-This file has 59294 words spanning 15468 lines and was last revised on 2025-03-26 22:15:27 +0100. +This file has 62553 words spanning 16386 lines and was last revised on 2025-05-24 17:27:46 +0200.
@@ -742,7 +763,7 @@ This section defines my Emacs configuration. For a while, I considered to use ry
-My emacs is built using the emacs-overlay nix flake, which builds a bleeding edge emacs on wayland (pgtk) with utilities like treesitter support. By executing the below source block, the current build setting can be updated at any time, and you can see my most up-to-date build options (last updated: 2025-03-26 22:15:27 +0100) +My emacs is built using the emacs-overlay nix flake, which builds a bleeding edge emacs on wayland (pgtk) with utilities like treesitter support. By executing the below source block, the current build setting can be updated at any time, and you can see my most up-to-date build options (last updated: 2025-05-24 17:27:46 +0200)
@@ -754,7 +775,7 @@ system-configuration-options---prefix=/nix/store/bi0mx16g15cksksm7c5vdvyb0zgmbb36-emacs-git-pgtk-20250311.0 --disable-build-details --with-modules --with-pgtk --with-compress-install --with-toolkit-scroll-bars --with-native-compilation --without-imagemagick --with-mailutils --without-small-ja-dic --with-tree-sitter --without-xinput2 --without-xwidgets --with-dbus --with-selinux +--prefix=/nix/store/igrpvvdnwx413916cslyl8g2dwqa6aq3-emacs-git-pgtk-20250418.0 --disable-build-details --with-modules --with-pgtk --with-compress-install --with-toolkit-scroll-bars --with-native-compilation --without-imagemagick --with-mailutils --without-small-ja-dic --with-tree-sitter --without-xinput2 --without-xwidgets --with-dbus --with-selinux@@ -868,8 +889,9 @@ In
outputs = inputs@ [...], the inputs@ makes it so th
};
inputs = {
- nixpkgs.url = "github:nixos/nixpkgs?rev=5f385baff93c728400d2c4ec8c9b0745b8f9e5b6";
+ nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
nixpkgs-stable.url = "github:NixOS/nixpkgs/nixos-24.11";
+ nixpkgs-stable24_11.url = "github:NixOS/nixpkgs/nixos-24.11";
systems.url = "github:nix-systems/default-linux";
home-manager = {
url = "github:nix-community/home-manager";
@@ -952,8 +974,8 @@ In outputs = inputs@ [...], the inputs@ makes it so th
{
inherit lib;
- nixosModules = import ./modules/nixos { inherit lib; };
- homeModules = import ./modules/home { inherit lib; };
+ # nixosModules = import ./modules/nixos { inherit lib; };
+ # homeModules = import ./modules/home { inherit lib; };
packages = lib.swarselsystems.forEachSystem (pkgs: import ./pkgs { inherit lib pkgs; });
formatter = lib.swarselsystems.forEachSystem (pkgs: pkgs.nixpkgs-fmt);
overlays = import ./overlays { inherit self lib inputs; };
@@ -968,10 +990,11 @@ In outputs = inputs@ [...], the inputs@ makes it so th
];
appSet = lib.swarselsystems.mkApps system appNames self;
in
- {
- inherit appSet;
- default = appSet.bootstrap;
- });
+
+ appSet // {
+ default = appSet.swarsel-bootstrap;
+ }
+ );
devShells = lib.swarselsystems.forAllSystems (system:
let
@@ -1010,7 +1033,6 @@ In outputs = inputs@ [...], the inputs@ makes it so th
diskoConfigurations.default = import .templates/hosts/nixos/disk-config.nix;
-
nixosConfigurations =
lib.swarselsystems.mkFullHostConfigs (lib.swarselsystems.readHosts "nixos") "nixos";
homeConfigurations =
@@ -1128,8 +1150,9 @@ This automatically creates a topology diagram of my configuration.
-nixpkgs.url = "github:nixos/nixpkgs?rev=5f385baff93c728400d2c4ec8c9b0745b8f9e5b6";
+nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
nixpkgs-stable.url = "github:NixOS/nixpkgs/nixos-24.11";
+nixpkgs-stable24_11.url = "github:NixOS/nixpkgs/nixos-24.11";
systems.url = "github:nix-systems/default-linux";
home-manager = {
url = "github:nix-community/home-manager";
@@ -1250,8 +1273,8 @@ They are defined in Overlays (
inherit lib;
-nixosModules = import ./modules/nixos { inherit lib; };
-homeModules = import ./modules/home { inherit lib; };
+# nixosModules = import ./modules/nixos { inherit lib; };
+# homeModules = import ./modules/home { inherit lib; };
packages = lib.swarselsystems.forEachSystem (pkgs: import ./pkgs { inherit lib pkgs; });
formatter = lib.swarselsystems.forEachSystem (pkgs: pkgs.nixpkgs-fmt);
overlays = import ./overlays { inherit self lib inputs; };
@@ -1266,10 +1289,11 @@ apps = lib.swarselsystems.forAllSystems (system:
];
appSet = lib.swarselsystems.mkApps system appNames self;
in
- {
- inherit appSet;
- default = appSet.bootstrap;
- });
+
+ appSet // {
+ default = appSet.swarsel-bootstrap;
+ }
+);
devShells = lib.swarselsystems.forAllSystems (system:
let
@@ -1307,7 +1331,6 @@ checks = lib.swarselsystems.forAllSystems (system:
);
diskoConfigurations.default = import .templates/hosts/nixos/disk-config.nix;
-
{ self, inputs, pkgs, lib, primaryUser, ... }:
let
- profilesPath = "${self}/profiles";
+ modulesPath = "${self}/modules";
sharedOptions = {
isBtrfs = true;
};
@@ -1530,16 +1553,16 @@ in
./hardware-configuration.nix
./disk-config.nix
- "${profilesPath}/nixos/optional/virtualbox.nix"
- # "${profilesPath}/nixos/optional/vmware.nix"
- "${profilesPath}/nixos/optional/autologin.nix"
- "${profilesPath}/nixos/optional/nswitch-rcm.nix"
- "${profilesPath}/nixos/optional/gaming.nix"
+ "${modulesPath}/nixos/optional/virtualbox.nix"
+ # "${modulesPath}/nixos/optional/vmware.nix"
+ "${modulesPath}/nixos/optional/autologin.nix"
+ "${modulesPath}/nixos/optional/nswitch-rcm.nix"
+ "${modulesPath}/nixos/optional/gaming.nix"
inputs.home-manager.nixosModules.home-manager
{
home-manager.users."${primaryUser}".imports = [
- "${profilesPath}/home/optional/gaming.nix"
+ "${modulesPath}/home/optional/gaming.nix"
];
}
];
@@ -1572,15 +1595,6 @@ in
isLaptop = true;
isNixos = true;
cpuCount = 16;
- startup = [
- { command = "nextcloud --background"; }
- { command = "vesktop --start-minimized --enable-speech-dispatcher --ozone-platform-hint=auto --enable-features=WaylandWindowDecorations --enable-wayland-ime"; }
- { command = "element-desktop --hidden --enable-features=UseOzonePlatform --ozone-platform=wayland --disable-gpu-driver-bug-workarounds"; }
- { command = "ANKI_WAYLAND=1 anki"; }
- { command = "OBSIDIAN_USE_WAYLAND=1 obsidian"; }
- { command = "nm-applet"; }
- { command = "feishin"; }
- ];
}
sharedOptions;
}
@@ -1744,232 +1758,79 @@ My work machine. Built for more security, this is the gold standard of my config
{ self, inputs, lib, primaryUser, ... }:
let
secretsDirectory = builtins.toString inputs.nix-secrets;
- profilesPath = "${self}/profiles";
sharedOptions = {
isBtrfs = true;
isLinux = true;
sharescreen = "eDP-2";
+ profiles = {
+ personal = true;
+ work = true;
+ framework = true;
+ };
};
in
{
imports = [
inputs.nixos-hardware.nixosModules.framework-16-7040-amd
- inputs.fw-fanctrl.nixosModules.default
./disk-config.nix
./hardware-configuration.nix
- "${profilesPath}/nixos/optional/virtualbox.nix"
- # "${profilesPath}/nixos/optional/vmware.nix"
- "${profilesPath}/nixos/optional/autologin.nix"
- "${profilesPath}/nixos/optional/nswitch-rcm.nix"
- "${profilesPath}/nixos/optional/gaming.nix"
- "${profilesPath}/nixos/optional/work.nix"
-
- inputs.home-manager.nixosModules.home-manager
- {
- home-manager.users."${primaryUser}".imports = [
- "${profilesPath}/home/optional/gaming.nix"
- "${profilesPath}/home/optional/work.nix"
- ];
- }
];
- networking.networkmanager.wifi.scanRandMacAddress = false;
-
- boot = {
- supportedFilesystems = [ "btrfs" ];
- # kernelPackages = lib.mkDefault pkgs.linuxPackages_latest;
- kernelParams = [
- "resume_offset=533760"
- ];
- resumeDevice = "/dev/disk/by-label/nixos";
- };
-
- hardware = {
- enableAllFirmware = true;
- cpu.amd.updateMicrocode = true;
- amdgpu = {
- opencl.enable = true;
- amdvlk = {
- enable = true;
- support32Bit.enable = true;
- };
- };
- };
-
- programs.fw-fanctrl = {
- enable = true;
- config = {
- defaultStrategy = "lazy";
- };
- };
-
- networking = {
- hostName = lib.swarselsystems.getSecret "${secretsDirectory}/work/worklaptop-hostname";
- fqdn = lib.swarselsystems.getSecret "${secretsDirectory}/work/worklaptop-fqdn";
- firewall.enable = true;
- };
-
-
- services = {
- fwupd = {
- enable = true;
- # framework also uses lvfs-testing, but I do not want to use it
- extraRemotes = [ "lvfs" ];
- };
- udev.extraRules = ''
- # disable Wakeup on Framework Laptop 16 Keyboard (ANSI)
- ACTION=="add", SUBSYSTEM=="usb", ATTRS{idVendor}=="32ac", ATTRS{idProduct}=="0012", ATTR{power/wakeup}="disabled"
- # disable Wakeup on Framework Laptop 16 Numpad Module
- ACTION=="add", SUBSYSTEM=="usb", ATTRS{idVendor}=="32ac", ATTRS{idProduct}=="0014", ATTR{power/wakeup}="disabled"
- # disable Wakeup on Framework Laptop 16 Trackpad
- ACTION=="add", SUBSYSTEM=="i2c", DRIVERS=="i2c_hid_acpi", ATTRS{name}=="PIXA3854:00", ATTR{power/wakeup}="disabled"
- '';
- };
-
swarselsystems = lib.recursiveUpdate
{
+ firewall = lib.mkForce true;
wallpaper = self + /wallpaper/lenovowp.png;
hasBluetooth = true;
hasFingerprint = true;
isImpermanence = false;
isSecureBoot = true;
isCrypted = true;
+ hostName = lib.swarselsystems.getSecret "${secretsDirectory}/work/worklaptop-hostname";
+ fqdn = lib.swarselsystems.getSecret "${secretsDirectory}/work/worklaptop-fqdn";
+ hibernation.offset = 533760;
+ profiles = {
+ amdcpu = true;
+ amdgpu = true;
+ hibernation = true;
+ btrfs = true;
+ };
}
sharedOptions;
- home-manager.users."${primaryUser}".swarselsystems = lib.recursiveUpdate
- {
- isLaptop = true;
- isNixos = true;
- isSecondaryGpu = true;
- SecondaryGpuCard = "pci-0000_03_00_0";
- cpuCount = 16;
- temperatureHwmon = {
- isAbsolutePath = true;
- path = "/sys/devices/virtual/thermal/thermal_zone0/";
- input-filename = "temp4_input";
- };
- startup = [
- { command = "nextcloud --background"; }
- { command = "vesktop --start-minimized --enable-speech-dispatcher --ozone-platform-hint=auto --enable-features=WaylandWindowDecorations --enable-wayland-ime"; }
- { command = "element-desktop --hidden --enable-features=UseOzonePlatform --ozone-platform=wayland --disable-gpu-driver-bug-workarounds"; }
- { command = "ANKI_WAYLAND=1 anki"; }
- { command = "OBSIDIAN_USE_WAYLAND=1 obsidian"; }
- { command = "nm-applet"; }
- { command = "teams-for-linux"; }
- { command = "1password"; }
- { command = "feishin"; }
- ];
- lowResolution = "1280x800";
- highResolution = "2560x1600";
- monitors = {
- main = {
- name = "BOE 0x0BC9 Unknown";
- mode = "2560x1600"; # TEMPLATE
- scale = "1";
- position = "2560,0";
- workspace = "15:L";
- output = "eDP-2";
+ home-manager.users."${primaryUser}" = {
+ home.stateVersion = lib.mkForce "23.05";
+ swarselsystems = lib.recursiveUpdate
+ {
+ isLaptop = true;
+ isNixos = true;
+ isSecondaryGpu = true;
+ SecondaryGpuCard = "pci-0000_03_00_0";
+ cpuCount = 16;
+ temperatureHwmon = {
+ isAbsolutePath = true;
+ path = "/sys/devices/virtual/thermal/thermal_zone0/";
+ input-filename = "temp4_input";
};
- homedesktop = {
- name = "Philips Consumer Electronics Company PHL BDM3270 AU11806002320";
- mode = "2560x1440";
- scale = "1";
- position = "0,0";
- workspace = "1:一";
- output = "DP-11";
+ lowResolution = "1280x800";
+ highResolution = "2560x1600";
+ monitors = {
+ main = {
+ name = "BOE 0x0BC9 Unknown";
+ mode = "2560x1600"; # TEMPLATE
+ scale = "1";
+ position = "2560,0";
+ workspace = "15:L";
+ output = "eDP-2";
+ };
};
- work_back_middle = {
- name = "LG Electronics LG Ultra HD 0x000305A6";
- mode = "2560x1440";
- scale = "1";
- position = "5120,0";
- workspace = "1:一";
- output = "DP-10";
- };
- work_front_left = {
- name = "LG Electronics LG Ultra HD 0x0007AB45";
- mode = "3840x2160";
- scale = "1";
- position = "5120,0";
- workspace = "1:一";
- output = "DP-7";
- };
- work_back_right = {
- name = "HP Inc. HP Z32 CN41212T55";
- mode = "3840x2160";
- scale = "1";
- position = "5120,0";
- workspace = "1:一";
- output = "DP-3";
- };
- work_middle_middle_main = {
- name = "HP Inc. HP 732pk CNC4080YL5";
- mode = "3840x2160";
- scale = "1";
- position = "-1280,0";
- workspace = "11:M";
- output = "DP-8";
- };
- work_middle_middle_side = {
- name = "Hewlett Packard HP Z24i CN44250RDT";
- mode = "1920x1200";
- transform = "270";
- scale = "1";
- position = "-2480,0";
- workspace = "12:S";
- output = "DP-9";
- };
- work_seminary = {
- name = "Applied Creative Technology Transmitter QUATTRO201811";
- mode = "1280x720";
- scale = "1";
- position = "10000,10000"; # i.e. this screen is inaccessible by moving the mouse
- workspace = "14:T";
- output = "DP-4";
- };
- };
- inputs = {
- "12972:18:Framework_Laptop_16_Keyboard_Module_-_ANSI_Keyboard" = {
- xkb_layout = "us";
- xkb_variant = "altgr-intl";
- };
- "1133:45081:MX_Master_2S_Keyboard" = {
- xkb_layout = "us";
- xkb_variant = "altgr-intl";
- };
- "2362:628:PIXA3854:00_093A:0274_Touchpad" = {
- dwt = "enabled";
- tap = "enabled";
- natural_scroll = "enabled";
- middle_emulation = "enabled";
- drag_lock = "disabled";
- };
- "1133:50504:Logitech_USB_Receiver" = {
- xkb_layout = "us";
- xkb_variant = "altgr-intl";
- };
- "1133:45944:MX_KEYS_S" = {
- xkb_layout = "us";
- xkb_variant = "altgr-intl";
- };
- };
- keybindings = {
- "Mod4+Ctrl+Shift+p" = "exec screenshare";
- };
- shellAliases = {
- ans2-15_3-9 = ". ~/.venvs/ansible39_2_15_0/bin/activate";
- ans3-9 = ". ~/.venvs/ansible39/bin/activate";
- ans = ". ~/.venvs/ansible/bin/activate";
- ans2-15 = ". ~/.venvs/ansible2.15.0/bin/activate";
- };
- }
- sharedOptions;
+ }
+ sharedOptions;
+ };
}
@@ -2151,24 +2012,20 @@ This is my main server that I run at home. It handles most tasks that require bi
3.1.2.2.1. Main Configuration
-{ self, inputs, primaryUser, ... }:
+{ lib, primaryUser, ... }:
let
- profilesPath = "${self}/profiles";
+ sharedOptions = {
+ isBtrfs = false;
+ isLinux = true;
+ profiles = {
+ server.local = true;
+ };
+ };
in
{
imports = [
./hardware-configuration.nix
-
- "${profilesPath}/nixos/optional/autologin.nix"
- "${profilesPath}/nixos/server"
-
- inputs.home-manager.nixosModules.home-manager
- {
- home-manager.users."${primaryUser}".imports = [
- "${profilesPath}/home/server"
- ];
- }
];
boot = {
@@ -2184,30 +2041,21 @@ in
firewall.allowedTCPPorts = [ 80 443 ];
};
- swarselsystems = {
- hasBluetooth = false;
- hasFingerprint = false;
- isImpermanence = false;
- isBtrfs = false;
- isLinux = true;
- server = {
- enable = true;
- kavita = true;
- navidrome = true;
- jellyfin = true;
- spotifyd = true;
- mpd = false;
- matrix = true;
- nextcloud = true;
- immich = true;
- paperless = true;
- transmission = true;
- syncthing = true;
- monitoring = true;
- freshrss = true;
- };
- };
+ swarselsystems = lib.recursiveUpdate
+ {
+ isImpermanence = false;
+ isSecureBoot = true;
+ isCrypted = true;
+ }
+ sharedOptions;
+
+ home-manager.users."${primaryUser}" = {
+ home.stateVersion = lib.mkForce "23.05";
+ swarselsystems = lib.recursiveUpdate
+ { }
+ sharedOptions;
+ };
}
@@ -2396,22 +2244,16 @@ All of these are processes that use little cpu but can take a lot of storage. Fo
-{ self, inputs, lib, primaryUser, ... }:
+{ lib, primaryUser, ... }:
let
- profilesPath = "${self}/profiles";
+ sharedOptions = {
+ isBtrfs = false;
+ isLinux = true;
+ };
in
{
imports = [
-
- "${profilesPath}/nixos/server"
./hardware-configuration.nix
-
- inputs.home-manager.nixosModules.home-manager
- {
- home-manager.users."${primaryUser}".imports = [
- "${profilesPath}/home/server"
- ];
- }
];
sops = {
@@ -2446,7 +2288,7 @@ in
};
};
- # system.stateVersion = "23.11"; # TEMPLATE - but probably no need to change
+ system.stateVersion = "23.11"; # TEMPLATE - but probably no need to change
services = {
nginx = {
@@ -2475,19 +2317,23 @@ in
};
};
+ swarselsystems = lib.recursiveUpdate
+ {
+ flakePath = "/root/.dotfiles";
+ isImpermanence = false;
+ isSecureBoot = false;
+ isCrypted = false;
+ profiles = {
+ server.sync = true;
+ };
+ }
+ sharedOptions;
- swarselsystems = {
- hasBluetooth = false;
- hasFingerprint = false;
- isImpermanence = false;
- isLinux = true;
- isBtrfs = false;
- flakePath = "/root/.dotfiles";
- server = {
- enable = true;
- forgejo = true;
- ankisync = true;
- };
+ home-manager.users."${primaryUser}" = {
+ home.stateVersion = lib.mkForce "23.05";
+ swarselsystems = lib.recursiveUpdate
+ { }
+ sharedOptions;
};
}
@@ -2512,41 +2358,36 @@ This is a slim setup for developing base configuration. I do not track the hardw
3.1.4.1.1. Main Configuration
-{ self, inputs, outputs, pkgs, lib, primaryUser, ... }:
+{ self, inputs, pkgs, lib, primaryUser, ... }:
let
- profilesPath = "${self}/profiles";
+ modulesPath = "${self}/modules";
sharedOptions = {
isBtrfs = true;
isLinux = true;
+ profiles = {
+ toto = true;
+ };
};
in
{
imports = [
- "${self}/hosts/nixos/toto/disk-config.nix"
+ ./disk-config.nix
./hardware-configuration.nix
- "${profilesPath}/nixos/optional/autologin.nix"
- "${profilesPath}/nixos/common/settings.nix"
- "${profilesPath}/nixos/common/home-manager.nix"
- "${profilesPath}/nixos/common/home-manager-extra.nix"
- "${profilesPath}/nixos/common/xserver.nix"
- "${profilesPath}/nixos/common/users.nix"
- "${profilesPath}/nixos/common/impermanence.nix"
- "${profilesPath}/nixos/common/lanzaboote.nix"
- "${profilesPath}/nixos/common/sops.nix"
- "${profilesPath}/nixos/server/ssh.nix"
+ "${modulesPath}/nixos/common/sharedsetup.nix"
+ "${modulesPath}/home/common/sharedsetup.nix"
+ "${self}/profiles/nixos"
inputs.home-manager.nixosModules.home-manager
{
home-manager.users."${primaryUser}".imports = [
inputs.sops-nix.homeManagerModules.sops
- "${profilesPath}/home/common/settings.nix"
- "${profilesPath}/home/common/sops.nix"
- "${profilesPath}/home/common/ssh.nix"
- ] ++ (builtins.attrValues outputs.homeModules);
+ "${modulesPath}/home/common/sharedsetup.nix"
+ "${self}/profiles/home"
+ ];
}
- ] ++ (builtins.attrValues outputs.nixosModules) ++ (builtins.attrValues outputs.homeModules);
+ ];
environment.systemPackages = with pkgs; [
@@ -2587,13 +2428,15 @@ in
}
sharedOptions;
- home-manager.users."${primaryUser}".swarselsystems = lib.recursiveUpdate
- {
- isLaptop = false;
- isNixos = true;
- }
- sharedOptions;
-
+ home-manager.users."${primaryUser}" = {
+ home.stateVersion = lib.mkForce "23.05";
+ swarselsystems = lib.recursiveUpdate
+ {
+ isLaptop = false;
+ isNixos = true;
+ }
+ sharedOptions;
+ };
}
@@ -2772,7 +2615,7 @@ Also, an initial bash history is provided to allow for a very quick local deploy
-{ self, pkgs, inputs, outputs, config, lib, modulesPath, primaryUser ? "swarsel", ... }:
+{ self, pkgs, inputs, config, lib, modulesPath, primaryUser ? "swarsel", ... }:
let
pubKeys = lib.filesystem.listFilesRecursive "${self}/secrets/keys/ssh";
in
@@ -2782,22 +2625,29 @@ in
"${modulesPath}/installer/cd-dvd/installation-cd-minimal.nix"
"${modulesPath}/installer/cd-dvd/channel.nix"
- "${self}/profiles/iso/minimal.nix"
+ "${self}/modules/iso/minimal.nix"
+ "${self}/modules/nixos/common/sharedsetup.nix"
+ "${self}/modules/home/common/sharedsetup.nix"
inputs.home-manager.nixosModules.home-manager
{
home-manager.users."${primaryUser}".imports = [
- "${self}/profiles/home/common/settings.nix"
- ] ++ (builtins.attrValues outputs.homeModules);
+ "${self}/modules/home/common/settings.nix"
+ "${self}/modules/home/common/sharedsetup.nix"
+ ];
}
];
- home-manager.users."${primaryUser}".home = {
- file = {
- ".bash_history" = {
- source = self + /programs/bash/.bash_history;
+ home-manager.users."${primaryUser}" = {
+ home = {
+ stateVersion = "23.05";
+ file = {
+ ".bash_history" = {
+ source = self + /programs/bash/.bash_history;
+ };
};
};
+ swarselsystems.modules.general = lib.mkForce true;
};
home-manager.users.root.home = {
stateVersion = "23.05";
@@ -2902,8 +2752,9 @@ This is the "reference implementation" of a setup that runs without NixOS, only
inputs.stylix.homeManagerModules.stylix
inputs.sops-nix.homeManagerModules.sops
inputs.nix-index-database.hmModules.nix-index
- ./profiles/home/common
- ] ++ (builtins.attrValues outputs.homeModules);
+ ./modules/home/common
+ "${self}/modules/home/common/sharedsetup.nix"
+ ];
nixpkgs = {
overlays = [ outputs.overlays.default ];
@@ -2948,12 +2799,21 @@ This is just a demo host. It applies all the configuration found in the common p
I also set the WLR_RENDERER_ALLOW_SOFTWARE=1 to allow this configuration to run in a virtualized environment. I also enable qemuGuest for a smoother experience when testing on QEMU.
-
-
+
+
+3.1.4.4.1. Main configuration
+
-{ self, config, pkgs, lib, primaryUser, ... }:
+{ self, inputs, config, pkgs, lib, primaryUser, ... }:
let
- profilesPath = "${self}/profiles";
+ sharedOptions = {
+ isBtrfs = false;
+ isLinux = true;
+ isPublic = true;
+ profiles = {
+ chaostheatre = true;
+ };
+ };
in
{
@@ -2963,7 +2823,15 @@ in
{
_module.args.diskDevice = config.swarselsystems.rootDisk;
}
- "${profilesPath}/nixos/optional/autologin.nix"
+ "${self}/hosts/nixos/chaostheatre/options.nix"
+ inputs.home-manager.nixosModules.home-manager
+ {
+ home-manager.users."${primaryUser}".imports = [
+ "${self}/modules/home/common/settings.nix"
+ "${self}/hosts/nixos/chaostheatre/options-home.nix"
+ "${self}/modules/home/common/sharedsetup.nix"
+ ];
+ }
];
environment.variables = {
@@ -2984,22 +2852,26 @@ in
};
- swarselsystems = {
- wallpaper = self + /wallpaper/lenovowp.png;
- initialSetup = true;
- isPublic = true;
- isLinux = true;
- isImpermanence = true;
- isCrypted = true;
- isSecureBoot = false;
- isSwap = true;
- swapSize = "4G";
- rootDisk = "/dev/vda";
- };
+ swarselsystems = lib.recursiveUpdate
+ {
+ wallpaper = self + /wallpaper/lenovowp.png;
+ initialSetup = true;
+ isImpermanence = true;
+ isCrypted = true;
+ isSecureBoot = false;
+ isSwap = true;
+ swapSize = "4G";
+ rootDisk = "/dev/vda";
+ }
+ sharedOptions;
- home-manager.users."${primaryUser}".swarselsystems = {
- isNixos = true;
- isPublic = true;
+ home-manager.users."${primaryUser}" = {
+ home.stateVersion = lib.mkForce "23.05";
+ swarselsystems = lib.recursiveUpdate
+ {
+ isNixos = true;
+ }
+ sharedOptions;
};
}
@@ -3008,6 +2880,29 @@ in
+
+3.1.4.4.2. NixOS dummy options configuration
+
+
+_:
+{ }
+
+
+
+
+
+
+3.1.4.4.3. home-manager dummy options configuration
+
+
+_:
+{ }
+
+
+
+
+
+
@@ -4069,10 +3964,6 @@ writeShellApplication {
3.2.1.19. swarsel-rebuild
-
-This program builds a configuration locally.
