swarsel/.dotfiles
1
0
Fork 0
mirror of https://github.com/Swarsel/.dotfiles.git synced 2025-12-06 09:07:21 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

refactor: indirections f. user,[home,flake,xdg]Dir

Browse source
This commit is contained in:
Leon Schwarzäugl 2025-03-22 22:32:32 +01:00
parent 5c207050a3
commit 9c1df052a2
Signed by: swarsel
GPG key ID: 26A54C31F2A4FD84
34 changed files with 416 additions and 281 deletions
Download patch file Download diff file Expand all files Collapse all files

409
SwarselSystems.org
View file

@ -338,64 +338,65 @@ In this section I am creating some attributes that define general concepts of my
They are defined in [[#h:5e3e21e0-57af-4dad-b32f-6400af9b7aab][Overlays (additions, overrides, nixpkgs-stable)]]. The way this is handled was simplified in =647a2ae feat: simplify overlay structure=; however, the old structure might be easier to understand as a reference. They are defined in [[#h:5e3e21e0-57af-4dad-b32f-6400af9b7aab][Overlays (additions, overrides, nixpkgs-stable)]]. The way this is handled was simplified in =647a2ae feat: simplify overlay structure=; however, the old structure might be easier to understand as a reference.
#+begin_src nix :tangle no :noweb-ref flakeoutputgeneral #+begin_src nix :tangle no :noweb-ref flakeoutputgeneral
inherit lib;
inherit lib; nixosModules = import ./modules/nixos { inherit lib; };
homeModules = import ./modules/home { inherit lib; };
packages = lib.swarselsystems.forEachSystem (pkgs: import ./pkgs { inherit lib pkgs; });
formatter = lib.swarselsystems.forEachSystem (pkgs: pkgs.nixpkgs-fmt);
overlays = import ./overlays { inherit self lib inputs; };
nixosModules = import ./modules/nixos { inherit lib; }; apps = lib.swarselsystems.forAllSystems (system:
homeModules = import ./modules/home { inherit lib; }; let
packages = lib.swarselsystems.forEachSystem (pkgs: import ./pkgs { inherit lib pkgs; }); appNames = [
formatter = lib.swarselsystems.forEachSystem (pkgs: pkgs.nixpkgs-fmt); "swarsel-bootstrap"
overlays = import ./overlays { inherit self lib inputs; }; "swarsel-install"
"swarsel-rebuild"
"swarsel-postinstall"
];
appSet = lib.swarselsystems.mkApps system appNames self;
in
{
inherit appSet;
default = appSet.bootstrap;
});
apps = lib.swarselsystems.forAllSystems (system: devShells = lib.swarselsystems.forAllSystems (system:
let let
appNames = [ pkgs = lib.swarselsystems.pkgsFor.${system};
"swarsel-bootstrap" checks = self.checks.${system};
"swarsel-install" in
"swarsel-rebuild" {
"swarsel-postinstall" default = pkgs.mkShell {
NIX_CONFIG = "experimental-features = nix-command flakes";
inherit (checks.pre-commit-check) shellHook;
buildInputs = checks.pre-commit-check.enabledPackages;
nativeBuildInputs = [
pkgs.nix
pkgs.home-manager
pkgs.git
pkgs.just
pkgs.age
pkgs.ssh-to-age
pkgs.sops
pkgs.statix
pkgs.deadnix
pkgs.nixpkgs-fmt
]; ];
appSet = lib.swarselsystems.mkApps system appNames self; };
in }
{ );
inherit appSet;
default = appSet.bootstrap;
});
devShells = lib.swarselsystems.forAllSystems (system: templates = import ./templates { inherit lib; };
let
pkgs = lib.swarselsystems.pkgsFor.${system};
checks = self.checks.${system};
in
{
default = pkgs.mkShell {
NIX_CONFIG = "experimental-features = nix-command flakes";
inherit (checks.pre-commit-check) shellHook;
buildInputs = checks.pre-commit-check.enabledPackages;
nativeBuildInputs = [
pkgs.nix
pkgs.home-manager
pkgs.git
pkgs.just
pkgs.age
pkgs.ssh-to-age
pkgs.sops
pkgs.statix
pkgs.deadnix
pkgs.nixpkgs-fmt
];
};
}
);
templates = import ./templates { inherit lib; }; checks = lib.swarselsystems.forAllSystems (system:
let
pkgs = lib.swarselsystems.pkgsFor.${system};
in
import ./checks { inherit self inputs system pkgs; }
);
checks = lib.swarselsystems.forAllSystems (system: diskoConfigurations.default = import .templates/hosts/nixos/disk-config.nix;
let
pkgs = lib.swarselsystems.pkgsFor.${system};
in
import ./checks { inherit self inputs system pkgs; }
);
#+end_src #+end_src
@ -449,6 +450,9 @@ This file defines a number of checks that can either be run by calling =nix flak
#+end_src #+end_src
** Templates ** Templates
:PROPERTIES:
:CUSTOM_ID: h:e817f769-9aa9-4192-b649-c269080f4fee
:END:
This file defines the templates that are being exposed by the flake. These can be used by running =nix flake init -t github:Swarsel/.dotfiles#<TEMPLATE_NAME>=. This file defines the templates that are being exposed by the flake. These can be used by running =nix flake init -t github:Swarsel/.dotfiles#<TEMPLATE_NAME>=.
@ -584,7 +588,7 @@ This is the template that I use for new deployments of personal machines. Server
:END: :END:
#+begin_src nix :tangle templates/hosts/nixos/default.nix #+begin_src nix :tangle templates/hosts/nixos/default.nix
{ self, inputs, pkgs, lib, ... }: { self, inputs, pkgs, lib, primaryUser, ... }:
let let
profilesPath = "${self}/profiles"; profilesPath = "${self}/profiles";
sharedOptions = { sharedOptions = {
@ -607,7 +611,7 @@ This is the template that I use for new deployments of personal machines. Server
inputs.home-manager.nixosModules.home-manager inputs.home-manager.nixosModules.home-manager
{ {
home-manager.users.swarsel.imports = [ home-manager.users."${primaryUser}".imports = [
"${profilesPath}/home/optional/gaming.nix" "${profilesPath}/home/optional/gaming.nix"
]; ];
} }
@ -636,11 +640,10 @@ This is the template that I use for new deployments of personal machines. Server
} }
sharedOptions; sharedOptions;
home-manager.users.swarsel.swarselsystems = lib.recursiveUpdate home-manager.users."${primaryUser}".swarselsystems = lib.recursiveUpdate
{ {
isLaptop = true; isLaptop = true;
isNixos = true; isNixos = true;
flakePath = "/home/swarsel/.dotfiles";
cpuCount = 16; cpuCount = 16;
startup = [ startup = [
{ command = "nextcloud --background"; } { command = "nextcloud --background"; }
@ -805,13 +808,14 @@ My work machine. Built for more security, this is the gold standard of my config
:CUSTOM_ID: h:567c0055-f5f7-4e53-8f13-d767d7166e9d :CUSTOM_ID: h:567c0055-f5f7-4e53-8f13-d767d7166e9d
:END: :END:
#+begin_src nix :tangle hosts/nixos/nbl-imba-2/default.nix #+begin_src nix :tangle hosts/nixos/nbl-imba-2/default.nix
{ self, inputs, pkgs, lib, ... }: { self, inputs, pkgs, lib, primaryUser, ... }:
let let
secretsDirectory = builtins.toString inputs.nix-secrets; secretsDirectory = builtins.toString inputs.nix-secrets;
profilesPath = "${self}/profiles"; profilesPath = "${self}/profiles";
sharedOptions = { sharedOptions = {
isBtrfs = true; isBtrfs = true;
isLinux = true; isLinux = true;
sharescreen = "eDP-2";
}; };
in in
{ {
@ -832,7 +836,7 @@ My work machine. Built for more security, this is the gold standard of my config
inputs.home-manager.nixosModules.home-manager inputs.home-manager.nixosModules.home-manager
{ {
home-manager.users.swarsel.imports = [ home-manager.users."${primaryUser}".imports = [
"${profilesPath}/home/optional/gaming.nix" "${profilesPath}/home/optional/gaming.nix"
"${profilesPath}/home/optional/work.nix" "${profilesPath}/home/optional/work.nix"
]; ];
@ -917,11 +921,12 @@ My work machine. Built for more security, this is the gold standard of my config
} }
sharedOptions; sharedOptions;
home-manager.users.swarsel.swarselsystems = lib.recursiveUpdate home-manager.users."${primaryUser}".swarselsystems = lib.recursiveUpdate
{ {
isLaptop = true; isLaptop = true;
isNixos = true; isNixos = true;
flakePath = "/home/swarsel/.dotfiles"; isSecondaryGpu = true;
SecondaryGpuCard = "pci-0000_03_00_0";
cpuCount = 16; cpuCount = 16;
temperatureHwmon = { temperatureHwmon = {
isAbsolutePath = true; isAbsolutePath = true;
@ -939,7 +944,6 @@ My work machine. Built for more security, this is the gold standard of my config
{ command = "1password"; } { command = "1password"; }
{ command = "feishin"; } { command = "feishin"; }
]; ];
sharescreen = "eDP-2";
lowResolution = "1280x800"; lowResolution = "1280x800";
highResolution = "2560x1600"; highResolution = "2560x1600";
monitors = { monitors = {
@ -1219,7 +1223,7 @@ This is my main server that I run at home. It handles most tasks that require bi
:CUSTOM_ID: h:8ad68406-4a75-45ba-97ad-4c310b921124 :CUSTOM_ID: h:8ad68406-4a75-45ba-97ad-4c310b921124
:END: :END:
#+begin_src nix :tangle hosts/nixos/winters/default.nix #+begin_src nix :tangle hosts/nixos/winters/default.nix
{ self, inputs, ... }: { self, inputs, primaryUser, ... }:
let let
profilesPath = "${self}/profiles"; profilesPath = "${self}/profiles";
in in
@ -1233,7 +1237,7 @@ This is my main server that I run at home. It handles most tasks that require bi
inputs.home-manager.nixosModules.home-manager inputs.home-manager.nixosModules.home-manager
{ {
home-manager.users.swarsel.imports = [ home-manager.users."${primaryUser}".imports = [
"${profilesPath}/home/server" "${profilesPath}/home/server"
]; ];
} }
@ -1258,7 +1262,6 @@ This is my main server that I run at home. It handles most tasks that require bi
isImpermanence = false; isImpermanence = false;
isBtrfs = false; isBtrfs = false;
isLinux = true; isLinux = true;
flakePath = "/home/swarsel/.dotfiles";
server = { server = {
enable = true; enable = true;
kavita = true; kavita = true;
@ -1359,6 +1362,9 @@ A Mac notebook that I have received from work. I use this machine for getting ac
isLaptop = true; isLaptop = true;
isNixos = false; isNixos = false;
isBtrfs = false; isBtrfs = false;
mainUser = workUser;
homeDir = "/home/${workUser}";
flakePath = "/home/${workUser}/.dotfiles";
}; };
}; };
} }
@ -1444,7 +1450,7 @@ This machine mainly acts as an external sync helper. It manages the following th
All of these are processes that use little cpu but can take a lot of storage. For this I use a free Ampere instance from OCI with 50G of space. In case my account gets terminated, all of this data is easily replaceable or backed up regularly anyways. All of these are processes that use little cpu but can take a lot of storage. For this I use a free Ampere instance from OCI with 50G of space. In case my account gets terminated, all of this data is easily replaceable or backed up regularly anyways.
#+begin_src nix :tangle hosts/nixos/sync/default.nix #+begin_src nix :tangle hosts/nixos/sync/default.nix
{ self, inputs, lib, ... }: { self, inputs, lib, primaryUser, ... }:
let let
profilesPath = "${self}/profiles"; profilesPath = "${self}/profiles";
in in
@ -1456,7 +1462,7 @@ This machine mainly acts as an external sync helper. It manages the following th
inputs.home-manager.nixosModules.home-manager inputs.home-manager.nixosModules.home-manager
{ {
home-manager.users.swarsel.imports = [ home-manager.users."${primaryUser}".imports = [
"${profilesPath}/home/server" "${profilesPath}/home/server"
]; ];
} }
@ -1557,7 +1563,7 @@ This is a slim setup for developing base configuration. I do not track the hardw
:CUSTOM_ID: h:4e53b40b-98b2-4615-b1b0-3696a75edd6e :CUSTOM_ID: h:4e53b40b-98b2-4615-b1b0-3696a75edd6e
:END: :END:
#+begin_src nix :tangle hosts/nixos/toto/default.nix #+begin_src nix :tangle hosts/nixos/toto/default.nix
{ self, inputs, outputs, pkgs, lib, ... }: { self, inputs, outputs, pkgs, lib, primaryUser, ... }:
let let
profilesPath = "${self}/profiles"; profilesPath = "${self}/profiles";
sharedOptions = { sharedOptions = {
@ -1584,7 +1590,7 @@ This is a slim setup for developing base configuration. I do not track the hardw
inputs.home-manager.nixosModules.home-manager inputs.home-manager.nixosModules.home-manager
{ {
home-manager.users.swarsel.imports = [ home-manager.users."${primaryUser}".imports = [
inputs.sops-nix.homeManagerModules.sops inputs.sops-nix.homeManagerModules.sops
"${profilesPath}/home/common/settings.nix" "${profilesPath}/home/common/settings.nix"
"${profilesPath}/home/common/sops.nix" "${profilesPath}/home/common/sops.nix"
@ -1632,11 +1638,10 @@ This is a slim setup for developing base configuration. I do not track the hardw
} }
sharedOptions; sharedOptions;
home-manager.users.swarsel.swarselsystems = lib.recursiveUpdate home-manager.users."${primaryUser}".swarselsystems = lib.recursiveUpdate
{ {
isLaptop = false; isLaptop = false;
isNixos = true; isNixos = true;
flakePath = "/home/swarsel/.dotfiles";
} }
sharedOptions; sharedOptions;
@ -1808,7 +1813,7 @@ Also, an initial bash history is provided to allow for a very quick local deploy
#+begin_src nix :tangle hosts/nixos/iso/default.nix #+begin_src nix :tangle hosts/nixos/iso/default.nix
{ self, pkgs, inputs, outputs, config, lib, modulesPath, ... }: { self, pkgs, inputs, outputs, config, lib, modulesPath, primaryUser ? "swarsel", ... }:
let let
pubKeys = lib.filesystem.listFilesRecursive "${self}/secrets/keys/ssh"; pubKeys = lib.filesystem.listFilesRecursive "${self}/secrets/keys/ssh";
in in
@ -1822,13 +1827,13 @@ Also, an initial bash history is provided to allow for a very quick local deploy
inputs.home-manager.nixosModules.home-manager inputs.home-manager.nixosModules.home-manager
{ {
home-manager.users.swarsel.imports = [ home-manager.users."${primaryUser}".imports = [
