swarsel/.dotfiles
1
0
Fork 0
mirror of https://github.com/Swarsel/.dotfiles.git synced 2025-12-06 00:57:22 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix[work,client]: get home-manager working on dgx
Some checks failed
Flake check / Check flake (push) Has been cancelled
Details

Browse source
This commit is contained in:
Leon Schwarzäugl 2025-10-31 15:04:59 +01:00
parent c8a49d4f47
commit 64e6a9c159
Signed by: swarsel
GPG key ID: 26A54C31F2A4FD84
18 changed files with 972 additions and 889 deletions
Download patch file Download diff file Expand all files Collapse all files

922
SwarselSystems.org
View file

File diff suppressed because it is too large Load diff

6
flake.lock generated
View file

@ -6365,11 +6365,11 @@
}, },
"nixpkgs-dev": { "nixpkgs-dev": {
"locked": { "locked": {
"lastModified": 1759233809, "lastModified": 1761589965,
"narHash": "sha256-ww6JlKuclxzcBb+cb4GCnVw4PtI+7xd3J9/ctINWKeA=", "narHash": "sha256-ZtypYmGwo7wUOo88UKVAdUZCYCpvFM8O0bEmI7+NW5k=",
"owner": "Swarsel", "owner": "Swarsel",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "d3e334a2a4f9d50568bf03ec62cd445faac7ce9e", "rev": "ed3254fbd834e5bfbf6bc9586d57307a92f1a269",
"type": "github" "type": "github"
}, },
"original": { "original": {

4
hosts/home/treehouse/default.nix
View file

@ -2,8 +2,8 @@
{ {
imports = [ imports = [
inputs.stylix.homeManagerModules.stylix inputs.stylix.homeModules.stylix
inputs.sops-nix.homeManagerModules.sops # inputs.sops-nix.homeManagerModules.sops
inputs.nix-index-database.homeModules.nix-index inputs.nix-index-database.homeModules.nix-index
"${self}/modules/home" "${self}/modules/home"
"${self}/modules/nixos/common/pii.nix" "${self}/modules/nixos/common/pii.nix"

109
modules/home/common/anki.nix
View file

@ -1,65 +1,66 @@
{ lib, config, pkgs, globals, nixosConfig ? config, ... }: { lib, config, pkgs, globals, inputs, nixosConfig ? config, ... }:
let let
moduleName = "anki"; moduleName = "anki";
inherit (config.swarselsystems) isPublic isNixos; inherit (config.swarselsystems) isPublic isNixos;
in in
{ {
options.swarselmodules.${moduleName} = lib.mkEnableOption "enable ${moduleName} and settings"; options.swarselmodules.${moduleName} = lib.mkEnableOption "enable ${moduleName} and settings";
config = lib.mkIf config.swarselmodules.${moduleName} { config = lib.mkIf config.swarselmodules.${moduleName}
({
sops = lib.mkIf (!isPublic && !isNixos) { programs.anki = {
secrets = { enable = true;
anki-user = { }; # # package = pkgs.anki;
anki-pw = { }; hideBottomBar = true;
hideBottomBarMode = "always";
hideTopBar = true;
hideTopBarMode = "always";
reduceMotion = true;
spacebarRatesCard = true;
# videoDriver = "opengl";
sync = {
autoSync = false; # sync on profile close will delay system shutdown
syncMedia = true;
autoSyncMediaMinutes = 5;
url = "https://${globals.services.ankisync.domain}";
usernameFile = nixosConfig.sops.secrets.anki-user.path;
# this is not the password but the syncKey
# get it by logging in or out, saving preferences and then
# show details on the "settings wont be saved" dialog
keyFile = nixosConfig.sops.secrets.anki-pw.path;
};
addons =
let
minimize-to-tray = pkgs.anki-utils.buildAnkiAddon
(finalAttrs: {
pname = "minimize-to-tray";
version = "2.0.1";
src = pkgs.fetchFromGitHub {
owner = "simgunz";
repo = "anki21-addons_minimize-to-tray";
rev = finalAttrs.version;
sparseCheckout = [ "src" ];
hash = "sha256-xmvbIOfi9K0yEUtUNKtuvv2Vmqrkaa4Jie6J1s+FuqY=";
};
sourceRoot = "${finalAttrs.src.name}/src";
});
in
[
(minimize-to-tray.withConfig
{
config = {
hide_on_startup = "true";
};
})
];
}; };
}; } // lib.optionalAttrs (inputs ? sops) {
sops = lib.mkIf (!isPublic && !isNixos) {
programs.anki = { secrets = {
enable = true; anki-user = { };
# # package = pkgs.anki; anki-pw = { };
hideBottomBar = true; };
hideBottomBarMode = "always";
hideTopBar = true;
hideTopBarMode = "always";
reduceMotion = true;
spacebarRatesCard = true;
# videoDriver = "opengl";
sync = {
autoSync = false; # sync on profile close will delay system shutdown
syncMedia = true;
autoSyncMediaMinutes = 5;
url = "https://${globals.services.ankisync.domain}";
usernameFile = nixosConfig.sops.secrets.anki-user.path;
# this is not the password but the syncKey
# get it by logging in or out, saving preferences and then
# show details on the "settings wont be saved" dialog
keyFile = nixosConfig.sops.secrets.anki-pw.path;
}; };
addons = });
let
minimize-to-tray = pkgs.anki-utils.buildAnkiAddon
(finalAttrs: {
pname = "minimize-to-tray";
version = "2.0.1";
src = pkgs.fetchFromGitHub {
owner = "simgunz";
repo = "anki21-addons_minimize-to-tray";
rev = finalAttrs.version;
sparseCheckout = [ "src" ];
hash = "sha256-xmvbIOfi9K0yEUtUNKtuvv2Vmqrkaa4Jie6J1s+FuqY=";
};
sourceRoot = "${finalAttrs.src.name}/src";
});
in
[
(minimize-to-tray.withConfig
{
config = {
hide_on_startup = "true";
};
})
];
};
};
} }

