-This file has 57742 words spanning 14774 lines and was last revised on 2025-02-26 01:02:54 +0100. +This file has 58741 words spanning 15323 lines and was last revised on 2025-03-22 22:55:00 +0100.
@@ -732,7 +733,7 @@ This section defines my Emacs configuration. For a while, I considered to use ry
-My emacs is built using the emacs-overlay nix flake, which builds a bleeding edge emacs on wayland (pgtk) with utilities like treesitter support. By executing the below source block, the current build setting can be updated at any time, and you can see my most up-to-date build options (last updated: 2025-02-26 01:02:54 +0100) +My emacs is built using the emacs-overlay nix flake, which builds a bleeding edge emacs on wayland (pgtk) with utilities like treesitter support. By executing the below source block, the current build setting can be updated at any time, and you can see my most up-to-date build options (last updated: 2025-03-22 22:55:00 +0100)
@@ -744,7 +745,7 @@ system-configuration-options---prefix=/nix/store/n5jvxqgs8pv4zfs8qvabcnns87ckccmk-emacs-pgtk-20250223.0 --disable-build-details --with-modules --with-pgtk --with-compress-install --with-toolkit-scroll-bars --with-native-compilation --without-imagemagick --with-mailutils --without-small-ja-dic --with-tree-sitter --without-xinput2 --without-xwidgets --with-dbus --with-selinux +--prefix=/nix/store/bi0mx16g15cksksm7c5vdvyb0zgmbb36-emacs-git-pgtk-20250311.0 --disable-build-details --with-modules --with-pgtk --with-compress-install --with-toolkit-scroll-bars --with-native-compilation --without-imagemagick --with-mailutils --without-small-ja-dic --with-tree-sitter --without-xinput2 --without-xwidgets --with-dbus --with-selinux@@ -858,7 +859,7 @@ In
outputs = inputs@ [...], the inputs@ makes it so th
};
inputs = {
- nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
+ nixpkgs.url = "github:nixos/nixpkgs?rev=5f385baff93c728400d2c4ec8c9b0745b8f9e5b6";
nixpkgs-stable.url = "github:NixOS/nixpkgs/nixos-24.11";
systems.url = "github:nix-systems/default-linux";
home-manager = {
@@ -920,8 +921,11 @@ In outputs = inputs@ [...], the inputs@ makes it so th
flake = false;
inputs = { };
};
+ vbc-nix = {
+ url = "git+ssh://git@github.com/vbc-it/vbc-nix.git?ref=main";
+ inputs.nixpkgs.follows = "nixpkgs";
+ };
nix-topology.url = "github:oddlama/nix-topology";
-
};
outputs =
inputs@{ self
@@ -937,7 +941,6 @@ In outputs = inputs@ [...], the inputs@ makes it so th
in
{
-
inherit lib;
nixosModules = import ./modules/nixos { inherit lib; };
@@ -956,35 +959,35 @@ In outputs = inputs@ [...], the inputs@ makes it so th
];
appSet = lib.swarselsystems.mkApps system appNames self;
in
- {
- inherit appSet;
- default = appSet.bootstrap;
- });
+ {
+ inherit appSet;
+ default = appSet.bootstrap;
+ });
devShells = lib.swarselsystems.forAllSystems (system:
let
pkgs = lib.swarselsystems.pkgsFor.${system};
checks = self.checks.${system};
in
- {
- default = pkgs.mkShell {
- NIX_CONFIG = "experimental-features = nix-command flakes";
- inherit (checks.pre-commit-check) shellHook;
- buildInputs = checks.pre-commit-check.enabledPackages;
- nativeBuildInputs = [
- pkgs.nix
- pkgs.home-manager
- pkgs.git
- pkgs.just
- pkgs.age
- pkgs.ssh-to-age
- pkgs.sops
- pkgs.statix
- pkgs.deadnix
- pkgs.nixpkgs-fmt
- ];
- };
- }
+ {
+ default = pkgs.mkShell {
+ NIX_CONFIG = "experimental-features = nix-command flakes";
+ inherit (checks.pre-commit-check) shellHook;
+ buildInputs = checks.pre-commit-check.enabledPackages;
+ nativeBuildInputs = [
+ pkgs.nix
+ pkgs.home-manager
+ pkgs.git
+ pkgs.just
+ pkgs.age
+ pkgs.ssh-to-age
+ pkgs.sops
+ pkgs.statix
+ pkgs.deadnix
+ pkgs.nixpkgs-fmt
+ ];
+ };
+ }
);
templates = import ./templates { inherit lib; };
@@ -993,9 +996,11 @@ In outputs = inputs@ [...], the inputs@ makes it so th
let
pkgs = lib.swarselsystems.pkgsFor.${system};
in
- import ./checks { inherit self inputs system pkgs; }
+ import ./checks { inherit self inputs system pkgs; }
);
+ diskoConfigurations.default = import .templates/hosts/nixos/disk-config.nix;
+
nixosConfigurations =
lib.swarselsystems.mkFullHostConfigs (lib.swarselsystems.readHosts "nixos") "nixos";
@@ -1114,7 +1119,7 @@ This automatically creates a topology diagram of my configuration.
-nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
+nixpkgs.url = "github:nixos/nixpkgs?rev=5f385baff93c728400d2c4ec8c9b0745b8f9e5b6";
nixpkgs-stable.url = "github:NixOS/nixpkgs/nixos-24.11";
systems.url = "github:nix-systems/default-linux";
home-manager = {
@@ -1176,8 +1181,11 @@ nix-secrets = {
flake = false;
inputs = { };
};
+vbc-nix = {
+ url = "git+ssh://git@github.com/vbc-it/vbc-nix.git?ref=main";
+ inputs.nixpkgs.follows = "nixpkgs";
+};
nix-topology.url = "github:oddlama/nix-topology";
-
-inherit lib;
+inherit lib;
nixosModules = import ./modules/nixos { inherit lib; };
homeModules = import ./modules/home { inherit lib; };
@@ -1250,35 +1257,35 @@ apps = lib.swarselsystems.forAllSystems (system:
];
appSet = lib.swarselsystems.mkApps system appNames self;
in
- {
- inherit appSet;
- default = appSet.bootstrap;
- });
+ {
+ inherit appSet;
+ default = appSet.bootstrap;
+ });
devShells = lib.swarselsystems.forAllSystems (system:
let
pkgs = lib.swarselsystems.pkgsFor.${system};
checks = self.checks.${system};
in
- {
- default = pkgs.mkShell {
- NIX_CONFIG = "experimental-features = nix-command flakes";
- inherit (checks.pre-commit-check) shellHook;
- buildInputs = checks.pre-commit-check.enabledPackages;
- nativeBuildInputs = [
- pkgs.nix
- pkgs.home-manager
- pkgs.git
- pkgs.just
- pkgs.age
- pkgs.ssh-to-age
- pkgs.sops
- pkgs.statix
- pkgs.deadnix
- pkgs.nixpkgs-fmt
- ];
- };
- }
+ {
+ default = pkgs.mkShell {
+ NIX_CONFIG = "experimental-features = nix-command flakes";
+ inherit (checks.pre-commit-check) shellHook;
+ buildInputs = checks.pre-commit-check.enabledPackages;
+ nativeBuildInputs = [
+ pkgs.nix
+ pkgs.home-manager
+ pkgs.git
+ pkgs.just
+ pkgs.age
+ pkgs.ssh-to-age
+ pkgs.sops
+ pkgs.statix
+ pkgs.deadnix
+ pkgs.nixpkgs-fmt
+ ];
+ };
+ }
);
templates = import ./templates { inherit lib; };
@@ -1287,9 +1294,11 @@ checks = lib.swarselsystems.forAllSystems (system:
let
pkgs = lib.swarselsystems.pkgsFor.${system};
in
- import ./checks { inherit self inputs system pkgs; }
+ import ./checks { inherit self inputs system pkgs; }
);
+diskoConfigurations.default = import .templates/hosts/nixos/disk-config.nix;
+
nix
-
-2.6. Templates
-
+
+2.6. Templates
+
This file defines the templates that are being exposed by the flake. These can be used by running nix flake init -t github:Swarsel/.dotfiles#<TEMPLATE_NAME>.
@@ -1497,7 +1506,7 @@ This is the template that I use for new deployments of personal machines. Server
3.1.1.1. Main Configuration
-{ self, inputs, pkgs, lib, ... }:
+{ self, inputs, pkgs, lib, primaryUser, ... }:
let
profilesPath = "${self}/profiles";
sharedOptions = {
@@ -1520,7 +1529,7 @@ in
inputs.home-manager.nixosModules.home-manager
{
- home-manager.users.swarsel.imports = [
+ home-manager.users."${primaryUser}".imports = [
"${profilesPath}/home/optional/gaming.nix"
];
}
@@ -1549,11 +1558,10 @@ in
}
sharedOptions;
- home-manager.users.swarsel.swarselsystems = lib.recursiveUpdate
+ home-manager.users."${primaryUser}".swarselsystems = lib.recursiveUpdate
{
isLaptop = true;
isNixos = true;
- flakePath = "/home/swarsel/.dotfiles";
cpuCount = 16;
startup = [
{ command = "nextcloud --background"; }
@@ -1724,12 +1732,14 @@ My work machine. Built for more security, this is the gold standard of my config
3.1.2.1.1. Main Configuration
-{ self, inputs, pkgs, lib, ... }:
+{ self, inputs, pkgs, lib, primaryUser, ... }:
let
+ secretsDirectory = builtins.toString inputs.nix-secrets;
profilesPath = "${self}/profiles";
sharedOptions = {
isBtrfs = true;
isLinux = true;
+ sharescreen = "eDP-2";
};
in
{
@@ -1750,7 +1760,7 @@ in
inputs.home-manager.nixosModules.home-manager
{
- home-manager.users.swarsel.imports = [
+ home-manager.users."${primaryUser}".imports = [
"${profilesPath}/home/optional/gaming.nix"
"${profilesPath}/home/optional/work.nix"
];
@@ -1771,6 +1781,8 @@ in
};
hardware = {
+ enableAllFirmware = true;
+ cpu.amd.updateMicrocode = true;
amdgpu = {
opencl.enable = true;
amdvlk = {
@@ -1780,11 +1792,30 @@ in
};
};
- programs.fw-fanctrl.enable = true;
+ programs.fw-fanctrl = {
+ enable = true;
+ # config = {
+ # defaultStrategy = "lazy";
+ # strategies = {
+ # "lazy" = {
+ # fanSpeedUpdateFrequency = 5;
+ # movingAverageInterval = 30;
+ # speedCurve = [
+ # { temp = 0; speed = 15; }
+ # { temp = 50; speed = 15; }
+ # { temp = 65; speed = 25; }
+ # { temp = 70; speed = 35; }
+ # { temp = 75; speed = 50; }
+ # { temp = 85; speed = 100; }
+ # ];
+ # };
+ # };
+ # };
+ };
networking = {
- hostName = "nbl-imba-2";
- fqdn = "nbl-imba-2.imp.univie.ac.at";
+ hostName = lib.swarselsystems.getSecret "${secretsDirectory}/work/worklaptop-hostname";
+ fqdn = lib.swarselsystems.getSecret "${secretsDirectory}/work/worklaptop-fqdn";
firewall.enable = true;
};
@@ -1792,7 +1823,14 @@ in
services = {
fwupd.enable = true;
udev.extraRules = ''
+ # Make Framework 16 Ethernet Module work reliably
ACTION=="add", SUBSYSTEM=="usb", ATTR{idVendor}=="0bda", ATTR{idProduct}=="8156", ATTR{power/autosuspend}="20"
+
+ # disable Wakup on Framework Laptop 16 Keyboard
+ ACTION=="add", SUBSYSTEM=="usb", ATTRS{idVendor}=="32ac", ATTRS{idProduct}=="0018", ATTR{power/wakeup}="disabled"
+
+ # disable Wakup on Framework Laptop 16 Numpad Module
+ ACTION=="add", SUBSYSTEM=="usb", ATTRS{idVendor}=="32ac", ATTRS{idProduct}=="0014", ATTR{power/wakeup}="disabled"
'';
};
@@ -1807,20 +1845,18 @@ in
}
sharedOptions;
- home-manager.users.swarsel.swarselsystems = lib.recursiveUpdate
+ home-manager.users."${primaryUser}".swarselsystems = lib.recursiveUpdate
{
isLaptop = true;
isNixos = true;
- flakePath = "/home/swarsel/.dotfiles";
+ isSecondaryGpu = true;
+ SecondaryGpuCard = "pci-0000_03_00_0";
cpuCount = 16;
- # temperatureHwmon = {
- # isAbsolutePath = true;
- # path = "/sys/devices/platform/thinkpad_hwmon/hwmon/";
- # input-filename = "temp1_input";
- # };
- # ------ -----
- # | DP-4 | |eDP-1|
- # ------ -----
+ temperatureHwmon = {
+ isAbsolutePath = true;
+ path = "/sys/devices/virtual/thermal/thermal_zone0/";
+ input-filename = "temp4_input";
+ };
startup = [
{ command = "nextcloud --background"; }
{ command = "vesktop --start-minimized --enable-speech-dispatcher --ozone-platform-hint=auto --enable-features=WaylandWindowDecorations --enable-wayland-ime"; }
@@ -1832,7 +1868,6 @@ in
{ command = "1password"; }
{ command = "feishin"; }
];
- sharescreen = "eDP-2";
lowResolution = "1280x800";
highResolution = "2560x1600";
monitors = {
@@ -1898,7 +1933,7 @@ in
mode = "1280x720";
scale = "1";
position = "10000,10000"; # i.e. this screen is inaccessible by moving the mouse
- workspace = "12:S";
+ workspace = "14:T";
output = "DP-4";
};
};
@@ -1941,6 +1976,7 @@ in
}
+
@@ -1949,31 +1985,55 @@ in
3.1.2.1.2. hardware-configuration
-{ config, lib, modulesPath, ... }:
+{ config, pkgs, lib, modulesPath, ... }:
{
imports =
[
(modulesPath + "/installer/scan/not-detected.nix")
];
- boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "thunderbolt" "usb_storage" "cryptd" "usbhid" "sd_mod" "r8152" ];
- boot.initrd.kernelModules = [ ];
- boot.kernelModules = [ "kvm-amd" ];
+ # Fix Wlan after suspend or Hibernate
+ environment.etc."systemd/system-sleep/fix-wifi.sh".source =
+ pkgs.writeShellScript "fix-wifi.sh" ''
+ case $1/$2 in
+ pre/*)
+ ${pkgs.kmod}/bin/modprobe -r mt7921e mt792x_lib mt76
+ echo 1 > /sys/bus/pci/devices/0000:04:00.0/remove
+ ;;
- # Fix screen flickering issue at the cost of battery life (disable PSR and PSR-SU, keep PR enabled)
- # TODO: figure out if this is worth it
- # test PSR/PR state with 'sudo grep '' /sys/kernel/debug/dri/0000*/eDP-2/*_capability'
- # ref:
- # https://old.reddit.com/r/framework/comments/1goh7hc/anyone_else_get_this_screen_flickering_issue/
- # https://www.reddit.com/r/NixOS/comments/1hjruq1/graphics_corruption_on_kernel_6125_and_up/
- # https://gitlab.freedesktop.org/drm/amd/-/issues/3797
- boot.kernelParams = [ "amdgpu.dcdebugmask=0x410" ];
+ post/*)
+ ${pkgs.kmod}/bin/modprobe mt7921e
+ echo 1 > /sys/bus/pci/rescan
+ ;;
+ esac
+ '';
- boot.extraModulePackages = [ ];
- boot.initrd.luks.devices."cryptroot" = {
- # improve performance on ssds
- bypassWorkqueues = true;
- preLVM = true;
+ boot = {
+ initrd = {
+ availableKernelModules = [ "nvme" "xhci_pci" "thunderbolt" "usb_storage" "cryptd" "usbhid" "sd_mod" "r8152" ];
+ kernelModules = [ "sg" ];
+ luks.devices."cryptroot" = {
+ # improve performance on ssds
+ bypassWorkqueues = true;
+ preLVM = true;
+ };
+ };
+
+ kernelModules = [ "kvm-amd" ];
+ kernelParams = [
+ "mem_sleep_default=deep"
+ "amd_pstate=passive"
+ # Fix screen flickering issue at the cost of battery life (disable PSR and PSR-SU, keep PR enabled)
+ # TODO: figure out if this is worth it
+ # test PSR/PR state with 'sudo grep '' /sys/kernel/debug/dri/0000*/eDP-2/*_capability'
+ # ref:
+ # https://old.reddit.com/r/framework/comments/1goh7hc/anyone_else_get_this_screen_flickering_issue/
+ # https://www.reddit.com/r/NixOS/comments/1hjruq1/graphics_corruption_on_kernel_6125_and_up/
+ # https://gitlab.freedesktop.org/drm/amd/-/issues/3797
+ "amdgpu.dcdebugmask=0x410"
+ ];
+
+ extraModulePackages = [ ];
};
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
@@ -2091,7 +2151,7 @@ This is my main server that I run at home. It handles most tasks that require bi
3.1.2.2.1. Main Configuration
-{ self, inputs, ... }:
+{ self, inputs, primaryUser, ... }:
let
profilesPath = "${self}/profiles";
in
@@ -2105,7 +2165,7 @@ in
inputs.home-manager.nixosModules.home-manager
{
- home-manager.users.swarsel.imports = [
+ home-manager.users."${primaryUser}".imports = [
"${profilesPath}/home/server"
];
}
@@ -2130,7 +2190,6 @@ in
isImpermanence = false;
isBtrfs = false;
isLinux = true;
- flakePath = "/home/swarsel/.dotfiles";
server = {
enable = true;
kavita = true;
@@ -2168,25 +2227,29 @@ in
(modulesPath + "/installer/scan/not-detected.nix")
];
- boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "usbhid" "usb_storage" "sd_mod" ];
- boot.initrd.kernelModules = [ ];
- boot.kernelModules = [ "kvm-intel" ];
- boot.extraModulePackages = [ ];
+ boot = {
+ initrd.availableKernelModules = [ "ahci" "xhci_pci" "usbhid" "usb_storage" "sd_mod" ];
+ initrd.kernelModules = [ ];
+ kernelModules = [ "kvm-intel" ];
+ extraModulePackages = [ ];
- boot.supportedFilesystems = [ "zfs" ];
- boot.zfs.extraPools = [ "Vault" ];
+ supportedFilesystems = [ "zfs" ];
+ zfs.extraPools = [ "Vault" ];
+ };
- fileSystems."/" =
- {
- device = "/dev/disk/by-uuid/30e2f96a-b01d-4c27-9ebb-d5d7e9f0031f";
- fsType = "ext4";
- };
+ fileSystems = {
+ "/" =
+ {
+ device = "/dev/disk/by-uuid/30e2f96a-b01d-4c27-9ebb-d5d7e9f0031f";
+ fsType = "ext4";
+ };
- fileSystems."/boot" =
- {
- device = "/dev/disk/by-uuid/F0D8-8BD1";
- fsType = "vfat";
- };
+ "/boot" =
+ {
+ device = "/dev/disk/by-uuid/F0D8-8BD1";
+ fsType = "vfat";
+ };
+ };
swapDevices =
[{ device = "/dev/disk/by-uuid/a8eb6f3b-69bf-4160-90aa-9247abc108e0"; }];
@@ -2214,20 +2277,27 @@ A Mac notebook that I have received from work. I use this machine for getting ac
-{ lib, ... }:
+{ lib, inputs, ... }:
+let
+ secretsDirectory = builtins.toString inputs.nix-secrets;
+ workUser = lib.swarselsystems.getSecret "${secretsDirectory}/work/work-user";