"${self}/profiles/home/common/settings.nix" "${self}/profiles/home/common/settings.nix"
] ++ (builtins.attrValues outputs.homeModules); ] ++ (builtins.attrValues outputs.homeModules);
} }
]; ];
home-manager.users.swarsel.home = { home-manager.users."${primaryUser}".home = {
file = { file = {
".bash_history" = { ".bash_history" = {
source = self + /programs/bash/.bash_history; source = self + /programs/bash/.bash_history;
@ -1859,15 +1864,15 @@ Also, an initial bash history is provided to allow for a very quick local deploy
config.allowUnfree = true; config.allowUnfree = true;
}; };
services.getty.autologinUser = lib.mkForce "swarsel"; services.getty.autologinUser = lib.mkForce primaryUser;
users = { users = {
allowNoPasswordLogin = true; allowNoPasswordLogin = true;
groups.swarsel = { }; groups.swarsel = { };
users = { users = {
swarsel = { swarsel = {
name = "swarsel"; name = primaryUser;
group = "swarsel"; group = primaryUser;
isNormalUser = true; isNormalUser = true;
password = "setup"; # this is overwritten after install password = "setup"; # this is overwritten after install
openssh.authorizedKeys.keys = lib.lists.forEach pubKeys (key: builtins.readFile key); openssh.authorizedKeys.keys = lib.lists.forEach pubKeys (key: builtins.readFile key);
@ -1875,7 +1880,7 @@ Also, an initial bash history is provided to allow for a very quick local deploy
}; };
root = { root = {
# password = lib.mkForce config.users.users.swarsel.password; # this is overwritten after install # password = lib.mkForce config.users.users.swarsel.password; # this is overwritten after install
openssh.authorizedKeys.keys = config.users.users.swarsel.openssh.authorizedKeys.keys; openssh.authorizedKeys.keys = config.users.users."${primaryUser}".openssh.authorizedKeys.keys;
}; };
}; };
}; };
@ -1891,10 +1896,10 @@ Also, an initial bash history is provided to allow for a very quick local deploy
system.activationScripts.cache = { system.activationScripts.cache = {
text = '' text = ''
mkdir -p -m=0777 /home/swarsel/.local/state/nix/profiles mkdir -p -m=0777 /home/${primaryUser}/.local/state/nix/profiles
mkdir -p -m=0777 /home/swarsel/.local/state/home-manager/gcroots mkdir -p -m=0777 /home/${primaryUser}/.local/state/home-manager/gcroots
mkdir -p -m=0777 /home/swarsel/.local/share/nix/ mkdir -p -m=0777 /home/${primaryUser}/.local/share/nix/
printf '{\"extra-substituters\":{\"https://nix-community.cachix.org\":true,\"https://nix-community.cachix.org https://cache.ngi0.nixos.org/\":true},\"extra-trusted-public-keys\":{\"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=\":true,\"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs= cache.ngi0.nixos.org-1:KqH5CBLNSyX184S9BKZJo1LxrxJ9ltnY2uAs5c/f1MA=\":true}}' | tee /home/swarsel/.local/share/nix/trusted-settings.json > /dev/null printf '{\"extra-substituters\":{\"https://nix-community.cachix.org\":true,\"https://nix-community.cachix.org https://cache.ngi0.nixos.org/\":true},\"extra-trusted-public-keys\":{\"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=\":true,\"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs= cache.ngi0.nixos.org-1:KqH5CBLNSyX184S9BKZJo1LxrxJ9ltnY2uAs5c/f1MA=\":true}}' | tee /home/${primaryUser}/.local/share/nix/trusted-settings.json > /dev/null
mkdir -p /root/.local/share/nix/ mkdir -p /root/.local/share/nix/
printf '{\"extra-substituters\":{\"https://nix-community.cachix.org\":true,\"https://nix-community.cachix.org https://cache.ngi0.nixos.org/\":true},\"extra-trusted-public-keys\":{\"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=\":true,\"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs= cache.ngi0.nixos.org-1:KqH5CBLNSyX184S9BKZJo1LxrxJ9ltnY2uAs5c/f1MA=\":true}}' | tee /root/.local/share/nix/trusted-settings.json > /dev/null printf '{\"extra-substituters\":{\"https://nix-community.cachix.org\":true,\"https://nix-community.cachix.org https://cache.ngi0.nixos.org/\":true},\"extra-trusted-public-keys\":{\"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=\":true,\"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs= cache.ngi0.nixos.org-1:KqH5CBLNSyX184S9BKZJo1LxrxJ9ltnY2uAs5c/f1MA=\":true}}' | tee /root/.local/share/nix/trusted-settings.json > /dev/null
''; '';
@ -1981,7 +1986,7 @@ I also set the =WLR_RENDERER_ALLOW_SOFTWARE=1= to allow this configuration to ru
#+begin_src nix :tangle hosts/nixos/chaostheatre/default.nix #+begin_src nix :tangle hosts/nixos/chaostheatre/default.nix
{ self, config, pkgs, lib, ... }: { self, config, pkgs, lib, primaryUser, ... }:
let let
profilesPath = "${self}/profiles"; profilesPath = "${self}/profiles";
in in
@ -2027,10 +2032,9 @@ I also set the =WLR_RENDERER_ALLOW_SOFTWARE=1= to allow this configuration to ru
rootDisk = "/dev/vda"; rootDisk = "/dev/vda";
}; };
home-manager.users.swarsel.swarselsystems = { home-manager.users."${primaryUser}".swarselsystems = {
isNixos = true; isNixos = true;
isPublic = true; isPublic = true;
flakePath = "/home/swarsel/.dotfiles";
}; };
} }
@ -2466,6 +2470,9 @@ This app checks for different apps that I keep around in the scratchpad for quic
#+end_src #+end_src
**** swarselzellij **** swarselzellij
:PROPERTIES:
:CUSTOM_ID: h:564c102c-e335-4f17-a613-c5a436bb4864
:END:
#+begin_src shell :tangle scripts/swarselzellij.sh #+begin_src shell :tangle scripts/swarselzellij.sh
KITTIES=$(($(pgrep -P 1 kitty | wc -l) - 1)) KITTIES=$(($(pgrep -P 1 kitty | wc -l) - 1))
@ -2641,7 +2648,7 @@ This utility checks if there are updated packages in nixpkgs-unstable. It does s
inherit name; inherit name;
runtimeInputs = [ jq ]; runtimeInputs = [ jq ];
text = '' text = ''
count=$(curl -u Swarsel:"$(cat /run/user/1000/secrets/github_notif)" https://api.github.com/notifications | jq '. | length') count=$(curl -u Swarsel:"$(cat "$XDG_RUNTIME_DIR/secrets/github_notif")" https://api.github.com/notifications | jq '. | length')
if [[ "$count" != "0" ]]; then if [[ "$count" != "0" ]]; then
echo "{\"text\":\"$count\"}" echo "{\"text\":\"$count\"}"
@ -2970,7 +2977,7 @@ This program sets up a new NixOS host remotely. It also takes care of secret man
green "Making ssh_host_ed25519_key available to home-manager for user $target_user" green "Making ssh_host_ed25519_key available to home-manager for user $target_user"
sed -i "/$target_hostname/d; /$target_destination/d" ~/.ssh/known_hosts sed -i "/$target_hostname/d; /$target_destination/d" ~/.ssh/known_hosts
$scp_cmd root@"$target_destination":/etc/ssh/ssh_host_ed25519_key root@"$target_destination":/home/"$target_user"/.ssh/ssh_host_ed25519_key $scp_cmd root@"$target_destination":/etc/ssh/ssh_host_ed25519_key root@"$target_destination":/home/"$target_user"/.ssh/ssh_host_ed25519_key
$ssh_root_cmd "chown $target_user:users /home/swarsel/.ssh/ssh_host_ed25519_key" $ssh_root_cmd "chown $target_user:users /home/$target_user/.ssh/ssh_host_ed25519_key"
# __________________________ # __________________________
if yes_or_no "Add ssh host fingerprints for git upstream repositories? (This is needed for building the full config)"; then if yes_or_no "Add ssh host fingerprints for git upstream repositories? (This is needed for building the full config)"; then
@ -3614,6 +3621,9 @@ This script allows for quick git branch switching.
#+end_src #+end_src
**** project **** project
:PROPERTIES:
:CUSTOM_ID: h:154b6df4-dd50-4f60-9794-05a140d02994
:END:
#+begin_src shell :tangle scripts/project.sh #+begin_src shell :tangle scripts/project.sh
set -euo pipefail set -euo pipefail
@ -3634,6 +3644,9 @@ This script allows for quick git branch switching.
#+end_src #+end_src
**** fhs **** fhs
:PROPERTIES:
:CUSTOM_ID: h:36d6c17c-6d91-4297-b76d-9d7feab6c1a0
:END:
#+begin_src nix :tangle pkgs/fhs/default.nix #+begin_src nix :tangle pkgs/fhs/default.nix
@ -3651,6 +3664,9 @@ This script allows for quick git branch switching.
#+end_src #+end_src
**** swarsel-displaypower **** swarsel-displaypower
:PROPERTIES:
:CUSTOM_ID: h:814d5e7f-4b95-412d-b246-33f888514ec6
:END:
A crude script to power on all displays that might be attached. Needed because sometimes displays do not awake from sleep. A crude script to power on all displays that might be attached. Needed because sometimes displays do not awake from sleep.
@ -3838,10 +3854,6 @@ I usually use =mutableUsers = false= in my NixOS configuration. However, on a ne
{ lib, ... }: { lib, ... }:
{ {
options.swarselsystems = { options.swarselsystems = {
user = lib.mkOption {
type = lib.types.str;
default = "swarsel";
};
withHomeManager = lib.mkOption { withHomeManager = lib.mkOption {
type = lib.types.bool; type = lib.types.bool;
default = true; default = true;
@ -4134,10 +4146,6 @@ These are some extra options that will be used if the machine also runs NixOS. F
{ lib, config, ... }: { lib, config, ... }:
{ {
options.swarselsystems = { options.swarselsystems = {
flakePath = lib.mkOption {
type = lib.types.str;
default = "";
};
isNixos = lib.mkEnableOption "nixos host"; isNixos = lib.mkEnableOption "nixos host";
isPublic = lib.mkEnableOption "is a public machine (no secrets)"; isPublic = lib.mkEnableOption "is a public machine (no secrets)";
swayfxConfig = lib.mkOption { swayfxConfig = lib.mkOption {
@ -4184,6 +4192,22 @@ Provides settings related to nix-darwin systems. At the moment, I am only making
options.swarselsystems = { options.swarselsystems = {
isDarwin = lib.mkEnableOption "darwin host"; isDarwin = lib.mkEnableOption "darwin host";
isLinux = lib.mkEnableOption "whether this is a linux machine"; isLinux = lib.mkEnableOption "whether this is a linux machine";
mainUser = lib.mkOption {
type = lib.types.str;
default = "swarsel";
};
homeDir = lib.mkOption {
type = lib.types.str;
default = "/home/swarsel";
};
xdgDir = lib.mkOption {
type = lib.types.str;
default = "/run/user/1000";
};
flakePath = lib.mkOption {
type = lib.types.str;
default = "/home/swarsel/.dotfiles";
};
}; };
} }
#+end_src #+end_src
@ -4428,6 +4452,9 @@ Set in firefox =about:config > toolkit.legacyUserProfileCustomizations.styleshee
#+end_src #+end_src
***** stylix ***** stylix
:PROPERTIES:
:CUSTOM_ID: h:1c4b1619-40a1-4120-8868-d213abf6a29e
:END:
#+begin_src nix :noweb yes :tangle modules/home/stylix.nix #+begin_src nix :noweb yes :tangle modules/home/stylix.nix
{ self, lib, pkgs, ... }: { self, lib, pkgs, ... }:
@ -4505,6 +4532,10 @@ TODO
#+begin_src nix :tangle lib/default.nix #+begin_src nix :tangle lib/default.nix
{ self, lib, systems, inputs, outputs, ... }: { self, lib, systems, inputs, outputs, ... }:
let
linuxUser = "swarsel";
macUser = "leon.schwarzaeugl";
in
{ {
mkIfElseList = p: yes: no: lib.mkMerge [ mkIfElseList = p: yes: no: lib.mkMerge [
@ -4546,6 +4577,9 @@ TODO
inputs.impermanence.nixosModules.impermanence inputs.impermanence.nixosModules.impermanence
inputs.lanzaboote.nixosModules.lanzaboote inputs.lanzaboote.nixosModules.lanzaboote
"${self}/hosts/${type}/${host}" "${self}/hosts/${type}/${host}"
{
_module.args.primaryUser = linuxUser;
}
] ++ ] ++
(if (host == "toto" || host == "iso") then [ ] else (if (host == "toto" || host == "iso") then [ ] else
([ ([
@ -4560,7 +4594,7 @@ TODO
]) ++ (if (type == "nixos") then [ ]) ++ (if (type == "nixos") then [
inputs.home-manager.nixosModules.home-manager inputs.home-manager.nixosModules.home-manager
{ {
home-manager.users.swarsel.imports = ( home-manager.users."${linuxUser}".imports = (
if (host == "winters" || host == "sync") then [ ] else [ if (host == "winters" || host == "sync") then [ ] else [
# put home-manager imports here that are for all normal hosts # put home-manager imports here that are for all normal hosts
"${self}/profiles/home/common" "${self}/profiles/home/common"
@ -4576,7 +4610,7 @@ TODO
"${self}/profiles/darwin/nixos/common" "${self}/profiles/darwin/nixos/common"
inputs.home-manager.darwinModules.home-manager inputs.home-manager.darwinModules.home-manager
{ {
home-manager.users."leon.schwarzaeugl".imports = [ home-manager.users."${macUser}".imports = [
# put home-manager imports here that are for darwin hosts # put home-manager imports here that are for darwin hosts
"${self}/profiles/darwin/home" "${self}/profiles/darwin/home"
] ++ (builtins.attrValues outputs.homeModules); ] ++ (builtins.attrValues outputs.homeModules);
@ -4750,7 +4784,7 @@ A breakdown of the flags being set:
"cgroups" "cgroups"
"pipe-operators" "pipe-operators"
]; ];
trusted-users = [ "@wheel" "swarsel" ]; trusted-users = [ "@wheel" "${config.swarselsystems.mainUser}" ];
connect-timeout = 5; connect-timeout = 5;
bash-prompt-prefix = "$SHLVL:\\w "; bash-prompt-prefix = "$SHLVL:\\w ";
bash-prompt = "$(if [[ $? -gt 0 ]]; then printf \"\"; else printf \"\"; fi)\[\e[1m\]λ\[\e[0m\] "; bash-prompt = "$(if [[ $? -gt 0 ]]; then printf \"\"; else printf \"\"; fi)\[\e[1m\]λ\[\e[0m\] ";
@ -4918,6 +4952,9 @@ We enable the use of =home-manager= as a NixoS module. A nice trick here is the
#+end_src #+end_src
**** Setup home-manager specialArgs **** Setup home-manager specialArgs
:PROPERTIES:
:CUSTOM_ID: h:41d1b7c6-52bf-45f3-9d83-610b469dffc0
:END:
