tangle profiles/common/nixos/networkdevices.nix services.avahi = { enable = true; nssmdns4 = true; openFirewall = true; }; - + } #+end_src **** enable GVfs @@ -5204,10 +5258,11 @@ Avahi is the service used for the network discovery This is being set to allow myself to use all functions of nautilus in NixOS -#+begin_src nix :tangle profiles/common/nixos.nix - - services.gvfs.enable = true; - +#+begin_src nix :tangle profiles/common/nixos/gvfs.nix + { ... }: + { + services.gvfs.enable = true; + } #+end_src **** interception-tools: Make CAPS work as ESC/CTRL @@ -5217,35 +5272,37 @@ This is being set to allow myself to use all functions of nautilus in NixOS This is a super-convenient package that lets my remap my =CAPS= key to =ESC= if pressed shortly, and =CTRL= if being held. -#+begin_src nix :tangle profiles/common/nixos.nix +#+begin_src nix :tangle profiles/common/nixos/interceptiontools.nix - # Make CAPS work as a dual function ESC/CTRL key - services.interception-tools = { - enable = true; - udevmonConfig = - let - dualFunctionKeysConfig = builtins.toFile "dual-function-keys.yaml" '' - TIMING: - TAP_MILLISEC: 200 - DOUBLE_TAP_MILLISEC: 0 + { pkgs, ... }: + { + # Make CAPS work as a dual function ESC/CTRL key + services.interception-tools = { + enable = true; + udevmonConfig = + let + dualFunctionKeysConfig = builtins.toFile "dual-function-keys.yaml" '' + TIMING: + TAP_MILLISEC: 200 + DOUBLE_TAP_MILLISEC: 0 - MAPPINGS: - - KEY: KEY_CAPSLOCK - TAP: KEY_ESC - HOLD: KEY_LEFTCTRL + MAPPINGS: + - KEY: KEY_CAPSLOCK + TAP: KEY_ESC + HOLD: KEY_LEFTCTRL + ''; + in + '' + - JOB: | + ${pkgs.interception-tools}/bin/intercept -g $DEVNODE \ + | ${pkgs.interception-tools-plugins.dual-function-keys}/bin/dual-function-keys -c ${dualFunctionKeysConfig} \ + | ${pkgs.interception-tools}/bin/uinput -d $DEVNODE + DEVICE: + EVENTS: + EV_KEY: [KEY_CAPSLOCK] ''; - in - '' - - JOB: | - ${pkgs.interception-tools}/bin/intercept -g $DEVNODE \ - | ${pkgs.interception-tools-plugins.dual-function-keys}/bin/dual-function-keys -c ${dualFunctionKeysConfig} \ - | ${pkgs.interception-tools}/bin/uinput -d $DEVNODE - DEVICE: - EVENTS: - EV_KEY: [KEY_CAPSLOCK] - ''; - }; - + }; + } #+end_src *** Hardware compatibility settings (Yubikey, Ledger) - udev rules @@ -5260,25 +5317,22 @@ It makes sense to house these settings in their own section, since they are all The exception is the system packages, since that cannot be defined twice in the same file (common.nix). The comment is left in as a remider for that. The rest of the gpg-agent related settings are here: [[#h:66fd578f-d4a0-4e17-bf3d-a9eb64bc7103][gpg-agent]] - -#+begin_src nix :tangle profiles/common/nixos.nix - - programs.ssh.startAgent = false; - - services.pcscd.enable = true; - - hardware.ledger.enable = true; -#+end_src - Also, this is a good place to setup the udev rules. -#+begin_src nix :tangle profiles/common/nixos.nix +#+begin_src nix :tangle profiles/common/nixos/hardwarecompatibility.nix + { pkgs, ... }: + { + programs.ssh.startAgent = false; - services.udev.packages = with pkgs; [ - yubikey-personalization - ledger-udev-rules - ]; + services.pcscd.enable = true; + hardware.ledger.enable = true; + + services.udev.packages = with pkgs; [ + yubikey-personalization + ledger-udev-rules + ]; + } #+end_src *** System Login @@ -5288,33 +5342,72 @@ Also, this is a good place to setup the udev rules. This section houses the greetd related settings. I do not really want to use a display manager, but it is useful to have setup in some ways - in my case for starting sway on system startup. Notably the default user login setting that is commented out here goes into the *system specific* settings, make sure to update it there -#+begin_src nix :tangle profiles/common/nixos.nix - - services.greetd = { - enable = true; - settings = { - initial_session.command = "sway"; - # initial_session.user ="swarsel"; - default_session.command = '' - ${pkgs.greetd.tuigreet}/bin/tuigreet \ - --time \ - --asterisks \ - --user-menu \ - --cmd sway - ''; +#+begin_src nix :tangle profiles/common/nixos/login.nix + { pkgs, ... }: + { + services.greetd = { + enable = true; + settings = { + initial_session.command = "sway"; + # initial_session.user ="swarsel"; + default_session.command = '' + ${pkgs.greetd.tuigreet}/bin/tuigreet \ + --time \ + --asterisks \ + --user-menu \ + --cmd sway + ''; + }; }; - }; - - environment.etc."greetd/environments".text = '' - sway - ''; + environment.etc."greetd/environments".text = '' + sway + ''; + } #+end_src ** Common Home-Manager :PROPERTIES: :CUSTOM_ID: h:f0a6b5e0-2157-4522-b5e1-3f0abd91c05e :END: +*** Imports + +This section sets up all the imports that are used in the home-manager section. + +#+begin_src nix :tangle profiles/common/home/default.nix + { ... }: + { + imports = [ + ./packages.nix + ./sops.nix + ./ssh.nix + ./stylix.nix + ./desktop.nix + ./symlink.nix + ./env.nix + ./programs.nix + ./nix-index.nix + ./password-store.nix + ./direnv.nix + ./eza.nix + ./git.nix + ./fuzzel.nix + ./starship.nix + ./kitty.nix + ./zsh.nix + ./mail.nix + ./emacs.nix + ./waybar.nix + ./firefox.nix + ./gnome-keyring.nix + ./kdeconnect.nix + ./mako.nix + ./sway.nix + ]; + + } +#+end_src + *** Installed packages :PROPERTIES: :CUSTOM_ID: h:893a7f33-7715-415b-a895-2687ded31c18 @@ -5331,8 +5424,8 @@ Programming languages and default lsp's are defined here: [[#h:0e7e8bea-ec58-499 :CUSTOM_ID: h:6ef9bb5f-c5ee-496e-86e2-d8d271a34d75 :END: -#+begin_src nix :tangle profiles/common/home.nix - { config, pkgs, fetchFromGitHub, ... }: +#+begin_src nix :tangle profiles/common/home/packages.nix + { pkgs, ... }: { home.packages = with pkgs; [ @@ -5501,7 +5594,7 @@ Programming languages and default lsp's are defined here: [[#h:0e7e8bea-ec58-499 :CUSTOM_ID: h:96cbea91-ff13-4120-b8a9-496b2fa96e70 :END: -#+begin_src nix :tangle profiles/common/home.nix +#+begin_src nix :tangle profiles/common/home/packages.nix # cura ( let @@ -5653,6 +5746,7 @@ Programming languages and default lsp's are defined here: [[#h:0e7e8bea-ec58-499 }) ]; + } #+end_src @@ -5670,20 +5764,21 @@ I use sops-nix to handle secrets that I want to have available on my machines at Since we are using the home-manager implementation here, we need to specify the runtime path. -#+begin_src nix :tangle profiles/common/home.nix - - sops = { - defaultSopsFile = "${config.home.homeDirectory}/.dotfiles/secrets/general/secrets.yaml"; - validateSopsFiles = false; - secrets = { - mrswarsel = { path = "/run/user/1000/secrets/mrswarsel"; }; - nautilus = { path = "/run/user/1000/secrets/nautilus"; }; - leon = { path = "/run/user/1000/secrets/leon"; }; - swarselmail = { path = "/run/user/1000/secrets/swarselmail"; }; - caldav = { path = "${config.home.homeDirectory}/.emacs.d/.caldav"; }; +#+begin_src nix :tangle profiles/common/home/sops.nix + { config, ... }: + { + sops = { + defaultSopsFile = "${config.home.homeDirectory}/.dotfiles/secrets/general/secrets.yaml"; + validateSopsFiles = false; + secrets = { + mrswarsel = { path = "/run/user/1000/secrets/mrswarsel"; }; + nautilus = { path = "/run/user/1000/secrets/nautilus"; }; + leon = { path = "/run/user/1000/secrets/leon"; }; + swarselmail = { path = "/run/user/1000/secrets/swarselmail"; }; + caldav = { path = "${config.home.homeDirectory}/.emacs.d/.caldav"; }; + }; }; - }; - +} #+end_src *** SSH Machines @@ -5693,103 +5788,104 @@ I use sops-nix to handle secrets that I want to have available on my machines at It is very convenient to have SSH aliases in place for machines that I use. This is mainly used for some server machines and some university clusters. We also enable agent forwarding to have our Yubikey SSH key accessible on the remote host. -#+begin_src nix :tangle profiles/common/home.nix - - programs.ssh = { - enable = true; - forwardAgent = true; - extraConfig = '' - SetEnv TERM=xterm-256color - ''; - matchBlocks = { - "nginx" = { - hostname = "192.168.1.14"; - user = "root"; - }; - "jellyfin" = { - hostname = "192.168.1.16"; - user = "root"; - }; - "pfsense" = { - hostname = "192.168.1.1"; - user = "root"; - }; - "proxmox" = { - hostname = "192.168.1.2"; - user = "root"; - }; - "transmission" = { - hostname = "192.168.1.6"; - user = "root"; - }; - "fetcher" = { - hostname = "192.168.1.7"; - user = "root"; - }; - "omv" = { - hostname = "192.168.1.3"; - user = "root"; - }; - "webbot" = { - hostname = "192.168.1.11"; - user = "root"; - }; - "nextcloud" = { - hostname = "192.168.1.5"; - user = "root"; - }; - "sound" = { - hostname = "192.168.1.13"; - user = "root"; - }; - "spotify" = { - hostname = "192.168.1.17"; - user = "root"; - }; - "wordpress" = { - hostname = "192.168.1.9"; - user = "root"; - }; - "turn" = { - hostname = "192.168.1.18"; - user = "root"; - }; - "hugo" = { - hostname = "192.168.1.19"; - user = "root"; - }; - "matrix" = { - hostname = "192.168.1.23"; - user = "root"; - }; - "scroll" = { - hostname = "192.168.1.22"; - user = "root"; - }; - "minecraft" = { - hostname = "130.61.119.129"; - user = "opc"; - }; - "sync" = { - hostname = "193.122.53.173"; - user = "root"; #this is a oracle vm server but needs root due to nixos-infect - }; - "songdiver" = { - hostname = "89.168.100.65"; - user = "ubuntu"; - }; - "pkv" = { - hostname = "46.232.248.161"; - user = "root"; - }; - "efficient" = { - hostname = "g0.complang.tuwien.ac.at"; - forwardAgent = true; - user = "ep01427399"; +#+begin_src nix :tangle profiles/common/home/ssh.nix + { ... }: + { + programs.ssh = { + enable = true; + forwardAgent = true; + extraConfig = '' + SetEnv TERM=xterm-256color + ''; + matchBlocks = { + "nginx" = { + hostname = "192.168.1.14"; + user = "root"; + }; + "jellyfin" = { + hostname = "192.168.1.16"; + user = "root"; + }; + "pfsense" = { + hostname = "192.168.1.1"; + user = "root"; + }; + "proxmox" = { + hostname = "192.168.1.2"; + user = "root"; + }; + "transmission" = { + hostname = "192.168.1.6"; + user = "root"; + }; + "fetcher" = { + hostname = "192.168.1.7"; + user = "root"; + }; + "omv" = { + hostname = "192.168.1.3"; + user = "root"; + }; + "webbot" = { + hostname = "192.168.1.11"; + user = "root"; + }; + "nextcloud" = { + hostname = "192.168.1.5"; + user = "root"; + }; + "sound" = { + hostname = "192.168.1.13"; + user = "root"; + }; + "spotify" = { + hostname = "192.168.1.17"; + user = "root"; + }; + "wordpress" = { + hostname = "192.168.1.9"; + user = "root"; + }; + "turn" = { + hostname = "192.168.1.18"; + user = "root"; + }; + "hugo" = { + hostname = "192.168.1.19"; + user = "root"; + }; + "matrix" = { + hostname = "192.168.1.23"; + user = "root"; + }; + "scroll" = { + hostname = "192.168.1.22"; + user = "root"; + }; + "minecraft" = { + hostname = "130.61.119.129"; + user = "opc"; + }; + "sync" = { + hostname = "193.122.53.173"; + user = "root"; #this is a oracle vm server but needs root due to nixos-infect + }; + "songdiver" = { + hostname = "89.168.100.65"; + user = "ubuntu"; + }; + "pkv" = { + hostname = "46.232.248.161"; + user = "root"; + }; + "efficient" = { + hostname = "g0.complang.tuwien.ac.at"; + forwardAgent = true; + user = "ep01427399"; + }; }; }; - }; - +} #+end_src *** Fonts + Theme @@ -5801,10 +5897,11 @@ These section allows home-manager to allow theme settings, and handles some othe This section has been notably empty ever since switching to stylix. Only Emacs is not allowed to be styled by it, because it becomes more ugly compared to my handcrafted setup. -#+begin_src nix :tangle profiles/common/home.nix - - stylix.targets.emacs.enable = false; - +#+begin_src nix :tangle profiles/common/home/stylix.nix + { ... }: + { + stylix.targets.emacs.enable = false; + } #+end_src *** Desktop Entries @@ -5816,53 +5913,55 @@ Some programs lack a dmenu launcher - I define them myself here. TODO: Non-NixOS machines (=sp3) should not use these by default, but instead the programs prefixed with "nixGL". I need to figure out how to automate this process, as it is not feasible to write desktop entries for all programs installed on that machine. -#+begin_src nix :tangle profiles/common/home.nix +#+begin_src nix :tangle profiles/common/home/desktop.nix - xdg.desktopEntries = { + { ... }: + { + xdg.desktopEntries = { + + cura = { + name = "Ultimaker Cura"; + genericName = "Cura"; + exec = "cura"; + terminal = false; + categories = [ "Application" ]; + }; + + anki = { + name = "Anki Flashcards"; + genericName = "Anki"; + exec = "anki"; + terminal = false; + categories = [ "Application" ]; + }; + + # schlidichat = { + # name = "SchildiChat Matrix Client"; + # genericName = "SchildiChat"; + # exec = "schildichat-desktop -enable-features=UseOzonePlatform -ozone-platform=wayland --disable-gpu-driver-bug-workarounds"; + # terminal = false; + # categories = [ "Application"]; + # }; + + element = { + name = "Element Matrix Client"; + genericName = "Element"; + exec = "element-desktop -enable-features=UseOzonePlatform -ozone-platform=wayland --disable-gpu-driver-bug-workarounds"; + terminal = false; + categories = [ "Application" ]; + }; + + emacsclient-newframe = { + name = "Emacs (Client, New Frame)"; + genericName = "Emacs (Client, New Frame)"; + exec = "emacsclient -r %u"; + icon = "emacs"; + terminal = false; + categories = [ "Development" "TextEditor" ]; + }; - cura = { - name = "Ultimaker Cura"; - genericName = "Cura"; - exec = "cura"; - terminal = false; - categories = [ "Application" ]; }; - - anki = { - name = "Anki Flashcards"; - genericName = "Anki"; - exec = "anki"; - terminal = false; - categories = [ "Application" ]; - }; - - # schlidichat = { - # name = "SchildiChat Matrix Client"; - # genericName = "SchildiChat"; - # exec = "schildichat-desktop -enable-features=UseOzonePlatform -ozone-platform=wayland --disable-gpu-driver-bug-workarounds"; - # terminal = false; - # categories = [ "Application"]; - # }; - - element = { - name = "Element Matrix Client"; - genericName = "Element"; - exec = "element-desktop -enable-features=UseOzonePlatform -ozone-platform=wayland --disable-gpu-driver-bug-workarounds"; - terminal = false; - categories = [ "Application" ]; - }; - - emacsclient-newframe = { - name = "Emacs (Client, New Frame)"; - genericName = "Emacs (Client, New Frame)"; - exec = "emacsclient -r %u"; - icon = "emacs"; - terminal = false; - categories = [ "Development" "TextEditor" ]; - }; - - }; - + } #+end_src *** Linking dotfiles @@ -5874,24 +5973,26 @@ This section should be used in order to symlink already existing configuration f As for the `home.sessionVariables`, it should be noted that environment variables that are needed at system start should NOT be loaded here, but instead in `programs.zsh.config.extraSessionCommands` (in the home-manager programs section). This is also where all the wayland related variables are stored. -#+begin_src nix :tangle profiles/common/home.nix +#+begin_src nix :tangle profiles/common/home/symlink.nix + { ... }: + { home.file = { "init.el" = { - source = ../../programs/emacs/init.el; + source = ../../../programs/emacs/init.el; target = ".emacs.d/init.el"; }; "early-init.el" = { - source = ../../programs/emacs/early-init.el; + source = ../../../programs/emacs/early-init.el; target = ".emacs.d/early-init.el"; }; # on NixOS, Emacs does not find the aspell dicts easily. Write the configuration manually ".aspell.conf" = { - source = ../../programs/config/.aspell.conf; + source = ../../../programs/config/.aspell.conf; target = ".aspell.conf"; }; ".gitmessage" = { - source = ../../programs/git/.gitmessage; + source = ../../../programs/git/.gitmessage; target = ".gitmessage"; }; }; @@ -5900,13 +6001,13 @@ As for the `home.sessionVariables`, it should be noted that environment variable Also, we link some files to the users XDG configuration home: -#+begin_src nix :tangle profiles/common/home.nix +#+begin_src nix :tangle profiles/common/home/symlink.nix xdg.configFile = { - "tridactyl/tridactylrc".source = ../../programs/firefox/tridactyl/tridactylrc; - "tridactyl/themes/base16-codeschool.css".source = ../../programs/firefox/tridactyl/themes/base16-codeschool.css; + "tridactyl/tridactylrc".source = ../../../programs/firefox/tridactyl/tridactylrc; + "tridactyl/themes/base16-codeschool.css".source = ../../../programs/firefox/tridactyl/themes/base16-codeschool.css; }; - +} #+end_src *** Sourcing environment variables @@ -5914,12 +6015,13 @@ Also, we link some files to the users XDG configuration home: :CUSTOM_ID: h:4486b02f-4fb8-432b-bfa2-2e786206341d :END: -#+begin_src nix :tangle profiles/common/home.nix - - home.sessionVariables = { - EDITOR = "bash ~/.dotfiles/scripts/editor.sh"; - }; - +#+begin_src nix :tangle profiles/common/home/env.nix + { ... }: + { + home.sessionVariables = { + EDITOR = "bash ~/.dotfiles/scripts/editor.sh"; + }; + } #+end_src *** Programs @@ -5936,50 +6038,53 @@ This houses the configurations for all programs managed by home-manager. This section is for programs that require no further configuration. zsh Integration is enabled by default for these. -#+begin_src nix :tangle profiles/common/home.nix - - programs = { - bottom.enable = true; - imv.enable = true; - sioyek.enable = true; - bat.enable = true; - carapace.enable = true; - wlogout.enable = true; - swayr.enable = true; - yt-dlp.enable = true; - mpv.enable = true; - jq.enable = true; - ripgrep.enable = true; - pandoc.enable = true; - fzf.enable = true; - zoxide.enable = true; - }; +#+begin_src nix :tangle profiles/common/home/programs.nix + { ... }: + { + programs = { + bottom.enable = true; + imv.enable = true; + sioyek.enable = true; + bat.enable = true; + carapace.enable = true; + wlogout.enable = true; + swayr.enable = true; + yt-dlp.enable = true; + mpv.enable = true; + jq.enable = true; + ripgrep.enable = true; + pandoc.enable = true; + fzf.enable = true; + zoxide.enable = true; + }; + } #+end_src *** nix-index nix-index provides a way to find out which packages are provided by which derivations. By default it also comes with a replacement for =command-not-found.sh=, however, the implementation is based on a channel based setup. I like consistency, so I replace the command with one that provides a flakes-based output. -#+begin_src nix :tangle profiles/common/home.nix - - programs.nix-index = - let - command-not-found = pkgs.runCommandLocal "command-not-found.sh" { } '' - mkdir -p $out/etc/profile.d - substitute ${../../scripts/command-not-found.sh} \ - $out/etc/profile.d/command-not-found.sh \ - --replace @nix-locate@ ${pkgs.nix-index}/bin/nix-locate \ - --replace @tput@ ${pkgs.ncurses}/bin/tput - ''; - in - { - enable = true; - package = pkgs.symlinkJoin { - name = "nix-index"; - paths = [ command-not-found ]; +#+begin_src nix :tangle profiles/common/home/nix-index.nix + {pkgs, ...}: + { + programs.nix-index = + let + command-not-found = pkgs.runCommandLocal "command-not-found.sh" { } '' + mkdir -p $out/etc/profile.d + substitute ${../../../scripts/command-not-found.sh} \ + $out/etc/profile.d/command-not-found.sh \ + --replace @nix-locate@ ${pkgs.nix-index}/bin/nix-locate \ + --replace @tput@ ${pkgs.ncurses}/bin/tput + ''; + in + { + enable = true; + package = pkgs.symlinkJoin { + name = "nix-index"; + paths = [ command-not-found ]; + }; }; - }; - + } #+end_src *** password-store @@ -5989,13 +6094,17 @@ nix-index provides a way to find out which packages are provided by which deriva Enables password store with the =pass-otp= extension which allows me to store and generate one-time-passwords. -#+begin_src nix :tangle profiles/common/home.nix - - programs.password-store = { - enable = true; - package = pkgs.pass.withExtensions (exts: [ exts.pass-otp ]); - }; - +#+begin_src nix :tangle profiles/common/home/password-store.nix + { pkgs, ... }: + { + programs.password-store = { + enable = true; + settings = { + PASSWORD_STORE_DIR = "$HOME/.local/share/password-store"; + }; + package = pkgs.pass.withExtensions (exts: [ exts.pass-otp ]); + }; +} #+end_src *** direnv @@ -6005,13 +6114,14 @@ Enables password store with the =pass-otp= extension which allows me to store an Enables direnv, which I use for nearly all of my nix dev flakes. -#+begin_src nix :tangle profiles/common/home.nix - - programs.direnv = { - enable = true; - nix-direnv.enable = true; - }; - +#+begin_src nix :tangle profiles/common/home/direnv.nix + { ... }: + { + programs.direnv = { + enable = true; + nix-direnv.enable = true; + }; + } #+end_src *** eza @@ -6021,18 +6131,19 @@ Enables direnv, which I use for nearly all of my nix dev flakes. Eza provides me with a better =ls= command and some other useful aliases. -#+begin_src nix :tangle profiles/common/home.nix - - programs.eza = { - enable = true; - icons = true; - git = true; - extraOptions = [ - "-l" - "--group-directories-first" - ]; - }; - +#+begin_src nix :tangle profiles/common/home/eza.nix + { ... }: + { + programs.eza = { + enable = true; + icons = true; + git = true; + extraOptions = [ + "-l" + "--group-directories-first" + ]; + }; + } #+end_src *** git @@ -6042,45 +6153,46 @@ Eza provides me with a better =ls= command and some other useful aliases. Here I set up my git config, automatic signing of commits, useful aliases for my ost used commands (for when I am not using [[#h:d2c7323d-f8c6-4f23-b70a-930e3e4ecce5][Magit]]) as well as a git template defined in [[#h:5ef03803-e150-41bc-b603-e80d60d96efc][Linking dotfiles]]. -#+begin_src nix :tangle profiles/common/home.nix - - programs.git = { - enable = true; - aliases = { - a = "add"; - c = "commit"; - cl = "clone"; - co = "checkout"; - b = "branch"; - i = "init"; - m = "merge"; - s = "status"; - r = "restore"; - p = "pull"; - pp = "push"; - }; - signing = { - key = "0x76FD3810215AE097"; - signByDefault = true; - }; - userEmail = "leon.schwarzaeugl@gmail.com"; - userName = "Swarsel"; - difftastic.enable = true; - lfs.enable = true; - includes = [ - { - contents = { - github = { - user = "Swarsel"; +#+begin_src nix :tangle profiles/common/home/git.nix + { ... }: + { + programs.git = { + enable = true; + aliases = { + a = "add"; + c = "commit"; + cl = "clone"; + co = "checkout"; + b = "branch"; + i = "init"; + m = "merge"; + s = "status"; + r = "restore"; + p = "pull"; + pp = "push"; + }; + signing = { + key = "0x76FD3810215AE097"; + signByDefault = true; + }; + userEmail = "leon.schwarzaeugl@gmail.com"; + userName = "Swarsel"; + difftastic.enable = true; + lfs.enable = true; + includes = [ + { + contents = { + github = { + user = "Swarsel"; + }; + commit = { + template = "~/.gitmessage"; + }; }; - commit = { - template = "~/.gitmessage"; - }; - }; - } - ]; - }; - + } + ]; + }; + } #+end_src *** Fuzzel @@ -6090,20 +6202,21 @@ Here I set up my git config, automatic signing of commits, useful aliases for my Here I only need to set basic layout options - the rest is being managed by stylix. -#+begin_src nix :tangle profiles/common/home.nix - - programs.fuzzel = { - enable = true; - settings = { - main = { - layer = "overlay"; - lines = "10"; - width = "40"; +#+begin_src nix :tangle profiles/common/home/fuzzel.nix + { ... }: + { + programs.fuzzel = { + enable = true; + settings = { + main = { + layer = "overlay"; + lines = "10"; + width = "40"; + }; + border.radius = "0"; }; - border.radius = "0"; }; - }; - + } #+end_src *** Starship @@ -6113,112 +6226,113 @@ Here I only need to set basic layout options - the rest is being managed by styl Starship makes my =zsh= look cooler! I have symbols for most programming languages and toolchains, also I build my own powerline. -#+begin_src nix :tangle profiles/common/home.nix +#+begin_src nix :tangle profiles/common/home/starship.nix + { ... }: + { + programs.starship = { + enable = true; + enableZshIntegration = true; + settings = { + add_newline = false; + format = "$character"; + right_format = "$all"; + command_timeout = 3000; - programs.starship = { - enable = true; - enableZshIntegration = true; - settings = { - add_newline = false; - format = "$character"; - right_format = "$all"; - command_timeout = 3000; + directory.substitutions = { + "Documents" = "󰈙 "; + "Downloads" = " "; + "Music" = " "; + "Pictures" = " "; + }; - directory.substitutions = { - "Documents" = "󰈙 "; - "Downloads" = " "; - "Music" = " "; - "Pictures" = " "; + git_status = { + style = "bg:#394260"; + format = "[[($all_status$ahead_behind )](fg:#769ff0 bg:#394260)]($style)"; + }; + + character = { + success_symbol = "[λ](bold green)"; + error_symbol = "[λ](bold red)"; + }; + + aws.symbol = " "; + buf.symbol = " "; + c.symbol = " "; + conda.symbol = " "; + dart.symbol = " "; + directory.read_only = " 󰌾"; + docker_context.symbol = " "; + elixir.symbol = " "; + elm.symbol = " "; + fossil_branch.symbol = " "; + git_branch.symbol = " "; + golang.symbol = " "; + guix_shell.symbol = " "; + haskell.symbol = " "; + haxe.symbol = " "; + hg_branch.symbol = " "; + hostname.ssh_symbol = " "; + java.symbol = " "; + julia.symbol = " "; + lua.symbol = " "; + memory_usage.symbol = "󰍛 "; + meson.symbol = "󰔷 "; + nim.symbol = "󰆥 "; + nix_shell.symbol = " "; + nodejs.symbol = " "; + + os.symbols = { + Alpaquita = " "; + Alpine = " "; + Amazon = " "; + Android = " "; + Arch = " "; + Artix = " "; + CentOS = " "; + Debian = " "; + DragonFly = " "; + Emscripten = " "; + EndeavourOS = " "; + Fedora = " "; + FreeBSD = " "; + Garuda = "󰛓 "; + Gentoo = " "; + HardenedBSD = "󰞌 "; + Illumos = "󰈸 "; + Linux = " "; + Mabox = " "; + Macos = " "; + Manjaro = " "; + Mariner = " "; + MidnightBSD = " "; + Mint = " "; + NetBSD = " "; + NixOS = " "; + OpenBSD = "󰈺 "; + openSUSE = " "; + OracleLinux = "󰌷 "; + Pop = " "; + Raspbian = " "; + Redhat = " "; + RedHatEnterprise = " "; + Redox = "󰀘 "; + Solus = "󰠳 "; + SUSE = " "; + Ubuntu = " "; + Unknown = " "; + Windows = "󰍲 "; + }; + + package.symbol = "󰏗 "; + pijul_channel.symbol = " "; + python.symbol = " "; + rlang.symbol = "󰟔 "; + ruby.symbol = " "; + rust.symbol = " "; + scala.symbol = " "; }; - - git_status = { - style = "bg:#394260"; - format = "[[($all_status$ahead_behind )](fg:#769ff0 bg:#394260)]($style)"; - }; - - character = { - success_symbol = "[λ](bold green)"; - error_symbol = "[λ](bold red)"; - }; - - aws.symbol = " "; - buf.symbol = " "; - c.symbol = " "; - conda.symbol = " "; - dart.symbol = " "; - directory.read_only = " 󰌾"; - docker_context.symbol = " "; - elixir.symbol = " "; - elm.symbol = " "; - fossil_branch.symbol = " "; - git_branch.symbol = " "; - golang.symbol = " "; - guix_shell.symbol = " "; - haskell.symbol = " "; - haxe.symbol = " "; - hg_branch.symbol = " "; - hostname.ssh_symbol = " "; - java.symbol = " "; - julia.symbol = " "; - lua.symbol = " "; - memory_usage.symbol = "󰍛 "; - meson.symbol = "󰔷 "; - nim.symbol = "󰆥 "; - nix_shell.symbol = " "; - nodejs.symbol = " "; - - os.symbols = { - Alpaquita = " "; - Alpine = " "; - Amazon = " "; - Android = " "; - Arch = " "; - Artix = " "; - CentOS = " "; - Debian = " "; - DragonFly = " "; - Emscripten = " "; - EndeavourOS = " "; - Fedora = " "; - FreeBSD = " "; - Garuda = "󰛓 "; - Gentoo = " "; - HardenedBSD = "󰞌 "; - Illumos = "󰈸 "; - Linux = " "; - Mabox = " "; - Macos = " "; - Manjaro = " "; - Mariner = " "; - MidnightBSD = " "; - Mint = " "; - NetBSD = " "; - NixOS = " "; - OpenBSD = "󰈺 "; - openSUSE = " "; - OracleLinux = "󰌷 "; - Pop = " "; - Raspbian = " "; - Redhat = " "; - RedHatEnterprise = " "; - Redox = "󰀘 "; - Solus = "󰠳 "; - SUSE = " "; - Ubuntu = " "; - Unknown = " "; - Windows = "󰍲 "; - }; - - package.symbol = "󰏗 "; - pijul_channel.symbol = " "; - python.symbol = " "; - rlang.symbol = "󰟔 "; - ruby.symbol = " "; - rust.symbol = " "; - scala.symbol = " "; }; - }; - +} #+end_src *** Kitty @@ -6230,18 +6344,19 @@ Kitty is the terminal emulator of choice for me, it is nice to configure using n The theme is handled by stylix. -#+begin_src nix :tangle profiles/common/home.nix - - programs.kitty = { - enable = true; - keybindings = { - "ctrl+shift+left" = "no_op"; - "ctrl+shift+right" = "no_op"; - "ctrl+shift+home" = "no_op"; - "ctrl+shift+end" = "no_op"; +#+begin_src nix :tangle profiles/common/home/kitty.nix + { ... }: + { + programs.kitty = { + enable = true; + keybindings = { + "ctrl+shift+left" = "no_op"; + "ctrl+shift+right" = "no_op"; + "ctrl+shift+home" = "no_op"; + "ctrl+shift+end" = "no_op"; + }; }; - }; - + } #+end_src *** zsh @@ -6253,57 +6368,58 @@ zsh is the most convenient shell for me and it happens to be super neat to confi Here we set some aliases (some of them should be shellApplications instead) as well as some zsh plugins like =fzf-tab=. -#+begin_src nix :tangle profiles/common/home.nix - - programs.zsh = { - enable = true; - shellAliases = { - hg = "history | grep"; - hmswitch = "cd ~/.dotfiles; home-manager --flake .#$(whoami)@$(hostname) switch; cd -;"; - nswitch = "cd ~/.dotfiles; sudo nixos-rebuild --flake .#$(hostname) switch; cd -;"; - edithome = "bash ~/.dotfiles/scripts/editor.sh ~/.dotfiles/Nix.org"; - magit = "emacsclient -nc -e \"(magit-status)\""; - config = "git --git-dir=$HOME/.cfg/ --work-tree=$HOME"; - g = "git"; - c = "git --git-dir=$HOME/.dotfiles/.git --work-tree=$HOME/.dotfiles/"; - passpush = "cd ~/.local/share/password-store; git add .; git commit -m 'pass file changes'; git push; cd -;"; - passpull = "cd ~/.local/share/password-store; git pull; cd -;"; - hotspot = "nmcli connection up local; nmcli device wifi hotspot;"; - cd = "z"; - cdr = "cd \"$( (find /home/swarsel/Documents/GitHub -maxdepth 1 && echo /home/swarsel/.dotfiles) | fzf )\""; +#+begin_src nix :tangle profiles/common/home/zsh.nix + { pkgs, ... }: + { + programs.zsh = { + enable = true; + shellAliases = { + hg = "history | grep"; + hmswitch = "cd ~/.dotfiles; home-manager --flake .#$(whoami)@$(hostname) switch; cd -;"; + nswitch = "cd ~/.dotfiles; sudo nixos-rebuild --flake .#$(hostname) switch; cd -;"; + edithome = "bash ~/.dotfiles/scripts/editor.sh ~/.dotfiles/Nix.org"; + magit = "emacsclient -nc -e \"(magit-status)\""; + config = "git --git-dir=$HOME/.cfg/ --work-tree=$HOME"; + g = "git"; + c = "git --git-dir=$HOME/.dotfiles/.git --work-tree=$HOME/.dotfiles/"; + passpush = "cd ~/.local/share/password-store; git add .; git commit -m 'pass file changes'; git push; cd -;"; + passpull = "cd ~/.local/share/password-store; git pull; cd -;"; + hotspot = "nmcli connection up local; nmcli device wifi hotspot;"; + cd = "z"; + cdr = "cd \"$( (find /home/swarsel/Documents/GitHub -maxdepth 1 && echo /home/swarsel/.dotfiles) | fzf )\""; + }; + autosuggestion.enable = true; + enableCompletion = true; + syntaxHighlighting.enable = true; + autocd = false; + cdpath = [ + "~/.dotfiles" + # "~/Documents/GitHub" + ]; + defaultKeymap = "emacs"; + dirHashes = { + dl = "$HOME/Downloads"; + gh = "$HOME/Documents/GitHub"; + }; + history = { + expireDuplicatesFirst = true; + path = "$HOME/.histfile"; + save = 10000; + size = 10000; + }; + historySubstringSearch.enable = true; + plugins = [ + { + name = "fzf-tab"; + src = pkgs.zsh-fzf-tab; + } + ]; + initExtra = '' + bindkey "^[[1;5D" backward-word + bindkey "^[[1;5C" forward-word + ''; }; - autosuggestion.enable = true; - enableCompletion = true; - syntaxHighlighting.enable = true; - autocd = false; - cdpath = [ - "~/.dotfiles" - # "~/Documents/GitHub" - ]; - defaultKeymap = "emacs"; - dirHashes = { - dl = "$HOME/Downloads"; - gh = "$HOME/Documents/GitHub"; - }; - history = { - expireDuplicatesFirst = true; - path = "$HOME/.histfile"; - save = 10000; - size = 10000; - }; - historySubstringSearch.enable = true; - plugins = [ - { - name = "fzf-tab"; - src = pkgs.zsh-fzf-tab; - } - ]; - initExtra = '' - bindkey "^[[1;5D" backward-word - bindkey "^[[1;5C" forward-word - ''; - }; - + } #+end_src *** Mail @@ -6313,11 +6429,16 @@ Here we set some aliases (some of them should be shellApplications instead) as w Normally I use 4 mail accounts - here I set them all up. Three of them are Google accounts (sadly), which are a chore to setup. The last is just a sender account that I setup SMTP for here. -#+begin_src nix :tangle profiles/common/home.nix +#+begin_src nix :tangle profiles/common/home/mail.nix + { config, ...}: + { programs.mbsync = { enable = true; }; + services.mbsync = { + enable = true; + }; # this is needed so that mbsync can use the passwords from sops systemd.user.services.mbsync.Unit.After = [ "sops-nix.service" ]; @@ -6442,7 +6563,7 @@ Normally I use 4 mail accounts - here I set them all up. Three of them are Googl }; }; }; - + } #+end_src *** Home-manager: Emacs @@ -6454,54 +6575,61 @@ By using the emacs-overlay NixOS module, I can install all Emacs packages that I Lastly, I am defining some more packages here that the parser has problems finding. Also there are some packages that are not in ELPA or MELPA that I still want to use, like =calfw= and =fast-scroll=, so I build them here. -#+begin_src nix :tangle profiles/common/home.nix +#+begin_src nix :tangle profiles/common/home/emacs.nix + { pkgs, ... }: + { + # enable emacs overlay for bleeding edge features + # also read init.el file and install use-package packages + programs.emacs = { + enable = true; + package = pkgs.emacsWithPackagesFromUsePackage { + config = ../../../programs/emacs/init.el; + package = pkgs.emacs-pgtk; + alwaysEnsure = true; + alwaysTangle = true; + extraEmacsPackages = epkgs: [ + epkgs.mu4e + epkgs.use-package + # epkgs.lsp-bridge + epkgs.doom-themes - # enable emacs overlay for bleeding edge features - # also read init.el file and install use-package packages - programs.emacs = { - enable = true; - package = pkgs.emacsWithPackagesFromUsePackage { - config = ../../programs/emacs/init.el; - package = pkgs.emacs-pgtk; - alwaysEnsure = true; - alwaysTangle = true; - extraEmacsPackages = epkgs: [ - epkgs.mu4e - epkgs.use-package - # epkgs.lsp-bridge - epkgs.doom-themes + # build the rest of the packages myself + # org-calfw is severely outdated on MELPA and throws many warnings on emacs startup + # build the package from the haji-ali fork, which is well-maintained + (epkgs.trivialBuild rec { + pname = "calfw"; + version = "1.0.0-20231002"; + src = pkgs.fetchFromGitHub { + owner = "haji-ali"; + repo = "emacs-calfw"; + rev = "bc99afee611690f85f0cd0bd33300f3385ddd3d3"; + hash = "sha256-0xMII1KJhTBgQ57tXJks0ZFYMXIanrOl9XyqVmu7a7Y="; + }; + packageRequires = [ epkgs.howm ]; + }) - # build the rest of the packages myself - # org-calfw is severely outdated on MELPA and throws many warnings on emacs startup - # build the package from the haji-ali fork, which is well-maintained - (epkgs.trivialBuild rec { - pname = "calfw"; - version = "1.0.0-20231002"; - src = pkgs.fetchFromGitHub { - owner = "haji-ali"; - repo = "emacs-calfw"; - rev = "bc99afee611690f85f0cd0bd33300f3385ddd3d3"; - hash = "sha256-0xMII1KJhTBgQ57tXJks0ZFYMXIanrOl9XyqVmu7a7Y="; - }; - packageRequires = [ epkgs.howm ]; - }) + (epkgs.trivialBuild rec { + pname = "fast-scroll"; + version = "1.0.0-20191016"; + src = pkgs.fetchFromGitHub { + owner = "ahungry"; + repo = "fast-scroll"; + rev = "3f6ca0d5556fe9795b74714304564f2295dcfa24"; + hash = "sha256-w1wmJW7YwXyjvXJOWdN2+k+QmhXr4IflES/c2bCX3CI="; + }; + packageRequires = [ ]; + }) - (epkgs.trivialBuild rec { - pname = "fast-scroll"; - version = "1.0.0-20191016"; - src = pkgs.fetchFromGitHub { - owner = "ahungry"; - repo = "fast-scroll"; - rev = "3f6ca0d5556fe9795b74714304564f2295dcfa24"; - hash = "sha256-w1wmJW7YwXyjvXJOWdN2+k+QmhXr4IflES/c2bCX3CI="; - }; - packageRequires = [ ]; - }) - - ]; + ]; + }; }; - }; + services.emacs = { + enable = true; + # socketActivation.enable = false; + # startWithUserSession = "graphical"; + }; + } #+end_src *** Waybar @@ -6515,8 +6643,10 @@ The rest of this configuration is found here: - [[#h:47749e76-3f25-485a-9e98-c7ce3a4ad444][Waybar items - PC]] - [[#h:f3cf9bdc-6826-4d8e-ba5a-253ef098a9b8][Waybar items - LAPTOPS]] -#+begin_src nix :tangle profiles/common/home.nix +#+begin_src nix :tangle profiles/common/home/waybar.nix + { ... }: + { programs.waybar = { enable = true; @@ -6705,9 +6835,9 @@ The rest of this configuration is found here: }; }; }; - style = builtins.readFile ../../programs/waybar/style.css; + style = builtins.readFile ../../../programs/waybar/style.css; }; - + } #+end_src *** Firefox @@ -6723,104 +6853,105 @@ Also, I setup some search aliases for functions I often use, such as NixOS optio I used to build the firefox addon =bypass-paywalls-clean= myself here, but the maintainer always deletes old packages, and it became a chore for me to maintain here, so I no longer do that. -#+begin_src nix :tangle profiles/common/home.nix - - programs.firefox = { - enable = true; - package = pkgs.firefox.override { - nativeMessagingHosts = [ - pkgs.tridactyl-native - pkgs.browserpass - pkgs.plasma5Packages.plasma-browser-integration - ]; - }; - policies = { - CaptivePortal = false; - DisableFirefoxStudies = true; - DisablePocket = true; - DisableTelemetry = true; - DisableFirefoxAccounts = false; - NoDefaultBookmarks = true; - OfferToSaveLogins = false; - OfferToSaveLoginsDefault = false; - EnableTrackingProtection = true; - }; - profiles.default = { - isDefault = true; - userChrome = builtins.readFile ../../programs/firefox/chrome/userChrome.css; - extensions = with pkgs.nur.repos.rycee.firefox-addons; [ - tridactyl - browserpass - clearurls - darkreader - enhancer-for-youtube - istilldontcareaboutcookies - translate-web-pages - ublock-origin - reddit-enhancement-suite - pushbullet - sponsorblock - web-archives - single-file - widegithub - enhanced-github - unpaywall - don-t-fuck-with-paste - plasma-integration - ]; - - search.engines = { - "Nix Packages" = { - urls = [{ - template = "https://search.nixos.org/packages"; - params = [ - { name = "type"; value = "packages"; } - { name = "query"; value = "{searchTerms}"; } - ]; - }]; - icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; - definedAliases = [ "@np" ]; - }; - - "NixOS Wiki" = { - urls = [{ - template = "https://nixos.wiki/index.php?search={searchTerms}"; - }]; - iconUpdateURL = "https://nixos.wiki/favicon.png"; - updateInterval = 24 * 60 * 60 * 1000; # every day - definedAliases = [ "@nw" ]; - }; - - "NixOS Options" = { - urls = [{ - template = "https://search.nixos.org/options"; - params = [ - { name = "query"; value = "{searchTerms}"; } - ]; - }]; - - icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; - definedAliases = [ "@no" ]; - }; - - "Home Manager Options" = { - urls = [{ - template = "https://home-manager-options.extranix.com/"; - params = [ - { name = "query"; value = "{searchTerms}"; } - ]; - }]; - - icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; - definedAliases = [ "@hm" "@ho" "@hmo" ]; - }; - - "Google".metaData.alias = "@g"; +#+begin_src nix :tangle profiles/common/home/firefox.nix + { pkgs, ... }: + { + programs.firefox = { + enable = true; + package = pkgs.firefox.override { + nativeMessagingHosts = [ + pkgs.tridactyl-native + pkgs.browserpass + pkgs.plasma5Packages.plasma-browser-integration + ]; }; - search.force = true; # this is required because otherwise the search.json.mozlz4 symlink gets replaced on every firefox restart - }; - }; + policies = { + CaptivePortal = false; + DisableFirefoxStudies = true; + DisablePocket = true; + DisableTelemetry = true; + DisableFirefoxAccounts = false; + NoDefaultBookmarks = true; + OfferToSaveLogins = false; + OfferToSaveLoginsDefault = false; + EnableTrackingProtection = true; + }; + profiles.default = { + isDefault = true; + userChrome = builtins.readFile ../../../programs/firefox/chrome/userChrome.css; + extensions = with pkgs.nur.repos.rycee.firefox-addons; [ + tridactyl + browserpass + clearurls + darkreader + enhancer-for-youtube + istilldontcareaboutcookies + translate-web-pages + ublock-origin + reddit-enhancement-suite + pushbullet + sponsorblock + web-archives + single-file + widegithub + enhanced-github + unpaywall + don-t-fuck-with-paste + plasma-integration + ]; + search.engines = { + "Nix Packages" = { + urls = [{ + template = "https://search.nixos.org/packages"; + params = [ + { name = "type"; value = "packages"; } + { name = "query"; value = "{searchTerms}"; } + ]; + }]; + icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; + definedAliases = [ "@np" ]; + }; + + "NixOS Wiki" = { + urls = [{ + template = "https://nixos.wiki/index.php?search={searchTerms}"; + }]; + iconUpdateURL = "https://nixos.wiki/favicon.png"; + updateInterval = 24 * 60 * 60 * 1000; # every day + definedAliases = [ "@nw" ]; + }; + + "NixOS Options" = { + urls = [{ + template = "https://search.nixos.org/options"; + params = [ + { name = "query"; value = "{searchTerms}"; } + ]; + }]; + + icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; + definedAliases = [ "@no" ]; + }; + + "Home Manager Options" = { + urls = [{ + template = "https://home-manager-options.extranix.com/"; + params = [ + { name = "query"; value = "{searchTerms}"; } + ]; + }]; + + icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; + definedAliases = [ "@hm" "@ho" "@hmo" ]; + }; + + "Google".metaData.alias = "@g"; + }; + search.force = true; # this is required because otherwise the search.json.mozlz4 symlink gets replaced on every firefox restart + }; + }; + } #+end_src *** Services @@ -6837,27 +6968,14 @@ Services that can be defined through home-manager should be defined here. Used for storing sessions in e.g. Nextcloud -#+begin_src nix :tangle profiles/common/home.nix +#+begin_src nix :tangle profiles/common/home/gnome-keyring.nix + { ... }: + { services.gnome-keyring = { enable = true; }; - -#+end_src - -**** mbsync -:PROPERTIES: -:CUSTOM_ID: h:06d34282-5c75-4c21-a857-604f129ce911 -:END: - -Used for syncing mail. This might be automatically enabled by my mail configuration, but I like to make sure. - -#+begin_src nix :tangle profiles/common/home.nix - - services.mbsync = { - enable = true; - }; - + } #+end_src **** KDE Connect @@ -6867,47 +6985,14 @@ Used for syncing mail. This might be automatically enabled by my mail configurat This enables phone/computer communication, including sending clipboard, files etc. Sadly on Wayland many of the features are broken (like remote control). -#+begin_src nix :tangle profiles/common/home.nix - - services.kdeconnect = { - enable = true; - indicator = true; - }; - -#+end_src - -**** syncthing -:PROPERTIES: -:CUSTOM_ID: h:a17df4b8-1044-4569-b1b9-6c99ae354654 -:END: - -Enables the syncthing service which talks to my syncthing instance on the Oracle cloud as well as my home server. - -#+begin_src nix :tangle profiles/common/home.nix - - services.syncthing = { - enable = false; - tray = { - enable = false; # we enable this by installing the syncthingtray package instead, it works better. +#+begin_src nix :tangle profiles/common/home/kdeconnect.nix + { ... }: + { + services.kdeconnect = { + enable = true; + indicator = true; }; - }; - -#+end_src - -**** Emacs server -:PROPERTIES: -:CUSTOM_ID: h:1f5a04de-0898-41ba-8134-741e4aeb0f79 -:END: - -This enables the Emacs server. This allows me to invocate Emacs by using =emacsclient= instead, which is a lot faster. - -#+begin_src nix :tangle profiles/common/home.nix - - services.emacs = { - enable = true; - # socketActivation.enable = false; - # startWithUserSession = "graphical"; - }; + } #+end_src **** Mako @@ -6919,36 +7004,37 @@ Desktop notifications! The `extraConfig` section here CANNOT be reindented. This has something to do with how nix handles multiline strings, when indented Mako will fail to start. This might be a mako bug as well. -#+begin_src nix :tangle profiles/common/home.nix - - services.mako = { - enable = true; - # backgroundColor = "#2e3440"; - # borderColor = "#88c0d0"; - borderRadius = 15; - borderSize = 1; - defaultTimeout = 5000; - height = 150; - icons = true; - ignoreTimeout = true; - layer = "overlay"; - maxIconSize = 64; - sort = "-time"; - width = 300; - # font = "monospace 10"; - extraConfig = "[urgency=low] - border-color=#cccccc - [urgency=normal] - border-color=#d08770 - [urgency=high] - border-color=#bf616a - default-timeout=3000 - [category=mpd] - default-timeout=2000 - group-by=category - "; - }; - +#+begin_src nix :tangle profiles/common/home/mako.nix + { ... }: + { + services.mako = { + enable = true; + # backgroundColor = "#2e3440"; + # borderColor = "#88c0d0"; + borderRadius = 15; + borderSize = 1; + defaultTimeout = 5000; + height = 150; + icons = true; + ignoreTimeout = true; + layer = "overlay"; + maxIconSize = 64; + sort = "-time"; + width = 300; + # font = "monospace 10"; + extraConfig = "[urgency=low] + border-color=#cccccc + [urgency=normal] + border-color=#d08770 + [urgency=high] + border-color=#bf616a + default-timeout=3000 + [category=mpd] + default-timeout=2000 + group-by=category + "; + }; +} #+end_src *** Sway @@ -6960,302 +7046,284 @@ I am currently using SwayFX, which adds some nice effects to sway, like rounded Currently, I am too lazy to explain every option here, but most of it is very self-explaining in any case. -#+begin_src nix :tangle profiles/common/home.nix - - wayland.windowManager.sway = { - enable = true; - checkConfig = false; # delete this line once SwayFX is fixed upstream - package = pkgs.swayfx; - systemd = { +#+begin_src nix :tangle profiles/common/home/sway.nix + { config, pkgs, ... }: + { + wayland.windowManager.sway = { enable = true; - xdgAutostart = true; - }; - wrapperFeatures.gtk = true; - config = rec { - modifier = "Mod4"; - terminal = "kitty"; - menu = "fuzzel"; - bars = [{ command = "waybar"; }]; - keybindings = + checkConfig = false; # delete this line once SwayFX is fixed upstream + package = pkgs.swayfx; + systemd = { + enable = true; + xdgAutostart = true; + }; + wrapperFeatures.gtk = true; + config = rec { + modifier = "Mod4"; + terminal = "kitty"; + menu = "fuzzel"; + bars = [{ command = "waybar"; }]; + keybindings = + let + inherit (config.wayland.windowManager.sway.config) modifier; + in + { + "${modifier}+q" = "kill"; + "${modifier}+f" = "exec firefox"; + "${modifier}+Space" = "exec fuzzel"; + "${modifier}+Shift+Space" = "floating toggle"; + "${modifier}+e" = "exec emacsclient -nquc -a emacs -e \"(dashboard-open)\""; + "${modifier}+Shift+m" = "exec emacsclient -nquc -a emacs -e \"(mu4e)\""; + "${modifier}+Shift+c" = "exec emacsclient -nquc -a emacs -e \"(swarsel/open-calendar)\""; + "${modifier}+Shift+s" = "exec \"bash ~/.dotfiles/scripts/checkspotify.sh\""; + "${modifier}+m" = "exec \"bash ~/.dotfiles/scripts/checkspotifytui.sh\""; + "${modifier}+x" = "exec \"bash ~/.dotfiles/scripts/checkkitty.sh\""; + "${modifier}+d" = "exec \"bash ~/.dotfiles/scripts/checkdiscord.sh\""; + "${modifier}+Shift+r" = "exec \"bash ~/.dotfiles/scripts/restart.sh\""; + "${modifier}+Shift+t" = "exec \"bash ~/.dotfiles/scripts/toggle_opacity.sh\""; + "${modifier}+Shift+F12" = "move scratchpad"; + "${modifier}+F12" = "scratchpad show"; + "${modifier}+c" = "exec qalculate-gtk"; + "${modifier}+p" = "exec pass-fuzzel"; + "${modifier}+o" = "exec pass-fuzzel-otp"; + "${modifier}+Shift+p" = "exec pass-fuzzel --type"; + "${modifier}+Shift+o" = "exec pass-fuzzel-otp --type"; + "${modifier}+Escape" = "mode $exit"; + # "${modifier}+Shift+Escape" = "exec com.github.stsdc.monitor"; + "${modifier}+Shift+Escape" = "exec kitty -o confirm_os_window_close=0 btm"; + "${modifier}+s" = "exec grim -g \"$(slurp)\" -t png - | wl-copy -t image/png"; + "${modifier}+i" = "exec \"bash ~/.dotfiles/scripts/startup.sh\""; + "${modifier}+1" = "workspace 1:一"; + "${modifier}+Shift+1" = "move container to workspace 1:一"; + "${modifier}+2" = "workspace 2:二"; + "${modifier}+Shift+2" = "move container to workspace 2:二"; + "${modifier}+3" = "workspace 3:三"; + "${modifier}+Shift+3" = "move container to workspace 3:三"; + "${modifier}+4" = "workspace 4:四"; + "${modifier}+Shift+4" = "move container to workspace 4:四"; + "${modifier}+5" = "workspace 5:五"; + "${modifier}+Shift+5" = "move container to workspace 5:五"; + "${modifier}+6" = "workspace 6:六"; + "${modifier}+Shift+6" = "move container to workspace 6:六"; + "${modifier}+7" = "workspace 7:七"; + "${modifier}+Shift+7" = "move container to workspace 7:七"; + "${modifier}+8" = "workspace 8:八"; + "${modifier}+Shift+8" = "move container to workspace 8:八"; + "${modifier}+9" = "workspace 9:九"; + "${modifier}+Shift+9" = "move container to workspace 9:九"; + "${modifier}+0" = "workspace 10:十"; + "${modifier}+Shift+0" = "move container to workspace 10:十"; + "XF86AudioRaiseVolume" = "exec pactl set-sink-volume @DEFAULT_SINK@ +5%"; + "XF86AudioLowerVolume" = "exec pactl set-sink-volume @DEFAULT_SINK@ -5%"; + "${modifier}+Left" = "focus left"; + "${modifier}+Right" = "focus right"; + "${modifier}+Down" = "focus down"; + "${modifier}+Up" = "focus up"; + "${modifier}+Shift+Left" = "move left 40px"; + "${modifier}+Shift+Right" = "move right 40px"; + "${modifier}+Shift+Down" = "move down 40px"; + "${modifier}+Shift+Up" = "move up 40px"; + "${modifier}+h" = "focus left"; + "${modifier}+l" = "focus right"; + "${modifier}+j" = "focus down"; + "${modifier}+k" = "focus up"; + "${modifier}+Shift+h" = "move left 40px"; + "${modifier}+Shift+l" = "move right 40px"; + "${modifier}+Shift+j" = "move down 40px"; + "${modifier}+Shift+k" = "move up 40px"; + "${modifier}+Ctrl+Shift+c" = "reload"; + "${modifier}+Shift+e" = "exec swaynag -t warning -m 'You pressed the exit shortcut. Do you really want to exit sway? This will end your Wayland session.' -b 'Yes, exit sway' 'swaymsg exit'"; + "${modifier}+r" = "mode resize"; + "${modifier}+Return" = "exec kitty"; + }; + modes = { + resize = { + Down = "resize grow height 10 px or 10 ppt"; + Escape = "mode default"; + Left = "resize shrink width 10 px or 10 ppt"; + Return = "mode default"; + Right = "resize grow width 10 px or 10 ppt"; + Up = "resize shrink height 10 px or 10 ppt"; + }; + }; + defaultWorkspace = "workspace 1:一"; + startup = [ + { command = "kitty -T kittyterm"; } + { command = "sleep 60; kitty -T spotifytui -o confirm_os_window_close=0 spotify_player"; } + ]; + window = { + border = 1; + titlebar = false; + }; + assigns = { + "1:一" = [{ app_id = "firefox"; }]; + }; + floating = { + border = 1; + criteria = [ + { title = "^Picture-in-Picture$"; } + { app_id = "qalculate-gtk"; } + { app_id = "org.gnome.clocks"; } + { app_id = "com.github.stsdc.monitor"; } + { app_id = "blueman"; } + { app_id = "pavucontrol"; } + { app_id = "syncthingtray"; } + { title = "Syncthing Tray"; } + { app_id = "SchildiChat"; } + { app_id = "Element"; } + { app_id = "com.nextcloud.desktopclient.nextcloud"; } + { app_id = "gnome-system-monitor"; } + { title = "(?:Open|Save) (?:File|Folder|As)"; } + { title = "^Add$"; } + { title = "com-jgoodies-jdiskreport-JDiskReport"; } + { app_id = "discord"; } + { window_role = "pop-up"; } + { window_role = "bubble"; } + { window_role = "dialog"; } + { window_role = "task_dialog"; } + { window_role = "menu"; } + { window_role = "Preferences"; } + ]; + titlebar = false; + }; + window = { + commands = [ + { + command = "opacity 0.95"; + criteria = { + class = ".*"; + }; + } + { + command = "opacity 1"; + criteria = { + app_id = "Gimp-2.10"; + }; + } + { + command = "opacity 0.99"; + criteria = { + app_id = "firefox"; + }; + } + { + command = "sticky enable, shadows enable"; + criteria = { + title = "^Picture-in-Picture$"; + }; + } + { + command = "opacity 0.8, sticky enable, border normal, move container to scratchpad"; + criteria = { + title = "^kittyterm$"; + }; + } + { + command = "opacity 0.95, sticky enable, border normal, move container to scratchpad"; + criteria = { + title = "^spotifytui$"; + }; + } + # { + # command = "resize set width 60 ppt height 60 ppt, sticky enable, move container to scratchpad"; + # criteria = { + # app_id="^$"; + # class="^$"; + # }; + # } + { + + command = "resize set width 60 ppt height 60 ppt, sticky enable, move container to scratchpad"; + criteria = { + class = "Spotify"; + }; + } + { + command = "sticky enable"; + criteria = { + app_id = "discord"; + }; + } + { + command = "resize set width 60 ppt height 60 ppt, sticky enable"; + criteria = { + class = "Element"; + }; + } + { + command = "resize set width 60 ppt height 60 ppt, sticky enable"; + criteria = { + app_id = "SchildiChat"; + }; + } + ]; + }; + gaps = { + inner = 5; + }; + }; + extraSessionCommands = '' + export SDL_VIDEODRIVER=wayland + export QT_QPA_PLATFORM=wayland + export QT_WAYLAND_DISABLE_WINDOWDECORATION="1" + export _JAVA_AWT_WM_NONREPARENTING=1 + export XDG_CURRENT_DESKTOP=sway + export XDG_SESSION_DESKTOP=sway + export QTWEBENGINE_CHROMIUM_FLAGS="--no-sandbox"; + export ANKI_WAYLAND=1; + export OBSIDIAN_USE_WAYLAND=1; + ''; + # extraConfigEarly = " + # exec systemctl --user import-environment DISPLAY WAYLAND_DISPLAY SWAYSOCK + # exec hash dbus-update-activation-environment 2>/dev/null && dbus-update-activation-environment --systemd DISPLAY WAYLAND_DISPLAY SWAYSOCK + # "; + extraConfig = let inherit (config.wayland.windowManager.sway.config) modifier; - in - { - "${modifier}+q" = "kill"; - "${modifier}+f" = "exec firefox"; - "${modifier}+Space" = "exec fuzzel"; - "${modifier}+Shift+Space" = "floating toggle"; - "${modifier}+e" = "exec emacsclient -nquc -a emacs -e \"(dashboard-open)\""; - "${modifier}+Shift+m" = "exec emacsclient -nquc -a emacs -e \"(mu4e)\""; - "${modifier}+Shift+c" = "exec emacsclient -nquc -a emacs -e \"(swarsel/open-calendar)\""; - "${modifier}+Shift+s" = "exec \"bash ~/.dotfiles/scripts/checkspotify.sh\""; - "${modifier}+m" = "exec \"bash ~/.dotfiles/scripts/checkspotifytui.sh\""; - "${modifier}+x" = "exec \"bash ~/.dotfiles/scripts/checkkitty.sh\""; - "${modifier}+d" = "exec \"bash ~/.dotfiles/scripts/checkdiscord.sh\""; - "${modifier}+Shift+r" = "exec \"bash ~/.dotfiles/scripts/restart.sh\""; - "${modifier}+Shift+t" = "exec \"bash ~/.dotfiles/scripts/toggle_opacity.sh\""; - "${modifier}+Shift+F12" = "move scratchpad"; - "${modifier}+F12" = "scratchpad show"; - "${modifier}+c" = "exec qalculate-gtk"; - "${modifier}+p" = "exec pass-fuzzel"; - "${modifier}+o" = "exec pass-fuzzel-otp"; - "${modifier}+Shift+p" = "exec pass-fuzzel --type"; - "${modifier}+Shift+o" = "exec pass-fuzzel-otp --type"; - "${modifier}+Escape" = "mode $exit"; - # "${modifier}+Shift+Escape" = "exec com.github.stsdc.monitor"; - "${modifier}+Shift+Escape" = "exec kitty -o confirm_os_window_close=0 btm"; - "${modifier}+s" = "exec grim -g \"$(slurp)\" -t png - | wl-copy -t image/png"; - "${modifier}+i" = "exec \"bash ~/.dotfiles/scripts/startup.sh\""; - "${modifier}+1" = "workspace 1:一"; - "${modifier}+Shift+1" = "move container to workspace 1:一"; - "${modifier}+2" = "workspace 2:二"; - "${modifier}+Shift+2" = "move container to workspace 2:二"; - "${modifier}+3" = "workspace 3:三"; - "${modifier}+Shift+3" = "move container to workspace 3:三"; - "${modifier}+4" = "workspace 4:四"; - "${modifier}+Shift+4" = "move container to workspace 4:四"; - "${modifier}+5" = "workspace 5:五"; - "${modifier}+Shift+5" = "move container to workspace 5:五"; - "${modifier}+6" = "workspace 6:六"; - "${modifier}+Shift+6" = "move container to workspace 6:六"; - "${modifier}+7" = "workspace 7:七"; - "${modifier}+Shift+7" = "move container to workspace 7:七"; - "${modifier}+8" = "workspace 8:八"; - "${modifier}+Shift+8" = "move container to workspace 8:八"; - "${modifier}+9" = "workspace 9:九"; - "${modifier}+Shift+9" = "move container to workspace 9:九"; - "${modifier}+0" = "workspace 10:十"; - "${modifier}+Shift+0" = "move container to workspace 10:十"; - "XF86AudioRaiseVolume" = "exec pactl set-sink-volume @DEFAULT_SINK@ +5%"; - "XF86AudioLowerVolume" = "exec pactl set-sink-volume @DEFAULT_SINK@ -5%"; - "${modifier}+Left" = "focus left"; - "${modifier}+Right" = "focus right"; - "${modifier}+Down" = "focus down"; - "${modifier}+Up" = "focus up"; - "${modifier}+Shift+Left" = "move left 40px"; - "${modifier}+Shift+Right" = "move right 40px"; - "${modifier}+Shift+Down" = "move down 40px"; - "${modifier}+Shift+Up" = "move up 40px"; - "${modifier}+h" = "focus left"; - "${modifier}+l" = "focus right"; - "${modifier}+j" = "focus down"; - "${modifier}+k" = "focus up"; - "${modifier}+Shift+h" = "move left 40px"; - "${modifier}+Shift+l" = "move right 40px"; - "${modifier}+Shift+j" = "move down 40px"; - "${modifier}+Shift+k" = "move up 40px"; - "${modifier}+Ctrl+Shift+c" = "reload"; - "${modifier}+Shift+e" = "exec swaynag -t warning -m 'You pressed the exit shortcut. Do you really want to exit sway? This will end your Wayland session.' -b 'Yes, exit sway' 'swaymsg exit'"; - "${modifier}+r" = "mode resize"; - "${modifier}+Return" = "exec kitty"; - }; - modes = { - resize = { - Down = "resize grow height 10 px or 10 ppt"; - Escape = "mode default"; - Left = "resize shrink width 10 px or 10 ppt"; - Return = "mode default"; - Right = "resize grow width 10 px or 10 ppt"; - Up = "resize shrink height 10 px or 10 ppt"; - }; - }; - defaultWorkspace = "workspace 1:一"; - startup = [ - { command = "kitty -T kittyterm"; } - { command = "sleep 60; kitty -T spotifytui -o confirm_os_window_close=0 spotify_player"; } - ]; - window = { - border = 1; - titlebar = false; - }; - assigns = { - "1:一" = [{ app_id = "firefox"; }]; - }; - floating = { - border = 1; - criteria = [ - { title = "^Picture-in-Picture$"; } - { app_id = "qalculate-gtk"; } - { app_id = "org.gnome.clocks"; } - { app_id = "com.github.stsdc.monitor"; } - { app_id = "blueman"; } - { app_id = "pavucontrol"; } - { app_id = "syncthingtray"; } - { title = "Syncthing Tray"; } - { app_id = "SchildiChat"; } - { app_id = "Element"; } - { app_id = "com.nextcloud.desktopclient.nextcloud"; } - { app_id = "gnome-system-monitor"; } - { title = "(?:Open|Save) (?:File|Folder|As)"; } - { title = "^Add$"; } - { title = "com-jgoodies-jdiskreport-JDiskReport"; } - { app_id = "discord"; } - { window_role = "pop-up"; } - { window_role = "bubble"; } - { window_role = "dialog"; } - { window_role = "task_dialog"; } - { window_role = "menu"; } - { window_role = "Preferences"; } - ]; - titlebar = false; - }; - window = { - commands = [ - { - command = "opacity 0.95"; - criteria = { - class = ".*"; - }; - } - { - command = "opacity 1"; - criteria = { - app_id = "Gimp-2.10"; - }; - } - { - command = "opacity 0.99"; - criteria = { - app_id = "firefox"; - }; - } - { - command = "sticky enable, shadows enable"; - criteria = { - title = "^Picture-in-Picture$"; - }; - } - { - command = "opacity 0.8, sticky enable, border normal, move container to scratchpad"; - criteria = { - title = "^kittyterm$"; - }; - } - { - command = "opacity 0.95, sticky enable, border normal, move container to scratchpad"; - criteria = { - title = "^spotifytui$"; - }; - } - # { - # command = "resize set width 60 ppt height 60 ppt, sticky enable, move container to scratchpad"; - # criteria = { - # app_id="^$"; - # class="^$"; - # }; - # } - { - - command = "resize set width 60 ppt height 60 ppt, sticky enable, move container to scratchpad"; - criteria = { - class = "Spotify"; - }; - } - { - command = "sticky enable"; - criteria = { - app_id = "discord"; - }; - } - { - command = "resize set width 60 ppt height 60 ppt, sticky enable"; - criteria = { - class = "Element"; - }; - } - { - command = "resize set width 60 ppt height 60 ppt, sticky enable"; - criteria = { - app_id = "SchildiChat"; - }; - } - ]; - }; - gaps = { - inner = 5; - }; - }; - extraSessionCommands = '' - export SDL_VIDEODRIVER=wayland - export QT_QPA_PLATFORM=wayland - export QT_WAYLAND_DISABLE_WINDOWDECORATION="1" - export _JAVA_AWT_WM_NONREPARENTING=1 - export XDG_CURRENT_DESKTOP=sway - export XDG_SESSION_DESKTOP=sway - export QTWEBENGINE_CHROMIUM_FLAGS="--no-sandbox"; - export ANKI_WAYLAND=1; - export OBSIDIAN_USE_WAYLAND=1; - ''; - # extraConfigEarly = " - # exec systemctl --user import-environment DISPLAY WAYLAND_DISPLAY SWAYSOCK - # exec hash dbus-update-activation-environment 2>/dev/null && dbus-update-activation-environment --systemd DISPLAY WAYLAND_DISPLAY SWAYSOCK - # "; - extraConfig = - let - inherit (config.wayland.windowManager.sway.config) modifier; - swayfxSettings = " - blur enable - blur_xray disable - blur_passes 1 - blur_radius 1 - shadows enable - corner_radius 2 - titlebar_separator disable - default_dim_inactive 0.02 - "; - in - " - exec_always autotiling - set $exit \"exit: [s]leep, [p]oweroff, [r]eboot, [l]ogout\" - mode $exit { - - bindsym --to-code { - s exec \"systemctl suspend\", mode \"default\" - p exec \"systemctl poweroff\" - r exec \"systemctl reboot\" - l exec \"swaymsg exit\" - - Return mode \"default\" - Escape mode \"default\" - ${modifier}+x mode \"default\" - } - } - - exec systemctl --user import-environment - - ${swayfxSettings} - + swayfxSettings = " + blur enable + blur_xray disable + blur_passes 1 + blur_radius 1 + shadows enable + corner_radius 2 + titlebar_separator disable + default_dim_inactive 0.02 "; - }; + in + " + exec_always autotiling + set $exit \"exit: [s]leep, [p]oweroff, [r]eboot, [l]ogout\" + mode $exit { + bindsym --to-code { + s exec \"systemctl suspend\", mode \"default\" + p exec \"systemctl poweroff\" + r exec \"systemctl reboot\" + l exec \"swaymsg exit\" + + Return mode \"default\" + Escape mode \"default\" + ${modifier}+x mode \"default\" + } + } + + exec systemctl --user import-environment + + ${swayfxSettings} + + "; + }; + } #+end_src -** flake.nix template and Closing Parenthesis (this needs to be the last heading in the Systems header) +** flake.nix template :PROPERTIES: :CUSTOM_ID: h:aee5ec75-7ca6-40d8-b6ac-a3e7e33a474b :END: This sections puts together the =flake.nix= file from the [[#h:d39b8dfb-536d-414f-9fc0-7d67df48cee4][Noweb-Ref blocks]] section. -Here we also close the opening parenthesis of modules/common.nix (home-manager) and profiles/common.nix (NixOS): - -*** Closing parentheses for common/home.nix and common/nixos.nix -:PROPERTIES: -:CUSTOM_ID: h:24e2a65b-b0cc-42cb-8e61-5a4cc39d6b2f -:END: - -#+begin_src nix :tangle profiles/common/home.nix - - } - -#+end_src - -#+begin_src nix :tangle profiles/common/nixos.nix - - } - -#+end_src - *** flake.nix :PROPERTIES: :CUSTOM_ID: h:4f89db68-a21c-415d-87a5-21c66f2b6ded @@ -7275,6 +7343,8 @@ This tangles the flake.nix file; This block only needs to be touched when updati outputs = inputs@{ self , nixpkgs + , home-manager + , systems , ... }: let diff --git a/flake.lock b/flake.lock index b2d96e1..4bf69d0 100644 --- a/flake.lock +++ b/flake.lock @@ -135,6 +135,26 @@ "type": "github" } }, + "disko": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1721417620, + "narHash": "sha256-6q9b1h8fI3hXg2DG6/vrKWCeG8c5Wj2Kvv22RCgedzg=", + "owner": "nix-community", + "repo": "disko", + "rev": "bec6e3cde912b8acb915fecdc509eda7c973fb42", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "disko", + "type": "github" + } + }, "emacs-overlay": { "inputs": { "flake-utils": "flake-utils", @@ -965,6 +985,7 @@ }, "root": { "inputs": { + "disko": "disko", "emacs-overlay": "emacs-overlay", "home-manager": "home-manager", "lanzaboote": "lanzaboote", @@ -979,7 +1000,8 @@ "nswitch-rcm-nix": "nswitch-rcm-nix", "nur": "nur", "sops-nix": "sops-nix", - "stylix": "stylix" + "stylix": "stylix", + "systems": "systems_4" } }, "rust-overlay": { @@ -1099,6 +1121,21 @@ "type": "github" } }, + "systems_4": { + "locked": { + "lastModified": 1689347949, + "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=", + "owner": "nix-systems", + "repo": "default-linux", + "rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default-linux", + "type": "github" + } + }, "utils": { "locked": { "lastModified": 1659877975, diff --git a/flake.nix b/flake.nix index 365257f..5bc3af1 100644 --- a/flake.nix +++ b/flake.nix @@ -7,6 +7,8 @@ nixpkgs-stable.url = "github:NixOS/nixpkgs/nixos-24.05"; + systems.url = "github:nix-systems/default-linux"; + # user-level configuration home-manager = { url = "github:nix-community/home-manager"; @@ -69,32 +71,41 @@ inputs.nixpkgs.follows = "nixpkgs"; }; + disko = { + url = "github:nix-community/disko"; + inputs.nixpkgs.follows = "nixpkgs"; + }; }; outputs = inputs@{ self , nixpkgs + , home-manager + , systems , ... }: let + inherit (self) outputs; + lib = nixpkgs.lib // home-manager.lib; - forAllSystems = nixpkgs.lib.genAttrs [ - "aarch64-linux" - "i686-linux" - "x86_64-linux" - "aarch64-darwin" - "x86_64-darwin" - ]; + forEachSystem = f: lib.genAttrs (import systems) (system: f pkgsFor.${system}); + pkgsFor = lib.genAttrs (import systems) ( + system: + import nixpkgs { + inherit system; + config.allowUnfree = true; + } + ); # pkgs for home-manager builds homepkgs = import nixpkgs { system = "x86_64-linux"; overlays = [ - emacs-overlay.overlay - nur.overlay - nixgl.overlay + inputs.emacs-overlay.overlay + inputs.nur.overlay + inputs.nixgl.overlay (final: _prev: { - stable = import nixpkgs-stable { + stable = import inputs.nixpkgs-stable { inherit (final) system config; }; }) @@ -105,23 +116,10 @@ # NixOS modules that can only be used on NixOS systems nixModules = [ (_: { nix.extraOptions = "experimental-features = nix-command flakes"; }) - ({ inputs, config, ... }: { - nixpkgs = { - overlays = [ - (import ./overlays { inherit inputs; }).additions - (import ./overlays { inherit inputs; }).modifications - (import ./overlays { inherit inputs; }).nixpkgs-stable - inputs.nur.overlay - inputs.emacs-overlay.overlay - inputs.nixgl.overlay - ]; - config.allowUnfree = true; - }; - }) inputs.stylix.nixosModules.stylix inputs.sops-nix.nixosModules.sops inputs.nswitch-rcm-nix.nixosModules.nswitch-rcm - ./profiles/common/nixos.nix + ./profiles/common/nixos ]; # Home-Manager modules wanted on non-NixOS systems @@ -133,18 +131,17 @@ mixedModules = [ inputs.sops-nix.homeManagerModules.sops inputs.nix-index-database.hmModules.nix-index - ./profiles/common/home.nix + ./profiles/common/home ]; in { - packages = forAllSystems (system: - let pkgs = nixpkgs.legacyPackages.${system}; in import ./pkgs { inherit pkgs; }); - devShells = forAllSystems - (system: - let pkgs = nixpkgs.legacyPackages.${system}; - in + inherit lib; + inherit mixedModules; + packages = forEachSystem (pkgs: import ./pkgs { inherit pkgs; }); + devShells = forEachSystem + (pkgs: { default = pkgs.mkShell { # Enable experimental features without having to specify the argument @@ -152,10 +149,16 @@ nativeBuildInputs = [ pkgs.nix pkgs.home-manager pkgs.git ]; }; }); - formatter = forAllSystems (system: - let pkgs = nixpkgs.legacyPackages.${system}; - in pkgs.nixpkgs-fmt); - overlays = import ./overlays { inherit inputs; }; + formatter = forEachSystem (pkgs: pkgs.nixpkgs-fmt); + overlays = [ + (import ./overlays { inherit inputs; }).additions + (import ./overlays { inherit inputs; }).modifications + (import ./overlays { inherit inputs; }).nixpkgs-stable + inputs.nur.overlay + inputs.emacs-overlay.overlay + inputs.nixgl.overlay + ]; + # NixOS setups - run home-manager as a NixOS module for better compatibility @@ -171,6 +174,8 @@ sandbox = nixpkgs.lib.nixosSystem { specialArgs = { inherit inputs; }; modules = [ + inputs.disko.nixosModules.disko + ./profiles/sandbox/disk-config.nix inputs.sops-nix.nixosModules.sops ./profiles/sandbox/nixos.nix ]; @@ -190,17 +195,10 @@ ]; }; - fourside = nixpkgs.lib.nixosSystem { - specialArgs = { inherit inputs; }; + fourside = lib.nixosSystem { + specialArgs = { inherit inputs outputs; }; modules = nixModules ++ [ - inputs.nixos-hardware.nixosModules.lenovo-thinkpad-p14s-amd-gen2 - ./profiles/fourside/nixos.nix - inputs.home-manager.nixosModules.home-manager - { - home-manager.users.swarsel.imports = mixedModules ++ [ - ./profiles/fourside/home.nix - ]; - } + ./profiles/fourside ]; }; diff --git a/index.html b/index.html index de41e97..de9c7cf 100644 --- a/index.html +++ b/index.html @@ -3,7 +3,7 @@ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> - + SwarselSystems: NixOS + Emacs Configuration @@ -223,7 +223,7 @@ -
  • 3.2. Manual Overlays and packages +
  • 3.2. Manual Overlays and packages
  • 3.3. Common NixOS @@ -260,35 +260,35 @@
  • 3.4. Common Home-Manager
    • -
  • 3.5. flake.nix template and Closing Parenthesis (this needs to be the last heading in the Systems header) +
  • 3.5. flake.nix template
    • @@ -336,7 +336,7 @@
    • 4.4.1. Org Mode
    • 4.4.2. Nix Mode
      • -
    • 4.4.3. nixpkgs-fmt
      • +
    • 4.4.3. nixpkgs-fmt
    • 4.4.4. Markdown Mode
    • 4.4.5. Olivetti
    • 4.4.6. darkroom
      • @@ -396,7 +396,7 @@