-
-
set -eo pipefail
@@ -4153,12 +4044,12 @@ if [[ $local_keys != *"${pub_arr[1]}"* ]]; then
sed -i '/nix-secrets = {/,/^[[:space:]]*};/d' flake.nix
sed -i '/vbc-nix = {/,/^[[:space:]]*};/d' flake.nix
sed -i '/[[:space:]]*\/\/ (inputs.vbc-nix.overlays.default final prev)/d' overlays/default.nix
- rm profiles/home/common/env.nix
- rm profiles/home/common/gammastep.nix
- rm profiles/home/common/git.nix
- rm profiles/home/common/mail.nix
- rm profiles/home/common/yubikey.nix
- rm profiles/nixos/common/home-manager-extra.nix
+ rm modules/home/common/env.nix
+ rm modules/home/common/gammastep.nix
+ rm modules/home/common/git.nix
+ rm modules/home/common/mail.nix
+ rm modules/home/common/yubikey.nix
+ rm modules/nixos/common/home-manager-extra.nix
nix flake update vbc-nix
git add .
else
@@ -4190,7 +4081,7 @@ writeShellApplication {
3.2.1.20. swarsel-install
-This program sets up a new NixOS host locally.
+Autoformatting always puts the EOF with indentation, which makes shfmt check fail. When editing this block, unindent them manually.
@@ -4291,12 +4182,42 @@ if [[ $local_keys != *"${pub_arr[1]}"* ]]; then
sed -i '/nix-secrets = {/,/^[[:space:]]*};/d' flake.nix
sed -i '/vbc-nix = {/,/^[[:space:]]*};/d' flake.nix
sed -i '/[[:space:]]*\/\/ (inputs.vbc-nix.overlays.default final prev)/d' overlays/default.nix
- rm profiles/home/common/env.nix
- rm profiles/home/common/gammastep.nix
- rm profiles/home/common/git.nix
- rm profiles/home/common/mail.nix
- rm profiles/home/common/yubikey.nix
- rm profiles/nixos/common/home-manager-extra.nix
+ rm modules/home/common/env.nix
+ rm modules/home/common/gammastep.nix
+ rm modules/home/common/git.nix
+ rm modules/home/common/mail.nix
+ rm modules/home/common/yubikey.nix
+ rm modules/nixos/common/home-manager-extra.nix
+ rm -rf modules/nixos/server
+ rm -rf modules/home/server
+ cat > hosts/nixos/chaostheatre/options.nix << EOF
+ { self, lib, ... }:
+ {
+ options = {
+ swarselsystems = {
+ modules = {
+ home-managerExtra = lib.mkEnableOption "dummy option for chaostheatre";
+ };
+ };
+ };
+ }
+EOF
+ cat > hosts/nixos/chaostheatre/options-home.nix << EOF
+ { self, lib, ... }:
+ {
+ options = {
+ swarselsystems = {
+ modules = {
+ yubikey = lib.mkEnableOption "dummy option for chaostheatre";
+ env = lib.mkEnableOption "dummy option for chaostheatre";
+ git = lib.mkEnableOption "dummy option for chaostheatre";
+ mail = lib.mkEnableOption "dummy option for chaostheatre";
+ gammastep = lib.mkEnableOption "dummy option for chaostheatre";
+ };
+ };
+ };
+ }
+EOF
nix flake update vbc-nix
git add .
else
@@ -4395,10 +4316,6 @@ writeShellApplication {
3.2.1.21. swarsel-postinstall
-
-This program sets up a new NixOS host locally.
-
-
set -eo pipefail
@@ -4493,10 +4410,6 @@ writeShellApplication {
3.2.1.22. t2ts
-
-This script allows for quick git branch switching.
-
-
{ name, writeShellApplication, ... }:
@@ -4515,10 +4428,6 @@ writeShellApplication {
3.2.1.23. ts2t
-
-This script allows for quick git branch switching.
-
-
{ name, writeShellApplication, ... }:
@@ -4537,10 +4446,6 @@ writeShellApplication {
3.2.1.24. vershell
-
-This script allows for quick git branch switching.
-
-
{ name, writeShellApplication, ... }:
@@ -4559,10 +4464,6 @@ writeShellApplication {
3.2.1.25. eontimer
-
-This script allows for quick git branch switching.
-
-
{ lib
, python3
@@ -4762,6 +4663,39 @@ appimageTools.wrapType2 {
}
+
+
+
+
+
+3.2.1.30. sshrm
+
+
+This programs simply runs ssh-keygen on the last host that I tried to ssh into. I need this frequently when working with cloud-init usually.
+
+
+
+HISTFILE="$HOME"/.histfile
+
+last_ssh_cmd=$(grep -E "ssh " "$HISTFILE" | sed -E 's/^: [0-9]+:[0-9]+;//' | grep "^ssh " | tail -1)
+host=$(echo "$last_ssh_cmd" | sed -E 's/.*ssh ([^@ ]+@)?([^ ]+).*/\2/')
+
+if [[ -n $host ]]; then
+ echo "Removing SSH host key for: $host"
+ ssh-keygen -R "$host"
+else
+ echo "No valid SSH command found in history."
+fi
+
+
+
+
+{ self, name, writeShellApplication, openssh }:
+writeShellApplication {
+ inherit name;
+ runtimeInputs = [ openssh ];
+ text = builtins.readFile "${self}/scripts/${name}.sh";
+}
@@ -4784,7 +4718,7 @@ When adding a new entry here, do not forget to add it in the default output of t
let
additions = final: _: import "${self}/pkgs" { pkgs = final; inherit lib; };
- modifications = _: prev: {
+ modifications = final: prev: {
vesktop = prev.vesktop.override {
withSystemVencord = true;
};
@@ -4797,7 +4731,7 @@ let
];
};
- # mgba = final.swarsel-mgba;
+ mgba = final.swarsel-mgba;
retroarch = prev.retroarch.withCores (cores: with cores; [
snes9x # snes
@@ -4821,6 +4755,13 @@ let
};
};
+ nixpkgs-stable24_05 = final: _: {
+ stable24_05 = import inputs.nixpkgs-stable {
+ inherit (final) system;
+ config.allowUnfree = true;
+ };
+ };
+
zjstatus = _: prev: {
zjstatus = inputs.zjstatus.packages.${prev.system}.default;
};
@@ -4833,6 +4774,7 @@ in
(additions final prev)
// (modifications final prev)
// (nixpkgs-stable final prev)
+ // (nixpkgs-stable24_05 final prev)
// (zjstatus final prev)
// (inputs.vbc-nix.overlays.default final prev)
// (inputs.nur.overlays.default final prev)
@@ -4847,7 +4789,7 @@ in
-3.2.3. Modules
+3.2.3. Profiles
In this section I define custom modules under the swarsel attribute. These are mostly used to define settings specific to a host. I keep these settings confined to either home-manager or nixos to maintain compatibility with non-NixOS machines.
@@ -4867,108 +4809,398 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a
{ lib, ... }:
let
- moduleNames = lib.swarselsystems.readNix "modules/nixos";
+ profileNames = lib.swarselsystems.readNix "profiles/nixos";
in
-lib.swarselsystems.mkModules moduleNames "nixos"
+{
+ imports = lib.swarselsystems.mkImports profileNames "profiles/nixos";
+}
+
+
+
+
+3.2.3.1.1. Personal
+
+
+{ lib, config, ... }:
+{
+ options.swarselsystems.profiles.personal = lib.mkEnableOption "is this a personal host";
+ config = lib.mkIf config.swarselsystems.profiles.personal {
+ swarselsystems.modules = {
+ packages = lib.mkDefault true;
+ general = lib.mkDefault true;
+ home-manager = lib.mkDefault true;
+ home-managerExtra = lib.mkDefault true;
+ xserver = lib.mkDefault true;
+ users = lib.mkDefault true;
+ env = lib.mkDefault true;
+ security = lib.mkDefault true;
+ gc = lib.mkDefault true;
+ storeOptimize = lib.mkDefault true;
+ systemdTimeout = lib.mkDefault true;
+ hardware = lib.mkDefault true;
+ pulseaudio = lib.mkDefault true;
+ pipewire = lib.mkDefault true;
+ network = lib.mkDefault true;
+ time = lib.mkDefault true;
+ commonSops = lib.mkDefault true;
+ stylix = lib.mkDefault true;
+ programs = lib.mkDefault true;
+ zsh = lib.mkDefault true;
+ syncthing = lib.mkDefault true;
+ blueman = lib.mkDefault true;
+ networkDevices = lib.mkDefault true;
+ gvfs = lib.mkDefault true;
+ interceptionTools = lib.mkDefault true;
+ swayosd = lib.mkDefault true;
+ ppd = lib.mkDefault true;
+ yubikey = lib.mkDefault true;
+ ledger = lib.mkDefault true;
+ keyboards = lib.mkDefault true;
+ login = lib.mkDefault true;
+ nix-ld = lib.mkDefault true;
+ impermanence = lib.mkDefault true;
+ nvd = lib.mkDefault true;
+ gnome-keyring = lib.mkDefault true;
+ sway = lib.mkDefault true;
+ xdg-portal = lib.mkDefault true;
+ distrobox = lib.mkDefault true;
+ appimage = lib.mkDefault true;
+ lid = lib.mkDefault true;
+ lowBattery = lib.mkDefault true;
+ lanzaboote = lib.mkDefault true;
+
+ optional = {
+ gaming = lib.mkDefault true;
+ virtualbox = lib.mkDefault true;
+ autologin = lib.mkDefault true;
+ nswitch-rcm = lib.mkDefault true;
+ };
+ };
+
+ };
+
+}
-
-3.2.3.1.1. Hardware
-
-
-This lets me set some basic flags about the hardware of the configured systems.
-
-
+
+
+3.2.3.1.2. Chaostheatre
+
-{ lib, ... }:
-
+{ lib, config, ... }:
{
- options.swarselsystems = {
- hasBluetooth = lib.mkEnableOption "bluetooth availability";
- hasFingerprint = lib.mkEnableOption "fingerprint sensor availability";
- trackpoint = {
- isAvailable = lib.mkEnableOption "trackpoint availability";
- trackpoint.device = lib.mkOption {
- type = lib.types.str;
- default = "";
+ options.swarselsystems.profiles.chaostheatre = lib.mkEnableOption "is this a chaostheatre host";
+ config = lib.mkIf config.swarselsystems.profiles.chaostheatre {
+ swarselsystems.modules = {
+ packages = lib.mkDefault true;
+ general = lib.mkDefault true;
+ home-manager = lib.mkDefault true;
+ home-managerExtra = lib.mkDefault false;
+ xserver = lib.mkDefault true;
+ users = lib.mkDefault true;
+ env = lib.mkDefault true;
+ security = lib.mkDefault true;
+ gc = lib.mkDefault true;
+ storeOptimize = lib.mkDefault true;
+ systemdTimeout = lib.mkDefault true;
+ hardware = lib.mkDefault true;
+ pulseaudio = lib.mkDefault true;
+ pipewire = lib.mkDefault true;
+ network = lib.mkDefault true;
+ time = lib.mkDefault true;
+ commonSops = lib.mkDefault true;
+ stylix = lib.mkDefault true;
+ programs = lib.mkDefault true;
+ zsh = lib.mkDefault true;
+ syncthing = lib.mkDefault true;
+ blueman = lib.mkDefault true;
+ networkDevices = lib.mkDefault true;
+ gvfs = lib.mkDefault true;
+ interceptionTools = lib.mkDefault true;
+ swayosd = lib.mkDefault true;
+ ppd = lib.mkDefault true;
+ yubikey = lib.mkDefault true;
+ ledger = lib.mkDefault true;
+ keyboards = lib.mkDefault true;
+ login = lib.mkDefault true;
+ nix-ld = lib.mkDefault true;
+ impermanence = lib.mkDefault true;
+ nvd = lib.mkDefault true;
+ gnome-keyring = lib.mkDefault true;
+ sway = lib.mkDefault true;
+ xdg-portal = lib.mkDefault true;
+ distrobox = lib.mkDefault true;
+ appimage = lib.mkDefault true;
+ lid = lib.mkDefault true;
+ lowBattery = lib.mkDefault true;
+ lanzaboote = lib.mkDefault true;
+
+ optional = {
+ autologin = lib.mkDefault true;
+ };
+ };
+
+ };
+
+}
+
+
+
+
+
+
+3.2.3.1.3. toto
+
+
+{ lib, config, ... }:
+{
+ options.swarselsystems.profiles.toto = lib.mkEnableOption "is this a toto (setup) host";
+ config = lib.mkIf config.swarselsystems.profiles.toto {
+ swarselsystems.modules = {
+ general = lib.mkDefault true;
+ home-manager = lib.mkDefault true;
+ home-managerExtra = lib.mkDefault true;
+ xserver = lib.mkDefault true;
+ users = lib.mkDefault true;
+ commonSops = lib.mkDefault true;
+ impermanence = lib.mkDefault true;
+ lanzaboote = lib.mkDefault true;
+ server = {
+ ssh = lib.mkDefault true;
+ };
+ optional = {
+ autologin = lib.mkDefault true;
+ };
+ };
+
+ };
+
+}
+
+
+
+
+
+
+3.2.3.1.4. Work
+
+
+{ lib, config, ... }:
+{
+ options.swarselsystems.profiles.work = lib.mkEnableOption "is this a work host";
+ config = lib.mkIf config.swarselsystems.profiles.work {
+ swarselsystems.modules = {
+ optional = {
+ work = lib.mkDefault true;
+ };
+ };
+
+ };
+
+}
+
+
+
+
+
+
+3.2.3.1.5. Framework
+
+
+{ lib, config, ... }:
+{
+ options.swarselsystems.profiles.framework = lib.mkEnableOption "is this a framework brand host";
+ config = lib.mkIf config.swarselsystems.profiles.framework {
+ swarselsystems.modules = {
+ optional = {
+ framework = lib.mkDefault true;
+ };
+ };
+
+ };
+
+}
+
+
+
+
+
+
+3.2.3.1.6. AMD CPU
+
+
+{ lib, config, ... }:
+{
+ options.swarselsystems.profiles.amdcpu = lib.mkEnableOption "is this a host with amd cpu";
+ config = lib.mkIf config.swarselsystems.profiles.amdcpu {
+ swarselsystems.modules = {
+ optional = {
+ amdcpu = lib.mkDefault true;
+ };
+ };
+
+ };
+
+}
+
+
+
+
+
+
+3.2.3.1.7. AMD GPU
+
+
+{ lib, config, ... }:
+{
+ options.swarselsystems.profiles.amdgpu = lib.mkEnableOption "is this a host with amd gpu";
+ config = lib.mkIf config.swarselsystems.profiles.amdgpu {
+ swarselsystems.modules = {
+ optional = {
+ amdgpu = lib.mkDefault true;
+ };
+ };
+
+ };
+
+}
+
+
+
+
+
+
+3.2.3.1.8. Hibernation
+
+
+{ lib, config, ... }:
+{
+ options.swarselsystems.profiles.hibernation = lib.mkEnableOption "is this a host using hibernation";
+ config = lib.mkIf config.swarselsystems.profiles.hibernation {
+ swarselsystems.modules = {
+ optional = {
+ hibernation = lib.mkDefault true;
+ };
+ };
+
+ };
+
+}
+
+
+
+
+
+
+3.2.3.1.9. BTRFS
+
+
+{ lib, config, ... }:
+{
+ options.swarselsystems.profiles.btrfs = lib.mkEnableOption "is this a host using btrfs";
+ config = lib.mkIf config.swarselsystems.profiles.btrfs {
+ swarselsystems.modules = {
+ optional = {
+ btrfs = lib.mkDefault true;
+ };
+ };
+
+ };
+
+}
+
+
+
+
+
+
+3.2.3.1.10. Local Server
+
+
+{ lib, config, ... }:
+{
+ options.swarselsystems.profiles.server.local = lib.mkEnableOption "is this a local server";
+ config = lib.mkIf config.swarselsystems.profiles.server.local {
+ swarselsystems = {
+ modules = {
+ general = lib.mkDefault true;
+ nix-ld = lib.mkDefault true;
+ home-manager = lib.mkDefault true;
+ home-managerExtra = lib.mkDefault true;
+ xserver = lib.mkDefault true;
+ gc = lib.mkDefault true;
+ storeOptimize = lib.mkDefault true;
+ time = lib.mkDefault true;
+ users = lib.mkDefault true;
+ server = {
+ general = lib.mkDefault true;
+ packages = lib.mkDefault true;
+ sops = lib.mkDefault true;
+ nfs = lib.mkDefault true;
+ nginx = lib.mkDefault true;
+ ssh = lib.mkDefault true;
+ kavita = lib.mkDefault true;
+ jellyfin = lib.mkDefault true;
+ navidrome = lib.mkDefault true;
+ spotifyd = lib.mkDefault true;
+ mpd = lib.mkDefault true;
+ matrix = lib.mkDefault true;
+ nextcloud = lib.mkDefault true;
+ immich = lib.mkDefault true;
+ paperless = lib.mkDefault true;
+ transmission = lib.mkDefault true;
+ syncthing = lib.mkDefault true;
+ monitoring = lib.mkDefault true;
+ emacs = lib.mkDefault true;
+ freshrss = lib.mkDefault true;
+ };
};
};
};
+
}
+
-
-3.2.3.1.2. Setup
-
-
-I usually use mutableUsers = false in my NixOS configuration. However, on a new system where sops-keys have not been deployed, this would immediately lock me out of the system. Hence this flag can be used until sops-keys are created.
-
-
+
+3.2.3.1.11. OCI Sync Server
+
-{ lib, ... }:
+{ lib, config, ... }:
{
- options.swarselsystems = {
- withHomeManager = lib.mkOption {
- type = lib.types.bool;
- default = true;
- };
- isSwap = lib.mkOption {
- type = lib.types.bool;
- default = true;
- };
- swapSize = lib.mkOption {
- type = lib.types.str;
- default = "8G";
- };
- rootDisk = lib.mkOption {
- type = lib.types.str;
- default = "";
- };
- isCrypted = lib.mkEnableOption "uses full disk encryption";
- initialSetup = lib.mkEnableOption "initial setup (no sops keys available)";
-
- isImpermanence = lib.mkEnableOption "use impermanence on this system";
- isSecureBoot = lib.mkEnableOption "use secure boot on this system";
- };
-}
-
-
-
-
-
-3.2.3.1.3. Server
-
-
-{ lib, ... }:
-{
- options.swarselsystems = {
- server = {
- enable = lib.mkEnableOption "is a server machine";
- kavita = lib.mkEnableOption "enable kavita on server";
- jellyfin = lib.mkEnableOption "enable jellyfin on server";
- navidrome = lib.mkEnableOption "enable navidrome on server";
- spotifyd = lib.mkEnableOption "enable spotifyd on server";
- mpd = lib.mkEnableOption "enable mpd on server";
- matrix = lib.mkEnableOption "enable matrix on server";
- nextcloud = lib.mkEnableOption "enable nextcloud on server";
- immich = lib.mkEnableOption "enable immich on server";
- paperless = lib.mkEnableOption "enable paperless on server";
- transmission = lib.mkEnableOption "enable transmission and friends on server";
- syncthing = lib.mkEnableOption "enable syncthing on server";
- restic = lib.mkEnableOption "enable restic backups on server";
- monitoring = lib.mkEnableOption "enable monitoring on server";
- jenkins = lib.mkEnableOption "enable jenkins on server";
- emacs = lib.mkEnableOption "enable emacs server on server";
- forgejo = lib.mkEnableOption "enable forgejo on server";
- ankisync = lib.mkEnableOption "enable ankisync on server";
- freshrss = lib.mkEnableOption "enable freshrss on server";
+ options.swarselsystems.profiles.server.sync = lib.mkEnableOption "is this a oci sync server";
+ config = lib.mkIf config.swarselsystems.profiles.server.sync {
+ swarselsystems = {
+ modules = {
+ general = lib.mkDefault true;
+ nix-ld = lib.mkDefault true;
+ home-manager = lib.mkDefault true;
+ home-managerExtra = lib.mkDefault true;
+ xserver = lib.mkDefault true;
+ gc = lib.mkDefault true;
+ storeOptimize = lib.mkDefault true;
+ time = lib.mkDefault true;
+ users = lib.mkDefault true;
+ server = {
+ general = lib.mkDefault true;
+ packages = lib.mkDefault true;
+ sops = lib.mkDefault true;
+ nfs = lib.mkDefault true;
+ nginx = lib.mkDefault true;
+ ssh = lib.mkDefault true;
+ forgejo = lib.mkDefault true;
+ ankisync = lib.mkDefault true;
+ };
+ };
};
};
+
}
+
@@ -4984,640 +5216,226 @@ This holds modules that are to be used on most hosts. These are also the most im
{ lib, ... }:
let
- moduleNames = lib.swarselsystems.readNix "modules/home";
-in
-lib.swarselsystems.mkModules moduleNames "home"
-
-
-
-
-3.2.3.2.1. Laptop
-
-
-Laptops are not always plugged in, so they should show a battery icon in Waybar. Also, most laptops have a touchpad which usually needs to be configured:
-
-
-- Tapping should be enabled.
-- The touchpad should be disabled while typing (
dwt option).
-- Natural scrolling should be enabled.
-- Tag-and-drag lock should be disbled - it gets in my way too much.
-
-
-
-{ lib, config, ... }:
-{
- options.swarselsystems = {
- isLaptop = lib.mkEnableOption "laptop host";
- };
-
- config.swarselsystems = {
- touchpad = lib.mkIf config.swarselsystems.isLaptop {
- "type:touchpad" = {
- dwt = "enabled";
- tap = "enabled";
- natural_scroll = "enabled";
- middle_emulation = "enabled";
- drag_lock = "disabled";
- };
- };
- waybarModules = lib.mkIf config.swarselsystems.isLaptop [
- "custom/outer-left-arrow-dark"
- "mpris"
- "custom/left-arrow-light"
- "network"
- "custom/vpn"
- "custom/left-arrow-dark"
- "pulseaudio"
- "custom/left-arrow-light"
- "battery"
- "custom/left-arrow-dark"
- "group/hardware"
- "custom/left-arrow-light"
- "clock#2"
- "custom/left-arrow-dark"
- "clock#1"
- ];
- };
-}
-
-
-
-
-
-3.2.3.2.2. Hardware
-
-
-This section is mostly used to deliver the correct information to Waybar. AMD systems have changing hwmon paths that can be specifically set here. Also the cpu count can be set here for Waybars cpu module, but 8 is usually a good setting to show
-
-
-
-to get the info for the secondary gpu, use `lspci -nn | grep VGA`
-It can be set to either:
-
-
-- a number, selecting the n-th non-default GPU
-- a PCI bus id in the form
pci-XXX_YY_ZZ_U
-- a PCI id in the form
vendor_id:device_id
-
-
-
-{ lib, ... }:
-{
- options.swarselsystems = {
- cpuCount = lib.mkOption {
- type = lib.types.int;
- default = 8;
- };
- isSecondaryGpu = lib.mkEnableOption "device has a secondary GPU";
- SecondaryGpuCard = lib.mkOption {
- type = lib.types.str;
- default = "";
- };
- temperatureHwmon = {
- isAbsolutePath = lib.mkEnableOption "absolute temperature path";
- path = lib.mkOption {
- type = lib.types.str;
- default = "";
- };
- input-filename = lib.mkOption {
- type = lib.types.str;
- default = "";
- };
- };
- };
-}
-
-
-
-
-
-3.2.3.2.3. Waybar
-
-
-These are explicit waybar options. Laptops do not need the battery module. However, this leads to a slight problem with theming: my waybar modules alternate their background-color between black and grey. The battery module is usually on grey background. If I were to simply delete that, I would now have two modules on black background. To avoid this, I define a pseudo-module custom/pseudobat that simply shows a static image and calls wlogout on right click. This wastes a little bit of screen space, but that is a price I am willing to pay for consistency.
-
-
-
-The most part of this configuration is done here: Waybar
-
-
-
-{ lib, config, ... }:
-let
- generateIcons = n: lib.concatStringsSep " " (builtins.map (x: "{icon" + toString x + "}") (lib.range 0 (n - 1)));
+ profileNames = lib.swarselsystems.readNix "profiles/home";
in
{
- options.swarselsystems = {
- cpuString = lib.mkOption {
- type = lib.types.str;
- default = generateIcons config.swarselsystems.cpuCount;
- description = "The generated icons string for use by Waybar.";
- internal = true;
- };
- waybarModules = lib.mkOption {
- type = lib.types.listOf lib.types.str;
- default = [
- "custom/outer-left-arrow-dark"
- "mpris"
- "custom/left-arrow-light"
- "network"
- "custom/vpn"
- "custom/left-arrow-dark"
- "pulseaudio"
- "custom/left-arrow-light"
- "custom/pseudobat"
- "battery"
- "custom/left-arrow-dark"
- "group/hardware"
- "custom/left-arrow-light"
- "clock#2"
- "custom/left-arrow-dark"
- "clock#1"
- ];
- };
- };
+ imports = lib.swarselsystems.mkImports profileNames "profiles/home";
}
-
-
-3.2.3.2.4. Monitors
-
-
-This allows me to define my monitors in the machine's default.nix.
-
-
-
-{ lib, ... }:
-{
- options.swarselsystems = {
- monitors = lib.mkOption {
- type = lib.types.attrsOf (lib.types.attrsOf lib.types.str);
- default = { };
- };
- sharescreen = lib.mkOption {
- type = lib.types.str;
- default = "";
- };
- lowResolution = lib.mkOption {
- type = lib.types.str;
- default = "";
- };
- highResolution = lib.mkOption {
- type = lib.types.str;
- default = "";
- };
- };
-}
-
-
-
-
-
-3.2.3.2.5. Input
-
-
-This allows me to configure input options. Here, I am globally defining my split keyboards. Then, I am joining some attribute sets so that they can be easier used in the rest of the configurations.
-
-
+
+3.2.3.2.1. Personal
+
{ lib, config, ... }:
{
- options.swarselsystems = {
- inputs = lib.mkOption {
- type = lib.types.attrsOf (lib.types.attrsOf lib.types.str);
- default = { };
- };
- kyria = lib.mkOption {
- type = lib.types.attrsOf (lib.types.attrsOf lib.types.str);
- default = {
- "36125:53060:splitkb.com_splitkb.com_Kyria_rev3" = {
- xkb_layout = "us";
- xkb_variant = "altgr-intl";
- };
- "7504:24926:Kyria_Keyboard" = {
- xkb_layout = "us";
- xkb_variant = "altgr-intl";
- };
+ options.swarselsystems.profiles.personal = lib.mkEnableOption "is this a personal host";
+ config = lib.mkIf config.swarselsystems.profiles.personal {
+ swarselsystems.modules = {
+ packages = lib.mkDefault true;
+ ownpackages = lib.mkDefault true;
+ general = lib.mkDefault true;
+ nixgl = lib.mkDefault true;
+ sops = lib.mkDefault true;
+ yubikey = lib.mkDefault true;
+ ssh = lib.mkDefault true;
+ stylix = lib.mkDefault true;
+ desktop = lib.mkDefault true;
+ symlink = lib.mkDefault true;
+ env = lib.mkDefault true;
+ programs = lib.mkDefault true;
+ nix-index = lib.mkDefault true;
+ passwordstore = lib.mkDefault true;
+ direnv = lib.mkDefault true;
+ eza = lib.mkDefault true;
+ git = lib.mkDefault true;
+ fuzzel = lib.mkDefault true;
+ starship = lib.mkDefault true;
+ kitty = lib.mkDefault true;
+ zsh = lib.mkDefault true;
+ zellij = lib.mkDefault true;
+ tmux = lib.mkDefault true;
+ mail = lib.mkDefault true;
+ emacs = lib.mkDefault true;
+ waybar = lib.mkDefault true;
+ firefox = lib.mkDefault true;
+ gnome-keyring = lib.mkDefault true;
+ kdeconnect = lib.mkDefault true;
+ mako = lib.mkDefault true;
+ swayosd = lib.mkDefault true;
+ yubikeytouch = lib.mkDefault true;
+ sway = lib.mkDefault true;
+ kanshi = lib.mkDefault true;
+ gpgagent = lib.mkDefault true;
+ gammastep = lib.mkDefault true;
+
+ optional = {
+ gaming = lib.mkDefault true;
};
};
- touchpad = lib.mkOption {
- type = lib.types.attrsOf (lib.types.attrsOf lib.types.str);
- default = { };
- };
- standardinputs = lib.mkOption {
- type = lib.types.attrsOf (lib.types.attrsOf lib.types.str);
- default = lib.recursiveUpdate (lib.recursiveUpdate config.swarselsystems.touchpad config.swarselsystems.kyria) config.swarselsystems.inputs;
- internal = true;
- };
- keybindings = lib.mkOption {
- type = lib.types.attrsOf lib.types.str;
- default = { };
- };
- shellAliases = lib.mkOption {
- type = lib.types.attrsOf lib.types.str;
- default = { };
- };
};
+
}
+
-
-3.2.3.2.6. Nixos
-
-
-These are some extra options that will be used if the machine also runs NixOS. For example, non-NixOS hosts need nixGL prepended to most graphic commands, and swayfx works less nicely on these machines.
