swarsel/.dotfiles
1
0
Fork 0
mirror of https://github.com/Swarsel/.dotfiles.git synced 2025-12-06 00:57:22 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix[work,client]: get home-manager working on dgx
Some checks failed
Flake check / Check flake (push) Has been cancelled
Details

Browse source
This commit is contained in:
Leon Schwarzäugl 2025-10-31 15:04:59 +01:00
parent c8a49d4f47
commit 64e6a9c159
Signed by: swarsel
GPG key ID: 26A54C31F2A4FD84
18 changed files with 972 additions and 889 deletions
Download patch file Download diff file Expand all files Collapse all files

109
modules/home/common/anki.nix
View file

@ -1,65 +1,66 @@
{ lib, config, pkgs, globals, nixosConfig ? config, ... }:
{ lib, config, pkgs, globals, inputs, nixosConfig ? config, ... }:
let
moduleName = "anki";
inherit (config.swarselsystems) isPublic isNixos;
in
{
options.swarselmodules.${moduleName} = lib.mkEnableOption "enable ${moduleName} and settings";
config = lib.mkIf config.swarselmodules.${moduleName} {
config = lib.mkIf config.swarselmodules.${moduleName}
({
sops = lib.mkIf (!isPublic && !isNixos) {
secrets = {
anki-user = { };
anki-pw = { };
programs.anki = {
enable = true;
# # package = pkgs.anki;
hideBottomBar = true;
hideBottomBarMode = "always";
hideTopBar = true;
hideTopBarMode = "always";
reduceMotion = true;
spacebarRatesCard = true;
# videoDriver = "opengl";
sync = {
autoSync = false; # sync on profile close will delay system shutdown
syncMedia = true;
autoSyncMediaMinutes = 5;
url = "https://${globals.services.ankisync.domain}";
usernameFile = nixosConfig.sops.secrets.anki-user.path;
# this is not the password but the syncKey
# get it by logging in or out, saving preferences and then
# show details on the "settings wont be saved" dialog
keyFile = nixosConfig.sops.secrets.anki-pw.path;
};
addons =
let
minimize-to-tray = pkgs.anki-utils.buildAnkiAddon
(finalAttrs: {
pname = "minimize-to-tray";
version = "2.0.1";
src = pkgs.fetchFromGitHub {
owner = "simgunz";
repo = "anki21-addons_minimize-to-tray";
rev = finalAttrs.version;
sparseCheckout = [ "src" ];
hash = "sha256-xmvbIOfi9K0yEUtUNKtuvv2Vmqrkaa4Jie6J1s+FuqY=";
};
sourceRoot = "${finalAttrs.src.name}/src";
});
in
[
(minimize-to-tray.withConfig
{
config = {
hide_on_startup = "true";
};
})
];
};
};
programs.anki = {
enable = true;
# # package = pkgs.anki;
hideBottomBar = true;
hideBottomBarMode = "always";
hideTopBar = true;
hideTopBarMode = "always";
reduceMotion = true;
spacebarRatesCard = true;
# videoDriver = "opengl";
sync = {
autoSync = false; # sync on profile close will delay system shutdown
syncMedia = true;
autoSyncMediaMinutes = 5;
url = "https://${globals.services.ankisync.domain}";
usernameFile = nixosConfig.sops.secrets.anki-user.path;
# this is not the password but the syncKey
# get it by logging in or out, saving preferences and then
# show details on the "settings wont be saved" dialog
keyFile = nixosConfig.sops.secrets.anki-pw.path;
} // lib.optionalAttrs (inputs ? sops) {
sops = lib.mkIf (!isPublic && !isNixos) {
secrets = {
anki-user = { };
anki-pw = { };
};
};
addons =
let
minimize-to-tray = pkgs.anki-utils.buildAnkiAddon
(finalAttrs: {
pname = "minimize-to-tray";
version = "2.0.1";
src = pkgs.fetchFromGitHub {
owner = "simgunz";
repo = "anki21-addons_minimize-to-tray";
rev = finalAttrs.version;
sparseCheckout = [ "src" ];
hash = "sha256-xmvbIOfi9K0yEUtUNKtuvv2Vmqrkaa4Jie6J1s+FuqY=";
};
sourceRoot = "${finalAttrs.src.name}/src";
});
in
[
(minimize-to-tray.withConfig
{
config = {
hide_on_startup = "true";
};
})
];
};
};
});
}