37
modules/home/common/emacs.nix
View file

@ -5,23 +5,8 @@ let
in in
{ {
options.swarselmodules.emacs = lib.mkEnableOption "emacs settings"; options.swarselmodules.emacs = lib.mkEnableOption "emacs settings";
config = lib.mkIf config.swarselmodules.emacs { config = lib.mkIf config.swarselmodules.emacs ({
# needed for elfeed # needed for elfeed
sops = lib.mkIf (!isPublic && !isNixos) {
secrets = {
fever-pw = { path = "${homeDir}/.emacs.d/.fever"; };
emacs-radicale-pw = { };
};
templates = {
authinfo = {
path = "${homeDir}/.emacs.d/.authinfo";
content = ''
machine ${globals.services.radicale.domain} login ${radicaleUser} password ${config.sops.placeholder.emacs-radicale-pw}
'';
};
};
};
# enable emacs overlay for bleeding edge features # enable emacs overlay for bleeding edge features
# also read init.el file and install use-package packages # also read init.el file and install use-package packages
programs.emacs = { programs.emacs = {
@ -91,5 +76,23 @@ in
socketActivation.enable = false; socketActivation.enable = false;
startWithUserSession = "graphical"; startWithUserSession = "graphical";
}; };
};
} // lib.optionalAttrs (inputs ? sops) {
sops = lib.mkIf (!isPublic && !isNixos) {
secrets = {
fever-pw = { path = "${homeDir}/.emacs.d/.fever"; };
emacs-radicale-pw = { };
};
templates = {
authinfo = {
path = "${homeDir}/.emacs.d/.authinfo";
content = ''
machine ${globals.services.radicale.domain} login ${radicaleUser} password ${config.sops.placeholder.emacs-radicale-pw}
'';
};
};
};
});
} }

