From ad2241586e0202617001416833db48e8da2b31e8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leon=20Schwarz=C3=A4ugl?= Date: Tue, 23 Sep 2025 17:34:19 +0200 Subject: [PATCH] chore: flake maintenance --- SwarselSystems.org | 3367 +++++++++---------- files/firefox/chrome/userChrome.css | 6 +- files/templates/hosts/nixos/disk-config.nix | 2 +- flake.nix | 2 - hosts/nixos/bakery/default.nix | 52 +- hosts/nixos/bakery/disk-config.nix | 2 +- hosts/nixos/chaostheatre/default.nix | 10 +- hosts/nixos/milkywell/default.nix | 13 +- hosts/nixos/milkywell/disk-config.nix | 1 - hosts/nixos/moonside/default.nix | 19 +- hosts/nixos/moonside/disk-config.nix | 1 - hosts/nixos/pyramid/default.nix | 24 +- hosts/nixos/toto/default.nix | 5 +- hosts/nixos/toto/disk-config.nix | 1 - hosts/nixos/winters/default.nix | 44 +- index.html | 3054 ++++++++--------- modules/home/common/custom-packages.nix | 1 + modules/home/common/env.nix | 3 +- modules/home/common/sharedoptions.nix | 1 - modules/home/optional/work.nix | 2 + modules/nixos/client/network.nix | 1 - modules/nixos/client/nix-ld.nix | 1 + modules/nixos/common/home-manager.nix | 2 +- modules/nixos/common/topology.nix | 2 +- modules/nixos/optional/btrfs.nix | 6 +- modules/nixos/server/homebox.nix | 2 +- nix/hosts.nix | 4 + nix/overlays.nix | 2 +- pkgs/endme/default.nix | 9 + pkgs/fhs/default.nix | 2 +- pkgs/screenshare/default.nix | 6 - profiles/home/chaostheatre/default.nix | 70 +- profiles/home/optionals/default.nix | 13 + profiles/home/personal/default.nix | 4 - profiles/home/reduced/default.nix | 47 - profiles/nixos/amdcpu/default.nix | 13 - profiles/nixos/amdgpu/default.nix | 13 - profiles/nixos/btrfs/default.nix | 13 - profiles/nixos/chaostheatre/default.nix | 80 +- profiles/nixos/hibernation/default.nix | 13 - profiles/nixos/localserver/default.nix | 35 +- profiles/nixos/minimal/default.nix | 1 + profiles/nixos/moonside/default.nix | 30 - profiles/nixos/optionals/default.nix | 20 + profiles/nixos/personal/default.nix | 10 +- profiles/nixos/reduced/default.nix | 61 - profiles/nixos/syncserver/default.nix | 26 - profiles/nixos/toto/default.nix | 23 - secrets/repo/pii.nix.enc | 6 +- 49 files changed, 3232 insertions(+), 3893 deletions(-) create mode 100644 pkgs/endme/default.nix delete mode 100644 pkgs/screenshare/default.nix create mode 100644 profiles/home/optionals/default.nix delete mode 100644 profiles/home/reduced/default.nix delete mode 100644 profiles/nixos/amdcpu/default.nix delete mode 100644 profiles/nixos/amdgpu/default.nix delete mode 100644 profiles/nixos/btrfs/default.nix delete mode 100644 profiles/nixos/hibernation/default.nix delete mode 100644 profiles/nixos/moonside/default.nix create mode 100644 profiles/nixos/optionals/default.nix delete mode 100644 profiles/nixos/reduced/default.nix delete mode 100644 profiles/nixos/syncserver/default.nix delete mode 100644 profiles/nixos/toto/default.nix diff --git a/SwarselSystems.org b/SwarselSystems.org index 54c2b9c..6154f42 100644 --- a/SwarselSystems.org +++ b/SwarselSystems.org @@ -396,11 +396,9 @@ A short overview over each input and what it does: nixConfig = { extra-substituters = [ "https://nix-community.cachix.org" - "https://cache.ngi0.nixos.org/" ]; extra-trusted-public-keys = [ "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" - "cache.ngi0.nixos.org-1:KqH5CBLNSyX184S9BKZJo1LxrxJ9ltnY2uAs5c/f1MA=" ]; }; inputs = { @@ -865,6 +863,10 @@ The rest of the outputs either define or help define the actual configurations: minimal = lib.mkIf minimal (lib.mkDefault true); }; + swarselmodules.server = { + ssh = lib.mkIf (!minimal) (lib.mkDefault true); + }; + swarselsystems = { mainUser = lib.mkDefault "swarsel"; }; @@ -901,41 +903,41 @@ The rest of the outputs either define or help define the actual configurations: let systemFunc = if (type == "home") then inputs.home-manager.lib.homeManagerConfiguration else inputs.nix-on-droid.lib.nixOnDroidConfiguration; in - systemFunc - { - inherit pkgs; - extraSpecialArgs = { inherit inputs outputs lib self configName; }; - modules = [ "${self}/hosts/${type}/${configName}" ]; - }; + systemFunc + { + inherit pkgs; + extraSpecialArgs = { inherit inputs outputs lib self configName; }; + modules = [ "${self}/hosts/${type}/${configName}" ]; + }; }; mkHalfHostConfigs = hosts: type: pkgs: lib.foldl (acc: set: acc // set) { } (lib.map (name: mkHalfHost name type pkgs) hosts); nixosHosts = builtins.attrNames (lib.filterAttrs (_: type: type == "directory") (builtins.readDir "${self}/hosts/nixos")); darwinHosts = builtins.attrNames (lib.filterAttrs (_: type: type == "directory") (builtins.readDir "${self}/hosts/darwin")); in - { - nixosConfigurations = lib.genAttrs nixosHosts (mkNixosHost { - minimal = false; - }); - nixosConfigurationsMinimal = lib.genAttrs nixosHosts (mkNixosHost { - minimal = true; - }); - darwinConfigurations = lib.genAttrs darwinHosts (mkDarwinHost { - minimal = false; - }); - darwinConfigurationsMinimal = lib.genAttrs darwinHosts (mkDarwinHost { - minimal = true; - }); + { + nixosConfigurations = lib.genAttrs nixosHosts (mkNixosHost { + minimal = false; + }); + nixosConfigurationsMinimal = lib.genAttrs nixosHosts (mkNixosHost { + minimal = true; + }); + darwinConfigurations = lib.genAttrs darwinHosts (mkDarwinHost { + minimal = false; + }); + darwinConfigurationsMinimal = lib.genAttrs darwinHosts (mkDarwinHost { + minimal = true; + }); - # TODO: Build these for all architectures - homeConfigurations = mkHalfHostConfigs (lib.swarselsystems.readHosts "home") "home" lib.swarselsystems.pkgsFor.x86_64-linux; - nixOnDroidConfigurations = mkHalfHostConfigs (lib.swarselsystems.readHosts "android") "android" lib.swarselsystems.pkgsFor.aarch64-linux; + # TODO: Build these for all architectures + homeConfigurations = mkHalfHostConfigs (lib.swarselsystems.readHosts "home") "home" lib.swarselsystems.pkgsFor.x86_64-linux; + nixOnDroidConfigurations = mkHalfHostConfigs (lib.swarselsystems.readHosts "android") "android" lib.swarselsystems.pkgsFor.aarch64-linux; - diskoConfigurations.default = import "${self}/files/templates/hosts/nixos/disk-config.nix"; + diskoConfigurations.default = import "${self}/files/templates/hosts/nixos/disk-config.nix"; - nodes = config.nixosConfigurations // config.darwinConfigurations; + nodes = config.nixosConfigurations // config.darwinConfigurations; - }; + }; } #+end_src @@ -958,187 +960,187 @@ Another note concerning [[https://flake.parts/][flake-parts]]: perSystem.topology.modules = [ ({ config, ... }: - let - inherit (config.lib.topology) - mkInternet - mkDevice - mkSwitch - mkRouter - mkConnection - ; - in - { - renderer = "elk"; + let + inherit (config.lib.topology) + mkInternet + mkDevice + mkSwitch + mkRouter + mkConnection + ; + in + { + renderer = "elk"; - networks = { - home-lan = { - name = "Home LAN"; - cidrv4 = "192.168.1.0/24"; - }; - wg = { - name = "Wireguard Tunnel"; - cidrv4 = "192.168.3.0/24"; - }; - }; - - nodes = { - internet = mkInternet { - connections = [ - (mkConnection "moonside" "wan") - (mkConnection "pfsense" "wan") - (mkConnection "milkywell" "wan") - (mkConnection "magicant" "wifi") - (mkConnection "toto" "bootstrapper") - (mkConnection "chaostheatre" "demo host") - ]; + networks = { + home-lan = { + name = "Home LAN"; + cidrv4 = "192.168.1.0/24"; + }; + wg = { + name = "Wireguard Tunnel"; + cidrv4 = "192.168.3.0/24"; + }; }; - chaostheatre.interfaces."demo host" = { }; - toto.interfaces."bootstrapper" = { }; - milkywell.interfaces.wan = { }; - moonside.interfaces.wan = { }; - - pfsense = mkRouter "pfSense" { - info = "HUNSN RM02"; - image = "${self}/files/topology-images/hunsn.png"; - interfaceGroups = [ - [ - "eth2" - "eth3" - "eth4" - "eth5" - "eth6" - ] - [ "wan" ] - ]; - interfaces.wg = { - addresses = [ "192.168.3.1" ]; - network = "wg"; - virtual = true; - type = "wireguard"; + nodes = { + internet = mkInternet { + connections = [ + (mkConnection "moonside" "wan") + (mkConnection "pfsense" "wan") + (mkConnection "milkywell" "wan") + (mkConnection "magicant" "wifi") + (mkConnection "toto" "bootstrapper") + (mkConnection "chaostheatre" "demo host") + ]; }; - connections = { - eth2 = mkConnection "switch-livingroom" "eth1"; - eth4 = mkConnection "winters" "eth1"; - eth3 = mkConnection "switch-bedroom" "eth1"; - eth6 = mkConnection "wifi-ap" "eth1"; - wg = mkConnection "moonside" "wg"; - }; - interfaces = { - eth2 = { - addresses = [ "192.168.1.1" ]; - network = "home-lan"; + chaostheatre.interfaces."demo host" = { }; + toto.interfaces."bootstrapper" = { }; + milkywell.interfaces.wan = { }; + moonside.interfaces.wan = { }; + + pfsense = mkRouter "pfSense" { + info = "HUNSN RM02"; + image = "${self}/files/topology-images/hunsn.png"; + interfaceGroups = [ + [ + "eth2" + "eth3" + "eth4" + "eth5" + "eth6" + ] + [ "wan" ] + ]; + interfaces.wg = { + addresses = [ "192.168.3.1" ]; + network = "wg"; + virtual = true; + type = "wireguard"; }; - eth3 = { - addresses = [ "192.168.1.1" ]; - network = "home-lan"; + + connections = { + eth2 = mkConnection "switch-livingroom" "eth1"; + eth4 = mkConnection "winters" "eth1"; + eth3 = mkConnection "switch-bedroom" "eth1"; + eth6 = mkConnection "wifi-ap" "eth1"; + wg = mkConnection "moonside" "wg"; }; - eth4 = { - addresses = [ "192.168.1.1" ]; - network = "home-lan"; - }; - eth6 = { - addresses = [ "192.168.1.1" ]; - network = "home-lan"; + interfaces = { + eth2 = { + addresses = [ "192.168.1.1" ]; + network = "home-lan"; + }; + eth3 = { + addresses = [ "192.168.1.1" ]; + network = "home-lan"; + }; + eth4 = { + addresses = [ "192.168.1.1" ]; + network = "home-lan"; + }; + eth6 = { + addresses = [ "192.168.1.1" ]; + network = "home-lan"; + }; }; }; - }; - winters.interfaces."eth1" = { }; - bakery.interfaces = { - "eth1" = { }; - "wifi" = { }; - }; - - wifi-ap = mkSwitch "Wi-Fi AP" { - info = "Huawei"; - image = "${self}/files/topology-images/huawei.png"; - interfaceGroups = [ - [ - "eth1" - "wifi" - ] - ]; - connections = { - wifi = mkConnection "bakery" "wifi"; + winters.interfaces."eth1" = { }; + bakery.interfaces = { + "eth1" = { }; + "wifi" = { }; }; - }; - switch-livingroom = mkSwitch "Switch Livingroom" { - info = "TL-SG108"; - image = "${self}/files/topology-images/TL-SG108.png"; - interfaceGroups = [ - [ - "eth1" - "eth2" - "eth3" - "eth4" - "eth5" - "eth6" - "eth7" - "eth8" - ] - ]; - connections = { - eth2 = mkConnection "nswitch" "eth1"; - eth7 = mkConnection "pc" "eth1"; - eth8 = mkConnection "pyramid" "eth1"; + wifi-ap = mkSwitch "Wi-Fi AP" { + info = "Huawei"; + image = "${self}/files/topology-images/huawei.png"; + interfaceGroups = [ + [ + "eth1" + "wifi" + ] + ]; + connections = { + wifi = mkConnection "bakery" "wifi"; + }; }; + + switch-livingroom = mkSwitch "Switch Livingroom" { + info = "TL-SG108"; + image = "${self}/files/topology-images/TL-SG108.png"; + interfaceGroups = [ + [ + "eth1" + "eth2" + "eth3" + "eth4" + "eth5" + "eth6" + "eth7" + "eth8" + ] + ]; + connections = { + eth2 = mkConnection "nswitch" "eth1"; + eth7 = mkConnection "pc" "eth1"; + eth8 = mkConnection "pyramid" "eth1"; + }; + }; + + nswitch = mkDevice "Nintendo Switch" { + info = "Nintendo Switch"; + image = "${self}/files/topology-images/nintendo-switch.png"; + interfaces.eth1 = { }; + }; + + magicant = mkDevice "magicant" { + icon = "${self}/files/topology-images/phone.png"; + info = "Samsung Z Flip 6"; + image = "${self}/files/topology-images/zflip6.png"; + interfaces.wifi = { }; + }; + + machpizza = mkDevice "machpizza" { + info = "MacBook Pro 2016"; + icon = "${self}/files/topology-images/mac.png"; + interfaces."eth1" = { }; + }; + + pc = mkDevice "Windows Gaming Server" { + info = "i7-4790k, GTX970, 32GB RAM"; + image = "${self}/files/topology-images/pc.png"; + interfaces.eth1 = { }; + }; + + pyramid.interfaces.eth1 = { }; + + switch-bedroom = mkSwitch "Switch Bedroom" { + info = "TL-SG1005D"; + image = "${self}/files/topology-images/TL-SG1005D.png"; + interfaceGroups = [ + [ + "eth1" + "eth2" + "eth3" + "eth4" + "eth5" + ] + ]; + connections.eth2 = mkConnection "printer" "eth1"; + connections.eth3 = mkConnection "machpizza" "eth1"; + }; + + printer = mkDevice "Printer" { + info = "DELL C2665dnf"; + image = "${self}/files/topology-images/DELL-C2665dnf.png"; + interfaces.eth1 = { }; + }; + }; - nswitch = mkDevice "Nintendo Switch" { - info = "Nintendo Switch"; - image = "${self}/files/topology-images/nintendo-switch.png"; - interfaces.eth1 = { }; - }; - - magicant = mkDevice "magicant" { - icon = "${self}/files/topology-images/phone.png"; - info = "Samsung Z Flip 6"; - image = "${self}/files/topology-images/zflip6.png"; - interfaces.wifi = { }; - }; - - machpizza = mkDevice "machpizza" { - info = "MacBook Pro 2016"; - icon = "${self}/files/topology-images/mac.png"; - interfaces."eth1" = { }; - }; - - pc = mkDevice "Windows Gaming Server" { - info = "i7-4790k, GTX970, 32GB RAM"; - image = "${self}/files/topology-images/pc.png"; - interfaces.eth1 = { }; - }; - - pyramid.interfaces.eth1 = { }; - - switch-bedroom = mkSwitch "Switch Bedroom" { - info = "TL-SG1005D"; - image = "${self}/files/topology-images/TL-SG1005D.png"; - interfaceGroups = [ - [ - "eth1" - "eth2" - "eth3" - "eth4" - "eth5" - ] - ]; - connections.eth2 = mkConnection "printer" "eth1"; - connections.eth3 = mkConnection "machpizza" "eth1"; - }; - - printer = mkDevice "Printer" { - info = "DELL C2665dnf"; - image = "${self}/files/topology-images/DELL-C2665dnf.png"; - interfaces.eth1 = { }; - }; - - }; - - }) + }) ]; @@ -1461,7 +1463,7 @@ On the structure of overlays: as you notice, all of the attributes within overla inherit (outputs) lib; in { - flake = { config, ... }: + flake = _: { overlays = { default = final: prev: @@ -1585,8 +1587,7 @@ This is an improvement to what I did earlier, where I did not use =nixos-generat { x86_64-linux = "install-iso"; aarch64-linux = "sd-aarch64-installer"; - } - .${system}; + }.${system}; }; }; } @@ -1718,7 +1719,7 @@ TODO: I dont think this template would currently work out of the box Acceptance of arbitraty argumments is here needed because =disko= passes =diskoFile= to this file. #+begin_src nix-ts :tangle files/templates/hosts/nixos/disk-config.nix - { lib, pkgs, config, rootDisk, ... }: + { lib, pkgs, config, ... }: let type = "btrfs"; extraArgs = [ "-L" "nixos" "-f" ]; # force overwrite @@ -1874,16 +1875,14 @@ My work machine. Built for more security, this is the gold standard of my config ]; - swarselprofiles = { - personal = lib.mkIf (!minimal) true; - work = lib.mkIf (!minimal) true; - uni = lib.mkIf (!minimal) true; - framework = lib.mkIf (!minimal) true; - amdcpu = true; - amdgpu = true; - hibernation = true; - btrfs = true; + swarselmodules = { + optional = { + amdcpu = true; + amdgpu = true; + hibernation = true; + }; }; + swarselsystems = { lowResolution = "1280x800"; highResolution = "2560x1600"; @@ -1928,6 +1927,14 @@ My work machine. Built for more security, this is the gold standard of my config }; }; }; + } // lib.optionalAttrs (!minimal) { + swarselprofiles = { + personal = true; + optionals = true; + work = true; + uni = true; + framework = true; + }; } @@ -2115,7 +2122,6 @@ My personal laptop. Closely follows the =pyramid= config, but leaves out some se { self, config, inputs, lib, minimal, ... }: let primaryUser = config.swarselsystems.mainUser; - sharedOptions = { }; in { @@ -2127,35 +2133,28 @@ My personal laptop. Closely follows the =pyramid= config, but leaves out some se ]; - swarselprofiles = { - reduced = lib.mkIf (!minimal) true; - btrfs = true; + swarselsystems = { + isLaptop = true; + isNixos = true; + isBtrfs = true; + isLinux = true; + lowResolution = "1280x800"; + highResolution = "1920x1080"; + sharescreen = "eDP-1"; + info = "Lenovo Ideapad 720S-13IKB"; + firewall = lib.mkForce true; + wallpaper = self + /files/wallpaper/lenovowp.png; + hasBluetooth = true; + hasFingerprint = true; + isImpermanence = true; + isSecureBoot = false; + isCrypted = true; + isSwap = true; + rootDisk = "/dev/nvme0n1"; + swapSize = "4G"; + hostName = config.node.name; }; - swarselsystems = lib.recursiveUpdate - { - isLaptop = true; - isNixos = true; - isBtrfs = true; - isLinux = true; - lowResolution = "1280x800"; - highResolution = "1920x1080"; - sharescreen = "eDP-1"; - info = "Lenovo Ideapad 720S-13IKB"; - firewall = lib.mkForce true; - wallpaper = self + /files/wallpaper/lenovowp.png; - hasBluetooth = true; - hasFingerprint = true; - isImpermanence = true; - isSecureBoot = false; - isCrypted = true; - isSwap = true; - rootDisk = "/dev/nvme0n1"; - swapSize = "4G"; - hostName = config.node.name; - } - sharedOptions; - home-manager.users."${primaryUser}" = { # home.stateVersion = lib.mkForce "23.05"; swarselsystems = { @@ -2171,10 +2170,13 @@ My personal laptop. Closely follows the =pyramid= config, but leaves out some se }; }; }; + } // lib.optionalAttrs (!minimal) { + swarselprofiles = { + personal = true; + }; } - #+end_src ***** hardware-configuration @@ -2213,7 +2215,7 @@ My personal laptop. Closely follows the =pyramid= config, but leaves out some se :END: #+begin_src nix-ts :tangle hosts/nixos/bakery/disk-config.nix - { lib, pkgs, config, rootDisk, ... }: + { lib, pkgs, config, ... }: let type = "btrfs"; extraArgs = [ "-L" "nixos" "-f" ]; # force overwrite @@ -2349,7 +2351,7 @@ This is my main server that I run at home. It handles most tasks that require bi :CUSTOM_ID: h:8ad68406-4a75-45ba-97ad-4c310b921124 :END: #+begin_src nix-ts :tangle hosts/nixos/winters/default.nix - { config, ... }: + { lib, config, minimal, ... }: { imports = [ @@ -2371,11 +2373,6 @@ This is my main server that I run at home. It handles most tasks that require bi firewall.allowedTCPPorts = [ 80 443 ]; }; - - swarselprofiles = { - server.local = true; - }; - swarselsystems = { info = "ASRock J4105-ITX, 32GB RAM"; isImpermanence = false; @@ -2386,8 +2383,44 @@ This is my main server that I run at home. It handles most tasks that require bi isNixos = true; }; - } + } // lib.optionalAttrs (!minimal) { + swarselprofiles = { + server = true; + }; + + swarselmodules.server = { + nfs = lib.mkDefault true; + nginx = lib.mkDefault true; + kavita = lib.mkDefault true; + restic = lib.mkDefault true; + jellyfin = lib.mkDefault true; + navidrome = lib.mkDefault true; + spotifyd = lib.mkDefault true; + mpd = lib.mkDefault true; + postgresql = lib.mkDefault true; + matrix = lib.mkDefault true; + nextcloud = lib.mkDefault true; + immich = lib.mkDefault true; + paperless = lib.mkDefault true; + transmission = lib.mkDefault true; + syncthing = lib.mkDefault true; + grafana = lib.mkDefault true; + emacs = lib.mkDefault true; + freshrss = lib.mkDefault true; + jenkins = lib.mkDefault false; + kanidm = lib.mkDefault true; + firefly-iii = lib.mkDefault true; + koillection = lib.mkDefault true; + radicale = lib.mkDefault true; + atuin = lib.mkDefault true; + forgejo = lib.mkDefault true; + ankisync = lib.mkDefault true; + # snipeit = lib.mkDefault false; + homebox = lib.mkDefault true; + }; + + } #+end_src @@ -2584,10 +2617,6 @@ For this I use a free Ampere instance from OCI with 50G of space. In case my acc enableAllFirmware = lib.mkForce false; }; - swarselprofiles = { - minimal = lib.mkIf minimal true; - server.syncserver = true; - }; swarselsystems = { info = "VM.Standard.E2.1.Micro"; isImpermanence = true; @@ -2601,6 +2630,15 @@ For this I use a free Ampere instance from OCI with 50G of space. In case my acc isNixos = true; }; + } // lib.optionalAttrs (!minimal) { + swarselprofiles = { + server = true; + }; + + swarselmodules.server = { + forgejo = lib.mkDefault false; + ankisync = lib.mkDefault false; + }; } #+end_src @@ -2642,7 +2680,6 @@ For this I use a free Ampere instance from OCI with 50G of space. In case my acc # NOTE: ... is needed because dikso passes diskoFile { lib , config - , rootDisk , ... }: let @@ -2753,159 +2790,168 @@ This machine mainly acts as my proxy server to stand before my local machines. :END: #+begin_src nix-ts :tangle hosts/nixos/moonside/default.nix - { lib, config, ... }: - let - inherit (config.repo.secrets.local.syncthing) dev1 dev2 dev3 loc1; - inherit (config.swarselsystems) sopsFile; - in - { - imports = [ - ./hardware-configuration.nix - ./disk-config.nix - ]; + { lib, config, minimal, ... }: + let + inherit (config.repo.secrets.local.syncthing) dev1 dev2 dev3 loc1; + inherit (config.swarselsystems) sopsFile; + in + { + imports = [ + ./hardware-configuration.nix + ./disk-config.nix + ]; - sops = { - age.sshKeyPaths = lib.mkDefault [ "/etc/ssh/ssh_host_ed25519_key" ]; - # defaultSopsFile = lib.mkForce "/home/swarsel/.dotfiles/secrets/moonside/secrets.yaml"; - secrets = { - wireguard-private-key = { inherit sopsFile; }; - wireguard-home-preshared-key = { inherit sopsFile; }; - }; - }; + sops = { + age.sshKeyPaths = lib.mkDefault [ "/etc/ssh/ssh_host_ed25519_key" ]; + # defaultSopsFile = lib.mkForce "/home/swarsel/.dotfiles/secrets/moonside/secrets.yaml"; + secrets = { + wireguard-private-key = { inherit sopsFile; }; + wireguard-home-preshared-key = { inherit sopsFile; }; + }; + }; - boot = { - loader.systemd-boot.enable = true; - tmp.cleanOnBoot = true; - }; + boot = { + loader.systemd-boot.enable = true; + tmp.cleanOnBoot = true; + }; - environment = { - etc."issue".text = "\4"; - }; + environment = { + etc."issue".text = "\4"; + }; - topology.self = { - icon = "devices.cloud-server"; - interfaces.wg = { - addresses = [ "192.168.3.4" ]; - renderer.hidePhysicalConnections = true; - virtual = true; - type = "wireguard"; - }; - }; + topology.self = { + icon = "devices.cloud-server"; + interfaces.wg = { + addresses = [ "192.168.3.4" ]; + renderer.hidePhysicalConnections = true; + virtual = true; + type = "wireguard"; + }; + }; - networking = { - nftables.enable = lib.mkForce false; - hostName = "moonside"; - enableIPv6 = false; - domain = "subnet03291956.vcn03291956.oraclevcn.com"; - firewall = { - allowedTCPPorts = [ 80 443 8384 ]; - }; - wireguard = { - enable = true; - interfaces = { - home-vpn = { - privateKeyFile = config.sops.secrets.wireguard-private-key.path; - # ips = [ "192.168.3.4/32" ]; - ips = [ "192.168.178.201/24" ]; - peers = [ - { - # publicKey = "NNGvakADslOTCmN9HJOW/7qiM+oJ3jAlSZGoShg4ZWw="; - publicKey = "PmeFInoEJcKx+7Kva4dNnjOEnJ8lbudSf1cbdo/tzgw="; - presharedKeyFile = config.sops.secrets.wireguard-home-preshared-key.path; - name = "moonside"; - persistentKeepalive = 25; - # endpoint = "${config.repo.secrets.common.ipv4}:51820"; - endpoint = "${config.repo.secrets.common.wireguardEndpoint}"; - # allowedIPs = [ - # "192.168.3.0/24" - # "192.168.1.0/24" - # ]; - allowedIPs = [ - "192.168.178.0/24" + networking = { + nftables.enable = lib.mkForce false; + hostName = "moonside"; + enableIPv6 = false; + domain = "subnet03291956.vcn03291956.oraclevcn.com"; + firewall = { + allowedTCPPorts = [ 80 443 8384 ]; + }; + wireguard = { + enable = true; + interfaces = { + home-vpn = { + privateKeyFile = config.sops.secrets.wireguard-private-key.path; + # ips = [ "192.168.3.4/32" ]; + ips = [ "192.168.178.201/24" ]; + peers = [ + { + # publicKey = "NNGvakADslOTCmN9HJOW/7qiM+oJ3jAlSZGoShg4ZWw="; + publicKey = "PmeFInoEJcKx+7Kva4dNnjOEnJ8lbudSf1cbdo/tzgw="; + presharedKeyFile = config.sops.secrets.wireguard-home-preshared-key.path; + name = "moonside"; + persistentKeepalive = 25; + # endpoint = "${config.repo.secrets.common.ipv4}:51820"; + endpoint = "${config.repo.secrets.common.wireguardEndpoint}"; + # allowedIPs = [ + # "192.168.3.0/24" + # "192.168.1.0/24" + # ]; + allowedIPs = [ + "192.168.178.0/24" + ]; + } ]; - } - ]; + }; + }; }; }; - }; - }; - hardware = { - enableAllFirmware = lib.mkForce false; - }; + hardware = { + enableAllFirmware = lib.mkForce false; + }; - system.stateVersion = "23.11"; + system.stateVersion = "23.11"; - services.syncthing = { - dataDir = lib.mkForce "/sync"; - settings = { - devices = config.swarselsystems.syncthing.devices // { - "${dev1}" = { - id = "OCCDGDF-IPZ6HHQ-5SSLQ3L-MSSL5ZW-IX5JTAM-PW4PYEK-BRNMJ7E-Q7YDMA7"; - }; - "${dev2}" = { - id = "LPCFIIB-ENUM2V6-F2BWVZ6-F2HXCL2-BSBZXUF-TIMNKYB-7CATP7H-YU5D3AH"; - }; - "${dev3}" = { - id = "LAUT2ZP-KEZY35H-AHR3ARD-URAREJI-2B22P5T-PIMUNWW-PQRDETU-7KIGNQR"; + services.syncthing = { + dataDir = lib.mkForce "/sync"; + settings = { + devices = config.swarselsystems.syncthing.devices // { + "${dev1}" = { + id = "OCCDGDF-IPZ6HHQ-5SSLQ3L-MSSL5ZW-IX5JTAM-PW4PYEK-BRNMJ7E-Q7YDMA7"; + }; + "${dev2}" = { + id = "LPCFIIB-ENUM2V6-F2BWVZ6-F2HXCL2-BSBZXUF-TIMNKYB-7CATP7H-YU5D3AH"; + }; + "${dev3}" = { + id = "LAUT2ZP-KEZY35H-AHR3ARD-URAREJI-2B22P5T-PIMUNWW-PQRDETU-7KIGNQR"; + }; + }; + folders = { + "Documents" = { + path = "/sync/Documents"; + type = "receiveonly"; + versioning = { + type = "simple"; + params.keep = "2"; + }; + devices = [ "pyramid" ]; + id = "hgr3d-pfu3w"; + }; + "runandbun" = { + path = "/sync/runandbun"; + type = "receiveonly"; + versioning = { + type = "simple"; + params.keep = "5"; + }; + devices = [ "winters" "magicant" ]; + id = "kwnql-ev64v"; + }; + "${loc1}" = { + path = "/sync/${loc1}"; + type = "receiveonly"; + versioning = { + type = "simple"; + params.keep = "3"; + }; + devices = [ dev1 dev2 dev3 ]; + id = "5gsxv-rzzst"; + }; + }; }; }; - folders = { - "Documents" = { - path = "/sync/Documents"; - type = "receiveonly"; - versioning = { - type = "simple"; - params.keep = "2"; - }; - devices = [ "pyramid" ]; - id = "hgr3d-pfu3w"; - }; - "runandbun" = { - path = "/sync/runandbun"; - type = "receiveonly"; - versioning = { - type = "simple"; - params.keep = "5"; - }; - devices = [ "winters" "magicant" ]; - id = "kwnql-ev64v"; - }; - "${loc1}" = { - path = "/sync/${loc1}"; - type = "receiveonly"; - versioning = { - type = "simple"; - params.keep = "3"; - }; - devices = [ dev1 dev2 dev3 ]; - id = "5gsxv-rzzst"; + + swarselsystems = { + flakePath = "/root/.dotfiles"; + info = "VM.Standard.A1.Flex, 4 OCPUs, 24GB RAM"; + isImpermanence = true; + isSecureBoot = false; + isCrypted = false; + isSwap = false; + rootDisk = "/dev/sda"; + isBtrfs = true; + isNixos = true; + isLinux = true; + syncthing = { + serviceDomain = config.repo.secrets.common.services.domains.syncthing3; + serviceIP = "localhost"; }; }; - }; - }; + } // lib.optionalAttrs (!minimal) { + swarselprofiles = { + server = true; + }; - swarselprofiles = { - server.moonside = true; - }; - - swarselsystems = { - flakePath = "/root/.dotfiles"; - info = "VM.Standard.A1.Flex, 4 OCPUs, 24GB RAM"; - isImpermanence = true; - isSecureBoot = false; - isCrypted = false; - isSwap = false; - rootDisk = "/dev/sda"; - isBtrfs = true; - isNixos = true; - isLinux = true; - syncthing = { - serviceDomain = config.repo.secrets.common.services.domains.syncthing3; - serviceIP = "localhost"; - }; - }; - } + swarselmodules.server = { + oauth2-proxy = lib.mkDefault true; + croc = lib.mkDefault true; + microbin = lib.mkDefault true; + shlink = lib.mkDefault true; + slink = lib.mkDefault true; + syncthing = lib.mkDefault true; + }; + } #+end_src ***** hardware-configuration @@ -2939,7 +2985,6 @@ This machine mainly acts as my proxy server to stand before my local machines. # NOTE: ... is needed because dikso passes diskoFile { lib , config - , rootDisk , ... }: let @@ -3079,7 +3124,7 @@ This is a slim setup for developing base configuration. I do not track the hardw :CUSTOM_ID: h:4e53b40b-98b2-4615-b1b0-3696a75edd6e :END: #+begin_src nix-ts :tangle hosts/nixos/toto/default.nix - { self, lib, minimal, ... }: + { self, lib, ... }: { imports = [ @@ -3093,8 +3138,7 @@ This is a slim setup for developing base configuration. I do not track the hardw }; swarselprofiles = { - toto = lib.mkIf (!minimal) true; - btrfs = true; + minimal = lib.mkForce true; }; swarselsystems = { @@ -3129,7 +3173,6 @@ This is a slim setup for developing base configuration. I do not track the hardw { lib , pkgs , config - , rootDisk , ... }: let @@ -3273,7 +3316,7 @@ TODO: cleanup this mess let pubKeys = lib.filesystem.listFilesRecursive "${self}/secrets/keys/ssh"; in - { + { config = { home-manager.users.root.home = { @@ -3505,59 +3548,59 @@ I also set the =WLR_RENDERER_ALLOW_SOFTWARE=1= to allow this configuration to ru :END: #+begin_src nix-ts :tangle hosts/nixos/chaostheatre/default.nix - { self, config, pkgs, lib, minimal, ... }: - let - mainUser = "demo"; - in - { + { self, config, pkgs, lib, minimal, ... }: + let + mainUser = "demo"; + in + { - imports = [ - ./hardware-configuration.nix - ./disk-config.nix - { - _module.args.diskDevice = config.swarselsystems.rootDisk; - } - ]; + imports = [ + ./hardware-configuration.nix + ./disk-config.nix + { + _module.args.diskDevice = config.swarselsystems.rootDisk; + } + ]; - environment.variables = { - WLR_RENDERER_ALLOW_SOFTWARE = 1; - }; + environment.variables = { + WLR_RENDERER_ALLOW_SOFTWARE = 1; + }; - services.qemuGuest.enable = true; + services.qemuGuest.enable = true; - boot = { - loader.systemd-boot.enable = lib.mkForce true; - loader.efi.canTouchEfiVariables = true; - kernelPackages = lib.mkDefault pkgs.linuxPackages_latest; - }; + boot = { + loader.systemd-boot.enable = lib.mkForce true; + loader.efi.canTouchEfiVariables = true; + kernelPackages = lib.mkDefault pkgs.linuxPackages_latest; + }; - networking = { - hostName = "chaostheatre"; - firewall.enable = true; - }; + networking = { + hostName = "chaostheatre"; + firewall.enable = true; + }; - swarselprofiles = { - chaostheatre = lib.mkIf (!minimal) true; - minimal = lib.mkIf minimal true; - btrfs = true; - }; - swarselsystems = { - info = "~SwarselSystems~ demo host"; - wallpaper = self + /files/wallpaper/lenovowp.png; - isImpermanence = true; - isCrypted = true; - isSecureBoot = false; - isSwap = true; - swapSize = "4G"; - rootDisk = "/dev/vda"; - isBtrfs = false; - inherit mainUser; - isLinux = true; - isPublic = true; - isNixos = true; - }; + swarselsystems = { + info = "~SwarselSystems~ demo host"; + wallpaper = self + /files/wallpaper/lenovowp.png; + isImpermanence = true; + isCrypted = true; + isSecureBoot = false; + isSwap = true; + swapSize = "4G"; + rootDisk = "/dev/vda"; + isBtrfs = false; + inherit mainUser; + isLinux = true; + isPublic = true; + isNixos = true; + }; - } + } // lib.optionalAttrs (!minimal) { + swarselprofiles = { + chaostheatre = true; + minimal = true; + }; + } #+end_src @@ -3570,10 +3613,10 @@ I also set the =WLR_RENDERER_ALLOW_SOFTWARE=1= to allow this configuration to ru #+begin_src nix-ts :tangle hosts/nixos/chaostheatre/disk-config.nix # NOTE: ... is needed because dikso passes diskoFile { lib - , pkgs - , config - , diskDevice ? config.swarselsystem.rootDisk - , ... + , pkgs + , config + , diskDevice ? config.swarselsystem.rootDisk + , ... }: let type = "btrfs"; @@ -3625,62 +3668,61 @@ I also set the =WLR_RENDERER_ALLOW_SOFTWARE=1= to allow this configuration to ru }; }; in - { - disko.devices = { - disk = { - disk0 = { - type = "disk"; - device = diskDevice; - content = { - type = "gpt"; - partitions = { - ESP = { - priority = 1; - name = "ESP"; - size = "512M"; - type = "EF00"; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot"; - mountOptions = [ "defaults" ]; - }; + { + disko.devices = { + disk = { + disk0 = { + type = "disk"; + device = diskDevice; + content = { + type = "gpt"; + partitions = { + ESP = { + priority = 1; + name = "ESP"; + size = "512M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = [ "defaults" ]; }; - root = lib.mkIf (!config.swarselsystems.isCrypted) { - size = "100%"; - content = { - inherit type subvolumes extraArgs; - postCreateHook = lib.mkIf config.swarselsystems.isImpermanence '' + }; + root = lib.mkIf (!config.swarselsystems.isCrypted) { + size = "100%"; + content = { + inherit type subvolumes extraArgs; + postCreateHook = lib.mkIf config.swarselsystems.isImpermanence '' MNTPOINT=$(mktemp -d) mount "/dev/disk/by-label/nixos" "$MNTPOINT" -o subvolid=5 trap 'umount $MNTPOINT; rm -rf $MNTPOINT' EXIT btrfs subvolume snapshot -r $MNTPOINT/root $MNTPOINT/root-blank - ''; - }; + ''; }; - luks = lib.mkIf config.swarselsystems.isCrypted { - size = "100%"; + }; + luks = lib.mkIf config.swarselsystems.isCrypted { + size = "100%"; + content = { + type = "luks"; + name = "cryptroot"; + passwordFile = "/tmp/disko-password"; # this is populated by bootstrap.sh + settings = { + allowDiscards = true; + # https://github.com/hmajid2301/dotfiles/blob/a0b511c79b11d9b4afe2a5e2b7eedb2af23e288f/systems/x86_64-linux/framework/disks.nix#L36 + crypttabExtraOpts = [ + "fido2-device=auto" + "token-timeout=10" + ]; + }; content = { - type = "luks"; - name = "cryptroot"; - passwordFile = "/tmp/disko-password"; # this is populated by bootstrap.sh - settings = { - allowDiscards = true; - # https://github.com/hmajid2301/dotfiles/blob/a0b511c79b11d9b4afe2a5e2b7eedb2af23e288f/systems/x86_64-linux/framework/disks.nix#L36 - crypttabExtraOpts = [ - "fido2-device=auto" - "token-timeout=10" - ]; - }; - content = { - inherit type subvolumes extraArgs; - postCreateHook = lib.mkIf config.swarselsystems.isImpermanence '' + inherit type subvolumes extraArgs; + postCreateHook = lib.mkIf config.swarselsystems.isImpermanence '' MNTPOINT=$(mktemp -d) mount "/dev/mapper/cryptroot" "$MNTPOINT" -o subvolid=5 trap 'umount $MNTPOINT; rm -rf $MNTPOINT' EXIT btrfs subvolume snapshot -r $MNTPOINT/root $MNTPOINT/root-blank - ''; - }; + ''; }; }; }; @@ -3688,14 +3730,15 @@ I also set the =WLR_RENDERER_ALLOW_SOFTWARE=1= to allow this configuration to ru }; }; }; + }; - fileSystems."