swarsel/.dotfiles
1
0
Fork 0
mirror of https://github.com/Swarsel/.dotfiles.git synced 2025-12-06 00:57:22 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix[work,client]: get home-manager working on dgx
Some checks failed
Flake check / Check flake (push) Has been cancelled
Details

Browse source
This commit is contained in:
Leon Schwarzäugl 2025-10-31 15:04:59 +01:00
parent c8a49d4f47
commit 64e6a9c159
Signed by: swarsel
GPG key ID: 26A54C31F2A4FD84
18 changed files with 972 additions and 889 deletions
Download patch file Download diff file Expand all files Collapse all files

214
SwarselSystems.org
View file

@ -943,7 +943,7 @@ The rest of the outputs either define or help define the actual configurations:
modules = [
inputs.niri-flake.homeModules.niri
inputs.nix-index-database.homeModules.nix-index
inputs.sops-nix.homeManagerModules.sops
# inputs.sops-nix.homeManagerModules.sops
inputs.spicetify-nix.homeManagerModules.default
inputs.swarsel-nix.homeModules.default
"${self}/hosts/${type}/${configName}"
@ -1249,9 +1249,11 @@ Lastly, in the =perSystem= attribute set, we see that it is actually passed some
};
};
devshells.default = {
devshells.default = let
nix-version = "2_30";
in {
packages = [
(builtins.trace "alarm: we pinned nix_2_28 because of https://github.com/shlevy/nix-plugins/issues/20" pkgs.nixVersions.nix_2_28) # Always use the nix version from this flake's nixpkgs version, so that nix-plugins (below) doesn't fail because of different nix versions.
(builtins.trace "alarm: pinned nix_${nix-version}" pkgs.nixVersions."nix_${nix-version}")
pkgs.git
pkgs.just
pkgs.age
@ -1287,12 +1289,12 @@ Lastly, in the =perSystem= attribute set, we see that it is actually passed some
{
package = pkgs.nix-output-monitor;
help = "Nix Output Monitor (a drop-in alternative for `nix` which shows a build graph)";
name = "nom";
name = "nom \"$@\"";
}
{
name = "hm";
help = "Manage home-manager config";
command = "home-manager";
command = "home-manager \"$@\"";
}
{
name = "fmt";
@ -1317,7 +1319,7 @@ Lastly, in the =perSystem= attribute set, we see that it is actually passed some
{
name = "bld";
help = "Build a number of configurations";
command = "swarel-build \"$@\"";
command = "swarsel-build \"$@\"";
}
{
name = "c";
@ -1328,13 +1330,17 @@ Lastly, in the =perSystem= attribute set, we see that it is actually passed some
devshell.startup.pre-commit-install.text = "pre-commit install";
env = [
env = let
nix-plugins = pkgs.nix-plugins.override {
nixComponents = pkgs.nixVersions."nixComponents_${nix-version}";
};
in [
{
# Additionally configure nix-plugins with our extra builtins file.
# We need this for our repo secrets.
name = "NIX_CONFIG";
value = ''
plugin-files = ${pkgs.nix-plugins}/lib/nix/plugins
plugin-files = ${nix-plugins}/lib/nix/plugins
extra-builtins-file = ${self + /nix/extra-builtins.nix}
'';
}
@ -2621,8 +2627,8 @@ My phone. I use only a minimal config for remote debugging here.
{
imports = [
inputs.stylix.homeManagerModules.stylix
inputs.sops-nix.homeManagerModules.sops
inputs.stylix.homeModules.stylix
# inputs.sops-nix.homeManagerModules.sops
inputs.nix-index-database.homeModules.nix-index
"${self}/modules/home"
"${self}/modules/nixos/common/pii.nix"
@ -4195,8 +4201,12 @@ A breakdown of the flags being set:
sopsFile = "${config.swarselsystems.flakePath}/secrets/general/secrets.yaml";
};
nix = {
package = pkgs.nixVersions.nix_2_28;
nix =
let
nix-version = "2_30";
in
{
package = pkgs.nixVersions."nix_${nix-version}";
settings = {
experimental-features = [
"nix-command"
@ -4213,11 +4223,22 @@ A breakdown of the flags being set:
# '' + lib.optionalString (!minimal) ''
# !include ${config.sops.secrets.github-api-token.path}
# '';
extraOptions = ''
plugin-files = ${pkgs.nix-plugins.overrideAttrs (o: {
buildInputs = [config.nix.package pkgs.boost];
patches = o.patches or [];
})}/lib/nix/plugins
# extraOptions = ''
# plugin-files = ${pkgs.nix-plugins.overrideAttrs (o: {
# buildInputs = [config.nix.package pkgs.boost];
# patches = o.patches or [];
# })}/lib/nix/plugins
# extra-builtins-file = ${self + /nix/extra-builtins.nix}
# '';
extraOptions =
let
nix-plugins = pkgs.nix-plugins.override {
nixComponents = pkgs.nixVersions."nixComponents_${nix-version}";
};
