diff --git a/SwarselSystems.org b/SwarselSystems.org index 6918930..88d871a 100644 --- a/SwarselSystems.org +++ b/SwarselSystems.org @@ -1455,7 +1455,13 @@ This machine mainly acts as an external sync helper. It manages the following th #+end_src **** Moonside (OCI) +:PROPERTIES: +:CUSTOM_ID: h:f547ed16-5e6e-4744-9e33-af090e0a175b +:END: ***** Main Configuration +:PROPERTIES: +:CUSTOM_ID: h:a8f20a56-ce92-43d8-8bfe-3edccebf2bf9 +:END: #+begin_src nix :tangle hosts/nixos/moonside/default.nix { lib, config, primaryUser, ... }: @@ -1688,6 +1694,9 @@ This machine mainly acts as an external sync helper. It manages the following th #+end_src ***** hardware-configuration +:PROPERTIES: +:CUSTOM_ID: h:f99c05ab-f047-4350-b80a-4c1ff55b91bf +:END: loader.grub = { efiSupport = true; @@ -2307,6 +2316,9 @@ This is just a demo host. It applies all the configuration found in the common p I also set the =WLR_RENDERER_ALLOW_SOFTWARE=1= to allow this configuration to run in a virtualized environment. I also enable =qemuGuest= for a smoother experience when testing on QEMU. ***** Main configuration +:PROPERTIES: +:CUSTOM_ID: h:9f1f3439-b0af-4dcd-a96f-b6aa7b6cd2ab +:END: #+begin_src nix :tangle hosts/nixos/chaostheatre/default.nix { self, inputs, config, pkgs, lib, primaryUser, ... }: @@ -2384,6 +2396,9 @@ I also set the =WLR_RENDERER_ALLOW_SOFTWARE=1= to allow this configuration to ru #+end_src ***** NixOS dummy options configuration +:PROPERTIES: +:CUSTOM_ID: h:6f9c1a3b-452e-4944-86e8-cb17603cc3f9 +:END: #+begin_src nix :tangle hosts/nixos/chaostheatre/options.nix _: @@ -2392,6 +2407,9 @@ I also set the =WLR_RENDERER_ALLOW_SOFTWARE=1= to allow this configuration to ru #+end_src ***** home-manager dummy options configuration +:PROPERTIES: +:CUSTOM_ID: h:88ccb198-74b9-4269-8e22-af1277f44667 +:END: #+begin_src nix :tangle hosts/nixos/chaostheatre/options-home.nix _: @@ -4106,6 +4124,9 @@ AppImage version of mgba in which the lua scripting works. #+end_src **** swarsel-deploy +:PROPERTIES: +:CUSTOM_ID: h:c3362d4e-d3a8-43e8-9ef7-272b6de0572e +:END: #+begin_src nix :tangle pkgs/swarsel-deploy/default.nix # heavily inspired from https://github.com/oddlama/nix-config/blob/d42cbde676001a7ad8a3cace156e050933a4dcc3/pkgs/deploy.nix @@ -4235,6 +4256,9 @@ AppImage version of mgba in which the lua scripting works. #+end_src **** sshrm +:PROPERTIES: +:CUSTOM_ID: h:02842543-caca-4d4c-a4d2-7ac749b5c136 +:END: This programs simply runs ssh-keygen on the last host that I tried to ssh into. I need this frequently when working with cloud-init usually. @@ -4385,8 +4409,10 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a imports = lib.swarselsystems.mkImports profileNames "profiles/nixos"; } #+end_src - ***** Personal +:PROPERTIES: +:CUSTOM_ID: h:32d654de-8db2-403a-9a27-4c46d7b9172d +:END: #+begin_src nix :tangle profiles/nixos/personal/default.nix :mkdirp yes { lib, config, ... }: @@ -4455,6 +4481,9 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a #+end_src ***** Chaostheatre +:PROPERTIES: +:CUSTOM_ID: h:b79fbb59-9cf2-48eb-b469-2589223dda95 +:END: #+begin_src nix :tangle profiles/nixos/chaostheatre/default.nix :mkdirp yes { lib, config, ... }: @@ -4515,6 +4544,9 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a #+end_src ***** toto +:PROPERTIES: +:CUSTOM_ID: h:125443fb-deb6-44c9-83ee-bbd10daf78dd +:END: #+begin_src nix :tangle profiles/nixos/toto/default.nix :mkdirp yes { lib, config, ... }: @@ -4545,6 +4577,9 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a #+end_src ***** Work +:PROPERTIES: +:CUSTOM_ID: h:cb3631a8-9c1b-42f2-ab01-502c7b4c273d +:END: #+begin_src nix :tangle profiles/nixos/work/default.nix :mkdirp yes { lib, config, ... }: @@ -4564,6 +4599,9 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a #+end_src ***** Framework +:PROPERTIES: +:CUSTOM_ID: h:eb272c99-842a-4095-bc65-283562749300 +:END: #+begin_src nix :tangle profiles/nixos/framework/default.nix :mkdirp yes { lib, config, ... }: @@ -4583,6 +4621,9 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a #+end_src ***** AMD CPU +:PROPERTIES: +:CUSTOM_ID: h:b7beb4a5-8808-438d-8799-7f08f38fd1ba +:END: #+begin_src nix :tangle profiles/nixos/amdcpu/default.nix :mkdirp yes { lib, config, ... }: @@ -4602,6 +4643,9 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a #+end_src ***** AMD GPU +:PROPERTIES: +:CUSTOM_ID: h:79c71b6d-a1ad-447d-8940-bb5bfd71dced +:END: #+begin_src nix :tangle profiles/nixos/amdgpu/default.nix :mkdirp yes { lib, config, ... }: @@ -4621,6 +4665,9 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a #+end_src ***** Hibernation +:PROPERTIES: +:CUSTOM_ID: h:641d0a2a-0592-448a-a6e3-d0a9c330293e +:END: #+begin_src nix :tangle profiles/nixos/hibernation/default.nix :mkdirp yes { lib, config, ... }: @@ -4640,6 +4687,9 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a #+end_src ***** BTRFS +:PROPERTIES: +:CUSTOM_ID: h:0bb401e3-b195-4ff2-bc74-23c5a54d83d2 +:END: #+begin_src nix :tangle profiles/nixos/btrfs/default.nix :mkdirp yes { lib, config, ... }: @@ -4659,6 +4709,9 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a #+end_src ***** Local Server +:PROPERTIES: +:CUSTOM_ID: h:dfc076fd-ee74-4663-b164-653370c52b75 +:END: #+begin_src nix :tangle profiles/nixos/localserver/default.nix :mkdirp yes { lib, config, ... }: @@ -4712,6 +4765,9 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a #+end_src ***** OCI Sync Server +:PROPERTIES: +:CUSTOM_ID: h:9b7b50d1-57ad-41ca-94ab-74393aae01bf +:END: #+begin_src nix :tangle profiles/nixos/syncserver/default.nix :mkdirp yes { lib, config, ... }: @@ -4745,6 +4801,9 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a #+end_src ***** Moonside +:PROPERTIES: +:CUSTOM_ID: h:cc780ef2-7e5e-4835-b659-c731b306a320 +:END: #+begin_src nix :tangle profiles/nixos/moonside/default.nix :mkdirp yes { lib, config, ... }: @@ -4797,6 +4856,9 @@ This holds modules that are to be used on most hosts. These are also the most im #+end_src ***** Personal +:PROPERTIES: +:CUSTOM_ID: h:26512487-8c29-4b92-835b-d67394c3f5ef +:END: #+begin_src nix :tangle profiles/home/personal/default.nix :mkdirp yes { lib, config, ... }: @@ -4853,6 +4915,9 @@ This holds modules that are to be used on most hosts. These are also the most im #+end_src ***** Chaostheatre +:PROPERTIES: +:CUSTOM_ID: h:36a0209f-2c17-4808-a1d0-a9e1920c307a +:END: #+begin_src nix :tangle profiles/home/chaostheatre/default.nix :mkdirp yes { lib, config, ... }: @@ -4903,6 +4968,9 @@ This holds modules that are to be used on most hosts. These are also the most im #+end_src ***** toto +:PROPERTIES: +:CUSTOM_ID: h:e1d4f141-af11-448a-9796-fc822a8f77ec +:END: #+begin_src nix :tangle profiles/home/toto/default.nix :mkdirp yes { lib, config, ... }: @@ -4921,6 +4989,9 @@ This holds modules that are to be used on most hosts. These are also the most im #+end_src ***** Work +:PROPERTIES: +:CUSTOM_ID: h:7b091523-a5b0-48b6-8b03-4dc2405e2d81 +:END: #+begin_src nix :tangle profiles/home/work/default.nix :mkdirp yes { lib, config, ... }: @@ -4939,6 +5010,9 @@ This holds modules that are to be used on most hosts. These are also the most im #+end_src ***** Framework +:PROPERTIES: +:CUSTOM_ID: h:712b9d7f-16c0-42b3-b02b-6d79ee15cfcc +:END: #+begin_src nix :tangle profiles/home/framework/default.nix :mkdirp yes { lib, config, ... }: @@ -4958,6 +5032,9 @@ This holds modules that are to be used on most hosts. These are also the most im #+end_src ***** Darwin +:PROPERTIES: +:CUSTOM_ID: h:24e6d661-f498-478c-9008-e8d8c17432ca +:END: #+begin_src nix :tangle profiles/home/darwin/default.nix :mkdirp yes { lib, config, ... }: @@ -4974,6 +5051,9 @@ This holds modules that are to be used on most hosts. These are also the most im #+end_src ***** Local Server +:PROPERTIES: +:CUSTOM_ID: h:8027b858-369e-4f12-bbaf-f15eeee3d904 +:END: #+begin_src nix :tangle profiles/home/localserver/default.nix :mkdirp yes { lib, config, ... }: @@ -5207,7 +5287,13 @@ TODO #+end_src *** Auxiliary files +:PROPERTIES: +:CUSTOM_ID: h:23602ad9-91f6-4eba-943a-2308070fbaec +:END: **** extra-builtins +:PROPERTIES: +:CUSTOM_ID: h:87c7893e-e946-4fc0-8973-1ca27d15cf0e +:END: #+begin_src nix :tangle nix/extra-builtins.nix # adapted from https://github.com/oddlama/nix-config/blob/main/nix/extra-builtins.nix @@ -5240,6 +5326,9 @@ in #+end_src **** sops-decrypt-and-cache +:PROPERTIES: +:CUSTOM_ID: h:315e6ef6-27d5-4cd8-85ff-053eabe60ddb +:END: #+begin_src shell :tangle nix/sops-decrypt-and-cache.sh #!/usr/bin/env bash @@ -5284,6 +5373,9 @@ in fi #+end_src **** nix-topology +:PROPERTIES: +:CUSTOM_ID: h:46458265-074e-4368-ad9a-055877754914 +:END: #+begin_src nix :tangle topology/default.nix { config, ... }: @@ -5647,6 +5739,9 @@ A breakdown of the flags being set: #+end_src **** Share configuration between nodes +:PROPERTIES: +:CUSTOM_ID: h:5c3027b4-ba66-445e-9c5f-c27e332c90e5 +:END: #+begin_src nix :tangle modules/nixos/common/nodes.nix # adapted from https://github.com/oddlama/nix-config/blob/main/modules/distributed-config.nix @@ -5927,6 +6022,7 @@ Next, we will setup some environment variables that need to be set on the system { options.swarselsystems.modules.env = lib.mkEnableOption "environment config"; config = lib.mkIf config.swarselsystems.modules.env { + environment = { wordlist.enable = true; sessionVariables = { @@ -6401,6 +6497,9 @@ Setup timezone and locale. I want to use the US layout, but have the rest adapte #+end_src **** Meta options +:PROPERTIES: +:CUSTOM_ID: h:30b81bf9-1e69-4ce8-88af-5592896bcee4 +:END: #+begin_src nix :tangle modules/nixos/common/meta.nix @@ -6423,6 +6522,9 @@ Setup timezone and locale. I want to use the US layout, but have the rest adapte #+end_src **** Topology +:PROPERTIES: +:CUSTOM_ID: h:e2e7444b-cb85-4719-b154-e5f37274d02d +:END: #+begin_src nix :tangle modules/nixos/common/topology.nix { self, lib, config, ... }: @@ -6511,6 +6613,9 @@ I use sops-nix to handle secrets that I want to have available on my machines at #+end_src **** PII management +:PROPERTIES: +:CUSTOM_ID: h:82b8ede2-02d8-4c43-8952-7200ebd4dc23 +:END: #+begin_src nix :tangle modules/nixos/common/pii.nix # largely based on https://github.com/oddlama/nix-config/blob/main/modules/secrets.nix @@ -6882,6 +6987,9 @@ Most of the time I am using =power-saver=, however, it is good to be able to cho #+end_src ***** SwayOSD +:PROPERTIES: +:CUSTOM_ID: h:5db15758-17d8-4bde-811d-d11ccdd3f3d3 +:END: #+begin_src nix :tangle modules/nixos/common/swayosd.nix { lib, pkgs, config, ... }: @@ -8217,6 +8325,9 @@ Here I am forcing =startWhenNeeded= to false so that the value will not be set t #+end_src **** postgresql +:PROPERTIES: +:CUSTOM_ID: h:6ca43d5a-8ba6-4cd1-96b9-f088f11662c0 +:END: #+begin_src nix :tangle modules/nixos/server/postgresql.nix { config, lib, pkgs, ... }: @@ -9913,6 +10024,9 @@ FreshRSS claims to support HTTP header auth, but at least it does not work with #+end_src **** kanidm +:PROPERTIES: +:CUSTOM_ID: h:ee625136-29ab-4696-919f-7b0d0042f6dd +:END: The forgejo configuration is a little broken and will show a 500 error when signing in through kanidm. However, when pressing back and refreshing the page, I am logged in. Currently I cannot be bothered to fix this. @@ -10169,6 +10283,9 @@ To get other URLs (token, etc.), use https:///oauth2/openid//oauth2/openid//oauth2/openid//oauth2/openid/ - + SwarselSystems: NixOS + Emacs Configuration @@ -249,10 +249,10 @@
  • 3.1.3. Virtual hosts @@ -312,8 +312,8 @@
  • 3.2.1.27. fhs
  • 3.2.1.28. swarsel-displaypower
  • 3.2.1.29. swarsel-mgba
    • -
  • 3.2.1.30. swarsel-deploy
    • -
  • 3.2.1.31. sshrm
    • +
  • 3.2.1.30. swarsel-deploy
    • +
  • 3.2.1.31. sshrm
  • 3.2.2. Overlays (additions, overrides, nixpkgs-stable)
    • @@ -321,39 +321,39 @@
  • 3.2.4. Library functions
    • -
  • 3.2.5. Auxiliary files +
  • 3.2.5. Auxiliary files
    • @@ -365,7 +365,7 @@
  • 3.3.1.1. Imports, non-server settings
  • 3.3.1.2. Shared Configuration Options
  • 3.3.1.3. General NixOS settings (stateVersion)
    • -
  • 3.3.1.4. Share configuration between nodes
    • +
  • 3.3.1.4. Share configuration between nodes
  • 3.3.1.5. System Packages
  • 3.3.1.6. Setup home-manager base
  • 3.3.1.7. Setup home-manager specialArgs
    • @@ -379,10 +379,10 @@
  • 3.3.1.15. Pipewire
  • 3.3.1.16. Common network settings
  • 3.3.1.17. Time, locale settings
    • -
  • 3.3.1.18. Meta options
    • -
  • 3.3.1.19. Topology
    • +
  • 3.3.1.18. Meta options
    • +
  • 3.3.1.19. Topology
  • 3.3.1.20. sops
    • -
  • 3.3.1.21. PII management
    • +
  • 3.3.1.21. PII management
  • 3.3.1.22. Theme (stylix)
  • 3.3.1.23. Programs (including zsh setup)
  • 3.3.1.25. Hardware compatibility settings (Yubikey, Ledger, Keyboards) - udev rules @@ -436,7 +436,7 @@
  • 3.3.2.11. spotifyd
  • 3.3.2.12. mpd
  • 3.3.2.13. pipewire
    • -
  • 3.3.2.14. postgresql
    • +
  • 3.3.2.14. postgresql
  • 3.3.2.15. matrix
  • 3.3.2.16. nextcloud
  • 3.3.2.17. immich
    • @@ -450,10 +450,15 @@
  • 3.3.2.25. FreshRSS
  • 3.3.2.26. forgejo (git server)
  • 3.3.2.27. Anki Sync Server
    • -
  • 3.3.2.28. kanidm
    • -
  • 3.3.2.29. oauth2-proxy
    • -
  • 3.3.2.30. Firefly-III
    • -
  • 3.3.2.31. Koillection
    • +
  • 3.3.2.28. kanidm
    • +
  • 3.3.2.29. oauth2-proxy
    • +
  • 3.3.2.30. Firefly-III
    • +
  • 3.3.2.31. Koillection
    • +
  • 3.3.2.32. Atuin
    • +
  • 3.3.2.33. Radicale
    • +
  • 3.3.2.34. croc
    • +
  • 3.3.2.35. microbin
    • +
  • 3.3.2.36. shlink
  • 3.3.3. Darwin @@ -468,11 +473,11 @@
  • 3.3.4.3. VmWare
  • 3.3.4.4. Auto-login
  • 3.3.4.5. nswitch-rcm
    • -
  • 3.3.4.6. Framework
    • -
  • 3.3.4.7. AMD CPU
    • -
  • 3.3.4.8. AMD GPU
    • -
  • 3.3.4.9. Hibernation
    • -
  • 3.3.4.10. BTRFS
    • +
  • 3.3.4.6. Framework
    • +
  • 3.3.4.7. AMD CPU
    • +
  • 3.3.4.8. AMD GPU
    • +
  • 3.3.4.9. Hibernation
    • +
  • 3.3.4.10. BTRFS
  • 3.3.4.11. work
  • 3.3.4.12. Minimal Install
    • @@ -484,7 +489,7 @@
  • 3.4.1. Common
  • 3.4.2. Server @@ -546,7 +552,7 @@
    • @@ -724,7 +730,7 @@ @@ -733,7 +739,7 @@