/persist".neededForBoot = lib.mkIf config.swarselsystems.isImpermanence true; - fileSystems."/home".neededForBoot = lib.mkIf config.swarselsystems.isImpermanence true; + fileSystems."/persist".neededForBoot = lib.mkIf config.swarselsystems.isImpermanence true; + fileSystems."/home".neededForBoot = lib.mkIf config.swarselsystems.isImpermanence true; - environment.systemPackages = [ - pkgs.yubikey-manager - ]; - } + environment.systemPackages = [ + pkgs.yubikey-manager + ]; + } #+end_src ***** NixOS dummy options configuration @@ -3732,9 +3775,9 @@ Here we have NixOS options. All options are split into smaller files that are lo let importNames = lib.swarselsystems.readNix "modules/nixos"; in - { - imports = lib.swarselsystems.mkImports importNames "modules/nixos"; - } + { + imports = lib.swarselsystems.mkImports importNames "modules/nixos"; + } #+end_src @@ -3812,29 +3855,29 @@ in attrsForEachOption = f: lib.foldl' (acc: path: lib.recursiveUpdate acc (lib.setAttrByPath path (f path))) { } forwardedOptions; in - { - options.nodes = lib.mkOption { - description = "Options forwarded to the given node."; - default = { }; - type = lib.types.attrsOf ( - lib.types.submodule { - options = attrsForEachOption mkForwardedOption; - } - ); - }; + { + options.nodes = lib.mkOption { + description = "Options forwarded to the given node."; + default = { }; + type = lib.types.attrsOf ( + lib.types.submodule { + options = attrsForEachOption mkForwardedOption; + } + ); + }; - config = - let - getConfig = - path: otherNode: + config = + let + getConfig = + path: otherNode: let cfg = outputs.nixosConfigurations.${otherNode}.config.nodes.${nodeName} or null; in - lib.optionals (cfg != null) (lib.getAttrFromPath path cfg); - mergeConfigFromOthers = path: lib.mkMerge (lib.concatMap (getConfig path) (lib.attrNames outputs.nixosConfigurations)); - in - attrsForEachOption mergeConfigFromOthers; - } + lib.optionals (cfg != null) (lib.getAttrFromPath path cfg); + mergeConfigFromOthers = path: lib.mkMerge (lib.concatMap (getConfig path) (lib.attrNames outputs.nixosConfigurations)); + in + attrsForEachOption mergeConfigFromOthers; + } #+end_src **** Global options (automatically active) @@ -3850,7 +3893,7 @@ in types ; in - { + { options = { globals = mkOption { default = { }; @@ -3991,7 +4034,7 @@ in :END: #+begin_src nix-ts :tangle modules/nixos/common/topology.nix - { self, lib, config, ... }: + { lib, config, ... }: { options.swarselsystems.info = lib.mkOption { type = lib.types.str; @@ -4152,39 +4195,39 @@ A breakdown of the flags being set: We enable the use of =home-manager= as a NixoS module. A nice trick here is the =extraSpecialArgs = inputs= line, which enables the use of =seflf= in most parts of the configuration. This is useful to refer to the root of the flake (which is otherwise quite hard while maintaining flake purity). #+begin_src nix-ts :tangle modules/nixos/common/home-manager.nix - { self, inputs, config, lib, outputs, globals, options, nodes, minimal, configName, ... }: - { - options.swarselmodules.home-manager = lib.mkEnableOption "home-manager"; - config = lib.mkIf config.swarselmodules.home-manager { - home-manager = lib.mkIf config.swarselsystems.withHomeManager { - useGlobalPkgs = true; - useUserPackages = true; - verbose = true; - users.${config.swarselsystems.mainUser}.imports = [ - inputs.nix-index-database.homeModules.nix-index - inputs.sops-nix.homeManagerModules.sops - inputs.spicetify-nix.homeManagerModules.default - inputs.swarsel-modules.homeModules.default - { - imports = [ - "${self}/profiles/home" - "${self}/modules/home" - { - swarselprofiles = { - minimal = lib.mkIf minimal true; - }; - } - ]; - # node = { - # secretsDir = if (!config.swarselsystems.isNixos) then ../../../hosts/home/${configName}/secrets else ../../../hosts/nixos/${configName}/secrets; - # }; - home.stateVersion = lib.mkDefault config.system.stateVersion; - } - ]; - extraSpecialArgs = { inherit (inputs) self nixgl; inherit inputs outputs globals nodes minimal configName; }; - }; + { self, inputs, config, lib, outputs, globals, nodes, minimal, configName, ... }: + { + options.swarselmodules.home-manager = lib.mkEnableOption "home-manager"; + config = lib.mkIf config.swarselmodules.home-manager { + home-manager = lib.mkIf config.swarselsystems.withHomeManager { + useGlobalPkgs = true; + useUserPackages = true; + verbose = true; + users.${config.swarselsystems.mainUser}.imports = [ + inputs.nix-index-database.homeModules.nix-index + inputs.sops-nix.homeManagerModules.sops + inputs.spicetify-nix.homeManagerModules.default + inputs.swarsel-modules.homeModules.default + { + imports = [ + "${self}/profiles/home" + "${self}/modules/home" + { + swarselprofiles = { + minimal = lib.mkIf minimal true; + }; + } + ]; + # node = { + # secretsDir = if (!config.swarselsystems.isNixos) then ../../../hosts/home/${configName}/secrets else ../../../hosts/nixos/${configName}/secrets; + # }; + home.stateVersion = lib.mkDefault config.system.stateVersion; + } + ]; + extraSpecialArgs = { inherit (inputs) self nixgl; inherit inputs outputs globals nodes minimal configName; }; }; - } + }; + } #+end_src **** User setup, Make users non-mutable @@ -4202,30 +4245,30 @@ For that reason, make sure that =sops-nix= is properly working before finishing let sopsFile = self + /secrets/general/secrets.yaml; in - { - options.swarselmodules.users = lib.mkEnableOption "user config"; - config = lib.mkIf config.swarselmodules.users { - sops.secrets.main-user-hashed-pw = lib.mkIf (!config.swarselsystems.isPublic) { inherit sopsFile; neededForUsers = true; }; + { + options.swarselmodules.users = lib.mkEnableOption "user config"; + config = lib.mkIf config.swarselmodules.users { + sops.secrets.main-user-hashed-pw = lib.mkIf (!config.swarselsystems.isPublic) { inherit sopsFile; neededForUsers = true; }; + users = { + mutableUsers = lib.mkIf (!minimal) false; users = { - mutableUsers = lib.mkIf (!minimal) false; - users = { - root = { - inherit (globals.root) hashedPassword; - # shell = pkgs.zsh; - }; - "${config.swarselsystems.mainUser}" = { + root = { + inherit (globals.root) hashedPassword; + # shell = pkgs.zsh; + }; + "${config.swarselsystems.mainUser}" = { isNormalUser = true; description = "Leon S"; password = lib.mkIf (minimal || config.swarselsystems.isPublic) "setup"; hashedPasswordFile = lib.mkIf (!minimal && !config.swarselsystems.isPublic) config.sops.secrets.main-user-hashed-pw.path; extraGroups = [ "wheel" ] ++ lib.optionals (!minimal) [ "networkmanager" "syncthing" "docker" "lp" "audio" "video" "vboxusers" "libvirtd" "scanner" ]; packages = with pkgs; [ ]; - }; }; }; }; - } + }; + } #+end_src **** Setup login keymap @@ -4320,47 +4363,47 @@ This is also exposed to home-manager configurations, in case this ever breaks, I in { options = { - repo = { - secretFiles = lib.mkOption { - default = { }; - type = lib.types.attrsOf lib.types.path; - example = lib.literalExpression "{ local = ./pii.nix.enc; }"; - description = '' - This file manages the origin for this machine's repository-secrets. Anything that is - technically not a secret in the classical sense (i.e. that it has to be protected - after it has been deployed), but something you want to keep secret from the public; - Anything that you wouldn't want people to see on GitHub, but that can live unencrypted - on your own devices. Consider it a more ergonomic nix alternative to using git-crypt. + repo = { + secretFiles = lib.mkOption { + default = { }; + type = lib.types.attrsOf lib.types.path; + example = lib.literalExpression "{ local = ./pii.nix.enc; }"; + description = '' + This file manages the origin for this machine's repository-secrets. Anything that is + technically not a secret in the classical sense (i.e. that it has to be protected + after it has been deployed), but something you want to keep secret from the public; + Anything that you wouldn't want people to see on GitHub, but that can live unencrypted + on your own devices. Consider it a more ergonomic nix alternative to using git-crypt. - All of these secrets may (and probably will be) put into the world-readable nix-store - on the build and target hosts. You'll most likely want to store personally identifiable - information here, such as: - - MAC Addreses - - Static IP addresses - - Your full name (when configuring your users) - - Your postal address (when configuring e.g. home-assistant) - - ... + All of these secrets may (and probably will be) put into the world-readable nix-store + on the build and target hosts. You'll most likely want to store personally identifiable + information here, such as: + - MAC Addreses + - Static IP addresses + - Your full name (when configuring your users) + - Your postal address (when configuring e.g. home-assistant) + - ... - Each path given here must be an sops-encrypted .nix file. For each attribute ``, - the corresponding file will be decrypted, imported and exposed as {option}`repo.secrets.`. - ''; - }; - - secrets = lib.mkOption { - readOnly = true; - default = lib.mapAttrs (_: x: importEncrypted x inputs) config.repo.secretFiles; - type = lib.types.unspecified; - description = "Exposes the loaded repo secrets. This option is read-only."; - }; + Each path given here must be an sops-encrypted .nix file. For each attribute ``, + the corresponding file will be decrypted, imported and exposed as {option}`repo.secrets.`. + ''; + }; + + secrets = lib.mkOption { + readOnly = true; + default = lib.mapAttrs (_: x: importEncrypted x inputs) config.repo.secretFiles; + type = lib.types.unspecified; + description = "Exposes the loaded repo secrets. This option is read-only."; }; - swarselmodules.pii = lib.mkEnableOption "enable pii management"; }; + swarselmodules.pii = lib.mkEnableOption "enable pii management"; + }; config = lib.mkIf config.swarselmodules.pii { repo.secretFiles = let local = config.node.secretsDir + "/pii.nix.enc"; in - (lib.optionalAttrs (lib.pathExists local && !minimal ) { inherit local; }) // lib.optionalAttrs (!minimal) { + (lib.optionalAttrs (lib.pathExists local && !minimal) { inherit local; }) // lib.optionalAttrs (!minimal) { common = ../../../secrets/repo/pii.nix.enc; }; }; @@ -4693,8 +4736,7 @@ Next, we will setup some environment variables that need to be set on the system gst-plugins-ugly gst-libav ]); - } // (lib.optionalAttrs (!config.swarselsystems.isPublic) { - }); + } // (lib.optionalAttrs (!config.swarselsystems.isPublic) { }); }; }; } @@ -4708,29 +4750,29 @@ Next, we will setup some environment variables that need to be set on the system Needed for control over system-wide privileges etc. Also I make sure that the root user has access to =SSH_AUTH_SOCK= (without this, root will not be able to read my =nix-secrets= repository). #+begin_src nix-ts :tangle modules/nixos/client/polkit.nix -{ lib, config, minimal, ... }: -{ - options.swarselmodules.security = lib.mkEnableOption "security config"; - config = lib.mkIf config.swarselmodules.security { + { lib, config, minimal, ... }: + { + options.swarselmodules.security = lib.mkEnableOption "security config"; + config = lib.mkIf config.swarselmodules.security { - security = { - pam.services = lib.mkIf (!minimal) { - login.u2fAuth = true; - sudo.u2fAuth = true; - swaylock.u2fAuth = true; - swaylock.fprintAuth = false; - }; - polkit.enable = lib.mkIf (!minimal) true; + security = { + pam.services = lib.mkIf (!minimal) { + login.u2fAuth = true; + sudo.u2fAuth = true; + swaylock.u2fAuth = true; + swaylock.fprintAuth = false; + }; + polkit.enable = lib.mkIf (!minimal) true; - sudo.extraConfig = '' - Defaults env_keep+=SSH_AUTH_SOCK - '' + lib.optionalString (!minimal) '' + sudo.extraConfig = '' + Defaults env_keep+=SSH_AUTH_SOCK + '' + lib.optionalString (!minimal) '' Defaults env_keep+=XDG_RUNTIME_DIR Defaults env_keep+=WAYLAND_DISPLAY ''; + }; }; - }; -} + } #+end_src **** Reduce systemd timeouts @@ -4870,103 +4912,103 @@ Pipewire handles communication on Wayland. This enables several sound tools as w Here I only enable =networkmanager= and a few default networks. The rest of the network config is done separately in [[#h:88bf4b90-e94b-46fb-aaf1-a381a512860d][System specific configuration]]. #+begin_src nix-ts :tangle modules/nixos/client/network.nix - { self, lib, pkgs, config, ... }: - let - certsSopsFile = self + /secrets/certs/secrets.yaml; - clientSopsFile = self + /secrets/${config.node.name}/secrets.yaml; + { self, lib, pkgs, config, ... }: + let + certsSopsFile = self + /secrets/certs/secrets.yaml; + clientSopsFile = self + /secrets/${config.node.name}/secrets.yaml; - inherit (config.swarselsystems) mainUser; - inherit (config.repo.secrets.common.network) wlan1 wlan2 mobile1 vpn1-location vpn1-cipher vpn1-address eduroam-anon; + inherit (config.repo.secrets.common.network) wlan1 wlan2 mobile1 vpn1-location vpn1-cipher vpn1-address eduroam-anon; - iwd = config.networking.networkmanager.wifi.backend == "iwd"; - in - { - options.swarselsystems = { - firewall = lib.swarselsystems.mkTrueOption; + iwd = config.networking.networkmanager.wifi.backend == "iwd"; + in + { + options.swarselsystems = { + firewall = lib.swarselsystems.mkTrueOption; + }; + options.swarselmodules.network = lib.mkEnableOption "network config"; + config = lib.mkIf config.swarselmodules.network { + + sops = { + secrets = lib.mkIf (!config.swarselsystems.isPublic) { + wlan1-pw = { }; + wlan2-pw = { }; + laptop-hotspot-pw = { }; + mobile-hotspot-pw = { }; + eduroam-user = { }; + eduroam-pw = { }; + pia-vpn-user = { }; + pia-vpn-pw = { }; + home-wireguard-client-private-key = { sopsFile = clientSopsFile; }; + home-wireguard-server-public-key = { }; + home-wireguard-endpoint = { }; + pia-vpn1-crl-pem = { sopsFile = certsSopsFile; }; + pia-vpn1-ca-pem = { sopsFile = certsSopsFile; }; + }; + templates = lib.mkIf (!config.swarselsystems.isPublic) { + "network-manager.env".content = '' + WLAN1_PW=${config.sops.placeholder.wlan1-pw} + WLAN2_PW=${config.sops.placeholder.wlan2-pw} + LAPTOP_HOTSPOT_PW=${config.sops.placeholder.laptop-hotspot-pw} + MOBILE_HOTSPOT_PW=${config.sops.placeholder.mobile-hotspot-pw} + EDUROAM_USER=${config.sops.placeholder.eduroam-user} + EDUROAM_PW=${config.sops.placeholder.eduroam-pw} + PIA_VPN_USER=${config.sops.placeholder.pia-vpn-user} + PIA_VPN_PW=${config.sops.placeholder.pia-vpn-pw} + HOME_WIREGUARD_CLIENT_PRIVATE_KEY=${config.sops.placeholder.home-wireguard-client-private-key} + HOME_WIREGUARD_SERVER_PUBLIC_KEY=${config.sops.placeholder.home-wireguard-server-public-key} + HOME_WIREGUARD_ENDPOINT=${config.sops.placeholder.home-wireguard-endpoint} + ''; + }; }; - options.swarselmodules.network = lib.mkEnableOption "network config"; - config = lib.mkIf config.swarselmodules.network { - sops = { - secrets = lib.mkIf (!config.swarselsystems.isPublic) { - wlan1-pw = { }; - wlan2-pw = { }; - laptop-hotspot-pw = { }; - mobile-hotspot-pw = { }; - eduroam-user = { }; - eduroam-pw = { }; - pia-vpn-user = { }; - pia-vpn-pw = { }; - home-wireguard-client-private-key = { sopsFile = clientSopsFile; }; - home-wireguard-server-public-key = { }; - home-wireguard-endpoint = { }; - pia-vpn1-crl-pem = { sopsFile = certsSopsFile; }; - pia-vpn1-ca-pem = { sopsFile = certsSopsFile; }; - }; - templates = lib.mkIf (!config.swarselsystems.isPublic) { - "network-manager.env".content = '' - WLAN1_PW=${config.sops.placeholder.wlan1-pw} - WLAN2_PW=${config.sops.placeholder.wlan2-pw} - LAPTOP_HOTSPOT_PW=${config.sops.placeholder.laptop-hotspot-pw} - MOBILE_HOTSPOT_PW=${config.sops.placeholder.mobile-hotspot-pw} - EDUROAM_USER=${config.sops.placeholder.eduroam-user} - EDUROAM_PW=${config.sops.placeholder.eduroam-pw} - PIA_VPN_USER=${config.sops.placeholder.pia-vpn-user} - PIA_VPN_PW=${config.sops.placeholder.pia-vpn-pw} - HOME_WIREGUARD_CLIENT_PRIVATE_KEY=${config.sops.placeholder.home-wireguard-client-private-key} - HOME_WIREGUARD_SERVER_PUBLIC_KEY=${config.sops.placeholder.home-wireguard-server-public-key} - HOME_WIREGUARD_ENDPOINT=${config.sops.placeholder.home-wireguard-endpoint} - ''; + networking = { + inherit (config.swarselsystems) hostName; + wireless.iwd = { + enable = true; + settings = { + IPv6 = { + Enabled = true; + }; + Settings = { + AutoConnect = true; + }; + # DriverQuirks = { + # UseDefaultInterface = true; + # }; }; }; + nftables.enable = lib.mkDefault true; + enableIPv6 = lib.mkDefault true; + firewall = { + enable = lib.swarselsystems.mkStrong config.swarselsystems.firewall; + checkReversePath = lib.mkDefault false; + allowedUDPPorts = [ 51820 ]; # 51820: wireguard + allowedTCPPortRanges = [ + { from = 1714; to = 1764; } # kde-connect + ]; + allowedUDPPortRanges = [ + { from = 1714; to = 1764; } # kde-connect + ]; + }; - networking = { - inherit (config.swarselsystems) hostName; - wireless.iwd = { - enable = true; - settings = { - IPv6 = { - Enabled = true; - }; - Settings = { - AutoConnect = true; - }; - # DriverQuirks = { - # UseDefaultInterface = true; - # }; - }; - }; - nftables.enable = lib.mkDefault true; - enableIPv6 = lib.mkDefault true; - firewall = { - enable = lib.swarselsystems.mkStrong config.swarselsystems.firewall; - checkReversePath = lib.mkDefault false; - allowedUDPPorts = [ 51820 ]; # 51820: wireguard - allowedTCPPortRanges = [ - { from = 1714; to = 1764; } # kde-connect + networkmanager = { + enable = true; + wifi.backend = "iwd"; + plugins = [ + # list of plugins: https://search.nixos.org/packages?query=networkmanager- + # docs https://networkmanager.dev/docs/vpn/ + pkgs.networkmanager-openconnect + pkgs.networkmanager-openvpn + ]; + ensureProfiles = lib.mkIf (!config.swarselsystems.isPublic) { + environmentFiles = [ + "${config.sops.templates."network-manager.env".path}" ]; - allowedUDPPortRanges = [ - { from = 1714; to = 1764; } # kde-connect - ]; - }; - - networkmanager = { - enable = true; - wifi.backend = "iwd"; - plugins = [ - # list of plugins: https://search.nixos.org/packages?query=networkmanager- - # docs https://networkmanager.dev/docs/vpn/ - pkgs.networkmanager-openconnect - pkgs.networkmanager-openvpn - ]; - ensureProfiles = lib.mkIf (!config.swarselsystems.isPublic) { - environmentFiles = [ - "${config.sops.templates."network-manager.env".path}" - ]; - profiles = let + profiles = + let inherit (config.repo.secrets.local.network) home-wireguard-address home-wireguard-allowed-ips; in - { + { ${wlan1} = { connection = { id = wlan1; @@ -5183,13 +5225,13 @@ Here I only enable =networkmanager= and a few default networks. The rest of the }; }; - }; }; }; - - systemd.services.NetworkManager-ensure-profiles.after = [ "NetworkManager.service" ]; }; - } + + systemd.services.NetworkManager-ensure-profiles.after = [ "NetworkManager.service" ]; + }; + } #+end_src **** sops @@ -5495,25 +5537,25 @@ This is a super-convenient package that lets my remap my =CAPS= key to =ESC= if let moduleName = "keyd"; in - { - options.swarselmodules.${moduleName} = lib.mkEnableOption "${moduleName} tools config"; - config = lib.mkIf config.swarselmodules.${moduleName} { - services.keyd = { - enable = true; - keyboards = { - default = { - ids = [ "*" ]; - settings = { - main = { - leftmeta = "overload(meta, macro(rightmeta+z))"; - rightmeta = "overload(meta, macro(rightmeta+z))"; - }; + { + options.swarselmodules.${moduleName} = lib.mkEnableOption "${moduleName} tools config"; + config = lib.mkIf config.swarselmodules.${moduleName} { + services.keyd = { + enable = true; + keyboards = { + default = { + ids = [ "*" ]; + settings = { + main = { + leftmeta = "overload(meta, macro(rightmeta+z))"; + rightmeta = "overload(meta, macro(rightmeta+z))"; }; }; }; }; }; - } + }; + } #+end_src ***** power-profiles-daemon @@ -5762,6 +5804,7 @@ When a program does not work, start with =nix-ldd =. This will tell you libdbusmenu-gtk2 libdrm libelf + libgbm libgcrypt libglvnd libidn @@ -6200,38 +6243,38 @@ Here we just define some aliases for rebuilding the system, and we allow some in let inherit (config.swarselsystems) flakePath; in - { + { - options.swarselmodules.server.general = lib.mkEnableOption "general setting on server"; - options.swarselsystems = { - shellAliases = lib.mkOption { - type = lib.types.attrsOf lib.types.str; - default = { }; - }; + options.swarselmodules.server.general = lib.mkEnableOption "general setting on server"; + options.swarselsystems = { + shellAliases = lib.mkOption { + type = lib.types.attrsOf lib.types.str; + default = { }; }; - config = lib.mkIf config.swarselmodules.server.general { + }; + config = lib.mkIf config.swarselmodules.server.general { - environment.shellAliases = lib.recursiveUpdate - { - nswitch = "cd ${flakePath}; swarsel-deploy $(hostname) switch; cd -;"; - nboot = "cd ${flakePath}; swarsel-deploy $(hostname) boot; cd -;"; - ndry = "cd ${flakePath}; swarsel-deploy $(hostname) dry-activate; cd -;"; - } - config.swarselsystems.shellAliases; + environment.shellAliases = lib.recursiveUpdate + { + nswitch = "cd ${flakePath}; swarsel-deploy $(hostname) switch; cd -;"; + nboot = "cd ${flakePath}; swarsel-deploy $(hostname) boot; cd -;"; + ndry = "cd ${flakePath}; swarsel-deploy $(hostname) dry-activate; cd -;"; + } + config.swarselsystems.shellAliases; - nixpkgs.config.permittedInsecurePackages = [ - # matrix - "olm-3.2.16" - # sonarr - "aspnetcore-runtime-wrapped-6.0.36" - "aspnetcore-runtime-6.0.36" - "dotnet-sdk-wrapped-6.0.428" - "dotnet-sdk-6.0.428" - # - "SDL_ttf-2.0.11" - ]; - }; - } + nixpkgs.config.permittedInsecurePackages = [ + # matrix + "olm-3.2.16" + # sonarr + "aspnetcore-runtime-wrapped-6.0.36" + "aspnetcore-runtime-6.0.36" + "dotnet-sdk-wrapped-6.0.428" + "dotnet-sdk-6.0.428" + # + "SDL_ttf-2.0.11" + ]; + }; + } #+end_src **** System Packages @@ -7891,7 +7934,7 @@ This manages backups for my pictures and obsidian files. { lib, pkgs, config, ... }: let inherit (config.swarselsystems) sopsFile; - in + in { options.swarselmodules.server.restic = lib.mkEnableOption "enable restic backups on server"; config = lib.mkIf config.swarselmodules.server.restic { @@ -10106,7 +10149,7 @@ Deployment notes: :END: #+begin_src nix-ts :tangle modules/nixos/server/homebox.nix - { self, lib, pkgs, config, globals, ... }: + { lib, pkgs, config, globals, ... }: let servicePort = 7745; serviceName = "homebox"; @@ -10186,21 +10229,21 @@ This section sets up all the imports that are used in the home-manager section. options.swarselmodules.optional.darwin = lib.mkEnableOption "optional darwin settings"; config = lib.mkIf config.swarselmodules.optional.darwin { - nix.settings.experimental-features = "nix-command flakes"; - nixpkgs = { - hostPlatform = "x86_64-darwin"; - overlays = [ outputs.overlays.default ]; - config = { - allowUnfree = true; + nix.settings.experimental-features = "nix-command flakes"; + nixpkgs = { + hostPlatform = "x86_64-darwin"; + overlays = [ outputs.overlays.default ]; + config = { + allowUnfree = true; + }; }; + + home-manager.users."${macUser}".imports = [ + "${self}/modules/home/darwin" + ]; + + system.stateVersion = 4; }; - - home-manager.users."${macUser}".imports = [ - "${self}/modules/home/darwin" - ]; - - system.stateVersion = 4; - }; } #+end_src @@ -10484,10 +10527,10 @@ This holds configuration that is specific to framework laptops. #+begin_src nix-ts :tangle modules/nixos/optional/btrfs.nix { lib, config, ... }: { - options.swarselmodules.optional.btrfs = lib.mkEnableOption "optional btrfs settings"; - config = lib.mkIf config.swarselmodules.optional.btrfs { + options.swarselmodules.btrfs = lib.mkEnableOption "optional btrfs settings"; + config = lib.mkIf config.swarselmodules.btrfs { boot = { - supportedFilesystems = [ "btrfs" ]; + supportedFilesystems = lib.mkIf config.swarselsystems.isBtrfs [ "btrfs" ]; }; }; } @@ -10783,7 +10826,6 @@ This section sets up all the imports that are used in the home-manager section. { lib, config, nixosConfig ? null, ... }: let # mirrorAttrs = lib.mapAttrs (_: v: lib.mkDefault v) nixosConfig.swarselsystems; - inherit (lib) mkDefault mapAttrs filterAttrs; mkDefaultCommonAttrs = base: defaults: lib.mapAttrs (_: v: lib.mkDefault v) (lib.filterAttrs (k: _: base ? ${k}) defaults); @@ -11152,6 +11194,7 @@ This is just a separate container for derivations defined in [[#h:64a5cc16-6b16- swarsel-instantiate swarselzellij sshrm + endme rustdesk-vbc ]; @@ -11490,7 +11533,7 @@ Sets environment variables. Here I am only setting the EDITOR variable, most var let inherit (nixosConfig.repo.secrets.common.mail) address1 address2 address3 address4 allMailAddresses; inherit (nixosConfig.repo.secrets.common.calendar) source1 source1-name source2 source2-name source3 source3-name; - inherit (nixosConfig.repo.secrets.common) fullName; + inherit (nixosConfig.repo.secrets.common) fullName openrouterApi; inherit (config.swarselsystems) isPublic homeDir; DISPLAY = ":0"; @@ -11501,8 +11544,7 @@ Sets environment variables. Here I am only setting the EDITOR variable, most var home.sessionVariables = { inherit DISPLAY; EDITOR = "e -w"; - } // (lib.optionalAttrs (!isPublic) { - }); + } // (lib.optionalAttrs (!isPublic) { }); systemd.user.sessionVariables = { DOCUMENT_DIR_PRIV = lib.mkForce "${homeDir}/Documents/Private"; } // lib.optionalAttrs (!isPublic) { @@ -11519,6 +11561,7 @@ Sets environment variables. Here I am only setting the EDITOR variable, most var SWARSEL_FULLNAME = fullName; SWARSEL_MAIL_ALL = allMailAddresses; GITHUB_NOTIFICATION_TOKEN_PATH = nixosConfig.sops.secrets.github-notifications-token.path; + OPENROUTER_API_KEY = openrouterApi; }; }; } @@ -11714,7 +11757,7 @@ Here I set up my git config, automatic signing of commits, useful aliases for my config = lib.mkIf config.swarselmodules.git { programs.git = { enable = true; - } // lib.optionalAttrs (!minimal) { + } // lib.optionalAttrs (!minimal) { aliases = { a = "add"; c = "commit"; @@ -13683,8 +13726,8 @@ Currently, I am too lazy to explain every option here, but most of it is very se }; prefer-no-csd = true; layer-rules = [ - { matches = [ { namespace = "^notifications$"; }]; block-out-from = "screencast";} - { matches = [ { namespace = "^wallpaper$"; }]; place-within-backdrop = true;} + { matches = [{ namespace = "^notifications$"; }]; block-out-from = "screencast"; } + { matches = [{ namespace = "^wallpaper$"; }]; place-within-backdrop = true; } ]; window-rules = [ { @@ -13961,7 +14004,7 @@ Currently, I am too lazy to explain every option here, but most of it is very se in { name = "lidclosed"; - exec = [ "${pkgs.swaybg}/bin/swaybg --output '${monitor}' --image ${self}/files/wallpaper/standwp.png --mode ${config.stylix.imageScalingMode}"] ; + exec = [ "${pkgs.swaybg}/bin/swaybg --output '${monitor}' --image ${self}/files/wallpaper/standwp.png --mode ${config.stylix.imageScalingMode}" ]; outputs = [ { criteria = config.swarselsystems.sharescreen; @@ -14250,313 +14293,317 @@ The rest of the settings is at [[#h:bbf2ecb6-c8ff-4462-b5d5-d45b28604ddf][work]] let inherit (config.swarselsystems) homeDir; in - { - options.swarselmodules.optional.work = lib.mkEnableOption "optional work settings"; - config = lib.mkIf config.swarselmodules.optional.work - { - home.packages = with pkgs; [ - stable.teams-for-linux - shellcheck - dig - docker - postman - rclone - stable24_05.awscli2 - libguestfs-with-appliance - stable.prometheus.cli - tigervnc - openstackclient - ]; + { + options.swarselmodules.optional.work = lib.mkEnableOption "optional work settings"; + config = lib.mkIf config.swarselmodules.optional.work + { + home.packages = with pkgs; [ + stable.teams-for-linux + shellcheck + dig + docker + postman + rclone + stable24_05.awscli2 + libguestfs-with-appliance + stable.prometheus.cli + tigervnc + openstackclient - systemd.user.sessionVariables = { - DOCUMENT_DIR_WORK = lib.mkForce "${homeDir}/Documents/Work"; - }; + vscode + ]; - accounts.email.accounts.work = - let - inherit (nixosConfig.repo.secrets.local.work) mailAddress mailName; - in - { - primary = false; - address = mailAddress; - userName = mailAddress; - realName = mailName; - passwordCommand = "pizauth show work"; - imap = { - host = "outlook.office365.com"; - port = 993; - tls.enable = true; # SSL/TLS - }; - smtp = { - host = "outlook.office365.com"; - port = 587; - tls = { - enable = true; # SSL/TLS - useStartTls = true; - }; - }; - thunderbird = { - enable = true; - profiles = [ "default" ]; - settings = id: { - "mail.smtpserver.smtp_${id}.authMethod" = 10; # oauth - "mail.server.server_${id}.authMethod" = 10; # oauth - # "toolkit.telemetry.enabled" = false; - # "toolkit.telemetry.rejected" = true; - # "toolkit.telemetry.prompted" = 2; - }; - }; - msmtp = { - enable = true; - extraConfig = { - auth = "xoauth2"; - host = "outlook.office365.com"; - protocol = "smtp"; - port = "587"; - tls = "on"; - tls_starttls = "on"; - from = "${mailAddress}"; - user = "${mailAddress}"; - passwordeval = "pizauth show work"; - }; - }; - mu.enable = true; - mbsync = { - enable = true; - expunge = "both"; - patterns = [ "INBOX" ]; - extraConfig = { - account = { - AuthMechs = "XOAUTH2"; - }; - }; + systemd.user.sessionVariables = { + DOCUMENT_DIR_WORK = lib.mkForce "${homeDir}/Documents/Work"; + }; + + accounts.email.accounts.work = + let + inherit (nixosConfig.repo.secrets.local.work) mailAddress mailName; + in + { + primary = false; + address = mailAddress; + userName = mailAddress; + realName = mailName; + passwordCommand = "pizauth show work"; + imap = { + host = "outlook.office365.com"; + port = 993; + tls.enable = true; # SSL/TLS + }; + smtp = { + host = "outlook.office365.com"; + port = 587; + tls = { + enable = true; # SSL/TLS + useStartTls = true; + }; + }; + thunderbird = { + enable = true; + profiles = [ "default" ]; + settings = id: { + "mail.smtpserver.smtp_${id}.authMethod" = 10; # oauth + "mail.server.server_${id}.authMethod" = 10; # oauth + # "toolkit.telemetry.enabled" = false; + # "toolkit.telemetry.rejected" = true; + # "toolkit.telemetry.prompted" = 2; + }; + }; + msmtp = { + enable = true; + extraConfig = { + auth = "xoauth2"; + host = "outlook.office365.com"; + protocol = "smtp"; + port = "587"; + tls = "on"; + tls_starttls = "on"; + from = "${mailAddress}"; + user = "${mailAddress}"; + passwordeval = "pizauth show work"; + }; + }; + mu.enable = true; + mbsync = { + enable = true; + expunge = "both"; + patterns = [ "INBOX" ]; + extraConfig = { + account = { + AuthMechs = "XOAUTH2"; }; }; - - # wayland.windowManager.sway.config = { - # output = { - # "Applied Creative Technology Transmitter QUATTRO201811" = { - # bg = "${self}/files/wallpaper/navidrome.png ${config.stylix.imageScalingMode}"; - # }; - # "Hewlett Packard HP Z24i CN44250RDT" = { - # bg = "${self}/files/wallpaper/op6wp.png ${config.stylix.imageScalingMode}"; - # }; - # "HP Inc. HP 732pk CNC4080YL5" = { - # bg = "${self}/files/wallpaper/botanicswp.png ${config.stylix.imageScalingMode}"; - # }; - # }; - # }; - - stylix = { - targets.firefox.profileNames = - let - inherit (nixosConfig.repo.secrets.local.work) user1 user2 user3; - in - [ - "${user1}" - "${user2}" - "${user3}" - "work" - ]; + }; }; - programs = + # wayland.windowManager.sway.config = { + # output = { + # "Applied Creative Technology Transmitter QUATTRO201811" = { + # bg = "${self}/files/wallpaper/navidrome.png ${config.stylix.imageScalingMode}"; + # }; + # "Hewlett Packard HP Z24i CN44250RDT" = { + # bg = "${self}/files/wallpaper/op6wp.png ${config.stylix.imageScalingMode}"; + # }; + # "HP Inc. HP 732pk CNC4080YL5" = { + # bg = "${self}/files/wallpaper/botanicswp.png ${config.stylix.imageScalingMode}"; + # }; + # }; + # }; + + stylix = { + targets.firefox.profileNames = let - inherit (nixosConfig.repo.secrets.local.work) user1 user1Long user2 user2Long user3 user3Long user4 path1 loc1 loc2 site1 site2 site3 site4 site5 site6 site7 lifecycle1 lifecycle2 domain1 domain2 gitMail; + inherit (nixosConfig.repo.secrets.local.work) user1 user2 user3; in - { - git.userEmail = lib.mkForce gitMail; + [ + "${user1}" + "${user2}" + "${user3}" + "work" + ]; + }; - zsh = { - shellAliases = { - dssh = "ssh -l ${user1Long}"; - cssh = "ssh -l ${user2Long}"; - wssh = "ssh -l ${user3Long}"; - }; - cdpath = [ - "~/Documents/Work" - ]; - dirHashes = { - d = "$HOME/.dotfiles"; - w = "$HOME/Documents/Work"; - s = "$HOME/.dotfiles/secrets"; - pr = "$HOME/Documents/Private"; - ac = path1; - }; + programs = + let + inherit (nixosConfig.repo.secrets.local.work) user1 user1Long user2 user2Long user3 user3Long user4 path1 loc1 loc2 site1 site2 site3 site4 site5 site6 site7 lifecycle1 lifecycle2 domain1 domain2 gitMail; + in + { + git.userEmail = lib.mkForce gitMail; - sessionVariables = { - VSPHERE_USER = "$(cat ${nixosConfig.sops.secrets.vcuser.path})"; - VSPHERE_PW = "$(cat ${nixosConfig.sops.secrets.vcpw.path})"; - GOVC_USERNAME = "$(cat ${nixosConfig.sops.secrets.govcuser.path})"; - GOVC_PASSWORD = "$(cat ${nixosConfig.sops.secrets.govcpw.path})"; - GOVC_URL = "$(cat ${nixosConfig.sops.secrets.govcurl.path})"; - GOVC_DATACENTER = "$(cat ${nixosConfig.sops.secrets.govcdc.path})"; - GOVC_DATASTORE = "$(cat ${nixosConfig.sops.secrets.govcds.path})"; - GOVC_HOST = "$(cat ${nixosConfig.sops.secrets.govchost.path})"; - GOVC_RESOURCE_POOL = "$(cat ${nixosConfig.sops.secrets.govcpool.path})"; - GOVC_NETWORK = "$(cat ${nixosConfig.sops.secrets.govcnetwork.path})"; - }; + zsh = { + shellAliases = { + dssh = "ssh -l ${user1Long}"; + cssh = "ssh -l ${user2Long}"; + wssh = "ssh -l ${user3Long}"; + }; + cdpath = [ + "~/Documents/Work" + ]; + dirHashes = { + d = "$HOME/.dotfiles"; + w = "$HOME/Documents/Work"; + s = "$HOME/.dotfiles/secrets"; + pr = "$HOME/Documents/Private"; + ac = path1; + }; + + sessionVariables = { + VSPHERE_USER = "$(cat ${nixosConfig.sops.secrets.vcuser.path})"; + VSPHERE_PW = "$(cat ${nixosConfig.sops.secrets.vcpw.path})"; + GOVC_USERNAME = "$(cat ${nixosConfig.sops.secrets.govcuser.path})"; + GOVC_PASSWORD = "$(cat ${nixosConfig.sops.secrets.govcpw.path})"; + GOVC_URL = "$(cat ${nixosConfig.sops.secrets.govcurl.path})"; + GOVC_DATACENTER = "$(cat ${nixosConfig.sops.secrets.govcdc.path})"; + GOVC_DATASTORE = "$(cat ${nixosConfig.sops.secrets.govcds.path})"; + GOVC_HOST = "$(cat ${nixosConfig.sops.secrets.govchost.path})"; + GOVC_RESOURCE_POOL = "$(cat ${nixosConfig.sops.secrets.govcpool.path})"; + GOVC_NETWORK = "$(cat ${nixosConfig.sops.secrets.govcnetwork.path})"; + }; + }; + + ssh = { + matchBlocks = { + "${loc1}" = { + hostname = "${loc1}.${domain2}"; + user = user4; }; - - ssh = { - matchBlocks = { - "${loc1}" = { - hostname = "${loc1}.${domain2}"; - user = user4; - }; - "${loc1}.stg" = { - hostname = "${loc1}.${lifecycle1}.${domain2}"; - user = user4; - }; - "${loc1}.staging" = { - hostname = "${loc1}.${lifecycle1}.${domain2}"; - user = user4; - }; - "${loc1}.dev" = { - hostname = "${loc1}.${lifecycle2}.${domain2}"; - user = user4; - }; - "${loc2}" = { - hostname = "${loc2}.${domain1}"; - user = user1Long; - }; - "${loc2}.stg" = { - hostname = "${loc2}.${lifecycle1}.${domain2}"; - user = user1Long; - }; - "${loc2}.staging" = { - hostname = "${loc2}.${lifecycle1}.${domain2}"; - user = user1Long; - }; - "*.${domain1}" = { - user = user1Long; - }; - }; + "${loc1}.stg" = { + hostname = "${loc1}.${lifecycle1}.${domain2}"; + user = user4; }; + "${loc1}.staging" = { + hostname = "${loc1}.${lifecycle1}.${domain2}"; + user = user4; + }; + "${loc1}.dev" = { + hostname = "${loc1}.${lifecycle2}.${domain2}"; + user = user4; + }; + "${loc2}" = { + hostname = "${loc2}.${domain1}"; + user = user1Long; + }; + "${loc2}.stg" = { + hostname = "${loc2}.${lifecycle1}.${domain2}"; + user = user1Long; + }; + "${loc2}.staging" = { + hostname = "${loc2}.${lifecycle1}.${domain2}"; + user = user1Long; + }; + "*.${domain1}" = { + user = user1Long; + }; + }; + }; - firefox = { - profiles = - let - isDefault = false; - in - { - "${user1}" = lib.recursiveUpdate - { - inherit isDefault; - id = 1; - settings = { - "browser.startup.homepage" = "${site1}|${site2}"; - }; - } - vars.firefox; - "${user2}" = lib.recursiveUpdate - { - inherit isDefault; - id = 2; - settings = { - "browser.startup.homepage" = "${site3}"; - }; - } - vars.firefox; - "${user3}" = lib.recursiveUpdate - { - inherit isDefault; - id = 3; - } - vars.firefox; - work = lib.recursiveUpdate - { - inherit isDefault; - id = 4; - settings = { - "browser.startup.homepage" = "${site4}|${site5}|${site6}|${site7}"; - }; - } - vars.firefox; + firefox = { + profiles = + let + isDefault = false; + in + { + "${user1}" = lib.recursiveUpdate + { + inherit isDefault; + id = 1; + settings = { + "browser.startup.homepage" = "${site1}|${site2}"; }; + } + vars.firefox; + "${user2}" = lib.recursiveUpdate + { + inherit isDefault; + id = 2; + settings = { + "browser.startup.homepage" = "${site3}"; + }; + } + vars.firefox; + "${user3}" = lib.recursiveUpdate + { + inherit isDefault; + id = 3; + } + vars.firefox; + work = lib.recursiveUpdate + { + inherit isDefault; + id = 4; + settings = { + "browser.startup.homepage" = "${site4}|${site5}|${site6}|${site7}"; + }; + } + vars.firefox; }; + }; - chromium = { - enable = true; - package = pkgs.chromium; + chromium = { + enable = true; + package = pkgs.chromium; - extensions = [ - # 1password - "gejiddohjgogedgjnonbofjigllpkmbf" - # dark reader - "eimadpbcbfnmbkopoojfekhnkhdbieeh" - # ublock origin - "cjpalhdlnbpafiamejdnhcphjbkeiagm" - # i still dont care about cookies - "edibdbjcniadpccecjdfdjjppcpchdlm" - # browserpass - "naepdomgkenhinolocfifgehidddafch" + extensions = [ + # 1password + "gejiddohjgogedgjnonbofjigllpkmbf" + # dark reader + "eimadpbcbfnmbkopoojfekhnkhdbieeh" + # ublock origin + "cjpalhdlnbpafiamejdnhcphjbkeiagm" + # i still dont care about cookies + "edibdbjcniadpccecjdfdjjppcpchdlm" + # browserpass + "naepdomgkenhinolocfifgehidddafch" + ]; + }; + }; + + services = { + kanshi = { + settings = [ + { + # seminary room + output = { + criteria = "Applied Creative Technology Transmitter QUATTRO201811"; + scale = 1.0; + mode = "1280x720"; + }; + } + { + # work main screen + output = { + criteria = "HP Inc. HP 732pk CNC4080YL5"; + scale = 1.0; + mode = "3840x2160"; + }; + } + { + # work side screen + output = { + criteria = "Hewlett Packard HP Z24i CN44250RDT"; + scale = 1.0; + mode = "1920x1200"; + transform = "270"; + }; + } + { + profile = { + name = "lidopen"; + exec = [ + "${pkgs.swaybg}/bin/swaybg --output 'HP Inc. HP 732pk CNC4080YL5' --image ${self}/files/wallpaper/botanicswp.png --mode ${config.stylix.imageScalingMode}" + "${pkgs.swaybg}/bin/swaybg --output 'Hewlett Packard HP Z24i CN44250RDT' --image ${self}/files/wallpaper/op6wp.png --mode ${config.stylix.imageScalingMode}" + ]; + outputs = [ + { + criteria = config.swarselsystems.sharescreen; + status = "enable"; + scale = 1.5; + position = "1462,0"; + } + { + criteria = "HP Inc. HP 732pk CNC4080YL5"; + scale = 1.4; + mode = "3840x2160"; + position = "-1280,0"; + } + { + criteria = "Hewlett Packard HP Z24i CN44250RDT"; + scale = 1.0; + mode = "1920x1200"; + transform = "90"; + position = "-2480,0"; + } ]; }; - }; - - services = { - kanshi = { - settings = [ - { - # seminary room - output = { - criteria = "Applied Creative Technology Transmitter QUATTRO201811"; - scale = 1.0; - mode = "1280x720"; - }; - } - { - # work main screen - output = { - criteria = "HP Inc. HP 732pk CNC4080YL5"; - scale = 1.0; - mode = "3840x2160"; - }; - } - { - # work side screen - output = { - criteria = "Hewlett Packard HP Z24i CN44250RDT"; - scale = 1.0; - mode = "1920x1200"; - transform = "270"; - }; - } - { - profile = { - name = "lidopen"; - exec = [ - "${pkgs.swaybg}/bin/swaybg --output 'HP Inc. HP 732pk CNC4080YL5' --image ${self}/files/wallpaper/botanicswp.png --mode ${config.stylix.imageScalingMode}" - "${pkgs.swaybg}/bin/swaybg --output 'Hewlett Packard HP Z24i CN44250RDT' --image ${self}/files/wallpaper/op6wp.png --mode ${config.stylix.imageScalingMode}" - ]; - outputs = [ - { - criteria = config.swarselsystems.sharescreen; - status = "enable"; - scale = 1.5; - position = "1462,0"; - } - { - criteria = "HP Inc. HP 732pk CNC4080YL5"; - scale = 1.4; - mode = "3840x2160"; - position = "-1280,0"; - } - { - criteria = "Hewlett Packard HP Z24i CN44250RDT"; - scale = 1.0; - mode = "1920x1200"; - transform = "90"; - position = "-2480,0"; - } - ]; - }; - } - { - profile = let + } + { + profile = + let monitor = "Applied Creative Technology Transmitter QUATTRO201811"; - in { + in + { name = "lidopen"; exec = [ "${pkgs.swaybg}/bin/swaybg --output '${monitor}' --image ${self}/files/wallpaper/navidrome.png --mode ${config.stylix.imageScalingMode}" @@ -14577,39 +14624,41 @@ The rest of the settings is at [[#h:bbf2ecb6-c8ff-4462-b5d5-d45b28604ddf][work]] } ]; }; - } - { - profile = { - name = "lidclosed"; - exec = [ - "${pkgs.swaybg}/bin/swaybg --output 'HP Inc. HP 732pk CNC4080YL5' --image ${self}/files/wallpaper/botanicswp.png --mode ${config.stylix.imageScalingMode}" - "${pkgs.swaybg}/bin/swaybg --output 'Hewlett Packard HP Z24i CN44250RDT' --image ${self}/files/wallpaper/op6wp.png --mode ${config.stylix.imageScalingMode}" - ]; - outputs = [ - { - criteria = config.swarselsystems.sharescreen; - status = "disable"; - } - { - criteria = "HP Inc. HP 732pk CNC4080YL5"; - scale = 1.4; - mode = "3840x2160"; - position = "-1280,0"; - } - { - criteria = "Hewlett Packard HP Z24i CN44250RDT"; - scale = 1.0; - mode = "1920x1200"; - transform = "270"; - position = "-2480,0"; - } - ]; - }; - } - { - profile = let - monitor = "Applied Creative Technology Transmitter QUATTRO201811"; - in { + } + { + profile = { + name = "lidclosed"; + exec = [ + "${pkgs.swaybg}/bin/swaybg --output 'HP Inc. HP 732pk CNC4080YL5' --image ${self}/files/wallpaper/botanicswp.png --mode ${config.stylix.imageScalingMode}" + "${pkgs.swaybg}/bin/swaybg --output 'Hewlett Packard HP Z24i CN44250RDT' --image ${self}/files/wallpaper/op6wp.png --mode ${config.stylix.imageScalingMode}" + ]; + outputs = [ + { + criteria = config.swarselsystems.sharescreen; + status = "disable"; + } + { + criteria = "HP Inc. HP 732pk CNC4080YL5"; + scale = 1.4; + mode = "3840x2160"; + position = "-1280,0"; + } + { + criteria = "Hewlett Packard HP Z24i CN44250RDT"; + scale = 1.0; + mode = "1920x1200"; + transform = "270"; + position = "-2480,0"; + } + ]; + }; + } + { + profile = + let + monitor = "Applied Creative Technology Transmitter QUATTRO201811"; + in + { name = "lidclosed"; exec = [ "${pkgs.swaybg}/bin/swaybg --output '${monitor}' --image ${self}/files/wallpaper/navidrome.png --mode ${config.stylix.imageScalingMode}" @@ -14627,184 +14676,184 @@ The rest of the settings is at [[#h:bbf2ecb6-c8ff-4462-b5d5-d45b28604ddf][work]] } ]; }; - } - ]; - }; - }; - - systemd.user.services.pizauth.Service = { - ExecStartPost= [ - "${pkgs.toybox}/bin/sleep 1" - "//bin/sh -c '${lib.getExe pkgs.pizauth} restore < ${homeDir}/.pizauth.state'" + } ]; }; - - swarselservices.pizauth = { - enable = true; - extraConfig = '' - auth_notify_cmd = "if [[ \"$(notify-send -A \"Open $PIZAUTH_ACCOUNT\" -t 30000 'pizauth authorisation')\" == \"0\" ]]; then open \"$PIZAUTH_URL\"; fi"; - error_notify_cmd = "notify-send -t 90000 \"pizauth error for $PIZAUTH_ACCOUNT\" \"$PIZAUTH_MSG\""; - token_event_cmd = "pizauth dump > ${homeDir}/.pizauth.state"; - ''; - accounts = { - work = { - authUri = "https://login.microsoftonline.com/common/oauth2/v2.0/authorize"; - tokenUri = "https://login.microsoftonline.com/common/oauth2/v2.0/token"; - clientId = "08162f7c-0fd2-4200-a84a-f25a4db0b584"; - clientSecret = "TxRBilcHdC6WGBee]fs?QR:SJ8nI[g82"; - scopes = [ - "https://outlook.office365.com/IMAP.AccessAsUser.All" - "https://outlook.office365.com/SMTP.Send" - "offline_access" - ]; - loginHint = "${nixosConfig.repo.secrets.local.work.mailAddress}"; - }; - }; - - }; - - xdg = - let - inherit (nixosConfig.repo.secrets.local.work) user1 user2 user3; - in - { - mimeApps = { - defaultApplications = { - "x-scheme-handler/msteams" = [ "teams-for-linux.desktop" ]; - }; - }; - desktopEntries = - let - terminal = false; - categories = [ "Application" ]; - icon = "firefox"; - in - { - firefox_work = { - name = "Firefox (work)"; - genericName = "Firefox work"; - exec = "firefox -p work"; - inherit terminal categories icon; - }; - "firefox_${user1}" = { - name = "Firefox (${user1})"; - genericName = "Firefox ${user1}"; - exec = "firefox -p ${user1}"; - inherit terminal categories icon; - }; - - "firefox_${user2}" = { - name = "Firefox (${user2})"; - genericName = "Firefox ${user2}"; - exec = "firefox -p ${user2}"; - inherit terminal categories icon; - }; - - "firefox_${user3}" = { - name = "Firefox (${user3})"; - genericName = "Firefox ${user3}"; - exec = "firefox -p ${user3}"; - inherit terminal categories icon; - }; - - - }; - }; - swarselsystems = { - startup = [ - # { command = "nextcloud --background"; } - { command = "vesktop --start-minimized --enable-speech-dispatcher --ozone-platform-hint=auto --enable-features=WaylandWindowDecorations --enable-wayland-ime"; } - { command = "element-desktop --hidden --enable-features=UseOzonePlatform --ozone-platform=wayland --disable-gpu-driver-bug-workarounds"; } - { command = "anki"; } - { command = "obsidian"; } - { command = "nm-applet"; } - # { command = "feishin"; } - { command = "teams-for-linux --disableGpu=true --minimized=true --trayIconEnabled=true"; } - { command = "1password"; } - ]; - monitors = { - work_back_middle = rec { - name = "LG Electronics LG Ultra HD 0x000305A6"; - mode = "2560x1440"; - scale = "1"; - position = "5120,0"; - workspace = "1:一"; - # output = "DP-10"; - output = name; - }; - work_front_left = rec { - name = "LG Electronics LG Ultra HD 0x0007AB45"; - mode = "3840x2160"; - scale = "1"; - position = "5120,0"; - workspace = "1:一"; - # output = "DP-7"; - output = name; - }; - work_back_right = rec { - name = "HP Inc. HP Z32 CN41212T55"; - mode = "3840x2160"; - scale = "1"; - position = "5120,0"; - workspace = "1:一"; - # output = "DP-3"; - output = name; - }; - work_middle_middle_main = rec { - name = "HP Inc. HP 732pk CNC4080YL5"; - mode = "3840x2160"; - scale = "1"; - position = "-1280,0"; - workspace = "11:M"; - # output = "DP-8"; - output = name; - }; - work_middle_middle_side = rec { - name = "Hewlett Packard HP Z24i CN44250RDT"; - mode = "1920x1200"; - transform = "270"; - scale = "1"; - position = "-2480,0"; - workspace = "12:S"; - # output = "DP-9"; - output = name; - }; - work_seminary = rec { - name = "Applied Creative Technology Transmitter QUATTRO201811"; - mode = "1280x720"; - scale = "1"; - position = "10000,10000"; # i.e. this screen is inaccessible by moving the mouse - workspace = "14:T"; - # output = "DP-4"; - output = name; - }; - }; - inputs = { - "1133:45081:MX_Master_2S_Keyboard" = { - xkb_layout = "us"; - xkb_variant = "altgr-intl"; - }; - # "2362:628:PIXA3854:00_093A:0274_Touchpad" = { - # dwt = "enabled"; - # tap = "enabled"; - # natural_scroll = "enabled"; - # middle_emulation = "enabled"; - # drag_lock = "disabled"; - # }; - "1133:50504:Logitech_USB_Receiver" = { - xkb_layout = "us"; - xkb_variant = "altgr-intl"; - }; - "1133:45944:MX_KEYS_S" = { - xkb_layout = "us"; - xkb_variant = "altgr-intl"; - }; - }; - - }; }; - } + systemd.user.services.pizauth.Service = { + ExecStartPost = [ + "${pkgs.toybox}/bin/sleep 1" + "//bin/sh -c '${lib.getExe pkgs.pizauth} restore < ${homeDir}/.pizauth.state'" + ]; + }; + + swarselservices.pizauth = { + enable = true; + extraConfig = '' + auth_notify_cmd = "if [[ \"$(notify-send -A \"Open $PIZAUTH_ACCOUNT\" -t 30000 'pizauth authorisation')\" == \"0\" ]]; then open \"$PIZAUTH_URL\"; fi"; + error_notify_cmd = "notify-send -t 90000 \"pizauth error for $PIZAUTH_ACCOUNT\" \"$PIZAUTH_MSG\""; + token_event_cmd = "pizauth dump > ${homeDir}/.pizauth.state"; + ''; + accounts = { + work = { + authUri = "https://login.microsoftonline.com/common/oauth2/v2.0/authorize"; + tokenUri = "https://login.microsoftonline.com/common/oauth2/v2.0/token"; + clientId = "08162f7c-0fd2-4200-a84a-f25a4db0b584"; + clientSecret = "TxRBilcHdC6WGBee]fs?QR:SJ8nI[g82"; + scopes = [ + "https://outlook.office365.com/IMAP.AccessAsUser.All" + "https://outlook.office365.com/SMTP.Send" + "offline_access" + ]; + loginHint = "${nixosConfig.repo.secrets.local.work.mailAddress}"; + }; + }; + + }; + + xdg = + let + inherit (nixosConfig.repo.secrets.local.work) user1 user2 user3; + in + { + mimeApps = { + defaultApplications = { + "x-scheme-handler/msteams" = [ "teams-for-linux.desktop" ]; + }; + }; + desktopEntries = + let + terminal = false; + categories = [ "Application" ]; + icon = "firefox"; + in + { + firefox_work = { + name = "Firefox (work)"; + genericName = "Firefox work"; + exec = "firefox -p work"; + inherit terminal categories icon; + }; + "firefox_${user1}" = { + name = "Firefox (${user1})"; + genericName = "Firefox ${user1}"; + exec = "firefox -p ${user1}"; + inherit terminal categories icon; + }; + + "firefox_${user2}" = { + name = "Firefox (${user2})"; + genericName = "Firefox ${user2}"; + exec = "firefox -p ${user2}"; + inherit terminal categories icon; + }; + + "firefox_${user3}" = { + name = "Firefox (${user3})"; + genericName = "Firefox ${user3}"; + exec = "firefox -p ${user3}"; + inherit terminal categories icon; + }; + + + }; + }; + swarselsystems = { + startup = [ + # { command = "nextcloud --background"; } + { command = "vesktop --start-minimized --enable-speech-dispatcher --ozone-platform-hint=auto --enable-features=WaylandWindowDecorations --enable-wayland-ime"; } + { command = "element-desktop --hidden --enable-features=UseOzonePlatform --ozone-platform=wayland --disable-gpu-driver-bug-workarounds"; } + { command = "anki"; } + { command = "obsidian"; } + { command = "nm-applet"; } + # { command = "feishin"; } + { command = "teams-for-linux --disableGpu=true --minimized=true --trayIconEnabled=true"; } + { command = "1password"; } + ]; + monitors = { + work_back_middle = rec { + name = "LG Electronics LG Ultra HD 0x000305A6"; + mode = "2560x1440"; + scale = "1"; + position = "5120,0"; + workspace = "1:一"; + # output = "DP-10"; + output = name; + }; + work_front_left = rec { + name = "LG Electronics LG Ultra HD 0x0007AB45"; + mode = "3840x2160"; + scale = "1"; + position = "5120,0"; + workspace = "1:一"; + # output = "DP-7"; + output = name; + }; + work_back_right = rec { + name = "HP Inc. HP Z32 CN41212T55"; + mode = "3840x2160"; + scale = "1"; + position = "5120,0"; + workspace = "1:一"; + # output = "DP-3"; + output = name; + }; + work_middle_middle_main = rec { + name = "HP Inc. HP 732pk CNC4080YL5"; + mode = "3840x2160"; + scale = "1"; + position = "-1280,0"; + workspace = "11:M"; + # output = "DP-8"; + output = name; + }; + work_middle_middle_side = rec { + name = "Hewlett Packard HP Z24i CN44250RDT"; + mode = "1920x1200"; + transform = "270"; + scale = "1"; + position = "-2480,0"; + workspace = "12:S"; + # output = "DP-9"; + output = name; + }; + work_seminary = rec { + name = "Applied Creative Technology Transmitter QUATTRO201811"; + mode = "1280x720"; + scale = "1"; + position = "10000,10000"; # i.e. this screen is inaccessible by moving the mouse + workspace = "14:T"; + # output = "DP-4"; + output = name; + }; + }; + inputs = { + "1133:45081:MX_Master_2S_Keyboard" = { + xkb_layout = "us"; + xkb_variant = "altgr-intl"; + }; + # "2362:628:PIXA3854:00_093A:0274_Touchpad" = { + # dwt = "enabled"; + # tap = "enabled"; + # natural_scroll = "enabled"; + # middle_emulation = "enabled"; + # drag_lock = "disabled"; + # }; + "1133:50504:Logitech_USB_Receiver" = { + xkb_layout = "us"; + xkb_variant = "altgr-intl"; + }; + "1133:45944:MX_KEYS_S" = { + xkb_layout = "us"; + xkb_variant = "altgr-intl"; + }; + }; + + }; + }; + + } #+end_src @@ -14980,9 +15029,11 @@ In short, the options defined here are passed to the modules systems using =_mod MOZ_ENABLE_WAYLAND = "1"; }; - waylandExports = let - renderedWaylandExports = map (key: "export ${key}=${waylandSessionVariables.${key}};") (builtins.attrNames waylandSessionVariables); - in builtins.concatStringsSep "\n" renderedWaylandExports; + waylandExports = + let + renderedWaylandExports = map (key: "export ${key}=${waylandSessionVariables.${key}};") (builtins.attrNames waylandSessionVariables); + in + builtins.concatStringsSep "\n" renderedWaylandExports; stylix = { polarity = "dark"; @@ -15835,15 +15886,15 @@ This utility checks if there are updated packages in nixpkgs-unstable. It does s #+begin_src nix-ts :tangle pkgs/kanshare/default.nix - { name, writeShellApplication, wlr-randr, busybox, wl-mirror, ... }: + { name, writeShellApplication, wlr-randr, busybox, wl-mirror, ... }: - writeShellApplication { - inherit name; - runtimeInputs = [ wlr-randr busybox wl-mirror]; - text = '' - wlr-randr | grep "$2" | cut -d" " -f1 | xargs -I{} wl-present mirror "$1" --fullscreen-output {} - ''; - } + writeShellApplication { + inherit name; + runtimeInputs = [ wlr-randr busybox wl-mirror ]; + text = '' + wlr-randr | grep "$2" | cut -d" " -f1 | xargs -I{} wl-present mirror "$1" --fullscreen-output {} + ''; + } #+end_src *** swarsel-bootstrap @@ -16825,7 +16876,7 @@ Autoformatting always puts the =EOF= with indentation, which makes shfmt check f base = pkgs.appimageTools.defaultFhsEnvArgs; in pkgs.buildFHSEnv (base // { - name = "fhs"; + inherit name; targetPkgs = pkgs: (base.targetPkgs pkgs) ++ [ pkgs.pkg-config ]; profile = "export FHS=1"; runScript = "zsh"; @@ -17091,6 +17142,23 @@ This programs simply runs ssh-keygen on the last host that I tried to ssh into. text = builtins.readFile "${self}/files/scripts/${name}.sh"; } #+end_src +*** endme + +Sometimes my DE crashes after putting it to suspend - to be precise, it happens when I put it into suspend when I have multiple screens plugged in. I have never taken the time to debug the issue, but instead just switch to a different TTY and then use this script to kill the hanging session. + +#+begin_src nix-ts :tangle pkgs/endme/default.nix + { name, writeShellApplication, ... }: + writeShellApplication { + inherit name; + text = '' + set -euo pipefail + systemctl --user stop graphical-session.target + systemctl --user stop graphical-session-pre.target + ''; + } + +#+end_src + ** Profiles :PROPERTIES: :CUSTOM_ID: h:f0f1c961-3e7a-47b8-99ab-1654bb45dffc @@ -17172,86 +17240,8 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a lanzaboote = lib.mkDefault true; autologin = lib.mkDefault true; boot = lib.mkDefault true; + btrfs = lib.mkDefault true; - optional = { - gaming = lib.mkDefault true; - virtualbox = lib.mkDefault true; - nswitch-rcm = lib.mkDefault true; - }; - - server = { - ssh = lib.mkDefault true; - }; - }; - home-manager.users."${config.swarselsystems.mainUser}" = { - swarselprofiles = { - personal = lib.mkDefault true; - }; - }; - - }; - - } - -#+end_src - -**** Reduced -:PROPERTIES: -:CUSTOM_ID: h:2d0eac3b-6e2e-4006-9032-59f2ba7e98ec -:END: - -#+begin_src nix-ts :tangle profiles/nixos/reduced/default.nix :mkdirp yes - { lib, config, ... }: - { - options.swarselprofiles.reduced = lib.mkEnableOption "is this a reduced personal host"; - config = lib.mkIf config.swarselprofiles.reduced { - swarselmodules = { - packages = lib.mkDefault true; - pii = lib.mkDefault true; - general = lib.mkDefault true; - home-manager = lib.mkDefault true; - xserver = lib.mkDefault true; - users = lib.mkDefault true; - env = lib.mkDefault true; - security = lib.mkDefault true; - systemdTimeout = lib.mkDefault true; - hardware = lib.mkDefault true; - pulseaudio = lib.mkDefault true; - pipewire = lib.mkDefault true; - network = lib.mkDefault true; - time = lib.mkDefault true; - sops = lib.mkDefault true; - stylix = lib.mkDefault true; - programs = lib.mkDefault true; - zsh = lib.mkDefault true; - syncthing = lib.mkDefault true; - blueman = lib.mkDefault true; - networkDevices = lib.mkDefault true; - gvfs = lib.mkDefault true; - interceptionTools = lib.mkDefault true; - swayosd = lib.mkDefault true; - ppd = lib.mkDefault true; - yubikey = lib.mkDefault true; - ledger = lib.mkDefault true; - keyboards = lib.mkDefault true; - login = lib.mkDefault true; - nix-ld = lib.mkDefault true; - impermanence = lib.mkDefault true; - nvd = lib.mkDefault true; - gnome-keyring = lib.mkDefault true; - sway = lib.mkDefault true; - xdg-portal = lib.mkDefault true; - distrobox = lib.mkDefault true; - appimage = lib.mkDefault true; - lid = lib.mkDefault true; - lowBattery = lib.mkDefault true; - lanzaboote = lib.mkDefault true; - autologin = lib.mkDefault true; - boot = lib.mkDefault true; - - server = { - ssh = lib.mkDefault true; - }; }; home-manager.users."${config.swarselsystems.mainUser}" = { swarselprofiles = { @@ -17290,6 +17280,7 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a yubikey = lib.mkDefault true; autologin = lib.mkDefault true; boot = lib.mkDefault true; + btrfs = lib.mkDefault true; server = { ssh = lib.mkDefault true; @@ -17302,6 +17293,31 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a #+end_src +**** Optionals + +#+begin_src nix-ts :tangle profiles/nixos/optionals/default.nix :mkdirp yes + { lib, config, ... }: + { + options.swarselprofiles.optionals = lib.mkEnableOption "is this a host with optionals"; + config = lib.mkIf config.swarselprofiles.optionals { + swarselmodules = { + optional = { + gaming = lib.mkDefault true; + virtualbox = lib.mkDefault true; + nswitch-rcm = lib.mkDefault true; + }; + }; + + home-manager.users."