swarsel/.dotfiles
1
0
Fork 0
mirror of https://github.com/Swarsel/.dotfiles.git synced 2025-12-06 09:07:21 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

refactor: use true common config and split rest

Browse source
This commit is contained in:
Leon Schwarzäugl 2025-07-03 17:03:58 +02:00
parent 6ca7717d3e
commit 7d82c3cee9
Signed by: swarsel
GPG key ID: 26A54C31F2A4FD84
59 changed files with 987 additions and 989 deletions
Download patch file Download diff file Expand all files Collapse all files

1495
SwarselSystems.org
View file

File diff suppressed because it is too large Load diff

21
flake.nix
View file

@ -130,45 +130,38 @@
inputs.impermanence.nixosModules.impermanence
inputs.lanzaboote.nixosModules.lanzaboote
inputs.fw-fanctrl.nixosModules.default
inputs.nix-topology.nixosModules.default
inputs.home-manager.nixosModules.home-manager
"${self}/hosts/${type}/${host}"
{
_module.args.primaryUser = linuxUser;
}
] ++
(if (host == "iso") then [
inputs.nix-topology.nixosModules.default
] else
([
# put nixos imports here that are for all servers and normal hosts
inputs.nix-topology.nixosModules.default
"${self}/modules/${type}/common"
"${self}/modules/nixos"
inputs.stylix.nixosModules.stylix
inputs.nswitch-rcm-nix.nixosModules.nswitch-rcm
] ++ (if (type == "nixos") then [
inputs.home-manager.nixosModules.home-manager
"${self}/profiles/nixos"
"${self}/modules/nixos/server"
"${self}/modules/nixos/optional"
{
home-manager.users."${linuxUser}".imports = [
# put home-manager imports here that are for all normal hosts
"${self}/modules/home/common"
"${self}/modules/home/server"
"${self}/modules/home/optional"
"${self}/profiles/home"
"${self}/modules/home"
];
}
] else [
# put nixos imports here that are for darwin hosts
"${self}/modules/darwin/nixos/common"
"${self}/profiles/darwin"
"${self}/modules/nixos/darwin"
"${self}/profiles/nixos"
inputs.home-manager.darwinModules.home-manager
{
home-manager.users."${macUser}".imports = [
# put home-manager imports here that are for darwin hosts
"${self}/modules/darwin/home"
"${self}/modules/home/server"
"${self}/modules/home/optional"
"${self}/modules/home/darwin"
"${self}/profiles/home"
];
}

14
modules/darwin/nixos/default.nix
View file

@ -1,14 +0,0 @@
_:
{
nix.settings.experimental-features = "nix-command flakes";
nixpkgs = {
hostPlatform = "x86_64-darwin";
overlays = [ outputs.overlays.default ];
config = {
allowUnfree = true;
};
};
system.stateVersion = 4;
}

0
modules/darwin/home/default.nix → modules/home/darwin/default.nix
View file

7
modules/home/default.nix Normal file
View file

@ -0,0 +1,7 @@
{ lib, ... }:
let
importNames = lib.swarselsystems.readNix "modules/home";
in
{
imports = lib.swarselsystems.mkImports importNames "modules/home";
}

0
modules/nixos/common/appimage.nix → modules/nixos/client/appimage.nix
View file

4
modules/nixos/optional/autologin.nix → modules/nixos/client/autologin.nix
View file

@ -3,8 +3,8 @@ let
inherit (config.swarselsystems) mainUser;
in
{
options.swarselsystems.modules.optional.autologin = lib.mkEnableOption "optional autologin settings";
config = lib.mkIf config.swarselsystems.modules.optional.autologin {
options.swarselsystems.modules.autologin = lib.mkEnableOption "optional autologin settings";
config = lib.mkIf config.swarselsystems.modules.autologin {
services = {
getty.autologinUser = mainUser;
greetd.settings.initial_session.user = mainUser;