37
modules/home/common/emacs.nix
View file

@ -5,23 +5,8 @@ let
in
{
options.swarselmodules.emacs = lib.mkEnableOption "emacs settings";
config = lib.mkIf config.swarselmodules.emacs {
config = lib.mkIf config.swarselmodules.emacs ({
# needed for elfeed
sops = lib.mkIf (!isPublic && !isNixos) {
secrets = {
fever-pw = { path = "${homeDir}/.emacs.d/.fever"; };
emacs-radicale-pw = { };
};
templates = {
authinfo = {
path = "${homeDir}/.emacs.d/.authinfo";
content = ''
machine ${globals.services.radicale.domain} login ${radicaleUser} password ${config.sops.placeholder.emacs-radicale-pw}
'';
};
};
};
# enable emacs overlay for bleeding edge features
# also read init.el file and install use-package packages
programs.emacs = {
@ -91,5 +76,23 @@ in
socketActivation.enable = false;
startWithUserSession = "graphical";
};
};
} // lib.optionalAttrs (inputs ? sops) {
sops = lib.mkIf (!isPublic && !isNixos) {
secrets = {
fever-pw = { path = "${homeDir}/.emacs.d/.fever"; };
emacs-radicale-pw = { };
};
templates = {
authinfo = {
path = "${homeDir}/.emacs.d/.authinfo";
content = ''
machine ${globals.services.radicale.domain} login ${radicaleUser} password ${config.sops.placeholder.emacs-radicale-pw}
'';
};
};
};
});
}

