feat: niri, new winters ip, mail fixes

2025-12-06 09:07:21 +01:00 · 2025-08-24 14:56:50 +02:00 · 2025-08-24 14:56:50 +02:00 · 915bf256da
commit 915bf256da
parent 6ea3851e72
61 changed files with 1814 additions and 965 deletions
--- a/modules/nixos/client/keyd.nix
+++ b/modules/nixos/client/keyd.nix
@ -0,0 +1,23 @@
+{ lib, config, ... }:
+let
+  moduleName = "keyd";
+in
+{
+  options.swarselmodules.${moduleName} = lib.mkEnableOption "${moduleName} tools config";
+  config = lib.mkIf config.swarselmodules.${moduleName} {
+    services.keyd = {
+      enable = true;
+      keyboards = {
+        default = {
+          ids = [ "*" ];
+          settings = {
+            main = {
+              leftmeta = "overload(meta, macro(rightmeta+z))";
+              rightmeta = "overload(meta, macro(rightmeta+z))";
+            };
+          };
+        };
+      };
+    };
+  };
+}
--- a/modules/nixos/client/network.nix
+++ b/modules/nixos/client/network.nix
@ -99,25 +99,26 @@ in
              ${wlan1} = {
                connection = {
                  id = wlan1;
-                  permissions = "";
+                  # permissions = "";
                  type = "wifi";
                };
                ipv4 = {
-                  dns-search = "";
+                  # dns-search = "";
                  method = "auto";
                };
                ipv6 = {
                  addr-gen-mode = "stable-privacy";
-                  dns-search = "";
+                  # dns-search = "";
                  method = "auto";
                };
                wifi = {
-                  mac-address-blacklist = "";
+                  # mac-address-blacklist = "";
                  mode = "infrastructure";
+                  band = "a";
                  ssid = wlan1;
                };
                wifi-security = {
-                  auth-alg = "open";
+                  # auth-alg = "open";
                  key-mgmt = "wpa-psk";
                  psk = "$WLAN1_PW";
                };
--- a/modules/nixos/client/niri.nix
+++ b/modules/nixos/client/niri.nix
@ -0,0 +1,25 @@
+{ lib, config, pkgs, ... }:
+let
+  moduleName = "niri";
+in
+{
+  options.swarselmodules.${moduleName} = lib.mkEnableOption "${moduleName} settings";
+  config = lib.mkIf config.swarselmodules.${moduleName} {
+
+    environment.systemPackages = with pkgs; [
+      wl-clipboard
+      wayland-utils
+      libsecret
+      cage
+      gamescope
+      xwayland-satellite-unstable
+    ];
+
+    niri-flake.cache.enable = true;
+
+    programs.niri = {
+      enable = true;
+      package = pkgs.niri-unstable; # the actual niri that will be installed and used
+    };
+  };
+}
--- a/modules/nixos/client/packages.nix
+++ b/modules/nixos/client/packages.nix
@ -23,7 +23,6 @@
      dbus
      swaylock-effects
      syncthingtray-minimal
-      wl-mirror
      swayosd

      # secure boot
@ -48,8 +47,6 @@
      # better make for general tasks
      just

-      screenshare
-      fullscreen

      # keyboards
      qmk
@ -61,6 +58,7 @@

      # kde-connect
      xdg-desktop-portal
+      xdg-desktop-portal-gtk
      xdg-desktop-portal-wlr

      # bluetooth
--- a/modules/nixos/client/uwsm.nix
+++ b/modules/nixos/client/uwsm.nix
@ -13,6 +13,11 @@ in
          comment = "Sway compositor managed by UWSM";
          binPath = "/run/current-system/sw/bin/sway";
        };
+        niri = {
+          prettyName = "Niri";
+          comment = "Niri compositor managed by UWSM";
+          binPath = "/run/current-system/sw/bin/niri-session";
+        };
      };
    };
  };
--- a/modules/nixos/client/xdg-portal.nix
+++ b/modules/nixos/client/xdg-portal.nix
@ -4,11 +4,11 @@
  config = lib.mkIf config.swarselmodules.xdg-portal {
    xdg.portal = {
      enable = true;
-      config = {
-        common = {
-          default = "wlr";
-        };
-      };
+      # config = {
+      #   common = {
+      #     default = "wlr";
+      #   };
+      # };
      wlr.enable = true;
      wlr.settings.screencast = {
        output_name = "eDP-1";
--- a/modules/nixos/common/globals.nix
+++ b/modules/nixos/common/globals.nix
@ -39,6 +39,18 @@ in
            );
          };