      -This file has 41828 words spanning 11181 lines and was last revised on 2024-07-21 18:21:46 +0200. +This file has 41818 words spanning 11251 lines and was last revised on 2024-07-23 11:27:32 +0200.

      @@ -446,7 +446,7 @@ This section defines my Emacs configuration. For a while, I considered to use ry

      -My emacs is built using the emacs-overlay nix flake, which builds a bleeding edge emacs on wayland (pgtk) with utilities like treesitter support. By executing the below source block, the current build setting can be updated at any time, and you can see my most up-to-date build options (last updated: 2024-07-21 18:21:46 +0200) +My emacs is built using the emacs-overlay nix flake, which builds a bleeding edge emacs on wayland (pgtk) with utilities like treesitter support. By executing the below source block, the current build setting can be updated at any time, and you can see my most up-to-date build options (last updated: 2024-07-23 11:27:32 +0200)

    @@ -772,9 +772,9 @@ This sections is for common NixoS settings that I use for my NixoS LXC images th 
     
 services = {
-  xserver = {
+  xserver.xkb = {
     layout = "us";
-    xkbVariant = "altgr-intl";
+    variant = "altgr-intl";
   };
   openssh = {
     enable = true;
@@ -825,9 +825,9 @@ imports = [
 
 
 services = {
-  xserver = {
+  xserver.xkb = {
     layout = "us";
-    xkbVariant = "altgr-intl";
+    variant = "altgr-intl";
   };
   openssh = {
     enable = true;
@@ -925,6 +925,8 @@ Provides me with images that I can use to create LXCs on Proxmox.
 Allows auto injection of payloads upon connecting a Nintendo Switch.
 
  • nix-index-database
 This provides a database for nix-index that is updated weekly. This allows for declarative management, without needing to run the nix-index command for database assembly.
    • 
+
  • disko
+disko provides declarative disk partitioning, which I use for impermanence as well as nixos-anywhere.
    • 
 
 
 
@@ -934,6 +936,8 @@ nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
 
 nixpkgs-stable.url = "github:NixOS/nixpkgs/nixos-24.05";
 
+systems.url = "github:nix-systems/default-linux";
+
 # user-level configuration
 home-manager = {
   url = "github:nix-community/home-manager";
@@ -996,6 +1000,10 @@ nix-index-database = {
   inputs.nixpkgs.follows = "nixpkgs";
 };
 
+disko = {
+   url =  "github:nix-community/disko";
+   inputs.nixpkgs.follows = "nixpkgs";
+};
    @@ -1012,49 +1020,39 @@ Lastly I define some common module lists that I can simply load depending on the

    -
    -forAllSystems = nixpkgs.lib.genAttrs [
-      "aarch64-linux"
-      "i686-linux"
-      "x86_64-linux"
-      "aarch64-darwin"
-      "x86_64-darwin"
-    ];
+
    inherit (self) outputs;
+lib = nixpkgs.lib // home-manager.lib;
+
+forEachSystem = f: lib.genAttrs (import systems) (system: f pkgsFor.${system});
+pkgsFor = lib.genAttrs (import systems) (
+  system:
+  import nixpkgs {
+    inherit system;
+    config.allowUnfree = true;
+  }
+);
 
 # pkgs for home-manager builds
 homepkgs = import nixpkgs { system = "x86_64-linux";
-                          overlays = [ emacs-overlay.overlay
-                                       nur.overlay
-                                       nixgl.overlay
-                                       (final: _prev: {
-                                         stable = import nixpkgs-stable {
-                                           inherit (final) system config;
-                                         };
-                                       })
-                                     ];
-                          config.allowUnfree = true;
-                        };
+                            overlays = [ inputs.emacs-overlay.overlay
+                                         inputs.nur.overlay
+                                         inputs.nixgl.overlay
+                                         (final: _prev: {
+                                           stable = import inputs.nixpkgs-stable {
+                                             inherit (final) system config;
+                                           };
+                                         })
+                                       ];
+                            config.allowUnfree = true;
+                          };
 
 # NixOS modules that can only be used on NixOS systems
 nixModules = [
   (_: { nix.extraOptions = "experimental-features = nix-command flakes"; })
-  ({ inputs, config, ... }: {
-    nixpkgs = {
-      overlays = [
-        (import ./overlays { inherit inputs; }).additions
-        (import ./overlays { inherit inputs; }).modifications
-        (import ./overlays { inherit inputs; }).nixpkgs-stable
-        inputs.nur.overlay
-        inputs.emacs-overlay.overlay
-        inputs.nixgl.overlay
-      ];
-      config.allowUnfree = true;
-    };
-  })
   inputs.stylix.nixosModules.stylix
   inputs.sops-nix.nixosModules.sops
   inputs.nswitch-rcm-nix.nixosModules.nswitch-rcm
-  ./profiles/common/nixos.nix
+  ./profiles/common/nixos
 ];
 
 # Home-Manager modules wanted on non-NixOS systems
@@ -1066,24 +1064,23 @@ homeModules = [
 mixedModules = [
   inputs.sops-nix.homeManagerModules.sops
   inputs.nix-index-database.hmModules.nix-index
-  ./profiles/common/home.nix
+  ./profiles/common/home
 ];
    -
    -

    2.3.3. General (outputs)

    +
    +

    2.3.3. General (outputs)

    -packages = forAllSystems (system:
-  let pkgs = nixpkgs.legacyPackages.${system}; in import ./pkgs { inherit pkgs; });
-devShells = forAllSystems
-  (system:
-    let pkgs = nixpkgs.legacyPackages.${system};
-    in
+inherit lib;
+inherit mixedModules;
+packages = forEachSystem (pkgs: import ./pkgs { inherit pkgs; });
+devShells = forEachSystem
+  (pkgs:
     {
       default = pkgs.mkShell {
         # Enable experimental features without having to specify the argument
@@ -1091,10 +1088,16 @@ devShells = forAllSystems
         nativeBuildInputs = [ pkgs.nix pkgs.home-manager pkgs.git ];
       };
     });
-formatter = forAllSystems (system:
-  let pkgs = nixpkgs.legacyPackages.${system};
-  in pkgs.nixpkgs-fmt);
-overlays = import ./overlays { inherit inputs; };
+formatter = forEachSystem (pkgs: pkgs.nixpkgs-fmt);
+overlays = [
+  (import ./overlays { inherit inputs; }).additions
+  (import ./overlays { inherit inputs; }).modifications
+  (import ./overlays { inherit inputs; }).nixpkgs-stable
+  inputs.nur.overlay
+  inputs.emacs-overlay.overlay
+  inputs.nixgl.overlay
+];
+
    @@ -1114,6 +1117,8 @@ This section is the biggest pain point of the configuration. For every system, I sandbox = nixpkgs.lib.nixosSystem { specialArgs = { inherit inputs; }; modules = [ + inputs.disko.nixosModules.disko + ./profiles/sandbox/disk-config.nix inputs.sops-nix.nixosModules.sops ./profiles/sandbox/nixos.nix ]; @@ -1133,17 +1138,10 @@ threed = nixpkgs.lib.nixosSystem { ]; }; -fourside = nixpkgs.lib.nixosSystem { - specialArgs = { inherit inputs; }; - modules = nixModules ++ [ - inputs.nixos-hardware.nixosModules.lenovo-thinkpad-p14s-amd-gen2 - ./profiles/fourside/nixos.nix - inputs.home-manager.nixosModules.home-manager - { - home-manager.users.swarsel.imports = mixedModules ++ [ - ./profiles/fourside/home.nix - ]; - } +fourside = lib.nixosSystem { + specialArgs = { inherit inputs outputs; }; + modules = nixModules ++ [ + ./profiles/fourside ]; }; @@ -1444,9 +1442,9 @@ No matter what you do, check the initial /etc/nixos/configuration.nix for notabl # Configure keymap in X11 (only used for login) - services.xserver = { + services.xserver.xkb = { layout = "us"; - xkbVariant = "altgr-intl"; + variant = "altgr-intl"; }; users.users.TEMPLATE = { @@ -1647,18 +1645,21 @@ in ./hardware-configuration.nix ]; - boot.loader.grub = { - enable = true; - device = "/dev/sda"; - useOSProber = true; - supportedFilesystems = [ "zfs" ]; + boot = { zfs.forceImportRoot = false; + supportedFilesystems = [ "zfs" ]; kernelModules = [ "tun" ]; kernel.sysctl = { - "net.ipv4.conf.all.rp_filter" = 2; + "net.ipv4.conf.all.rp_filter" = 2; "net.ipv4.conf.default.rp_filter" = 2; "net.ipv4.conf.enp7s0.rp_filter" = 2; }; + + loader.grub = { + enable = true; + device = "/dev/sda"; + useOSProber = true; + }; }; networking = { @@ -1677,19 +1678,19 @@ in }; }; - hardware.graphics = { - enable = true; - hardware.enableAllFirmware = true; - extraPackages = with pkgs; [ - intel-media-driver # LIBVA_DRIVER_NAME=iHD - vaapiIntel # LIBVA_DRIVER_NAME=i965 (older but works better for Firefox/Chromium) - vaapiVdpau - libvdpau-va-gl - ]; - }; + nixpkgs.config.allowUnfree = true; - sound = { - enable = true; + hardware = { + enableAllFirmware = true; + graphics = { + enable = true; + extraPackages = with pkgs; [ + intel-media-driver # LIBVA_DRIVER_NAME=iHD + vaapiIntel # LIBVA_DRIVER_NAME=i965 (older but works better for Firefox/Chromium) + vaapiVdpau + libvdpau-va-gl + ]; + }; }; users = { @@ -1905,9 +1906,9 @@ in }; services = { - xserver = { + xserver.xkb = { layout = "us"; - xkbVariant = "altgr-intl"; + variant = "altgr-intl"; }; openssh = { @@ -2029,7 +2030,7 @@ in kavita = { enable = true; user = "kavita"; - port = 8080; + settings.port = 8080; tokenKeyFile = config.sops.secrets.kavita.path; }; @@ -2443,7 +2444,7 @@ in publish.enable = true; publish.userServices = true; # ^^ Needed to allow samba to automatically register mDNS records without the need for an `extraServiceFile` - nssmdns = true; + nssmdns4 = true; # ^^ Not one hundred percent sure if this is needed- if it aint broke, don't fix it enable = true; }; @@ -2461,7 +2462,7 @@ in -
  • Home-manager only
    +
  • Home-manager only
    1. Home manager
      @@ -2471,7 +2472,7 @@ Special things to note here: We are running xcape to allow CAPS to 
      -{ config, pkgs, lib, fetchFromGitHub, ... }:
+{ config, pkgs, ... }:
 
 {
   programs.home-manager.enable = true;
@@ -2872,6 +2873,36 @@ New setup for the SP3, this time using NixOS - another machine will take over th
 
      
 My new main machine.
 