    -This file has 69694 words spanning 18853 lines and was last revised on 2025-06-16 23:03:27 +0200. +This file has 71481 words spanning 19500 lines and was last revised on 2025-06-29 15:39:50 +0200.

    @@ -786,7 +792,7 @@ This section defines my Emacs configuration. For a while, I considered to use ry

    -My emacs is built using the emacs-overlay nix flake, which builds a bleeding edge emacs on wayland (pgtk) with utilities like treesitter support. By executing the below source block, the current build setting can be updated at any time, and you can see my most up-to-date build options (last updated: 2025-06-16 23:03:27 +0200) +My emacs is built using the emacs-overlay nix flake, which builds a bleeding edge emacs on wayland (pgtk) with utilities like treesitter support. By executing the below source block, the current build setting can be updated at any time, and you can see my most up-to-date build options (last updated: 2025-06-29 15:39:50 +0200)

    @@ -798,7 +804,7 @@ system-configuration-options 
    ---prefix=/nix/store/hwf3ap27kzhi83zfdbdps1xz771lnfgm-emacs-git-pgtk-20250524.0 --disable-build-details --with-modules --with-pgtk --with-compress-install --with-toolkit-scroll-bars --with-native-compilation --without-imagemagick --with-mailutils --without-small-ja-dic --with-tree-sitter --without-xinput2 --without-xwidgets --with-dbus --with-selinux
+--prefix=/nix/store/903l8w4515jym9sq67wdg4zqsi7wn654-emacs-git-pgtk-20250626.0 --disable-build-details --with-modules --with-pgtk --with-compress-install --with-toolkit-scroll-bars --with-native-compilation --without-imagemagick --with-mailutils --without-small-ja-dic --with-tree-sitter --without-xinput2 --without-xwidgets --with-dbus --with-selinux
    @@ -913,6 +919,7 @@ In outputs = inputs@ [...], the inputs@ makes it so th inputs = { nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; + nixpkgs-kernel.url = "github:NixOS/nixpkgs/063f43f2dbdef86376cc29ad646c45c46e93234c?narHash=sha256-6m1Y3/4pVw1RWTsrkAK2VMYSzG4MMIj7sqUy7o8th1o%3D"; #specifically pinned for kernel version nixpkgs-stable.url = "github:NixOS/nixpkgs/nixos-25.05"; nixpkgs-stable24_05.url = "github:NixOS/nixpkgs/nixos-24.05"; nixpkgs-stable24_11.url = "github:NixOS/nixpkgs/nixos-24.11"; @@ -1183,6 +1190,7 @@ This automatically creates a topology diagram of my configuration. 
     nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
+nixpkgs-kernel.url = "github:NixOS/nixpkgs/063f43f2dbdef86376cc29ad646c45c46e93234c?narHash=sha256-6m1Y3/4pVw1RWTsrkAK2VMYSzG4MMIj7sqUy7o8th1o%3D"; #specifically pinned for kernel version
 nixpkgs-stable.url = "github:NixOS/nixpkgs/nixos-25.05";
 nixpkgs-stable24_05.url = "github:NixOS/nixpkgs/nixos-24.05";
 nixpkgs-stable24_11.url = "github:NixOS/nixpkgs/nixos-24.11";
@@ -1883,7 +1891,7 @@ in
 
    3.1.2.1.2. hardware-configuration
    
 
    
 
    
-
    { config, lib, modulesPath, ... }:
+
    { config, lib, pkgs, modulesPath, ... }:
 {
   imports =
     [
@@ -1907,8 +1915,11 @@ in
   #   '';
 
   boot = {
+    kernelPackages = lib.mkDefault pkgs.kernel.linuxPackages;
+    binfmt.emulatedSystems = [ "aarch64-linux" ];
     initrd = {
       availableKernelModules = [ "nvme" "xhci_pci" "thunderbolt" "usb_storage" "cryptd" "usbhid" "sd_mod" "r8152" ];
+      # allow to remote build on arm (needed for moonside)
       kernelModules = [ "sg" ];
       luks.devices."cryptroot" = {
         # improve performance on ssds
@@ -2462,13 +2473,13 @@ in
    -
    -
    3.1.3.2. Moonside (OCI)
    -
    +
    +
    3.1.3.2. Moonside (OCI)
    +
    -
    -
    3.1.3.2.1. Main Configuration
    -
    +
    +
    3.1.3.2.1. Main Configuration
    +
    { lib, config, primaryUser, ... }:
 let
@@ -2702,9 +2713,9 @@ in
    -
    -
    3.1.3.2.2. hardware-configuration
    -
    +
    +
    3.1.3.2.2. hardware-configuration
    +

    loader.grub = { efiSupport = true; @@ -3346,9 +3357,9 @@ This is just a demo host. It applies all the configuration found in the common p I also set the WLR_RENDERER_ALLOW_SOFTWARE=1 to allow this configuration to run in a virtualized environment. I also enable qemuGuest for a smoother experience when testing on QEMU.

    -
    -
    3.1.4.4.1. Main configuration
    -
    +
    +
    3.1.4.4.1. Main configuration
    +
    { self, inputs, config, pkgs, lib, primaryUser, ... }:
 let
@@ -3426,9 +3437,9 @@ in
    -
    -
    3.1.4.4.2. NixOS dummy options configuration
    -
    +
    +
    3.1.4.4.2. NixOS dummy options configuration
    +
    _:
 { }
@@ -3437,9 +3448,9 @@ in
    -
    -
    3.1.4.4.3. home-manager dummy options configuration
    -
    +
    +
    3.1.4.4.3. home-manager dummy options configuration
    +
    _:
 { }
@@ -5219,9 +5230,9 @@ appimageTools.wrapType2 {
    -
    -
    3.2.1.30. swarsel-deploy
    -
    +
    +
    3.2.1.30. swarsel-deploy
    +
    # heavily inspired from https://github.com/oddlama/nix-config/blob/d42cbde676001a7ad8a3cace156e050933a4dcc3/pkgs/deploy.nix
 { name, bc, nix-output-monitor, writeShellApplication, ... }:
@@ -5351,9 +5362,9 @@ writeShellApplication {
    -
    -
    3.2.1.31. sshrm
    -
    +
    +
    3.2.1.31. sshrm
    +

    This programs simply runs ssh-keygen on the last host that I tried to ssh into. I need this frequently when working with cloud-init usually.

    @@ -5439,6 +5450,13 @@ let }; }; + nixpkgs-kernel = final: _: { + kernel = import inputs.nixpkgs-kernel { + inherit (final) system; + config.allowUnfree = true; + }; + }; + nixpkgs-stable24_05 = final: _: { stable24_05 = import inputs.nixpkgs-stable24_05 { inherit (final) system; @@ -5465,6 +5483,7 @@ in (additions final prev) // (modifications final prev) // (nixpkgs-stable final prev) + // (nixpkgs-kernel final prev) // (nixpkgs-stable24_05 final prev) // (nixpkgs-stable24_11 final prev) // (zjstatus final prev) @@ -5509,9 +5528,9 @@ in
    -
    -
    3.2.3.1.1. Personal
    -
    +
    +
    3.2.3.1.1. Personal
    +
    { lib, config, ... }:
 {
@@ -5580,9 +5599,9 @@ in
    -
    -
    3.2.3.1.2. Chaostheatre
    -
    +
    +
    3.2.3.1.2. Chaostheatre
    +
    { lib, config, ... }:
 {
@@ -5643,9 +5662,9 @@ in
    -
    -
    3.2.3.1.3. toto
    -
    +
    +
    3.2.3.1.3. toto
    +
    { lib, config, ... }:
 {
@@ -5676,9 +5695,9 @@ in
    -
    -
    3.2.3.1.4. Work
    -
    +
    +
    3.2.3.1.4. Work
    +
    { lib, config, ... }:
 {
@@ -5698,9 +5717,9 @@ in
    -
    -
    3.2.3.1.5. Framework
    -
    +
    +
    3.2.3.1.5. Framework
    +
    { lib, config, ... }:
 {
@@ -5720,9 +5739,9 @@ in
    -
    -
    3.2.3.1.6. AMD CPU
    -
    +
    +
    3.2.3.1.6. AMD CPU
    +
    { lib, config, ... }:
 {
@@ -5742,9 +5761,9 @@ in
    -
    -
    3.2.3.1.7. AMD GPU
    -
    +
    +
    3.2.3.1.7. AMD GPU
    +
    { lib, config, ... }:
 {
@@ -5764,9 +5783,9 @@ in
    -
    -
    3.2.3.1.8. Hibernation
    -
    +
    +
    3.2.3.1.8. Hibernation
    +
    { lib, config, ... }:
 {
@@ -5786,9 +5805,9 @@ in
    -
    -
    3.2.3.1.9. BTRFS
    -
    +
    +
    3.2.3.1.9. BTRFS
    +
    { lib, config, ... }:
 {
@@ -5808,9 +5827,9 @@ in
    -
    -
    3.2.3.1.10. Local Server
    -
    +
    +
    3.2.3.1.10. Local Server
    +
    { lib, config, ... }:
 {
@@ -5852,6 +5871,8 @@ in
           kanidm = lib.mkDefault true;
           firefly = lib.mkDefault true;
           koillection = lib.mkDefault true;
+          radicale = lib.mkDefault true;
+          atuin = lib.mkDefault true;
         };
       };
     };
@@ -5863,9 +5884,9 @@ in
    -
    -
    3.2.3.1.11. OCI Sync Server
    -
    +
    +
    3.2.3.1.11. OCI Sync Server
    +
    { lib, config, ... }:
 {
@@ -5900,9 +5921,9 @@ in
    -
    -
    3.2.3.1.12. Moonside
    -
    +
    +
    3.2.3.1.12. Moonside
    +
    { lib, config, ... }:
 {
@@ -5925,6 +5946,9 @@ in
           nginx = lib.mkDefault true;
           ssh = lib.mkDefault true;
           oauth2Proxy = lib.mkDefault true;
+          croc = lib.mkDefault true;
+          microbin = lib.mkDefault true;
+          shlink = lib.mkDefault true;
         };
       };
     };
@@ -5955,9 +5979,9 @@ in
    -
    -
    3.2.3.2.1. Personal
    -
    +
    +
    3.2.3.2.1. Personal
    +
    { lib, config, ... }:
 {
@@ -5980,6 +6004,7 @@ in
       passwordstore = lib.mkDefault true;
       direnv = lib.mkDefault true;
       eza = lib.mkDefault true;
+      atuin = lib.mkDefault true;
       git = lib.mkDefault true;
       fuzzel = lib.mkDefault true;
       starship = lib.mkDefault true;
@@ -6013,9 +6038,9 @@ in
    -
    -
    3.2.3.2.2. Chaostheatre
    -
    +
    +
    3.2.3.2.2. Chaostheatre
    +
    { lib, config, ... }:
 {
@@ -6066,9 +6091,9 @@ in
    -
    -
    3.2.3.2.3. toto
    -
    +
    +
    3.2.3.2.3. toto
    +
    { lib, config, ... }:
 {
@@ -6087,9 +6112,9 @@ in
    -
    -
    3.2.3.2.4. Work
    -
    +
    +
    3.2.3.2.4. Work
    +
    { lib, config, ... }:
 {
@@ -6108,9 +6133,9 @@ in
    -
    -
    3.2.3.2.5. Framework
    -
    +
    +
    3.2.3.2.5. Framework
    +
    { lib, config, ... }:
 {
@@ -6130,9 +6155,9 @@ in
    -
    -
    3.2.3.2.6. Darwin
    -
    +
    +
    3.2.3.2.6. Darwin
    +
    { lib, config, ... }:
 {
@@ -6149,9 +6174,9 @@ in
    -
    -
    3.2.3.2.7. Local Server
    -
    +
    +
    3.2.3.2.7. Local Server
    +
    { lib, config, ... }:
 {
@@ -6397,15 +6422,15 @@ in
    -
    -