+          hosts = mkOption {
+            type = types.attrsOf (
+              types.submodule {
+                options = {
+                  ipv4 = mkOption {
+                    type = types.str;
+                  };
+                };
+              }
+            );
+          };
+
          domains = {
            main = mkOption {
              type = types.str;
--- a/modules/nixos/common/home-manager-secrets.nix
+++ b/modules/nixos/common/home-manager-secrets.nix
@ -24,7 +24,7 @@ in
        emacs-radicale-pw = { owner = mainUser; };
      });
      templates = {
-        authinfo = {
+        authinfo = lib.mkIf modules.emacs {
          path = "${homeDir}/.emacs.d/.authinfo";
          content = ''
            machine ${globals.services.radicale.domain} login ${radicaleUser} password ${config.sops.placeholder.emacs-radicale-pw}
--- a/modules/nixos/common/users.nix
+++ b/modules/nixos/common/users.nix
@ -12,7 +12,7 @@ in
      users = {
        root = {
          inherit (globals.root) hashedPassword;
-          shell = pkgs.zsh;
+          # shell = pkgs.zsh;
        };
        "${config.swarselsystems.mainUser}" = {
          isNormalUser = true;
--- a/modules/nixos/optional/work.nix
+++ b/modules/nixos/optional/work.nix
@ -1,28 +1,9 @@
 { self, lib, pkgs, config, configName, ... }:
 let
-  inherit (config.swarselsystems) mainUser homeDir xdgDir;
+  inherit (config.swarselsystems) mainUser homeDir;
  iwd = config.networking.networkmanager.wifi.backend == "iwd";
  owner = mainUser;
  sopsFile = self + /secrets/work/secrets.yaml;
-  swarselService = name: description: execStart: {
-    "${name}" = {
-      enable = true;
-      inherit description;
-      serviceConfig = {
-        ExecStart = execStart;
-        User = mainUser;
-        Group = "users";
-        Environment = [
-          "PATH=/run/current-system/sw/bin:/etc/profiles/per-user/${mainUser}/bin"
-          "XDG_RUNTIME_DIR=${xdgDir}"
-          "WAYLAND_DISPLAY=wayland-1"
-        ];
-        Type = "oneshot";
-        StandardOutput = "journal";
-        StandardError = "journal";
-      };
-    };
-  };
 in
 {
  options.swarselmodules.optional.work = lib.mkEnableOption "optional work settings";
@ -124,6 +105,7 @@ in
                mac-address = "E8:65:38:52:63:FF";
                mac-address-randomization = "1";
                mode = "infrastructure";
+                band = "a";
                ssid = "VBC";
              };
              wifi-security = {
@ -171,10 +153,6 @@ in
    };

    environment.systemPackages = with pkgs; [
-      # (python39.withPackages (ps: with ps; [
-      # cryptography
-      # ]))
-      #   docker
      stable24_11.python39
      qemu
      packer
@ -228,19 +206,12 @@ in
      };

      udev.extraRules = ''
-        # share screen when dongle detected
-        SUBSYSTEM=="usb", ACTION=="add", ATTRS{idVendor}=="343c", ATTRS{idProduct}=="0000", TAG+="systemd", ENV{SYSTEMD_WANTS}="swarsel-screenshare.service"
-
        # lock screen when yubikey removed
        ACTION=="remove", ENV{PRODUCT}=="3/1050/407/110", RUN+="${pkgs.systemd}/bin/systemctl suspend"
      '';

    };

-    systemd.services = lib.mkMerge [
-      (swarselService "swarsel-screenshare" "Start screensharing after HDMI dongle is detected" "${pkgs.screenshare}/bin/screenshare -h")
-    ];
-
    # cgroups v1 is required for centos7 dockers
    # specialisation = {
    #   cgroup_v1.configuration = {
--- a/modules/nixos/server/ankisync.nix
+++ b/modules/nixos/server/ankisync.nix
@ -5,6 +5,7 @@ let
  servicePort = 27701;
  serviceName = "ankisync";
  serviceDomain = config.repo.secrets.common.services.domains.${serviceName};
+  serviceAddress = globals.hosts.winters.ipv4;