-
-
+
+3.2.3.2.2. Chaostheatre
+
{ lib, config, ... }:
{
- options.swarselsystems = {
- isNixos = lib.mkEnableOption "nixos host";
- isPublic = lib.mkEnableOption "is a public machine (no secrets)";
- swayfxConfig = lib.mkOption {
- type = lib.types.str;
- default = "
- blur enable
- blur_xray disable
- blur_passes 1
- blur_radius 1
- shadows enable
- corner_radius 2
- titlebar_separator disable
- default_dim_inactive 0.02
- ";
- internal = true;
+ options.swarselsystems.profiles.chaostheatre = lib.mkEnableOption "is this a chaostheatre host";
+ config = lib.mkIf config.swarselsystems.profiles.chaostheatre {
+ swarselsystems.modules = {
+ packages = lib.mkDefault true;
+ ownpackages = lib.mkDefault true;
+ general = lib.mkDefault true;
+ nixgl = lib.mkDefault true;
+ sops = lib.mkDefault true;
+ yubikey = lib.mkDefault false;
+ ssh = lib.mkDefault true;
+ stylix = lib.mkDefault true;
+ desktop = lib.mkDefault true;
+ symlink = lib.mkDefault true;
+ env = lib.mkDefault false;
+ programs = lib.mkDefault true;
+ nix-index = lib.mkDefault true;
+ direnv = lib.mkDefault true;
+ eza = lib.mkDefault true;
+ git = lib.mkDefault false;
+ fuzzel = lib.mkDefault true;
+ starship = lib.mkDefault true;
+ kitty = lib.mkDefault true;
+ zsh = lib.mkDefault true;
+ zellij = lib.mkDefault true;
+ tmux = lib.mkDefault true;
+ mail = lib.mkDefault false;
+ emacs = lib.mkDefault true;
+ waybar = lib.mkDefault true;
+ firefox = lib.mkDefault true;
+ gnome-keyring = lib.mkDefault true;
+ kdeconnect = lib.mkDefault true;
+ mako = lib.mkDefault true;
+ swayosd = lib.mkDefault true;
+ yubikeytouch = lib.mkDefault true;
+ sway = lib.mkDefault true;
+ kanshi = lib.mkDefault true;
+ gpgagent = lib.mkDefault true;
+ gammastep = lib.mkDefault false;
};
};
- config.swarselsystems = {
- startup = lib.mkIf (!config.swarselsystems.isNixos) [
- { command = "sleep 60 && nixGL nextcloud --background"; }
- { command = "sleep 60 && nixGL vesktop --start-minimized -enable-features=UseOzonePlatform -ozone-platform=wayland"; }
- { command = "sleep 60 && nixGL syncthingtray --wait"; }
- { command = "sleep 60 && ANKI_WAYLAND=1 nixGL anki"; }
- { command = "nm-applet --indicator"; }
- { command = "sleep 60 && OBSIDIAN_USE_WAYLAND=1 nixGL obsidian -enable-features=UseOzonePlatform -ozone-platform=wayland"; }
- { command = "sleep 60 && element-desktop --hidden -enable-features=UseOzonePlatform -ozone-platform=wayland --disable-gpu-driver-bug-workarounds"; }
- ];
- swayfxConfig = lib.mkIf (!config.swarselsystems.isNixos) " ";
- };
-}
-
-
-
-
-
-3.2.3.2.7. setup
-
-
-Provides settings related to nix-darwin systems. At the moment, I am only making use of a isDarwin flag.
-
-
-
-{ lib, ... }:
-{
- options.swarselsystems = {
- isDarwin = lib.mkEnableOption "darwin host";
- isLinux = lib.mkEnableOption "whether this is a linux machine";
- mainUser = lib.mkOption {
- type = lib.types.str;
- default = "swarsel";
- };
- homeDir = lib.mkOption {
- type = lib.types.str;
- default = "/home/swarsel";
- };
- xdgDir = lib.mkOption {
- type = lib.types.str;
- default = "/run/user/1000";
- };
- flakePath = lib.mkOption {
- type = lib.types.str;
- default = "/home/swarsel/.dotfiles";
- };
- };
-}
-
-
-
-
-
-3.2.3.2.8. System startup
-
-
-This defines programs I want to have starting when I start the system
-
-
-
-Part of the startup is also defined in Sway. The distinction is as follows. As this configuration also needs to work on systems that are running only home manager, I probably need to run nixGL or something similar on those systems to get these graphic apps to display properly. In this section we only define such graphical programs, in the other location we only put shell applications and such.
-
-
-
-These other apps currently include:
-
-
-- spotifytui
-- kitty
-
-
-
-Do not that syncthingtray is also not mentioned here. It is installed as a home manager package that automatically starts at system start.
-
-
-
-{ lib, ... }:
-{
- options.swarselsystems = {
- startup = lib.mkOption {
- type = lib.types.listOf (lib.types.attrsOf lib.types.str);
- default = [
- { command = "nextcloud --background"; }
- { command = "vesktop --start-minimized --enable-speech-dispatcher --ozone-platform-hint=auto --enable-features=WaylandWindowDecorations --enable-wayland-ime"; }
- { command = "element-desktop --hidden --enable-features=UseOzonePlatform --ozone-platform=wayland --disable-gpu-driver-bug-workarounds"; }
- { command = "ANKI_WAYLAND=1 anki"; }
- { command = "OBSIDIAN_USE_WAYLAND=1 obsidian"; }
- { command = "nm-applet"; }
- { command = "feishin"; }
- ];
- };
- };
-}
-
-
-
-
-
-3.2.3.2.9. Wallpaper
-
-
-Again, I set the wallpaper here for stylix.
-
-
-
-{ self, lib, ... }:
-{
- options.swarselsystems = {
- wallpaper = lib.mkOption {
- type = lib.types.path;
- default = self + /wallpaper/lenovowp.png;
- };
- };
}
-
-3.2.3.2.10. Filesystem
-
-
-Another duplicated option for the filesystem.
-
-
+
+3.2.3.2.3. toto
+
-{ lib, ... }:
+{ lib, config, ... }:
{
- options.swarselsystems = {
- isBtrfs = lib.mkEnableOption "use btrfs filesystem";
+ options.swarselsystems.profiles.toto = lib.mkEnableOption "is this a toto (setup) host";
+ config = lib.mkIf config.swarselsystems.profiles.toto {
+ swarselsystems.modules = {
+ general = lib.mkDefault true;
+ sops = lib.mkDefault true;
+ ssh = lib.mkDefault true;
+ };
};
+
}
+
-
-3.2.3.2.11. firefox
-
-
-At work I am using several services that are using SSO login - however, as I am using four different accounts at work, this becomes a chore here. Hence, I have defined multiple profiles in Work that are all practically using the same configuration. To save screen space, I template that profile here.
-Set in firefox about:config > toolkit.legacyUserProfileCustomizations.stylesheets to true. This should in principle be set automatically using the below config, but it seems not to be working reliably
-
-
+
+3.2.3.2.4. Work
+
-{ self, lib, pkgs, ... }:
-let
- lock-false = {
- Value = false;
- Status = "locked";
- };
- lock-true = {
- Value = true;
- Status = "locked";
- };
-in
+{ lib, config, ... }:
{
- options.swarselsystems = {
- firefox = lib.mkOption {
- type = lib.types.attrs;
- default = {
- isDefault = false;
- userChrome = builtins.readFile "${self}/programs/firefox/chrome/userChrome.css";
- extensions = {
- packages = with pkgs.nur.repos.rycee.firefox-addons; [
- tridactyl
- tampermonkey
- sidebery
- browserpass
- clearurls
- darkreader
- enhancer-for-youtube
- istilldontcareaboutcookies
- translate-web-pages
- ublock-origin
- reddit-enhancement-suite
- sponsorblock
- web-archives
- onepassword-password-manager
- single-file
- widegithub
- enhanced-github
- unpaywall
- don-t-fuck-with-paste
- plasma-integration
- (buildFirefoxXpiAddon {
- pname = "shortkeys";
- version = "4.0.2";
- addonId = "Shortkeys@Shortkeys.com";
- url = "https://addons.mozilla.org/firefox/downloads/file/3673761/shortkeys-4.0.2.xpi";
- sha256 = "c6fe12efdd7a871787ac4526eea79ecc1acda8a99724aa2a2a55c88a9acf467c";
- meta = with lib;
- {
- description = "Easily customizable custom keyboard shortcuts for Firefox. To configure this addon go to Addons (ctrl+shift+a) ->Shortkeys ->Options. Report issues here (please specify that the issue is found in Firefox): https://github.com/mikecrittenden/shortkeys";
- mozPermissions = [
- "tabs"
- "downloads"
- "clipboardWrite"
- "browsingData"
- "storage"
- "bookmarks"
- "sessions"
- "<all_urls>"
- ];
- platforms = platforms.all;
- };
- })
- ];
- };
-
- settings =
- {
- "extensions.autoDisableScopes" = 0;
- "browser.bookmarks.showMobileBookmarks" = lock-true;
- "toolkit.legacyUserProfileCustomizations.stylesheets" = lock-true;
- "browser.search.suggest.enabled" = lock-false;
- "browser.search.suggest.enabled.private" = lock-false;
- "browser.urlbar.suggest.searches" = lock-false;
- "browser.urlbar.showSearchSuggestionsFirst" = lock-false;
- "browser.topsites.contile.enabled" = lock-false;
- "browser.newtabpage.activity-stream.feeds.section.topstories" = lock-false;
- "browser.newtabpage.activity-stream.feeds.snippets" = lock-false;
- "browser.newtabpage.activity-stream.section.highlights.includePocket" = lock-false;
- "browser.newtabpage.activity-stream.section.highlights.includeBookmarks" = lock-false;
- "browser.newtabpage.activity-stream.section.highlights.includeDownloads" = lock-false;
- "browser.newtabpage.activity-stream.section.highlights.includeVisited" = lock-false;
- "browser.newtabpage.activity-stream.showSponsored" = lock-false;
- "browser.newtabpage.activity-stream.system.showSponsored" = lock-false;
- "browser.newtabpage.activity-stream.showSponsoredTopSites" = lock-false;
- };
-
- search = {
- # default = "Kagi";
- default = "Google";
- # privateDefault = "Kagi";
- privateDefault = "Google";
- engines = {
- "Kagi" = {
- urls = [{
- template = "https://kagi.com/search";
- params = [
- { name = "q"; value = "{searchTerms}"; }
- ];
- }];
- iconUpdateURL = "https://kagi.com/favicon.ico";
- updateInterval = 24 * 60 * 60 * 1000; # every day
- definedAliases = [ "@k" ];
- };
-
- "Nix Packages" = {
- urls = [{
- template = "https://search.nixos.org/packages";
- params = [
- { name = "type"; value = "packages"; }
- { name = "query"; value = "{searchTerms}"; }
- ];
- }];
- icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg";
- definedAliases = [ "@np" ];
- };
-
- "NixOS Wiki" = {
- urls = [{
- template = "https://nixos.wiki/index.php?search={searchTerms}";
- }];
- iconUpdateURL = "https://nixos.wiki/favicon.png";
- updateInterval = 24 * 60 * 60 * 1000; # every day
- definedAliases = [ "@nw" ];
- };
-
- "NixOS Options" = {
- urls = [{
- template = "https://search.nixos.org/options";
- params = [
- { name = "query"; value = "{searchTerms}"; }
- ];
- }];
-
- icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg";
- definedAliases = [ "@no" ];
- };
-
- "Home Manager Options" = {
- urls = [{
- template = "https://home-manager-options.extranix.com/";
- params = [
- { name = "query"; value = "{searchTerms}"; }
- ];
- }];
-
- icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg";
- definedAliases = [ "@hm" "@ho" "@hmo" ];
- };
-
- "Google".metaData.alias = "@g";
- };
- force = true; # this is required because otherwise the search.json.mozlz4 symlink gets replaced on every firefox restart
- };
+ options.swarselsystems.profiles.work = lib.mkEnableOption "is this a work host";
+ config = lib.mkIf config.swarselsystems.profiles.work {
+ swarselsystems.modules = {
+ optional = {
+ work = lib.mkDefault true;
};
};
};
}
+
-
-3.2.3.2.12. stylix
-
+
+3.2.3.2.5. Framework
+
-{ self, lib, pkgs, ... }:
+{ lib, config, ... }:
{
- options.swarselsystems = {
- stylix = lib.mkOption {
- type = lib.types.attrs;
- default = {
- enable = true;
- base16Scheme = "${self}/programs/stylix/swarsel.yaml";
- polarity = "dark";
- opacity.popups = 0.5;
- cursor = {
- package = pkgs.banana-cursor;
- # package = pkgs.capitaine-cursors;
- name = "Banana";
- # name = "capitaine-cursors";
- size = 16;
- };
- fonts = {
- sizes = {
- terminal = 10;
- applications = 11;
- };
- serif = {
- # package = (pkgs.nerdfonts.override { fonts = [ "FiraMono" "FiraCode"]; });
- package = pkgs.cantarell-fonts;
- # package = pkgs.montserrat;
- name = "Cantarell";
- # name = "FiraCode Nerd Font Propo";
- # name = "Montserrat";
- };
- sansSerif = {
- # package = (pkgs.nerdfonts.override { fonts = [ "FiraMono" "FiraCode"]; });
- package = pkgs.cantarell-fonts;
- # package = pkgs.montserrat;
- name = "Cantarell";
- # name = "FiraCode Nerd Font Propo";
- # name = "Montserrat";
- };
- monospace = {
- package = pkgs.nerd-fonts.fira-mono; # has overrides
- name = "FiraCode Nerd Font Mono";
- };
- emoji = {
- package = pkgs.noto-fonts-emoji;
- name = "Noto Color Emoji";
- };
- };
+ options.swarselsystems.profiles.framework = lib.mkEnableOption "is this a framework brand host";
+ config = lib.mkIf config.swarselsystems.profiles.framework {
+ swarselsystems.modules = {
+ optional = {
+ framework = lib.mkDefault true;
+ };
+ };
+
+ };
+
+}
+
+
+
+
+
+
+3.2.3.2.6. Darwin
+
+
+{ lib, config, ... }:
+{
+ options.swarselsystems.profiles.darwin = lib.mkEnableOption "is this a darwin host";
+ config = lib.mkIf config.swarselsystems.profiles.darwin {
+ swarselsystems.modules = {
+ general = lib.mkDefault true;
+ };
+ };
+
+}
+
+
+
+
+
+
+3.2.3.2.7. Local Server
+
+
+{ lib, config, ... }:
+{
+ options.swarselsystems.profiles.server.local = lib.mkEnableOption "is this a local server";
+ config = lib.mkIf config.swarselsystems.profiles.server.local {
+ swarselsystems.modules = {
+ general = lib.mkDefault true;
+ server = {
+ dotfiles = lib.mkDefault true;
};
};
};
}
+
@@ -5680,6 +5498,13 @@ in
}
);
+ mkTrueOption = lib.mkOption {
+ type = lib.types.bool;
+ default = true;
+ };
+
+ mkStrong = lib.mkOverride 60;
+
getSecret = filename: lib.strings.trim (builtins.readFile "${filename}");
forEachSystem = f: lib.genAttrs (import systems) (system: f lib.swarselsystems.pkgsFor.${system});
@@ -5697,46 +5522,50 @@ in
inputs.sops-nix.nixosModules.sops
inputs.impermanence.nixosModules.impermanence
inputs.lanzaboote.nixosModules.lanzaboote
+ inputs.fw-fanctrl.nixosModules.default
"${self}/hosts/${type}/${host}"
{
_module.args.primaryUser = linuxUser;
}
] ++
- (if (host == "toto" || host == "iso") then [ ] else
+ (if (host == "iso") then [ ] else
([
# put nixos imports here that are for all servers and normal hosts
inputs.nix-topology.nixosModules.default
- ] ++
- (if (host == "winters" || host == "sync") then [ ] else [
- # put nixos imports here that are for all normal hosts
- "${self}/profiles/${type}/common"
+ "${self}/modules/${type}/common"
inputs.stylix.nixosModules.stylix
inputs.nswitch-rcm-nix.nixosModules.nswitch-rcm
- ]) ++ (if (type == "nixos") then [
+ ] ++ (if (type == "nixos") then [
inputs.home-manager.nixosModules.home-manager
+ "${self}/profiles/nixos"
+ "${self}/modules/nixos/server"
+ "${self}/modules/nixos/optional"
{
- home-manager.users."${linuxUser}".imports = (
- if (host == "winters" || host == "sync") then [ ] else [
- # put home-manager imports here that are for all normal hosts
- "${self}/profiles/home/common"
- ]
- ) ++ [
- # put home-manager imports here that are for all servers and normal hosts
+ home-manager.users."${linuxUser}".imports = [
+ # put home-manager imports here that are for all normal hosts
inputs.sops-nix.homeManagerModules.sops
inputs.nix-index-database.hmModules.nix-index
- ] ++ (builtins.attrValues outputs.homeModules);
+ "${self}/modules/home/common"
+ "${self}/modules/home/server"
+ "${self}/modules/home/optional"
+ "${self}/profiles/home"
+ ];
}
] else [
# put nixos imports here that are for darwin hosts
- "${self}/profiles/darwin/nixos/common"
+ "${self}/modules/darwin/nixos/common"
+ "${self}/profiles/darwin"
inputs.home-manager.darwinModules.home-manager
{
home-manager.users."${macUser}".imports = [
# put home-manager imports here that are for darwin hosts
- "${self}/profiles/darwin/home"
- ] ++ (builtins.attrValues outputs.homeModules);
+ "${self}/modules/darwin/home"
+ "${self}/modules/home/server"
+ "${self}/modules/home/optional"
+ "${self}/profiles/home"
+ ];
}
- ]) ++ (builtins.attrValues outputs.nixosModules) ++ (builtins.attrValues outputs.homeModules)
+ ])
));
};
};
@@ -5767,6 +5596,9 @@ in
value = {
type = "app";
program = "${self.packages.${system}.${name}}/bin/${name}";
+ meta = {
+ description = "Custom app ${name}.";
+ };
};
})
names);
@@ -5786,6 +5618,13 @@ in
})
names);
+ mkProfiles = names: type: builtins.listToAttrs (map
+ (name: {
+ inherit name;
+ value = import "${self}/profiles/${type}/${name}";
+ })
+ names);
+
mkTemplates = names: builtins.listToAttrs (map
(name: {
inherit name;
@@ -5836,27 +5675,63 @@ This section is for setting things that should be used on hosts that are using t
-{ lib, ... }:
+{ self, lib, ... }:
let
- importNames = lib.swarselsystems.readNix "profiles/nixos/common";
+ importNames = lib.swarselsystems.readNix "modules/nixos/common";
+ modulesPath = "${self}/modules";
in
{
- imports = lib.swarselsystems.mkImports importNames "profiles/nixos/common";
-
- nixpkgs.config.permittedInsecurePackages = [
- "jitsi-meet-1.0.8043"
- "electron-29.4.6"
- "SDL_ttf-2.0.11"
+ imports = lib.swarselsystems.mkImports importNames "modules/nixos/common" ++ [
+ "${modulesPath}/home/common/sharedsetup.nix"
];
+
}
+
+
+
+
+
+3.3.1.2. Shared Configuration Options
+
+
+I usually use mutableUsers = false in my NixOS configuration. However, on a new system where sops-keys have not been deployed, this would immediately lock me out of the system. Hence this flag can be used until sops-keys are created.
+
+
+
+{ lib, ... }:
+{
+ options.swarselsystems = {
+ withHomeManager = lib.mkOption {
+ type = lib.types.bool;
+ default = true;
+ };
+ isSwap = lib.mkOption {
+ type = lib.types.bool;
+ default = true;
+ };
+ swapSize = lib.mkOption {
+ type = lib.types.str;
+ default = "8G";
+ };
+ rootDisk = lib.mkOption {
+ type = lib.types.str;
+ default = "";
+ };
+ isCrypted = lib.mkEnableOption "uses full disk encryption";
+ initialSetup = lib.mkEnableOption "initial setup (no sops keys available)";
+
+ isImpermanence = lib.mkEnableOption "use impermanence on this system";
+ isSecureBoot = lib.mkEnableOption "use secure boot on this system";
+ };
+}
-3.3.1.2. General NixOS settings (stateVersion)
+3.3.1.3. General NixOS settings (stateVersion)
We disable the warnings that trigger when rebuilding with a dirty flake. At this point, I am also disabling channels and pinning the flake registry - the latter lets me use the local version of nixpkgs for commands like nix shell (without it, we will always download the newest version of nixpkgs for these commands).
@@ -5899,190 +5774,150 @@ A breakdown of the flags being set:
{ lib, config, outputs, inputs, ... }:
{
-
- nixpkgs = {
- overlays = [ outputs.overlays.default ];
- config = {
- allowUnfree = true;
- };
- };
-
- nix =
- let
- flakeInputs = lib.filterAttrs (_: lib.isType "flake") inputs;
- in
- {
- settings = {
- experimental-features = [
- "nix-command"
- "flakes"
- "ca-derivations"
- "cgroups"
- "pipe-operators"
- ];
- trusted-users = [ "@wheel" "${config.swarselsystems.mainUser}" ];
- connect-timeout = 5;
- bash-prompt-prefix = "[33m$SHLVL:\\w [0m";
- bash-prompt = "$(if [[ $? -gt 0 ]]; then printf \"[31m\"; else printf \"[32m\"; fi)\[\e[1m\]λ\[\e[0m\] [0m";
- fallback = true;
- min-free = 128000000;
- max-free = 1000000000;
- flake-registry = "";
- auto-optimise-store = true;
- warn-dirty = false;
- max-jobs = 1;
- use-cgroups = lib.mkIf config.swarselsystems.isLinux true;
+ options.swarselsystems.modules.general = lib.mkEnableOption "general nix settings";
+ config = lib.mkIf config.swarselsystems.modules.general {
+ nixpkgs = {
+ overlays = [ outputs.overlays.default ];
+ config = {
+ allowUnfree = true;
};
- channel.enable = false;
- registry = lib.mapAttrs (_: flake: { inherit flake; }) flakeInputs;
- nixPath = lib.mapAttrsToList (n: _: "${n}=flake:${n}") flakeInputs;
};
+ nix =
+ let
+ flakeInputs = lib.filterAttrs (_: lib.isType "flake") inputs;
+ in
+ {
+ settings = {
+ experimental-features = [
+ "nix-command"
+ "flakes"
+ "ca-derivations"
+ "cgroups"
+ "pipe-operators"
+ ];
+ trusted-users = [ "@wheel" "${config.swarselsystems.mainUser}" ];
+ connect-timeout = 5;
+ bash-prompt-prefix = "[33m$SHLVL:\\w [0m";
+ bash-prompt = "$(if [[ $? -gt 0 ]]; then printf \"[31m\"; else printf \"[32m\"; fi)\[\e[1m\]λ\[\e[0m\] [0m";
+ fallback = true;
+ min-free = 128000000;
+ max-free = 1000000000;
+ flake-registry = "";
+ auto-optimise-store = true;
+ warn-dirty = false;
+ max-jobs = 1;
+ use-cgroups = lib.mkIf config.swarselsystems.isLinux true;
+ };
+ channel.enable = false;
+ registry = lib.mapAttrs (_: flake: { inherit flake; }) flakeInputs;
+ nixPath = lib.mapAttrsToList (n: _: "${n}=flake:${n}") flakeInputs;
+ };
- system.stateVersion = lib.mkDefault "23.05";
-
+ system.stateVersion = lib.mkDefault "23.05";
+ };
}
-3.3.1.3. System Packages
+3.3.1.4. System Packages
Mostly used to install some compilers and lsp's that I want to have available when not using a devShell flake. Most other packages should go in Installed packages.
-{ pkgs, ... }:
+{ lib, config, pkgs, ... }:
{
- environment.systemPackages = with pkgs; [
- # yubikey packages
- gnupg
- yubikey-personalization
- yubikey-personalization-gui
- yubico-pam
- yubioath-flutter
- yubikey-manager
- yubikey-manager-qt
- yubikey-touch-detector
- yubico-piv-tool
- cfssl
- pcsctools
- pcscliteWithPolkit.out
+ options.swarselsystems.modules.packages = lib.mkEnableOption "install packages";
+ config = lib.mkIf config.swarselsystems.modules.packages {
+ environment.systemPackages = with pkgs; [
+ # yubikey packages
+ gnupg
+ yubikey-personalization
+ yubikey-personalization-gui
+ yubico-pam
+ yubioath-flutter
+ yubikey-manager
+ yubikey-touch-detector
+ yubico-piv-tool
+ cfssl
+ pcsctools
+ pcscliteWithPolkit.out
- # ledger packages
- ledger-live-desktop
+ # ledger packages
+ ledger-live-desktop
- # pinentry
- dbus
- swaylock-effects
- syncthingtray-minimal
- wl-mirror
+ # pinentry
+ dbus
+ swaylock-effects
+ syncthingtray-minimal
+ wl-mirror
+ swayosd
- # secure boot
- sbctl
+ # secure boot
+ sbctl
- libsForQt5.qt5.qtwayland
+ libsForQt5.qt5.qtwayland
- # nix package database
- nix-index
- nixos-generators
+ # nix package database
+ nix-index
+ nixos-generators
- # commit hooks
- pre-commit
+ # commit hooks
+ pre-commit
- # proc info
- acpi
+ # proc info
+ acpi
- # pci info
- pciutils
- usbutils
+ # pci info
+ pciutils
+ usbutils
- # better make for general tasks
- just
+ # better make for general tasks
+ just
- screenshare
- fullscreen
+ screenshare
+ fullscreen
- # keyboards
- qmk
- vial
- via
+ # keyboards
+ qmk
+ vial
+ via
- # theme related
- adwaita-icon-theme
+ # theme related
+ adwaita-icon-theme
- # kde-connect
- xdg-desktop-portal
- xdg-desktop-portal-wlr
+ # kde-connect
+ xdg-desktop-portal
+ xdg-desktop-portal-wlr
- # bluetooth
- bluez
+ # bluetooth
+ bluez
+ ghostscript_headless
+ wireguard-tools
+ nixd
+ zig
+ zls
+ ansible-language-server
- # lsp-related -------------------------------
- # nix
- # latex
- # texlab
- ghostscript_headless
- # wireguard
- wireguard-tools
- # rust
- # rust-analyzer
- # clippy
- # rustfmt
- # go
- # go
- # gopls
- # nix
- nixd
- # zig
- zig
- zls
- # cpp
- # clang-tools
- # + cuda
- # cudatoolkit
- # ansible
- # ansible-lint
- ansible-language-server
- # molecule
- #lsp-bridge / python
- # gcc
- # gdb
- # (python3.withPackages (ps: with ps; [ jupyter ipython pyqt5 epc orjson sexpdata six setuptools paramiko numpy pandas scipy matplotlib requests debugpy flake8 gnureadline python-lsp-server ]))
- # (python3.withPackages(ps: with ps; [ jupyter ipython pyqt5 numpy pandas scipy matplotlib requests debugpy flake8 gnureadline python-lsp-server]))
- # --------------------------------------------
+ ];
- # (stdenv.mkDerivation {
- # name = "oama";
-
- # src = pkgs.fetchurl {
- # name = "oama";
- # url = "https://github.com/pdobsan/oama/releases/download/0.13.1/oama-0.13.1-Linux-x86_64-static.tgz";
- # sha256 = "sha256-OTdCObVfnMPhgZxVtZqehgUXtKT1iyqozdkPIV+i3Gc=";
- # };
-
- # phases = [
- # "unpackPhase"
- # ];
-
- # unpackPhase = ''
- # mkdir -p $out/bin
- # tar xvf $src -C $out/
- # mv $out/oama-0.13.1-Linux-x86_64-static/oama $out/bin/
- # '';
-
- # })
-
- ];
+ nixpkgs.config.permittedInsecurePackages = [
+ "jitsi-meet-1.0.8043"
+ "electron-29.4.6"
+ "SDL_ttf-2.0.11"
+ ];
+ };
}
-3.3.1.4. Setup home-manager base
+3.3.1.5. Setup home-manager base
We enable the use of home-manager as a NixoS module. A nice trick here is the extraSpecialArgs = inputs line, which enables the use of seflf in most parts of the configuration. This is useful to refer to the root of the flake (which is otherwise quite hard while maintaining flake purity).