${config.swarselsystems.mainUser}" = { + swarselprofiles = { + optionals = lib.mkDefault true; + }; + }; + }; + + } + +#+end_src **** Chaostheatre :PROPERTIES: :CUSTOM_ID: h:b79fbb59-9cf2-48eb-b469-2589223dda95 @@ -17313,78 +17329,46 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a options.swarselprofiles.chaostheatre = lib.mkEnableOption "is this a chaostheatre host"; config = lib.mkIf config.swarselprofiles.chaostheatre { swarselmodules = { - packages = lib.mkDefault true; - general = lib.mkDefault true; - home-manager = lib.mkDefault true; - xserver = lib.mkDefault true; - users = lib.mkDefault true; - sops = lib.mkDefault true; - env = lib.mkDefault true; - security = lib.mkDefault true; - systemdTimeout = lib.mkDefault true; - hardware = lib.mkDefault true; - pulseaudio = lib.mkDefault true; - pipewire = lib.mkDefault true; - network = lib.mkDefault true; - time = lib.mkDefault true; - stylix = lib.mkDefault true; - programs = lib.mkDefault true; - zsh = lib.mkDefault true; - syncthing = lib.mkDefault true; - blueman = lib.mkDefault true; - networkDevices = lib.mkDefault true; - gvfs = lib.mkDefault true; - interceptionTools = lib.mkDefault true; - swayosd = lib.mkDefault true; - ppd = lib.mkDefault true; - yubikey = lib.mkDefault false; - ledger = lib.mkDefault true; - keyboards = lib.mkDefault true; - login = lib.mkDefault true; - nix-ld = lib.mkDefault true; - impermanence = lib.mkDefault true; - nvd = lib.mkDefault true; - gnome-keyring = lib.mkDefault true; - sway = lib.mkDefault true; - xdg-portal = lib.mkDefault true; - distrobox = lib.mkDefault true; - appimage = lib.mkDefault true; - lid = lib.mkDefault true; - lowBattery = lib.mkDefault true; - lanzaboote = lib.mkDefault true; - autologin = lib.mkDefault true; - }; - - }; - - } - -#+end_src - -**** toto -:PROPERTIES: -:CUSTOM_ID: h:125443fb-deb6-44c9-83ee-bbd10daf78dd -:END: - -#+begin_src nix-ts :tangle profiles/nixos/toto/default.nix :mkdirp yes - { lib, config, ... }: - { - options.swarselprofiles.toto = lib.mkEnableOption "is this a toto (setup) host"; - config = lib.mkIf config.swarselprofiles.toto { - swarselmodules = { - general = lib.mkDefault true; - packages = lib.mkDefault true; - home-manager = lib.mkDefault true; - xserver = lib.mkDefault true; - users = lib.mkDefault true; - sops = lib.mkDefault true; - impermanence = lib.mkDefault true; - lanzaboote = lib.mkDefault true; - autologin = lib.mkDefault true; - pii = lib.mkDefault true; - server = { - ssh = lib.mkDefault true; - }; + packages = lib.mkForce true; + general = lib.mkForce true; + home-manager = lib.mkForce true; + xserver = lib.mkForce true; + users = lib.mkForce true; + sops = lib.mkForce true; + env = lib.mkForce true; + security = lib.mkForce true; + systemdTimeout = lib.mkForce true; + hardware = lib.mkForce true; + pulseaudio = lib.mkForce true; + pipewire = lib.mkForce true; + network = lib.mkForce true; + time = lib.mkForce true; + stylix = lib.mkForce true; + programs = lib.mkForce true; + zsh = lib.mkForce true; + syncthing = lib.mkForce true; + blueman = lib.mkForce true; + networkDevices = lib.mkForce true; + gvfs = lib.mkForce true; + interceptionTools = lib.mkForce true; + swayosd = lib.mkForce true; + ppd = lib.mkForce true; + yubikey = lib.mkForce false; + ledger = lib.mkForce true; + keyboards = lib.mkForce true; + login = lib.mkForce true; + nix-ld = lib.mkForce true; + impermanence = lib.mkForce true; + nvd = lib.mkForce true; + gnome-keyring = lib.mkForce true; + sway = lib.mkForce true; + xdg-portal = lib.mkForce true; + distrobox = lib.mkForce true; + appimage = lib.mkForce true; + lid = lib.mkForce true; + lowBattery = lib.mkForce true; + lanzaboote = lib.mkForce true; + autologin = lib.mkForce true; }; }; @@ -17474,95 +17458,7 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a #+end_src -**** AMD CPU -:PROPERTIES: -:CUSTOM_ID: h:b7beb4a5-8808-438d-8799-7f08f38fd1ba -:END: - -#+begin_src nix-ts :tangle profiles/nixos/amdcpu/default.nix :mkdirp yes - { lib, config, ... }: - { - options.swarselprofiles.amdcpu = lib.mkEnableOption "is this a host with amd cpu"; - config = lib.mkIf config.swarselprofiles.amdcpu { - swarselmodules = { - optional = { - amdcpu = lib.mkDefault true; - }; - }; - - }; - - } - -#+end_src - -**** AMD GPU -:PROPERTIES: -:CUSTOM_ID: h:79c71b6d-a1ad-447d-8940-bb5bfd71dced -:END: - -#+begin_src nix-ts :tangle profiles/nixos/amdgpu/default.nix :mkdirp yes - { lib, config, ... }: - { - options.swarselprofiles.amdgpu = lib.mkEnableOption "is this a host with amd gpu"; - config = lib.mkIf config.swarselprofiles.amdgpu { - swarselmodules = { - optional = { - amdgpu = lib.mkDefault true; - }; - }; - - }; - - } - -#+end_src - -**** Hibernation -:PROPERTIES: -:CUSTOM_ID: h:641d0a2a-0592-448a-a6e3-d0a9c330293e -:END: - -#+begin_src nix-ts :tangle profiles/nixos/hibernation/default.nix :mkdirp yes - { lib, config, ... }: - { - options.swarselprofiles.hibernation = lib.mkEnableOption "is this a host using hibernation"; - config = lib.mkIf config.swarselprofiles.hibernation { - swarselmodules = { - optional = { - hibernation = lib.mkDefault true; - }; - }; - - }; - - } - -#+end_src - -**** BTRFS -:PROPERTIES: -:CUSTOM_ID: h:0bb401e3-b195-4ff2-bc74-23c5a54d83d2 -:END: - -#+begin_src nix-ts :tangle profiles/nixos/btrfs/default.nix :mkdirp yes - { lib, config, ... }: - { - options.swarselprofiles.btrfs = lib.mkEnableOption "is this a host using btrfs"; - config = lib.mkIf config.swarselprofiles.btrfs { - swarselmodules = { - optional = { - btrfs = lib.mkDefault true; - }; - }; - - }; - - } - -#+end_src - -**** Local Server +**** Server :PROPERTIES: :CUSTOM_ID: h:dfc076fd-ee74-4663-b164-653370c52b75 :END: @@ -17570,101 +17466,9 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a #+begin_src nix-ts :tangle profiles/nixos/localserver/default.nix :mkdirp yes { lib, config, ... }: { - options.swarselprofiles.server.local = lib.mkEnableOption "is this a local server"; - config = lib.mkIf config.swarselprofiles.server.local { + options.swarselprofiles.server = lib.mkEnableOption "is this a server"; + config = lib.mkIf config.swarselprofiles.server { swarselmodules = { - general = lib.mkDefault true; - pii = lib.mkDefault true; - home-manager = lib.mkDefault true; - xserver = lib.mkDefault true; - time = lib.mkDefault true; - users = lib.mkDefault true; - sops = lib.mkDefault true; - boot = lib.mkDefault true; - server = { - general = lib.mkDefault true; - packages = lib.mkDefault true; - nfs = lib.mkDefault true; - nginx = lib.mkDefault true; - ssh = lib.mkDefault true; - kavita = lib.mkDefault true; - restic = lib.mkDefault true; - jellyfin = lib.mkDefault true; - navidrome = lib.mkDefault true; - spotifyd = lib.mkDefault true; - mpd = lib.mkDefault true; - postgresql = lib.mkDefault true; - matrix = lib.mkDefault true; - nextcloud = lib.mkDefault true; - immich = lib.mkDefault true; - paperless = lib.mkDefault true; - transmission = lib.mkDefault true; - syncthing = lib.mkDefault true; - grafana = lib.mkDefault true; - emacs = lib.mkDefault true; - freshrss = lib.mkDefault true; - jenkins = lib.mkDefault false; - kanidm = lib.mkDefault true; - firefly-iii = lib.mkDefault true; - koillection = lib.mkDefault true; - radicale = lib.mkDefault true; - atuin = lib.mkDefault true; - forgejo = lib.mkDefault true; - ankisync = lib.mkDefault true; - # snipeit = lib.mkDefault false; - homebox = lib.mkDefault true; - }; - }; - }; - - } - -#+end_src -**** OCI Sync Server -:PROPERTIES: -:CUSTOM_ID: h:9b7b50d1-57ad-41ca-94ab-74393aae01bf -:END: - -#+begin_src nix-ts :tangle profiles/nixos/syncserver/default.nix :mkdirp yes - { lib, config, ... }: - { - options.swarselprofiles.server.syncserver = lib.mkEnableOption "is this a oci syncserver server"; - config = lib.mkIf config.swarselprofiles.server.syncserver { - swarselmodules = { - general = lib.mkDefault true; - nix-ld = lib.mkDefault true; - pii = lib.mkDefault true; - home-manager = lib.mkDefault true; - xserver = lib.mkDefault true; - time = lib.mkDefault true; - users = lib.mkDefault true; - sops = lib.mkDefault true; - boot = lib.mkDefault true; - server = { - general = lib.mkDefault true; - packages = lib.mkDefault true; - nginx = lib.mkDefault true; - ssh = lib.mkDefault true; - forgejo = lib.mkDefault false; - ankisync = lib.mkDefault false; - }; - }; - }; - - } - -#+end_src -**** Moonside -:PROPERTIES: -:CUSTOM_ID: h:cc780ef2-7e5e-4835-b659-c731b306a320 -:END: - -#+begin_src nix-ts :tangle profiles/nixos/moonside/default.nix :mkdirp yes - { lib, config, ... }: - { - options.swarselprofiles.server.moonside = lib.mkEnableOption "is this a moonside server"; - config = lib.mkIf config.swarselprofiles.server.moonside { - swarselmodules= { general = lib.mkDefault true; pii = lib.mkDefault true; home-manager = lib.mkDefault true; @@ -17672,21 +17476,16 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a time = lib.mkDefault true; users = lib.mkDefault true; impermanence = lib.mkDefault true; + btrfs = lib.mkDefault true; sops = lib.mkDefault true; boot = lib.mkDefault true; server = { general = lib.mkDefault true; packages = lib.mkDefault true; - nginx = lib.mkDefault true; ssh = lib.mkDefault true; - oauth2-proxy = lib.mkDefault true; - croc = lib.mkDefault true; - microbin = lib.mkDefault true; - shlink = lib.mkDefault true; - slink = lib.mkDefault true; - syncthing = lib.mkDefault true; + nginx = lib.mkDefault true; }; - }; + }; }; } @@ -17760,10 +17559,6 @@ This holds modules that are to be used on most hosts. These are also the most im gammastep = lib.mkDefault true; spicetify = lib.mkDefault true; - optional = { - gaming = lib.mkDefault true; - uni = lib.mkDefault true; - }; }; }; @@ -17771,55 +17566,21 @@ This holds modules that are to be used on most hosts. These are also the most im #+end_src -**** Reduced +**** Optionals :PROPERTIES: :CUSTOM_ID: h:0554a271-f8ec-4885-b46f-2a02dfd967bd :END: -#+begin_src nix-ts :tangle profiles/home/reduced/default.nix :mkdirp yes +#+begin_src nix-ts :tangle profiles/home/optionals/default.nix :mkdirp yes { lib, config, ... }: { - options.swarselprofiles.reduced = lib.mkEnableOption "is this a reduced personal host"; - config = lib.mkIf config.swarselprofiles.reduced { + options.swarselprofiles.optionals = lib.mkEnableOption "is this a host with optionals"; + config = lib.mkIf config.swarselprofiles.optionals { swarselmodules = { - packages = lib.mkDefault true; - ownpackages = lib.mkDefault true; - general = lib.mkDefault true; - nixgl = lib.mkDefault true; - sops = lib.mkDefault true; - yubikey = lib.mkDefault true; - ssh = lib.mkDefault true; - stylix = lib.mkDefault true; - desktop = lib.mkDefault true; - symlink = lib.mkDefault true; - env = lib.mkDefault true; - programs = lib.mkDefault true; - nix-index = lib.mkDefault true; - passwordstore = lib.mkDefault true; - direnv = lib.mkDefault true; - eza = lib.mkDefault true; - atuin = lib.mkDefault true; - git = lib.mkDefault true; - fuzzel = lib.mkDefault true; - starship = lib.mkDefault true; - kitty = lib.mkDefault true; - zsh = lib.mkDefault true; - zellij = lib.mkDefault true; - tmux = lib.mkDefault true; - mail = lib.mkDefault true; - emacs = lib.mkDefault true; - waybar = lib.mkDefault true; - firefox = lib.mkDefault true; - gnome-keyring = lib.mkDefault true; - kdeconnect = lib.mkDefault true; - mako = lib.mkDefault true; - swayosd = lib.mkDefault true; - yubikeytouch = lib.mkDefault true; - sway = lib.mkDefault true; - kanshi = lib.mkDefault false; - gpgagent = lib.mkDefault true; - gammastep = lib.mkDefault true; - + optional = { + gaming = lib.mkDefault true; + uni = lib.mkDefault true; + }; }; }; @@ -17861,41 +17622,41 @@ This holds modules that are to be used on most hosts. These are also the most im options.swarselprofiles.chaostheatre = lib.mkEnableOption "is this a chaostheatre host"; config = lib.mkIf config.swarselprofiles.chaostheatre { swarselmodules = { - packages = lib.mkDefault true; - ownpackages = lib.mkDefault true; - general = lib.mkDefault true; - nixgl = lib.mkDefault true; - sops = lib.mkDefault true; - yubikey = lib.mkDefault false; - ssh = lib.mkDefault true; - stylix = lib.mkDefault true; - desktop = lib.mkDefault true; - symlink = lib.mkDefault true; - env = lib.mkDefault false; - programs = lib.mkDefault true; - nix-index = lib.mkDefault true; - direnv = lib.mkDefault true; - eza = lib.mkDefault true; - git = lib.mkDefault false; - fuzzel = lib.mkDefault true; - starship = lib.mkDefault true; - kitty = lib.mkDefault true; - zsh = lib.mkDefault true; - zellij = lib.mkDefault true; - tmux = lib.mkDefault true; - mail = lib.mkDefault false; - emacs = lib.mkDefault true; - waybar = lib.mkDefault true; - firefox = lib.mkDefault true; - gnome-keyring = lib.mkDefault true; - kdeconnect = lib.mkDefault true; - mako = lib.mkDefault true; - swayosd = lib.mkDefault true; - yubikeytouch = lib.mkDefault true; - sway = lib.mkDefault true; - kanshi = lib.mkDefault true; - gpgagent = lib.mkDefault true; - gammastep = lib.mkDefault false; + packages = lib.mkForce true; + ownpackages = lib.mkForce true; + general = lib.mkForce true; + nixgl = lib.mkForce true; + sops = lib.mkForce true; + yubikey = lib.mkForce false; + ssh = lib.mkForce true; + stylix = lib.mkForce true; + desktop = lib.mkForce true; + symlink = lib.mkForce true; + env = lib.mkForce false; + programs = lib.mkForce true; + nix-index = lib.mkForce true; + direnv = lib.mkForce true; + eza = lib.mkForce true; + git = lib.mkForce false; + fuzzel = lib.mkForce true; + starship = lib.mkForce true; + kitty = lib.mkForce true; + zsh = lib.mkForce true; + zellij = lib.mkForce true; + tmux = lib.mkForce true; + mail = lib.mkForce false; + emacs = lib.mkForce true; + waybar = lib.mkForce true; + firefox = lib.mkForce true; + gnome-keyring = lib.mkForce true; + kdeconnect = lib.mkForce true; + mako = lib.mkForce true; + swayosd = lib.mkForce true; + yubikeytouch = lib.mkForce true; + sway = lib.mkForce true; + kanshi = lib.mkForce true; + gpgagent = lib.mkForce true; + gammastep = lib.mkForce false; }; }; @@ -22867,125 +22628,127 @@ The double source block is intended here to circumvent a org-babel convenience w :END: #+begin_src css :tangle files/firefox/chrome/userChrome.css :mkdirp yes - /* Source file https://github.com/MrOtherGuy/firefox-csshacks/tree/master/chrome/autohide_toolbox.css made available under Mozilla Public License v. 2.0 -See the above repository for updates as well as full license text. */ + /* Source file https://github.com/MrOtherGuy/firefox-csshacks/tree/master/chrome/autohide_toolbox.css made available under Mozilla Public License v. 2.0 + See the above repository for updates as well as full license text. */ -/* Hide the whole toolbar area unless urlbar is focused or cursor is over the toolbar - * Dimensions on non-Win10 OS probably needs to be adjusted. - */ + /* Hide the whole toolbar area unless urlbar is focused or cursor is over the toolbar + ,* Dimensions on non-Win10 OS probably needs to be adjusted. + ,*/ -:root{ - --uc-autohide-toolbox-delay: 200ms; /* Wait 0.1s before hiding toolbars */ - --uc-toolbox-rotation: 82deg; /* This may need to be lower on mac - like 75 or so */ + :root{ + --uc-autohide-toolbox-delay: 200ms; /* Wait 0.1s before hiding toolbars */ + --uc-toolbox-rotation: 82deg; /* This may need to be lower on mac - like 75 or so */ - --base00: #1D252C; - --base01: #171D23; - --base02: #5EC4FF; - --base03: #566C7D; - --base04: #5EC4FF; - --base05: #A0B3C5; - --base06: #C06ECE; - --base07: #A0B3C5; - --base08: #D95468; - --base09: #FFA880; - --base0A: #5EC4FF; - --base0B: #8BD49C; - --base0C: #008B94; - --base0D: #5EC4FF; - --base0E: #C06ECE; - --base0F: #5EC4FF; + --base00: #1D252C; + --base01: #171D23; + --base02: #5EC4FF; + --base03: #566C7D; + --base04: #5EC4FF; + --base05: #A0B3C5; + --base06: #C06ECE; + --base07: #A0B3C5; + --base08: #D95468; + --base09: #FFA880; + --base0A: #5EC4FF; + --base0B: #8BD49C; + --base0C: #008B94; + --base0D: #5EC4FF; + --base0E: #C06ECE; + --base0F: #5EC4FF; -} + } -:root[sizemode="maximized"]{ - --uc-toolbox-rotation: 88.5deg; -} + :root[sizemode="maximized"]{ + --uc-toolbox-rotation: 88.5deg; + } -@media (-moz-platform: windows){ - :root:not([lwtheme]) #navigator-toolbox{ background-color: -moz-dialog !important; } -} + @media (-moz-platform: windows){ + :root:not([lwtheme]) #navigator-toolbox{ background-color: -moz-dialog !important; } + } -:root[sizemode="fullscreen"], -:root[sizemode="fullscreen"] #navigator-toolbox{ margin-top: 0 !important; } + :root[sizemode="fullscreen"], + :root[sizemode="fullscreen"] #navigator-toolbox{ margin-top: 0 !important; } -#navigator-toolbox{ - --browser-area-z-index-toolbox: 3; - position: fixed !important; - background-color: var(--lwt-accent-color,black) !important; - transition: transform 82ms linear, opacity 82ms linear !important; - transition-delay: var(--uc-autohide-toolbox-delay) !important; - transform-origin: top; - transform: rotateX(var(--uc-toolbox-rotation)); - opacity: 0; - line-height: 0; - z-index: 1; - pointer-events: none; - width: 100vw; -} -:root[sessionrestored] #urlbar[popover]{ - pointer-events: none; - opacity: 0; - transition: transform 82ms linear var(--uc-autohide-toolbox-delay), opacity 0ms calc(var(--uc-autohide-toolbox-delay) + 82ms); - transform-origin: 0px calc(0px - var(--tab-min-height) - var(--tab-block-margin) * 2); - transform: rotateX(89.9deg); -} -#mainPopupSet:has(> [panelopen]:not(#ask-chat-shortcuts,#selection-shortcut-action-panel,#chat-shortcuts-options-panel,#tab-preview-panel)) ~ toolbox #urlbar[popover], -#navigator-toolbox:is(:hover,:focus-within,[movingtab]) #urlbar[popover], -#urlbar-container > #urlbar[popover]:is([focused],[open]){ - pointer-events: auto; - opacity: 1; - transition-delay: 33ms; - transform: rotateX(0deg); -} -#mainPopupSet:has(> [panelopen]:not(#ask-chat-shortcuts,#selection-shortcut-action-panel,#chat-shortcuts-options-panel,#tab-preview-panel)) ~ toolbox, -#navigator-toolbox:has(#urlbar:is([open],[focus-within])), -#navigator-toolbox:is(:hover,:focus-within,[movingtab]){ - transition-delay: 33ms !important; - transform: rotateX(0); - opacity: 1; -} -/* This makes things like OS menubar/taskbar show the toolbox when hovered in maximized windows. - * Unfortunately it also means that other OS native surfaces (such as context menu on macos) - * and other always-on-top applications will trigger toolbox to show up. */ -@media (-moz-bool-pref: "userchrome.autohide-toolbox.unhide-by-native-ui.enabled"), - -moz-pref("userchrome.autohide-toolbox.unhide-by-native-ui.enabled"){ - :root[sizemode="maximized"]:not(:hover){ - #navigator-toolbox:not(:-moz-window-inactive), - #urlbar[popover]:not(:-moz-window-inactive){ - transition-delay: 33ms !important; - transform: rotateX(0); - opacity: 1; + #navigator-toolbox{ + --browser-area-z-index-toolbox: 3; + position: fixed !important; + background-color: var(--lwt-accent-color,black) !important; + transition: transform 82ms linear, opacity 82ms linear !important; + transition-delay: var(--uc-autohide-toolbox-delay) !important; + transform-origin: top; + transform: rotateX(var(--uc-toolbox-rotation)); + opacity: 0; + line-height: 0; + z-index: 1; + pointer-events: none; + width: 100vw; + } + :root[sessionrestored] #urlbar[popover]{ + pointer-events: none; + opacity: 0; + transition: transform 82ms linear var(--uc-autohide-toolbox-delay), opacity 0ms calc(var(--uc-autohide-toolbox-delay) + 82ms); + transform-origin: 0px calc(0px - var(--tab-min-height) - var(--tab-block-margin) * 2); + transform: rotateX(89.9deg); + } + #mainPopupSet:has(> [panelopen]:not(#ask-chat-shortcuts,#selection-shortcut-action-panel,#chat-shortcuts-options-panel,#tab-preview-panel)) ~ toolbox #urlbar[popover], + /* swarsel: removed :hover from below line */ + #navigator-toolbox:is(:focus-within,[movingtab]) #urlbar[popover], + #urlbar-container > #urlbar[popover]:is([focused],[open]){ + pointer-events: auto; + opacity: 1; + transition-delay: 33ms; + transform: rotateX(0deg); + } + #mainPopupSet:has(> [panelopen]:not(#ask-chat-shortcuts,#selection-shortcut-action-panel,#chat-shortcuts-options-panel,#tab-preview-panel)) ~ toolbox, + #navigator-toolbox:has(#urlbar:is([open],[focus-within])), + /* swarsel: removed :hover from below line */ + #navigator-toolbox:is(:focus-within,[movingtab]){ + transition-delay: 33ms !important; + transform: rotateX(0); + opacity: 1; + } + /* This makes things like OS menubar/taskbar show the toolbox when hovered in maximized windows. + ,* Unfortunately it also means that other OS native surfaces (such as context menu on macos) + ,* and other always-on-top applications will trigger toolbox to show up. */ + @media (-moz-bool-pref: "userchrome.autohide-toolbox.unhide-by-native-ui.enabled"), + -moz-pref("userchrome.autohide-toolbox.unhide-by-native-ui.enabled"){ + :root[sizemode="maximized"]:not(:hover){ + #navigator-toolbox:not(:-moz-window-inactive), + #urlbar[popover]:not(:-moz-window-inactive){ + transition-delay: 33ms !important; + transform: rotateX(0); + opacity: 1; + } } } -} -#navigator-toolbox > *{ line-height: normal; pointer-events: auto } + #navigator-toolbox > *{ line-height: normal; pointer-events: auto } -/* Don't apply transform before window has been fully created */ -:root:not([sessionrestored]) #navigator-toolbox{ transform:none !important } + /* Don't apply transform before window has been fully created */ + :root:not([sessionrestored]) #navigator-toolbox{ transform:none !important } -:root[customizing] #navigator-toolbox{ - position: relative !important; - transform: none !important; - opacity: 1 !important; -} + :root[customizing] #navigator-toolbox{ + position: relative !important; + transform: none !important; + opacity: 1 !important; + } -#navigator-toolbox[inFullscreen] > #PersonalToolbar, -#PersonalToolbar:is([collapsed=""],[collapsed="true"]){ display: none } + #navigator-toolbox[inFullscreen] > #PersonalToolbar, + #PersonalToolbar:is([collapsed=""],[collapsed="true"]){ display: none } -/* This is a bit hacky fix for an issue that will make urlbar zero pixels tall after you enter customize mode */ -#urlbar[breakout][breakout-extend] > .urlbar-input-container{ - padding-block: calc(min(4px,(var(--urlbar-container-height) - var(--urlbar-height)) / 2) + var(--urlbar-container-padding)) !important; -} + /* This is a bit hacky fix for an issue that will make urlbar zero pixels tall after you enter customize mode */ + #urlbar[breakout][breakout-extend] > .urlbar-input-container{ + padding-block: calc(min(4px,(var(--urlbar-container-height) - var(--urlbar-height)) / 2) + var(--urlbar-container-padding)) !important; + } -/* Uncomment this if tabs toolbar is hidden with hide_tabs_toolbar.css */ - /*#titlebar{ margin-bottom: -9px }*/ + /* Uncomment this if tabs toolbar is hidden with hide_tabs_toolbar.css */ + /*#titlebar{ margin-bottom: -9px }*/ -/* Uncomment the following for compatibility with tabs_on_bottom.css - this isn't well tested though */ -/* -#navigator-toolbox{ flex-direction: column; display: flex; } -#titlebar{ order: 2 } -*/ + /* Uncomment the following for compatibility with tabs_on_bottom.css - this isn't well tested though */ + /* + #navigator-toolbox{ flex-direction: column; display: flex; } + #titlebar{ order: 2 } + ,*/ #+end_src ** Default Flake Template diff --git a/files/firefox/chrome/userChrome.css b/files/firefox/chrome/userChrome.css index a3f46b1..bbe2d57 100644 --- a/files/firefox/chrome/userChrome.css +++ b/files/firefox/chrome/userChrome.css @@ -61,7 +61,8 @@ See the above repository for updates as well as full license text. */ transform: rotateX(89.9deg); } #mainPopupSet:has(> [panelopen]:not(#ask-chat-shortcuts,#selection-shortcut-action-panel,#chat-shortcuts-options-panel,#tab-preview-panel)) ~ toolbox #urlbar[popover], -#navigator-toolbox:is(:hover,:focus-within,[movingtab]) #urlbar[popover], +/* swarsel: removed :hover from below line */ +#navigator-toolbox:is(:focus-within,[movingtab]) #urlbar[popover], #urlbar-container > #urlbar[popover]:is([focused],[open]){ pointer-events: auto; opacity: 1; @@ -70,7 +71,8 @@ See the above repository for updates as well as full license text. */ } #mainPopupSet:has(> [panelopen]:not(#ask-chat-shortcuts,#selection-shortcut-action-panel,#chat-shortcuts-options-panel,#tab-preview-panel)) ~ toolbox, #navigator-toolbox:has(#urlbar:is([open],[focus-within])), -#navigator-toolbox:is(:hover,:focus-within,[movingtab]){ +/* swarsel: removed :hover from below line */ +#navigator-toolbox:is(:focus-within,[movingtab]){ transition-delay: 33ms !important; transform: rotateX(0); opacity: 1; diff --git a/files/templates/hosts/nixos/disk-config.nix b/files/templates/hosts/nixos/disk-config.nix index 5605eb2..3dbabf8 100644 --- a/files/templates/hosts/nixos/disk-config.nix +++ b/files/templates/hosts/nixos/disk-config.nix @@ -1,4 +1,4 @@ -{ lib, pkgs, config, rootDisk, ... }: +{ lib, pkgs, config, ... }: let type = "btrfs"; extraArgs = [ "-L" "nixos" "-f" ]; # force overwrite diff --git a/flake.nix b/flake.nix index 73990b7..c6036ef 100644 --- a/flake.nix +++ b/flake.nix @@ -4,11 +4,9 @@ nixConfig = { extra-substituters = [ "https://nix-community.cachix.org" - "https://cache.ngi0.nixos.org/" ]; extra-trusted-public-keys = [ "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" - "cache.ngi0.nixos.org-1:KqH5CBLNSyX184S9BKZJo1LxrxJ9ltnY2uAs5c/f1MA=" ]; }; inputs = { diff --git a/hosts/nixos/bakery/default.nix b/hosts/nixos/bakery/default.nix index d2893ef..98252bc 100644 --- a/hosts/nixos/bakery/default.nix +++ b/hosts/nixos/bakery/default.nix @@ -1,7 +1,6 @@ { self, config, inputs, lib, minimal, ... }: let primaryUser = config.swarselsystems.mainUser; - sharedOptions = { }; in { @@ -13,35 +12,28 @@ in ]; - swarselprofiles = { - reduced = lib.mkIf (!minimal) true; - btrfs = true; + swarselsystems = { + isLaptop = true; + isNixos = true; + isBtrfs = true; + isLinux = true; + lowResolution = "1280x800"; + highResolution = "1920x1080"; + sharescreen = "eDP-1"; + info = "Lenovo Ideapad 720S-13IKB"; + firewall = lib.mkForce true; + wallpaper = self + /files/wallpaper/lenovowp.png; + hasBluetooth = true; + hasFingerprint = true; + isImpermanence = true; + isSecureBoot = false; + isCrypted = true; + isSwap = true; + rootDisk = "/dev/nvme0n1"; + swapSize = "4G"; + hostName = config.node.name; }; - swarselsystems = lib.recursiveUpdate - { - isLaptop = true; - isNixos = true; - isBtrfs = true; - isLinux = true; - lowResolution = "1280x800"; - highResolution = "1920x1080"; - sharescreen = "eDP-1"; - info = "Lenovo Ideapad 720S-13IKB"; - firewall = lib.mkForce true; - wallpaper = self + /files/wallpaper/lenovowp.png; - hasBluetooth = true; - hasFingerprint = true; - isImpermanence = true; - isSecureBoot = false; - isCrypted = true; - isSwap = true; - rootDisk = "/dev/nvme0n1"; - swapSize = "4G"; - hostName = config.node.name; - } - sharedOptions; - home-manager.users."${primaryUser}" = { # home.stateVersion = lib.mkForce "23.05"; swarselsystems = { @@ -57,4 +49,8 @@ in }; }; }; +} // lib.optionalAttrs (!minimal) { + swarselprofiles = { + personal = true; + }; } diff --git a/hosts/nixos/bakery/disk-config.nix b/hosts/nixos/bakery/disk-config.nix index 5605eb2..3dbabf8 100644 --- a/hosts/nixos/bakery/disk-config.nix +++ b/hosts/nixos/bakery/disk-config.nix @@ -1,4 +1,4 @@ -{ lib, pkgs, config, rootDisk, ... }: +{ lib, pkgs, config, ... }: let type = "btrfs"; extraArgs = [ "-L" "nixos" "-f" ]; # force overwrite diff --git a/hosts/nixos/chaostheatre/default.nix b/hosts/nixos/chaostheatre/default.nix index cf1ebb7..d202a67 100644 --- a/hosts/nixos/chaostheatre/default.nix +++ b/hosts/nixos/chaostheatre/default.nix @@ -29,11 +29,6 @@ in firewall.enable = true; }; - swarselprofiles = { - chaostheatre = lib.mkIf (!minimal) true; - minimal = lib.mkIf minimal true; - btrfs = true; - }; swarselsystems = { info = "~SwarselSystems~ demo host"; wallpaper = self + /files/wallpaper/lenovowp.png; @@ -50,4 +45,9 @@ in isNixos = true; }; +} // lib.optionalAttrs (!minimal) { + swarselprofiles = { + chaostheatre = true; + minimal = true; + }; } diff --git a/hosts/nixos/milkywell/default.nix b/hosts/nixos/milkywell/default.nix index 4ecf435..3dda192 100644 --- a/hosts/nixos/milkywell/default.nix +++ b/hosts/nixos/milkywell/default.nix @@ -25,10 +25,6 @@ enableAllFirmware = lib.mkForce false; }; - swarselprofiles = { - minimal = lib.mkIf minimal true; - server.syncserver = true; - }; swarselsystems = { info = "VM.Standard.E2.1.Micro"; isImpermanence = true; @@ -42,4 +38,13 @@ isNixos = true; }; +} // lib.optionalAttrs (!minimal) { + swarselprofiles = { + server = true; + }; + + swarselmodules.server = { + forgejo = lib.mkDefault false; + ankisync = lib.mkDefault false; + }; } diff --git a/hosts/nixos/milkywell/disk-config.nix b/hosts/nixos/milkywell/disk-config.nix index c557fa3..4dac343 100644 --- a/hosts/nixos/milkywell/disk-config.nix +++ b/hosts/nixos/milkywell/disk-config.nix @@ -1,7 +1,6 @@ # NOTE: ... is needed because dikso passes diskoFile { lib , config -, rootDisk , ... }: let diff --git a/hosts/nixos/moonside/default.nix b/hosts/nixos/moonside/default.nix index 69d0afb..323109f 100644 --- a/hosts/nixos/moonside/default.nix +++ b/hosts/nixos/moonside/default.nix @@ -1,4 +1,4 @@ -{ lib, config, ... }: +{ lib, config, minimal, ... }: let inherit (config.repo.secrets.local.syncthing) dev1 dev2 dev3 loc1; inherit (config.swarselsystems) sopsFile; @@ -130,10 +130,6 @@ in }; }; - swarselprofiles = { - server.moonside = true; - }; - swarselsystems = { flakePath = "/root/.dotfiles"; info = "VM.Standard.A1.Flex, 4 OCPUs, 24GB RAM"; @@ -150,4 +146,17 @@ in serviceIP = "localhost"; }; }; +} // lib.optionalAttrs (!minimal) { + swarselprofiles = { + server = true; + }; + + swarselmodules.server = { + oauth2-proxy = lib.mkDefault true; + croc = lib.mkDefault true; + microbin = lib.mkDefault true; + shlink = lib.mkDefault true; + slink = lib.mkDefault true; + syncthing = lib.mkDefault true; + }; } diff --git a/hosts/nixos/moonside/disk-config.nix b/hosts/nixos/moonside/disk-config.nix index b9fa336..76fc1a4 100644 --- a/hosts/nixos/moonside/disk-config.nix +++ b/hosts/nixos/moonside/disk-config.nix @@ -1,7 +1,6 @@ # NOTE: ... is needed because dikso passes diskoFile { lib , config -, rootDisk , ... }: let diff --git a/hosts/nixos/pyramid/default.nix b/hosts/nixos/pyramid/default.nix index 7d4dd1d..1d5b350 100644 --- a/hosts/nixos/pyramid/default.nix +++ b/hosts/nixos/pyramid/default.nix @@ -12,16 +12,14 @@ in ]; - swarselprofiles = { - personal = lib.mkIf (!minimal) true; - work = lib.mkIf (!minimal) true; - uni = lib.mkIf (!minimal) true; - framework = lib.mkIf (!minimal) true; - amdcpu = true; - amdgpu = true; - hibernation = true; - btrfs = true; + swarselmodules = { + optional = { + amdcpu = true; + amdgpu = true; + hibernation = true; + }; }; + swarselsystems = { lowResolution = "1280x800"; highResolution = "2560x1600"; @@ -66,4 +64,12 @@ in }; }; }; +} // lib.optionalAttrs (!minimal) { + swarselprofiles = { + personal = true; + optionals = true; + work = true; + uni = true; + framework = true; + }; } diff --git a/hosts/nixos/toto/default.nix b/hosts/nixos/toto/default.nix index dee2083..9bb9e39 100644 --- a/hosts/nixos/toto/default.nix +++ b/hosts/nixos/toto/default.nix @@ -1,4 +1,4 @@ -{ self, lib, minimal, ... }: +{ self, lib, ... }: { imports = [ @@ -12,8 +12,7 @@ }; swarselprofiles = { - toto = lib.mkIf (!minimal) true; - btrfs = true; + minimal = lib.mkForce true; }; swarselsystems = { diff --git a/hosts/nixos/toto/disk-config.nix b/hosts/nixos/toto/disk-config.nix index a2cc9e7..71838fc 100644 --- a/hosts/nixos/toto/disk-config.nix +++ b/hosts/nixos/toto/disk-config.nix @@ -2,7 +2,6 @@ { lib , pkgs , config -, rootDisk , ... }: let diff --git a/hosts/nixos/winters/default.nix b/hosts/nixos/winters/default.nix index 5345157..0c60f22 100644 --- a/hosts/nixos/winters/default.nix +++ b/hosts/nixos/winters/default.nix @@ -1,4 +1,4 @@ -{ config, ... }: +{ lib, config, minimal, ... }: { imports = [ @@ -20,11 +20,6 @@ firewall.allowedTCPPorts = [ 80 443 ]; }; - - swarselprofiles = { - server.local = true; - }; - swarselsystems = { info = "ASRock J4105-ITX, 32GB RAM"; isImpermanence = false; @@ -35,4 +30,41 @@ isNixos = true; }; +} // lib.optionalAttrs (!minimal) { + + swarselprofiles = { + server = true; + }; + + swarselmodules.server = { + nfs = lib.mkDefault true; + nginx = lib.mkDefault true; + kavita = lib.mkDefault true; + restic = lib.mkDefault true; + jellyfin = lib.mkDefault true; + navidrome = lib.mkDefault true; + spotifyd = lib.mkDefault true; + mpd = lib.mkDefault true; + postgresql = lib.mkDefault true; + matrix = lib.mkDefault true; + nextcloud = lib.mkDefault true; + immich = lib.mkDefault true; + paperless = lib.mkDefault true; + transmission = lib.mkDefault true; + syncthing = lib.mkDefault true; + grafana = lib.mkDefault true; + emacs = lib.mkDefault true; + freshrss = lib.mkDefault true; + jenkins = lib.mkDefault false; + kanidm = lib.mkDefault true; + firefly-iii = lib.mkDefault true; + koillection = lib.mkDefault true; + radicale = lib.mkDefault true; + atuin = lib.mkDefault true; + forgejo = lib.mkDefault true; + ankisync = lib.mkDefault true; + # snipeit = lib.mkDefault false; + homebox = lib.mkDefault true; + }; + } diff --git a/index.html b/index.html index bd382c4..0f10460 100644 --- a/index.html +++ b/index.html @@ -3,7 +3,7 @@ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> - + SwarselSystems: NixOS + Emacs Configurationo @@ -564,6 +564,7 @@
  • 3.5.31. swarsel-build
  • 3.5.32. swarsel-instantiate
  • 3.5.33. sshrm
    • +
  • 3.5.34. endme
  • 3.6. Profiles @@ -571,26 +572,19 @@
  • 3.6.1. NixOS
  • 3.6.2. home-manager
    • 3.6.2.1. Personal
      • -
    • 3.6.2.2. Reduced
      • +
    • 3.6.2.2. Optionals
    • 3.6.2.3. Minimal
    • 3.6.2.4. Chaostheatre
    • 3.6.2.5. toto
      • @@ -822,7 +816,7 @@