      
+
+
      
+
      +{ inputs, outputs, ... }:
+{
+
+  imports = [
+    inputs.nixos-hardware.nixosModules.lenovo-thinkpad-p14s-amd-gen2
+    ./hardware-configuration.nix
+    ./nixos.nix
+    inputs.home-manager.nixosModules.home-manager
+    {
+      home-manager.users.swarsel.imports = outputs.mixedModules ++ [
+        ./home.nix
+      ];
+    }
+  ];
+
+  nixpkgs = {
+    overlays = outputs.overlays;
+    config = {
+      allowUnfree = true;
+    };
+  };
+
+}
+
+
+
      
+
      1. NixOS
        @@ -2885,17 +2916,6 @@ Mostly just sets some opened ports for several games, enables virtualbox (which { - # - # imports = - # [ - # ./hardware-configuration.nix - # ]; - # - imports = - [ - ./hardware-configuration.nix - ]; - services = { getty.autologinUser = "swarsel"; greetd.settings.initial_session.user = "swarsel"; @@ -3030,13 +3050,6 @@ Mostly just sets some opened ports for several games, enables virtualbox (which }; }; - users.users.swarsel = { - isNormalUser = true; - description = "Leon S"; - hashedPasswordFile = config.sops.secrets.swarseluser.path; - extraGroups = [ "networkmanager" "wheel" "lp" "audio" "video" "vboxusers" "scanner" ]; - packages = with pkgs; [ ]; - }; environment.systemPackages = with pkgs; [ # gog games installing @@ -3147,7 +3160,7 @@ This is basically just adjusted to the core count, path to the hwmon
    • -
    -

    3.2. Manual Overlays and packages

    +
    +

    3.2. Manual Overlays and packages

    In this section I define packages that I manually want to nixpkgs. This can be useful for packages that are currently awaiting a PR or public packages that I do not want to maintain. @@ -5615,19 +5628,19 @@ These are for packages that are on nixpkgs, but do not fit my usecase, meaning I This is simply a mirror of the most recent stable branch of nixpkgs. Useful for packages that are broken on nixpkgs, but do not need to be on bleeding edge anyways.

    -
    -

    3.2.1. pkgs

    +
    +

    3.2.1. pkgs

    -_ : { }
+_ : rec { }
    -
    -

    3.2.2. Overlays

    +
    +

    3.2.2. Overlays

    @@ -5673,7 +5686,7 @@ These are system-level settings specific to NixOS machines. All settings that ar
 
    
 
    
 
      
-
    1. Enable home-manager module
      
+
    2. Imports, enable home-manager module
      
 
      
 
      
 First, we enable the use of home-manager as a NixoS module
@@ -5681,13 +5694,39 @@ First, we enable the use of home-manager as a NixoS module
 
 
      
 
      -{ config, lib, pkgs, ... }:
-
+{ ... }:
 {
+  imports = [
+    ./xserver.nix
+    ./users.nix
+    ./env.nix
+    ./stylix.nix
+    ./polkit.nix
+    ./gc.nix
+    ./store.nix
+    ./systemd.nix
+    ./network.nix
+    ./time.nix
+    ./hardware.nix
+    ./sops.nix
+    ./packages.nix
+    ./programs.nix
+    ./zsh.nix
+    ./syncthing.nix
+    ./blueman.nix
+    ./networkdevices.nix
+    ./gvfs.nix
+    ./interceptiontools.nix
+    ./hardwarecompatibility.nix
+    ./login.nix
+  ];
+
+
   home-manager = {
     useGlobalPkgs = true;
     useUserPackages = true;
   };
+}
 
 
      
 
      
@@ -5700,28 +5739,15 @@ Next, we setup the keymap in case we are not in a graphical session. At this poi
 
      
 
 
      
-
      -services.xserver = {
-  xkb = {
-    layout = "us";
-    variant = "altgr-intl";
+
      { ... }:
+{
+  services.xserver = {
+    xkb = {
+      layout = "us";
+      variant = "altgr-intl";
+    };
   };
-};
-
-
      
-
      
-
      
-
      3. 
-
    3. Enable flakes and nix-command
      
-
      
-
      
-Next, we need to make sure that flakes stay enabled when we rebuild the configuration. At the same time we enable the experimental nix-command, which enables commands such as the more powerful nix shell as opposed to nix-shell.
-
      
-
-
      
-
      -# nix.settings.experimental-features = ["nix-command" "flakes"];
-
+}
 
      
 
      
 
      
@@ -5733,9 +5759,19 @@ This ensures that all user-configuration happens here in the config file.
 
      
 
 
      
-
      -users.mutableUsers = false;
-
+
      { pkgs, config, ... }:
+{
+  users = {
+    mutableUsers = false;
+    users.swarsel = {
+      isNormalUser = true;
+      description = "Leon S";
+      hashedPasswordFile = config.sops.secrets.swarseluser.path;
+      extraGroups = [ "networkmanager" "wheel" "lp" "audio" "video" "vboxusers" "scanner" ];
+      packages = with pkgs; [ ];
+    };
+  };
+}
    @@ -5747,35 +5783,22 @@ Next, we will setup some environment variables that need to be set on the system

    -
    -environment = {
-  wordlist.enable = true;
-  sessionVariables = {
-    NIXOS_OZONE_WL = "1";
-    GST_PLUGIN_SYSTEM_PATH_1_0 = lib.makeSearchPathOutput "lib" "lib/gstreamer-1.0" (with pkgs.gst_all_1; [
-      gst-plugins-good
-      gst-plugins-bad
-      gst-plugins-ugly
-      gst-libav
-    ]);
+
    { lib, pkgs, ... }:
+{
+  environment = {
+    wordlist.enable = true;
+    sessionVariables = {
+      NIXOS_OZONE_WL = "1";
+      GST_PLUGIN_SYSTEM_PATH_1_0 = lib.makeSearchPathOutput "lib" "lib/gstreamer-1.0" (with pkgs.gst_all_1; [
+        gst-plugins-good
+        gst-plugins-bad
+        gst-plugins-ugly
+        gst-libav
+      ]);
+    };
   };
-};
-# gstreamer plugins for nautilus (used for file metadata)
-
-
    
-
    -
    - -
  • Make sure time is consistent in windows dualboot
    -
    -

    -Windows/Linux dualboot has the quirk of ruining the system clock. Fix it on this side. -

    - -
    -
    -time.hardwareClockInLocalTime = true;
-
+  # gstreamer plugins for nautilus (used for file metadata)
+}
    @@ -5787,10 +5810,11 @@ By default, stylix wants to style

    -
    -# dont style GRUB with stylix
-stylix.targets.grub.enable = false; # the styling makes grub more ugly
-
+
    { ... }:
+{
+  # dont style GRUB with stylix
+  stylix.targets.grub.enable = false; # the styling makes grub more ugly
+}
    • @@ -5802,9 +5826,10 @@ Needed for control over system-wide privileges etc.

    -
    -security.polkit.enable = true;
-
+
    { ... }:
+{
+  security.polkit.enable = true;
+}
    @@ -5816,14 +5841,15 @@ The nix store fills up over time, until /boot/efi is filled. This s

    -
    -nix.gc = {
-  automatic = true;
-  randomizedDelaySec = "14m";
-  dates = "weekly";
-  options = "--delete-older-than 10d";
-};
-
+
    { ... }:
+{
+  nix.gc = {
+    automatic = true;
+    randomizedDelaySec = "14m";
+    dates = "weekly";
+    options = "--delete-older-than 10d";
+  };
+}
    @@ -5835,11 +5861,13 @@ This enables hardlinking identical files in the nix store, to save on disk space

    -
    -nix.optimise = {
-  automatic = true;
-  dates = [ "weekly" ];
-};
+
    { ... }:
+{
+  nix.optimise = {
+    automatic = true;
+    dates = [ "weekly" ];
+  };
+}
    @@ -5852,14 +5880,14 @@ There is a persistent bug over Linux kernels that makes the user wait 1m30s on s

    -
    -
-# systemd
-systemd.extraConfig = ''
-  DefaultTimeoutStartSec=60s
-  DefaultTimeoutStopSec=15s
-'';
-
+
    { ... }:
+{
+  # systemd
+  systemd.extraConfig = ''
+      DefaultTimeoutStartSec=60s
+      DefaultTimeoutStopSec=15s
+    '';
+}
    @@ -5871,30 +5899,32 @@ Enable OpenGL, Sound, Bluetooth and various drivers.

    -
    -hardware = {
-  graphics = {
-    enable = true;
-    enable32Bit = true;
-  };
+
    { pkgs, ...}:
+{
 
-  pulseaudio= {
-    enable = true;
-    package = pkgs.pulseaudioFull;
-  };
+  hardware = {
+    graphics = {
+      enable = true;
+      enable32Bit = true;
+    };
 
-  enableAllFirmware = true;
+    pulseaudio= {
+      enable = true;
+      package = pkgs.pulseaudioFull;
+    };
 
-  bluetooth = {
-    powerOnBoot = true;
-    settings = {
-      General = {
-        Enable = "Source,Sink,Media,Socket";
+    enableAllFirmware = true;
+
+    bluetooth = {
+      powerOnBoot = true;
+      settings = {
+        General = {
+          Enable = "Source,Sink,Media,Socket";
+        };
       };
     };
   };
-};
-
+}
    @@ -5906,241 +5936,246 @@ Here I only enable networkmanager. Most of the 'real' network confi

    -
    -networking.networkmanager = {
-  enable = true;
-  ensureProfiles = {
-    environmentFiles = [
-      "${config.sops.templates."network-manager.env".path}"
-    ];
-    profiles = {
-      "Ernest Routerford" = {
-        connection = {
-          id = "Ernest Routerford";
-          permissions = "";
-          type = "wifi";
+
    { config, ...}:
+{
+  networking.networkmanager = {
+    enable = true;
+    ensureProfiles = {
+      environmentFiles = [
+        "${config.sops.templates."network-manager.env".path}"
+      ];
+      profiles = {
+        "Ernest Routerford" = {
+          connection = {
+            id = "Ernest Routerford";
+            permissions = "";
+            type = "wifi";
+          };
+          ipv4 = {
+            dns-search = "";
+            method = "auto";
+          };
+          ipv6 = {
+            addr-gen-mode = "stable-privacy";
+            dns-search = "";
+            method = "auto";
+          };
+          wifi = {
+            mac-address-blacklist = "";
+            mode = "infrastructure";
+            ssid = "Ernest Routerford";
+          };
+          wifi-security = {
+            auth-alg = "open";
+            key-mgmt = "wpa-psk";
+            psk = "$ERNEST";
+          };
         };
-        ipv4 = {
-          dns-search = "";
-          method = "auto";
-        };
-        ipv6 = {
-          addr-gen-mode = "stable-privacy";
-          dns-search = "";
-          method = "auto";
-        };
-        wifi = {
-          mac-address-blacklist = "";
-          mode = "infrastructure";
-          ssid = "Ernest Routerford";
-        };
-        wifi-security = {
-          auth-alg = "open";
-          key-mgmt = "wpa-psk";
-          psk = "$ERNEST";
-        };
-      };
 
-      LAN-Party = {
-        connection = {
-          autoconnect = "false";
-          id = "LAN-Party";
-          type = "ethernet";
+        LAN-Party = {
+          connection = {
+            autoconnect = "false";
+            id = "LAN-Party";
+            type = "ethernet";
+          };
+          ethernet = {
+            auto-negotiate = "true";
+            cloned-mac-address = "preserve";
+            mac-address = "90:2E:16:D0:A1:87";
+          };
+          ipv4 = { method = "shared"; };
+          ipv6 = {
+            addr-gen-mode = "stable-privacy";
+            method = "auto";
+          };
+          proxy = { };
         };
-        ethernet = {
-          auto-negotiate = "true";
-          cloned-mac-address = "preserve";
-          mac-address = "90:2E:16:D0:A1:87";
-        };
-        ipv4 = { method = "shared"; };
-        ipv6 = {
-          addr-gen-mode = "stable-privacy";
-          method = "auto";
-        };
-        proxy = { };
-      };
 
-      eduroam = {
-        "802-1x" = {
-          eap = "ttls;";
-          identity = "$EDUID";
-          password = "$EDUPASS";
-          phase2-auth = "mschapv2";
+        eduroam = {
+          "802-1x" = {
+            eap = "ttls;";
+            identity = "$EDUID";
+            password = "$EDUPASS";
+            phase2-auth = "mschapv2";
+          };
+          connection = {
+            id = "eduroam";
+            type = "wifi";
+          };
+          ipv4 = { method = "auto"; };
+          ipv6 = {
+            addr-gen-mode = "default";
+            method = "auto";
+          };
+          proxy = { };
+          wifi = {
+            mode = "infrastructure";
+            ssid = "eduroam";
+          };
+          wifi-security = {
+            auth-alg = "open";
+            key-mgmt = "wpa-eap";
+          };
         };
-        connection = {
-          id = "eduroam";
-          type = "wifi";
-        };
-        ipv4 = { method = "auto"; };
-        ipv6 = {
-          addr-gen-mode = "default";
-          method = "auto";
-        };
-        proxy = { };
-        wifi = {
-          mode = "infrastructure";
-          ssid = "eduroam";
-        };
-        wifi-security = {
-          auth-alg = "open";
-          key-mgmt = "wpa-eap";
-        };
-      };
 
-      local = {
-        connection = {
-          autoconnect = "false";
-          id = "local";
-          type = "ethernet";
+        local = {
+          connection = {
+            autoconnect = "false";
+            id = "local";
+            type = "ethernet";
+          };
+          ethernet = { };
+          ipv4 = {
+            address1 = "10.42.1.1/24";
+            method = "shared";
+          };
+          ipv6 = {
+            addr-gen-mode = "stable-privacy";
+            method = "auto";
+          };
+          proxy = { };
         };
-        ethernet = { };
-        ipv4 = {
-          address1 = "10.42.1.1/24";
-          method = "shared";
-        };
-        ipv6 = {
-          addr-gen-mode = "stable-privacy";
-          method = "auto";
-        };
-        proxy = { };
-      };
 
-      HH40V_39F5 = {
-        connection = {
-          id = "HH40V_39F5";
-          type = "wifi";
+        HH40V_39F5 = {
+          connection = {
+            id = "HH40V_39F5";
+            type = "wifi";
+          };
+          ipv4 = { method = "auto"; };
+          ipv6 = {
+            addr-gen-mode = "stable-privacy";
+            method = "auto";
+          };
+          proxy = { };
+          wifi = {
+            band = "bg";
+            mode = "infrastructure";
+            ssid = "HH40V_39F5";
+          };
+          wifi-security = {
+            key-mgmt = "wpa-psk";
+            psk = "$FRAUNS";
+          };
         };
-        ipv4 = { method = "auto"; };
-        ipv6 = {
-          addr-gen-mode = "stable-privacy";
-          method = "auto";
-        };
-        proxy = { };
-        wifi = {
-          band = "bg";
-          mode = "infrastructure";
-          ssid = "HH40V_39F5";
-        };
-        wifi-security = {
-          key-mgmt = "wpa-psk";
-          psk = "$FRAUNS";
-        };
-      };
 
-      magicant = {
-        connection = {
-          id = "magicant";
-          type = "wifi";
+        magicant = {
+          connection = {
+            id = "magicant";
+            type = "wifi";
+          };
+          ipv4 = { method = "auto"; };
+          ipv6 = {
+            addr-gen-mode = "default";
+            method = "auto";
+          };
+          proxy = { };
+          wifi = {
+            mode = "infrastructure";
+            ssid = "magicant";
+          };
+          wifi-security = {
+            auth-alg = "open";
+            key-mgmt = "wpa-psk";
+            psk = "$HANDYHOTSPOT";
+          };
         };
-        ipv4 = { method = "auto"; };
-        ipv6 = {
-          addr-gen-mode = "default";
-          method = "auto";
-        };
-        proxy = { };
-        wifi = {
-          mode = "infrastructure";
-          ssid = "magicant";
-        };
-        wifi-security = {
-          auth-alg = "open";
-          key-mgmt = "wpa-psk";
-          psk = "$HANDYHOTSPOT";
-        };
-      };
 
-      "sweden-aes-128-cbc-udp-dns" = {
-        connection = {
-          autoconnect = "false";
-          id = "PIA Sweden";
-          type = "vpn";
+        "sweden-aes-128-cbc-udp-dns" = {
+          connection = {
+            autoconnect = "false";
+            id = "PIA Sweden";
+            type = "vpn";
+          };
+          ipv4 = { method = "auto"; };
+          ipv6 = {
+            addr-gen-mode = "stable-privacy";
+            method = "auto";
+          };
+          proxy = { };
+          vpn = {
+            auth = "sha1";
+            ca =
+              "${config.users.users.swarsel.home}/.dotfiles/secrets/certs/sweden-aes-128-cbc-udp-dns-ca.pem";
+            challenge-response-flags = "2";
+            cipher = "aes-128-cbc";
+            compress = "yes";
+            connection-type = "password";
+            crl-verify-file = "${config.users.users.swarsel.home}/.dotfiles/secrets/certs/sweden-aes-128-cbc-udp-dns-crl-verify.pem";
+            dev = "tun";
+            password-flags = "0";
+            remote = "sweden.privacy.network:1198";
+            remote-cert-tls = "server";
+            reneg-seconds = "0";
+            service-type = "org.freedesktop.NetworkManager.openvpn";
+            username = "$VPNUSER";
+          };
+          vpn-secrets = { password = "$VPNPASS"; };
         };
-        ipv4 = { method = "auto"; };
-        ipv6 = {
-          addr-gen-mode = "stable-privacy";
-          method = "auto";
-        };
-        proxy = { };
-        vpn = {
-          auth = "sha1";
-          ca =
-            "${config.users.users.swarsel.home}/.dotfiles/secrets/certs/sweden-aes-128-cbc-udp-dns-ca.pem";
-          challenge-response-flags = "2";
-          cipher = "aes-128-cbc";
-          compress = "yes";
-          connection-type = "password";
-          crl-verify-file = "${config.users.users.swarsel.home}/.dotfiles/secrets/certs/sweden-aes-128-cbc-udp-dns-crl-verify.pem";
-          dev = "tun";
-          password-flags = "0";
-          remote = "sweden.privacy.network:1198";
-          remote-cert-tls = "server";
-          reneg-seconds = "0";
-          service-type = "org.freedesktop.NetworkManager.openvpn";
-          username = "$VPNUSER";
-        };
-        vpn-secrets = { password = "$VPNPASS"; };
-      };
 
-      Hotspot = {
-        connection = {
-          autoconnect = "false";
-          id = "Hotspot";
-          type = "wifi";
+        Hotspot = {
+          connection = {
+            autoconnect = "false";
+            id = "Hotspot";
+            type = "wifi";
+          };
+          ipv4 = { method = "shared"; };
+          ipv6 = {
+            addr-gen-mode = "default";
+            method = "ignore";
+          };
+          proxy = { };
+          wifi = {
+            mode = "ap";
+            ssid = "Hotspot-fourside";
+          };
+          wifi-security = {
+            group = "ccmp;";
+            key-mgmt = "wpa-psk";
+            pairwise = "ccmp;";
+            proto = "rsn;";
+            psk = "$HOTSPOT";
+          };
         };
-        ipv4 = { method = "shared"; };
-        ipv6 = {
-          addr-gen-mode = "default";
-          method = "ignore";
-        };
-        proxy = { };
-        wifi = {
-          mode = "ap";
-          ssid = "Hotspot-fourside";
-        };
-        wifi-security = {
-          group = "ccmp;";
-          key-mgmt = "wpa-psk";
-          pairwise = "ccmp;";
-          proto = "rsn;";
-          psk = "$HOTSPOT";
-        };
-      };
 
+      };
     };
   };
-};
-
-systemd.services.NetworkManager-ensure-profiles.after = [ "NetworkManager.service" ];
 
+  systemd.services.NetworkManager-ensure-profiles.after = [ "NetworkManager.service" ];
+}
    -
  • Locale settings
    +
  • Time, locale settings

    -Setup timezone and locale. I want to use the US layout, but have the rest adapted to my country and timezone. +Setup timezone and locale. I want to use the US layout, but have the rest adapted to my country and timezone. Also, there is an issue with running Windows/Linux dualboot on the same machine where the hardware clock desyncs between the two OS'es. We fix that bug here as well.

    -
    -time.timeZone = "Europe/Vienna";
-
-i18n = {
-  defaultLocale = "en_US.UTF-8";
-  extraLocaleSettings = {
-    LC_ADDRESS = "de_AT.UTF-8";
-    LC_IDENTIFICATION = "de_AT.UTF-8";
-    LC_MEASUREMENT = "de_AT.UTF-8";
-    LC_MONETARY = "de_AT.UTF-8";
-    LC_NAME = "de_AT.UTF-8";
-    LC_NUMERIC = "de_AT.UTF-8";
-    LC_PAPER = "de_AT.UTF-8";
-    LC_TELEPHONE = "de_AT.UTF-8";
-    LC_TIME = "de_AT.UTF-8";
+
    { ... }:
+{
+  time = {
+    timeZone = "Europe/Vienna";
+    hardwareClockInLocalTime = true;
   };
-};
 
+  i18n = {
+    defaultLocale = "en_US.UTF-8";
+    extraLocaleSettings = {
+      LC_ADDRESS = "de_AT.UTF-8";
+      LC_IDENTIFICATION = "de_AT.UTF-8";
+      LC_MEASUREMENT = "de_AT.UTF-8";
+      LC_MONETARY = "de_AT.UTF-8";
+      LC_NAME = "de_AT.UTF-8";
+      LC_NUMERIC = "de_AT.UTF-8";
+      LC_PAPER = "de_AT.UTF-8";
+      LC_TELEPHONE = "de_AT.UTF-8";
+      LC_TIME = "de_AT.UTF-8";
+    };
+  };
+}
    @@ -6162,37 +6197,38 @@ I use sops-nix to handle secrets that I want to have available on my machines at
    -
    -sops = {
+
    { config, ... }:
+{
+  sops = {
 
-  defaultSopsFile = "${config.users.users.swarsel.home}/.dotfiles/secrets/general/secrets.yaml";
-  validateSopsFiles = false;
+    defaultSopsFile = "${config.users.users.swarsel.home}/.dotfiles/secrets/general/secrets.yaml";
+    validateSopsFiles = false;
 
-  secrets = {
-    swarseluser = { neededForUsers = true; };
-    ernest = { };
-    frauns = { };
-    hotspot = { };
-    eduid = { };
-    edupass = { };
-    handyhotspot = { };
-    vpnuser = { };
-    vpnpass = { };
+    secrets = {
+      swarseluser = { neededForUsers = true; };
+      ernest = { };
+      frauns = { };
+      hotspot = { };
+      eduid = { };
+      edupass = { };
+      handyhotspot = { };
+      vpnuser = { };
+      vpnpass = { };
+    };
+    templates = {
+      "network-manager.env".content = ''
+        ERNEST=${config.sops.placeholder.ernest}
+        FRAUNS=${config.sops.placeholder.frauns}
+        HOTSPOT=${config.sops.placeholder.hotspot}
+        EDUID=${config.sops.placeholder.eduid}
+        EDUPASS=${config.sops.placeholder.edupass}
+        HANDYHOTSPOT=${config.sops.placeholder.handyhotspot}
+        VPNUSER=${config.sops.placeholder.vpnuser}
+        VPNPASS=${config.sops.placeholder.vpnpass}
+      '';
+    };
   };
-  templates = {
-    "network-manager.env".content = ''
-      ERNEST=${config.sops.placeholder.ernest}
-      FRAUNS=${config.sops.placeholder.frauns}
-      HOTSPOT=${config.sops.placeholder.hotspot}
-      EDUID=${config.sops.placeholder.eduid}
-      EDUPASS=${config.sops.placeholder.edupass}
-      HANDYHOTSPOT=${config.sops.placeholder.handyhotspot}
-      VPNUSER=${config.sops.placeholder.vpnuser}
-      VPNPASS=${config.sops.placeholder.vpnpass}
-    '';
-  };
-};
-
+}
    • @@ -6205,86 +6241,87 @@ Mostly used to install some compilers and lsp's that I want to have available wh

    -
    -environment.systemPackages = with pkgs; [
-  # yubikey packages
-  gnupg
-  yubikey-personalization
-  yubikey-personalization-gui
-  yubico-pam
-  yubioath-flutter
-  yubikey-manager
-  yubikey-manager-qt
-  yubico-piv-tool
-  cfssl
-  pcsctools
-  pcscliteWithPolkit.out
+
    { pkgs, ... }:
+{
+  environment.systemPackages = with pkgs; [
+    # yubikey packages
+    gnupg
+    yubikey-personalization
+    yubikey-personalization-gui
+    yubico-pam
+    yubioath-flutter
+    yubikey-manager
+    yubikey-manager-qt
+    yubico-piv-tool
+    cfssl
+    pcsctools
+    pcscliteWithPolkit.out
 
-  # ledger packages
-  ledger-live-desktop
+    # ledger packages
+    ledger-live-desktop
 
-  # pinentry
+    # pinentry
 
-  # theme related
-  adwaita-icon-theme
+    # theme related
+    adwaita-icon-theme
 
-  # kde-connect
-  xdg-desktop-portal
+    # kde-connect
+    xdg-desktop-portal
 
-  # bluetooth
-  bluez
+    # bluetooth
+    bluez
 
-  # lsp-related -------------------------------
-  # nix
-  # latex
-  texlab
-  ghostscript_headless
-  # wireguard
-  wireguard-tools
-  # rust
-  rust-analyzer
-  clippy
-  rustfmt
-  # go
-  go
-  gopls
-  # zig
-  zig
-  zls
-  # cpp
-  clang-tools
-  # + cuda
-  cudatoolkit
-  #lsp-bridge / python
-  gcc
-  gdb
-  (python3.withPackages (ps: with ps; [ jupyter ipython pyqt5 epc orjson sexpdata six setuptools paramiko numpy pandas scipy matplotlib requests debugpy flake8 gnureadline python-lsp-server ]))
-  # (python3.withPackages(ps: with ps; [ jupyter ipython pyqt5 numpy pandas scipy matplotlib requests debugpy flake8 gnureadline python-lsp-server]))
-  # --------------------------------------------
+    # lsp-related -------------------------------
+    # nix
+    # latex
+    texlab
+    ghostscript_headless
+    # wireguard
+    wireguard-tools
+    # rust
+    rust-analyzer
+    clippy
+    rustfmt
+    # go
+    go
+    gopls
+    # zig
+    zig
+    zls
+    # cpp
+    clang-tools
+    # + cuda
+    cudatoolkit
+    #lsp-bridge / python
+    gcc
+    gdb
+    (python3.withPackages (ps: with ps; [ jupyter ipython pyqt5 epc orjson sexpdata six setuptools paramiko numpy pandas scipy matplotlib requests debugpy flake8 gnureadline python-lsp-server ]))
+    # (python3.withPackages(ps: with ps; [ jupyter ipython pyqt5 numpy pandas scipy matplotlib requests debugpy flake8 gnureadline python-lsp-server]))
+    # --------------------------------------------
 
-  (stdenv.mkDerivation {
-    name = "oama";
-
-    src = pkgs.fetchurl {
+    (stdenv.mkDerivation {
       name = "oama";
-      url = "https://github.com/pdobsan/oama/releases/download/0.13.1/oama-0.13.1-Linux-x86_64-static.tgz";
-      sha256 = "sha256-OTdCObVfnMPhgZxVtZqehgUXtKT1iyqozdkPIV+i3Gc=";
-    };
 
-    phases = [
-      "unpackPhase"
-    ];
+      src = pkgs.fetchurl {
+        name = "oama";
+        url = "https://github.com/pdobsan/oama/releases/download/0.13.1/oama-0.13.1-Linux-x86_64-static.tgz";
+        sha256 = "sha256-OTdCObVfnMPhgZxVtZqehgUXtKT1iyqozdkPIV+i3Gc=";
+      };
 
-    unpackPhase = ''
-      mkdir -p $out/bin
-      tar xvf $src -C $out/
-      mv $out/oama-0.13.1-Linux-x86_64-static/oama $out/bin/
-    '';
+      phases = [
+        "unpackPhase"
+      ];
 
-  })
+      unpackPhase = ''
+         mkdir -p $out/bin
+         tar xvf $src -C $out/
+         mv $out/oama-0.13.1-Linux-x86_64-static/oama $out/bin/
+       '';
 
-];
+    })
 
+  ];
+}
    @@ -6297,80 +6334,85 @@ Some programs profit from being installed through dedicated NixOS settings on sy

    -
    -programs = {
-  dconf.enable = true;
-  evince.enable = true;
-  kdeconnect.enable = true;
-};
+
    { ... }:
+{
+  programs = {
+    dconf.enable = true;
+    evince.enable = true;
+    kdeconnect.enable = true;
+  };
+}
      -
    1. zsh
      +
    2. zsh

      Do not touch this.

      -
      -programs.zsh.enable = true;
-users.defaultUserShell = pkgs.zsh;
-environment.shells = with pkgs; [ zsh ];
-environment.pathsToLink = [ "/share/zsh" ];
-
+
      { pkgs, ... }:
+{
+  programs.zsh.enable = true;
+  users.defaultUserShell = pkgs.zsh;
+  environment.shells = with pkgs; [ zsh ];
+  environment.pathsToLink = [ "/share/zsh" ];
+}
      3. -
    3. syncthing
      +
    4. syncthing
      -services.syncthing = {
-  enable = true;
-  user = "swarsel";
-  dataDir = "/home/swarsel";
-  configDir = "/home/swarsel/.config/syncthing";
-  openDefaultPorts = true;
-  settings = {
-    devices = {
-      "magicant" = {
-        id = "SEH2NMT-IVRQUU5-VPW2HUQ-3GQYDBF-F6H6OY6-X3DZTUZ-LCRE2DJ-QNIXIQ2";
+{ ... }:
+{
+  services.syncthing = {
+    enable = true;
+    user = "swarsel";
+    dataDir = "/home/swarsel";
+    configDir = "/home/swarsel/.config/syncthing";
+    openDefaultPorts = true;
+    settings = {
+      devices = {
+        "magicant" = {
+          id = "SEH2NMT-IVRQUU5-VPW2HUQ-3GQYDBF-F6H6OY6-X3DZTUZ-LCRE2DJ-QNIXIQ2";
+        };
+        "sync (@oracle)" = {
+          id = "ETW6TST-NPK7MKZ-M4LXMHA-QUPQHDT-VTSHH5X-CR5EIN2-YU7E55F-MGT7DQB";
+        };
+        "server1" = {
+          id = "ZXWVC4X-IIARITZ-MERZPHN-HD55Y6G-QJM2GTB-6BWYXMR-DTO3TS2-QDBREQQ";
+        };
       };
-      "sync (@oracle)" = {
-        id = "ETW6TST-NPK7MKZ-M4LXMHA-QUPQHDT-VTSHH5X-CR5EIN2-YU7E55F-MGT7DQB";
-      };
-      "server1" = {
-        id = "ZXWVC4X-IIARITZ-MERZPHN-HD55Y6G-QJM2GTB-6BWYXMR-DTO3TS2-QDBREQQ";
-      };
-    };
-    folders = {
-      "Default Folder" = {
-        path = "/home/swarsel/Sync";
-        devices = [ "sync (@oracle)" ];
-        id = "default";
-      };
-      "Obsidian" = {
-        path = "/home/swarsel/Nextcloud/Obsidian";
-        devices = [ "sync (@oracle)" ];
-        id = "yjvni-9eaa7";
-      };
-      "Org" = {
-        path = "/home/swarsel/Nextcloud/Org";
-        devices = [ "sync (@oracle)" ];
-        id = "a7xnl-zjj3d";
-      };
-      "Vpn" = {
-        path = "/home/swarsel/Vpn";
-        devices = [ "sync (@oracle)" ];
-        id = "hgp9s-fyq3p";
+      folders = {
+        "Default Folder" = {
+          path = "/home/swarsel/Sync";
+          devices = [ "sync (@oracle)" ];
+          id = "default";
+        };
+        "Obsidian" = {
+          path = "/home/swarsel/Nextcloud/Obsidian";
+          devices = [ "sync (@oracle)" ];
+          id = "yjvni-9eaa7";
+        };
+        "Org" = {
+          path = "/home/swarsel/Nextcloud/Org";
+          devices = [ "sync (@oracle)" ];
+          id = "a7xnl-zjj3d";
+        };
+        "Vpn" = {
+          path = "/home/swarsel/Vpn";
+          devices = [ "sync (@oracle)" ];
+          id = "hgp9s-fyq3p";
+        };
       };
     };
   };
-};
-
+}
      @@ -6392,40 +6434,48 @@ Enables the blueman service including the nice system tray icon.

      -
      -services.blueman.enable = true;
-
+
      { ... }:
+{
+  services.blueman.enable = true;
+}
      5. -
    5. Detect Scanners over network
      -
      +
    6. Network devices
      +
      +

      +In this section we enable compatibility with several network devices I have at home, mainly printers and scanners. +

      +
      +
        +
      1. Scanners
        +

        This allows me to use my big scanner/printer's scanning function over the network.

        -
        -# enable scanners over network
-hardware.sane = {
-  enable = true;
-  extraBackends = [ pkgs.sane-airscan ];
-};
+
        {pkgs, ...}:
+{
+  # enable scanners over network
+  hardware.sane = {
+    enable = true;
+    extraBackends = [ pkgs.sane-airscan ];
+  };
        2. -
      2. Detect Printers over network
        -
        +
      3. Printers
        +

        This allows me to use my big scanner/printer's printing function over the network. Most of the settings are driver related.

        -
        -# enable discovery and usage of network devices (esp. printers)
+
        # enable discovery and usage of network devices (esp. printers)
 services.printing = {
   enable = true;
   drivers = [
@@ -6440,12 +6490,14 @@ services.printing = {
     BrowseProtocols all
   '';
 };
-
        - +
        +
        4. +
      4. Avahi (device discovery)
        +

        -Avahi is the service used for the network discovery +Avahi is the service used for the network discovery.

        @@ -6455,11 +6507,13 @@ services.avahi = { nssmdns4 = true; openFirewall = true; }; - +}
        5. +
      +
    7. enable GVfs

      @@ -6467,9 +6521,10 @@ This is being set to allow myself to use all functions of nautilus in NixOS

      -
      -services.gvfs.enable = true;
-
+
      { ... }:
+{
+  services.gvfs.enable = true;
+}
      @@ -6482,33 +6537,35 @@ This is a super-convenient package that lets my remap my CAPS key t 
      -# Make CAPS work as a dual function ESC/CTRL key
-services.interception-tools = {
-  enable = true;
-  udevmonConfig =
-    let
-      dualFunctionKeysConfig = builtins.toFile "dual-function-keys.yaml" ''
-        TIMING:
-          TAP_MILLISEC: 200
-          DOUBLE_TAP_MILLISEC: 0
+{ pkgs, ... }:
+{
+  # Make CAPS work as a dual function ESC/CTRL key
+  services.interception-tools = {
+    enable = true;
+    udevmonConfig =
+      let
+        dualFunctionKeysConfig = builtins.toFile "dual-function-keys.yaml" ''
+          TIMING:
+            TAP_MILLISEC: 200
+            DOUBLE_TAP_MILLISEC: 0
 
-        MAPPINGS:
-          - KEY: KEY_CAPSLOCK
-            TAP: KEY_ESC
-            HOLD: KEY_LEFTCTRL
+          MAPPINGS:
+            - KEY: KEY_CAPSLOCK
+              TAP: KEY_ESC
+              HOLD: KEY_LEFTCTRL
+        '';
+      in
+        ''
+        - JOB: |
+            ${pkgs.interception-tools}/bin/intercept -g $DEVNODE \
+              | ${pkgs.interception-tools-plugins.dual-function-keys}/bin/dual-function-keys -c ${dualFunctionKeysConfig} \
+              | ${pkgs.interception-tools}/bin/uinput -d $DEVNODE
+          DEVICE:
+            EVENTS:
+              EV_KEY: [KEY_CAPSLOCK]
       '';
-    in
-    ''
-      - JOB: |
-          ${pkgs.interception-tools}/bin/intercept -g $DEVNODE \
-            | ${pkgs.interception-tools-plugins.dual-function-keys}/bin/dual-function-keys -c ${dualFunctionKeysConfig} \
-            | ${pkgs.interception-tools}/bin/uinput -d $DEVNODE
-        DEVICE:
-          EVENTS:
-            EV_KEY: [KEY_CAPSLOCK]
-    '';
-};
-
+  };
+}
      @@ -6532,29 +6589,23 @@ The exception is the system packages, since that cannot be defined twice in the

      The rest of the gpg-agent related settings are here: gpg-agent -

      - -
      -
      -programs.ssh.startAgent = false;
-
-services.pcscd.enable = true;
-
-hardware.ledger.enable = true;
-
      -
      - -

      Also, this is a good place to setup the udev rules.

      -
      -services.udev.packages = with pkgs; [
-  yubikey-personalization
-  ledger-udev-rules
-];
+
      { pkgs, ... }:
+{
+  programs.ssh.startAgent = false;
 
+  services.pcscd.enable = true;
+
+  hardware.ledger.enable = true;
+
+  services.udev.packages = with pkgs; [
+    yubikey-personalization
+    ledger-udev-rules
+  ];
+}
      @@ -6567,26 +6618,27 @@ This section houses the greetd related settings. I do not really want to use a d

      -
      -services.greetd = {
-  enable = true;
-  settings = {
-    initial_session.command = "sway";
-    # initial_session.user ="swarsel";
-    default_session.command = ''
-      ${pkgs.greetd.tuigreet}/bin/tuigreet \
-        --time \
-        --asterisks \
-        --user-menu \
-        --cmd sway
-    '';
+
      { pkgs, ... }:
+{
+  services.greetd = {
+    enable = true;
+    settings = {
+      initial_session.command = "sway";
+      # initial_session.user ="swarsel";
+      default_session.command = ''
+        ${pkgs.greetd.tuigreet}/bin/tuigreet \
+          --time \
+          --asterisks \
+          --user-menu \
+          --cmd sway
+      '';
+    };
   };
-};
-
-environment.etc."greetd/environments".text = ''
-  sway
-'';
 
+  environment.etc."greetd/environments".text = ''
+    sway
+  '';
+}
      @@ -6596,8 +6648,51 @@ environment.etc."greetd/environments".text = ''

      3.4. Common Home-Manager

      +
      +

      3.4.1. Imports

      +
      +

      +This section sets up all the imports that are used in the home-manager section. +

      + +
      +
      { ... }:
+{
+  imports = [
+    ./packages.nix
+    ./sops.nix
+    ./ssh.nix
+    ./stylix.nix
+    ./desktop.nix
+    ./symlink.nix
+    ./env.nix
+    ./programs.nix
+    ./nix-index.nix
+    ./password-store.nix
+    ./direnv.nix
+    ./eza.nix
+    ./git.nix
+    ./fuzzel.nix
+    ./starship.nix
+    ./kitty.nix
+    ./zsh.nix
+    ./mail.nix
+    ./emacs.nix
+    ./waybar.nix
+    ./firefox.nix
+    ./gnome-keyring.nix
+    ./kdeconnect.nix
+    ./mako.nix
+    ./sway.nix
+  ];
+
+}
+
      +
      +
      +
      -

      3.4.1. Installed packages

      +

      3.4.2. Installed packages

      Here are defined some packages that I would like to use across all my machines. Most of these should not require further setup. Notably the cura package is severely outdated on nixpkgs, so I just fetch a more recent AppImage and run that instead. @@ -6615,7 +6710,7 @@ Programming languages and default lsp's are defined here: Packaged

      -
      { config, pkgs, fetchFromGitHub, ... }:
+
      { pkgs, ... }:
 
 {
   home.packages = with pkgs; [
@@ -6935,6 +7030,7 @@ Programming languages and default lsp's are defined here:
      -

      3.4.2. sops

      +

      3.4.3. sops

      I use sops-nix to handle secrets that I want to have available on my machines at all times. Procedure to add a new machine: @@ -6963,133 +7059,135 @@ Since we are using the home-manager implementation here, we need to specify the

      -
      -sops = {
-  defaultSopsFile = "${config.home.homeDirectory}/.dotfiles/secrets/general/secrets.yaml";
-  validateSopsFiles = false;
-  secrets = {
-    mrswarsel = { path = "/run/user/1000/secrets/mrswarsel"; };
-    nautilus = { path = "/run/user/1000/secrets/nautilus"; };
-    leon = { path = "/run/user/1000/secrets/leon"; };
-    swarselmail = { path = "/run/user/1000/secrets/swarselmail"; };
-    caldav = { path = "${config.home.homeDirectory}/.emacs.d/.caldav"; };
-  };
-};
-
+
        { config, ... }:
+  {
+    sops = {
+      defaultSopsFile = "${config.home.homeDirectory}/.dotfiles/secrets/general/secrets.yaml";
+      validateSopsFiles = false;
+      secrets = {
+        mrswarsel = { path = "/run/user/1000/secrets/mrswarsel"; };
+        nautilus = { path = "/run/user/1000/secrets/nautilus"; };
+        leon = { path = "/run/user/1000/secrets/leon"; };
+        swarselmail = { path = "/run/user/1000/secrets/swarselmail"; };
+        caldav = { path = "${config.home.homeDirectory}/.emacs.d/.caldav"; };
+      };
+    };
+}
      -

      3.4.3. SSH Machines

      +

      3.4.4. SSH Machines

      It is very convenient to have SSH aliases in place for machines that I use. This is mainly used for some server machines and some university clusters. We also enable agent forwarding to have our Yubikey SSH key accessible on the remote host.