+in
{
# Auto upgrade nix package and the daemon service.
services.nix-daemon.enable = true;
services.karabiner-elements.enable = true;
- home-manager.users."leon.schwarzaeugl".home = {
- username = lib.mkForce "leon.schwarzaeugl";
+ home-manager.users.workUser.home = {
+ username = lib.mkForce workUser;
swarselsystems = {
isDarwin = true;
isLaptop = true;
isNixos = false;
isBtrfs = false;
+ mainUser = workUser;
+ homeDir = "/home/${workUser}";
+ flakePath = "/home/${workUser}/.dotfiles";
};
};
}
@@ -2326,7 +2396,7 @@ All of these are processes that use little cpu but can take a lot of storage. Fo
-{ self, inputs, lib, ... }:
+{ self, inputs, lib, primaryUser, ... }:
let
profilesPath = "${self}/profiles";
in
@@ -2338,7 +2408,7 @@ in
inputs.home-manager.nixosModules.home-manager
{
- home-manager.users.swarsel.imports = [
+ home-manager.users."${primaryUser}".imports = [
"${profilesPath}/home/server"
];
}
@@ -2348,24 +2418,6 @@ in
defaultSopsFile = lib.mkForce "/root/.dotfiles/secrets/sync/secrets.yaml";
};
- services.nginx = {
- virtualHosts = {
- "sync.swarsel.win" = {
- enableACME = true;
- forceSSL = true;
- acmeRoot = null;
- locations = {
- "/" = {
- proxyPass = "http://localhost:8384/";
- extraConfig = ''
- client_max_body_size 0;
- '';
- };
- };
- };
- };
- };
-
boot = {
tmp.cleanOnBoot = true;
loader.grub.device = "nodev";
@@ -2374,31 +2426,53 @@ in
networking = {
nftables.enable = lib.mkForce false;
- firewall.allowedTCPPorts = [ 8384 22000 ];
- firewall.allowedUDPPorts = [ 21027 22000 ];
hostName = "sync";
enableIPv6 = false;
domain = "subnet03112148.vcn03112148.oraclevcn.com";
- firewall.extraCommands = ''
- iptables -I INPUT -m state --state NEW -p tcp --dport 80 -j ACCEPT
- iptables -I INPUT -m state --state NEW -p tcp --dport 443 -j ACCEPT
- iptables -I INPUT -m state --state NEW -p tcp --dport 27701 -j ACCEPT
- iptables -I INPUT -m state --state NEW -p tcp --dport 8384 -j ACCEPT
- iptables -I INPUT -m state --state NEW -p tcp --dport 3000 -j ACCEPT
- iptables -I INPUT -m state --state NEW -p tcp --dport 22000 -j ACCEPT
- iptables -I INPUT -m state --state NEW -p udp --dport 22000 -j ACCEPT
- iptables -I INPUT -m state --state NEW -p udp --dport 21027 -j ACCEPT
- iptables -I INPUT -m state --state NEW -p tcp --dport 9812 -j ACCEPT
- '';
+ firewall = {
+ allowedTCPPorts = [ 8384 22000 ];
+ allowedUDPPorts = [ 21027 22000 ];
+ extraCommands = ''
+ iptables -I INPUT -m state --state NEW -p tcp --dport 80 -j ACCEPT
+ iptables -I INPUT -m state --state NEW -p tcp --dport 443 -j ACCEPT
+ iptables -I INPUT -m state --state NEW -p tcp --dport 27701 -j ACCEPT
+ iptables -I INPUT -m state --state NEW -p tcp --dport 8384 -j ACCEPT
+ iptables -I INPUT -m state --state NEW -p tcp --dport 3000 -j ACCEPT
+ iptables -I INPUT -m state --state NEW -p tcp --dport 22000 -j ACCEPT
+ iptables -I INPUT -m state --state NEW -p udp --dport 22000 -j ACCEPT
+ iptables -I INPUT -m state --state NEW -p udp --dport 21027 -j ACCEPT
+ iptables -I INPUT -m state --state NEW -p tcp --dport 9812 -j ACCEPT
+ '';
+ };
};
# system.stateVersion = "23.11"; # TEMPLATE - but probably no need to change
- # do not manage OCI syncthing through nix config
- services.syncthing = {
- enable = true;
- guiAddress = "0.0.0.0:8384";
- openDefaultPorts = true;
+ services = {
+ nginx = {
+ virtualHosts = {
+ "sync.swarsel.win" = {
+ enableACME = true;
+ forceSSL = true;
+ acmeRoot = null;
+ locations = {
+ "/" = {
+ proxyPass = "http://localhost:8384/";
+ extraConfig = ''
+ client_max_body_size 0;
+ '';
+ };
+ };
+ };
+ };
+ };
+
+ # do not manage OCI syncthing through nix config
+ syncthing = {
+ enable = true;
+ guiAddress = "0.0.0.0:8384";
+ openDefaultPorts = true;
+ };
};
@@ -2438,7 +2512,7 @@ This is a slim setup for developing base configuration. I do not track the hardw
3.1.4.1.1. Main Configuration
-{ self, inputs, outputs, pkgs, lib, ... }:
+{ self, inputs, outputs, pkgs, lib, primaryUser, ... }:
let
profilesPath = "${self}/profiles";
sharedOptions = {
@@ -2455,6 +2529,7 @@ in
"${profilesPath}/nixos/optional/autologin.nix"
"${profilesPath}/nixos/common/settings.nix"
"${profilesPath}/nixos/common/home-manager.nix"
+ "${profilesPath}/nixos/common/home-manager-extra.nix"
"${profilesPath}/nixos/common/xserver.nix"
"${profilesPath}/nixos/common/users.nix"
"${profilesPath}/nixos/common/impermanence.nix"
@@ -2464,7 +2539,7 @@ in
inputs.home-manager.nixosModules.home-manager
{
- home-manager.users.swarsel.imports = [
+ home-manager.users."${primaryUser}".imports = [
inputs.sops-nix.homeManagerModules.sops
"${profilesPath}/home/common/settings.nix"
"${profilesPath}/home/common/sops.nix"
@@ -2512,11 +2587,10 @@ in
}
sharedOptions;
- home-manager.users.swarsel.swarselsystems = lib.recursiveUpdate
+ home-manager.users."${primaryUser}".swarselsystems = lib.recursiveUpdate
{
isLaptop = false;
isNixos = true;
- flakePath = "/home/swarsel/.dotfiles";
}
sharedOptions;
@@ -2698,7 +2772,7 @@ Also, an initial bash history is provided to allow for a very quick local deploy
-{ self, pkgs, inputs, outputs, config, lib, modulesPath, ... }:
+{ self, pkgs, inputs, outputs, config, lib, modulesPath, primaryUser ? "swarsel", ... }:
let
pubKeys = lib.filesystem.listFilesRecursive "${self}/secrets/keys/ssh";
in
@@ -2712,13 +2786,13 @@ in
inputs.home-manager.nixosModules.home-manager
{
- home-manager.users.swarsel.imports = [
+ home-manager.users."${primaryUser}".imports = [
"${self}/profiles/home/common/settings.nix"
] ++ (builtins.attrValues outputs.homeModules);
}
];
- home-manager.users.swarsel.home = {
+ home-manager.users."${primaryUser}".home = {
file = {
".bash_history" = {
source = self + /programs/bash/.bash_history;
@@ -2749,15 +2823,15 @@ in
config.allowUnfree = true;
};
- services.getty.autologinUser = lib.mkForce "swarsel";
+ services.getty.autologinUser = lib.mkForce primaryUser;
users = {
allowNoPasswordLogin = true;
groups.swarsel = { };
users = {
swarsel = {
- name = "swarsel";
- group = "swarsel";
+ name = primaryUser;
+ group = primaryUser;
isNormalUser = true;
password = "setup"; # this is overwritten after install
openssh.authorizedKeys.keys = lib.lists.forEach pubKeys (key: builtins.readFile key);
@@ -2765,7 +2839,7 @@ in
};
root = {
# password = lib.mkForce config.users.users.swarsel.password; # this is overwritten after install
- openssh.authorizedKeys.keys = config.users.users.swarsel.openssh.authorizedKeys.keys;
+ openssh.authorizedKeys.keys = config.users.users."${primaryUser}".openssh.authorizedKeys.keys;
};
};
};
@@ -2781,10 +2855,10 @@ in
system.activationScripts.cache = {
text = ''
- mkdir -p -m=0777 /home/swarsel/.local/state/nix/profiles
- mkdir -p -m=0777 /home/swarsel/.local/state/home-manager/gcroots
- mkdir -p -m=0777 /home/swarsel/.local/share/nix/
- printf '{\"extra-substituters\":{\"https://nix-community.cachix.org\":true,\"https://nix-community.cachix.org https://cache.ngi0.nixos.org/\":true},\"extra-trusted-public-keys\":{\"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=\":true,\"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs= cache.ngi0.nixos.org-1:KqH5CBLNSyX184S9BKZJo1LxrxJ9ltnY2uAs5c/f1MA=\":true}}' | tee /home/swarsel/.local/share/nix/trusted-settings.json > /dev/null
+ mkdir -p -m=0777 /home/${primaryUser}/.local/state/nix/profiles
+ mkdir -p -m=0777 /home/${primaryUser}/.local/state/home-manager/gcroots
+ mkdir -p -m=0777 /home/${primaryUser}/.local/share/nix/
+ printf '{\"extra-substituters\":{\"https://nix-community.cachix.org\":true,\"https://nix-community.cachix.org https://cache.ngi0.nixos.org/\":true},\"extra-trusted-public-keys\":{\"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=\":true,\"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs= cache.ngi0.nixos.org-1:KqH5CBLNSyX184S9BKZJo1LxrxJ9ltnY2uAs5c/f1MA=\":true}}' | tee /home/${primaryUser}/.local/share/nix/trusted-settings.json > /dev/null
mkdir -p /root/.local/share/nix/
printf '{\"extra-substituters\":{\"https://nix-community.cachix.org\":true,\"https://nix-community.cachix.org https://cache.ngi0.nixos.org/\":true},\"extra-trusted-public-keys\":{\"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=\":true,\"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs= cache.ngi0.nixos.org-1:KqH5CBLNSyX184S9BKZJo1LxrxJ9ltnY2uAs5c/f1MA=\":true}}' | tee /root/.local/share/nix/trusted-settings.json > /dev/null
'';
@@ -2877,7 +2951,7 @@ I also set the WLR_RENDERER_ALLOW_SOFTWARE=1 to allow this configur
-{ self, pkgs, lib, ... }:
+{ self, config, pkgs, lib, primaryUser, ... }:
let
profilesPath = "${self}/profiles";
in
@@ -2885,6 +2959,10 @@ in
imports = [
./hardware-configuration.nix
+ ./disk-config.nix
+ {
+ _module.args.diskDevice = config.swarselsystems.rootDisk;
+ }
"${profilesPath}/nixos/optional/autologin.nix"
];
@@ -2911,12 +2989,17 @@ in
initialSetup = true;
isPublic = true;
isLinux = true;
+ isImpermanence = true;
+ isCrypted = true;
+ isSecureBoot = false;
+ isSwap = true;
+ swapSize = "4G";
+ rootDisk = "/dev/vda";
};
- home-manager.users.swarsel.swarselsystems = {
+ home-manager.users."${primaryUser}".swarselsystems = {
isNixos = true;
isPublic = true;
- flakePath = "/home/swarsel/.dotfiles";
};
}
@@ -3389,13 +3472,13 @@ writeShellApplication {
-
-3.2.1.11. swarselzellij
-
+
+3.2.1.11. swarselzellij
+
KITTIES=$(($(pgrep -P 1 kitty | wc -l) - 1))
-if [[ $KITTIES -lt 1 ]]; then
+if ((KITTIES < 1)); then
exec kitty -o confirm_os_window_close=0 zellij attach --create main
else
exec kitty -o confirm_os_window_close=0 zellij attach --create "temp $KITTIES"
@@ -3530,44 +3613,8 @@ writeShellApplication {
-
-3.2.1.15. update-checker
-
-
-This utility checks if there are updated packages in nixpkgs-unstable. It does so by fully building the most recent configuration, which I do not love, but it has its merits once I am willing to switch to the newer version.
-
-
-
-updates="$({ cd /home/swarsel/.dotfiles && nix flake lock --update-input nixpkgs && nix build .#nixosConfigurations."$(eval hostname)".config.system.build.toplevel && nvd diff /run/current-system ./result | grep -c '\[U'; } || true)"
-
-alt="has-updates"
-if [[ $updates -eq 0 ]]; then
- alt="updated"
-fi
-
-tooltip="System updated"
-if [[ $updates != 0 ]]; then
- tooltip=$(cd ~/.dotfiles && nvd diff /run/current-system ./result | grep -e '\[U' | awk '{ for (i=3; i<NF; i++) printf $i " "; if (NF >= 3) print $NF; }' ORS='\\n')
- echo "{ \"text\":\"$updates\", \"alt\":\"$alt\", \"tooltip\":\"$tooltip\" }"
-else
- echo "{ \"text\":\"\", \"alt\":\"$alt\", \"tooltip\":\"\" }"
-fi
-
-
-
-
-{ self, name, writeShellApplication, nvd }:
-writeShellApplication {
- inherit name;
- runtimeInputs = [ nvd ];
- text = builtins.readFile "${self}/scripts/${name}.sh";
-}
-
-
-
-
-3.2.1.16. github-notifications
+3.2.1.15. github-notifications
This utility checks if there are updated packages in nixpkgs-unstable. It does so by fully building the most recent configuration, which I do not love, but it has its merits once I am willing to switch to the newer version.
@@ -3581,7 +3628,7 @@ writeShellApplication {
inherit name;
runtimeInputs = [ jq ];
text = ''
- count=$(curl -u Swarsel:"$(cat /run/user/1000/secrets/github_notif)" https://api.github.com/notifications | jq '. | length')
+ count=$(curl -u Swarsel:"$(cat "$XDG_RUNTIME_DIR/secrets/github_notif")" https://api.github.com/notifications | jq '. | length')
if [[ "$count" != "0" ]]; then
echo "{\"text\":\"$count\"}"
@@ -3593,26 +3640,15 @@ writeShellApplication {
-3.2.1.17. screenshare
+3.2.1.16. screenshare
SHARESCREEN="$(nix eval --raw ~/.dotfiles#nixosConfigurations."$(hostname)".config.home-manager.users."$(whoami)".swarselsystems.sharescreen)"
-touch /tmp/screenshare.state
-STATE=$(< /tmp/screenshare.state)
-
-if [[ $STATE != "1" ]]; then
- wl-mirror "$SHARESCREEN" &
- sleep 0.1
- swaymsg output "$SHARESCREEN" mode "$SWARSEL_LO_RES"
- echo 1 > /tmp/screenshare.state
- swaymsg '[app_id=at.yrlf.wl_mirror] move to workspace 12:S'
- swaymsg '[app_id=at.yrlf.wl_mirror] fullscreen'
-else
- swaymsg output "$SHARESCREEN" mode "$SWARSEL_HI_RES"
- echo 0 > /tmp/screenshare.state
- swaymsg '[app_id=at.yrlf.wl_mirror] kill'
-fi
+wl-mirror "$SHARESCREEN" &
+sleep 0.1
+swaymsg '[app_id=at.yrlf.wl_mirror] move to workspace 14:T'
+swaymsg '[app_id=at.yrlf.wl_mirror] fullscreen'
@@ -3629,7 +3665,7 @@ writeShellApplication {
-3.2.1.18. swarsel-bootstrap
+3.2.1.17. swarsel-bootstrap
This program sets up a new NixOS host remotely. It also takes care of secret management on the new host.
@@ -3923,7 +3959,7 @@ sops updatekeys --yes --enable-local-keyservice "${git_root}"/secrets/*/secrets.
green "Making ssh_host_ed25519_key available to home-manager for user $target_user"
sed -i "/$target_hostname/d; /$target_destination/d" ~/.ssh/known_hosts
$scp_cmd root@"$target_destination":/etc/ssh/ssh_host_ed25519_key root@"$target_destination":/home/"$target_user"/.ssh/ssh_host_ed25519_key
-$ssh_root_cmd "chown $target_user:users /home/swarsel/.ssh/ssh_host_ed25519_key"
+$ssh_root_cmd "chown $target_user:users /home/$target_user/.ssh/ssh_host_ed25519_key"
# __________________________
if yes_or_no "Add ssh host fingerprints for git upstream repositories? (This is needed for building the full config)"; then
@@ -3991,7 +4027,7 @@ writeShellApplication {
-3.2.1.19. swarsel-rebuild
+3.2.1.18. swarsel-rebuild
This program builds a configuration locally.
@@ -4067,7 +4103,7 @@ else
fi
local_keys=$(ssh-add -L || true)
-pub_key=$(cat /home/"$target_user"/.dotfiles/secrets/keys/ssh/nbl-imba-2.pub)
+pub_key=$(cat /home/"$target_user"/.dotfiles/secrets/keys/ssh/yubikey.pub)
read -ra pub_arr <<< "$pub_key"
cd .dotfiles
@@ -4075,7 +4111,15 @@ if [[ $local_keys != *"${pub_arr[1]}"* ]]; then
yellow "The ssh key for this configuration is not available."
green "Adjusting flake.nix so that the configuration is buildable"
sed -i '/nix-secrets = {/,/^[[:space:]]*};/d' flake.nix
- git add flake.nix
+ sed -i '/vbc-nix = {/,/^[[:space:]]*};/d' flake.nix
+ sed -i '/[[:space:]]*\/\/ (inputs.vbc-nix.overlays.default final prev)/d' overlays/default.nix
+ rm profiles/home/common/env.nix
+ rm profiles/home/common/gammastep.nix
+ rm profiles/home/common/git.nix
+ rm profiles/home/common/mail.nix
+ rm profiles/nixos/common/home-manager-extra.nix
+ nix flake update vbc-nix
+ git add .
else
green "Valid SSH key found! Continuing with installation"
fi
@@ -4102,7 +4146,7 @@ writeShellApplication {
-3.2.1.20. swarsel-install
+3.2.1.19. swarsel-install
This program sets up a new NixOS host locally.
@@ -4115,18 +4159,20 @@ target_config="chaostheatre"
target_hostname="chaostheatre"
target_user="swarsel"
persist_dir=""
+target_disk="/dev/vda"
disk_encryption=0
function help_and_exit() {
echo
echo "Locally installs SwarselSystem on this machine."
echo
- echo "USAGE: $0 -n <target_config> [OPTIONS]"
+ echo "USAGE: $0 -n <target_config> -d <target_disk> [OPTIONS]"
echo
echo "ARGS:"
echo " -n <target_config> specify the nixos config to deploy."
echo " Default: chaostheatre"
- echo " Default: chaostheatre"
+ echo " -d <target_disk> specify disk to install on."
+ echo " Default: /dev/vda"
echo " -u <target_user> specify user to deploy for."
echo " Default: swarsel"
echo " -h | --help Print this help."
@@ -4163,6 +4209,10 @@ while [[ $# -gt 0 ]]; do
shift
target_user=$1
;;
+ -d)
+ shift
+ target_disk=$1
+ ;;
-h | --help) help_and_exit ;;
*)
echo "Invalid option detected."
@@ -4178,7 +4228,7 @@ function cleanup() {
}
trap cleanup exit
-green "~SwarselSystems~ remote installer"
+green "~SwarselSystems~ local installer"
cd /home/"$target_user"
@@ -4189,9 +4239,31 @@ sudo rm -rf .dotfiles
green "Cloning repository from GitHub"
git clone https://github.com/Swarsel/.dotfiles.git
+local_keys=$(ssh-add -L || true)
+pub_key=$(cat /home/"$target_user"/.dotfiles/secrets/keys/ssh/yubikey.pub)
+read -ra pub_arr <<< "$pub_key"
+
+cd .dotfiles
+if [[ $local_keys != *"${pub_arr[1]}"* ]]; then
+ yellow "The ssh key for this configuration is not available."
+ green "Adjusting flake.nix so that the configuration is buildable ..."
+ sed -i '/nix-secrets = {/,/^[[:space:]]*};/d' flake.nix
+ sed -i '/vbc-nix = {/,/^[[:space:]]*};/d' flake.nix
+ sed -i '/[[:space:]]*\/\/ (inputs.vbc-nix.overlays.default final prev)/d' overlays/default.nix
+ rm profiles/home/common/env.nix
+ rm profiles/home/common/gammastep.nix
+ rm profiles/home/common/git.nix
+ rm profiles/home/common/mail.nix
+ rm profiles/nixos/common/home-manager-extra.nix
+ nix flake update vbc-nix
+ git add .
+else
+ green "Valid SSH key found! Continuing with installation"
+fi
+
green "Reading system information for $target_config ..."
DISK="$(nix eval --raw ~/.dotfiles#nixosConfigurations."$target_hostname".config.swarselsystems.rootDisk)"
-green "Root Disk: $DISK"
+green "Root Disk in config: $DISK - Root Disk passed in cli: $target_disk"
CRYPTED="$(nix eval ~/.dotfiles#nixosConfigurations."$target_hostname".config.swarselsystems.isCrypted)"
if [[ $CRYPTED == "true" ]]; then
@@ -4225,20 +4297,6 @@ else
red "Secure Boot: X"
fi
-local_keys=$(ssh-add -L || true)
-pub_key=$(cat /home/"$target_user"/.dotfiles/secrets/keys/ssh/nbl-imba-2.pub)
-read -ra pub_arr <<< "$pub_key"
-
-cd .dotfiles
-if [[ $local_keys != *"${pub_arr[1]}"* ]]; then
- yellow "The ssh key for this configuration is not available."
- green "Adjusting flake.nix so that the configuration is buildable"
- sed -i '/nix-secrets = {/,/^[[:space:]]*};/d' flake.nix
- git add flake.nix
-else
- green "Valid SSH key found! Continuing with installation"
-fi
-
if [ "$disk_encryption" -eq 1 ]; then
while true; do
green "Set disk encryption passphrase:"
@@ -4254,16 +4312,20 @@ if [ "$disk_encryption" -eq 1 ]; then
done
fi
-green "Setting up disk"
-sudo nix --experimental-features "nix-command flakes" run github:nix-community/disko/latest -- --mode destroy,format,mount --flake .#"$target_config" --yes-wipe-all-disks
+green "Setting up disk ..."
+if [[ $target_config == "chaostheatre" ]]; then
+ sudo nix --experimental-features "nix-command flakes" run github:nix-community/disko/v1.10.0 -- --mode destroy,format,mount --flake .#"$target_config" --yes-wipe-all-disks --arg diskDevice "$target_disk"
+else
+ sudo nix --experimental-features "nix-command flakes" run github:nix-community/disko/latest -- --mode destroy,format,mount --flake .#"$target_config" --yes-wipe-all-disks
+fi
sudo mkdir -p /mnt/"$persist_dir"/home/"$target_user"/
sudo cp -r /home/"$target_user"/.dotfiles /mnt/"$persist_dir"/home/"$target_user"/
sudo chown -R 1000:100 /mnt/"$persist_dir"/home/"$target_user"
-green "Generating hardware configuration"
+green "Generating hardware configuration ..."
sudo nixos-generate-config --root /mnt --no-filesystems --dir /home/"$target_user"/.dotfiles/hosts/nixos/"$target_config"/
-green "Injecting initialSetup"
+green "Injecting initialSetup ..."
sudo sed -i '/ boot.extraModulePackages /a \ swarselsystems.initialSetup = true;' /home/"$target_user"/.dotfiles/hosts/nixos/"$target_config"/hardware-configuration.nix
git add /home/"$target_user"/.dotfiles/hosts/nixos/"$target_config"/hardware-configuration.nix
@@ -4289,7 +4351,7 @@ writeShellApplication {
-3.2.1.21. swarsel-postinstall
+3.2.1.20. swarsel-postinstall
This program sets up a new NixOS host locally.
@@ -4387,7 +4449,7 @@ writeShellApplication {
-3.2.1.22. t2ts
+3.2.1.21. t2ts
This script allows for quick git branch switching.
@@ -4409,7 +4471,7 @@ writeShellApplication {
-3.2.1.23. ts2t
+3.2.1.22. ts2t
This script allows for quick git branch switching.
@@ -4431,7 +4493,7 @@ writeShellApplication {
-3.2.1.24. vershell
+3.2.1.23. vershell
This script allows for quick git branch switching.
@@ -4453,7 +4515,7 @@ writeShellApplication {
-3.2.1.25. eontimer
+3.2.1.24. eontimer
This script allows for quick git branch switching.
@@ -4560,9 +4622,9 @@ python3.pkgs.buildPythonApplication rec {
-
-3.2.1.26. project
-
+
+3.2.1.25. project
+
set -euo pipefail
@@ -4584,9 +4646,9 @@ writeShellApplication {
-
-3.2.1.27. fhs
-
+
+3.2.1.26. fhs
+
{ name, pkgs, ... }:
let
@@ -4603,9 +4665,9 @@ pkgs.buildFHSEnv (base // {
-
-3.2.1.28. swarsel-displaypower
-
+
+3.2.1.27. swarsel-displaypower
+
A crude script to power on all displays that might be attached. Needed because sometimes displays do not awake from sleep.
@@ -4629,7 +4691,7 @@ writeShellApplication {
-3.2.1.29. swarsel-mgba
+3.2.1.28. swarsel-mgba
AppImage version of mgba in which the lua scripting works.