@@ -6091,10 +5926,14 @@ We enable the use of home-manager as a NixoS module. A nice trick h
{ inputs, config, lib, ... }:
{
- home-manager = lib.mkIf config.swarselsystems.withHomeManager {
- useGlobalPkgs = true;
- useUserPackages = true;
- extraSpecialArgs = { inherit (inputs) self; };
+
+ options.swarselsystems.modules.home-manager = lib.mkEnableOption "home-manager";
+ config = lib.mkIf config.swarselsystems.modules.home-manager {
+ home-manager = lib.mkIf config.swarselsystems.withHomeManager {
+ useGlobalPkgs = true;
+ useUserPackages = true;
+ extraSpecialArgs = { inherit (inputs) self; };
+ };
};
}
@@ -6102,7 +5941,7 @@ We enable the use of home-manager as a NixoS module. A nice trick h
-3.3.1.5. Setup home-manager specialArgs
+3.3.1.6. Setup home-manager specialArgs
This sets up the nix-secrets extraSpeciaArgs. This should not be present on the chaostheatre configuration, which is why I split this section into its own file, which makes removal easier when setting that system up.
@@ -6111,8 +5950,11 @@ This sets up the nix-secrets extraSpeciaArgs. This should not be pr
{ inputs, config, lib, ... }:
{
- home-manager = lib.mkIf config.swarselsystems.withHomeManager {
- extraSpecialArgs = { inherit (inputs) nix-secrets nixgl; };
+ options.swarselsystems.modules.home-managerExtra = lib.mkEnableOption "home-manager extras for non-chaostheatre";
+ config = lib.mkIf config.swarselsystems.modules.home-managerExtra {
+ home-manager = lib.mkIf config.swarselsystems.withHomeManager {
+ extraSpecialArgs = { inherit (inputs) nix-secrets nixgl; };
+ };
};
}
@@ -6120,19 +5962,22 @@ This sets up the nix-secrets extraSpeciaArgs. This should not be pr
-3.3.1.6. Setup login keymap
+3.3.1.7. Setup login keymap
Next, we setup the keymap in case we are not in a graphical session. At this point, I always resort to us/altgr-intl, as it is comfortable to use and I do not write too much German anyways.
-_:
+{ lib, config, ... }:
{
- services.xserver = {
- xkb = {
- layout = "us";
- variant = "altgr-intl";
+ options.swarselsystems.modules.xserver = lib.mkEnableOption "xserver keymap";
+ config = lib.mkIf config.swarselsystems.modules.packages {
+ services.xserver = {
+ xkb = {
+ layout = "us";
+ variant = "altgr-intl";
+ };
};
};
}
@@ -6141,7 +5986,7 @@ Next, we setup the keymap in case we are not in a graphical session. At this poi
-3.3.1.7. User setup, Make users non-mutable
+3.3.1.8. User setup, Make users non-mutable
This ensures that all user-configuration happens here in the config file.
@@ -6155,17 +6000,20 @@ For that reason, make sure that sops-nix is properly working before
{ pkgs, config, lib, ... }:
{
- sops.secrets.swarseluser = lib.mkIf (!config.swarselsystems.isPublic) { neededForUsers = true; };
+ options.swarselsystems.modules.users = lib.mkEnableOption "user config";
+ config = lib.mkIf config.swarselsystems.modules.users {
+ sops.secrets.swarseluser = lib.mkIf (!config.swarselsystems.isPublic) { neededForUsers = true; };
- users = {
- mutableUsers = lib.mkIf (!config.swarselsystems.initialSetup) false;
- users."${config.swarselsystems.mainUser}" = {
- isNormalUser = true;
- description = "Leon S";
- password = lib.mkIf config.swarselsystems.initialSetup "setup";
- hashedPasswordFile = lib.mkIf (!config.swarselsystems.initialSetup) config.sops.secrets.swarseluser.path;
- extraGroups = [ "networkmanager" "syncthing" "docker" "wheel" "lp" "audio" "video" "vboxusers" "libvirtd" "scanner" ];
- packages = with pkgs; [ ];
+ users = {
+ mutableUsers = lib.mkIf (!config.swarselsystems.initialSetup) false;
+ users."${config.swarselsystems.mainUser}" = {
+ isNormalUser = true;
+ description = "Leon S";
+ password = lib.mkIf config.swarselsystems.initialSetup "setup";
+ hashedPasswordFile = lib.mkIf (!config.swarselsystems.initialSetup) config.sops.secrets.swarseluser.path;
+ extraGroups = [ "networkmanager" "syncthing" "docker" "wheel" "lp" "audio" "video" "vboxusers" "libvirtd" "scanner" ];
+ packages = with pkgs; [ ];
+ };
};
};
}
@@ -6174,80 +6022,87 @@ For that reason, make sure that sops-nix is properly working before
-3.3.1.8. Environment setup
+3.3.1.9. Environment setup
Next, we will setup some environment variables that need to be set on the system-side. We apply some compatibility options for chromium apps on wayland, enable the wordlist and make metadata reading possible for my file explorer (nautilus).
-{ lib, pkgs, ... }:
+{ lib, config, pkgs, ... }:
{
- environment = {
- wordlist.enable = true;
- sessionVariables = {
- NIXOS_OZONE_WL = "1";
- GST_PLUGIN_SYSTEM_PATH_1_0 = lib.makeSearchPathOutput "lib" "lib/gstreamer-1.0" (with pkgs.gst_all_1; [
- gst-plugins-good
- gst-plugins-bad
- gst-plugins-ugly
- gst-libav
- ]);
+ options.swarselsystems.modules.env = lib.mkEnableOption "environment config";
+ config = lib.mkIf config.swarselsystems.modules.env {
+ environment = {
+ wordlist.enable = true;
+ sessionVariables = {
+ NIXOS_OZONE_WL = "1";
+ GST_PLUGIN_SYSTEM_PATH_1_0 = lib.makeSearchPathOutput "lib" "lib/gstreamer-1.0" (with pkgs.gst_all_1; [
+ gst-plugins-good
+ gst-plugins-bad
+ gst-plugins-ugly
+ gst-libav
+ ]);
+ };
};
};
- # gstreamer plugins for nautilus (used for file metadata)
}
-3.3.1.9. Security
+3.3.1.10. Security
Needed for control over system-wide privileges etc. Also I make sure that the root user has access to SSH_AUTH_SOCK (without this, root will not be able to read my nix-secrets repository).
-_:
+{ lib, config, ... }:
{
+ options.swarselsystems.modules.security = lib.mkEnableOption "security config";
+ config = lib.mkIf config.swarselsystems.modules.security {
- security = {
- pam.services = {
- login.u2fAuth = true;
- sudo.u2fAuth = true;
- swaylock.u2fAuth = true;
- swaylock.fprintAuth = false;
+ security = {
+ pam.services = {
+ login.u2fAuth = true;
+ sudo.u2fAuth = true;
+ swaylock.u2fAuth = true;
+ swaylock.fprintAuth = false;
+ };
+ polkit.enable = true;
+
+ sudo.extraConfig = ''
+ Defaults env_keep+=SSH_AUTH_SOCK
+ Defaults env_keep+=XDG_RUNTIME_DIR
+ Defaults env_keep+=WAYLAND_DISPLAY
+ '';
};
- polkit.enable = true;
-
- sudo.extraConfig = ''
- Defaults env_keep+=SSH_AUTH_SOCK
- Defaults env_keep+=XDG_RUNTIME_DIR
- Defaults env_keep+=WAYLAND_DISPLAY
- '';
};
-
}
-3.3.1.10. Enable automatic garbage collection
+3.3.1.11. Enable automatic garbage collection
The nix store fills up over time, until /boot/efi is filled. This snippet cleans it automatically on a weekly basis.
-_:
+{ lib, config, ... }:
{
- nix.gc = {
- automatic = true;
- randomizedDelaySec = "14m";
- dates = "weekly";
- options = "--delete-older-than 10d";
+ options.swarselsystems.modules.gc = lib.mkEnableOption "garbage collection config";
+ config = lib.mkIf config.swarselsystems.modules.gc {
+ nix.gc = {
+ automatic = true;
+ randomizedDelaySec = "14m";
+ dates = "weekly";
+ options = "--delete-older-than 10d";
+ };
};
}
@@ -6255,18 +6110,21 @@ The nix store fills up over time, until /boot/efi is filled. This s
-3.3.1.11. Enable automatic store optimisation
+3.3.1.12. Enable automatic store optimisation
This enables hardlinking identical files in the nix store, to save on disk space. I have read this incurs a significant I/O overhead, I need to keep an eye on this.
-_:
+{ lib, config, ... }:
{
- nix.optimise = {
- automatic = true;
- dates = [ "weekly" ];
+ options.swarselsystems.modules.storeOptimize = lib.mkEnableOption "store optimization config";
+ config = lib.mkIf config.swarselsystems.modules.storeOptimize {
+ nix.optimise = {
+ automatic = true;
+ dates = [ "weekly" ];
+ };
};
}
@@ -6275,27 +6133,30 @@ This enables hardlinking identical files in the nix store, to save on disk space
-3.3.1.12. Reduce systemd timeouts
+3.3.1.13. Reduce systemd timeouts
There is a persistent bug over Linux kernels that makes the user wait 1m30s on system shutdown due to the reason a stop job is running for session 1 of user .... I do not want to wait that long and am confident no important data is lost by doing this.
-_:
+{ lib, config, ... }:
{
- # systemd
- systemd.extraConfig = ''
- DefaultTimeoutStartSec=60s
- DefaultTimeoutStopSec=15s
- '';
+ options.swarselsystems.modules.systemdTimeout = lib.mkEnableOption "systemd timeout config";
+ config = lib.mkIf config.swarselsystems.modules.systemdTimeout {
+ # systemd
+ systemd.extraConfig = ''
+ DefaultTimeoutStartSec=60s
+ DefaultTimeoutStopSec=15s
+ '';
+ };
}
-3.3.1.13. Hardware settings
+3.3.1.14. Hardware settings
Enable OpenGL, Sound, Bluetooth and various drivers.
@@ -6305,43 +6166,57 @@ Enable OpenGL, Sound, Bluetooth and various drivers.
{ pkgs, config, lib, ... }:
{
- hardware = {
- # opengl.driSupport32Bit = true is replaced with graphics.enable32Bit and hence redundant
- graphics = {
- enable = true;
- enable32Bit = true;
- };
-
-
- trackpoint = lib.mkIf config.swarselsystems.trackpoint.isAvailable {
- enable = true;
- inherit (config.swarselsystems.trackpoint) device;
- };
-
- keyboard.qmk.enable = true;
-
- enableAllFirmware = true;
-
- bluetooth = lib.mkIf config.swarselsystems.hasBluetooth {
- enable = true;
- package = pkgs.stable.bluez;
- powerOnBoot = true;
- settings = {
- General = {
- Enable = "Source,Sink,Media,Socket";
- };
+ options.swarselsystems = {
+ modules.hardware = lib.mkEnableOption "hardware config";
+ hasBluetooth = lib.mkEnableOption "bluetooth availability";
+ hasFingerprint = lib.mkEnableOption "fingerprint sensor availability";
+ trackpoint = {
+ isAvailable = lib.mkEnableOption "trackpoint availability";
+ trackpoint.device = lib.mkOption {
+ type = lib.types.str;
+ default = "";
};
};
};
+ config = lib.mkIf config.swarselsystems.modules.hardware {
+ hardware = {
+ # opengl.driSupport32Bit = true is replaced with graphics.enable32Bit and hence redundant
+ graphics = {
+ enable = true;
+ enable32Bit = true;
+ };
- services.fprintd.enable = lib.mkIf config.swarselsystems.hasFingerprint true;
+
+ trackpoint = lib.mkIf config.swarselsystems.trackpoint.isAvailable {
+ enable = true;
+ inherit (config.swarselsystems.trackpoint) device;
+ };
+
+ keyboard.qmk.enable = true;
+
+ enableAllFirmware = true;
+
+ bluetooth = lib.mkIf config.swarselsystems.hasBluetooth {
+ enable = true;
+ package = pkgs.stable.bluez;
+ powerOnBoot = true;
+ settings = {
+ General = {
+ Enable = "Source,Sink,Media,Socket";
+ };
+ };
+ };
+ };
+
+ services.fprintd.enable = lib.mkIf config.swarselsystems.hasFingerprint true;
+ };
}
-3.3.1.14. Pulseaudio
+3.3.1.15. Pulseaudio
This is only used on systems not running Pipewire.
@@ -6351,9 +6226,12 @@ This is only used on systems not running Pipewire.
{ config, pkgs, lib, ... }: {
- services.pulseaudio = {
- enable = lib.mkIf (!config.services.pipewire.enable) true;
- package = pkgs.pulseaudioFull;
+ options.swarselsystems.modules.pulseaudio = lib.mkEnableOption "pulseaudio config";
+ config = lib.mkIf config.swarselsystems.modules.pulseaudio {
+ services.pulseaudio = {
+ enable = lib.mkIf (!config.services.pipewire.enable) true;
+ package = pkgs.pulseaudioFull;
+ };
};
}
@@ -6362,25 +6240,29 @@ This is only used on systems not running Pipewire.
-3.3.1.15. Pipewire
+3.3.1.16. Pipewire
Pipewire handles communication on Wayland. This enables several sound tools as well as screen sharing in combinaton with xdg-desktop-portal-wlr.
-_: {
- security.rtkit.enable = true; # this is required for pipewire real-time access
+{ lib, config, ... }:
+{
+ options.swarselsystems.modules.pipewire = lib.mkEnableOption "pipewire config";
+ config = lib.mkIf config.swarselsystems.modules.pipewire {
+ security.rtkit.enable = true; # this is required for pipewire real-time access
- services.pipewire = {
- enable = true;
- pulse.enable = true;
- jack.enable = true;
- audio.enable = true;
- wireplumber.enable = true;
- alsa = {
+ services.pipewire = {
enable = true;
- support32Bit = true;
+ pulse.enable = true;
+ jack.enable = true;
+ audio.enable = true;
+ wireplumber.enable = true;
+ alsa = {
+ enable = true;
+ support32Bit = true;
+ };
};
};
}
@@ -6389,7 +6271,7 @@ Pipewire handles communication on Wayland. This enables several sound tools as w
-3.3.1.16. Common network settings
+3.3.1.17. Common network settings
Here I only enable networkmanager and a few default networks. The rest of the network config is done separately in System specific configuration.
@@ -6398,280 +6280,289 @@ Here I only enable networkmanager and a few default networks. The r
{ lib, config, ... }:
{
- networking = {
- nftables.enable = lib.mkDefault true;
- enableIPv6 = lib.mkDefault true;
- firewall = {
- checkReversePath = lib.mkDefault false;
- enable = lib.mkDefault true;
- allowedUDPPorts = [ 51820 ]; # 51820: wireguard
- allowedTCPPortRanges = [
- { from = 1714; to = 1764; } # kde-connect
- ];
- allowedUDPPortRanges = [
- { from = 1714; to = 1764; } # kde-connect
- ];
- };
-
- networkmanager = {
- enable = true;
- ensureProfiles = lib.mkIf (!config.swarselsystems.isPublic) {
- environmentFiles = [
- "${config.sops.templates."network-manager.env".path}"
+ options.swarselsystems = {
+ modules.network = lib.mkEnableOption "network config";
+ firewall = lib.swarselsystems.mkTrueOption;
+ };
+ config = lib.mkIf config.swarselsystems.modules.network {
+ networking = {
+ nftables.enable = lib.mkDefault true;
+ enableIPv6 = lib.mkDefault true;
+ firewall = {
+ enable = lib.swarselsystems.mkStrong config.swarselsystems.firewall;
+ checkReversePath = lib.mkDefault false;
+ allowedUDPPorts = [ 51820 ]; # 51820: wireguard
+ allowedTCPPortRanges = [
+ { from = 1714; to = 1764; } # kde-connect
];
- profiles = {
- "Ernest Routerford" = {
- connection = {
- id = "Ernest Routerford";
- permissions = "";
- type = "wifi";
- };
- ipv4 = {
- dns-search = "";
- method = "auto";
- };
- ipv6 = {
- addr-gen-mode = "stable-privacy";
- dns-search = "";
- method = "auto";
- };
- wifi = {
- mac-address-blacklist = "";
- mode = "infrastructure";
- ssid = "Ernest Routerford";
- };
- wifi-security = {
- auth-alg = "open";
- key-mgmt = "wpa-psk";
- psk = "$ERNEST";
- };
- };
+ allowedUDPPortRanges = [
+ { from = 1714; to = 1764; } # kde-connect
+ ];
+ };
- LAN-Party = {
- connection = {
- autoconnect = "false";
- id = "LAN-Party";
- type = "ethernet";
+ networkmanager = {
+ enable = true;
+ ensureProfiles = lib.mkIf (!config.swarselsystems.isPublic) {
+ environmentFiles = [
+ "${config.sops.templates."network-manager.env".path}"
+ ];
+ profiles = {
+ "Ernest Routerford" = {
+ connection = {
+ id = "Ernest Routerford";
+ permissions = "";
+ type = "wifi";
+ };
+ ipv4 = {
+ dns-search = "";
+ method = "auto";
+ };
+ ipv6 = {
+ addr-gen-mode = "stable-privacy";
+ dns-search = "";
+ method = "auto";
+ };
+ wifi = {
+ mac-address-blacklist = "";
+ mode = "infrastructure";
+ ssid = "Ernest Routerford";
+ };
+ wifi-security = {
+ auth-alg = "open";
+ key-mgmt = "wpa-psk";
+ psk = "$ERNEST";
+ };
};
- ethernet = {
- auto-negotiate = "true";
- cloned-mac-address = "preserve";
- mac-address = "90:2E:16:D0:A1:87";
- };
- ipv4 = { method = "shared"; };
- ipv6 = {
- addr-gen-mode = "stable-privacy";
- method = "auto";
- };
- proxy = { };
- };
- eduroam = {
- "802-1x" = {
- eap = "ttls;";
- identity = "$EDUID";
- password = "$EDUPASS";
- phase2-auth = "mschapv2";
+ LAN-Party = {
+ connection = {
+ autoconnect = "false";
+ id = "LAN-Party";
+ type = "ethernet";
+ };
+ ethernet = {
+ auto-negotiate = "true";
+ cloned-mac-address = "preserve";
+ mac-address = "90:2E:16:D0:A1:87";
+ };
+ ipv4 = { method = "shared"; };
+ ipv6 = {
+ addr-gen-mode = "stable-privacy";
+ method = "auto";
+ };
+ proxy = { };
};
- connection = {
- id = "eduroam";
- type = "wifi";
- };
- ipv4 = { method = "auto"; };
- ipv6 = {
- addr-gen-mode = "default";
- method = "auto";
- };
- proxy = { };
- wifi = {
- mode = "infrastructure";
- ssid = "eduroam";
- };
- wifi-security = {
- auth-alg = "open";
- key-mgmt = "wpa-eap";
- };
- };
- local = {
- connection = {
- autoconnect = "false";
- id = "local";
- type = "ethernet";
+ eduroam = {
+ "802-1x" = {
+ eap = "ttls;";
+ identity = "$EDUID";
+ password = "$EDUPASS";
+ phase2-auth = "mschapv2";
+ };
+ connection = {
+ id = "eduroam";
+ type = "wifi";
+ };
+ ipv4 = { method = "auto"; };
+ ipv6 = {
+ addr-gen-mode = "default";
+ method = "auto";
+ };
+ proxy = { };
+ wifi = {
+ mode = "infrastructure";
+ ssid = "eduroam";
+ };
+ wifi-security = {
+ auth-alg = "open";
+ key-mgmt = "wpa-eap";
+ };
};
- ethernet = { };
- ipv4 = {
- address1 = "10.42.1.1/24";
- method = "shared";
- };
- ipv6 = {
- addr-gen-mode = "stable-privacy";
- method = "auto";
- };
- proxy = { };
- };
- HH40V_39F5 = {
- connection = {
- id = "HH40V_39F5";
- type = "wifi";
+ local = {
+ connection = {
+ autoconnect = "false";
+ id = "local";
+ type = "ethernet";
+ };
+ ethernet = { };
+ ipv4 = {
+ address1 = "10.42.1.1/24";
+ method = "shared";
+ };
+ ipv6 = {
+ addr-gen-mode = "stable-privacy";
+ method = "auto";
+ };
+ proxy = { };
};
- ipv4 = { method = "auto"; };
- ipv6 = {
- addr-gen-mode = "stable-privacy";
- method = "auto";
- };
- proxy = { };
- wifi = {
- band = "bg";
- mode = "infrastructure";
- ssid = "HH40V_39F5";
- };
- wifi-security = {
- key-mgmt = "wpa-psk";
- psk = "$FRAUNS";
- };
- };
- magicant = {
- connection = {
- id = "magicant";
- type = "wifi";
+ HH40V_39F5 = {
+ connection = {
+ id = "HH40V_39F5";
+ type = "wifi";
+ };
+ ipv4 = { method = "auto"; };
+ ipv6 = {
+ addr-gen-mode = "stable-privacy";
+ method = "auto";
+ };
+ proxy = { };
+ wifi = {
+ band = "bg";
+ mode = "infrastructure";
+ ssid = "HH40V_39F5";
+ };
+ wifi-security = {
+ key-mgmt = "wpa-psk";
+ psk = "$FRAUNS";
+ };
};
- ipv4 = { method = "auto"; };
- ipv6 = {
- addr-gen-mode = "default";
- method = "auto";
- };
- proxy = { };
- wifi = {
- mode = "infrastructure";
- ssid = "magicant";
- };
- wifi-security = {
- auth-alg = "open";
- key-mgmt = "wpa-psk";
- psk = "$HANDYHOTSPOT";
- };
- };
- wireguardvpn = {
- connection = {
- id = "HomeVPN";
- type = "wireguard";
- autoconnect = "false";
- interface-name = "wg1";
+ magicant = {
+ connection = {
+ id = "magicant";
+ type = "wifi";
+ };
+ ipv4 = { method = "auto"; };
+ ipv6 = {
+ addr-gen-mode = "default";
+ method = "auto";
+ };
+ proxy = { };
+ wifi = {
+ mode = "infrastructure";
+ ssid = "magicant";
+ };
+ wifi-security = {
+ auth-alg = "open";
+ key-mgmt = "wpa-psk";
+ psk = "$HANDYHOTSPOT";
+ };
};
- wireguard = { private-key = "$WIREGUARDPRIV"; };
- "wireguard-peer.$WIREGUARDPUB" = {
- endpoint = "$WIREGUARDENDPOINT";
- allowed-ips = "0.0.0.0/0";
- };
- ipv4 = {
- method = "ignore";
- address1 = "192.168.3.3/32";
- };
- ipv6 = {
- addr-gen-mode = "stable-privacy";
- method = "ignore";
- };
- proxy = { };
- };
- "sweden-aes-128-cbc-udp-dns" = {
- connection = {
- autoconnect = "false";
- id = "PIA Sweden";
- type = "vpn";
+ wireguardvpn = {
+ connection = {
+ id = "HomeVPN";
+ type = "wireguard";
+ autoconnect = "false";
+ interface-name = "wg1";
+ };
+ wireguard = { private-key = "$WIREGUARDPRIV"; };
+ "wireguard-peer.$WIREGUARDPUB" = {
+ endpoint = "$WIREGUARDENDPOINT";
+ allowed-ips = "0.0.0.0/0";
+ };
+ ipv4 = {
+ method = "ignore";
+ address1 = "192.168.3.3/32";
+ };
+ ipv6 = {
+ addr-gen-mode = "stable-privacy";
+ method = "ignore";
+ };
+ proxy = { };
};
- ipv4 = { method = "auto"; };
- ipv6 = {
- addr-gen-mode = "stable-privacy";
- method = "auto";
- };
- proxy = { };
- vpn = {
- auth = "sha1";
- ca = config.sops.secrets."sweden-aes-128-cbc-udp-dns-ca.pem".path;
- challenge-response-flags = "2";
- cipher = "aes-128-cbc";
- compress = "yes";
- connection-type = "password";
- crl-verify-file = config.sops.secrets."sweden-aes-128-cbc-udp-dns-crl-verify.pem".path;
- dev = "tun";
- password-flags = "0";
- remote = "sweden.privacy.network:1198";
- remote-cert-tls = "server";
- reneg-seconds = "0";
- service-type = "org.freedesktop.NetworkManager.openvpn";
- username = "$VPNUSER";
- };
- vpn-secrets = { password = "$VPNPASS"; };
- };
- Hotspot = {
- connection = {
- autoconnect = "false";
- id = "Hotspot";
- type = "wifi";
+ "sweden-aes-128-cbc-udp-dns" = {
+ connection = {
+ autoconnect = "false";
+ id = "PIA Sweden";
+ type = "vpn";
+ };
+ ipv4 = { method = "auto"; };
+ ipv6 = {
+ addr-gen-mode = "stable-privacy";
+ method = "auto";
+ };
+ proxy = { };
+ vpn = {
+ auth = "sha1";
+ ca = config.sops.secrets."sweden-aes-128-cbc-udp-dns-ca.pem".path;
+ challenge-response-flags = "2";
+ cipher = "aes-128-cbc";
+ compress = "yes";
+ connection-type = "password";
+ crl-verify-file = config.sops.secrets."sweden-aes-128-cbc-udp-dns-crl-verify.pem".path;
+ dev = "tun";
+ password-flags = "0";
+ remote = "sweden.privacy.network:1198";
+ remote-cert-tls = "server";
+ reneg-seconds = "0";
+ service-type = "org.freedesktop.NetworkManager.openvpn";
+ username = "$VPNUSER";
+ };
+ vpn-secrets = { password = "$VPNPASS"; };
};
- ipv4 = { method = "shared"; };
- ipv6 = {
- addr-gen-mode = "default";
- method = "ignore";
- };
- proxy = { };
- wifi = {
- mode = "ap";
- ssid = "Hotspot-${config.swarselsystems.mainUser}";
- };
- wifi-security = {
- group = "ccmp;";
- key-mgmt = "wpa-psk";
- pairwise = "ccmp;";
- proto = "rsn;";
- psk = "$HOTSPOT";
- };
- };
+ Hotspot = {
+ connection = {
+ autoconnect = "false";
+ id = "Hotspot";
+ type = "wifi";
+ };
+ ipv4 = { method = "shared"; };
+ ipv6 = {
+ addr-gen-mode = "default";
+ method = "ignore";
+ };
+ proxy = { };
+ wifi = {
+ mode = "ap";
+ ssid = "Hotspot-${config.swarselsystems.mainUser}";
+ };
+ wifi-security = {
+ group = "ccmp;";
+ key-mgmt = "wpa-psk";
+ pairwise = "ccmp;";
+ proto = "rsn;";
+ psk = "$HOTSPOT";
+ };
+ };
+
+ };
};
};
};
- };
- systemd.services.NetworkManager-ensure-profiles.after = [ "NetworkManager.service" ];
+ systemd.services.NetworkManager-ensure-profiles.after = [ "NetworkManager.service" ];
+ };
}
-3.3.1.17. Time, locale settings
+3.3.1.18. Time, locale settings
Setup timezone and locale. I want to use the US layout, but have the rest adapted to my country and timezone. Also, there is an issue with running Windows/Linux dualboot on the same machine where the hardware clock desyncs between the two OS'es. We fix that bug here as well.