in
''
plugin-files = ${nix-plugins}/lib/nix/plugins
extra-builtins-file = ${self + /nix/extra-builtins.nix}
'' + lib.optionalString (!minimal) ''
!include ${config.sops.secrets.github-api-token.path}
@ -5767,12 +5788,13 @@ This section houses the greetd related settings. I do not really want to use a d
settings = {
# initial_session.command = "sway";
initial_session.command = "uwsm start -- sway-uwsm.desktop";
# --cmd sway
default_session.command = ''
${pkgs.tuigreet}/bin/tuigreet \
--time \
--asterisks \
--user-menu \
--cmd sway
--cmd "uwsm start -- sway-uwsm.desktop"
'';
};
};
@ -11027,18 +11049,22 @@ Again, we adapt =nix= to our needs, enable the home-manager command for non-NixO
in
{
options.swarselmodules.general = lib.mkEnableOption "general nix settings";
config = lib.mkIf config.swarselmodules.general {
config = let
nix-version = "2_30";
in lib.mkIf config.swarselmodules.general {
nix = lib.mkIf (!config.swarselsystems.isNixos) {
package = lib.mkForce pkgs.nixVersions.nix_2_28;
package = lib.mkForce pkgs.nixVersions."nix_${nix-version}";
# extraOptions = ''
# plugin-files = ${pkgs.dev.nix-plugins}/lib/nix/plugins
# extra-builtins-file = ${self + /nix/extra-builtins.nix}
# '';
extraOptions = ''
plugin-files = ${pkgs.nix-plugins.overrideAttrs (o: {
buildInputs = [config.nix.package pkgs.boost];
patches = o.patches or [];
})}/lib/nix/plugins
extraOptions = let
nix-plugins = pkgs.nix-plugins.override {
nixComponents = pkgs.nixVersions."nixComponents_${nix-version}";
};
in
''
plugin-files = ${nix-plugins}/lib/nix/plugins
extra-builtins-file = ${self + /nix/extra-builtins.nix}
'';
settings = {
@ -11108,7 +11134,7 @@ It can be set to either:
- a PCI id in the form =vendor_id:device_id=
#+begin_src nix-ts :tangle modules/home/common/nixgl.nix
{ lib, config, nixgl, ... }:
{ lib, config, inputs, ... }:
{
options.swarselmodules.nixgl = lib.mkEnableOption "nixgl settings";
options.swarselsystems = {
@ -11120,11 +11146,11 @@ It can be set to either:
};
config = lib.mkIf config.swarselmodules.nixgl {
nixGL = lib.mkIf (!config.swarselsystems.isNixos) {
inherit (nixgl) packages;
inherit (inputs.nixgl) packages;
defaultWrapper = lib.mkDefault "mesa";
vulkan.enable = lib.mkDefault false;
prime = lib.mkIf config.swarselsystem.isSecondaryGpu {
card = config.swarselsystem.secondaryGpuCard;
prime = lib.mkIf config.swarselsystems.isSecondaryGpu {
card = config.swarselsystems.secondaryGpuCard;
installScript = "mesa";
};
offloadWrapper = lib.mkIf config.swarselsystem.isSecondaryGpu "mesaPrime";
@ -11407,13 +11433,13 @@ I use sops-nix to handle secrets that I want to have available on my machines at
Since we are using the home-manager implementation here, we need to specify the runtime path.
#+begin_src nix-ts :tangle modules/home/common/sops.nix
{ config, lib, ... }:
{ config, lib, inputs, ... }:
let
inherit (config.swarselsystems) homeDir;
in
{
options.swarselmodules.sops = lib.mkEnableOption "sops settings";
config = lib.mkIf config.swarselmodules.sops {
config = lib.optionalAttrs (inputs ? sops) {
sops = {
age.sshKeyPaths = [ "${homeDir}/.ssh/sops" "${homeDir}/.ssh/ssh_host_ed25519_key" ];
defaultSopsFile = "${homeDir}/.dotfiles/secrets/general/secrets.yaml";
@ -11430,18 +11456,14 @@ I use sops-nix to handle secrets that I want to have available on my machines at
:END:
#+begin_src nix-ts :tangle modules/home/common/yubikey.nix
{ lib, config, nixosConfig ? config, ... }:
{ lib, config, inputs, nixosConfig ? config, ... }:
let
inherit (config.swarselsystems) homeDir;
in
{
options.swarselmodules.yubikey = lib.mkEnableOption "yubikey settings";
config = lib.mkIf config.swarselmodules.yubikey {
sops.secrets = lib.mkIf (!config.swarselsystems.isPublic) {
u2f-keys = { path = "${homeDir}/.config/Yubico/u2f_keys"; };
};
config = lib.mkIf config.swarselmodules.yubikey ({
pam.yubico.authorizedYubiKeys = lib.mkIf (config.swarselsystems.isNixos && !config.swarselsystems.isPublic) {
ids = [
@ -11449,7 +11471,11 @@ I use sops-nix to handle secrets that I want to have available on my machines at
nixosConfig.repo.secrets.common.yubikeys.dev2
];
};
} // lib.optionalAttrs (inputs ? sops) {
sops.secrets = lib.mkIf (!config.swarselsystems.isPublic) {
u2f-keys = { path = "${homeDir}/.config/Yubico/u2f_keys"; };