      -
      -programs.ssh = {
-  enable = true;
-  forwardAgent = true;
-  extraConfig = ''
-    SetEnv TERM=xterm-256color
-  '';
-  matchBlocks = {
-    "nginx" = {
-      hostname = "192.168.1.14";
-      user = "root";
-    };
-    "jellyfin" = {
-      hostname = "192.168.1.16";
-      user = "root";
-    };
-    "pfsense" = {
-      hostname = "192.168.1.1";
-      user = "root";
-    };
-    "proxmox" = {
-      hostname = "192.168.1.2";
-      user = "root";
-    };
-    "transmission" = {
-      hostname = "192.168.1.6";
-      user = "root";
-    };
-    "fetcher" = {
-      hostname = "192.168.1.7";
-      user = "root";
-    };
-    "omv" = {
-      hostname = "192.168.1.3";
-      user = "root";
-    };
-    "webbot" = {
-      hostname = "192.168.1.11";
-      user = "root";
-    };
-    "nextcloud" = {
-      hostname = "192.168.1.5";
-      user = "root";
-    };
-    "sound" = {
-      hostname = "192.168.1.13";
-      user = "root";
-    };
-    "spotify" = {
-      hostname = "192.168.1.17";
-      user = "root";
-    };
-    "wordpress" = {
-      hostname = "192.168.1.9";
-      user = "root";
-    };
-    "turn" = {
-      hostname = "192.168.1.18";
-      user = "root";
-    };
-    "hugo" = {
-      hostname = "192.168.1.19";
-      user = "root";
-    };
-    "matrix" = {
-      hostname = "192.168.1.23";
-      user = "root";
-    };
-    "scroll" = {
-      hostname = "192.168.1.22";
-      user = "root";
-    };
-    "minecraft" = {
-      hostname = "130.61.119.129";
-      user = "opc";
-    };
-    "sync" = {
-      hostname = "193.122.53.173";
-      user = "root"; #this is a oracle vm server but needs root due to nixos-infect
-    };
-    "songdiver" = {
-      hostname = "89.168.100.65";
-      user = "ubuntu";
-    };
-    "pkv" = {
-      hostname = "46.232.248.161";
-      user = "root";
-    };
-    "efficient" = {
-      hostname = "g0.complang.tuwien.ac.at";
+
        { ... }:
+  {
+    programs.ssh = {
+      enable = true;
       forwardAgent = true;
-      user = "ep01427399";
+      extraConfig = ''
+        SetEnv TERM=xterm-256color
+      '';
+      matchBlocks = {
+        "nginx" = {
+          hostname = "192.168.1.14";
+          user = "root";
+        };
+        "jellyfin" = {
+          hostname = "192.168.1.16";
+          user = "root";
+        };
+        "pfsense" = {
+          hostname = "192.168.1.1";
+          user = "root";
+        };
+        "proxmox" = {
+          hostname = "192.168.1.2";
+          user = "root";
+        };
+        "transmission" = {
+          hostname = "192.168.1.6";
+          user = "root";
+        };
+        "fetcher" = {
+          hostname = "192.168.1.7";
+          user = "root";
+        };
+        "omv" = {
+          hostname = "192.168.1.3";
+          user = "root";
+        };
+        "webbot" = {
+          hostname = "192.168.1.11";
+          user = "root";
+        };
+        "nextcloud" = {
+          hostname = "192.168.1.5";
+          user = "root";
+        };
+        "sound" = {
+          hostname = "192.168.1.13";
+          user = "root";
+        };
+        "spotify" = {
+          hostname = "192.168.1.17";
+          user = "root";
+        };
+        "wordpress" = {
+          hostname = "192.168.1.9";
+          user = "root";
+        };
+        "turn" = {
+          hostname = "192.168.1.18";
+          user = "root";
+        };
+        "hugo" = {
+          hostname = "192.168.1.19";
+          user = "root";
+        };
+        "matrix" = {
+          hostname = "192.168.1.23";
+          user = "root";
+        };
+        "scroll" = {
+          hostname = "192.168.1.22";
+          user = "root";
+        };
+        "minecraft" = {
+          hostname = "130.61.119.129";
+          user = "opc";
+        };
+        "sync" = {
+          hostname = "193.122.53.173";
+          user = "root"; #this is a oracle vm server but needs root due to nixos-infect
+        };
+        "songdiver" = {
+          hostname = "89.168.100.65";
+          user = "ubuntu";
+        };
+        "pkv" = {
+          hostname = "46.232.248.161";
+          user = "root";
+        };
+        "efficient" = {
+          hostname = "g0.complang.tuwien.ac.at";
+          forwardAgent = true;
+          user = "ep01427399";
+        };
+      };
     };
-  };
-};
-
+}
      -

      3.4.4. Fonts + Theme

      +

      3.4.5. Fonts + Theme

      These section allows home-manager to allow theme settings, and handles some other appearance-related settings like cursor styles. Interestingly, system icons (adwaita) still need to be setup on system-level, and will break if defined here. @@ -7100,15 +7198,16 @@ This section has been notably empty ever since switching to stylix. Only Emacs i

      -
      -stylix.targets.emacs.enable = false;
-
+
      { ... }:
+{
+ stylix.targets.emacs.enable = false;
+}
      -

      3.4.5. Desktop Entries

      +

      3.4.6. Desktop Entries

      Some programs lack a dmenu launcher - I define them myself here. @@ -7120,57 +7219,59 @@ TODO: Non-NixOS machines (=sp3) should not use these by default, but instead the 

      -xdg.desktopEntries = {
+{ ... }:
+{
+  xdg.desktopEntries = {
+
+    cura = {
+      name = "Ultimaker Cura";
+      genericName = "Cura";
+      exec = "cura";
+      terminal = false;
+      categories = [ "Application" ];
+    };
+
+    anki = {
+      name = "Anki Flashcards";
+      genericName = "Anki";
+      exec = "anki";
+      terminal = false;
+      categories = [ "Application" ];
+    };
+
+    # schlidichat = {
+    #   name = "SchildiChat Matrix Client";
+    #   genericName = "SchildiChat";
+    #   exec = "schildichat-desktop -enable-features=UseOzonePlatform -ozone-platform=wayland --disable-gpu-driver-bug-workarounds";
+    #   terminal = false;
+    #   categories = [ "Application"];
+    # };
+
+    element = {
+      name = "Element Matrix Client";
+      genericName = "Element";
+      exec = "element-desktop -enable-features=UseOzonePlatform -ozone-platform=wayland --disable-gpu-driver-bug-workarounds";
+      terminal = false;
+      categories = [ "Application" ];
+    };
+
+    emacsclient-newframe = {
+      name = "Emacs (Client, New Frame)";
+      genericName = "Emacs (Client, New Frame)";
+      exec = "emacsclient -r %u";
+      icon = "emacs";
+      terminal = false;
+      categories = [ "Development" "TextEditor" ];
+    };
 
-  cura = {
-    name = "Ultimaker Cura";
-    genericName = "Cura";
-    exec = "cura";
-    terminal = false;
-    categories = [ "Application" ];
   };
-
-  anki = {
-    name = "Anki Flashcards";
-    genericName = "Anki";
-    exec = "anki";
-    terminal = false;
-    categories = [ "Application" ];
-  };
-
-  # schlidichat = {
-  #   name = "SchildiChat Matrix Client";
-  #   genericName = "SchildiChat";
-  #   exec = "schildichat-desktop -enable-features=UseOzonePlatform -ozone-platform=wayland --disable-gpu-driver-bug-workarounds";
-  #   terminal = false;
-  #   categories = [ "Application"];
-  # };
-
-  element = {
-    name = "Element Matrix Client";
-    genericName = "Element";
-    exec = "element-desktop -enable-features=UseOzonePlatform -ozone-platform=wayland --disable-gpu-driver-bug-workarounds";
-    terminal = false;
-    categories = [ "Application" ];
-  };
-
-  emacsclient-newframe = {
-    name = "Emacs (Client, New Frame)";
-    genericName = "Emacs (Client, New Frame)";
-    exec = "emacsclient -r %u";
-    icon = "emacs";
-    terminal = false;
-    categories = [ "Development" "TextEditor" ];
-  };
-
-};
-
+}
      -

      3.4.6. Linking dotfiles

      +

      3.4.7. Linking dotfiles

      This section should be used in order to symlink already existing configuration files using `home.file` and setting session variables using `home.sessionVariables`. @@ -7182,22 +7283,24 @@ As for the `home.sessionVariables`, it should be noted that environment variable 

      +{ ... }:
+{
 home.file = {
   "init.el" = {
-    source = ../../programs/emacs/init.el;
+    source = ../../../programs/emacs/init.el;
     target = ".emacs.d/init.el";
   };
   "early-init.el" = {
-    source = ../../programs/emacs/early-init.el;
+    source = ../../../programs/emacs/early-init.el;
     target = ".emacs.d/early-init.el";
   };
   # on NixOS, Emacs does not find the aspell dicts easily. Write the configuration manually
   ".aspell.conf" = {
-    source = ../../programs/config/.aspell.conf;
+    source = ../../../programs/config/.aspell.conf;
     target = ".aspell.conf";
   };
   ".gitmessage" = {
-    source = ../../programs/git/.gitmessage;
+    source = ../../../programs/git/.gitmessage;
     target = ".gitmessage";
   };
 };
@@ -7211,30 +7314,31 @@ Also, we link some files to the users XDG configuration home:
 
 
      
 
      -xdg.configFile = {
-  "tridactyl/tridactylrc".source = ../../programs/firefox/tridactyl/tridactylrc;
-  "tridactyl/themes/base16-codeschool.css".source = ../../programs/firefox/tridactyl/themes/base16-codeschool.css;
-};
-
+  xdg.configFile = {
+    "tridactyl/tridactylrc".source = ../../../programs/firefox/tridactyl/tridactylrc;
+    "tridactyl/themes/base16-codeschool.css".source = ../../../programs/firefox/tridactyl/themes/base16-codeschool.css;
+  };
+}
      -

      3.4.7. Sourcing environment variables

      +

      3.4.8. Sourcing environment variables

      -
      -home.sessionVariables = {
-  EDITOR = "bash ~/.dotfiles/scripts/editor.sh";
-};
-
+
      { ... }:
+{
+  home.sessionVariables = {
+    EDITOR = "bash ~/.dotfiles/scripts/editor.sh";
+  };
+}
      -

      3.4.8. Programs

      +

      3.4.9. Programs

      This houses the configurations for all programs managed by home-manager. @@ -7248,313 +7352,325 @@ This section is for programs that require no further configuration. zsh Integrat

      -
      -programs = {
-  bottom.enable = true;
-  imv.enable = true;
-  sioyek.enable = true;
-  bat.enable = true;
-  carapace.enable = true;
-  wlogout.enable = true;
-  swayr.enable = true;
-  yt-dlp.enable = true;
-  mpv.enable = true;
-  jq.enable = true;
-  ripgrep.enable = true;
-  pandoc.enable = true;
-  fzf.enable = true;
-  zoxide.enable = true;
-};
+
      { ... }:
+{
+  programs = {
+    bottom.enable = true;
+    imv.enable = true;
+    sioyek.enable = true;
+    bat.enable = true;
+    carapace.enable = true;
+    wlogout.enable = true;
+    swayr.enable = true;
+    yt-dlp.enable = true;
+    mpv.enable = true;
+    jq.enable = true;
+    ripgrep.enable = true;
+    pandoc.enable = true;
+    fzf.enable = true;
+    zoxide.enable = true;
+  };
+}
    -
    -

    3.4.9. nix-index

    -
    +
    +

    3.4.10. nix-index

    +

    nix-index provides a way to find out which packages are provided by which derivations. By default it also comes with a replacement for command-not-found.sh, however, the implementation is based on a channel based setup. I like consistency, so I replace the command with one that provides a flakes-based output.

    -
    -programs.nix-index =
-  let
-    command-not-found = pkgs.runCommandLocal "command-not-found.sh" { } ''
-      mkdir -p $out/etc/profile.d
-      substitute ${../../scripts/command-not-found.sh}                  \
-        $out/etc/profile.d/command-not-found.sh             \
-        --replace @nix-locate@ ${pkgs.nix-index}/bin/nix-locate \
-        --replace @tput@ ${pkgs.ncurses}/bin/tput
-    '';
-  in
-  {
-    enable = true;
-    package = pkgs.symlinkJoin {
-      name = "nix-index";
-      paths = [ command-not-found ];
+
    {pkgs, ...}:
+{
+  programs.nix-index =
+    let
+      command-not-found = pkgs.runCommandLocal "command-not-found.sh" { } ''
+        mkdir -p $out/etc/profile.d
+        substitute ${../../../scripts/command-not-found.sh}                  \
+          $out/etc/profile.d/command-not-found.sh             \
+          --replace @nix-locate@ ${pkgs.nix-index}/bin/nix-locate \
+          --replace @tput@ ${pkgs.ncurses}/bin/tput
+      '';
+    in
+    {
+      enable = true;
+      package = pkgs.symlinkJoin {
+        name = "nix-index";
+        paths = [ command-not-found ];
+      };
     };
-  };
-
+}
    -

    3.4.10. password-store

    +

    3.4.11. password-store

    Enables password store with the pass-otp extension which allows me to store and generate one-time-passwords.

    -
    -programs.password-store = {
-  enable = true;
-  package = pkgs.pass.withExtensions (exts: [ exts.pass-otp ]);
-};
-
+
      { pkgs, ... }:
+  {
+    programs.password-store = {
+      enable = true;
+      settings = {
+        PASSWORD_STORE_DIR = "$HOME/.local/share/password-store";
+      };
+      package = pkgs.pass.withExtensions (exts: [ exts.pass-otp ]);
+    };
+}
    -

    3.4.11. direnv

    +

    3.4.12. direnv

    Enables direnv, which I use for nearly all of my nix dev flakes.

    -
    -programs.direnv = {
-  enable = true;
-  nix-direnv.enable = true;
-};
-
+
    { ... }:
+{
+  programs.direnv = {
+    enable = true;
+    nix-direnv.enable = true;
+  };
+}
    -

    3.4.12. eza

    +

    3.4.13. eza

    Eza provides me with a better ls command and some other useful aliases.

    -
    -programs.eza = {
-  enable = true;
-  icons = true;
-  git = true;
-  extraOptions = [
-    "-l"
-    "--group-directories-first"
-  ];
-};
-
+
    { ... }:
+{
+  programs.eza = {
+    enable = true;
+    icons = true;
+    git = true;
+    extraOptions = [
+      "-l"
+      "--group-directories-first"
+    ];
+  };
+}
    -

    3.4.13. git

    +

    3.4.14. git

    Here I set up my git config, automatic signing of commits, useful aliases for my ost used commands (for when I am not using Magit) as well as a git template defined in Linking dotfiles.

    -
    -programs.git = {
-  enable = true;
-  aliases = {
-    a = "add";
-    c = "commit";
-    cl = "clone";
-    co = "checkout";
-    b = "branch";
-    i = "init";
-    m = "merge";
-    s = "status";
-    r = "restore";
-    p = "pull";
-    pp = "push";
-  };
-  signing = {
-    key = "0x76FD3810215AE097";
-    signByDefault = true;
-  };
-  userEmail = "leon.schwarzaeugl@gmail.com";
-  userName = "Swarsel";
-  difftastic.enable = true;
-  lfs.enable = true;
-  includes = [
-    {
-      contents = {
-        github = {
-          user = "Swarsel";
+
    { ... }:
+{
+  programs.git = {
+    enable = true;
+    aliases = {
+      a = "add";
+      c = "commit";
+      cl = "clone";
+      co = "checkout";
+      b = "branch";
+      i = "init";
+      m = "merge";
+      s = "status";
+      r = "restore";
+      p = "pull";
+      pp = "push";
+    };
+    signing = {
+      key = "0x76FD3810215AE097";
+      signByDefault = true;
+    };
+    userEmail = "leon.schwarzaeugl@gmail.com";
+    userName = "Swarsel";
+    difftastic.enable = true;
+    lfs.enable = true;
+    includes = [
+      {
+        contents = {
+          github = {
+            user = "Swarsel";
+          };
+          commit = {
+            template = "~/.gitmessage";
+          };
         };
-        commit = {
-          template = "~/.gitmessage";
-        };
-      };
-    }
-  ];
-};
-
+      }
+    ];
+  };
+}
    -

    3.4.14. Fuzzel

    +

    3.4.15. Fuzzel

    Here I only need to set basic layout options - the rest is being managed by stylix.

    -
    -programs.fuzzel = {
-  enable = true;
-  settings = {
-    main = {
-      layer = "overlay";
-      lines = "10";
-      width = "40";
+
    { ... }:
+{
+  programs.fuzzel = {
+    enable = true;
+    settings = {
+      main = {
+        layer = "overlay";
+        lines = "10";
+        width = "40";
+      };
+      border.radius = "0";
     };
-    border.radius = "0";
   };
-};
-
+}
    -

    3.4.15. Starship

    +

    3.4.16. Starship

    Starship makes my zsh look cooler! I have symbols for most programming languages and toolchains, also I build my own powerline.

    -
    -programs.starship = {
-  enable = true;
-  enableZshIntegration = true;
-  settings = {
-    add_newline = false;
-    format = "$character";
-    right_format = "$all";
-    command_timeout = 3000;
+
      { ... }:
+  {
+    programs.starship = {
+      enable = true;
+      enableZshIntegration = true;
+      settings = {
+        add_newline = false;
+        format = "$character";
+        right_format = "$all";
+        command_timeout = 3000;
 
-    directory.substitutions = {
-      "Documents" = "󰈙 ";
-      "Downloads" = " ";
-      "Music" = " ";
-      "Pictures" = " ";
+        directory.substitutions = {
+          "Documents" = "󰈙 ";
+          "Downloads" = " ";
+          "Music" = " ";
+          "Pictures" = " ";
+        };
+
+        git_status = {
+          style = "bg:#394260";
+          format = "[[($all_status$ahead_behind )](fg:#769ff0 bg:#394260)]($style)";
+        };
+
+        character = {
+          success_symbol = "[λ](bold green)";
+          error_symbol = "[λ](bold red)";
+        };
+
+        aws.symbol = "  ";
+        buf.symbol = " ";
+        c.symbol = " ";
+        conda.symbol = " ";
+        dart.symbol = " ";
+        directory.read_only = " 󰌾";
+        docker_context.symbol = " ";
+        elixir.symbol = " ";
+        elm.symbol = " ";
+        fossil_branch.symbol = " ";
+        git_branch.symbol = " ";
+        golang.symbol = " ";
+        guix_shell.symbol = " ";
+        haskell.symbol = " ";
+        haxe.symbol = " ";
+        hg_branch.symbol = " ";
+        hostname.ssh_symbol = " ";
+        java.symbol = " ";
+        julia.symbol = " ";
+        lua.symbol = " ";
+        memory_usage.symbol = "󰍛 ";
+        meson.symbol = "󰔷 ";
+        nim.symbol = "󰆥 ";
+        nix_shell.symbol = " ";
+        nodejs.symbol = " ";
+
+        os.symbols = {
+          Alpaquita = " ";
+          Alpine = " ";
+          Amazon = " ";
+          Android = " ";
+          Arch = " ";
+          Artix = " ";
+          CentOS = " ";
+          Debian = " ";
+          DragonFly = " ";
+          Emscripten = " ";
+          EndeavourOS = " ";
+          Fedora = " ";
+          FreeBSD = " ";
+          Garuda = "󰛓 ";
+          Gentoo = " ";
+          HardenedBSD = "󰞌 ";
+          Illumos = "󰈸 ";
+          Linux = " ";
+          Mabox = " ";
+          Macos = " ";
+          Manjaro = " ";
+          Mariner = " ";
+          MidnightBSD = " ";
+          Mint = " ";
+          NetBSD = " ";
+          NixOS = " ";
+          OpenBSD = "󰈺 ";
+          openSUSE = " ";
+          OracleLinux = "󰌷 ";
+          Pop = " ";
+          Raspbian = " ";
+          Redhat = " ";
+          RedHatEnterprise = " ";
+          Redox = "󰀘 ";
+          Solus = "󰠳 ";
+          SUSE = " ";
+          Ubuntu = " ";
+          Unknown = " ";
+          Windows = "󰍲 ";
+        };
+
+        package.symbol = "󰏗 ";
+        pijul_channel.symbol = " ";
+        python.symbol = " ";
+        rlang.symbol = "󰟔 ";
+        ruby.symbol = " ";
+        rust.symbol = " ";
+        scala.symbol = " ";
+      };
     };
-
-    git_status = {
-      style = "bg:#394260";
-      format = "[[($all_status$ahead_behind )](fg:#769ff0 bg:#394260)]($style)";
-    };
-
-    character = {
-      success_symbol = "[λ](bold green)";
-      error_symbol = "[λ](bold red)";
-    };
-
-    aws.symbol = "  ";
-    buf.symbol = " ";
-    c.symbol = " ";
-    conda.symbol = " ";
-    dart.symbol = " ";
-    directory.read_only = " 󰌾";
-    docker_context.symbol = " ";
-    elixir.symbol = " ";
-    elm.symbol = " ";
-    fossil_branch.symbol = " ";
-    git_branch.symbol = " ";
-    golang.symbol = " ";
-    guix_shell.symbol = " ";
-    haskell.symbol = " ";
-    haxe.symbol = " ";
-    hg_branch.symbol = " ";
-    hostname.ssh_symbol = " ";
-    java.symbol = " ";
-    julia.symbol = " ";
-    lua.symbol = " ";
-    memory_usage.symbol = "󰍛 ";
-    meson.symbol = "󰔷 ";
-    nim.symbol = "󰆥 ";
-    nix_shell.symbol = " ";
-    nodejs.symbol = " ";
-
-    os.symbols = {
-      Alpaquita = " ";
-      Alpine = " ";
-      Amazon = " ";
-      Android = " ";
-      Arch = " ";
-      Artix = " ";
-      CentOS = " ";
-      Debian = " ";
-      DragonFly = " ";
-      Emscripten = " ";
-      EndeavourOS = " ";
-      Fedora = " ";
-      FreeBSD = " ";
-      Garuda = "󰛓 ";
-      Gentoo = " ";
-      HardenedBSD = "󰞌 ";
-      Illumos = "󰈸 ";
-      Linux = " ";
-      Mabox = " ";
-      Macos = " ";
-      Manjaro = " ";
-      Mariner = " ";
-      MidnightBSD = " ";
-      Mint = " ";
-      NetBSD = " ";
-      NixOS = " ";
-      OpenBSD = "󰈺 ";
-      openSUSE = " ";
-      OracleLinux = "󰌷 ";
-      Pop = " ";
-      Raspbian = " ";
-      Redhat = " ";
-      RedHatEnterprise = " ";
-      Redox = "󰀘 ";
-      Solus = "󰠳 ";
-      SUSE = " ";
-      Ubuntu = " ";
-      Unknown = " ";
-      Windows = "󰍲 ";
-    };
-
-    package.symbol = "󰏗 ";
-    pijul_channel.symbol = " ";
-    python.symbol = " ";
-    rlang.symbol = "󰟔 ";
-    ruby.symbol = " ";
-    rust.symbol = " ";
-    scala.symbol = " ";
-  };
-};
-
+}
    -

    3.4.16. Kitty

    +

    3.4.17. Kitty

    Kitty is the terminal emulator of choice for me, it is nice to configure using nix, fast, and has a nice style. @@ -7565,23 +7681,24 @@ The theme is handled by stylix.

    -
    -programs.kitty = {
-  enable = true;
-  keybindings = {
-    "ctrl+shift+left" = "no_op";
-    "ctrl+shift+right" = "no_op";
-    "ctrl+shift+home" = "no_op";
-    "ctrl+shift+end" = "no_op";
+
    { ... }:
+{
+  programs.kitty = {
+    enable = true;
+    keybindings = {
+      "ctrl+shift+left" = "no_op";
+      "ctrl+shift+right" = "no_op";
+      "ctrl+shift+home" = "no_op";
+      "ctrl+shift+end" = "no_op";
+    };
   };
-};
-
+}
    -

    3.4.17. zsh

    +

    3.4.18. zsh

    zsh is the most convenient shell for me and it happens to be super neat to configure within home manager. @@ -7592,62 +7709,63 @@ Here we set some aliases (some of them should be shellApplications instead) as w

    -
    -programs.zsh = {
-  enable = true;
-  shellAliases = {
-    hg = "history | grep";
-    hmswitch = "cd ~/.dotfiles; home-manager --flake .#$(whoami)@$(hostname) switch; cd -;";
-    nswitch = "cd ~/.dotfiles; sudo nixos-rebuild --flake .#$(hostname) switch; cd -;";
-    edithome = "bash ~/.dotfiles/scripts/editor.sh ~/.dotfiles/Nix.org";
-    magit = "emacsclient -nc -e \"(magit-status)\"";
-    config = "git --git-dir=$HOME/.cfg/ --work-tree=$HOME";
-    g = "git";
-    c = "git --git-dir=$HOME/.dotfiles/.git --work-tree=$HOME/.dotfiles/";
-    passpush = "cd ~/.local/share/password-store; git add .; git commit -m 'pass file changes'; git push; cd -;";
-    passpull = "cd ~/.local/share/password-store; git pull; cd -;";
-    hotspot = "nmcli connection up local; nmcli device wifi hotspot;";
-    cd = "z";
-    cdr = "cd \"$( (find /home/swarsel/Documents/GitHub -maxdepth 1 && echo /home/swarsel/.dotfiles) | fzf )\"";
+
    { pkgs, ... }:
+{
+  programs.zsh = {
+    enable = true;
+    shellAliases = {
+      hg = "history | grep";
+      hmswitch = "cd ~/.dotfiles; home-manager --flake .#$(whoami)@$(hostname) switch; cd -;";
+      nswitch = "cd ~/.dotfiles; sudo nixos-rebuild --flake .#$(hostname) switch; cd -;";
+      edithome = "bash ~/.dotfiles/scripts/editor.sh ~/.dotfiles/Nix.org";
+      magit = "emacsclient -nc -e \"(magit-status)\"";
+      config = "git --git-dir=$HOME/.cfg/ --work-tree=$HOME";
+      g = "git";
+      c = "git --git-dir=$HOME/.dotfiles/.git --work-tree=$HOME/.dotfiles/";
+      passpush = "cd ~/.local/share/password-store; git add .; git commit -m 'pass file changes'; git push; cd -;";
+      passpull = "cd ~/.local/share/password-store; git pull; cd -;";
+      hotspot = "nmcli connection up local; nmcli device wifi hotspot;";
+      cd = "z";
+      cdr = "cd \"$( (find /home/swarsel/Documents/GitHub -maxdepth 1 && echo /home/swarsel/.dotfiles) | fzf )\"";
+    };
+    autosuggestion.enable = true;
+    enableCompletion = true;
+    syntaxHighlighting.enable = true;
+    autocd = false;
+    cdpath = [
+      "~/.dotfiles"
+      # "~/Documents/GitHub"
+    ];
+    defaultKeymap = "emacs";
+    dirHashes = {
+      dl = "$HOME/Downloads";
+      gh = "$HOME/Documents/GitHub";
+    };
+    history = {
+      expireDuplicatesFirst = true;
+      path = "$HOME/.histfile";
+      save = 10000;
+      size = 10000;
+    };
+    historySubstringSearch.enable = true;
+    plugins = [
+      {
+        name = "fzf-tab";
+        src = pkgs.zsh-fzf-tab;
+      }
+    ];
+    initExtra = ''
+      bindkey "^[[1;5D" backward-word
+      bindkey "^[[1;5C" forward-word
+    '';
   };
-  autosuggestion.enable = true;
-  enableCompletion = true;
-  syntaxHighlighting.enable = true;
-  autocd = false;
-  cdpath = [
-    "~/.dotfiles"
-    # "~/Documents/GitHub"
-  ];
-  defaultKeymap = "emacs";
-  dirHashes = {
-    dl = "$HOME/Downloads";
-    gh = "$HOME/Documents/GitHub";
-  };
-  history = {
-    expireDuplicatesFirst = true;
-    path = "$HOME/.histfile";
-    save = 10000;
-    size = 10000;
-  };
-  historySubstringSearch.enable = true;
-  plugins = [
-    {
-      name = "fzf-tab";
-      src = pkgs.zsh-fzf-tab;
-    }
-  ];
-  initExtra = ''
-    bindkey "^[[1;5D" backward-word
-    bindkey "^[[1;5C" forward-word
-  '';
-};
-
+}
    -

    3.4.18. Mail

    +

    3.4.19. Mail

    Normally I use 4 mail accounts - here I set them all up. Three of them are Google accounts (sadly), which are a chore to setup. The last is just a sender account that I setup SMTP for here. @@ -7655,9 +7773,14 @@ Normally I use 4 mail accounts - here I set them all up. Three of them are Googl 

    +{ config, ...}:
+{
 programs.mbsync = {
   enable = true;
 };
+services.mbsync = {
+  enable = true;
+};
 # this is needed so that mbsync can use the passwords from sops
 systemd.user.services.mbsync.Unit.After = [ "sops-nix.service" ];
 
@@ -7782,13 +7905,13 @@ accounts.email = {
     };
   };
 };
-
+}
    -

    3.4.19. Home-manager: Emacs

    +

    3.4.20. Home-manager: Emacs

    By using the emacs-overlay NixOS module, I can install all Emacs packages that I want to use right through NixOS. This is done by passing my init.el file to the configuration which will then be parsed upon system rebuild, looking for use-package sections in the Elisp code. Also I define here the style of Emacs that I want to run - I am going with native Wayland Emacs here (emacs-pgtk). All of the nice options such as tree-sitter support are enabled by default, so I do not need to adjust the build process. @@ -7799,59 +7922,66 @@ Lastly, I am defining some more packages here that the parser has problems findi

    -
    -# enable emacs overlay for bleeding edge features
-# also read init.el file and install use-package packages
-programs.emacs = {
-  enable = true;
-  package = pkgs.emacsWithPackagesFromUsePackage {
-    config = ../../programs/emacs/init.el;
-    package = pkgs.emacs-pgtk;
-    alwaysEnsure = true;
-    alwaysTangle = true;
-    extraEmacsPackages = epkgs: [
-      epkgs.mu4e
-      epkgs.use-package
-      # epkgs.lsp-bridge
-      epkgs.doom-themes
+
    { pkgs, ... }:
+{
+  # enable emacs overlay for bleeding edge features
+  # also read init.el file and install use-package packages
+  programs.emacs = {
+    enable = true;
+    package = pkgs.emacsWithPackagesFromUsePackage {
+      config = ../../../programs/emacs/init.el;
+      package = pkgs.emacs-pgtk;
+      alwaysEnsure = true;
+      alwaysTangle = true;
+      extraEmacsPackages = epkgs: [
+        epkgs.mu4e
+        epkgs.use-package
+        # epkgs.lsp-bridge
+        epkgs.doom-themes
 
-      # build the rest of the packages myself
-      # org-calfw is severely outdated on MELPA and throws many warnings on emacs startup
-      # build the package from the haji-ali fork, which is well-maintained
-      (epkgs.trivialBuild rec {
-        pname = "calfw";
-        version = "1.0.0-20231002";
-        src = pkgs.fetchFromGitHub {
-          owner = "haji-ali";
-          repo = "emacs-calfw";
-          rev = "bc99afee611690f85f0cd0bd33300f3385ddd3d3";
-          hash = "sha256-0xMII1KJhTBgQ57tXJks0ZFYMXIanrOl9XyqVmu7a7Y=";
-        };
-        packageRequires = [ epkgs.howm ];
-      })
+        # build the rest of the packages myself
+        # org-calfw is severely outdated on MELPA and throws many warnings on emacs startup
+        # build the package from the haji-ali fork, which is well-maintained
+        (epkgs.trivialBuild rec {
+          pname = "calfw";
+          version = "1.0.0-20231002";
+          src = pkgs.fetchFromGitHub {
+            owner = "haji-ali";
+            repo = "emacs-calfw";
+            rev = "bc99afee611690f85f0cd0bd33300f3385ddd3d3";
+            hash = "sha256-0xMII1KJhTBgQ57tXJks0ZFYMXIanrOl9XyqVmu7a7Y=";
+          };
+          packageRequires = [ epkgs.howm ];
+        })
 
-      (epkgs.trivialBuild rec {
-        pname = "fast-scroll";
-        version = "1.0.0-20191016";
-        src = pkgs.fetchFromGitHub {
-          owner = "ahungry";
-          repo = "fast-scroll";
-          rev = "3f6ca0d5556fe9795b74714304564f2295dcfa24";
-          hash = "sha256-w1wmJW7YwXyjvXJOWdN2+k+QmhXr4IflES/c2bCX3CI=";
-        };
-        packageRequires = [ ];
-      })
+        (epkgs.trivialBuild rec {
+          pname = "fast-scroll";
+          version = "1.0.0-20191016";
+          src = pkgs.fetchFromGitHub {
+            owner = "ahungry";
+            repo = "fast-scroll";
+            rev = "3f6ca0d5556fe9795b74714304564f2295dcfa24";
+            hash = "sha256-w1wmJW7YwXyjvXJOWdN2+k+QmhXr4IflES/c2bCX3CI=";
+          };
+          packageRequires = [ ];
+        })
 
-    ];
+      ];
+    };
   };
-};
 
+  services.emacs = {
+    enable = true;
+    # socketActivation.enable = false;
+    # startWithUserSession = "graphical";
+  };
+}
    -

    3.4.20. Waybar

    +

    3.4.21. Waybar

    Again I am just using the first bar option here that I was able to find good understandable documentation for. Of note is that the `cpu` section's `format` is not defined here, but in section 1 (since not every machine has the same number of cores) @@ -7867,6 +7997,8 @@ The rest of this configuration is found here: 

    +{ ... }:
+{
 programs.waybar = {
 
   enable = true;
@@ -8055,15 +8187,15 @@ programs.waybar = {
       };
     };
   };
-  style = builtins.readFile ../../programs/waybar/style.css;
+  style = builtins.readFile ../../../programs/waybar/style.css;
 };
-
+}
    -

    3.4.21. Firefox

    +

    3.4.22. Firefox

    Setting up firefox along with some policies that are important to me (mostly disabling telemetry related stuff as well as Pocket). I also enable some integrations that enable super useful packages, namely tridactyl and browserpass. @@ -8082,109 +8214,110 @@ I used to build the firefox addon bypass-paywalls-clean myself here

    -
    -programs.firefox = {
-  enable = true;
-  package = pkgs.firefox.override {
-    nativeMessagingHosts = [
-      pkgs.tridactyl-native
-      pkgs.browserpass
-      pkgs.plasma5Packages.plasma-browser-integration
-    ];
-  };
-  policies = {
-    CaptivePortal = false;
-    DisableFirefoxStudies = true;
-    DisablePocket = true;
-    DisableTelemetry = true;
-    DisableFirefoxAccounts = false;
-    NoDefaultBookmarks = true;
-    OfferToSaveLogins = false;
-    OfferToSaveLoginsDefault = false;
-    EnableTrackingProtection = true;
-  };
-  profiles.default = {
-    isDefault = true;
-    userChrome = builtins.readFile ../../programs/firefox/chrome/userChrome.css;
-    extensions = with pkgs.nur.repos.rycee.firefox-addons; [
-      tridactyl
-      browserpass
-      clearurls
-      darkreader
-      enhancer-for-youtube
-      istilldontcareaboutcookies
-      translate-web-pages
-      ublock-origin
-      reddit-enhancement-suite
-      pushbullet
-      sponsorblock
-      web-archives
-      single-file
-      widegithub
-      enhanced-github
-      unpaywall
-      don-t-fuck-with-paste
-      plasma-integration
-    ];
-
-    search.engines = {
-      "Nix Packages" = {
-        urls = [{
-          template = "https://search.nixos.org/packages";
-          params = [
-            { name = "type"; value = "packages"; }
-            { name = "query"; value = "{searchTerms}"; }
-          ];
-        }];
-        icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg";
-        definedAliases = [ "@np" ];
-      };
-
-      "NixOS Wiki" = {
-        urls = [{
-          template = "https://nixos.wiki/index.php?search={searchTerms}";
-        }];
-        iconUpdateURL = "https://nixos.wiki/favicon.png";
-        updateInterval = 24 * 60 * 60 * 1000; # every day
-        definedAliases = [ "@nw" ];
-      };
-
-      "NixOS Options" = {
-        urls = [{
-          template = "https://search.nixos.org/options";
-          params = [
-            { name = "query"; value = "{searchTerms}"; }
-          ];
-        }];
-
-        icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg";
-        definedAliases = [ "@no" ];
-      };
-
-      "Home Manager Options" = {
-        urls = [{
-          template = "https://home-manager-options.extranix.com/";
-          params = [
-            { name = "query"; value = "{searchTerms}"; }
-          ];
-        }];
-
-        icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg";
-        definedAliases = [ "@hm" "@ho" "@hmo" ];
-      };
-
-      "Google".metaData.alias = "@g";
+
    { pkgs, ... }:
+{
+  programs.firefox = {
+    enable = true;
+    package = pkgs.firefox.override {
+      nativeMessagingHosts = [
+        pkgs.tridactyl-native
+        pkgs.browserpass
+        pkgs.plasma5Packages.plasma-browser-integration
+      ];
     };
-    search.force = true; # this is required because otherwise the search.json.mozlz4 symlink gets replaced on every firefox restart
-  };
-};
+    policies = {
+      CaptivePortal = false;
+      DisableFirefoxStudies = true;
+      DisablePocket = true;
+      DisableTelemetry = true;
+      DisableFirefoxAccounts = false;
+      NoDefaultBookmarks = true;
+      OfferToSaveLogins = false;
+      OfferToSaveLoginsDefault = false;
+      EnableTrackingProtection = true;
+    };
+    profiles.default = {
+      isDefault = true;
+      userChrome = builtins.readFile ../../../programs/firefox/chrome/userChrome.css;
+      extensions = with pkgs.nur.repos.rycee.firefox-addons; [
+        tridactyl
+        browserpass
+        clearurls
+        darkreader
+        enhancer-for-youtube
+        istilldontcareaboutcookies
+        translate-web-pages
+        ublock-origin
+        reddit-enhancement-suite
+        pushbullet
+        sponsorblock
+        web-archives
+        single-file
+        widegithub
+        enhanced-github
+        unpaywall
+        don-t-fuck-with-paste
+        plasma-integration
+      ];
 
+      search.engines = {
+        "Nix Packages" = {
+          urls = [{
+            template = "https://search.nixos.org/packages";
+            params = [
+              { name = "type"; value = "packages"; }
+              { name = "query"; value = "{searchTerms}"; }
+            ];
+          }];
+          icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg";
+          definedAliases = [ "@np" ];
+        };
+
+        "NixOS Wiki" = {
+          urls = [{
+            template = "https://nixos.wiki/index.php?search={searchTerms}";
+          }];
+          iconUpdateURL = "https://nixos.wiki/favicon.png";
+          updateInterval = 24 * 60 * 60 * 1000; # every day
+          definedAliases = [ "@nw" ];
+        };
+
+        "NixOS Options" = {
+          urls = [{
+            template = "https://search.nixos.org/options";
+            params = [
+              { name = "query"; value = "{searchTerms}"; }
+            ];
+          }];
+
+          icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg";
+          definedAliases = [ "@no" ];
+        };
+
+        "Home Manager Options" = {
+          urls = [{
+            template = "https://home-manager-options.extranix.com/";
+            params = [
+              { name = "query"; value = "{searchTerms}"; }
+            ];
+          }];
+
+          icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg";
+          definedAliases = [ "@hm" "@ho" "@hmo" ];
+        };
+
+        "Google".metaData.alias = "@g";
+      };
+      search.force = true; # this is required because otherwise the search.json.mozlz4 symlink gets replaced on every firefox restart
+    };
+  };
+}
    -

    3.4.22. Services

    +

    3.4.23. Services

    Services that can be defined through home-manager should be defined here. @@ -8199,26 +8332,12 @@ Used for storing sessions in e.g. Nextcloud 

    +{ ... }:
+{
 services.gnome-keyring = {
   enable = true;
 };
-
-
    -
    -
    - -
  • mbsync
    -
    -

    -Used for syncing mail. This might be automatically enabled by my mail configuration, but I like to make sure. -

    - -
    -
    -services.mbsync = {
-  enable = true;
-};
-
+}
    @@ -8230,48 +8349,13 @@ This enables phone/computer communication, including sending clipboard, files et

    -
    -services.kdeconnect = {
-  enable = true;
-  indicator = true;
-};
-
-
    -
    -
    • - -
  • syncthing
    -
    -

    -Enables the syncthing service which talks to my syncthing instance on the Oracle cloud as well as my home server. -

    - -
    -
    -services.syncthing = {
-  enable = false;
-  tray = {
-    enable = false; # we enable this by installing the syncthingtray package instead, it works better.
+
    { ... }:
+{
+  services.kdeconnect = {
+    enable = true;
+    indicator = true;
   };
-};
-
-
    
-
    -
    -
    • -
  • Emacs server
    -
    -

    -This enables the Emacs server. This allows me to invocate Emacs by using emacsclient instead, which is a lot faster. -

    - -
    -
    -services.emacs = {
-  enable = true;
-  # socketActivation.enable = false;
-  # startWithUserSession = "graphical";
-};
+}
    @@ -8287,35 +8371,36 @@ The `extraConfig` section here CANNOT be reindented. This has something to do wi