@@ -4680,7 +4742,7 @@ When adding a new entry here, do not forget to add it in the default output of t
let
additions = final: _: import "${self}/pkgs" { pkgs = final; inherit lib; };
- modifications = final: prev: {
+ modifications = _: prev: {
vesktop = prev.vesktop.override {
withSystemVencord = true;
};
@@ -4693,7 +4755,7 @@ let
];
};
- mgba = final.swarsel-mgba;
+ # mgba = final.swarsel-mgba;
retroarch = prev.retroarch.withCores (cores: with cores; [
snes9x # snes
@@ -4706,17 +4768,8 @@ let
dolphin # gc/wii
]);
- # luakit = prev.river.overrideAttrs (oldAttrs: rec {
- # pname = "river";
- # version = "git";
- # src = prev.fetchFromGitHub {
- # owner = "luakit";
- # repo = pname;
- # rev = "c16628c7f57c51d50f2d10a96c265fb0afaddb02";
- # hash = "sha256-E3Xtv7JeCmafiNmpuS5VuLgh1TDAbibPtMo6A9Pz6EQ=";
- # fetchSubmodules = true;
- # };
- # });
+
+
};
nixpkgs-stable = final: _: {
@@ -4739,6 +4792,7 @@ in
// (modifications final prev)
// (nixpkgs-stable final prev)
// (zjstatus final prev)
+ // (inputs.vbc-nix.overlays.default final prev)
// (inputs.nur.overlays.default final prev)
// (inputs.emacs-overlay.overlay final prev)
// (inputs.nix-topology.overlays.default final prev)
@@ -4789,12 +4843,16 @@ This lets me set some basic flags about the hardware of the configured systems.
{ lib, ... }:
{
- options.swarselsystems.hasBluetooth = lib.mkEnableOption "bluetooth availability";
- options.swarselsystems.hasFingerprint = lib.mkEnableOption "fingerprint sensor availability";
- options.swarselsystems.trackpoint.isAvailable = lib.mkEnableOption "trackpoint availability";
- options.swarselsystems.trackpoint.device = lib.mkOption {
- type = lib.types.str;
- default = "";
+ options.swarselsystems = {
+ hasBluetooth = lib.mkEnableOption "bluetooth availability";
+ hasFingerprint = lib.mkEnableOption "fingerprint sensor availability";
+ trackpoint = {
+ isAvailable = lib.mkEnableOption "trackpoint availability";
+ trackpoint.device = lib.mkOption {
+ type = lib.types.str;
+ default = "";
+ };
+ };
};
}
@@ -4811,31 +4869,29 @@ I usually use mutableUsers = false in my NixOS configuration. Howev
{ lib, ... }:
{
- options.swarselsystems.user = lib.mkOption {
- type = lib.types.str;
- default = "swarsel";
- };
- options.swarselsystems.withHomeManager = lib.mkOption {
- type = lib.types.bool;
- default = true;
- };
- options.swarselsystems.isSwap = lib.mkOption {
- type = lib.types.bool;
- default = true;
- };
- options.swarselsystems.swapSize = lib.mkOption {
- type = lib.types.str;
- default = "8G";
- };
- options.swarselsystems.rootDisk = lib.mkOption {
- type = lib.types.str;
- default = "";
- };
- options.swarselsystems.isCrypted = lib.mkEnableOption "uses full disk encryption";
- options.swarselsystems.initialSetup = lib.mkEnableOption "initial setup (no sops keys available)";
+ options.swarselsystems = {
+ withHomeManager = lib.mkOption {
+ type = lib.types.bool;
+ default = true;
+ };
+ isSwap = lib.mkOption {
+ type = lib.types.bool;
+ default = true;
+ };
+ swapSize = lib.mkOption {
+ type = lib.types.str;
+ default = "8G";
+ };
+ rootDisk = lib.mkOption {
+ type = lib.types.str;
+ default = "";
+ };
+ isCrypted = lib.mkEnableOption "uses full disk encryption";
+ initialSetup = lib.mkEnableOption "initial setup (no sops keys available)";
- options.swarselsystems.isImpermanence = lib.mkEnableOption "use impermanence on this system";
- options.swarselsystems.isSecureBoot = lib.mkEnableOption "use secure boot on this system";
+ isImpermanence = lib.mkEnableOption "use impermanence on this system";
+ isSecureBoot = lib.mkEnableOption "use secure boot on this system";
+ };
}
@@ -4847,25 +4903,29 @@ I usually use mutableUsers = false in my NixOS configuration. Howev
{ lib, ... }:
{
- options.swarselsystems.server.enable = lib.mkEnableOption "is a server machine";
- options.swarselsystems.server.kavita = lib.mkEnableOption "enable kavita on server";
- options.swarselsystems.server.jellyfin = lib.mkEnableOption "enable jellyfin on server";
- options.swarselsystems.server.navidrome = lib.mkEnableOption "enable navidrome on server";
- options.swarselsystems.server.spotifyd = lib.mkEnableOption "enable spotifyd on server";
- options.swarselsystems.server.mpd = lib.mkEnableOption "enable mpd on server";
- options.swarselsystems.server.matrix = lib.mkEnableOption "enable matrix on server";
- options.swarselsystems.server.nextcloud = lib.mkEnableOption "enable nextcloud on server";
- options.swarselsystems.server.immich = lib.mkEnableOption "enable immich on server";
- options.swarselsystems.server.paperless = lib.mkEnableOption "enable paperless on server";
- options.swarselsystems.server.transmission = lib.mkEnableOption "enable transmission and friends on server";
- options.swarselsystems.server.syncthing = lib.mkEnableOption "enable syncthing on server";
- options.swarselsystems.server.restic = lib.mkEnableOption "enable restic backups on server";
- options.swarselsystems.server.monitoring = lib.mkEnableOption "enable monitoring on server";
- options.swarselsystems.server.jenkins = lib.mkEnableOption "enable jenkins on server";
- options.swarselsystems.server.emacs = lib.mkEnableOption "enable emacs server on server";
- options.swarselsystems.server.forgejo = lib.mkEnableOption "enable forgejo on server";
- options.swarselsystems.server.ankisync = lib.mkEnableOption "enable ankisync on server";
- options.swarselsystems.server.freshrss = lib.mkEnableOption "enable freshrss on server";
+ options.swarselsystems = {
+ server = {
+ enable = lib.mkEnableOption "is a server machine";
+ kavita = lib.mkEnableOption "enable kavita on server";
+ jellyfin = lib.mkEnableOption "enable jellyfin on server";
+ navidrome = lib.mkEnableOption "enable navidrome on server";
+ spotifyd = lib.mkEnableOption "enable spotifyd on server";
+ mpd = lib.mkEnableOption "enable mpd on server";
+ matrix = lib.mkEnableOption "enable matrix on server";
+ nextcloud = lib.mkEnableOption "enable nextcloud on server";
+ immich = lib.mkEnableOption "enable immich on server";
+ paperless = lib.mkEnableOption "enable paperless on server";
+ transmission = lib.mkEnableOption "enable transmission and friends on server";
+ syncthing = lib.mkEnableOption "enable syncthing on server";
+ restic = lib.mkEnableOption "enable restic backups on server";
+ monitoring = lib.mkEnableOption "enable monitoring on server";
+ jenkins = lib.mkEnableOption "enable jenkins on server";
+ emacs = lib.mkEnableOption "enable emacs server on server";
+ forgejo = lib.mkEnableOption "enable forgejo on server";
+ ankisync = lib.mkEnableOption "enable ankisync on server";
+ freshrss = lib.mkEnableOption "enable freshrss on server";
+ };
+ };
}
@@ -4904,33 +4964,38 @@ Laptops are not always plugged in, so they should show a battery icon in Waybar.
{ lib, config, ... }:
{
- options.swarselsystems.isLaptop = lib.mkEnableOption "laptop host";
- config.swarselsystems.touchpad = lib.mkIf config.swarselsystems.isLaptop {
- "type:touchpad" = {
- dwt = "enabled";
- tap = "enabled";
- natural_scroll = "enabled";
- middle_emulation = "enabled";
- drag_lock = "disabled";
- };
+ options.swarselsystems = {
+ isLaptop = lib.mkEnableOption "laptop host";
+ };
+
+ config.swarselsystems = {
+ touchpad = lib.mkIf config.swarselsystems.isLaptop {
+ "type:touchpad" = {
+ dwt = "enabled";
+ tap = "enabled";
+ natural_scroll = "enabled";
+ middle_emulation = "enabled";
+ drag_lock = "disabled";
+ };
+ };
+ waybarModules = lib.mkIf config.swarselsystems.isLaptop [
+ "custom/outer-left-arrow-dark"
+ "mpris"
+ "custom/left-arrow-light"
+ "network"
+ "custom/vpn"
+ "custom/left-arrow-dark"
+ "pulseaudio"
+ "custom/left-arrow-light"
+ "battery"
+ "custom/left-arrow-dark"
+ "group/hardware"
+ "custom/left-arrow-light"
+ "clock#2"
+ "custom/left-arrow-dark"
+ "clock#1"
+ ];
};
- config.swarselsystems.waybarModules = lib.mkIf config.swarselsystems.isLaptop [
- "custom/outer-left-arrow-dark"
- "mpris"
- "custom/left-arrow-light"
- "network"
- "custom/vpn"
- "custom/left-arrow-dark"
- "pulseaudio"
- "custom/left-arrow-light"
- "battery"
- "custom/left-arrow-dark"
- "group/hardware"
- "custom/left-arrow-light"
- "clock#2"
- "custom/left-arrow-dark"
- "clock#1"
- ];
}
@@ -4943,21 +5008,40 @@ Laptops are not always plugged in, so they should show a battery icon in Waybar.
This section is mostly used to deliver the correct information to Waybar. AMD systems have changing hwmon paths that can be specifically set here. Also the cpu count can be set here for Waybars cpu module, but 8 is usually a good setting to show
+
+to get the info for the secondary gpu, use `lspci -nn | grep VGA`
+It can be set to either:
+
+
+- a number, selecting the n-th non-default GPU
+- a PCI bus id in the form
pci-XXX_YY_ZZ_U
+- a PCI id in the form
vendor_id:device_id
+
+
{ lib, ... }:
{
- options.swarselsystems.cpuCount = lib.mkOption {
- type = lib.types.int;
- default = 8;
- };
- options.swarselsystems.temperatureHwmon.isAbsolutePath = lib.mkEnableOption "absolute temperature path";
- options.swarselsystems.temperatureHwmon.path = lib.mkOption {
- type = lib.types.str;
- default = "";
- };
- options.swarselsystems.temperatureHwmon.input-filename = lib.mkOption {
- type = lib.types.str;
- default = "";
+ options.swarselsystems = {
+ cpuCount = lib.mkOption {
+ type = lib.types.int;
+ default = 8;
+ };
+ isSecondaryGpu = lib.mkEnableOption "device has a secondary GPU";
+ SecondaryGpuCard = lib.mkOption {
+ type = lib.types.str;
+ default = "";
+ };
+ temperatureHwmon = {
+ isAbsolutePath = lib.mkEnableOption "absolute temperature path";
+ path = lib.mkOption {
+ type = lib.types.str;
+ default = "";
+ };
+ input-filename = lib.mkOption {
+ type = lib.types.str;
+ default = "";
+ };
+ };
};
}
@@ -4981,32 +5065,34 @@ let
generateIcons = n: lib.concatStringsSep " " (builtins.map (x: "{icon" + toString x + "}") (lib.range 0 (n - 1)));
in
{
- options.swarselsystems.cpuString = lib.mkOption {
- type = lib.types.str;
- default = generateIcons config.swarselsystems.cpuCount;
- description = "The generated icons string for use by Waybar.";
- internal = true;
- };
- options.swarselsystems.waybarModules = lib.mkOption {
- type = lib.types.listOf lib.types.str;
- default = [
- "custom/outer-left-arrow-dark"
- "mpris"
- "custom/left-arrow-light"
- "network"
- "custom/vpn"
- "custom/left-arrow-dark"
- "pulseaudio"
- "custom/left-arrow-light"
- "custom/pseudobat"
- "battery"
- "custom/left-arrow-dark"
- "group/hardware"
- "custom/left-arrow-light"
- "clock#2"
- "custom/left-arrow-dark"
- "clock#1"
- ];
+ options.swarselsystems = {
+ cpuString = lib.mkOption {
+ type = lib.types.str;
+ default = generateIcons config.swarselsystems.cpuCount;
+ description = "The generated icons string for use by Waybar.";
+ internal = true;
+ };
+ waybarModules = lib.mkOption {
+ type = lib.types.listOf lib.types.str;
+ default = [
+ "custom/outer-left-arrow-dark"
+ "mpris"
+ "custom/left-arrow-light"
+ "network"
+ "custom/vpn"
+ "custom/left-arrow-dark"
+ "pulseaudio"
+ "custom/left-arrow-light"
+ "custom/pseudobat"
+ "battery"
+ "custom/left-arrow-dark"
+ "group/hardware"
+ "custom/left-arrow-light"
+ "clock#2"
+ "custom/left-arrow-dark"
+ "clock#1"
+ ];
+ };
};
}
@@ -5023,21 +5109,23 @@ This allows me to define my monitors in the machine's default.nix.
{ lib, ... }:
{
- options.swarselsystems.monitors = lib.mkOption {
- type = lib.types.attrsOf (lib.types.attrsOf lib.types.str);
- default = { };
- };
- options.swarselsystems.sharescreen = lib.mkOption {
- type = lib.types.str;
- default = "";
- };
- options.swarselsystems.lowResolution = lib.mkOption {
- type = lib.types.str;
- default = "";
- };
- options.swarselsystems.highResolution = lib.mkOption {
- type = lib.types.str;
- default = "";
+ options.swarselsystems = {
+ monitors = lib.mkOption {
+ type = lib.types.attrsOf (lib.types.attrsOf lib.types.str);
+ default = { };
+ };
+ sharescreen = lib.mkOption {
+ type = lib.types.str;
+ default = "";
+ };
+ lowResolution = lib.mkOption {
+ type = lib.types.str;
+ default = "";
+ };
+ highResolution = lib.mkOption {
+ type = lib.types.str;
+ default = "";
+ };
};
}
@@ -5054,39 +5142,41 @@ This allows me to configure input options. Here, I am globally defining my split
{ lib, config, ... }:
{
- options.swarselsystems.inputs = lib.mkOption {
- type = lib.types.attrsOf (lib.types.attrsOf lib.types.str);
- default = { };
- };
- options.swarselsystems.kyria = lib.mkOption {
- type = lib.types.attrsOf (lib.types.attrsOf lib.types.str);
- default = {
- "36125:53060:splitkb.com_splitkb.com_Kyria_rev3" = {
- xkb_layout = "us";
- xkb_variant = "altgr-intl";
- };
- "7504:24926:Kyria_Keyboard" = {
- xkb_layout = "us";
- xkb_variant = "altgr-intl";
+ options.swarselsystems = {
+ inputs = lib.mkOption {
+ type = lib.types.attrsOf (lib.types.attrsOf lib.types.str);
+ default = { };
+ };
+ kyria = lib.mkOption {
+ type = lib.types.attrsOf (lib.types.attrsOf lib.types.str);
+ default = {
+ "36125:53060:splitkb.com_splitkb.com_Kyria_rev3" = {
+ xkb_layout = "us";
+ xkb_variant = "altgr-intl";
+ };
+ "7504:24926:Kyria_Keyboard" = {
+ xkb_layout = "us";
+ xkb_variant = "altgr-intl";
+ };
};
};
- };
- options.swarselsystems.touchpad = lib.mkOption {
- type = lib.types.attrsOf (lib.types.attrsOf lib.types.str);
- default = { };
- };
- options.swarselsystems.standardinputs = lib.mkOption {
- type = lib.types.attrsOf (lib.types.attrsOf lib.types.str);
- default = lib.recursiveUpdate (lib.recursiveUpdate config.swarselsystems.touchpad config.swarselsystems.kyria) config.swarselsystems.inputs;
- internal = true;
- };
- options.swarselsystems.keybindings = lib.mkOption {
- type = lib.types.attrsOf lib.types.str;
- default = { };
- };
- options.swarselsystems.shellAliases = lib.mkOption {
- type = lib.types.attrsOf lib.types.str;
- default = { };
+ touchpad = lib.mkOption {
+ type = lib.types.attrsOf (lib.types.attrsOf lib.types.str);
+ default = { };
+ };
+ standardinputs = lib.mkOption {
+ type = lib.types.attrsOf (lib.types.attrsOf lib.types.str);
+ default = lib.recursiveUpdate (lib.recursiveUpdate config.swarselsystems.touchpad config.swarselsystems.kyria) config.swarselsystems.inputs;
+ internal = true;
+ };
+ keybindings = lib.mkOption {
+ type = lib.types.attrsOf lib.types.str;
+ default = { };
+ };
+ shellAliases = lib.mkOption {
+ type = lib.types.attrsOf lib.types.str;
+ default = { };
+ };
};
}
@@ -5103,37 +5193,37 @@ These are some extra options that will be used if the machine also runs NixOS. F
{ lib, config, ... }:
{
- options.swarselsystems.flakePath = lib.mkOption {
- type = lib.types.str;
- default = "";
+ options.swarselsystems = {
+ isNixos = lib.mkEnableOption "nixos host";
+ isPublic = lib.mkEnableOption "is a public machine (no secrets)";
+ swayfxConfig = lib.mkOption {
+ type = lib.types.str;
+ default = "
+ blur enable
+ blur_xray disable
+ blur_passes 1
+ blur_radius 1
+ shadows enable
+ corner_radius 2
+ titlebar_separator disable
+ default_dim_inactive 0.02
+ ";
+ internal = true;
+ };
};
- options.swarselsystems.isNixos = lib.mkEnableOption "nixos host";
- options.swarselsystems.isPublic = lib.mkEnableOption "is a public machine (no secrets)";
- config.swarselsystems.startup = lib.mkIf (!config.swarselsystems.isNixos) [
- { command = "sleep 60 && nixGL nextcloud --background"; }
- { command = "sleep 60 && nixGL vesktop --start-minimized -enable-features=UseOzonePlatform -ozone-platform=wayland"; }
- { command = "sleep 60 && nixGL syncthingtray --wait"; }
- { command = "sleep 60 && ANKI_WAYLAND=1 nixGL anki"; }
- { command = "nm-applet --indicator"; }
- { command = "sleep 60 && OBSIDIAN_USE_WAYLAND=1 nixGL obsidian -enable-features=UseOzonePlatform -ozone-platform=wayland"; }
- { command = "sleep 60 && element-desktop --hidden -enable-features=UseOzonePlatform -ozone-platform=wayland --disable-gpu-driver-bug-workarounds"; }
- ];
- options.swarselsystems.swayfxConfig = lib.mkOption {
- type = lib.types.str;
- default = "
- blur enable
- blur_xray disable
- blur_passes 1
- blur_radius 1
- shadows enable
- corner_radius 2
- titlebar_separator disable
- default_dim_inactive 0.02
- ";
- internal = true;
+ config.swarselsystems = {
+ startup = lib.mkIf (!config.swarselsystems.isNixos) [
+ { command = "sleep 60 && nixGL nextcloud --background"; }
+ { command = "sleep 60 && nixGL vesktop --start-minimized -enable-features=UseOzonePlatform -ozone-platform=wayland"; }
+ { command = "sleep 60 && nixGL syncthingtray --wait"; }
+ { command = "sleep 60 && ANKI_WAYLAND=1 nixGL anki"; }
+ { command = "nm-applet --indicator"; }
+ { command = "sleep 60 && OBSIDIAN_USE_WAYLAND=1 nixGL obsidian -enable-features=UseOzonePlatform -ozone-platform=wayland"; }
+ { command = "sleep 60 && element-desktop --hidden -enable-features=UseOzonePlatform -ozone-platform=wayland --disable-gpu-driver-bug-workarounds"; }
+ ];
+ swayfxConfig = lib.mkIf (!config.swarselsystems.isNixos) " ";
};
- config.swarselsystems.swayfxConfig = lib.mkIf (!config.swarselsystems.isNixos) " ";
}
@@ -5149,8 +5239,26 @@ Provides settings related to nix-darwin systems. At the moment, I am only making
{ lib, ... }:
{
- options.swarselsystems.isDarwin = lib.mkEnableOption "darwin host";
- options.swarselsystems.isLinux = lib.mkEnableOption "whether this is a linux machine";
+ options.swarselsystems = {
+ isDarwin = lib.mkEnableOption "darwin host";
+ isLinux = lib.mkEnableOption "whether this is a linux machine";
+ mainUser = lib.mkOption {
+ type = lib.types.str;
+ default = "swarsel";
+ };
+ homeDir = lib.mkOption {
+ type = lib.types.str;
+ default = "/home/swarsel";
+ };
+ xdgDir = lib.mkOption {
+ type = lib.types.str;
+ default = "/run/user/1000";
+ };
+ flakePath = lib.mkOption {
+ type = lib.types.str;
+ default = "/home/swarsel/.dotfiles";
+ };
+ };
}
@@ -5182,17 +5290,19 @@ Do not that syncthingtray is also not mentioned here. It is install
{ lib, ... }:
{
- options.swarselsystems.startup = lib.mkOption {
- type = lib.types.listOf (lib.types.attrsOf lib.types.str);
- default = [
- { command = "nextcloud --background"; }
- { command = "vesktop --start-minimized --enable-speech-dispatcher --ozone-platform-hint=auto --enable-features=WaylandWindowDecorations --enable-wayland-ime"; }
- { command = "element-desktop --hidden --enable-features=UseOzonePlatform --ozone-platform=wayland --disable-gpu-driver-bug-workarounds"; }
- { command = "ANKI_WAYLAND=1 anki"; }
- { command = "OBSIDIAN_USE_WAYLAND=1 obsidian"; }
- { command = "nm-applet"; }
- { command = "feishin"; }
- ];
+ options.swarselsystems = {
+ startup = lib.mkOption {
+ type = lib.types.listOf (lib.types.attrsOf lib.types.str);
+ default = [
+ { command = "nextcloud --background"; }
+ { command = "vesktop --start-minimized --enable-speech-dispatcher --ozone-platform-hint=auto --enable-features=WaylandWindowDecorations --enable-wayland-ime"; }
+ { command = "element-desktop --hidden --enable-features=UseOzonePlatform --ozone-platform=wayland --disable-gpu-driver-bug-workarounds"; }
+ { command = "ANKI_WAYLAND=1 anki"; }
+ { command = "OBSIDIAN_USE_WAYLAND=1 obsidian"; }
+ { command = "nm-applet"; }
+ { command = "feishin"; }
+ ];
+ };
};
}
@@ -5209,9 +5319,11 @@ Again, I set the wallpaper here for stylix.