0
modules/nixos/common/blueman.nix → modules/nixos/client/blueman.nix
View file

7
modules/nixos/client/default.nix Normal file
View file

@ -0,0 +1,7 @@
{ lib, ... }:
let
importNames = lib.swarselsystems.readNix "modules/nixos/client";
in
{
imports = lib.swarselsystems.mkImports importNames "modules/nixos/client";
}

0
modules/nixos/common/distrobox.nix → modules/nixos/client/distrobox.nix
View file

0
modules/nixos/common/env.nix → modules/nixos/client/env.nix
View file

0
modules/nixos/common/gnome-keyring.nix → modules/nixos/client/gnome-keyring.nix
View file

0
modules/nixos/common/gvfs.nix → modules/nixos/client/gvfs.nix
View file

0
modules/nixos/common/hardware.nix → modules/nixos/client/hardware.nix
View file

0
modules/nixos/common/hardwarecompatibility-keyboards.nix → modules/nixos/client/hardwarecompatibility-keyboards.nix
View file

0
modules/nixos/common/hardwarecompatibility-ledger.nix → modules/nixos/client/hardwarecompatibility-ledger.nix
View file

0
modules/nixos/common/hardwarecompatibility-yubikey.nix → modules/nixos/client/hardwarecompatibility-yubikey.nix
View file

0
modules/nixos/common/interceptiontools.nix → modules/nixos/client/interceptiontools.nix
View file

0
modules/nixos/common/lid.nix → modules/nixos/client/lid.nix
View file

0
modules/nixos/common/login.nix → modules/nixos/client/login.nix
View file

0
modules/nixos/common/lowbattery.nix → modules/nixos/client/lowbattery.nix
View file

64
modules/nixos/common/network.nix → modules/nixos/client/network.nix
View file

@ -1,11 +1,70 @@
{ lib, config, ... }:
{ self, lib, config, ... }:
let
certsSopsFile = self + /secrets/certs/secrets.yaml;
inherit (config.swarselsystems) mainUser;
iwd = config.networking.networkmanager.wifi.backend == "iwd";
in
{
options.swarselsystems = {
modules.network = lib.mkEnableOption "network config";
firewall = lib.swarselsystems.mkTrueOption;
};
config = lib.mkIf config.swarselsystems.modules.network {
sops = {
secrets = lib.mkIf (!config.swarselsystems.isPublic) {
ernest = { };
frauns = { };
hotspot = { };
eduid = { };
edupass = { };
handyhotspot = { };
vpnuser = { };
vpnpass = { };
wireguardpriv = { };
wireguardpub = { };
wireguardendpoint = { };
stashuser = { };
stashpass = { };
githubforgeuser = { };
githubforgepass = { };
gitlabforgeuser = { };
gitlabforgepass = { };
"sweden-aes-128-cbc-udp-dns-crl-verify.pem" = { sopsFile = certsSopsFile; owner = mainUser; };
"sweden-aes-128-cbc-udp-dns-ca.pem" = { sopsFile = certsSopsFile; owner = mainUser; };
};
templates = lib.mkIf (!config.swarselsystems.isPublic) {
"network-manager.env".content = ''
ERNEST=${config.sops.placeholder.ernest}
FRAUNS=${config.sops.placeholder.frauns}
HOTSPOT=${config.sops.placeholder.hotspot}
EDUID=${config.sops.placeholder.eduid}
EDUPASS=${config.sops.placeholder.edupass}
HANDYHOTSPOT=${config.sops.placeholder.handyhotspot}
VPNUSER=${config.sops.placeholder.vpnuser}
VPNPASS=${config.sops.placeholder.vpnpass}
WIREGUARDPRIV=${config.sops.placeholder.wireguardpriv}
WIREGUARDPUB=${config.sops.placeholder.wireguardpub}
WIREGUARDENDPOINT=${config.sops.placeholder.wireguardendpoint}
'';
};
};
networking = {
wireless.iwd = {
enable = true;
settings = {
IPv6 = {
Enabled = true;
};
Settings = {
AutoConnect = true;
};
DriverQuirks = {
UseDefaultInterface = true;
};
};
};
nftables.enable = lib.mkDefault true;
enableIPv6 = lib.mkDefault true;
firewall = {
@ -76,10 +135,11 @@
eduroam = {
"802-1x" = {
eap = "ttls;";
eap = if (!iwd) then "ttls;" else "peap;";
identity = "$EDUID";
password = "$EDUPASS";
phase2-auth = "mschapv2";
anonymous-identity = lib.mkIf iwd "anonymous@student.tuwien.ac.at";
};
connection = {
id = "eduroam";