325
modules/home/common/mail.nix
View file

@ -1,4 +1,4 @@
{ lib, config, nixosConfig ? config, ... }:
{ lib, config, inputs, nixosConfig ? config, ... }:
let
inherit (nixosConfig.repo.secrets.common.mail) address1 address2 address2-name address3 address3-name address4 address4-user address4-host;
inherit (nixosConfig.repo.secrets.common) fullName;
@ -6,186 +6,187 @@ let
in
{
options.swarselmodules.mail = lib.mkEnableOption "mail settings";
config = lib.mkIf config.swarselmodules.mail {
config = lib.mkIf config.swarselmodules.mail
({
sops.secrets = lib.mkIf (!config.swarselsystems.isPublic && !config.swarselsystems.isNixos) {
address1-token = { path = "${xdgDir}/secrets/address1-token"; };
address2-token = { path = "${xdgDir}/secrets/address2-token"; };
address3-token = { path = "${xdgDir}/secrets/address3-token"; };
address4-token = { path = "${xdgDir}/secrets/address4-token"; };
};
programs = {
mbsync = {
enable = true;
};
msmtp = {
enable = true;
};
mu = {
enable = true;
};
};
services.mbsync = {
enable = true;
};
# this is needed so that mbsync can use the passwords from sops
systemd.user.services.mbsync.Unit.After = [ "sops-nix.service" ];
programs.thunderbird = {
enable = true;
profiles.default = {
isDefault = true;
withExternalGnupg = true;
settings = {
"mail.identity.default.archive_enabled" = true;
"mail.identity.default.archive_keep_folder_structure" = true;
"mail.identity.default.compose_html" = false;
"mail.identity.default.protectSubject" = true;
"mail.identity.default.reply_on_top" = 1;
"mail.identity.default.sig_on_reply" = false;
"mail.identity.default.sig_bottom" = false;
"gfx.webrender.all" = true;
"gfx.webrender.enabled" = true;
programs = {
mbsync = {
enable = true;
};
msmtp = {
enable = true;
};
mu = {
enable = true;
};
};
settings = {
"mail.server.default.allow_utf8_accept" = true;
"mail.server.default.max_articles" = 1000;
"mail.server.default.check_all_folders_for_new" = true;
"mail.show_headers" = 1;
"mail.identity.default.auto_quote" = true;
"mail.identity.default.attachPgpKey" = true;
"mailnews.default_sort_order" = 2;
"mailnews.default_sort_type" = 18;
"mailnews.default_view_flags" = 0;
"mailnews.sort_threads_by_root" = true;
"mailnews.headers.showMessageId" = true;
"mailnews.headers.showOrganization" = true;
"mailnews.headers.showReferences" = true;
"mailnews.headers.showUserAgent" = true;
"mail.imap.expunge_after_delete" = true;
"mail.server.default.delete_model" = 2;
"mail.warn_on_delete_from_trash" = false;
"mail.warn_on_shift_delete" = false;
"toolkit.telemetry.enabled" = false;
"toolkit.telemetry.rejected" = true;
"toolkit.telemetry.prompted" = 2;
"app.update.auto" = false;
"privacy.donottrackheader.enabled" = true;
services.mbsync = {
enable = true;
};
};
# this is needed so that mbsync can use the passwords from sops
systemd.user.services.mbsync.Unit.After = [ "sops-nix.service" ];
xdg.mimeApps.defaultApplications = {
"x-scheme-handler/mailto" = [ "thunderbird.desktop" ];
"x-scheme-handler/mid" = [ "thunderbird.desktop" ];
"message/rfc822" = [ "thunderbird.desktop" ];
};
programs.thunderbird = {
enable = true;
profiles.default = {
isDefault = true;
withExternalGnupg = true;
settings = {
"mail.identity.default.archive_enabled" = true;
"mail.identity.default.archive_keep_folder_structure" = true;
"mail.identity.default.compose_html" = false;
"mail.identity.default.protectSubject" = true;
"mail.identity.default.reply_on_top" = 1;
"mail.identity.default.sig_on_reply" = false;
"mail.identity.default.sig_bottom" = false;
accounts = lib.mkIf (config.swarselsystems.isNixos && !config.swarselsystems.isPublic) {
email =
let
defaultSettings = {
imap = {
host = "imap.gmail.com";
port = 993;
tls.enable = true; # SSL/TLS
};
smtp = {
host = "smtp.gmail.com";
port = 465;
tls.enable = true; # SSL/TLS
};
thunderbird = {
enable = true;
profiles = [ "default" ];
};
mu.enable = true;
msmtp = {
enable = true;
};
mbsync = {
enable = true;
create = "maildir";
expunge = "both";
patterns = [ "*" "![Gmail]*" "[Gmail]/Sent Mail" "[Gmail]/Starred" "[Gmail]/All Mail" ];
extraConfig = {
channel = {
Sync = "All";
};
account = {
Timeout = 120;
PipelineDepth = 1;
AuthMechs = "LOGIN";
};
};
};
"gfx.webrender.all" = true;
"gfx.webrender.enabled" = true;