    3.2.5. Auxiliary files

    -
    +
    +

    3.2.5. Auxiliary files

    +
    -
    -
    3.2.5.1. extra-builtins
    -
    +
    +
    3.2.5.1. extra-builtins
    +
    -
    +
    # adapted from https://github.com/oddlama/nix-config/blob/main/nix/extra-builtins.nix
 { exec, ... }:
 let
   assertMsg = pred: msg: pred || builtins.throw msg;
@@ -6424,7 +6449,7 @@ in
   sopsImportEncrypted =
     nixFile:
     assert assertMsg (builtins.isPath nixFile)
-      "The file to decrypt must be given as a path to prevent impurity.";
+      "The file to decrypt must be given as a path (not a string) to prevent impurity.";
     assert assertMsg (hasSuffix ".nix.enc" nixFile)
       "The content of the decrypted file must be a nix expression and should therefore end in .nix.enc";
     exec [
@@ -6437,12 +6462,12 @@ in
    -
    -
    3.2.5.2. sops-decrypt-and-cache
    -
    +
    +
    3.2.5.2. sops-decrypt-and-cache
    +
    #!/usr/bin/env bash
-
+# adapted from https://github.com/oddlama/nix-config/blob/main/nix/rage-decrypt-and-cache.sh
 set -euo pipefail
 
 print_out_path=false
@@ -6485,9 +6510,9 @@ fi
    -
    -
    3.2.5.3. nix-topology
    -
    +
    +
    3.2.5.3. nix-topology
    +
    { config, ... }:
 let
@@ -6870,33 +6895,19 @@ A breakdown of the flags being set:
    -
    -
    3.3.1.4. Share configuration between nodes
    -
    +
    +
    3.3.1.4. Share configuration between nodes
    +
    -
    { config, lib, outputs, ... }:
+
    # adapted from https://github.com/oddlama/nix-config/blob/main/modules/distributed-config.nix
+{ config, lib, outputs, ... }:
 let
-  inherit (lib)
-    attrNames
-    concatMap
-    concatStringsSep
-    foldl'
-    getAttrFromPath
-    mkMerge
-    mkOption
-    mkOptionType
-    optionals
-    recursiveUpdate
-    setAttrByPath
-    types
-    ;
-
   nodeName = config.node.name;
   mkForwardedOption =
     path:
-    mkOption {
-      type = mkOptionType {
-        name = "Same type that the receiving option `${concatStringsSep "." path}` normally accepts.";
+    lib.mkOption {
+      type = lib.mkOptionType {
+        name = "Same type that the receiving option `${lib.concatStringsSep "." path}` normally accepts.";
         merge =
           _loc: defs:
           builtins.filter (x: builtins.isAttrs x -> ((x._type or "") != "__distributed_config_empty")) (
@@ -6907,7 +6918,7 @@ let
         _type = "__distributed_config_empty";
       };
       description = ''
-        Anything specified here will be forwarded to `${concatStringsSep "." path}`
+        Anything specified here will be forwarded to `${lib.concatStringsSep "." path}`
         on the given node. Forwarding happens as-is to the raw values,
         so validity can only be checked on the receiving node.
       '';
@@ -6927,14 +6938,14 @@ let
   ];
 
   attrsForEachOption =
-    f: foldl' (acc: path: recursiveUpdate acc (setAttrByPath path (f path))) { } forwardedOptions;
+    f: lib.foldl' (acc: path: lib.recursiveUpdate acc (lib.setAttrByPath path (f path))) { } forwardedOptions;
 in
 {
-  options.nodes = mkOption {
+  options.nodes = lib.mkOption {
     description = "Options forwarded to the given node.";
     default = { };
-    type = types.attrsOf (
-      types.submodule {
+    type = lib.types.attrsOf (
+      lib.types.submodule {
         options = attrsForEachOption mkForwardedOption;
       }
     );
@@ -6947,8 +6958,8 @@ in
         let
           cfg = outputs.nixosConfigurations.${otherNode}.config.nodes.${nodeName} or null;
         in
-        optionals (cfg != null) (getAttrFromPath path cfg);
-      mergeConfigFromOthers = path: mkMerge (concatMap (getConfig path) (attrNames outputs.nixosConfigurations));
+        lib.optionals (cfg != null) (lib.getAttrFromPath path cfg);
+      mergeConfigFromOthers = path: lib.mkMerge (lib.concatMap (getConfig path) (lib.attrNames outputs.nixosConfigurations));
     in
     attrsForEachOption mergeConfigFromOthers;
 }
@@ -6972,7 +6983,6 @@ Mostly used to install some compilers and lsp's that I want to have available wh
       # yubikey packages
       gnupg
       yubikey-personalization
-      yubikey-personalization-gui
       yubico-pam
       yubioath-flutter
       yubikey-manager
@@ -7181,6 +7191,7 @@ Next, we will setup some environment variables that need to be set on the system
 {
   options.swarselsystems.modules.env = lib.mkEnableOption "environment config";
   config = lib.mkIf config.swarselsystems.modules.env {
+
     environment = {
       wordlist.enable = true;
       sessionVariables = {
@@ -7348,7 +7359,7 @@ Pipewire handles communication on Wayland. This enables several sound tools as w
 
    
 
 
    
-
    { lib, config, ... }:
+
    { lib, config, pkgs, ... }:
 {
   options.swarselsystems.modules.pipewire = lib.mkEnableOption "pipewire config";
   config = lib.mkIf config.swarselsystems.modules.pipewire {
@@ -7356,6 +7367,7 @@ Pipewire handles communication on Wayland. This enables several sound tools as w
 
     services.pipewire = {
       enable = true;
+      package = pkgs.stable.pipewire;
       pulse.enable = true;
       jack.enable = true;
       audio.enable = true;
@@ -7671,9 +7683,9 @@ Setup timezone and locale. I want to use the US layout, but have the rest adapte
    -
    -
    3.3.1.18. Meta options
    -
    +
    +
    3.3.1.18. Meta options
    +
    { lib, ... }:
 {
@@ -7695,9 +7707,9 @@ Setup timezone and locale. I want to use the US layout, but have the rest adapte
    -
    -
    3.3.1.19. Topology
    -
    +
    +
    3.3.1.19. Topology
    +
    { self, lib, config, ... }:
 {
@@ -7790,11 +7802,12 @@ in
    -
    -
    3.3.1.21. PII management
    -
    +
    +
    3.3.1.21. PII management
    +
    -
    { config, inputs, lib, ... }:
+
    # largely based on https://github.com/oddlama/nix-config/blob/main/modules/secrets.nix
+{ config, inputs, lib, ... }:
 let
 
   # If the given expression is a bare set, it will be wrapped in a function,
@@ -7952,7 +7965,7 @@ Here I disable global completion to prevent redundant compinit calls and cache i
 
    3.3.1.23.2. syncthing
    
 
    
 
    
-
    { lib, config, ... }:
+
    { lib, config, pkgs, ... }:
 let
   inherit (config.swarselsystems) mainUser homeDir;
 in
@@ -7961,51 +7974,52 @@ in
   config = lib.mkIf config.swarselsystems.modules.syncthing {
     services.syncthing = {
       enable = true;
+      package = pkgs.stable.syncthing;
       user = mainUser;
       dataDir = homeDir;
       configDir = "${homeDir}/.config/syncthing";
       openDefaultPorts = true;
+      overrideDevices = true;
+      overrideFolders = true;
       settings = {
+        options = {
+          urAccepted = -1;
+        };
         devices = {
           "magicant" = {
             id = "VMWGEE2-4HDS2QO-KNQOVGN-LXLX6LA-666E4EK-ZBRYRRO-XFEX6FB-6E3XLQO";
           };
-          "sync (@oracle)" = {
+          "sync@oracle" = {
             id = "ETW6TST-NPK7MKZ-M4LXMHA-QUPQHDT-VTSHH5X-CR5EIN2-YU7E55F-MGT7DQB";
           };
           "winters" = {
             id = "O7RWDMD-AEAHPP7-7TAVLKZ-BSWNBTU-2VA44MS-EYGUNBB-SLHKB3C-ZSLMOAA";
           };
-          "moonside (@oracle)" = {
+          "moonside@oracle" = {
             id = "VPCDZB6-MGVGQZD-Q6DIZW3-IZJRJTO-TCC3QUQ-2BNTL7P-AKE7FBO-N55UNQE";
           };
         };
         folders = {
           "Default Folder" = lib.mkDefault {
             path = "${homeDir}/Sync";
-            devices = [ "sync (@oracle)" "magicant" "winters" "moonside (@oracle)" ];
+            devices = [ "sync@oracle" "magicant" "winters" "moonside@oracle" ];
             id = "default";
           };
           "Obsidian" = {
             path = "${homeDir}/Nextcloud/Obsidian";
-            devices = [ "sync (@oracle)" "magicant" "winters" "moonside (@oracle)" ];
+            devices = [ "sync@oracle" "magicant" "winters" "moonside@oracle" ];
             id = "yjvni-9eaa7";
           };
           "Org" = {
             path = "${homeDir}/Nextcloud/Org";
-            devices = [ "sync (@oracle)" "magicant" "winters" "moonside (@oracle)" ];
+            devices = [ "sync@oracle" "magicant" "winters" "moonside@oracle" ];
             id = "a7xnl-zjj3d";
           };
           "Vpn" = {
             path = "${homeDir}/Vpn";
-            devices = [ "sync (@oracle)" "magicant" "winters" "moonside (@oracle)" ];
+            devices = [ "sync@oracle" "magicant" "winters" "moonside@oracle" ];
             id = "hgp9s-fyq3p";
           };
-          ".elfeed" = {
-            path = "${homeDir}/.elfeed";
-            devices = [ "sync (@oracle)" "magicant" "winters" "moonside (@oracle)" ];
-            id = "h7xbs-fs9v1";
-          };
         };
       };
     };
@@ -8186,9 +8200,9 @@ Most of the time I am using power-saver, however, it is good to be
    -
    -
    3.3.1.24.6. SwayOSD
    -
    +
    +
    3.3.1.24.6. SwayOSD
    +
    { lib, pkgs, config, ... }:
 {
@@ -9580,9 +9594,9 @@ in
    -
    -
    3.3.2.14. postgresql
    -
    +
    +
    3.3.2.14. postgresql
    +
    { config, lib, pkgs, ... }:
 let
@@ -10479,13 +10493,13 @@ in
           "magicant" = {
             id = "VMWGEE2-4HDS2QO-KNQOVGN-LXLX6LA-666E4EK-ZBRYRRO-XFEX6FB-6E3XLQO";
           };
-          "sync (@oracle)" = {
+          "sync@oracle" = {
             id = "ETW6TST-NPK7MKZ-M4LXMHA-QUPQHDT-VTSHH5X-CR5EIN2-YU7E55F-MGT7DQB";
           };
           "${workHostName}" = {
             id = "YAPV4BV-I26WPTN-SIP32MV-SQP5TBZ-3CHMTCI-Z3D6EP2-MNDQGLP-53FT3AB";
           };
-          "moonside (@oracle)" = {
+          "moonside@oracle" = {
             id = "VPCDZB6-MGVGQZD-Q6DIZW3-IZJRJTO-TCC3QUQ-2BNTL7P-AKE7FBO-N55UNQE";
           };
         };
@@ -10494,7 +10508,7 @@ in
             path = "/Vault/data/syncthing/Sync";
             type = "receiveonly";
             versioning = null;
-            devices = [ "sync (@oracle)" "magicant" "${workHostName}" "moonside (@oracle)" ];
+            devices = [ "sync@oracle" "magicant" "${workHostName}" "moonside@oracle" ];
             id = "default";
           };
           "Obsidian" = {
@@ -10504,7 +10518,7 @@ in
               type = "simple";
               params.keep = "5";
             };
-            devices = [ "sync (@oracle)" "magicant" "${workHostName}" "moonside (@oracle)" ];
+            devices = [ "sync@oracle" "magicant" "${workHostName}" "moonside@oracle" ];
             id = "yjvni-9eaa7";
           };
           "Org" = {
@@ -10514,7 +10528,7 @@ in
               type = "simple";
               params.keep = "5";
             };
-            devices = [ "sync (@oracle)" "magicant" "${workHostName}" "moonside (@oracle)" ];
+            devices = [ "sync@oracle" "magicant" "${workHostName}" "moonside@oracle" ];
             id = "a7xnl-zjj3d";
           };
           "Vpn" = {
@@ -10524,7 +10538,7 @@ in
               type = "simple";
               params.keep = "5";
             };
-            devices = [ "sync (@oracle)" "magicant" "${workHostName}" "moonside (@oracle)" ];
+            devices = [ "sync@oracle" "magicant" "${workHostName}" "moonside@oracle" ];
             id = "hgp9s-fyq3p";
           };
           # "Documents" = {
@@ -10534,7 +10548,7 @@ in
           #     type = "simple";
           #     params.keep = "5";
           #   };
-          #   devices = [ "magicant" "${workHostName}" "moonside (@oracle)" ];
+          #   devices = [ "magicant" "${workHostName}" "moonside@oracle" ];
           #   id = "hgr3d-pfu3w";
           # };
         };
@@ -11299,9 +11313,9 @@ in
    -
    -
    3.3.2.28. kanidm
    -
    +
    +
    3.3.2.28. kanidm
    +