0
modules/nixos/common/networkdevices.nix → modules/nixos/client/networkdevices.nix
View file

0
modules/nixos/common/nix-ld.nix → modules/nixos/client/nix-ld.nix
View file

0
modules/nixos/common/nvd-rebuild.nix → modules/nixos/client/nvd-rebuild.nix
View file

0
modules/nixos/common/packages.nix → modules/nixos/client/packages.nix
View file

0
modules/nixos/common/pipewire.nix → modules/nixos/client/pipewire.nix
View file

0
modules/nixos/common/polkit.nix → modules/nixos/client/polkit.nix
View file

0
modules/nixos/common/power-profiles-daemon.nix → modules/nixos/client/power-profiles-daemon.nix
View file

0
modules/nixos/common/programs.nix → modules/nixos/client/programs.nix
View file

0
modules/nixos/common/pulseaudio.nix → modules/nixos/client/pulseaudio.nix
View file

16
modules/nixos/client/sops.nix Normal file
View file

@ -0,0 +1,16 @@
{ config, lib, ... }:
{
options.swarselsystems.modules.sops = lib.mkEnableOption "sops config";
config = lib.mkIf config.swarselsystems.modules.sops {
sops = {
# age.sshKeyPaths = lib.swarselsystems.mkIfElseList config.swarselsystems.isBtrfs [ "/persist/.ssh/sops" "/persist/.ssh/ssh_host_ed25519_key" ] [ "${config.swarselsystems.homeDir}/.ssh/sops" "/etc/ssh/sops" "/etc/ssh/ssh_host_ed25519_key" ];
age.sshKeyPaths = [ "${config.swarselsystems.homeDir}/.ssh/sops" "/etc/ssh/sops" "/etc/ssh/ssh_host_ed25519_key" ];
# defaultSopsFile = lib.swarselsystems.mkIfElseList config.swarselsystems.isBtrfs "/persist/.dotfiles/secrets/general/secrets.yaml" "${config.swarselsystems.flakePath}/secrets/general/secrets.yaml";
defaultSopsFile = "${config.swarselsystems.flakePath}/secrets/general/secrets.yaml";
validateSopsFiles = false;
};
};
}

0
modules/nixos/common/stylix.nix → modules/nixos/client/stylix.nix
View file

0
modules/nixos/common/sway.nix → modules/nixos/client/sway.nix
View file

0
modules/nixos/common/swayosd.nix → modules/nixos/client/swayosd.nix
View file

0
modules/nixos/common/syncthing.nix → modules/nixos/client/syncthing.nix
View file

0
modules/nixos/common/systemd.nix → modules/nixos/client/systemd.nix
View file

0
modules/nixos/common/xdg-portal.nix → modules/nixos/client/xdg-portal.nix
View file

0
modules/nixos/common/zsh.nix → modules/nixos/client/zsh.nix
View file

9
modules/nixos/common/home-manager-extra.nix
View file

@ -1,9 +0,0 @@
{ inputs, config, lib, ... }:
{
options.swarselsystems.modules.home-managerExtra = lib.mkEnableOption "home-manager extras for non-chaostheatre";
config = lib.mkIf config.swarselsystems.modules.home-managerExtra {
home-manager = lib.mkIf config.swarselsystems.withHomeManager {
extraSpecialArgs = { inherit (inputs) nix-secrets nixgl; };
};
};
}

2
modules/nixos/common/home-manager.nix
View file

@ -14,7 +14,7 @@
home.stateVersion = lib.mkDefault config.system.stateVersion;
}
];
extraSpecialArgs = { inherit (inputs) self; inherit inputs outputs globals nodes; };
extraSpecialArgs = { inherit (inputs) self nixgl; inherit inputs outputs globals nodes; };
};
};
}