325
modules/home/common/mail.nix
View file

@ -1,4 +1,4 @@
{ lib, config, nixosConfig ? config, ... }: { lib, config, inputs, nixosConfig ? config, ... }:
let let
inherit (nixosConfig.repo.secrets.common.mail) address1 address2 address2-name address3 address3-name address4 address4-user address4-host; inherit (nixosConfig.repo.secrets.common.mail) address1 address2 address2-name address3 address3-name address4 address4-user address4-host;
inherit (nixosConfig.repo.secrets.common) fullName; inherit (nixosConfig.repo.secrets.common) fullName;
@ -6,186 +6,187 @@ let
in in
{ {
options.swarselmodules.mail = lib.mkEnableOption "mail settings"; options.swarselmodules.mail = lib.mkEnableOption "mail settings";
config = lib.mkIf config.swarselmodules.mail { config = lib.mkIf config.swarselmodules.mail
({
sops.secrets = lib.mkIf (!config.swarselsystems.isPublic && !config.swarselsystems.isNixos) { programs = {
address1-token = { path = "${xdgDir}/secrets/address1-token"; }; mbsync = {
address2-token = { path = "${xdgDir}/secrets/address2-token"; }; enable = true;
address3-token = { path = "${xdgDir}/secrets/address3-token"; }; };
address4-token = { path = "${xdgDir}/secrets/address4-token"; }; msmtp = {
}; enable = true;
};
programs = { mu = {
mbsync = { enable = true;
enable = true;
};
msmtp = {
enable = true;
};
mu = {
enable = true;
};
};
services.mbsync = {
enable = true;
};
# this is needed so that mbsync can use the passwords from sops
systemd.user.services.mbsync.Unit.After = [ "sops-nix.service" ];
programs.thunderbird = {
enable = true;
profiles.default = {
isDefault = true;
withExternalGnupg = true;
settings = {
"mail.identity.default.archive_enabled" = true;
"mail.identity.default.archive_keep_folder_structure" = true;
"mail.identity.default.compose_html" = false;
"mail.identity.default.protectSubject" = true;
"mail.identity.default.reply_on_top" = 1;
"mail.identity.default.sig_on_reply" = false;
"mail.identity.default.sig_bottom" = false;
"gfx.webrender.all" = true;
"gfx.webrender.enabled" = true;
}; };
}; };
settings = { services.mbsync = {
"mail.server.default.allow_utf8_accept" = true; enable = true;
"mail.server.default.max_articles" = 1000;
"mail.server.default.check_all_folders_for_new" = true;
"mail.show_headers" = 1;
"mail.identity.default.auto_quote" = true;
"mail.identity.default.attachPgpKey" = true;
"mailnews.default_sort_order" = 2;
"mailnews.default_sort_type" = 18;
"mailnews.default_view_flags" = 0;
"mailnews.sort_threads_by_root" = true;
"mailnews.headers.showMessageId" = true;
"mailnews.headers.showOrganization" = true;
"mailnews.headers.showReferences" = true;
"mailnews.headers.showUserAgent" = true;
"mail.imap.expunge_after_delete" = true;
"mail.server.default.delete_model" = 2;
"mail.warn_on_delete_from_trash" = false;
"mail.warn_on_shift_delete" = false;
"toolkit.telemetry.enabled" = false;
"toolkit.telemetry.rejected" = true;
"toolkit.telemetry.prompted" = 2;
"app.update.auto" = false;
"privacy.donottrackheader.enabled" = true;
}; };
}; # this is needed so that mbsync can use the passwords from sops
systemd.user.services.mbsync.Unit.After = [ "sops-nix.service" ];
xdg.mimeApps.defaultApplications = { programs.thunderbird = {
"x-scheme-handler/mailto" = [ "thunderbird.desktop" ]; enable = true;
"x-scheme-handler/mid" = [ "thunderbird.desktop" ]; profiles.default = {
"message/rfc822" = [ "thunderbird.desktop" ]; isDefault = true;
}; withExternalGnupg = true;
settings = {
"mail.identity.default.archive_enabled" = true;
"mail.identity.default.archive_keep_folder_structure" = true;
"mail.identity.default.compose_html" = false;
"mail.identity.default.protectSubject" = true;
"mail.identity.default.reply_on_top" = 1;
"mail.identity.default.sig_on_reply" = false;
"mail.identity.default.sig_bottom" = false;
accounts = lib.mkIf (config.swarselsystems.isNixos && !config.swarselsystems.isPublic) { "gfx.webrender.all" = true;
email = "gfx.webrender.enabled" = true;
let
defaultSettings = {
imap = {
host = "imap.gmail.com";
port = 993;
tls.enable = true; # SSL/TLS
};
smtp = {
host = "smtp.gmail.com";
port = 465;
tls.enable = true; # SSL/TLS
};
thunderbird = {
enable = true;
profiles = [ "default" ];
};
mu.enable = true;
msmtp = {
enable = true;
};
mbsync = {
enable = true;
create = "maildir";
expunge = "both";
patterns = [ "*" "![Gmail]*" "[Gmail]/Sent Mail" "[Gmail]/Starred" "[Gmail]/All Mail" ];
extraConfig = {
channel = {
Sync = "All";
};
account = {
Timeout = 120;
PipelineDepth = 1;
AuthMechs = "LOGIN";
};
};
};
}; };
in };
{
maildirBasePath = "Mail"; settings = {
accounts = { "mail.server.default.allow_utf8_accept" = true;
swarsel = { "mail.server.default.max_articles" = 1000;
address = address4; "mail.server.default.check_all_folders_for_new" = true;
userName = address4-user; "mail.show_headers" = 1;
realName = fullName; "mail.identity.default.auto_quote" = true;
passwordCommand = "cat ${nixosConfig.sops.secrets.address4-token.path}"; "mail.identity.default.attachPgpKey" = true;
smtp = { "mailnews.default_sort_order" = 2;
host = address4-host; "mailnews.default_sort_type" = 18;
port = 587; "mailnews.default_view_flags" = 0;
tls = { "mailnews.sort_threads_by_root" = true;
enable = true; "mailnews.headers.showMessageId" = true;
useStartTls = true; "mailnews.headers.showOrganization" = true;
}; "mailnews.headers.showReferences" = true;
"mailnews.headers.showUserAgent" = true;
"mail.imap.expunge_after_delete" = true;
"mail.server.default.delete_model" = 2;
"mail.warn_on_delete_from_trash" = false;
"mail.warn_on_shift_delete" = false;
"toolkit.telemetry.enabled" = false;
"toolkit.telemetry.rejected" = true;
"toolkit.telemetry.prompted" = 2;
"app.update.auto" = false;
"privacy.donottrackheader.enabled" = true;
};
};
xdg.mimeApps.defaultApplications = {
"x-scheme-handler/mailto" = [ "thunderbird.desktop" ];
"x-scheme-handler/mid" = [ "thunderbird.desktop" ];
"message/rfc822" = [ "thunderbird.desktop" ];
};
accounts = lib.mkIf (config.swarselsystems.isNixos && !config.swarselsystems.isPublic) {
email =
let
defaultSettings = {
imap = {
host = "imap.gmail.com";
port = 993;
tls.enable = true; # SSL/TLS
}; };
mu.enable = false; smtp = {
host = "smtp.gmail.com";
port = 465;
tls.enable = true; # SSL/TLS
};
thunderbird = {
enable = true;
profiles = [ "default" ];
};
mu.enable = true;
msmtp = { msmtp = {
enable = true; enable = true;
}; };
mbsync = { mbsync = {
enable = false; enable = true;
create = "maildir";
expunge = "both";
patterns = [ "*" "![Gmail]*" "[Gmail]/Sent Mail" "[Gmail]/Starred" "[Gmail]/All Mail" ];
extraConfig = {
channel = {
Sync = "All";
};
account = {
Timeout = 120;
PipelineDepth = 1;
AuthMechs = "LOGIN";
};
};
}; };
}; };
in
leon = lib.recursiveUpdate {
{ maildirBasePath = "Mail";
primary = true; accounts = {
address = address1; swarsel = {
userName = address1; address = address4;
userName = address4-user;
realName = fullName; realName = fullName;
passwordCommand = "cat ${nixosConfig.sops.secrets.address1-token.path}"; passwordCommand = "cat ${nixosConfig.sops.secrets.address4-token.path}";
gpg = { smtp = {
key = "0x76FD3810215AE097"; host = address4-host;
signByDefault = true; port = 587;
tls = {
enable = true;
useStartTls = true;
};
}; };
} mu.enable = false;
defaultSettings; msmtp = {
enable = true;
};
mbsync = {
enable = false;
};
};
nautilus = lib.recursiveUpdate leon = lib.recursiveUpdate
{ {
primary = false; primary = true;
address = address2; address = address1;
userName = address2; userName = address1;
realName = address2-name; realName = fullName;
passwordCommand = "cat ${nixosConfig.sops.secrets.address2-token.path}"; passwordCommand = "cat ${nixosConfig.sops.secrets.address1-token.path}";
} gpg = {
defaultSettings; key = "0x76FD3810215AE097";
signByDefault = true;
};
}
defaultSettings;
mrswarsel = lib.recursiveUpdate nautilus = lib.recursiveUpdate
{ {
primary = false; primary = false;
address = address3; address = address2;
userName = address3; userName = address2;
realName = address3-name; realName = address2-name;
passwordCommand = "cat ${nixosConfig.sops.secrets.address3-token.path}"; passwordCommand = "cat ${nixosConfig.sops.secrets.address2-token.path}";
} }
defaultSettings; defaultSettings;
mrswarsel = lib.recursiveUpdate
{
primary = false;
address = address3;
userName = address3;
realName = address3-name;
passwordCommand = "cat ${nixosConfig.sops.secrets.address3-token.path}";
}
defaultSettings;
};
}; };
}; };
}; } // lib.optionalAttrs (inputs ? sops) {
}; sops.secrets = lib.mkIf (!config.swarselsystems.isPublic && !config.swarselsystems.isNixos) {
address1-token = { path = "${xdgDir}/secrets/address1-token"; };
address2-token = { path = "${xdgDir}/secrets/address2-token"; };
address3-token = { path = "${xdgDir}/secrets/address3-token"; };
address4-token = { path = "${xdgDir}/secrets/address4-token"; };
};
});
} }