      -This file has 94022 words spanning 24038 lines and was last revised on 2025-09-16 14:01:57 +0200. +This file has 93276 words spanning 23801 lines and was last revised on 2025-09-23 18:43:18 +0200.

      @@ -891,7 +885,7 @@ This section defines my Emacs configuration. For a while, I considered to use ry

      -My emacs is built using the emacs-overlay nix flake, which builds a bleeding edge emacs on wayland (pgtk) with utilities like treesitter support. By executing the below source block, the current build setting can be updated at any time, and you can see my most up-to-date build options (last updated: 2025-09-16 14:01:57 +0200) +My emacs is built using the emacs-overlay nix flake, which builds a bleeding edge emacs on wayland (pgtk) with utilities like treesitter support. By executing the below source block, the current build setting can be updated at any time, and you can see my most up-to-date build options (last updated: 2025-09-23 18:43:18 +0200)

    @@ -1322,11 +1316,9 @@ This provides devshell support for flake-parts
    • nixConfig = { extra-substituters = [ "https://nix-community.cachix.org" - "https://cache.ngi0.nixos.org/" ]; extra-trusted-public-keys = [ "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" - "cache.ngi0.nixos.org-1:KqH5CBLNSyX184S9BKZJo1LxrxJ9ltnY2uAs5c/f1MA=" ]; }; inputs = { @@ -1855,6 +1847,10 @@ The rest of the outputs either define or help define the actual configurations: minimal = lib.mkIf minimal (lib.mkDefault true); }; + swarselmodules.server = { + ssh = lib.mkIf (!minimal) (lib.mkDefault true); + }; + swarselsystems = { mainUser = lib.mkDefault "swarsel"; }; @@ -1891,41 +1887,41 @@ The rest of the outputs either define or help define the actual configurations: let systemFunc = if (type == "home") then inputs.home-manager.lib.homeManagerConfiguration else inputs.nix-on-droid.lib.nixOnDroidConfiguration; in - systemFunc - { - inherit pkgs; - extraSpecialArgs = { inherit inputs outputs lib self configName; }; - modules = [ "${self}/hosts/${type}/${configName}" ]; - }; + systemFunc + { + inherit pkgs; + extraSpecialArgs = { inherit inputs outputs lib self configName; }; + modules = [ "${self}/hosts/${type}/${configName}" ]; + }; }; mkHalfHostConfigs = hosts: type: pkgs: lib.foldl (acc: set: acc // set) { } (lib.map (name: mkHalfHost name type pkgs) hosts); nixosHosts = builtins.attrNames (lib.filterAttrs (_: type: type == "directory") (builtins.readDir "${self}/hosts/nixos")); darwinHosts = builtins.attrNames (lib.filterAttrs (_: type: type == "directory") (builtins.readDir "${self}/hosts/darwin")); in - { - nixosConfigurations = lib.genAttrs nixosHosts (mkNixosHost { - minimal = false; - }); - nixosConfigurationsMinimal = lib.genAttrs nixosHosts (mkNixosHost { - minimal = true; - }); - darwinConfigurations = lib.genAttrs darwinHosts (mkDarwinHost { - minimal = false; - }); - darwinConfigurationsMinimal = lib.genAttrs darwinHosts (mkDarwinHost { - minimal = true; - }); + { + nixosConfigurations = lib.genAttrs nixosHosts (mkNixosHost { + minimal = false; + }); + nixosConfigurationsMinimal = lib.genAttrs nixosHosts (mkNixosHost { + minimal = true; + }); + darwinConfigurations = lib.genAttrs darwinHosts (mkDarwinHost { + minimal = false; + }); + darwinConfigurationsMinimal = lib.genAttrs darwinHosts (mkDarwinHost { + minimal = true; + }); - # TODO: Build these for all architectures - homeConfigurations = mkHalfHostConfigs (lib.swarselsystems.readHosts "home") "home" lib.swarselsystems.pkgsFor.x86_64-linux; - nixOnDroidConfigurations = mkHalfHostConfigs (lib.swarselsystems.readHosts "android") "android" lib.swarselsystems.pkgsFor.aarch64-linux; + # TODO: Build these for all architectures + homeConfigurations = mkHalfHostConfigs (lib.swarselsystems.readHosts "home") "home" lib.swarselsystems.pkgsFor.x86_64-linux; + nixOnDroidConfigurations = mkHalfHostConfigs (lib.swarselsystems.readHosts "android") "android" lib.swarselsystems.pkgsFor.aarch64-linux; - diskoConfigurations.default = import "${self}/files/templates/hosts/nixos/disk-config.nix"; + diskoConfigurations.default = import "${self}/files/templates/hosts/nixos/disk-config.nix"; - nodes = config.nixosConfigurations // config.darwinConfigurations; + nodes = config.nixosConfigurations // config.darwinConfigurations; - }; + }; } @@ -1954,187 +1950,187 @@ Another note concerning flake-parts: perSystem.topology.modules = [ ({ config, ... }: - let - inherit (config.lib.topology) - mkInternet - mkDevice - mkSwitch - mkRouter - mkConnection - ; - in - { - renderer = "elk"; + let + inherit (config.lib.topology) + mkInternet + mkDevice + mkSwitch + mkRouter + mkConnection + ; + in + { + renderer = "elk"; - networks = { - home-lan = { - name = "Home LAN"; - cidrv4 = "192.168.1.0/24"; - }; - wg = { - name = "Wireguard Tunnel"; - cidrv4 = "192.168.3.0/24"; - }; - }; - - nodes = { - internet = mkInternet { - connections = [ - (mkConnection "moonside" "wan") - (mkConnection "pfsense" "wan") - (mkConnection "milkywell" "wan") - (mkConnection "magicant" "wifi") - (mkConnection "toto" "bootstrapper") - (mkConnection "chaostheatre" "demo host") - ]; + networks = { + home-lan = { + name = "Home LAN"; + cidrv4 = "192.168.1.0/24"; + }; + wg = { + name = "Wireguard Tunnel"; + cidrv4 = "192.168.3.0/24"; + }; }; - chaostheatre.interfaces."demo host" = { }; - toto.interfaces."bootstrapper" = { }; - milkywell.interfaces.wan = { }; - moonside.interfaces.wan = { }; - - pfsense = mkRouter "pfSense" { - info = "HUNSN RM02"; - image = "${self}/files/topology-images/hunsn.png"; - interfaceGroups = [ - [ - "eth2" - "eth3" - "eth4" - "eth5" - "eth6" - ] - [ "wan" ] - ]; - interfaces.wg = { - addresses = [ "192.168.3.1" ]; - network = "wg"; - virtual = true; - type = "wireguard"; + nodes = { + internet = mkInternet { + connections = [ + (mkConnection "moonside" "wan") + (mkConnection "pfsense" "wan") + (mkConnection "milkywell" "wan") + (mkConnection "magicant" "wifi") + (mkConnection "toto" "bootstrapper") + (mkConnection "chaostheatre" "demo host") + ]; }; - connections = { - eth2 = mkConnection "switch-livingroom" "eth1"; - eth4 = mkConnection "winters" "eth1"; - eth3 = mkConnection "switch-bedroom" "eth1"; - eth6 = mkConnection "wifi-ap" "eth1"; - wg = mkConnection "moonside" "wg"; - }; - interfaces = { - eth2 = { - addresses = [ "192.168.1.1" ]; - network = "home-lan"; + chaostheatre.interfaces."demo host" = { }; + toto.interfaces."bootstrapper" = { }; + milkywell.interfaces.wan = { }; + moonside.interfaces.wan = { }; + + pfsense = mkRouter "pfSense" { + info = "HUNSN RM02"; + image = "${self}/files/topology-images/hunsn.png"; + interfaceGroups = [ + [ + "eth2" + "eth3" + "eth4" + "eth5" + "eth6" + ] + [ "wan" ] + ]; + interfaces.wg = { + addresses = [ "192.168.3.1" ]; + network = "wg"; + virtual = true; + type = "wireguard"; }; - eth3 = { - addresses = [ "192.168.1.1" ]; - network = "home-lan"; + + connections = { + eth2 = mkConnection "switch-livingroom" "eth1"; + eth4 = mkConnection "winters" "eth1"; + eth3 = mkConnection "switch-bedroom" "eth1"; + eth6 = mkConnection "wifi-ap" "eth1"; + wg = mkConnection "moonside" "wg"; }; - eth4 = { - addresses = [ "192.168.1.1" ]; - network = "home-lan"; - }; - eth6 = { - addresses = [ "192.168.1.1" ]; - network = "home-lan"; + interfaces = { + eth2 = { + addresses = [ "192.168.1.1" ]; + network = "home-lan"; + }; + eth3 = { + addresses = [ "192.168.1.1" ]; + network = "home-lan"; + }; + eth4 = { + addresses = [ "192.168.1.1" ]; + network = "home-lan"; + }; + eth6 = { + addresses = [ "192.168.1.1" ]; + network = "home-lan"; + }; }; }; - }; - winters.interfaces."eth1" = { }; - bakery.interfaces = { - "eth1" = { }; - "wifi" = { }; - }; - - wifi-ap = mkSwitch "Wi-Fi AP" { - info = "Huawei"; - image = "${self}/files/topology-images/huawei.png"; - interfaceGroups = [ - [ - "eth1" - "wifi" - ] - ]; - connections = { - wifi = mkConnection "bakery" "wifi"; + winters.interfaces."eth1" = { }; + bakery.interfaces = { + "eth1" = { }; + "wifi" = { }; }; - }; - switch-livingroom = mkSwitch "Switch Livingroom" { - info = "TL-SG108"; - image = "${self}/files/topology-images/TL-SG108.png"; - interfaceGroups = [ - [ - "eth1" - "eth2" - "eth3" - "eth4" - "eth5" - "eth6" - "eth7" - "eth8" - ] - ]; - connections = { - eth2 = mkConnection "nswitch" "eth1"; - eth7 = mkConnection "pc" "eth1"; - eth8 = mkConnection "pyramid" "eth1"; + wifi-ap = mkSwitch "Wi-Fi AP" { + info = "Huawei"; + image = "${self}/files/topology-images/huawei.png"; + interfaceGroups = [ + [ + "eth1" + "wifi" + ] + ]; + connections = { + wifi = mkConnection "bakery" "wifi"; + }; }; + + switch-livingroom = mkSwitch "Switch Livingroom" { + info = "TL-SG108"; + image = "${self}/files/topology-images/TL-SG108.png"; + interfaceGroups = [ + [ + "eth1" + "eth2" + "eth3" + "eth4" + "eth5" + "eth6" + "eth7" + "eth8" + ] + ]; + connections = { + eth2 = mkConnection "nswitch" "eth1"; + eth7 = mkConnection "pc" "eth1"; + eth8 = mkConnection "pyramid" "eth1"; + }; + }; + + nswitch = mkDevice "Nintendo Switch" { + info = "Nintendo Switch"; + image = "${self}/files/topology-images/nintendo-switch.png"; + interfaces.eth1 = { }; + }; + + magicant = mkDevice "magicant" { + icon = "${self}/files/topology-images/phone.png"; + info = "Samsung Z Flip 6"; + image = "${self}/files/topology-images/zflip6.png"; + interfaces.wifi = { }; + }; + + machpizza = mkDevice "machpizza" { + info = "MacBook Pro 2016"; + icon = "${self}/files/topology-images/mac.png"; + interfaces."eth1" = { }; + }; + + pc = mkDevice "Windows Gaming Server" { + info = "i7-4790k, GTX970, 32GB RAM"; + image = "${self}/files/topology-images/pc.png"; + interfaces.eth1 = { }; + }; + + pyramid.interfaces.eth1 = { }; + + switch-bedroom = mkSwitch "Switch Bedroom" { + info = "TL-SG1005D"; + image = "${self}/files/topology-images/TL-SG1005D.png"; + interfaceGroups = [ + [ + "eth1" + "eth2" + "eth3" + "eth4" + "eth5" + ] + ]; + connections.eth2 = mkConnection "printer" "eth1"; + connections.eth3 = mkConnection "machpizza" "eth1"; + }; + + printer = mkDevice "Printer" { + info = "DELL C2665dnf"; + image = "${self}/files/topology-images/DELL-C2665dnf.png"; + interfaces.eth1 = { }; + }; + }; - nswitch = mkDevice "Nintendo Switch" { - info = "Nintendo Switch"; - image = "${self}/files/topology-images/nintendo-switch.png"; - interfaces.eth1 = { }; - }; - - magicant = mkDevice "magicant" { - icon = "${self}/files/topology-images/phone.png"; - info = "Samsung Z Flip 6"; - image = "${self}/files/topology-images/zflip6.png"; - interfaces.wifi = { }; - }; - - machpizza = mkDevice "machpizza" { - info = "MacBook Pro 2016"; - icon = "${self}/files/topology-images/mac.png"; - interfaces."eth1" = { }; - }; - - pc = mkDevice "Windows Gaming Server" { - info = "i7-4790k, GTX970, 32GB RAM"; - image = "${self}/files/topology-images/pc.png"; - interfaces.eth1 = { }; - }; - - pyramid.interfaces.eth1 = { }; - - switch-bedroom = mkSwitch "Switch Bedroom" { - info = "TL-SG1005D"; - image = "${self}/files/topology-images/TL-SG1005D.png"; - interfaceGroups = [ - [ - "eth1" - "eth2" - "eth3" - "eth4" - "eth5" - ] - ]; - connections.eth2 = mkConnection "printer" "eth1"; - connections.eth3 = mkConnection "machpizza" "eth1"; - }; - - printer = mkDevice "Printer" { - info = "DELL C2665dnf"; - image = "${self}/files/topology-images/DELL-C2665dnf.png"; - interfaces.eth1 = { }; - }; - - }; - - }) + }) ]; @@ -2503,7 +2499,7 @@ let inherit (outputs) lib; in { - flake = { config, ... }: + flake = _: { overlays = { default = final: prev: @@ -2634,8 +2630,7 @@ This is an improvement to what I did earlier, where I did not use nixos-ge { x86_64-linux = "install-iso"; aarch64-linux = "sd-aarch64-installer"; - } - .${system}; + }.${system}; }; }; } @@ -2787,7 +2782,7 @@ Acceptance of arbitraty argumments is here needed because disko pas

    -
    { lib, pkgs, config, rootDisk, ... }:
+
    { lib, pkgs, config, ... }:
 let
   type = "btrfs";
   extraArgs = [ "-L" "nixos" "-f" ]; # force overwrite
@@ -2946,16 +2941,14 @@ in
 
   ];
 
-  swarselprofiles = {
-    personal = lib.mkIf (!minimal) true;
-    work = lib.mkIf (!minimal) true;
-    uni = lib.mkIf (!minimal) true;
-    framework = lib.mkIf (!minimal) true;
-    amdcpu = true;
-    amdgpu = true;
-    hibernation = true;
-    btrfs = true;
+  swarselmodules = {
+    optional = {
+      amdcpu = true;
+      amdgpu = true;
+      hibernation = true;
+    };
   };
+
   swarselsystems = {
     lowResolution = "1280x800";
     highResolution = "2560x1600";
@@ -3000,6 +2993,14 @@ in
       };
     };
   };
+} // lib.optionalAttrs (!minimal) {
+  swarselprofiles = {
+    personal = true;
+    optionals = true;
+    work = true;
+    uni = true;
+    framework = true;
+  };
 }
 
 
@@ -3191,7 +3192,6 @@ My personal laptop. Closely follows the pyramid config, but leaves
 
    { self, config, inputs, lib, minimal, ... }:
 let
   primaryUser = config.swarselsystems.mainUser;
-  sharedOptions = { };
 in
 {
 
@@ -3203,35 +3203,28 @@ in
 
   ];
 
-  swarselprofiles = {
-    reduced = lib.mkIf (!minimal) true;
-    btrfs = true;
+  swarselsystems = {
+    isLaptop = true;
+    isNixos = true;
+    isBtrfs = true;
+    isLinux = true;
+    lowResolution = "1280x800";
+    highResolution = "1920x1080";
+    sharescreen = "eDP-1";
+    info = "Lenovo Ideapad 720S-13IKB";
+    firewall = lib.mkForce true;
+    wallpaper = self + /files/wallpaper/lenovowp.png;
+    hasBluetooth = true;
+    hasFingerprint = true;
+    isImpermanence = true;
+    isSecureBoot = false;
+    isCrypted = true;
+    isSwap = true;
+    rootDisk = "/dev/nvme0n1";
+    swapSize = "4G";
+    hostName = config.node.name;
   };
 
-  swarselsystems = lib.recursiveUpdate
-    {
-      isLaptop = true;
-      isNixos = true;
-      isBtrfs = true;
-      isLinux = true;
-      lowResolution = "1280x800";
-      highResolution = "1920x1080";
-      sharescreen = "eDP-1";
-      info = "Lenovo Ideapad 720S-13IKB";
-      firewall = lib.mkForce true;
-      wallpaper = self + /files/wallpaper/lenovowp.png;
-      hasBluetooth = true;
-      hasFingerprint = true;
-      isImpermanence = true;
-      isSecureBoot = false;
-      isCrypted = true;
-      isSwap = true;
-      rootDisk = "/dev/nvme0n1";
-      swapSize = "4G";
-      hostName = config.node.name;
-    }
-    sharedOptions;
-
   home-manager.users."${primaryUser}" = {
     # home.stateVersion = lib.mkForce "23.05";
     swarselsystems = {
@@ -3247,10 +3240,13 @@ in
       };
     };
   };
+} // lib.optionalAttrs (!minimal) {
+  swarselprofiles = {
+    personal = true;
+  };
 }
 
 
-
    @@ -3290,7 +3286,7 @@ in
    3.1.2.2.3. disko
    -
    { lib, pkgs, config, rootDisk, ... }:
+
    { lib, pkgs, config, ... }:
 let
   type = "btrfs";
   extraArgs = [ "-L" "nixos" "-f" ]; # force overwrite
@@ -3429,7 +3425,7 @@ This is my main server that I run at home. It handles most tasks that require bi
 
    3.1.2.3.1. Main Configuration
    
 
    
 
    
-
    { config, ... }:
+
    { lib, config, minimal, ... }:
 {
 
   imports = [
@@ -3451,11 +3447,6 @@ This is my main server that I run at home. It handles most tasks that require bi
     firewall.allowedTCPPorts = [ 80 443 ];
   };
 
-
-  swarselprofiles = {
-    server.local = true;
-  };
-
   swarselsystems = {
     info = "ASRock J4105-ITX, 32GB RAM";
     isImpermanence = false;
@@ -3466,8 +3457,44 @@ This is my main server that I run at home. It handles most tasks that require bi
     isNixos = true;
   };
 
-}
+} // lib.optionalAttrs (!minimal) {
 
+  swarselprofiles = {
+    server = true;
+  };
+
+  swarselmodules.server = {
+    nfs = lib.mkDefault true;
+    nginx = lib.mkDefault true;
+    kavita = lib.mkDefault true;
+    restic = lib.mkDefault true;
+    jellyfin = lib.mkDefault true;
+    navidrome = lib.mkDefault true;
+    spotifyd = lib.mkDefault true;
+    mpd = lib.mkDefault true;
+    postgresql = lib.mkDefault true;
+    matrix = lib.mkDefault true;
+    nextcloud = lib.mkDefault true;
+    immich = lib.mkDefault true;
+    paperless = lib.mkDefault true;
+    transmission = lib.mkDefault true;
+    syncthing = lib.mkDefault true;
+    grafana = lib.mkDefault true;
+    emacs = lib.mkDefault true;
+    freshrss = lib.mkDefault true;
+    jenkins = lib.mkDefault false;
+    kanidm = lib.mkDefault true;
+    firefly-iii = lib.mkDefault true;
+    koillection = lib.mkDefault true;
+    radicale = lib.mkDefault true;
+    atuin = lib.mkDefault true;
+    forgejo = lib.mkDefault true;
+    ankisync = lib.mkDefault true;
+    # snipeit = lib.mkDefault false;
+    homebox = lib.mkDefault true;
+  };
+
+}
 
 
    
 
    
@@ -3675,10 +3702,6 @@ For this I use a free Ampere instance from OCI with 50G of space. In case my acc
     enableAllFirmware = lib.mkForce false;
   };
 
-  swarselprofiles = {
-    minimal = lib.mkIf minimal true;
-    server.syncserver = true;
-  };
   swarselsystems = {
     info = "VM.Standard.E2.1.Micro";
     isImpermanence = true;
@@ -3692,6 +3715,15 @@ For this I use a free Ampere instance from OCI with 50G of space. In case my acc
     isNixos = true;
   };
 
+} // lib.optionalAttrs (!minimal) {
+  swarselprofiles = {
+    server = true;
+  };
+
+  swarselmodules.server = {
+    forgejo = lib.mkDefault false;
+    ankisync = lib.mkDefault false;
+  };
 }
 
 
    
@@ -3735,7 +3767,6 @@ For this I use a free Ampere instance from OCI with 50G of space. In case my acc
 
    # NOTE: ... is needed because dikso passes diskoFile
 { lib
 , config
-, rootDisk
 , ...
 }:
 let
@@ -3848,7 +3879,7 @@ This machine mainly acts as my proxy server to stand before my local machines.
 
    3.1.3.2.1. Main Configuration
    
 
    
 
    
-
    { lib, config, ... }:
+
    { lib, config, minimal, ... }:
 let
   inherit (config.repo.secrets.local.syncthing) dev1 dev2 dev3 loc1;
   inherit (config.swarselsystems) sopsFile;
@@ -3980,10 +4011,6 @@ in
     };
   };
 
-  swarselprofiles = {
-    server.moonside = true;
-  };
-
   swarselsystems = {
     flakePath = "/root/.dotfiles";
     info = "VM.Standard.A1.Flex, 4 OCPUs, 24GB RAM";
@@ -4000,6 +4027,19 @@ in
       serviceIP = "localhost";
     };
   };
+} // lib.optionalAttrs (!minimal) {
+  swarselprofiles = {
+    server = true;
+  };
+
+  swarselmodules.server = {
+    oauth2-proxy = lib.mkDefault true;
+    croc = lib.mkDefault true;
+    microbin = lib.mkDefault true;
+    shlink = lib.mkDefault true;
+    slink = lib.mkDefault true;
+    syncthing = lib.mkDefault true;
+  };
 }
 
 
    
@@ -4036,7 +4076,6 @@ in
 
    # NOTE: ... is needed because dikso passes diskoFile
 { lib
 , config
-, rootDisk
 , ...
 }:
 let
@@ -4180,7 +4219,7 @@ This is a slim setup for developing base configuration. I do not track the hardw
 
    3.1.4.1.1. Main Configuration
    
 
    
 
    
-
    { self, lib, minimal, ... }:
+
    { self, lib, ... }:
 {
 
   imports = [
@@ -4194,8 +4233,7 @@ This is a slim setup for developing base configuration. I do not track the hardw
   };
 
   swarselprofiles = {
-    toto = lib.mkIf (!minimal) true;
-    btrfs = true;
+    minimal = lib.mkForce true;
   };
 
   swarselsystems = {
@@ -4230,7 +4268,6 @@ This is a slim setup for developing base configuration. I do not track the hardw
 { lib
 , pkgs
 , config
-, rootDisk
 , ...
 }:
 let
@@ -4382,7 +4419,7 @@ TODO: cleanup this mess
 let
   pubKeys = lib.filesystem.listFilesRecursive "${self}/secrets/keys/ssh";
 in
-  {
+{
 
   config = {
     home-manager.users.root.home = {
@@ -4435,7 +4472,7 @@ in
       extraOptions = ''
         plugin-files = ${pkgs.nix-plugins.overrideAttrs (o: {
           buildInputs = [config.nix.package pkgs.boost];
-          patches = (o.patches or []);
+          patches = o.patches or [];
         })}/lib/nix/plugins
         extra-builtins-file = ${../nix/extra-builtins.nix}
       '';
@@ -4650,11 +4687,6 @@ in
     firewall.enable = true;
   };
 
-  swarselprofiles = {
-    chaostheatre = lib.mkIf (!minimal) true;
-    minimal = lib.mkIf minimal true;
-    btrfs = true;
-  };
   swarselsystems = {
     info = "~SwarselSystems~ demo host";
     wallpaper = self + /files/wallpaper/lenovowp.png;
@@ -4671,6 +4703,11 @@ in
     isNixos = true;
   };
 
+} // lib.optionalAttrs (!minimal) {
+  swarselprofiles = {
+    chaostheatre = true;
+    minimal = true;
+  };
 }
 
 
@@ -4684,10 +4721,10 @@ in
 
    
 
    # NOTE: ... is needed because dikso passes diskoFile
 { lib
-  , pkgs
-  , config
-  , diskDevice ? config.swarselsystem.rootDisk
-  , ...
+, pkgs
+, config
+, diskDevice ? config.swarselsystem.rootDisk
+, ...
 }:
 let
   type = "btrfs";
@@ -4739,62 +4776,61 @@ let
     };
   };
 in
-  {
-    disko.devices = {
-      disk = {
-        disk0 = {
-          type = "disk";
-          device = diskDevice;
-          content = {
-            type = "gpt";
-            partitions = {
-              ESP = {
-                priority = 1;
-                name = "ESP";
-                size = "512M";
-                type = "EF00";
-                content = {
-                  type = "filesystem";
-                  format = "vfat";
-                  mountpoint = "/boot";
-                  mountOptions = [ "defaults" ];
-                };
+{
+  disko.devices = {
+    disk = {
+      disk0 = {
+        type = "disk";
+        device = diskDevice;
+        content = {
+          type = "gpt";
+          partitions = {
+            ESP = {
+              priority = 1;
+              name = "ESP";
+              size = "512M";
+              type = "EF00";
+              content = {
+                type = "filesystem";
+                format = "vfat";
+                mountpoint = "/boot";
+                mountOptions = [ "defaults" ];
               };
-              root = lib.mkIf (!config.swarselsystems.isCrypted) {
-                size = "100%";
-                content = {
-                  inherit type subvolumes extraArgs;
-                  postCreateHook = lib.mkIf config.swarselsystems.isImpermanence ''
+            };
+            root = lib.mkIf (!config.swarselsystems.isCrypted) {
+              size = "100%";
+              content = {
+                inherit type subvolumes extraArgs;
+                postCreateHook = lib.mkIf config.swarselsystems.isImpermanence ''
                     MNTPOINT=$(mktemp -d)
                   mount "/dev/disk/by-label/nixos" "$MNTPOINT" -o subvolid=5
                   trap 'umount $MNTPOINT; rm -rf $MNTPOINT' EXIT
                   btrfs subvolume snapshot -r $MNTPOINT/root $MNTPOINT/root-blank
-                  '';
-                };
+                '';
               };
-              luks = lib.mkIf config.swarselsystems.isCrypted {
-                size = "100%";
+            };
+            luks = lib.mkIf config.swarselsystems.isCrypted {
+              size = "100%";
+              content = {
+                type = "luks";
+                name = "cryptroot";
+                passwordFile = "/tmp/disko-password"; # this is populated by bootstrap.sh
+                settings = {
+                  allowDiscards = true;
+                  # https://github.com/hmajid2301/dotfiles/blob/a0b511c79b11d9b4afe2a5e2b7eedb2af23e288f/systems/x86_64-linux/framework/disks.nix#L36
+                  crypttabExtraOpts = [
+                    "fido2-device=auto"
+                    "token-timeout=10"
+                  ];
+                };
                 content = {
-                  type = "luks";
-                  name = "cryptroot";
-                  passwordFile = "/tmp/disko-password"; # this is populated by bootstrap.sh
-                  settings = {
-                    allowDiscards = true;
-                    # https://github.com/hmajid2301/dotfiles/blob/a0b511c79b11d9b4afe2a5e2b7eedb2af23e288f/systems/x86_64-linux/framework/disks.nix#L36
-                    crypttabExtraOpts = [
-                      "fido2-device=auto"
-                      "token-timeout=10"
-                    ];
-                  };
-                  content = {
-                    inherit type subvolumes extraArgs;
-                    postCreateHook = lib.mkIf config.swarselsystems.isImpermanence ''
+                  inherit type subvolumes extraArgs;
+                  postCreateHook = lib.mkIf config.swarselsystems.isImpermanence ''
                       MNTPOINT=$(mktemp -d)
                     mount "/dev/mapper/cryptroot" "$MNTPOINT" -o subvolid=5
                     trap 'umount $MNTPOINT; rm -rf $MNTPOINT' EXIT
                     btrfs subvolume snapshot -r $MNTPOINT/root $MNTPOINT/root-blank
-                    '';
-                  };
+                  '';
                 };
               };
             };
@@ -4802,14 +4838,15 @@ in
         };
       };
     };
+  };
 