10
modules/nixos/common/impermanence.nix
View file

@ -7,6 +7,7 @@ in
options.swarselsystems.modules.impermanence = lib.mkEnableOption "impermanence config";
config = lib.mkIf config.swarselsystems.modules.impermanence {
security.sudo.extraConfig = lib.mkIf isImpermanence ''
# rollback results in sudo lectures after each reboot
Defaults lecture = never
@ -15,10 +16,10 @@ in
# This script does the actual wipe of the system
# So if it doesn't run, the btrfs system effectively acts like a normal system
# Taken from https://github.com/NotAShelf/nyx/blob/2a8273ed3f11a4b4ca027a68405d9eb35eba567b/modules/core/common/system/impermanence/default.nix
boot.initrd.systemd.enable = lib.mkIf isImpermanence true;
boot.initrd.systemd.services.rollback = lib.mkIf isImpermanence {
boot.tmp.useTmpfs = lib.mkIf (!isImpermanence) true;
boot.initrd.systemd = lib.mkIf isImpermanence {
enable = true;
services.rollback = {
description = "Rollback BTRFS root subvolume to a pristine state";
wantedBy = [ "initrd.target" ];
# make sure it's done after encryption
@ -64,6 +65,7 @@ in
umount /mnt
'';
};
};
environment.persistence."/persist" = lib.mkIf isImpermanence {

54
modules/nixos/common/sops.nix
View file

@ -1,54 +0,0 @@
{ self, config, lib, ... }:
let
certsSopsFile = self + /secrets/certs/secrets.yaml;
inherit (config.swarselsystems) mainUser homeDir;
in
{
options.swarselsystems.modules.commonSops = lib.mkEnableOption "sops config";
config = lib.mkIf config.swarselsystems.modules.commonSops {
sops = {
age.sshKeyPaths = lib.swarselsystems.mkIfElseList config.swarselsystems.isBtrfs [ "/persist/.ssh/sops" "/persist/.ssh/ssh_host_ed25519_key" ] [ "${homeDir}/.ssh/sops" "/etc/ssh/ssh_host_ed25519_key" ];
defaultSopsFile = lib.swarselsystems.mkIfElseList config.swarselsystems.isBtrfs "/persist/.dotfiles/secrets/general/secrets.yaml" "${homeDir}/.dotfiles/secrets/general/secrets.yaml";
validateSopsFiles = false;
secrets = lib.mkIf (!config.swarselsystems.isPublic) {
ernest = { };
frauns = { };
hotspot = { };
eduid = { };
edupass = { };
handyhotspot = { };
vpnuser = { };
vpnpass = { };
wireguardpriv = { };
wireguardpub = { };
wireguardendpoint = { };
stashuser = { };
stashpass = { };
githubforgeuser = { };
githubforgepass = { };
gitlabforgeuser = { };
gitlabforgepass = { };
"sweden-aes-128-cbc-udp-dns-crl-verify.pem" = { sopsFile = certsSopsFile; owner = mainUser; };
"sweden-aes-128-cbc-udp-dns-ca.pem" = { sopsFile = certsSopsFile; owner = mainUser; };
};
templates = lib.mkIf (!config.swarselsystems.isPublic) {
"network-manager.env".content = ''
ERNEST=${config.sops.placeholder.ernest}
FRAUNS=${config.sops.placeholder.frauns}
HOTSPOT=${config.sops.placeholder.hotspot}
EDUID=${config.sops.placeholder.eduid}
EDUPASS=${config.sops.placeholder.edupass}
HANDYHOTSPOT=${config.sops.placeholder.handyhotspot}
VPNUSER=${config.sops.placeholder.vpnuser}
VPNPASS=${config.sops.placeholder.vpnpass}
WIREGUARDPRIV=${config.sops.placeholder.wireguardpriv}
WIREGUARDPUB=${config.sops.placeholder.wireguardpub}
WIREGUARDENDPOINT=${config.sops.placeholder.wireguardendpoint}
'';
};
};
};
}