-_:
+{ lib, config, ... }:
{
- time = {
- timeZone = "Europe/Vienna";
- # hardwareClockInLocalTime = true;
- };
+ options.swarselsystems.modules.time = lib.mkEnableOption "time config";
+ config = lib.mkIf config.swarselsystems.modules.time {
+ time = {
+ timeZone = "Europe/Vienna";
+ # hardwareClockInLocalTime = true;
+ };
- i18n = {
- defaultLocale = "en_US.UTF-8";
- extraLocaleSettings = {
- LC_ADDRESS = "de_AT.UTF-8";
- LC_IDENTIFICATION = "de_AT.UTF-8";
- LC_MEASUREMENT = "de_AT.UTF-8";
- LC_MONETARY = "de_AT.UTF-8";
- LC_NAME = "de_AT.UTF-8";
- LC_NUMERIC = "de_AT.UTF-8";
- LC_PAPER = "de_AT.UTF-8";
- LC_TELEPHONE = "de_AT.UTF-8";
- LC_TIME = "de_AT.UTF-8";
+ i18n = {
+ defaultLocale = "en_US.UTF-8";
+ extraLocaleSettings = {
+ LC_ADDRESS = "de_AT.UTF-8";
+ LC_IDENTIFICATION = "de_AT.UTF-8";
+ LC_MEASUREMENT = "de_AT.UTF-8";
+ LC_MONETARY = "de_AT.UTF-8";
+ LC_NAME = "de_AT.UTF-8";
+ LC_NUMERIC = "de_AT.UTF-8";
+ LC_PAPER = "de_AT.UTF-8";
+ LC_TELEPHONE = "de_AT.UTF-8";
+ LC_TIME = "de_AT.UTF-8";
+ };
};
};
}
@@ -6680,7 +6571,7 @@ Setup timezone and locale. I want to use the US layout, but have the rest adapte
-3.3.1.18. sops
+3.3.1.19. sops
I use sops-nix to handle secrets that I want to have available on my machines at all times. Procedure to add a new machine:
@@ -6700,48 +6591,51 @@ let
inherit (config.swarselsystems) mainUser homeDir;
in
{
- sops = lib.mkIf (!config.swarselsystems.isPublic) {
+ options.swarselsystems.modules.commonSops = lib.mkEnableOption "sops config";
+ config = lib.mkIf config.swarselsystems.modules.commonSops {
+ sops = lib.mkIf (!config.swarselsystems.isPublic) {
- age.sshKeyPaths = lib.swarselsystems.mkIfElseList config.swarselsystems.isBtrfs [ "/persist/.ssh/sops" "/persist/.ssh/ssh_host_ed25519_key" ] [ "${homeDir}/.ssh/sops" "/etc/ssh/ssh_host_ed25519_key" ];
- defaultSopsFile = lib.swarselsystems.mkIfElseList config.swarselsystems.isBtrfs "/persist/.dotfiles/secrets/general/secrets.yaml" "${homeDir}/.dotfiles/secrets/general/secrets.yaml";
+ age.sshKeyPaths = lib.swarselsystems.mkIfElseList config.swarselsystems.isBtrfs [ "/persist/.ssh/sops" "/persist/.ssh/ssh_host_ed25519_key" ] [ "${homeDir}/.ssh/sops" "/etc/ssh/ssh_host_ed25519_key" ];
+ defaultSopsFile = lib.swarselsystems.mkIfElseList config.swarselsystems.isBtrfs "/persist/.dotfiles/secrets/general/secrets.yaml" "${homeDir}/.dotfiles/secrets/general/secrets.yaml";
- validateSopsFiles = false;
+ validateSopsFiles = false;
- secrets = {
- ernest = { };
- frauns = { };
- hotspot = { };
- eduid = { };
- edupass = { };
- handyhotspot = { };
- vpnuser = { };
- vpnpass = { };
- wireguardpriv = { };
- wireguardpub = { };
- wireguardendpoint = { };
- stashuser = { };
- stashpass = { };
- githubforgeuser = { };
- githubforgepass = { };
- gitlabforgeuser = { };
- gitlabforgepass = { };
- "sweden-aes-128-cbc-udp-dns-crl-verify.pem" = { sopsFile = certsSopsFile; owner = mainUser; };
- "sweden-aes-128-cbc-udp-dns-ca.pem" = { sopsFile = certsSopsFile; owner = mainUser; };
- };
- templates = {
- "network-manager.env".content = ''
- ERNEST=${config.sops.placeholder.ernest}
- FRAUNS=${config.sops.placeholder.frauns}
- HOTSPOT=${config.sops.placeholder.hotspot}
- EDUID=${config.sops.placeholder.eduid}
- EDUPASS=${config.sops.placeholder.edupass}
- HANDYHOTSPOT=${config.sops.placeholder.handyhotspot}
- VPNUSER=${config.sops.placeholder.vpnuser}
- VPNPASS=${config.sops.placeholder.vpnpass}
- WIREGUARDPRIV=${config.sops.placeholder.wireguardpriv}
- WIREGUARDPUB=${config.sops.placeholder.wireguardpub}
- WIREGUARDENDPOINT=${config.sops.placeholder.wireguardendpoint}
- '';
+ secrets = {
+ ernest = { };
+ frauns = { };
+ hotspot = { };
+ eduid = { };
+ edupass = { };
+ handyhotspot = { };
+ vpnuser = { };
+ vpnpass = { };
+ wireguardpriv = { };
+ wireguardpub = { };
+ wireguardendpoint = { };
+ stashuser = { };
+ stashpass = { };
+ githubforgeuser = { };
+ githubforgepass = { };
+ gitlabforgeuser = { };
+ gitlabforgepass = { };
+ "sweden-aes-128-cbc-udp-dns-crl-verify.pem" = { sopsFile = certsSopsFile; owner = mainUser; };
+ "sweden-aes-128-cbc-udp-dns-ca.pem" = { sopsFile = certsSopsFile; owner = mainUser; };
+ };
+ templates = {
+ "network-manager.env".content = ''
+ ERNEST=${config.sops.placeholder.ernest}
+ FRAUNS=${config.sops.placeholder.frauns}
+ HOTSPOT=${config.sops.placeholder.hotspot}
+ EDUID=${config.sops.placeholder.eduid}
+ EDUPASS=${config.sops.placeholder.edupass}
+ HANDYHOTSPOT=${config.sops.placeholder.handyhotspot}
+ VPNUSER=${config.sops.placeholder.vpnuser}
+ VPNPASS=${config.sops.placeholder.vpnpass}
+ WIREGUARDPRIV=${config.sops.placeholder.wireguardpriv}
+ WIREGUARDPUB=${config.sops.placeholder.wireguardpub}
+ WIREGUARDENDPOINT=${config.sops.placeholder.wireguardendpoint}
+ '';
+ };
};
};
}
@@ -6750,7 +6644,7 @@ in
-3.3.1.19. Theme (stylix)
+3.3.1.20. Theme (stylix)
By default, stylix wants to style GRUB as well. However, I think that looks horrible.
@@ -6760,19 +6654,17 @@ By default, stylix wants to style
{ lib, config, ... }:
{
- stylix = lib.recursiveUpdate
- {
- targets.grub.enable = false; # the styling makes grub more ugly
- image = config.swarselsystems.wallpaper;
- }
- config.swarselsystems.stylix;
- home-manager.users."${config.swarselsystems.mainUser}" = {
- stylix = {
- targets = {
- emacs.enable = false;
- waybar.enable = false;
- sway.useWallpaper = false;
- firefox.profileNames = [ "default" ];
+ options.swarselsystems.modules.stylix = lib.mkEnableOption "stylix config";
+ config = lib.mkIf config.swarselsystems.modules.stylix {
+ stylix = lib.recursiveUpdate
+ {
+ targets.grub.enable = false; # the styling makes grub more ugly
+ image = config.swarselsystems.wallpaper;
+ }
+ config.swarselsystems.stylix;
+ home-manager.users."${config.swarselsystems.mainUser}" = {
+ stylix = {
+ targets = config.swarselsystems.stylixHomeTargets;
};
};
};
@@ -6782,45 +6674,51 @@ By default, stylix wants to style
-3.3.1.20. Programs (including zsh setup)
+3.3.1.21. Programs (including zsh setup)
Some programs profit from being installed through dedicated NixOS settings on system-level; these go here. Notably the zsh setup goes here and cannot be deleted under any circumstances.
-_:
+{ lib, config, ... }:
{
- programs = {
- dconf.enable = true;
- evince.enable = true;
- kdeconnect.enable = true;
+ options.swarselsystems.modules.programs = lib.mkEnableOption "small program modules config";
+ config = lib.mkIf config.swarselsystems.modules.programs {
+ programs = {
+ dconf.enable = true;
+ evince.enable = true;
+ kdeconnect.enable = true;
+ };
};
}
-3.3.1.20.1. zsh
+3.3.1.21.1. zsh
Do not touch this.
-{ pkgs, ... }:
+{ lib, config, pkgs, ... }:
{
- programs.zsh.enable = true;
- users.defaultUserShell = pkgs.zsh;
- environment.shells = with pkgs; [ zsh ];
- environment.pathsToLink = [ "/share/zsh" ];
+ options.swarselsystems.modules.zsh = lib.mkEnableOption "zsh base config";
+ config = lib.mkIf config.swarselsystems.modules.zsh {
+ programs.zsh.enable = true;
+ users.defaultUserShell = pkgs.zsh;
+ environment.shells = with pkgs; [ zsh ];
+ environment.pathsToLink = [ "/share/zsh" ];
+ };
}
-3.3.1.20.2. syncthing
+3.3.1.21.2. syncthing
{ lib, config, ... }:
@@ -6828,49 +6726,52 @@ let
inherit (config.swarselsystems) mainUser homeDir;
in
{
- services.syncthing = {
- enable = true;
- user = mainUser;
- dataDir = homeDir;
- configDir = "${homeDir}/.config/syncthing";
- openDefaultPorts = true;
- settings = {
- devices = {
- "magicant" = {
- id = "VMWGEE2-4HDS2QO-KNQOVGN-LXLX6LA-666E4EK-ZBRYRRO-XFEX6FB-6E3XLQO";
+ options.swarselsystems.modules.syncthing = lib.mkEnableOption "syncthing config";
+ config = lib.mkIf config.swarselsystems.modules.syncthing {
+ services.syncthing = {
+ enable = true;
+ user = mainUser;
+ dataDir = homeDir;
+ configDir = "${homeDir}/.config/syncthing";
+ openDefaultPorts = true;
+ settings = {
+ devices = {
+ "magicant" = {
+ id = "VMWGEE2-4HDS2QO-KNQOVGN-LXLX6LA-666E4EK-ZBRYRRO-XFEX6FB-6E3XLQO";
+ };
+ "sync (@oracle)" = {
+ id = "ETW6TST-NPK7MKZ-M4LXMHA-QUPQHDT-VTSHH5X-CR5EIN2-YU7E55F-MGT7DQB";
+ };
+ "winters" = {
+ id = "O7RWDMD-AEAHPP7-7TAVLKZ-BSWNBTU-2VA44MS-EYGUNBB-SLHKB3C-ZSLMOAA";
+ };
};
- "sync (@oracle)" = {
- id = "ETW6TST-NPK7MKZ-M4LXMHA-QUPQHDT-VTSHH5X-CR5EIN2-YU7E55F-MGT7DQB";
- };
- "winters" = {
- id = "O7RWDMD-AEAHPP7-7TAVLKZ-BSWNBTU-2VA44MS-EYGUNBB-SLHKB3C-ZSLMOAA";
- };
- };
- folders = {
- "Default Folder" = lib.mkDefault {
- path = "${homeDir}/Sync";
- devices = [ "sync (@oracle)" "magicant" "winters" ];
- id = "default";
- };
- "Obsidian" = {
- path = "${homeDir}/Nextcloud/Obsidian";
- devices = [ "sync (@oracle)" "magicant" "winters" ];
- id = "yjvni-9eaa7";
- };
- "Org" = {
- path = "${homeDir}/Nextcloud/Org";
- devices = [ "sync (@oracle)" "magicant" "winters" ];
- id = "a7xnl-zjj3d";
- };
- "Vpn" = {
- path = "${homeDir}/Vpn";
- devices = [ "sync (@oracle)" "magicant" "winters" ];
- id = "hgp9s-fyq3p";
- };
- ".elfeed" = {
- path = "${homeDir}/.elfeed";
- devices = [ "sync (@oracle)" "magicant" "winters" ];
- id = "h7xbs-fs9v1";
+ folders = {
+ "Default Folder" = lib.mkDefault {
+ path = "${homeDir}/Sync";
+ devices = [ "sync (@oracle)" "magicant" "winters" ];
+ id = "default";
+ };
+ "Obsidian" = {
+ path = "${homeDir}/Nextcloud/Obsidian";
+ devices = [ "sync (@oracle)" "magicant" "winters" ];
+ id = "yjvni-9eaa7";
+ };
+ "Org" = {
+ path = "${homeDir}/Nextcloud/Org";
+ devices = [ "sync (@oracle)" "magicant" "winters" ];
+ id = "a7xnl-zjj3d";
+ };
+ "Vpn" = {
+ path = "${homeDir}/Vpn";
+ devices = [ "sync (@oracle)" "magicant" "winters" ];
+ id = "hgp9s-fyq3p";
+ };
+ ".elfeed" = {
+ path = "${homeDir}/.elfeed";
+ devices = [ "sync (@oracle)" "magicant" "winters" ];
+ id = "h7xbs-fs9v1";
+ };
};
};
};
@@ -6882,31 +6783,34 @@ in
-3.3.1.21. Services
+3.3.1.22. Services
Setting up some hardware services as well as keyboard related settings. Here we make sure that we can use the CAPS key as a ESC/CTRL double key, which is a lifesaver.
-3.3.1.21.1. blueman
+3.3.1.22.1. blueman
Enables the blueman service including the nice system tray icon.
-_:
+{ lib, config, ... }:
{
- services.blueman.enable = true;
- services.hardware.bolt.enable = true;
+ options.swarselsystems.modules.blueman = lib.mkEnableOption "blueman config";
+ config = lib.mkIf config.swarselsystems.modules.blueman {
+ services.blueman.enable = true;
+ services.hardware.bolt.enable = true;
+ };
}
-3.3.1.21.2. Network devices
+3.3.1.22.2. Network devices
In this section we enable compatibility with several network devices I have at home, mainly printers and scanners.
@@ -6919,34 +6823,37 @@ Avahi is the service used for the network discovery.
-{ pkgs, ... }:
+{ lib, config, pkgs, ... }:
{
- # enable scanners over network
- hardware.sane = {
- enable = true;
- extraBackends = [ pkgs.sane-airscan ];
- };
+ options.swarselsystems.modules.networkDevices = lib.mkEnableOption "network device config";
+ config = lib.mkIf config.swarselsystems.modules.networkDevices {
+ # enable scanners over network
+ hardware.sane = {
+ enable = true;
+ extraBackends = [ pkgs.sane-airscan ];
+ };
- # enable discovery and usage of network devices (esp. printers)
- services.printing = {
- enable = true;
- drivers = [
- pkgs.gutenprint
- pkgs.gutenprintBin
- ];
- browsedConf = ''
- BrowseDNSSDSubTypes _cups,_print
- BrowseLocalProtocols all
- BrowseRemoteProtocols all
- CreateIPPPrinterQueues All
- BrowseProtocols all
- '';
- };
+ # enable discovery and usage of network devices (esp. printers)
+ services.printing = {
+ enable = true;
+ drivers = [
+ pkgs.gutenprint
+ pkgs.gutenprintBin
+ ];
+ browsedConf = ''
+ BrowseDNSSDSubTypes _cups,_print
+ BrowseLocalProtocols all
+ BrowseRemoteProtocols all
+ CreateIPPPrinterQueues All
+ BrowseProtocols all
+ '';
+ };
- services.avahi = {
- enable = true;
- nssmdns4 = true;
- openFirewall = true;
+ services.avahi = {
+ enable = true;
+ nssmdns4 = true;
+ openFirewall = true;
+ };
};
}
@@ -6954,56 +6861,62 @@ Avahi is the service used for the network discovery.
-3.3.1.21.3. enable GVfs
+3.3.1.22.3. enable GVfs
This is being set to allow myself to use all functions of nautilus in NixOS
-_:
+{ lib, config, ... }:
{
- services.gvfs.enable = true;
+ options.swarselsystems.modules.gvfs = lib.mkEnableOption "gvfs config for nautilus";
+ config = lib.mkIf config.swarselsystems.modules.gvfs {
+ services.gvfs.enable = true;
+ };
}
-3.3.1.21.4. interception-tools: Make CAPS work as ESC/CTRL
+3.3.1.22.4. interception-tools: Make CAPS work as ESC/CTRL
This is a super-convenient package that lets my remap my CAPS key to ESC if pressed shortly, and CTRL if being held.
-{ pkgs, ... }:
+{ lib, config, pkgs, ... }:
{
- # Make CAPS work as a dual function ESC/CTRL key
- services.interception-tools = {
- enable = true;
- udevmonConfig =
- let
- dualFunctionKeysConfig = builtins.toFile "dual-function-keys.yaml" ''
- TIMING:
- TAP_MILLISEC: 200
- DOUBLE_TAP_MILLISEC: 0
+ options.swarselsystems.modules.interceptionTools = lib.mkEnableOption "interception tools config";
+ config = lib.mkIf config.swarselsystems.modules.interceptionTools {
+ # Make CAPS work as a dual function ESC/CTRL key
+ services.interception-tools = {
+ enable = true;
+ udevmonConfig =
+ let
+ dualFunctionKeysConfig = builtins.toFile "dual-function-keys.yaml" ''
+ TIMING:
+ TAP_MILLISEC: 200
+ DOUBLE_TAP_MILLISEC: 0
- MAPPINGS:
- - KEY: KEY_CAPSLOCK
- TAP: KEY_ESC
- HOLD: KEY_LEFTCTRL
+ MAPPINGS:
+ - KEY: KEY_CAPSLOCK
+ TAP: KEY_ESC
+ HOLD: KEY_LEFTCTRL
+ '';
+ in
+ ''
+ - JOB: |
+ ${pkgs.interception-tools}/bin/intercept -g $DEVNODE \
+ | ${pkgs.interception-tools-plugins.dual-function-keys}/bin/dual-function-keys -c ${dualFunctionKeysConfig} \
+ | ${pkgs.interception-tools}/bin/uinput -d $DEVNODE
+ DEVICE:
+ EVENTS:
+ EV_KEY: [KEY_CAPSLOCK]
'';
- in
- ''
- - JOB: |
- ${pkgs.interception-tools}/bin/intercept -g $DEVNODE \
- | ${pkgs.interception-tools-plugins.dual-function-keys}/bin/dual-function-keys -c ${dualFunctionKeysConfig} \
- | ${pkgs.interception-tools}/bin/uinput -d $DEVNODE
- DEVICE:
- EVENTS:
- EV_KEY: [KEY_CAPSLOCK]
- '';
+ };
};
}
@@ -7011,7 +6924,7 @@ This is a super-convenient package that lets my remap my CAPS key t
-3.3.1.21.5. power-profiles-daemon
+3.3.1.22.5. power-profiles-daemon
This enables power profile management. The available modes are:
@@ -7028,9 +6941,42 @@ Most of the time I am using power-saver, however, it is good to be
-_:
+{ lib, config, ... }:
{
- services.power-profiles-daemon.enable = true;
+ options.swarselsystems.modules.ppd = lib.mkEnableOption "power profiles daemon config";
+ config = lib.mkIf config.swarselsystems.modules.ppd {
+ services.power-profiles-daemon.enable = true;
+ };
+}
+
+
+
+
+
+3.3.1.22.6. SwayOSD
+
+
+{ lib, pkgs, config, ... }:
+{
+ options.swarselsystems.modules.swayosd = lib.mkEnableOption "swayosd settings";
+ config = lib.mkIf config.swarselsystems.modules.swayosd {
+ environment.systemPackages = [ pkgs.swayosd ];
+ services.udev.packages = [ pkgs.swayosd ];
+ systemd.services.swayosd-libinput-backend = {
+ description = "SwayOSD LibInput backend for listening to certain keys like CapsLock, ScrollLock, VolumeUp, etc.";
+ documentation = [ "https://github.com/ErikReider/SwayOSD" ];
+ wantedBy = [ "graphical.target" ];
+ partOf = [ "graphical.target" ];
+ after = [ "graphical.target" ];
+
+ serviceConfig = {
+ Type = "dbus";
+ BusName = "org.erikreider.swayosd";
+ ExecStart = "${pkgs.swayosd}/bin/swayosd-libinput-backend";
+ Restart = "on-failure";
+ };
+ };
+ };
}
@@ -7038,11 +6984,11 @@ Most of the time I am using power-saver, however, it is good to be
-3.3.1.22. Hardware compatibility settings (Yubikey, Ledger, Keyboards) - udev rules
+3.3.1.23. Hardware compatibility settings (Yubikey, Ledger, Keyboards) - udev rules
-3.3.1.22.1. Yubikey
+3.3.1.23.1. Yubikey
This takes care of the main Yubikey related configuration on the NixOS side - note that the starting of the gpg-agent is done in the sway settings, to also perform this step of the setup for non NixOS-machines at the same time.
@@ -7061,46 +7007,44 @@ Also, since I use a GPG key in sops, it seems that scdaemon creates an instance
-{ pkgs, ... }:
+{ lib, config, pkgs, ... }:
{
- programs.ssh.startAgent = false;
+ options.swarselsystems.modules.yubikey = lib.mkEnableOption "yubikey config";
+ config = lib.mkIf config.swarselsystems.modules.yubikey {
+ programs.ssh.startAgent = false;
- services.pcscd.enable = false;
+ services.pcscd.enable = false;
- hardware.gpgSmartcards.enable = true;
+ hardware.gpgSmartcards.enable = true;
- services.udev.packages = with pkgs; [
- yubikey-personalization
- ];
-
- # systemd.services.shutdownSopsGpg = {
- # path = [ pkgs.gnupg ];
- # script = ''
- # gpgconf --homedir /var/lib/sops --kill gpg-agent
- # '';
- # wantedBy = [ "multi-user.target" ];
- # };
+ services.udev.packages = with pkgs; [
+ yubikey-personalization
+ ];
+ };
}
-3.3.1.22.2. Ledger
+3.3.1.23.2. Ledger
This performs the necessary configuration to support this hardware.
-{ pkgs, ... }:
+{ lib, config, pkgs, ... }:
{
- hardware.ledger.enable = true;
+ options.swarselsystems.modules.ledger = lib.mkEnableOption "ledger config";
+ config = lib.mkIf config.swarselsystems.modules.ledger {
+ hardware.ledger.enable = true;
- services.udev.packages = with pkgs; [
- ledger-udev-rules
- ];
+ services.udev.packages = with pkgs; [
+ ledger-udev-rules
+ ];
+ };
}
@@ -7108,20 +7052,23 @@ This performs the necessary configuration to support this hardware.
-3.3.1.22.3. Keyboards
+3.3.1.23.3. Keyboards
This loads some udev rules that I need for my split keyboards.
-{ pkgs, ... }:
+{ lib, config, pkgs, ... }:
{
- services.udev.packages = with pkgs; [
- qmk-udev-rules
- vial
- via
- ];
+ options.swarselsystems.modules.keyboards = lib.mkEnableOption "keyboards config";
+ config = lib.mkIf config.swarselsystems.modules.keyboards {
+ services.udev.packages = with pkgs; [
+ qmk-udev-rules
+ vial
+ via
+ ];
+ };
}
@@ -7129,39 +7076,42 @@ This loads some udev rules that I need for my split keyboards.
-3.3.1.23. System Login
+3.3.1.24. System Login
This section houses the greetd related settings. I do not really want to use a display manager, but it is useful to have setup in some ways - in my case for starting sway on system startup. Notably the default user login setting that is commented out here goes into the system specific settings, make sure to update it there
-{ pkgs, ... }:
+{ lib, config, pkgs, ... }:
{
- services.greetd = {
- enable = true;
- settings = {
- initial_session.command = "sway";
- default_session.command = ''
- ${pkgs.greetd.tuigreet}/bin/tuigreet \
- --time \
- --asterisks \
- --user-menu \
- --cmd sway
- '';
+ options.swarselsystems.modules.login = lib.mkEnableOption "login config";
+ config = lib.mkIf config.swarselsystems.modules.login {
+ services.greetd = {
+ enable = true;
+ settings = {
+ initial_session.command = "sway";
+ default_session.command = ''
+ ${pkgs.greetd.tuigreet}/bin/tuigreet \
+ --time \
+ --asterisks \
+ --user-menu \
+ --cmd sway
+ '';
+ };
};
- };
- environment.etc."greetd/environments".text = ''
- sway
- '';
+ environment.etc."greetd/environments".text = ''
+ sway
+ '';
+ };
}
-3.3.1.24. nix-ld
+3.3.1.25. nix-ld
This provides libraries for binaries that are not patched for use on NixOS. This really makes the biggest gripe with NixOS go away, that being having to run a binary that is only found in a single spot. It is most of the times possible to patch such a file, but this makes such a situation take much less time to resolve.