    The forgejo configuration is a little broken and will show a 500 error when signing in through kanidm. However, when pressing back and refreshing the page, I am logged in. Currently I cannot be bothered to fix this.

    @@ -11391,6 +11405,7 @@ in "navidrome.access" = { }; "freshrss.access" = { }; "firefly.access" = { }; + "radicale.access" = { }; }; inherit (config.repo.secrets.local) persons; @@ -11506,6 +11521,11 @@ in "email" "profile" ]; + "radicale.access" = [ + "openid" + "email" + "profile" + ]; }; preferShortUsername = true; claimMaps.groups = { @@ -11514,6 +11534,7 @@ in "freshrss.access" = [ "ttrss_access" ]; "navidrome.access" = [ "navidrome_access" ]; "firefly.access" = [ "firefly_access" ]; + "radicale.access" = [ "radicale_access" ]; }; }; }; @@ -11557,9 +11578,9 @@ in
    -
    -
    3.3.2.29. oauth2-proxy
    -
    +
    +
    3.3.2.29. oauth2-proxy
    +
    { lib, config, ... }:
 let
@@ -11570,6 +11591,7 @@ in
 {
   options = {
     swarselsystems.modules.server.oauth2Proxy = lib.mkEnableOption "enable oauth2-proxy on server";
+    # largely based on https://github.com/oddlama/nix-config/blob/main/modules/oauth2-proxy.nix
     services.nginx.virtualHosts = lib.mkOption {
       type = lib.types.attrsOf (
         lib.types.submodule (
@@ -11620,8 +11642,9 @@ in
                     extraConfig = lib.optionalString locationSubmodule.config.setOauth2Headers ''
                       proxy_set_header X-User         $user;
                       proxy_set_header Remote-User    $user;
+                      proxy_set_header X-Remote-User  $user;
                       proxy_set_header X-Email        $email;
-                      proxy_set_header X-Access-Token $token;
+                      # proxy_set_header X-Access-Token $token;
                       add_header Set-Cookie           $auth_cookie;
                     '' + lib.optionalString locationSubmodule.config.bypassAuth ''
                       auth_request off;
@@ -11641,7 +11664,7 @@ in
                 auth_request_set $user  ${config.oauth2.X-User};
                 auth_request_set $email ${config.oauth2.X-Email};
                 # if you enabled --pass-access-token, this will pass the token to the backend
-                auth_request_set $token ${config.oauth2.X-Access-Token};
+                # auth_request_set $token ${config.oauth2.X-Access-Token};
                 # if you enabled --cookie-refresh, this is needed for it to work with auth_request
                 auth_request_set $auth_cookie $upstream_http_set_cookie;
               '';
@@ -11778,9 +11801,9 @@ in
    -
    -
    3.3.2.30. Firefly-III
    -
    +
    +
    3.3.2.30. Firefly-III
    +
    { self, lib, config, ... }:
 let
@@ -11823,6 +11846,7 @@ in
           APP_ENV = "local";
           DB_CONNECTION = "sqlite";
           TRUSTED_PROXIES = "**";
+          # turning these on breaks api access using the waterfly app
           # AUTHENTICATION_GUARD = "remote_user_guard";
           # AUTHENTICATION_GUARD_HEADER = "X-User";
           # AUTHENTICATION_GUARD_EMAIL = "X-Email";
@@ -11885,9 +11909,9 @@ in
    -
    -
    3.3.2.31. Koillection
    -
    +
    +
    3.3.2.31. Koillection
    +
    { self, lib, config, ... }:
 let
@@ -12012,6 +12036,457 @@ in
    +
    +
    3.3.2.32. Atuin
    +
    +
    +
    { lib, config, ... }:
+let
+  serviceDomain = "shellhistory.swarsel.win";
+  servicePort = 8888;
+  serviceName = "atuin";
+in
+{
+  options.swarselsystems.modules.server."${serviceName}" = lib.mkEnableOption "enable ${serviceName} on server";
+  config = lib.mkIf config.swarselsystems.modules.server."${serviceName}" {
+
+    topology.self.services.atuin.info = "https://${serviceDomain}";
+
+    services.atuin = {
+      enable = true;
+      host = "0.0.0.0";
+      port = servicePort;
+      openFirewall = true;
+      openRegistration = false;
+    };
+
+    nodes.moonside.services.nginx = {
+      upstreams = {
+        "${serviceName}" = {
+          servers = {
+            "192.168.1.2:${builtins.toString servicePort}" = { };
+          };
+        };
+      };
+      virtualHosts = {
+        "${serviceDomain}" = {
+          enableACME = true;
+          forceSSL = true;
+          acmeRoot = null;
+          locations = {
+            "/" = {
+              proxyPass = "http://${serviceName}";
+              extraConfig = ''
+                client_max_body_size    0;
+              '';
+            };
+          };
+        };
+      };
+    };
+
+  };
+
+}
+
    +
    +
    +
    +
    +
    3.3.2.33. Radicale
    +
    +
    +
    { self, lib, config, ... }:
+let
+  inherit (config.repo.secrets.local.radicale) user1;
+  sopsFile = self + /secrets/winters/secrets2.yaml;
+  serviceDomain = "schedule.swarsel.win";
+  servicePort = 8000;
+  serviceName = "radicale";
+  serviceUser = "radicale";
+  serviceGroup = serviceUser;
+
+  cfg = config.services."${serviceName}";
+in
+{
+  options.swarselsystems.modules.server."${serviceName}" = lib.mkEnableOption "enable ${serviceName} on server";
+  config = lib.mkIf config.swarselsystems.modules.server."${serviceName}" {
+
+    sops = {
+      secrets.radicale-user = { inherit sopsFile; owner = serviceUser; group = serviceGroup; mode = "0440"; };
+
+      templates = {
+        "radicale-users" = {
+          content = ''
+            ${user1}:${config.sops.placeholder.radicale-user}
+          '';
+          owner = serviceUser;
+          group = serviceGroup;
+          mode = "0440";
+        };
+      };
+    };
+
+    topology.self.services.radicale.info = "https://${serviceDomain}";
+
+    services.radicale = {
+      enable = true;
+      settings = {
+        server = {
+          hosts = [
+            "0.0.0.0:${builtins.toString servicePort}"
+            "[::]:${builtins.toString servicePort}"
+          ];
+        };
+        auth = {
+          type = "htpasswd";
+          htpasswd_filename = config.sops.templates.radicale-users.path;
+          htpasswd_encryption = "autodetect";
+        };
+        storage = {
+          filesystem_folder = "/Vault/data/radicale/collections";
+        };
+      };
+      rights = {
+        # all: match authenticated users only
+        root = {
+          user = ".+";
+          collection = "";
+          permissions = "R";
+        };
+        principal = {
+          user = ".+";
+          collection = "{user}";
+          permissions = "RW";
+        };
+        calendars = {
+          user = ".+";
+          collection = "{user}/[^/]+";
+          permissions = "rw";
+        };
+      };
+    };
+
+    systemd.tmpfiles.rules = [
+      "d '${cfg.settings.storage.filesystem_folder}'        0750 ${serviceUser} ${serviceGroup} - -"
+    ];
+
+    networking.firewall.allowedTCPPorts = [ servicePort ];
+    networking.firewall.allowedUDPPorts = [ servicePort ];
+
+    nodes.moonside.services.nginx = {
+      upstreams = {
+        "${serviceName}" = {
+          servers = {
+            "192.168.1.2:${builtins.toString servicePort}" = { };
+          };
+        };
+      };
+      virtualHosts = {
+        "${serviceDomain}" = {
+          enableACME = true;
+          forceSSL = true;
+          acmeRoot = null;
+          oauth2.enable = false;
+          locations = {
+            "/" = {
+              proxyPass = "http://${serviceName}";
+              extraConfig = ''
+                client_max_body_size 16M;
+              '';
+            };
+          };
+        };
+      };