7
modules/nixos/common/tmp.nix
View file

@ -1,7 +0,0 @@
{ config, lib, ... }:
{
options.swarselsystems.modules.tmp = lib.mkEnableOption "tmp dir config";
config = lib.mkIf config.swarselsystems.modules.tmp {
boot.tmp.useTmpfs = !config.swarselsystems.modules.impermanence true;
};
}

17
modules/nixos/darwin/default.nix Normal file
View file

@ -0,0 +1,17 @@
{ lib, config, outputs, ... }:
{
options.swarselsystems.modules.darwin.general = lib.mkEnableOption "darwin config";
config = lib.mkIf config.swarselsystems.modules.darwin.general {
nix.settings.experimental-features = "nix-command flakes";
nixpkgs = {
hostPlatform = "x86_64-darwin";
overlays = [ outputs.overlays.default ];
config = {
allowUnfree = true;
};
};
system.stateVersion = 4;
};
}

7
modules/nixos/default.nix Normal file
View file

@ -0,0 +1,7 @@
{ lib, ... }:
let
importNames = lib.swarselsystems.readNix "modules/nixos";
in
{
imports = lib.swarselsystems.mkImports importNames "modules/nixos";
}

52
modules/nixos/optional/work.nix
View file

@ -1,6 +1,7 @@
{ self, lib, pkgs, config, ... }:
let
inherit (config.swarselsystems) mainUser homeDir xdgDir;
iwd = config.networking.networkmanager.wifi.backend == "iwd";
owner = mainUser;
sopsFile = self + /secrets/work/secrets.yaml;
swarselService = name: description: execStart: {
@ -49,6 +50,8 @@ in
"govchost"
"govcnetwork"
"govcpool"
"baseuser"
"basepw"
];
in
{
@ -60,6 +63,12 @@ in
})
secretNames
);
templates = {
"network-manager-work.env".content = ''
BASEUSER=${config.sops.placeholder.baseuser}
BASEPASS=${config.sops.placeholder.basepw}
'';
};
};
boot.initrd = {
@ -97,7 +106,48 @@ in
networking = {
inherit (config.swarselsystems) hostName fqdn;
networkmanager.wifi.scanRandMacAddress = false;
networkmanager = {
wifi.scanRandMacAddress = false;
ensureProfiles = {
environmentFiles = [
"${config.sops.templates."network-manager-work.env".path}"
];
profiles = {
VBC = {
"802-1x" = {
eap = if (!iwd) then "ttls;" else "peap;";
identity = "$BASEUSER";
password = "$BASEPASS";
phase2-auth = "mschapv2";
};
connection = {
id = "VBC";
type = "wifi";
};
ipv4 = { method = "auto"; };
ipv6 = {
addr-gen-mode = "default";
method = "auto";
};
proxy = { };
wifi = {
cloned-mac-address = "permanent";
mac-address = "E8:65:38:52:63:FF";
mac-address-randomization = "1";
mode = "infrastructure";
ssid = "VBC";
};
wifi-security = {
auth-alg = "open";
key-mgmt = "wpa-eap";
};
};
};
};
};
firewall = {
enable = lib.mkDefault true;
trustedInterfaces = [ "virbr0" ];

15
modules/nixos/server/default.nix
View file

@ -1,18 +1,7 @@
{ self, lib, ... }:
{ lib, ... }:
let
importNames = lib.swarselsystems.readNix "modules/nixos/server";
modulesPath = "${self}/modules";
in
{
imports = lib.swarselsystems.mkImports importNames "modules/nixos/server" ++ [
"${modulesPath}/nixos/common/settings.nix"
"${modulesPath}/nixos/common/home-manager.nix"
"${modulesPath}/nixos/common/home-manager-extra.nix"
"${modulesPath}/nixos/common/xserver.nix"
"${modulesPath}/nixos/common/time.nix"
"${modulesPath}/nixos/common/users.nix"
"${modulesPath}/nixos/common/nix-ld.nix"
"${modulesPath}/nixos/common/sharedsetup.nix"
"${modulesPath}/home/common/sharedsetup.nix"
];
imports = lib.swarselsystems.mkImports importNames "modules/nixos/server";
}