-    fileSystems."/persist".neededForBoot = lib.mkIf config.swarselsystems.isImpermanence true;
-    fileSystems."/home".neededForBoot = lib.mkIf config.swarselsystems.isImpermanence true;
+  fileSystems."/persist".neededForBoot = lib.mkIf config.swarselsystems.isImpermanence true;
+  fileSystems."/home".neededForBoot = lib.mkIf config.swarselsystems.isImpermanence true;
 
-    environment.systemPackages = [
-      pkgs.yubikey-manager
-    ];
-  }
+  environment.systemPackages = [
+    pkgs.yubikey-manager
+  ];
+}
 
    
 
    
 
    
@@ -4851,9 +4888,9 @@ Here we have NixOS options. All options are split into smaller files that are lo
 let
   importNames = lib.swarselsystems.readNix "modules/nixos";
 in
-  {
-    imports = lib.swarselsystems.mkImports importNames "modules/nixos";
-  }
+{
+  imports = lib.swarselsystems.mkImports importNames "modules/nixos";
+}
 
 
    
 
    
@@ -4932,29 +4969,29 @@ let
   attrsForEachOption =
     f: lib.foldl' (acc: path: lib.recursiveUpdate acc (lib.setAttrByPath path (f path))) { } forwardedOptions;
 in
-  {
-    options.nodes = lib.mkOption {
-      description = "Options forwarded to the given node.";
-      default = { };
-      type = lib.types.attrsOf (
-        lib.types.submodule {
-          options = attrsForEachOption mkForwardedOption;
-        }
-      );
-    };
+{
+  options.nodes = lib.mkOption {
+    description = "Options forwarded to the given node.";
+    default = { };
+    type = lib.types.attrsOf (
+      lib.types.submodule {
+        options = attrsForEachOption mkForwardedOption;
+      }
+    );
+  };
 
-    config =
-      let
-        getConfig =
-          path: otherNode:
+  config =
+    let
+      getConfig =
+        path: otherNode:
         let
           cfg = outputs.nixosConfigurations.${otherNode}.config.nodes.${nodeName} or null;
         in
-          lib.optionals (cfg != null) (lib.getAttrFromPath path cfg);
-        mergeConfigFromOthers = path: lib.mkMerge (lib.concatMap (getConfig path) (lib.attrNames outputs.nixosConfigurations));
-      in
-        attrsForEachOption mergeConfigFromOthers;
-  }
+        lib.optionals (cfg != null) (lib.getAttrFromPath path cfg);
+      mergeConfigFromOthers = path: lib.mkMerge (lib.concatMap (getConfig path) (lib.attrNames outputs.nixosConfigurations));
+    in
+    attrsForEachOption mergeConfigFromOthers;
+}
    @@ -4970,7 +5007,7 @@ let types ; in - { +{ options = { globals = mkOption { default = { }; @@ -5110,7 +5147,7 @@ in
    3.2.1.6. Topology (automatically active)
    -
    { self, lib, config, ... }:
+
    { lib, config, ... }:
 {
   options.swarselsystems.info = lib.mkOption {
     type = lib.types.str;
@@ -5253,7 +5290,7 @@ in
           extraOptions = ''
             plugin-files = ${pkgs.nix-plugins.overrideAttrs (o: {
               buildInputs = [config.nix.package pkgs.boost];
-              patches = (o.patches or []);
+              patches = o.patches or [];
             })}/lib/nix/plugins
             extra-builtins-file = ${self + /nix/extra-builtins.nix}
           '' + lib.optionalString (!minimal) ''
@@ -5285,39 +5322,39 @@ We enable the use of home-manager as a NixoS module. A nice trick h
 
    
 
 
    
-
    { self, inputs, config, lib, outputs, globals, options, nodes, minimal, configName, ... }:
-  {
-    options.swarselmodules.home-manager = lib.mkEnableOption "home-manager";
-    config = lib.mkIf config.swarselmodules.home-manager {
-      home-manager = lib.mkIf config.swarselsystems.withHomeManager {
-        useGlobalPkgs = true;
-        useUserPackages = true;
-        verbose = true;
-        users.${config.swarselsystems.mainUser}.imports = [
-          inputs.nix-index-database.homeModules.nix-index
-          inputs.sops-nix.homeManagerModules.sops
-          inputs.spicetify-nix.homeManagerModules.default
-          inputs.swarsel-modules.homeModules.default
-          {
-            imports = [
-              "${self}/profiles/home"
-              "${self}/modules/home"
-              {
-                swarselprofiles = {
-                  minimal = lib.mkIf minimal true;
-                };
-              }
-            ];
-            # node = {
-            #   secretsDir = if (!config.swarselsystems.isNixos) then ../../../hosts/home/${configName}/secrets else ../../../hosts/nixos/${configName}/secrets;
-            # };
-            home.stateVersion = lib.mkDefault config.system.stateVersion;
-          }
-        ];
-        extraSpecialArgs = { inherit (inputs) self nixgl; inherit inputs outputs globals nodes minimal configName; };
-      };
+
    { self, inputs, config, lib, outputs, globals, nodes, minimal, configName, ... }:
+{
+  options.swarselmodules.home-manager = lib.mkEnableOption "home-manager";
+  config = lib.mkIf config.swarselmodules.home-manager {
+    home-manager = lib.mkIf config.swarselsystems.withHomeManager {
+      useGlobalPkgs = true;
+      useUserPackages = true;
+      verbose = true;
+      users.${config.swarselsystems.mainUser}.imports = [
+        inputs.nix-index-database.homeModules.nix-index
+        inputs.sops-nix.homeManagerModules.sops
+        inputs.spicetify-nix.homeManagerModules.default
+        inputs.swarsel-modules.homeModules.default
+        {
+          imports = [
+            "${self}/profiles/home"
+            "${self}/modules/home"
+            {
+              swarselprofiles = {
+                minimal = lib.mkIf minimal true;
+              };
+            }
+          ];
+          # node = {
+          #   secretsDir = if (!config.swarselsystems.isNixos) then ../../../hosts/home/${configName}/secrets else ../../../hosts/nixos/${configName}/secrets;
+          # };
+          home.stateVersion = lib.mkDefault config.system.stateVersion;
+        }
+      ];
+      extraSpecialArgs = { inherit (inputs) self nixgl; inherit inputs outputs globals nodes minimal configName; };
     };
-  }
+  };
+}
    @@ -5339,30 +5376,30 @@ For that reason, make sure that sops-nix is properly working before let sopsFile = self + /secrets/general/secrets.yaml; in - { - options.swarselmodules.users = lib.mkEnableOption "user config"; - config = lib.mkIf config.swarselmodules.users { - sops.secrets.main-user-hashed-pw = lib.mkIf (!config.swarselsystems.isPublic) { inherit sopsFile; neededForUsers = true; }; +{ + options.swarselmodules.users = lib.mkEnableOption "user config"; + config = lib.mkIf config.swarselmodules.users { + sops.secrets.main-user-hashed-pw = lib.mkIf (!config.swarselsystems.isPublic) { inherit sopsFile; neededForUsers = true; }; + users = { + mutableUsers = lib.mkIf (!minimal) false; users = { - mutableUsers = lib.mkIf (!minimal) false; - users = { - root = { - inherit (globals.root) hashedPassword; - # shell = pkgs.zsh; - }; - "${config.swarselsystems.mainUser}" = { + root = { + inherit (globals.root) hashedPassword; + # shell = pkgs.zsh; + }; + "${config.swarselsystems.mainUser}" = { isNormalUser = true; description = "Leon S"; password = lib.mkIf (minimal || config.swarselsystems.isPublic) "setup"; hashedPasswordFile = lib.mkIf (!minimal && !config.swarselsystems.isPublic) config.sops.secrets.main-user-hashed-pw.path; extraGroups = [ "wheel" ] ++ lib.optionals (!minimal) [ "networkmanager" "syncthing" "docker" "lp" "audio" "video" "vboxusers" "libvirtd" "scanner" ]; packages = with pkgs; [ ]; - }; }; }; }; - } + }; +}
    @@ -5463,47 +5500,47 @@ let in { options = { - repo = { - secretFiles = lib.mkOption { - default = { }; - type = lib.types.attrsOf lib.types.path; - example = lib.literalExpression "{ local = ./pii.nix.enc; }"; - description = '' - This file manages the origin for this machine's repository-secrets. Anything that is - technically not a secret in the classical sense (i.e. that it has to be protected - after it has been deployed), but something you want to keep secret from the public; - Anything that you wouldn't want people to see on GitHub, but that can live unencrypted - on your own devices. Consider it a more ergonomic nix alternative to using git-crypt. + repo = { + secretFiles = lib.mkOption { + default = { }; + type = lib.types.attrsOf lib.types.path; + example = lib.literalExpression "{ local = ./pii.nix.enc; }"; + description = '' + This file manages the origin for this machine's repository-secrets. Anything that is + technically not a secret in the classical sense (i.e. that it has to be protected + after it has been deployed), but something you want to keep secret from the public; + Anything that you wouldn't want people to see on GitHub, but that can live unencrypted + on your own devices. Consider it a more ergonomic nix alternative to using git-crypt. - All of these secrets may (and probably will be) put into the world-readable nix-store - on the build and target hosts. You'll most likely want to store personally identifiable - information here, such as: - - MAC Addreses - - Static IP addresses - - Your full name (when configuring your users) - - Your postal address (when configuring e.g. home-assistant) - - ... + All of these secrets may (and probably will be) put into the world-readable nix-store + on the build and target hosts. You'll most likely want to store personally identifiable + information here, such as: + - MAC Addreses + - Static IP addresses + - Your full name (when configuring your users) + - Your postal address (when configuring e.g. home-assistant) + - ... - Each path given here must be an sops-encrypted .nix file. For each attribute `<name>`, - the corresponding file will be decrypted, imported and exposed as {option}`repo.secrets.<name>`. - ''; - }; - - secrets = lib.mkOption { - readOnly = true; - default = lib.mapAttrs (_: x: importEncrypted x inputs) config.repo.secretFiles; - type = lib.types.unspecified; - description = "Exposes the loaded repo secrets. This option is read-only."; - }; + Each path given here must be an sops-encrypted .nix file. For each attribute `<name>`, + the corresponding file will be decrypted, imported and exposed as {option}`repo.secrets.<name>`. + ''; + }; + + secrets = lib.mkOption { + readOnly = true; + default = lib.mapAttrs (_: x: importEncrypted x inputs) config.repo.secretFiles; + type = lib.types.unspecified; + description = "Exposes the loaded repo secrets. This option is read-only."; }; - swarselmodules.pii = lib.mkEnableOption "enable pii management"; }; + swarselmodules.pii = lib.mkEnableOption "enable pii management"; + }; config = lib.mkIf config.swarselmodules.pii { repo.secretFiles = let local = config.node.secretsDir + "/pii.nix.enc"; in - (lib.optionalAttrs (lib.pathExists local && !minimal ) { inherit local; }) // lib.optionalAttrs (!minimal) { + (lib.optionalAttrs (lib.pathExists local && !minimal) { inherit local; }) // lib.optionalAttrs (!minimal) { common = ../../../secrets/repo/pii.nix.enc; }; }; @@ -5849,8 +5886,7 @@ Next, we will setup some environment variables that need to be set on the system gst-plugins-ugly gst-libav ]); - } // (lib.optionalAttrs (!config.swarselsystems.isPublic) { - }); + } // (lib.optionalAttrs (!config.swarselsystems.isPublic) { }); }; }; } @@ -5883,9 +5919,9 @@ Needed for control over system-wide privileges etc. Also I make sure that the ro sudo.extraConfig = '' Defaults env_keep+=SSH_AUTH_SOCK '' + lib.optionalString (!minimal) '' - Defaults env_keep+=XDG_RUNTIME_DIR - Defaults env_keep+=WAYLAND_DISPLAY - ''; + Defaults env_keep+=XDG_RUNTIME_DIR + Defaults env_keep+=WAYLAND_DISPLAY + ''; }; }; } @@ -6045,7 +6081,6 @@ let certsSopsFile = self + /secrets/certs/secrets.yaml; clientSopsFile = self + /secrets/${config.node.name}/secrets.yaml; - inherit (config.swarselsystems) mainUser; inherit (config.repo.secrets.common.network) wlan1 wlan2 mobile1 vpn1-location vpn1-cipher vpn1-address eduroam-anon; iwd = config.networking.networkmanager.wifi.backend == "iwd"; @@ -6133,226 +6168,227 @@ in environmentFiles = [ "${config.sops.templates."network-manager.env".path}" ]; - profiles = let - inherit (config.repo.secrets.local.network) home-wireguard-address home-wireguard-allowed-ips; - in + profiles = + let + inherit (config.repo.secrets.local.network) home-wireguard-address home-wireguard-allowed-ips; + in { - ${wlan1} = { - connection = { - id = wlan1; - # permissions = ""; - type = "wifi"; + ${wlan1} = { + connection = { + id = wlan1; + # permissions = ""; + type = "wifi"; + }; + ipv4 = { + # dns-search = ""; + method = "auto"; + }; + ipv6 = { + addr-gen-mode = "stable-privacy"; + # dns-search = ""; + method = "auto"; + }; + wifi = { + # mac-address-blacklist = ""; + mode = "infrastructure"; + band = "a"; + ssid = wlan1; + }; + wifi-security = { + # auth-alg = "open"; + key-mgmt = "wpa-psk"; + psk = "$WLAN1_PW"; + }; }; - ipv4 = { - # dns-search = ""; - method = "auto"; - }; - ipv6 = { - addr-gen-mode = "stable-privacy"; - # dns-search = ""; - method = "auto"; - }; - wifi = { - # mac-address-blacklist = ""; - mode = "infrastructure"; - band = "a"; - ssid = wlan1; - }; - wifi-security = { - # auth-alg = "open"; - key-mgmt = "wpa-psk"; - psk = "$WLAN1_PW"; - }; - }; - LAN-Party = { - connection = { - autoconnect = "false"; - id = "LAN-Party"; - type = "ethernet"; + LAN-Party = { + connection = { + autoconnect = "false"; + id = "LAN-Party"; + type = "ethernet"; + }; + ethernet = { + auto-negotiate = "true"; + cloned-mac-address = "preserve"; + }; + ipv4 = { method = "shared"; }; + ipv6 = { + addr-gen-mode = "stable-privacy"; + method = "auto"; + }; + proxy = { }; }; - ethernet = { - auto-negotiate = "true"; - cloned-mac-address = "preserve"; - }; - ipv4 = { method = "shared"; }; - ipv6 = { - addr-gen-mode = "stable-privacy"; - method = "auto"; - }; - proxy = { }; - }; - eduroam = { - "802-1x" = { - eap = if (!iwd) then "ttls;" else "peap;"; - identity = "$EDUROAM_USER"; - password = "$EDUROAM_PW"; - phase2-auth = "mschapv2"; - anonymous-identity = lib.mkIf iwd eduroam-anon; + eduroam = { + "802-1x" = { + eap = if (!iwd) then "ttls;" else "peap;"; + identity = "$EDUROAM_USER"; + password = "$EDUROAM_PW"; + phase2-auth = "mschapv2"; + anonymous-identity = lib.mkIf iwd eduroam-anon; + }; + connection = { + id = "eduroam"; + type = "wifi"; + }; + ipv4 = { method = "auto"; }; + ipv6 = { + addr-gen-mode = "default"; + method = "auto"; + }; + proxy = { }; + wifi = { + mode = "infrastructure"; + ssid = "eduroam"; + }; + wifi-security = { + auth-alg = "open"; + key-mgmt = "wpa-eap"; + }; }; - connection = { - id = "eduroam"; - type = "wifi"; - }; - ipv4 = { method = "auto"; }; - ipv6 = { - addr-gen-mode = "default"; - method = "auto"; - }; - proxy = { }; - wifi = { - mode = "infrastructure"; - ssid = "eduroam"; - }; - wifi-security = { - auth-alg = "open"; - key-mgmt = "wpa-eap"; - }; - }; - local = { - connection = { - autoconnect = "false"; - id = "local"; - type = "ethernet"; + local = { + connection = { + autoconnect = "false"; + id = "local"; + type = "ethernet"; + }; + ethernet = { }; + ipv4 = { + address1 = "10.42.1.1/24"; + method = "shared"; + }; + ipv6 = { + addr-gen-mode = "stable-privacy"; + method = "auto"; + }; + proxy = { }; }; - ethernet = { }; - ipv4 = { - address1 = "10.42.1.1/24"; - method = "shared"; - }; - ipv6 = { - addr-gen-mode = "stable-privacy"; - method = "auto"; - }; - proxy = { }; - }; - ${wlan2} = { - connection = { - id = wlan2; - type = "wifi"; + ${wlan2} = { + connection = { + id = wlan2; + type = "wifi"; + }; + ipv4 = { method = "auto"; }; + ipv6 = { + addr-gen-mode = "stable-privacy"; + method = "auto"; + }; + proxy = { }; + wifi = { + band = "bg"; + mode = "infrastructure"; + ssid = wlan2; + }; + wifi-security = { + key-mgmt = "wpa-psk"; + psk = "$WLAN2_PW"; + }; }; - ipv4 = { method = "auto"; }; - ipv6 = { - addr-gen-mode = "stable-privacy"; - method = "auto"; - }; - proxy = { }; - wifi = { - band = "bg"; - mode = "infrastructure"; - ssid = wlan2; - }; - wifi-security = { - key-mgmt = "wpa-psk"; - psk = "$WLAN2_PW"; - }; - }; - ${mobile1} = { - connection = { - id = mobile1; - type = "wifi"; + ${mobile1} = { + connection = { + id = mobile1; + type = "wifi"; + }; + ipv4 = { method = "auto"; }; + ipv6 = { + addr-gen-mode = "default"; + method = "auto"; + }; + proxy = { }; + wifi = { + mode = "infrastructure"; + ssid = mobile1; + }; + wifi-security = { + auth-alg = "open"; + key-mgmt = "wpa-psk"; + psk = "$MOBILE_HOTSPOT_PW"; + }; }; - ipv4 = { method = "auto"; }; - ipv6 = { - addr-gen-mode = "default"; - method = "auto"; - }; - proxy = { }; - wifi = { - mode = "infrastructure"; - ssid = mobile1; - }; - wifi-security = { - auth-alg = "open"; - key-mgmt = "wpa-psk"; - psk = "$MOBILE_HOTSPOT_PW"; - }; - }; - home-wireguard = { - connection = { - id = "HomeVPN"; - type = "wireguard"; - autoconnect = "false"; - interface-name = "wg1"; + home-wireguard = { + connection = { + id = "HomeVPN"; + type = "wireguard"; + autoconnect = "false"; + interface-name = "wg1"; + }; + wireguard = { private-key = "$HOME_WIREGUARD_CLIENT_PRIVATE_KEY"; }; + "wireguard-peer.$HOME_WIREGURARD_SERVER_PUBLIC_KEY" = { + endpoint = "$HOME_WIREGUARD_ENDPOINT"; + allowed-ips = home-wireguard-allowed-ips; + }; + ipv4 = { + method = "ignore"; + address1 = home-wireguard-address; + }; + ipv6 = { + addr-gen-mode = "stable-privacy"; + method = "ignore"; + }; + proxy = { }; }; - wireguard = { private-key = "$HOME_WIREGUARD_CLIENT_PRIVATE_KEY"; }; - "wireguard-peer.$HOME_WIREGURARD_SERVER_PUBLIC_KEY" = { - endpoint = "$HOME_WIREGUARD_ENDPOINT"; - allowed-ips = home-wireguard-allowed-ips; - }; - ipv4 = { - method = "ignore"; - address1 = home-wireguard-address; - }; - ipv6 = { - addr-gen-mode = "stable-privacy"; - method = "ignore"; - }; - proxy = { }; - }; - pia-vpn1 = { - connection = { - autoconnect = "false"; - id = "PIA ${vpn1-location}"; - type = "vpn"; + pia-vpn1 = { + connection = { + autoconnect = "false"; + id = "PIA ${vpn1-location}"; + type = "vpn"; + }; + ipv4 = { method = "auto"; }; + ipv6 = { + addr-gen-mode = "stable-privacy"; + method = "auto"; + }; + proxy = { }; + vpn = { + auth = "sha1"; + ca = config.sops.secrets."pia-vpn1-ca-pem".path; + challenge-response-flags = "2"; + cipher = vpn1-cipher; + compress = "yes"; + connection-type = "password"; + crl-verify-file = config.sops.secrets."pia-vpn1-crl-pem".path; + dev = "tun"; + password-flags = "0"; + remote = vpn1-address; + remote-cert-tls = "server"; + reneg-seconds = "0"; + service-type = "org.freedesktop.NetworkManager.openvpn"; + username = "$PIA_VPN_USER"; + }; + vpn-secrets = { password = "$PIA_VPN_PW"; }; }; - ipv4 = { method = "auto"; }; - ipv6 = { - addr-gen-mode = "stable-privacy"; - method = "auto"; - }; - proxy = { }; - vpn = { - auth = "sha1"; - ca = config.sops.secrets."pia-vpn1-ca-pem".path; - challenge-response-flags = "2"; - cipher = vpn1-cipher; - compress = "yes"; - connection-type = "password"; - crl-verify-file = config.sops.secrets."pia-vpn1-crl-pem".path; - dev = "tun"; - password-flags = "0"; - remote = vpn1-address; - remote-cert-tls = "server"; - reneg-seconds = "0"; - service-type = "org.freedesktop.NetworkManager.openvpn"; - username = "$PIA_VPN_USER"; - }; - vpn-secrets = { password = "$PIA_VPN_PW"; }; - }; - Hotspot = { - connection = { - autoconnect = "false"; - id = "Hotspot"; - type = "wifi"; + Hotspot = { + connection = { + autoconnect = "false"; + id = "Hotspot"; + type = "wifi"; + }; + ipv4 = { method = "shared"; }; + ipv6 = { + addr-gen-mode = "default"; + method = "ignore"; + }; + proxy = { }; + wifi = { + mode = "ap"; + ssid = "Hotspot-${config.swarselsystems.mainUser}"; + }; + wifi-security = { + group = "ccmp;"; + key-mgmt = "wpa-psk"; + pairwise = "ccmp;"; + proto = "rsn;"; + psk = "$MOBILE_HOTSPOT_PW"; + }; }; - ipv4 = { method = "shared"; }; - ipv6 = { - addr-gen-mode = "default"; - method = "ignore"; - }; - proxy = { }; - wifi = { - mode = "ap"; - ssid = "Hotspot-${config.swarselsystems.mainUser}"; - }; - wifi-security = { - group = "ccmp;"; - key-mgmt = "wpa-psk"; - pairwise = "ccmp;"; - proto = "rsn;"; - psk = "$MOBILE_HOTSPOT_PW"; - }; - }; - }; + }; }; }; }; @@ -6686,25 +6722,25 @@ This is a super-convenient package that lets my remap my CAPS key t let moduleName = "keyd"; in - { - options.swarselmodules.${moduleName} = lib.mkEnableOption "${moduleName} tools config"; - config = lib.mkIf config.swarselmodules.${moduleName} { - services.keyd = { - enable = true; - keyboards = { - default = { - ids = [ "*" ]; - settings = { - main = { - leftmeta = "overload(meta, macro(rightmeta+z))"; - rightmeta = "overload(meta, macro(rightmeta+z))"; - }; +{ + options.swarselmodules.${moduleName} = lib.mkEnableOption "${moduleName} tools config"; + config = lib.mkIf config.swarselmodules.${moduleName} { + services.keyd = { + enable = true; + keyboards = { + default = { + ids = [ "*" ]; + settings = { + main = { + leftmeta = "overload(meta, macro(rightmeta+z))"; + rightmeta = "overload(meta, macro(rightmeta+z))"; }; }; }; }; }; - } + }; +} @@ -6981,6 +7017,7 @@ When a program does not work, start with nix-ldd <program>. T libdbusmenu-gtk2 libdrm libelf + libgbm libgcrypt libglvnd libidn @@ -7451,38 +7488,38 @@ Here we just define some aliases for rebuilding the system, and we allow some in let inherit (config.swarselsystems) flakePath; in - { +{ - options.swarselmodules.server.general = lib.mkEnableOption "general setting on server"; - options.swarselsystems = { - shellAliases = lib.mkOption { - type = lib.types.attrsOf lib.types.str; - default = { }; - }; + options.swarselmodules.server.general = lib.mkEnableOption "general setting on server"; + options.swarselsystems = { + shellAliases = lib.mkOption { + type = lib.types.attrsOf lib.types.str; + default = { }; }; - config = lib.mkIf config.swarselmodules.server.general { + }; + config = lib.mkIf config.swarselmodules.server.general { - environment.shellAliases = lib.recursiveUpdate - { - nswitch = "cd ${flakePath}; swarsel-deploy $(hostname) switch; cd -;"; - nboot = "cd ${flakePath}; swarsel-deploy $(hostname) boot; cd -;"; - ndry = "cd ${flakePath}; swarsel-deploy $(hostname) dry-activate; cd -;"; - } - config.swarselsystems.shellAliases; + environment.shellAliases = lib.recursiveUpdate + { + nswitch = "cd ${flakePath}; swarsel-deploy $(hostname) switch; cd -;"; + nboot = "cd ${flakePath}; swarsel-deploy $(hostname) boot; cd -;"; + ndry = "cd ${flakePath}; swarsel-deploy $(hostname) dry-activate; cd -;"; + } + config.swarselsystems.shellAliases; - nixpkgs.config.permittedInsecurePackages = [ - # matrix - "olm-3.2.16" - # sonarr - "aspnetcore-runtime-wrapped-6.0.36" - "aspnetcore-runtime-6.0.36" - "dotnet-sdk-wrapped-6.0.428" - "dotnet-sdk-6.0.428" - # - "SDL_ttf-2.0.11" - ]; - }; - } + nixpkgs.config.permittedInsecurePackages = [ + # matrix + "olm-3.2.16" + # sonarr + "aspnetcore-runtime-wrapped-6.0.36" + "aspnetcore-runtime-6.0.36" + "dotnet-sdk-wrapped-6.0.428" + "dotnet-sdk-6.0.428" + # + "SDL_ttf-2.0.11" + ]; + }; +} @@ -9150,7 +9187,7 @@ This manages backups for my pictures and obsidian files. 
    { lib, pkgs, config, ... }:
 let
   inherit (config.swarselsystems) sopsFile;
-  in
+in
 {
   options.swarselmodules.server.restic = lib.mkEnableOption "enable restic backups on server";
   config = lib.mkIf config.swarselmodules.server.restic {
@@ -11387,7 +11424,7 @@ in
 
    3.2.3.38. Homebox
    
 
    
 
    
-
    { self, lib, pkgs, config, globals, ... }:
+
    { lib, pkgs, config, globals, ... }:
 let
   servicePort = 7745;
   serviceName = "homebox";
@@ -11471,21 +11508,21 @@ in
 
   options.swarselmodules.optional.darwin = lib.mkEnableOption "optional darwin settings";
   config = lib.mkIf config.swarselmodules.optional.darwin {
-  nix.settings.experimental-features = "nix-command flakes";
-  nixpkgs = {
-    hostPlatform = "x86_64-darwin";
-    overlays = [ outputs.overlays.default ];
-    config = {
-      allowUnfree = true;
+    nix.settings.experimental-features = "nix-command flakes";
+    nixpkgs = {
+      hostPlatform = "x86_64-darwin";
+      overlays = [ outputs.overlays.default ];
+      config = {
+        allowUnfree = true;
+      };
     };
+
+    home-manager.users."${macUser}".imports = [
+      "${self}/modules/home/darwin"
+    ];
+
+    system.stateVersion = 4;
   };
-
-  home-manager.users."${macUser}".imports = [
-    "${self}/modules/home/darwin"
-  ];
-
-  system.stateVersion = 4;
-    };
 }
 
    
 
    
@@ -11782,10 +11819,10 @@ This holds configuration that is specific to framework laptops.
 