    -
    -services.mako = {
-  enable = true;
-  # backgroundColor = "#2e3440";
-  # borderColor = "#88c0d0";
-  borderRadius = 15;
-  borderSize = 1;
-  defaultTimeout = 5000;
-  height = 150;
-  icons = true;
-  ignoreTimeout = true;
-  layer = "overlay";
-  maxIconSize = 64;
-  sort = "-time";
-  width = 300;
-  # font = "monospace 10";
-  extraConfig = "[urgency=low]
-border-color=#cccccc
-[urgency=normal]
-border-color=#d08770
-[urgency=high]
-border-color=#bf616a
-default-timeout=3000
-[category=mpd]
-default-timeout=2000
-group-by=category
-";
-};
-
+
      { ... }:
+  {
+    services.mako = {
+      enable = true;
+      # backgroundColor = "#2e3440";
+      # borderColor = "#88c0d0";
+      borderRadius = 15;
+      borderSize = 1;
+      defaultTimeout = 5000;
+      height = 150;
+      icons = true;
+      ignoreTimeout = true;
+      layer = "overlay";
+      maxIconSize = 64;
+      sort = "-time";
+      width = 300;
+      # font = "monospace 10";
+      extraConfig = "[urgency=low]
+    border-color=#cccccc
+    [urgency=normal]
+    border-color=#d08770
+    [urgency=high]
+    border-color=#bf616a
+    default-timeout=3000
+    [category=mpd]
+    default-timeout=2000
+    group-by=category
+    ";
+    };
+}
    • @@ -8323,7 +8408,7 @@ group-by=category
    -

    3.4.23. Sway

    +

    3.4.24. Sway

    I am currently using SwayFX, which adds some nice effects to sway, like rounded corners and hiding the separator between title and content of a window. @@ -8334,309 +8419,288 @@ Currently, I am too lazy to explain every option here, but most of it is very se

    -
    -wayland.windowManager.sway = {
-  enable = true;
-  checkConfig = false; # delete this line once SwayFX is fixed upstream
-  package = pkgs.swayfx;
-  systemd = {
+
    { config, pkgs, ... }:
+{
+  wayland.windowManager.sway = {
     enable = true;
-    xdgAutostart = true;
-  };
-  wrapperFeatures.gtk = true;
-  config = rec {
-    modifier = "Mod4";
-    terminal = "kitty";
-    menu = "fuzzel";
-    bars = [{ command = "waybar"; }];
-    keybindings =
+    checkConfig = false; # delete this line once SwayFX is fixed upstream
+    package = pkgs.swayfx;
+    systemd = {
+      enable = true;
+      xdgAutostart = true;
+    };
+    wrapperFeatures.gtk = true;
+    config = rec {
+      modifier = "Mod4";
+      terminal = "kitty";
+      menu = "fuzzel";
+      bars = [{ command = "waybar"; }];
+      keybindings =
+        let
+          inherit (config.wayland.windowManager.sway.config) modifier;
+        in
+        {
+          "${modifier}+q" = "kill";
+          "${modifier}+f" = "exec firefox";
+          "${modifier}+Space" = "exec fuzzel";
+          "${modifier}+Shift+Space" = "floating toggle";
+          "${modifier}+e" = "exec emacsclient -nquc -a emacs -e \"(dashboard-open)\"";
+          "${modifier}+Shift+m" = "exec emacsclient -nquc -a emacs -e \"(mu4e)\"";
+          "${modifier}+Shift+c" = "exec emacsclient -nquc -a emacs -e \"(swarsel/open-calendar)\"";
+          "${modifier}+Shift+s" = "exec \"bash ~/.dotfiles/scripts/checkspotify.sh\"";
+          "${modifier}+m" = "exec \"bash ~/.dotfiles/scripts/checkspotifytui.sh\"";
+          "${modifier}+x" = "exec \"bash ~/.dotfiles/scripts/checkkitty.sh\"";
+          "${modifier}+d" = "exec \"bash ~/.dotfiles/scripts/checkdiscord.sh\"";
+          "${modifier}+Shift+r" = "exec \"bash ~/.dotfiles/scripts/restart.sh\"";
+          "${modifier}+Shift+t" = "exec \"bash ~/.dotfiles/scripts/toggle_opacity.sh\"";
+          "${modifier}+Shift+F12" = "move scratchpad";
+          "${modifier}+F12" = "scratchpad show";
+          "${modifier}+c" = "exec qalculate-gtk";
+          "${modifier}+p" = "exec pass-fuzzel";
+          "${modifier}+o" = "exec pass-fuzzel-otp";
+          "${modifier}+Shift+p" = "exec pass-fuzzel --type";
+          "${modifier}+Shift+o" = "exec pass-fuzzel-otp --type";
+          "${modifier}+Escape" = "mode $exit";
+          # "${modifier}+Shift+Escape" = "exec com.github.stsdc.monitor";
+          "${modifier}+Shift+Escape" = "exec kitty -o confirm_os_window_close=0 btm";
+          "${modifier}+s" = "exec grim -g \"$(slurp)\" -t png - | wl-copy -t image/png";
+          "${modifier}+i" = "exec \"bash ~/.dotfiles/scripts/startup.sh\"";
+          "${modifier}+1" = "workspace 1:一";
+          "${modifier}+Shift+1" = "move container to workspace 1:一";
+          "${modifier}+2" = "workspace 2:二";
+          "${modifier}+Shift+2" = "move container to workspace 2:二";
+          "${modifier}+3" = "workspace 3:三";
+          "${modifier}+Shift+3" = "move container to workspace 3:三";
+          "${modifier}+4" = "workspace 4:四";
+          "${modifier}+Shift+4" = "move container to workspace 4:四";
+          "${modifier}+5" = "workspace 5:五";
+          "${modifier}+Shift+5" = "move container to workspace 5:五";
+          "${modifier}+6" = "workspace 6:六";
+          "${modifier}+Shift+6" = "move container to workspace 6:六";
+          "${modifier}+7" = "workspace 7:七";
+          "${modifier}+Shift+7" = "move container to workspace 7:七";
+          "${modifier}+8" = "workspace 8:八";
+          "${modifier}+Shift+8" = "move container to workspace 8:八";
+          "${modifier}+9" = "workspace 9:九";
+          "${modifier}+Shift+9" = "move container to workspace 9:九";
+          "${modifier}+0" = "workspace 10:十";
+          "${modifier}+Shift+0" = "move container to workspace 10:十";
+          "XF86AudioRaiseVolume" = "exec pactl set-sink-volume @DEFAULT_SINK@ +5%";
+          "XF86AudioLowerVolume" = "exec pactl set-sink-volume @DEFAULT_SINK@ -5%";
+          "${modifier}+Left" = "focus left";
+          "${modifier}+Right" = "focus right";
+          "${modifier}+Down" = "focus down";
+          "${modifier}+Up" = "focus up";
+          "${modifier}+Shift+Left" = "move left 40px";
+          "${modifier}+Shift+Right" = "move right 40px";
+          "${modifier}+Shift+Down" = "move down 40px";
+          "${modifier}+Shift+Up" = "move up 40px";
+          "${modifier}+h" = "focus left";
+          "${modifier}+l" = "focus right";
+          "${modifier}+j" = "focus down";
+          "${modifier}+k" = "focus up";
+          "${modifier}+Shift+h" = "move left 40px";
+          "${modifier}+Shift+l" = "move right 40px";
+          "${modifier}+Shift+j" = "move down 40px";
+          "${modifier}+Shift+k" = "move up 40px";
+          "${modifier}+Ctrl+Shift+c" = "reload";
+          "${modifier}+Shift+e" = "exec swaynag -t warning -m 'You pressed the exit shortcut. Do you really want to exit sway? This will end your Wayland session.' -b 'Yes, exit sway' 'swaymsg exit'";
+          "${modifier}+r" = "mode resize";
+          "${modifier}+Return" = "exec kitty";
+        };
+      modes = {
+        resize = {
+          Down = "resize grow height 10 px or 10 ppt";
+          Escape = "mode default";
+          Left = "resize shrink width 10 px or 10 ppt";
+          Return = "mode default";
+          Right = "resize grow width 10 px or 10 ppt";
+          Up = "resize shrink height 10 px or 10 ppt";
+        };
+      };
+      defaultWorkspace = "workspace 1:一";
+      startup = [
+        { command = "kitty -T kittyterm"; }
+        { command = "sleep 60; kitty -T spotifytui -o confirm_os_window_close=0 spotify_player"; }
+      ];
+      window = {
+        border = 1;
+        titlebar = false;
+      };
+      assigns = {
+        "1:一" = [{ app_id = "firefox"; }];
+      };
+      floating = {
+        border = 1;
+        criteria = [
+          { title = "^Picture-in-Picture$"; }
+          { app_id = "qalculate-gtk"; }
+          { app_id = "org.gnome.clocks"; }
+          { app_id = "com.github.stsdc.monitor"; }
+          { app_id = "blueman"; }
+          { app_id = "pavucontrol"; }
+          { app_id = "syncthingtray"; }
+          { title = "Syncthing Tray"; }
+          { app_id = "SchildiChat"; }
+          { app_id = "Element"; }
+          { app_id = "com.nextcloud.desktopclient.nextcloud"; }
+          { app_id = "gnome-system-monitor"; }
+          { title = "(?:Open|Save) (?:File|Folder|As)"; }
+          { title = "^Add$"; }
+          { title = "com-jgoodies-jdiskreport-JDiskReport"; }
+          { app_id = "discord"; }
+          { window_role = "pop-up"; }
+          { window_role = "bubble"; }
+          { window_role = "dialog"; }
+          { window_role = "task_dialog"; }
+          { window_role = "menu"; }
+          { window_role = "Preferences"; }
+        ];
+        titlebar = false;
+      };
+      window = {
+        commands = [
+          {
+            command = "opacity 0.95";
+            criteria = {
+              class = ".*";
+            };
+          }
+          {
+            command = "opacity 1";
+            criteria = {
+              app_id = "Gimp-2.10";
+            };
+          }
+          {
+            command = "opacity 0.99";
+            criteria = {
+              app_id = "firefox";
+            };
+          }
+          {
+            command = "sticky enable, shadows enable";
+            criteria = {
+              title = "^Picture-in-Picture$";
+            };
+          }
+          {
+            command = "opacity 0.8, sticky enable, border normal, move container to scratchpad";
+            criteria = {
+              title = "^kittyterm$";
+            };
+          }
+          {
+            command = "opacity 0.95, sticky enable, border normal, move container to scratchpad";
+            criteria = {
+              title = "^spotifytui$";
+            };
+          }
+          # {
+          #   command = "resize set width 60 ppt height 60 ppt, sticky enable, move container to scratchpad";
+          #   criteria = {
+          #     app_id="^$";
+          #     class="^$";
+          # };
+          # }
+          {
+
+            command = "resize set width 60 ppt height 60 ppt, sticky enable, move container to scratchpad";
+            criteria = {
+              class = "Spotify";
+            };
+          }
+          {
+            command = "sticky enable";
+            criteria = {
+              app_id = "discord";
+            };
+          }
+          {
+            command = "resize set width 60 ppt height 60 ppt, sticky enable";
+            criteria = {
+              class = "Element";
+            };
+          }
+          {
+            command = "resize set width 60 ppt height 60 ppt, sticky enable";
+            criteria = {
+              app_id = "SchildiChat";
+            };
+          }
+        ];
+      };
+      gaps = {
+        inner = 5;
+      };
+    };
+    extraSessionCommands = ''
+      export SDL_VIDEODRIVER=wayland
+      export QT_QPA_PLATFORM=wayland
+      export QT_WAYLAND_DISABLE_WINDOWDECORATION="1"
+      export _JAVA_AWT_WM_NONREPARENTING=1
+      export XDG_CURRENT_DESKTOP=sway
+      export XDG_SESSION_DESKTOP=sway
+      export QTWEBENGINE_CHROMIUM_FLAGS="--no-sandbox";
+      export ANKI_WAYLAND=1;
+      export OBSIDIAN_USE_WAYLAND=1;
+    '';
+    # extraConfigEarly = "
+    # exec systemctl --user import-environment DISPLAY WAYLAND_DISPLAY SWAYSOCK
+    # exec hash dbus-update-activation-environment 2>/dev/null && dbus-update-activation-environment --systemd DISPLAY WAYLAND_DISPLAY SWAYSOCK
+    # ";
+    extraConfig =
       let
         inherit (config.wayland.windowManager.sway.config) modifier;
-      in
-      {
-        "${modifier}+q" = "kill";
-        "${modifier}+f" = "exec firefox";
-        "${modifier}+Space" = "exec fuzzel";
-        "${modifier}+Shift+Space" = "floating toggle";
-        "${modifier}+e" = "exec emacsclient -nquc -a emacs -e \"(dashboard-open)\"";
-        "${modifier}+Shift+m" = "exec emacsclient -nquc -a emacs -e \"(mu4e)\"";
-        "${modifier}+Shift+c" = "exec emacsclient -nquc -a emacs -e \"(swarsel/open-calendar)\"";
-        "${modifier}+Shift+s" = "exec \"bash ~/.dotfiles/scripts/checkspotify.sh\"";
-        "${modifier}+m" = "exec \"bash ~/.dotfiles/scripts/checkspotifytui.sh\"";
-        "${modifier}+x" = "exec \"bash ~/.dotfiles/scripts/checkkitty.sh\"";
-        "${modifier}+d" = "exec \"bash ~/.dotfiles/scripts/checkdiscord.sh\"";
-        "${modifier}+Shift+r" = "exec \"bash ~/.dotfiles/scripts/restart.sh\"";
-        "${modifier}+Shift+t" = "exec \"bash ~/.dotfiles/scripts/toggle_opacity.sh\"";
-        "${modifier}+Shift+F12" = "move scratchpad";
-        "${modifier}+F12" = "scratchpad show";
-        "${modifier}+c" = "exec qalculate-gtk";
-        "${modifier}+p" = "exec pass-fuzzel";
-        "${modifier}+o" = "exec pass-fuzzel-otp";
-        "${modifier}+Shift+p" = "exec pass-fuzzel --type";
-        "${modifier}+Shift+o" = "exec pass-fuzzel-otp --type";
-        "${modifier}+Escape" = "mode $exit";
-        # "${modifier}+Shift+Escape" = "exec com.github.stsdc.monitor";
-        "${modifier}+Shift+Escape" = "exec kitty -o confirm_os_window_close=0 btm";
-        "${modifier}+s" = "exec grim -g \"$(slurp)\" -t png - | wl-copy -t image/png";
-        "${modifier}+i" = "exec \"bash ~/.dotfiles/scripts/startup.sh\"";
-        "${modifier}+1" = "workspace 1:一";
-        "${modifier}+Shift+1" = "move container to workspace 1:一";
-        "${modifier}+2" = "workspace 2:二";
-        "${modifier}+Shift+2" = "move container to workspace 2:二";
-        "${modifier}+3" = "workspace 3:三";
-        "${modifier}+Shift+3" = "move container to workspace 3:三";
-        "${modifier}+4" = "workspace 4:四";
-        "${modifier}+Shift+4" = "move container to workspace 4:四";
-        "${modifier}+5" = "workspace 5:五";
-        "${modifier}+Shift+5" = "move container to workspace 5:五";
-        "${modifier}+6" = "workspace 6:六";
-        "${modifier}+Shift+6" = "move container to workspace 6:六";
-        "${modifier}+7" = "workspace 7:七";
-        "${modifier}+Shift+7" = "move container to workspace 7:七";
-        "${modifier}+8" = "workspace 8:八";
-        "${modifier}+Shift+8" = "move container to workspace 8:八";
-        "${modifier}+9" = "workspace 9:九";
-        "${modifier}+Shift+9" = "move container to workspace 9:九";
-        "${modifier}+0" = "workspace 10:十";
-        "${modifier}+Shift+0" = "move container to workspace 10:十";
-        "XF86AudioRaiseVolume" = "exec pactl set-sink-volume @DEFAULT_SINK@ +5%";
-        "XF86AudioLowerVolume" = "exec pactl set-sink-volume @DEFAULT_SINK@ -5%";
-        "${modifier}+Left" = "focus left";
-        "${modifier}+Right" = "focus right";
-        "${modifier}+Down" = "focus down";
-        "${modifier}+Up" = "focus up";
-        "${modifier}+Shift+Left" = "move left 40px";
-        "${modifier}+Shift+Right" = "move right 40px";
-        "${modifier}+Shift+Down" = "move down 40px";
-        "${modifier}+Shift+Up" = "move up 40px";
-        "${modifier}+h" = "focus left";
-        "${modifier}+l" = "focus right";
-        "${modifier}+j" = "focus down";
-        "${modifier}+k" = "focus up";
-        "${modifier}+Shift+h" = "move left 40px";
-        "${modifier}+Shift+l" = "move right 40px";
-        "${modifier}+Shift+j" = "move down 40px";
-        "${modifier}+Shift+k" = "move up 40px";
-        "${modifier}+Ctrl+Shift+c" = "reload";
-        "${modifier}+Shift+e" = "exec swaynag -t warning -m 'You pressed the exit shortcut. Do you really want to exit sway? This will end your Wayland session.' -b 'Yes, exit sway' 'swaymsg exit'";
-        "${modifier}+r" = "mode resize";
-        "${modifier}+Return" = "exec kitty";
-      };
-    modes = {
-      resize = {
-        Down = "resize grow height 10 px or 10 ppt";
-        Escape = "mode default";
-        Left = "resize shrink width 10 px or 10 ppt";
-        Return = "mode default";
-        Right = "resize grow width 10 px or 10 ppt";
-        Up = "resize shrink height 10 px or 10 ppt";
-      };
-    };
-    defaultWorkspace = "workspace 1:一";
-    startup = [
-      { command = "kitty -T kittyterm"; }
-      { command = "sleep 60; kitty -T spotifytui -o confirm_os_window_close=0 spotify_player"; }
-    ];
-    window = {
-      border = 1;
-      titlebar = false;
-    };
-    assigns = {
-      "1:一" = [{ app_id = "firefox"; }];
-    };
-    floating = {
-      border = 1;
-      criteria = [
-        { title = "^Picture-in-Picture$"; }
-        { app_id = "qalculate-gtk"; }
-        { app_id = "org.gnome.clocks"; }
-        { app_id = "com.github.stsdc.monitor"; }
-        { app_id = "blueman"; }
-        { app_id = "pavucontrol"; }
-        { app_id = "syncthingtray"; }
-        { title = "Syncthing Tray"; }
-        { app_id = "SchildiChat"; }
-        { app_id = "Element"; }
-        { app_id = "com.nextcloud.desktopclient.nextcloud"; }
-        { app_id = "gnome-system-monitor"; }
-        { title = "(?:Open|Save) (?:File|Folder|As)"; }
-        { title = "^Add$"; }
-        { title = "com-jgoodies-jdiskreport-JDiskReport"; }
-        { app_id = "discord"; }
-        { window_role = "pop-up"; }
-        { window_role = "bubble"; }
-        { window_role = "dialog"; }
-        { window_role = "task_dialog"; }
-        { window_role = "menu"; }
-        { window_role = "Preferences"; }
-      ];
-      titlebar = false;
-    };
-    window = {
-      commands = [
-        {
-          command = "opacity 0.95";
-          criteria = {
-            class = ".*";
-          };
-        }
-        {
-          command = "opacity 1";
-          criteria = {
-            app_id = "Gimp-2.10";
-          };
-        }
-        {
-          command = "opacity 0.99";
-          criteria = {
-            app_id = "firefox";
-          };
-        }
-        {
-          command = "sticky enable, shadows enable";
-          criteria = {
-            title = "^Picture-in-Picture$";
-          };
-        }
-        {
-          command = "opacity 0.8, sticky enable, border normal, move container to scratchpad";
-          criteria = {
-            title = "^kittyterm$";
-          };
-        }
-        {
-          command = "opacity 0.95, sticky enable, border normal, move container to scratchpad";
-          criteria = {
-            title = "^spotifytui$";
-          };
-        }
-        # {
-        #   command = "resize set width 60 ppt height 60 ppt, sticky enable, move container to scratchpad";
-        #   criteria = {
-        #     app_id="^$";
-        #     class="^$";
-        # };
-        # }
-        {
-
-          command = "resize set width 60 ppt height 60 ppt, sticky enable, move container to scratchpad";
-          criteria = {
-            class = "Spotify";
-          };
-        }
-        {
-          command = "sticky enable";
-          criteria = {
-            app_id = "discord";
-          };
-        }
-        {
-          command = "resize set width 60 ppt height 60 ppt, sticky enable";
-          criteria = {
-            class = "Element";
-          };
-        }
-        {
-          command = "resize set width 60 ppt height 60 ppt, sticky enable";
-          criteria = {
-            app_id = "SchildiChat";
-          };
-        }
-      ];
-    };
-    gaps = {
-      inner = 5;
-    };
-  };
-  extraSessionCommands = ''
-    export SDL_VIDEODRIVER=wayland
-    export QT_QPA_PLATFORM=wayland
-    export QT_WAYLAND_DISABLE_WINDOWDECORATION="1"
-    export _JAVA_AWT_WM_NONREPARENTING=1
-    export XDG_CURRENT_DESKTOP=sway
-    export XDG_SESSION_DESKTOP=sway
-    export QTWEBENGINE_CHROMIUM_FLAGS="--no-sandbox";
-    export ANKI_WAYLAND=1;
-    export OBSIDIAN_USE_WAYLAND=1;
-  '';
-  # extraConfigEarly = "
-  # exec systemctl --user import-environment DISPLAY WAYLAND_DISPLAY SWAYSOCK
-  # exec hash dbus-update-activation-environment 2>/dev/null && dbus-update-activation-environment --systemd DISPLAY WAYLAND_DISPLAY SWAYSOCK
-  # ";
-  extraConfig =
-    let
-      inherit (config.wayland.windowManager.sway.config) modifier;
-      swayfxSettings = "
-        blur enable
-        blur_xray disable
-        blur_passes 1
-        blur_radius 1
-        shadows enable
-        corner_radius 2
-        titlebar_separator disable
-        default_dim_inactive 0.02
-    ";
-    in
-    "
-      exec_always autotiling
-      set $exit \"exit: [s]leep, [p]oweroff, [r]eboot, [l]ogout\"
-      mode $exit {
-
-          bindsym --to-code {
-              s exec \"systemctl suspend\", mode \"default\"
-              p exec \"systemctl poweroff\"
-              r exec \"systemctl reboot\"
-              l exec \"swaymsg exit\"
-
-              Return mode \"default\"
-              Escape mode \"default\"
-              ${modifier}+x mode \"default\"
-          }
-      }
-
-      exec systemctl --user import-environment
-
-      ${swayfxSettings}
-
+        swayfxSettings = "
+          blur enable
+          blur_xray disable
+          blur_passes 1
+          blur_radius 1
+          shadows enable
+          corner_radius 2
+          titlebar_separator disable
+          default_dim_inactive 0.02
       ";
-};
+      in
+      "
+        exec_always autotiling
+        set $exit \"exit: [s]leep, [p]oweroff, [r]eboot, [l]ogout\"
+        mode $exit {
 
+            bindsym --to-code {
+                s exec \"systemctl suspend\", mode \"default\"
+                p exec \"systemctl poweroff\"
+                r exec \"systemctl reboot\"
+                l exec \"swaymsg exit\"
+
+                Return mode \"default\"
+                Escape mode \"default\"
+                ${modifier}+x mode \"default\"
+            }
+        }
+
+        exec systemctl --user import-environment
+
+        ${swayfxSettings}
+
+        ";
+  };
+}
    -

    3.5. flake.nix template and Closing Parenthesis (this needs to be the last heading in the Systems header)

    +

    3.5. flake.nix template

    This sections puts together the flake.nix file from the Noweb-Ref blocks section.

    - -

    -Here we also close the opening parenthesis of modules/common.nix (home-manager) and profiles/common.nix (NixOS): -

    -
    -
    -

    3.5.1. Closing parentheses for common/home.nix and common/nixos.nix

    -
    -
    -
    -}
-
-
    -
    - -
    -
    -}
-
-
    -
    -
    -

    3.5.2. flake.nix

    +

    3.5.1. flake.nix

    This tangles the flake.nix file; This block only needs to be touched when updating the general structure of the flake. For everything else, see the respective noweb-ref block. @@ -8653,6 +8717,8 @@ This tangles the flake.nix file; This block only needs to be touched when updati nixpkgs-stable.url = "github:NixOS/nixpkgs/nixos-24.05"; + systems.url = "github:nix-systems/default-linux"; + # user-level configuration home-manager = { url = "github:nix-community/home-manager"; @@ -8715,57 +8781,53 @@ This tangles the flake.nix file; This block only needs to be touched when updati inputs.nixpkgs.follows = "nixpkgs"; }; + disko = { + url = "github:nix-community/disko"; + inputs.nixpkgs.follows = "nixpkgs"; + }; }; outputs = inputs@{ self , nixpkgs + , home-manager + , systems , ... }: let + inherit (self) outputs; + lib = nixpkgs.lib // home-manager.lib; - forAllSystems = nixpkgs.lib.genAttrs [ - "aarch64-linux" - "i686-linux" - "x86_64-linux" - "aarch64-darwin" - "x86_64-darwin" - ]; + forEachSystem = f: lib.genAttrs (import systems) (system: f pkgsFor.${system}); + pkgsFor = lib.genAttrs (import systems) ( + system: + import nixpkgs { + inherit system; + config.allowUnfree = true; + } + ); # pkgs for home-manager builds homepkgs = import nixpkgs { system = "x86_64-linux"; - overlays = [ emacs-overlay.overlay - nur.overlay - nixgl.overlay - (final: _prev: { - stable = import nixpkgs-stable { - inherit (final) system config; - }; - }) - ]; - config.allowUnfree = true; - }; + overlays = [ inputs.emacs-overlay.overlay + inputs.nur.overlay + inputs.nixgl.overlay + (final: _prev: { + stable = import inputs.nixpkgs-stable { + inherit (final) system config; + }; + }) + ]; + config.allowUnfree = true; + }; # NixOS modules that can only be used on NixOS systems nixModules = [ (_: { nix.extraOptions = "experimental-features = nix-command flakes"; }) - ({ inputs, config, ... }: { - nixpkgs = { - overlays = [ - (import ./overlays { inherit inputs; }).additions - (import ./overlays { inherit inputs; }).modifications - (import ./overlays { inherit inputs; }).nixpkgs-stable - inputs.nur.overlay - inputs.emacs-overlay.overlay - inputs.nixgl.overlay - ]; - config.allowUnfree = true; - }; - }) inputs.stylix.nixosModules.stylix inputs.sops-nix.nixosModules.sops inputs.nswitch-rcm-nix.nixosModules.nswitch-rcm - ./profiles/common/nixos.nix + ./profiles/common/nixos ]; # Home-Manager modules wanted on non-NixOS systems @@ -8777,18 +8839,17 @@ This tangles the flake.nix file; This block only needs to be touched when updati mixedModules = [ inputs.sops-nix.homeManagerModules.sops inputs.nix-index-database.hmModules.nix-index - ./profiles/common/home.nix + ./profiles/common/home ]; in { - packages = forAllSystems (system: - let pkgs = nixpkgs.legacyPackages.${system}; in import ./pkgs { inherit pkgs; }); - devShells = forAllSystems - (system: - let pkgs = nixpkgs.legacyPackages.${system}; - in + inherit lib; + inherit mixedModules; + packages = forEachSystem (pkgs: import ./pkgs { inherit pkgs; }); + devShells = forEachSystem + (pkgs: { default = pkgs.mkShell { # Enable experimental features without having to specify the argument @@ -8796,10 +8857,16 @@ This tangles the flake.nix file; This block only needs to be touched when updati nativeBuildInputs = [ pkgs.nix pkgs.home-manager pkgs.git ]; }; }); - formatter = forAllSystems (system: - let pkgs = nixpkgs.legacyPackages.${system}; - in pkgs.nixpkgs-fmt); - overlays = import ./overlays { inherit inputs; }; + formatter = forEachSystem (pkgs: pkgs.nixpkgs-fmt); + overlays = [ + (import ./overlays { inherit inputs; }).additions + (import ./overlays { inherit inputs; }).modifications + (import ./overlays { inherit inputs; }).nixpkgs-stable + inputs.nur.overlay + inputs.emacs-overlay.overlay + inputs.nixgl.overlay + ]; + # NixOS setups - run home-manager as a NixOS module for better compatibility @@ -8815,6 +8882,8 @@ This tangles the flake.nix file; This block only needs to be touched when updati sandbox = nixpkgs.lib.nixosSystem { specialArgs = { inherit inputs; }; modules = [ + inputs.disko.nixosModules.disko + ./profiles/sandbox/disk-config.nix inputs.sops-nix.nixosModules.sops ./profiles/sandbox/nixos.nix ]; @@ -8834,17 +8903,10 @@ This tangles the flake.nix file; This block only needs to be touched when updati ]; }; - fourside = nixpkgs.lib.nixosSystem { - specialArgs = { inherit inputs; }; - modules = nixModules ++ [ - inputs.nixos-hardware.nixosModules.lenovo-thinkpad-p14s-amd-gen2 - ./profiles/fourside/nixos.nix - inputs.home-manager.nixosModules.home-manager - { - home-manager.users.swarsel.imports = mixedModules ++ [ - ./profiles/fourside/home.nix - ]; - } + fourside = lib.nixosSystem { + specialArgs = { inherit inputs outputs; }; + modules = nixModules ++ [ + ./profiles/fourside ]; }; @@ -9640,7 +9702,7 @@ The standard Emacs behaviour for the Python process shell is a bit annoying. Thi

    -
  • Nix common prefix bracketer
    +
  • Nix common prefix bracketer

    This function searches for common delimiters in region and removes them, summarizing all captured lines by it. @@ -9673,7 +9735,7 @@ This function searches for common delimiters in region and removes them, summari

    • -
  • Nix formatters
    +
  • Nix formatters

    This formats the org code block at point in accordance to the nixpkgs-fmt formatter @@ -11246,8 +11308,8 @@ This adds a rudimentary nix-mode to Emacs. I have not really tried this out, as

    -
    -

    4.4.3. nixpkgs-fmt

    +
    +

    4.4.3. nixpkgs-fmt

    Adds functions for formatting nix code. @@ -13262,7 +13324,7 @@ My laptop, sadly soon to be replaced by a new one, since most basic functions ar