11
modules/nixos/server/sops.nix
View file

@ -1,11 +0,0 @@
{ config, lib, ... }:
{
options.swarselsystems.modules.server.sops = lib.mkEnableOption "enable sops on server";
config = lib.mkIf config.swarselsystems.modules.server.sops {
sops = {
age.sshKeyPaths = lib.mkDefault [ "/etc/ssh/sops" ];
defaultSopsFile = lib.mkDefault "${config.swarselsystems.flakePath}/secrets/winters/secrets.yaml";
validateSopsFiles = false;
};
};
}

6
profiles/nixos/chaostheatre/default.nix
View file

@ -6,7 +6,6 @@
packages = lib.mkDefault true;
general = lib.mkDefault true;
home-manager = lib.mkDefault true;
home-managerExtra = lib.mkDefault false;
xserver = lib.mkDefault true;
users = lib.mkDefault true;
env = lib.mkDefault true;
@ -17,7 +16,7 @@
pipewire = lib.mkDefault true;
network = lib.mkDefault true;
time = lib.mkDefault true;
commonSops = lib.mkDefault true;
sops = lib.mkDefault false;
stylix = lib.mkDefault true;
programs = lib.mkDefault true;
zsh = lib.mkDefault true;
@ -43,11 +42,8 @@
lid = lib.mkDefault true;
lowBattery = lib.mkDefault true;
lanzaboote = lib.mkDefault true;
optional = {
autologin = lib.mkDefault true;
};
};
};

3
profiles/nixos/localserver/default.nix
View file

@ -7,14 +7,13 @@
general = lib.mkDefault true;
pii = lib.mkDefault true;
home-manager = lib.mkDefault true;
home-managerExtra = lib.mkDefault true;
xserver = lib.mkDefault true;
time = lib.mkDefault true;
users = lib.mkDefault true;
sops = lib.mkDefault true;
server = {
general = lib.mkDefault true;
packages = lib.mkDefault true;
sops = lib.mkDefault true;
nfs = lib.mkDefault true;
nginx = lib.mkDefault true;
ssh = lib.mkDefault true;

3
profiles/nixos/moonside/default.nix
View file

@ -7,15 +7,14 @@
general = lib.mkDefault true;
pii = lib.mkDefault true;
home-manager = lib.mkDefault true;
home-managerExtra = lib.mkDefault true;
xserver = lib.mkDefault true;
time = lib.mkDefault true;
users = lib.mkDefault true;
impermanence = lib.mkDefault true;
sops = lib.mkDefault true;
server = {
general = lib.mkDefault true;
packages = lib.mkDefault true;
sops = lib.mkDefault true;
nginx = lib.mkDefault true;
ssh = lib.mkDefault true;
oauth2-proxy = lib.mkDefault true;

6
profiles/nixos/personal/default.nix
View file

@ -6,7 +6,6 @@
packages = lib.mkDefault true;
general = lib.mkDefault true;
home-manager = lib.mkDefault true;
home-managerExtra = lib.mkDefault true;
xserver = lib.mkDefault true;
users = lib.mkDefault true;
env = lib.mkDefault true;
@ -17,7 +16,7 @@
pipewire = lib.mkDefault true;
network = lib.mkDefault true;
time = lib.mkDefault true;
commonSops = lib.mkDefault true;
sops = lib.mkDefault true;
pii = lib.mkDefault true;
stylix = lib.mkDefault true;
programs = lib.mkDefault true;
@ -44,12 +43,11 @@
lid = lib.mkDefault true;
lowBattery = lib.mkDefault true;
lanzaboote = lib.mkDefault true;
tmp = lib.mkDefault true;
autologin = lib.mkDefault true;
optional = {
gaming = lib.mkDefault true;
virtualbox = lib.mkDefault true;
autologin = lib.mkDefault true;
nswitch-rcm = lib.mkDefault true;
};