};
in
{
maildirBasePath = "Mail";
accounts = {
swarsel = {
address = address4;
userName = address4-user;
realName = fullName;
passwordCommand = "cat ${nixosConfig.sops.secrets.address4-token.path}";
smtp = {
host = address4-host;
port = 587;
tls = {
enable = true;
useStartTls = true;
};
};
settings = {
"mail.server.default.allow_utf8_accept" = true;
"mail.server.default.max_articles" = 1000;
"mail.server.default.check_all_folders_for_new" = true;
"mail.show_headers" = 1;
"mail.identity.default.auto_quote" = true;
"mail.identity.default.attachPgpKey" = true;
"mailnews.default_sort_order" = 2;
"mailnews.default_sort_type" = 18;
"mailnews.default_view_flags" = 0;
"mailnews.sort_threads_by_root" = true;
"mailnews.headers.showMessageId" = true;
"mailnews.headers.showOrganization" = true;
"mailnews.headers.showReferences" = true;
"mailnews.headers.showUserAgent" = true;
"mail.imap.expunge_after_delete" = true;
"mail.server.default.delete_model" = 2;
"mail.warn_on_delete_from_trash" = false;
"mail.warn_on_shift_delete" = false;
"toolkit.telemetry.enabled" = false;
"toolkit.telemetry.rejected" = true;
"toolkit.telemetry.prompted" = 2;
"app.update.auto" = false;
"privacy.donottrackheader.enabled" = true;
};
};
xdg.mimeApps.defaultApplications = {
"x-scheme-handler/mailto" = [ "thunderbird.desktop" ];
"x-scheme-handler/mid" = [ "thunderbird.desktop" ];
"message/rfc822" = [ "thunderbird.desktop" ];
};
accounts = lib.mkIf (config.swarselsystems.isNixos && !config.swarselsystems.isPublic) {
email =
let
defaultSettings = {
imap = {
host = "imap.gmail.com";
port = 993;
tls.enable = true; # SSL/TLS
};
mu.enable = false;
smtp = {
host = "smtp.gmail.com";
port = 465;
tls.enable = true; # SSL/TLS
};
thunderbird = {
enable = true;
profiles = [ "default" ];
};
mu.enable = true;
msmtp = {
enable = true;
};
mbsync = {
enable = false;
enable = true;
create = "maildir";
expunge = "both";
patterns = [ "*" "![Gmail]*" "[Gmail]/Sent Mail" "[Gmail]/Starred" "[Gmail]/All Mail" ];
extraConfig = {
channel = {
Sync = "All";
};
account = {
Timeout = 120;
PipelineDepth = 1;
AuthMechs = "LOGIN";
};
};
};
};
leon = lib.recursiveUpdate
{
primary = true;
address = address1;
userName = address1;
in
{
maildirBasePath = "Mail";
accounts = {
swarsel = {
address = address4;
userName = address4-user;
realName = fullName;
passwordCommand = "cat ${nixosConfig.sops.secrets.address1-token.path}";
gpg = {
key = "0x76FD3810215AE097";
signByDefault = true;
passwordCommand = "cat ${nixosConfig.sops.secrets.address4-token.path}";
smtp = {
host = address4-host;
port = 587;
tls = {
enable = true;
useStartTls = true;
};
};
}
defaultSettings;
mu.enable = false;
msmtp = {
enable = true;
};
mbsync = {
enable = false;
};
};
nautilus = lib.recursiveUpdate
{
primary = false;
address = address2;
userName = address2;
realName = address2-name;
passwordCommand = "cat ${nixosConfig.sops.secrets.address2-token.path}";
}
defaultSettings;
leon = lib.recursiveUpdate
{
primary = true;
address = address1;
userName = address1;
realName = fullName;
passwordCommand = "cat ${nixosConfig.sops.secrets.address1-token.path}";
gpg = {
key = "0x76FD3810215AE097";
signByDefault = true;
};
}
defaultSettings;
mrswarsel = lib.recursiveUpdate
{
primary = false;
address = address3;
userName = address3;
realName = address3-name;
passwordCommand = "cat ${nixosConfig.sops.secrets.address3-token.path}";
}
defaultSettings;
nautilus = lib.recursiveUpdate
{
primary = false;
address = address2;
userName = address2;
realName = address2-name;
passwordCommand = "cat ${nixosConfig.sops.secrets.address2-token.path}";
}
defaultSettings;
mrswarsel = lib.recursiveUpdate
{
primary = false;
address = address3;
userName = address3;
realName = address3-name;
passwordCommand = "cat ${nixosConfig.sops.secrets.address3-token.path}";
}
defaultSettings;
};
};
};
};
};
};
} // lib.optionalAttrs (inputs ? sops) {
sops.secrets = lib.mkIf (!config.swarselsystems.isPublic && !config.swarselsystems.isNixos) {
address1-token = { path = "${xdgDir}/secrets/address1-token"; };
address2-token = { path = "${xdgDir}/secrets/address2-token"; };
address3-token = { path = "${xdgDir}/secrets/address3-token"; };
address4-token = { path = "${xdgDir}/secrets/address4-token"; };
};
});
}