  ankiUser = globals.user.name;
 in
@ -41,7 +42,7 @@ in
      upstreams = {
        ${serviceName} = {
          servers = {
-            "192.168.1.2:${builtins.toString servicePort}" = { };
+            "${serviceAddress}:${builtins.toString servicePort}" = { };
          };
        };
      };
--- a/modules/nixos/server/atuin.nix
+++ b/modules/nixos/server/atuin.nix
@ -1,8 +1,9 @@
-{ lib, config, ... }:
+{ lib, config, globals, ... }:
 let
  servicePort = 8888;
  serviceName = "atuin";
  serviceDomain = config.repo.secrets.common.services.domains.${serviceName};
+  serviceAddress = globals.hosts.winters.ipv4;
 in
 {
  options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
@ -23,7 +24,7 @@ in
      upstreams = {
        ${serviceName} = {
          servers = {
-            "192.168.1.2:${builtins.toString servicePort}" = { };
+            "${serviceAddress}:${builtins.toString servicePort}" = { };
          };
        };
      };
--- a/modules/nixos/server/firefly-iii.nix
+++ b/modules/nixos/server/firefly-iii.nix
@ -1,10 +1,11 @@
-{ self, lib, config, ... }:
+{ self, lib, config, globals, ... }:
 let
  servicePort = 80;
  serviceUser = "firefly-iii";
  serviceGroup = serviceUser;
  serviceName = "firefly-iii";
  serviceDomain = config.repo.secrets.common.services.domains.${serviceName};
+  serviceAddress = globals.hosts.winters.ipv4;

  nginxGroup = "nginx";

@ -81,7 +82,7 @@ in
      upstreams = {
        ${serviceName} = {
          servers = {
-            "192.168.1.2:${builtins.toString servicePort}" = { };
+            "${serviceAddress}:${builtins.toString servicePort}" = { };
          };
        };
      };
--- a/modules/nixos/server/forgejo.nix
+++ b/modules/nixos/server/forgejo.nix
@ -7,6 +7,7 @@ let
  serviceGroup = serviceUser;
  serviceName = "forgejo";
  serviceDomain = config.repo.secrets.common.services.domains.${serviceName};
+  serviceAddress = globals.hosts.winters.ipv4;

  kanidmDomain = globals.services.kanidm.domain;
 in
@ -132,7 +133,7 @@ in
      upstreams = {
        ${serviceName} = {
          servers = {
-            "192.168.1.2:${builtins.toString servicePort}" = { };
+            "${serviceAddress}:${builtins.toString servicePort}" = { };
          };
        };
      };
--- a/modules/nixos/server/freshrss.nix
+++ b/modules/nixos/server/freshrss.nix
@ -1,10 +1,11 @@
-{ self, lib, config, ... }:
+{ self, lib, config, globals, ... }:
 let
  servicePort = 80;
  serviceName = "freshrss";
  serviceUser = "freshrss";
  serviceGroup = serviceName;
  serviceDomain = config.repo.secrets.common.services.domains.${serviceName};
+  serviceAddress = globals.hosts.winters.ipv4;

  inherit (config.swarselsystems) sopsFile;
 in
@ -77,7 +78,7 @@ in
      upstreams = {
        ${serviceName} = {
          servers = {
-            "192.168.1.2:${builtins.toString servicePort}" = { };
+            "${serviceAddress}:${builtins.toString servicePort}" = { };
          };
        };
      };
--- a/modules/nixos/server/immich.nix
+++ b/modules/nixos/server/immich.nix
@ -4,6 +4,7 @@ let
  serviceUser = "immich";
  serviceName = "immich";
  serviceDomain = config.repo.secrets.common.services.domains.${serviceName};
+  serviceAddress = globals.hosts.winters.ipv4;
 in
 {
  options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
@ -33,7 +34,7 @@ in
      upstreams = {
        ${serviceName} = {
          servers = {
-            "192.168.1.2:${builtins.toString servicePort}" = { };
+            "${serviceAddress}:${builtins.toString servicePort}" = { };
          };
        };
      };
--- a/modules/nixos/server/jellyfin.nix
+++ b/modules/nixos/server/jellyfin.nix
@ -1,9 +1,10 @@
-{ pkgs, lib, config, ... }:
+{ pkgs, lib, config, globals, ... }:
 let
  servicePort = 8096;
  serviceName = "jellyfin";
  serviceUser = "jellyfin";
  serviceDomain = config.repo.secrets.common.services.domains.${serviceName};
+  serviceAddress = globals.hosts.winters.ipv4;
 in
 {
  options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
@ -37,7 +38,7 @@ in
      upstreams = {
        ${serviceName} = {
          servers = {
-            "192.168.1.2:${builtins.toString servicePort}" = { };
+            "${serviceAddress}:${builtins.toString servicePort}" = { };
          };
        };
      };
--- a/modules/nixos/server/jenkins.nix
+++ b/modules/nixos/server/jenkins.nix
@ -1,8 +1,9 @@
-{ pkgs, lib, config, ... }:
+{ pkgs, lib, config, globals, ... }:
 let
  servicePort = 8088;
  serviceName = "jenkins";
  serviceDomain = config.repo.secrets.common.services.domains.${serviceName};
+  serviceAddress = globals.hosts.winters.ipv4;
 in
 {
  options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
@ -21,7 +22,7 @@ in
      upstreams = {
        ${serviceName} = {
          servers = {
-            "192.168.1.2:${builtins.toString servicePort}" = { };
+            "${serviceAddress}:${builtins.toString servicePort}" = { };
          };
        };
      };
--- a/modules/nixos/server/kanidm.nix
+++ b/modules/nixos/server/kanidm.nix
@ -8,6 +8,7 @@ let
  serviceGroup = serviceUser;
  serviceName = "kanidm";
  serviceDomain = config.repo.secrets.common.services.domains.${serviceName};
+  serviceAddress = globals.hosts.winters.ipv4;