};
});
}
#+end_src
@ -11493,6 +11519,10 @@ It is very convenient to have SSH aliases in place for machines that I use. This
hostname = "192.168.1.136";
user = "root";
};
"dgx" = {
hostname = "192.168.48.200";
user = "swarsel";
};
"winters" = {
hostname = "192.168.178.24";
user = "root";
@ -12282,7 +12312,7 @@ lib.mkMerge [ zshConfigEarlyInit zshConfig ];
Currently I only use it as before with =initExtra= though.
#+begin_src nix-ts :tangle modules/home/common/zsh.nix
{ config, pkgs, lib, minimal, globals, nixosConfig ? config, ... }:
{ config, pkgs, lib, minimal, inputs, globals, nixosConfig ? config, ... }:
let
inherit (config.swarselsystems) flakePath;
crocDomain = globals.services.croc.domain;
@ -12296,12 +12326,7 @@ Currently I only use it as before with =initExtra= though.
};
};
config = lib.mkIf config.swarselmodules.zsh
{
sops.secrets = lib.mkIf (!config.swarselsystems.isPublic && !config.swarselsystems.isNixos) {
croc-password = { };
github-nixpkgs-review-token = { };
};
({
programs.zsh = {
enable = true;
@ -12413,13 +12438,20 @@ Currently I only use it as before with =initExtra= though.
'';
sessionVariables = lib.mkIf (!config.swarselsystems.isPublic) {
CROC_RELAY = crocDomain;
CROC_PASS = "$(cat ${nixosConfig.sops.secrets.croc-password.path})";
GITHUB_TOKEN = "$(cat ${nixosConfig.sops.secrets.github-nixpkgs-review-token.path})";
CROC_PASS = "$(cat ${nixosConfig.sops.secrets.croc-password.path or ""})";
GITHUB_TOKEN = "$(cat ${nixosConfig.sops.secrets.github-nixpkgs-review-token.path or ""})";
QT_QPA_PLATFORM_PLUGIN_PATH = "${pkgs.libsForQt5.qt5.qtbase.bin}/lib/qt-${pkgs.libsForQt5.qt5.qtbase.version}/plugins";
# QTWEBENGINE_CHROMIUM_FLAGS = "--no-sandbox";
};
};
} // lib.optionalAttrs (inputs ? sops) {
sops.secrets = lib.mkIf (!config.swarselsystems.isPublic && !config.swarselsystems.isNixos) {
croc-password = { };
github-nixpkgs-review-token = { };
};
});
}
#+end_src
@ -12564,7 +12596,7 @@ Currently I only use it as before with =initExtra= though.
Normally I use 4 mail accounts - here I set them all up. Three of them are Google accounts (sadly), which are a chore to setup. The last is just a sender account that I setup SMTP for here.
#+begin_src nix-ts :tangle modules/home/common/mail.nix
{ lib, config, nixosConfig ? config, ... }:
{ lib, config, inputs, nixosConfig ? config, ... }:
let
inherit (nixosConfig.repo.secrets.common.mail) address1 address2 address2-name address3 address3-name address4 address4-user address4-host;
inherit (nixosConfig.repo.secrets.common) fullName;
@ -12572,14 +12604,8 @@ Normally I use 4 mail accounts - here I set them all up. Three of them are Googl
in
{
options.swarselmodules.mail = lib.mkEnableOption "mail settings";
config = lib.mkIf config.swarselmodules.mail {
sops.secrets = lib.mkIf (!config.swarselsystems.isPublic && !config.swarselsystems.isNixos) {
address1-token = { path = "${xdgDir}/secrets/address1-token"; };
address2-token = { path = "${xdgDir}/secrets/address2-token"; };
address3-token = { path = "${xdgDir}/secrets/address3-token"; };
address4-token = { path = "${xdgDir}/secrets/address4-token"; };
};
config = lib.mkIf config.swarselmodules.mail
({
programs = {
mbsync = {
@ -12753,7 +12779,14 @@ Normally I use 4 mail accounts - here I set them all up. Three of them are Googl
};
};
};
} // lib.optionalAttrs (inputs ? sops) {
sops.secrets = lib.mkIf (!config.swarselsystems.isPublic && !config.swarselsystems.isNixos) {
address1-token = { path = "${xdgDir}/secrets/address1-token"; };
address2-token = { path = "${xdgDir}/secrets/address2-token"; };
address3-token = { path = "${xdgDir}/secrets/address3-token"; };
address4-token = { path = "${xdgDir}/secrets/address4-token"; };
};
});
}
#+end_src
@ -12774,23 +12807,8 @@ Lastly, I am defining some more packages here that the parser has problems findi
in
{
options.swarselmodules.emacs = lib.mkEnableOption "emacs settings";
config = lib.mkIf config.swarselmodules.emacs {
config = lib.mkIf config.swarselmodules.emacs ({
# needed for elfeed
sops = lib.mkIf (!isPublic && !isNixos) {
secrets = {
fever-pw = { path = "${homeDir}/.emacs.d/.fever"; };
emacs-radicale-pw = { };
};
templates = {
authinfo = {
path = "${homeDir}/.emacs.d/.authinfo";