This sets up the =nix-secrets= extraSpeciaArgs. This should not be present on the =chaostheatre= configuration, which is why I split this section into its own file, which makes removal easier when setting that system up. This sets up the =nix-secrets= extraSpeciaArgs. This should not be present on the =chaostheatre= configuration, which is why I split this section into its own file, which makes removal easier when setting that system up.
@ -4966,7 +5003,7 @@ For that reason, make sure that =sops-nix= is properly working before setting th
users = { users = {
mutableUsers = lib.mkIf (!config.swarselsystems.initialSetup) false; mutableUsers = lib.mkIf (!config.swarselsystems.initialSetup) false;
users.swarsel = { users."${config.swarselsystems.mainUser}" = {
isNormalUser = true; isNormalUser = true;
description = "Leon S"; description = "Leon S";
password = lib.mkIf config.swarselsystems.initialSetup "setup"; password = lib.mkIf config.swarselsystems.initialSetup "setup";
@ -5132,6 +5169,9 @@ Enable OpenGL, Sound, Bluetooth and various drivers.
#+end_src #+end_src
**** Pulseaudio **** Pulseaudio
:PROPERTIES:
:CUSTOM_ID: h:63f6773e-b321-4b1d-a206-3913658cf62d
:END:
This is only used on systems not running Pipewire. This is only used on systems not running Pipewire.
@ -5405,7 +5445,7 @@ Here I only enable =networkmanager= and a few default networks. The rest of the
proxy = { }; proxy = { };
wifi = { wifi = {
mode = "ap"; mode = "ap";
ssid = "Hotspot-swarsel"; ssid = "Hotspot-${config.swarselsystems.mainUser}";
}; };
wifi-security = { wifi-security = {
group = "ccmp;"; group = "ccmp;";
@ -5473,12 +5513,13 @@ I use sops-nix to handle secrets that I want to have available on my machines at
{ self, config, lib, ... }: { self, config, lib, ... }:
let let
certsSopsFile = self + /secrets/certs/secrets.yaml; certsSopsFile = self + /secrets/certs/secrets.yaml;
inherit (config.swarselsystems) mainUser homeDir;
in in
{ {
sops = lib.mkIf (!config.swarselsystems.isPublic) { sops = lib.mkIf (!config.swarselsystems.isPublic) {
age.sshKeyPaths = lib.swarselsystems.mkIfElseList config.swarselsystems.isBtrfs [ "/persist/.ssh/sops" "/persist/.ssh/ssh_host_ed25519_key" ] [ "${config.users.users.swarsel.home}/.ssh/sops" "/etc/ssh/ssh_host_ed25519_key" ]; age.sshKeyPaths = lib.swarselsystems.mkIfElseList config.swarselsystems.isBtrfs [ "/persist/.ssh/sops" "/persist/.ssh/ssh_host_ed25519_key" ] [ "${homeDir}/.ssh/sops" "/etc/ssh/ssh_host_ed25519_key" ];
defaultSopsFile = lib.swarselsystems.mkIfElseList config.swarselsystems.isBtrfs "/persist/.dotfiles/secrets/general/secrets.yaml" "${config.users.users.swarsel.home}/.dotfiles/secrets/general/secrets.yaml"; defaultSopsFile = lib.swarselsystems.mkIfElseList config.swarselsystems.isBtrfs "/persist/.dotfiles/secrets/general/secrets.yaml" "${homeDir}/.dotfiles/secrets/general/secrets.yaml";
validateSopsFiles = false; validateSopsFiles = false;
@ -5500,8 +5541,8 @@ I use sops-nix to handle secrets that I want to have available on my machines at
githubforgepass = { }; githubforgepass = { };
gitlabforgeuser = { }; gitlabforgeuser = { };
gitlabforgepass = { }; gitlabforgepass = { };
"sweden-aes-128-cbc-udp-dns-crl-verify.pem" = { sopsFile = certsSopsFile; owner = "swarsel"; }; "sweden-aes-128-cbc-udp-dns-crl-verify.pem" = { sopsFile = certsSopsFile; owner = mainUser; };
"sweden-aes-128-cbc-udp-dns-ca.pem" = { sopsFile = certsSopsFile; owner = "swarsel"; }; "sweden-aes-128-cbc-udp-dns-ca.pem" = { sopsFile = certsSopsFile; owner = mainUser; };
}; };
templates = { templates = {
"network-manager.env".content = '' "network-manager.env".content = ''
@ -5517,15 +5558,6 @@ I use sops-nix to handle secrets that I want to have available on my machines at
WIREGUARDPUB=${config.sops.placeholder.wireguardpub} WIREGUARDPUB=${config.sops.placeholder.wireguardpub}
WIREGUARDENDPOINT=${config.sops.placeholder.wireguardendpoint} WIREGUARDENDPOINT=${config.sops.placeholder.wireguardendpoint}
''; '';
# ".authinfo" = {
# owner = "swarsel";
# path = "${config.users.users.swarsel.home}/.emacs.d/.authinfo";
# content = ''
# machine stash.swarsel.win:443 port https login ${config.sops.placeholder.stashuser} password ${config.sops.placeholder.stashpass}
# machine gitlab.com/api/v4 login ${config.sops.placeholder.githubforgeuser} password ${config.sops.placeholder.githubforgepass}
# machine api.github.com login ${config.sops.placeholder.gitlabforgeuser} password ${config.sops.placeholder.gitlabforgepass}
# '';
# };
}; };
}; };
} }
@ -5548,7 +5580,7 @@ By default, [[https://github.com/danth/stylix][stylix]] wants to style GRUB as w
image = config.swarselsystems.wallpaper; image = config.swarselsystems.wallpaper;
} }
config.swarselsystems.stylix; config.swarselsystems.stylix;
home-manager.users.swarsel = { home-manager.users."${config.swarselsystems.mainUser}" = {
stylix = { stylix = {
targets = { targets = {
emacs.enable = false; emacs.enable = false;
@ -5600,13 +5632,16 @@ Do not touch this.
:END: :END:
#+begin_src nix :tangle profiles/nixos/common/syncthing.nix #+begin_src nix :tangle profiles/nixos/common/syncthing.nix
{ lib, ... }: { lib, config, ... }:
let
inherit (config.swarselsystems) mainUser homeDir;
in
{ {
services.syncthing = { services.syncthing = {
enable = true; enable = true;
user = "swarsel"; user = mainUser;
dataDir = "/home/swarsel"; dataDir = homeDir;
configDir = "/home/swarsel/.config/syncthing"; configDir = "${homeDir}/.config/syncthing";
openDefaultPorts = true; openDefaultPorts = true;
settings = { settings = {
devices = { devices = {
@ -5622,27 +5657,27 @@ Do not touch this.
}; };
folders = { folders = {
"Default Folder" = lib.mkDefault { "Default Folder" = lib.mkDefault {
path = "/home/swarsel/Sync"; path = "${homeDir}/Sync";
devices = [ "sync (@oracle)" "magicant" "winters" ]; devices = [ "sync (@oracle)" "magicant" "winters" ];
id = "default"; id = "default";
}; };
"Obsidian" = { "Obsidian" = {
path = "/home/swarsel/Nextcloud/Obsidian"; path = "${homeDir}/Nextcloud/Obsidian";
devices = [ "sync (@oracle)" "magicant" "winters" ]; devices = [ "sync (@oracle)" "magicant" "winters" ];
id = "yjvni-9eaa7"; id = "yjvni-9eaa7";
}; };
"Org" = { "Org" = {
path = "/home/swarsel/Nextcloud/Org"; path = "${homeDir}/Nextcloud/Org";
devices = [ "sync (@oracle)" "magicant" "winters" ]; devices = [ "sync (@oracle)" "magicant" "winters" ];
id = "a7xnl-zjj3d"; id = "a7xnl-zjj3d";
}; };
"Vpn" = { "Vpn" = {
path = "/home/swarsel/Vpn"; path = "${homeDir}/Vpn";
devices = [ "sync (@oracle)" "magicant" "winters" ]; devices = [ "sync (@oracle)" "magicant" "winters" ];
id = "hgp9s-fyq3p"; id = "hgp9s-fyq3p";
}; };
".elfeed" = { ".elfeed" = {
path = "/home/swarsel/.elfeed"; path = "${homeDir}/.elfeed";
devices = [ "sync (@oracle)" "magicant" "winters" ]; devices = [ "sync (@oracle)" "magicant" "winters" ];
id = "h7xbs-fs9v1"; id = "h7xbs-fs9v1";
}; };
@ -5837,7 +5872,6 @@ This section houses the greetd related settings. I do not really want to use a d
enable = true; enable = true;
settings = { settings = {
initial_session.command = "sway"; initial_session.command = "sway";
# initial_session.user ="swarsel";
default_session.command = '' default_session.command = ''
${pkgs.greetd.tuigreet}/bin/tuigreet \ ${pkgs.greetd.tuigreet}/bin/tuigreet \
--time \ --time \
@ -5991,10 +6025,11 @@ Normally, doing that also resets the lecture that happens on the first use of =s
{ config, lib, ... }: { config, lib, ... }:
let let
mapperTarget = lib.swarselsystems.mkIfElse config.swarselsystems.isCrypted "/dev/mapper/cryptroot" "/dev/disk/by-label/nixos"; mapperTarget = lib.swarselsystems.mkIfElse config.swarselsystems.isCrypted "/dev/mapper/cryptroot" "/dev/disk/by-label/nixos";
inherit (config.swarselsystems) homeDir isImpermanence isCrypted;
in in
{ {
security.sudo.extraConfig = lib.mkIf config.swarselsystems.isImpermanence '' security.sudo.extraConfig = lib.mkIf isImpermanence ''
# rollback results in sudo lectures after each reboot # rollback results in sudo lectures after each reboot
Defaults lecture = never Defaults lecture = never
''; '';
@ -6003,15 +6038,15 @@ Normally, doing that also resets the lecture that happens on the first use of =s
# So if it doesn't run, the btrfs system effectively acts like a normal system # So if it doesn't run, the btrfs system effectively acts like a normal system
# Taken from https://github.com/NotAShelf/nyx/blob/2a8273ed3f11a4b4ca027a68405d9eb35eba567b/modules/core/common/system/impermanence/default.nix # Taken from https://github.com/NotAShelf/nyx/blob/2a8273ed3f11a4b4ca027a68405d9eb35eba567b/modules/core/common/system/impermanence/default.nix
boot.initrd.systemd.enable = lib.mkIf config.swarselsystems.isImpermanence true; boot.initrd.systemd.enable = lib.mkIf isImpermanence true;
boot.initrd.systemd.services.rollback = lib.mkIf config.swarselsystems.isImpermanence { boot.initrd.systemd.services.rollback = lib.mkIf isImpermanence {
description = "Rollback BTRFS root subvolume to a pristine state"; description = "Rollback BTRFS root subvolume to a pristine state";
wantedBy = [ "initrd.target" ]; wantedBy = [ "initrd.target" ];
# make sure it's done after encryption # make sure it's done after encryption
# i.e. LUKS/TPM process # i.e. LUKS/TPM process
after = lib.swarselsystems.mkIfElseList config.swarselsystems.isCrypted [ "systemd-cryptsetup@cryptroot.service" ] [ "dev-disk-by\\x2dlabel-nixos.device" ]; after = lib.swarselsystems.mkIfElseList isCrypted [ "systemd-cryptsetup@cryptroot.service" ] [ "dev-disk-by\\x2dlabel-nixos.device" ];
requires = lib.mkIf (!config.swarselsystems.isCrypted) [ "dev-disk-by\\x2dlabel-nixos.device" ]; requires = lib.mkIf (!isCrypted) [ "dev-disk-by\\x2dlabel-nixos.device" ];
# mount the root fs before clearing # mount the root fs before clearing
before = [ "sysroot.mount" ]; before = [ "sysroot.mount" ];
unitConfig.DefaultDependencies = "no"; unitConfig.DefaultDependencies = "no";
@ -6053,7 +6088,7 @@ Normally, doing that also resets the lecture that happens on the first use of =s
}; };
environment.persistence."/persist" = lib.mkIf config.swarselsystems.isImpermanence { environment.persistence."/persist" = lib.mkIf isImpermanence {
hideMounts = true; hideMounts = true;
directories = directories =
[ [
@ -6063,7 +6098,7 @@ Normally, doing that also resets the lecture that happens on the first use of =s
"/etc/nix" "/etc/nix"
"/etc/NetworkManager/system-connections" "/etc/NetworkManager/system-connections"
# "/etc/secureboot" # "/etc/secureboot"
"/home/swarsel/.dotfiles" "${homeDir}/.dotfiles"
"/var/db/sudo" "/var/db/sudo"
"/var/cache" "/var/cache"
"/var/lib" "/var/lib"
@ -6369,14 +6404,17 @@ Here we just define some aliases for rebuilding the system, and we allow some in
#+begin_src nix :tangle profiles/nixos/server/settings.nix #+begin_src nix :tangle profiles/nixos/server/settings.nix
{ lib, config, ... }: { lib, config, ... }:
let
inherit (config.swarselsystems) flakePath;
in
{ {
environment.shellAliases = lib.recursiveUpdate environment.shellAliases = lib.recursiveUpdate
{ {
npswitch = "cd ${config.swarselsystems.flakePath}; git pull; sudo nixos-rebuild --flake .#$(hostname) switch; cd -;"; npswitch = "cd ${flakePath}; git pull; sudo nixos-rebuild --flake .#$(hostname) switch; cd -;";
nswitch = "sudo nixos-rebuild --flake ${config.swarselsystems.flakePath}#$(hostname) switch;"; nswitch = "sudo nixos-rebuild --flake ${flakePath}#$(hostname) switch;";
npiswitch = "cd ${config.swarselsystems.flakePath}; git pull; sudo nixos-rebuild --flake .#$(hostname) switch --impure; cd -;"; npiswitch = "cd ${flakePath}; git pull; sudo nixos-rebuild --flake .#$(hostname) switch --impure; cd -;";
nipswitch = "cd ${config.swarselsystems.flakePath}; git pull; sudo nixos-rebuild --flake .#$(hostname) switch --impure; cd -;"; nipswitch = "cd ${flakePath}; git pull; sudo nixos-rebuild --flake .#$(hostname) switch --impure; cd -;";
niswitch = "sudo nixos-rebuild --flake ${config.swarselsystems.flakePath}#$(hostname) switch --impure;"; niswitch = "sudo nixos-rebuild --flake ${flakePath}#$(hostname) switch --impure;";
} }
config.swarselsystems.shellAliases; config.swarselsystems.shellAliases;
@ -6539,12 +6577,12 @@ Here we just define some aliases for rebuilding the system, and we allow some in
:END: :END:
#+begin_src nix :tangle profiles/nixos/server/ssh.nix #+begin_src nix :tangle profiles/nixos/server/ssh.nix
{ self, ... }: { self, config, ... }:
{ {
services.openssh = { services.openssh = {
enable = true; enable = true;
}; };
users.users.swarsel.openssh.authorizedKeys.keyFiles = [ users.users."${config.swarselsystems.mainUser}".openssh.authorizedKeys.keyFiles = [
(self + /secrets/keys/ssh/yubikey.pub) (self + /secrets/keys/ssh/yubikey.pub)
(self + /secrets/keys/ssh/magicant.pub) (self + /secrets/keys/ssh/magicant.pub)
]; ];
@ -8220,11 +8258,14 @@ This sets the VirtualBox configuration. Guest should not be enabled if not direl
Auto login for the initial session. Auto login for the initial session.