    Author: Leon Schwarzäugl

    -

    Created: 2024-07-21 So 18:21

    +

    Created: 2024-07-23 Di 11:27

    Validate

    diff --git a/pkgs/default.nix b/pkgs/default.nix index 958608a..3d53cd6 100644 --- a/pkgs/default.nix +++ b/pkgs/default.nix @@ -1 +1 @@ -_: { } +_: rec { } diff --git a/profiles/TEMPLATE/nixos.nix b/profiles/TEMPLATE/nixos.nix index 55d3ff3..59097a5 100644 --- a/profiles/TEMPLATE/nixos.nix +++ b/profiles/TEMPLATE/nixos.nix @@ -86,9 +86,9 @@ # Configure keymap in X11 (only used for login) - services.xserver = { + services.xserver.xkb = { layout = "us"; - xkbVariant = "altgr-intl"; + variant = "altgr-intl"; }; users.users.TEMPLATE = { diff --git a/profiles/common/home.nix b/profiles/common/home.nix deleted file mode 100644 index 5971050..0000000 --- a/profiles/common/home.nix +++ /dev/null @@ -1,1546 +0,0 @@ -{ config, pkgs, fetchFromGitHub, ... }: - -{ - home.packages = with pkgs; [ - - # audio stuff - spek # spectrum analyzer - losslessaudiochecker - ffmpeg_5-full - flac - mediainfo - picard-tools - audacity - sox - - # printing - cups - simple-scan - - # dict - (aspellWithDicts (dicts: with dicts; [ de en en-computers en-science ])) - - # utilities - util-linux - nmap - lsof - - # nix - alejandra - nixpkgs-fmt - deadnix - statix - - # local file sharing - wormhole-rs - - # b2 backup @backblaze - restic - - # "big" programs - gimp - inkscape - zoom-us - # nomacs - libreoffice-qt - xournalpp - obsidian - spotify - discord - stable.nextcloud-client - spotify-player - element-desktop-wayland - nicotine-plus - stable.transmission - mktorrent - hexchat - hugo - - # kyria - qmk - qmk-udev-rules - - # games - lutris - wine - libudev-zero - dwarfs - fuse-overlayfs - # steam - # steam-run - patchelf - gamescope - vulkan-tools - moonlight-qt - ns-usbloader - - # firefox related - tridactyl-native - - # mako related - mako - libnotify - - # general utilities - unrar - samba - cifs-utils - zbar # qr codes - readline - autotiling - brightnessctl - libappindicator-gtk3 - sqlite - speechd - networkmanagerapplet - psmisc # kill etc - lm_sensors - # jq # used for searching the i3 tree in check.sh files - - # specifically needed for anki - # mpv - anki-bin - - # dirvish file previews - fd - imagemagick - poppler - ffmpegthumbnailer - mediainfo - gnutar - unzip - - #nautilus - nautilus - xfce.tumbler - libgsf - - # wayland stuff - wtype - wl-clipboard - wl-mirror - - # screenshotting tools - grim - slurp - - # the following packages are used (in some way) by waybar - playerctl - pavucontrol - pamixer - # gnome.gnome-clocks - # wlogout - # jdiskreport - syncthingtray - # monitor - - #keychain - qalculate-gtk - gcr # needed for gnome-secrets to work - seahorse - - # sops-related - sops - ssh-to-age - - # mail related packages - mu - - # latex and related packages - (pkgs.texlive.combine { - inherit (pkgs.texlive) scheme-full - dvisvgm dvipng# for preview and export as html - wrapfig amsmath ulem hyperref capt-of; - }) - - # font stuff - (nerdfonts.override { fonts = [ "FiraMono" "FiraCode" "NerdFontsSymbolsOnly" ]; }) - noto-fonts-emoji - font-awesome_5 - noto-fonts - noto-fonts-cjk-sans - - # cura - ( - let - cura5 = appimageTools.wrapType2 rec { - name = "cura5"; - version = "5.4.0"; - src = fetchurl { - url = "https://github.com/Ultimaker/Cura/releases/download/${version}/UltiMaker-Cura-${version}-linux-modern.AppImage"; - hash = "sha256-QVv7Wkfo082PH6n6rpsB79st2xK2+Np9ivBg/PYZd74="; - }; - extraPkgs = pkgs: with pkgs; [ ]; - }; - in - writeScriptBin "cura" '' - #! ${pkgs.bash}/bin/bash - # AppImage version of Cura loses current working directory and treats all paths relateive to $HOME. - # So we convert each of the files passed as argument to an absolute path. - # This fixes use cases like `cd /path/to/my/files; cura mymodel.stl anothermodel.stl`. - args=() - for a in "$@"; do - if [ -e "$a" ]; then - a="$(realpath "$a")" - fi - args+=("$a") - done - exec "${cura5}/bin/cura5" "''${args[@]}" - '' - ) - - #E: hides scratchpad depending on state, calls emacsclient for edit and then restores the scratchpad state - (pkgs.writeShellScriptBin "e" '' - bash ~/.dotfiles/scripts/editor_nowait.sh "$@" - '') - (pkgs.writeShellScriptBin "timer" '' - sleep "$1"; while true; do spd-say "$2"; sleep 0.5; done; - '') - - (pkgs.writeScriptBin "project" '' - #! ${pkgs.bash}/bin/bash - if [ "$1" == "rust" ]; then - cp ~/.dotfiles/templates/rust_flake.nix ./flake.nix - cp ~/.dotfiles/templates/toolchain.toml . - elif [ "$1" == "cpp" ]; then - cp ~/.dotfiles/templates/cpp_flake.nix ./flake.nix - elif [ "$1" == "python" ]; then - cp ~/.dotfiles/templates/py_flake.nix ./flake.nix - elif [ "$1" == "cuda" ]; then - cp ~/.dotfiles/templates/cu_flake.nix ./flake.nix - elif [ "$1" == "other" ]; then - cp ~/.dotfiles/templates/other_flake.nix ./flake.nix - elif [ "$1" == "latex" ]; then - if [ "$2" == "" ]; then - echo "No filename specified, usage: 'project latex '" - exit 0 - fi - cp ~/.dotfiles/templates/tex_standard.tex ./"$2".tex - exit 0 - else - echo "No valid argument given. Valid arguments are rust cpp python, cuda" - exit 0 - fi - echo "use flake" >> .envrc - direnv allow - '') - - (pkgs.writeShellApplication { - name = "pass-fuzzel"; - runtimeInputs = [ pkgs.pass pkgs.fuzzel ]; - text = '' - shopt -s nullglob globstar - - typeit=0 - if [[ $# -ge 1 && $1 == "--type" ]]; then - typeit=1 - shift - fi - - export PASSWORD_STORE_DIR=~/.local/share/password-store - prefix=''${PASSWORD_STORE_DIR-~/.local/share/password-store} - password_files=( "$prefix"/**/*.gpg ) - password_files=( "''${password_files[@]#"$prefix"/}" ) - password_files=( "''${password_files[@]%.gpg}" ) - - password=$(printf '%s\n' "''${password_files[@]}" | fuzzel --dmenu "$@") - - [[ -n $password ]] || exit - - if [[ $typeit -eq 0 ]]; then - pass show -c "$password" &>/tmp/pass-fuzzel - else - pass show "$password" | { IFS= read -r pass; printf %s "$pass"; } | wtype - - fi - notify-send -u critical -a pass -t 1000 "Copied/Typed Password" - ''; - }) - - (pkgs.writeShellApplication { - name = "pass-fuzzel-otp"; - runtimeInputs = [ pkgs.fuzzel (pkgs.pass.withExtensions (exts: [ exts.pass-otp ])) ]; - text = '' - shopt -s nullglob globstar - - typeit=0 - if [[ $# -ge 1 && $1 == "--type" ]]; then - typeit=1 - shift - fi - - export PASSWORD_STORE_DIR=~/.local/share/password-store - prefix=''${PASSWORD_STORE_DIR-~/.local/share/password-store} - password_files=( "$prefix"/otp/**/*.gpg ) - password_files=( "''${password_files[@]#"$prefix"/}" ) - password_files=( "''${password_files[@]%.gpg}" ) - - password=$(printf '%s\n' "''${password_files[@]}" | fuzzel --dmenu "$@") - - [[ -n $password ]] || exit - - if [[ $typeit -eq 0 ]]; then - pass otp -c "$password" &>/tmp/pass-fuzzel - else - pass otp "$password" | { IFS= read -r pass; printf %s "$pass"; } | wtype - - fi - notify-send -u critical -a pass -t 1000 "Copied/Typed OTPassword" - ''; - }) - - (pkgs.writeShellApplication { - name = "cdw"; - runtimeInputs = [ pkgs.fzf ]; - text = '' - cd "$(git worktree list | fzf | awk '{print $1}')" - ''; - }) - - (pkgs.writeShellApplication { - name = "cdb"; - runtimeInputs = [ pkgs.fzf ]; - text = '' - git checkout "$(git branch --list | grep -v "^\*" | fzf | awk '{print $1}')" - ''; - }) - - (pkgs.writeShellApplication { - name = "bak"; - text = '' - cp "$1"{,.bak} - ''; - }) - - ]; - - sops = { - defaultSopsFile = "${config.home.homeDirectory}/.dotfiles/secrets/general/secrets.yaml"; - validateSopsFiles = false; - secrets = { - mrswarsel = { path = "/run/user/1000/secrets/mrswarsel"; }; - nautilus = { path = "/run/user/1000/secrets/nautilus"; }; - leon = { path = "/run/user/1000/secrets/leon"; }; - swarselmail = { path = "/run/user/1000/secrets/swarselmail"; }; - caldav = { path = "${config.home.homeDirectory}/.emacs.d/.caldav"; }; - }; - }; - - programs.ssh = { - enable = true; - forwardAgent = true; - extraConfig = '' - SetEnv TERM=xterm-256color - ''; - matchBlocks = { - "nginx" = { - hostname = "192.168.1.14"; - user = "root"; - }; - "jellyfin" = { - hostname = "192.168.1.16"; - user = "root"; - }; - "pfsense" = { - hostname = "192.168.1.1"; - user = "root"; - }; - "proxmox" = { - hostname = "192.168.1.2"; - user = "root"; - }; - "transmission" = { - hostname = "192.168.1.6"; - user = "root"; - }; - "fetcher" = { - hostname = "192.168.1.7"; - user = "root"; - }; - "omv" = { - hostname = "192.168.1.3"; - user = "root"; - }; - "webbot" = { - hostname = "192.168.1.11"; - user = "root"; - }; - "nextcloud" = { - hostname = "192.168.1.5"; - user = "root"; - }; - "sound" = { - hostname = "192.168.1.13"; - user = "root"; - }; - "spotify" = { - hostname = "192.168.1.17"; - user = "root"; - }; - "wordpress" = { - hostname = "192.168.1.9"; - user = "root"; - }; - "turn" = { - hostname = "192.168.1.18"; - user = "root"; - }; - "hugo" = { - hostname = "192.168.1.19"; - user = "root"; - }; - "matrix" = { - hostname = "192.168.1.23"; - user = "root"; - }; - "scroll" = { - hostname = "192.168.1.22"; - user = "root"; - }; - "minecraft" = { - hostname = "130.61.119.129"; - user = "opc"; - }; - "sync" = { - hostname = "193.122.53.173"; - user = "root"; #this is a oracle vm server but needs root due to nixos-infect - }; - "songdiver" = { - hostname = "89.168.100.65"; - user = "ubuntu"; - }; - "pkv" = { - hostname = "46.232.248.161"; - user = "root"; - }; - "efficient" = { - hostname = "g0.complang.tuwien.ac.at"; - forwardAgent = true; - user = "ep01427399"; - }; - }; - }; - - stylix.targets.emacs.enable = false; - - xdg.desktopEntries = { - - cura = { - name = "Ultimaker Cura"; - genericName = "Cura"; - exec = "cura"; - terminal = false; - categories = [ "Application" ]; - }; - - anki = { - name = "Anki Flashcards"; - genericName = "Anki"; - exec = "anki"; - terminal = false; - categories = [ "Application" ]; - }; - - # schlidichat = { - # name = "SchildiChat Matrix Client"; - # genericName = "SchildiChat"; - # exec = "schildichat-desktop -enable-features=UseOzonePlatform -ozone-platform=wayland --disable-gpu-driver-bug-workarounds"; - # terminal = false; - # categories = [ "Application"]; - # }; - - element = { - name = "Element Matrix Client"; - genericName = "Element"; - exec = "element-desktop -enable-features=UseOzonePlatform -ozone-platform=wayland --disable-gpu-driver-bug-workarounds"; - terminal = false; - categories = [ "Application" ]; - }; - - emacsclient-newframe = { - name = "Emacs (Client, New Frame)"; - genericName = "Emacs (Client, New Frame)"; - exec = "emacsclient -r %u"; - icon = "emacs"; - terminal = false; - categories = [ "Development" "TextEditor" ]; - }; - - }; - - home.file = { - "init.el" = { - source = ../../programs/emacs/init.el; - target = ".emacs.d/init.el"; - }; - "early-init.el" = { - source = ../../programs/emacs/early-init.el; - target = ".emacs.d/early-init.el"; - }; - # on NixOS, Emacs does not find the aspell dicts easily. Write the configuration manually - ".aspell.conf" = { - source = ../../programs/config/.aspell.conf; - target = ".aspell.conf"; - }; - ".gitmessage" = { - source = ../../programs/git/.gitmessage; - target = ".gitmessage"; - }; - }; - - xdg.configFile = { - "tridactyl/tridactylrc".source = ../../programs/firefox/tridactyl/tridactylrc; - "tridactyl/themes/base16-codeschool.css".source = ../../programs/firefox/tridactyl/themes/base16-codeschool.css; - }; - - home.sessionVariables = { - EDITOR = "bash ~/.dotfiles/scripts/editor.sh"; - }; - - programs = { - bottom.enable = true; - imv.enable = true; - sioyek.enable = true; - bat.enable = true; - carapace.enable = true; - wlogout.enable = true; - swayr.enable = true; - yt-dlp.enable = true; - mpv.enable = true; - jq.enable = true; - ripgrep.enable = true; - pandoc.enable = true; - fzf.enable = true; - zoxide.enable = true; - }; - - programs.nix-index = - let - command-not-found = pkgs.runCommandLocal "command-not-found.sh" { } '' - mkdir -p $out/etc/profile.d - substitute ${../../scripts/command-not-found.sh} \ - $out/etc/profile.d/command-not-found.sh \ - --replace @nix-locate@ ${pkgs.nix-index}/bin/nix-locate \ - --replace @tput@ ${pkgs.ncurses}/bin/tput - ''; - in - { - enable = true; - package = pkgs.symlinkJoin { - name = "nix-index"; - paths = [ command-not-found ]; - }; - }; - - programs.password-store = { - enable = true; - package = pkgs.pass.withExtensions (exts: [ exts.pass-otp ]); - }; - - programs.direnv = { - enable = true; - nix-direnv.enable = true; - }; - - programs.eza = { - enable = true; - icons = true; - git = true; - extraOptions = [ - "-l" - "--group-directories-first" - ]; - }; - - programs.git = { - enable = true; - aliases = { - a = "add"; - c = "commit"; - cl = "clone"; - co = "checkout"; - b = "branch"; - i = "init"; - m = "merge"; - s = "status"; - r = "restore"; - p = "pull"; - pp = "push"; - }; - signing = { - key = "0x76FD3810215AE097"; - signByDefault = true; - }; - userEmail = "leon.schwarzaeugl@gmail.com"; - userName = "Swarsel"; - difftastic.enable = true; - lfs.enable = true; - includes = [ - { - contents = { - github = { - user = "Swarsel"; - }; - commit = { - template = "~/.gitmessage"; - }; - }; - } - ]; - }; - - programs.fuzzel = { - enable = true; - settings = { - main = { - layer = "overlay"; - lines = "10"; - width = "40"; - }; - border.radius = "0"; - }; - }; - - programs.starship = { - enable = true; - enableZshIntegration = true; - settings = { - add_newline = false; - format = "$character"; - right_format = "$all"; - command_timeout = 3000; - - directory.substitutions = { - "Documents" = "󰈙 "; - "Downloads" = " "; - "Music" = " "; - "Pictures" = " "; - }; - - git_status = { - style = "bg:#394260"; - format = "[[($all_status$ahead_behind )](fg:#769ff0 bg:#394260)]($style)"; - }; - - character = { - success_symbol = "[λ](bold green)"; - error_symbol = "[λ](bold red)"; - }; - - aws.symbol = " "; - buf.symbol = " "; - c.symbol = " "; - conda.symbol = " "; - dart.symbol = " "; - directory.read_only = " 󰌾"; - docker_context.symbol = " "; - elixir.symbol = " "; - elm.symbol = " "; - fossil_branch.symbol = " "; - git_branch.symbol = " "; - golang.symbol = " "; - guix_shell.symbol = " "; - haskell.symbol = " "; - haxe.symbol = " "; - hg_branch.symbol = " "; - hostname.ssh_symbol = " "; - java.symbol = " "; - julia.symbol = " "; - lua.symbol = " "; - memory_usage.symbol = "󰍛 "; - meson.symbol = "󰔷 "; - nim.symbol = "󰆥 "; - nix_shell.symbol = " "; - nodejs.symbol = " "; - - os.symbols = { - Alpaquita = " "; - Alpine = " "; - Amazon = " "; - Android = " "; - Arch = " "; - Artix = " "; - CentOS = " "; - Debian = " "; - DragonFly = " "; - Emscripten = " "; - EndeavourOS = " "; - Fedora = " "; - FreeBSD = " "; - Garuda = "󰛓 "; - Gentoo = " "; - HardenedBSD = "󰞌 "; - Illumos = "󰈸 "; - Linux = " "; - Mabox = " "; - Macos = " "; - Manjaro = " "; - Mariner = " "; - MidnightBSD = " "; - Mint = " "; - NetBSD = " "; - NixOS = " "; - OpenBSD = "󰈺 "; - openSUSE = " "; - OracleLinux = "󰌷 "; - Pop = " "; - Raspbian = " "; - Redhat = " "; - RedHatEnterprise = " "; - Redox = "󰀘 "; - Solus = "󰠳 "; - SUSE = " "; - Ubuntu = " "; - Unknown = " "; - Windows = "󰍲 "; - }; - - package.symbol = "󰏗 "; - pijul_channel.symbol = " "; - python.symbol = " "; - rlang.symbol = "󰟔 "; - ruby.symbol = " "; - rust.symbol = " "; - scala.symbol = " "; - }; - }; - - programs.kitty = { - enable = true; - keybindings = { - "ctrl+shift+left" = "no_op"; - "ctrl+shift+right" = "no_op"; - "ctrl+shift+home" = "no_op"; - "ctrl+shift+end" = "no_op"; - }; - }; - - programs.zsh = { - enable = true; - shellAliases = { - hg = "history | grep"; - hmswitch = "cd ~/.dotfiles; home-manager --flake .#$(whoami)@$(hostname) switch; cd -;"; - nswitch = "cd ~/.dotfiles; sudo nixos-rebuild --flake .#$(hostname) switch; cd -;"; - edithome = "bash ~/.dotfiles/scripts/editor.sh ~/.dotfiles/Nix.org"; - magit = "emacsclient -nc -e \"(magit-status)\""; - config = "git --git-dir=$HOME/.cfg/ --work-tree=$HOME"; - g = "git"; - c = "git --git-dir=$HOME/.dotfiles/.git --work-tree=$HOME/.dotfiles/"; - passpush = "cd ~/.local/share/password-store; git add .; git commit -m 'pass file changes'; git push; cd -;"; - passpull = "cd ~/.local/share/password-store; git pull; cd -;"; - hotspot = "nmcli connection up local; nmcli device wifi hotspot;"; - cd = "z"; - cdr = "cd \"$( (find /home/swarsel/Documents/GitHub -maxdepth 1 && echo /home/swarsel/.dotfiles) | fzf )\""; - }; - autosuggestion.enable = true; - enableCompletion = true; - syntaxHighlighting.enable = true; - autocd = false; - cdpath = [ - "~/.dotfiles" - # "~/Documents/GitHub" - ]; - defaultKeymap = "emacs"; - dirHashes = { - dl = "$HOME/Downloads"; - gh = "$HOME/Documents/GitHub"; - }; - history = { - expireDuplicatesFirst = true; - path = "$HOME/.histfile"; - save = 10000; - size = 10000; - }; - historySubstringSearch.enable = true; - plugins = [ - { - name = "fzf-tab"; - src = pkgs.zsh-fzf-tab; - } - ]; - initExtra = '' - bindkey "^[[1;5D" backward-word - bindkey "^[[1;5C" forward-word - ''; - }; - - programs.mbsync = { - enable = true; - }; - # this is needed so that mbsync can use the passwords from sops - systemd.user.services.mbsync.Unit.After = [ "sops-nix.service" ]; - - programs.msmtp = { - enable = true; - }; - - programs.mu = { - enable = true; - }; - - accounts.email = { - maildirBasePath = "Mail"; - accounts.leon = { - primary = true; - address = "leon.schwarzaeugl@gmail.com"; - userName = "leon.schwarzaeugl@gmail.com"; - realName = "Leon Schwarzäugl"; - passwordCommand = "cat ${config.sops.secrets.leon.path}"; - # passwordCommand = "gpg --quiet --for-your-eyes-only --no-tty --decrypt ~/.local/share/password-store/mail/mbsync/leon.schwarzaeugl@gmail.com.gpg"; - gpg = { - key = "0x76FD3810215AE097"; - signByDefault = true; - }; - imap.host = "imap.gmail.com"; - smtp.host = "smtp.gmail.com"; - mu.enable = true; - msmtp = { - enable = true; - }; - mbsync = { - enable = true; - create = "maildir"; - expunge = "both"; - patterns = [ "*" "![Gmail]*" "[Gmail]/Sent Mail" "[Gmail]/Starred" "[Gmail]/All Mail" ]; - extraConfig = { - channel = { - Sync = "All"; - }; - account = { - Timeout = 120; - PipelineDepth = 1; - }; - }; - }; - }; - - accounts.swarsel = { - address = "leon@swarsel.win"; - userName = "8227dc594dd515ce232eda1471cb9a19"; - realName = "Leon Schwarzäugl"; - passwordCommand = "cat ${config.sops.secrets.swarselmail.path}"; - smtp = { - host = "in-v3.mailjet.com"; - port = 587; - tls = { - enable = true; - useStartTls = true; - }; - }; - mu.enable = false; - msmtp = { - enable = true; - }; - mbsync = { - enable = false; - }; - }; - - accounts.nautilus = { - primary = false; - address = "nautilus.dw@gmail.com"; - userName = "nautilus.dw@gmail.com"; - realName = "Nautilus"; - passwordCommand = "cat ${config.sops.secrets.nautilus.path}"; - # passwordCommand = "gpg --quiet --for-your-eyes-only --no-tty --decrypt ~/.local/share/password-store/mail/mbsync/nautilus.dw@gmail.com.gpg"; - imap.host = "imap.gmail.com"; - smtp.host = "smtp.gmail.com"; - msmtp.enable = true; - mu.enable = true; - mbsync = { - enable = true; - create = "maildir"; - expunge = "both"; - patterns = [ "*" "![Gmail]*" "[Gmail]/Sent Mail" "[Gmail]/Starred" "[Gmail]/All Mail" ]; - extraConfig = { - channel = { - Sync = "All"; - }; - account = { - Timeout = 120; - PipelineDepth = 1; - }; - }; - }; - }; - accounts.mrswarsel = { - primary = false; - address = "mrswarsel@gmail.com"; - userName = "mrswarsel@gmail.com"; - realName = "Swarsel"; - # passwordCommand = "gpg --quiet --for-your-eyes-only --no-tty --decrypt ~/.local/share/password-store/mail/mbsync/mrswarsel@gmail.com.gpg"; - passwordCommand = "cat ${config.sops.secrets.mrswarsel.path}"; - imap.host = "imap.gmail.com"; - smtp.host = "smtp.gmail.com"; - msmtp.enable = true; - mu.enable = true; - mbsync = { - enable = true; - create = "maildir"; - expunge = "both"; - patterns = [ "*" "![Gmail]*" "[Gmail]/Sent Mail" "[Gmail]/Starred" "[Gmail]/All Mail" ]; - extraConfig = { - channel = { - Sync = "All"; - }; - account = { - Timeout = 120; - PipelineDepth = 1; - }; - }; - }; - }; - }; - - # enable emacs overlay for bleeding edge features - # also read init.el file and install use-package packages - programs.emacs = { - enable = true; - package = pkgs.emacsWithPackagesFromUsePackage { - config = ../../programs/emacs/init.el; - package = pkgs.emacs-pgtk; - alwaysEnsure = true; - alwaysTangle = true; - extraEmacsPackages = epkgs: [ - epkgs.mu4e - epkgs.use-package - # epkgs.lsp-bridge - epkgs.doom-themes - - # build the rest of the packages myself - # org-calfw is severely outdated on MELPA and throws many warnings on emacs startup - # build the package from the haji-ali fork, which is well-maintained - (epkgs.trivialBuild rec { - pname = "calfw"; - version = "1.0.0-20231002"; - src = pkgs.fetchFromGitHub { - owner = "haji-ali"; - repo = "emacs-calfw"; - rev = "bc99afee611690f85f0cd0bd33300f3385ddd3d3"; - hash = "sha256-0xMII1KJhTBgQ57tXJks0ZFYMXIanrOl9XyqVmu7a7Y="; - }; - packageRequires = [ epkgs.howm ]; - }) - - (epkgs.trivialBuild rec { - pname = "fast-scroll"; - version = "1.0.0-20191016"; - src = pkgs.fetchFromGitHub { - owner = "ahungry"; - repo = "fast-scroll"; - rev = "3f6ca0d5556fe9795b74714304564f2295dcfa24"; - hash = "sha256-w1wmJW7YwXyjvXJOWdN2+k+QmhXr4IflES/c2bCX3CI="; - }; - packageRequires = [ ]; - }) - - ]; - }; - }; - - programs.waybar = { - - enable = true; - # systemd.enable = true; - settings = { - mainBar = { - layer = "top"; - position = "top"; - modules-left = [ "sway/workspaces" "custom/outer-right-arrow-dark" "sway/window" ]; - modules-center = [ "sway/mode" "custom/configwarn" ]; - "sway/mode" = { - format = "{}"; - }; - - "custom/configwarn" = { - exec = "bash ~/.dotfiles/scripts/checkconfigstatus.sh"; - interval = 60; - }; - - "group/hardware" = { - orientation = "inherit"; - drawer = { - "transition-left-to-right" = false; - }; - modules = [ - "tray" - "temperature" - "power-profiles-daemon" - "custom/left-arrow-light" - "disk" - "custom/left-arrow-dark" - "memory" - "custom/left-arrow-light" - "cpu" - "custom/left-arrow-dark" - ]; - }; - - power-profiles-daemon = { - format = "{icon}"; - tooltip-format = "Power profile: {profile}\nDriver: {driver}"; - tooltip = true; - format-icons = { - "default" = ""; - "performance" = ""; - "balanced" = ""; - "power-saver" = ""; - }; - }; - - temperature = { - critical-threshold = 80; - format-critical = " {temperatureC}°C"; - format = " {temperatureC}°C"; - - }; - - mpris = { - format = "{player_icon} {title} [{position}/{length}]"; - format-paused = "{player_icon} {title} [{position}/{length}]"; - player-icons = { - "default" = "▶ "; - "mpv" = "🎵 "; - "spotify" = " "; - }; - status-icons = { - "paused" = " "; - }; - interval = 1; - title-len = 20; - artist-len = 20; - album-len = 10; - }; - "custom/left-arrow-dark" = { - format = ""; - tooltip = false; - }; - "custom/outer-left-arrow-dark" = { - format = ""; - tooltip = false; - }; - "custom/left-arrow-light" = { - format = ""; - tooltip = false; - }; - "custom/right-arrow-dark" = { - format = ""; - tooltip = false; - }; - "custom/outer-right-arrow-dark" = { - format = ""; - tooltip = false; - }; - "custom/right-arrow-light" = { - format = ""; - tooltip = false; - }; - "sway/workspaces" = { - disable-scroll = true; - format = "{name}"; - }; - - "clock#1" = { - min-length = 8; - interval = 1; - format = "{:%H:%M:%S}"; - # on-click-right= "gnome-clocks"; - tooltip-format = "{:%Y %B}\n{calendar}"; - }; - - "clock#2" = { - format = "{:%d. %B %Y}"; - # on-click-right= "gnome-clocks"; - tooltip-format = "{:%Y %B}\n{calendar}"; - }; - - pulseaudio = { - format = "{icon} {volume:2}%"; - format-bluetooth = "{icon} {volume}%"; - format-muted = "MUTE"; - format-icons = { - headphones = ""; - default = [ - "" - "" - ]; - }; - scroll-step = 1; - on-click = "pamixer -t"; - on-click-right = "pavucontrol"; - }; - memory = { - interval = 5; - format = " {}%"; - tooltip-format = "Memory: {used:0.1f}G/{total:0.1f}G\nSwap: {swapUsed}G/{swapTotal}G"; - }; - cpu = { - min-length = 6; - interval = 5; - format-icons = [ "▁" "▂" "▃" "▄" "▅" "▆" "▇" "█" ]; - # on-click-right= "com.github.stsdc.monitor"; - on-click-right = "kitty -o confirm_os_window_close=0 btm"; - - }; - battery = { - states = { - "warning" = 60; - "error" = 30; - "critical" = 15; - }; - interval = 5; - format = "{icon} {capacity}%"; - format-charging = "{capacity}% "; - format-plugged = "{capacity}% "; - format-icons = [ - "" - "" - "" - "" - "" - ]; - on-click-right = "wlogout -p layer-shell"; - }; - disk = { - interval = 30; - format = "Disk {percentage_used:2}%"; - path = "/"; - states = { - "warning" = 80; - "critical" = 90; - }; - tooltip-format = "{used} used out of {total} on {path} ({percentage_used}%)\n{free} free on {path} ({percentage_free}%)"; - }; - tray = { - icon-size = 20; - }; - network = { - interval = 5; - format-wifi = "{signalStrength}% "; - format-ethernet = ""; - format-linked = "{ifname} (No IP) "; - format-disconnected = "Disconnected ⚠"; - format-alt = "{ifname}: {ipaddr}/{cidr}"; - tooltip-format-ethernet = "{ifname} via {gwaddr}: {essid} {ipaddr}/{cidr}\n\n⇡{bandwidthUpBytes} ⇣{bandwidthDownBytes}"; - tooltip-format-wifi = "{ifname} via {gwaddr}: {essid} {ipaddr}/{cidr} \n{signaldBm}dBm @ {frequency}MHz\n\n⇡{bandwidthUpBytes} ⇣{bandwidthDownBytes}"; - }; - }; - }; - style = builtins.readFile ../../programs/waybar/style.css; - }; - - programs.firefox = { - enable = true; - package = pkgs.firefox.override { - nativeMessagingHosts = [ - pkgs.tridactyl-native - pkgs.browserpass - pkgs.plasma5Packages.plasma-browser-integration - ]; - }; - policies = { - CaptivePortal = false; - DisableFirefoxStudies = true; - DisablePocket = true; - DisableTelemetry = true; - DisableFirefoxAccounts = false; - NoDefaultBookmarks = true; - OfferToSaveLogins = false; - OfferToSaveLoginsDefault = false; - EnableTrackingProtection = true; - }; - profiles.default = { - isDefault = true; - userChrome = builtins.readFile ../../programs/firefox/chrome/userChrome.css; - extensions = with pkgs.nur.repos.rycee.firefox-addons; [ - tridactyl - browserpass - clearurls - darkreader - enhancer-for-youtube - istilldontcareaboutcookies - translate-web-pages - ublock-origin - reddit-enhancement-suite - pushbullet - sponsorblock - web-archives - single-file - widegithub - enhanced-github - unpaywall - don-t-fuck-with-paste - plasma-integration - ]; - - search.engines = { - "Nix Packages" = { - urls = [{ - template = "https://search.nixos.org/packages"; - params = [ - { name = "type"; value = "packages"; } - { name = "query"; value = "{searchTerms}"; } - ]; - }]; - icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; - definedAliases = [ "@np" ]; - }; - - "NixOS Wiki" = { - urls = [{ - template = "https://nixos.wiki/index.php?search={searchTerms}"; - }]; - iconUpdateURL = "https://nixos.wiki/favicon.png"; - updateInterval = 24 * 60 * 60 * 1000; # every day - definedAliases = [ "@nw" ]; - }; - - "NixOS Options" = { - urls = [{ - template = "https://search.nixos.org/options"; - params = [ - { name = "query"; value = "{searchTerms}"; } - ]; - }]; - - icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; - definedAliases = [ "@no" ]; - }; - - "Home Manager Options" = { - urls = [{ - template = "https://home-manager-options.extranix.com/"; - params = [ - { name = "query"; value = "{searchTerms}"; } - ]; - }]; - - icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; - definedAliases = [ "@hm" "@ho" "@hmo" ]; - }; - - "Google".metaData.alias = "@g"; - }; - search.force = true; # this is required because otherwise the search.json.mozlz4 symlink gets replaced on every firefox restart - }; - }; - - services.gnome-keyring = { - enable = true; - }; - - services.mbsync = { - enable = true; - }; - - services.kdeconnect = { - enable = true; - indicator = true; - }; - - services.syncthing = { - enable = false; - tray = { - enable = false; # we enable this by installing the syncthingtray package instead, it works better. - }; - }; - - services.emacs = { - enable = true; - # socketActivation.enable = false; - # startWithUserSession = "graphical"; - }; - - services.mako = { - enable = true; - # backgroundColor = "#2e3440"; - # borderColor = "#88c0d0"; - borderRadius = 15; - borderSize = 1; - defaultTimeout = 5000; - height = 150; - icons = true; - ignoreTimeout = true; - layer = "overlay"; - maxIconSize = 64; - sort = "-time"; - width = 300; - # font = "monospace 10"; - extraConfig = "[urgency=low] -border-color=#cccccc -[urgency=normal] -border-color=#d08770 -[urgency=high] -border-color=#bf616a -default-timeout=3000 -[category=mpd] -default-timeout=2000 -group-by=category -"; - }; - - wayland.windowManager.sway = { - enable = true; - checkConfig = false; # delete this line once SwayFX is fixed upstream - package = pkgs.swayfx; - systemd = { - enable = true; - xdgAutostart = true; - }; - wrapperFeatures.gtk = true; - config = rec { - modifier = "Mod4"; - terminal = "kitty"; - menu = "fuzzel"; - bars = [{ command = "waybar"; }]; - keybindings = - let - inherit (config.wayland.windowManager.sway.config) modifier; - in - { - "${modifier}+q" = "kill"; - "${modifier}+f" = "exec firefox"; - "${modifier}+Space" = "exec fuzzel"; - "${modifier}+Shift+Space" = "floating toggle"; - "${modifier}+e" = "exec emacsclient -nquc -a emacs -e \"(dashboard-open)\""; - "${modifier}+Shift+m" = "exec emacsclient -nquc -a emacs -e \"(mu4e)\""; - "${modifier}+Shift+c" = "exec emacsclient -nquc -a emacs -e \"(swarsel/open-calendar)\""; - "${modifier}+Shift+s" = "exec \"bash ~/.dotfiles/scripts/checkspotify.sh\""; - "${modifier}+m" = "exec \"bash ~/.dotfiles/scripts/checkspotifytui.sh\""; - "${modifier}+x" = "exec \"bash ~/.dotfiles/scripts/checkkitty.sh\""; - "${modifier}+d" = "exec \"bash ~/.dotfiles/scripts/checkdiscord.sh\""; - "${modifier}+Shift+r" = "exec \"bash ~/.dotfiles/scripts/restart.sh\""; - "${modifier}+Shift+t" = "exec \"bash ~/.dotfiles/scripts/toggle_opacity.sh\""; - "${modifier}+Shift+F12" = "move scratchpad"; - "${modifier}+F12" = "scratchpad show"; - "${modifier}+c" = "exec qalculate-gtk"; - "${modifier}+p" = "exec pass-fuzzel"; - "${modifier}+o" = "exec pass-fuzzel-otp"; - "${modifier}+Shift+p" = "exec pass-fuzzel --type"; - "${modifier}+Shift+o" = "exec pass-fuzzel-otp --type"; - "${modifier}+Escape" = "mode $exit"; - # "${modifier}+Shift+Escape" = "exec com.github.stsdc.monitor"; - "${modifier}+Shift+Escape" = "exec kitty -o confirm_os_window_close=0 btm"; - "${modifier}+s" = "exec grim -g \"$(slurp)\" -t png - | wl-copy -t image/png"; - "${modifier}+i" = "exec \"bash ~/.dotfiles/scripts/startup.sh\""; - "${modifier}+1" = "workspace 1:一"; - "${modifier}+Shift+1" = "move container to workspace 1:一"; - "${modifier}+2" = "workspace 2:二"; - "${modifier}+Shift+2" = "move container to workspace 2:二"; - "${modifier}+3" = "workspace 3:三"; - "${modifier}+Shift+3" = "move container to workspace 3:三"; - "${modifier}+4" = "workspace 4:四"; - "${modifier}+Shift+4" = "move container to workspace 4:四"; - "${modifier}+5" = "workspace 5:五"; - "${modifier}+Shift+5" = "move container to workspace 5:五"; - "${modifier}+6" = "workspace 6:六"; - "${modifier}+Shift+6" = "move container to workspace 6:六"; - "${modifier}+7" = "workspace 7:七"; - "${modifier}+Shift+7" = "move container to workspace 7:七"; - "${modifier}+8" = "workspace 8:八"; - "${modifier}+Shift+8" = "move container to workspace 8:八"; - "${modifier}+9" = "workspace 9:九"; - "${modifier}+Shift+9" = "move container to workspace 9:九"; - "${modifier}+0" = "workspace 10:十"; - "${modifier}+Shift+0" = "move container to workspace 10:十"; - "XF86AudioRaiseVolume" = "exec pactl set-sink-volume @DEFAULT_SINK@ +5%"; - "XF86AudioLowerVolume" = "exec pactl set-sink-volume @DEFAULT_SINK@ -5%"; - "${modifier}+Left" = "focus left"; - "${modifier}+Right" = "focus right"; - "${modifier}+Down" = "focus down"; - "${modifier}+Up" = "focus up"; - "${modifier}+Shift+Left" = "move left 40px"; - "${modifier}+Shift+Right" = "move right 40px"; - "${modifier}+Shift+Down" = "move down 40px"; - "${modifier}+Shift+Up" = "move up 40px"; - "${modifier}+h" = "focus left"; - "${modifier}+l" = "focus right"; - "${modifier}+j" = "focus down"; - "${modifier}+k" = "focus up"; - "${modifier}+Shift+h" = "move left 40px"; - "${modifier}+Shift+l" = "move right 40px"; - "${modifier}+Shift+j" = "move down 40px"; - "${modifier}+Shift+k" = "move up 40px"; - "${modifier}+Ctrl+Shift+c" = "reload"; - "${modifier}+Shift+e" = "exec swaynag -t warning -m 'You pressed the exit shortcut. Do you really want to exit sway? This will end your Wayland session.' -b 'Yes, exit sway' 'swaymsg exit'"; - "${modifier}+r" = "mode resize"; - "${modifier}+Return" = "exec kitty"; - }; - modes = { - resize = { - Down = "resize grow height 10 px or 10 ppt"; - Escape = "mode default"; - Left = "resize shrink width 10 px or 10 ppt"; - Return = "mode default"; - Right = "resize grow width 10 px or 10 ppt"; - Up = "resize shrink height 10 px or 10 ppt"; - }; - }; - defaultWorkspace = "workspace 1:一"; - startup = [ - { command = "kitty -T kittyterm"; } - { command = "sleep 60; kitty -T spotifytui -o confirm_os_window_close=0 spotify_player"; } - ]; - window = { - border = 1; - titlebar = false; - }; - assigns = { - "1:一" = [{ app_id = "firefox"; }]; - }; - floating = { - border = 1; - criteria = [ - { title = "^Picture-in-Picture$"; } - { app_id = "qalculate-gtk"; } - { app_id = "org.gnome.clocks"; } - { app_id = "com.github.stsdc.monitor"; } - { app_id = "blueman"; } - { app_id = "pavucontrol"; } - { app_id = "syncthingtray"; } - { title = "Syncthing Tray"; } - { app_id = "SchildiChat"; } - { app_id = "Element"; } - { app_id = "com.nextcloud.desktopclient.nextcloud"; } - { app_id = "gnome-system-monitor"; } - { title = "(?:Open|Save) (?:File|Folder|As)"; } - { title = "^Add$"; } - { title = "com-jgoodies-jdiskreport-JDiskReport"; } - { app_id = "discord"; } - { window_role = "pop-up"; } - { window_role = "bubble"; } - { window_role = "dialog"; } - { window_role = "task_dialog"; } - { window_role = "menu"; } - { window_role = "Preferences"; } - ]; - titlebar = false; - }; - window = { - commands = [ - { - command = "opacity 0.95"; - criteria = { - class = ".