content = ''
machine ${globals.services.radicale.domain} login ${radicaleUser} password ${config.sops.placeholder.emacs-radicale-pw}
'';
};
};
};
# enable emacs overlay for bleeding edge features
# also read init.el file and install use-package packages
programs.emacs = {
@ -12860,7 +12878,25 @@ Lastly, I am defining some more packages here that the parser has problems findi
socketActivation.enable = false;
startWithUserSession = "graphical";
};
} // lib.optionalAttrs (inputs ? sops) {
sops = lib.mkIf (!isPublic && !isNixos) {
secrets = {
fever-pw = { path = "${homeDir}/.emacs.d/.fever"; };
emacs-radicale-pw = { };
};
templates = {
authinfo = {
path = "${homeDir}/.emacs.d/.authinfo";
content = ''
machine ${globals.services.radicale.domain} login ${radicaleUser} password ${config.sops.placeholder.emacs-radicale-pw}
'';
};
};
};
});
}
#+end_src
@ -12880,7 +12916,7 @@ The rest of the related configuration is found here:
- [[#h:f93f66f9-6b8b-478e-b139-b2f382c1f25e][waybarupdate]]
#+begin_src nix-ts :tangle modules/home/common/waybar.nix
{ self, config, lib, pkgs, ... }:
{ self, config, lib, inputs, pkgs, ... }:
let
inherit (config.swarselsystems) xdgDir;
generateIcons = n: lib.concatStringsSep " " (builtins.map (x: "{icon" + toString x + "}") (lib.range 0 (n - 1)));
@ -12934,7 +12970,7 @@ The rest of the related configuration is found here:
internal = true;
};
};
config = lib.mkIf config.swarselmodules.waybar {
config = lib.mkIf config.swarselmodules.waybar ({
swarselsystems = {
waybarModules = lib.mkIf config.swarselsystems.isLaptop (modulesLeft ++ [
@ -12942,16 +12978,12 @@ The rest of the related configuration is found here:
] ++ modulesRight);
};
sops.secrets = lib.mkIf (!config.swarselsystems.isPublic && !config.swarselsystems.isNixos) {
github-notifications-token = { path = "${xdgDir}/secrets/github-notifications-token"; };
};
services.playerctld.enable = true;
programs.waybar = {
enable = true;
systemd = {
enable = true;
enable = false;
# target = "sway-session.target";
inherit (config.wayland.systemd) target;
};
@ -13206,7 +13238,11 @@ The rest of the related configuration is found here:
};
style = builtins.readFile (self + /files/waybar/style.css);
};
} // lib.optionalAttrs (inputs ? sops) {
sops.secrets = lib.mkIf (!config.swarselsystems.isPublic && !config.swarselsystems.isNixos) {
github-notifications-token = { path = "${xdgDir}/secrets/github-notifications-token"; };
};
});
}
#+end_src
@ -13711,7 +13747,7 @@ I am currently using SwayFX, which adds some nice effects to sway, like rounded
Currently, I am too lazy to explain every option here, but most of it is very self-explaining in any case.
#+begin_src nix-ts :tangle modules/home/common/sway.nix
{ config, lib, vars, ... }:
{ config, lib, vars, nixosConfig ? config, ... }:
let
eachOutput = _: monitor: {
inherit (monitor) name;
@ -14094,6 +14130,7 @@ Currently, I am too lazy to explain every option here, but most of it is very se
export XDG_CURRENT_DESKTOP=sway;
export XDG_SESSION_DESKTOP=sway;
export _JAVA_AWT_WM_NONREPARENTING=1;
export GITHUB_NOTIFICATION_TOKEN_PATH=${nixosConfig.sops.secrets.github-notifications-token.path};
'' + vars.waylandExports;
# extraConfigEarly = "
# exec systemctl --user import-environment DISPLAY WAYLAND_DISPLAY SWAYSOCK
@ -14744,21 +14781,15 @@ This service changes the screen hue at night. I am not sure if that really does
#+begin_src nix-ts :tangle modules/home/common/anki.nix
{ lib, config, pkgs, globals, nixosConfig ? config, ... }:
{ lib, config, pkgs, globals, inputs, nixosConfig ? config, ... }:
let
moduleName = "anki";
inherit (config.swarselsystems) isPublic isNixos;
in
{
options.swarselmodules.${moduleName} = lib.mkEnableOption "enable ${moduleName} and settings";
config = lib.mkIf config.swarselmodules.${moduleName} {
sops = lib.mkIf (!isPublic && !isNixos) {
secrets = {
anki-user = { };
anki-pw = { };
};
};
config = lib.mkIf config.swarselmodules.${moduleName}
({
programs.anki = {
enable = true;
@ -14806,7 +14837,14 @@ This service changes the screen hue at night. I am not sure if that really does
})
];
};
} // lib.optionalAttrs (inputs ? sops) {
sops = lib.mkIf (!isPublic && !isNixos) {
secrets = {
anki-user = { };
anki-pw = { };
};
};
});
}
#+end_src