+    };
+
+  };
+
+}
+
    +
    +
    +
    +
    +
    3.3.2.34. croc
    +
    +
    +
    { lib, config, pkgs, ... }:
+let
+  serviceDomain = "send.swarsel.win";
+  servicePorts = [
+    9009
+    9010
+    9011
+    9012
+    9013
+  ];
+  serviceName = "croc";
+
+  cfg = config.services.croc;
+in
+{
+  options.swarselsystems.modules.server."${serviceName}" = lib.mkEnableOption "enable ${serviceName} on server";
+  config = lib.mkIf config.swarselsystems.modules.server."${serviceName}" {
+
+    sops = {
+      secrets = {
+        croc-password = { };
+      };
+
+      templates = {
+        "croc-env" = {
+          content = ''
+            CROC_PASS="${config.sops.placeholder.croc-password}"
+          '';
+        };
+      };
+    };
+
+    topology.self.services.croc.info = "https://${serviceDomain}";
+
+    services.croc = {
+      enable = true;
+      ports = servicePorts;
+      pass = config.sops.secrets.croc-password.path;
+      openFirewall = true;
+    };
+
+
+    systemd.services = {
+      "${serviceName}" = {
+        serviceConfig = {
+          ExecStart = lib.mkForce "${pkgs.croc}/bin/croc ${lib.optionalString cfg.debug "--debug"} relay --ports ${
+            lib.concatMapStringsSep "," toString cfg.ports}";
+          EnvironmentFile = [
+            config.sops.templates.croc-env.path
+          ];
+        };
+      };
+    };
+
+    # ports are opened on the firewall for croc, no nginx config
+
+  };
+
+}
+
    +
    +
    +
    +
    +
    3.3.2.35. microbin
    +
    +
    +
    { lib, config, ... }:
+let
+  serviceDomain = "scratch.swarsel.win";
+  servicePort = 8777;
+  serviceName = "microbin";
+  serviceUser = "microbin";
+  serviceGroup = serviceUser;
+
+  cfg = config.services."${serviceName}";
+in
+{
+  options.swarselsystems.modules.server."${serviceName}" = lib.mkEnableOption "enable ${serviceName} on server";
+  config = lib.mkIf config.swarselsystems.modules.server."${serviceName}" {
+
+    users = {
+      groups."${serviceGroup}" = { };
+
+      users."${serviceUser}" = {
+        isSystemUser = true;
+        group = serviceGroup;
+      };
+    };
+
+    sops = {
+      secrets = {
+        microbin-admin-username = { owner = serviceUser; group = serviceGroup; mode = "0440"; };
+        microbin-admin-password = { owner = serviceUser; group = serviceGroup; mode = "0440"; };
+        microbin-uploader-password = { owner = serviceUser; group = serviceGroup; mode = "0440"; };
+      };
+
+      templates = {
+        "microbin-env" = {
+          content = ''
+            MICROBIN_ADMIN_USERNAME="${config.sops.placeholder.microbin-admin-username}"
+            MICROBIN_ADMIN_PASSWORD="${config.sops.placeholder.microbin-admin-password}"
+            MICROBIN_UPLOADER_PASSWORD="${config.sops.placeholder.microbin-uploader-password}"
+          '';
+          owner = serviceUser;
+          group = serviceGroup;
+          mode = "0440";
+        };
+      };
+    };
+
+    topology.self.services."${serviceName}".info = "https://${serviceDomain}";
+
+    services."${serviceName}" = {
+      enable = true;
+      passwordFile = config.sops.templates.microbin-env.path;
+      dataDir = "/var/lib/microbin";
+      settings = {
+        MICROBIN_HIDE_LOGO = true;
+        MICROBIN_PORT = servicePort;
+        MICROBIN_EDITABLE = true;
+        MICROBIN_HIDE_HEADER = true;
+        MICROBIN_HIDE_FOOTER = true;
+        MICROBIN_NO_LISTING = false;
+        MICROBIN_HIGHLIGHTSYNTAX = true;
+        MICROBIN_BIND = "0.0.0.0";
+        MICROBIN_PRIVATE = true;
+        MICROBIN_PUBLIC_PATH = "https://${serviceDomain}";
+        MICROBIN_READONLY = true;
+        MICROBIN_SHOW_READ_STATS = true;
+        MICROBIN_TITLE = "~SwarselScratch~";
+        MICROBIN_THREADS = 1;
+        MICROBIN_GC_DAYS = 30;
+        MICROBIN_ENABLE_BURN_AFTER = true;
+        MICROBIN_QR = true;
+        MICROBIN_ETERNAL_PASTA = true;
+        MICROBIN_ENABLE_READONLY = true;
+        MICROBIN_DEFAULT_EXPIRY = "1week";
+        MICROBIN_NO_FILE_UPLOAD = false;
+        MICROBIN_MAX_FILE_SIZE_ENCRYPTED_MB = 256;
+        MICROBIN_MAX_FILE_SIZE_UNENCRYPTED_MB = 1024;
+        MICROBIN_DISABLE_UPDATE_CHECKING = true;
+        MICROBIN_DISABLE_TELEMETRY = true;
+        MICROBIN_LIST_SERVER = false;
+      };
+    };
+
+    systemd.services = {
+      "${serviceName}" = {
+        serviceConfig = {
+          DynamicUser = lib.mkForce false;
+          User = serviceUser;
+          Group = serviceGroup;
+        };
+      };
+    };
+
+    networking.firewall.allowedTCPPorts = [ servicePort ];
+
+    environment.persistence."/persist".directories = lib.mkIf config.swarselsystems.isImpermanence [
+      { directory = cfg.dataDir; user = serviceUser; group = serviceGroup; mode = "0700"; }
+    ];
+
+    services.nginx = {
+      upstreams = {
+        "${serviceName}" = {
+          servers = {
+            "localhost:${builtins.toString servicePort}" = { };
+          };
+        };
+      };
+      virtualHosts = {
+        "${serviceDomain}" = {
+          enableACME = true;
+          forceSSL = true;
+          acmeRoot = null;
+          locations = {
+            "/" = {
+              proxyPass = "http://${serviceName}";
+              extraConfig = ''
+                client_max_body_size 1G;
+              '';
+            };
+          };
+        };
+      };
+    };
+
+  };
+
+}
+
    +
    +
    +
    +
    +
    3.3.2.36. shlink
    +
    +
    +
    { lib, config, ... }:
+let
+  serviceDomain = "s.swarsel.win";
+  servicePort = 8081;
+  serviceName = "shlink";
+  containerRev = "sha256:1a697baca56ab8821783e0ce53eb4fb22e51bb66749ec50581adc0cb6d031d7a";
+in
+{
+  options = {
+    swarselsystems.modules.server."${serviceName}" = lib.mkEnableOption "enable ${serviceName} on server";
+  };
+  config = lib.mkIf config.swarselsystems.modules.server."${serviceName}" {
+
+    sops = {
+      secrets = {
+        shlink-api = {  };
+      };
+
+      templates = {
+        "shlink-env" = {
+          content = ''
+            INITIAL_API_KEY=${config.sops.placeholder.shlink-api}
+          '';
+        };
+      };
+    };
+
+    virtualisation.oci-containers.containers."shlink" = {
+      image = "shlinkio/shlink@${containerRev}";
+      environment = {
+        "DEFAULT_DOMAIN" = serviceDomain;
+        "PORT" = "${builtins.toString servicePort}";
+        "USE_HTTPS" = "false";
+        "DEFAULT_SHORT_CODES_LENGTH" = "4";
+        "WEB_WORKER_NUM" = "1";
+        "TASK_WORKER_NUM" = "1";
+      };
+      environmentFiles = [
+        config.sops.templates.shlink-env.path
+      ];
+      ports = [ "${builtins.toString servicePort}:${builtins.toString servicePort}" ];
+      volumes = [ ];
+    };
+
+    networking.firewall.allowedTCPPorts = [ servicePort ];
+
+    environment.persistence."/persist".directories = lib.mkIf config.swarselsystems.isImpermanence [
+      { directory = "/var/lib/containers"; }
+    ];
+
+    services.nginx = {
+      upstreams = {
+        "${serviceName}" = {
+          servers = {
+            "localhost:${builtins.toString servicePort}" = { };
+          };
+        };
+      };
+      virtualHosts = {
+        "${serviceDomain}" = {
+          enableACME = true;
+          forceSSL = true;
+          acmeRoot = null;
+          locations = {
+            "/" = {
+              proxyPass = "http://${serviceName}";
+            };
+          };
+        };
+      };
+    };
+  };
+}
+
    +
    +
    +