{ self, lib, ... }:
{
- options.swarselsystems.wallpaper = lib.mkOption {
- type = lib.types.path;
- default = self + /wallpaper/lenovowp.png;
+ options.swarselsystems = {
+ wallpaper = lib.mkOption {
+ type = lib.types.path;
+ default = self + /wallpaper/lenovowp.png;
+ };
};
}
@@ -5229,7 +5341,9 @@ Another duplicated option for the filesystem.
{ lib, ... }:
{
- options.swarselsystems.isBtrfs = lib.mkEnableOption "use btrfs filesystem";
+ options.swarselsystems = {
+ isBtrfs = lib.mkEnableOption "use btrfs filesystem";
+ };
}
@@ -5256,201 +5370,204 @@ let
};
in
{
- options.swarselsystems.firefox = lib.mkOption {
- type = lib.types.attrs;
- default = {
- isDefault = false;
- userChrome = builtins.readFile "${self}/programs/firefox/chrome/userChrome.css";
- extensions = {
- packages = with pkgs.nur.repos.rycee.firefox-addons; [
- tridactyl
- tampermonkey
- sidebery
- browserpass
- clearurls
- darkreader
- enhancer-for-youtube
- istilldontcareaboutcookies
- translate-web-pages
- ublock-origin
- reddit-enhancement-suite
- sponsorblock
- web-archives
- onepassword-password-manager
- single-file
- widegithub
- enhanced-github
- unpaywall
- don-t-fuck-with-paste
- plasma-integration
- (buildFirefoxXpiAddon {
- pname = "shortkeys";
- version = "4.0.2";
- addonId = "Shortkeys@Shortkeys.com";
- url = "https://addons.mozilla.org/firefox/downloads/file/3673761/shortkeys-4.0.2.xpi";
- sha256 = "c6fe12efdd7a871787ac4526eea79ecc1acda8a99724aa2a2a55c88a9acf467c";
- meta = with lib;
- {
- description = "Easily customizable custom keyboard shortcuts for Firefox. To configure this addon go to Addons (ctrl+shift+a) ->Shortkeys ->Options. Report issues here (please specify that the issue is found in Firefox): https://github.com/mikecrittenden/shortkeys";
- mozPermissions = [
- "tabs"
- "downloads"
- "clipboardWrite"
- "browsingData"
- "storage"
- "bookmarks"
- "sessions"
- "<all_urls>"
+ options.swarselsystems = {
+ firefox = lib.mkOption {
+ type = lib.types.attrs;
+ default = {
+ isDefault = false;
+ userChrome = builtins.readFile "${self}/programs/firefox/chrome/userChrome.css";
+ extensions = {
+ packages = with pkgs.nur.repos.rycee.firefox-addons; [
+ tridactyl
+ tampermonkey
+ sidebery
+ browserpass
+ clearurls
+ darkreader
+ enhancer-for-youtube
+ istilldontcareaboutcookies
+ translate-web-pages
+ ublock-origin
+ reddit-enhancement-suite
+ sponsorblock
+ web-archives
+ onepassword-password-manager
+ single-file
+ widegithub
+ enhanced-github
+ unpaywall
+ don-t-fuck-with-paste
+ plasma-integration
+ (buildFirefoxXpiAddon {
+ pname = "shortkeys";
+ version = "4.0.2";
+ addonId = "Shortkeys@Shortkeys.com";
+ url = "https://addons.mozilla.org/firefox/downloads/file/3673761/shortkeys-4.0.2.xpi";
+ sha256 = "c6fe12efdd7a871787ac4526eea79ecc1acda8a99724aa2a2a55c88a9acf467c";
+ meta = with lib;
+ {
+ description = "Easily customizable custom keyboard shortcuts for Firefox. To configure this addon go to Addons (ctrl+shift+a) ->Shortkeys ->Options. Report issues here (please specify that the issue is found in Firefox): https://github.com/mikecrittenden/shortkeys";
+ mozPermissions = [
+ "tabs"
+ "downloads"
+ "clipboardWrite"
+ "browsingData"
+ "storage"
+ "bookmarks"
+ "sessions"
+ "<all_urls>"
+ ];
+ platforms = platforms.all;
+ };
+ })
+ ];
+ };
+
+ settings =
+ {
+ "extensions.autoDisableScopes" = 0;
+ "browser.bookmarks.showMobileBookmarks" = lock-true;
+ "toolkit.legacyUserProfileCustomizations.stylesheets" = lock-true;
+ "browser.search.suggest.enabled" = lock-false;
+ "browser.search.suggest.enabled.private" = lock-false;
+ "browser.urlbar.suggest.searches" = lock-false;
+ "browser.urlbar.showSearchSuggestionsFirst" = lock-false;
+ "browser.topsites.contile.enabled" = lock-false;
+ "browser.newtabpage.activity-stream.feeds.section.topstories" = lock-false;
+ "browser.newtabpage.activity-stream.feeds.snippets" = lock-false;
+ "browser.newtabpage.activity-stream.section.highlights.includePocket" = lock-false;
+ "browser.newtabpage.activity-stream.section.highlights.includeBookmarks" = lock-false;
+ "browser.newtabpage.activity-stream.section.highlights.includeDownloads" = lock-false;
+ "browser.newtabpage.activity-stream.section.highlights.includeVisited" = lock-false;
+ "browser.newtabpage.activity-stream.showSponsored" = lock-false;
+ "browser.newtabpage.activity-stream.system.showSponsored" = lock-false;
+ "browser.newtabpage.activity-stream.showSponsoredTopSites" = lock-false;
+ };
+
+ search = {
+ default = "Kagi";
+ privateDefault = "Kagi";
+ engines = {
+ "Kagi" = {
+ urls = [{
+ template = "https://kagi.com/search";
+ params = [
+ { name = "q"; value = "{searchTerms}"; }
];
- platforms = platforms.all;
- };
- })
- ];
- };
+ }];
+ iconUpdateURL = "https://kagi.com/favicon.ico";
+ updateInterval = 24 * 60 * 60 * 1000; # every day
+ definedAliases = [ "@k" ];
+ };
- settings =
- {
- "extensions.autoDisableScopes" = 0;
- "browser.bookmarks.showMobileBookmarks" = lock-true;
- "toolkit.legacyUserProfileCustomizations.stylesheets" = lock-true;
- "browser.search.suggest.enabled" = lock-false;
- "browser.search.suggest.enabled.private" = lock-false;
- "browser.urlbar.suggest.searches" = lock-false;
- "browser.urlbar.showSearchSuggestionsFirst" = lock-false;
- "browser.topsites.contile.enabled" = lock-false;
- "browser.newtabpage.activity-stream.feeds.section.topstories" = lock-false;
- "browser.newtabpage.activity-stream.feeds.snippets" = lock-false;
- "browser.newtabpage.activity-stream.section.highlights.includePocket" = lock-false;
- "browser.newtabpage.activity-stream.section.highlights.includeBookmarks" = lock-false;
- "browser.newtabpage.activity-stream.section.highlights.includeDownloads" = lock-false;
- "browser.newtabpage.activity-stream.section.highlights.includeVisited" = lock-false;
- "browser.newtabpage.activity-stream.showSponsored" = lock-false;
- "browser.newtabpage.activity-stream.system.showSponsored" = lock-false;
- "browser.newtabpage.activity-stream.showSponsoredTopSites" = lock-false;
+ "Nix Packages" = {
+ urls = [{
+ template = "https://search.nixos.org/packages";
+ params = [
+ { name = "type"; value = "packages"; }
+ { name = "query"; value = "{searchTerms}"; }
+ ];
+ }];
+ icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg";
+ definedAliases = [ "@np" ];
+ };
+
+ "NixOS Wiki" = {
+ urls = [{
+ template = "https://nixos.wiki/index.php?search={searchTerms}";
+ }];
+ iconUpdateURL = "https://nixos.wiki/favicon.png";
+ updateInterval = 24 * 60 * 60 * 1000; # every day
+ definedAliases = [ "@nw" ];
+ };
+
+ "NixOS Options" = {
+ urls = [{
+ template = "https://search.nixos.org/options";
+ params = [
+ { name = "query"; value = "{searchTerms}"; }
+ ];
+ }];
+
+ icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg";
+ definedAliases = [ "@no" ];
+ };
+
+ "Home Manager Options" = {
+ urls = [{
+ template = "https://home-manager-options.extranix.com/";
+ params = [
+ { name = "query"; value = "{searchTerms}"; }
+ ];
+ }];
+
+ icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg";
+ definedAliases = [ "@hm" "@ho" "@hmo" ];
+ };
+
+ "Google".metaData.alias = "@g";
+ };
+ force = true; # this is required because otherwise the search.json.mozlz4 symlink gets replaced on every firefox restart
};
-
- search = {
- default = "Kagi";
- privateDefault = "Kagi";
- engines = {
- "Kagi" = {
- urls = [{
- template = "https://kagi.com/search";
- params = [
- { name = "q"; value = "{searchTerms}"; }
- ];
- }];
- iconUpdateURL = "https://kagi.com/favicon.ico";
- updateInterval = 24 * 60 * 60 * 1000; # every day
- definedAliases = [ "@k" ];
- };
-
- "Nix Packages" = {
- urls = [{
- template = "https://search.nixos.org/packages";
- params = [
- { name = "type"; value = "packages"; }
- { name = "query"; value = "{searchTerms}"; }
- ];
- }];
- icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg";
- definedAliases = [ "@np" ];
- };
-
- "NixOS Wiki" = {
- urls = [{
- template = "https://nixos.wiki/index.php?search={searchTerms}";
- }];
- iconUpdateURL = "https://nixos.wiki/favicon.png";
- updateInterval = 24 * 60 * 60 * 1000; # every day
- definedAliases = [ "@nw" ];
- };
-
- "NixOS Options" = {
- urls = [{
- template = "https://search.nixos.org/options";
- params = [
- { name = "query"; value = "{searchTerms}"; }
- ];
- }];
-
- icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg";
- definedAliases = [ "@no" ];
- };
-
- "Home Manager Options" = {
- urls = [{
- template = "https://home-manager-options.extranix.com/";
- params = [
- { name = "query"; value = "{searchTerms}"; }
- ];
- }];
-
- icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg";
- definedAliases = [ "@hm" "@ho" "@hmo" ];
- };
-
- "Google".metaData.alias = "@g";
- };
- force = true; # this is required because otherwise the search.json.mozlz4 symlink gets replaced on every firefox restart
};
};
};
-
}
-
-3.2.3.2.12. stylix
-
+
+3.2.3.2.12. stylix
+
{ self, lib, pkgs, ... }:
{
- options.swarselsystems.stylix = lib.mkOption {
- type = lib.types.attrs;
- default = {
- enable = true;
- base16Scheme = "${self}/programs/stylix/swarsel.yaml";
- polarity = "dark";
- opacity.popups = 0.5;
- cursor = {
- package = pkgs.banana-cursor;
- # package = pkgs.capitaine-cursors;
- name = "Banana";
- # name = "capitaine-cursors";
- size = 16;
- };
- fonts = {
- sizes = {
- terminal = 10;
- applications = 11;
+ options.swarselsystems = {
+ stylix = lib.mkOption {
+ type = lib.types.attrs;
+ default = {
+ enable = true;
+ base16Scheme = "${self}/programs/stylix/swarsel.yaml";
+ polarity = "dark";
+ opacity.popups = 0.5;
+ cursor = {
+ package = pkgs.banana-cursor;
+ # package = pkgs.capitaine-cursors;
+ name = "Banana";
+ # name = "capitaine-cursors";
+ size = 16;
};
- serif = {
- # package = (pkgs.nerdfonts.override { fonts = [ "FiraMono" "FiraCode"]; });
- package = pkgs.cantarell-fonts;
- # package = pkgs.montserrat;
- name = "Cantarell";
- # name = "FiraCode Nerd Font Propo";
- # name = "Montserrat";
- };
- sansSerif = {
- # package = (pkgs.nerdfonts.override { fonts = [ "FiraMono" "FiraCode"]; });
- package = pkgs.cantarell-fonts;
- # package = pkgs.montserrat;
- name = "Cantarell";
- # name = "FiraCode Nerd Font Propo";
- # name = "Montserrat";
- };
- monospace = {
- package = pkgs.nerd-fonts.fira-mono; # has overrides
- name = "FiraCode Nerd Font Mono";
- };
- emoji = {
- package = pkgs.noto-fonts-emoji;
- name = "Noto Color Emoji";
+ fonts = {
+ sizes = {
+ terminal = 10;
+ applications = 11;
+ };
+ serif = {
+ # package = (pkgs.nerdfonts.override { fonts = [ "FiraMono" "FiraCode"]; });
+ package = pkgs.cantarell-fonts;
+ # package = pkgs.montserrat;
+ name = "Cantarell";
+ # name = "FiraCode Nerd Font Propo";
+ # name = "Montserrat";
+ };
+ sansSerif = {
+ # package = (pkgs.nerdfonts.override { fonts = [ "FiraMono" "FiraCode"]; });
+ package = pkgs.cantarell-fonts;
+ # package = pkgs.montserrat;
+ name = "Cantarell";
+ # name = "FiraCode Nerd Font Propo";
+ # name = "Montserrat";
+ };
+ monospace = {
+ package = pkgs.nerd-fonts.fira-mono; # has overrides
+ name = "FiraCode Nerd Font Mono";
+ };
+ emoji = {
+ package = pkgs.noto-fonts-emoji;
+ name = "Noto Color Emoji";
+ };
};
};
};
@@ -5492,6 +5609,10 @@ TODO
{ self, lib, systems, inputs, outputs, ... }:
+let
+ linuxUser = "swarsel";
+ macUser = "leon.schwarzaeugl";
+in
{
mkIfElseList = p: yes: no: lib.mkMerge [
@@ -5515,6 +5636,8 @@ TODO
}
);
+ getSecret = filename: lib.strings.trim (builtins.readFile "${filename}");
+
forEachSystem = f: lib.genAttrs (import systems) (system: f lib.swarselsystems.pkgsFor.${system});
mkFullHost = host: type: {
@@ -5531,6 +5654,9 @@ TODO
inputs.impermanence.nixosModules.impermanence
inputs.lanzaboote.nixosModules.lanzaboote
"${self}/hosts/${type}/${host}"
+ {
+ _module.args.primaryUser = linuxUser;
+ }
] ++
(if (host == "toto" || host == "iso") then [ ] else
([
@@ -5545,7 +5671,7 @@ TODO
]) ++ (if (type == "nixos") then [
inputs.home-manager.nixosModules.home-manager
{
- home-manager.users.swarsel.imports = (
+ home-manager.users."${linuxUser}".imports = (
if (host == "winters" || host == "sync") then [ ] else [
# put home-manager imports here that are for all normal hosts
"${self}/profiles/home/common"
@@ -5561,7 +5687,7 @@ TODO
"${self}/profiles/darwin/nixos/common"
inputs.home-manager.darwinModules.home-manager
{
- home-manager.users."leon.schwarzaeugl".imports = [
+ home-manager.users."${macUser}".imports = [
# put home-manager imports here that are for darwin hosts
"${self}/profiles/darwin/home"
] ++ (builtins.attrValues outputs.homeModules);
@@ -5750,7 +5876,7 @@ A breakdown of the flags being set:
"cgroups"
"pipe-operators"
];
- trusted-users = [ "@wheel" "swarsel" ];
+ trusted-users = [ "@wheel" "${config.swarselsystems.mainUser}" ];
connect-timeout = 5;
bash-prompt-prefix = "[33m$SHLVL:\\w [0m";
bash-prompt = "$(if [[ $? -gt 0 ]]; then printf \"[31m\"; else printf \"[32m\"; fi)\[\e[1m\]λ\[\e[0m\] [0m";
@@ -5808,6 +5934,7 @@ Mostly used to install some compilers and lsp's that I want to have available wh
dbus
swaylock-effects
syncthingtray-minimal
+ wl-mirror
# secure boot
sbctl
@@ -5824,9 +5951,15 @@ Mostly used to install some compilers and lsp's that I want to have available wh
# proc info
acpi
+ # pci info
+ pciutils
+ usbutils
+
# better make for general tasks
just
+ screenshare
+
# keyboards
qmk
vial
@@ -5904,7 +6037,7 @@ Mostly used to install some compilers and lsp's that I want to have available wh
-3.3.1.4. Setup home-manager
+3.3.1.4. Setup home-manager base
We enable the use of home-manager as a NixoS module. A nice trick here is the extraSpecialArgs = inputs line, which enables the use of seflf in most parts of the configuration. This is useful to refer to the root of the flake (which is otherwise quite hard while maintaining flake purity).
@@ -5916,7 +6049,25 @@ We enable the use of home-manager as a NixoS module. A nice trick h
home-manager = lib.mkIf config.swarselsystems.withHomeManager {
useGlobalPkgs = true;
useUserPackages = true;
- extraSpecialArgs = inputs; # used mainly for inputs.self
+ extraSpecialArgs = { inherit (inputs) self; };
+ };
+}
+
+
+
+
+
+3.3.1.5. Setup home-manager specialArgs
+
+
+This sets up the nix-secrets extraSpeciaArgs. This should not be present on the chaostheatre configuration, which is why I split this section into its own file, which makes removal easier when setting that system up.
+
+
+
+{ inputs, config, lib, ... }:
+{
+ home-manager = lib.mkIf config.swarselsystems.withHomeManager {
+ extraSpecialArgs = { inherit (inputs) nix-secrets nixgl; };
};
}
@@ -5924,7 +6075,7 @@ We enable the use of home-manager as a NixoS module. A nice trick h
-3.3.1.5. Setup login keymap
+3.3.1.6. Setup login keymap
Next, we setup the keymap in case we are not in a graphical session. At this point, I always resort to us/altgr-intl, as it is comfortable to use and I do not write too much German anyways.
@@ -5945,7 +6096,7 @@ Next, we setup the keymap in case we are not in a graphical session. At this poi
-3.3.1.6. User setup, Make users non-mutable
+3.3.1.7. User setup, Make users non-mutable
This ensures that all user-configuration happens here in the config file.
@@ -5963,7 +6114,7 @@ For that reason, make sure that sops-nix is properly working before
users = {
mutableUsers = lib.mkIf (!config.swarselsystems.initialSetup) false;
- users.swarsel = {
+ users."${config.swarselsystems.mainUser}" = {
isNormalUser = true;
description = "Leon S";
password = lib.mkIf config.swarselsystems.initialSetup "setup";
@@ -5978,7 +6129,7 @@ For that reason, make sure that sops-nix is properly working before
-3.3.1.7. Environment setup
+3.3.1.8. Environment setup
Next, we will setup some environment variables that need to be set on the system-side. We apply some compatibility options for chromium apps on wayland, enable the wordlist and make metadata reading possible for my file explorer (nautilus).
@@ -6006,7 +6157,7 @@ Next, we will setup some environment variables that need to be set on the system
-3.3.1.8. Security
+3.3.1.9. Security
Needed for control over system-wide privileges etc. Also I make sure that the root user has access to SSH_AUTH_SOCK (without this, root will not be able to read my nix-secrets repository).
@@ -6016,17 +6167,19 @@ Needed for control over system-wide privileges etc. Also I make sure that the ro
_:
{
- security.pam.services = {
- login.u2fAuth = true;
- sudo.u2fAuth = true;
- swaylock.u2fAuth = true;
- swaylock.fprintAuth = false;
- };
- security.polkit.enable = true;
+ security = {
+ pam.services = {
+ login.u2fAuth = true;
+ sudo.u2fAuth = true;
+ swaylock.u2fAuth = true;
+ swaylock.fprintAuth = false;
+ };
+ polkit.enable = true;
- security.sudo.extraConfig = ''
- Defaults env_keep+=SSH_AUTH_SOCK
- '';
+ sudo.extraConfig = ''
+ Defaults env_keep+=SSH_AUTH_SOCK
+ '';
+ };
}
@@ -6034,7 +6187,7 @@ Needed for control over system-wide privileges etc. Also I make sure that the ro
-3.3.1.9. Enable automatic garbage collection
+3.3.1.10. Enable automatic garbage collection
The nix store fills up over time, until /boot/efi is filled. This snippet cleans it automatically on a weekly basis.
@@ -6055,7 +6208,7 @@ The nix store fills up over time, until /boot/efi is filled. This s
-3.3.1.10. Enable automatic store optimisation
+3.3.1.11. Enable automatic store optimisation
This enables hardlinking identical files in the nix store, to save on disk space. I have read this incurs a significant I/O overhead, I need to keep an eye on this.
@@ -6075,7 +6228,7 @@ This enables hardlinking identical files in the nix store, to save on disk space
-3.3.1.11. Reduce systemd timeouts
+3.3.1.12. Reduce systemd timeouts
There is a persistent bug over Linux kernels that makes the user wait 1m30s on system shutdown due to the reason a stop job is running for session 1 of user .... I do not want to wait that long and am confident no important data is lost by doing this.
@@ -6095,7 +6248,7 @@ There is a persistent bug over Linux kernels that makes the user wait 1m30s on s
-3.3.1.12. Hardware settings
+3.3.1.13. Hardware settings
Enable OpenGL, Sound, Bluetooth and various drivers.
@@ -6140,9 +6293,9 @@ Enable OpenGL, Sound, Bluetooth and various drivers.
-
-3.3.1.13. Pulseaudio
-
+
+3.3.1.14. Pulseaudio
+
This is only used on systems not running Pipewire.
@@ -6162,7 +6315,7 @@ This is only used on systems not running Pipewire.
-3.3.1.14. Pipewire
+3.3.1.15. Pipewire
Pipewire handles communication on Wayland. This enables several sound tools as well as screen sharing in combinaton with xdg-desktop-portal-wlr.
@@ -6189,7 +6342,7 @@ Pipewire handles communication on Wayland. This enables several sound tools as w
-3.3.1.15. Common network settings
+3.3.1.16. Common network settings
Here I only enable networkmanager and a few default networks. The rest of the network config is done separately in System specific configuration.