6
flake.lock generated
View file

@ -6365,11 +6365,11 @@
},
"nixpkgs-dev": {
"locked": {
"lastModified": 1759233809,
"narHash": "sha256-ww6JlKuclxzcBb+cb4GCnVw4PtI+7xd3J9/ctINWKeA=",
"lastModified": 1761589965,
"narHash": "sha256-ZtypYmGwo7wUOo88UKVAdUZCYCpvFM8O0bEmI7+NW5k=",
"owner": "Swarsel",
"repo": "nixpkgs",
"rev": "d3e334a2a4f9d50568bf03ec62cd445faac7ce9e",
"rev": "ed3254fbd834e5bfbf6bc9586d57307a92f1a269",
"type": "github"
},
"original": {

4
hosts/home/treehouse/default.nix
View file

@ -2,8 +2,8 @@
{
imports = [
inputs.stylix.homeManagerModules.stylix
inputs.sops-nix.homeManagerModules.sops
inputs.stylix.homeModules.stylix
# inputs.sops-nix.homeManagerModules.sops
inputs.nix-index-database.homeModules.nix-index
"${self}/modules/home"
"${self}/modules/nixos/common/pii.nix"

19
modules/home/common/anki.nix
View file

@ -1,18 +1,12 @@
{ lib, config, pkgs, globals, nixosConfig ? config, ... }:
{ lib, config, pkgs, globals, inputs, nixosConfig ? config, ... }:
let
moduleName = "anki";
inherit (config.swarselsystems) isPublic isNixos;
in
{
options.swarselmodules.${moduleName} = lib.mkEnableOption "enable ${moduleName} and settings";
config = lib.mkIf config.swarselmodules.${moduleName} {
sops = lib.mkIf (!isPublic && !isNixos) {
secrets = {
anki-user = { };
anki-pw = { };
};
};
config = lib.mkIf config.swarselmodules.${moduleName}
({
programs.anki = {
enable = true;
@ -60,6 +54,13 @@ in
})
];
};
} // lib.optionalAttrs (inputs ? sops) {
sops = lib.mkIf (!isPublic && !isNixos) {
secrets = {
anki-user = { };
anki-pw = { };
};
};
});
}

35
modules/home/common/emacs.nix
View file

@ -5,23 +5,8 @@ let
in
{
options.swarselmodules.emacs = lib.mkEnableOption "emacs settings";
config = lib.mkIf config.swarselmodules.emacs {
config = lib.mkIf config.swarselmodules.emacs ({
# needed for elfeed
sops = lib.mkIf (!isPublic && !isNixos) {
secrets = {
fever-pw = { path = "${homeDir}/.emacs.d/.fever"; };
emacs-radicale-pw = { };
};
templates = {
authinfo = {
path = "${homeDir}/.emacs.d/.authinfo";
content = ''
machine ${globals.services.radicale.domain} login ${radicaleUser} password ${config.sops.placeholder.emacs-radicale-pw}
'';
};
};
};
# enable emacs overlay for bleeding edge features
# also read init.el file and install use-package packages
programs.emacs = {
@ -91,5 +76,23 @@ in
socketActivation.enable = false;
startWithUserSession = "graphical";
};
} // lib.optionalAttrs (inputs ? sops) {
sops = lib.mkIf (!isPublic && !isNixos) {
secrets = {
fever-pw = { path = "${homeDir}/.emacs.d/.fever"; };
emacs-radicale-pw = { };
};
templates = {
authinfo = {
path = "${homeDir}/.emacs.d/.authinfo";
content = ''
machine ${globals.services.radicale.domain} login ${radicaleUser} password ${config.sops.placeholder.emacs-radicale-pw}
'';
};
};
};
});
}