3
profiles/nixos/syncserver/default.nix
View file

@ -8,14 +8,13 @@
nix-ld = lib.mkDefault true;
pii = lib.mkDefault true;
home-manager = lib.mkDefault true;
home-managerExtra = lib.mkDefault true;
xserver = lib.mkDefault true;
time = lib.mkDefault true;
users = lib.mkDefault true;
sops = lib.mkDefault true;
server = {
general = lib.mkDefault true;
packages = lib.mkDefault true;
sops = lib.mkDefault true;
nginx = lib.mkDefault true;
ssh = lib.mkDefault true;
forgejo = lib.mkDefault true;

7
profiles/nixos/toto/default.nix
View file

@ -5,18 +5,15 @@
swarselsystems.modules = {
general = lib.mkDefault true;
home-manager = lib.mkDefault true;
home-managerExtra = lib.mkDefault true;
xserver = lib.mkDefault true;
users = lib.mkDefault true;
commonSops = lib.mkDefault true;
sops = lib.mkDefault true;
impermanence = lib.mkDefault true;
lanzaboote = lib.mkDefault true;
autologin = lib.mkDefault true;
server = {
ssh = lib.mkDefault true;
};
optional = {
autologin = lib.mkDefault true;
};
};
};

2
programs/git/.gitmessage
View file

@ -1,3 +1,5 @@
# max. 50 chars is here: #
# <type>[optional scope]: <description>
# types: feat, fix, build, chore, ci, docs, style, refactor, perf, test

13
scripts/swarsel-install.sh
View file

@ -101,22 +101,9 @@ if [[ $local_keys != *"${pub_arr[1]}"* ]]; then
rm modules/home/common/mail.nix
rm modules/home/common/yubikey.nix
rm modules/nixos/server/restic.nix
rm modules/nixos/common/home-manager-extra.nix
rm hosts/nixos/sync/default.nix
rm -rf modules/nixos/server
rm -rf modules/home/server
cat > hosts/nixos/chaostheatre/options.nix << EOF
{ self, lib, ... }:
{
options = {
swarselsystems = {
modules = {
home-managerExtra = lib.mkEnableOption "dummy option for chaostheatre";
};
};
};
}
EOF
cat > hosts/nixos/chaostheatre/options-home.nix << EOF
{ self, lib, ... }:
{

1
scripts/swarsel-rebuild.sh
View file

@ -83,7 +83,6 @@ if [[ $local_keys != *"${pub_arr[1]}"* ]]; then
rm modules/home/common/mail.nix
rm modules/home/common/yubikey.nix
rm modules/nixos/server/restic.nix
rm modules/nixos/common/home-manager-extra.nix
rm hosts/nixos/sync/default.nix
rm -rf modules/nixos/server
rm -rf modules/home/server