@@ -6423,7 +6576,7 @@ Here I only enable networkmanager and a few default networks. The r
proxy = { };
wifi = {
mode = "ap";
- ssid = "Hotspot-swarsel";
+ ssid = "Hotspot-${config.swarselsystems.mainUser}";
};
wifi-security = {
group = "ccmp;";
@@ -6446,7 +6599,7 @@ Here I only enable networkmanager and a few default networks. The r
-3.3.1.16. Time, locale settings
+3.3.1.17. Time, locale settings
Setup timezone and locale. I want to use the US layout, but have the rest adapted to my country and timezone. Also, there is an issue with running Windows/Linux dualboot on the same machine where the hardware clock desyncs between the two OS'es. We fix that bug here as well.
@@ -6480,7 +6633,7 @@ Setup timezone and locale. I want to use the US layout, but have the rest adapte
-3.3.1.17. sops
+3.3.1.18. sops
I use sops-nix to handle secrets that I want to have available on my machines at all times. Procedure to add a new machine:
@@ -6497,12 +6650,13 @@ I use sops-nix to handle secrets that I want to have available on my machines at
{ self, config, lib, ... }:
let
certsSopsFile = self + /secrets/certs/secrets.yaml;
+ inherit (config.swarselsystems) mainUser homeDir;
in
{
sops = lib.mkIf (!config.swarselsystems.isPublic) {
- age.sshKeyPaths = lib.swarselsystems.mkIfElseList config.swarselsystems.isBtrfs [ "/persist/.ssh/sops" "/persist/.ssh/ssh_host_ed25519_key" ] [ "${config.users.users.swarsel.home}/.ssh/sops" "/etc/ssh/ssh_host_ed25519_key" ];
- defaultSopsFile = lib.swarselsystems.mkIfElseList config.swarselsystems.isBtrfs "/persist/.dotfiles/secrets/general/secrets.yaml" "${config.users.users.swarsel.home}/.dotfiles/secrets/general/secrets.yaml";
+ age.sshKeyPaths = lib.swarselsystems.mkIfElseList config.swarselsystems.isBtrfs [ "/persist/.ssh/sops" "/persist/.ssh/ssh_host_ed25519_key" ] [ "${homeDir}/.ssh/sops" "/etc/ssh/ssh_host_ed25519_key" ];
+ defaultSopsFile = lib.swarselsystems.mkIfElseList config.swarselsystems.isBtrfs "/persist/.dotfiles/secrets/general/secrets.yaml" "${homeDir}/.dotfiles/secrets/general/secrets.yaml";
validateSopsFiles = false;
@@ -6524,8 +6678,8 @@ in
githubforgepass = { };
gitlabforgeuser = { };
gitlabforgepass = { };
- "sweden-aes-128-cbc-udp-dns-crl-verify.pem" = { sopsFile = certsSopsFile; owner = "swarsel"; };
- "sweden-aes-128-cbc-udp-dns-ca.pem" = { sopsFile = certsSopsFile; owner = "swarsel"; };
+ "sweden-aes-128-cbc-udp-dns-crl-verify.pem" = { sopsFile = certsSopsFile; owner = mainUser; };
+ "sweden-aes-128-cbc-udp-dns-ca.pem" = { sopsFile = certsSopsFile; owner = mainUser; };
};
templates = {
"network-manager.env".content = ''
@@ -6541,15 +6695,6 @@ in
WIREGUARDPUB=${config.sops.placeholder.wireguardpub}
WIREGUARDENDPOINT=${config.sops.placeholder.wireguardendpoint}
'';
- # ".authinfo" = {
- # owner = "swarsel";
- # path = "${config.users.users.swarsel.home}/.emacs.d/.authinfo";
- # content = ''
- # machine stash.swarsel.win:443 port https login ${config.sops.placeholder.stashuser} password ${config.sops.placeholder.stashpass}
- # machine gitlab.com/api/v4 login ${config.sops.placeholder.githubforgeuser} password ${config.sops.placeholder.githubforgepass}
- # machine api.github.com login ${config.sops.placeholder.gitlabforgeuser} password ${config.sops.placeholder.gitlabforgepass}
- # '';
- # };
};
};
}
@@ -6558,7 +6703,7 @@ in
-3.3.1.18. Theme (stylix)
+3.3.1.19. Theme (stylix)
By default, stylix wants to style GRUB as well. However, I think that looks horrible.
@@ -6574,11 +6719,13 @@ By default, stylix wants to style
image = config.swarselsystems.wallpaper;
}
config.swarselsystems.stylix;
- home-manager.users.swarsel = {
+ home-manager.users."${config.swarselsystems.mainUser}" = {
stylix = {
targets = {
emacs.enable = false;
waybar.enable = false;
+ sway.useWallpaper = false;
+ firefox.profileNames = [ "default" ];
};
};
};
@@ -6588,7 +6735,7 @@ By default, stylix wants to style
-3.3.1.19. Programs (including zsh setup)
+3.3.1.20. Programs (including zsh setup)
Some programs profit from being installed through dedicated NixOS settings on system-level; these go here. Notably the zsh setup goes here and cannot be deleted under any circumstances.
@@ -6607,7 +6754,7 @@ Some programs profit from being installed through dedicated NixOS settings on sy
-3.3.1.19.1. zsh
+3.3.1.20.1. zsh
Do not touch this.
@@ -6626,16 +6773,19 @@ Do not touch this.
-3.3.1.19.2. syncthing
+3.3.1.20.2. syncthing
-{ lib, ... }:
+{ lib, config, ... }:
+let
+ inherit (config.swarselsystems) mainUser homeDir;
+in
{
services.syncthing = {
enable = true;
- user = "swarsel";
- dataDir = "/home/swarsel";
- configDir = "/home/swarsel/.config/syncthing";
+ user = mainUser;
+ dataDir = homeDir;
+ configDir = "${homeDir}/.config/syncthing";
openDefaultPorts = true;
settings = {
devices = {
@@ -6651,27 +6801,27 @@ Do not touch this.
};
folders = {
"Default Folder" = lib.mkDefault {
- path = "/home/swarsel/Sync";
+ path = "${homeDir}/Sync";
devices = [ "sync (@oracle)" "magicant" "winters" ];
id = "default";
};
"Obsidian" = {
- path = "/home/swarsel/Nextcloud/Obsidian";
+ path = "${homeDir}/Nextcloud/Obsidian";
devices = [ "sync (@oracle)" "magicant" "winters" ];
id = "yjvni-9eaa7";
};
"Org" = {
- path = "/home/swarsel/Nextcloud/Org";
+ path = "${homeDir}/Nextcloud/Org";
devices = [ "sync (@oracle)" "magicant" "winters" ];
id = "a7xnl-zjj3d";
};
"Vpn" = {
- path = "/home/swarsel/Vpn";
+ path = "${homeDir}/Vpn";
devices = [ "sync (@oracle)" "magicant" "winters" ];
id = "hgp9s-fyq3p";
};
".elfeed" = {
- path = "/home/swarsel/.elfeed";
+ path = "${homeDir}/.elfeed";
devices = [ "sync (@oracle)" "magicant" "winters" ];
id = "h7xbs-fs9v1";
};
@@ -6685,14 +6835,14 @@ Do not touch this.
-3.3.1.20. Services
+3.3.1.21. Services
Setting up some hardware services as well as keyboard related settings. Here we make sure that we can use the CAPS key as a ESC/CTRL double key, which is a lifesaver.
-3.3.1.20.1. blueman
+3.3.1.21.1. blueman
Enables the blueman service including the nice system tray icon.
@@ -6709,7 +6859,7 @@ Enables the blueman service including the nice system tray icon.
-3.3.1.20.2. Network devices
+3.3.1.21.2. Network devices
In this section we enable compatibility with several network devices I have at home, mainly printers and scanners.
@@ -6757,7 +6907,7 @@ Avahi is the service used for the network discovery.
-3.3.1.20.3. enable GVfs
+3.3.1.21.3. enable GVfs
This is being set to allow myself to use all functions of nautilus in NixOS
@@ -6773,7 +6923,7 @@ This is being set to allow myself to use all functions of nautilus in NixOS
-3.3.1.20.4. interception-tools: Make CAPS work as ESC/CTRL
+3.3.1.21.4. interception-tools: Make CAPS work as ESC/CTRL
This is a super-convenient package that lets my remap my CAPS key to ESC if pressed shortly, and CTRL if being held.
@@ -6814,7 +6964,7 @@ This is a super-convenient package that lets my remap my CAPS key t
-3.3.1.20.5. power-profiles-daemon
+3.3.1.21.5. power-profiles-daemon
This enables power profile management. The available modes are:
@@ -6841,7 +6991,7 @@ Most of the time I am using power-saver, however, it is good to be
-3.3.1.21. Hardware compatibility settings (Yubikey, Ledger, Keyboards) - udev rules
+3.3.1.22. Hardware compatibility settings (Yubikey, Ledger, Keyboards) - udev rules
It makes sense to house these settings in their own section, since they are all needed really. Note that the starting of the gpg-agent is done in the sway settings, to also perform this step of the setup for non NixOS-machines at the same time.
@@ -6881,7 +7031,7 @@ Also, this is a good place to setup the udev rules.
-3.3.1.22. System Login
+3.3.1.23. System Login
This section houses the greetd related settings. I do not really want to use a display manager, but it is useful to have setup in some ways - in my case for starting sway on system startup. Notably the default user login setting that is commented out here goes into the system specific settings, make sure to update it there
@@ -6894,7 +7044,6 @@ This section houses the greetd related settings. I do not really want to use a d
enable = true;
settings = {
initial_session.command = "sway";
- # initial_session.user ="swarsel";
default_session.command = ''
${pkgs.greetd.tuigreet}/bin/tuigreet \
--time \
@@ -6914,7 +7063,7 @@ This section houses the greetd related settings. I do not really want to use a d
-3.3.1.23. nix-ld
+3.3.1.24. nix-ld
This provides libraries for binaries that are not patched for use on NixOS. This really makes the biggest gripe with NixOS go away, that being having to run a binary that is only found in a single spot. It is most of the times possible to patch such a file, but this makes such a situation take much less time to resolve.
@@ -7044,7 +7193,7 @@ When a program does not work, start with nix-ldd <program>. T
-3.3.1.24. Impermanence
+3.3.1.25. Impermanence
This is where the impermanence magic happens. When this is enabled, the root directory is rolled back to a blanket state on each reboot.
@@ -7058,10 +7207,11 @@ Normally, doing that also resets the lecture that happens on the first use of { config, lib, ... }:
let
mapperTarget = lib.swarselsystems.mkIfElse config.swarselsystems.isCrypted "/dev/mapper/cryptroot" "/dev/disk/by-label/nixos";
+ inherit (config.swarselsystems) homeDir isImpermanence isCrypted;
in
{
- security.sudo.extraConfig = lib.mkIf config.swarselsystems.isImpermanence ''
+ security.sudo.extraConfig = lib.mkIf isImpermanence ''
# rollback results in sudo lectures after each reboot
Defaults lecture = never
'';
@@ -7070,15 +7220,15 @@ in
# So if it doesn't run, the btrfs system effectively acts like a normal system
# Taken from https://github.com/NotAShelf/nyx/blob/2a8273ed3f11a4b4ca027a68405d9eb35eba567b/modules/core/common/system/impermanence/default.nix
- boot.initrd.systemd.enable = lib.mkIf config.swarselsystems.isImpermanence true;
+ boot.initrd.systemd.enable = lib.mkIf isImpermanence true;
- boot.initrd.systemd.services.rollback = lib.mkIf config.swarselsystems.isImpermanence {
+ boot.initrd.systemd.services.rollback = lib.mkIf isImpermanence {
description = "Rollback BTRFS root subvolume to a pristine state";
wantedBy = [ "initrd.target" ];
# make sure it's done after encryption
# i.e. LUKS/TPM process
- after = lib.swarselsystems.mkIfElseList config.swarselsystems.isCrypted [ "systemd-cryptsetup@cryptroot.service" ] [ "dev-disk-by\\x2dlabel-nixos.device" ];
- requires = lib.mkIf (!config.swarselsystems.isCrypted) [ "dev-disk-by\\x2dlabel-nixos.device" ];
+ after = lib.swarselsystems.mkIfElseList isCrypted [ "systemd-cryptsetup@cryptroot.service" ] [ "dev-disk-by\\x2dlabel-nixos.device" ];
+ requires = lib.mkIf (!isCrypted) [ "dev-disk-by\\x2dlabel-nixos.device" ];
# mount the root fs before clearing
before = [ "sysroot.mount" ];
unitConfig.DefaultDependencies = "no";
@@ -7120,7 +7270,7 @@ in
};
- environment.persistence."/persist" = lib.mkIf config.swarselsystems.isImpermanence {
+ environment.persistence."/persist" = lib.mkIf isImpermanence {
hideMounts = true;
directories =
[
@@ -7130,7 +7280,7 @@ in
"/etc/nix"
"/etc/NetworkManager/system-connections"
# "/etc/secureboot"
- "/home/swarsel/.dotfiles"
+ "${homeDir}/.dotfiles"
"/var/db/sudo"
"/var/cache"
"/var/lib"
@@ -7150,7 +7300,7 @@ in
-3.3.1.25. Summary of nixos-rebuild diff
+3.3.1.26. Summary of nixos-rebuild diff
This snipped is added to the activation script that is run after every rebuild and shows what packages have been added and removed. This is actually not the optimal place to add that snipped, but the correct spot is in some perl file that I have not had the leisure to take a look at yet.
@@ -7172,7 +7322,7 @@ This snipped is added to the activation script that is run after every rebuild a
-3.3.1.26. gnome-keyring
+3.3.1.27. gnome-keyring
Used for storing sessions in e.g. Nextcloud. Using this on a system level keeps the login information when logging out of the session as well.
@@ -7192,7 +7342,7 @@ Used for storing sessions in e.g. Nextcloud. Using this on a system level keeps
-3.3.1.27. Sway
+3.3.1.28. Sway
This is used to better integrate Sway into the system on NixOS hosts. On the home-manager side, the package attribute will be null for such an host, using the systems derivation instead.
@@ -7227,7 +7377,7 @@ This is used to better integrate Sway into the system on NixOS hosts. On the hom
-3.3.1.28. xdg-portal
+3.3.1.29. xdg-portal
This allows me to use screen sharing on Wayland. The implementation is a bit crude and only the whole screen can be shared. However, most of the time that is all I need to do anyways.
@@ -7258,7 +7408,7 @@ This allows me to use screen sharing on Wayland. The implementation is a bit cru
-3.3.1.29. Podmam (distrobox)
+3.3.1.30. Podmam (distrobox)
I am using distrobox to quickly circumvent isses that I cannot immediately solve on NixOS. It is always the goal to quickly get things working on NixOS, but this prevents me from getting completely stuck.
@@ -7274,6 +7424,7 @@ I am using distrobox to quickly circumvent isses that I cannot immediately solve
virtualisation.podman = {
enable = true;
+ dockerCompat = true;
package = pkgs.stable.podman;
};
@@ -7283,7 +7434,7 @@ I am using distrobox to quickly circumvent isses that I cannot immediately solve
-3.3.1.30. Handle lid switch correctly
+3.3.1.31. Handle lid switch correctly
This turns off the display when the lid is closed.
@@ -7298,22 +7449,30 @@ This turns off the display when the lid is closed.
};
services.acpid = {
enable = true;
- lidEventCommands =
- ''
- export PATH=$PATH:/run/current-system/sw/bin
- export WAYLAND_DISPLAY=wayland-1
- export XDG_RUNTIME_DIR=/run/user/1000
- export SWAYSOCK=$(ls /run/user/1000/sway-ipc.* | head -n 1)
-
- LID_STATE=$(cat /proc/acpi/button/lid/*/state | grep -q closed && echo "closed" || echo "open")
- DOCKED=$(swaymsg -t get_outputs | grep -q 'HDMI\|DP' && echo "docked" || echo "undocked")
-
- if [ "$LID_STATE" == "closed" ] && [ "$DOCKED" == "docked" ]; then
- swaymsg output eDP-2 disable
- else
- swaymsg output eDP-2 enable
+ handlers.lidClosed = {
+ event = "button/lid \\w+ close";
+ action = ''
+ cat /sys/class/backlight/amdgpu_bl1/device/enabled
+ if grep -Fxq disabled /sys/class/backlight/amdgpu_bl1/device/enabled
+ then
+ echo "Lid closed. Disabling fprintd."
+ systemctl stop fprintd
+ ln -s /dev/null /run/systemd/transient/fprintd.service
+ systemctl daemon-reload
fi
'';
+ };
+ handlers.lidOpen = {
+ event = "button/lid \\w+ open";
+ action = ''
+ if ! $(systemctl is-active --quiet fprintd); then
+ echo "Lid open. Enabling fprintd."
+ rm -f /run/systemd/transient/fprintd.service
+ systemctl daemon-reload
+ systemctl start fprintd
+ fi
+ '';
+ };
};
}
@@ -7321,7 +7480,7 @@ This turns off the display when the lid is closed.
-3.3.1.31. Low battery notification
+3.3.1.32. Low battery notification
Since I hide the waybar completely during normal operation, I run the risk of not noticing when my battery is about to run out. This module sends a notification when the battery level falls below 10%. Written by cafkafk.
@@ -7359,7 +7518,7 @@ Since I hide the waybar completely during normal operation, I run the risk of no
-3.3.1.32. Lanzaboote
+3.3.1.33. Lanzaboote
This dynamically uses systemd boot or Lanzaboote depending on `config.swarselsystems.initialSetup` and `config.swarselsystems.isSecureBoot`.
@@ -7376,6 +7535,7 @@ This dynamically uses systemd boot or Lanzaboote depending on `config.swarselsys
lanzaboote = lib.mkIf (!config.swarselsystems.initialSetup && config.swarselsystems.isSecureBoot) {
enable = true;
pkiBundle = "/var/lib/sbctl";
+ configurationLimit = 3;
};
};
}
@@ -7413,6 +7573,7 @@ in
imports = lib.swarselsystems.mkImports importNames "profiles/nixos/server" ++ [
"${profilesPath}/nixos/common/settings.nix"
"${profilesPath}/nixos/common/home-manager.nix"
+ "${profilesPath}/nixos/common/home-manager-extra.nix"
"${profilesPath}/nixos/common/xserver.nix"
"${profilesPath}/nixos/common/gc.nix"
"${profilesPath}/nixos/common/store.nix"
@@ -7434,14 +7595,17 @@ Here we just define some aliases for rebuilding the system, and we allow some in
{ lib, config, ... }:
+let
+ inherit (config.swarselsystems) flakePath;
+in
{
environment.shellAliases = lib.recursiveUpdate
{
- npswitch = "cd ${config.swarselsystems.flakePath}; git pull; sudo nixos-rebuild --flake .#$(hostname) switch; cd -;";
- nswitch = "sudo nixos-rebuild --flake ${config.swarselsystems.flakePath}#$(hostname) switch;";
- npiswitch = "cd ${config.swarselsystems.flakePath}; git pull; sudo nixos-rebuild --flake .#$(hostname) switch --impure; cd -;";
- nipswitch = "cd ${config.swarselsystems.flakePath}; git pull; sudo nixos-rebuild --flake .#$(hostname) switch --impure; cd -;";
- niswitch = "sudo nixos-rebuild --flake ${config.swarselsystems.flakePath}#$(hostname) switch --impure;";
+ npswitch = "cd ${flakePath}; git pull; sudo nixos-rebuild --flake .#$(hostname) switch; cd -;";
+ nswitch = "sudo nixos-rebuild --flake ${flakePath}#$(hostname) switch;";
+ npiswitch = "cd ${flakePath}; git pull; sudo nixos-rebuild --flake .#$(hostname) switch --impure; cd -;";
+ nipswitch = "cd ${flakePath}; git pull; sudo nixos-rebuild --flake .#$(hostname) switch --impure; cd -;";
+ niswitch = "sudo nixos-rebuild --flake ${flakePath}#$(hostname) switch --impure;";
}
config.swarselsystems.shellAliases;
@@ -7578,9 +7742,11 @@ Here we just define some aliases for rebuilding the system, and we allow some in
security.acme = {
acceptTerms = true;
preliminarySelfsigned = false;
- defaults.email = "mrswarsel@gmail.com";
- defaults.dnsProvider = "cloudflare";
- defaults.environmentFile = "${config.sops.templates."certs.secret".path}";
+ defaults = {
+ email = "mrswarsel@gmail.com";
+ dnsProvider = "cloudflare";
+ environmentFile = "${config.sops.templates."certs.secret".path}";
+ };
};
services.nginx = {
@@ -7602,17 +7768,17 @@ Here we just define some aliases for rebuilding the system, and we allow some in
3.3.2.7. ssh
-{ self, ... }:
+{ self, config, ... }:
{
services.openssh = {
enable = true;
};
- users.users.swarsel.openssh.authorizedKeys.keyFiles = [
- (self + /secrets/keys/ssh/nbl-imba-2.pub)
+ users.users."${config.swarselsystems.mainUser}".openssh.authorizedKeys.keyFiles = [
+ (self + /secrets/keys/ssh/yubikey.pub)
(self + /secrets/keys/ssh/magicant.pub)
];
users.users.root.openssh.authorizedKeys.keyFiles = [
- (self + /secrets/keys/ssh/nbl-imba-2.pub)
+ (self + /secrets/keys/ssh/yubikey.pub)
(self + /secrets/keys/ssh/magicant.pub)
];
security.sudo.extraConfig = ''
@@ -7771,7 +7937,7 @@ in
enable = true;
openFirewall = true;
settings = {
- LogLevel = "error";
+ LogLevel = "debug";
Address = "127.0.0.1";
Port = 4040;
MusicFolder = "/Vault/Eternor/Musik";
@@ -7783,17 +7949,18 @@ in
MPVCommandTemplate = "mpv --audio-device=%d --no-audio-display --pause %f";
Jukebox = {
Enabled = true;
- Default = "pch";
+ Default = "default";
Devices = [
- [ "pch" "alsa/sysdefault:CARD=PCH" ]
+ # use mpv --audio-device=help to get these
+ [ "default" "alsa/sysdefault:CARD=PCH" ]
];
};
# Switch using --impure as these credential files are not stored within the flake
# sops-nix is not supported for these which is why we need to resort to these
- LastFM.ApiKey = builtins.readFile "${secretsDirectory}/navidrome/lastfm-secret";
- LastFM.Secret = builtins.readFile "${secretsDirectory}/navidrome/lastfm-key";
- Spotify.ID = builtins.readFile "${secretsDirectory}/navidrome/spotify-id";
- Spotify.Secret = builtins.readFile "${secretsDirectory}/navidrome/spotify-secret";
+ LastFM.ApiKey = lib.swarselsystems.getSecret "${secretsDirectory}/navidrome/lastfm-secret";
+ LastFM.Secret = lib.swarselsystems.getSecret "${secretsDirectory}/navidrome/lastfm-key";
+ Spotify.ID = lib.swarselsystems.getSecret "${secretsDirectory}/navidrome/spotify-id";
+ Spotify.Secret = lib.swarselsystems.getSecret "${secretsDirectory}/navidrome/spotify-secret";
UILoginBackgroundUrl = "https://i.imgur.com/OMLxi7l.png";
UIWelcomeMessage = "~SwarselSound~";
};
@@ -8014,264 +8181,271 @@ in
};
};
- services.postgresql = {
- enable = true;
- initialScript = pkgs.writeText "synapse-init.sql" ''
- CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse';
- CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse"
- TEMPLATE template0
- LC_COLLATE = "C"
- LC_CTYPE = "C";
- CREATE ROLE "mautrix-telegram" WITH LOGIN PASSWORD 'telegram';
- CREATE DATABASE "mautrix-telegram" WITH OWNER "mautrix-telegram"
- TEMPLATE template0
- LC_COLLATE = "C"
- LC_CTYPE = "C";
- CREATE ROLE "mautrix-whatsapp" WITH LOGIN PASSWORD 'whatsapp';
- CREATE DATABASE "mautrix-whatsapp" WITH OWNER "mautrix-whatsapp"
- TEMPLATE template0
- LC_COLLATE = "C"
- LC_CTYPE = "C";
- CREATE ROLE "mautrix-signal" WITH LOGIN PASSWORD 'signal';
- CREATE DATABASE "mautrix-signal" WITH OWNER "mautrix-signal"
- TEMPLATE template0
- LC_COLLATE = "C"
- LC_CTYPE = "C";
- '';
- };
+ systemd = {
+ timers."restart-bridges" = {
+ wantedBy = [ "timers.target" ];
+ timerConfig = {
+ OnBootSec = "1d";
+ OnUnitActiveSec = "1d";
+ Unit = "restart-bridges.service";
+ };
+ };
- services.matrix-synapse = {
- enable = true;
- settings = {
- app_service_config_files = [
- "/var/lib/matrix-synapse/telegram-registration.yaml"
- "/var/lib/matrix-synapse/whatsapp-registration.yaml"
- "/var/lib/matrix-synapse/signal-registration.yaml"
- "/var/lib/matrix-synapse/doublepuppet.yaml"
- ];
- server_name = matrixDomain;
- public_baseurl = "https://${matrixDomain}";
- listeners = [
- {
- port = 8008;
- bind_addresses = [
- "127.0.0.1"
- # "::1"
- ];
- type = "http";
- tls = false;
- x_forwarded = true;
- resources = [
- {
- names = [ "client" "federation" ];
- compress = true;
- }
- ];
- }
+ services = {
+ "restart-bridges" = {
+ script = ''
+ systemctl restart mautrix-whatsapp.service
+ systemctl restart mautrix-signal.service
+ systemctl restart mautrix-telegram.service
+ '';
+ serviceConfig = {
+ Type = "oneshot";
+ User = "root";
+ };
+ };
+ mautrix-telegram.path = with pkgs; [
+ lottieconverter # for animated stickers conversion, unfree package
+ ffmpeg # if converting animated stickers to webm (very slow!)