@@ -7176,114 +7126,117 @@ When a program does not work, start with nix-ldd <program>. T
-{ pkgs, ... }:
+{ lib, config, pkgs, ... }:
{
- programs.nix-ld = {
- enable = true;
- libraries = with pkgs; [
- SDL
- SDL2
- SDL2_image
- SDL2_mixer
- SDL2_ttf
- SDL_image
- SDL_mixer
- SDL_ttf
- alsa-lib
- at-spi2-atk
- at-spi2-core
- atk
- bzip2
- cairo
- cups
- curl
- dbus
- dbus-glib
- expat
- ffmpeg
- flac
- fontconfig
- freeglut
- freetype
- fuse3
- gdk-pixbuf
- glew110
- glib
- stable.gnome2.GConf
- pango
- gtk2
- gtk3
- icu
- libGL
- libappindicator-gtk2
- libappindicator-gtk3
- libcaca
- libcanberra
- libcap
- libdbusmenu-gtk2
- libdrm
- libelf
- libgcrypt
- libglvnd
- libidn
- libindicator-gtk2
- libjpeg
- libmikmod
- libnotify
- libogg
- libpng
- libpng12
- libpulseaudio
- librsvg
- libsamplerate
- libtheora
- libtiff
- libudev0-shim
- libunwind
- libusb1
- libuuid
- libva
- libvdpau
- libvorbis
- libvpx
- libxkbcommon
- libxml2
- libz
- mesa
- nspr
- nss
- openssl
- pango
- pipewire
- pixman
- speex
- stdenv.cc.cc
- steam-fhsenv-without-steam
- systemd
- tbb
- vulkan-loader
- xorg.libICE
- xorg.libSM
- xorg.libX11
- xorg.libXScrnSaver
- xorg.libXcomposite
- xorg.libXcursor
- xorg.libXdamage
- xorg.libXext
- xorg.libXfixes
- xorg.libXft
- xorg.libXi
- xorg.libXinerama
- xorg.libXmu
- xorg.libXrandr
- xorg.libXrender
- xorg.libXt
- xorg.libXtst
- xorg.libXxf86vm
- xorg.libxcb
- xorg.libxshmfence
- zlib
- ];
+ options.swarselsystems.modules.nix-ld = lib.mkEnableOption "nix-ld config";
+ config = lib.mkIf config.swarselsystems.modules.nix-ld {
+ programs.nix-ld = {
+ enable = true;
+ libraries = with pkgs; [
+ SDL
+ SDL2
+ SDL2_image
+ SDL2_mixer
+ SDL2_ttf
+ SDL_image
+ SDL_mixer
+ SDL_ttf
+ alsa-lib
+ at-spi2-atk
+ at-spi2-core
+ atk
+ bzip2
+ cairo
+ cups
+ curl
+ dbus
+ dbus-glib
+ expat
+ ffmpeg
+ flac
+ fontconfig
+ freeglut
+ freetype
+ fuse3
+ gdk-pixbuf
+ glew110
+ glib
+ stable.gnome2.GConf
+ pango
+ gtk2
+ gtk3
+ icu
+ libGL
+ libappindicator-gtk2
+ libappindicator-gtk3
+ libcaca
+ libcanberra
+ libcap
+ libdbusmenu-gtk2
+ libdrm
+ libelf
+ libgcrypt
+ libglvnd
+ libidn
+ libindicator-gtk2
+ libjpeg
+ libmikmod
+ libnotify
+ libogg
+ libpng
+ libpng12
+ libpulseaudio
+ librsvg
+ libsamplerate
+ libtheora
+ libtiff
+ libudev0-shim
+ libunwind
+ libusb1
+ libuuid
+ libva
+ libvdpau
+ libvorbis
+ libvpx
+ libxkbcommon
+ libxml2
+ libz
+ mesa
+ nspr
+ nss
+ openssl
+ pango
+ pipewire
+ pixman
+ speex
+ stdenv.cc.cc
+ steam-fhsenv-without-steam
+ systemd
+ tbb
+ vulkan-loader
+ xorg.libICE
+ xorg.libSM
+ xorg.libX11
+ xorg.libXScrnSaver
+ xorg.libXcomposite
+ xorg.libXcursor
+ xorg.libXdamage
+ xorg.libXext
+ xorg.libXfixes
+ xorg.libXft
+ xorg.libXi
+ xorg.libXinerama
+ xorg.libXmu
+ xorg.libXrandr
+ xorg.libXrender
+ xorg.libXt
+ xorg.libXtst
+ xorg.libXxf86vm
+ xorg.libxcb
+ xorg.libxshmfence
+ zlib
+ ];
+ };
};
}
@@ -7291,7 +7244,7 @@ When a program does not work, start with nix-ldd <program>. T
-3.3.1.25. Impermanence
+3.3.1.26. Impermanence
This is where the impermanence magic happens. When this is enabled, the root directory is rolled back to a blanket state on each reboot.
@@ -7308,88 +7261,91 @@ let
inherit (config.swarselsystems) homeDir isImpermanence isCrypted;
in
{
+ options.swarselsystems.modules.impermanence = lib.mkEnableOption "impermanence config";
+ config = lib.mkIf config.swarselsystems.modules.impermanence {
- security.sudo.extraConfig = lib.mkIf isImpermanence ''
- # rollback results in sudo lectures after each reboot
- Defaults lecture = never
- '';
-
- # This script does the actual wipe of the system
- # So if it doesn't run, the btrfs system effectively acts like a normal system
- # Taken from https://github.com/NotAShelf/nyx/blob/2a8273ed3f11a4b4ca027a68405d9eb35eba567b/modules/core/common/system/impermanence/default.nix
-
- boot.initrd.systemd.enable = lib.mkIf isImpermanence true;
-
- boot.initrd.systemd.services.rollback = lib.mkIf isImpermanence {
- description = "Rollback BTRFS root subvolume to a pristine state";
- wantedBy = [ "initrd.target" ];
- # make sure it's done after encryption
- # i.e. LUKS/TPM process
- after = lib.swarselsystems.mkIfElseList isCrypted [ "systemd-cryptsetup@cryptroot.service" ] [ "dev-disk-by\\x2dlabel-nixos.device" ];
- requires = lib.mkIf (!isCrypted) [ "dev-disk-by\\x2dlabel-nixos.device" ];
- # mount the root fs before clearing
- before = [ "sysroot.mount" ];
- unitConfig.DefaultDependencies = "no";
- serviceConfig.Type = "oneshot";
- script = ''
- mkdir -p /mnt
-
- # We first mount the btrfs root to /mnt
- # so we can manipulate btrfs subvolumes.
- mount -o subvolid=5 -t btrfs ${mapperTarget} /mnt
- btrfs subvolume list -o /mnt/root
-
- # While we're tempted to just delete /root and create
- # a new snapshot from /root-blank, /root is already
- # populated at this point with a number of subvolumes,
- # which makes `btrfs subvolume delete` fail.
- # So, we remove them first.
- #
- # /root contains subvolumes:
- # - /root/var/lib/portables
- # - /root/var/lib/machines
-
- btrfs subvolume list -o /mnt/root |
- cut -f9 -d' ' |
- while read subvolume; do
- echo "deleting /$subvolume subvolume..."
- btrfs subvolume delete "/mnt/$subvolume"
- done &&
- echo "deleting /root subvolume..." &&
- btrfs subvolume delete /mnt/root
-
- echo "restoring blank /root subvolume..."
- btrfs subvolume snapshot /mnt/root-blank /mnt/root
-
- # Once we're done rolling back to a blank snapshot,
- # we can unmount /mnt and continue on the boot process.
- umount /mnt
+ security.sudo.extraConfig = lib.mkIf isImpermanence ''
+ # rollback results in sudo lectures after each reboot
+ Defaults lecture = never
'';
- };
+
+ # This script does the actual wipe of the system
+ # So if it doesn't run, the btrfs system effectively acts like a normal system
+ # Taken from https://github.com/NotAShelf/nyx/blob/2a8273ed3f11a4b4ca027a68405d9eb35eba567b/modules/core/common/system/impermanence/default.nix
+
+ boot.initrd.systemd.enable = lib.mkIf isImpermanence true;
+
+ boot.initrd.systemd.services.rollback = lib.mkIf isImpermanence {
+ description = "Rollback BTRFS root subvolume to a pristine state";
+ wantedBy = [ "initrd.target" ];
+ # make sure it's done after encryption
+ # i.e. LUKS/TPM process
+ after = lib.swarselsystems.mkIfElseList isCrypted [ "systemd-cryptsetup@cryptroot.service" ] [ "dev-disk-by\\x2dlabel-nixos.device" ];
+ requires = lib.mkIf (!isCrypted) [ "dev-disk-by\\x2dlabel-nixos.device" ];
+ # mount the root fs before clearing
+ before = [ "sysroot.mount" ];
+ unitConfig.DefaultDependencies = "no";
+ serviceConfig.Type = "oneshot";
+ script = ''
+ mkdir -p /mnt
+
+ # We first mount the btrfs root to /mnt
+ # so we can manipulate btrfs subvolumes.
+ mount -o subvolid=5 -t btrfs ${mapperTarget} /mnt
+ btrfs subvolume list -o /mnt/root
+
+ # While we're tempted to just delete /root and create
+ # a new snapshot from /root-blank, /root is already
+ # populated at this point with a number of subvolumes,
+ # which makes `btrfs subvolume delete` fail.
+ # So, we remove them first.
+ #
+ # /root contains subvolumes:
+ # - /root/var/lib/portables
+ # - /root/var/lib/machines
+
+ btrfs subvolume list -o /mnt/root |
+ cut -f9 -d' ' |
+ while read subvolume; do
+ echo "deleting /$subvolume subvolume..."
+ btrfs subvolume delete "/mnt/$subvolume"
+ done &&
+ echo "deleting /root subvolume..." &&
+ btrfs subvolume delete /mnt/root
+
+ echo "restoring blank /root subvolume..."
+ btrfs subvolume snapshot /mnt/root-blank /mnt/root
+
+ # Once we're done rolling back to a blank snapshot,
+ # we can unmount /mnt and continue on the boot process.
+ umount /mnt
+ '';
+ };
- environment.persistence."/persist" = lib.mkIf isImpermanence {
- hideMounts = true;
- directories =
- [
- "/.cache/nix"
- "/srv"
- "/etc/nixos"
- "/etc/nix"
- "/etc/NetworkManager/system-connections"
- # "/etc/secureboot"
- "${homeDir}/.dotfiles"
- "/var/db/sudo"
- "/var/cache"
- "/var/lib"
+ environment.persistence."/persist" = lib.mkIf isImpermanence {
+ hideMounts = true;
+ directories =
+ [
+ "/.cache/nix"
+ "/srv"
+ "/etc/nixos"
+ "/etc/nix"
+ "/etc/NetworkManager/system-connections"
+ # "/etc/secureboot"
+ "${homeDir}/.dotfiles"
+ "/var/db/sudo"
+ "/var/cache"
+ "/var/lib"
+ ];
+
+ files = [
+ "/etc/ssh/ssh_host_ed25519_key"
+ "/etc/ssh/ssh_host_ed25519_key.pub"
+ "/etc/ssh/ssh_host_rsa_key"
+ "/etc/ssh/ssh_host_rsa_key.pub"
];
-
- files = [
- "/etc/ssh/ssh_host_ed25519_key"
- "/etc/ssh/ssh_host_ed25519_key.pub"
- "/etc/ssh/ssh_host_rsa_key"
- "/etc/ssh/ssh_host_rsa_key.pub"
- ];
+ };
};
}
@@ -7398,21 +7354,24 @@ in
-3.3.1.26. Summary of nixos-rebuild diff
+3.3.1.27. Summary of nixos-rebuild diff
This snipped is added to the activation script that is run after every rebuild and shows what packages have been added and removed. This is actually not the optimal place to add that snipped, but the correct spot is in some perl file that I have not had the leisure to take a look at yet.
-{ pkgs, ... }:
+{ lib, config, pkgs, ... }:
{
- system.activationScripts.diff = {
- supportsDryActivation = true;
- text = ''
- ${pkgs.nvd}/bin/nvd --color=always --nix-bin-dir=${pkgs.nix}/bin diff \
- /run/current-system "$systemConfig"
- '';
+ options.swarselsystems.modules.nvd = lib.mkEnableOption "nvd config";
+ config = lib.mkIf config.swarselsystems.modules.nvd {
+ system.activationScripts.diff = {
+ supportsDryActivation = true;
+ text = ''
+ ${pkgs.nvd}/bin/nvd --color=always --nix-bin-dir=${pkgs.nix}/bin diff \
+ /run/current-system "$systemConfig"
+ '';
+ };
};
}
@@ -7420,131 +7379,140 @@ This snipped is added to the activation script that is run after every rebuild a
-3.3.1.27. gnome-keyring
+3.3.1.28. gnome-keyring
Used for storing sessions in e.g. Nextcloud. Using this on a system level keeps the login information when logging out of the session as well.
-_:
+{ lib, config, ... }:
{
- services.gnome.gnome-keyring = {
- enable = true;
- };
+ options.swarselsystems.modules.gnome-keyring = lib.mkEnableOption "gnome-keyring config";
+ config = lib.mkIf config.swarselsystems.modules.gnome-keyring {
+ services.gnome.gnome-keyring = {
+ enable = true;
+ };
- programs.seahorse.enable = true;
+ programs.seahorse.enable = true;
+ };
}
-3.3.1.28. Sway
+3.3.1.29. Sway
This is used to better integrate Sway into the system on NixOS hosts. On the home-manager side, the package attribute will be null for such an host, using the systems derivation instead.
-{ pkgs, ... }:
+{ lib, config, pkgs, ... }:
{
+ options.swarselsystems.modules.sway = lib.mkEnableOption "sway config";
+ config = lib.mkIf config.swarselsystems.modules.sway {
+ programs.sway = {
+ enable = true;
+ package = pkgs.swayfx;
+ wrapperFeatures = {
+ base = true;
+ gtk = true;
+ };
- programs.sway = {
- enable = true;
- package = pkgs.swayfx;
- wrapperFeatures = {
- base = true;
- gtk = true;
+ extraSessionCommands = ''
+ export XDG_SESSION_DESKTOP=sway
+ export SDL_VIDEODRIVER=wayland
+ export QT_QPA_PLATFORM=wayland-egl
+ export QT_WAYLAND_DISABLE_WINDOWDECORATION=1
+ export QT_QPA_PLATFORM_PLUGIN_PATH="${pkgs.libsForQt5.qt5.qtbase.bin}/lib/qt-${pkgs.libsForQt5.qt5.qtbase.version}/plugins";
+ export MOZ_ENABLE_WAYLAND=1
+ export MOZ_DISABLE_RDD_SANDBOX=1
+ '';
};
-
- extraSessionCommands = ''
- export XDG_SESSION_DESKTOP=sway
- export SDL_VIDEODRIVER=wayland
- export QT_QPA_PLATFORM=wayland-egl
- export QT_WAYLAND_DISABLE_WINDOWDECORATION=1
- export QT_QPA_PLATFORM_PLUGIN_PATH="${pkgs.libsForQt5.qt5.qtbase.bin}/lib/qt-${pkgs.libsForQt5.qt5.qtbase.version}/plugins";
- export MOZ_ENABLE_WAYLAND=1
- export MOZ_DISABLE_RDD_SANDBOX=1
- '';
};
-
}
-3.3.1.29. xdg-portal
+3.3.1.30. xdg-portal
This allows me to use screen sharing on Wayland. The implementation is a bit crude and only the whole screen can be shared. However, most of the time that is all I need to do anyways.
-{ pkgs, ... }:
+{ lib, config, pkgs, ... }:
{
-
- xdg.portal = {
- enable = true;
- config = {
- common = {
- default = "wlr";
+ options.swarselsystems.modules.xdg-portal = lib.mkEnableOption "xdg portal config";
+ config = lib.mkIf config.swarselsystems.modules.xdg-portal {
+ xdg.portal = {
+ enable = true;
+ config = {
+ common = {
+ default = "wlr";
+ };
+ };
+ wlr.enable = true;
+ wlr.settings.screencast = {
+ output_name = "eDP-1";
+ chooser_type = "simple";
+ chooser_cmd = "${pkgs.slurp}/bin/slurp -f %o -or";
};
};
- wlr.enable = true;
- wlr.settings.screencast = {
- output_name = "eDP-1";
- chooser_type = "simple";
- chooser_cmd = "${pkgs.slurp}/bin/slurp -f %o -or";
- };
};
-
}
-3.3.1.30. Podmam (distrobox)
+3.3.1.31. Podmam (distrobox)
I am using distrobox to quickly circumvent isses that I cannot immediately solve on NixOS. It is always the goal to quickly get things working on NixOS, but this prevents me from getting completely stuck.
-{ pkgs, ... }:
+{ lib, config, pkgs, ... }:
{
- environment.systemPackages = with pkgs; [
- distrobox
- boxbuddy
- ];
+ options.swarselsystems.modules.distrobox = lib.mkEnableOption "distrobox config";
+ config = lib.mkIf config.swarselsystems.modules.distrobox {
+ environment.systemPackages = with pkgs; [
+ distrobox
+ boxbuddy
+ ];
- virtualisation.podman = {
- enable = true;
- dockerCompat = true;
- package = pkgs.stable.podman;
+ virtualisation.podman = {
+ enable = true;
+ dockerCompat = true;
+ package = pkgs.stable.podman;
+ };
};
-
}
-3.3.1.31. Appimage
+3.3.1.32. Appimage
Adds the necessary tools to allow .appimage programs easily.
-_:
+{ lib, config, ... }:
{
-
- programs.appimage = {
- enable = true;
- binfmt = true;
+ options.swarselsystems.modules.appimage = lib.mkEnableOption "appimage config";
+ config = lib.mkIf config.swarselsystems.modules.appimage {
+ programs.appimage = {
+ enable = true;
+ binfmt = true;
+ };
};
}
@@ -7553,44 +7521,47 @@ Adds the necessary tools to allow .appimage programs easily.
-3.3.1.32. Handle lid switch correctly
+3.3.1.33. Handle lid switch correctly
This turns off the display when the lid is closed.
-_:
+{ lib, config, ... }:
{
- services.logind = {
- lidSwitch = "suspend";
- lidSwitchDocked = "ignore";
- };
- services.acpid = {
- enable = true;
- handlers.lidClosed = {
- event = "button/lid \\w+ close";
- action = ''
- cat /sys/class/backlight/amdgpu_bl1/device/enabled
- if grep -Fxq disabled /sys/class/backlight/amdgpu_bl1/device/enabled
- then
- echo "Lid closed. Disabling fprintd."
- systemctl stop fprintd
- ln -s /dev/null /run/systemd/transient/fprintd.service
- systemctl daemon-reload
- fi
- '';
+ options.swarselsystems.modules.lid = lib.mkEnableOption "lid config";
+ config = lib.mkIf config.swarselsystems.modules.lid {
+ services.logind = {
+ lidSwitch = "suspend";
+ lidSwitchDocked = "ignore";
};
- handlers.lidOpen = {
- event = "button/lid \\w+ open";
- action = ''
- if ! $(systemctl is-active --quiet fprintd); then
- echo "Lid open. Enabling fprintd."
- rm -f /run/systemd/transient/fprintd.service
- systemctl daemon-reload
- systemctl start fprintd
- fi
- '';
+ services.acpid = {
+ enable = true;
+ handlers.lidClosed = {
+ event = "button/lid \\w+ close";
+ action = ''
+ cat /sys/class/backlight/amdgpu_bl1/device/enabled
+ if grep -Fxq disabled /sys/class/backlight/amdgpu_bl1/device/enabled
+ then
+ echo "Lid closed. Disabling fprintd."
+ systemctl stop fprintd
+ ln -s /dev/null /run/systemd/transient/fprintd.service
+ systemctl daemon-reload
+ fi
+ '';
+ };
+ handlers.lidOpen = {
+ event = "button/lid \\w+ open";
+ action = ''
+ if ! $(systemctl is-active --quiet fprintd); then
+ echo "Lid open. Enabling fprintd."
+ rm -f /run/systemd/transient/fprintd.service
+ systemctl daemon-reload
+ systemctl start fprintd
+ fi
+ '';
+ };
};
};
}
@@ -7599,36 +7570,39 @@ This turns off the display when the lid is closed.
-3.3.1.33. Low battery notification
+3.3.1.34. Low battery notification
Since I hide the waybar completely during normal operation, I run the risk of not noticing when my battery is about to run out. This module sends a notification when the battery level falls below 10%. Written by cafkafk.
-{ pkgs, lib, ... }:
+{ pkgs, lib, config, ... }:
{
- systemd.user.services."battery-low" = {
- enable = true;
- description = "Timer for battery check that alerts at 10% or less";
- partOf = [ "graphical-session.target" ];
- wantedBy = [ "graphical-session.target" ];
- serviceConfig = {
- Type = "simple";
- ExecStart = pkgs.writeShellScript "battery-low-notification"
- ''
- if (( 10 >= $(${lib.getExe pkgs.acpi} -b | head -n 1 | ${lib.getExe pkgs.ripgrep} -o "\d+%" | ${lib.getExe pkgs.ripgrep} -o "\d+") && $(${lib.getExe pkgs.acpi} -b | head -n 1 | ${lib.getExe pkgs.ripgrep} -o "\d+%" | ${lib.getExe pkgs.ripgrep} -o "\d+") > 0 ));
- then ${lib.getExe pkgs.libnotify} --urgency=critical "low battery" "$(${lib.getExe pkgs.acpi} -b | head -n 1 | ${lib.getExe pkgs.ripgrep} -o "\d+%")";
- fi;
- '';
+ options.swarselsystems.modules.lowBattery = lib.mkEnableOption "low battery notification config";
+ config = lib.mkIf config.swarselsystems.modules.lowBattery {
+ systemd.user.services."battery-low" = {
+ enable = true;
+ description = "Timer for battery check that alerts at 10% or less";
+ partOf = [ "graphical-session.target" ];
+ wantedBy = [ "graphical-session.target" ];
+ serviceConfig = {
+ Type = "simple";
+ ExecStart = pkgs.writeShellScript "battery-low-notification"
+ ''
+ if (( 10 >= $(${lib.getExe pkgs.acpi} -b | head -n 1 | ${lib.getExe pkgs.ripgrep} -o "\d+%" | ${lib.getExe pkgs.ripgrep} -o "\d+") && $(${lib.getExe pkgs.acpi} -b | head -n 1 | ${lib.getExe pkgs.ripgrep} -o "\d+%" | ${lib.getExe pkgs.ripgrep} -o "\d+") > 0 ));
+ then ${lib.getExe pkgs.libnotify} --urgency=critical "low battery" "$(${lib.getExe pkgs.acpi} -b | head -n 1 | ${lib.getExe pkgs.ripgrep} -o "\d+%")";
+ fi;
+ '';
+ };
};
- };
- systemd.user.timers."battery-low" = {
- wantedBy = [ "timers.target" ];
- timerConfig = {
- # Every Minute
- OnCalendar = "*-*-* *:*:00";
- Unit = "battery-low.service";
+ systemd.user.timers."battery-low" = {
+ wantedBy = [ "timers.target" ];
+ timerConfig = {
+ # Every Minute
+ OnCalendar = "*-*-* *:*:00";
+ Unit = "battery-low.service";
+ };
};
};
}
@@ -7637,7 +7611,7 @@ Since I hide the waybar completely during normal operation, I run the risk of no
-3.3.1.34. Lanzaboote
+3.3.1.35. Lanzaboote
This dynamically uses systemd boot or Lanzaboote depending on `config.swarselsystems.initialSetup` and `config.swarselsystems.isSecureBoot`.
@@ -7646,15 +7620,18 @@ This dynamically uses systemd boot or Lanzaboote depending on `config.swarselsys
{ lib, config, ... }:
{
- boot = {
- loader = {
- efi.canTouchEfiVariables = true;
- systemd-boot.enable = lib.swarselsystems.mkIfElse (config.swarselsystems.initialSetup || !config.swarselsystems.isSecureBoot) (lib.mkForce true) (lib.mkForce false);
- };
- lanzaboote = lib.mkIf (!config.swarselsystems.initialSetup && config.swarselsystems.isSecureBoot) {
- enable = true;
- pkiBundle = "/var/lib/sbctl";
- configurationLimit = 3;
+ options.swarselsystems.modules.lanzaboote = lib.mkEnableOption "lanzaboote config";
+ config = lib.mkIf config.swarselsystems.modules.lanzaboote {
+ boot = {
+ loader = {
+ efi.canTouchEfiVariables = true;
+ systemd-boot.enable = lib.swarselsystems.mkIfElse (config.swarselsystems.initialSetup || !config.swarselsystems.isSecureBoot) (lib.mkForce true) (lib.mkForce false);
+ };
+ lanzaboote = lib.mkIf (!config.swarselsystems.initialSetup && config.swarselsystems.isSecureBoot) {
+ enable = true;
+ pkiBundle = "/var/lib/sbctl";
+ configurationLimit = 3;
+ };
};
};
}
@@ -7685,20 +7662,22 @@ Also, the system state version is set here. No need to touch it.