8
modules/home/common/nixgl.nix
View file

@ -1,4 +1,4 @@
{ lib, config, nixgl, ... }: { lib, config, inputs, ... }:
{ {
options.swarselmodules.nixgl = lib.mkEnableOption "nixgl settings"; options.swarselmodules.nixgl = lib.mkEnableOption "nixgl settings";
options.swarselsystems = { options.swarselsystems = {
@ -10,11 +10,11 @@
}; };
config = lib.mkIf config.swarselmodules.nixgl { config = lib.mkIf config.swarselmodules.nixgl {
nixGL = lib.mkIf (!config.swarselsystems.isNixos) { nixGL = lib.mkIf (!config.swarselsystems.isNixos) {
inherit (nixgl) packages; inherit (inputs.nixgl) packages;
defaultWrapper = lib.mkDefault "mesa"; defaultWrapper = lib.mkDefault "mesa";
vulkan.enable = lib.mkDefault false; vulkan.enable = lib.mkDefault false;
prime = lib.mkIf config.swarselsystem.isSecondaryGpu { prime = lib.mkIf config.swarselsystems.isSecondaryGpu {
card = config.swarselsystem.secondaryGpuCard; card = config.swarselsystems.secondaryGpuCard;
installScript = "mesa"; installScript = "mesa";
}; };
offloadWrapper = lib.mkIf config.swarselsystem.isSecondaryGpu "mesaPrime"; offloadWrapper = lib.mkIf config.swarselsystem.isSecondaryGpu "mesaPrime";