    3.3.3. Darwin

    @@ -12078,32 +12553,32 @@ This opens a few gaming ports and installs the steam configuration suite for gam pkgs.proton-ge-bin ]; }; - specialisation = { - gaming.configuration = { - networking = { - firewall.enable = lib.mkForce false; - firewall = { - allowedUDPPorts = [ 4380 27036 14242 34197 ]; # 34197: factorio; 4380 27036 14242: barotrauma; - allowedTCPPorts = [ ]; # 34197: factorio; 4380 27036 14242: barotrauma; 51820: wireguard - allowedTCPPortRanges = [ - { from = 27015; to = 27030; } # barotrauma - { from = 27036; to = 27037; } # barotrauma - ]; - allowedUDPPortRanges = [ - { from = 27000; to = 27031; } # barotrauma - { from = 58962; to = 58964; } # barotrauma - ]; - }; - }; + # specialisation = { + # gaming.configuration = { + # networking = { + # firewall.enable = lib.mkForce false; + # firewall = { + # allowedUDPPorts = [ 4380 27036 14242 34197 ]; # 34197: factorio; 4380 27036 14242: barotrauma; + # allowedTCPPorts = [ ]; # 34197: factorio; 4380 27036 14242: barotrauma; 51820: wireguard + # allowedTCPPortRanges = [ + # { from = 27015; to = 27030; } # barotrauma + # { from = 27036; to = 27037; } # barotrauma + # ]; + # allowedUDPPortRanges = [ + # { from = 27000; to = 27031; } # barotrauma + # { from = 58962; to = 58964; } # barotrauma + # ]; + # }; + # }; - hardware.xone.enable = true; + # hardware.xone.enable = true; - environment.systemPackages = [ - pkgs.linuxKernel.packages.linux_6_12.xone - ]; - }; - }; + # environment.systemPackages = [ + # pkgs.linuxKernel.packages.linux_6_12.xone + # ]; + # }; + # }; }; } @@ -12224,9 +12699,9 @@ This smashes Atmosphere 1.3.2 on the switch, which is what I am currenty using.
    -
    -
    3.3.4.6. Framework
    -
    +
    +
    3.3.4.6. Framework
    +

    This holds configuration that is specific to framework laptops.

    @@ -12263,9 +12738,9 @@ This holds configuration that is specific to framework laptops.
    -
    -
    3.3.4.7. AMD CPU
    -
    +
    +
    3.3.4.7. AMD CPU
    +
    { lib, config, ... }:
 {
@@ -12280,9 +12755,9 @@ This holds configuration that is specific to framework laptops.
    -
    -
    3.3.4.8. AMD GPU
    -
    +
    +
    3.3.4.8. AMD GPU
    +
    { lib, config, ... }:
 {
@@ -12303,9 +12778,9 @@ This holds configuration that is specific to framework laptops.
    -
    -
    3.3.4.9. Hibernation
    -
    +
    +
    3.3.4.9. Hibernation
    +
    { lib, config, ... }:
 {
@@ -12335,9 +12810,9 @@ This holds configuration that is specific to framework laptops.
    -
    -
    3.3.4.10. BTRFS
    -
    +
    +
    3.3.4.10. BTRFS
    +
    { lib, config, ... }:
 {
@@ -12536,13 +13011,13 @@ in
           "winters" = {
             id = "O7RWDMD-AEAHPP7-7TAVLKZ-BSWNBTU-2VA44MS-EYGUNBB-SLHKB3C-ZSLMOAA";
           };
-          "moonside (@oracle)" = {
+          "moonside@oracle" = {
             id = "VPCDZB6-MGVGQZD-Q6DIZW3-IZJRJTO-TCC3QUQ-2BNTL7P-AKE7FBO-N55UNQE";
           };
           folders = {
             "Documents" = {
               path = "${homeDir}/Documents";
-              devices = [ "magicant" "winters" "moonside (@oracle)" ];
+              devices = [ "magicant" "winters" "moonside@oracle" ];
               id = "hgr3d-pfu3w";
             };
           };
@@ -12564,14 +13039,14 @@ in
     ];
 
     # cgroups v1 is required for centos7 dockers
-    specialisation = {
-      cgroup_v1.configuration = {
-        boot.kernelParams = [
-          "SYSTEMD_CGROUP_ENABLE_LEGACY_FORCE=1"
-          "systemd.unified_cgroup_hierarchy=0"
-        ];
-      };
-    };
+    # specialisation = {
+    #   cgroup_v1.configuration = {
+    #     boot.kernelParams = [
+    #       "SYSTEMD_CGROUP_ENABLE_LEGACY_FORCE=1"
+    #       "systemd.unified_cgroup_hierarchy=0"
+    #     ];
+    #   };
+    # };
   };
 
 }
@@ -12692,7 +13167,7 @@ in
    -
    3.4.1.2. Shared Configuration Options
    +
    3.4.1.2. Shared Configuration Options (hold firefox config parts)

    Provides settings related to nix-darwin systems. At the moment, I am only making use of a isDarwin flag. @@ -12705,16 +13180,6 @@ Set in firefox about:config > toolkit.legacyUserProfileCustomizations.s 

    { self, lib, pkgs, ... }:
-let
-  lock-false = {
-    Value = false;
-    Status = "locked";
-  };
-  lock-true = {
-    Value = true;
-    Status = "locked";
-  };
-in
 {
   options.swarselsystems = {
     isLaptop = lib.mkEnableOption "laptop host";
@@ -12869,22 +13334,22 @@ in
         settings =
           {
             "extensions.autoDisableScopes" = 0;
-            "browser.bookmarks.showMobileBookmarks" = lock-true;
-            "toolkit.legacyUserProfileCustomizations.stylesheets" = lock-true;
-            "browser.search.suggest.enabled" = lock-false;
-            "browser.search.suggest.enabled.private" = lock-false;
-            "browser.urlbar.suggest.searches" = lock-false;
-            "browser.urlbar.showSearchSuggestionsFirst" = lock-false;
-            "browser.topsites.contile.enabled" = lock-false;
-            "browser.newtabpage.activity-stream.feeds.section.topstories" = lock-false;
-            "browser.newtabpage.activity-stream.feeds.snippets" = lock-false;
-            "browser.newtabpage.activity-stream.section.highlights.includePocket" = lock-false;
-            "browser.newtabpage.activity-stream.section.highlights.includeBookmarks" = lock-false;
-            "browser.newtabpage.activity-stream.section.highlights.includeDownloads" = lock-false;
-            "browser.newtabpage.activity-stream.section.highlights.includeVisited" = lock-false;
-            "browser.newtabpage.activity-stream.showSponsored" = lock-false;
-            "browser.newtabpage.activity-stream.system.showSponsored" = lock-false;
-            "browser.newtabpage.activity-stream.showSponsoredTopSites" = lock-false;
+            "browser.bookmarks.showMobileBookmarks" = true;
+            "toolkit.legacyUserProfileCustomizations.stylesheets" = true;
+            "browser.search.suggest.enabled" = false;
+            "browser.search.suggest.enabled.private" = false;
+            "browser.urlbar.suggest.searches" = false;
+            "browser.urlbar.showSearchSuggestionsFirst" = false;
+            "browser.topsites.contile.enabled" = false;
+            "browser.newtabpage.activity-stream.feeds.section.topstories" = false;
+            "browser.newtabpage.activity-stream.feeds.snippets" = false;
+            "browser.newtabpage.activity-stream.section.highlights.includePocket" = false;
+            "browser.newtabpage.activity-stream.section.highlights.includeBookmarks" = false;
+            "browser.newtabpage.activity-stream.section.highlights.includeDownloads" = false;
+            "browser.newtabpage.activity-stream.section.highlights.includeVisited" = false;
+            "browser.newtabpage.activity-stream.showSponsored" = false;
+            "browser.newtabpage.activity-stream.system.showSponsored" = false;
+            "browser.newtabpage.activity-stream.showSponsoredTopSites" = false;
           };
 
         search = {
@@ -13182,6 +13647,7 @@ This holds packages that I can use as provided, or with small modifications (as
 
       # local file sharing
       wormhole-rs
+      croc
 
       # b2 backup @backblaze
       restic
@@ -13262,9 +13728,9 @@ This holds packages that I can use as provided, or with small modifications (as
       slurp
 
       # the following packages are used (in some way) by waybar
-      playerctl
-      pavucontrol
-      stable.pamixer
+      # playerctl
+      stable.pavucontrol
+      # stable.pamixer
       # gnome.gnome-clocks
       # wlogout
       # jdiskreport
@@ -13534,6 +14000,14 @@ TODO: Non-NixOS machines (=sp3) should not use these by default, but instead the
         categories = [ "Application" ];
       };
 
+      teamsNoGpu = {
+        name = "Microsoft Teams (no GPU)";
+        genericName = "Teams (no GPU)";
+        exec = "teams-for-linux --disableGpu=true --trayIconEnabled=true";
+        terminal = false;
+        categories = [ "Application" ];
+      };
+
       rustdesk-vbc = {
         name = "Rustdesk VBC";
         genericName = "rustdesk-vbc";
@@ -13691,6 +14165,7 @@ in
     home.sessionVariables = {
       EDITOR = "e -w";
       DISPLAY = ":0";
+      CROC_RELAY = "send.swarsel.win";
       SWARSEL_LO_RES = config.swarselsystems.lowResolution;
       SWARSEL_HI_RES = config.swarselsystems.highResolution;
     };
@@ -13709,7 +14184,7 @@ in
    -
    3.4.1.13. General Programs: bottom, imv, sioyek, bat, carapace, wlogout, swayr, yt-dlp, mpv, jq, nix-index, ripgrep, pandoc, fzf
    +
    3.4.1.13. General Programs: bottom, imv, sioyek, bat, carapace, wlogout, swayr, yt-dlp, mpv, jq, nix-index, ripgrep, pandoc, fzf, zoxide

    This section is for programs that require no further configuration. zsh Integration is enabled by default for these. @@ -13736,8 +14211,14 @@ This section is for programs that require no further configuration. zsh Integrat jq.enable = true; ripgrep.enable = true; pandoc.enable = true; - fzf.enable = true; - zoxide.enable = true; + # fzf.enable = true; + zoxide = { + enable = true; + enableZshIntegration = true; + options = [ + "--cmd cd" + ]; + }; }; }; } @@ -13856,8 +14337,31 @@ Eza provides me with a better ls command and some other useful alia

    +
    +
    3.4.1.18. atuin
    +
    +
    +
    { lib, config, ... }:
+{
+  options.swarselsystems.modules.atuin = lib.mkEnableOption "atuin settings";
+  config = lib.mkIf config.swarselsystems.modules.atuin {
+    programs.atuin = {
+      enable = true;
+      enableZshIntegration = true;
+      settings = {
+        auto_sync = true;
+        sync_frequency = "5m";
+        sync_address = "https://shellhistory.swarsel.win";
+      };
+    };
+  };
+}
+
    +
    +
    +
    -
    3.4.1.18. git
    +
    3.4.1.19. git

    Here I set up my git config, automatic signing of commits, useful aliases for my ost used commands (for when I am not using Magit) as well as a git template defined in Linking dotfiles. @@ -13915,7 +14419,7 @@ in

    -
    3.4.1.19. Fuzzel
    +
    3.4.1.20. Fuzzel

    Here I only need to set basic layout options - the rest is being managed by stylix. @@ -13944,7 +14448,7 @@ Here I only need to set basic layout options - the rest is being managed by styl

    -
    3.4.1.20. Starship
    +
    3.4.1.21. Starship

    Starship makes my zsh look cooler! I have symbols for most programming languages and toolchains, also I build my own powerline. @@ -14080,7 +14584,7 @@ Starship makes my zsh look cooler! I have symbols for most programm

    -
    3.4.1.21. Kitty
    +
    3.4.1.22. Kitty

    Kitty is the terminal emulator of choice for me, it is nice to configure using nix, fast, and has a nice style. @@ -14111,7 +14615,7 @@ The theme is handled by stylix.

