diff --git a/SwarselSystems.org b/SwarselSystems.org index eec648a..6de7e1a 100644 --- a/SwarselSystems.org +++ b/SwarselSystems.org @@ -10386,13 +10386,12 @@ Options that I need specifically at work. There are more options at [[#h:f0b2ea9 gh ]; - services = { spice-vdagentd.enable = true; openssh = { enable = true; extraConfig = '' - ''; + ''; }; syncthing = { @@ -11980,121 +11979,158 @@ Normally I use 4 mail accounts - here I set them all up. Three of them are Googl # this is needed so that mbsync can use the passwords from sops systemd.user.services.mbsync.Unit.After = [ "sops-nix.service" ]; - accounts = lib.mkIf (config.swarselsystems.isNixos && !config.swarselsystems.isPublic) { - email = { - maildirBasePath = "Mail"; - accounts = { - leon = { - primary = true; - address = address1; - userName = address1; - realName = fullName; - passwordCommand = "cat ${nixosConfig.sops.secrets.address1-token.path}"; - gpg = { - key = "0x76FD3810215AE097"; - signByDefault = true; - }; - imap.host = "imap.gmail.com"; - smtp.host = "smtp.gmail.com"; - mu.enable = true; - msmtp = { - enable = true; - }; - mbsync = { - enable = true; - create = "maildir"; - expunge = "both"; - patterns = [ "*" "![Gmail]*" "[Gmail]/Sent Mail" "[Gmail]/Starred" "[Gmail]/All Mail" ]; - extraConfig = { - channel = { - Sync = "All"; - }; - account = { - Timeout = 120; - PipelineDepth = 1; - }; - }; - }; - }; - - swarsel = { - address = address4; - userName = address4-user; - realName = fullName; - passwordCommand = "cat ${nixosConfig.sops.secrets.address4-token.path}"; - smtp = { - host = address4-host; - port = 587; - tls = { - enable = true; - useStartTls = true; - }; - }; - mu.enable = false; - msmtp = { - enable = true; - }; - mbsync = { - enable = false; - }; - }; - - nautilus = { - primary = false; - address = address2; - userName = address2; - realName = address2-name; - passwordCommand = "cat ${nixosConfig.sops.secrets.address2-token.path}"; - imap.host = "imap.gmail.com"; - smtp.host = "smtp.gmail.com"; - msmtp.enable = true; - mu.enable = true; - mbsync = { - enable = true; - create = "maildir"; - expunge = "both"; - patterns = [ "*" "![Gmail]*" "[Gmail]/Sent Mail" "[Gmail]/Starred" "[Gmail]/All Mail" ]; - extraConfig = { - channel = { - Sync = "All"; - }; - account = { - Timeout = 120; - PipelineDepth = 1; - }; - }; - }; - }; - - mrswarsel = { - primary = false; - address = address3; - userName = address3; - realName = address3-name; - passwordCommand = "cat ${nixosConfig.sops.secrets.address3-token.path}"; - imap.host = "imap.gmail.com"; - smtp.host = "smtp.gmail.com"; - msmtp.enable = true; - mu.enable = true; - mbsync = { - enable = true; - create = "maildir"; - expunge = "both"; - patterns = [ "*" "![Gmail]*" "[Gmail]/Sent Mail" "[Gmail]/Starred" "[Gmail]/All Mail" ]; - extraConfig = { - channel = { - Sync = "All"; - }; - account = { - Timeout = 120; - PipelineDepth = 1; - }; - }; - }; - }; + programs.thunderbird = { + enable = true; + profiles.default = { + isDefault = true; + withExternalGnupg = true; + settings = { + "mail.identity.default.archive_enabled" = true; + "mail.identity.default.archive_keep_folder_structure" = true; + "mail.identity.default.compose_html" = false; + "mail.identity.default.protectSubject" = true; + "mail.identity.default.reply_on_top" = 1; + "mail.identity.default.sig_on_reply" = false; + "mail.identity.default.sig_bottom" = false; + "gfx.webrender.all" = true; + "gfx.webrender.enabled" = true; }; }; + + settings = { + "mail.server.default.allow_utf8_accept" = true; + "mail.server.default.max_articles" = 1000; + "mail.server.default.check_all_folders_for_new" = true; + "mail.show_headers" = 1; + "mail.identity.default.auto_quote" = true; + "mail.identity.default.attachPgpKey" = true; + "mailnews.default_sort_order" = 2; + "mailnews.default_sort_type" = 18; + "mailnews.default_view_flags" = 0; + "mailnews.sort_threads_by_root" = true; + "mailnews.headers.showMessageId" = true; + "mailnews.headers.showOrganization" = true; + "mailnews.headers.showReferences" = true; + "mailnews.headers.showUserAgent" = true; + "mail.imap.expunge_after_delete" = true; + "mail.server.default.delete_model" = 2; + "mail.warn_on_delete_from_trash" = false; + "mail.warn_on_shift_delete" = false; + "toolkit.telemetry.enabled" = false; + "toolkit.telemetry.rejected" = true; + "toolkit.telemetry.prompted" = 2; + "app.update.auto" = false; + "privacy.donottrackheader.enabled" = true; + }; + }; + + xdg.mimeApps.defaultApplications = { + "x-scheme-handler/mailto" = [ "thunderbird.desktop" ]; + "x-scheme-handler/mid" = [ "thunderbird.desktop" ]; + "message/rfc822" = [ "thunderbird.desktop" ]; + }; + + accounts = lib.mkIf (config.swarselsystems.isNixos && !config.swarselsystems.isPublic) { + email = + let + defaultSettings = { + imap = { + host = "imap.gmail.com"; + port = 993; + tls.enable = true; # SSL/TLS + }; + smtp = { + host = "smtp.gmail.com"; + port = 465; + tls.enable = true; # SSL/TLS + }; + thunderbird = { + enable = true; + profiles = [ "default" ]; + }; + mu.enable = true; + msmtp = { + enable = true; + }; + mbsync = { + enable = true; + create = "maildir"; + expunge = "both"; + patterns = [ "*" "![Gmail]*" "[Gmail]/Sent Mail" "[Gmail]/Starred" "[Gmail]/All Mail" ]; + extraConfig = { + channel = { + Sync = "All"; + }; + account = { + Timeout = 120; + PipelineDepth = 1; + }; + }; + }; + }; + in + { + maildirBasePath = "Mail"; + accounts = { + swarsel = { + address = address4; + userName = address4-user; + realName = fullName; + passwordCommand = "cat ${nixosConfig.sops.secrets.address4-token.path}"; + smtp = { + host = address4-host; + port = 587; + tls = { + enable = true; + useStartTls = true; + }; + }; + mu.enable = false; + msmtp = { + enable = true; + }; + mbsync = { + enable = false; + }; + }; + + leon = lib.recursiveUpdate + { + primary = true; + address = address1; + userName = address1; + realName = fullName; + passwordCommand = "cat ${nixosConfig.sops.secrets.address1-token.path}"; + gpg = { + key = "0x76FD3810215AE097"; + signByDefault = true; + }; + } + defaultSettings; + + nautilus = lib.recursiveUpdate + { + primary = false; + address = address2; + userName = address2; + realName = address2-name; + passwordCommand = "cat ${nixosConfig.sops.secrets.address2-token.path}"; + } + defaultSettings; + + mrswarsel = lib.recursiveUpdate + { + primary = false; + address = address3; + userName = address3; + realName = address3-name; + passwordCommand = "cat ${nixosConfig.sops.secrets.address3-token.path}"; + } + defaultSettings; + + }; + }; }; }; } @@ -13614,446 +13650,543 @@ The rest of the settings is at [[#h:bbf2ecb6-c8ff-4462-b5d5-d45b28604ddf][work]] in { options.swarselmodules.optional.work = lib.mkEnableOption "optional work settings"; - config = lib.mkIf config.swarselmodules.optional.work { - home.packages = with pkgs; [ - stable.teams-for-linux - shellcheck - dig - docker - postman - rclone - stable24_05.awscli2 - libguestfs-with-appliance - stable.prometheus.cli - tigervnc - openstackclient - ]; + config = lib.mkIf config.swarselmodules.optional.work + { + home.packages = with pkgs; [ + stable.teams-for-linux + shellcheck + dig + docker + postman + rclone + stable24_05.awscli2 + libguestfs-with-appliance + stable.prometheus.cli + tigervnc + openstackclient + pizauth + ]; - home.sessionVariables = { - DOCUMENT_DIR_PRIV = lib.mkForce "${homeDir}/Documents/Private"; - DOCUMENT_DIR_WORK = lib.mkForce "${homeDir}/Documents/Work"; - }; + systemd.user.services.pizauth = { + Unit = { + Description = "Pizauth OAuth2 token manager"; + }; - wayland.windowManager.sway.config = { - output = { - "Applied Creative Technology Transmitter QUATTRO201811" = { - bg = "${self}/files/wallpaper/navidrome.png ${config.stylix.imageScalingMode}"; + Service = { + Type = "simple"; + ExecStart = "${pkgs.pizauth}/bin/pizauth server -vvvv -d"; + ExecReload = "${pkgs.pizauth}/bin/pizauth reload"; + ExecStop = "${pkgs.pizauth}/bin/pizauth shutdown"; }; - "Hewlett Packard HP Z24i CN44250RDT" = { - bg = "${self}/files/wallpaper/op6wp.png ${config.stylix.imageScalingMode}"; - }; - "HP Inc. HP 732pk CNC4080YL5" = { - bg = "${self}/files/wallpaper/botanicswp.png ${config.stylix.imageScalingMode}"; + + Install = { + WantedBy = [ "default.target" ]; }; }; - }; - stylix = { - targets.firefox.profileNames = + home.sessionVariables = { + DOCUMENT_DIR_PRIV = lib.mkForce "${homeDir}/Documents/Private"; + DOCUMENT_DIR_WORK = lib.mkForce "${homeDir}/Documents/Work"; + }; + + accounts.email.accounts.work = + let + inherit (nixosConfig.repo.secrets.local.work) mailAddress mailName; + in + { + primary = false; + address = mailAddress; + userName = mailAddress; + realName = mailName; + passwordCommand = "pizauth show work"; + imap = { + host = "outlook.office365.com"; + port = 993; + tls.enable = true; # SSL/TLS + }; + smtp = { + host = "outlook.office365.com"; + port = 587; + tls = { + enable = true; # SSL/TLS + useStartTls = true; + }; + }; + thunderbird = { + enable = true; + profiles = [ "default" ]; + settings = id: { + "mail.smtpserver.smtp_${id}.authMethod" = 10; # oauth + "mail.server.server_${id}.authMethod" = 10; # oauth + # "toolkit.telemetry.enabled" = false; + # "toolkit.telemetry.rejected" = true; + # "toolkit.telemetry.prompted" = 2; + }; + }; + msmtp = { + enable = false; + extraConfig = { + account = "work"; + auth = "xoauth2"; + host = "outlook.office365.com"; + protocol = "smtp"; + port = "587"; + tls = "on"; + tls_starttls = "on"; + from = "${mailAddress}"; + user = "${mailAddress}"; + passwordeval = "pizauth show work"; + }; + }; + mu.enable = false; + mbsync = { + enable = false; + expunge = "both"; + extraConfig = { + account = { + AuthMechs = "XOAUTH2"; + }; + }; + }; + }; + + wayland.windowManager.sway.config = { + output = { + "Applied Creative Technology Transmitter QUATTRO201811" = { + bg = "${self}/files/wallpaper/navidrome.png ${config.stylix.imageScalingMode}"; + }; + "Hewlett Packard HP Z24i CN44250RDT" = { + bg = "${self}/files/wallpaper/op6wp.png ${config.stylix.imageScalingMode}"; + }; + "HP Inc. HP 732pk CNC4080YL5" = { + bg = "${self}/files/wallpaper/botanicswp.png ${config.stylix.imageScalingMode}"; + }; + }; + }; + + stylix = { + targets.firefox.profileNames = + let + inherit (nixosConfig.repo.secrets.local.work) user1 user2 user3; + in + [ + "${user1}" + "${user2}" + "${user3}" + "work" + ]; + }; + + programs = + let + inherit (nixosConfig.repo.secrets.local.work) user1 user1Long user2 user2Long user3 user3Long user4 path1 loc1 loc2 site1 site2 site3 site4 site5 site6 site7 lifecycle1 lifecycle2 domain1 domain2 gitMail; + in + { + git.userEmail = lib.mkForce gitMail; + + zsh = { + shellAliases = { + dssh = "ssh -l ${user1Long}"; + cssh = "ssh -l ${user2Long}"; + wssh = "ssh -l ${user3Long}"; + }; + cdpath = [ + "~/Documents/Work" + ]; + dirHashes = { + d = "$HOME/.dotfiles"; + w = "$HOME/Documents/Work"; + s = "$HOME/.dotfiles/secrets"; + pr = "$HOME/Documents/Private"; + ac = path1; + }; + }; + + ssh = { + matchBlocks = { + "${loc1}" = { + hostname = "${loc1}.${domain2}"; + user = user4; + }; + "${loc1}.stg" = { + hostname = "${loc1}.${lifecycle1}.${domain2}"; + user = user4; + }; + "${loc1}.staging" = { + hostname = "${loc1}.${lifecycle1}.${domain2}"; + user = user4; + }; + "${loc1}.dev" = { + hostname = "${loc1}.${lifecycle2}.${domain2}"; + user = user4; + }; + "${loc2}" = { + hostname = "${loc2}.${domain1}"; + user = user1Long; + }; + "${loc2}.stg" = { + hostname = "${loc2}.${lifecycle1}.${domain2}"; + user = user1Long; + }; + "${loc2}.staging" = { + hostname = "${loc2}.${lifecycle1}.${domain2}"; + user = user1Long; + }; + "*.${domain1}" = { + user = user1Long; + }; + }; + }; + + firefox = { + profiles = + let + isDefault = false; + in + { + "${user1}" = lib.recursiveUpdate + { + inherit isDefault; + id = 1; + settings = { + "browser.startup.homepage" = "${site1}|${site2}"; + }; + } + vars.firefox; + "${user2}" = lib.recursiveUpdate + { + inherit isDefault; + id = 2; + settings = { + "browser.startup.homepage" = "${site3}"; + }; + } + vars.firefox; + "${user3}" = lib.recursiveUpdate + { + inherit isDefault; + id = 3; + } + vars.firefox; + work = lib.recursiveUpdate + { + inherit isDefault; + id = 4; + settings = { + "browser.startup.homepage" = "${site4}|${site5}|${site6}|${site7}"; + }; + } + vars.firefox; + }; + }; + + chromium = { + enable = true; + package = pkgs.chromium; + + extensions = [ + # 1password + "gejiddohjgogedgjnonbofjigllpkmbf" + # dark reader + "eimadpbcbfnmbkopoojfekhnkhdbieeh" + # ublock origin + "cjpalhdlnbpafiamejdnhcphjbkeiagm" + # i still dont care about cookies + "edibdbjcniadpccecjdfdjjppcpchdlm" + # browserpass + "naepdomgkenhinolocfifgehidddafch" + ]; + }; + }; + + services = { + kanshi = { + settings = [ + { + # seminary room + output = { + criteria = "Applied Creative Technology Transmitter QUATTRO201811"; + scale = 1.0; + mode = "1280x720"; + }; + } + { + # work main screen + output = { + criteria = "HP Inc. HP 732pk CNC4080YL5"; + scale = 1.0; + mode = "3840x2160"; + }; + } + { + # work side screen + output = { + criteria = "Hewlett Packard HP Z24i CN44250RDT"; + scale = 1.0; + mode = "1920x1200"; + transform = "270"; + }; + } + { + profile = { + name = "lidopen"; + outputs = [ + { + criteria = config.swarselsystems.sharescreen; + status = "enable"; + scale = 1.5; + position = "1462,0"; + } + { + criteria = "HP Inc. HP 732pk CNC4080YL5"; + scale = 1.4; + mode = "3840x2160"; + position = "-1280,0"; + } + { + criteria = "Hewlett Packard HP Z24i CN44250RDT"; + scale = 1.0; + mode = "1920x1200"; + transform = "90"; + position = "-2480,0"; + } + ]; + }; + } + { + profile = { + name = "lidopen"; + outputs = [ + { + criteria = config.swarselsystems.sharescreen; + status = "enable"; + scale = 1.7; + position = "2560,0"; + } + { + criteria = "Applied Creative Technology Transmitter QUATTRO201811"; + scale = 1.0; + mode = "1280x720"; + position = "10000,10000"; + } + ]; + }; + } + { + profile = { + name = "lidclosed"; + outputs = [ + { + criteria = config.swarselsystems.sharescreen; + status = "disable"; + } + { + criteria = "HP Inc. HP 732pk CNC4080YL5"; + scale = 1.4; + mode = "3840x2160"; + position = "-1280,0"; + } + { + criteria = "Hewlett Packard HP Z24i CN44250RDT"; + scale = 1.0; + mode = "1920x1200"; + transform = "270"; + position = "-2480,0"; + } + ]; + }; + } + { + profile = { + name = "lidclosed"; + outputs = [ + { + criteria = config.swarselsystems.sharescreen; + status = "disable"; + } + { + criteria = "Applied Creative Technology Transmitter QUATTRO201811"; + scale = 1.0; + mode = "1280x720"; + position = "10000,10000"; + } + ]; + }; + } + ]; + }; + }; + + xdg = let inherit (nixosConfig.repo.secrets.local.work) user1 user2 user3; in - [ - "${user1}" - "${user2}" - "${user3}" - "work" - ]; - }; + { + configFile."pizauth.conf".text = '' + account "work" { + auth_uri = "https://login.microsoftonline.com/common/oauth2/v2.0/authorize"; + token_uri = "https://login.microsoftonline.com/common/oauth2/v2.0/token"; + client_id = "08162f7c-0fd2-4200-a84a-f25a4db0b584"; + client_secret = "TxRBilcHdC6WGBee]fs?QR:SJ8nI[g82"; + scopes = [ + "https://outlook.office365.com/IMAP.AccessAsUser.All", + "https://outlook.office365.com/SMTP.Send", + "offline_access" + ]; + // You don't have to specify login_hint, but it does make + // authentication a little easier. + login_hint = "${nixosConfig.repo.secrets.local.work.mailAddress}"; + } + ''; - programs = - let - inherit (nixosConfig.repo.secrets.local.work) user1 user1Long user2 user2Long user3 user3Long user4 path1 loc1 loc2 site1 site2 site3 site4 site5 site6 site7 lifecycle1 lifecycle2 domain1 domain2 gitMail; - in - { - git.userEmail = lib.mkForce gitMail; - - zsh = { - shellAliases = { - dssh = "ssh -l ${user1Long}"; - cssh = "ssh -l ${user2Long}"; - wssh = "ssh -l ${user3Long}"; - }; - cdpath = [ - "~/Documents/Work" - ]; - dirHashes = { - d = "$HOME/.dotfiles"; - w = "$HOME/Documents/Work"; - s = "$HOME/.dotfiles/secrets"; - pr = "$HOME/Documents/Private"; - ac = path1; - }; - }; - - ssh = { - matchBlocks = { - "${loc1}" = { - hostname = "${loc1}.${domain2}"; - user = user4; - }; - "${loc1}.stg" = { - hostname = "${loc1}.${lifecycle1}.${domain2}"; - user = user4; - }; - "${loc1}.staging" = { - hostname = "${loc1}.${lifecycle1}.${domain2}"; - user = user4; - }; - "${loc1}.dev" = { - hostname = "${loc1}.${lifecycle2}.${domain2}"; - user = user4; - }; - "${loc2}" = { - hostname = "${loc2}.${domain1}"; - user = user1Long; - }; - "${loc2}.stg" = { - hostname = "${loc2}.${lifecycle1}.${domain2}"; - user = user1Long; - }; - "${loc2}.staging" = { - hostname = "${loc2}.${lifecycle1}.${domain2}"; - user = user1Long; - }; - "*.${domain1}" = { - user = user1Long; + mimeApps = { + defaultApplications = { + "x-scheme-handler/msteams" = [ "teams-for-linux.desktop" ]; }; }; - }; - - firefox = { - profiles = + desktopEntries = let - isDefault = false; + terminal = false; + categories = [ "Application" ]; + icon = "firefox"; in { - "${user1}" = lib.recursiveUpdate - { - inherit isDefault; - id = 1; - settings = { - "browser.startup.homepage" = "${site1}|${site2}"; - }; - } - vars.firefox; - "${user2}" = lib.recursiveUpdate - { - inherit isDefault; - id = 2; - settings = { - "browser.startup.homepage" = "${site3}"; - }; - } - vars.firefox; - "${user3}" = lib.recursiveUpdate - { - inherit isDefault; - id = 3; - } - vars.firefox; - work = lib.recursiveUpdate - { - inherit isDefault; - id = 4; - settings = { - "browser.startup.homepage" = "${site4}|${site5}|${site6}|${site7}"; - }; - } - vars.firefox; + firefox_work = { + name = "Firefox (work)"; + genericName = "Firefox work"; + exec = "firefox -p work"; + inherit terminal categories icon; + }; + "firefox_${user1}" = { + name = "Firefox (${user1})"; + genericName = "Firefox ${user1}"; + exec = "firefox -p ${user1}"; + inherit terminal categories icon; + }; + + "firefox_${user2}" = { + name = "Firefox (${user2})"; + genericName = "Firefox ${user2}"; + exec = "firefox -p ${user2}"; + inherit terminal categories icon; + }; + + "firefox_${user3}" = { + name = "Firefox (${user3})"; + genericName = "Firefox ${user3}"; + exec = "firefox -p ${user3}"; + inherit terminal categories icon; + }; + + }; }; - - chromium = { - enable = true; - package = pkgs.chromium; - - extensions = [ - # 1password - "gejiddohjgogedgjnonbofjigllpkmbf" - # dark reader - "eimadpbcbfnmbkopoojfekhnkhdbieeh" - # ublock origin - "cjpalhdlnbpafiamejdnhcphjbkeiagm" - # i still dont care about cookies - "edibdbjcniadpccecjdfdjjppcpchdlm" - # browserpass - "naepdomgkenhinolocfifgehidddafch" - ]; - }; - }; - - services = { - kanshi = { - settings = [ - { - # seminary room - output = { - criteria = "Applied Creative Technology Transmitter QUATTRO201811"; - scale = 1.0; - mode = "1280x720"; - }; - } - { - # work main screen - output = { - criteria = "HP Inc. HP 732pk CNC4080YL5"; - scale = 1.0; - mode = "3840x2160"; - }; - } - { - # work side screen - output = { - criteria = "Hewlett Packard HP Z24i CN44250RDT"; - scale = 1.0; - mode = "1920x1200"; - transform = "270"; - }; - } - { - profile = { - name = "lidopen"; - outputs = [ - { - criteria = config.swarselsystems.sharescreen; - status = "enable"; - scale = 1.5; - position = "1462,0"; - } - { - criteria = "HP Inc. HP 732pk CNC4080YL5"; - scale = 1.4; - mode = "3840x2160"; - position = "-1280,0"; - } - { - criteria = "Hewlett Packard HP Z24i CN44250RDT"; - scale = 1.0; - mode = "1920x1200"; - transform = "90"; - position = "-2480,0"; - } - ]; - }; - } - { - profile = { - name = "lidopen"; - outputs = [ - { - criteria = config.swarselsystems.sharescreen; - status = "enable"; - scale = 1.7; - position = "2560,0"; - } - { - criteria = "Applied Creative Technology Transmitter QUATTRO201811"; - scale = 1.0; - mode = "1280x720"; - position = "10000,10000"; - } - ]; - }; - } - { - profile = { - name = "lidclosed"; - outputs = [ - { - criteria = config.swarselsystems.sharescreen; - status = "disable"; - } - { - criteria = "HP Inc. HP 732pk CNC4080YL5"; - scale = 1.4; - mode = "3840x2160"; - position = "-1280,0"; - } - { - criteria = "Hewlett Packard HP Z24i CN44250RDT"; - scale = 1.0; - mode = "1920x1200"; - transform = "270"; - position = "-2480,0"; - } - ]; - }; - } - { - profile = { - name = "lidclosed"; - outputs = [ - { - criteria = config.swarselsystems.sharescreen; - status = "disable"; - } - { - criteria = "Applied Creative Technology Transmitter QUATTRO201811"; - scale = 1.0; - mode = "1280x720"; - position = "10000,10000"; - } - ]; - }; - } + swarselsystems = { + startup = [ + # { command = "nextcloud --background"; } + { command = "vesktop --start-minimized --enable-speech-dispatcher --ozone-platform-hint=auto --enable-features=WaylandWindowDecorations --enable-wayland-ime"; } + { command = "element-desktop --hidden --enable-features=UseOzonePlatform --ozone-platform=wayland --disable-gpu-driver-bug-workarounds"; } + { command = "ANKI_WAYLAND=1 anki"; } + { command = "OBSIDIAN_USE_WAYLAND=1 obsidian"; } + { command = "nm-applet"; } + # { command = "feishin"; } + { command = "teams-for-linux --disableGpu=true --minimized=true --trayIconEnabled=true"; } + { command = "1password"; } ]; - }; - }; - - xdg = - let - inherit (nixosConfig.repo.secrets.local.work) user1 user2 user3; - in - { - mimeApps = { - defaultApplications = { - "x-scheme-handler/msteams" = [ "teams-for-linux.desktop" ]; + monitors = { + main = { + name = "BOE 0x0BC9 Unknown"; + mode = "2560x1600"; # TEMPLATE + scale = "1"; + position = "2560,0"; + workspace = "15:L"; + output = "eDP-2"; + }; + homedesktop = { + name = "Philips Consumer Electronics Company PHL BDM3270 AU11806002320"; + mode = "2560x1440"; + scale = "1"; + position = "0,0"; + workspace = "1:一"; + output = "DP-11"; + }; + work_back_middle = { + name = "LG Electronics LG Ultra HD 0x000305A6"; + mode = "2560x1440"; + scale = "1"; + position = "5120,0"; + workspace = "1:一"; + output = "DP-10"; + }; + work_front_left = { + name = "LG Electronics LG Ultra HD 0x0007AB45"; + mode = "3840x2160"; + scale = "1"; + position = "5120,0"; + workspace = "1:一"; + output = "DP-7"; + }; + work_back_right = { + name = "HP Inc. HP Z32 CN41212T55"; + mode = "3840x2160"; + scale = "1"; + position = "5120,0"; + workspace = "1:一"; + output = "DP-3"; + }; + work_middle_middle_main = { + name = "HP Inc. HP 732pk CNC4080YL5"; + mode = "3840x2160"; + scale = "1"; + position = "-1280,0"; + workspace = "11:M"; + output = "DP-8"; + }; + work_middle_middle_side = { + name = "Hewlett Packard HP Z24i CN44250RDT"; + mode = "1920x1200"; + transform = "270"; + scale = "1"; + position = "-2480,0"; + workspace = "12:S"; + output = "DP-9"; + }; + work_seminary = { + name = "Applied Creative Technology Transmitter QUATTRO201811"; + mode = "1280x720"; + scale = "1"; + position = "10000,10000"; # i.e. this screen is inaccessible by moving the mouse + workspace = "14:T"; + output = "DP-4"; }; }; - desktopEntries = - let - terminal = false; - categories = [ "Application" ]; - icon = "firefox"; - in - { - firefox_work = { - name = "Firefox (work)"; - genericName = "Firefox work"; - exec = "firefox -p work"; - inherit terminal categories icon; - }; - "firefox_${user1}" = { - name = "Firefox (${user1})"; - genericName = "Firefox ${user1}"; - exec = "firefox -p ${user1}"; - inherit terminal categories icon; - }; - - "firefox_${user2}" = { - name = "Firefox (${user2})"; - genericName = "Firefox ${user2}"; - exec = "firefox -p ${user2}"; - inherit terminal categories icon; - }; - - "firefox_${user3}" = { - name = "Firefox (${user3})"; - genericName = "Firefox ${user3}"; - exec = "firefox -p ${user3}"; - inherit terminal categories icon; - }; - - + inputs = { + "1133:45081:MX_Master_2S_Keyboard" = { + xkb_layout = "us"; + xkb_variant = "altgr-intl"; + }; + # "2362:628:PIXA3854:00_093A:0274_Touchpad" = { + # dwt = "enabled"; + # tap = "enabled"; + # natural_scroll = "enabled"; + # middle_emulation = "enabled"; + # drag_lock = "disabled"; + # }; + "1133:50504:Logitech_USB_Receiver" = { + xkb_layout = "us"; + xkb_variant = "altgr-intl"; + }; + "1133:45944:MX_KEYS_S" = { + xkb_layout = "us"; + xkb_variant = "altgr-intl"; }; - }; - swarselsystems = { - startup = [ - # { command = "nextcloud --background"; } - { command = "vesktop --start-minimized --enable-speech-dispatcher --ozone-platform-hint=auto --enable-features=WaylandWindowDecorations --enable-wayland-ime"; } - { command = "element-desktop --hidden --enable-features=UseOzonePlatform --ozone-platform=wayland --disable-gpu-driver-bug-workarounds"; } - { command = "ANKI_WAYLAND=1 anki"; } - { command = "OBSIDIAN_USE_WAYLAND=1 obsidian"; } - { command = "nm-applet"; } - # { command = "feishin"; } - { command = "teams-for-linux --disableGpu=true --minimized=true --trayIconEnabled=true"; } - { command = "1password"; } - ]; - monitors = { - main = { - name = "BOE 0x0BC9 Unknown"; - mode = "2560x1600"; # TEMPLATE - scale = "1"; - position = "2560,0"; - workspace = "15:L"; - output = "eDP-2"; }; - homedesktop = { - name = "Philips Consumer Electronics Company PHL BDM3270 AU11806002320"; - mode = "2560x1440"; - scale = "1"; - position = "0,0"; - workspace = "1:一"; - output = "DP-11"; + keybindings = { + "Mod4+Ctrl+Shift+p" = "exec screenshare"; }; - work_back_middle = { - name = "LG Electronics LG Ultra HD 0x000305A6"; - mode = "2560x1440"; - scale = "1"; - position = "5120,0"; - workspace = "1:一"; - output = "DP-10"; - }; - work_front_left = { - name = "LG Electronics LG Ultra HD 0x0007AB45"; - mode = "3840x2160"; - scale = "1"; - position = "5120,0"; - workspace = "1:一"; - output = "DP-7"; - }; - work_back_right = { - name = "HP Inc. HP Z32 CN41212T55"; - mode = "3840x2160"; - scale = "1"; - position = "5120,0"; - workspace = "1:一"; - output = "DP-3"; - }; - work_middle_middle_main = { - name = "HP Inc. HP 732pk CNC4080YL5"; - mode = "3840x2160"; - scale = "1"; - position = "-1280,0"; - workspace = "11:M"; - output = "DP-8"; - }; - work_middle_middle_side = { - name = "Hewlett Packard HP Z24i CN44250RDT"; - mode = "1920x1200"; - transform = "270"; - scale = "1"; - position = "-2480,0"; - workspace = "12:S"; - output = "DP-9"; - }; - work_seminary = { - name = "Applied Creative Technology Transmitter QUATTRO201811"; - mode = "1280x720"; - scale = "1"; - position = "10000,10000"; # i.e. this screen is inaccessible by moving the mouse - workspace = "14:T"; - output = "DP-4"; - }; - }; - inputs = { - "1133:45081:MX_Master_2S_Keyboard" = { - xkb_layout = "us"; - xkb_variant = "altgr-intl"; - }; - # "2362:628:PIXA3854:00_093A:0274_Touchpad" = { - # dwt = "enabled"; - # tap = "enabled"; - # natural_scroll = "enabled"; - # middle_emulation = "enabled"; - # drag_lock = "disabled"; - # }; - "1133:50504:Logitech_USB_Receiver" = { - xkb_layout = "us"; - xkb_variant = "altgr-intl"; - }; - "1133:45944:MX_KEYS_S" = { - xkb_layout = "us"; - xkb_variant = "altgr-intl"; - }; - }; - keybindings = { - "Mod4+Ctrl+Shift+p" = "exec screenshare"; - }; + }; }; - }; } diff --git a/hosts/nixos/pyramid/secrets/pii.nix.enc b/hosts/nixos/pyramid/secrets/pii.nix.enc index 7feeec1..d902cda 100644 --- a/hosts/nixos/pyramid/secrets/pii.nix.enc +++ b/hosts/nixos/pyramid/secrets/pii.nix.enc @@ -1,5 +1,5 @@ { - "data": "ENC[AES256_GCM,data:SEQIHMS8xUj6vsC1+1zTRG+h5BbqL0miA77UEh0UbiFOP7RgqhUlZgq+LmO7BRiIf4RHO13BZ5PXdKiZ96lgGcaquVnaEEQqv2NvkstXpwm3eLjUTJryMxfVupeir5g/FNXHETzhN425KD93EyMr4g7INJW4N4mHXmDnHJOJgS8rlKnSLG64cpgrlef8GAsGfp+i3ky2dig4jNQG8Ijdc46qtiyH9bs7k0d/YuNNmcZSaSIukNyyIMVTqlt6MV+9iUQ4Lj5h0pxgDLfjM1TNQAHRkWW4eozt7SO17U9td1DxvBF9TUdj3xbFCVo4c1OGw4hrjahvUAF8u1TEXBhhJfLqApDUBddRMxybk8Dy98jOHcb6Qwu3qUcgRt9XgkOktwgovS/B2WWAIWMTIZhyKm5ENriaTZWSp6n7hzkw1C1wXyCaP6YT0A4SSPPJt/DuTcBZ5BOFM10237NNgZA0Q7B5J5C57W88bhtzZ2aJZexyQYqQPrr5c38RwR00OAVGJeCgcq70JqeA5EpTuud20rBE0/dHHEPeVUBkrq8pjBHh4SYeMOh8g85CnlF31cxAcnrVJbO14hQQ8sQd4ZmkRNcY3EL981ruDy6Okd3K5AifmF/E9IEZwbvCSLY8EYANA+NV97ZsL4zJOWC6tnA1QHFDoqCR/POsupvGQetYpembrUY0WoB5XkfAvMicQCeLJe2H7S6pOVMDOIIZLx57vcO855LlIJiCpMw2ytqbBXRZolM2WXEBZDEL6BnrEydUnoiUCxqsUrdvQE3HTzktXKQww9jc6HLfBV1MvfScWq2fisGDlkrC2rI5VcWamm8Xbke4uTVcdbKlDpgbpC8NaWmmgNhFe50VNf7M/L5etnvuWWbY68epLZo7dsaaWVE584pdVFT+2K2GwWmGnMHKW+KKA6O9hFfdPUOsJj+eJiF9JX7OwLPAJILTjesWfHXivILBwjDyY5CBCHg91fsrPF37222O/HPPukveY/u6WBOt+co3Ch9mq9usdD7fhieo59IZ7aOJb7dxHSa99nBD8NZbwn6nJkgn3hpLfP9q/2TWcF/zSD1oGY7f1GVbEKEHj2hHv+OHMhFzgRhi5NtvGOO4l0aa1QE1eyRJgHLeqS5aL119Fh1+PSSN9/+v1q6l2JjYuQAV1BqzVdG2GS64J4PBxVqmZ3M9Qv2ZvH0Zwjs64M3MDUMNa5+HZAkPpThvrUWSCEFivIfiOi4Bt/h+HmyQb04LB5QuNFSiRpuF+fQcA+MmMQ==,iv:PL7Z5mKqbNbPfptREw9xFTiOQ1qiVkyxLPvDSoPvbbY=,tag:OPlhVLtN5IDdL/nkkj8+CQ==,type:str]", + "data": "ENC[AES256_GCM,data:kkwEMOzab5JK9G+rSfYygcAI6Y+b1tXkUFPdxN8e2Rnz2Uv4bDfITu8bmKqJ1q5kmHxQjQukioZkdQkabqBR8cx/CG3dRJfPAjEwMz4v8UYGSNSf8blJvdb4YKSizeOEALCuawBIm5hmvwuskXlol6UfkK66h9UnP94wwdh0KKemWinANxbIUX+cl6kK4X1eZrWRGr5Ts2HmjcowIbA+SmA8yVAwqoP6L1DuavilLGPfWhBI4Kj7ZTI3LRlvu4DZZ+DCAea3FgrrjbTWiWZfFW0YX2fDgNQkIxpp3N203zDu23HebZcmCrVBkfvFS7awBr5iVnwfsqOJR0LH92lIlUb8YoFShlJU/Day80i9uyYDCTHc4l2NBvjIH8NlpiYaA2A+rCW3VkVX3WzCGxBfi/kIqoNE3RdLJAYrIimsYaHSmk4o6jslR3xIRyQzDcNtWa92kINdCwBuJXc0UYe/HnR8tFlmOrlixMlVINTy45PRNYJoy7cuoJPd+aNIPQ2V31TB/CjUSZhEptVJSnQnKDui1xuV7vqcyPv06xftJGZRk/LL2cl3+HDLflkZYE7NVlLaOWMBOkX99W/WokF3NGBWuVeUp9bLCwpuEmzFafpCjKhGrQSDGkw17jmYWCULN9v3q6OvyylwqVuDDQZNSxGZFsSPr7qOxeENwTDQvRwpydthPRMMHh/wf3t5pyV/jW79SBuxIWvn4JbO8TBsd9TmVgXMgpd97+Zg3CnTqZApVVRzM8NzF25fMYHJv12YvkEmyOm0otFU84COhgNkpBRTJhyJdjKWVOTJFJyQviwy6BTBF6jqHyS+YP7BEZO2UID/9ODKVrSACCatSQlNtLQRrXOiE9h3g43uAJc/TyJ+A0IceUJ3BM+6PEJiqDWUfO5ucP3pLDdb4IDOAi/YeV9HQdyCdEVRf6a0CHmPcnkb+X+fxxcmZQCvuzQjOZQZw8UUwfhdJms6jTWqaN9leb3z4u8RPxOM1T+Qsu5dL5ouady7xVSO4c1Fw+EiiL9yOh42DTa4OyBlcTJiz5iigqmkaiQOwdwn+FlOYNraOd24h8+x7dDVQBbHjnV7xF7I1rmpOfA/lUbfovLU5SrIxLPT64J25ucudJWBTCDiYADUwhv+QmfJJsdt11+NWPkS3ymFbbWPtpZvhCaawrNKb3s/ohOEi8JIAyY9dtfRGuRoTsCcsJ4xjeSLehX4TgR0cl31Jmm+0kO2uuP7veDrqyUg1Swqsq4+BKfimprh/QzwSoB9lOdEPu0bdQza9sk+D5+H2ooXsVXA2YJscBZ/Kv+YYW57LlfwEvfpJDx5XiQtAYYlUeN8SPx72i9QzYugm339gj+eB8gtbX3W8Sl+D9Vs0P+GZ4G7K03JvzEExtA=,iv:Go3U5S9ZxtPawFoVjknH8j8WDg2TJLIU6mp5DQDj9BE=,tag:0QPJYyQsuZ4hz8xZZ2V4xw==,type:str]", "sops": { "age": [ { @@ -11,8 +11,8 @@ "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0Z2tONmQxTUhZUW12Z2Jm\nUnoxSnpYcnZDNGNzSko1ckl2RDh3NG1VS2dFCmIwUXhmSk1OUk02S0JPVDR5UWJ4\na0gwWlg0V005ZWxYa29PZ0laS2VqM0kKLS0tIHN5SU9pQ090eHljeXJGWm5hRFQ4\nZ001Nzkyb29RYkNUMDNDNlo4YnVQeTQK34bNIBgxId2+DHKQNVV3Iro3KGkE03Sp\niB1+dADT6nRvGvoyPqnLq/NYfw7eQ6XqYt55zkdCta8v6L1UNUkw8g==\n-----END AGE ENCRYPTED FILE-----\n" } ], - "lastmodified": "2025-07-13T23:20:32Z", - "mac": "ENC[AES256_GCM,data:ibG9NVwVLf4UgdxnHbAToq5n12v4PPgPmnTn8PYg0LZfU2x6GaxRtNvWoFxDa9bEWMRzrlC5oV+hXsTxzJdYliafNTOxWjtOI/ME/HgEE8cU17HuJViWkR+CL+kzCelgFjCD3XajbTRzdTBtcI9icsUvnaManjlSvsgWmqNP36Y=,iv:uCy8Mv5HM611Qd4cvvEiDovnv1uuLZVSN7p7SV10zRA=,tag:fRjfyRkIIh5L97WVyNyxSQ==,type:str]", + "lastmodified": "2025-08-07T12:21:20Z", + "mac": "ENC[AES256_GCM,data:JxNvTsW6D7IbaczGsdgfTJcACm5VLrOw6Ep+RU9PoXn2LJZeJ9U8KIlnNdODtxMpiIpZ+ZPeJgQk+EXlUVd5n2dJQEr6vqfs4o85givDWE29Pki12Zb7jMhiW8/z9GYQ/TcskkWUfA0Brz9fKVKXLARvQdL1/9Rlw+F1VwWWBOo=,iv:V31hoIpUgq6X47D0B+MtBMsdD0oDpPkh2kvQWRJtS3w=,tag:dsW9SUIdGipX5rKyLAvCvQ==,type:str]", "pgp": [ { "created_at": "2025-06-14T22:31:01Z", diff --git a/modules/home/common/mail.nix b/modules/home/common/mail.nix index 8d1750f..f977d12 100644 --- a/modules/home/common/mail.nix +++ b/modules/home/common/mail.nix @@ -33,121 +33,158 @@ in # this is needed so that mbsync can use the passwords from sops systemd.user.services.mbsync.Unit.After = [ "sops-nix.service" ]; - accounts = lib.mkIf (config.swarselsystems.isNixos && !config.swarselsystems.isPublic) { - email = { - maildirBasePath = "Mail"; - accounts = { - leon = { - primary = true; - address = address1; - userName = address1; - realName = fullName; - passwordCommand = "cat ${nixosConfig.sops.secrets.address1-token.path}"; - gpg = { - key = "0x76FD3810215AE097"; - signByDefault = true; - }; - imap.host = "imap.gmail.com"; - smtp.host = "smtp.gmail.com"; - mu.enable = true; - msmtp = { - enable = true; - }; - mbsync = { - enable = true; - create = "maildir"; - expunge = "both"; - patterns = [ "*" "![Gmail]*" "[Gmail]/Sent Mail" "[Gmail]/Starred" "[Gmail]/All Mail" ]; - extraConfig = { - channel = { - Sync = "All"; - }; - account = { - Timeout = 120; - PipelineDepth = 1; - }; - }; - }; - }; - - swarsel = { - address = address4; - userName = address4-user; - realName = fullName; - passwordCommand = "cat ${nixosConfig.sops.secrets.address4-token.path}"; - smtp = { - host = address4-host; - port = 587; - tls = { - enable = true; - useStartTls = true; - }; - }; - mu.enable = false; - msmtp = { - enable = true; - }; - mbsync = { - enable = false; - }; - }; - - nautilus = { - primary = false; - address = address2; - userName = address2; - realName = address2-name; - passwordCommand = "cat ${nixosConfig.sops.secrets.address2-token.path}"; - imap.host = "imap.gmail.com"; - smtp.host = "smtp.gmail.com"; - msmtp.enable = true; - mu.enable = true; - mbsync = { - enable = true; - create = "maildir"; - expunge = "both"; - patterns = [ "*" "![Gmail]*" "[Gmail]/Sent Mail" "[Gmail]/Starred" "[Gmail]/All Mail" ]; - extraConfig = { - channel = { - Sync = "All"; - }; - account = { - Timeout = 120; - PipelineDepth = 1; - }; - }; - }; - }; - - mrswarsel = { - primary = false; - address = address3; - userName = address3; - realName = address3-name; - passwordCommand = "cat ${nixosConfig.sops.secrets.address3-token.path}"; - imap.host = "imap.gmail.com"; - smtp.host = "smtp.gmail.com"; - msmtp.enable = true; - mu.enable = true; - mbsync = { - enable = true; - create = "maildir"; - expunge = "both"; - patterns = [ "*" "![Gmail]*" "[Gmail]/Sent Mail" "[Gmail]/Starred" "[Gmail]/All Mail" ]; - extraConfig = { - channel = { - Sync = "All"; - }; - account = { - Timeout = 120; - PipelineDepth = 1; - }; - }; - }; - }; + programs.thunderbird = { + enable = true; + profiles.default = { + isDefault = true; + withExternalGnupg = true; + settings = { + "mail.identity.default.archive_enabled" = true; + "mail.identity.default.archive_keep_folder_structure" = true; + "mail.identity.default.compose_html" = false; + "mail.identity.default.protectSubject" = true; + "mail.identity.default.reply_on_top" = 1; + "mail.identity.default.sig_on_reply" = false; + "mail.identity.default.sig_bottom" = false; + "gfx.webrender.all" = true; + "gfx.webrender.enabled" = true; }; }; + + settings = { + "mail.server.default.allow_utf8_accept" = true; + "mail.server.default.max_articles" = 1000; + "mail.server.default.check_all_folders_for_new" = true; + "mail.show_headers" = 1; + "mail.identity.default.auto_quote" = true; + "mail.identity.default.attachPgpKey" = true; + "mailnews.default_sort_order" = 2; + "mailnews.default_sort_type" = 18; + "mailnews.default_view_flags" = 0; + "mailnews.sort_threads_by_root" = true; + "mailnews.headers.showMessageId" = true; + "mailnews.headers.showOrganization" = true; + "mailnews.headers.showReferences" = true; + "mailnews.headers.showUserAgent" = true; + "mail.imap.expunge_after_delete" = true; + "mail.server.default.delete_model" = 2; + "mail.warn_on_delete_from_trash" = false; + "mail.warn_on_shift_delete" = false; + "toolkit.telemetry.enabled" = false; + "toolkit.telemetry.rejected" = true; + "toolkit.telemetry.prompted" = 2; + "app.update.auto" = false; + "privacy.donottrackheader.enabled" = true; + }; + }; + + xdg.mimeApps.defaultApplications = { + "x-scheme-handler/mailto" = [ "thunderbird.desktop" ]; + "x-scheme-handler/mid" = [ "thunderbird.desktop" ]; + "message/rfc822" = [ "thunderbird.desktop" ]; + }; + + accounts = lib.mkIf (config.swarselsystems.isNixos && !config.swarselsystems.isPublic) { + email = + let + defaultSettings = { + imap = { + host = "imap.gmail.com"; + port = 993; + tls.enable = true; # SSL/TLS + }; + smtp = { + host = "smtp.gmail.com"; + port = 465; + tls.enable = true; # SSL/TLS + }; + thunderbird = { + enable = true; + profiles = [ "default" ]; + }; + mu.enable = true; + msmtp = { + enable = true; + }; + mbsync = { + enable = true; + create = "maildir"; + expunge = "both"; + patterns = [ "*" "![Gmail]*" "[Gmail]/Sent Mail" "[Gmail]/Starred" "[Gmail]/All Mail" ]; + extraConfig = { + channel = { + Sync = "All"; + }; + account = { + Timeout = 120; + PipelineDepth = 1; + }; + }; + }; + }; + in + { + maildirBasePath = "Mail"; + accounts = { + swarsel = { + address = address4; + userName = address4-user; + realName = fullName; + passwordCommand = "cat ${nixosConfig.sops.secrets.address4-token.path}"; + smtp = { + host = address4-host; + port = 587; + tls = { + enable = true; + useStartTls = true; + }; + }; + mu.enable = false; + msmtp = { + enable = true; + }; + mbsync = { + enable = false; + }; + }; + + leon = lib.recursiveUpdate + { + primary = true; + address = address1; + userName = address1; + realName = fullName; + passwordCommand = "cat ${nixosConfig.sops.secrets.address1-token.path}"; + gpg = { + key = "0x76FD3810215AE097"; + signByDefault = true; + }; + } + defaultSettings; + + nautilus = lib.recursiveUpdate + { + primary = false; + address = address2; + userName = address2; + realName = address2-name; + passwordCommand = "cat ${nixosConfig.sops.secrets.address2-token.path}"; + } + defaultSettings; + + mrswarsel = lib.recursiveUpdate + { + primary = false; + address = address3; + userName = address3; + realName = address3-name; + passwordCommand = "cat ${nixosConfig.sops.secrets.address3-token.path}"; + } + defaultSettings; + + }; + }; }; }; } diff --git a/modules/home/optional/work.nix b/modules/home/optional/work.nix index cd91509..6941c79 100644 --- a/modules/home/optional/work.nix +++ b/modules/home/optional/work.nix @@ -4,445 +4,542 @@ let in { options.swarselmodules.optional.work = lib.mkEnableOption "optional work settings"; - config = lib.mkIf config.swarselmodules.optional.work { - home.packages = with pkgs; [ - stable.teams-for-linux - shellcheck - dig - docker - postman - rclone - stable24_05.awscli2 - libguestfs-with-appliance - stable.prometheus.cli - tigervnc - openstackclient - ]; + config = lib.mkIf config.swarselmodules.optional.work + { + home.packages = with pkgs; [ + stable.teams-for-linux + shellcheck + dig + docker + postman + rclone + stable24_05.awscli2 + libguestfs-with-appliance + stable.prometheus.cli + tigervnc + openstackclient + pizauth + ]; - home.sessionVariables = { - DOCUMENT_DIR_PRIV = lib.mkForce "${homeDir}/Documents/Private"; - DOCUMENT_DIR_WORK = lib.mkForce "${homeDir}/Documents/Work"; - }; + systemd.user.services.pizauth = { + Unit = { + Description = "Pizauth OAuth2 token manager"; + }; - wayland.windowManager.sway.config = { - output = { - "Applied Creative Technology Transmitter QUATTRO201811" = { - bg = "${self}/files/wallpaper/navidrome.png ${config.stylix.imageScalingMode}"; + Service = { + Type = "simple"; + ExecStart = "${pkgs.pizauth}/bin/pizauth server -vvvv -d"; + ExecReload = "${pkgs.pizauth}/bin/pizauth reload"; + ExecStop = "${pkgs.pizauth}/bin/pizauth shutdown"; }; - "Hewlett Packard HP Z24i CN44250RDT" = { - bg = "${self}/files/wallpaper/op6wp.png ${config.stylix.imageScalingMode}"; - }; - "HP Inc. HP 732pk CNC4080YL5" = { - bg = "${self}/files/wallpaper/botanicswp.png ${config.stylix.imageScalingMode}"; + + Install = { + WantedBy = [ "default.target" ]; }; }; - }; - stylix = { - targets.firefox.profileNames = + home.sessionVariables = { + DOCUMENT_DIR_PRIV = lib.mkForce "${homeDir}/Documents/Private"; + DOCUMENT_DIR_WORK = lib.mkForce "${homeDir}/Documents/Work"; + }; + + accounts.email.accounts.work = + let + inherit (nixosConfig.repo.secrets.local.work) mailAddress mailName; + in + { + primary = false; + address = mailAddress; + userName = mailAddress; + realName = mailName; + passwordCommand = "pizauth show work"; + imap = { + host = "outlook.office365.com"; + port = 993; + tls.enable = true; # SSL/TLS + }; + smtp = { + host = "outlook.office365.com"; + port = 587; + tls = { + enable = true; # SSL/TLS + useStartTls = true; + }; + }; + thunderbird = { + enable = true; + profiles = [ "default" ]; + settings = id: { + "mail.smtpserver.smtp_${id}.authMethod" = 10; # oauth + "mail.server.server_${id}.authMethod" = 10; # oauth + # "toolkit.telemetry.enabled" = false; + # "toolkit.telemetry.rejected" = true; + # "toolkit.telemetry.prompted" = 2; + }; + }; + msmtp = { + enable = false; + extraConfig = { + account = "work"; + auth = "xoauth2"; + host = "outlook.office365.com"; + protocol = "smtp"; + port = "587"; + tls = "on"; + tls_starttls = "on"; + from = "${mailAddress}"; + user = "${mailAddress}"; + passwordeval = "pizauth show work"; + }; + }; + mu.enable = false; + mbsync = { + enable = false; + expunge = "both"; + extraConfig = { + account = { + AuthMechs = "XOAUTH2"; + }; + }; + }; + }; + + wayland.windowManager.sway.config = { + output = { + "Applied Creative Technology Transmitter QUATTRO201811" = { + bg = "${self}/files/wallpaper/navidrome.png ${config.stylix.imageScalingMode}"; + }; + "Hewlett Packard HP Z24i CN44250RDT" = { + bg = "${self}/files/wallpaper/op6wp.png ${config.stylix.imageScalingMode}"; + }; + "HP Inc. HP 732pk CNC4080YL5" = { + bg = "${self}/files/wallpaper/botanicswp.png ${config.stylix.imageScalingMode}"; + }; + }; + }; + + stylix = { + targets.firefox.profileNames = + let + inherit (nixosConfig.repo.secrets.local.work) user1 user2 user3; + in + [ + "${user1}" + "${user2}" + "${user3}" + "work" + ]; + }; + + programs = + let + inherit (nixosConfig.repo.secrets.local.work) user1 user1Long user2 user2Long user3 user3Long user4 path1 loc1 loc2 site1 site2 site3 site4 site5 site6 site7 lifecycle1 lifecycle2 domain1 domain2 gitMail; + in + { + git.userEmail = lib.mkForce gitMail; + + zsh = { + shellAliases = { + dssh = "ssh -l ${user1Long}"; + cssh = "ssh -l ${user2Long}"; + wssh = "ssh -l ${user3Long}"; + }; + cdpath = [ + "~/Documents/Work" + ]; + dirHashes = { + d = "$HOME/.dotfiles"; + w = "$HOME/Documents/Work"; + s = "$HOME/.dotfiles/secrets"; + pr = "$HOME/Documents/Private"; + ac = path1; + }; + }; + + ssh = { + matchBlocks = { + "${loc1}" = { + hostname = "${loc1}.${domain2}"; + user = user4; + }; + "${loc1}.stg" = { + hostname = "${loc1}.${lifecycle1}.${domain2}"; + user = user4; + }; + "${loc1}.staging" = { + hostname = "${loc1}.${lifecycle1}.${domain2}"; + user = user4; + }; + "${loc1}.dev" = { + hostname = "${loc1}.${lifecycle2}.${domain2}"; + user = user4; + }; + "${loc2}" = { + hostname = "${loc2}.${domain1}"; + user = user1Long; + }; + "${loc2}.stg" = { + hostname = "${loc2}.${lifecycle1}.${domain2}"; + user = user1Long; + }; + "${loc2}.staging" = { + hostname = "${loc2}.${lifecycle1}.${domain2}"; + user = user1Long; + }; + "*.