127
modules/home/common/settings.nix
View file

@ -4,68 +4,75 @@ let
in in
{ {
options.swarselmodules.general = lib.mkEnableOption "general nix settings"; options.swarselmodules.general = lib.mkEnableOption "general nix settings";
config = lib.mkIf config.swarselmodules.general { config =
nix = lib.mkIf (!config.swarselsystems.isNixos) { let
package = lib.mkForce pkgs.nixVersions.nix_2_28; nix-version = "2_30";
# extraOptions = '' in
# plugin-files = ${pkgs.dev.nix-plugins}/lib/nix/plugins lib.mkIf config.swarselmodules.general {
# extra-builtins-file = ${self + /nix/extra-builtins.nix} nix = lib.mkIf (!config.swarselsystems.isNixos) {
# ''; package = lib.mkForce pkgs.nixVersions."nix_${nix-version}";
extraOptions = '' # extraOptions = ''
plugin-files = ${pkgs.nix-plugins.overrideAttrs (o: { # plugin-files = ${pkgs.dev.nix-plugins}/lib/nix/plugins
buildInputs = [config.nix.package pkgs.boost]; # extra-builtins-file = ${self + /nix/extra-builtins.nix}
patches = o.patches or []; # '';
})}/lib/nix/plugins extraOptions =
extra-builtins-file = ${self + /nix/extra-builtins.nix} let
''; nix-plugins = pkgs.nix-plugins.override {
settings = { nixComponents = pkgs.nixVersions."nixComponents_${nix-version}";
experimental-features = [ };
"nix-command" in
"flakes" ''
"ca-derivations" plugin-files = ${nix-plugins}/lib/nix/plugins
"cgroups" extra-builtins-file = ${self + /nix/extra-builtins.nix}
"pipe-operators" '';
settings = {
experimental-features = [
"nix-command"
"flakes"
"ca-derivations"
"cgroups"
"pipe-operators"
];
trusted-users = [ "@wheel" "${mainUser}" ];
connect-timeout = 5;
bash-prompt-prefix = "$SHLVL:\\w ";
bash-prompt = "$(if [[ $? -gt 0 ]]; then printf \"\"; else printf \"\"; fi)λ ";
fallback = true;
min-free = 128000000;
max-free = 1000000000;
auto-optimise-store = true;
warn-dirty = false;
max-jobs = 1;
use-cgroups = lib.mkIf config.swarselsystems.isLinux true;
};
};
nixpkgs.overlays = lib.mkIf config.swarselsystems.isNixos (lib.mkForce null);
programs = {
home-manager.enable = lib.mkIf (!config.swarselsystems.isNixos) true;
man = {
enable = true;
generateCaches = true;
};
};
targets.genericLinux.enable = lib.mkIf (!config.swarselsystems.isNixos) true;
home = {
username = lib.mkDefault mainUser;
homeDirectory = lib.mkDefault "/home/${mainUser}";
stateVersion = lib.mkDefault "23.05";
keyboard.layout = "us";
sessionVariables = {
FLAKE = "/home/${mainUser}/.dotfiles";
};
extraOutputsToInstall = [
"doc"
"info"
"devdoc"
]; ];
trusted-users = [ "@wheel" "${mainUser}" ];
connect-timeout = 5;
bash-prompt-prefix = "$SHLVL:\\w ";
bash-prompt = "$(if [[ $? -gt 0 ]]; then printf \"\"; else printf \"\"; fi)λ ";
fallback = true;
min-free = 128000000;
max-free = 1000000000;
auto-optimise-store = true;
warn-dirty = false;
max-jobs = 1;
use-cgroups = lib.mkIf config.swarselsystems.isLinux true;
}; };
}; };
nixpkgs.overlays = lib.mkIf config.swarselsystems.isNixos (lib.mkForce null);
programs = {
home-manager.enable = lib.mkIf (!config.swarselsystems.isNixos) true;
man = {
enable = true;
generateCaches = true;
};
};
targets.genericLinux.enable = lib.mkIf (!config.swarselsystems.isNixos) true;
home = {
username = lib.mkDefault mainUser;
homeDirectory = lib.mkDefault "/home/${mainUser}";
stateVersion = lib.mkDefault "23.05";
keyboard.layout = "us";
sessionVariables = {
FLAKE = "/home/${mainUser}/.dotfiles";
};
extraOutputsToInstall = [
"doc"
"info"
"devdoc"
];
};
};
} }

4
modules/home/common/sops.nix
View file

@ -1,10 +1,10 @@
{ config, lib, ... }: { config, lib, inputs, ... }:
let let
inherit (config.swarselsystems) homeDir; inherit (config.swarselsystems) homeDir;
in in
{ {
options.swarselmodules.sops = lib.mkEnableOption "sops settings"; options.swarselmodules.sops = lib.mkEnableOption "sops settings";
config = lib.mkIf config.swarselmodules.sops { config = lib.optionalAttrs (inputs ? sops) {
sops = { sops = {
age.sshKeyPaths = [ "${homeDir}/.ssh/sops" "${homeDir}/.ssh/ssh_host_ed25519_key" ]; age.sshKeyPaths = [ "${homeDir}/.ssh/sops" "${homeDir}/.ssh/ssh_host_ed25519_key" ];
defaultSopsFile = "${homeDir}/.dotfiles/secrets/general/secrets.yaml"; defaultSopsFile = "${homeDir}/.dotfiles/secrets/general/secrets.yaml";

4
modules/home/common/ssh.nix
View file

@ -30,6 +30,10 @@
hostname = "192.168.1.136"; hostname = "192.168.1.136";
user = "root"; user = "root";
}; };
"dgx" = {
hostname = "192.168.48.200";
user = "swarsel";
};
"winters" = { "winters" = {
hostname = "192.168.178.24"; hostname = "192.168.178.24";
user = "root"; user = "root";

3
modules/home/common/sway.nix
View file

@ -1,4 +1,4 @@
{ config, lib, vars, ... }: { config, lib, vars, nixosConfig ? config, ... }:
let let
eachOutput = _: monitor: { eachOutput = _: monitor: {
inherit (monitor) name; inherit (monitor) name;
@ -381,6 +381,7 @@ in
export XDG_CURRENT_DESKTOP=sway; export XDG_CURRENT_DESKTOP=sway;
export XDG_SESSION_DESKTOP=sway; export XDG_SESSION_DESKTOP=sway;
export _JAVA_AWT_WM_NONREPARENTING=1; export _JAVA_AWT_WM_NONREPARENTING=1;
export GITHUB_NOTIFICATION_TOKEN_PATH=${nixosConfig.sops.secrets.github-notifications-token.path};
'' + vars.waylandExports; '' + vars.waylandExports;
# extraConfigEarly = " # extraConfigEarly = "
# exec systemctl --user import-environment DISPLAY WAYLAND_DISPLAY SWAYSOCK # exec systemctl --user import-environment DISPLAY WAYLAND_DISPLAY SWAYSOCK