  oauth2ProxyDomain = globals.services.oauth2Proxy.domain;
  immichDomain = globals.services.immich.domain;
@ -237,7 +238,7 @@ in
      upstreams = {
        ${serviceName} = {
          servers = {
-            "192.168.1.2:${builtins.toString servicePort}" = { };
+            "${serviceAddress}:${builtins.toString servicePort}" = { };
          };
        };
      };
--- a/modules/nixos/server/kavita.nix
+++ b/modules/nixos/server/kavita.nix
@ -1,4 +1,4 @@
-{ self, lib, config, pkgs, ... }:
+{ self, lib, config, pkgs, globals, ... }:
 let
  inherit (config.swarselsystems) sopsFile;

@ -6,6 +6,7 @@ let
  serviceName = "kavita";
  serviceUser = "kavita";
  serviceDomain = config.repo.secrets.common.services.domains.${serviceName};
+  serviceAddress = globals.hosts.winters.ipv4;
 in
 {
  options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
@ -41,7 +42,7 @@ in
      upstreams = {
        ${serviceName} = {
          servers = {
-            "192.168.1.2:${builtins.toString servicePort}" = { };
+            "${serviceAddress}:${builtins.toString servicePort}" = { };
          };
        };
      };
--- a/modules/nixos/server/koillection.nix
+++ b/modules/nixos/server/koillection.nix
@ -1,4 +1,4 @@
-{ self, lib, config, ... }:
+{ self, lib, config, globals, ... }:
 let
  serviceUser = "koillection";
  serviceDB = "koillection";
@ -6,6 +6,7 @@ let
  servicePort = 2282;
  serviceDomain = config.repo.secrets.common.services.domains.${serviceName};
  serviceDir = "/Vault/data/koillection";
+  serviceAddress = globals.hosts.winters.ipv4;

  postgresUser = config.systemd.services.postgresql.serviceConfig.User; # postgres
  postgresPort = config.services.postgresql.settings.port; # 5432
@ -107,7 +108,7 @@ in
      upstreams = {
        ${serviceName} = {
          servers = {
-            "192.168.1.2:${builtins.toString servicePort}" = { };
+            "${serviceAddress}:${builtins.toString servicePort}" = { };
          };
        };
      };
--- a/modules/nixos/server/matrix.nix
+++ b/modules/nixos/server/matrix.nix
@ -1,4 +1,4 @@
-{ lib, config, pkgs, ... }:
+{ lib, config, pkgs, globals, ... }:
 let
  inherit (config.swarselsystems) sopsFile;

@ -6,6 +6,7 @@ let
  serviceName = "matrix";
  serviceDomain = config.repo.secrets.common.services.domains.matrix;
  serviceUser = "matrix-synapse";
+  serviceAddress = globals.hosts.winters.ipv4;

  federationPort = 8448;
  whatsappPort = 29318;
@ -293,7 +294,7 @@ in
      upstreams = {
        ${serviceName} = {
          servers = {
-            "192.168.1.2:${builtins.toString servicePort}" = { };
+            "${serviceAddress}:${builtins.toString servicePort}" = { };
          };
        };
      };
--- a/modules/nixos/server/monitoring.nix
+++ b/modules/nixos/server/monitoring.nix
@ -5,6 +5,7 @@ let
  serviceGroup = serviceUser;
  serviceName = "grafana";
  serviceDomain = config.repo.secrets.common.services.domains.${serviceName};
+  serviceAddress = globals.hosts.winters.ipv4;