#+begin_src nix :tangle profiles/nixos/optional/autologin.nix #+begin_src nix :tangle profiles/nixos/optional/autologin.nix
_: { config, ... }:
let
inherit (config.swarselsystems) mainUser;
in
{ {
services = { services = {
getty.autologinUser = "swarsel"; getty.autologinUser = mainUser;
greetd.settings.initial_session.user = "swarsel"; greetd.settings.initial_session.user = mainUser;
}; };
} }
#+end_src #+end_src
@ -8259,7 +8300,8 @@ Options that I need specifically at work. There are more options at [[#h:f0b2ea9
#+begin_src nix :tangle profiles/nixos/optional/work.nix #+begin_src nix :tangle profiles/nixos/optional/work.nix
{ self, lib, pkgs, config, ... }: { self, lib, pkgs, config, ... }:
let let
owner = "swarsel"; inherit (config.swarselsystems) mainUser homeDir xdgDir;
owner = mainUser;
sopsFile = self + /secrets/work/secrets.yaml; sopsFile = self + /secrets/work/secrets.yaml;
in in
{ {
@ -8285,7 +8327,7 @@ Options that I need specifically at work. There are more options at [[#h:f0b2ea9
_1password.enable = true; _1password.enable = true;
_1password-gui = { _1password-gui = {
enable = true; enable = true;
polkitPolicyOwners = [ "swarsel" ]; polkitPolicyOwners = [ "${mainUser}" ];
}; };
}; };
@ -8352,7 +8394,7 @@ Options that I need specifically at work. There are more options at [[#h:f0b2ea9
openssh = { openssh = {
enable = true; enable = true;
extraConfig = '' extraConfig = ''
''; '';
}; };
syncthing = { syncthing = {
@ -8362,7 +8404,7 @@ Options that I need specifically at work. There are more options at [[#h:f0b2ea9
}; };
folders = { folders = {
"Documents" = { "Documents" = {
path = "/home/swarsel/Documents"; path = "${homeDir}/Documents";
devices = [ "magicant" "winters" ]; devices = [ "magicant" "winters" ];
id = "hgr3d-pfu3w"; id = "hgr3d-pfu3w";
}; };
@ -8499,6 +8541,9 @@ Again, we adapt =nix= to our needs, enable the home-manager command for non-NixO
#+begin_src nix :tangle profiles/home/common/settings.nix #+begin_src nix :tangle profiles/home/common/settings.nix
{ lib, config, ... }: { lib, config, ... }:
let
inherit (config.swarselsystems) mainUser;
in
{ {
nix = lib.mkIf (!config.swarselsystems.isNixos) { nix = lib.mkIf (!config.swarselsystems.isNixos) {
settings = { settings = {
@ -8509,7 +8554,7 @@ Again, we adapt =nix= to our needs, enable the home-manager command for non-NixO
"cgroups" "cgroups"
"pipe-operators" "pipe-operators"
]; ];
trusted-users = [ "@wheel" "swarsel" ]; trusted-users = [ "@wheel" "${mainUser}" ];
connect-timeout = 5; connect-timeout = 5;
bash-prompt-prefix = "$SHLVL:\\w "; bash-prompt-prefix = "$SHLVL:\\w ";
bash-prompt = "$(if [[ $? -gt 0 ]]; then printf \"\"; else printf \"\"; fi)\[\e[1m\]λ\[\e[0m\] "; bash-prompt = "$(if [[ $? -gt 0 ]]; then printf \"\"; else printf \"\"; fi)\[\e[1m\]λ\[\e[0m\] ";
@ -8528,12 +8573,12 @@ Again, we adapt =nix= to our needs, enable the home-manager command for non-NixO
programs.home-manager.enable = lib.mkIf (!config.swarselsystems.isNixos) true; programs.home-manager.enable = lib.mkIf (!config.swarselsystems.isNixos) true;
home = { home = {
username = lib.mkDefault "swarsel"; username = lib.mkDefault mainUser;
homeDirectory = lib.mkDefault "/home/${config.home.username}"; homeDirectory = lib.mkDefault "/home/${mainUser}";
stateVersion = lib.mkDefault "23.05"; stateVersion = lib.mkDefault "23.05";
keyboard.layout = "us"; keyboard.layout = "us";
sessionVariables = { sessionVariables = {
FLAKE = "${config.home.homeDirectory}/.dotfiles"; FLAKE = "/home/${mainUser}/.dotfiles";
}; };
}; };
@ -8798,19 +8843,22 @@ I use sops-nix to handle secrets that I want to have available on my machines at
#+begin_src nix :tangle profiles/home/common/sops.nix #+begin_src nix :tangle profiles/home/common/sops.nix
{ config, lib, ... }: { config, lib, ... }:
let
inherit (config.swarselsystems) homeDir xdgDir;
in
{ {
sops = lib.mkIf (!config.swarselsystems.isPublic) { sops = lib.mkIf (!config.swarselsystems.isPublic) {
age.sshKeyPaths = [ "${config.home.homeDirectory}/.ssh/sops" "${config.home.homeDirectory}/.ssh/ssh_host_ed25519_key" ]; age.sshKeyPaths = [ "${homeDir}/.ssh/sops" "${homeDir}/.ssh/ssh_host_ed25519_key" ];
defaultSopsFile = lib.swarselsystems.mkIfElseList config.swarselsystems.isBtrfs "/persist/.dotfiles/secrets/general/secrets.yaml" "${config.home.homeDirectory}/.dotfiles/secrets/general/secrets.yaml"; defaultSopsFile = lib.swarselsystems.mkIfElseList config.swarselsystems.isBtrfs "/persist/.dotfiles/secrets/general/secrets.yaml" "${homeDir}/.dotfiles/secrets/general/secrets.yaml";
validateSopsFiles = false; validateSopsFiles = false;
secrets = { secrets = {
mrswarsel = { path = "/run/user/1000/secrets/mrswarsel"; }; mrswarsel = { path = "${xdgDir}/secrets/mrswarsel"; };
nautilus = { path = "/run/user/1000/secrets/nautilus"; }; nautilus = { path = "${xdgDir}/secrets/nautilus"; };
leon = { path = "/run/user/1000/secrets/leon"; }; leon = { path = "${xdgDir}/secrets/leon"; };
swarselmail = { path = "/run/user/1000/secrets/swarselmail"; }; swarselmail = { path = "${xdgDir}/secrets/swarselmail"; };
github_notif = { path = "/run/user/1000/secrets/github_notif"; }; github_notif = { path = "${xdgDir}/secrets/github_notif"; };
u2f_keys = { path = "${config.home.homeDirectory}/.config/Yubico/u2f_keys"; }; u2f_keys = { path = "${homeDir}/.config/Yubico/u2f_keys"; };
}; };
}; };
} }
@ -9063,13 +9111,14 @@ Sets environment variables. Here I am only setting the EDITOR variable, most var
DISPLAY = ":0"; DISPLAY = ":0";
SWARSEL_LO_RES = config.swarselsystems.lowResolution; SWARSEL_LO_RES = config.swarselsystems.lowResolution;
SWARSEL_HI_RES = config.swarselsystems.highResolution; SWARSEL_HI_RES = config.swarselsystems.highResolution;
};
systemd.user.sessionVariables = {
SWARSEL_LEON_MAIL = leonMail; SWARSEL_LEON_MAIL = leonMail;
SWARSEL_NAUTILUS_MAIL = nautilusMail; SWARSEL_NAUTILUS_MAIL = nautilusMail;
SWARSEL_MRSWARSEL_MAIL = mrswarselMail; SWARSEL_MRSWARSEL_MAIL = mrswarselMail;
SWARSEL_SWARSEL_MAIL = swarselMail; SWARSEL_SWARSEL_MAIL = swarselMail;
SWARSEL_FULLNAME = fullName; SWARSEL_FULLNAME = fullName;
SWARSEL_MAIL_ALL = allMailAddresses; SWARSEL_MAIL_ALL = allMailAddresses;
}; };
} }
#+end_src #+end_src
@ -9441,15 +9490,18 @@ Here we set some aliases (some of them should be shellApplications instead) as w
#+begin_src nix :tangle profiles/home/common/zsh.nix #+begin_src nix :tangle profiles/home/common/zsh.nix
{ config, pkgs, lib, ... }: { config, pkgs, lib, ... }:
let
inherit (config.swarselsystems) flakePath;
in
{ {
programs.zsh = { programs.zsh = {
enable = true; enable = true;
shellAliases = lib.recursiveUpdate shellAliases = lib.recursiveUpdate
{ {
hg = "history | grep"; hg = "history | grep";
hmswitch = "home-manager --flake ${config.swarselsystems.flakePath}#$(whoami)@$(hostname) switch |& nom"; hmswitch = "home-manager --flake ${flakePath}#$(whoami)@$(hostname) switch |& nom";
nswitch = "sudo nixos-rebuild --flake ${config.swarselsystems.flakePath}#$(hostname) --show-trace --log-format internal-json -v switch |& nom --json"; nswitch = "sudo nixos-rebuild --flake ${flakePath}#$(hostname) --show-trace --log-format internal-json -v switch |& nom --json";
nboot = "sudo nixos-rebuild --flake ${config.swarselsystems.flakePath}#$(hostname) --show-trace --log-format internal-json -v boot |& nom --json"; nboot = "sudo nixos-rebuild --flake ${flakePath}#$(hostname) --show-trace --log-format internal-json -v boot |& nom --json";
magit = "emacsclient -nc -e \"(magit-status)\""; magit = "emacsclient -nc -e \"(magit-status)\"";
config = "git --git-dir=$HOME/.cfg/ --work-tree=$HOME"; config = "git --git-dir=$HOME/.cfg/ --work-tree=$HOME";
g = "git"; g = "git";
@ -9839,10 +9891,13 @@ Lastly, I am defining some more packages here that the parser has problems findi
#+begin_src nix :tangle profiles/home/common/emacs.nix #+begin_src nix :tangle profiles/home/common/emacs.nix
{ self, lib, config, pkgs, ... }: { self, lib, config, pkgs, ... }:
let
inherit (config.swarselsystems) homeDir isPublic;
in
{ {
# needed for elfeed # needed for elfeed
sops.secrets.fever = lib.mkIf (!config.swarselsystems.isPublic) { path = "${config.home.homeDirectory}/.emacs.d/.fever"; }; sops.secrets.fever = lib.mkIf (!isPublic) { path = "${homeDir}/.emacs.d/.fever"; };
# enable emacs overlay for bleeding edge features # enable emacs overlay for bleeding edge features
# also read init.el file and install use-package packages # also read init.el file and install use-package packages
@ -9908,8 +9963,8 @@ Lastly, I am defining some more packages here that the parser has problems findi
services.emacs = { services.emacs = {
enable = true; enable = true;
# socketActivation.enable = false; socketActivation.enable = false;
# startWithUserSession = "graphical"; startWithUserSession = "graphical";
}; };
} }
#+end_src #+end_src
@ -10946,6 +11001,9 @@ Currently, I am too lazy to explain every option here, but most of it is very se
#+end_src #+end_src
**** Kanshi **** Kanshi
:PROPERTIES:
:CUSTOM_ID: h:eb94df98-2bcd-4555-9f88-e252f93b924f
:END:
#+begin_src nix :tangle profiles/home/common/kanshi.nix #+begin_src nix :tangle profiles/home/common/kanshi.nix
@ -11032,7 +11090,10 @@ Currently, I am too lazy to explain every option here, but most of it is very se
Settinfs that are needed for the gpg-agent. Also we are enabling emacs support for unlocking my Yubikey here. Settinfs that are needed for the gpg-agent. Also we are enabling emacs support for unlocking my Yubikey here.
#+begin_src nix :tangle profiles/home/common/gpg-agent.nix #+begin_src nix :tangle profiles/home/common/gpg-agent.nix
{ self, pkgs, ... }: { self, config, pkgs, ... }:
let
inherit (config.swarselsystems) mainUser homeDir;
in
{ {
services.gpg-agent = { services.gpg-agent = {
enable = true; enable = true;
@ -11062,7 +11123,7 @@ Settinfs that are needed for the gpg-agent. Also we are enabling emacs support f
# assure correct permissions # assure correct permissions
systemd.user.tmpfiles.rules = [ systemd.user.tmpfiles.rules = [
"d /home/swarsel/.gnupg 700 swarsel users" "d ${homeDir}/.gnupg 700 ${mainUser} users"
]; ];
} }
@ -11223,6 +11284,7 @@ The rest of the settings is at [[#h:bbf2ecb6-c8ff-4462-b5d5-d45b28604ddf][work]]
#+begin_src nix :tangle profiles/home/optional/work.nix :noweb yes #+begin_src nix :tangle profiles/home/optional/work.nix :noweb yes
{ self, config, pkgs, lib, nix-secrets, ... }: { self, config, pkgs, lib, nix-secrets, ... }:
let let
inherit (config.swarselsystems) homeDir;
secretsDirectory = builtins.toString nix-secrets; secretsDirectory = builtins.toString nix-secrets;
dcUser = lib.swarselsystems.getSecret "${secretsDirectory}/work/dc-user"; dcUser = lib.swarselsystems.getSecret "${secretsDirectory}/work/dc-user";
clUser = lib.swarselsystems.getSecret "${secretsDirectory}/work/cl-user"; clUser = lib.swarselsystems.getSecret "${secretsDirectory}/work/cl-user";
@ -11244,8 +11306,8 @@ The rest of the settings is at [[#h:bbf2ecb6-c8ff-4462-b5d5-d45b28604ddf][work]]
]; ];
home.sessionVariables = { home.sessionVariables = {
DOCUMENT_DIR_PRIV = lib.mkForce "${config.home.homeDirectory}/Documents/Private"; DOCUMENT_DIR_PRIV = lib.mkForce "${homeDir}/Documents/Private";
DOCUMENT_DIR_WORK = lib.mkForce "${config.home.homeDirectory}/Documents/Work"; DOCUMENT_DIR_WORK = lib.mkForce "${homeDir}/Documents/Work";
}; };
wayland.windowManager.sway.config = { wayland.windowManager.sway.config = {
@ -12595,6 +12657,9 @@ This minor-mode adds functionality for doing better surround-commands; for examp
#+end_src #+end_src
**** evil-textobj-tree-sitter **** evil-textobj-tree-sitter
:PROPERTIES:
:CUSTOM_ID: h:cd9a0fb6-e287-4c3c-8013-6aad64ef89cb
:END:
This adds support for tree-sitter objects. This allows for the following chords: This adds support for tree-sitter objects. This allows for the following chords:
- "...af" around function - "...af" around function
@ -12613,6 +12678,9 @@ This adds support for tree-sitter objects. This allows for the following chords:
#+end_src #+end_src
**** evil-textobj-tree-sitter **** evil-textobj-tree-sitter
:PROPERTIES:
:CUSTOM_ID: h:06002ad2-686a-42c5-82d7-61f1340e262d
:END:
#+begin_src emacs-lisp #+begin_src emacs-lisp
@ -13501,6 +13569,9 @@ This adds support for Groovy, which I specifically need to work with Jenkinsfile
#+end_src #+end_src
*** Ansible *** Ansible
:PROPERTIES:
:CUSTOM_ID: h:77fa79d8-81d5-46f2-82f9-8e2922538d44
:END:
#+begin_src emacs-lisp #+begin_src emacs-lisp
@ -14188,6 +14259,9 @@ A blocking issue can still occur while entering a direnv that has a longer evalu
#+end_src #+end_src
*** lsp-mode & company *** lsp-mode & company
:PROPERTIES:
:CUSTOM_ID: h:7b9044cf-0fab-4dfa-87fc-f8c18e433e75
:END:
#+begin_src emacs-lisp #+begin_src emacs-lisp
@ -14206,6 +14280,9 @@ A blocking issue can still occur while entering a direnv that has a longer evalu
#+end_src #+end_src
*** lsp-bridge *** lsp-bridge
:PROPERTIES:
:CUSTOM_ID: h:f7bc590b-9f91-4f6a-8ffe-93e1dea90a61
:END:
#+begin_src emacs-lisp #+begin_src emacs-lisp