16
modules/home/common/waybar.nix
View file

@ -1,4 +1,4 @@
{ self, config, lib, pkgs, ... }: { self, config, lib, inputs, pkgs, ... }:
let let
inherit (config.swarselsystems) xdgDir; inherit (config.swarselsystems) xdgDir;
generateIcons = n: lib.concatStringsSep " " (builtins.map (x: "{icon" + toString x + "}") (lib.range 0 (n - 1))); generateIcons = n: lib.concatStringsSep " " (builtins.map (x: "{icon" + toString x + "}") (lib.range 0 (n - 1)));
@ -52,7 +52,7 @@ in
internal = true; internal = true;
}; };
}; };
config = lib.mkIf config.swarselmodules.waybar { config = lib.mkIf config.swarselmodules.waybar ({
swarselsystems = { swarselsystems = {
waybarModules = lib.mkIf config.swarselsystems.isLaptop (modulesLeft ++ [ waybarModules = lib.mkIf config.swarselsystems.isLaptop (modulesLeft ++ [
@ -60,16 +60,12 @@ in
] ++ modulesRight); ] ++ modulesRight);
}; };
sops.secrets = lib.mkIf (!config.swarselsystems.isPublic && !config.swarselsystems.isNixos) {
github-notifications-token = { path = "${xdgDir}/secrets/github-notifications-token"; };
};
services.playerctld.enable = true; services.playerctld.enable = true;
programs.waybar = { programs.waybar = {
enable = true; enable = true;
systemd = { systemd = {
enable = true; enable = false;
# target = "sway-session.target"; # target = "sway-session.target";
inherit (config.wayland.systemd) target; inherit (config.wayland.systemd) target;
}; };
@ -324,5 +320,9 @@ in
}; };
style = builtins.readFile (self + /files/waybar/style.css); style = builtins.readFile (self + /files/waybar/style.css);
}; };
}; } // lib.optionalAttrs (inputs ? sops) {
sops.secrets = lib.mkIf (!config.swarselsystems.isPublic && !config.swarselsystems.isNixos) {
github-notifications-token = { path = "${xdgDir}/secrets/github-notifications-token"; };
};
});
} }

14
modules/home/common/yubikey.nix
View file

@ -1,15 +1,11 @@
{ lib, config, nixosConfig ? config, ... }: { lib, config, inputs, nixosConfig ? config, ... }:
let let
inherit (config.swarselsystems) homeDir; inherit (config.swarselsystems) homeDir;
in in
{ {
options.swarselmodules.yubikey = lib.mkEnableOption "yubikey settings"; options.swarselmodules.yubikey = lib.mkEnableOption "yubikey settings";
config = lib.mkIf config.swarselmodules.yubikey { config = lib.mkIf config.swarselmodules.yubikey ({
sops.secrets = lib.mkIf (!config.swarselsystems.isPublic) {
u2f-keys = { path = "${homeDir}/.config/Yubico/u2f_keys"; };
};
pam.yubico.authorizedYubiKeys = lib.mkIf (config.swarselsystems.isNixos && !config.swarselsystems.isPublic) { pam.yubico.authorizedYubiKeys = lib.mkIf (config.swarselsystems.isNixos && !config.swarselsystems.isPublic) {
ids = [ ids = [
@ -17,5 +13,9 @@ in
nixosConfig.repo.secrets.common.yubikeys.dev2 nixosConfig.repo.secrets.common.yubikeys.dev2
]; ];
}; };
}; } // lib.optionalAttrs (inputs ? sops) {
sops.secrets = lib.mkIf (!config.swarselsystems.isPublic) {
u2f-keys = { path = "${homeDir}/.config/Yubico/u2f_keys"; };
};
});
} }