    -
    3.4.1.22. zsh
    +
    3.4.1.23. zsh

    zsh is the most convenient shell for me and it happens to be super neat to configure within home manager. @@ -14155,7 +14659,7 @@ Currently I only use it as before with initExtra though.

    -
    { config, pkgs, lib, ... }:
+
    { config, lib, ... }:
 let
   inherit (config.swarselsystems) flakePath;
 in
@@ -14168,6 +14672,11 @@ in
     };
   };
   config = lib.mkIf config.swarselsystems.modules.zsh {
+
+    sops.secrets = {
+      croc-password = { };
+    };
+
     programs.zsh = {
       enable = true;
       shellAliases = lib.recursiveUpdate
@@ -14185,9 +14694,7 @@ in
           passpush = "cd ~/.local/share/password-store; git add .; git commit -m 'pass file changes'; git push; cd -;";
           passpull = "cd ~/.local/share/password-store; git pull; cd -;";
           hotspot = "nmcli connection up local; nmcli device wifi hotspot;";
-          cd = "z";
           youtube-dl = "yt-dlp";
-          cd-orig = "cd";
           cat-orig = "cat";
           cdr = "cd \"$( (find $DOCUMENT_DIR_WORK $DOCUMENT_DIR_PRIV -maxdepth 1 && echo $FLAKE) | fzf )\"";
           nix-ldd-ldd = "LD_LIBRARY_PATH=$NIX_LD_LIBRARY_PATH ldd";
@@ -14226,10 +14733,10 @@ in
         searchUpKey = "^[OA";
       };
       plugins = [
-        {
-          name = "fzf-tab";
-          src = pkgs.zsh-fzf-tab;
-        }
+        # {
+        #   name = "fzf-tab";
+        #   src = pkgs.zsh-fzf-tab;
+        # }
       ];
       initContent = ''
         my-forward-word() {
@@ -14271,6 +14778,7 @@ in
         # ctrl + del
         bindkey '^H' my-backward-delete-word
 
+        export CROC_PASS="$(cat ${config.sops.secrets.croc-password.path})"
       '';
     };
   };
@@ -14280,7 +14788,7 @@ in
    -
    3.4.1.23. zellij
    +
    3.4.1.24. zellij
    { self, lib, config, pkgs, ... }:
@@ -14308,7 +14816,7 @@ in
    -
    3.4.1.24. tmux
    +
    3.4.1.25. tmux
    { lib, config, pkgs, ... }:
@@ -14417,7 +14925,7 @@ in
    -
    3.4.1.25. Mail
    +
    3.4.1.26. Mail

    Normally I use 4 mail accounts - here I set them all up. Three of them are Google accounts (sadly), which are a chore to setup. The last is just a sender account that I setup SMTP for here. @@ -14573,7 +15081,7 @@ in

    -
    3.4.1.26. Home-manager: Emacs
    +
    3.4.1.27. Home-manager: Emacs

    By using the emacs-overlay NixOS module, I can install all Emacs packages that I want to use right through NixOS. This is done by passing my init.el file to the configuration which will then be parsed upon system rebuild, looking for use-package sections in the Elisp code. Also I define here the style of Emacs that I want to run - I am going with native Wayland Emacs here (emacs-pgtk). All of the nice options such as tree-sitter support are enabled by default, so I do not need to adjust the build process. @@ -14668,7 +15176,7 @@ in

    -
    3.4.1.27. Waybar
    +
    3.4.1.28. Waybar

    Again I am just using the first bar option here that I was able to find good understandable documentation for. Of note is that the `cpu` section's `format` is not defined here, but in section 1 (since not every machine has the same number of cores) @@ -15006,7 +15514,7 @@ in

    -
    3.4.1.28. Firefox
    +
    3.4.1.29. Firefox

    Setting up firefox along with some policies that are important to me (mostly disabling telemetry related stuff as well as Pocket). I also enable some integrations that enable super useful packages, namely tridactyl and browserpass. @@ -15180,14 +15688,14 @@ I used to build the firefox addon bypass-paywalls-clean myself here

    -
    3.4.1.29. Services
    +
    3.4.1.30. Services

    Services that can be defined through home-manager should be defined here.

    -
    3.4.1.29.1. gnome-keyring
    +
    3.4.1.30.1. gnome-keyring

    Used for storing sessions in e.g. Nextcloud @@ -15208,7 +15716,7 @@ Used for storing sessions in e.g. Nextcloud

    -
    3.4.1.29.2. KDE Connect
    +
    3.4.1.30.2. KDE Connect

    This enables phone/computer communication, including sending clipboard, files etc. Sadly on Wayland many of the features are broken (like remote control). @@ -15231,7 +15739,7 @@ This enables phone/computer communication, including sending clipboard, files et

    -
    3.4.1.29.3. Mako
    +
    3.4.1.30.3. Mako

    Desktop notifications! @@ -15281,9 +15789,9 @@ The `extraConfig` section here CANNOT be reindented. This has something to do wi

    -
    -
    3.4.1.29.4. SwayOSD
    -
    +
    +
    3.4.1.30.4. SwayOSD
    +
    { lib, config, ... }:
 {
@@ -15300,7 +15808,7 @@ The `extraConfig` section here CANNOT be reindented. This has something to do wi
    -
    3.4.1.29.5. yubikey-touch-detector
    +
    3.4.1.30.5. yubikey-touch-detector
    { lib, config, pkgs, ... }:
@@ -15341,7 +15849,7 @@ The `extraConfig` section here CANNOT be reindented. This has something to do wi
    -
    3.4.1.30. Sway
    +
    3.4.1.31. Sway

    I am currently using SwayFX, which adds some nice effects to sway, like rounded corners and hiding the separator between title and content of a window. @@ -15762,7 +16270,7 @@ Currently, I am too lazy to explain every option here, but most of it is very se

    -
    3.4.1.31. Kanshi
    +
    3.4.1.32. Kanshi
    { lib, config, ... }:
@@ -15858,7 +16366,7 @@ Currently, I am too lazy to explain every option here, but most of it is very se
    -
    3.4.1.32. gpg-agent
    +
    3.4.1.33. gpg-agent

    Settinfs that are needed for the gpg-agent. Also we are enabling emacs support for unlocking my Yubikey here. @@ -15912,7 +16420,7 @@ in

    -
    3.4.1.33. gammastep
    +
    3.4.1.34. gammastep

    This service changes the screen hue at night. I am not sure if that really does something, but I like the color anyways. @@ -16394,7 +16902,7 @@ in "firefox_${user1}" = { name = "Firefox (${user1})"; genericName = "Firefox ${user1}"; - exec = "firefox -p ${user4}"; + exec = "firefox -p ${user1}"; inherit terminal categories icon; }; @@ -16528,9 +17036,9 @@ in

    -
    -
    3.4.4.3. Framework
    -
    +
    +
    3.4.4.3. Framework
    +

    This holds configuration that is specific to framework laptops.

    @@ -20369,9 +20877,9 @@ autocmd DocStart vc-impimba-1.m.imp.ac.at/ui/webconsole mode ignore
    -
    -

    6.3. tridactyl theme

    -
    +
    +

    6.3. tridactyl theme

    +
     :root {
@@ -20867,7 +21375,7 @@ sync USER HOST:

    Author: Leon Schwarzäugl

    -

    Created: 2025-06-16 Mo 23:03

    +

    Created: 2025-06-29 So 15:39

    Validate

    diff --git a/modules/nixos/common/env.nix b/modules/nixos/common/env.nix index 687efb3..110efe1 100644 --- a/modules/nixos/common/env.nix +++ b/modules/nixos/common/env.nix @@ -2,6 +2,7 @@ { options.swarselsystems.modules.env = lib.mkEnableOption "environment config"; config = lib.mkIf config.swarselsystems.modules.env { + environment = { wordlist.enable = true; sessionVariables = { diff --git a/modules/nixos/common/pii.nix b/modules/nixos/common/pii.nix index 8977081..715ca22 100644 --- a/modules/nixos/common/pii.nix +++ b/modules/nixos/common/pii.nix @@ -1,3 +1,4 @@ +# largely based on https://github.com/oddlama/nix-config/blob/main/modules/secrets.nix { config, inputs, lib, ... }: let diff --git a/modules/nixos/server/firefly-iii.nix b/modules/nixos/server/firefly-iii.nix index 7871cd5..6a450ff 100644 --- a/modules/nixos/server/firefly-iii.nix +++ b/modules/nixos/server/firefly-iii.nix @@ -39,6 +39,7 @@ in APP_ENV = "local"; DB_CONNECTION = "sqlite"; TRUSTED_PROXIES = "**"; + # turning these on breaks api access using the waterfly app # AUTHENTICATION_GUARD = "remote_user_guard"; # AUTHENTICATION_GUARD_HEADER = "X-User"; # AUTHENTICATION_GUARD_EMAIL = "X-Email";