    
 
    { lib, config, ... }:
 {
-  options.swarselmodules.optional.btrfs = lib.mkEnableOption "optional btrfs settings";
-  config = lib.mkIf config.swarselmodules.optional.btrfs {
+  options.swarselmodules.btrfs = lib.mkEnableOption "optional btrfs settings";
+  config = lib.mkIf config.swarselmodules.btrfs {
     boot = {
-      supportedFilesystems = [ "btrfs" ];
+      supportedFilesystems = lib.mkIf config.swarselsystems.isBtrfs [ "btrfs" ];
     };
   };
 }
@@ -12087,7 +12124,6 @@ in
 
    { lib, config, nixosConfig ? null, ... }:
 let
   # mirrorAttrs = lib.mapAttrs (_: v: lib.mkDefault v) nixosConfig.swarselsystems;
-  inherit (lib) mkDefault mapAttrs filterAttrs;
   mkDefaultCommonAttrs = base: defaults:
     lib.mapAttrs (_: v: lib.mkDefault v)
       (lib.filterAttrs (k: _: base ? ${k}) defaults);
@@ -12124,7 +12160,7 @@ in
       extraOptions = ''
         plugin-files = ${pkgs.nix-plugins.overrideAttrs (o: {
           buildInputs = [config.nix.package pkgs.boost];
-          patches = (o.patches or []);
+          patches = o.patches or [];
         })}/lib/nix/plugins
         extra-builtins-file = ${self + /nix/extra-builtins.nix}
       '';
@@ -12472,6 +12508,7 @@ This is just a separate container for derivations defined in 
 
    
@@ -16442,9 +16485,11 @@ In short, the options defined here are passed to the modules systems using 
+
    
+
+
+
    
+
    3.5.34. endme
    
+
    
+
    
+Sometimes my DE crashes after putting it to suspend - to be precise, it happens when I put it into suspend when I have multiple screens plugged in. I have never taken the time to debug the issue, but instead just switch to a different TTY and then use this script to kill the hanging session.
+
    
+
+
    
+
    { name, writeShellApplication, ... }:
+writeShellApplication {
+  inherit name;
+  text = ''
+    set -euo pipefail
+    systemctl --user stop graphical-session.target
+    systemctl --user stop graphical-session-pre.target
+  '';
+}
+
 
    
 
    
 
    
@@ -18692,86 +18759,8 @@ in
       lanzaboote = lib.mkDefault true;
       autologin = lib.mkDefault true;
       boot = lib.mkDefault true;
+      btrfs = lib.mkDefault true;
 
-      optional = {
-        gaming = lib.mkDefault true;
-        virtualbox = lib.mkDefault true;
-        nswitch-rcm = lib.mkDefault true;
-      };
-
-      server = {
-        ssh = lib.mkDefault true;
-      };
-    };
-    home-manager.users."${config.swarselsystems.mainUser}" = {
-      swarselprofiles = {
-        personal = lib.mkDefault true;
-      };
-    };
-
-  };
-
-}
-
-
    - - - -
    -
    3.6.1.2. Reduced
    -
    -
    -
    { lib, config, ... }:
-{
-  options.swarselprofiles.reduced = lib.mkEnableOption "is this a reduced personal host";
-  config = lib.mkIf config.swarselprofiles.reduced {
-    swarselmodules = {
-      packages = lib.mkDefault true;
-      pii = lib.mkDefault true;
-      general = lib.mkDefault true;
-      home-manager = lib.mkDefault true;
-      xserver = lib.mkDefault true;
-      users = lib.mkDefault true;
-      env = lib.mkDefault true;
-      security = lib.mkDefault true;
-      systemdTimeout = lib.mkDefault true;
-      hardware = lib.mkDefault true;
-      pulseaudio = lib.mkDefault true;
-      pipewire = lib.mkDefault true;
-      network = lib.mkDefault true;
-      time = lib.mkDefault true;
-      sops = lib.mkDefault true;
-      stylix = lib.mkDefault true;
-      programs = lib.mkDefault true;
-      zsh = lib.mkDefault true;
-      syncthing = lib.mkDefault true;
-      blueman = lib.mkDefault true;
-      networkDevices = lib.mkDefault true;
-      gvfs = lib.mkDefault true;
-      interceptionTools = lib.mkDefault true;
-      swayosd = lib.mkDefault true;
-      ppd = lib.mkDefault true;
-      yubikey = lib.mkDefault true;
-      ledger = lib.mkDefault true;
-      keyboards = lib.mkDefault true;
-      login = lib.mkDefault true;
-      nix-ld = lib.mkDefault true;
-      impermanence = lib.mkDefault true;
-      nvd = lib.mkDefault true;
-      gnome-keyring = lib.mkDefault true;
-      sway = lib.mkDefault true;
-      xdg-portal = lib.mkDefault true;
-      distrobox = lib.mkDefault true;
-      appimage = lib.mkDefault true;
-      lid = lib.mkDefault true;
-      lowBattery = lib.mkDefault true;
-      lanzaboote = lib.mkDefault true;
-      autologin = lib.mkDefault true;
-      boot = lib.mkDefault true;
-
-      server = {
-        ssh = lib.mkDefault true;
-      };
     };
     home-manager.users."${config.swarselsystems.mainUser}" = {
       swarselprofiles = {
@@ -18788,7 +18777,7 @@ in
    -
    3.6.1.3. Minimal
    +
    3.6.1.2. Minimal
    { lib, config, ... }:
@@ -18810,6 +18799,7 @@ in
       yubikey = lib.mkDefault true;
       autologin = lib.mkDefault true;
       boot = lib.mkDefault true;
+      btrfs = lib.mkDefault true;
 
       server = {
         ssh = lib.mkDefault true;
@@ -18820,6 +18810,35 @@ in
 
 }
 
+
    +
    +
    +
    +
    +
    3.6.1.3. Optionals
    +
    +
    +
    { lib, config, ... }:
+{
+  options.swarselprofiles.optionals = lib.mkEnableOption "is this a host with optionals";
+  config = lib.mkIf config.swarselprofiles.optionals {
+    swarselmodules = {
+      optional = {
+        gaming = lib.mkDefault true;
+        virtualbox = lib.mkDefault true;
+        nswitch-rcm = lib.mkDefault true;
+      };
+    };
+
+    home-manager.users."${config.swarselsystems.mainUser}" = {
+      swarselprofiles = {
+        optionals = lib.mkDefault true;
+      };
+    };
+  };
+
+}
+
    @@ -18833,78 +18852,46 @@ in options.swarselprofiles.chaostheatre = lib.mkEnableOption "is this a chaostheatre host"; config = lib.mkIf config.swarselprofiles.chaostheatre { swarselmodules = { - packages = lib.mkDefault true; - general = lib.mkDefault true; - home-manager = lib.mkDefault true; - xserver = lib.mkDefault true; - users = lib.mkDefault true; - sops = lib.mkDefault true; - env = lib.mkDefault true; - security = lib.mkDefault true; - systemdTimeout = lib.mkDefault true; - hardware = lib.mkDefault true; - pulseaudio = lib.mkDefault true; - pipewire = lib.mkDefault true; - network = lib.mkDefault true; - time = lib.mkDefault true; - stylix = lib.mkDefault true; - programs = lib.mkDefault true; - zsh = lib.mkDefault true; - syncthing = lib.mkDefault true; - blueman = lib.mkDefault true; - networkDevices = lib.mkDefault true; - gvfs = lib.mkDefault true; - interceptionTools = lib.mkDefault true; - swayosd = lib.mkDefault true; - ppd = lib.mkDefault true; - yubikey = lib.mkDefault false; - ledger = lib.mkDefault true; - keyboards = lib.mkDefault true; - login = lib.mkDefault true; - nix-ld = lib.mkDefault true; - impermanence = lib.mkDefault true; - nvd = lib.mkDefault true; - gnome-keyring = lib.mkDefault true; - sway = lib.mkDefault true; - xdg-portal = lib.mkDefault true; - distrobox = lib.mkDefault true; - appimage = lib.mkDefault true; - lid = lib.mkDefault true; - lowBattery = lib.mkDefault true; - lanzaboote = lib.mkDefault true; - autologin = lib.mkDefault true; - }; - - }; - -} - - -
    -
    - -
    -
    3.6.1.5. toto
    -
    -
    -
    { lib, config, ... }:
-{
-  options.swarselprofiles.toto = lib.mkEnableOption "is this a toto (setup) host";
-  config = lib.mkIf config.swarselprofiles.toto {
-    swarselmodules = {
-      general = lib.mkDefault true;
-      packages = lib.mkDefault true;
-      home-manager = lib.mkDefault true;
-      xserver = lib.mkDefault true;
-      users = lib.mkDefault true;
-      sops = lib.mkDefault true;
-      impermanence = lib.mkDefault true;
-      lanzaboote = lib.mkDefault true;
-      autologin = lib.mkDefault true;
-      pii = lib.mkDefault true;
-      server = {
-        ssh = lib.mkDefault true;
-      };
+      packages = lib.mkForce true;
+      general = lib.mkForce true;
+      home-manager = lib.mkForce true;
+      xserver = lib.mkForce true;
+      users = lib.mkForce true;
+      sops = lib.mkForce true;
+      env = lib.mkForce true;
+      security = lib.mkForce true;
+      systemdTimeout = lib.mkForce true;
+      hardware = lib.mkForce true;
+      pulseaudio = lib.mkForce true;
+      pipewire = lib.mkForce true;
+      network = lib.mkForce true;
+      time = lib.mkForce true;
+      stylix = lib.mkForce true;
+      programs = lib.mkForce true;
+      zsh = lib.mkForce true;
+      syncthing = lib.mkForce true;
+      blueman = lib.mkForce true;
+      networkDevices = lib.mkForce true;
+      gvfs = lib.mkForce true;
+      interceptionTools = lib.mkForce true;
+      swayosd = lib.mkForce true;
+      ppd = lib.mkForce true;
+      yubikey = lib.mkForce false;
+      ledger = lib.mkForce true;
+      keyboards = lib.mkForce true;
+      login = lib.mkForce true;
+      nix-ld = lib.mkForce true;
+      impermanence = lib.mkForce true;
+      nvd = lib.mkForce true;
+      gnome-keyring = lib.mkForce true;
+      sway = lib.mkForce true;
+      xdg-portal = lib.mkForce true;
+      distrobox = lib.mkForce true;
+      appimage = lib.mkForce true;
+      lid = lib.mkForce true;
+      lowBattery = lib.mkForce true;
+      lanzaboote = lib.mkForce true;
+      autologin = lib.mkForce true;
     };
 
   };
@@ -18916,7 +18903,7 @@ in
    -
    3.6.1.6. Work
    +
    3.6.1.5. Work
    { lib, config, ... }:
@@ -18943,7 +18930,7 @@ in
    -
    3.6.1.7. Uni
    +
    3.6.1.6. Uni
    { lib, config, ... }:
@@ -18970,7 +18957,7 @@ in
    -
    3.6.1.8. Framework
    +
    3.6.1.7. Framework
    { lib, config, ... }:
@@ -18992,201 +18979,19 @@ in
 
 }
 
-
    -
    -
    -
    -
    -
    3.6.1.9. AMD CPU
    -
    -
    -
    { lib, config, ... }:
-{
-  options.swarselprofiles.amdcpu = lib.mkEnableOption "is this a host with amd cpu";
-  config = lib.mkIf config.swarselprofiles.amdcpu {
-    swarselmodules = {
-      optional = {
-        amdcpu = lib.mkDefault true;
-      };
-    };
-
-  };
-
-}
-
-
    -
    -
    -
    -
    -
    3.6.1.10. AMD GPU
    -
    -
    -
    { lib, config, ... }:
-{
-  options.swarselprofiles.amdgpu = lib.mkEnableOption "is this a host with amd gpu";
-  config = lib.mkIf config.swarselprofiles.amdgpu {
-    swarselmodules = {
-      optional = {
-        amdgpu = lib.mkDefault true;
-      };
-    };
-
-  };
-
-}
-
-
    -
    -
    -
    -
    -
    3.6.1.11. Hibernation
    -
    -
    -
    { lib, config, ... }:
-{
-  options.swarselprofiles.hibernation = lib.mkEnableOption "is this a host using hibernation";
-  config = lib.mkIf config.swarselprofiles.hibernation {
-    swarselmodules = {
-      optional = {
-        hibernation = lib.mkDefault true;
-      };
-    };
-
-  };
-
-}
-
-
    -
    -
    -
    -
    -
    3.6.1.12. BTRFS
    -
    -
    -
    { lib, config, ... }:
-{
-  options.swarselprofiles.btrfs = lib.mkEnableOption "is this a host using btrfs";
-  config = lib.mkIf config.swarselprofiles.btrfs {
-    swarselmodules = {
-      optional = {
-        btrfs = lib.mkDefault true;
-      };
-    };
-
-  };
-
-}
-
    -
    3.6.1.13. Local Server
    +
    3.6.1.8. Server
    { lib, config, ... }:
 {
-  options.swarselprofiles.server.local = lib.mkEnableOption "is this a local server";
-  config = lib.mkIf config.swarselprofiles.server.local {
+  options.swarselprofiles.server = lib.mkEnableOption "is this a server";
+  config = lib.mkIf config.swarselprofiles.server {
     swarselmodules = {
-        general = lib.mkDefault true;
-        pii = lib.mkDefault true;
-        home-manager = lib.mkDefault true;
-        xserver = lib.mkDefault true;
-        time = lib.mkDefault true;
-        users = lib.mkDefault true;
-        sops = lib.mkDefault true;
-        boot = lib.mkDefault true;
-        server = {
-          general = lib.mkDefault true;
-          packages = lib.mkDefault true;
-          nfs = lib.mkDefault true;
-          nginx = lib.mkDefault true;
-          ssh = lib.mkDefault true;
-          kavita = lib.mkDefault true;
-          restic = lib.mkDefault true;
-          jellyfin = lib.mkDefault true;
-          navidrome = lib.mkDefault true;
-          spotifyd = lib.mkDefault true;
-          mpd = lib.mkDefault true;
-          postgresql = lib.mkDefault true;
-          matrix = lib.mkDefault true;
-          nextcloud = lib.mkDefault true;
-          immich = lib.mkDefault true;
-          paperless = lib.mkDefault true;
-          transmission = lib.mkDefault true;
-          syncthing = lib.mkDefault true;
-          grafana = lib.mkDefault true;
-          emacs = lib.mkDefault true;
-          freshrss = lib.mkDefault true;
-          jenkins = lib.mkDefault false;
-          kanidm = lib.mkDefault true;
-          firefly-iii = lib.mkDefault true;
-          koillection = lib.mkDefault true;
-          radicale = lib.mkDefault true;
-          atuin = lib.mkDefault true;
-          forgejo = lib.mkDefault true;
-          ankisync = lib.mkDefault true;
-          # snipeit = lib.mkDefault false;
-          homebox = lib.mkDefault true;
-        };
-      };
-  };
-
-}
-
-
    -
    -
    -
    -
    -
    3.6.1.14. OCI Sync Server
    -
    -
    -
    { lib, config, ... }:
-{
-  options.swarselprofiles.server.syncserver = lib.mkEnableOption "is this a oci syncserver server";
-  config = lib.mkIf config.swarselprofiles.server.syncserver {
-    swarselmodules = {
-        general = lib.mkDefault true;
-        nix-ld = lib.mkDefault true;
-        pii = lib.mkDefault true;
-        home-manager = lib.mkDefault true;
-        xserver = lib.mkDefault true;
-        time = lib.mkDefault true;
-        users = lib.mkDefault true;
-        sops = lib.mkDefault true;
-        boot = lib.mkDefault true;
-        server = {
-          general = lib.mkDefault true;
-          packages = lib.mkDefault true;
-          nginx = lib.mkDefault true;
-          ssh = lib.mkDefault true;
-          forgejo = lib.mkDefault false;
-          ankisync = lib.mkDefault false;
-        };
-      };
-  };
-
-}
-
-
    -
    -
    -
    -
    -
    3.6.1.15. Moonside
    -
    -
    -
    { lib, config, ... }:
-{
-  options.swarselprofiles.server.moonside = lib.mkEnableOption "is this a moonside server";
-  config = lib.mkIf config.swarselprofiles.server.moonside {
-    swarselmodules= {
         general = lib.mkDefault true;
         pii = lib.mkDefault true;
         home-manager = lib.mkDefault true;
@@ -19194,21 +18999,16 @@ in
         time = lib.mkDefault true;
         users = lib.mkDefault true;
         impermanence = lib.mkDefault true;
+        btrfs = lib.mkDefault true;
         sops = lib.mkDefault true;
         boot = lib.mkDefault true;
         server = {
           general = lib.mkDefault true;
           packages = lib.mkDefault true;
-          nginx = lib.mkDefault true;
           ssh = lib.mkDefault true;
-          oauth2-proxy = lib.mkDefault true;
-          croc = lib.mkDefault true;
-          microbin = lib.mkDefault true;
-          shlink = lib.mkDefault true;
-          slink = lib.mkDefault true;
-          syncthing = lib.mkDefault true;
+          nginx = lib.mkDefault true;
         };
-    };
+      };
   };
 
 }
@@ -19285,10 +19085,6 @@ in
       gammastep = lib.mkDefault true;
       spicetify = lib.mkDefault true;
 
-      optional = {
-        gaming = lib.mkDefault true;
-        uni = lib.mkDefault true;
-      };
     };
   };
 
@@ -19299,52 +19095,18 @@ in
    -
    3.6.2.2. Reduced
    +
    3.6.2.2. Optionals
    { lib, config, ... }:
 {
-  options.swarselprofiles.reduced = lib.mkEnableOption "is this a reduced personal host";
-  config = lib.mkIf config.swarselprofiles.reduced {
+  options.swarselprofiles.optionals = lib.mkEnableOption "is this a host with optionals";
+  config = lib.mkIf config.swarselprofiles.optionals {
     swarselmodules = {
-      packages = lib.mkDefault true;
-      ownpackages = lib.mkDefault true;
-      general = lib.mkDefault true;
-      nixgl = lib.mkDefault true;
-      sops = lib.mkDefault true;
-      yubikey = lib.mkDefault true;
-      ssh = lib.mkDefault true;
-      stylix = lib.mkDefault true;
-      desktop = lib.mkDefault true;
-      symlink = lib.mkDefault true;
-      env = lib.mkDefault true;
-      programs = lib.mkDefault true;
-      nix-index = lib.mkDefault true;
-      passwordstore = lib.mkDefault true;
-      direnv = lib.mkDefault true;
-      eza = lib.mkDefault true;
-      atuin = lib.mkDefault true;
-      git = lib.mkDefault true;
-      fuzzel = lib.mkDefault true;
-      starship = lib.mkDefault true;
-      kitty = lib.mkDefault true;
-      zsh = lib.mkDefault true;
-      zellij = lib.mkDefault true;
-      tmux = lib.mkDefault true;
-      mail = lib.mkDefault true;
-      emacs = lib.mkDefault true;
-      waybar = lib.mkDefault true;
-      firefox = lib.mkDefault true;
-      gnome-keyring = lib.mkDefault true;
-      kdeconnect = lib.mkDefault true;
-      mako = lib.mkDefault true;
-      swayosd = lib.mkDefault true;
-      yubikeytouch = lib.mkDefault true;
-      sway = lib.mkDefault true;
-      kanshi = lib.mkDefault false;
-      gpgagent = lib.mkDefault true;
-      gammastep = lib.mkDefault true;
-
+      optional = {
+        gaming = lib.mkDefault true;
+        uni = lib.mkDefault true;
+      };
     };
   };
 
@@ -19386,41 +19148,41 @@ in
   options.swarselprofiles.chaostheatre = lib.mkEnableOption "is this a chaostheatre host";
   config = lib.mkIf config.swarselprofiles.chaostheatre {
     swarselmodules = {
-      packages = lib.mkDefault true;
-      ownpackages = lib.mkDefault true;
-      general = lib.mkDefault true;
-      nixgl = lib.mkDefault true;
-      sops = lib.mkDefault true;
-      yubikey = lib.mkDefault false;
-      ssh = lib.mkDefault true;
-      stylix = lib.mkDefault true;
-      desktop = lib.mkDefault true;
-      symlink = lib.mkDefault true;
-      env = lib.mkDefault false;
-      programs = lib.mkDefault true;
-      nix-index = lib.mkDefault true;
-      direnv = lib.mkDefault true;
-      eza = lib.mkDefault true;
-      git = lib.mkDefault false;
-      fuzzel = lib.mkDefault true;
-      starship = lib.mkDefault true;
-      kitty = lib.mkDefault true;
-      zsh = lib.mkDefault true;
-      zellij = lib.mkDefault true;
-      tmux = lib.mkDefault true;
-      mail = lib.mkDefault false;
-      emacs = lib.mkDefault true;
-      waybar = lib.mkDefault true;
-      firefox = lib.mkDefault true;
-      gnome-keyring = lib.mkDefault true;
-      kdeconnect = lib.mkDefault true;
-      mako = lib.mkDefault true;
-      swayosd = lib.mkDefault true;
-      yubikeytouch = lib.mkDefault true;
-      sway = lib.mkDefault true;
-      kanshi = lib.mkDefault true;
-      gpgagent = lib.mkDefault true;
-      gammastep = lib.mkDefault false;
+      packages = lib.mkForce true;
+      ownpackages = lib.mkForce true;
+      general = lib.mkForce true;
+      nixgl = lib.mkForce true;
+      sops = lib.mkForce true;
+      yubikey = lib.mkForce false;
+      ssh = lib.mkForce true;
+      stylix = lib.mkForce true;
+      desktop = lib.mkForce true;
+      symlink = lib.mkForce true;
+      env = lib.mkForce false;
+      programs = lib.mkForce true;
+      nix-index = lib.mkForce true;
+      direnv = lib.mkForce true;
+      eza = lib.mkForce true;
+      git = lib.mkForce false;
+      fuzzel = lib.mkForce true;
+      starship = lib.mkForce true;
+      kitty = lib.mkForce true;
+      zsh = lib.mkForce true;
+      zellij = lib.mkForce true;
+      tmux = lib.mkForce true;
+      mail = lib.mkForce false;
+      emacs = lib.mkForce true;
+      waybar = lib.mkForce true;
+      firefox = lib.mkForce true;
+      gnome-keyring = lib.mkForce true;
+      kdeconnect = lib.mkForce true;
+      mako = lib.mkForce true;
+      swayosd = lib.mkForce true;
+      yubikeytouch = lib.mkForce true;
+      sway = lib.mkForce true;
+      kanshi = lib.mkForce true;
+      gpgagent = lib.mkForce true;
+      gammastep = lib.mkForce false;
     };
   };
 