22
modules/home/common/zsh.nix
View file

@ -1,4 +1,4 @@
{ config, pkgs, lib, minimal, globals, nixosConfig ? config, ... }: { config, pkgs, lib, minimal, inputs, globals, nixosConfig ? config, ... }:
let let
inherit (config.swarselsystems) flakePath; inherit (config.swarselsystems) flakePath;
crocDomain = globals.services.croc.domain; crocDomain = globals.services.croc.domain;
@ -12,12 +12,7 @@ in
}; };
}; };
config = lib.mkIf config.swarselmodules.zsh config = lib.mkIf config.swarselmodules.zsh
{ ({
sops.secrets = lib.mkIf (!config.swarselsystems.isPublic && !config.swarselsystems.isNixos) {
croc-password = { };
github-nixpkgs-review-token = { };
};
programs.zsh = { programs.zsh = {
enable = true; enable = true;
@ -129,11 +124,18 @@ in
''; '';
sessionVariables = lib.mkIf (!config.swarselsystems.isPublic) { sessionVariables = lib.mkIf (!config.swarselsystems.isPublic) {
CROC_RELAY = crocDomain; CROC_RELAY = crocDomain;
CROC_PASS = "$(cat ${nixosConfig.sops.secrets.croc-password.path})"; CROC_PASS = "$(cat ${nixosConfig.sops.secrets.croc-password.path or ""})";
GITHUB_TOKEN = "$(cat ${nixosConfig.sops.secrets.github-nixpkgs-review-token.path})"; GITHUB_TOKEN = "$(cat ${nixosConfig.sops.secrets.github-nixpkgs-review-token.path or ""})";
QT_QPA_PLATFORM_PLUGIN_PATH = "${pkgs.libsForQt5.qt5.qtbase.bin}/lib/qt-${pkgs.libsForQt5.qt5.qtbase.version}/plugins"; QT_QPA_PLATFORM_PLUGIN_PATH = "${pkgs.libsForQt5.qt5.qtbase.bin}/lib/qt-${pkgs.libsForQt5.qt5.qtbase.version}/plugins";
# QTWEBENGINE_CHROMIUM_FLAGS = "--no-sandbox"; # QTWEBENGINE_CHROMIUM_FLAGS = "--no-sandbox";
}; };
}; };
}; } // lib.optionalAttrs (inputs ? sops) {
sops.secrets = lib.mkIf (!config.swarselsystems.isPublic && !config.swarselsystems.isNixos) {
croc-password = { };
github-nixpkgs-review-token = { };
};
});
} }

3
modules/nixos/client/login.nix
View file

@ -7,12 +7,13 @@
settings = { settings = {
# initial_session.command = "sway"; # initial_session.command = "sway";
initial_session.command = "uwsm start -- sway-uwsm.desktop"; initial_session.command = "uwsm start -- sway-uwsm.desktop";
# --cmd sway
default_session.command = '' default_session.command = ''
${pkgs.tuigreet}/bin/tuigreet \ ${pkgs.tuigreet}/bin/tuigreet \
--time \ --time \
--asterisks \ --asterisks \
--user-menu \ --user-menu \
--cmd sway --cmd "uwsm start -- sway-uwsm.desktop"
''; '';
}; };
}; };

69
modules/nixos/common/settings.nix
View file

@ -60,34 +60,49 @@ in
sopsFile = "${config.swarselsystems.flakePath}/secrets/general/secrets.yaml"; sopsFile = "${config.swarselsystems.flakePath}/secrets/general/secrets.yaml";
}; };
nix = { nix =
package = pkgs.nixVersions.nix_2_28; let
settings = { nix-version = "2_30";
experimental-features = [ in
"nix-command" {
"flakes" package = pkgs.nixVersions."nix_${nix-version}";
"ca-derivations" settings = {
"cgroups" experimental-features = [
"pipe-operators" "nix-command"
]; "flakes"
trusted-users = [ "@wheel" "${config.swarselsystems.mainUser}" ]; "ca-derivations"
"cgroups"
"pipe-operators"
];
trusted-users = [ "@wheel" "${config.swarselsystems.mainUser}" ];
};
# extraOptions = ''
# plugin-files = ${pkgs.dev.nix-plugins}/lib/nix/plugins
# extra-builtins-file = ${self + /nix/extra-builtins.nix}
# '' + lib.optionalString (!minimal) ''
# !include ${config.sops.secrets.github-api-token.path}
# '';
# extraOptions = ''
# plugin-files = ${pkgs.nix-plugins.overrideAttrs (o: {
# buildInputs = [config.nix.package pkgs.boost];
# patches = o.patches or [];
# })}/lib/nix/plugins
# extra-builtins-file = ${self + /nix/extra-builtins.nix}
# '';
extraOptions =
let
nix-plugins = pkgs.nix-plugins.override {
nixComponents = pkgs.nixVersions."nixComponents_${nix-version}";
};
in
''
plugin-files = ${nix-plugins}/lib/nix/plugins
extra-builtins-file = ${self + /nix/extra-builtins.nix}
'' + lib.optionalString (!minimal) ''
!include ${config.sops.secrets.github-api-token.path}
'';
}; };
# extraOptions = ''
# plugin-files = ${pkgs.dev.nix-plugins}/lib/nix/plugins
# extra-builtins-file = ${self + /nix/extra-builtins.nix}
# '' + lib.optionalString (!minimal) ''
# !include ${config.sops.secrets.github-api-token.path}
# '';
extraOptions = ''
plugin-files = ${pkgs.nix-plugins.overrideAttrs (o: {
buildInputs = [config.nix.package pkgs.boost];
patches = o.patches or [];
})}/lib/nix/plugins
extra-builtins-file = ${self + /nix/extra-builtins.nix}
'' + lib.optionalString (!minimal) ''
!include ${config.sops.secrets.github-api-token.path}
'';
};
system.stateVersion = lib.mkDefault "23.05"; system.stateVersion = lib.mkDefault "23.05";