];
};
- extraConfigFiles = [
- config.sops.templates.matrixshared.path
- ];
};
- services.mautrix-telegram = {
- enable = true;
- environmentFile = config.sops.templates.mautrixtelegram.path;
- settings = {
- homeserver = {
- address = "http://localhost:8008";
- domain = matrixDomain;
- };
- appservice = {
- address = "http://localhost:29317";
- hostname = "localhost";
- port = "29317";
- provisioning.enabled = true;
- id = "telegram";
- # ephemeral_events = true; # not needed due to double puppeting
- public = {
- enabled = false;
- };
- database = "postgresql:///mautrix-telegram?host=/run/postgresql";
- };
- bridge = {
- relaybot.authless_portals = true;
- allow_avatar_remove = true;
- allow_contact_info = true;
- sync_channel_members = true;
- startup_sync = true;
- sync_create_limit = 0;
- sync_direct_chats = true;
- telegram_link_preview = true;
- permissions = {
- "*" = "relaybot";
- "@swarsel:${matrixDomain}" = "admin";
- };
- animated_sticker = {
- target = "gif";
- args = {
- width = 256;
- height = 256;
- fps = 30; # only for webm
- background = "020202"; # only for gif, transparency not supported
- };
- };
- };
+ services = {
+ postgresql = {
+ enable = true;
+ initialScript = pkgs.writeText "synapse-init.sql" ''
+ CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse';
+ CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse"
+ TEMPLATE template0
+ LC_COLLATE = "C"
+ LC_CTYPE = "C";
+ CREATE ROLE "mautrix-telegram" WITH LOGIN PASSWORD 'telegram';
+ CREATE DATABASE "mautrix-telegram" WITH OWNER "mautrix-telegram"
+ TEMPLATE template0
+ LC_COLLATE = "C"
+ LC_CTYPE = "C";
+ CREATE ROLE "mautrix-whatsapp" WITH LOGIN PASSWORD 'whatsapp';
+ CREATE DATABASE "mautrix-whatsapp" WITH OWNER "mautrix-whatsapp"
+ TEMPLATE template0
+ LC_COLLATE = "C"
+ LC_CTYPE = "C";
+ CREATE ROLE "mautrix-signal" WITH LOGIN PASSWORD 'signal';
+ CREATE DATABASE "mautrix-signal" WITH OWNER "mautrix-signal"
+ TEMPLATE template0
+ LC_COLLATE = "C"
+ LC_CTYPE = "C";
+ '';
};
- };
- systemd.services.mautrix-telegram.path = with pkgs; [
- lottieconverter # for animated stickers conversion, unfree package
- ffmpeg # if converting animated stickers to webm (very slow!)
- ];
- services.mautrix-whatsapp = {
- enable = true;
- registerToSynapse = false;
- settings = {
- homeserver = {
- address = "http://localhost:8008";
- domain = matrixDomain;
- };
- appservice = {
- address = "http://localhost:29318";
- hostname = "127.0.0.1";
- port = 29318;
- database = {
- type = "postgres";
- uri = "postgresql:///mautrix-whatsapp?host=/run/postgresql";
- };
- };
- bridge = {
- displayname_template = "{{or .FullName .PushName .JID}} (WA)";
- history_sync = {
- backfill = true;
- max_initial_conversations = -1;
- message_count = -1;
- request_full_sync = true;
- full_sync_config = {
- days_limit = 900;
- size_mb_limit = 5000;
- storage_quota_mb = 5000;
- };
- };
- login_shared_secret_map = {
- matrixDomain = "as_token:doublepuppet";
- };
- sync_manual_marked_unread = true;
- send_presence_on_typing = true;
- parallel_member_sync = true;
- url_previews = true;
- caption_in_message = true;
- extev_polls = true;
- permissions = {
- "*" = "relay";
- "@swarsel:${matrixDomain}" = "admin";
- };
- };
- };
- };
-
- services.mautrix-signal = {
- enable = true;
- registerToSynapse = false;
- settings = {
- homeserver = {
- address = "http://localhost:8008";
- domain = matrixDomain;
- };
- appservice = {
-
- address = "http://localhost:29328";
- hostname = "127.0.0.1";
- port = 29328;
- database = {
- type = "postgres";
- uri = "postgresql:///mautrix-signal?host=/run/postgresql";
- };
- };
- bridge = {
- displayname_template = "{{or .ContactName .ProfileName .PhoneNumber}} (Signal)";
- login_shared_secret_map = {
- matrixDomain = "as_token:doublepuppet";
- };
- caption_in_message = true;
- permissions = {
- "*" = "relay";
- "@swarsel:${matrixDomain}" = "admin";
- };
- };
- };
- };
-
- # restart the bridges daily. this is done for the signal bridge mainly which stops carrying
- # messages out after a while.
-
- systemd.timers."restart-bridges" = {
- wantedBy = [ "timers.target" ];
- timerConfig = {
- OnBootSec = "1d";
- OnUnitActiveSec = "1d";
- Unit = "restart-bridges.service";
- };
- };
-
- systemd.services."restart-bridges" = {
- script = ''
- systemctl restart mautrix-whatsapp.service
- systemctl restart mautrix-signal.service
- systemctl restart mautrix-telegram.service
- '';
- serviceConfig = {
- Type = "oneshot";
- User = "root";
- };
- };
-
- services.nginx = {
- virtualHosts = {
- "swatrix.swarsel.win" = {
- enableACME = true;
- forceSSL = true;
- acmeRoot = null;
- listen = [
+ matrix-synapse = {
+ enable = true;
+ settings = {
+ app_service_config_files = [
+ "/var/lib/matrix-synapse/telegram-registration.yaml"
+ "/var/lib/matrix-synapse/whatsapp-registration.yaml"
+ "/var/lib/matrix-synapse/signal-registration.yaml"
+ "/var/lib/matrix-synapse/doublepuppet.yaml"
+ ];
+ server_name = matrixDomain;
+ public_baseurl = "https://${matrixDomain}";
+ listeners = [
{
- addr = "0.0.0.0";
- port = 8448;
- ssl = true;
- extraParameters = [
- "default_server"
+ port = 8008;
+ bind_addresses = [
+ "127.0.0.1"
+ # "::1"
];
- }
- {
- addr = "[::0]";
- port = 8448;
- ssl = true;
- extraParameters = [
- "default_server"
+ type = "http";
+ tls = false;
+ x_forwarded = true;
+ resources = [
+ {
+ names = [ "client" "federation" ];
+ compress = true;
+ }
];
}
- {
- addr = "0.0.0.0";
- port = 443;
- ssl = true;
- }
- {
- addr = "[::0]";
- port = 443;
- ssl = true;
- }
];
- locations = {
- "~ ^(/_matrix|/_synapse/client)" = {
- # proxyPass = "http://localhost:8008";
- proxyPass = "http://localhost:8008";
- extraConfig = ''
- client_max_body_size 0;
- '';
+ };
+ extraConfigFiles = [
+ config.sops.templates.matrixshared.path
+ ];
+ };
+
+ mautrix-telegram = {
+ enable = true;
+ environmentFile = config.sops.templates.mautrixtelegram.path;
+ settings = {
+ homeserver = {
+ address = "http://localhost:8008";
+ domain = matrixDomain;
+ };
+ appservice = {
+ address = "http://localhost:29317";
+ hostname = "localhost";
+ port = "29317";
+ provisioning.enabled = true;
+ id = "telegram";
+ # ephemeral_events = true; # not needed due to double puppeting
+ public = {
+ enabled = false;
+ };
+ database = "postgresql:///mautrix-telegram?host=/run/postgresql";
+ };
+ bridge = {
+ relaybot.authless_portals = true;
+ allow_avatar_remove = true;
+ allow_contact_info = true;
+ sync_channel_members = true;
+ startup_sync = true;
+ sync_create_limit = 0;
+ sync_direct_chats = true;
+ telegram_link_preview = true;
+ permissions = {
+ "*" = "relaybot";
+ "@swarsel:${matrixDomain}" = "admin";
+ };
+ animated_sticker = {
+ target = "gif";
+ args = {
+ width = 256;
+ height = 256;
+ fps = 30; # only for webm
+ background = "020202"; # only for gif, transparency not supported
+ };
+ };
+ };
+ };
+ };
+
+ mautrix-whatsapp = {
+ enable = true;
+ registerToSynapse = false;
+ settings = {
+ homeserver = {
+ address = "http://localhost:8008";
+ domain = matrixDomain;
+ };
+ appservice = {
+ address = "http://localhost:29318";
+ hostname = "127.0.0.1";
+ port = 29318;
+ database = {
+ type = "postgres";
+ uri = "postgresql:///mautrix-whatsapp?host=/run/postgresql";
+ };
+ };
+ bridge = {
+ displayname_template = "{{or .FullName .PushName .JID}} (WA)";
+ history_sync = {
+ backfill = true;
+ max_initial_conversations = -1;
+ message_count = -1;
+ request_full_sync = true;
+ full_sync_config = {
+ days_limit = 900;
+ size_mb_limit = 5000;
+ storage_quota_mb = 5000;
+ };
+ };
+ login_shared_secret_map = {
+ matrixDomain = "as_token:doublepuppet";
+ };
+ sync_manual_marked_unread = true;
+ send_presence_on_typing = true;
+ parallel_member_sync = true;
+ url_previews = true;
+ caption_in_message = true;
+ extev_polls = true;
+ permissions = {
+ "*" = "relay";
+ "@swarsel:${matrixDomain}" = "admin";
+ };
+ };
+ };
+ };
+
+ mautrix-signal = {
+ enable = true;
+ registerToSynapse = false;
+ settings = {
+ homeserver = {
+ address = "http://localhost:8008";
+ domain = matrixDomain;
+ };
+ appservice = {
+
+ address = "http://localhost:29328";
+ hostname = "127.0.0.1";
+ port = 29328;
+ database = {
+ type = "postgres";
+ uri = "postgresql:///mautrix-signal?host=/run/postgresql";
+ };
+ };
+ bridge = {
+ displayname_template = "{{or .ContactName .ProfileName .PhoneNumber}} (Signal)";
+ login_shared_secret_map = {
+ matrixDomain = "as_token:doublepuppet";
+ };
+ caption_in_message = true;
+ permissions = {
+ "*" = "relay";
+ "@swarsel:${matrixDomain}" = "admin";
+ };
+ };
+ };
+ };
+
+ # restart the bridges daily. this is done for the signal bridge mainly which stops carrying
+ # messages out after a while.
+
+
+ nginx = {
+ virtualHosts = {
+ "swatrix.swarsel.win" = {
+ enableACME = true;
+ forceSSL = true;
+ acmeRoot = null;
+ listen = [
+ {
+ addr = "0.0.0.0";
+ port = 8448;
+ ssl = true;
+ extraParameters = [
+ "default_server"
+ ];
+ }
+ {
+ addr = "[::0]";
+ port = 8448;
+ ssl = true;
+ extraParameters = [
+ "default_server"
+ ];
+ }
+ {
+ addr = "0.0.0.0";
+ port = 443;
+ ssl = true;
+ }
+ {
+ addr = "[::0]";
+ port = 443;
+ ssl = true;
+ }
+ ];
+ locations = {
+ "~ ^(/_matrix|/_synapse/client)" = {
+ # proxyPass = "http://localhost:8008";
+ proxyPass = "http://localhost:8008";
+ extraConfig = ''
+ client_max_body_size 0;
+ '';
+ };
+ "= /.well-known/matrix/server".extraConfig = mkWellKnown serverConfig;
+ "= /.well-known/matrix/client".extraConfig = mkWellKnown clientConfig;
};
- "= /.well-known/matrix/server".extraConfig = mkWellKnown serverConfig;
- "= /.well-known/matrix/client".extraConfig = mkWellKnown clientConfig;
};
};
};
@@ -8299,34 +8473,35 @@ in
mode = "0440";
};
- services.nextcloud = {
- enable = true;
- package = pkgs.nextcloud30;
- hostName = "stash.swarsel.win";
- home = "/Vault/apps/nextcloud";
- datadir = "/Vault/data/nextcloud";
- https = true;
- configureRedis = true;
- maxUploadSize = "4G";
- extraApps = {
- inherit (pkgs.nextcloud30Packages.apps) mail calendar contacts cospend phonetrack polls tasks;
+ services = {
+ nextcloud = {
+ enable = true;
+ package = pkgs.nextcloud31;
+ hostName = "stash.swarsel.win";
+ home = "/Vault/apps/nextcloud";
+ datadir = "/Vault/data/nextcloud";
+ https = true;
+ configureRedis = true;
+ maxUploadSize = "4G";
+ extraApps = {
+ inherit (pkgs.nextcloud30Packages.apps) mail calendar contacts cospend phonetrack polls tasks;
+ };
+ config = {
+ adminuser = "admin";
+ adminpassFile = config.sops.secrets.nextcloudadminpass.path;
+ dbtype = "sqlite";
+ };
};
- config = {
- adminuser = "admin";
- adminpassFile = config.sops.secrets.nextcloudadminpass.path;
- dbtype = "sqlite";
- };
- };
-
- services.nginx = {
- virtualHosts = {
- "stash.swarsel.win" = {
- enableACME = true;
- forceSSL = true;
- acmeRoot = null;
- # config is automatically added by nixos nextcloud config.
- # hence, only provide certificate
+ nginx = {
+ virtualHosts = {
+ "stash.swarsel.win" = {
+ enableACME = true;
+ forceSSL = true;
+ acmeRoot = null;
+ # config is automatically added by nixos nextcloud config.
+ # hence, only provide certificate
+ };
};
};
};
@@ -8597,7 +8772,11 @@ in
3.3.2.19. syncthing
-{ lib, config, ... }:
+{ lib, config, inputs, ... }:
+let
+ secretsDirectory = builtins.toString inputs.nix-secrets;
+ workHostName = lib.swarselsystems.getSecret "${secretsDirectory}/work/worklaptop-hostname";
+in
{
config = lib.mkIf config.swarselsystems.server.syncthing {
@@ -8626,7 +8805,7 @@ in
"sync (@oracle)" = {
id = "ETW6TST-NPK7MKZ-M4LXMHA-QUPQHDT-VTSHH5X-CR5EIN2-YU7E55F-MGT7DQB";
};
- "nbl-imba-2" = {
+ "${workHostName}" = {
id = "YAPV4BV-I26WPTN-SIP32MV-SQP5TBZ-3CHMTCI-Z3D6EP2-MNDQGLP-53FT3AB";
};
};
@@ -8635,7 +8814,7 @@ in
path = "/Vault/data/syncthing/Sync";
type = "receiveonly";
versioning = null;
- devices = [ "sync (@oracle)" "magicant" "nbl-imba-2" ];
+ devices = [ "sync (@oracle)" "magicant" "${workHostName}" ];
id = "default";
};
"Obsidian" = {
@@ -8645,7 +8824,7 @@ in
type = "simple";
params.keep = "5";
};
- devices = [ "sync (@oracle)" "magicant" "nbl-imba-2" ];
+ devices = [ "sync (@oracle)" "magicant" "${workHostName}" ];
id = "yjvni-9eaa7";
};
"Org" = {
@@ -8655,7 +8834,7 @@ in
type = "simple";
params.keep = "5";
};
- devices = [ "sync (@oracle)" "magicant" "nbl-imba-2" ];
+ devices = [ "sync (@oracle)" "magicant" "${workHostName}" ];
id = "a7xnl-zjj3d";
};
"Vpn" = {
@@ -8665,7 +8844,7 @@ in
type = "simple";
params.keep = "5";
};
- devices = [ "sync (@oracle)" "magicant" "nbl-imba-2" ];
+ devices = [ "sync (@oracle)" "magicant" "${workHostName}" ];
id = "hgp9s-fyq3p";
};
"Documents" = {
@@ -8675,12 +8854,12 @@ in
type = "simple";
params.keep = "5";
};
- devices = [ "magicant" "nbl-imba-2" ];
+ devices = [ "magicant" "${workHostName}" ];
id = "hgr3d-pfu3w";
};
# ".elfeed" = {
# path = "/Vault/data/syncthing/.elfeed";
- # devices = [ "sync (@oracle)" "magicant" "nbl-imba-2" ];
+ # devices = [ "sync (@oracle)" "magicant" "${workHostName}" ];
# id = "h7xbs-fs9v1";
# };
};
@@ -8752,145 +8931,151 @@ This section exposes several metrics that I use to check the health of my server
};
};
- users.users.nextcloud-exporter = {
- extraGroups = [ "nextcloud" ];
+ users = {
+ users = {
+ nextcloud-exporter = {
+ extraGroups = [ "nextcloud" ];
+ };
+
+ grafana = {
+ extraGroups = [ "users" ];
+ };
+ };
};
- users.users.grafana = {
- extraGroups = [ "users" ];
- };
-
- services.grafana = {
- enable = true;
- dataDir = "/Vault/data/grafana";
- provision = {
+ services = {
+ grafana = {
enable = true;
- datasources.settings = {
- datasources = [
- {
- name = "prometheus";
- type = "prometheus";
- url = "https://status.swarsel.win/prometheus";
- editable = false;
- access = "proxy";
- basicAuth = true;
- basicAuthUser = "admin";
- jsonData = {
- httpMethod = "POST";
- manageAlerts = true;
- prometheusType = "Prometheus";
- prometheusVersion = "> 2.50.x";
- cacheLevel = "High";
- disableRecordingRules = false;
- incrementalQueryOverlapWindow = "10m";
+ dataDir = "/Vault/data/grafana";
+ provision = {
+ enable = true;
+ datasources.settings = {
+ datasources = [
+ {
+ name = "prometheus";
+ type = "prometheus";
+ url = "https://status.swarsel.win/prometheus";
+ editable = false;
+ access = "proxy";
+ basicAuth = true;
+ basicAuthUser = "admin";
+ jsonData = {
+ httpMethod = "POST";
+ manageAlerts = true;
+ prometheusType = "Prometheus";
+ prometheusVersion = "> 2.50.x";
+ cacheLevel = "High";
+ disableRecordingRules = false;
+ incrementalQueryOverlapWindow = "10m";
+ };
+ secureJsonData = {
+ basicAuthPassword = "$__file{/run/secrets/prometheusadminpass}";
+ };
+ }
+ ];
+ };
+ };
+
+ settings = {
+ security.admin_password = "$__file{/run/secrets/grafanaadminpass}";
+ server = {
+ http_port = 3000;
+ http_addr = "127.0.0.1";
+ protocol = "http";
+ domain = "status.swarsel.win";
+ };
+ };
+ };
+
+ prometheus = {
+ enable = true;
+ webExternalUrl = "https://status.swarsel.win/prometheus";
+ port = 9090;
+ listenAddress = "127.0.0.1";
+ globalConfig = {
+ scrape_interval = "10s";
+ };
+ webConfigFile = self + /programs/server/prometheus/web.config;
+ scrapeConfigs = [
+ {
+ job_name = "node";
+ static_configs = [{
+ targets = [ "localhost:${toString config.services.prometheus.exporters.node.port}" ];
+ }];
+ }
+ {
+ job_name = "zfs";
+ static_configs = [{
+ targets = [ "localhost:${toString config.services.prometheus.exporters.zfs.port}" ];
+ }];
+ }
+ {
+ job_name = "nginx";
+ static_configs = [{
+ targets = [ "localhost:${toString config.services.prometheus.exporters.nginx.port}" ];
+ }];
+ }
+ {
+ job_name = "nextcloud";
+ static_configs = [{
+ targets = [ "localhost:${toString config.services.prometheus.exporters.nextcloud.port}" ];
+ }];
+ }
+ ];
+ exporters = {
+ node = {
+ enable = true;
+ port = 9000;
+ enabledCollectors = [ "systemd" ];
+ extraFlags = [ "--collector.ethtool" "--collector.softirqs" "--collector.tcpstat" "--collector.wifi" ];
+ };
+ zfs = {
+ enable = true;
+ port = 9134;
+ pools = [
+ "Vault"
+ ];
+ };
+ restic = {
+ enable = false;
+ port = 9753;
+ };
+ nginx = {
+ enable = true;
+ port = 9113;
+ sslVerify = false;
+ scrapeUri = "http://localhost/nginx_status";
+ };
+ nextcloud = lib.mkIf config.swarselsystems.server.nextcloud {
+ enable = true;
+ port = 9205;
+ url = "https://stash.swarsel.win/ocs/v2.php/apps/serverinfo/api/v1/info";
+ username = "admin";
+ passwordFile = config.sops.secrets.nextcloudadminpass.path;
+ };
+ };
+ };
+
+
+ nginx = {
+ virtualHosts = {
+ "status.swarsel.win" = {
+ enableACME = true;
+ forceSSL = true;
+ acmeRoot = null;
+ locations = {
+ "/" = {
+ proxyPass = "http://localhost:3000";
+ extraConfig = ''
+ client_max_body_size 0;
+ '';
};
- secureJsonData = {
- basicAuthPassword = "$__file{/run/secrets/prometheusadminpass}";
+ "/prometheus" = {
+ proxyPass = "http://localhost:9090";
+ extraConfig = ''
+ client_max_body_size 0;
+ '';
};
- }
- ];
- };
- };
-
- settings = {
- security.admin_password = "$__file{/run/secrets/grafanaadminpass}";
- server = {
- http_port = 3000;
- http_addr = "127.0.0.1";
- protocol = "http";
- domain = "status.swarsel.win";
- };
- };
- };
-
- services.prometheus = {
- enable = true;
- webExternalUrl = "https://status.swarsel.win/prometheus";
- port = 9090;
- listenAddress = "127.0.0.1";
- globalConfig = {
- scrape_interval = "10s";
- };
- webConfigFile = self + /programs/server/prometheus/web.config;
- scrapeConfigs = [
- {
- job_name = "node";
- static_configs = [{
- targets = [ "localhost:${toString config.services.prometheus.exporters.node.port}" ];
- }];
- }
- {
- job_name = "zfs";
- static_configs = [{
- targets = [ "localhost:${toString config.services.prometheus.exporters.zfs.port}" ];
- }];
- }
- {
- job_name = "nginx";
- static_configs = [{
- targets = [ "localhost:${toString config.services.prometheus.exporters.nginx.port}" ];
- }];
- }
- {
- job_name = "nextcloud";
- static_configs = [{
- targets = [ "localhost:${toString config.services.prometheus.exporters.nextcloud.port}" ];
- }];
- }
- ];
- exporters = {
- node = {
- enable = true;
- port = 9000;
- enabledCollectors = [ "systemd" ];
- extraFlags = [ "--collector.ethtool" "--collector.softirqs" "--collector.tcpstat" "--collector.wifi" ];
- };
- zfs = {
- enable = true;
- port = 9134;
- pools = [
- "Vault"
- ];
- };
- restic = {
- enable = false;
- port = 9753;
- };
- nginx = {
- enable = true;
- port = 9113;
- sslVerify = false;
- scrapeUri = "http://localhost/nginx_status";
- };
- nextcloud = lib.mkIf config.swarselsystems.server.nextcloud {
- enable = true;
- port = 9205;
- url = "https://stash.swarsel.win/ocs/v2.php/apps/serverinfo/api/v1/info";
- username = "admin";
- passwordFile = config.sops.secrets.nextcloudadminpass.path;
- };
- };
- };
-
-
- services.nginx = {
- virtualHosts = {
- "status.swarsel.win" = {
- enableACME = true;
- forceSSL = true;
- acmeRoot = null;
- locations = {
- "/" = {
- proxyPass = "http://localhost:3000";
- extraConfig = ''
- client_max_body_size 0;
- '';
- };
- "/prometheus" = {
- proxyPass = "http://localhost:9090";
- extraConfig = ''
- client_max_body_size 0;
- '';
};
};
};
@@ -9187,11 +9372,12 @@ This opens a few gaming ports and installs the steam configuration suite for gam
-{ pkgs, ... }:
+{ pkgs, lib, ... }:
{
specialisation = {
gaming.configuration = {
networking = {
+ firewall.enable = lib.mkForce false;
firewall = {
allowedUDPPorts = [ 4380 27036 14242 34197 ]; # 34197: factorio; 4380 27036 14242: barotrauma;
allowedTCPPorts = [ ]; # 34197: factorio; 4380 27036 14242: barotrauma; 51820: wireguard
@@ -9288,11 +9474,14 @@ Auto login for the initial session.