3
hosts/darwin/nbm-imba-166/default.nix
View file

@ -16,6 +16,9 @@ in
isLaptop = true; isLaptop = true;
isNixos = false; isNixos = false;
isBtrfs = false; isBtrfs = false;
mainUser = workUser;
homeDir = "/home/${workUser}";
flakePath = "/home/${workUser}/.dotfiles";
}; };
}; };
} }

5
hosts/nixos/chaostheatre/default.nix
View file

@ -1,4 +1,4 @@
{ self, config, pkgs, lib, ... }: { self, config, pkgs, lib, primaryUser, ... }:
let let
profilesPath = "${self}/profiles"; profilesPath = "${self}/profiles";
in in
@ -44,9 +44,8 @@ in
rootDisk = "/dev/vda"; rootDisk = "/dev/vda";
}; };
home-manager.users.swarsel.swarselsystems = { home-manager.users."${primaryUser}".swarselsystems = {
isNixos = true; isNixos = true;
isPublic = true; isPublic = true;
flakePath = "/home/swarsel/.dotfiles";
}; };
} }

22
hosts/nixos/iso/default.nix
View file

@ -1,4 +1,4 @@
{ self, pkgs, inputs, outputs, config, lib, modulesPath, ... }: { self, pkgs, inputs, outputs, config, lib, modulesPath, primaryUser ? "swarsel", ... }:
let let
pubKeys = lib.filesystem.listFilesRecursive "${self}/secrets/keys/ssh"; pubKeys = lib.filesystem.listFilesRecursive "${self}/secrets/keys/ssh";
in in
@ -12,13 +12,13 @@ in
inputs.home-manager.nixosModules.home-manager inputs.home-manager.nixosModules.home-manager
{ {
home-manager.users.swarsel.imports = [ home-manager.users."${primaryUser}".imports = [
"${self}/profiles/home/common/settings.nix" "${self}/profiles/home/common/settings.nix"
] ++ (builtins.attrValues outputs.homeModules); ] ++ (builtins.attrValues outputs.homeModules);
} }
]; ];
home-manager.users.swarsel.home = { home-manager.users."${primaryUser}".home = {
file = { file = {
".bash_history" = { ".bash_history" = {
source = self + /programs/bash/.bash_history; source = self + /programs/bash/.bash_history;
@ -49,15 +49,15 @@ in
config.allowUnfree = true; config.allowUnfree = true;
}; };
services.getty.autologinUser = lib.mkForce "swarsel"; services.getty.autologinUser = lib.mkForce primaryUser;
users = { users = {
allowNoPasswordLogin = true; allowNoPasswordLogin = true;
groups.swarsel = { }; groups.swarsel = { };
users = { users = {
swarsel = { swarsel = {
name = "swarsel"; name = primaryUser;
group = "swarsel"; group = primaryUser;
isNormalUser = true; isNormalUser = true;
password = "setup"; # this is overwritten after install password = "setup"; # this is overwritten after install
openssh.authorizedKeys.keys = lib.lists.forEach pubKeys (key: builtins.readFile key); openssh.authorizedKeys.keys = lib.lists.forEach pubKeys (key: builtins.readFile key);
@ -65,7 +65,7 @@ in
}; };
root = { root = {
# password = lib.mkForce config.users.users.swarsel.password; # this is overwritten after install # password = lib.mkForce config.users.users.swarsel.password; # this is overwritten after install
openssh.authorizedKeys.keys = config.users.users.swarsel.openssh.authorizedKeys.keys; openssh.authorizedKeys.keys = config.users.users."${primaryUser}".openssh.authorizedKeys.keys;
}; };
}; };
}; };
@ -81,10 +81,10 @@ in
system.activationScripts.cache = { system.activationScripts.cache = {
text = '' text = ''
mkdir -p -m=0777 /home/swarsel/.local/state/nix/profiles mkdir -p -m=0777 /home/${primaryUser}/.local/state/nix/profiles
mkdir -p -m=0777 /home/swarsel/.local/state/home-manager/gcroots mkdir -p -m=0777 /home/${primaryUser}/.local/state/home-manager/gcroots
mkdir -p -m=0777 /home/swarsel/.local/share/nix/ mkdir -p -m=0777 /home/${primaryUser}/.local/share/nix/
printf '{\"extra-substituters\":{\"https://nix-community.cachix.org\":true,\"https://nix-community.cachix.org https://cache.ngi0.nixos.org/\":true},\"extra-trusted-public-keys\":{\"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=\":true,\"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs= cache.ngi0.nixos.org-1:KqH5CBLNSyX184S9BKZJo1LxrxJ9ltnY2uAs5c/f1MA=\":true}}' | tee /home/swarsel/.local/share/nix/trusted-settings.json > /dev/null printf '{\"extra-substituters\":{\"https://nix-community.cachix.org\":true,\"https://nix-community.cachix.org https://cache.ngi0.nixos.org/\":true},\"extra-trusted-public-keys\":{\"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=\":true,\"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs= cache.ngi0.nixos.org-1:KqH5CBLNSyX184S9BKZJo1LxrxJ9ltnY2uAs5c/f1MA=\":true}}' | tee /home/${primaryUser}/.local/share/nix/trusted-settings.json > /dev/null
mkdir -p /root/.local/share/nix/ mkdir -p /root/.local/share/nix/
printf '{\"extra-substituters\":{\"https://nix-community.cachix.org\":true,\"https://nix-community.cachix.org https://cache.ngi0.nixos.org/\":true},\"extra-trusted-public-keys\":{\"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=\":true,\"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs= cache.ngi0.nixos.org-1:KqH5CBLNSyX184S9BKZJo1LxrxJ9ltnY2uAs5c/f1MA=\":true}}' | tee /root/.local/share/nix/trusted-settings.json > /dev/null printf '{\"extra-substituters\":{\"https://nix-community.cachix.org\":true,\"https://nix-community.cachix.org https://cache.ngi0.nixos.org/\":true},\"extra-trusted-public-keys\":{\"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=\":true,\"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs= cache.ngi0.nixos.org-1:KqH5CBLNSyX184S9BKZJo1LxrxJ9ltnY2uAs5c/f1MA=\":true}}' | tee /root/.local/share/nix/trusted-settings.json > /dev/null
''; '';