${domain1}" = { + user = user1Long; + }; + }; + }; + + firefox = { + profiles = + let + isDefault = false; + in + { + "${user1}" = lib.recursiveUpdate + { + inherit isDefault; + id = 1; + settings = { + "browser.startup.homepage" = "${site1}|${site2}"; + }; + } + vars.firefox; + "${user2}" = lib.recursiveUpdate + { + inherit isDefault; + id = 2; + settings = { + "browser.startup.homepage" = "${site3}"; + }; + } + vars.firefox; + "${user3}" = lib.recursiveUpdate + { + inherit isDefault; + id = 3; + } + vars.firefox; + work = lib.recursiveUpdate + { + inherit isDefault; + id = 4; + settings = { + "browser.startup.homepage" = "${site4}|${site5}|${site6}|${site7}"; + }; + } + vars.firefox; + }; + }; + + chromium = { + enable = true; + package = pkgs.chromium; + + extensions = [ + # 1password + "gejiddohjgogedgjnonbofjigllpkmbf" + # dark reader + "eimadpbcbfnmbkopoojfekhnkhdbieeh" + # ublock origin + "cjpalhdlnbpafiamejdnhcphjbkeiagm" + # i still dont care about cookies + "edibdbjcniadpccecjdfdjjppcpchdlm" + # browserpass + "naepdomgkenhinolocfifgehidddafch" + ]; + }; + }; + + services = { + kanshi = { + settings = [ + { + # seminary room + output = { + criteria = "Applied Creative Technology Transmitter QUATTRO201811"; + scale = 1.0; + mode = "1280x720"; + }; + } + { + # work main screen + output = { + criteria = "HP Inc. HP 732pk CNC4080YL5"; + scale = 1.0; + mode = "3840x2160"; + }; + } + { + # work side screen + output = { + criteria = "Hewlett Packard HP Z24i CN44250RDT"; + scale = 1.0; + mode = "1920x1200"; + transform = "270"; + }; + } + { + profile = { + name = "lidopen"; + outputs = [ + { + criteria = config.swarselsystems.sharescreen; + status = "enable"; + scale = 1.5; + position = "1462,0"; + } + { + criteria = "HP Inc. HP 732pk CNC4080YL5"; + scale = 1.4; + mode = "3840x2160"; + position = "-1280,0"; + } + { + criteria = "Hewlett Packard HP Z24i CN44250RDT"; + scale = 1.0; + mode = "1920x1200"; + transform = "90"; + position = "-2480,0"; + } + ]; + }; + } + { + profile = { + name = "lidopen"; + outputs = [ + { + criteria = config.swarselsystems.sharescreen; + status = "enable"; + scale = 1.7; + position = "2560,0"; + } + { + criteria = "Applied Creative Technology Transmitter QUATTRO201811"; + scale = 1.0; + mode = "1280x720"; + position = "10000,10000"; + } + ]; + }; + } + { + profile = { + name = "lidclosed"; + outputs = [ + { + criteria = config.swarselsystems.sharescreen; + status = "disable"; + } + { + criteria = "HP Inc. HP 732pk CNC4080YL5"; + scale = 1.4; + mode = "3840x2160"; + position = "-1280,0"; + } + { + criteria = "Hewlett Packard HP Z24i CN44250RDT"; + scale = 1.0; + mode = "1920x1200"; + transform = "270"; + position = "-2480,0"; + } + ]; + }; + } + { + profile = { + name = "lidclosed"; + outputs = [ + { + criteria = config.swarselsystems.sharescreen; + status = "disable"; + } + { + criteria = "Applied Creative Technology Transmitter QUATTRO201811"; + scale = 1.0; + mode = "1280x720"; + position = "10000,10000"; + } + ]; + }; + } + ]; + }; + }; + + xdg = let inherit (nixosConfig.repo.secrets.local.work) user1 user2 user3; in - [ - "${user1}" - "${user2}" - "${user3}" - "work" - ]; - }; + { + configFile."pizauth.conf".text = '' + account "work" { + auth_uri = "https://login.microsoftonline.com/common/oauth2/v2.0/authorize"; + token_uri = "https://login.microsoftonline.com/common/oauth2/v2.0/token"; + client_id = "08162f7c-0fd2-4200-a84a-f25a4db0b584"; + client_secret = "TxRBilcHdC6WGBee]fs?QR:SJ8nI[g82"; + scopes = [ + "https://outlook.office365.com/IMAP.AccessAsUser.All", + "https://outlook.office365.com/SMTP.Send", + "offline_access" + ]; + // You don't have to specify login_hint, but it does make + // authentication a little easier. + login_hint = "${nixosConfig.repo.secrets.local.work.mailAddress}"; + } + ''; - programs = - let - inherit (nixosConfig.repo.secrets.local.work) user1 user1Long user2 user2Long user3 user3Long user4 path1 loc1 loc2 site1 site2 site3 site4 site5 site6 site7 lifecycle1 lifecycle2 domain1 domain2 gitMail; - in - { - git.userEmail = lib.mkForce gitMail; - - zsh = { - shellAliases = { - dssh = "ssh -l ${user1Long}"; - cssh = "ssh -l ${user2Long}"; - wssh = "ssh -l ${user3Long}"; - }; - cdpath = [ - "~/Documents/Work" - ]; - dirHashes = { - d = "$HOME/.dotfiles"; - w = "$HOME/Documents/Work"; - s = "$HOME/.dotfiles/secrets"; - pr = "$HOME/Documents/Private"; - ac = path1; - }; - }; - - ssh = { - matchBlocks = { - "${loc1}" = { - hostname = "${loc1}.${domain2}"; - user = user4; - }; - "${loc1}.stg" = { - hostname = "${loc1}.${lifecycle1}.${domain2}"; - user = user4; - }; - "${loc1}.staging" = { - hostname = "${loc1}.${lifecycle1}.${domain2}"; - user = user4; - }; - "${loc1}.dev" = { - hostname = "${loc1}.${lifecycle2}.${domain2}"; - user = user4; - }; - "${loc2}" = { - hostname = "${loc2}.${domain1}"; - user = user1Long; - }; - "${loc2}.stg" = { - hostname = "${loc2}.${lifecycle1}.${domain2}"; - user = user1Long; - }; - "${loc2}.staging" = { - hostname = "${loc2}.${lifecycle1}.${domain2}"; - user = user1Long; - }; - "*.${domain1}" = { - user = user1Long; + mimeApps = { + defaultApplications = { + "x-scheme-handler/msteams" = [ "teams-for-linux.desktop" ]; }; }; - }; - - firefox = { - profiles = + desktopEntries = let - isDefault = false; + terminal = false; + categories = [ "Application" ]; + icon = "firefox"; in { - "${user1}" = lib.recursiveUpdate - { - inherit isDefault; - id = 1; - settings = { - "browser.startup.homepage" = "${site1}|${site2}"; - }; - } - vars.firefox; - "${user2}" = lib.recursiveUpdate - { - inherit isDefault; - id = 2; - settings = { - "browser.startup.homepage" = "${site3}"; - }; - } - vars.firefox; - "${user3}" = lib.recursiveUpdate - { - inherit isDefault; - id = 3; - } - vars.firefox; - work = lib.recursiveUpdate - { - inherit isDefault; - id = 4; - settings = { - "browser.startup.homepage" = "${site4}|${site5}|${site6}|${site7}"; - }; - } - vars.firefox; + firefox_work = { + name = "Firefox (work)"; + genericName = "Firefox work"; + exec = "firefox -p work"; + inherit terminal categories icon; + }; + "firefox_${user1}" = { + name = "Firefox (${user1})"; + genericName = "Firefox ${user1}"; + exec = "firefox -p ${user1}"; + inherit terminal categories icon; + }; + + "firefox_${user2}" = { + name = "Firefox (${user2})"; + genericName = "Firefox ${user2}"; + exec = "firefox -p ${user2}"; + inherit terminal categories icon; + }; + + "firefox_${user3}" = { + name = "Firefox (${user3})"; + genericName = "Firefox ${user3}"; + exec = "firefox -p ${user3}"; + inherit terminal categories icon; + }; + + }; }; - - chromium = { - enable = true; - package = pkgs.chromium; - - extensions = [ - # 1password - "gejiddohjgogedgjnonbofjigllpkmbf" - # dark reader - "eimadpbcbfnmbkopoojfekhnkhdbieeh" - # ublock origin - "cjpalhdlnbpafiamejdnhcphjbkeiagm" - # i still dont care about cookies - "edibdbjcniadpccecjdfdjjppcpchdlm" - # browserpass - "naepdomgkenhinolocfifgehidddafch" - ]; - }; - }; - - services = { - kanshi = { - settings = [ - { - # seminary room - output = { - criteria = "Applied Creative Technology Transmitter QUATTRO201811"; - scale = 1.0; - mode = "1280x720"; - }; - } - { - # work main screen - output = { - criteria = "HP Inc. HP 732pk CNC4080YL5"; - scale = 1.0; - mode = "3840x2160"; - }; - } - { - # work side screen - output = { - criteria = "Hewlett Packard HP Z24i CN44250RDT"; - scale = 1.0; - mode = "1920x1200"; - transform = "270"; - }; - } - { - profile = { - name = "lidopen"; - outputs = [ - { - criteria = config.swarselsystems.sharescreen; - status = "enable"; - scale = 1.5; - position = "1462,0"; - } - { - criteria = "HP Inc. HP 732pk CNC4080YL5"; - scale = 1.4; - mode = "3840x2160"; - position = "-1280,0"; - } - { - criteria = "Hewlett Packard HP Z24i CN44250RDT"; - scale = 1.0; - mode = "1920x1200"; - transform = "90"; - position = "-2480,0"; - } - ]; - }; - } - { - profile = { - name = "lidopen"; - outputs = [ - { - criteria = config.swarselsystems.sharescreen; - status = "enable"; - scale = 1.7; - position = "2560,0"; - } - { - criteria = "Applied Creative Technology Transmitter QUATTRO201811"; - scale = 1.0; - mode = "1280x720"; - position = "10000,10000"; - } - ]; - }; - } - { - profile = { - name = "lidclosed"; - outputs = [ - { - criteria = config.swarselsystems.sharescreen; - status = "disable"; - } - { - criteria = "HP Inc. HP 732pk