8
modules/home/common/nixgl.nix
View file

@ -1,4 +1,4 @@
{ lib, config, nixgl, ... }:
{ lib, config, inputs, ... }:
{
options.swarselmodules.nixgl = lib.mkEnableOption "nixgl settings";
options.swarselsystems = {
@ -10,11 +10,11 @@
};
config = lib.mkIf config.swarselmodules.nixgl {
nixGL = lib.mkIf (!config.swarselsystems.isNixos) {
inherit (nixgl) packages;
inherit (inputs.nixgl) packages;
defaultWrapper = lib.mkDefault "mesa";
vulkan.enable = lib.mkDefault false;
prime = lib.mkIf config.swarselsystem.isSecondaryGpu {
card = config.swarselsystem.secondaryGpuCard;
prime = lib.mkIf config.swarselsystems.isSecondaryGpu {
card = config.swarselsystems.secondaryGpuCard;
installScript = "mesa";
};
offloadWrapper = lib.mkIf config.swarselsystem.isSecondaryGpu "mesaPrime";

127
modules/home/common/settings.nix
View file

@ -4,68 +4,75 @@ let
in
{
options.swarselmodules.general = lib.mkEnableOption "general nix settings";
config = lib.mkIf config.swarselmodules.general {
nix = lib.mkIf (!config.swarselsystems.isNixos) {
package = lib.mkForce pkgs.nixVersions.nix_2_28;
# extraOptions = ''
# plugin-files = ${pkgs.dev.nix-plugins}/lib/nix/plugins
# extra-builtins-file = ${self + /nix/extra-builtins.nix}
# '';
extraOptions = ''
plugin-files = ${pkgs.nix-plugins.overrideAttrs (o: {
buildInputs = [config.nix.package pkgs.boost];
patches = o.patches or [];
})}/lib/nix/plugins
extra-builtins-file = ${self + /nix/extra-builtins.nix}
'';
settings = {
experimental-features = [
"nix-command"
"flakes"
"ca-derivations"
"cgroups"
"pipe-operators"
config =
let
nix-version = "2_30";
in
lib.mkIf config.swarselmodules.general {
nix = lib.mkIf (!config.swarselsystems.isNixos) {
package = lib.mkForce pkgs.nixVersions."nix_${nix-version}";
# extraOptions = ''
# plugin-files = ${pkgs.dev.nix-plugins}/lib/nix/plugins
# extra-builtins-file = ${self + /nix/extra-builtins.nix}
# '';
extraOptions =
let
nix-plugins = pkgs.nix-plugins.override {
nixComponents = pkgs.nixVersions."nixComponents_${nix-version}";
};
in
''
plugin-files = ${nix-plugins}/lib/nix/plugins
extra-builtins-file = ${self + /nix/extra-builtins.nix}
'';
settings = {
experimental-features = [
"nix-command"
"flakes"
"ca-derivations"
"cgroups"
"pipe-operators"
];
trusted-users = [ "@wheel" "${mainUser}" ];
connect-timeout = 5;
bash-prompt-prefix = "$SHLVL:\\w ";
bash-prompt = "$(if [[ $? -gt 0 ]]; then printf \"\"; else printf \"\"; fi)λ ";
fallback = true;
min-free = 128000000;
max-free = 1000000000;
auto-optimise-store = true;
warn-dirty = false;
max-jobs = 1;
use-cgroups = lib.mkIf config.swarselsystems.isLinux true;
};
};
nixpkgs.overlays = lib.mkIf config.swarselsystems.isNixos (lib.mkForce null);
programs = {
home-manager.enable = lib.mkIf (!config.swarselsystems.isNixos) true;
man = {
enable = true;
generateCaches = true;
};
};
targets.genericLinux.enable = lib.mkIf (!config.swarselsystems.isNixos) true;
home = {
username = lib.mkDefault mainUser;
homeDirectory = lib.mkDefault "/home/${mainUser}";
stateVersion = lib.mkDefault "23.05";
keyboard.layout = "us";
sessionVariables = {
FLAKE = "/home/${mainUser}/.dotfiles";
};
extraOutputsToInstall = [
"doc"
"info"
"devdoc"
];
trusted-users = [ "@wheel" "${mainUser}" ];
connect-timeout = 5;
bash-prompt-prefix = "$SHLVL:\\w ";
bash-prompt = "$(if [[ $? -gt 0 ]]; then printf \"\"; else printf \"\"; fi)λ ";
fallback = true;
min-free = 128000000;
max-free = 1000000000;
auto-optimise-store = true;
warn-dirty = false;
max-jobs = 1;
use-cgroups = lib.mkIf config.swarselsystems.isLinux true;
};
};
nixpkgs.overlays = lib.mkIf config.swarselsystems.isNixos (lib.mkForce null);
programs = {
home-manager.enable = lib.mkIf (!config.swarselsystems.isNixos) true;
man = {
enable = true;
generateCaches = true;
};
};
targets.genericLinux.enable = lib.mkIf (!config.swarselsystems.isNixos) true;
home = {
username = lib.mkDefault mainUser;
homeDirectory = lib.mkDefault "/home/${mainUser}";
stateVersion = lib.mkDefault "23.05";
keyboard.layout = "us";
sessionVariables = {
FLAKE = "/home/${mainUser}/.dotfiles";
};
extraOutputsToInstall = [
"doc"
"info"
"devdoc"
];
};
};
}