11
hosts/nixos/nbl-imba-2/default.nix
View file

@ -1,10 +1,11 @@
{ self, inputs, pkgs, lib, ... }: { self, inputs, pkgs, lib, primaryUser, ... }:
let let
secretsDirectory = builtins.toString inputs.nix-secrets; secretsDirectory = builtins.toString inputs.nix-secrets;
profilesPath = "${self}/profiles"; profilesPath = "${self}/profiles";
sharedOptions = { sharedOptions = {
isBtrfs = true; isBtrfs = true;
isLinux = true; isLinux = true;
sharescreen = "eDP-2";
}; };
in in
{ {
@ -25,7 +26,7 @@ in
inputs.home-manager.nixosModules.home-manager inputs.home-manager.nixosModules.home-manager
{ {
home-manager.users.swarsel.imports = [ home-manager.users."${primaryUser}".imports = [
"${profilesPath}/home/optional/gaming.nix" "${profilesPath}/home/optional/gaming.nix"
"${profilesPath}/home/optional/work.nix" "${profilesPath}/home/optional/work.nix"
]; ];
@ -110,11 +111,12 @@ in
} }
sharedOptions; sharedOptions;
home-manager.users.swarsel.swarselsystems = lib.recursiveUpdate home-manager.users."${primaryUser}".swarselsystems = lib.recursiveUpdate
{ {
isLaptop = true; isLaptop = true;
isNixos = true; isNixos = true;
flakePath = "/home/swarsel/.dotfiles"; isSecondaryGpu = true;
SecondaryGpuCard = "pci-0000_03_00_0";
cpuCount = 16; cpuCount = 16;
temperatureHwmon = { temperatureHwmon = {
isAbsolutePath = true; isAbsolutePath = true;
@ -132,7 +134,6 @@ in
{ command = "1password"; } { command = "1password"; }
{ command = "feishin"; } { command = "feishin"; }
]; ];
sharescreen = "eDP-2";
lowResolution = "1280x800"; lowResolution = "1280x800";
highResolution = "2560x1600"; highResolution = "2560x1600";
monitors = { monitors = {

4
hosts/nixos/sync/default.nix
View file

@ -1,4 +1,4 @@
{ self, inputs, lib, ... }: { self, inputs, lib, primaryUser, ... }:
let let
profilesPath = "${self}/profiles"; profilesPath = "${self}/profiles";
in in
@ -10,7 +10,7 @@ in
inputs.home-manager.nixosModules.home-manager inputs.home-manager.nixosModules.home-manager
{ {
home-manager.users.swarsel.imports = [ home-manager.users."${primaryUser}".imports = [
"${profilesPath}/home/server" "${profilesPath}/home/server"
]; ];
} }

7
hosts/nixos/toto/default.nix
View file

@ -1,4 +1,4 @@
{ self, inputs, outputs, pkgs, lib, ... }: { self, inputs, outputs, pkgs, lib, primaryUser, ... }:
let let
profilesPath = "${self}/profiles"; profilesPath = "${self}/profiles";
sharedOptions = { sharedOptions = {
@ -25,7 +25,7 @@ in
inputs.home-manager.nixosModules.home-manager inputs.home-manager.nixosModules.home-manager
{ {
home-manager.users.swarsel.imports = [ home-manager.users."${primaryUser}".imports = [
inputs.sops-nix.homeManagerModules.sops inputs.sops-nix.homeManagerModules.sops
"${profilesPath}/home/common/settings.nix" "${profilesPath}/home/common/settings.nix"
"${profilesPath}/home/common/sops.nix" "${profilesPath}/home/common/sops.nix"
@ -73,11 +73,10 @@ in
} }
sharedOptions; sharedOptions;
home-manager.users.swarsel.swarselsystems = lib.recursiveUpdate home-manager.users."${primaryUser}".swarselsystems = lib.recursiveUpdate
{ {
isLaptop = false; isLaptop = false;
isNixos = true; isNixos = true;
flakePath = "/home/swarsel/.dotfiles";
} }
sharedOptions; sharedOptions;

5
hosts/nixos/winters/default.nix
View file

@ -1,4 +1,4 @@
{ self, inputs, ... }: { self, inputs, primaryUser, ... }:
let let
profilesPath = "${self}/profiles"; profilesPath = "${self}/profiles";
in in
@ -12,7 +12,7 @@ in
inputs.home-manager.nixosModules.home-manager inputs.home-manager.nixosModules.home-manager
{ {
home-manager.users.swarsel.imports = [ home-manager.users."${primaryUser}".imports = [
"${profilesPath}/home/server" "${profilesPath}/home/server"
]; ];
} }
@ -37,7 +37,6 @@ in
isImpermanence = false; isImpermanence = false;
isBtrfs = false; isBtrfs = false;
isLinux = true; isLinux = true;
flakePath = "/home/swarsel/.dotfiles";
server = { server = {
enable = true; enable = true;
kavita = true; kavita = true;

11
lib/default.nix
View file

@ -1,4 +1,8 @@
{ self, lib, systems, inputs, outputs, ... }: { self, lib, systems, inputs, outputs, ... }:
let
linuxUser = "swarsel";
macUser = "leon.schwarzaeugl";
in
{ {
mkIfElseList = p: yes: no: lib.mkMerge [ mkIfElseList = p: yes: no: lib.mkMerge [
@ -40,6 +44,9 @@
inputs.impermanence.nixosModules.impermanence inputs.impermanence.nixosModules.impermanence
inputs.lanzaboote.nixosModules.lanzaboote inputs.lanzaboote.nixosModules.lanzaboote
"${self}/hosts/${type}/${host}" "${self}/hosts/${type}/${host}"
{
_module.args.primaryUser = linuxUser;
}
] ++ ] ++
(if (host == "toto" || host == "iso") then [ ] else (if (host == "toto" || host == "iso") then [ ] else
([ ([
@ -54,7 +61,7 @@
]) ++ (if (type == "nixos") then [ ]) ++ (if (type == "nixos") then [
inputs.home-manager.nixosModules.home-manager inputs.home-manager.nixosModules.home-manager
{ {
home-manager.users.swarsel.imports = ( home-manager.users."${linuxUser}".imports = (
if (host == "winters" || host == "sync") then [ ] else [ if (host == "winters" || host == "sync") then [ ] else [
# put home-manager imports here that are for all normal hosts # put home-manager imports here that are for all normal hosts
"${self}/profiles/home/common" "${self}/profiles/home/common"
@ -70,7 +77,7 @@
"${self}/profiles/darwin/nixos/common" "${self}/profiles/darwin/nixos/common"
inputs.home-manager.darwinModules.home-manager inputs.home-manager.darwinModules.home-manager
{ {
home-manager.users."leon.schwarzaeugl".imports = [ home-manager.users."${macUser}".imports = [
# put home-manager imports here that are for darwin hosts # put home-manager imports here that are for darwin hosts
"${self}/profiles/darwin/home" "${self}/profiles/darwin/home"
] ++ (builtins.attrValues outputs.homeModules); ] ++ (builtins.attrValues outputs.homeModules);

4
modules/home/nixos.nix
View file

@ -1,10 +1,6 @@
{ lib, config, ... }: { lib, config, ... }:
{ {
options.swarselsystems = { options.swarselsystems = {
flakePath = lib.mkOption {
type = lib.types.str;
default = "";
};
isNixos = lib.mkEnableOption "nixos host"; isNixos = lib.mkEnableOption "nixos host";
isPublic = lib.mkEnableOption "is a public machine (no secrets)"; isPublic = lib.mkEnableOption "is a public machine (no secrets)";
swayfxConfig = lib.mkOption { swayfxConfig = lib.mkOption {

16
modules/home/setup.nix
View file

@ -3,5 +3,21 @@
options.swarselsystems = { options.swarselsystems = {
isDarwin = lib.mkEnableOption "darwin host"; isDarwin = lib.mkEnableOption "darwin host";
isLinux = lib.mkEnableOption "whether this is a linux machine"; isLinux = lib.mkEnableOption "whether this is a linux machine";
mainUser = lib.mkOption {
type = lib.types.str;
default = "swarsel";
};
homeDir = lib.mkOption {
type = lib.types.str;
default = "/home/swarsel";
};
xdgDir = lib.mkOption {
type = lib.types.str;
default = "/run/user/1000";
};
flakePath = lib.mkOption {
type = lib.types.str;
default = "/home/swarsel/.dotfiles";
};
}; };
} }

4
modules/nixos/setup.nix
View file

@ -1,10 +1,6 @@
{ lib, ... }: { lib, ... }:
{ {
options.swarselsystems = { options.swarselsystems = {
user = lib.mkOption {
type = lib.types.str;
default = "swarsel";
};
withHomeManager = lib.mkOption { withHomeManager = lib.mkOption {
type = lib.types.bool; type = lib.types.bool;
default = true; default = true;

2
pkgs/github-notifications/default.nix
View file

@ -4,7 +4,7 @@ writeShellApplication {
inherit name; inherit name;
runtimeInputs = [ jq ]; runtimeInputs = [ jq ];
text = '' text = ''
count=$(curl -u Swarsel:"$(cat /run/user/1000/secrets/github_notif)" https://api.github.com/notifications | jq '. | length') count=$(curl -u Swarsel:"$(cat "$XDG_RUNTIME_DIR/secrets/github_notif")" https://api.github.com/notifications | jq '. | length')
if [[ "$count" != "0" ]]; then if [[ "$count" != "0" ]]; then
echo "{\"text\":\"$count\"}" echo "{\"text\":\"$count\"}"

9
profiles/home/common/emacs.nix
View file

@ -1,8 +1,11 @@
{ self, lib, config, pkgs, ... }: { self, lib, config, pkgs, ... }:
let
inherit (config.swarselsystems) homeDir isPublic;
in
{ {
# needed for elfeed # needed for elfeed
sops.secrets.fever = lib.mkIf (!config.swarselsystems.isPublic) { path = "${config.home.homeDirectory}/.emacs.d/.fever"; }; sops.secrets.fever = lib.mkIf (!isPublic) { path = "${homeDir}/.emacs.d/.fever"; };
# enable emacs overlay for bleeding edge features # enable emacs overlay for bleeding edge features
# also read init.el file and install use-package packages # also read init.el file and install use-package packages
@ -68,7 +71,7 @@
services.emacs = { services.emacs = {
enable = true; enable = true;
# socketActivation.enable = false; socketActivation.enable = false;
# startWithUserSession = "graphical"; startWithUserSession = "graphical";
}; };
} }

3
profiles/home/common/env.nix
View file

@ -14,12 +14,13 @@ in
DISPLAY = ":0"; DISPLAY = ":0";
SWARSEL_LO_RES = config.swarselsystems.lowResolution; SWARSEL_LO_RES = config.swarselsystems.lowResolution;
SWARSEL_HI_RES = config.swarselsystems.highResolution; SWARSEL_HI_RES = config.swarselsystems.highResolution;
};
systemd.user.sessionVariables = {
SWARSEL_LEON_MAIL = leonMail; SWARSEL_LEON_MAIL = leonMail;
SWARSEL_NAUTILUS_MAIL = nautilusMail; SWARSEL_NAUTILUS_MAIL = nautilusMail;
SWARSEL_MRSWARSEL_MAIL = mrswarselMail; SWARSEL_MRSWARSEL_MAIL = mrswarselMail;
SWARSEL_SWARSEL_MAIL = swarselMail; SWARSEL_SWARSEL_MAIL = swarselMail;
SWARSEL_FULLNAME = fullName; SWARSEL_FULLNAME = fullName;
SWARSEL_MAIL_ALL = allMailAddresses; SWARSEL_MAIL_ALL = allMailAddresses;
}; };
} }

7
profiles/home/common/gpg-agent.nix
View file

@ -1,4 +1,7 @@
{ self, pkgs, ... }: { self, config, pkgs, ... }:
let
inherit (config.swarselsystems) mainUser homeDir;
in
{ {
services.gpg-agent = { services.gpg-agent = {
enable = true; enable = true;
@ -28,7 +31,7 @@
# assure correct permissions # assure correct permissions
systemd.user.tmpfiles.rules = [ systemd.user.tmpfiles.rules = [
"d /home/swarsel/.gnupg 700 swarsel users" "d ${homeDir}/.gnupg 700 ${mainUser} users"
]; ];
} }