19
modules/home/common/mail.nix
View file

@ -1,4 +1,4 @@
{ lib, config, nixosConfig ? config, ... }:
{ lib, config, inputs, nixosConfig ? config, ... }:
let
inherit (nixosConfig.repo.secrets.common.mail) address1 address2 address2-name address3 address3-name address4 address4-user address4-host;
inherit (nixosConfig.repo.secrets.common) fullName;
@ -6,14 +6,8 @@ let
in
{
options.swarselmodules.mail = lib.mkEnableOption "mail settings";
config = lib.mkIf config.swarselmodules.mail {
sops.secrets = lib.mkIf (!config.swarselsystems.isPublic && !config.swarselsystems.isNixos) {
address1-token = { path = "${xdgDir}/secrets/address1-token"; };
address2-token = { path = "${xdgDir}/secrets/address2-token"; };
address3-token = { path = "${xdgDir}/secrets/address3-token"; };
address4-token = { path = "${xdgDir}/secrets/address4-token"; };
};
config = lib.mkIf config.swarselmodules.mail
({
programs = {
mbsync = {
@ -187,5 +181,12 @@ in
};
};
};
} // lib.optionalAttrs (inputs ? sops) {
sops.secrets = lib.mkIf (!config.swarselsystems.isPublic && !config.swarselsystems.isNixos) {
address1-token = { path = "${xdgDir}/secrets/address1-token"; };
address2-token = { path = "${xdgDir}/secrets/address2-token"; };
address3-token = { path = "${xdgDir}/secrets/address3-token"; };
address4-token = { path = "${xdgDir}/secrets/address4-token"; };
};
});
}

8
modules/home/common/nixgl.nix
View file

@ -1,4 +1,4 @@
{ lib, config, nixgl, ... }:
{ lib, config, inputs, ... }:
{
options.swarselmodules.nixgl = lib.mkEnableOption "nixgl settings";
options.swarselsystems = {
@ -10,11 +10,11 @@
};
config = lib.mkIf config.swarselmodules.nixgl {
nixGL = lib.mkIf (!config.swarselsystems.isNixos) {
inherit (nixgl) packages;
inherit (inputs.nixgl) packages;
defaultWrapper = lib.mkDefault "mesa";
vulkan.enable = lib.mkDefault false;
prime = lib.mkIf config.swarselsystem.isSecondaryGpu {
card = config.swarselsystem.secondaryGpuCard;
prime = lib.mkIf config.swarselsystems.isSecondaryGpu {
card = config.swarselsystems.secondaryGpuCard;
installScript = "mesa";
};
offloadWrapper = lib.mkIf config.swarselsystem.isSecondaryGpu "mesaPrime";

21
modules/home/common/settings.nix
View file

@ -4,18 +4,25 @@ let
in
{
options.swarselmodules.general = lib.mkEnableOption "general nix settings";
config = lib.mkIf config.swarselmodules.general {
config =
let
nix-version = "2_30";
in
lib.mkIf config.swarselmodules.general {
nix = lib.mkIf (!config.swarselsystems.isNixos) {
package = lib.mkForce pkgs.nixVersions.nix_2_28;
package = lib.mkForce pkgs.nixVersions."nix_${nix-version}";
# extraOptions = ''
# plugin-files = ${pkgs.dev.nix-plugins}/lib/nix/plugins
# extra-builtins-file = ${self + /nix/extra-builtins.nix}
# '';
extraOptions = ''
plugin-files = ${pkgs.nix-plugins.overrideAttrs (o: {
buildInputs = [config.nix.package pkgs.boost];
patches = o.patches or [];
})}/lib/nix/plugins
extraOptions =
let
nix-plugins = pkgs.nix-plugins.override {
nixComponents = pkgs.nixVersions."nixComponents_${nix-version}";
};
in
''
plugin-files = ${nix-plugins}/lib/nix/plugins
extra-builtins-file = ${self + /nix/extra-builtins.nix}
'';
settings = {

4
modules/home/common/sops.nix
View file

@ -1,10 +1,10 @@
{ config, lib, ... }:
{ config, lib, inputs, ... }:
let
inherit (config.swarselsystems) homeDir;
in
{
options.swarselmodules.sops = lib.mkEnableOption "sops settings";
config = lib.mkIf config.swarselmodules.sops {
config = lib.optionalAttrs (inputs ? sops) {
sops = {
age.sshKeyPaths = [ "${homeDir}/.ssh/sops" "${homeDir}/.ssh/ssh_host_ed25519_key" ];
defaultSopsFile = "${homeDir}/.dotfiles/secrets/general/secrets.yaml";

4
modules/home/common/ssh.nix
View file

@ -30,6 +30,10 @@
hostname = "192.168.1.136";
user = "root";
};
"dgx" = {
hostname = "192.168.48.200";
user = "swarsel";
};
"winters" = {
hostname = "192.168.178.24";
user = "root";