186
nix/devshell.nix
View file

@ -46,96 +46,106 @@
}; };
}; };
devshells.default = { devshells.default =
packages = [ let
(builtins.trace "alarm: we pinned nix_2_28 because of https://github.com/shlevy/nix-plugins/issues/20" pkgs.nixVersions.nix_2_28) # Always use the nix version from this flake's nixpkgs version, so that nix-plugins (below) doesn't fail because of different nix versions. nix-version = "2_30";
pkgs.git in
pkgs.just {
pkgs.age packages = [
pkgs.ssh-to-age (builtins.trace "alarm: pinned nix_${nix-version}" pkgs.nixVersions."nix_${nix-version}")
pkgs.sops pkgs.git
pkgs.home-manager pkgs.just
pkgs.nixpkgs-fmt pkgs.age
self.packages.${system}.swarsel-build pkgs.ssh-to-age
self.packages.${system}.swarsel-deploy pkgs.sops
]; pkgs.home-manager
pkgs.nixpkgs-fmt
self.packages.${system}.swarsel-build
self.packages.${system}.swarsel-deploy
];
commands = [ commands = [
{ {
package = pkgs.statix; package = pkgs.statix;
help = "Lint flake"; help = "Lint flake";
} }
{ {
package = pkgs.deadnix; package = pkgs.deadnix;
help = "Check flake for dead code"; help = "Check flake for dead code";
} }
{ {
package = pkgs.nix-tree; package = pkgs.nix-tree;
help = "Interactively browse dependency graphs of Nix derivations"; help = "Interactively browse dependency graphs of Nix derivations";
} }
{ {
package = pkgs.nvd; package = pkgs.nvd;
help = "Diff two nix toplevels and show which packages were upgraded"; help = "Diff two nix toplevels and show which packages were upgraded";
} }
{ {
package = pkgs.nix-diff; package = pkgs.nix-diff;
help = "Explain why two Nix derivations differ"; help = "Explain why two Nix derivations differ";
} }
{ {
package = pkgs.nix-output-monitor; package = pkgs.nix-output-monitor;
help = "Nix Output Monitor (a drop-in alternative for `nix` which shows a build graph)"; help = "Nix Output Monitor (a drop-in alternative for `nix` which shows a build graph)";
name = "nom"; name = "nom \"$@\"";
} }
{ {
name = "hm"; name = "hm";
help = "Manage home-manager config"; help = "Manage home-manager config";
command = "home-manager"; command = "home-manager \"$@\"";
} }
{ {
name = "fmt"; name = "fmt";
help = "Format flake"; help = "Format flake";
command = "nixpkgs-fmt --check \"$FLAKE\""; command = "nixpkgs-fmt --check \"$FLAKE\"";
} }
{ {
name = "sd"; name = "sd";
help = "Build and deploy this nix config to nodes"; help = "Build and deploy this nix config to nodes";
command = "swarsel-deploy \"$@\""; command = "swarsel-deploy \"$@\"";
} }
{ {
name = "sl"; name = "sl";
help = "Build and deploy a config to nodes"; help = "Build and deploy a config to nodes";
command = "swarsel-deploy \${1} switch"; command = "swarsel-deploy \${1} switch";
} }
{ {
name = "sw"; name = "sw";
help = "Build and switch to the host's config locally"; help = "Build and switch to the host's config locally";
command = "swarsel-deploy $(hostname) switch"; command = "swarsel-deploy $(hostname) switch";
} }
{ {
name = "bld"; name = "bld";
help = "Build a number of configurations"; help = "Build a number of configurations";
command = "swarel-build \"$@\""; command = "swarsel-build \"$@\"";
} }
{ {
name = "c"; name = "c";
help = "Work with the flake git repository"; help = "Work with the flake git repository";
command = "git --git-dir=$FLAKE/.git --work-tree=$FLAKE/ \"$@\""; command = "git --git-dir=$FLAKE/.git --work-tree=$FLAKE/ \"$@\"";
} }
]; ];
devshell.startup.pre-commit-install.text = "pre-commit install"; devshell.startup.pre-commit-install.text = "pre-commit install";
env = [ env =
{ let
# Additionally configure nix-plugins with our extra builtins file. nix-plugins = pkgs.nix-plugins.override {
# We need this for our repo secrets. nixComponents = pkgs.nixVersions."nixComponents_${nix-version}";
name = "NIX_CONFIG"; };
value = '' in
plugin-files = ${pkgs.nix-plugins}/lib/nix/plugins [
extra-builtins-file = ${self + /nix/extra-builtins.nix} {
''; # Additionally configure nix-plugins with our extra builtins file.
} # We need this for our repo secrets.
]; name = "NIX_CONFIG";
}; value = ''
plugin-files = ${nix-plugins}/lib/nix/plugins
extra-builtins-file = ${self + /nix/extra-builtins.nix}
'';
}
];
};
}; };
} }

2
nix/hosts.nix
View file

@ -93,7 +93,7 @@
modules = [ modules = [
inputs.niri-flake.homeModules.niri inputs.niri-flake.homeModules.niri
inputs.nix-index-database.homeModules.nix-index inputs.nix-index-database.homeModules.nix-index
inputs.sops-nix.homeManagerModules.sops # inputs.sops-nix.homeManagerModules.sops
inputs.spicetify-nix.homeManagerModules.default inputs.spicetify-nix.homeManagerModules.default
inputs.swarsel-nix.homeModules.default inputs.swarsel-nix.homeModules.default
"${self}/hosts/${type}/${configName}" "${self}/hosts/${type}/${configName}"