12
profiles/home/common/settings.nix
View file

@ -1,4 +1,7 @@
{ lib, config, ... }: { lib, config, ... }:
let
inherit (config.swarselsystems) mainUser;
in
{ {
nix = lib.mkIf (!config.swarselsystems.isNixos) { nix = lib.mkIf (!config.swarselsystems.isNixos) {
settings = { settings = {
@ -9,7 +12,7 @@
"cgroups" "cgroups"
"pipe-operators" "pipe-operators"
]; ];
trusted-users = [ "@wheel" "swarsel" ]; trusted-users = [ "@wheel" "${mainUser}" ];
connect-timeout = 5; connect-timeout = 5;
bash-prompt-prefix = "$SHLVL:\\w "; bash-prompt-prefix = "$SHLVL:\\w ";
bash-prompt = "$(if [[ $? -gt 0 ]]; then printf \"\"; else printf \"\"; fi)\[\e[1m\]λ\[\e[0m\] "; bash-prompt = "$(if [[ $? -gt 0 ]]; then printf \"\"; else printf \"\"; fi)\[\e[1m\]λ\[\e[0m\] ";
@ -26,14 +29,15 @@
nixpkgs.overlays = lib.mkIf config.swarselsystems.isNixos (lib.mkForce null); nixpkgs.overlays = lib.mkIf config.swarselsystems.isNixos (lib.mkForce null);
programs.home-manager.enable = lib.mkIf (!config.swarselsystems.isNixos) true; programs.home-manager.enable = lib.mkIf (!config.swarselsystems.isNixos) true;
targets.genericLinux.enable = lib.mkIf (!config.swarselsystems.isNixos) true;
home = { home = {
username = lib.mkDefault "swarsel"; username = lib.mkDefault mainUser;
homeDirectory = lib.mkDefault "/home/${config.home.username}"; homeDirectory = lib.mkDefault "/home/${mainUser}";
stateVersion = lib.mkDefault "23.05"; stateVersion = lib.mkDefault "23.05";
keyboard.layout = "us"; keyboard.layout = "us";
sessionVariables = { sessionVariables = {
FLAKE = "${config.home.homeDirectory}/.dotfiles"; FLAKE = "/home/${mainUser}/.dotfiles";
}; };
}; };

19
profiles/home/common/sops.nix
View file

@ -1,17 +1,20 @@
{ config, lib, ... }: { config, lib, ... }:
let
inherit (config.swarselsystems) homeDir xdgDir;
in
{ {
sops = lib.mkIf (!config.swarselsystems.isPublic) { sops = lib.mkIf (!config.swarselsystems.isPublic) {
age.sshKeyPaths = [ "${config.home.homeDirectory}/.ssh/sops" "${config.home.homeDirectory}/.ssh/ssh_host_ed25519_key" ]; age.sshKeyPaths = [ "${homeDir}/.ssh/sops" "${homeDir}/.ssh/ssh_host_ed25519_key" ];
defaultSopsFile = lib.swarselsystems.mkIfElseList config.swarselsystems.isBtrfs "/persist/.dotfiles/secrets/general/secrets.yaml" "${config.home.homeDirectory}/.dotfiles/secrets/general/secrets.yaml"; defaultSopsFile = lib.swarselsystems.mkIfElseList config.swarselsystems.isBtrfs "/persist/.dotfiles/secrets/general/secrets.yaml" "${homeDir}/.dotfiles/secrets/general/secrets.yaml";
validateSopsFiles = false; validateSopsFiles = false;
secrets = { secrets = {
mrswarsel = { path = "/run/user/1000/secrets/mrswarsel"; }; mrswarsel = { path = "${xdgDir}/secrets/mrswarsel"; };
nautilus = { path = "/run/user/1000/secrets/nautilus"; }; nautilus = { path = "${xdgDir}/secrets/nautilus"; };
leon = { path = "/run/user/1000/secrets/leon"; }; leon = { path = "${xdgDir}/secrets/leon"; };
swarselmail = { path = "/run/user/1000/secrets/swarselmail"; }; swarselmail = { path = "${xdgDir}/secrets/swarselmail"; };
github_notif = { path = "/run/user/1000/secrets/github_notif"; }; github_notif = { path = "${xdgDir}/secrets/github_notif"; };
u2f_keys = { path = "${config.home.homeDirectory}/.config/Yubico/u2f_keys"; }; u2f_keys = { path = "${homeDir}/.config/Yubico/u2f_keys"; };
}; };
}; };
} }

9
profiles/home/common/zsh.nix
View file

@ -1,13 +1,16 @@
{ config, pkgs, lib, ... }: { config, pkgs, lib, ... }:
let
inherit (config.swarselsystems) flakePath;
in
{ {
programs.zsh = { programs.zsh = {
enable = true; enable = true;
shellAliases = lib.recursiveUpdate shellAliases = lib.recursiveUpdate
{ {
hg = "history | grep"; hg = "history | grep";
hmswitch = "home-manager --flake ${config.swarselsystems.flakePath}#$(whoami)@$(hostname) switch |& nom"; hmswitch = "home-manager --flake ${flakePath}#$(whoami)@$(hostname) switch |& nom";
nswitch = "sudo nixos-rebuild --flake ${config.swarselsystems.flakePath}#$(hostname) --show-trace --log-format internal-json -v switch |& nom --json"; nswitch = "sudo nixos-rebuild --flake ${flakePath}#$(hostname) --show-trace --log-format internal-json -v switch |& nom --json";
nboot = "sudo nixos-rebuild --flake ${config.swarselsystems.flakePath}#$(hostname) --show-trace --log-format internal-json -v boot |& nom --json"; nboot = "sudo nixos-rebuild --flake ${flakePath}#$(hostname) --show-trace --log-format internal-json -v boot |& nom --json";
magit = "emacsclient -nc -e \"(magit-status)\""; magit = "emacsclient -nc -e \"(magit-status)\"";
config = "git --git-dir=$HOME/.cfg/ --work-tree=$HOME"; config = "git --git-dir=$HOME/.cfg/ --work-tree=$HOME";
g = "git"; g = "git";

5
profiles/home/optional/work.nix
View file

@ -1,5 +1,6 @@
{ self, config, pkgs, lib, nix-secrets, ... }: { self, config, pkgs, lib, nix-secrets, ... }:
let let
inherit (config.swarselsystems) homeDir;
secretsDirectory = builtins.toString nix-secrets; secretsDirectory = builtins.toString nix-secrets;
dcUser = lib.swarselsystems.getSecret "${secretsDirectory}/work/dc-user"; dcUser = lib.swarselsystems.getSecret "${secretsDirectory}/work/dc-user";
clUser = lib.swarselsystems.getSecret "${secretsDirectory}/work/cl-user"; clUser = lib.swarselsystems.getSecret "${secretsDirectory}/work/cl-user";
@ -21,8 +22,8 @@ in
]; ];
home.sessionVariables = { home.sessionVariables = {
DOCUMENT_DIR_PRIV = lib.mkForce "${config.home.homeDirectory}/Documents/Private"; DOCUMENT_DIR_PRIV = lib.mkForce "${homeDir}/Documents/Private";
DOCUMENT_DIR_WORK = lib.mkForce "${config.home.homeDirectory}/Documents/Work"; DOCUMENT_DIR_WORK = lib.mkForce "${homeDir}/Documents/Work";
}; };
wayland.windowManager.sway.config = { wayland.windowManager.sway.config = {

15
profiles/nixos/common/impermanence.nix
View file

@ -1,10 +1,11 @@
{ config, lib, ... }: { config, lib, ... }:
let let
mapperTarget = lib.swarselsystems.mkIfElse config.swarselsystems.isCrypted "/dev/mapper/cryptroot" "/dev/disk/by-label/nixos"; mapperTarget = lib.swarselsystems.mkIfElse config.swarselsystems.isCrypted "/dev/mapper/cryptroot" "/dev/disk/by-label/nixos";
inherit (config.swarselsystems) homeDir isImpermanence isCrypted;
in in
{ {
security.sudo.extraConfig = lib.mkIf config.swarselsystems.isImpermanence '' security.sudo.extraConfig = lib.mkIf isImpermanence ''
# rollback results in sudo lectures after each reboot # rollback results in sudo lectures after each reboot
Defaults lecture = never Defaults lecture = never
''; '';
@ -13,15 +14,15 @@ in
# So if it doesn't run, the btrfs system effectively acts like a normal system # So if it doesn't run, the btrfs system effectively acts like a normal system
# Taken from https://github.com/NotAShelf/nyx/blob/2a8273ed3f11a4b4ca027a68405d9eb35eba567b/modules/core/common/system/impermanence/default.nix # Taken from https://github.com/NotAShelf/nyx/blob/2a8273ed3f11a4b4ca027a68405d9eb35eba567b/modules/core/common/system/impermanence/default.nix
boot.initrd.systemd.enable = lib.mkIf config.swarselsystems.isImpermanence true; boot.initrd.systemd.enable = lib.mkIf isImpermanence true;
boot.initrd.systemd.services.rollback = lib.mkIf config.swarselsystems.isImpermanence { boot.initrd.systemd.services.rollback = lib.mkIf isImpermanence {
description = "Rollback BTRFS root subvolume to a pristine state"; description = "Rollback BTRFS root subvolume to a pristine state";
wantedBy = [ "initrd.target" ]; wantedBy = [ "initrd.target" ];
# make sure it's done after encryption # make sure it's done after encryption
# i.e. LUKS/TPM process # i.e. LUKS/TPM process
after = lib.swarselsystems.mkIfElseList config.swarselsystems.isCrypted [ "systemd-cryptsetup@cryptroot.service" ] [ "dev-disk-by\\x2dlabel-nixos.device" ]; after = lib.swarselsystems.mkIfElseList isCrypted [ "systemd-cryptsetup@cryptroot.service" ] [ "dev-disk-by\\x2dlabel-nixos.device" ];
requires = lib.mkIf (!config.swarselsystems.isCrypted) [ "dev-disk-by\\x2dlabel-nixos.device" ]; requires = lib.mkIf (!isCrypted) [ "dev-disk-by\\x2dlabel-nixos.device" ];
# mount the root fs before clearing # mount the root fs before clearing
before = [ "sysroot.mount" ]; before = [ "sysroot.mount" ];
unitConfig.DefaultDependencies = "no"; unitConfig.DefaultDependencies = "no";
@ -63,7 +64,7 @@ in
}; };
environment.persistence."/persist" = lib.mkIf config.swarselsystems.isImpermanence { environment.persistence."/persist" = lib.mkIf isImpermanence {
hideMounts = true; hideMounts = true;
directories = directories =
[ [
@ -73,7 +74,7 @@ in
"/etc/nix" "/etc/nix"
"/etc/NetworkManager/system-connections" "/etc/NetworkManager/system-connections"
# "/etc/secureboot" # "/etc/secureboot"
"/home/swarsel/.dotfiles" "${homeDir}/.dotfiles"
"/var/db/sudo" "/var/db/sudo"
"/var/cache" "/var/cache"
"/var/lib" "/var/lib"

1
profiles/nixos/common/login.nix
View file

@ -4,7 +4,6 @@
enable = true; enable = true;
settings = { settings = {
initial_session.command = "sway"; initial_session.command = "sway";
# initial_session.user ="swarsel";
default_session.command = '' default_session.command = ''
${pkgs.greetd.tuigreet}/bin/tuigreet \ ${pkgs.greetd.tuigreet}/bin/tuigreet \
--time \ --time \

2
profiles/nixos/common/network.nix
View file

@ -225,7 +225,7 @@
proxy = { }; proxy = { };
wifi = { wifi = {
mode = "ap"; mode = "ap";
ssid = "Hotspot-swarsel"; ssid = "Hotspot-${config.swarselsystems.mainUser}";
}; };
wifi-security = { wifi-security = {
group = "ccmp;"; group = "ccmp;";

2
profiles/nixos/common/settings.nix
View file

@ -21,7 +21,7 @@
"cgroups" "cgroups"
"pipe-operators" "pipe-operators"
]; ];
trusted-users = [ "@wheel" "swarsel" ]; trusted-users = [ "@wheel" "${config.swarselsystems.mainUser}" ];
connect-timeout = 5; connect-timeout = 5;
bash-prompt-prefix = "$SHLVL:\\w "; bash-prompt-prefix = "$SHLVL:\\w ";
bash-prompt = "$(if [[ $? -gt 0 ]]; then printf \"\"; else printf \"\"; fi)\[\e[1m\]λ\[\e[0m\] "; bash-prompt = "$(if [[ $? -gt 0 ]]; then printf \"\"; else printf \"\"; fi)\[\e[1m\]λ\[\e[0m\] ";