*"; - }; - } - { - command = "opacity 1"; - criteria = { - app_id = "Gimp-2.10"; - }; - } - { - command = "opacity 0.99"; - criteria = { - app_id = "firefox"; - }; - } - { - command = "sticky enable, shadows enable"; - criteria = { - title = "^Picture-in-Picture$"; - }; - } - { - command = "opacity 0.8, sticky enable, border normal, move container to scratchpad"; - criteria = { - title = "^kittyterm$"; - }; - } - { - command = "opacity 0.95, sticky enable, border normal, move container to scratchpad"; - criteria = { - title = "^spotifytui$"; - }; - } - # { - # command = "resize set width 60 ppt height 60 ppt, sticky enable, move container to scratchpad"; - # criteria = { - # app_id="^$"; - # class="^$"; - # }; - # } - { - - command = "resize set width 60 ppt height 60 ppt, sticky enable, move container to scratchpad"; - criteria = { - class = "Spotify"; - }; - } - { - command = "sticky enable"; - criteria = { - app_id = "discord"; - }; - } - { - command = "resize set width 60 ppt height 60 ppt, sticky enable"; - criteria = { - class = "Element"; - }; - } - { - command = "resize set width 60 ppt height 60 ppt, sticky enable"; - criteria = { - app_id = "SchildiChat"; - }; - } - ]; - }; - gaps = { - inner = 5; - }; - }; - extraSessionCommands = '' - export SDL_VIDEODRIVER=wayland - export QT_QPA_PLATFORM=wayland - export QT_WAYLAND_DISABLE_WINDOWDECORATION="1" - export _JAVA_AWT_WM_NONREPARENTING=1 - export XDG_CURRENT_DESKTOP=sway - export XDG_SESSION_DESKTOP=sway - export QTWEBENGINE_CHROMIUM_FLAGS="--no-sandbox"; - export ANKI_WAYLAND=1; - export OBSIDIAN_USE_WAYLAND=1; - ''; - # extraConfigEarly = " - # exec systemctl --user import-environment DISPLAY WAYLAND_DISPLAY SWAYSOCK - # exec hash dbus-update-activation-environment 2>/dev/null && dbus-update-activation-environment --systemd DISPLAY WAYLAND_DISPLAY SWAYSOCK - # "; - extraConfig = - let - inherit (config.wayland.windowManager.sway.config) modifier; - swayfxSettings = " - blur enable - blur_xray disable - blur_passes 1 - blur_radius 1 - shadows enable - corner_radius 2 - titlebar_separator disable - default_dim_inactive 0.02 - "; - in - " - exec_always autotiling - set $exit \"exit: [s]leep, [p]oweroff, [r]eboot, [l]ogout\" - mode $exit { - - bindsym --to-code { - s exec \"systemctl suspend\", mode \"default\" - p exec \"systemctl poweroff\" - r exec \"systemctl reboot\" - l exec \"swaymsg exit\" - - Return mode \"default\" - Escape mode \"default\" - ${modifier}+x mode \"default\" - } - } - - exec systemctl --user import-environment - - ${swayfxSettings} - - "; - }; - -} diff --git a/profiles/common/home/default.nix b/profiles/common/home/default.nix new file mode 100644 index 0000000..173a429 --- /dev/null +++ b/profiles/common/home/default.nix @@ -0,0 +1,31 @@ +{ ... }: +{ + imports = [ + ./packages.nix + ./sops.nix + ./ssh.nix + ./stylix.nix + ./desktop.nix + ./symlink.nix + ./env.nix + ./programs.nix + ./nix-index.nix + ./password-store.nix + ./direnv.nix + ./eza.nix + ./git.nix + ./fuzzel.nix + ./starship.nix + ./kitty.nix + ./zsh.nix + ./mail.nix + ./emacs.nix + ./waybar.nix + ./firefox.nix + ./gnome-keyring.nix + ./kdeconnect.nix + ./mako.nix + ./sway.nix + ]; + +} diff --git a/profiles/common/home/desktop.nix b/profiles/common/home/desktop.nix new file mode 100644 index 0000000..934a748 --- /dev/null +++ b/profiles/common/home/desktop.nix @@ -0,0 +1,47 @@ +{ ... }: +{ + xdg.desktopEntries = { + + cura = { + name = "Ultimaker Cura"; + genericName = "Cura"; + exec = "cura"; + terminal = false; + categories = [ "Application" ]; + }; + + anki = { + name = "Anki Flashcards"; + genericName = "Anki"; + exec = "anki"; + terminal = false; + categories = [ "Application" ]; + }; + + # schlidichat = { + # name = "SchildiChat Matrix Client"; + # genericName = "SchildiChat"; + # exec = "schildichat-desktop -enable-features=UseOzonePlatform -ozone-platform=wayland --disable-gpu-driver-bug-workarounds"; + # terminal = false; + # categories = [ "Application"]; + # }; + + element = { + name = "Element Matrix Client"; + genericName = "Element"; + exec = "element-desktop -enable-features=UseOzonePlatform -ozone-platform=wayland --disable-gpu-driver-bug-workarounds"; + terminal = false; + categories = [ "Application" ]; + }; + + emacsclient-newframe = { + name = "Emacs (Client, New Frame)"; + genericName = "Emacs (Client, New Frame)"; + exec = "emacsclient -r %u"; + icon = "emacs"; + terminal = false; + categories = [ "Development" "TextEditor" ]; + }; + + }; +} diff --git a/profiles/common/home/direnv.nix b/profiles/common/home/direnv.nix new file mode 100644 index 0000000..b71ece6 --- /dev/null +++ b/profiles/common/home/direnv.nix @@ -0,0 +1,7 @@ +{ ... }: +{ + programs.direnv = { + enable = true; + nix-direnv.enable = true; + }; +} diff --git a/profiles/common/home/emacs.nix b/profiles/common/home/emacs.nix new file mode 100644 index 0000000..0bf7669 --- /dev/null +++ b/profiles/common/home/emacs.nix @@ -0,0 +1,54 @@ +{ pkgs, ... }: +{ + # enable emacs overlay for bleeding edge features + # also read init.el file and install use-package packages + programs.emacs = { + enable = true; + package = pkgs.emacsWithPackagesFromUsePackage { + config = ../../../programs/emacs/init.el; + package = pkgs.emacs-pgtk; + alwaysEnsure = true; + alwaysTangle = true; + extraEmacsPackages = epkgs: [ + epkgs.mu4e + epkgs.use-package + # epkgs.lsp-bridge + epkgs.doom-themes + + # build the rest of the packages myself + # org-calfw is severely outdated on MELPA and throws many warnings on emacs startup + # build the package from the haji-ali fork, which is well-maintained + (epkgs.trivialBuild rec { + pname = "calfw"; + version = "1.0.0-20231002"; + src = pkgs.fetchFromGitHub { + owner = "haji-ali"; + repo = "emacs-calfw"; + rev = "bc99afee611690f85f0cd0bd33300f3385ddd3d3"; + hash = "sha256-0xMII1KJhTBgQ57tXJks0ZFYMXIanrOl9XyqVmu7a7Y="; + }; + packageRequires = [ epkgs.howm ]; + }) + + (epkgs.trivialBuild rec { + pname = "fast-scroll"; + version = "1.0.0-20191016"; + src = pkgs.fetchFromGitHub { + owner = "ahungry"; + repo = "fast-scroll"; + rev = "3f6ca0d5556fe9795b74714304564f2295dcfa24"; + hash = "sha256-w1wmJW7YwXyjvXJOWdN2+k+QmhXr4IflES/c2bCX3CI="; + }; + packageRequires = [ ]; + }) + + ]; + }; + }; + + services.emacs = { + enable = true; + # socketActivation.enable = false; + # startWithUserSession = "graphical"; + }; +} diff --git a/profiles/common/home/env.nix b/profiles/common/home/env.nix new file mode 100644 index 0000000..52b1d47 --- /dev/null +++ b/profiles/common/home/env.nix @@ -0,0 +1,6 @@ +{ ... }: +{ + home.sessionVariables = { + EDITOR = "bash ~/.dotfiles/scripts/editor.sh"; + }; +} diff --git a/profiles/common/home/eza.nix b/profiles/common/home/eza.nix new file mode 100644 index 0000000..0b1c58d --- /dev/null +++ b/profiles/common/home/eza.nix @@ -0,0 +1,12 @@ +{ ... }: +{ + programs.eza = { + enable = true; + icons = true; + git = true; + extraOptions = [ + "-l" + "--group-directories-first" + ]; + }; +} diff --git a/profiles/common/home/firefox.nix b/profiles/common/home/firefox.nix new file mode 100644 index 0000000..a2f04b9 --- /dev/null +++ b/profiles/common/home/firefox.nix @@ -0,0 +1,98 @@ +{ pkgs, ... }: +{ + programs.firefox = { + enable = true; + package = pkgs.firefox.override { + nativeMessagingHosts = [ + pkgs.tridactyl-native + pkgs.browserpass + pkgs.plasma5Packages.plasma-browser-integration + ]; + }; + policies = { + CaptivePortal = false; + DisableFirefoxStudies = true; + DisablePocket = true; + DisableTelemetry = true; + DisableFirefoxAccounts = false; + NoDefaultBookmarks = true; + OfferToSaveLogins = false; + OfferToSaveLoginsDefault = false; + EnableTrackingProtection = true; + }; + profiles.default = { + isDefault = true; + userChrome = builtins.readFile ../../../programs/firefox/chrome/userChrome.css; + extensions = with pkgs.nur.repos.rycee.firefox-addons; [ + tridactyl + browserpass + clearurls + darkreader + enhancer-for-youtube + istilldontcareaboutcookies + translate-web-pages + ublock-origin + reddit-enhancement-suite + pushbullet + sponsorblock + web-archives + single-file + widegithub + enhanced-github + unpaywall + don-t-fuck-with-paste + plasma-integration + ]; + + search.engines = { + "Nix Packages" = { + urls = [{ + template = "https://search.nixos.org/packages"; + params = [ + { name = "type"; value = "packages"; } + { name = "query"; value = "{searchTerms}"; } + ]; + }]; + icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; + definedAliases = [ "@np" ]; + }; + + "NixOS Wiki" = { + urls = [{ + template = "https://nixos.wiki/index.php?search={searchTerms}"; + }]; + iconUpdateURL = "https://nixos.wiki/favicon.png"; + updateInterval = 24 * 60 * 60 * 1000; # every day + definedAliases = [ "@nw" ]; + }; + + "NixOS Options" = { + urls = [{ + template = "https://search.nixos.org/options"; + params = [ + { name = "query"; value = "{searchTerms}"; } + ]; + }]; + + icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; + definedAliases = [ "@no" ]; + }; + + "Home Manager Options" = { + urls = [{ + template = "https://home-manager-options.extranix.com/"; + params = [ + { name = "query"; value = "{searchTerms}"; } + ]; + }]; + + icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; + definedAliases = [ "@hm" "@ho" "@hmo" ]; + }; + + "Google".metaData.alias = "@g"; + }; + search.force = true; # this is required because otherwise the search.json.mozlz4 symlink gets replaced on every firefox restart + }; + }; +} diff --git a/profiles/common/home/fuzzel.nix b/profiles/common/home/fuzzel.nix new file mode 100644 index 0000000..5f4f2ea --- /dev/null +++ b/profiles/common/home/fuzzel.nix @@ -0,0 +1,14 @@ +{ ... }: +{ + programs.fuzzel = { + enable = true; + settings = { + main = { + layer = "overlay"; + lines = "10"; + width = "40"; + }; + border.radius = "0"; + }; + }; +} diff --git a/profiles/common/home/git.nix b/profiles/common/home/git.nix new file mode 100644 index 0000000..1c18912 --- /dev/null +++ b/profiles/common/home/git.nix @@ -0,0 +1,39 @@ +{ ... }: +{ + programs.git = { + enable = true; + aliases = { + a = "add"; + c = "commit"; + cl = "clone"; + co = "checkout"; + b = "branch"; + i = "init"; + m = "merge"; + s = "status"; + r = "restore"; + p = "pull"; + pp = "push"; + }; + signing = { + key = "0x76FD3810215AE097"; + signByDefault = true; + }; + userEmail = "leon.schwarzaeugl@gmail.com"; + userName = "Swarsel"; + difftastic.enable = true; + lfs.enable = true; + includes = [ + { + contents = { + github = { + user = "Swarsel"; + }; + commit = { + template = "~/.gitmessage"; + }; + }; + } + ]; + }; +} diff --git a/profiles/common/home/gnome-keyring.nix b/profiles/common/home/gnome-keyring.nix new file mode 100644 index 0000000..6e09734 --- /dev/null +++ b/profiles/common/home/gnome-keyring.nix @@ -0,0 +1,6 @@ +{ ... }: +{ + services.gnome-keyring = { + enable = true; + }; +} diff --git a/profiles/common/home/kdeconnect.nix b/profiles/common/home/kdeconnect.nix new file mode 100644 index 0000000..799f177 --- /dev/null +++ b/profiles/common/home/kdeconnect.nix @@ -0,0 +1,7 @@ +{ ... }: +{ + services.kdeconnect = { + enable = true; + indicator = true; + }; +} diff --git a/profiles/common/home/kitty.nix b/profiles/common/home/kitty.nix new file mode 100644 index 0000000..eb50f0d --- /dev/null +++ b/profiles/common/home/kitty.nix @@ -0,0 +1,12 @@ +{ ... }: +{ + programs.kitty = { + enable = true; + keybindings = { + "ctrl+shift+left" = "no_op"; + "ctrl+shift+right" = "no_op"; + "ctrl+shift+home" = "no_op"; + "ctrl+shift+end" = "no_op"; + }; + }; +} diff --git a/profiles/common/home/mail.nix b/profiles/common/home/mail.nix new file mode 100644 index 0000000..c45fe18 --- /dev/null +++ b/profiles/common/home/mail.nix @@ -0,0 +1,133 @@ +{ config, ... }: +{ + programs.mbsync = { + enable = true; + }; + services.mbsync = { + enable = true; + }; + # this is needed so that mbsync can use the passwords from sops + systemd.user.services.mbsync.Unit.After = [ "sops-nix.service" ]; + + programs.msmtp = { + enable = true; + }; + + programs.mu = { + enable = true; + }; + + accounts.email = { + maildirBasePath = "Mail"; + accounts.leon = { + primary = true; + address = "leon.schwarzaeugl@gmail.com"; + userName = "leon.schwarzaeugl@gmail.com"; + realName = "Leon Schwarzäugl"; + passwordCommand = "cat ${config.sops.secrets.leon.path}"; + # passwordCommand = "gpg --quiet --for-your-eyes-only --no-tty --decrypt ~/.local/share/password-store/mail/mbsync/leon.schwarzaeugl@gmail.com.gpg"; + gpg = { + key = "0x76FD3810215AE097"; + signByDefault = true; + }; + imap.host = "imap.gmail.com"; + smtp.host = "smtp.gmail.com"; + mu.enable = true; + msmtp = { + enable = true; + }; + mbsync = { + enable = true; + create = "maildir"; + expunge = "both"; + patterns = [ "*" "![Gmail]*" "[Gmail]/Sent Mail" "[Gmail]/Starred" "[Gmail]/All Mail" ]; + extraConfig = { + channel = { + Sync = "All"; + }; + account = { + Timeout = 120; + PipelineDepth = 1; + }; + }; + }; + }; + + accounts.swarsel = { + address = "leon@swarsel.win"; + userName = "8227dc594dd515ce232eda1471cb9a19"; + realName = "Leon Schwarzäugl"; + passwordCommand = "cat ${config.sops.secrets.swarselmail.path}"; + smtp = { + host = "in-v3.mailjet.com"; + port = 587; + tls = { + enable = true; + useStartTls = true; + }; + }; + mu.enable = false; + msmtp = { + enable = true; + }; + mbsync = { + enable = false; + }; + }; + + accounts.nautilus = { + primary = false; + address = "nautilus.dw@gmail.com"; + userName = "nautilus.dw@gmail.com"; + realName = "Nautilus"; + passwordCommand = "cat ${config.sops.secrets.nautilus.path}"; + # passwordCommand = "gpg --quiet --for-your-eyes-only --no-tty --decrypt ~/.local/share/password-store/mail/mbsync/nautilus.dw@gmail.com.gpg"; + imap.host = "imap.gmail.com"; + smtp.host = "smtp.gmail.com"; + msmtp.enable = true; + mu.enable = true; + mbsync = { + enable = true; + create = "maildir"; + expunge = "both"; + patterns = [ "*" "![Gmail]*" "[Gmail]/Sent Mail" "[Gmail]/Starred" "[Gmail]/All Mail" ]; + extraConfig = { + channel = { + Sync = "All"; + }; + account = { + Timeout = 120; + PipelineDepth = 1; + }; + }; + }; + }; + accounts.mrswarsel = { + primary = false; + address = "mrswarsel@gmail.com"; + userName = "mrswarsel@gmail.com"; + realName = "Swarsel"; + # passwordCommand = "gpg --quiet --for-your-eyes-only --no-tty --decrypt ~/.local/share/password-store/mail/mbsync/mrswarsel@gmail.com.gpg"; + passwordCommand = "cat ${config.sops.secrets.mrswarsel.path}"; + imap.host = "imap.gmail.com"; + smtp.host = "smtp.gmail.com"; + msmtp.enable = true; + mu.enable = true; + mbsync = { + enable = true; + create = "maildir"; + expunge = "both"; + patterns = [ "*" "![Gmail]*" "[Gmail]/Sent Mail" "[Gmail]/Starred" "[Gmail]/All Mail" ]; + extraConfig = { + channel = { + Sync = "All"; + }; + account = { + Timeout = 120; + PipelineDepth = 1; + }; + }; + }; + }; + }; +} diff --git a/profiles/common/home/mako.nix b/profiles/common/home/mako.nix new file mode 100644 index 0000000..0a466c8 --- /dev/null +++ b/profiles/common/home/mako.nix @@ -0,0 +1,30 @@ +{ ... }: +{ + services.mako = { + enable = true; + # backgroundColor = "#2e3440"; + # borderColor = "#88c0d0"; + borderRadius = 15; + borderSize = 1; + defaultTimeout = 5000; + height = 150; + icons = true; + ignoreTimeout = true; + layer = "overlay"; + maxIconSize = 64; + sort = "-time"; + width = 300; + # font = "monospace 10"; + extraConfig = "[urgency=low] + border-color=#cccccc + [urgency=normal] + border-color=#d08770 + [urgency=high] + border-color=#bf616a + default-timeout=3000 + [category=mpd] + default-timeout=2000 + group-by=category + "; + }; +} diff --git a/profiles/common/home/nix-index.nix b/profiles/common/home/nix-index.nix new file mode 100644 index 0000000..4938c18 --- /dev/null +++ b/profiles/common/home/nix-index.nix @@ -0,0 +1,20 @@ +{ pkgs, ... }: +{ + programs.nix-index = + let + command-not-found = pkgs.runCommandLocal "command-not-found.sh" { } '' + mkdir -p $out/etc/profile.d + substitute ${../../../scripts/command-not-found.sh} \ + $out/etc/profile.d/command-not-found.sh \ + --replace @nix-locate@ ${pkgs.nix-index}/bin/nix-locate \ + --replace @tput@ ${pkgs.ncurses}/bin/tput + ''; + in + { + enable = true; + package = pkgs.symlinkJoin { + name = "nix-index"; + paths = [ command-not-found ]; + }; + }; +} diff --git a/profiles/common/home/packages.nix b/profiles/common/home/packages.nix new file mode 100644 index 0000000..de856df --- /dev/null +++ b/profiles/common/home/packages.nix @@ -0,0 +1,314 @@ +{ pkgs, ... }: + +{ + home.packages = with pkgs; [ + + # audio stuff + spek # spectrum analyzer + losslessaudiochecker + ffmpeg_5-full + flac + mediainfo + picard-tools + audacity + sox + + # printing + cups + simple-scan + + # dict + (aspellWithDicts (dicts: with dicts; [ de en en-computers en-science ])) + + # utilities + util-linux + nmap + lsof + + # nix + alejandra + nixpkgs-fmt + deadnix + statix + + # local file sharing + wormhole-rs + + # b2 backup @backblaze + restic + + # "big" programs + gimp + inkscape + zoom-us + # nomacs + libreoffice-qt + xournalpp + obsidian + spotify + discord + stable.nextcloud-client + spotify-player + element-desktop-wayland + nicotine-plus + stable.transmission + mktorrent + hexchat + hugo + + # kyria + qmk + qmk-udev-rules + + # games + lutris + wine + libudev-zero + dwarfs + fuse-overlayfs + # steam + # steam-run + patchelf + gamescope + vulkan-tools + moonlight-qt + ns-usbloader + + # firefox related + tridactyl-native + + # mako related + mako + libnotify + + # general utilities + unrar + samba + cifs-utils + zbar # qr codes + readline + autotiling + brightnessctl + libappindicator-gtk3 + sqlite + speechd + networkmanagerapplet + psmisc # kill etc + lm_sensors + # jq # used for searching the i3 tree in check.sh files + + # specifically needed for anki + # mpv + anki-bin + + # dirvish file previews + fd + imagemagick + poppler + ffmpegthumbnailer + mediainfo + gnutar + unzip + + #nautilus + nautilus + xfce.tumbler + libgsf + + # wayland stuff + wtype + wl-clipboard + wl-mirror + + # screenshotting tools + grim + slurp + + # the following packages are used (in some way) by waybar + playerctl + pavucontrol + pamixer + # gnome.gnome-clocks + # wlogout + # jdiskreport + syncthingtray + # monitor + + #keychain + qalculate-gtk + gcr # needed for gnome-secrets to work + seahorse + + # sops-related + sops + ssh-to-age + + # mail related packages + mu + + # latex and related packages + (pkgs.texlive.combine { + inherit (pkgs.texlive) scheme-full + dvisvgm dvipng# for preview and export as html + wrapfig amsmath ulem hyperref capt-of; + }) + + # font stuff + (nerdfonts.override { fonts = [ "FiraMono" "FiraCode" "NerdFontsSymbolsOnly" ]; }) + noto-fonts-emoji + font-awesome_5 + noto-fonts + noto-fonts-cjk-sans + + # cura + ( + let + cura5 = appimageTools.wrapType2 rec { + name = "cura5"; + version = "5.4.0"; + src = fetchurl { + url = "https://github.com/Ultimaker/Cura/releases/download/${version}/UltiMaker-Cura-${version}-linux-modern.AppImage"; + hash = "sha256-QVv7Wkfo082PH6n6rpsB79st2xK2+Np9ivBg/PYZd74="; + }; + extraPkgs = pkgs: with pkgs; [ ]; + }; + in + writeScriptBin "cura" '' + #! ${pkgs.bash}/bin/bash + # AppImage version of Cura loses current working directory and treats all paths relateive to $HOME. + # So we convert each of the files passed as argument to an absolute path. + # This fixes use cases like `cd /path/to/my/files; cura mymodel.stl anothermodel.stl`. + args=() + for a in "$@"; do + if [ -e "$a" ]; then + a="$(realpath "$a")" + fi + args+=("$a") + done + exec "${cura5}/bin/cura5" "''${args[@]}" + '' + ) + + #E: hides scratchpad depending on state, calls emacsclient for edit and then restores the scratchpad state + (pkgs.writeShellScriptBin "e" '' + bash ~/.dotfiles/scripts/editor_nowait.sh "$@" + '') + (pkgs.writeShellScriptBin "timer" '' + sleep "$1"; while true; do spd-say "$2"; sleep 0.5; done; + '') + + (pkgs.writeScriptBin "project" '' + #! ${pkgs.bash}/bin/bash + if [ "$1" == "rust" ]; then + cp ~/.dotfiles/templates/rust_flake.nix ./flake.nix + cp ~/.dotfiles/templates/toolchain.toml . + elif [ "$1" == "cpp" ]; then + cp ~/.dotfiles/templates/cpp_flake.nix ./flake.nix + elif [ "$1" == "python" ]; then + cp ~/.dotfiles/templates/py_flake.nix ./flake.nix + elif [ "$1" == "cuda" ]; then + cp ~/.dotfiles/templates/cu_flake.nix ./flake.nix + elif [ "$1" == "other" ]; then + cp ~/.dotfiles/templates/other_flake.nix ./flake.nix + elif [ "$1" == "latex" ]; then + if [ "$2" == "" ]; then + echo "No filename specified, usage: 'project latex '" + exit 0 + fi + cp ~/.dotfiles/templates/tex_standard.tex ./"$2".tex + exit 0 + else + echo "No valid argument given. Valid arguments are rust cpp python, cuda" + exit 0 + fi + echo "use flake" >> .envrc + direnv allow + '') + + (pkgs.writeShellApplication { + name = "pass-fuzzel"; + runtimeInputs = [ pkgs.pass pkgs.fuzzel ]; + text = '' + shopt -s nullglob globstar + + typeit=0 + if [[ $# -ge 1 && $1 == "--type" ]]; then + typeit=1 + shift + fi + + export PASSWORD_STORE_DIR=~/.local/share/password-store + prefix=''${PASSWORD_STORE_DIR-~/.local/share/password-store} + password_files=( "$prefix"/**/*.gpg ) + password_files=( "''${password_files[@]#"$prefix"/}" ) + password_files=( "''${password_files[@]%.gpg}" ) + + password=$(printf '%s\n' "''${password_files[@]}" | fuzzel --dmenu "$@") + + [[ -n $password ]] || exit + + if [[ $typeit -eq 0 ]]; then + pass show -c "$password" &>/tmp/pass-fuzzel + else + pass show "$password" | { IFS= read -r pass; printf %s "$pass"; } | wtype - + fi + notify-send -u critical -a pass -t 1000 "Copied/Typed Password" + ''; + }) + + (pkgs.writeShellApplication { + name = "pass-fuzzel-otp"; + runtimeInputs = [ pkgs.fuzzel (pkgs.pass.withExtensions (exts: [ exts.pass-otp ])) ]; + text = '' + shopt -s nullglob globstar + + typeit=0 + if [[ $# -ge 1 && $1 == "--type" ]]; then + typeit=1 + shift + fi + + export PASSWORD_STORE_DIR=~/.local/share/password-store + prefix=''${PASSWORD_STORE_DIR-~/.local/share/password-store} + password_files=( "$prefix"/otp/**/*.gpg ) + password_files=( "''${password_files[@]#"$prefix"/}" ) + password_files=( "''${password_files[@]%.gpg}" ) + + password=$(printf '%s\n' "''${password_files[@]}" | fuzzel --dmenu "$@") + + [[ -n $password ]] || exit + + if [[ $typeit -eq 0 ]]; then + pass otp -c "$password" &>/tmp/pass-fuzzel + else + pass otp "$password" | { IFS= read -r pass; printf %s "$pass"; } | wtype - + fi + notify-send -u critical -a pass -t 1000 "Copied/Typed OTPassword" + ''; + }) + + (pkgs.writeShellApplication { + name = "cdw"; + runtimeInputs = [ pkgs.fzf ]; + text = '' + cd "$(git worktree list | fzf | awk '{print $1}')" + ''; + }) + + (pkgs.writeShellApplication { + name = "cdb"; + runtimeInputs = [ pkgs.fzf ]; + text = '' + git checkout "$(git branch --list | grep -v "^\*" | fzf | awk '{print $1}')" + ''; + }) + + (pkgs.writeShellApplication { + name = "bak"; + text = '' + cp "$1"{,.bak} + ''; + }) + + ]; +} diff --git a/profiles/common/home/password-store.nix b/profiles/common/home/password-store.nix new file mode 100644 index 0000000..90c1a1b --- /dev/null +++ b/profiles/common/home/password-store.nix @@ -0,0 +1,10 @@ +{ pkgs, ... }: +{ + programs.password-store = { + enable = true; + settings = { + PASSWORD_STORE_DIR = "$HOME/.local/share/password-store"; + }; + package = pkgs.pass.withExtensions (exts: [ exts.pass-otp ]); + }; +} diff --git a/profiles/common/home/programs.nix b/profiles/common/home/programs.nix new file mode 100644 index 0000000..4abac70 --- /dev/null +++ b/profiles/common/home/programs.nix @@ -0,0 +1,19 @@ +{ ... }: +{ + programs = { + bottom.enable = true; + imv.enable = true; + sioyek.enable = true; + bat.enable = true; + carapace.enable = true; + wlogout.enable = true; + swayr.enable = true; + yt-dlp.enable = true; + mpv.enable = true; + jq.enable = true; + ripgrep.enable = true; + pandoc.enable = true; + fzf.enable = true; + zoxide.enable = true; + }; +} diff --git a/profiles/common/home/sops.nix b/profiles/common/home/sops.nix new file mode 100644 index 0000000..6bc53a0 --- /dev/null +++ b/profiles/common/home/sops.nix @@ -0,0 +1,14 @@ +{ config, ... }: +{ + sops = { + defaultSopsFile = "${config.home.homeDirectory}/.dotfiles/secrets/general/secrets.yaml"; + validateSopsFiles = false; + secrets = { + mrswarsel = { path = "/run/user/1000/secrets/mrswarsel"; }; + nautilus = { path = "/run/user/1000/secrets/nautilus"; }; + leon = { path = "/run/user/1000/secrets/leon"; }; + swarselmail = { path = "/run/user/1000/secrets/swarselmail"; }; + caldav = { path = "${config.home.homeDirectory}/.emacs.d/.caldav"; }; + }; + }; +} diff --git a/profiles/common/home/ssh.nix b/profiles/common/home/ssh.nix new file mode 100644 index 0000000..6573e02 --- /dev/null +++ b/profiles/common/home/ssh.nix @@ -0,0 +1,97 @@ +{ ... }: +{ + programs.ssh = { + enable = true; + forwardAgent = true; + extraConfig = '' + SetEnv TERM=xterm-256color + ''; + matchBlocks = { + "nginx" = { + hostname = "192.168.1.14"; + user = "root"; + }; + "jellyfin" = { + hostname = "192.168.1.16"; + user = "root"; + }; + "pfsense" = { + hostname = "192.168.1.1"; + user = "root"; + }; + "proxmox" = { + hostname = "192.168.1.2"; + user = "root"; + }; + "transmission" = { + hostname = "192.168.1.6"; + user = "root"; + }; + "fetcher" = { + hostname = "192.168.1.7"; + user = "root"; + }; + "omv" = { + hostname = "192.168.1.3"; + user = "root"; + }; + "webbot" = { + hostname = "192.168.1.11"; + user = "root"; + }; + "nextcloud" = { + hostname = "192.168.1.5"; + user = "root"; + }; + "sound" = { + hostname = "192.168.1.13"; + user = "root"; + }; + "spotify" = { + hostname = "192.168.1.17"; + user = "root"; + }; + "wordpress" = { + hostname = "192.168.1.9"; + user = "root"; + }; + "turn" = { + hostname = "192.168.1.18"; + user = "root"; + }; + "hugo" = { + hostname = "192.168.1.19"; + user = "root"; + }; + "matrix" = { + hostname = "192.168.1.23"; + user = "root"; + }; + "scroll" = { + hostname = "192.168.1.22"; + user = "root"; + }; + "minecraft" = { + hostname = "130.61.119.129"; + user = "opc"; + }; + "sync" = { + hostname = "193.122.53.173"; + user = "root"; #this is a oracle vm server but needs root due to nixos-infect + }; + "songdiver" = { + hostname = "89.168.100.65"; + user = "ubuntu"; + }; + "pkv" = { + hostname = "46.232.248.161"; + user = "root"; + }; + "efficient" = { + hostname = "g0.complang.tuwien.ac.at"; + forwardAgent = true; + user = "ep01427399"; + }; + }; + }; +} diff --git a/profiles/common/home/starship.nix b/profiles/common/home/starship.nix new file mode 100644 index 0000000..f0d44eb --- /dev/null +++ b/profiles/common/home/starship.nix @@ -0,0 +1,106 @@ +{ ... }: +{ + programs.starship = { + enable = true; + enableZshIntegration = true; + settings = { + add_newline = false; + format = "$character"; + right_format = "$all"; + command_timeout = 3000; + + directory.substitutions = { + "Documents" = "󰈙 "; + "Downloads" = " "; + "Music" = " "; + "Pictures" = " "; + }; + + git_status = { + style = "bg:#394260"; + format = "[[($all_status$ahead_behind )](fg:#769ff0 bg:#394260)]($style)"; + }; + + character = { + success_symbol = "[λ](bold green)"; + error_symbol = "[λ](bold red)"; + }; + + aws.symbol = " "; + buf.symbol = " "; + c.symbol = " "; + conda.symbol = " "; + dart.symbol = " "; + directory.read_only = " 󰌾"; + docker_context.symbol = " "; + elixir.symbol = " "; + elm.symbol = " "; + fossil_branch.symbol = " "; + git_branch.symbol = " "; + golang.symbol = " "; + guix_shell.symbol = " "; + haskell.symbol = " "; + haxe.symbol = " "; + hg_branch.symbol = " "; + hostname.ssh_symbol = " "; + java.symbol = " "; + julia.symbol = " "; + lua.symbol = " "; + memory_usage.symbol = "󰍛 "; + meson.symbol = "󰔷 "; + nim.symbol = "󰆥 "; + nix_shell.symbol = " "; + nodejs.symbol = " "; + + os.symbols = { + Alpaquita = " "; + Alpine = " "; + Amazon = " "; + Android = " "; + Arch = " "; + Artix = " "; + CentOS = " "; + Debian = " "; + DragonFly = " "; + Emscripten = " "; + EndeavourOS = " "; + Fedora = " "; + FreeBSD = " "; + Garuda = "󰛓 "; + Gentoo = " "; + HardenedBSD = "󰞌 "; + Illumos = "󰈸 "; + Linux = " "; + Mabox = " "; + Macos = " "; + Manjaro = " "; + Mariner = " "; + MidnightBSD = " "; + Mint = " "; + NetBSD = " "; + NixOS = " "; + OpenBSD = "󰈺 "; + openSUSE = " "; + OracleLinux = "󰌷 "; + Pop = " "; + Raspbian = " "; + Redhat = " "; + RedHatEnterprise = " "; + Redox = "󰀘 "; + Solus = "󰠳 "; + SUSE = " "; + Ubuntu = " "; + Unknown = " "; + Windows = "󰍲 "; + }; + + package.symbol = "󰏗 "; + pijul_channel.symbol = " "; + python.symbol = " "; + rlang.symbol = "󰟔 "; + ruby.symbol = " "; + rust.symbol = " "; + scala.symbol = " "; + }; + }; +} diff --git a/profiles/common/home/stylix.nix b/profiles/common/home/stylix.nix new file mode 100644 index 0000000..0596743 --- /dev/null +++ b/profiles/common/home/stylix.nix @@ -0,0 +1,4 @@ +{ ... }: +{ + stylix.targets.emacs.enable = false; +} diff --git a/profiles/common/home/sway.nix b/profiles/common/home/sway.nix new file mode 100644 index 0000000..ebe63b7 --- /dev/null +++ b/profiles/common/home/sway.nix @@ -0,0 +1,268 @@ +{ config, pkgs, ... }: +{ + wayland.windowManager.sway = { + enable = true; + checkConfig = false; # delete this line once SwayFX is fixed upstream + package = pkgs.swayfx; + systemd = { + enable = true; + xdgAutostart = true; + }; + wrapperFeatures.gtk = true; + config = rec { + modifier = "Mod4"; + terminal = "kitty"; + menu = "fuzzel"; + bars = [{ command = "waybar"; }]; + keybindings = + let + inherit (config.wayland.windowManager.sway.config) modifier; + in + { + "${modifier}+q" = "kill"; + "${modifier}+f" = "exec firefox"; + "${modifier}+Space" = "exec fuzzel"; + "${modifier}+Shift+Space" = "floating toggle"; + "${modifier}+e" = "exec emacsclient -nquc -a emacs -e \"(dashboard-open)\""; + "${modifier}+Shift+m" = "exec emacsclient -nquc -a emacs -e \"(mu4e)\""; + "${modifier}+Shift+c" = "exec emacsclient -nquc -a emacs -e \"(swarsel/open-calendar)\""; + "${modifier}+Shift+s" = "exec \"bash ~/.dotfiles/scripts/checkspotify.sh\""; + "${modifier}+m" = "exec \"bash ~/.dotfiles/scripts/checkspotifytui.sh\""; + "${modifier}+x" = "exec \"bash ~/.dotfiles/scripts/checkkitty.sh\""; + "${modifier}+d" = "exec \"bash ~/.dotfiles/scripts/checkdiscord.sh\""; + "${modifier}+Shift+r" = "exec \"bash ~/.dotfiles/scripts/restart.sh\""; + "${modifier}+Shift+t" = "exec \"bash ~/.dotfiles/scripts/toggle_opacity.sh\""; + "${modifier}+Shift+F12" = "move scratchpad"; + "${modifier}+F12" = "scratchpad show"; + "${modifier}+c" = "exec qalculate-gtk"; + "${modifier}+p" = "exec pass-fuzzel"; + "${modifier}+o" = "exec pass-fuzzel-otp"; + "${modifier}+Shift+p" = "exec pass-fuzzel --type"; + "${modifier}+Shift+o" = "exec pass-fuzzel-otp --type"; + "${modifier}+Escape" = "mode $exit"; + # "${modifier}+Shift+Escape" = "exec com.github.stsdc.monitor"; + "${modifier}+Shift+Escape" = "exec kitty -o confirm_os_window_close=0 btm"; + "${modifier}+s" = "exec grim -g \"$(slurp)\" -t png - | wl-copy -t image/png"; + "${modifier}+i" = "exec \"bash ~/.dotfiles/scripts/startup.sh\""; + "${modifier}+1" = "workspace 1:一"; + "${modifier}+Shift+1" = "move container to workspace 1:一"; + "${modifier}+2" = "workspace 2:二"; + "${modifier}+Shift+2" = "move container to workspace 2:二"; + "${modifier}+3" = "workspace 3:三"; + "${modifier}+Shift+3" = "move container to workspace 3:三"; + "${modifier}+4" = "workspace 4:四"; + "${modifier}+Shift+4" = "move container to workspace 4:四"; + "${modifier}+5" = "workspace 5:五"; + "${modifier}+Shift+5" = "move container to workspace 5:五"; + "${modifier}+6" = "workspace 6:六"; + "${modifier}+Shift+6" = "move container to workspace 6:六"; + "${modifier}+7" = "workspace 7:七"; + "${modifier}+Shift+7" = "move container to workspace 7:七"; + "${modifier}+8" = "workspace 8:八"; + "${modifier}+Shift+8" = "move container to workspace 8:八"; + "${modifier}+9" = "workspace 9:九"; + "${modifier}+Shift+9" = "move container to workspace 9:九"; + "${modifier}+0" = "workspace 10:十"; + "${modifier}+Shift+0" = "move container to workspace 10:十"; + "XF86AudioRaiseVolume" = "exec pactl set-sink-volume @DEFAULT_SINK@ +5%"; + "XF86AudioLowerVolume" = "exec pactl set-sink-volume @DEFAULT_SINK@ -5%"; + "${modifier}+Left" = "focus left"; + "${modifier}+Right" = "focus right"; + "${modifier}+Down" = "focus down"; + "${modifier}+Up" = "focus up"; + "${modifier}+Shift+Left" = "move left 40px"; + "${modifier}+Shift+Right" = "move right 40px"; + "${modifier}+Shift+Down" = "move down 40px"; + "${modifier}+Shift+Up" = "move up 40px"; + "${modifier}+h" = "focus left"; + "${modifier}+l" = "focus right"; + "${modifier}+j" = "focus down"; + "${modifier}+k" = "focus up"; + "${modifier}+Shift+h" = "move left 40px"; + "${modifier}+Shift+l" = "move right 40px"; + "${modifier}+Shift+j" = "move down 40px"; + "${modifier}+Shift+k" = "move up 40px"; + "${modifier}+Ctrl+Shift+c" = "reload"; + "${modifier}+Shift+e" = "exec swaynag -t warning -m 'You pressed the exit shortcut. Do you really want to exit sway? This will end your Wayland session.' -b 'Yes, exit sway' 'swaymsg exit'"; + "${modifier}+r" = "mode resize"; + "${modifier}+Return" = "exec kitty"; + }; + modes = { + resize = { + Down = "resize grow height 10 px or 10 ppt"; + Escape = "mode default"; + Left = "resize shrink width 10 px or 10 ppt"; + Return = "mode default"; + Right = "resize grow width 10 px or 10 ppt"; + Up = "resize shrink height 10 px or 10 ppt"; + }; + }; + defaultWorkspace = "workspace 1:一"; + startup = [ + { command = "kitty -T kittyterm"; } + { command = "sleep 60; kitty -T spotifytui -o confirm_os_window_close=0 spotify_player"; } + ]; + window = { + border = 1; + titlebar = false; + }; + assigns = { + "1:一" = [{ app_id = "firefox"; }]; + }; + floating = { + border = 1; + criteria = [ + { title = "^Picture-in-Picture$"; } + { app_id = "qalculate-gtk"; } + { app_id = "org.gnome.clocks"; } + { app_id = "com.github.stsdc.monitor"; } + { app_id = "blueman"; } + { app_id = "pavucontrol"; } + { app_id = "syncthingtray"; } + { title = "Syncthing Tray"; } + { app_id = "SchildiChat"; } + { app_id = "Element"; } + { app_id = "com.nextcloud.desktopclient.nextcloud"; } + { app_id = "gnome-system-monitor"; } + { title = "(?:Open|Save) (?:File|Folder|As)"; } + { title = "^Add$"; } + { title = "com-jgoodies-jdiskreport-JDiskReport"; } + { app_id = "discord"; } + { window_role = "pop-up"; } + { window_role = "bubble"; } + { window_role = "dialog"; } + { window_role = "task_dialog"; } + { window_role = "menu"; } + { window_role = "Preferences"; } + ]; + titlebar = false; + }; + window = { + commands = [ + { + command = "opacity 0.95"; + criteria = { + class = ".*"; + }; + } + { + command = "opacity 1"; + criteria = { + app_id = "Gimp-2.10"; + }; + } + { + command = "opacity 0.99"; + criteria = { + app_id = "firefox"; + }; + } + { + command = "sticky enable, shadows enable"; + criteria = { + title = "^Picture-in-Picture$"; + }; + } + { + command = "opacity 0.8, sticky enable, border normal, move container to scratchpad"; + criteria = { + title = "^kittyterm$"; + }; + } + { + command = "opacity 0.95, sticky enable, border normal, move container to scratchpad"; + criteria = { + title = "^spotifytui$"; + }; + } + # { + # command = "resize set width 60 ppt height 60 ppt, sticky enable, move container to scratchpad"; + # criteria = { + # app_id="^$"; + # class="^$"; + # }; + # } + { + + command = "resize set width 60 ppt height 60 ppt, sticky enable, move container to scratchpad"; + criteria = { + class = "Spotify"; + }; + } + { + command = "sticky enable"; + criteria = { + app_id = "discord"; + }; + } + { + command = "resize set width 60 ppt height 60 ppt, sticky enable"; + criteria = { + class = "Element"; + }; + } + { + command = "resize set width 60 ppt height 60 ppt, sticky enable"; + criteria = { + app_id = "SchildiChat"; + }; + } + ]; + }; + gaps = { + inner = 5; + }; + }; + extraSessionCommands = '' + export SDL_VIDEODRIVER=wayland + export QT_QPA_PLATFORM=wayland + export QT_WAYLAND_DISABLE_WINDOWDECORATION="1" + export _JAVA_AWT_WM_NONREPARENTING=1 + export XDG_CURRENT_DESKTOP=sway + export XDG_SESSION_DESKTOP=sway + export QTWEBENGINE_CHROMIUM_FLAGS="--no-sandbox"; + export ANKI_WAYLAND=1; + export OBSIDIAN_USE_WAYLAND=1; + ''; + # extraConfigEarly = " + # exec systemctl --user import-environment DISPLAY WAYLAND_DISPLAY SWAYSOCK + # exec hash dbus-update-activation-environment 2>/dev/null && dbus-update-activation-environment --systemd DISPLAY WAYLAND_DISPLAY SWAYSOCK + # "; + extraConfig = + let + inherit (config.wayland.windowManager.sway.config) modifier; + swayfxSettings = " + blur enable + blur_xray disable + blur_passes 1 + blur_radius 1 + shadows enable + corner_radius 2 + titlebar_separator disable + default_dim_inactive 0.02 + "; + in + " + exec_always autotiling + set $exit \"exit: [s]leep, [p]oweroff, [r]eboot, [l]ogout\" + mode $exit { + + bindsym --to-code { + s exec \"systemctl suspend\", mode \"default\" + p exec \"systemctl poweroff\" + r exec \"systemctl reboot\" + l exec \"swaymsg exit\" + + Return mode \"default\" + Escape mode \"default\" + ${modifier}+x mode \"default\" + } + } + + exec systemctl --user import-environment + + ${swayfxSettings} + + "; + }; +} diff --git a/profiles/common/home/symlink.nix b/profiles/common/home/symlink.nix new file mode 100644 index 0000000..d31ca11 --- /dev/null +++ b/profiles/common/home/symlink.nix @@ -0,0 +1,27 @@ +{ ... }: +{ + home.file = { + "init.el" = { + source = ../../../programs/emacs/init.el; + target = ".emacs.d/init.el"; + }; + "early-init.el" = { + source = ../../../programs/emacs/early-init.el; + target = ".emacs.d/early-init.el"; + }; + # on NixOS, Emacs does not find the aspell dicts easily. Write the configuration manually + ".aspell.conf" = { + source = ../../../programs/config/.aspell.conf; + target = ".aspell.conf"; + }; + ".gitmessage" = { + source = ../../../programs/git/.gitmessage; + target = ".gitmessage"; + }; + }; + + xdg.configFile = { + "tridactyl/tridactylrc".source = ../../../programs/firefox/tridactyl/tridactylrc; + "tridactyl/themes/base16-codeschool.css".source = ../../../programs/firefox/tridactyl/themes/base16-codeschool.css; + }; +} diff --git a/profiles/common/home/waybar.nix b/profiles/common/home/waybar.nix new file mode 100644 index 0000000..80476dd --- /dev/null +++ b/profiles/common/home/waybar.nix @@ -0,0 +1,193 @@ +{ ... }: +{ + programs.waybar = { + + enable = true; + # systemd.enable = true; + settings = { + mainBar = { + layer = "top"; + position = "top"; + modules-left = [ "sway/workspaces" "custom/outer-right-arrow-dark" "sway/window" ]; + modules-center = [ "sway/mode" "custom/configwarn" ]; + "sway/mode" = { + format = "{}"; + }; + + "custom/configwarn" = { + exec = "bash ~/.dotfiles/scripts/checkconfigstatus.sh"; + interval = 60; + }; + + "group/hardware" = { + orientation = "inherit"; + drawer = { + "transition-left-to-right" = false; + }; + modules = [ + "tray" + "temperature" + "power-profiles-daemon" + "custom/left-arrow-light" + "disk" + "custom/left-arrow-dark" + "memory" + "custom/left-arrow-light" + "cpu" + "custom/left-arrow-dark" + ]; + }; + + power-profiles-daemon = { + format = "{icon}"; + tooltip-format = "Power profile: {profile}\nDriver: {driver}"; + tooltip = true; + format-icons = { + "default" = ""; + "performance" = ""; + "balanced" = ""; + "power-saver" = ""; + }; + }; + + temperature = { + critical-threshold = 80; + format-critical = " {temperatureC}°C"; + format = " {temperatureC}°C"; + + }; + + mpris = { + format = "{player_icon} {title} [{position}/{length}]"; + format-paused = "{player_icon} {title} [{position}/{length}]"; + player-icons = { + "default" = "▶ "; + "mpv" = "🎵 "; + "spotify" = " "; + }; + status-icons = { + "paused" = " "; + }; + interval = 1; + title-len = 20; + artist-len = 20; + album-len = 10; + }; + "custom/left-arrow-dark" = { + format = ""; + tooltip = false; + }; + "custom/outer-left-arrow-dark" = { + format = ""; + tooltip = false; + }; + "custom/left-arrow-light" = { + format = ""; + tooltip = false; + }; + "custom/right-arrow-dark" = { + format = ""; + tooltip = false; + }; + "custom/outer-right-arrow-dark" = { + format = ""; + tooltip = false; + }; + "custom/right-arrow-light" = { + format = ""; + tooltip = false; + }; + "sway/workspaces" = { + disable-scroll = true; + format = "{name}"; + }; + + "clock#1" = { + min-length = 8; + interval = 1; + format = "{:%H:%M:%S}"; + # on-click-right= "gnome-clocks"; + tooltip-format = "{:%Y %B}\n{calendar}"; + }; + + "clock#2" = { + format = "{:%d. %B %Y}"; + # on-click-right= "gnome-clocks"; + tooltip-format = "{:%Y %B}\n{calendar}"; + }; + + pulseaudio = { + format = "{icon} {volume:2}%"; + format-bluetooth = "{icon} {volume}%"; + format-muted = "MUTE"; + format-icons = { + headphones = ""; + default = [ + "" + "" + ]; + }; + scroll-step = 1; + on-click = "pamixer -t"; + on-click-right = "pavucontrol"; + }; + memory = { + interval = 5; + format = " {}%"; + tooltip-format = "Memory: {used:0.1f}G/{total:0.1f}G\nSwap: {swapUsed}G/{swapTotal}G"; + }; + cpu = { + min-length = 6; + interval = 5; + format-icons = [ "▁" "▂" "▃" "▄" "▅" "▆" "▇" "█" ]; + # on-click-right= "com.github.stsdc.monitor"; + on-click-right = "kitty -o confirm_os_window_close=0 btm"; + + }; + battery = { + states = { + "warning" = 60; + "error" = 30; + "critical" = 15; + }; + interval = 5; + format = "{icon} {capacity}%"; + format-charging = "{capacity}% "; + format-plugged = "{capacity}% "; + format-icons = [ + "" + "" + "" + "" + "" + ]; + on-click-right = "wlogout -p layer-shell"; + }; + disk = { + interval = 30; + format = "Disk {percentage_used:2}%"; + path = "/"; + states = { + "warning" = 80; + "critical" = 90; + }; + tooltip-format = "{used} used out of {total} on {path} ({percentage_used}%)\n{free} free on {path} ({percentage_free}%)"; + }; + tray = { + icon-size = 20; + }; + network = { + interval = 5; + format-wifi = "{signalStrength}% "; + format-ethernet = ""; + format-linked = "{ifname} (No IP) "; + format-disconnected = "Disconnected ⚠"; + format-alt = "{ifname}: {ipaddr}/{cidr}"; + tooltip-format-ethernet = "{ifname} via {gwaddr}: {essid} {ipaddr}/{cidr}\n\n⇡{bandwidthUpBytes} ⇣{bandwidthDownBytes}"; + tooltip-format-wifi = "{ifname} via {gwaddr}: {essid} {ipaddr}/{cidr} \n{signaldBm}dBm @ {frequency}MHz\n\n⇡{bandwidthUpBytes} ⇣{bandwidthDownBytes}"; + }; + }; + }; + style = builtins.readFile ../../../programs/waybar/style.css; + }; +} diff --git a/profiles/common/home/zsh.nix b/profiles/common/home/zsh.nix new file mode 100644 index 0000000..235880a --- /dev/null +++ b/profiles/common/home/zsh.nix @@ -0,0 +1,51 @@ +{ pkgs, ... }: +{ + programs.zsh = { + enable = true; + shellAliases = { + hg = "history | grep"; + hmswitch = "cd ~/.dotfiles; home-manager --flake .#$(whoami)@$(hostname) switch; cd -;"; + nswitch = "cd ~/.dotfiles; sudo nixos-rebuild --flake .