3
modules/home/common/sway.nix
View file

@ -1,4 +1,4 @@
{ config, lib, vars, ... }:
{ config, lib, vars, nixosConfig ? config, ... }:
let
eachOutput = _: monitor: {
inherit (monitor) name;
@ -381,6 +381,7 @@ in
export XDG_CURRENT_DESKTOP=sway;
export XDG_SESSION_DESKTOP=sway;
export _JAVA_AWT_WM_NONREPARENTING=1;
export GITHUB_NOTIFICATION_TOKEN_PATH=${nixosConfig.sops.secrets.github-notifications-token.path};
'' + vars.waylandExports;
# extraConfigEarly = "
# exec systemctl --user import-environment DISPLAY WAYLAND_DISPLAY SWAYSOCK

14
modules/home/common/waybar.nix
View file

@ -1,4 +1,4 @@
{ self, config, lib, pkgs, ... }:
{ self, config, lib, inputs, pkgs, ... }:
let
inherit (config.swarselsystems) xdgDir;
generateIcons = n: lib.concatStringsSep " " (builtins.map (x: "{icon" + toString x + "}") (lib.range 0 (n - 1)));
@ -52,7 +52,7 @@ in
internal = true;
};
};
config = lib.mkIf config.swarselmodules.waybar {
config = lib.mkIf config.swarselmodules.waybar ({
swarselsystems = {
waybarModules = lib.mkIf config.swarselsystems.isLaptop (modulesLeft ++ [
@ -60,16 +60,12 @@ in
] ++ modulesRight);
};
sops.secrets = lib.mkIf (!config.swarselsystems.isPublic && !config.swarselsystems.isNixos) {
github-notifications-token = { path = "${xdgDir}/secrets/github-notifications-token"; };
};
services.playerctld.enable = true;
programs.waybar = {
enable = true;
systemd = {
enable = true;
enable = false;
# target = "sway-session.target";
inherit (config.wayland.systemd) target;
};
@ -324,5 +320,9 @@ in
};
style = builtins.readFile (self + /files/waybar/style.css);
};
} // lib.optionalAttrs (inputs ? sops) {
sops.secrets = lib.mkIf (!config.swarselsystems.isPublic && !config.swarselsystems.isNixos) {
github-notifications-token = { path = "${xdgDir}/secrets/github-notifications-token"; };
};
});
}

12
modules/home/common/yubikey.nix
View file

@ -1,15 +1,11 @@
{ lib, config, nixosConfig ? config, ... }:
{ lib, config, inputs, nixosConfig ? config, ... }:
let
inherit (config.swarselsystems) homeDir;
in
{
options.swarselmodules.yubikey = lib.mkEnableOption "yubikey settings";
config = lib.mkIf config.swarselmodules.yubikey {
sops.secrets = lib.mkIf (!config.swarselsystems.isPublic) {
u2f-keys = { path = "${homeDir}/.config/Yubico/u2f_keys"; };
};
config = lib.mkIf config.swarselmodules.yubikey ({
pam.yubico.authorizedYubiKeys = lib.mkIf (config.swarselsystems.isNixos && !config.swarselsystems.isPublic) {
ids = [
@ -17,5 +13,9 @@ in
nixosConfig.repo.secrets.common.yubikeys.dev2
];
};
} // lib.optionalAttrs (inputs ? sops) {
sops.secrets = lib.mkIf (!config.swarselsystems.isPublic) {
u2f-keys = { path = "${homeDir}/.config/Yubico/u2f_keys"; };
};
});
}

20
modules/home/common/zsh.nix
View file

@ -1,4 +1,4 @@
{ config, pkgs, lib, minimal, globals, nixosConfig ? config, ... }:
{ config, pkgs, lib, minimal, inputs, globals, nixosConfig ? config, ... }:
let
inherit (config.swarselsystems) flakePath;
crocDomain = globals.services.croc.domain;
@ -12,12 +12,7 @@ in
};
};
config = lib.mkIf config.swarselmodules.zsh
{
sops.secrets = lib.mkIf (!config.swarselsystems.isPublic && !config.swarselsystems.isNixos) {
croc-password = { };
github-nixpkgs-review-token = { };
};
({
programs.zsh = {
enable = true;
@ -129,11 +124,18 @@ in
'';
sessionVariables = lib.mkIf (!config.swarselsystems.isPublic) {
CROC_RELAY = crocDomain;
CROC_PASS = "$(cat ${nixosConfig.sops.secrets.croc-password.path})";
GITHUB_TOKEN = "$(cat ${nixosConfig.sops.secrets.github-nixpkgs-review-token.path})";
CROC_PASS = "$(cat ${nixosConfig.sops.secrets.croc-password.path or ""})";
GITHUB_TOKEN = "$(cat ${nixosConfig.sops.secrets.github-nixpkgs-review-token.path or ""})";
QT_QPA_PLATFORM_PLUGIN_PATH = "${pkgs.libsForQt5.qt5.qtbase.bin}/lib/qt-${pkgs.libsForQt5.qt5.qtbase.version}/plugins";
# QTWEBENGINE_CHROMIUM_FLAGS = "--no-sandbox";
};
};
} // lib.optionalAttrs (inputs ? sops) {
sops.secrets = lib.mkIf (!config.swarselsystems.isPublic && !config.swarselsystems.isNixos) {
croc-password = { };
github-nixpkgs-review-token = { };
};
});
}