+
+3.4.1.3. nixGL
+
+
+This integrates nixGL into home-manager. NixGL provies OpenGL and Vulkan APIs to nix installed utilities. This is needed for graphical applications on non-NixOS systems.
+
+
+
+{ lib, config, nixgl, ... }:
+{
+ nixGL = lib.mkIf (!config.swarselsystems.isNixos) {
+ inherit (nixgl) packages;
+ defaultWrapper = lib.mkDefault "mesa";
+ vulkan.enable = lib.mkDefault false;
+ prime = lib.mkIf config.swarselsystem.isSecondaryGpu {
+ card = config.swarselsystem.secondaryGpuCard;
+ installScript = "mesa";
+ };
+ offloadWrapper = lib.mkIf config.swarselsystem.isSecondaryGpu "mesaPrime";
+ installScripts = [
+ "mesa"
+ "mesaPrime"
+ ];
+ };
+}
+
+
+
+
-3.4.1.3. Installed packages
+3.4.1.4. Installed packages
Here are defined some packages that I would like to use across all my machines. Most of these should not require further setup. Notably the cura package is severely outdated on nixpkgs, so I just fetch a more recent AppImage and run that instead.
@@ -9650,7 +9884,7 @@ Programming languages and default lsp's are defined here:
-3.4.1.3.1. Packaged
+3.4.1.4.1. Packaged
This holds packages that I can use as provided, or with small modifications (as in the texlive package that needs special configuration).
@@ -9695,6 +9929,10 @@ This holds packages that I can use as provided, or with small modifications (as
findutils
units
vim
+ sshfs
+ fuse
+ ventoy
+ poppler_utils
# nix
alejandra
@@ -9706,6 +9944,7 @@ This holds packages that I can use as provided, or with small modifications (as
nix-visualize
nix-init
nix-inspect
+ nixpkgs-review
manix
comma
@@ -9771,7 +10010,7 @@ This holds packages that I can use as provided, or with small modifications (as
# dirvish file previews
fd
imagemagick
- poppler
+ # poppler
ffmpegthumbnailer
mediainfo
gnutar
@@ -9785,8 +10024,9 @@ This holds packages that I can use as provided, or with small modifications (as
# wayland stuff
wtype
wl-clipboard
- wl-mirror
+ stable.wl-mirror
wf-recorder
+ kanshi
# screenshotting tools
grim
@@ -9835,17 +10075,17 @@ This holds packages that I can use as provided, or with small modifications (as
-3.4.1.3.2. Self-defined
+3.4.1.4.2. Self-defined
This is just a separate container for derivations defined in Packages. This is a good idea so that I do not lose track of package names I have defined myself, as this was once a problem in the past already.
-{ pkgs, ... }:
+{ config, pkgs, ... }:
{
- home.packages = with pkgs; [
+ home.packages = with pkgs; lib.mkIf (!config.swarselsystems.isPublic) [
pass-fuzzel
cura5
cdw
@@ -9857,9 +10097,7 @@ This is just a separate container for derivations defined in
@@ -9878,7 +10118,7 @@ This is just a separate container for derivations defined in
-3.4.1.4. sops
+3.4.1.5. sops
I use sops-nix to handle secrets that I want to have available on my machines at all times. Procedure to add a new machine:
@@ -9899,19 +10139,22 @@ Since we are using the home-manager implementation here, we need to specify the
{ config, lib, ... }:
+let
+ inherit (config.swarselsystems) homeDir xdgDir;
+in
{
sops = lib.mkIf (!config.swarselsystems.isPublic) {
- age.sshKeyPaths = [ "${config.home.homeDirectory}/.ssh/sops" "${config.home.homeDirectory}/.ssh/ssh_host_ed25519_key" ];
- defaultSopsFile = lib.swarselsystems.mkIfElseList config.swarselsystems.isBtrfs "/persist/.dotfiles/secrets/general/secrets.yaml" "${config.home.homeDirectory}/.dotfiles/secrets/general/secrets.yaml";
+ age.sshKeyPaths = [ "${homeDir}/.ssh/sops" "${homeDir}/.ssh/ssh_host_ed25519_key" ];
+ defaultSopsFile = lib.swarselsystems.mkIfElseList config.swarselsystems.isBtrfs "/persist/.dotfiles/secrets/general/secrets.yaml" "${homeDir}/.dotfiles/secrets/general/secrets.yaml";
validateSopsFiles = false;
secrets = {
- mrswarsel = { path = "/run/user/1000/secrets/mrswarsel"; };
- nautilus = { path = "/run/user/1000/secrets/nautilus"; };
- leon = { path = "/run/user/1000/secrets/leon"; };
- swarselmail = { path = "/run/user/1000/secrets/swarselmail"; };
- github_notif = { path = "/run/user/1000/secrets/github_notif"; };
- u2f_keys = { path = "${config.home.homeDirectory}/.config/Yubico/u2f_keys"; };
+ mrswarsel = { path = "${xdgDir}/secrets/mrswarsel"; };
+ nautilus = { path = "${xdgDir}/secrets/nautilus"; };
+ leon = { path = "${xdgDir}/secrets/leon"; };
+ swarselmail = { path = "${xdgDir}/secrets/swarselmail"; };
+ github_notif = { path = "${xdgDir}/secrets/github_notif"; };
+ u2f_keys = { path = "${homeDir}/.config/Yubico/u2f_keys"; };
};
};
}
@@ -9920,7 +10163,7 @@ Since we are using the home-manager implementation here, we need to specify the
-3.4.1.5. SSH Machines
+3.4.1.6. SSH Machines
It is very convenient to have SSH aliases in place for machines that I use. This is mainly used for some server machines and some university clusters. We also enable agent forwarding to have our Yubikey SSH key accessible on the remote host.
@@ -9937,7 +10180,6 @@ It is very convenient to have SSH aliases in place for machines that I use. This
ServerAliveInterval 20
'';
matchBlocks = {
- # Local machines
"pfsense" = {
hostname = "192.168.1.1";
user = "root";
@@ -9952,7 +10194,7 @@ It is very convenient to have SSH aliases in place for machines that I use. This
};
"sync" = {
hostname = "193.122.53.173";
- user = "root"; #this is a oracle vm server but needs root due to nixos-infect
+ user = "root";
};
"songdiver" = {
hostname = "89.168.100.65";
@@ -9962,10 +10204,6 @@ It is very convenient to have SSH aliases in place for machines that I use. This
hostname = "46.232.248.161";
user = "root";
};
- "efficient" = {
- hostname = "g0.complang.tuwien.ac.at";
- user = "ep01427399";
- };
};
};
}
@@ -9974,7 +10212,7 @@ It is very convenient to have SSH aliases in place for machines that I use. This
-3.4.1.6. Theme (stylix)
+3.4.1.7. Theme (stylix)
These section allows home-manager to allow theme settings, and handles some other appearance-related settings like cursor styles. Interestingly, system icons (adwaita) still need to be setup on system-level, and will break if defined here.
@@ -9997,6 +10235,8 @@ This section has been notably empty ever since switching to stylix. Only Emacs i
targets = {
emacs.enable = false;
waybar.enable = false;
+ sway.useWallpaper = false;
+ firefox.profileNames = [ "default" ];
};
}
config.swarselsystems.stylix);
@@ -10006,7 +10246,7 @@ This section has been notably empty ever since switching to stylix. Only Emacs i
-3.4.1.7. Desktop Entries, MIME types (xdg)
+3.4.1.8. Desktop Entries, MIME types (xdg)
Some programs lack a dmenu launcher - I define them myself here.
@@ -10030,6 +10270,14 @@ _:
categories = [ "Application" ];
};
+ rustdesk-vbc = {
+ name = "Rustdesk VBC";
+ genericName = "rustdesk-vbc";
+ exec = "rustdesk-vbc";
+ terminal = false;
+ categories = [ "Application" ];
+ };
+
anki = {
name = "Anki Flashcards";
genericName = "Anki";
@@ -10107,7 +10355,7 @@ _:
-3.4.1.8. Linking dotfiles (Symlinks home.file)
+3.4.1.9. Linking dotfiles (Symlinks home.file)
This section should be used in order to symlink already existing configuration files using `home.file` and setting session variables using `home.sessionVariables`.
@@ -10156,14 +10404,23 @@ Also in firefox `about:config > toolkit.legacyUserProfileCustomizations.style
-3.4.1.9. Sourcing environment variables
+3.4.1.10. Sourcing environment variables
Sets environment variables. Here I am only setting the EDITOR variable, most variables are set in the Sway section.
-{ config, ... }:
+{ lib, config, nix-secrets, ... }:
+let
+ secretsDirectory = builtins.toString nix-secrets;
+ leonMail = lib.swarselsystems.getSecret "${secretsDirectory}/mail/leon";
+ nautilusMail = lib.swarselsystems.getSecret "${secretsDirectory}/mail/nautilus";
+ mrswarselMail = lib.swarselsystems.getSecret "${secretsDirectory}/mail/mrswarsel";
+ swarselMail = lib.swarselsystems.getSecret "${secretsDirectory}/mail/swarsel";
+ fullName = lib.swarselsystems.getSecret "${secretsDirectory}/info/fullname";
+ allMailAddresses = lib.swarselsystems.getSecret "${secretsDirectory}/mail/list";
+in
{
home.sessionVariables = {
EDITOR = "e -w";
@@ -10171,13 +10428,21 @@ Sets environment variables. Here I am only setting the EDITOR variable, most var
SWARSEL_LO_RES = config.swarselsystems.lowResolution;
SWARSEL_HI_RES = config.swarselsystems.highResolution;
};
+ systemd.user.sessionVariables = {
+ SWARSEL_LEON_MAIL = leonMail;
+ SWARSEL_NAUTILUS_MAIL = nautilusMail;
+ SWARSEL_MRSWARSEL_MAIL = mrswarselMail;
+ SWARSEL_SWARSEL_MAIL = swarselMail;
+ SWARSEL_FULLNAME = fullName;
+ SWARSEL_MAIL_ALL = allMailAddresses;
+ };
}
-3.4.1.10. General Programs: bottom, imv, sioyek, bat, carapace, wlogout, swayr, yt-dlp, mpv, jq, nix-index, ripgrep, pandoc, fzf
+3.4.1.11. General Programs: bottom, imv, sioyek, bat, carapace, wlogout, swayr, yt-dlp, mpv, jq, nix-index, ripgrep, pandoc, fzf
This section is for programs that require no further configuration. zsh Integration is enabled by default for these.
@@ -10211,7 +10476,7 @@ This section is for programs that require no further configuration. zsh Integrat
-3.4.1.11. nix-index
+3.4.1.12. nix-index
nix-index provides a way to find out which packages are provided by which derivations. By default it also comes with a replacement for command-not-found.sh, however, the implementation is based on a channel based setup. I like consistency, so I replace the command with one that provides a flakes-based output.
@@ -10244,7 +10509,7 @@ nix-index provides a way to find out which packages are provided by which deriva
-3.4.1.12. password-store
+3.4.1.13. password-store
Enables password store with the pass-otp extension which allows me to store and generate one-time-passwords.
@@ -10266,7 +10531,7 @@ Enables password store with the pass-otp extension which allows me
-3.4.1.13. direnv
+3.4.1.14. direnv
Enables direnv, which I use for nearly all of my nix dev flakes.
@@ -10286,7 +10551,7 @@ Enables direnv, which I use for nearly all of my nix dev flakes.
-3.4.1.14. eza
+3.4.1.15. eza
Eza provides me with a better ls command and some other useful aliases.
@@ -10310,14 +10575,19 @@ Eza provides me with a better ls command and some other useful alia
-3.4.1.15. git
+3.4.1.16. git
Here I set up my git config, automatic signing of commits, useful aliases for my ost used commands (for when I am not using Magit) as well as a git template defined in Linking dotfiles.
-{ lib, ... }:
+{ lib, nix-secrets, ... }:
+let
+ secretsDirectory = builtins.toString nix-secrets;
+ leonMail = lib.swarselsystems.getSecret "${secretsDirectory}/mail/leon";
+ fullName = lib.swarselsystems.getSecret "${secretsDirectory}/info/fullname";
+in
{
programs.git = {
enable = true;
@@ -10338,8 +10608,8 @@ Here I set up my git config, automatic signing of commits, useful aliases for my
key = "0x76FD3810215AE097";
signByDefault = true;
};
- userEmail = lib.mkDefault "leon.schwarzaeugl@gmail.com";
- userName = "Leon Schwarzäugl";
+ userEmail = lib.mkDefault leonMail;
+ userName = fullName;
difftastic.enable = true;
lfs.enable = true;
includes = [
@@ -10361,7 +10631,7 @@ Here I set up my git config, automatic signing of commits, useful aliases for my
-3.4.1.16. Fuzzel
+3.4.1.17. Fuzzel
Here I only need to set basic layout options - the rest is being managed by stylix.
@@ -10387,7 +10657,7 @@ Here I only need to set basic layout options - the rest is being managed by styl
-3.4.1.17. Starship
+3.4.1.18. Starship
Starship makes my zsh look cooler! I have symbols for most programming languages and toolchains, also I build my own powerline.
@@ -10520,7 +10790,7 @@ Starship makes my zsh look cooler! I have symbols for most programm
-3.4.1.18. Kitty
+3.4.1.19. Kitty
Kitty is the terminal emulator of choice for me, it is nice to configure using nix, fast, and has a nice style.
@@ -10548,7 +10818,7 @@ The theme is handled by stylix.
-3.4.1.19. zsh
+3.4.1.20. zsh
zsh is the most convenient shell for me and it happens to be super neat to configure within home manager.
@@ -10560,15 +10830,18 @@ Here we set some aliases (some of them should be shellApplications instead) as w
{ config, pkgs, lib, ... }:
+let
+ inherit (config.swarselsystems) flakePath;
+in
{
programs.zsh = {
enable = true;
shellAliases = lib.recursiveUpdate
{
hg = "history | grep";
- hmswitch = "home-manager --flake ${config.swarselsystems.flakePath}#$(whoami)@$(hostname) switch |& nom";
- nswitch = "sudo nixos-rebuild --flake ${config.swarselsystems.flakePath}#$(hostname) --show-trace --log-format internal-json -v switch |& nom --json";
- nboot = "sudo nixos-rebuild --flake ${config.swarselsystems.flakePath}#$(hostname) --show-trace --log-format internal-json -v boot |& nom --json";
+ hmswitch = "home-manager --flake ${flakePath}#$(whoami)@$(hostname) switch |& nom";
+ nswitch = "sudo nixos-rebuild --flake ${flakePath}#$(hostname) --show-trace --log-format internal-json -v switch |& nom --json";
+ nboot = "sudo nixos-rebuild --flake ${flakePath}#$(hostname) --show-trace --log-format internal-json -v boot |& nom --json";
magit = "emacsclient -nc -e \"(magit-status)\"";
config = "git --git-dir=$HOME/.cfg/ --work-tree=$HOME";
g = "git";
@@ -10577,6 +10850,7 @@ Here we set some aliases (some of them should be shellApplications instead) as w
passpull = "cd ~/.local/share/password-store; git pull; cd -;";
hotspot = "nmcli connection up local; nmcli device wifi hotspot;";
cd = "z";
+ youtube-dl = "yt-dlp";
cd-orig = "cd";
cat-orig = "cat";
cdr = "cd \"$( (find $DOCUMENT_DIR_WORK $DOCUMENT_DIR_PRIV -maxdepth 1 && echo $FLAKE) | fzf )\"";
@@ -10664,7 +10938,7 @@ Here we set some aliases (some of them should be shellApplications instead) as w
-3.4.1.20. zellij
+3.4.1.21. zellij
{ self, config, pkgs, ... }:
@@ -10672,6 +10946,7 @@ Here we set some aliases (some of them should be shellApplications instead) as w
programs.zellij = {
enable = true;
+ enableZshIntegration = true;
};
home.packages = with pkgs; [
@@ -10689,7 +10964,7 @@ Here we set some aliases (some of them should be shellApplications instead) as w
-3.4.1.21. tmux
+3.4.1.22. tmux
@@ -10797,139 +11072,154 @@ in
-3.4.1.22. Mail
+3.4.1.23. Mail
Normally I use 4 mail accounts - here I set them all up. Three of them are Google accounts (sadly), which are a chore to setup. The last is just a sender account that I setup SMTP for here.