#$(hostname) switch; cd -;"; + edithome = "bash ~/.dotfiles/scripts/editor.sh ~/.dotfiles/Nix.org"; + magit = "emacsclient -nc -e \"(magit-status)\""; + config = "git --git-dir=$HOME/.cfg/ --work-tree=$HOME"; + g = "git"; + c = "git --git-dir=$HOME/.dotfiles/.git --work-tree=$HOME/.dotfiles/"; + passpush = "cd ~/.local/share/password-store; git add .; git commit -m 'pass file changes'; git push; cd -;"; + passpull = "cd ~/.local/share/password-store; git pull; cd -;"; + hotspot = "nmcli connection up local; nmcli device wifi hotspot;"; + cd = "z"; + cdr = "cd \"$( (find /home/swarsel/Documents/GitHub -maxdepth 1 && echo /home/swarsel/.dotfiles) | fzf )\""; + }; + autosuggestion.enable = true; + enableCompletion = true; + syntaxHighlighting.enable = true; + autocd = false; + cdpath = [ + "~/.dotfiles" + # "~/Documents/GitHub" + ]; + defaultKeymap = "emacs"; + dirHashes = { + dl = "$HOME/Downloads"; + gh = "$HOME/Documents/GitHub"; + }; + history = { + expireDuplicatesFirst = true; + path = "$HOME/.histfile"; + save = 10000; + size = 10000; + }; + historySubstringSearch.enable = true; + plugins = [ + { + name = "fzf-tab"; + src = pkgs.zsh-fzf-tab; + } + ]; + initExtra = '' + bindkey "^[[1;5D" backward-word + bindkey "^[[1;5C" forward-word + ''; + }; +} diff --git a/profiles/common/nixos.nix b/profiles/common/nixos.nix deleted file mode 100644 index 15dc26d..0000000 --- a/profiles/common/nixos.nix +++ /dev/null @@ -1,556 +0,0 @@ -{ config, lib, pkgs, ... }: - -{ - home-manager = { - useGlobalPkgs = true; - useUserPackages = true; - }; - - services.xserver = { - xkb = { - layout = "us"; - variant = "altgr-intl"; - }; - }; - - # nix.settings.experimental-features = ["nix-command" "flakes"]; - - users.mutableUsers = false; - - environment = { - wordlist.enable = true; - sessionVariables = { - NIXOS_OZONE_WL = "1"; - GST_PLUGIN_SYSTEM_PATH_1_0 = lib.makeSearchPathOutput "lib" "lib/gstreamer-1.0" (with pkgs.gst_all_1; [ - gst-plugins-good - gst-plugins-bad - gst-plugins-ugly - gst-libav - ]); - }; - }; - # gstreamer plugins for nautilus (used for file metadata) - - time.hardwareClockInLocalTime = true; - - # dont style GRUB with stylix - stylix.targets.grub.enable = false; # the styling makes grub more ugly - - security.polkit.enable = true; - - nix.gc = { - automatic = true; - randomizedDelaySec = "14m"; - dates = "weekly"; - options = "--delete-older-than 10d"; - }; - - nix.optimise = { - automatic = true; - dates = [ "weekly" ]; - }; - - # systemd - systemd.extraConfig = '' - DefaultTimeoutStartSec=60s - DefaultTimeoutStopSec=15s - ''; - - hardware = { - graphics = { - enable = true; - enable32Bit = true; - }; - - pulseaudio = { - enable = true; - package = pkgs.pulseaudioFull; - }; - - enableAllFirmware = true; - - bluetooth = { - powerOnBoot = true; - settings = { - General = { - Enable = "Source,Sink,Media,Socket"; - }; - }; - }; - }; - - networking.networkmanager = { - enable = true; - ensureProfiles = { - environmentFiles = [ - "${config.sops.templates."network-manager.env".path}" - ]; - profiles = { - "Ernest Routerford" = { - connection = { - id = "Ernest Routerford"; - permissions = ""; - type = "wifi"; - }; - ipv4 = { - dns-search = ""; - method = "auto"; - }; - ipv6 = { - addr-gen-mode = "stable-privacy"; - dns-search = ""; - method = "auto"; - }; - wifi = { - mac-address-blacklist = ""; - mode = "infrastructure"; - ssid = "Ernest Routerford"; - }; - wifi-security = { - auth-alg = "open"; - key-mgmt = "wpa-psk"; - psk = "$ERNEST"; - }; - }; - - LAN-Party = { - connection = { - autoconnect = "false"; - id = "LAN-Party"; - type = "ethernet"; - }; - ethernet = { - auto-negotiate = "true"; - cloned-mac-address = "preserve"; - mac-address = "90:2E:16:D0:A1:87"; - }; - ipv4 = { method = "shared"; }; - ipv6 = { - addr-gen-mode = "stable-privacy"; - method = "auto"; - }; - proxy = { }; - }; - - eduroam = { - "802-1x" = { - eap = "ttls;"; - identity = "$EDUID"; - password = "$EDUPASS"; - phase2-auth = "mschapv2"; - }; - connection = { - id = "eduroam"; - type = "wifi"; - }; - ipv4 = { method = "auto"; }; - ipv6 = { - addr-gen-mode = "default"; - method = "auto"; - }; - proxy = { }; - wifi = { - mode = "infrastructure"; - ssid = "eduroam"; - }; - wifi-security = { - auth-alg = "open"; - key-mgmt = "wpa-eap"; - }; - }; - - local = { - connection = { - autoconnect = "false"; - id = "local"; - type = "ethernet"; - }; - ethernet = { }; - ipv4 = { - address1 = "10.42.1.1/24"; - method = "shared"; - }; - ipv6 = { - addr-gen-mode = "stable-privacy"; - method = "auto"; - }; - proxy = { }; - }; - - HH40V_39F5 = { - connection = { - id = "HH40V_39F5"; - type = "wifi"; - }; - ipv4 = { method = "auto"; }; - ipv6 = { - addr-gen-mode = "stable-privacy"; - method = "auto"; - }; - proxy = { }; - wifi = { - band = "bg"; - mode = "infrastructure"; - ssid = "HH40V_39F5"; - }; - wifi-security = { - key-mgmt = "wpa-psk"; - psk = "$FRAUNS"; - }; - }; - - magicant = { - connection = { - id = "magicant"; - type = "wifi"; - }; - ipv4 = { method = "auto"; }; - ipv6 = { - addr-gen-mode = "default"; - method = "auto"; - }; - proxy = { }; - wifi = { - mode = "infrastructure"; - ssid = "magicant"; - }; - wifi-security = { - auth-alg = "open"; - key-mgmt = "wpa-psk"; - psk = "$HANDYHOTSPOT"; - }; - }; - - "sweden-aes-128-cbc-udp-dns" = { - connection = { - autoconnect = "false"; - id = "PIA Sweden"; - type = "vpn"; - }; - ipv4 = { method = "auto"; }; - ipv6 = { - addr-gen-mode = "stable-privacy"; - method = "auto"; - }; - proxy = { }; - vpn = { - auth = "sha1"; - ca = - "${config.users.users.swarsel.home}/.dotfiles/secrets/certs/sweden-aes-128-cbc-udp-dns-ca.pem"; - challenge-response-flags = "2"; - cipher = "aes-128-cbc"; - compress = "yes"; - connection-type = "password"; - crl-verify-file = "${config.users.users.swarsel.home}/.dotfiles/secrets/certs/sweden-aes-128-cbc-udp-dns-crl-verify.pem"; - dev = "tun"; - password-flags = "0"; - remote = "sweden.privacy.network:1198"; - remote-cert-tls = "server"; - reneg-seconds = "0"; - service-type = "org.freedesktop.NetworkManager.openvpn"; - username = "$VPNUSER"; - }; - vpn-secrets = { password = "$VPNPASS"; }; - }; - - Hotspot = { - connection = { - autoconnect = "false"; - id = "Hotspot"; - type = "wifi"; - }; - ipv4 = { method = "shared"; }; - ipv6 = { - addr-gen-mode = "default"; - method = "ignore"; - }; - proxy = { }; - wifi = { - mode = "ap"; - ssid = "Hotspot-fourside"; - }; - wifi-security = { - group = "ccmp;"; - key-mgmt = "wpa-psk"; - pairwise = "ccmp;"; - proto = "rsn;"; - psk = "$HOTSPOT"; - }; - }; - - }; - }; - }; - - systemd.services.NetworkManager-ensure-profiles.after = [ "NetworkManager.service" ]; - - time.timeZone = "Europe/Vienna"; - - i18n = { - defaultLocale = "en_US.UTF-8"; - extraLocaleSettings = { - LC_ADDRESS = "de_AT.UTF-8"; - LC_IDENTIFICATION = "de_AT.UTF-8"; - LC_MEASUREMENT = "de_AT.UTF-8"; - LC_MONETARY = "de_AT.UTF-8"; - LC_NAME = "de_AT.UTF-8"; - LC_NUMERIC = "de_AT.UTF-8"; - LC_PAPER = "de_AT.UTF-8"; - LC_TELEPHONE = "de_AT.UTF-8"; - LC_TIME = "de_AT.UTF-8"; - }; - }; - - sops = { - - defaultSopsFile = "${config.users.users.swarsel.home}/.dotfiles/secrets/general/secrets.yaml"; - validateSopsFiles = false; - - secrets = { - swarseluser = { neededForUsers = true; }; - ernest = { }; - frauns = { }; - hotspot = { }; - eduid = { }; - edupass = { }; - handyhotspot = { }; - vpnuser = { }; - vpnpass = { }; - }; - templates = { - "network-manager.env".content = '' - ERNEST=${config.sops.placeholder.ernest} - FRAUNS=${config.sops.placeholder.frauns} - HOTSPOT=${config.sops.placeholder.hotspot} - EDUID=${config.sops.placeholder.eduid} - EDUPASS=${config.sops.placeholder.edupass} - HANDYHOTSPOT=${config.sops.placeholder.handyhotspot} - VPNUSER=${config.sops.placeholder.vpnuser} - VPNPASS=${config.sops.placeholder.vpnpass} - ''; - }; - }; - - environment.systemPackages = with pkgs; [ - # yubikey packages - gnupg - yubikey-personalization - yubikey-personalization-gui - yubico-pam - yubioath-flutter - yubikey-manager - yubikey-manager-qt - yubico-piv-tool - cfssl - pcsctools - pcscliteWithPolkit.out - - # ledger packages - ledger-live-desktop - - # pinentry - - # theme related - adwaita-icon-theme - - # kde-connect - xdg-desktop-portal - - # bluetooth - bluez - - # lsp-related ------------------------------- - # nix - # latex - texlab - ghostscript_headless - # wireguard - wireguard-tools - # rust - rust-analyzer - clippy - rustfmt - # go - go - gopls - # zig - zig - zls - # cpp - clang-tools - # + cuda - cudatoolkit - #lsp-bridge / python - gcc - gdb - (python3.withPackages (ps: with ps; [ jupyter ipython pyqt5 epc orjson sexpdata six setuptools paramiko numpy pandas scipy matplotlib requests debugpy flake8 gnureadline python-lsp-server ])) - # (python3.withPackages(ps: with ps; [ jupyter ipython pyqt5 numpy pandas scipy matplotlib requests debugpy flake8 gnureadline python-lsp-server])) - # -------------------------------------------- - - (stdenv.mkDerivation { - name = "oama"; - - src = pkgs.fetchurl { - name = "oama"; - url = "https://github.com/pdobsan/oama/releases/download/0.13.1/oama-0.13.1-Linux-x86_64-static.tgz"; - sha256 = "sha256-OTdCObVfnMPhgZxVtZqehgUXtKT1iyqozdkPIV+i3Gc="; - }; - - phases = [ - "unpackPhase" - ]; - - unpackPhase = '' - mkdir -p $out/bin - tar xvf $src -C $out/ - mv $out/oama-0.13.1-Linux-x86_64-static/oama $out/bin/ - ''; - - }) - - ]; - - programs = { - dconf.enable = true; - evince.enable = true; - kdeconnect.enable = true; - }; - - programs.zsh.enable = true; - users.defaultUserShell = pkgs.zsh; - environment.shells = with pkgs; [ zsh ]; - environment.pathsToLink = [ "/share/zsh" ]; - - services.syncthing = { - enable = true; - user = "swarsel"; - dataDir = "/home/swarsel"; - configDir = "/home/swarsel/.config/syncthing"; - openDefaultPorts = true; - settings = { - devices = { - "magicant" = { - id = "SEH2NMT-IVRQUU5-VPW2HUQ-3GQYDBF-F6H6OY6-X3DZTUZ-LCRE2DJ-QNIXIQ2"; - }; - "sync (@oracle)" = { - id = "ETW6TST-NPK7MKZ-M4LXMHA-QUPQHDT-VTSHH5X-CR5EIN2-YU7E55F-MGT7DQB"; - }; - "server1" = { - id = "ZXWVC4X-IIARITZ-MERZPHN-HD55Y6G-QJM2GTB-6BWYXMR-DTO3TS2-QDBREQQ"; - }; - }; - folders = { - "Default Folder" = { - path = "/home/swarsel/Sync"; - devices = [ "sync (@oracle)" ]; - id = "default"; - }; - "Obsidian" = { - path = "/home/swarsel/Nextcloud/Obsidian"; - devices = [ "sync (@oracle)" ]; - id = "yjvni-9eaa7"; - }; - "Org" = { - path = "/home/swarsel/Nextcloud/Org"; - devices = [ "sync (@oracle)" ]; - id = "a7xnl-zjj3d"; - }; - "Vpn" = { - path = "/home/swarsel/Vpn"; - devices = [ "sync (@oracle)" ]; - id = "hgp9s-fyq3p"; - }; - }; - }; - }; - - services.blueman.enable = true; - - # enable scanners over network - hardware.sane = { - enable = true; - extraBackends = [ pkgs.sane-airscan ]; - }; - - # enable discovery and usage of network devices (esp. printers) - services.printing = { - enable = true; - drivers = [ - pkgs.gutenprint - pkgs.gutenprintBin - ]; - browsedConf = '' - BrowseDNSSDSubTypes _cups,_print - BrowseLocalProtocols all - BrowseRemoteProtocols all - CreateIPPPrinterQueues All - BrowseProtocols all - ''; - }; - - services.avahi = { - enable = true; - nssmdns4 = true; - openFirewall = true; - }; - - services.gvfs.enable = true; - - # Make CAPS work as a dual function ESC/CTRL key - services.interception-tools = { - enable = true; - udevmonConfig = - let - dualFunctionKeysConfig = builtins.toFile "dual-function-keys.yaml" '' - TIMING: - TAP_MILLISEC: 200 - DOUBLE_TAP_MILLISEC: 0 - - MAPPINGS: - - KEY: KEY_CAPSLOCK - TAP: KEY_ESC - HOLD: KEY_LEFTCTRL - ''; - in - '' - - JOB: | - ${pkgs.interception-tools}/bin/intercept -g $DEVNODE \ - | ${pkgs.interception-tools-plugins.dual-function-keys}/bin/dual-function-keys -c ${dualFunctionKeysConfig} \ - | ${pkgs.interception-tools}/bin/uinput -d $DEVNODE - DEVICE: - EVENTS: - EV_KEY: [KEY_CAPSLOCK] - ''; - }; - - programs.ssh.startAgent = false; - - services.pcscd.enable = true; - - hardware.ledger.enable = true; - - services.udev.packages = with pkgs; [ - yubikey-personalization - ledger-udev-rules - ]; - - services.greetd = { - enable = true; - settings = { - initial_session.command = "sway"; - # initial_session.user ="swarsel"; - default_session.command = '' - ${pkgs.greetd.tuigreet}/bin/tuigreet \ - --time \ - --asterisks \ - --user-menu \ - --cmd sway - ''; - }; - }; - - environment.etc."greetd/environments".text = '' - sway - ''; - -} diff --git a/profiles/common/nixos/blueman.nix b/profiles/common/nixos/blueman.nix new file mode 100644 index 0000000..70c4b9e --- /dev/null +++ b/profiles/common/nixos/blueman.nix @@ -0,0 +1,4 @@ +{ ... }: +{ + services.blueman.enable = true; +} diff --git a/profiles/common/nixos/default.nix b/profiles/common/nixos/default.nix new file mode 100644 index 0000000..7c82208 --- /dev/null +++ b/profiles/common/nixos/default.nix @@ -0,0 +1,33 @@ +{ ... }: +{ + imports = [ + ./xserver.nix + ./users.nix + ./env.nix + ./stylix.nix + ./polkit.nix + ./gc.nix + ./store.nix + ./systemd.nix + ./network.nix + ./time.nix + ./hardware.nix + ./sops.nix + ./packages.nix + ./programs.nix + ./zsh.nix + ./syncthing.nix + ./blueman.nix + ./networkdevices.nix + ./gvfs.nix + ./interceptiontools.nix + ./hardwarecompatibility.nix + ./login.nix + ]; + + + home-manager = { + useGlobalPkgs = true; + useUserPackages = true; + }; +} diff --git a/profiles/common/nixos/env.nix b/profiles/common/nixos/env.nix new file mode 100644 index 0000000..610f984 --- /dev/null +++ b/profiles/common/nixos/env.nix @@ -0,0 +1,16 @@ +{ lib, pkgs, ... }: +{ + environment = { + wordlist.enable = true; + sessionVariables = { + NIXOS_OZONE_WL = "1"; + GST_PLUGIN_SYSTEM_PATH_1_0 = lib.makeSearchPathOutput "lib" "lib/gstreamer-1.0" (with pkgs.gst_all_1; [ + gst-plugins-good + gst-plugins-bad + gst-plugins-ugly + gst-libav + ]); + }; + }; + # gstreamer plugins for nautilus (used for file metadata) +} diff --git a/profiles/common/nixos/gc.nix b/profiles/common/nixos/gc.nix new file mode 100644 index 0000000..f44f324 --- /dev/null +++ b/profiles/common/nixos/gc.nix @@ -0,0 +1,9 @@ +{ ... }: +{ + nix.gc = { + automatic = true; + randomizedDelaySec = "14m"; + dates = "weekly"; + options = "--delete-older-than 10d"; + }; +} diff --git a/profiles/common/nixos/gvfs.nix b/profiles/common/nixos/gvfs.nix new file mode 100644 index 0000000..8ae1887 --- /dev/null +++ b/profiles/common/nixos/gvfs.nix @@ -0,0 +1,4 @@ +{ ... }: +{ + services.gvfs.enable = true; +} diff --git a/profiles/common/nixos/hardware.nix b/profiles/common/nixos/hardware.nix new file mode 100644 index 0000000..4263901 --- /dev/null +++ b/profiles/common/nixos/hardware.nix @@ -0,0 +1,26 @@ +{ pkgs, ... }: +{ + + hardware = { + graphics = { + enable = true; + enable32Bit = true; + }; + + pulseaudio = { + enable = true; + package = pkgs.pulseaudioFull; + }; + + enableAllFirmware = true; + + bluetooth = { + powerOnBoot = true; + settings = { + General = { + Enable = "Source,Sink,Media,Socket"; + }; + }; + }; + }; +} diff --git a/profiles/common/nixos/hardwarecompatibility.nix b/profiles/common/nixos/hardwarecompatibility.nix new file mode 100644 index 0000000..283a971 --- /dev/null +++ b/profiles/common/nixos/hardwarecompatibility.nix @@ -0,0 +1,13 @@ +{ pkgs, ... }: +{ + programs.ssh.startAgent = false; + + services.pcscd.enable = true; + + hardware.ledger.enable = true; + + services.udev.packages = with pkgs; [ + yubikey-personalization + ledger-udev-rules + ]; +} diff --git a/profiles/common/nixos/interceptiontools.nix b/profiles/common/nixos/interceptiontools.nix new file mode 100644 index 0000000..b773406 --- /dev/null +++ b/profiles/common/nixos/interceptiontools.nix @@ -0,0 +1,29 @@ +{ pkgs, ... }: +{ + # Make CAPS work as a dual function ESC/CTRL key + services.interception-tools = { + enable = true; + udevmonConfig = + let + dualFunctionKeysConfig = builtins.toFile "dual-function-keys.yaml" '' + TIMING: + TAP_MILLISEC: 200 + DOUBLE_TAP_MILLISEC: 0 + + MAPPINGS: + - KEY: KEY_CAPSLOCK + TAP: KEY_ESC + HOLD: KEY_LEFTCTRL + ''; + in + '' + - JOB: | + ${pkgs.interception-tools}/bin/intercept -g $DEVNODE \ + | ${pkgs.interception-tools-plugins.dual-function-keys}/bin/dual-function-keys -c ${dualFunctionKeysConfig} \ + | ${pkgs.interception-tools}/bin/uinput -d $DEVNODE + DEVICE: + EVENTS: + EV_KEY: [KEY_CAPSLOCK] + ''; + }; +} diff --git a/profiles/common/nixos/interceptiontoools.nix b/profiles/common/nixos/interceptiontoools.nix new file mode 100644 index 0000000..b773406 --- /dev/null +++ b/profiles/common/nixos/interceptiontoools.nix @@ -0,0 +1,29 @@ +{ pkgs, ... }: +{ + # Make CAPS work as a dual function ESC/CTRL key + services.interception-tools = { + enable = true; + udevmonConfig = + let + dualFunctionKeysConfig = builtins.toFile "dual-function-keys.yaml" '' + TIMING: + TAP_MILLISEC: 200 + DOUBLE_TAP_MILLISEC: 0 + + MAPPINGS: + - KEY: KEY_CAPSLOCK + TAP: KEY_ESC + HOLD: KEY_LEFTCTRL + ''; + in + '' + - JOB: | + ${pkgs.interception-tools}/bin/intercept -g $DEVNODE \ + | ${pkgs.interception-tools-plugins.dual-function-keys}/bin/dual-function-keys -c ${dualFunctionKeysConfig} \ + | ${pkgs.interception-tools}/bin/uinput -d $DEVNODE + DEVICE: + EVENTS: + EV_KEY: [KEY_CAPSLOCK] + ''; + }; +} diff --git a/profiles/common/nixos/login.nix b/profiles/common/nixos/login.nix new file mode 100644 index 0000000..e7ef07d --- /dev/null +++ b/profiles/common/nixos/login.nix @@ -0,0 +1,21 @@ +{ pkgs, ... }: +{ + services.greetd = { + enable = true; + settings = { + initial_session.command = "sway"; + # initial_session.user ="swarsel"; + default_session.command = '' + ${pkgs.greetd.tuigreet}/bin/tuigreet \ + --time \ + --asterisks \ + --user-menu \ + --cmd sway + ''; + }; + }; + + environment.etc."greetd/environments".text = '' + sway + ''; +} diff --git a/profiles/common/nixos/network.nix b/profiles/common/nixos/network.nix new file mode 100644 index 0000000..6c09c2d --- /dev/null +++ b/profiles/common/nixos/network.nix @@ -0,0 +1,207 @@ +{ config, ... }: +{ + networking.networkmanager = { + enable = true; + ensureProfiles = { + environmentFiles = [ + "${config.sops.templates."network-manager.env".path}" + ]; + profiles = { + "Ernest Routerford" = { + connection = { + id = "Ernest Routerford"; + permissions = ""; + type = "wifi"; + }; + ipv4 = { + dns-search = ""; + method = "auto"; + }; + ipv6 = { + addr-gen-mode = "stable-privacy"; + dns-search = ""; + method = "auto"; + }; + wifi = { + mac-address-blacklist = ""; + mode = "infrastructure"; + ssid = "Ernest Routerford"; + }; + wifi-security = { + auth-alg = "open"; + key-mgmt = "wpa-psk"; + psk = "$ERNEST"; + }; + }; + + LAN-Party = { + connection = { + autoconnect = "false"; + id = "LAN-Party"; + type = "ethernet"; + }; + ethernet = { + auto-negotiate = "true"; + cloned-mac-address = "preserve"; + mac-address = "90:2E:16:D0:A1:87"; + }; + ipv4 = { method = "shared"; }; + ipv6 = { + addr-gen-mode = "stable-privacy"; + method = "auto"; + }; + proxy = { }; + }; + + eduroam = { + "802-1x" = { + eap = "ttls;"; + identity = "$EDUID"; + password = "$EDUPASS"; + phase2-auth = "mschapv2"; + }; + connection = { + id = "eduroam"; + type = "wifi"; + }; + ipv4 = { method = "auto"; }; + ipv6 = { + addr-gen-mode = "default"; + method = "auto"; + }; + proxy = { }; + wifi = { + mode = "infrastructure"; + ssid = "eduroam"; + }; + wifi-security = { + auth-alg = "open"; + key-mgmt = "wpa-eap"; + }; + }; + + local = { + connection = { + autoconnect = "false"; + id = "local"; + type = "ethernet"; + }; + ethernet = { }; + ipv4 = { + address1 = "10.42.1.1/24"; + method = "shared"; + }; + ipv6 = { + addr-gen-mode = "stable-privacy"; + method = "auto"; + }; + proxy = { }; + }; + + HH40V_39F5 = { + connection = { + id = "HH40V_39F5"; + type = "wifi"; + }; + ipv4 = { method = "auto"; }; + ipv6 = { + addr-gen-mode = "stable-privacy"; + method = "auto"; + }; + proxy = { }; + wifi = { + band = "bg"; + mode = "infrastructure"; + ssid = "HH40V_39F5"; + }; + wifi-security = { + key-mgmt = "wpa-psk"; + psk = "$FRAUNS"; + }; + }; + + magicant = { + connection = { + id = "magicant"; + type = "wifi"; + }; + ipv4 = { method = "auto"; }; + ipv6 = { + addr-gen-mode = "default"; + method = "auto"; + }; + proxy = { }; + wifi = { + mode = "infrastructure"; + ssid = "magicant"; + }; + wifi-security = { + auth-alg = "open"; + key-mgmt = "wpa-psk"; + psk = "$HANDYHOTSPOT"; + }; + }; + + "sweden-aes-128-cbc-udp-dns" = { + connection = { + autoconnect = "false"; + id = "PIA Sweden"; + type = "vpn"; + }; + ipv4 = { method = "auto"; }; + ipv6 = { + addr-gen-mode = "stable-privacy"; + method = "auto"; + }; + proxy = { }; + vpn = { + auth = "sha1"; + ca = + "${config.users.users.swarsel.home}/.dotfiles/secrets/certs/sweden-aes-128-cbc-udp-dns-ca.pem"; + challenge-response-flags = "2"; + cipher = "aes-128-cbc"; + compress = "yes"; + connection-type = "password"; + crl-verify-file = "${config.users.users.swarsel.home}/.dotfiles/secrets/certs/sweden-aes-128-cbc-udp-dns-crl-verify.pem"; + dev = "tun"; + password-flags = "0"; + remote = "sweden.privacy.network:1198"; + remote-cert-tls = "server"; + reneg-seconds = "0"; + service-type = "org.freedesktop.NetworkManager.openvpn"; + username = "$VPNUSER"; + }; + vpn-secrets = { password = "$VPNPASS"; }; + }; + + Hotspot = { + connection = { + autoconnect = "false"; + id = "Hotspot"; + type = "wifi"; + }; + ipv4 = { method = "shared"; }; + ipv6 = { + addr-gen-mode = "default"; + method = "ignore"; + }; + proxy = { }; + wifi = { + mode = "ap"; + ssid = "Hotspot-fourside"; + }; + wifi-security = { + group = "ccmp;"; + key-mgmt = "wpa-psk"; + pairwise = "ccmp;"; + proto = "rsn;"; + psk = "$HOTSPOT"; + }; + }; + + }; + }; + }; + + systemd.services.NetworkManager-ensure-profiles.after = [ "NetworkManager.service" ]; +} diff --git a/profiles/common/nixos/networkdevices.nix b/profiles/common/nixos/networkdevices.nix new file mode 100644 index 0000000..0ae49eb --- /dev/null +++ b/profiles/common/nixos/networkdevices.nix @@ -0,0 +1,30 @@ +{ pkgs, ... }: +{ + # enable scanners over network + hardware.sane = { + enable = true; + extraBackends = [ pkgs.sane-airscan ]; + }; + + # enable discovery and usage of network devices (esp. printers) + services.printing = { + enable = true; + drivers = [ + pkgs.gutenprint + pkgs.gutenprintBin + ]; + browsedConf = '' + BrowseDNSSDSubTypes _cups,_print + BrowseLocalProtocols all + BrowseRemoteProtocols all + CreateIPPPrinterQueues All + BrowseProtocols all + ''; + }; + + services.avahi = { + enable = true; + nssmdns4 = true; + openFirewall = true; + }; +} diff --git a/profiles/common/nixos/packages.nix b/profiles/common/nixos/packages.nix new file mode 100644 index 0000000..8f15c5d --- /dev/null +++ b/profiles/common/nixos/packages.nix @@ -0,0 +1,81 @@ +{ pkgs, ... }: +{ + environment.systemPackages = with pkgs; [ + # yubikey packages + gnupg + yubikey-personalization + yubikey-personalization-gui + yubico-pam + yubioath-flutter + yubikey-manager + yubikey-manager-qt + yubico-piv-tool + cfssl + pcsctools + pcscliteWithPolkit.out + + # ledger packages + ledger-live-desktop + + # pinentry + + # theme related + adwaita-icon-theme + + # kde-connect + xdg-desktop-portal + + # bluetooth + bluez + + # lsp-related ------------------------------- + # nix + # latex + texlab + ghostscript_headless + # wireguard + wireguard-tools + # rust + rust-analyzer + clippy + rustfmt + # go + go + gopls + # zig + zig + zls + # cpp + clang-tools + # + cuda + cudatoolkit + #lsp-bridge / python + gcc + gdb + (python3.withPackages (ps: with ps; [ jupyter ipython pyqt5 epc orjson sexpdata six setuptools paramiko numpy pandas scipy matplotlib requests debugpy flake8 gnureadline python-lsp-server ])) + # (python3.withPackages(ps: with ps; [ jupyter ipython pyqt5 numpy pandas scipy matplotlib requests debugpy flake8 gnureadline python-lsp-server])) + # -------------------------------------------- + + (stdenv.mkDerivation { + name = "oama"; + + src = pkgs.fetchurl { + name = "oama"; + url = "https://github.com/pdobsan/oama/releases/download/0.13.1/oama-0.13.1-Linux-x86_64-static.tgz"; + sha256 = "sha256-OTdCObVfnMPhgZxVtZqehgUXtKT1iyqozdkPIV+i3Gc="; + }; + + phases = [ + "unpackPhase" + ]; + + unpackPhase = '' + mkdir -p $out/bin + tar xvf $src -C $out/ + mv $out/oama-0.13.1-Linux-x86_64-static/oama $out/bin/ + ''; + + }) + + ]; +} diff --git a/profiles/common/nixos/polkit.nix b/profiles/common/nixos/polkit.nix new file mode 100644 index 0000000..758bfca --- /dev/null +++ b/profiles/common/nixos/polkit.nix @@ -0,0 +1,4 @@ +{ ... }: +{ + security.polkit.enable = true; +} diff --git a/profiles/common/nixos/programs.nix b/profiles/common/nixos/programs.nix new file mode 100644 index 0000000..f2f05ac --- /dev/null +++ b/profiles/common/nixos/programs.nix @@ -0,0 +1,8 @@ +{ ... }: +{ + programs = { + dconf.enable = true; + evince.enable = true; + kdeconnect.enable = true; + }; +} diff --git a/profiles/common/nixos/sops.nix b/profiles/common/nixos/sops.nix new file mode 100644 index 0000000..4308d0f --- /dev/null +++ b/profiles/common/nixos/sops.nix @@ -0,0 +1,32 @@ +{ config, ... }: +{ + sops = { + + defaultSopsFile = "${config.users.users.swarsel.home}/.dotfiles/secrets/general/secrets.yaml"; + validateSopsFiles = false; + + secrets = { + swarseluser = { neededForUsers = true; }; + ernest = { }; + frauns = { }; + hotspot = { }; + eduid = { }; + edupass = { }; + handyhotspot = { }; + vpnuser = { }; + vpnpass = { }; + }; + templates = { + "network-manager.env".content = '' + ERNEST=${config.sops.placeholder.ernest} + FRAUNS=${config.sops.placeholder.frauns} + HOTSPOT=${config.sops.placeholder.hotspot} + EDUID=${config.sops.placeholder.eduid} + EDUPASS=${config.sops.placeholder.edupass} + HANDYHOTSPOT=${config.sops.placeholder.handyhotspot} + VPNUSER=${config.sops.placeholder.vpnuser} + VPNPASS=${config.sops.placeholder.vpnpass} + ''; + }; + }; +} diff --git a/profiles/common/nixos/store.nix b/profiles/common/nixos/store.nix new file mode 100644 index 0000000..61956f2 --- /dev/null +++ b/profiles/common/nixos/store.nix @@ -0,0 +1,7 @@ +{ ... }: +{ + nix.optimise = { + automatic = true; + dates = [ "weekly" ]; + }; +} diff --git a/profiles/common/nixos/stylix.nix b/profiles/common/nixos/stylix.nix new file mode 100644 index 0000000..9e98507 --- /dev/null +++ b/profiles/common/nixos/stylix.nix @@ -0,0 +1,5 @@ +{ ... }: +{ + # dont style GRUB with stylix + stylix.targets.grub.enable = false; # the styling makes grub more ugly +} diff --git a/profiles/common/nixos/syncthing.nix b/profiles/common/nixos/syncthing.nix new file mode 100644 index 0000000..6e4fee6 --- /dev/null +++ b/profiles/common/nixos/syncthing.nix @@ -0,0 +1,45 @@ +{ ... }: +{ + services.syncthing = { + enable = true; + user = "swarsel"; + dataDir = "/home/swarsel"; + configDir = "/home/swarsel/.config/syncthing"; + openDefaultPorts = true; + settings = { + devices = { + "magicant" = { + id = "SEH2NMT-IVRQUU5-VPW2HUQ-3GQYDBF-F6H6OY6-X3DZTUZ-LCRE2DJ-QNIXIQ2"; + }; + "sync (@oracle)" = { + id = "ETW6TST-NPK7MKZ-M4LXMHA-QUPQHDT-VTSHH5X-CR5EIN2-YU7E55F-MGT7DQB"; + }; + "server1" = { + id = "ZXWVC4X-IIARITZ-MERZPHN-HD55Y6G-QJM2GTB-6BWYXMR-DTO3TS2-QDBREQQ"; + }; + }; + folders = { + "Default Folder" = { + path = "/home/swarsel/Sync"; + devices = [ "sync (@oracle)" ]; + id = "default"; + }; + "Obsidian" = { + path = "/home/swarsel/Nextcloud/Obsidian"; + devices = [ "sync (@oracle)" ]; + id = "yjvni-9eaa7"; + }; + "Org" = { + path = "/home/swarsel/Nextcloud/Org"; + devices = [ "sync (@oracle)" ]; + id = "a7xnl-zjj3d"; + }; + "Vpn" = { + path = "/home/swarsel/Vpn"; + devices = [ "sync (@oracle)" ]; + id = "hgp9s-fyq3p"; + }; + }; + }; + }; +} diff --git a/profiles/common/nixos/systemd.nix b/profiles/common/nixos/systemd.nix new file mode 100644 index 0000000..4b28913 --- /dev/null +++ b/profiles/common/nixos/systemd.nix @@ -0,0 +1,8 @@ +{ ... }: +{ + # systemd + systemd.extraConfig = '' + DefaultTimeoutStartSec=60s + DefaultTimeoutStopSec=15s + ''; +} diff --git a/profiles/common/nixos/time.nix b/profiles/common/nixos/time.nix new file mode 100644 index 0000000..b3b0f2a --- /dev/null +++ b/profiles/common/nixos/time.nix @@ -0,0 +1,22 @@ +{ ... }: +{ + time = { + timeZone = "Europe/Vienna"; + hardwareClockInLocalTime = true; + }; + + i18n = { + defaultLocale = "en_US.UTF-8"; + extraLocaleSettings = { + LC_ADDRESS = "de_AT.UTF-8"; + LC_IDENTIFICATION = "de_AT.UTF-8"; + LC_MEASUREMENT = "de_AT.UTF-8"; + LC_MONETARY = "de_AT.UTF-8"; + LC_NAME = "de_AT.UTF-8"; + LC_NUMERIC = "de_AT.UTF-8"; + LC_PAPER = "de_AT.UTF-8"; + LC_TELEPHONE = "de_AT.UTF-8"; + LC_TIME = "de_AT.UTF-8"; + }; + }; +} diff --git a/profiles/common/nixos/users.nix b/profiles/common/nixos/users.nix new file mode 100644 index 0000000..45f8046 --- /dev/null +++ b/profiles/common/nixos/users.nix @@ -0,0 +1,13 @@ +{ pkgs, config, ... }: +{ + users = { + mutableUsers = false; + users.swarsel = { + isNormalUser = true; + description = "Leon S"; + hashedPasswordFile = config.sops.secrets.swarseluser.path; + extraGroups = [ "networkmanager" "wheel" "lp" "audio" "video" "vboxusers" "scanner" ]; + packages = with pkgs; [ ]; + }; + }; +} diff --git a/profiles/common/nixos/xserver.nix b/profiles/common/nixos/xserver.nix new file mode 100644 index 0000000..54aa9de --- /dev/null +++ b/profiles/common/nixos/xserver.nix @@ -0,0 +1,9 @@ +{ ... }: +{ + services.xserver = { + xkb = { + layout = "us"; + variant = "altgr-intl"; + }; + }; +} diff --git a/profiles/common/nixos/zsh.nix b/profiles/common/nixos/zsh.nix new file mode 100644 index 0000000..db2ced4 --- /dev/null +++ b/profiles/common/nixos/zsh.nix @@ -0,0 +1,7 @@ +{ pkgs, ... }: +{ + programs.zsh.enable = true; + users.defaultUserShell = pkgs.zsh; + environment.shells = with pkgs; [ zsh ]; + environment.pathsToLink = [ "/share/zsh" ]; +} diff --git a/profiles/fourside/default.nix b/profiles/fourside/default.nix new file mode 100644 index 0000000..a55c7f4 --- /dev/null +++ b/profiles/fourside/default.nix @@ -0,0 +1,23 @@ +{ inputs, outputs, ... }: +{ + + imports = [ + inputs.nixos-hardware.nixosModules.lenovo-thinkpad-p14s-amd-gen2 + ./hardware-configuration.nix + ./nixos.nix + inputs.home-manager.nixosModules.home-manager + { + home-manager.users.swarsel.imports = outputs.mixedModules ++ [ + ./home.nix + ]; + } + ]; + + nixpkgs = { + overlays = outputs.overlays; + config = { + allowUnfree = true; + }; + }; + +} diff --git a/profiles/fourside/hardware-configuration.nix b/profiles/fourside/hardware-configuration.nix index 5c12a93..775c6f9 100644 --- a/profiles/fourside/hardware-configuration.nix +++ b/profiles/fourside/hardware-configuration.nix @@ -39,6 +39,6 @@ # networking.interfaces.wlp3s0.useDHCP = lib.mkDefault true; # networking.interfaces.wwan0.useDHCP = lib.mkDefault true; - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + nixpkgs.hostPlatform = "x86_64-linux"; hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; } diff --git a/profiles/fourside/home.nix b/profiles/fourside/home.nix index 5fac774..25d727f 100644 --- a/profiles/fourside/home.nix +++ b/profiles/fourside/home.nix @@ -81,7 +81,7 @@ eDP-1 = { mode = "1920x1080"; # TEMPLATE scale = "1"; - position = "1920,0"; + position = "2560,0"; # bg = "~/.dotfiles/wallpaper/lenovowp.png fill"; }; DP-4 = { diff --git a/profiles/fourside/nixos.nix b/profiles/fourside/nixos.nix index 05b081c..0bf04c0 100644 --- a/profiles/fourside/nixos.nix +++ b/profiles/fourside/nixos.nix @@ -2,17 +2,6 @@ { - # - # imports = - # [ - # ./hardware-configuration.nix - # ]; - # - imports = - [ - ./hardware-configuration.nix - ]; - services = { getty.autologinUser = "swarsel"; greetd.settings.initial_session.user = "swarsel"; @@ -147,13 +136,6 @@ }; }; - users.users.swarsel = { - isNormalUser = true; - description = "Leon S"; - hashedPasswordFile = config.sops.secrets.swarseluser.path; - extraGroups = [ "networkmanager" "wheel" "lp" "audio" "video" "vboxusers" "scanner" ]; - packages = with pkgs; [ ]; - }; environment.systemPackages = with pkgs; [ # gog games installing diff --git a/profiles/home-manager/home.nix b/profiles/home-manager/home.nix index d44d4e3..ee10a26 100644 --- a/profiles/home-manager/home.nix +++ b/profiles/home-manager/home.nix @@ -1,4 +1,4 @@ -{ config, pkgs, lib, fetchFromGitHub, ... }: +{ config, pkgs, ... }: { programs.home-manager.enable = true; diff --git a/profiles/remote/oracle/matrix/nixos.nix b/profiles/remote/oracle/matrix/nixos.nix index df024e6..029a599 100644 --- a/profiles/remote/oracle/matrix/nixos.nix +++ b/profiles/remote/oracle/matrix/nixos.nix @@ -17,9 +17,9 @@ in ffmpeg ]; - services.xserver = { + services.xserver.xkb = { layout = "us"; - xkbVariant = "altgr-intl"; + variant = "altgr-intl"; }; nix.settings.experimental-features = [ "nix-command" "flakes" ]; diff --git a/profiles/remote/oracle/sync/nixos.nix b/profiles/remote/oracle/sync/nixos.nix index 7aa1845..22c8dbd 100644 --- a/profiles/remote/oracle/sync/nixos.nix +++ b/profiles/remote/oracle/sync/nixos.nix @@ -11,9 +11,9 @@ ssh-to-age ]; - services.xserver = { + services.xserver.xkb = { layout = "us"; - xkbVariant = "altgr-intl"; + variant = "altgr-intl"; }; nix.settings.experimental-features = [ "nix-command" "flakes" ]; diff --git a/profiles/sandbox/disk-config.nix b/profiles/sandbox/disk-config.nix new file mode 100644 index 0000000..75ae234 --- /dev/null +++ b/profiles/sandbox/disk-config.nix @@ -0,0 +1,56 @@ +# Example to create a bios compatible gpt partition +{ lib, ... }: +{ + disko.devices = { + disk.disk1 = { + device = lib.mkDefault "/dev/sda"; + type = "disk"; + content = { + type = "gpt"; + partitions = { + boot = { + name = "boot"; + size = "1M"; + type = "EF02"; + }; + esp = { + name = "ESP"; + size = "500M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + }; + }; + root = { + name = "root"; + size = "100%"; + content = { + type = "lvm_pv"; + vg = "pool"; + }; + }; + }; + }; + }; + lvm_vg = { + pool = { + type = "lvm_vg"; + lvs = { + root = { + size = "100%FREE"; + content = { + type = "filesystem"; + format = "ext4"; + mountpoint = "/"; + mountOptions = [ + "defaults" + ]; + }; + }; + }; + }; + }; + }; +} diff --git a/profiles/sandbox/hardware-configuration.nix b/profiles/sandbox/hardware-configuration.nix index 677023d..77e701a 100644 --- a/profiles/sandbox/hardware-configuration.nix +++ b/profiles/sandbox/hardware-configuration.nix @@ -15,10 +15,10 @@ boot.kernelModules = [ "kvm-intel" ]; boot.extraModulePackages = [ ]; - fileSystems."/" = { - device = "/dev/disk/by-uuid/147e3682-eb15-4e96-9cac-4f2fb5888a69"; - fsType = "ext4"; - }; + # fileSystems."/" = { + # device = "/dev/disk/by-uuid/147e3682-eb15-4e96-9cac-4f2fb5888a69"; + # fsType = "ext4"; + # }; swapDevices = [ ]; diff --git a/profiles/sandbox/nixos.nix b/profiles/sandbox/nixos.nix index 5d1e769..d1bccff 100644 --- a/profiles/sandbox/nixos.nix +++ b/profiles/sandbox/nixos.nix @@ -8,18 +8,21 @@ in ./hardware-configuration.nix ]; - boot.loader.grub = { - enable = true; - device = "/dev/sda"; - useOSProber = true; - supportedFilesystems = [ "zfs" ]; + boot = { zfs.forceImportRoot = false; + supportedFilesystems = [ "zfs" ]; kernelModules = [ "tun" ]; kernel.sysctl = { "net.ipv4.conf.all.rp_filter" = 2; "net.ipv4.conf.default.rp_filter" = 2; "net.ipv4.conf.enp7s0.rp_filter" = 2; }; + + loader.grub = { + enable = true; + device = "/dev/sda"; + useOSProber = true; + }; }; networking = { @@ -38,19 +41,19 @@ in }; }; - hardware.graphics = { - enable = true; - hardware.enableAllFirmware = true; - extraPackages = with pkgs; [ - intel-media-driver # LIBVA_DRIVER_NAME=iHD - vaapiIntel # LIBVA_DRIVER_NAME=i965 (older but works better for Firefox/Chromium) - vaapiVdpau - libvdpau-va-gl - ]; - }; + nixpkgs.config.allowUnfree = true; - sound = { - enable = true; + hardware = { + enableAllFirmware = true; + graphics = { + enable = true; + extraPackages = with pkgs; [ + intel-media-driver # LIBVA_DRIVER_NAME=iHD + vaapiIntel # LIBVA_DRIVER_NAME=i965 (older but works better for Firefox/Chromium) + vaapiVdpau + libvdpau-va-gl + ]; + }; }; users = { @@ -266,9 +269,9 @@ in }; services = { - xserver = { + xserver.xkb = { layout = "us"; - xkbVariant = "altgr-intl"; + variant = "altgr-intl"; }; openssh = { @@ -390,7 +393,7 @@ in kavita = { enable = true; user = "kavita"; - port = 8080; + settings.port = 8080; tokenKeyFile = config.sops.secrets.kavita.path; }; @@ -804,7 +807,7 @@ in publish.enable = true; publish.userServices = true; # ^^ Needed to allow samba to automatically register mDNS records without the need for an `extraServiceFile` - nssmdns = true; + nssmdns4 = true; # ^^ Not one hundred percent sure if this is needed- if it aint broke, don't fix it enable = true; }; diff --git a/profiles/server1/TEMPLATE/nixos.nix b/profiles/server1/TEMPLATE/nixos.nix index 6b1a8ca..e49c3cf 100644 --- a/profiles/server1/TEMPLATE/nixos.nix +++ b/profiles/server1/TEMPLATE/nixos.nix @@ -11,9 +11,9 @@ ssh-to-age ]; - services.xserver = { + services.xserver.xkb = { layout = "us"; - xkbVariant = "altgr-intl"; + variant = "altgr-intl"; }; nix.settings.experimental-features = [ "nix-command" "flakes" ]; diff --git a/profiles/server1/calibre/nixos.nix b/profiles/server1/calibre/nixos.nix index 68a4ffb..b8cb066 100644 --- a/profiles/server1/calibre/nixos.nix +++ b/profiles/server1/calibre/nixos.nix @@ -22,9 +22,9 @@ ]; }; - services.xserver = { + services.xserver.xkb = { layout = "us"; - xkbVariant = "altgr-intl"; + variant = "altgr-intl"; }; nix.settings.experimental-features = [ "nix-command" "flakes" ]; diff --git a/profiles/server1/jellyfin/nixos.nix b/profiles/server1/jellyfin/nixos.nix index f4f1c9c..c37c22c 100644 --- a/profiles/server1/jellyfin/nixos.nix +++ b/profiles/server1/jellyfin/nixos.nix @@ -24,9 +24,9 @@ extraGroups = [ "video" "render" ]; }; - services.xserver = { + services.xserver.xkb = { layout = "us"; - xkbVariant = "altgr-intl"; + variant = "altgr-intl"; }; nix.settings.experimental-features = [ "nix-command" "flakes" ]; diff --git a/profiles/server1/matrix/nixos.nix b/profiles/server1/matrix/nixos.nix index 36394df..827d9c7 100644 --- a/profiles/server1/matrix/nixos.nix +++ b/profiles/server1/matrix/nixos.nix @@ -6,9 +6,9 @@ in services = { - xserver = { + xserver.xkb = { layout = "us"; - xkbVariant = "altgr-intl"; + variant = "altgr-intl"; }; openssh = { enable = true; diff --git a/profiles/server1/nginx/nixos.nix b/profiles/server1/nginx/nixos.nix index 447eecd..731d17b 100644 --- a/profiles/server1/nginx/nixos.nix +++ b/profiles/server1/nginx/nixos.nix @@ -13,9 +13,9 @@ nginx ]; - services.xserver = { + services.xserver.xkb = { layout = "us"; - xkbVariant = "altgr-intl"; + variant = "altgr-intl"; }; nix.settings.experimental-features = [ "nix-command" "flakes" ]; diff --git a/profiles/server1/paperless/nixos.nix b/profiles/server1/paperless/nixos.nix index 3bb074c..323413e 100644 --- a/profiles/server1/paperless/nixos.nix +++ b/profiles/server1/paperless/nixos.nix @@ -10,9 +10,9 @@ services = { - xserver = { + xserver.xkb = { layout = "us"; - xkbVariant = "altgr-intl"; + variant = "altgr-intl"; }; openssh = { enable = true; diff --git a/profiles/server1/sound/nixos.nix b/profiles/server1/sound/nixos.nix index fd1099a..cdb0316 100644 --- a/profiles/server1/sound/nixos.nix +++ b/profiles/server1/sound/nixos.nix @@ -10,9 +10,9 @@ services = { - xserver = { + xserver.xkb = { layout = "us"; - xkbVariant = "altgr-intl"; + variant = "altgr-intl"; }; openssh = { enable = true; diff --git a/profiles/server1/spotifyd/nixos.nix b/profiles/server1/spotifyd/nixos.nix index 75d9483..90506b9 100644 --- a/profiles/server1/spotifyd/nixos.nix +++ b/profiles/server1/spotifyd/nixos.nix @@ -10,9 +10,9 @@ services = { - xserver = { + xserver.xkb = { layout = "us"; - xkbVariant = "altgr-intl"; + variant = "altgr-intl"; }; openssh = { enable = true; diff --git a/profiles/server1/transmission/nixos.nix b/profiles/server1/transmission/nixos.nix index 4471666..b94a621 100644 --- a/profiles/server1/transmission/nixos.nix +++ b/profiles/server1/transmission/nixos.nix @@ -37,9 +37,9 @@ home = "/home/vpn"; }; - services.xserver = { + services.xserver.xkb = { layout = "us"; - xkbVariant = "altgr-intl"; + variant = "altgr-intl"; }; nix.settings.experimental-features = [ "nix-command" "flakes" ];