CNC4080YL5"; - scale = 1.4; - mode = "3840x2160"; - position = "-1280,0"; - } - { - criteria = "Hewlett Packard HP Z24i CN44250RDT"; - scale = 1.0; - mode = "1920x1200"; - transform = "270"; - position = "-2480,0"; - } - ]; - }; - } - { - profile = { - name = "lidclosed"; - outputs = [ - { - criteria = config.swarselsystems.sharescreen; - status = "disable"; - } - { - criteria = "Applied Creative Technology Transmitter QUATTRO201811"; - scale = 1.0; - mode = "1280x720"; - position = "10000,10000"; - } - ]; - }; - } + swarselsystems = { + startup = [ + # { command = "nextcloud --background"; } + { command = "vesktop --start-minimized --enable-speech-dispatcher --ozone-platform-hint=auto --enable-features=WaylandWindowDecorations --enable-wayland-ime"; } + { command = "element-desktop --hidden --enable-features=UseOzonePlatform --ozone-platform=wayland --disable-gpu-driver-bug-workarounds"; } + { command = "ANKI_WAYLAND=1 anki"; } + { command = "OBSIDIAN_USE_WAYLAND=1 obsidian"; } + { command = "nm-applet"; } + # { command = "feishin"; } + { command = "teams-for-linux --disableGpu=true --minimized=true --trayIconEnabled=true"; } + { command = "1password"; } ]; - }; - }; - - xdg = - let - inherit (nixosConfig.repo.secrets.local.work) user1 user2 user3; - in - { - mimeApps = { - defaultApplications = { - "x-scheme-handler/msteams" = [ "teams-for-linux.desktop" ]; + monitors = { + main = { + name = "BOE 0x0BC9 Unknown"; + mode = "2560x1600"; # TEMPLATE + scale = "1"; + position = "2560,0"; + workspace = "15:L"; + output = "eDP-2"; + }; + homedesktop = { + name = "Philips Consumer Electronics Company PHL BDM3270 AU11806002320"; + mode = "2560x1440"; + scale = "1"; + position = "0,0"; + workspace = "1:一"; + output = "DP-11"; + }; + work_back_middle = { + name = "LG Electronics LG Ultra HD 0x000305A6"; + mode = "2560x1440"; + scale = "1"; + position = "5120,0"; + workspace = "1:一"; + output = "DP-10"; + }; + work_front_left = { + name = "LG Electronics LG Ultra HD 0x0007AB45"; + mode = "3840x2160"; + scale = "1"; + position = "5120,0"; + workspace = "1:一"; + output = "DP-7"; + }; + work_back_right = { + name = "HP Inc. HP Z32 CN41212T55"; + mode = "3840x2160"; + scale = "1"; + position = "5120,0"; + workspace = "1:一"; + output = "DP-3"; + }; + work_middle_middle_main = { + name = "HP Inc. HP 732pk CNC4080YL5"; + mode = "3840x2160"; + scale = "1"; + position = "-1280,0"; + workspace = "11:M"; + output = "DP-8"; + }; + work_middle_middle_side = { + name = "Hewlett Packard HP Z24i CN44250RDT"; + mode = "1920x1200"; + transform = "270"; + scale = "1"; + position = "-2480,0"; + workspace = "12:S"; + output = "DP-9"; + }; + work_seminary = { + name = "Applied Creative Technology Transmitter QUATTRO201811"; + mode = "1280x720"; + scale = "1"; + position = "10000,10000"; # i.e. this screen is inaccessible by moving the mouse + workspace = "14:T"; + output = "DP-4"; }; }; - desktopEntries = - let - terminal = false; - categories = [ "Application" ]; - icon = "firefox"; - in - { - firefox_work = { - name = "Firefox (work)"; - genericName = "Firefox work"; - exec = "firefox -p work"; - inherit terminal categories icon; - }; - "firefox_${user1}" = { - name = "Firefox (${user1})"; - genericName = "Firefox ${user1}"; - exec = "firefox -p ${user1}"; - inherit terminal categories icon; - }; - - "firefox_${user2}" = { - name = "Firefox (${user2})"; - genericName = "Firefox ${user2}"; - exec = "firefox -p ${user2}"; - inherit terminal categories icon; - }; - - "firefox_${user3}" = { - name = "Firefox (${user3})"; - genericName = "Firefox ${user3}"; - exec = "firefox -p ${user3}"; - inherit terminal categories icon; - }; - - + inputs = { + "1133:45081:MX_Master_2S_Keyboard" = { + xkb_layout = "us"; + xkb_variant = "altgr-intl"; + }; + # "2362:628:PIXA3854:00_093A:0274_Touchpad" = { + # dwt = "enabled"; + # tap = "enabled"; + # natural_scroll = "enabled"; + # middle_emulation = "enabled"; + # drag_lock = "disabled"; + # }; + "1133:50504:Logitech_USB_Receiver" = { + xkb_layout = "us"; + xkb_variant = "altgr-intl"; + }; + "1133:45944:MX_KEYS_S" = { + xkb_layout = "us"; + xkb_variant = "altgr-intl"; }; - }; - swarselsystems = { - startup = [ - # { command = "nextcloud --background"; } - { command = "vesktop --start-minimized --enable-speech-dispatcher --ozone-platform-hint=auto --enable-features=WaylandWindowDecorations --enable-wayland-ime"; } - { command = "element-desktop --hidden --enable-features=UseOzonePlatform --ozone-platform=wayland --disable-gpu-driver-bug-workarounds"; } - { command = "ANKI_WAYLAND=1 anki"; } - { command = "OBSIDIAN_USE_WAYLAND=1 obsidian"; } - { command = "nm-applet"; } - # { command = "feishin"; } - { command = "teams-for-linux --disableGpu=true --minimized=true --trayIconEnabled=true"; } - { command = "1password"; } - ]; - monitors = { - main = { - name = "BOE 0x0BC9 Unknown"; - mode = "2560x1600"; # TEMPLATE - scale = "1"; - position = "2560,0"; - workspace = "15:L"; - output = "eDP-2"; }; - homedesktop = { - name = "Philips Consumer Electronics Company PHL BDM3270 AU11806002320"; - mode = "2560x1440"; - scale = "1"; - position = "0,0"; - workspace = "1:一"; - output = "DP-11"; + keybindings = { + "Mod4+Ctrl+Shift+p" = "exec screenshare"; }; - work_back_middle = { - name = "LG Electronics LG Ultra HD 0x000305A6"; - mode = "2560x1440"; - scale = "1"; - position = "5120,0"; - workspace = "1:一"; - output = "DP-10"; - }; - work_front_left = { - name = "LG Electronics LG Ultra HD 0x0007AB45"; - mode = "3840x2160"; - scale = "1"; - position = "5120,0"; - workspace = "1:一"; - output = "DP-7"; - }; - work_back_right = { - name = "HP Inc. HP Z32 CN41212T55"; - mode = "3840x2160"; - scale = "1"; - position = "5120,0"; - workspace = "1:一"; - output = "DP-3"; - }; - work_middle_middle_main = { - name = "HP Inc. HP 732pk CNC4080YL5"; - mode = "3840x2160"; - scale = "1"; - position = "-1280,0"; - workspace = "11:M"; - output = "DP-8"; - }; - work_middle_middle_side = { - name = "Hewlett Packard HP Z24i CN44250RDT"; - mode = "1920x1200"; - transform = "270"; - scale = "1"; - position = "-2480,0"; - workspace = "12:S"; - output = "DP-9"; - }; - work_seminary = { - name = "Applied Creative Technology Transmitter QUATTRO201811"; - mode = "1280x720"; - scale = "1"; - position = "10000,10000"; # i.e. this screen is inaccessible by moving the mouse - workspace = "14:T"; - output = "DP-4"; - }; - }; - inputs = { - "1133:45081:MX_Master_2S_Keyboard" = { - xkb_layout = "us"; - xkb_variant = "altgr-intl"; - }; - # "2362:628:PIXA3854:00_093A:0274_Touchpad" = { - # dwt = "enabled"; - # tap = "enabled"; - # natural_scroll = "enabled"; - # middle_emulation = "enabled"; - # drag_lock = "disabled"; - # }; - "1133:50504:Logitech_USB_Receiver" = { - xkb_layout = "us"; - xkb_variant = "altgr-intl"; - }; - "1133:45944:MX_KEYS_S" = { - xkb_layout = "us"; - xkb_variant = "altgr-intl"; - }; - }; - keybindings = { - "Mod4+Ctrl+Shift+p" = "exec screenshare"; - }; + }; }; - }; } diff --git a/modules/nixos/optional/work.nix b/modules/nixos/optional/work.nix index 5ac8a2c..79a33bd 100644 --- a/modules/nixos/optional/work.nix +++ b/modules/nixos/optional/work.nix @@ -213,13 +213,12 @@ in gh ]; - services = { spice-vdagentd.enable = true; openssh = { enable = true; extraConfig = '' - ''; + ''; }; syncthing = {