12
secrets/work/secrets.yaml
View file

@ -1,5 +1,7 @@
vcuser: ENC[AES256_GCM,data:M2LmjWGI6boQtOdTZz3dZ9Qb,iv:/KAC1RF0bqviHzPFP8F8GlX32f/8Qp07iXz2Yz5UO5o=,tag:rYzeylJIWtoQrSGy8OZqQg==,type:str]
vcpw: ENC[AES256_GCM,data:bgqPbdJMVZXPWXiNsr9GxFRE1Q==,iv:5HuagCnNWLBvw7Z+nmLhCfMFV6b9mOd+afqCBUvWjNc=,tag:LfMOFvQZtNUh+7z6a+mpZA==,type:str]
baseuser: ENC[AES256_GCM,data:JMbIoKr7wXLN7/Ly9KF0fbg=,iv:JhJK2etCfFmrEYyQenWwZkZ9aEDvktcRTK1oI0BKrWU=,tag:lGEcSuBQOUpwgGw/oUzrxg==,type:str]
basepw: ENC[AES256_GCM,data:ESeZuCoqmcXbWT5uiWOhYfSGm2rNHw==,iv:+ZOqaeazPrh2TzZWCCgHK6fyZ/OteVfw0RzNo3ih45M=,tag:eycX5Zlo7T9n4V2KmVgSfg==,type:str]
govcuser: ENC[AES256_GCM,data:4uJfzjBYgFJhskgxr4hN4GjlsOQyTRPF5Vmxlfs=,iv:/XsJeDUxvxjYythNKcEztmuKaC8yJALCV2N9ni2q46k=,tag:rtC/7SZlJsRQ2uMJs0nZXw==,type:str]
govcpw: ENC[AES256_GCM,data:qNscuAkxb4cp0AJneh7oSfCO0PQL4g==,iv:Ch9vlo4B6dYmF3jg7Bi9FhQNlGHmMizFIhmijBP5cnA=,tag:HD4wMsH57+dBFAAS9DPN8A==,type:str]
govcurl: ENC[AES256_GCM,data:vjYrQLIY7z0XS20NUDx+g4KFVbSXVIJMdFpS9NU+z7U=,iv:lQJkDAPBKvsf48V/w0pPSyYaueNR6rwEGIX0TGVXIV4=,tag:7rjFW180OUJ4zDaiHinA2Q==,type:str]
@ -9,10 +11,6 @@ govchost: ENC[AES256_GCM,data:l/5kcvUQkT/4TYl1j7Ws,iv:Lc+D4ukKkTrIIg8sKy/9NYX1D6
govcnetwork: ENC[AES256_GCM,data:Hevnb0fAMbXTrg1CCmAgwZbJ+sxaTUgJLRc=,iv:UoNyPYuKnACv/euoE5SGlsF4/0ni32+ysLc7nM/pCrQ=,tag:jSHYFecVUvmTKr6AmNLbgw==,type:str]
govcpool: ENC[AES256_GCM,data:sfglbCi3,iv:UdvDgyI8AAFdfOxKD1sVYCof7rXFPavq8eYDaK6Kp2I=,tag:iMn7XPf0rmql2EiaqsAn8w==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age16lnmuuxfuxxtty3atnhut8wseppwnhp7rdhmxqd5tdvs9qnjffjq42sqyy
enc: |
@ -23,8 +21,8 @@ sops:
Z0dpTnpXcnRub2NWU21PblBtUnBXTnMKfmW5I2G+XhXEi8ssdnlavppxhgI4G56B
555YBJ8mLRXKINtd37nUyfydEUYiM4zUbTFlJ+83VVF//+4KUeOCYw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-04-03T15:35:39Z"
mac: ENC[AES256_GCM,data:SKVgG2bNNYik+oUpJehJaWSjZb9ltl8MEAFmbUu2ZfPN4GEarXcscvMuoRdYa58xWRnzpDg23/85+cKhK2MpXjfe5r7oE43xZbPyUA1aCy0XoygcezNbcS7kYx6vyWaBIJEnVGM1EXWrD+f45SmNc3jT0yUdQS+H0Tt1hWNmleQ=,iv:zpEGVcLsjo7PEEiFyM4W+JeT6ODJ4xXV0ToFACnom6o=,tag:rFWZTs8pPTJza/PyLckvug==,type:str]
lastmodified: "2025-07-03T13:26:17Z"
mac: ENC[AES256_GCM,data:35J6pbaTXcq8zW3wtLqBAHSTaWjCxx+BsOZlKWNwxEOCkGzXIIKFtakZJIaMktgPNLvYOlUEOP7dhjUc5IvJCM5beMSNOjBVJJNnLkKQv5sCJK+4p4uTzXo3Neht/Y3xan4DQItdm5lwwQpyNlCecGynVjqN+F44liyxsAR8gtQ=,iv:gaVY3PUn7NdmBNAvuvij990T5pRrAfqY1qgCPWxGBiA=,tag:CuOMqH34hlQX8WPikAL0qw==,type:str]
pgp:
- created_at: "2024-12-17T11:38:28Z"
enc: |-
@ -58,4 +56,4 @@ sops:
-----END PGP MESSAGE-----
fp: 4BE7925262289B476DBBC17B76FD3810215AE097
unencrypted_suffix: _unencrypted
version: 3.9.4
version: 3.10.2