{ self, lib, ... }:
let
- importNames = lib.swarselsystems.readNix "profiles/nixos/server";
- profilesPath = "${self}/profiles";
+ importNames = lib.swarselsystems.readNix "modules/nixos/server";
+ modulesPath = "${self}/modules";
in
{
- imports = lib.swarselsystems.mkImports importNames "profiles/nixos/server" ++ [
- "${profilesPath}/nixos/common/settings.nix"
- "${profilesPath}/nixos/common/home-manager.nix"
- "${profilesPath}/nixos/common/home-manager-extra.nix"
- "${profilesPath}/nixos/common/xserver.nix"
- "${profilesPath}/nixos/common/gc.nix"
- "${profilesPath}/nixos/common/store.nix"
- "${profilesPath}/nixos/common/time.nix"
- "${profilesPath}/nixos/common/users.nix"
- "${profilesPath}/nixos/common/nix-ld.nix"
+ imports = lib.swarselsystems.mkImports importNames "modules/nixos/server" ++ [
+ "${modulesPath}/nixos/common/settings.nix"
+ "${modulesPath}/nixos/common/home-manager.nix"
+ "${modulesPath}/nixos/common/home-manager-extra.nix"
+ "${modulesPath}/nixos/common/xserver.nix"
+ "${modulesPath}/nixos/common/gc.nix"
+ "${modulesPath}/nixos/common/store.nix"
+ "${modulesPath}/nixos/common/time.nix"
+ "${modulesPath}/nixos/common/users.nix"
+ "${modulesPath}/nixos/common/nix-ld.nix"
+ "${modulesPath}/nixos/common/sharedsetup.nix"
+ "${modulesPath}/home/common/sharedsetup.nix"
];
}
@@ -7718,28 +7697,37 @@ let
inherit (config.swarselsystems) flakePath;
in
{
- environment.shellAliases = lib.recursiveUpdate
- {
- npswitch = "cd ${flakePath}; git pull; sudo nixos-rebuild --flake .#$(hostname) switch; cd -;";
- nswitch = "sudo nixos-rebuild --flake ${flakePath}#$(hostname) switch;";
- npiswitch = "cd ${flakePath}; git pull; sudo nixos-rebuild --flake .#$(hostname) switch --impure; cd -;";
- nipswitch = "cd ${flakePath}; git pull; sudo nixos-rebuild --flake .#$(hostname) switch --impure; cd -;";
- niswitch = "sudo nixos-rebuild --flake ${flakePath}#$(hostname) switch --impure;";
- }
- config.swarselsystems.shellAliases;
+ options.swarselsystems = {
+ modules.server.general = lib.mkEnableOption "general setting on server";
+ shellAliases = lib.mkOption {
+ type = lib.types.attrsOf lib.types.str;
+ default = { };
+ };
+ };
+ config = lib.mkIf config.swarselsystems.modules.server.general {
- nixpkgs.config.permittedInsecurePackages = [
- # matrix
- "olm-3.2.16"
- # sonarr
- "aspnetcore-runtime-wrapped-6.0.36"
- "aspnetcore-runtime-6.0.36"
- "dotnet-sdk-wrapped-6.0.428"
- "dotnet-sdk-6.0.428"
- #
- "SDL_ttf-2.0.11"
- ];
+ environment.shellAliases = lib.recursiveUpdate
+ {
+ npswitch = "cd ${flakePath}; git pull; sudo nixos-rebuild --flake .#$(hostname) switch; cd -;";
+ nswitch = "sudo nixos-rebuild --flake ${flakePath}#$(hostname) switch;";
+ npiswitch = "cd ${flakePath}; git pull; sudo nixos-rebuild --flake .#$(hostname) switch --impure; cd -;";
+ nipswitch = "cd ${flakePath}; git pull; sudo nixos-rebuild --flake .#$(hostname) switch --impure; cd -;";
+ niswitch = "sudo nixos-rebuild --flake ${flakePath}#$(hostname) switch --impure;";
+ }
+ config.swarselsystems.shellAliases;
+ nixpkgs.config.permittedInsecurePackages = [
+ # matrix
+ "olm-3.2.16"
+ # sonarr
+ "aspnetcore-runtime-wrapped-6.0.36"
+ "aspnetcore-runtime-6.0.36"
+ "dotnet-sdk-wrapped-6.0.428"
+ "dotnet-sdk-6.0.428"
+ #
+ "SDL_ttf-2.0.11"
+ ];
+ };
}
@@ -7749,16 +7737,19 @@ in
3.3.2.3. System Packages
-{ pkgs, ... }:
+{ lib, config, pkgs, ... }:
{
- environment.systemPackages = with pkgs; [
- gnupg
- nix-index
- ssh-to-age
- git
- emacs
- vim
- ];
+ options.swarselsystems.modules.server.packages = lib.mkEnableOption "enable packages on server";
+ config = lib.mkIf config.swarselsystems.modules.server.packages {
+ environment.systemPackages = with pkgs; [
+ gnupg
+ nix-index
+ ssh-to-age
+ git
+ emacs
+ vim
+ ];
+ };
}
@@ -7770,12 +7761,14 @@ in
{ config, lib, ... }:
{
- sops = {
- age.sshKeyPaths = lib.mkDefault [ "/etc/ssh/sops" ];
- defaultSopsFile = lib.mkDefault "${config.swarselsystems.flakePath}/secrets/winters/secrets.yaml";
- validateSopsFiles = false;
+ options.swarselsystems.modules.server.sops = lib.mkEnableOption "enable sops on server";
+ config = lib.mkIf config.swarselsystems.modules.server.sops {
+ sops = {
+ age.sshKeyPaths = lib.mkDefault [ "/etc/ssh/sops" ];
+ defaultSopsFile = lib.mkDefault "${config.swarselsystems.flakePath}/secrets/winters/secrets.yaml";
+ validateSopsFiles = false;
+ };
};
-
}
@@ -7785,52 +7778,55 @@ in
3.3.2.5. nfs/samba (smb)
-{ pkgs, ... }:
+{ lib, config, pkgs, ... }:
{
- services = {
- # add a user with sudo smbpasswd -a <user>
- samba = {
- package = pkgs.samba4Full;
- # extraConfig = ''
- # workgroup = WORKGROUP
- # server role = standalone server
- # dns proxy = no
+ options.swarselsystems.modules.server.nfs = lib.mkEnableOption "enable nfs on server";
+ config = lib.mkIf config.swarselsystems.modules.server.nfs {
+ services = {
+ # add a user with sudo smbpasswd -a <user>
+ samba = {
+ package = pkgs.samba4Full;
+ # extraConfig = ''
+ # workgroup = WORKGROUP
+ # server role = standalone server
+ # dns proxy = no
- # pam password change = yes
- # map to guest = bad user
- # create mask = 0664
- # force create mode = 0664
- # directory mask = 0775
- # force directory mode = 0775
- # follow symlinks = yes
- # '';
+ # pam password change = yes
+ # map to guest = bad user
+ # create mask = 0664
+ # force create mode = 0664
+ # directory mask = 0775
+ # force directory mode = 0775
+ # follow symlinks = yes
+ # '';
- enable = true;
- openFirewall = true;
- settings.Eternor = {
- browseable = "yes";
- "read only" = "no";
- "guest ok" = "no";
- path = "/Vault/Eternor";
- writable = "true";
- comment = "Eternor";
- "valid users" = "Swarsel";
+ enable = true;
+ openFirewall = true;
+ settings.Eternor = {
+ browseable = "yes";
+ "read only" = "no";
+ "guest ok" = "no";
+ path = "/Vault/Eternor";
+ writable = "true";
+ comment = "Eternor";
+ "valid users" = "Swarsel";
+ };
};
- };
- avahi = {
- publish.enable = true;
- publish.userServices = true; # Needed to allow samba to automatically register mDNS records without the need for an `extraServiceFile`
- nssmdns4 = true;
- enable = true;
- openFirewall = true;
- };
+ avahi = {
+ publish.enable = true;
+ publish.userServices = true; # Needed to allow samba to automatically register mDNS records without the need for an `extraServiceFile`
+ nssmdns4 = true;
+ enable = true;
+ openFirewall = true;
+ };
- # This enables autodiscovery on windows since SMB1 (and thus netbios) support was discontinued
- samba-wsdd = {
- enable = true;
- openFirewall = true;
+ # This enables autodiscovery on windows since SMB1 (and thus netbios) support was discontinued
+ samba-wsdd = {
+ enable = true;
+ openFirewall = true;
+ };
};
};
}
@@ -7842,42 +7838,44 @@ in
3.3.2.6. NGINX
-{ pkgs, config, ... }:
+{ pkgs, lib, config, ... }:
{
- environment.systemPackages = with pkgs; [
- lego
- ];
+ options.swarselsystems.modules.server.nginx = lib.mkEnableOption "enable nginx on server";
+ config = lib.mkIf config.swarselsystems.modules.server.nginx {
+ environment.systemPackages = with pkgs; [
+ lego
+ ];
- # users.users.acme = {};
+ # users.users.acme = {};
- sops = {
- # secrets.dnstokenfull = { owner = "acme"; };
- secrets.dnstokenfull = { };
- templates."certs.secret".content = ''
- CF_DNS_API_TOKEN=${config.sops.placeholder.dnstokenfull}
- '';
- };
+ sops = {
+ # secrets.dnstokenfull = { owner = "acme"; };
+ secrets.dnstokenfull = { };
+ templates."certs.secret".content = ''
+ CF_DNS_API_TOKEN=${config.sops.placeholder.dnstokenfull}
+ '';
+ };
- security.acme = {
- acceptTerms = true;
- preliminarySelfsigned = false;
- defaults = {
- email = "mrswarsel@gmail.com";
- dnsProvider = "cloudflare";
- environmentFile = "${config.sops.templates."certs.secret".path}";
+ security.acme = {
+ acceptTerms = true;
+ preliminarySelfsigned = false;
+ defaults = {
+ email = "mrswarsel@gmail.com";
+ dnsProvider = "cloudflare";
+ environmentFile = "${config.sops.templates."certs.secret".path}";
+ };
+ };
+
+ services.nginx = {
+ enable = true;
+ statusPage = true;
+ recommendedProxySettings = true;
+ recommendedTlsSettings = true;
+ recommendedOptimisation = true;
+ recommendedGzipSettings = true;
+ # virtualHosts are defined in the respective sections
};
};
-
- services.nginx = {
- enable = true;
- statusPage = true;
- recommendedProxySettings = true;
- recommendedTlsSettings = true;
- recommendedOptimisation = true;
- recommendedGzipSettings = true;
- # virtualHosts are defined in the respective sections
- };
-
}
@@ -7887,23 +7885,25 @@ in
3.3.2.7. ssh
-{ self, config, ... }:
+{ self, lib, config, ... }:
{
- services.openssh = {
- enable = true;
+ options.swarselsystems.modules.server.ssh = lib.mkEnableOption "enable ssh on server";
+ config = lib.mkIf config.swarselsystems.modules.server.ssh {
+ services.openssh = {
+ enable = true;
+ };
+ users.users."${config.swarselsystems.mainUser}".openssh.authorizedKeys.keyFiles = [
+ (self + /secrets/keys/ssh/yubikey.pub)
+ (self + /secrets/keys/ssh/magicant.pub)
+ ];
+ users.users.root.openssh.authorizedKeys.keyFiles = [
+ (self + /secrets/keys/ssh/yubikey.pub)
+ (self + /secrets/keys/ssh/magicant.pub)
+ ];
+ security.sudo.extraConfig = ''
+ Defaults env_keep+=SSH_AUTH_SOCK
+ '';
};
- users.users."${config.swarselsystems.mainUser}".openssh.authorizedKeys.keyFiles = [
- (self + /secrets/keys/ssh/yubikey.pub)
- (self + /secrets/keys/ssh/magicant.pub)
- ];
- users.users.root.openssh.authorizedKeys.keyFiles = [
- (self + /secrets/keys/ssh/yubikey.pub)
- (self + /secrets/keys/ssh/magicant.pub)
- ];
- security.sudo.extraConfig = ''
- Defaults env_keep+=SSH_AUTH_SOCK
- '';
-
}
@@ -7915,7 +7915,8 @@ in
{ pkgs, lib, config, ... }:
{
- config = lib.mkIf config.swarselsystems.server.kavita {
+ options.swarselsystems.modules.server.kavita = lib.mkEnableOption "enable kavita on server";
+ config = lib.mkIf config.swarselsystems.modules.server.kavita {
environment.systemPackages = with pkgs; [
calibre
];
@@ -7965,7 +7966,8 @@ in
{ pkgs, lib, config, ... }:
{
- config = lib.mkIf config.swarselsystems.server.jellyfin {
+ options.swarselsystems.modules.server.jellyfin = lib.mkEnableOption "enable jellyfin on server";
+ config = lib.mkIf config.swarselsystems.modules.server.jellyfin {
users.users.jellyfin = {
extraGroups = [ "video" "render" "users" ];
};
@@ -8020,7 +8022,8 @@ let
secretsDirectory = builtins.toString inputs.nix-secrets;
in
{
- config = lib.mkIf config.swarselsystems.server.navidrome {
+ options.swarselsystems.modules.server.navidrome = lib.mkEnableOption "enable navidrome on server";
+ config = lib.mkIf config.swarselsystems.modules.server.navidrome {
environment.systemPackages = with pkgs; [
pciutils
alsa-utils
@@ -8122,7 +8125,8 @@ in
{ lib, config, ... }:
{
- config = lib.mkIf config.swarselsystems.server.spotifyd {
+ options.swarselsystems.modules.server.spotifyd = lib.mkEnableOption "enable spotifyd on server";
+ config = lib.mkIf config.swarselsystems.modules.server.spotifyd {
users.groups.spotifyd = {
gid = 65136;
};
@@ -8164,7 +8168,8 @@ in
{ pkgs, lib, config, ... }:
{
- config = lib.mkIf config.swarselsystems.server.mpd {
+ options.swarselsystems.modules.server.mpd = lib.mkEnableOption "enable mpd on server";
+ config = lib.mkIf config.swarselsystems.modules.server.mpd {
users = {
groups = {
mpd = { };
@@ -8223,7 +8228,7 @@ in
{ lib, config, ... }:
{
- config = lib.mkIf (config.swarselsystems.server.mpd || config.swarselsystems.server.navidrome) {
+ config = lib.mkIf (config?swarselsystems.modules.server.mpd || config?swarselsystems.modules.server.navidrome) {
security.rtkit.enable = true; # this is required for pipewire real-time access
@@ -8262,8 +8267,8 @@ let
'';
in
{
-
- config = lib.mkIf config.swarselsystems.server.matrix {
+ options.swarselsystems.modules.server.matrix = lib.mkEnableOption "enable matrix on server";
+ config = lib.mkIf config.swarselsystems.modules.server.matrix {
environment.systemPackages = with pkgs; [
matrix-synapse
lottieconverter
@@ -8584,7 +8589,8 @@ in
{ pkgs, lib, config, ... }:
{
- config = lib.mkIf config.swarselsystems.server.nextcloud {
+ options.swarselsystems.modules.server.nextcloud = lib.mkEnableOption "enable nextcloud on server";
+ config = lib.mkIf config.swarselsystems.modules.server.nextcloud {
sops.secrets.nextcloudadminpass = {
owner = "nextcloud";
@@ -8637,7 +8643,8 @@ in
{ lib, config, ... }:
{
- config = lib.mkIf config.swarselsystems.server.immich {
+ options.swarselsystems.modules.server.immich = lib.mkEnableOption "enable immich on server";
+ config = lib.mkIf config.swarselsystems.modules.server.immich {
users.users.immich = {
extraGroups = [ "video" "render" "users" ];
@@ -8694,7 +8701,8 @@ in
{ lib, config, ... }:
{
- config = lib.mkIf config.swarselsystems.server.paperless {
+ options.swarselsystems.modules.server.paperless = lib.mkEnableOption "enable paperless on server";
+ config = lib.mkIf config.swarselsystems.modules.server.paperless {
users.users.paperless = {
extraGroups = [ "users" ];
@@ -8752,7 +8760,8 @@ in
{ pkgs, lib, config, ... }:
{
- config = lib.mkIf config.swarselsystems.server.transmission {
+ options.swarselsystems.modules.server.transmission = lib.mkEnableOption "enable transmission and friends on server";
+ config = lib.mkIf config.swarselsystems.modules.server.transmission {
# this user/group section is probably unneeded
users = {
@@ -8897,7 +8906,8 @@ let
workHostName = lib.swarselsystems.getSecret "${secretsDirectory}/work/worklaptop-hostname";
in
{
- config = lib.mkIf config.swarselsystems.server.syncthing {
+ options.swarselsystems.modules.server.syncthing = lib.mkEnableOption "enable syncthing on server";
+ config = lib.mkIf config.swarselsystems.modules.server.syncthing {
users.users.syncthing = {
extraGroups = [ "users" ];
@@ -8966,16 +8976,16 @@ in
devices = [ "sync (@oracle)" "magicant" "${workHostName}" ];
id = "hgp9s-fyq3p";
};
- "Documents" = {
- path = "/Vault/data/syncthing/Documents";
- type = "receiveonly";
- versioning = {
- type = "simple";
- params.keep = "5";
- };
- devices = [ "magicant" "${workHostName}" ];
- id = "hgr3d-pfu3w";
- };
+ # "Documents" = {
+ # path = "/Vault/data/syncthing/Documents";
+ # type = "receiveonly";
+ # versioning = {
+ # type = "simple";
+ # params.keep = "5";
+ # };
+ # devices = [ "magicant" "${workHostName}" ];
+ # id = "hgr3d-pfu3w";
+ # };
# ".elfeed" = {
# path = "/Vault/data/syncthing/.elfeed";
# devices = [ "sync (@oracle)" "magicant" "${workHostName}" ];
@@ -9019,7 +9029,8 @@ Once this is finished, it will house a restic client that manages automatic back
{ lib, config, ... }:
{
- config = lib.mkIf config.swarselsystems.server.restic {
+ options.swarselsystems.modules.server.restic = lib.mkEnableOption "enable restic backups on server";
+ config = lib.mkIf config.swarselsystems.modules.server.restic {
# TODO
@@ -9039,7 +9050,8 @@ This section exposes several metrics that I use to check the health of my server
{ self, lib, config, ... }:
{
- config = lib.mkIf config.swarselsystems.server.monitoring {
+ options.swarselsystems.modules.server.monitoring = lib.mkEnableOption "enable monitoring on server";
+ config = lib.mkIf config.swarselsystems.modules.server.monitoring {
sops.secrets = {
grafanaadminpass = {
@@ -9165,7 +9177,7 @@ This section exposes several metrics that I use to check the health of my server
sslVerify = false;
scrapeUri = "http://localhost/nginx_status";
};
- nextcloud = lib.mkIf config.swarselsystems.server.nextcloud {
+ nextcloud = lib.mkIf config.swarselsystems.modules.server.nextcloud {
enable = true;
port = 9205;
url = "https://stash.swarsel.win/ocs/v2.php/apps/serverinfo/api/v1/info";
@@ -9217,7 +9229,8 @@ This is a WIP Jenkins instance. It is used to automatically build a new system w
{ pkgs, lib, config, ... }:
{
- config = lib.mkIf config.swarselsystems.server.jenkins {
+ options.swarselsystems.modules.server.jenkins = lib.mkEnableOption "enable jenkins on server";
+ config = lib.mkIf config.swarselsystems.modules.server.jenkins {
services.jenkins = {
enable = true;
@@ -9264,7 +9277,8 @@ This was an approach of hosting an RSS server from within emacs. That would have
{ lib, config, ... }:
{
- config = lib.mkIf config.swarselsystems.server.emacs {
+ options.swarselsystems.modules.server.emacs = lib.mkEnableOption "enable emacs server on server";
+ config = lib.mkIf config.swarselsystems.modules.server.emacs {
networking.firewall.allowedTCPPorts = [ 9812 ];
@@ -9295,7 +9309,8 @@ It serves both a Greader API at
{ lib, config, ... }:
{
- config = lib.mkIf config.swarselsystems.server.freshrss {
+ options.swarselsystems.modules.server.freshrss = lib.mkEnableOption "enable freshrss on server";
+ config = lib.mkIf config.swarselsystems.modules.server.freshrss {
users.users.freshrss = {
extraGroups = [ "users" ];
@@ -9339,7 +9354,8 @@ It serves both a Greader API at
{ lib, config, ... }:
{
- config = lib.mkIf config.swarselsystems.server.forgejo {
+ options.swarselsystems.modules.server.forgejo = lib.mkEnableOption "enable forgejo on server";
+ config = lib.mkIf config.swarselsystems.modules.server.forgejo {
networking.firewall.allowedTCPPorts = [ 3000 ];
@@ -9393,7 +9409,8 @@ It serves both a Greader API at
{ lib, config, ... }:
{
- config = lib.mkIf config.swarselsystems.server.ankisync {
+ options.swarselsystems.modules.server.ankisync = lib.mkEnableOption "enable ankisync on server";
+ config = lib.mkIf config.swarselsystems.modules.server.ankisync {
networking.firewall.allowedTCPPorts = [ 22701 ];
@@ -9491,39 +9508,42 @@ This opens a few gaming ports and installs the steam configuration suite for gam
-{ pkgs, lib, ... }:
+{ pkgs, lib, config, ... }:
{
- specialisation = {
- gaming.configuration = {
- networking = {
- firewall.enable = lib.mkForce false;
- firewall = {
- allowedUDPPorts = [ 4380 27036 14242 34197 ]; # 34197: factorio; 4380 27036 14242: barotrauma;
- allowedTCPPorts = [ ]; # 34197: factorio; 4380 27036 14242: barotrauma; 51820: wireguard
- allowedTCPPortRanges = [
- { from = 27015; to = 27030; } # barotrauma
- { from = 27036; to = 27037; } # barotrauma
- ];
- allowedUDPPortRanges = [
- { from = 27000; to = 27031; } # barotrauma
- { from = 58962; to = 58964; } # barotrauma
- ];
+ options.swarselsystems.modules.optional.gaming = lib.mkEnableOption "optional gaming settings";
+ config = lib.mkIf config.swarselsystems.modules.optional.gaming {
+ programs.steam = {
+ enable = true;
+ package = pkgs.steam;
+ extraCompatPackages = [
+ pkgs.proton-ge-bin
+ ];
+ };
+ specialisation = {
+ gaming.configuration = {
+ networking = {
+ firewall.enable = lib.mkForce false;
+ firewall = {
+ allowedUDPPorts = [ 4380 27036 14242 34197 ]; # 34197: factorio; 4380 27036 14242: barotrauma;
+ allowedTCPPorts = [ ]; # 34197: factorio; 4380 27036 14242: barotrauma; 51820: wireguard
+ allowedTCPPortRanges = [
+ { from = 27015; to = 27030; } # barotrauma
+ { from = 27036; to = 27037; } # barotrauma
+ ];
+ allowedUDPPortRanges = [
+ { from = 27000; to = 27031; } # barotrauma
+ { from = 58962; to = 58964; } # barotrauma
+ ];
+ };
};
- };
- programs.steam = {
- enable = true;
- package = pkgs.steam;
- extraCompatPackages = [
- pkgs.proton-ge-bin
+
+ hardware.xone.enable = true;
+
+ environment.systemPackages = [
+ pkgs.linuxKernel.packages.linux_6_12.xone
];
};
-
- hardware.xone.enable = true;
-
- environment.systemPackages = [
- pkgs.linuxKernel.packages.linux_6_12.xone
- ];
};
};
@@ -9542,23 +9562,30 @@ This sets the VirtualBox configuration. Guest should not be enabled if not direl
-{ lib, pkgs, ... }:
+{ lib, config, pkgs, ... }:
{
-
- specialisation = {
- VBox.configuration = {
- virtualisation.virtualbox = {
- host = {
- enable = true;
- enableExtensionPack = true;
+ options.swarselsystems.modules.optional.virtualbox = lib.mkEnableOption "optional VBox settings";
+ config = lib.mkIf config.swarselsystems.modules.optional.virtualbox {
+ specialisation = {
+ VBox.configuration = {
+ virtualisation.virtualbox = {
+ host = {
+ enable = true;
+ enableExtensionPack = true;
+ };
+ # leaving this here for future notice. setting guest.enable = true will make 'restarting sysinit-reactivation.target' take till timeout on nixos-rebuild switch
+ guest = {
+ enable = false;
+ };
};
- # leaving this here for future notice. setting guest.enable = true will make 'restarting sysinit-reactivation.target' take till timeout on nixos-rebuild switch
- guest = {
- enable = false;
+ # run an older kernel to provide compatibility with windows vm
+ boot = {
+ kernelPackages = lib.mkForce pkgs.stable24_05.linuxPackages;
+ # kernelParams = [
+ # "amd_iommu=on"
+ # ];
};
};
- # run an older kernel to provide compatibility with windows vm
- boot.kernelPackages = lib.mkForce pkgs.linuxPackages;
};
};
@@ -9575,11 +9602,14 @@ This sets the VirtualBox configuration. Guest should not be enabled if not direl
-_:
+{ lib, config, ... }:
{
- virtualisation.vmware.host.enable = true;
- virtualisation.vmware.guest.enable = true;
+ options.swarselsystems.modules.optional.vmware = lib.mkEnableOption "optional vmware settings";
+ config = lib.mkIf config.swarselsystems.modules.optional.vmware {
+ virtualisation.vmware.host.enable = true;
+ virtualisation.vmware.guest.enable = true;
+ };
}
@@ -9593,14 +9623,17 @@ Auto login for the initial session.
-{ config, ... }:
+{ lib, config, ... }:
let
inherit (config.swarselsystems) mainUser;
in
{
- services = {
- getty.autologinUser = mainUser;
- greetd.settings.initial_session.user = mainUser;
+ options.swarselsystems.modules.optional.autologin = lib.mkEnableOption "optional autologin settings";
+ config = lib.mkIf config.swarselsystems.modules.optional.autologin {
+ services = {
+ getty.autologinUser = mainUser;
+ greetd.settings.initial_session.user = mainUser;
+ };
};
}
@@ -9615,13 +9648,144 @@ This smashes Atmosphere 1.3.2 on the switch, which is what I am currenty using.
-{ pkgs, ... }:
+{ lib, config, pkgs, ... }:
{
- services.nswitch-rcm = {
- enable = true;
- package = pkgs.fetchurl {
- url = "https://github.com/Atmosphere-NX/Atmosphere/releases/download/1.3.2/fusee.bin";
- hash = "sha256-5AXzNsny45SPLIrvWJA9/JlOCal5l6Y++Cm+RtlJppI=";
+ options.swarselsystems.modules.optional.nswitch-rcm = lib.mkEnableOption "optional nswitch-rcm settings";
+ config = lib.mkIf config.swarselsystems.modules.optional.nswitch-rcm {
+ services.nswitch-rcm = {
+ enable = true;
+ package = pkgs.fetchurl {
+ url = "https://github.com/Atmosphere-NX/Atmosphere/releases/download/1.3.2/fusee.bin";
+ hash = "sha256-5AXzNsny45SPLIrvWJA9/JlOCal5l6Y++Cm+RtlJppI=";
+ };
+ };
+ };
+}
+
+
+
+
+
+3.3.4.6. Framework
+
+
+This holds configuration that is specific to framework laptops.
+
+
+
+{ lib, config, ... }:
+{
+ options.swarselsystems.modules.optional.framework = lib.mkEnableOption "optional framework machine settings";
+ config = lib.mkIf config.swarselsystems.modules.optional.framework {
+ services = {
+ fwupd = {
+ enable = true;
+ # framework also uses lvfs-testing, but I do not want to use it
+ extraRemotes = [ "lvfs" ];
+ };
+ udev.extraRules = ''
+ # disable Wakeup on Framework Laptop 16 Keyboard (ANSI)
+ ACTION=="add", SUBSYSTEM=="usb", ATTRS{idVendor}=="32ac", ATTRS{idProduct}=="0012", ATTR{power/wakeup}="disabled"
+ # disable Wakeup on Framework Laptop 16 Numpad Module
+ ACTION=="add", SUBSYSTEM=="usb", ATTRS{idVendor}=="32ac", ATTRS{idProduct}=="0014", ATTR{power/wakeup}="disabled"
+ # disable Wakeup on Framework Laptop 16 Trackpad
+ ACTION=="add", SUBSYSTEM=="i2c", DRIVERS=="i2c_hid_acpi", ATTRS{name}=="PIXA3854:00", ATTR{power/wakeup}="disabled"
+ '';
+ };
+ programs.fw-fanctrl = {
+ enable = true;
+ config = {
+ defaultStrategy = "lazy";
+ };
+ };
+ };
+}
+
+
+
+
+
+3.3.4.7. AMD CPU
+
+
+{ lib, config, ... }:
+{
+ options.swarselsystems.modules.optional.amdcpu = lib.mkEnableOption "optional amd cpu settings";
+ config = lib.mkIf config.swarselsystems.modules.optional.amdcpu {
+ hardware = {
+ cpu.amd.updateMicrocode = true;
+ };
+ };
+}
+
+
+
+
+
+3.3.4.8. AMD GPU
+
+
+{ lib, config, ... }:
+{
+ options.swarselsystems.modules.optional.amdgpu = lib.mkEnableOption "optional amd gpu settings";
+ config = lib.mkIf config.swarselsystems.modules.optional.amdgpu {
+ hardware = {
+ amdgpu = {
+ opencl.enable = true;
+ amdvlk = {
+ enable = true;
+ support32Bit.enable = true;
+ };
+ };
+ };
+ };
+}
+
+
+
+
+
+3.3.4.9. Hibernation
+
+
+{ lib, config, ... }:
+{
+ options.swarselsystems = {
+ modules.optional.hibernation = lib.mkEnableOption "optional amd gpu settings";
+ hibernation = {
+ offset = lib.mkOption {
+ type = lib.types.int;
+ default = 0;
+ };
+ resumeDevice = lib.mkOption {
+ type = lib.types.str;
+ default = "/dev/disk/by-label/nixos";
+ };
+ };
+ };
+ config = lib.mkIf config.swarselsystems.modules.optional.hibernation {
+ boot = {
+ kernelParams = [
+ "resume_offset=${builtins.toString config.swarselsystems.hibernation.offset}"
+ ];
+ inherit (config.swarselsystems.hibernation) resumeDevice;
+ };
+ };
+}
+
+
+
+
+
+3.3.4.10. BTRFS
+
+
+{ lib, config, ... }:
+{
+ options.swarselsystems.modules.optional.btrfs = lib.mkEnableOption "optional btrfs settings";
+ config = lib.mkIf config.swarselsystems.modules.optional.btrfs {
+ boot = {
+ supportedFilesystems = [ "btrfs" ];
};
};
}
@@ -9630,7 +9794,7 @@ This smashes Atmosphere 1.3.2 on the switch, which is what I am currenty using.
-3.3.4.6. work
+3.3.4.11. work
Options that I need specifically at work. There are more options at Work (home-manager side).