@@ -24866,7 +24628,8 @@ See the above repository for updates as well as full license text. */
   transform: rotateX(89.9deg);
 }
 #mainPopupSet:has(> [panelopen]:not(#ask-chat-shortcuts,#selection-shortcut-action-panel,#chat-shortcuts-options-panel,#tab-preview-panel)) ~ toolbox #urlbar[popover],
-#navigator-toolbox:is(:hover,:focus-within,[movingtab]) #urlbar[popover],
+/* swarsel: removed :hover from below line */
+#navigator-toolbox:is(:focus-within,[movingtab]) #urlbar[popover],
 #urlbar-container > #urlbar[popover]:is([focused],[open]){
   pointer-events: auto;
   opacity: 1;
@@ -24875,7 +24638,8 @@ See the above repository for updates as well as full license text. */
 }
 #mainPopupSet:has(> [panelopen]:not(#ask-chat-shortcuts,#selection-shortcut-action-panel,#chat-shortcuts-options-panel,#tab-preview-panel)) ~ toolbox,
 #navigator-toolbox:has(#urlbar:is([open],[focus-within])),
-#navigator-toolbox:is(:hover,:focus-within,[movingtab]){
+/* swarsel: removed :hover from below line */
+#navigator-toolbox:is(:focus-within,[movingtab]){
   transition-delay: 33ms !important;
   transform: rotateX(0);
   opacity: 1;
@@ -26103,7 +25867,7 @@ similarly, there exists an version that starts from the right.
    diff --git a/modules/home/common/custom-packages.nix b/modules/home/common/custom-packages.nix index 8ce08a2..414d24e 100644 --- a/modules/home/common/custom-packages.nix +++ b/modules/home/common/custom-packages.nix @@ -29,6 +29,7 @@ swarsel-instantiate swarselzellij sshrm + endme rustdesk-vbc ]; diff --git a/modules/home/common/env.nix b/modules/home/common/env.nix index b8def8c..240b677 100644 --- a/modules/home/common/env.nix +++ b/modules/home/common/env.nix @@ -2,7 +2,7 @@ let inherit (nixosConfig.repo.secrets.common.mail) address1 address2 address3 address4 allMailAddresses; inherit (nixosConfig.repo.secrets.common.calendar) source1 source1-name source2 source2-name source3 source3-name; - inherit (nixosConfig.repo.secrets.common) fullName; + inherit (nixosConfig.repo.secrets.common) fullName openrouterApi; inherit (config.swarselsystems) isPublic homeDir; DISPLAY = ":0"; @@ -30,6 +30,7 @@ in SWARSEL_FULLNAME = fullName; SWARSEL_MAIL_ALL = allMailAddresses; GITHUB_NOTIFICATION_TOKEN_PATH = nixosConfig.sops.secrets.github-notifications-token.path; + OPENROUTER_API_KEY = openrouterApi; }; }; } diff --git a/modules/home/common/sharedoptions.nix b/modules/home/common/sharedoptions.nix index 8edb073..10aa206 100644 --- a/modules/home/common/sharedoptions.nix +++ b/modules/home/common/sharedoptions.nix @@ -1,7 +1,6 @@ { lib, config, nixosConfig ? null, ... }: let # mirrorAttrs = lib.mapAttrs (_: v: lib.mkDefault v) nixosConfig.swarselsystems; - inherit (lib) mkDefault mapAttrs filterAttrs; mkDefaultCommonAttrs = base: defaults: lib.mapAttrs (_: v: lib.mkDefault v) (lib.filterAttrs (k: _: base ? ${k}) defaults); diff --git a/modules/home/optional/work.nix b/modules/home/optional/work.nix index ce6459e..54e50fe 100644 --- a/modules/home/optional/work.nix +++ b/modules/home/optional/work.nix @@ -18,6 +18,8 @@ in stable.prometheus.cli tigervnc openstackclient + + vscode ]; systemd.user.sessionVariables = { diff --git a/modules/nixos/client/network.nix b/modules/nixos/client/network.nix index c4246b0..7c23b32 100644 --- a/modules/nixos/client/network.nix +++ b/modules/nixos/client/network.nix @@ -3,7 +3,6 @@ let certsSopsFile = self + /secrets/certs/secrets.yaml; clientSopsFile = self + /secrets/${config.node.name}/secrets.yaml; - inherit (config.swarselsystems) mainUser; inherit (config.repo.secrets.common.network) wlan1 wlan2 mobile1 vpn1-location vpn1-cipher vpn1-address eduroam-anon; iwd = config.networking.networkmanager.wifi.backend == "iwd"; diff --git a/modules/nixos/client/nix-ld.nix b/modules/nixos/client/nix-ld.nix index 1720691..4057dae 100644 --- a/modules/nixos/client/nix-ld.nix +++ b/modules/nixos/client/nix-ld.nix @@ -47,6 +47,7 @@ libdbusmenu-gtk2 libdrm libelf + libgbm libgcrypt libglvnd libidn diff --git a/modules/nixos/common/home-manager.nix b/modules/nixos/common/home-manager.nix index 7092ca2..47c2d06 100644 --- a/modules/nixos/common/home-manager.nix +++ b/modules/nixos/common/home-manager.nix @@ -1,4 +1,4 @@ -{ self, inputs, config, lib, outputs, globals, options, nodes, minimal, configName, ... }: +{ self, inputs, config, lib, outputs, globals, nodes, minimal, configName, ... }: { options.swarselmodules.home-manager = lib.mkEnableOption "home-manager"; config = lib.mkIf config.swarselmodules.home-manager { diff --git a/modules/nixos/common/topology.nix b/modules/nixos/common/topology.nix index 2127c78..1a298a5 100644 --- a/modules/nixos/common/topology.nix +++ b/modules/nixos/common/topology.nix @@ -1,4 +1,4 @@ -{ self, lib, config, ... }: +{ lib, config, ... }: { options.swarselsystems.info = lib.mkOption { type = lib.types.str; diff --git a/modules/nixos/optional/btrfs.nix b/modules/nixos/optional/btrfs.nix index e8d3b57..bc71a74 100644 --- a/modules/nixos/optional/btrfs.nix +++ b/modules/nixos/optional/btrfs.nix @@ -1,9 +1,9 @@ { lib, config, ... }: { - options.swarselmodules.optional.btrfs = lib.mkEnableOption "optional btrfs settings"; - config = lib.mkIf config.swarselmodules.optional.btrfs { + options.swarselmodules.btrfs = lib.mkEnableOption "optional btrfs settings"; + config = lib.mkIf config.swarselmodules.btrfs { boot = { - supportedFilesystems = [ "btrfs" ]; + supportedFilesystems = lib.mkIf config.swarselsystems.isBtrfs [ "btrfs" ]; }; }; } diff --git a/modules/nixos/server/homebox.nix b/modules/nixos/server/homebox.nix index 7a7b443..84aea83 100644 --- a/modules/nixos/server/homebox.nix +++ b/modules/nixos/server/homebox.nix @@ -1,4 +1,4 @@ -{ self, lib, pkgs, config, globals, ... }: +{ lib, pkgs, config, globals, ... }: let servicePort = 7745; serviceName = "homebox"; diff --git a/nix/hosts.nix b/nix/hosts.nix index 7d00c6e..972ddca 100644 --- a/nix/hosts.nix +++ b/nix/hosts.nix @@ -33,6 +33,10 @@ minimal = lib.mkIf minimal (lib.mkDefault true); }; + swarselmodules.server = { + ssh = lib.mkIf (!minimal) (lib.mkDefault true); + }; + swarselsystems = { mainUser = lib.mkDefault "swarsel"; }; diff --git a/nix/overlays.nix b/nix/overlays.nix index 140c9ca..5b26cc4 100644 --- a/nix/overlays.nix +++ b/nix/overlays.nix @@ -4,7 +4,7 @@ let inherit (outputs) lib; in { - flake = { config, ... }: + flake = _: { overlays = { default = final: prev: diff --git a/pkgs/endme/default.nix b/pkgs/endme/default.nix new file mode 100644 index 0000000..12d3908 --- /dev/null +++ b/pkgs/endme/default.nix @@ -0,0 +1,9 @@ +{ name, writeShellApplication, ... }: +writeShellApplication { + inherit name; + text = '' + set -euo pipefail + systemctl --user stop graphical-session.target + systemctl --user stop graphical-session-pre.target + ''; +} diff --git a/pkgs/fhs/default.nix b/pkgs/fhs/default.nix index 976ea5d..618d04e 100644 --- a/pkgs/fhs/default.nix +++ b/pkgs/fhs/default.nix @@ -3,7 +3,7 @@ let base = pkgs.appimageTools.defaultFhsEnvArgs; in pkgs.buildFHSEnv (base // { - name = "fhs"; + inherit name; targetPkgs = pkgs: (base.targetPkgs pkgs) ++ [ pkgs.pkg-config ]; profile = "export FHS=1"; runScript = "zsh"; diff --git a/pkgs/screenshare/default.nix b/pkgs/screenshare/default.nix deleted file mode 100644 index d6c547b..0000000 --- a/pkgs/screenshare/default.nix +++ /dev/null @@ -1,6 +0,0 @@ -{ self, name, writeShellApplication, sway }: -writeShellApplication { - inherit name; - runtimeInputs = [ sway ]; - text = builtins.readFile "${self}/files/scripts/${name}.sh"; -} diff --git a/profiles/home/chaostheatre/default.nix b/profiles/home/chaostheatre/default.nix index 2288a8a..1bcb3fb 100644 --- a/profiles/home/chaostheatre/default.nix +++ b/profiles/home/chaostheatre/default.nix @@ -3,41 +3,41 @@ options.swarselprofiles.chaostheatre = lib.mkEnableOption "is this a chaostheatre host"; config = lib.mkIf config.swarselprofiles.chaostheatre { swarselmodules = { - packages = lib.mkDefault true; - ownpackages = lib.mkDefault true; - general = lib.mkDefault true; - nixgl = lib.mkDefault true; - sops = lib.mkDefault true; - yubikey = lib.mkDefault false; - ssh = lib.mkDefault true; - stylix = lib.mkDefault true; - desktop = lib.mkDefault true; - symlink = lib.mkDefault true; - env = lib.mkDefault false; - programs = lib.mkDefault true; - nix-index = lib.mkDefault true; - direnv = lib.mkDefault true; - eza = lib.mkDefault true; - git = lib.mkDefault false; - fuzzel = lib.mkDefault true; - starship = lib.mkDefault true; - kitty = lib.mkDefault true; - zsh = lib.mkDefault true; - zellij = lib.mkDefault true; - tmux = lib.mkDefault true; - mail = lib.mkDefault false; - emacs = lib.mkDefault true; - waybar = lib.mkDefault true; - firefox = lib.mkDefault true; - gnome-keyring = lib.mkDefault true; - kdeconnect = lib.mkDefault true; - mako = lib.mkDefault true; - swayosd = lib.mkDefault true; - yubikeytouch = lib.mkDefault true; - sway = lib.mkDefault true; - kanshi = lib.mkDefault true; - gpgagent = lib.mkDefault true; - gammastep = lib.mkDefault false; + packages = lib.mkForce true; + ownpackages = lib.mkForce true; + general = lib.mkForce true; + nixgl = lib.mkForce true; + sops = lib.mkForce true; + yubikey = lib.mkForce false; + ssh = lib.mkForce true; + stylix = lib.mkForce true; + desktop = lib.mkForce true; + symlink = lib.mkForce true; + env = lib.mkForce false; + programs = lib.mkForce true; + nix-index = lib.mkForce true; + direnv = lib.mkForce true; + eza = lib.mkForce true; + git = lib.mkForce false; + fuzzel = lib.mkForce true; + starship = lib.mkForce true; + kitty = lib.mkForce true; + zsh = lib.mkForce true; + zellij = lib.mkForce true; + tmux = lib.mkForce true; + mail = lib.mkForce false; + emacs = lib.mkForce true; + waybar = lib.mkForce true; + firefox = lib.mkForce true; + gnome-keyring = lib.mkForce true; + kdeconnect = lib.mkForce true; + mako = lib.mkForce true; + swayosd = lib.mkForce true; + yubikeytouch = lib.mkForce true; + sway = lib.mkForce true; + kanshi = lib.mkForce true; + gpgagent = lib.mkForce true; + gammastep = lib.mkForce false; }; }; diff --git a/profiles/home/optionals/default.nix b/profiles/home/optionals/default.nix new file mode 100644 index 0000000..697de20 --- /dev/null +++ b/profiles/home/optionals/default.nix @@ -0,0 +1,13 @@ +{ lib, config, ... }: +{ + options.swarselprofiles.optionals = lib.mkEnableOption "is this a host with optionals"; + config = lib.mkIf config.swarselprofiles.optionals { + swarselmodules = { + optional = { + gaming = lib.mkDefault true; + uni = lib.mkDefault true; + }; + }; + }; + +} diff --git a/profiles/home/personal/default.nix b/profiles/home/personal/default.nix index 8ced7fa..6cb38ec 100644 --- a/profiles/home/personal/default.nix +++ b/profiles/home/personal/default.nix @@ -43,10 +43,6 @@ gammastep = lib.mkDefault true; spicetify = lib.mkDefault true; - optional = { - gaming = lib.mkDefault true; - uni = lib.mkDefault true; - }; }; }; diff --git a/profiles/home/reduced/default.nix b/profiles/home/reduced/default.nix deleted file mode 100644 index 7daec76..0000000 --- a/profiles/home/reduced/default.nix +++ /dev/null @@ -1,47 +0,0 @@ -{ lib, config, ... }: -{ - options.swarselprofiles.reduced = lib.mkEnableOption "is this a reduced personal host"; - config = lib.mkIf config.swarselprofiles.reduced { - swarselmodules = { - packages = lib.mkDefault true; - ownpackages = lib.mkDefault true; - general = lib.mkDefault true; - nixgl = lib.mkDefault true; - sops = lib.mkDefault true; - yubikey = lib.mkDefault true; - ssh = lib.mkDefault true; - stylix = lib.mkDefault true; - desktop = lib.mkDefault true; - symlink = lib.mkDefault true; - env = lib.mkDefault true; - programs = lib.mkDefault true; - nix-index = lib.mkDefault true; - passwordstore = lib.mkDefault true; - direnv = lib.mkDefault true; - eza = lib.mkDefault true; - atuin = lib.mkDefault true; - git = lib.mkDefault true; - fuzzel = lib.mkDefault true; - starship = lib.mkDefault true; - kitty = lib.mkDefault true; - zsh = lib.mkDefault true; - zellij = lib.mkDefault true; - tmux = lib.mkDefault true; - mail = lib.mkDefault true; - emacs = lib.mkDefault true; - waybar = lib.mkDefault true; - firefox = lib.mkDefault true; - gnome-keyring = lib.mkDefault true; - kdeconnect = lib.mkDefault true; - mako = lib.mkDefault true; - swayosd = lib.mkDefault true; - yubikeytouch = lib.mkDefault true; - sway = lib.mkDefault true; - kanshi = lib.mkDefault false; - gpgagent = lib.mkDefault true; - gammastep = lib.mkDefault true; - - }; - }; - -} diff --git a/profiles/nixos/amdcpu/default.nix b/profiles/nixos/amdcpu/default.nix deleted file mode 100644 index e0576d5..0000000 --- a/profiles/nixos/amdcpu/default.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ lib, config, ... }: -{ - options.swarselprofiles.amdcpu = lib.mkEnableOption "is this a host with amd cpu"; - config = lib.mkIf config.swarselprofiles.amdcpu { - swarselmodules = { - optional = { - amdcpu = lib.mkDefault true; - }; - }; - - }; - -} diff --git a/profiles/nixos/amdgpu/default.nix b/profiles/nixos/amdgpu/default.nix deleted file mode 100644 index 91810b8..0000000 --- a/profiles/nixos/amdgpu/default.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ lib, config, ... }: -{ - options.swarselprofiles.amdgpu = lib.mkEnableOption "is this a host with amd gpu"; - config = lib.mkIf config.swarselprofiles.amdgpu { - swarselmodules = { - optional = { - amdgpu = lib.mkDefault true; - }; - }; - - }; - -} diff --git a/profiles/nixos/btrfs/default.nix b/profiles/nixos/btrfs/default.nix deleted file mode 100644 index 4e09c66..0000000 --- a/profiles/nixos/btrfs/default.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ lib, config, ... }: -{ - options.swarselprofiles.btrfs = lib.mkEnableOption "is this a host using btrfs"; - config = lib.mkIf config.swarselprofiles.btrfs { - swarselmodules = { - optional = { - btrfs = lib.mkDefault true; - }; - }; - - }; - -} diff --git a/profiles/nixos/chaostheatre/default.nix b/profiles/nixos/chaostheatre/default.nix index 093ca97..31ce621 100644 --- a/profiles/nixos/chaostheatre/default.nix +++ b/profiles/nixos/chaostheatre/default.nix @@ -3,46 +3,46 @@ options.swarselprofiles.chaostheatre = lib.mkEnableOption "is this a chaostheatre host"; config = lib.mkIf config.swarselprofiles.chaostheatre { swarselmodules = { - packages = lib.mkDefault true; - general = lib.mkDefault true; - home-manager = lib.mkDefault true; - xserver = lib.mkDefault true; - users = lib.mkDefault true; - sops = lib.mkDefault true; - env = lib.mkDefault true; - security = lib.mkDefault true; - systemdTimeout = lib.mkDefault true; - hardware = lib.mkDefault true; - pulseaudio = lib.mkDefault true; - pipewire = lib.mkDefault true; - network = lib.mkDefault true; - time = lib.mkDefault true; - stylix = lib.mkDefault true; - programs = lib.mkDefault true; - zsh = lib.mkDefault true; - syncthing = lib.mkDefault true; - blueman = lib.mkDefault true; - networkDevices = lib.mkDefault true; - gvfs = lib.mkDefault true; - interceptionTools = lib.mkDefault true; - swayosd = lib.mkDefault true; - ppd = lib.mkDefault true; - yubikey = lib.mkDefault false; - ledger = lib.mkDefault true; - keyboards = lib.mkDefault true; - login = lib.mkDefault true; - nix-ld = lib.mkDefault true; - impermanence = lib.mkDefault true; - nvd = lib.mkDefault true; - gnome-keyring = lib.mkDefault true; - sway = lib.mkDefault true; - xdg-portal = lib.mkDefault true; - distrobox = lib.mkDefault true; - appimage = lib.mkDefault true; - lid = lib.mkDefault true; - lowBattery = lib.mkDefault true; - lanzaboote = lib.mkDefault true; - autologin = lib.mkDefault true; + packages = lib.mkForce true; + general = lib.mkForce true; + home-manager = lib.mkForce true; + xserver = lib.mkForce true; + users = lib.mkForce true; + sops = lib.mkForce true; + env = lib.mkForce true; + security = lib.mkForce true; + systemdTimeout = lib.mkForce true; + hardware = lib.mkForce true; + pulseaudio = lib.mkForce true; + pipewire = lib.mkForce true; + network = lib.mkForce true; + time = lib.mkForce true; + stylix = lib.mkForce true; + programs = lib.mkForce true; + zsh = lib.mkForce true; + syncthing = lib.mkForce true; + blueman = lib.mkForce true; + networkDevices = lib.mkForce true; + gvfs = lib.mkForce true; + interceptionTools = lib.mkForce true; + swayosd = lib.mkForce true; + ppd = lib.mkForce true; + yubikey = lib.mkForce false; + ledger = lib.mkForce true; + keyboards = lib.mkForce true; + login = lib.mkForce true; + nix-ld = lib.mkForce true; + impermanence = lib.mkForce true; + nvd = lib.mkForce true; + gnome-keyring = lib.mkForce true; + sway = lib.mkForce true; + xdg-portal = lib.mkForce true; + distrobox = lib.mkForce true; + appimage = lib.mkForce true; + lid = lib.mkForce true; + lowBattery = lib.mkForce true; + lanzaboote = lib.mkForce true; + autologin = lib.mkForce true; }; }; diff --git a/profiles/nixos/hibernation/default.nix b/profiles/nixos/hibernation/default.nix deleted file mode 100644 index b529ff1..0000000 --- a/profiles/nixos/hibernation/default.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ lib, config, ... }: -{ - options.swarselprofiles.hibernation = lib.mkEnableOption "is this a host using hibernation"; - config = lib.mkIf config.swarselprofiles.hibernation { - swarselmodules = { - optional = { - hibernation = lib.mkDefault true; - }; - }; - - }; - -} diff --git a/profiles/nixos/localserver/default.nix b/profiles/nixos/localserver/default.nix index 008a0a0..c73b619 100644 --- a/profiles/nixos/localserver/default.nix +++ b/profiles/nixos/localserver/default.nix @@ -1,7 +1,7 @@ { lib, config, ... }: { - options.swarselprofiles.server.local = lib.mkEnableOption "is this a local server"; - config = lib.mkIf config.swarselprofiles.server.local { + options.swarselprofiles.server = lib.mkEnableOption "is this a server"; + config = lib.mkIf config.swarselprofiles.server { swarselmodules = { general = lib.mkDefault true; pii = lib.mkDefault true; @@ -9,40 +9,15 @@ xserver = lib.mkDefault true; time = lib.mkDefault true; users = lib.mkDefault true; + impermanence = lib.mkDefault true; + btrfs = lib.mkDefault true; sops = lib.mkDefault true; boot = lib.mkDefault true; server = { general = lib.mkDefault true; packages = lib.mkDefault true; - nfs = lib.mkDefault true; - nginx = lib.mkDefault true; ssh = lib.mkDefault true; - kavita = lib.mkDefault true; - restic = lib.mkDefault true; - jellyfin = lib.mkDefault true; - navidrome = lib.mkDefault true; - spotifyd = lib.mkDefault true; - mpd = lib.mkDefault true; - postgresql = lib.mkDefault true; - matrix = lib.mkDefault true; - nextcloud = lib.mkDefault true; - immich = lib.mkDefault true; - paperless = lib.mkDefault true; - transmission = lib.mkDefault true; - syncthing = lib.mkDefault true; - grafana = lib.mkDefault true; - emacs = lib.mkDefault true; - freshrss = lib.mkDefault true; - jenkins = lib.mkDefault false; - kanidm = lib.mkDefault true; - firefly-iii = lib.mkDefault true; - koillection = lib.mkDefault true; - radicale = lib.mkDefault true; - atuin = lib.mkDefault true; - forgejo = lib.mkDefault true; - ankisync = lib.mkDefault true; - # snipeit = lib.mkDefault false; - homebox = lib.mkDefault true; + nginx = lib.mkDefault true; }; }; }; diff --git a/profiles/nixos/minimal/default.nix b/profiles/nixos/minimal/default.nix index 9929e27..a224336 100644 --- a/profiles/nixos/minimal/default.nix +++ b/profiles/nixos/minimal/default.nix @@ -17,6 +17,7 @@ yubikey = lib.mkDefault true; autologin = lib.mkDefault true; boot = lib.mkDefault true; + btrfs = lib.mkDefault true; server = { ssh = lib.mkDefault true; diff --git a/profiles/nixos/moonside/default.nix b/profiles/nixos/moonside/default.nix deleted file mode 100644 index cf80ece..0000000 --- a/profiles/nixos/moonside/default.nix +++ /dev/null @@ -1,30 +0,0 @@ -{ lib, config, ... }: -{ - options.swarselprofiles.server.moonside = lib.mkEnableOption "is this a moonside server"; - config = lib.mkIf config.swarselprofiles.server.moonside { - swarselmodules = { - general = lib.mkDefault true; - pii = lib.mkDefault true; - home-manager = lib.mkDefault true; - xserver = lib.mkDefault true; - time = lib.mkDefault true; - users = lib.mkDefault true; - impermanence = lib.mkDefault true; - sops = lib.mkDefault true; - boot = lib.mkDefault true; - server = { - general = lib.mkDefault true; - packages = lib.mkDefault true; - nginx = lib.mkDefault true; - ssh = lib.mkDefault true; - oauth2-proxy = lib.mkDefault true; - croc = lib.mkDefault true; - microbin = lib.mkDefault true; - shlink = lib.mkDefault true; - slink = lib.mkDefault true; - syncthing = lib.mkDefault true; - }; - }; - }; - -} diff --git a/profiles/nixos/optionals/default.nix b/profiles/nixos/optionals/default.nix new file mode 100644 index 0000000..ddb7846 --- /dev/null +++ b/profiles/nixos/optionals/default.nix @@ -0,0 +1,20 @@ +{ lib, config, ... }: +{ + options.swarselprofiles.optionals = lib.mkEnableOption "is this a host with optionals"; + config = lib.mkIf config.swarselprofiles.optionals { + swarselmodules = { + optional = { + gaming = lib.mkDefault true; + virtualbox = lib.mkDefault true; + nswitch-rcm = lib.mkDefault true; + }; + }; + + home-manager.users."${config.swarselsystems.mainUser}" = { + swarselprofiles = { + optionals = lib.mkDefault true; + }; + }; + }; + +} diff --git a/profiles/nixos/personal/default.nix b/profiles/nixos/personal/default.nix index 08032d1..f685224 100644 --- a/profiles/nixos/personal/default.nix +++ b/profiles/nixos/personal/default.nix @@ -48,16 +48,8 @@ lanzaboote = lib.mkDefault true; autologin = lib.mkDefault true; boot = lib.mkDefault true; + btrfs = lib.mkDefault true; - optional = { - gaming = lib.mkDefault true; - virtualbox = lib.mkDefault true; - nswitch-rcm = lib.mkDefault true; - }; - - server = { - ssh = lib.mkDefault true; - }; }; home-manager.users."${config.swarselsystems.mainUser}" = { swarselprofiles = { diff --git a/profiles/nixos/reduced/default.nix b/profiles/nixos/reduced/default.nix deleted file mode 100644 index 71bce91..0000000 --- a/profiles/nixos/reduced/default.nix +++ /dev/null @@ -1,61 +0,0 @@ -{ lib, config, ... }: -{ - options.swarselprofiles.reduced = lib.mkEnableOption "is this a reduced personal host"; - config = lib.mkIf config.swarselprofiles.reduced { - swarselmodules = { - packages = lib.mkDefault true; - pii = lib.mkDefault true; - general = lib.mkDefault true; - home-manager = lib.mkDefault true; - xserver = lib.mkDefault true; - users = lib.mkDefault true; - env = lib.mkDefault true; - security = lib.mkDefault true; - systemdTimeout = lib.mkDefault true; - hardware = lib.mkDefault true; - pulseaudio = lib.mkDefault true; - pipewire = lib.mkDefault true; - network = lib.mkDefault true; - time = lib.mkDefault true; - sops = lib.mkDefault true; - stylix = lib.mkDefault true; - programs = lib.mkDefault true; - zsh = lib.mkDefault true; - syncthing = lib.mkDefault true; - blueman = lib.mkDefault true; - networkDevices = lib.mkDefault true; - gvfs = lib.mkDefault true; - interceptionTools = lib.mkDefault true; - swayosd = lib.mkDefault true; - ppd = lib.mkDefault true; - yubikey = lib.mkDefault true; - ledger = lib.mkDefault true; - keyboards = lib.mkDefault true; - login = lib.mkDefault true; - nix-ld = lib.mkDefault true; - impermanence = lib.mkDefault true; - nvd = lib.mkDefault true; - gnome-keyring = lib.mkDefault true; - sway = lib.mkDefault true; - xdg-portal = lib.mkDefault true; - distrobox = lib.mkDefault true; - appimage = lib.mkDefault true; - lid = lib.mkDefault true; - lowBattery = lib.mkDefault true; - lanzaboote = lib.mkDefault true; - autologin = lib.mkDefault true; - boot = lib.mkDefault true; - - server = { - ssh = lib.mkDefault true; - }; - }; - home-manager.users."${config.swarselsystems.mainUser}" = { - swarselprofiles = { - personal = lib.mkDefault true; - }; - }; - - }; - -} diff --git a/profiles/nixos/syncserver/default.nix b/profiles/nixos/syncserver/default.nix deleted file mode 100644 index b511dd5..0000000 --- a/profiles/nixos/syncserver/default.nix +++ /dev/null @@ -1,26 +0,0 @@ -{ lib, config, ... }: -{ - options.swarselprofiles.server.syncserver = lib.mkEnableOption "is this a oci syncserver server"; - config = lib.mkIf config.swarselprofiles.server.syncserver { - swarselmodules = { - general = lib.mkDefault true; - nix-ld = lib.mkDefault true; - pii = lib.mkDefault true; - home-manager = lib.mkDefault true; - xserver = lib.mkDefault true; - time = lib.mkDefault true; - users = lib.mkDefault true; - sops = lib.mkDefault true; - boot = lib.mkDefault true; - server = { - general = lib.mkDefault true; - packages = lib.mkDefault true; - nginx = lib.mkDefault true; - ssh = lib.mkDefault true; - forgejo = lib.mkDefault false; - ankisync = lib.mkDefault false; - }; - }; - }; - -} diff --git a/profiles/nixos/toto/default.nix b/profiles/nixos/toto/default.nix deleted file mode 100644 index 17532b0..0000000 --- a/profiles/nixos/toto/default.nix +++ /dev/null @@ -1,23 +0,0 @@ -{ lib, config, ... }: -{ - options.swarselprofiles.toto = lib.mkEnableOption "is this a toto (setup) host"; - config = lib.mkIf config.swarselprofiles.toto { - swarselmodules = { - general = lib.mkDefault true; - packages = lib.mkDefault true; - home-manager = lib.mkDefault true; - xserver = lib.mkDefault true; - users = lib.mkDefault true; - sops = lib.mkDefault true; - impermanence = lib.mkDefault true; - lanzaboote = lib.mkDefault true; - autologin = lib.mkDefault true; - pii = lib.mkDefault true; - server = { - ssh = lib.mkDefault true; - }; - }; - - }; - -} diff --git a/secrets/repo/pii.nix.enc b/secrets/repo/pii.nix.enc index eac195d..6faa763 100644 --- a/secrets/repo/pii.nix.enc +++ b/secrets/repo/pii.nix.enc @@ -1,5 +1,5 @@ { - "data": "ENC[AES256_GCM,data:tckPw0/+LS1BNoPjmpL4zEWIRoC+YzJMbb+ySOo+q8lVr8P2QZkh7YA0gysZB/9EEL0NvOJrO3z2mMDWHZPtKfnlf0cTbgi8wxpE1Yk1B9gGBOmhSyJSuYNTqSIyZbG3DASG5sbD5DlfPvg5Hv76S/FOv6wvFzamTLMCS9RcoEMUmPZn85iYPKB8ALmmxZBDe53zUKfFv4HSFs/zVFRupXveE30IdbigCi5hTxGR6Y2VzRKM3LIyUSg5Ov/RO2MwzqSOYv8Da2YHRuYmHtb8WcnV3YUDDd7K5J5oOIC6VtHhgeU1nojzePtdB2JtwC9gS1nkvQZ3T7zqjb73ro79OS97Cl12R/cRsMiCR7ijgCZkDLyd4TBSTOSyzxIwsbMjKoWtc7ujsDbguCGAYKA2TdPNZYZHPfIMFWO1HhQI77RvKo1WADG8g1qz5ZE0WwpovEKTY6i/bZOLiTq1c9MLeTN1tqd1BSVaUXvDMQxhK7+2UKwQdCOW+Pl6GbNjbXPRhdG1np0TRZY8gytbgFBEOFbAh2Xoqh+bDnUhd8sax8EylTc+atcH9gxl3fyCegpGo7m/1+L/UUeLsLjBKOdtwISCrkMAATQlutICpyfenpNuBOpZNLiokUzrL1Bj6vfm1yZApWbiM6aGKbaEERrD2wNXeDKBDQwAlFLlM+nvnj5LnM1gHGzepBcghlcwsXaPmf+8HA340EXafeXxMqeEakwtqlH8a3ZSSTx8G0rBeSLcv/q2WSzx+d+cCeDkhExd27h3Nt/bgacIDhtKG/a6W5pNSu4vr9l6StRStzX9A4f1wVug3uV2kMJiYNNQRrzUxJvzQ1Q1SZiRLgrfZFPzN+pkxPF/4qanKiRAIWLAK/5aATPLNug9AVNadGpsOC1o0k9SidG9qgK/ers7fFZhfhjcEGOzlLprjaklNyw+rSfsXMHVuPwkipO/TgxLR2qHdc/SwsWwanFuV4b2PeFK84QdlfosADcrZo2x7ZmK5vKQINXEi3tO09UW1evgr0eomb8nQEwekbRGoq14RfDTn9/UA54Vcpa0WSE/7hicTCWKo7aED+UoP9/ouW10YEOXJG0LfddDUREQPv777foHYZLj3G2J/a1U5CetdJT/Q28qYsFrKiSlgO6otCDaBFi4ZhLZKJyizCVu518AvcwThKKq2ORaRPIzjeyBAXB3v4AesAvsEXbWAx8eGXGMpHer9NpHRcrp8U43lDH571XD4AD2DugzaFZlL+HSbT+/zPNKjhxTvDj9iYy4Y1RrOYlD/pJWDHD7/nGAVdjNz/Z/X3tv+chNM+3i/Oeo7zuq9S75pR6NVHqf0ubeAlVZV+cfXMlyfm0Oo6HXZHP1OjB5ANrxFx+zPfsPo8ZP01PLYUTVqqtUBkZbOEm0nnWO8KTwyQ5QNGIUIRZjZd9C9Qy4gFWTXoHa1PpFnUi5IPt2CB2Lx2GpsT3VE5m91yCovWmzDj+KYzNHFaxspULsLVWe8IA4RwVSoMU/NjriNIGowOR2SVyynotmvdefUBKKC+yR1OG6klcdn8M/0u/oCf/RgcyaiVFqsy9nFqTdiIr6eLNtBdrFNQrZjNTUj6Af2y5q8Z19sj2eo8l96LhwUwG8Noq2bj8LizV/uuc4mqqvp7FpK69xgKCjUhKXcFfhhF2rW1iyOzI6ERINoul+Y+A/gn2MYLKl8NsQJHci8uctf1hIrB2ZCtvflXlsOFdZG3+f+R/yRz7nMkYdpvCcId/uh/MgLalcnt7TVPdb3VqRli2oIWgx/8EGvAbm3XR7QejTroL2HSUNm6VdKmRzbCVVyMEMUgaydYdcghRapTvwxFNlGCz5RHTGqrnEMBlPioAajPZtJOxpevQQnnA5yNf+x7W80kjBH157emqSNLMOyBQ/3qiuf243s8XqeL8rLew+Lv+kNIu8cnGHgpfbFh/PT7xudMGm51wSzLo7/DYl02oGsR7eAY053OVClLnn1RpM3EUOhP2t++gdTz4ss1hW3GZSxTxE5Oxdst5wNZzKjc3S0uWDUDkj6UbiRhcbkdrQD6p0ekxrpAknSQ36Jxh5F8pDpI3cGSocWtAhzw7ENIOnYeCC0NcA2iiYgxWV6JIhPjID21mmj/TkF4i2P7Ptid07w6pDMeBKIxdp3Ccm0vV/zy2HfoBtS9dKq6w131DVl2KpesVGpYwwfUdYMq6S8IBltgjm1EeaiOE6klWIKRJrIY4959X87zmjfSyN6DjlB4ra4aV6WqzF/nf9bzPifF5tTCs5S9L+bUtKfyfe+ohYWAhDcsKGAnnRXp6EHcPh/XYq2zgIXBv54AemYTj3Aaum0MqtHboLFTmzU+7/7nmPV2msc4AAvB5UVKhL9zCYnY5HeiBL7z49Pplas/7btiC/DrkoE9t0EUIPKxT18CZyrT1YvIAShiELHF+jPxQWX4V+qFem4xVXCETavZ9+KCcISRPk9Jy1pXe9w1610tnJjrpL0ylk2UNnH7lFj6UkZhCBCy3jK9QZecdmzRB02I3lpoGaZZp4n85wVv/AcOU7XnzIL0pklhUShGzx/G+VSNwNL6c3etVY1t/IYsTy6lQ52fjih2VHPSeoeok04rf2EooUphrUrxGlYAiWW+aCMxQxAX9NofNx4lhN8FGYCvRiDs2ZHUQZL9kJ9Qp2ofbx0RgvUp8zYACO6Sxm/V1sbL3lLRWkNz+72PLHI8VcvyxGSyAAXiaCgAD/QuJbhrLB7qv8HafThIjoQnJMGyg1A3odEoM8GULgKUiZlrs+t/AEKyRb30WPXEtyqVHC+z1CN1oLdM/KvxHW22SkKRbwXnGjSAmPmoz+OUECqMmuSGhupnYr9WdPq8327fihFWeTYxdWUBk2laDz3zwSt7xjRyCcGg9wnMWoY5dRBbblj1+3Cp+MogqfnHZlyykCtsxrB3v4ZyGkCa1f1LsBuQLo8ABOa6My4uM1rMhNqh6lqffsQ+j2kXApU3aM+Ps9MS/SZBd113D3Q1luPILwh13jm1d0/pCjjHajuzKlmsham1vE2mPgnR8/kqybSxikUYlt1si75pH4NgR0Wq5jv5OFNN1zhLPY7eWrBgQNZbk9tjV4SU2gKc6g/ZljAB0gcJ3QO2rrYJd/Y+9gpzFkdGEKPndPh0HCCEHKmC0jSubBjTTTWUhC1ZXxLgAVx2n9hQovwn+QF9PXSkOZBkdgpSIs15iY7t20V2IlZcQUC0Ybe1q3dED8LMM+S3agftKRYP7wMevDaEjbL5/t3oqaaV9wn9GHufNGjquaJw4LvXcfZr3r9Jw4EcW1rYCSHYhSvWXfbf6sQl35U8RnGcZ7NXypqmHL07sC6Y6YpqCIUo0pOFeQmH6yrUdmY/mw4qJ87dgKdpln9eXLNsUCh/frrbNYoxKe48hJXtOgHtS0rbhlUamHn9hguMHgLK3vs+gYOMUgfVmLk0fSMDdxgCvdhuPy041saIacahLFIoDqpleaFVLGaQ3y6X6fnEJ+SewUh4YzH8cJltee6oFp6rAxHsNmI+pMOrMSwM5lQcOtgw+nuJ6A0tJl5WQDLDM/0AoNTJX13pPryJnDLluo9poji97Xi0S3k/LyhD1SzvMYMVung0fJTWUFnmxAQPB/w7UPFMEVOz9ITd7nrp2I3b6LUv/bagyStwCPXHl0rx4rUFwtrQgGuro9D/QL/HxAowt7G1NQCkSvnQmfAvxxcxbsEWyVccWvoByiCQpLvEi7aL5QwHaoZ9KuGnQIu/kp60I5P9TESoBQnjwZQnOLmoGDK333ItcM7t7bLc1M81QIxIAxorDUY/oSq9/icJx5W5HaKGmdRSaQp6xnayTyUURgJchMaK9K4e3qABG+uVJ/brA4Ta5A9oZk7Xj4xCxLGO1LLZERRFadPu0ygPbkJpdmzOpLYTqidkrke0yS5mrIUB2a+WqzNBiyPIOKsgws0aTTKyJYN0DSDX+9XGPqc209FlPyo/bfh0E/XJ1dzXiL3d7WUBI24onBYXZEw4/qQf1DZXY6E53gaWDeo9ixbdlC1sPcBzXKPt2amATxBXqM5/vfKpsoiLwJa8W9Kycbz6VR62WpJ+YI+csjzjvnhYxu7ap95CKTkf0LDWPCaH8oPehGfAlVMMsRrrOtQXGhbCgR4sHlRw==,iv:eb1zUo51IoJiJ5J7pjj6louhaYE7GfXJmRs8k4chOaE=,tag:FWggP4Q281dGvr8UiJATNw==,type:str]", + "data": "ENC[AES256_GCM,data:bLG1MwMpmQURcD0yquLcu/56Dp7GFz5oKMMcl8Cp1BoGXEBA4iFX9QZjyVzCMcQMl8TMl3iWK2aqjilYcu1mR8GJHWcfH2DYQR4yPGK+kajY2yFKynFoIl46TEUayeNPD9rMrkieQLP3GlkXNHXlKe3CLdH+0GzKDNjMTnwZZ58KOX9vAE1JvWglW2AXDPGtJgBw8uz6nF/6tn96LV3tplRvlKhXbOFqKYI4M2rUz5xG4FlCj6gVErlIUbtGF16smBCi+RsRJUM6yrhroaCakwE6xPSgJ2I40qYPOPybLd6XuxEZLmi8dbKHsTppBt1ZjTFRxhDrSzebFsP+CywxcHOPaPZNWPJQFa67lvdaRdB/2I6WpNQGLsVRQKRAqzZUBSO3aICAFn0BHyvywEn9wuLelyAiqSfTnn2r+VkZwhwzoB+JfdFbuSL05kwPZJDfbTJKYhfiUSltnCv0Qx1IDBgVkMaIYWpKFNAEyf89E0+oS5jHjdc6ZZaWDpQ+7zxllhAHMLNQeiQ0JaRIkf2PKRuqtbrSj88IdQNVcxfInZ3HJiNBPwnrjJAe45PET685FEecyF2RhELyfZH5B6EpxtZ9EtQr9BV+FmXWFbOhTMD9r7wX/ow9A2ZbR/o11OGpM0yEy8x4wlw0rszVemlEouNzJocqu2aklkgGTlwZ1DCQJ9cSHbpKQJ5KncwyqIp7iwfzIqR4bScjLU8+vKX6xJES/KeAxIA1guamOYOlNwoCosBq6CerrEHiIayOe1cDl4L8WJ2GcvG9Yh8sSQYdK7e7gdBD0ZxDtsD0LZCu018eYEQ7Lbe48A7wWpY6mfaOKQHHLlgsbMY0/zUuVz7eYK7Dj0yL3ccr+xleOy3klWutA76rU0kAMjpzK3zD0E+2VeYOmntSXG4C4+DzMix5Kd/aBlwKn328ZRsn7IL2sTI43tEaSlQRFRay/tn0rwsLNOEGRKoBWpQeC4gab4ezSrgUm7NtrTHHlAS8JWLPNS2mR+82xj58avPY5kqqo61M0chfHK49Gb0WXQQV9hXQxqQ340srZwgGckpUgWo1oj0IOTiFyGxrtDl+otEp7Q+i1Rwkh2LzZR66y3KfQA8lxtfRB6a2UpgBc+JIBFjBHRmRAi9U+UMu1G82QX6soweAYE1FEj+EieOew4v8T6xVmEZbTCiN7Y09jcu211TNxVyTgU2M2YbURXITEWXFy6I2zupXsSUm20IB3pywujQjoC/4tXOo6zk4f5U1tq0t+GNrvJWYb4wM8Q6wDHOxn3c442AL9zeNWAzJl4tRG6w8WZI77a42Ahuuz9Fs2GDObmzrRbXrbTfFuyw5pelbmzk8emFeuAM9FTKZoVOYwSIFup2zIa5H5/UFa7YjHyiyPOeloLklQ++36FgejqBoQbHakNrU1G5o7oVwuw73Ea23Xdtxp1kL16hez2GpkW6RIWZUW2y8dx412ph1Dn6rh0lmopc2l+fLYOPL94dlAdv6CafOxZG6R4pZOxJxTTuegytMObbU2yMgiXJW6ehq3/fRyT+2HGb/Wlj+MzGaCq04tRW6VOH1+EuJGspf3jb29ruhmn+kTBOOTns9OdjuqJCcyhgTu/oef18Jt8VDq8m2UVxZxoWLMSPsJlo+yfa0wx0CEWULqhpxJhUPlp30fQGSEQ94uftLnVHPQxYZmXr7mY3PyXmnSco9/HALF5TJEM9wDh65MpPurZHGtqvnFng5BpAdRHJI/+7/KUBX0FltxCgNrA8pY3tf6potqfe9kkjVFmYoDKoH3F53ArxeARABYWz4rA25GUN7mqv/oQiyQdl7juqzMNysQS/UkUi0LKQZWW5CfUkgETC4/YaJCMX3C8gYQxm9SBxbkFGeRE/AEvCFz2EbHFllhiLtOXJq1Unjch5Ay6VVzTAmObmzATR9ol9EAWWuDLod9/eQQLMdrUEc1FMEOGYEm1uX8N8cWNRmC2JS1USaw6HcRka4eEIpnrjLu/9U5fkafFWiQ/RMnbYN3TKZbNY5GUvixu9MkznLIL/GVZrHImBr/5EoQbKckj5wX/7h4XIzLkAqF3ggKfhfOoZQL5jDnyW9vanIPD6vFBR9qzvhC4bEL03tYherdL6ctN1mzkXpcarqCeeExGO2uV5x6sXtWOZI9nFU3o8VXlUjmQXcuEbiSCpTSw+q7npdk9GGxJ2RWQ+OZ/znd2DtabuJ53oD1IYNFd8nhF1nfimfMczzkHb117U4ql4aB3HMNBLfuHBnIWxko5w2EdBOxcAngVRlwe38C8BCZD7rqaxl8w9tSf7neZAfc21x7ShNXBz3jWYKQIzi2czZ4EwJJtBoB3biMUZpqqdYM5j0K5DDEz9/6HAkjtCSeEUfqymgBieslpjubQQ8Pxg9S21+PpGDdvGnEETjngVTZdsMIQeUPE7TAGmAu/N6guYpaHJmMJhMI+NInuc9CYofYv62zECvckF+nxIufTXXPle34a5NXSbfJdiwOJ84R+j+p2buSCCQ6E5Ry9rcUX282GKU85ncdlQ71hKVHa1caovJXUPX7KU7XkAVCflr7UyFKLkL7s9V9o1F5Ca0VzbMIUqeuc81NgjzlL7AO9KVLu3hiUxfm3RrrufXTx+K/ssGbw0DL71SAmo7phTtLhsrYhez774ElKNRHKF1thueOn9lmtwW3ttIf1Pt8JeyPx93brkHuzZ0/jCHK0aoLZwoE8gq16CINh0wWue66X2eUOBomOcb2Hp02UOFgyJwdsuljCS60RSWgGPnqXcSVv2RiSWZimBpLfbytjV0LKvvfzt1jo+9c9YEMF5ikS5wxG5423XGISxJSrnJZDx2i+M+vZeP2dWbSZVDASG2seOprjDj8PJRksyD/Eu7STngsXCifuhIrdOVALfIX6EeiajSxDrCgLlfmb1iXORliT2B8i3UWKPg1+CP2U9P72Z7LXjDA+enx4Nz1J9RleMkuW5R6LVnDg/yDeCOfb2+9iN5DzYAMA+XDcPcnOpSc7M96si2esA7ZpzJNzorniHBcgmF3AVY/8crKOssVOK8odGSGiGNMr3DsYYuJ5/PW1uQYEfY88AYb1QNww5CtcclWE6i2O89bRGIX8/es91h6doyuf8cfgCev9zmmqXW4bQqwFC6ytqaXxTBS2PJWpAI4kkhcISJmCvTaX6o+xyoBEiVMvYfOHPqAULdIragbtoZm0v9lZ4VdwJadcpw8zJHSwRCNGnNuFFrKGlCNicrrJG+T6haLA9+U6CaKJMG6t9xH1KFk5C/SrYN1U/3ggoqIx/wbj/x/5Gad1UDq7eR3+81D6QQIdhvQZZk2rLyz6kIkEYjGfiJQQO6tO1eKG9Cfk0t9H+Q3T04ZHh60fQu+884s24RSrNLwRCJmeGQelvpdJX2ljahJnZvk0fi57SgUv16QUYVufXfmJkibt87qVBQuICY5xorJY0KOFwkqeuY/aCubi2tlIpTn0N5koVn2/CifjNh5kz2SvVb5s6OiAirXz7Jzv74tLt4Z67e6zhsLB0MENC/ARnlDDHqTCQw4PYlQanEbxEhRhWdvhRJWJf8BKiFc9dCNyJ2ifSAom/MGlsBakUEdqRd2m4DcuxjC2j1aRHMJe1dji4Jqfhiub/wSDAJbGM5sH5P2z7+TZF2ZI0GHCJ6Tg6VkJhS3JEOvG2PTarvYq4OIS3TRx0bGmyjekqsek9bZe2xItpFTovQf3+346JFOXtVET5DxLgfqVE+1q+Oj57MFi2FC8tOFklAxZUJoYA03qcBGoDaAuKkObe+jU+ODYgIizU7UuI5Ucimdu8Yk70hFacjXJG/+KXD52ruQNzfMrvzqpvHiXCF6Yzpmg8oeveUJwEoWzZmIYCJc7Fg4Zhcyq4zkWp1xVE2PTAjIyBTnguHsoY8rQ574yx37N0/WIr/WoZ2JjyWOe5GW0Jbb3naz5L+BIfaOsczgRPBv8pbF6qtezr4rFHUncvj9QAI9imUEKhlNt/uq0ZTJfsI/dbzMnvO920pEZV+DRjlOH/cyId2XszaZQhM1B4DUEG15LP1g6yS21JVt8FrWK6KiGWP0SmJApuSBzfrLQ3MOJAHVqLRjHBD3xGFDQCMso7yfJbYfIAkMxlBoYMhU38POY4SutF4Zt3hp9S2UOFidm88XpdUOw+5IzbQEC00bfcb3gEAv+jJusRp3hpUtXEeaXRXrd+uo1p0/c5nGlDeU/VuBoHRkIlZe76PNvLrVkkVA5kpKQLl65/rcRVJR9TF71UJA2zA0LL4ES4Gkp3z,iv:K7mxQXKb0Vfw9dPNcxjjfsn5fu+WQrT45hGI+ziA3Xo=,tag:d3VeFUg9W7VuVZamCcx7iA==,type:str]", "sops": { "age": [ { @@ -27,8 +27,8 @@ "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtU240VjVRZmJ5TGsrclJF\nRXRLbTRCZURtR0Z3d2E2eDNNeGRDODlXVEY4CllTeVFYbDJQWlRSS1RFLzAxSnlM\nZi9NU1c3cWo3YWRLcUJ2U2ZFWFBBVEEKLS0tIGtmZU9qSWdBT3RDeStaaFFDSWtk\ndkUzZXJwZUl4LzVxYXdidmxXRnNnclUKyAMZqCKSY/RQvTR4bbjLaPnGKwdBcHXc\nvtiVSrLdIdzMa6id/J07TJH5UesUmcp0wjU41MDa4aMBLy+cXhuBHA==\n-----END AGE ENCRYPTED FILE-----\n" } ], - "lastmodified": "2025-08-24T23:07:08Z", - "mac": "ENC[AES256_GCM,data:VWywPi7fUajNGqQOBahxe3tJFMZu+jD0eNMXmGZDAmnpev/2Cpsr1QC4SZ9q/jEbT4NNXPjjSa9Aeh6jBZ4jgsrKklkOQ8uu8NF1k37A94dydF+3paDlJBDPWBEOAy5jp04j5TMxmykQF70W5su8MzoBLZwLkOzDfEXw6bGZaMo=,iv:/4vM52F25gHIYxr1xqUM6u9JMsJJ7Yisah+xMCBJ8Rg=,tag:HlLsTGk7hS6tDfgSjEtC+Q==,type:str]", + "lastmodified": "2025-09-18T10:05:03Z", + "mac": "ENC[AES256_GCM,data:8FpGfB2vgSaZ+eddMkLakPXjfx5TbfYrzgjWj3vKJUlGoE6KMRbFnsvWVs9Vku6ia6YKV7qzA6GLpFM36b25CE2uV78BD4VThtahl8ffAGR87HzUdR6hXrDfOluWWGcKgGDlKJ1zSiez0aMdAhbCyKC+phFQl0QnyirsKD3CeVw=,iv:d66S50SmO4yiI48eGxJIPZg3WtosaNYKq+kQ/SFyuD0=,tag:NAVPR0mU0NUP6T6mJdCbkg==,type:str]", "pgp": [ { "created_at": "2025-06-13T20:13:06Z",