4
modules/home/common/sops.nix
View file

@ -1,10 +1,10 @@
{ config, lib, ... }:
{ config, lib, inputs, ... }:
let
inherit (config.swarselsystems) homeDir;
in
{
options.swarselmodules.sops = lib.mkEnableOption "sops settings";
config = lib.mkIf config.swarselmodules.sops {
config = lib.optionalAttrs (inputs ? sops) {
sops = {
age.sshKeyPaths = [ "${homeDir}/.ssh/sops" "${homeDir}/.ssh/ssh_host_ed25519_key" ];
defaultSopsFile = "${homeDir}/.dotfiles/secrets/general/secrets.yaml";

4
modules/home/common/ssh.nix
View file

@ -30,6 +30,10 @@
hostname = "192.168.1.136";
user = "root";
};
"dgx" = {
hostname = "192.168.48.200";
user = "swarsel";
};
"winters" = {
hostname = "192.168.178.24";
user = "root";

3
modules/home/common/sway.nix
View file

@ -1,4 +1,4 @@
{ config, lib, vars, ... }:
{ config, lib, vars, nixosConfig ? config, ... }:
let
eachOutput = _: monitor: {
inherit (monitor) name;
@ -381,6 +381,7 @@ in
export XDG_CURRENT_DESKTOP=sway;
export XDG_SESSION_DESKTOP=sway;
export _JAVA_AWT_WM_NONREPARENTING=1;
export GITHUB_NOTIFICATION_TOKEN_PATH=${nixosConfig.sops.secrets.github-notifications-token.path};
'' + vars.waylandExports;
# extraConfigEarly = "
# exec systemctl --user import-environment DISPLAY WAYLAND_DISPLAY SWAYSOCK