3
modules/nixos/client/login.nix
View file

@ -7,12 +7,13 @@
settings = {
# initial_session.command = "sway";
initial_session.command = "uwsm start -- sway-uwsm.desktop";
# --cmd sway
default_session.command = ''
${pkgs.tuigreet}/bin/tuigreet \
--time \
--asterisks \
--user-menu \
--cmd sway
--cmd "uwsm start -- sway-uwsm.desktop"
'';
};
};

29
modules/nixos/common/settings.nix
View file

@ -60,8 +60,12 @@ in
sopsFile = "${config.swarselsystems.flakePath}/secrets/general/secrets.yaml";
};
nix = {
package = pkgs.nixVersions.nix_2_28;
nix =
let
nix-version = "2_30";
in
{
package = pkgs.nixVersions."nix_${nix-version}";
settings = {
experimental-features = [
"nix-command"
@ -78,11 +82,22 @@ in
# '' + lib.optionalString (!minimal) ''
# !include ${config.sops.secrets.github-api-token.path}
# '';
extraOptions = ''
plugin-files = ${pkgs.nix-plugins.overrideAttrs (o: {
buildInputs = [config.nix.package pkgs.boost];
patches = o.patches or [];
})}/lib/nix/plugins
# extraOptions = ''
# plugin-files = ${pkgs.nix-plugins.overrideAttrs (o: {
# buildInputs = [config.nix.package pkgs.boost];
# patches = o.patches or [];
# })}/lib/nix/plugins
# extra-builtins-file = ${self + /nix/extra-builtins.nix}
# '';
extraOptions =
let
nix-plugins = pkgs.nix-plugins.override {
nixComponents = pkgs.nixVersions."nixComponents_${nix-version}";
};
in
''
plugin-files = ${nix-plugins}/lib/nix/plugins
extra-builtins-file = ${self + /nix/extra-builtins.nix}
'' + lib.optionalString (!minimal) ''
!include ${config.sops.secrets.github-api-token.path}

24
nix/devshell.nix
View file

@ -46,9 +46,13 @@
};
};
devshells.default = {
devshells.default =
let
nix-version = "2_30";
in
{
packages = [
(builtins.trace "alarm: we pinned nix_2_28 because of https://github.com/shlevy/nix-plugins/issues/20" pkgs.nixVersions.nix_2_28) # Always use the nix version from this flake's nixpkgs version, so that nix-plugins (below) doesn't fail because of different nix versions.
(builtins.trace "alarm: pinned nix_${nix-version}" pkgs.nixVersions."nix_${nix-version}")
pkgs.git
pkgs.just
pkgs.age
@ -84,12 +88,12 @@
{
package = pkgs.nix-output-monitor;
help = "Nix Output Monitor (a drop-in alternative for `nix` which shows a build graph)";
name = "nom";
name = "nom \"$@\"";
}
{
name = "hm";
help = "Manage home-manager config";
command = "home-manager";
command = "home-manager \"$@\"";
}
{
name = "fmt";
@ -114,7 +118,7 @@
{
name = "bld";
help = "Build a number of configurations";
command = "swarel-build \"$@\"";
command = "swarsel-build \"$@\"";
}
{
name = "c";
@ -125,13 +129,19 @@
devshell.startup.pre-commit-install.text = "pre-commit install";
env = [
env =
let
nix-plugins = pkgs.nix-plugins.override {
nixComponents = pkgs.nixVersions."nixComponents_${nix-version}";
};
in
[
{
# Additionally configure nix-plugins with our extra builtins file.
# We need this for our repo secrets.
name = "NIX_CONFIG";
value = ''
plugin-files = ${pkgs.nix-plugins}/lib/nix/plugins
plugin-files = ${nix-plugins}/lib/nix/plugins
extra-builtins-file = ${self + /nix/extra-builtins.nix}
'';
}

2
nix/hosts.nix
View file

@ -93,7 +93,7 @@
modules = [
inputs.niri-flake.homeModules.niri
inputs.nix-index-database.homeModules.nix-index
inputs.sops-nix.homeManagerModules.sops
# inputs.sops-nix.homeManagerModules.sops
inputs.spicetify-nix.homeManagerModules.default
inputs.swarsel-nix.homeModules.default
"${self}/hosts/${type}/${configName}"