18
profiles/nixos/common/sops.nix
View file

@ -1,12 +1,13 @@
{ self, config, lib, ... }: { self, config, lib, ... }:
let let
certsSopsFile = self + /secrets/certs/secrets.yaml; certsSopsFile = self + /secrets/certs/secrets.yaml;
inherit (config.swarselsystems) mainUser homeDir;
in in
{ {
sops = lib.mkIf (!config.swarselsystems.isPublic) { sops = lib.mkIf (!config.swarselsystems.isPublic) {
age.sshKeyPaths = lib.swarselsystems.mkIfElseList config.swarselsystems.isBtrfs [ "/persist/.ssh/sops" "/persist/.ssh/ssh_host_ed25519_key" ] [ "${config.users.users.swarsel.home}/.ssh/sops" "/etc/ssh/ssh_host_ed25519_key" ]; age.sshKeyPaths = lib.swarselsystems.mkIfElseList config.swarselsystems.isBtrfs [ "/persist/.ssh/sops" "/persist/.ssh/ssh_host_ed25519_key" ] [ "${homeDir}/.ssh/sops" "/etc/ssh/ssh_host_ed25519_key" ];
defaultSopsFile = lib.swarselsystems.mkIfElseList config.swarselsystems.isBtrfs "/persist/.dotfiles/secrets/general/secrets.yaml" "${config.users.users.swarsel.home}/.dotfiles/secrets/general/secrets.yaml"; defaultSopsFile = lib.swarselsystems.mkIfElseList config.swarselsystems.isBtrfs "/persist/.dotfiles/secrets/general/secrets.yaml" "${homeDir}/.dotfiles/secrets/general/secrets.yaml";
validateSopsFiles = false; validateSopsFiles = false;
@ -28,8 +29,8 @@ in
githubforgepass = { }; githubforgepass = { };
gitlabforgeuser = { }; gitlabforgeuser = { };
gitlabforgepass = { }; gitlabforgepass = { };
"sweden-aes-128-cbc-udp-dns-crl-verify.pem" = { sopsFile = certsSopsFile; owner = "swarsel"; }; "sweden-aes-128-cbc-udp-dns-crl-verify.pem" = { sopsFile = certsSopsFile; owner = mainUser; };
"sweden-aes-128-cbc-udp-dns-ca.pem" = { sopsFile = certsSopsFile; owner = "swarsel"; }; "sweden-aes-128-cbc-udp-dns-ca.pem" = { sopsFile = certsSopsFile; owner = mainUser; };
}; };
templates = { templates = {
"network-manager.env".content = '' "network-manager.env".content = ''
@ -45,15 +46,6 @@ in
WIREGUARDPUB=${config.sops.placeholder.wireguardpub} WIREGUARDPUB=${config.sops.placeholder.wireguardpub}
WIREGUARDENDPOINT=${config.sops.placeholder.wireguardendpoint} WIREGUARDENDPOINT=${config.sops.placeholder.wireguardendpoint}
''; '';
# ".authinfo" = {
# owner = "swarsel";
# path = "${config.users.users.swarsel.home}/.emacs.d/.authinfo";
# content = ''
# machine stash.swarsel.win:443 port https login ${config.sops.placeholder.stashuser} password ${config.sops.placeholder.stashpass}
# machine gitlab.com/api/v4 login ${config.sops.placeholder.githubforgeuser} password ${config.sops.placeholder.githubforgepass}
# machine api.github.com login ${config.sops.placeholder.gitlabforgeuser} password ${config.sops.placeholder.gitlabforgepass}
# '';
# };
}; };
}; };
} }

2
profiles/nixos/common/stylix.nix
View file

@ -6,7 +6,7 @@
image = config.swarselsystems.wallpaper; image = config.swarselsystems.wallpaper;
} }
config.swarselsystems.stylix; config.swarselsystems.stylix;
home-manager.users.swarsel = { home-manager.users."${config.swarselsystems.mainUser}" = {
stylix = { stylix = {
targets = { targets = {
emacs.enable = false; emacs.enable = false;

21
profiles/nixos/common/syncthing.nix
View file

@ -1,10 +1,13 @@
{ lib, ... }: { lib, config, ... }:
let
inherit (config.swarselsystems) mainUser homeDir;
in
{ {
services.syncthing = { services.syncthing = {
enable = true; enable = true;
user = "swarsel"; user = mainUser;
dataDir = "/home/swarsel"; dataDir = homeDir;
configDir = "/home/swarsel/.config/syncthing"; configDir = "${homeDir}/.config/syncthing";
openDefaultPorts = true; openDefaultPorts = true;
settings = { settings = {
devices = { devices = {
@ -20,27 +23,27 @@
}; };
folders = { folders = {
"Default Folder" = lib.mkDefault { "Default Folder" = lib.mkDefault {
path = "/home/swarsel/Sync"; path = "${homeDir}/Sync";
devices = [ "sync (@oracle)" "magicant" "winters" ]; devices = [ "sync (@oracle)" "magicant" "winters" ];
id = "default"; id = "default";
}; };
"Obsidian" = { "Obsidian" = {
path = "/home/swarsel/Nextcloud/Obsidian"; path = "${homeDir}/Nextcloud/Obsidian";
devices = [ "sync (@oracle)" "magicant" "winters" ]; devices = [ "sync (@oracle)" "magicant" "winters" ];
id = "yjvni-9eaa7"; id = "yjvni-9eaa7";
}; };
"Org" = { "Org" = {
path = "/home/swarsel/Nextcloud/Org"; path = "${homeDir}/Nextcloud/Org";
devices = [ "sync (@oracle)" "magicant" "winters" ]; devices = [ "sync (@oracle)" "magicant" "winters" ];
id = "a7xnl-zjj3d"; id = "a7xnl-zjj3d";
}; };
"Vpn" = { "Vpn" = {
path = "/home/swarsel/Vpn"; path = "${homeDir}/Vpn";
devices = [ "sync (@oracle)" "magicant" "winters" ]; devices = [ "sync (@oracle)" "magicant" "winters" ];
id = "hgp9s-fyq3p"; id = "hgp9s-fyq3p";
}; };
".elfeed" = { ".elfeed" = {
path = "/home/swarsel/.elfeed"; path = "${homeDir}/.elfeed";
devices = [ "sync (@oracle)" "magicant" "winters" ]; devices = [ "sync (@oracle)" "magicant" "winters" ];
id = "h7xbs-fs9v1"; id = "h7xbs-fs9v1";
}; };

2
profiles/nixos/common/users.nix
View file

@ -4,7 +4,7 @@
users = { users = {
mutableUsers = lib.mkIf (!config.swarselsystems.initialSetup) false; mutableUsers = lib.mkIf (!config.swarselsystems.initialSetup) false;
users.swarsel = { users."${config.swarselsystems.mainUser}" = {
isNormalUser = true; isNormalUser = true;
description = "Leon S"; description = "Leon S";
password = lib.mkIf config.swarselsystems.initialSetup "setup"; password = lib.mkIf config.swarselsystems.initialSetup "setup";

9
profiles/nixos/optional/autologin.nix
View file

@ -1,7 +1,10 @@
_: { config, ... }:
let
inherit (config.swarselsystems) mainUser;
in
{ {
services = { services = {
getty.autologinUser = "swarsel"; getty.autologinUser = mainUser;
greetd.settings.initial_session.user = "swarsel"; greetd.settings.initial_session.user = mainUser;
}; };
} }

32
profiles/nixos/optional/work.nix
View file

@ -1,6 +1,7 @@
{ self, lib, pkgs, config, ... }: { self, lib, pkgs, config, ... }:
let let
owner = "swarsel"; inherit (config.swarselsystems) mainUser homeDir xdgDir;
owner = mainUser;
sopsFile = self + /secrets/work/secrets.yaml; sopsFile = self + /secrets/work/secrets.yaml;
in in
{ {
@ -26,7 +27,7 @@ in
_1password.enable = true; _1password.enable = true;
_1password-gui = { _1password-gui = {
enable = true; enable = true;
polkitPolicyOwners = [ "swarsel" ]; polkitPolicyOwners = [ "${mainUser}" ];
}; };
}; };
@ -93,7 +94,7 @@ in
openssh = { openssh = {
enable = true; enable = true;
extraConfig = '' extraConfig = ''
''; '';
}; };
syncthing = { syncthing = {
@ -103,13 +104,36 @@ in
}; };
folders = { folders = {
"Documents" = { "Documents" = {
path = "/home/swarsel/Documents"; path = "${homeDir}/Documents";
devices = [ "magicant" "winters" ]; devices = [ "magicant" "winters" ];
id = "hgr3d-pfu3w"; id = "hgr3d-pfu3w";
}; };
}; };
}; };
}; };
udev.extraRules = ''
SUBSYSTEM=="usb", ACTION=="add", ATTRS{idVendor}=="04e8", ATTRS{idProduct}=="6860", TAG+="systemd", ENV{SYSTEMD_WANTS}="swarsel-screenshare.service"
'';
};
systemd.services.swarsel-screenshare = {
enable = true;
description = "Screensharing service upon dongle plugin";
serviceConfig = {
ExecStart = "${pkgs.screenshare}/bin/screenshare";
User = mainUser;
Group = "users";
Environment = [
"PATH=/run/current-system/sw/bin:/etc/profiles/per-user/${mainUser}/bin"
"XDG_RUNTIME_DIR=${xdgDir}"
"WAYLAND_DISPLAY=wayland-1"
];
Type = "oneshot";
StandardOutput = "journal";
StandardError = "journal";
};
}; };
# cgroups v1 is required for centos7 dockers # cgroups v1 is required for centos7 dockers

13
profiles/nixos/server/settings.nix
View file

@ -1,12 +1,15 @@
{ lib, config, ... }: { lib, config, ... }:
let
inherit (config.swarselsystems) flakePath;
in
{ {
environment.shellAliases = lib.recursiveUpdate environment.shellAliases = lib.recursiveUpdate
{ {
npswitch = "cd ${config.swarselsystems.flakePath}; git pull; sudo nixos-rebuild --flake .#$(hostname) switch; cd -;"; npswitch = "cd ${flakePath}; git pull; sudo nixos-rebuild --flake .#$(hostname) switch; cd -;";
nswitch = "sudo nixos-rebuild --flake ${config.swarselsystems.flakePath}#$(hostname) switch;"; nswitch = "sudo nixos-rebuild --flake ${flakePath}#$(hostname) switch;";
npiswitch = "cd ${config.swarselsystems.flakePath}; git pull; sudo nixos-rebuild --flake .#$(hostname) switch --impure; cd -;"; npiswitch = "cd ${flakePath}; git pull; sudo nixos-rebuild --flake .#$(hostname) switch --impure; cd -;";
nipswitch = "cd ${config.swarselsystems.flakePath}; git pull; sudo nixos-rebuild --flake .#$(hostname) switch --impure; cd -;"; nipswitch = "cd ${flakePath}; git pull; sudo nixos-rebuild --flake .#$(hostname) switch --impure; cd -;";
niswitch = "sudo nixos-rebuild --flake ${config.swarselsystems.flakePath}#$(hostname) switch --impure;"; niswitch = "sudo nixos-rebuild --flake ${flakePath}#$(hostname) switch --impure;";
} }
config.swarselsystems.shellAliases; config.swarselsystems.shellAliases;

4
profiles/nixos/server/ssh.nix
View file

@ -1,9 +1,9 @@
{ self, ... }: { self, config, ... }:
{ {
services.openssh = { services.openssh = {
enable = true; enable = true;
}; };
users.users.swarsel.openssh.authorizedKeys.keyFiles = [ users.users."${config.swarselsystems.mainUser}".openssh.authorizedKeys.keyFiles = [
(self + /secrets/keys/ssh/yubikey.pub) (self + /secrets/keys/ssh/yubikey.pub)
(self + /secrets/keys/ssh/magicant.pub) (self + /secrets/keys/ssh/magicant.pub)
]; ];

2
scripts/swarsel-bootstrap.sh
View file

@ -285,7 +285,7 @@ sops updatekeys --yes --enable-local-keyservice "${git_root}"/secrets/*/secrets.
green "Making ssh_host_ed25519_key available to home-manager for user $target_user" green "Making ssh_host_ed25519_key available to home-manager for user $target_user"
sed -i "/$target_hostname/d; /$target_destination/d" ~/.ssh/known_hosts sed -i "/$target_hostname/d; /$target_destination/d" ~/.ssh/known_hosts
$scp_cmd root@"$target_destination":/etc/ssh/ssh_host_ed25519_key root@"$target_destination":/home/"$target_user"/.ssh/ssh_host_ed25519_key $scp_cmd root@"$target_destination":/etc/ssh/ssh_host_ed25519_key root@"$target_destination":/home/"$target_user"/.ssh/ssh_host_ed25519_key
$ssh_root_cmd "chown $target_user:users /home/swarsel/.ssh/ssh_host_ed25519_key" $ssh_root_cmd "chown $target_user:users /home/$target_user/.ssh/ssh_host_ed25519_key"
# __________________________ # __________________________
if yes_or_no "Add ssh host fingerprints for git upstream repositories? (This is needed for building the full config)"; then if yes_or_no "Add ssh host fingerprints for git upstream repositories? (This is needed for building the full config)"; then

7
templates/hosts/nixos/default.nix
View file

@ -1,4 +1,4 @@
{ self, inputs, pkgs, lib, ... }: { self, inputs, pkgs, lib, primaryUser, ... }:
let let
profilesPath = "${self}/profiles"; profilesPath = "${self}/profiles";
sharedOptions = { sharedOptions = {
@ -21,7 +21,7 @@ in
inputs.home-manager.nixosModules.home-manager inputs.home-manager.nixosModules.home-manager
{ {
home-manager.users.swarsel.imports = [ home-manager.users."${primaryUser}".imports = [
"${profilesPath}/home/optional/gaming.nix" "${profilesPath}/home/optional/gaming.nix"
]; ];
} }
@ -50,11 +50,10 @@ in
} }
sharedOptions; sharedOptions;
home-manager.users.swarsel.swarselsystems = lib.recursiveUpdate home-manager.users."${primaryUser}".swarselsystems = lib.recursiveUpdate
{ {
isLaptop = true; isLaptop = true;
isNixos = true; isNixos = true;
flakePath = "/home/swarsel/.dotfiles";
cpuCount = 16; cpuCount = 16;
startup = [ startup = [
{ command = "nextcloud --background"; } { command = "nextcloud --background"; }