16
modules/home/common/waybar.nix
View file

@ -1,4 +1,4 @@
{ self, config, lib, pkgs, ... }:
{ self, config, lib, inputs, pkgs, ... }:
let
inherit (config.swarselsystems) xdgDir;
generateIcons = n: lib.concatStringsSep " " (builtins.map (x: "{icon" + toString x + "}") (lib.range 0 (n - 1)));
@ -52,7 +52,7 @@ in
internal = true;
};
};
config = lib.mkIf config.swarselmodules.waybar {
config = lib.mkIf config.swarselmodules.waybar ({
swarselsystems = {
waybarModules = lib.mkIf config.swarselsystems.isLaptop (modulesLeft ++ [
@ -60,16 +60,12 @@ in
] ++ modulesRight);
};
sops.secrets = lib.mkIf (!config.swarselsystems.isPublic && !config.swarselsystems.isNixos) {
github-notifications-token = { path = "${xdgDir}/secrets/github-notifications-token"; };
};
services.playerctld.enable = true;
programs.waybar = {
enable = true;
systemd = {
enable = true;
enable = false;
# target = "sway-session.target";
inherit (config.wayland.systemd) target;
};
@ -324,5 +320,9 @@ in
};
style = builtins.readFile (self + /files/waybar/style.css);
};
};
} // lib.optionalAttrs (inputs ? sops) {
sops.secrets = lib.mkIf (!config.swarselsystems.isPublic && !config.swarselsystems.isNixos) {
github-notifications-token = { path = "${xdgDir}/secrets/github-notifications-token"; };
};
});
}

14
modules/home/common/yubikey.nix
View file

@ -1,15 +1,11 @@
{ lib, config, nixosConfig ? config, ... }:
{ lib, config, inputs, nixosConfig ? config, ... }:
let
inherit (config.swarselsystems) homeDir;
in
{
options.swarselmodules.yubikey = lib.mkEnableOption "yubikey settings";
config = lib.mkIf config.swarselmodules.yubikey {
sops.secrets = lib.mkIf (!config.swarselsystems.isPublic) {
u2f-keys = { path = "${homeDir}/.config/Yubico/u2f_keys"; };
};
config = lib.mkIf config.swarselmodules.yubikey ({
pam.yubico.authorizedYubiKeys = lib.mkIf (config.swarselsystems.isNixos && !config.swarselsystems.isPublic) {
ids = [
@ -17,5 +13,9 @@ in
nixosConfig.repo.secrets.common.yubikeys.dev2
];
};
};
} // lib.optionalAttrs (inputs ? sops) {
sops.secrets = lib.mkIf (!config.swarselsystems.isPublic) {
u2f-keys = { path = "${homeDir}/.config/Yubico/u2f_keys"; };
};
});
}

22
modules/home/common/zsh.nix
View file

@ -1,4 +1,4 @@
{ config, pkgs, lib, minimal, globals, nixosConfig ? config, ... }:
{ config, pkgs, lib, minimal, inputs, globals, nixosConfig ? config, ... }:
let
inherit (config.swarselsystems) flakePath;
crocDomain = globals.services.croc.domain;
@ -12,12 +12,7 @@ in
};
};
config = lib.mkIf config.swarselmodules.zsh
{
sops.secrets = lib.mkIf (!config.swarselsystems.isPublic && !config.swarselsystems.isNixos) {
croc-password = { };
github-nixpkgs-review-token = { };
};
({
programs.zsh = {
enable = true;
@ -129,11 +124,18 @@ in
'';
sessionVariables = lib.mkIf (!config.swarselsystems.isPublic) {
CROC_RELAY = crocDomain;
CROC_PASS = "$(cat ${nixosConfig.sops.secrets.croc-password.path})";
GITHUB_TOKEN = "$(cat ${nixosConfig.sops.secrets.github-nixpkgs-review-token.path})";
CROC_PASS = "$(cat ${nixosConfig.sops.secrets.croc-password.path or ""})";
GITHUB_TOKEN = "$(cat ${nixosConfig.sops.secrets.github-nixpkgs-review-token.path or ""})";
QT_QPA_PLATFORM_PLUGIN_PATH = "${pkgs.libsForQt5.qt5.qtbase.bin}/lib/qt-${pkgs.libsForQt5.qt5.qtbase.version}/plugins";
# QTWEBENGINE_CHROMIUM_FLAGS = "--no-sandbox";
};
};
};
} // lib.optionalAttrs (inputs ? sops) {
sops.secrets = lib.mkIf (!config.swarselsystems.isPublic && !config.swarselsystems.isNixos) {
croc-password = { };
github-nixpkgs-review-token = { };
};
});
}