  prometheusPort = 9090;
  prometheusUser = "prometheus";
@ -209,12 +210,12 @@ in
      upstreams = {
        "${grafanaUpstream}" = {
          servers = {
-            "192.168.1.2:${builtins.toString servicePort}" = { };
+            "${serviceAddress}:${builtins.toString servicePort}" = { };
          };
        };
        "${prometheusUpstream}" = {
          servers = {
-            "192.168.1.2:${builtins.toString prometheusPort}" = { };
+            "${serviceAddress}:${builtins.toString prometheusPort}" = { };
          };
        };
      };
--- a/modules/nixos/server/navidrome.nix
+++ b/modules/nixos/server/navidrome.nix
@ -1,10 +1,11 @@
-{ pkgs, config, lib, ... }:
+{ pkgs, config, lib, globals, ... }:
 let
  servicePort = 4040;
  serviceName = "navidrome";
  serviceUser = "navidrome";
  serviceGroup = serviceUser;
  serviceDomain = config.repo.secrets.common.services.domains.${serviceName};
+  serviceAddress = globals.hosts.winters.ipv4;
 in
 {
  options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
@ -84,7 +85,7 @@ in
      upstreams = {
        ${serviceName} = {
          servers = {
-            "192.168.1.2:${builtins.toString servicePort}" = { };
+            "${serviceAddress}:${builtins.toString servicePort}" = { };
          };
        };
      };
--- a/modules/nixos/server/nextcloud.nix
+++ b/modules/nixos/server/nextcloud.nix
@ -1,4 +1,4 @@
-{ pkgs, lib, config, ... }:
+{ pkgs, lib, config, globals, ... }:
 let
  inherit (config.repo.secrets.local.nextcloud) adminuser;
  inherit (config.swarselsystems) sopsFile;
@ -8,6 +8,7 @@ let
  serviceGroup = serviceUser;
  serviceName = "nextcloud";
  serviceDomain = config.repo.secrets.common.services.domains.${serviceName};
+  serviceAddress = globals.hosts.winters.ipv4;
 in
 {
  options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
@ -51,7 +52,7 @@ in
      upstreams = {
        ${serviceName} = {
          servers = {
-            "192.168.1.2:${builtins.toString servicePort}" = { };
+            "${serviceAddress}:${builtins.toString servicePort}" = { };
          };
        };
      };
--- a/modules/nixos/server/paperless.nix
+++ b/modules/nixos/server/paperless.nix
@ -7,6 +7,7 @@ let
  serviceGroup = serviceUser;
  serviceName = "paperless";
  serviceDomain = config.repo.secrets.common.services.domains.${serviceName};
+  serviceAddress = globals.hosts.winters.ipv4;

  tikaPort = 9998;
  gotenbergPort = 3002;
@ -101,7 +102,7 @@ in
      upstreams = {
        ${serviceName} = {
          servers = {
-            "192.168.1.2:${builtins.toString servicePort}" = { };
+            "${serviceAddress}:${builtins.toString servicePort}" = { };
          };
        };
      };
--- a/modules/nixos/server/radicale.nix
+++ b/modules/nixos/server/radicale.nix
@ -1,4 +1,4 @@
-{ self, lib, config, ... }:
+{ self, lib, config, globals, ... }:
 let
  sopsFile = self + /secrets/winters/secrets2.yaml;

@ -7,6 +7,7 @@ let
  serviceUser = "radicale";
  serviceGroup = serviceUser;
  serviceDomain = config.repo.secrets.common.services.domains.${serviceName};
+  serviceAddress = globals.hosts.winters.ipv4;

  cfg = config.services.${serviceName};
 in
@ -85,7 +86,7 @@ in
      upstreams = {
        ${serviceName} = {
          servers = {
-            "192.168.1.2:${builtins.toString servicePort}" = { };
+            "${serviceAddress}:${builtins.toString servicePort}" = { };
          };
        };
      };
--- a/modules/nixos/server/syncthing.nix
+++ b/modules/nixos/server/syncthing.nix
@ -1,12 +1,14 @@
-{ lib, config, configName, ... }:
+{ lib, config, configName, globals, ... }:
 let
+  inherit (config.swarselsystems.syncthing) serviceDomain;
+  inherit (config.swarselsystems.syncthing) serviceIP;
+
  servicePort = 8384;
  serviceUser = "syncthing";
  serviceGroup = serviceUser;
  serviceName = "syncthing";
+  serviceAddress = globals.hosts.winters.ipv4;
  specificServiceName = "syncthing-${configName}";
-  inherit (config.swarselsystems.syncthing) serviceDomain;
-  inherit (config.swarselsystems.syncthing) serviceIP;

  cfg = config.services.${serviceName};
  devices = config.swarselsystems.syncthing.syncDevices;
@ -22,7 +24,7 @@ in
      };
      serviceIP = lib.mkOption {
        type = lib.types.str;
-        default = "192.168.1.2";
+        default = "${serviceAddress}";
      };
      syncDevices = lib.mkOption {
        type = lib.types.listOf lib.types.str;