-{ lib, config, ... }:
+{ lib, config, nix-secrets, ... }:
+let
+ secretsDirectory = builtins.toString nix-secrets;
+ leonMail = lib.swarselsystems.getSecret "${secretsDirectory}/mail/leon";
+ nautilusMail = lib.swarselsystems.getSecret "${secretsDirectory}/mail/nautilus";
+ mrswarselMail = lib.swarselsystems.getSecret "${secretsDirectory}/mail/mrswarsel";
+ swarselMail = lib.swarselsystems.getSecret "${secretsDirectory}/mail/swarsel";
+ fullName = lib.swarselsystems.getSecret "${secretsDirectory}/info/fullname";
+in
{
- programs.mbsync = lib.mkIf (!config.swarselsystems.isPublic) {
- enable = true;
+ programs = {
+ mbsync = {
+ enable = true;
+ };
+ msmtp = {
+ enable = true;
+ };
+ mu = {
+ enable = true;
+ };
};
- services.mbsync = lib.mkIf (!config.swarselsystems.isPublic) {
+
+ services.mbsync = {
enable = true;
};
# this is needed so that mbsync can use the passwords from sops
- systemd.user.services.mbsync.Unit.After = lib.mkIf (!config.swarselsystems.isPublic) [ "sops-nix.service" ];
+ systemd.user.services.mbsync.Unit.After = [ "sops-nix.service" ];
- programs.msmtp = lib.mkIf (!config.swarselsystems.isPublic) {
- enable = true;
- };
-
- programs.mu = lib.mkIf (!config.swarselsystems.isPublic) {
- enable = true;
- };
-
- accounts.email = lib.mkIf (!config.swarselsystems.isPublic) {
- maildirBasePath = "Mail";
- accounts.leon = {
- primary = true;
- address = "leon.schwarzaeugl@gmail.com";
- userName = "leon.schwarzaeugl@gmail.com";
- realName = "Leon Schwarzäugl";
- passwordCommand = "cat ${config.sops.secrets.leon.path}";
- gpg = {
- key = "0x76FD3810215AE097";
- signByDefault = true;
- };
- imap.host = "imap.gmail.com";
- smtp.host = "smtp.gmail.com";
- mu.enable = true;
- msmtp = {
- enable = true;
- };
- mbsync = {
- enable = true;
- create = "maildir";
- expunge = "both";
- patterns = [ "*" "![Gmail]*" "[Gmail]/Sent Mail" "[Gmail]/Starred" "[Gmail]/All Mail" ];
- extraConfig = {
- channel = {
- Sync = "All";
+ accounts = lib.mkIf (!config.swarselsystems.isPublic) {
+ email = {
+ maildirBasePath = "Mail";
+ accounts = {
+ leon = {
+ primary = true;
+ address = leonMail;
+ userName = leonMail;
+ realName = fullName;
+ passwordCommand = "cat ${config.sops.secrets.leon.path}";
+ gpg = {
+ key = "0x76FD3810215AE097";
+ signByDefault = true;
};
- account = {
- Timeout = 120;
- PipelineDepth = 1;
+ imap.host = "imap.gmail.com";
+ smtp.host = "smtp.gmail.com";
+ mu.enable = true;
+ msmtp = {
+ enable = true;
+ };
+ mbsync = {
+ enable = true;
+ create = "maildir";
+ expunge = "both";
+ patterns = [ "*" "![Gmail]*" "[Gmail]/Sent Mail" "[Gmail]/Starred" "[Gmail]/All Mail" ];
+ extraConfig = {
+ channel = {
+ Sync = "All";
+ };
+ account = {
+ Timeout = 120;
+ PipelineDepth = 1;
+ };
+ };
};
};
- };
- };
- accounts.swarsel = lib.mkIf (!config.swarselsystems.isPublic) {
- address = "leon@swarsel.win";
- userName = "8227dc594dd515ce232eda1471cb9a19";
- realName = "Leon Schwarzäugl";
- passwordCommand = "cat ${config.sops.secrets.swarselmail.path}";
- smtp = {
- host = "in-v3.mailjet.com";
- port = 587;
- tls = {
- enable = true;
- useStartTls = true;
+ swarsel = {
+ address = swarselMail;
+ userName = "8227dc594dd515ce232eda1471cb9a19";
+ realName = fullName;
+ passwordCommand = "cat ${config.sops.secrets.swarselmail.path}";
+ smtp = {
+ host = "in-v3.mailjet.com";
+ port = 587;
+ tls = {
+ enable = true;
+ useStartTls = true;
+ };
+ };
+ mu.enable = false;
+ msmtp = {
+ enable = true;
+ };
+ mbsync = {
+ enable = false;
+ };
};
- };
- mu.enable = false;
- msmtp = {
- enable = true;
- };
- mbsync = {
- enable = false;
- };
- };
- accounts.nautilus = lib.mkIf (!config.swarselsystems.isPublic) {
- primary = false;
- address = "nautilus.dw@gmail.com";
- userName = "nautilus.dw@gmail.com";
- realName = "Nautilus";
- passwordCommand = "cat ${config.sops.secrets.nautilus.path}";
- imap.host = "imap.gmail.com";
- smtp.host = "smtp.gmail.com";
- msmtp.enable = true;
- mu.enable = true;
- mbsync = {
- enable = true;
- create = "maildir";
- expunge = "both";
- patterns = [ "*" "![Gmail]*" "[Gmail]/Sent Mail" "[Gmail]/Starred" "[Gmail]/All Mail" ];
- extraConfig = {
- channel = {
- Sync = "All";
- };
- account = {
- Timeout = 120;
- PipelineDepth = 1;
+ nautilus = {
+ primary = false;
+ address = nautilusMail;
+ userName = nautilusMail;
+ realName = "Nautilus";
+ passwordCommand = "cat ${config.sops.secrets.nautilus.path}";
+ imap.host = "imap.gmail.com";
+ smtp.host = "smtp.gmail.com";
+ msmtp.enable = true;
+ mu.enable = true;
+ mbsync = {
+ enable = true;
+ create = "maildir";
+ expunge = "both";
+ patterns = [ "*" "![Gmail]*" "[Gmail]/Sent Mail" "[Gmail]/Starred" "[Gmail]/All Mail" ];
+ extraConfig = {
+ channel = {
+ Sync = "All";
+ };
+ account = {
+ Timeout = 120;
+ PipelineDepth = 1;
+ };
+ };
};
};
- };
- };
- accounts.mrswarsel = lib.mkIf (!config.swarselsystems.isPublic) {
- primary = false;
- address = "mrswarsel@gmail.com";
- userName = "mrswarsel@gmail.com";
- realName = "Swarsel";
- passwordCommand = "cat ${config.sops.secrets.mrswarsel.path}";
- imap.host = "imap.gmail.com";
- smtp.host = "smtp.gmail.com";
- msmtp.enable = true;
- mu.enable = true;
- mbsync = {
- enable = true;
- create = "maildir";
- expunge = "both";
- patterns = [ "*" "![Gmail]*" "[Gmail]/Sent Mail" "[Gmail]/Starred" "[Gmail]/All Mail" ];
- extraConfig = {
- channel = {
- Sync = "All";
- };
- account = {
- Timeout = 120;
- PipelineDepth = 1;
+
+ mrswarsel = {
+ primary = false;
+ address = mrswarselMail;
+ userName = mrswarselMail;
+ realName = "Swarsel";
+ passwordCommand = "cat ${config.sops.secrets.mrswarsel.path}";
+ imap.host = "imap.gmail.com";
+ smtp.host = "smtp.gmail.com";
+ msmtp.enable = true;
+ mu.enable = true;
+ mbsync = {
+ enable = true;
+ create = "maildir";
+ expunge = "both";
+ patterns = [ "*" "![Gmail]*" "[Gmail]/Sent Mail" "[Gmail]/Starred" "[Gmail]/All Mail" ];
+ extraConfig = {
+ channel = {
+ Sync = "All";
+ };
+ account = {
+ Timeout = 120;
+ PipelineDepth = 1;
+ };
+ };
};
};
+
};
};
};
@@ -10939,7 +11229,7 @@ Normally I use 4 mail accounts - here I set them all up. Three of them are Googl
-3.4.1.23. Home-manager: Emacs
+3.4.1.24. Home-manager: Emacs
By using the emacs-overlay NixOS module, I can install all Emacs packages that I want to use right through NixOS. This is done by passing my init.el file to the configuration which will then be parsed upon system rebuild, looking for use-package sections in the Elisp code. Also I define here the style of Emacs that I want to run - I am going with native Wayland Emacs here (emacs-pgtk). All of the nice options such as tree-sitter support are enabled by default, so I do not need to adjust the build process.
@@ -10951,10 +11241,13 @@ Lastly, I am defining some more packages here that the parser has problems findi
{ self, lib, config, pkgs, ... }:
+let
+ inherit (config.swarselsystems) homeDir isPublic;
+in
{
# needed for elfeed
- sops.secrets.fever = lib.mkIf (!config.swarselsystems.isPublic) { path = "${config.home.homeDirectory}/.emacs.d/.fever"; };
+ sops.secrets.fever = lib.mkIf (!isPublic) { path = "${homeDir}/.emacs.d/.fever"; };
# enable emacs overlay for bleeding edge features
# also read init.el file and install use-package packages
@@ -10962,7 +11255,7 @@ Lastly, I am defining some more packages here that the parser has problems findi
enable = true;
package = pkgs.emacsWithPackagesFromUsePackage {
config = self + /programs/emacs/init.el;
- package = pkgs.emacs-pgtk;
+ package = pkgs.emacs-git-pgtk;
alwaysEnsure = true;
alwaysTangle = true;
extraEmacsPackages = epkgs: [
@@ -11020,8 +11313,8 @@ Lastly, I am defining some more packages here that the parser has problems findi
services.emacs = {
enable = true;
- # socketActivation.enable = false;
- # startWithUserSession = "graphical";
+ socketActivation.enable = false;
+ startWithUserSession = "graphical";
};
}
@@ -11029,7 +11322,7 @@ Lastly, I am defining some more packages here that the parser has problems findi
-3.4.1.24. Waybar
+3.4.1.25. Waybar
Again I am just using the first bar option here that I was able to find good understandable documentation for. Of note is that the `cpu` section's `format` is not defined here, but in section 1 (since not every machine has the same number of cores)
@@ -11093,19 +11386,6 @@ The rest of the related configuration is found here:
on-click = "xdg-open https://github.com/notifications";
};
- # "custom/nix-updates" = {
- # exec = "update-checker";
- # on-click = "update-checker && notify-send 'The system has been updated'";
- # interval = "once";
- # tooltip = true;
- # return-type = "json";
- # format = "{} {icon}";
- # format-icon = {
- # "has-updates" = "";
- # "updated" = " ";
- # };
- # };
-
idle_inhibitor = {
format = "{icon}";
format-icons = {
@@ -11315,7 +11595,7 @@ The rest of the related configuration is found here:
-3.4.1.25. Firefox
+3.4.1.26. Firefox
Setting up firefox along with some policies that are important to me (mostly disabling telemetry related stuff as well as Pocket). I also enable some integrations that enable super useful packages, namely tridactyl and browserpass.
@@ -11628,14 +11908,14 @@ in
-3.4.1.26. Services
+3.4.1.27. Services
Services that can be defined through home-manager should be defined here.
-3.4.1.26.1. gnome-keyring
+3.4.1.27.1. gnome-keyring
Used for storing sessions in e.g. Nextcloud
@@ -11653,7 +11933,7 @@ Used for storing sessions in e.g. Nextcloud
-3.4.1.26.2. KDE Connect
+3.4.1.27.2. KDE Connect
This enables phone/computer communication, including sending clipboard, files etc. Sadly on Wayland many of the features are broken (like remote control).
@@ -11673,7 +11953,7 @@ This enables phone/computer communication, including sending clipboard, files et
-3.4.1.26.3. Mako
+3.4.1.27.3. Mako
Desktop notifications!
@@ -11720,7 +12000,7 @@ The `extraConfig` section here CANNOT be reindented. This has something to do wi
-3.4.1.26.4. yubikey-touch-detector
+3.4.1.27.4. yubikey-touch-detector
{ pkgs, ... }:
@@ -11758,7 +12038,7 @@ The `extraConfig` section here CANNOT be reindented. This has something to do wi
-3.4.1.27. Sway
+3.4.1.28. Sway
I am currently using SwayFX, which adds some nice effects to sway, like rounded corners and hiding the separator between title and content of a window.
@@ -11769,7 +12049,7 @@ Currently, I am too lazy to explain every option here, but most of it is very se
-{ config, lib, ... }:
+{ self, config, lib, ... }:
let
inherit (config.swarselsystems) monitors;
workplaceSets = lib.mapAttrs' lib.swarselsystems.eachOutput monitors;
@@ -11874,8 +12154,10 @@ in
"${modifier}+Ctrl+Shift+r" = "exec swarsel-displaypower";
"${modifier}+Shift+e" = "exec swaynag -t warning -m 'You pressed the exit shortcut. Do you really want to exit sway? This will end your Wayland session.' -b 'Yes, exit sway' 'swaymsg exit'";
"${modifier}+r" = "mode resize";
+ # "${modifier}+Return" = "exec kitty";
"${modifier}+Return" = "exec swarselzellij";
"${modifier}+Print" = "exec screenshare";
+ # exec swaymsg move workspace to "$(swaymsg -t get_outputs | jq '[.[] | select(.active == true)] | .[(map(.focused) | index(true) + 1) % length].name')"
# "XF86AudioRaiseVolume" = "exec pa 5%";
"XF86AudioRaiseVolume" = "exec pamixer -i 5";
# "XF86AudioLowerVolume" = "exec pactl set-sink-volume @DEFAULT_SINK@ -5%";
@@ -11899,7 +12181,15 @@ in
};
};
defaultWorkspace = "workspace 1:一";
- output = lib.mapAttrs' lib.swarselsystems.eachMonitor monitors;
+ # output = lib.mapAttrs' lib.swarselsystems.eachMonitor monitors;
+ output = {
+ "${config.swarselsystems.sharescreen}" = {
+ bg = "${self}/wallpaper/lenovowp.png ${config.stylix.imageScalingMode}";
+ };
+ "Philips Consumer Electronics Company PHL BDM3270 AU11806002320" = {
+ bg = "${self}/wallpaper/standwp.png ${config.stylix.imageScalingMode}";
+ };
+ };
input = config.swarselsystems.standardinputs;
workspaceOutputAssign = workplaceOutputs;
startup = config.swarselsystems.startup ++ [
@@ -11932,6 +12222,8 @@ in
{ title = "^Add$"; }
{ title = "^Picture-in-Picture$"; }
{ title = "Syncthing Tray"; }
+ { title = "^spotifytui$"; }
+ { title = "^kittyterm$"; }
{ app_id = "vesktop"; }
{ window_role = "pop-up"; }
{ window_role = "bubble"; }
@@ -11950,6 +12242,12 @@ in
class = ".*";
};
}
+ {
+ command = "opacity 1";
+ criteria = {
+ app_id = "at.yrlf.wl_mirror";
+ };
+ }
{
command = "opacity 1";
criteria = {
@@ -12061,6 +12359,12 @@ in
seat * hide_cursor 2000
+ exec kanshi
+ exec_always kill -1 $(pidof kanshi)
+
+ bindswitch --locked lid:on exec kanshictl switch lidclosed
+ bindswitch --locked lid:off exec kanshictl switch lidopen
+
${swayfxSettings}
";
};
@@ -12069,15 +12373,99 @@ in
+
+3.4.1.29. Kanshi
+
+
+{ config, ... }:
+{
+ services.kanshi = {
+ enable = true;
+ settings = [
+ {
+ # laptop screen
+ output = {
+ criteria = config.swarselsystems.sharescreen;
+ mode = config.swarselsystems.highResolution;
+ scale = 1.0;
+ };
+ }
+ {
+ # home main screen
+ output = {
+ criteria = "Philips Consumer Electronics Company PHL BDM3270 AU11806002320";
+ scale = 1.0;
+ mode = "2560x1440";
+ };
+ }
+ {
+ profile = {
+ name = "lidopen";
+ outputs = [
+ {
+ criteria = "eDP-2";
+ status = "enable";
+ scale = 1.0;
+ }
+ ];
+ };
+ }
+ {
+ profile = {
+ name = "lidopen";
+ outputs = [
+ {
+ criteria = config.swarselsystems.sharescreen;
+ status = "enable";
+ scale = 1.7;
+ position = "2560,0";
+ }
+ {
+ criteria = "Philips Consumer Electronics Company PHL BDM3270 AU11806002320";
+ scale = 1.0;
+ mode = "2560x1440";
+ position = "0,0";
+ }
+ ];
+ };
+ }
+ {
+ profile = {
+ name = "lidclosed";
+ outputs = [
+ {
+ criteria = config.swarselsystems.sharescreen;
+ status = "disable";
+ position = "2560,0";
+ }
+ {
+ criteria = "Philips Consumer Electronics Company PHL BDM3270 AU11806002320";
+ scale = 1.0;
+ mode = "2560x1440";
+ position = "0,0";
+ }
+ ];
+ };
+ }
+ ];
+ };
+}
+
+
+
+
-3.4.1.28. gpg-agent
+3.4.1.30. gpg-agent
Settinfs that are needed for the gpg-agent. Also we are enabling emacs support for unlocking my Yubikey here.
-{ self, pkgs, ... }:
+{ self, config, pkgs, ... }:
+let
+ inherit (config.swarselsystems) mainUser homeDir;
+in
{
services.gpg-agent = {
enable = true;
@@ -12107,7 +12495,7 @@ Settinfs that are needed for the gpg-agent. Also we are enabling emacs support f
# assure correct permissions
systemd.user.tmpfiles.rules = [
- "d /home/swarsel/.gnupg 700 swarsel users"
+ "d ${homeDir}/.gnupg 700 ${mainUser} users"
];
}
@@ -12116,20 +12504,23 @@ Settinfs that are needed for the gpg-agent. Also we are enabling emacs support f
-3.4.1.29. gammastep
+3.4.1.31. gammastep
This service changes the screen hue at night. I am not sure if that really does something, but I like the color anyways.
-_:
+{ lib, nix-secrets, ... }:
+let
+ secretsDirectory = builtins.toString nix-secrets;
+in
{
services.gammastep = {
enable = true;
provider = "manual";
- latitude = 48.210033;
- longitude = 16.363449;
+ latitude = lib.swarselsystems.getSecret "${secretsDirectory}/home/gammastep-latitude";
+ longitude = lib.swarselsystems.getSecret "${secretsDirectory}/home/gammastep-longitude";
};
}
@@ -12278,7 +12669,14 @@ The rest of the settings is at
-{ config, pkgs, lib, ... }:
+{ self, config, pkgs, lib, nix-secrets, ... }:
+let
+ inherit (config.swarselsystems) homeDir;
+ secretsDirectory = builtins.toString nix-secrets;
+ dcUser = lib.swarselsystems.getSecret "${secretsDirectory}/work/dc-user";
+ clUser = lib.swarselsystems.getSecret "${secretsDirectory}/work/cl-user";
+ wsUser = lib.swarselsystems.getSecret "${secretsDirectory}/work/ws-user";
+in
{
home.packages = with pkgs; [
stable.teams-for-linux
@@ -12287,24 +12685,46 @@ The rest of the settings is at mu4e
(insert (format "%s <%s>" (or from-user user-full-name) from-addr)))))))
(defun swarsel/mu4e-restore-default ()
- (setq user-mail-address "leon@swarsel.win"
- user-full-name "Leon Schwarzäugl"))
+ (setq user-mail-address (getenv "SWARSEL_SWARSEL_MAIL")
+ user-full-name (getenv "SWARSEL_FULLNAME")))
@@ -13656,9 +14194,9 @@ This minor-mode adds functionality for doing better surround-commands; for examp
-
-4.3.7.7. evil-textobj-tree-sitter
-
+
+4.3.7.7. evil-textobj-tree-sitter
+
This adds support for tree-sitter objects. This allows for the following chords:
@@ -13682,9 +14220,9 @@ This adds support for tree-sitter objects. This allows for the following chords:
-
-4.3.7.8. evil-textobj-tree-sitter
-
+
+4.3.7.8. evil-textobj-tree-sitter
+
(use-package evil-numbers)
@@ -14681,9 +15219,9 @@ This adds support for Groovy, which I specifically need to work with Jenkinsfile
-
-4.4.5. Ansible
-
+
+4.4.5. Ansible
+
(use-package ansible)
@@ -15274,18 +15812,18 @@ This sets up rustic-mode with tree-sitter support - there is still one issue to
-(use-package rustic
- :init
- (setq rust-mode-treesitter-derive t)
- :config
- (define-key rust-ts-mode-map (kbd "C-c C-c C-r") 'rustic-cargo-run)
- (define-key rust-ts-mode-map (kbd "C-c C-c C-b") 'rustic-cargo-build)
- (define-key rust-ts-mode-map (kbd "C-c C-c C-k") 'rustic-cargo-check)
- (define-key rust-ts-mode-map (kbd "C-c C-c d") 'rustic-cargo-doc)
- (define-key rust-ts-mode-map (kbd "C-c C-c a") 'rustic-cargo-add)
- (setq rustic-format-on-save t)
- (setq rustic-lsp-client 'eglot)
- :mode ("\\.rs" . rustic-mode))
+;;(use-package rustic
+;; :init
+;; (setq rust-mode-treesitter-derive t)
+;; :config
+;; (define-key rust-ts-mode-map (kbd "C-c C-c C-r") 'rustic-cargo-run)
+;; (define-key rust-ts-mode-map (kbd "C-c C-c C-b") 'rustic-cargo-build)
+;; (define-key rust-ts-mode-map (kbd "C-c C-c C-k") 'rustic-cargo-check)
+;; (define-key rust-ts-mode-map (kbd "C-c C-c d") 'rustic-cargo-doc)
+;; (define-key rust-ts-mode-map (kbd "C-c C-c a") 'rustic-cargo-add)
+;; (setq rustic-format-on-save t)
+;; (setq rustic-lsp-client 'eglot)
+;; :mode ("\\.rs" . rustic-mode))
@@ -15420,8 +15958,8 @@ A blocking issue can still occur while entering a direnv that has a longer evalu
c++-ts-mode
go-mode
go-ts-mode
- rust-ts-mode
- rustic-mode
+ ;;rust-ts-mode
+ ;;rustic-mode
tex-mode
LaTeX-mode
) . (lambda () (progn
@@ -15453,9 +15991,9 @@ A blocking issue can still occur while entering a direnv that has a longer evalu
-
-4.4.31. lsp-mode & company
-
+
+4.4.31. lsp-mode & company
+
(use-package lsp-bridge
@@ -15473,9 +16011,9 @@ A blocking issue can still occur while entering a direnv that has a longer evalu
-
-4.4.32. lsp-bridge
-
+
+4.4.32. lsp-bridge
+
(use-package lsp-bridge
@@ -15716,11 +16254,13 @@ The hook functions are defined here:
-
-
-
-
-6.5. statix.toml
-
-
-This file is used to tell statix which checks and folders/fiels to ignore, as well as to specify the nix version that it should use.
-
-
-
-I need this mainly to disable the repeated_keys check, which checks if there is an attribute set called twice without stepping into it. While in general this should be avoided, since I am tangling some files and need to use the top-level attribute in each org-src block, the check would fail for all these cases.
-
-
-
-
-disabled = [
-"repeated_keys"
-]
-nix_version = '2.4'
-ignore = ['.direnv']
-
@@ -16595,7 +17112,7 @@ ignore = ['.direnv']