@@ -9639,7 +9803,7 @@ Options that I need specifically at work. There are more options at
{ self, lib, pkgs, config, ... }:
let
- inherit (config.swarselsystems) mainUser homeDir xdgDir;
+ inherit (config.swarselsystems) mainUser xdgDir;
owner = mainUser;
sopsFile = self + /secrets/work/secrets.yaml;
swarselService = name: description: execStart: {
@@ -9663,144 +9827,187 @@ let
};
in
{
- sops = {
- secrets = {
- vcuser = {
- inherit owner sopsFile;
+ options.swarselsystems = {
+ modules.optional.work = lib.mkEnableOption "optional work settings";
+ hostName = lib.mkOption {
+ type = lib.types.str;
+ default = "";
+ };
+ fqdn = lib.mkOption {
+ type = lib.types.str;
+ default = "";
+ };
+ };
+ config = lib.mkIf config.swarselsystems.modules.optional.work {
+ sops =
+ let
+ secretNames = [
+ "vcuser"
+ "vcpw"
+ "govcuser"
+ "govcpw"
+ "govcurl"
+ "govcdc"
+ "govcds"
+ "govchost"
+ "govcnetwork"
+ "govcpool"
+ ];
+ in
+ {
+ secrets = builtins.listToAttrs (
+ map
+ (name: {
+ inherit name;
+ value = { inherit owner sopsFile; };
+ })
+ secretNames
+ );
};
- vcpw = {
- inherit owner sopsFile;
+
+ boot.initrd = {
+ systemd.enable = lib.mkForce true; # make sure we are using initrd systemd even when not using Impermanence
+ luks = {
+ # disable "support" since we use systemd-cryptenroll
+ # make sure yubikeys are enrolled using
+ # sudo systemd-cryptenroll --fido2-device=auto --fido2-with-user-verification=no --fido2-with-user-presence=true --fido2-with-client-pin=no /dev/nvme0n1p2
+ yubikeySupport = false;
+ fido2Support = false;
};
};
- };
- boot.initrd = {
- systemd.enable = lib.mkForce true; # make sure we are using initrd systemd even when not using Impermanence
- luks = {
- # disable "support" since we use systemd-cryptenroll
- # make sure yubikeys are enrolled using
- # sudo systemd-cryptenroll --fido2-device=auto --fido2-with-user-verification=no --fido2-with-user-presence=true --fido2-with-client-pin=no /dev/nvme0n1p2
- yubikeySupport = false;
- fido2Support = false;
- };
- };
+ programs = {
+ zsh.shellInit = ''
+ export VSPHERE_USER="$(cat ${config.sops.secrets.vcuser.path})"
+ export VSPHERE_PW="$(cat ${config.sops.secrets.vcpw.path})"
+ export GOVC_USERNAME="$(cat ${config.sops.secrets.govcuser.path})"
+ export GOVC_PASSWORD="$(cat ${config.sops.secrets.govcpw.path})"
+ export GOVC_URL="$(cat ${config.sops.secrets.govcurl.path})"
+ export GOVC_DATACENTER="$(cat ${config.sops.secrets.govcdc.path})"
+ export GOVC_DATASTORE="$(cat ${config.sops.secrets.govcds.path})"
+ export GOVC_HOST="$(cat ${config.sops.secrets.govchost.path})"
+ export GOVC_RESOURCE_POOL="$(cat ${config.sops.secrets.govcpool.path})"
+ export GOVC_NETWORK="$(cat ${config.sops.secrets.govcnetwork.path})"
+ '';
- programs = {
- zsh.shellInit = ''
- export VSPHERE_USER="$(cat ${config.sops.secrets.vcuser.path})"
- export VSPHERE_PW="$(cat ${config.sops.secrets.vcpw.path})"
- '';
-
- browserpass.enable = true;
- _1password.enable = true;
- _1password-gui = {
- enable = true;
- polkitPolicyOwners = [ "${mainUser}" ];
- };
- };
-
- networking = {
- firewall.trustedInterfaces = [ "virbr0" ];
- search = [
- "vbc.ac.at"
- "clip.vbc.ac.at"
- "imp.univie.ac.at"
- ];
- };
-
- virtualisation = {
- docker.enable = lib.mkIf (!config.virtualisation.podman.dockerCompat) true;
- spiceUSBRedirection.enable = true;
- libvirtd = {
- enable = true;
- qemu = {
- package = pkgs.qemu_kvm;
- runAsRoot = true;
- swtpm.enable = true;
- vhostUserPackages = with pkgs; [ virtiofsd ];
- ovmf = {
- enable = true;
- packages = [
- (pkgs.OVMFFull.override {
- secureBoot = true;
- tpmSupport = true;
- }).fd
- ];
- };
+ browserpass.enable = true;
+ _1password.enable = true;
+ _1password-gui = {
+ enable = true;
+ polkitPolicyOwners = [ "${mainUser}" ];
};
};
- };
- environment.systemPackages = with pkgs; [
- # (python39.withPackages (ps: with ps; [
- # cryptography
- # ]))
- # docker
- python39
- qemu
- packer
- gnumake
- libisoburn
- govc
- terraform
- graphviz
-
- # vm
- virt-manager
- virt-viewer
- virtiofsd
- spice
- spice-gtk
- spice-protocol
- win-virtio
- win-spice
- ];
-
-
- services = {
- spice-vdagentd.enable = true;
- openssh = {
- enable = true;
- extraConfig = ''
- '';
+ networking = {
+ inherit (config.swarselsystems) hostName fqdn;
+ networkmanager.wifi.scanRandMacAddress = false;
+ firewall = {
+ enable = lib.mkDefault true;
+ trustedInterfaces = [ "virbr0" ];
+ };
+ search = [
+ "vbc.ac.at"
+ "clip.vbc.ac.at"
+ "imp.univie.ac.at"
+ ];
};
- syncthing = {
- settings = {
- "winters" = {
- id = "O7RWDMD-AEAHPP7-7TAVLKZ-BSWNBTU-2VA44MS-EYGUNBB-SLHKB3C-ZSLMOAA";
- };
- folders = {
- "Documents" = {
- path = "${homeDir}/Documents";
- devices = [ "magicant" "winters" ];
- id = "hgr3d-pfu3w";
+ virtualisation = {
+ docker.enable = lib.mkIf (!config.virtualisation.podman.dockerCompat) true;
+ spiceUSBRedirection.enable = true;
+ libvirtd = {
+ enable = true;
+ qemu = {
+ package = pkgs.qemu_kvm;
+ runAsRoot = true;
+ swtpm.enable = true;
+ vhostUserPackages = with pkgs; [ virtiofsd ];
+ ovmf = {
+ enable = true;
+ packages = [
+ (pkgs.OVMFFull.override {
+ secureBoot = true;
+ tpmSupport = true;
+ }).fd
+ ];
};
};
};
};
- udev.extraRules = ''
- # share screen when dongle detected
- SUBSYSTEM=="usb", ACTION=="add", ATTRS{idVendor}=="04e8", ATTRS{idProduct}=="6860", TAG+="systemd", ENV{SYSTEMD_WANTS}="swarsel-screenshare.service"
+ environment.systemPackages = with pkgs; [
+ # (python39.withPackages (ps: with ps; [
+ # cryptography
+ # ]))
+ # docker
+ stable.python39
+ qemu
+ packer
+ gnumake
+ libisoburn
+ govc
+ terraform
+ opentofu
+ terragrunt
+ graphviz
- # lock screen when yubikey removed
- ACTION=="remove", ENV{PRODUCT}=="3/1050/407/110", RUN+="${pkgs.systemd}/bin/systemctl suspend"
- '';
+ # vm
+ virt-manager
+ virt-viewer
+ virtiofsd
+ spice
+ spice-gtk
+ spice-protocol
+ win-virtio
+ win-spice
+ ];
- };
- systemd.services = lib.mkMerge [
- (swarselService "swarsel-screenshare" "Start screensharing after HDMI dongle is detected" "${pkgs.screenshare}/bin/screenshare -h")
- ];
+ services = {
+ spice-vdagentd.enable = true;
+ openssh = {
+ enable = true;
+ extraConfig = ''
+ '';
+ };
- # cgroups v1 is required for centos7 dockers
- specialisation = {
- cgroup_v1.configuration = {
- boot.kernelParams = [
- "SYSTEMD_CGROUP_ENABLE_LEGACY_FORCE=1"
- "systemd.unified_cgroup_hierarchy=0"
- ];
+ # syncthing = {
+ # settings = {
+ # "winters" = {
+ # id = "O7RWDMD-AEAHPP7-7TAVLKZ-BSWNBTU-2VA44MS-EYGUNBB-SLHKB3C-ZSLMOAA";
+ # };
+ # folders = {
+ # "Documents" = {
+ # path = "${homeDir}/Documents";
+ # devices = [ "magicant" "winters" ];
+ # id = "hgr3d-pfu3w";
+ # };
+ # };
+ # };
+ # };
+
+ udev.extraRules = ''
+ # share screen when dongle detected
+ SUBSYSTEM=="usb", ACTION=="add", ATTRS{idVendor}=="343c", ATTRS{idProduct}=="0000", TAG+="systemd", ENV{SYSTEMD_WANTS}="swarsel-screenshare.service"
+
+ # lock screen when yubikey removed
+ ACTION=="remove", ENV{PRODUCT}=="3/1050/407/110", RUN+="${pkgs.systemd}/bin/systemctl suspend"
+ '';
+
+ };
+
+ systemd.services = lib.mkMerge [
+ (swarselService "swarsel-screenshare" "Start screensharing after HDMI dongle is detected" "${pkgs.screenshare}/bin/screenshare -h")
+ ];
+
+ # cgroups v1 is required for centos7 dockers
+ specialisation = {
+ cgroup_v1.configuration = {
+ boot.kernelParams = [
+ "SYSTEMD_CGROUP_ENABLE_LEGACY_FORCE=1"
+ "systemd.unified_cgroup_hierarchy=0"
+ ];
+ };
};
};
@@ -9810,7 +10017,7 @@ in
-3.3.4.7. Minimal Install
+3.3.4.12. Minimal Install
These options are really only to be used on the iso image in order to run nixos-anywhere.
@@ -9912,17 +10119,311 @@ This section sets up all the imports that are used in the home-manager section.
{ lib, ... }:
let
- importNames = lib.swarselsystems.readNix "profiles/home/common";
+ importNames = lib.swarselsystems.readNix "modules/home/common";
in
{
- imports = lib.swarselsystems.mkImports importNames "profiles/home/common";
+ imports = lib.swarselsystems.mkImports importNames "modules/home/common";
+}
+
+
+
+
+
+3.4.1.2. Shared Configuration Options
+
+
+Provides settings related to nix-darwin systems. At the moment, I am only making use of a isDarwin flag.
+
+
+
+At work I am using several services that are using SSO login - however, as I am using four different accounts at work, this becomes a chore here. Hence, I have defined multiple profiles in Work that are all practically using the same configuration. To save screen space, I template that profile here.
+Set in firefox about:config > toolkit.legacyUserProfileCustomizations.stylesheets to true. This should in principle be set automatically using the below config, but it seems not to be working reliably
+
+
+
+{ self, lib, pkgs, ... }:
+let
+ lock-false = {
+ Value = false;
+ Status = "locked";
+ };
+ lock-true = {
+ Value = true;
+ Status = "locked";
+ };
+in
+{
+ options.swarselsystems = {
+ isLaptop = lib.mkEnableOption "laptop host";
+ isNixos = lib.mkEnableOption "nixos host";
+ isPublic = lib.mkEnableOption "is a public machine (no secrets)";
+ isDarwin = lib.mkEnableOption "darwin host";
+ isLinux = lib.mkEnableOption "whether this is a linux machine";
+ isBtrfs = lib.mkEnableOption "use btrfs filesystem";
+ mainUser = lib.mkOption {
+ type = lib.types.str;
+ default = "swarsel";
+ };
+ homeDir = lib.mkOption {
+ type = lib.types.str;
+ default = "/home/swarsel";
+ };
+ xdgDir = lib.mkOption {
+ type = lib.types.str;
+ default = "/run/user/1000";
+ };
+ flakePath = lib.mkOption {
+ type = lib.types.str;
+ default = "/home/swarsel/.dotfiles";
+ };
+ wallpaper = lib.mkOption {
+ type = lib.types.path;
+ default = "${self}/wallpaper/lenovowp.png";
+ };
+ sharescreen = lib.mkOption {
+ type = lib.types.str;
+ default = "";
+ };
+ lowResolution = lib.mkOption {
+ type = lib.types.str;
+ default = "";
+ };
+ highResolution = lib.mkOption {
+ type = lib.types.str;
+ default = "";
+ };
+
+ stylix = lib.mkOption {
+ type = lib.types.attrs;
+ default = {
+ enable = true;
+ base16Scheme = "${self}/programs/stylix/swarsel.yaml";
+ polarity = "dark";
+ opacity.popups = 0.5;
+ cursor = {
+ package = pkgs.banana-cursor;
+ # package = pkgs.capitaine-cursors;
+ name = "Banana";
+ # name = "capitaine-cursors";
+ size = 16;
+ };
+ fonts = {
+ sizes = {
+ terminal = 10;
+ applications = 11;
+ };
+ serif = {
+ # package = (pkgs.nerdfonts.override { fonts = [ "FiraMono" "FiraCode"]; });
+ package = pkgs.cantarell-fonts;
+ # package = pkgs.montserrat;
+ name = "Cantarell";
+ # name = "FiraCode Nerd Font Propo";
+ # name = "Montserrat";
+ };
+ sansSerif = {
+ # package = (pkgs.nerdfonts.override { fonts = [ "FiraMono" "FiraCode"]; });
+ package = pkgs.cantarell-fonts;
+ # package = pkgs.montserrat;
+ name = "Cantarell";
+ # name = "FiraCode Nerd Font Propo";
+ # name = "Montserrat";
+ };
+ monospace = {
+ package = pkgs.nerd-fonts.fira-mono; # has overrides
+ name = "FiraCode Nerd Font Mono";
+ };
+ emoji = {
+ package = pkgs.noto-fonts-emoji;
+ name = "Noto Color Emoji";
+ };
+ };
+ };
+ };
+ stylixHomeTargets = lib.mkOption {
+ type = lib.types.attrs;
+ default = {
+ emacs.enable = false;
+ waybar.enable = false;
+ sway.useWallpaper = false;
+ firefox.profileNames = [ "default" ];
+ };
+ };
+
+ firefox = lib.mkOption {
+ type = lib.types.attrs;
+ default = {
+ userChrome = builtins.readFile "${self}/programs/firefox/chrome/userChrome.css";
+ extensions = {
+ packages = with pkgs.nur.repos.rycee.firefox-addons; [
+ tridactyl
+ tampermonkey
+ sidebery
+ browserpass
+ clearurls
+ darkreader
+ enhancer-for-youtube
+ istilldontcareaboutcookies
+ translate-web-pages
+ ublock-origin
+ reddit-enhancement-suite
+ sponsorblock
+ web-archives
+ onepassword-password-manager
+ single-file
+ widegithub
+ enhanced-github
+ unpaywall
+ don-t-fuck-with-paste
+ plasma-integration
+ noscript
+
+ # configure a shortcut 'ctrl+shift+c' with behaviour 'do nothing' in order to disable the dev console shortcut
+ (buildFirefoxXpiAddon {
+ pname = "shortkeys";
+ version = "4.0.2";
+ addonId = "Shortkeys@Shortkeys.com";
+ url = "https://addons.mozilla.org/firefox/downloads/file/3673761/shortkeys-4.0.2.xpi";
+ sha256 = "c6fe12efdd7a871787ac4526eea79ecc1acda8a99724aa2a2a55c88a9acf467c";
+ meta = with lib;
+ {
+ description = "Easily customizable custom keyboard shortcuts for Firefox. To configure this addon go to Addons (ctrl+shift+a) ->Shortkeys ->Options. Report issues here (please specify that the issue is found in Firefox): https://github.com/mikecrittenden/shortkeys";
+ mozPermissions = [
+ "tabs"
+ "downloads"
+ "clipboardWrite"
+ "browsingData"
+ "storage"
+ "bookmarks"
+ "sessions"
+ "<all_urls>"
+ ];
+ platforms = platforms.all;
+ };
+ })
+ ];
+ };
+
+ settings =
+ {
+ "extensions.autoDisableScopes" = 0;
+ "browser.bookmarks.showMobileBookmarks" = lock-true;
+ "toolkit.legacyUserProfileCustomizations.stylesheets" = lock-true;
+ "browser.search.suggest.enabled" = lock-false;
+ "browser.search.suggest.enabled.private" = lock-false;
+ "browser.urlbar.suggest.searches" = lock-false;
+ "browser.urlbar.showSearchSuggestionsFirst" = lock-false;
+ "browser.topsites.contile.enabled" = lock-false;
+ "browser.newtabpage.activity-stream.feeds.section.topstories" = lock-false;
+ "browser.newtabpage.activity-stream.feeds.snippets" = lock-false;
+ "browser.newtabpage.activity-stream.section.highlights.includePocket" = lock-false;
+ "browser.newtabpage.activity-stream.section.highlights.includeBookmarks" = lock-false;
+ "browser.newtabpage.activity-stream.section.highlights.includeDownloads" = lock-false;
+ "browser.newtabpage.activity-stream.section.highlights.includeVisited" = lock-false;
+ "browser.newtabpage.activity-stream.showSponsored" = lock-false;
+ "browser.newtabpage.activity-stream.system.showSponsored" = lock-false;
+ "browser.newtabpage.activity-stream.showSponsoredTopSites" = lock-false;
+ };
+
+ search = {
+ # default = "Kagi";
+ default = "google";
+ # privateDefault = "Kagi";
+ privateDefault = "google";
+ engines = {
+ "Kagi" = {
+ urls = [{
+ template = "https://kagi.com/search";
+ params = [
+ { name = "q"; value = "{searchTerms}"; }
+ ];
+ }];
+ icon = "https://kagi.com/favicon.ico";
+ updateInterval = 24 * 60 * 60 * 1000; # every day
+ definedAliases = [ "@k" ];
+ };
+
+ "Nix Packages" = {
+ urls = [{
+ template = "https://search.nixos.org/packages";
+ params = [
+ { name = "type"; value = "packages"; }
+ { name = "query"; value = "{searchTerms}"; }
+ ];
+ }];
+ icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg";
+ definedAliases = [ "@np" ];
+ };
+
+ "NixOS Wiki" = {
+ urls = [{
+ template = "https://nixos.wiki/index.php?search={searchTerms}";
+ }];
+ icon = "https://nixos.wiki/favicon.png";
+ updateInterval = 24 * 60 * 60 * 1000; # every day
+ definedAliases = [ "@nw" ];
+ };
+
+ "NixOS Options" = {
+ urls = [{
+ template = "https://search.nixos.org/options";
+ params = [
+ { name = "query"; value = "{searchTerms}"; }
+ ];
+ }];
+
+ icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg";
+ definedAliases = [ "@no" ];
+ };
+
+ "Home Manager Options" = {
+ urls = [{
+ template = "https://home-manager-options.extranix.com/";
+ params = [
+ { name = "query"; value = "{searchTerms}"; }
+ ];
+ }];
+
+ icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg";
+ definedAliases = [ "@hm" "@ho" "@hmo" ];
+ };
+
+ "Confluence search" = {
+ urls = [{
+ template = "https://vbc.atlassian.net/wiki/search";
+ params = [
+ { name = "text"; value = "{searchTerms}"; }
+ ];
+ }];
+
+ definedAliases = [ "@c" "@cf" "@confluence" ];
+ };
+
+ "Jira search" = {
+ urls = [{
+ template = "https://vbc.atlassian.net/issues/";
+ params = [
+ { name = "jql"; value = "textfields ~ \"{searchTerms}*\"&wildcardFlag=true"; }
+ ];
+ }];
+
+ definedAliases = [ "@j" "@jire" ];
+ };
+
+ "google".metaData.alias = "@g";
+ };
+ force = true; # this is required because otherwise the search.json.mozlz4 symlink gets replaced on every firefox restart
+ };
+ };
+ };
+
+ };
}
-3.4.1.2. General home-manager-settings
+3.4.1.3. General home-manager-settings
Again, we adapt nix to our needs, enable the home-manager command for non-NixOS machines (NixOS machines are using it as a module) and setting user information that I always keep the same.
@@ -9934,41 +10435,44 @@ let
inherit (config.swarselsystems) mainUser;
in
{
- nix = lib.mkIf (!config.swarselsystems.isNixos) {
- settings = {
- experimental-features = [
- "nix-command"
- "flakes"
- "ca-derivations"
- "cgroups"
- "pipe-operators"
- ];
- trusted-users = [ "@wheel" "${mainUser}" ];
- connect-timeout = 5;
- bash-prompt-prefix = "[33m$SHLVL:\\w [0m";
- bash-prompt = "$(if [[ $? -gt 0 ]]; then printf \"[31m\"; else printf \"[32m\"; fi)\[\e[1m\]λ\[\e[0m\] [0m";
- fallback = true;
- min-free = 128000000;
- max-free = 1000000000;
- auto-optimise-store = true;
- warn-dirty = false;
- max-jobs = 1;
- use-cgroups = lib.mkIf config.swarselsystems.isLinux true;
+ options.swarselsystems.modules.general = lib.mkEnableOption "general nix settings";
+ config = lib.mkIf config.swarselsystems.modules.general {
+ nix = lib.mkIf (!config.swarselsystems.isNixos) {
+ settings = {
+ experimental-features = [
+ "nix-command"
+ "flakes"
+ "ca-derivations"
+ "cgroups"
+ "pipe-operators"
+ ];
+ trusted-users = [ "@wheel" "${mainUser}" ];
+ connect-timeout = 5;
+ bash-prompt-prefix = "[33m$SHLVL:\\w [0m";
+ bash-prompt = "$(if [[ $? -gt 0 ]]; then printf \"[31m\"; else printf \"[32m\"; fi)\[\e[1m\]λ\[\e[0m\] [0m";
+ fallback = true;
+ min-free = 128000000;
+ max-free = 1000000000;
+ auto-optimise-store = true;
+ warn-dirty = false;
+ max-jobs = 1;
+ use-cgroups = lib.mkIf config.swarselsystems.isLinux true;
+ };
};
- };
- nixpkgs.overlays = lib.mkIf config.swarselsystems.isNixos (lib.mkForce null);
+ nixpkgs.overlays = lib.mkIf config.swarselsystems.isNixos (lib.mkForce null);
- programs.home-manager.enable = lib.mkIf (!config.swarselsystems.isNixos) true;
- targets.genericLinux.enable = lib.mkIf (!config.swarselsystems.isNixos) true;
+ programs.home-manager.enable = lib.mkIf (!config.swarselsystems.isNixos) true;
+ targets.genericLinux.enable = lib.mkIf (!config.swarselsystems.isNixos) true;
- home = {
- username = lib.mkDefault mainUser;
- homeDirectory = lib.mkDefault "/home/${mainUser}";
- stateVersion = lib.mkDefault "23.05";
- keyboard.layout = "us";
- sessionVariables = {
- FLAKE = "/home/${mainUser}/.dotfiles";
+ home = {
+ username = lib.mkDefault mainUser;
+ homeDirectory = lib.mkDefault "/home/${mainUser}";
+ stateVersion = lib.mkDefault "23.05";
+ keyboard.layout = "us";
+ sessionVariables = {
+ FLAKE = "/home/${mainUser}/.dotfiles";
+ };
};
};
@@ -9978,28 +10482,48 @@ in
-3.4.1.3. nixGL
+3.4.1.4. nixGL
This integrates nixGL into home-manager. NixGL provies OpenGL and Vulkan APIs to nix installed utilities. This is needed for graphical applications on non-NixOS systems.
+
+to get the info for the secondary gpu, use `lspci -nn | grep VGA`
+It can be set to either:
+
+
+- a number, selecting the n-th non-default GPU
+- a PCI bus id in the form
pci-XXX_YY_ZZ_U
+- a PCI id in the form
vendor_id:device_id
+
+
{ lib, config, nixgl, ... }:
{
- nixGL = lib.mkIf (!config.swarselsystems.isNixos) {
- inherit (nixgl) packages;
- defaultWrapper = lib.mkDefault "mesa";
- vulkan.enable = lib.mkDefault false;
- prime = lib.mkIf config.swarselsystem.isSecondaryGpu {
- card = config.swarselsystem.secondaryGpuCard;
- installScript = "mesa";
+ options.swarselsystems = {
+ modules.nixgl = lib.mkEnableOption "nixgl settings";
+ isSecondaryGpu = lib.mkEnableOption "device has a secondary GPU";
+ SecondaryGpuCard = lib.mkOption {
+ type = lib.types.str;
+ default = "";
+ };
+ };
+ config = lib.mkIf config.swarselsystems.modules.nixgl {
+ nixGL = lib.mkIf (!config.swarselsystems.isNixos) {
+ inherit (nixgl) packages;
+ defaultWrapper = lib.mkDefault "mesa";
+ vulkan.enable = lib.mkDefault false;
+ prime = lib.mkIf config.swarselsystem.isSecondaryGpu {
+ card = config.swarselsystem.secondaryGpuCard;
+ installScript = "mesa";
+ };
+ offloadWrapper = lib.mkIf config.swarselsystem.isSecondaryGpu "mesaPrime";
+ installScripts = [
+ "mesa"
+ "mesaPrime"
+ ];
};
- offloadWrapper = lib.mkIf config.swarselsystem.isSecondaryGpu "mesaPrime";
- installScripts = [
- "mesa"
- "mesaPrime"
- ];
};
}
@@ -10007,7 +10531,7 @@ This integrates nixGL into home-manager. NixGL provies OpenGL and Vulkan APIs to
-3.4.1.4. Installed packages
+3.4.1.5. Installed packages
-3.4.1.4.2. Self-defined
+3.4.1.5.2. Self-defined
This is just a separate container for derivations defined in Packages. This is a good idea so that I do not lose track of package names I have defined myself, as this was once a problem in the past already.
-{ config, pkgs, ... }:
+{ lib, config, pkgs, ... }:
{
- home.packages = with pkgs; lib.mkIf (!config.swarselsystems.isPublic) [
- pass-fuzzel
- cura5
- cdw
- cdb
- bak
- timer
- e
- swarselcheck
- waybarupdate
- opacitytoggle
- fs-diff
- github-notifications
- hm-specialisation
- t2ts
- ts2t
- vershell
- eontimer
- project
- fhs
- swarsel-bootstrap
- swarsel-displaypower
- swarselzellij
+ options.swarselsystems.modules.ownpackages = lib.mkEnableOption "own packages settings";
+ config = lib.mkIf config.swarselsystems.modules.ownpackages {
+ home.packages = with pkgs; lib.mkIf (!config.swarselsystems.isPublic) [
+ pass-fuzzel
+ cura5
+ cdw
+ cdb
+ bak
+ timer
+ e
+ swarselcheck
+ waybarupdate
+ opacitytoggle
+ fs-diff
+ github-notifications
+ hm-specialisation
+ t2ts
+ ts2t
+ vershell
+ eontimer
+ project
+ fhs
+ swarsel-bootstrap
+ swarsel-displaypower
+ swarselzellij
+ sshrm
- rustdesk-vbc
- ];
+ rustdesk-vbc
+ ];
+ };
}
@@ -10256,7 +10788,7 @@ This is just a separate container for derivations defined in
-3.4.1.5. sops
+3.4.1.6. sops
I use sops-nix to handle secrets that I want to have available on my machines at all times. Procedure to add a new machine:
@@ -10281,18 +10813,21 @@ let
inherit (config.swarselsystems) homeDir xdgDir;
in
{
- sops = lib.mkIf (!config.swarselsystems.isPublic) {
- age.sshKeyPaths = [ "${homeDir}/.ssh/sops" "${homeDir}/.ssh/ssh_host_ed25519_key" ];
- defaultSopsFile = lib.swarselsystems.mkIfElseList config.swarselsystems.isBtrfs "/persist/.dotfiles/secrets/general/secrets.yaml" "${homeDir}/.dotfiles/secrets/general/secrets.yaml";
+ options.swarselsystems.modules.sops = lib.mkEnableOption "sops settings";
+ config = lib.mkIf config.swarselsystems.modules.sops {
+ sops = lib.mkIf (!config.swarselsystems.isPublic) {
+ age.sshKeyPaths = [ "${homeDir}/.ssh/sops" "${homeDir}/.ssh/ssh_host_ed25519_key" ];
+ defaultSopsFile = lib.swarselsystems.mkIfElseList config.swarselsystems.isBtrfs "/persist/.dotfiles/secrets/general/secrets.yaml" "${homeDir}/.dotfiles/secrets/general/secrets.yaml";
- validateSopsFiles = false;
- secrets = {
- mrswarsel = { path = "${xdgDir}/secrets/mrswarsel"; };
- nautilus = { path = "${xdgDir}/secrets/nautilus"; };
- leon = { path = "${xdgDir}/secrets/leon"; };
- swarselmail = { path = "${xdgDir}/secrets/swarselmail"; };
- github_notif = { path = "${xdgDir}/secrets/github_notif"; };
- u2f_keys = { path = "${homeDir}/.config/Yubico/u2f_keys"; };
+ validateSopsFiles = false;
+ secrets = {
+ mrswarsel = { path = "${xdgDir}/secrets/mrswarsel"; };
+ nautilus = { path = "${xdgDir}/secrets/nautilus"; };
+ leon = { path = "${xdgDir}/secrets/leon"; };
+ swarselmail = { path = "${xdgDir}/secrets/swarselmail"; };
+ github_notif = { path = "${xdgDir}/secrets/github_notif"; };
+ u2f_keys = { path = "${homeDir}/.config/Yubico/u2f_keys"; };
+ };
};
};
}
@@ -10301,21 +10836,24 @@ in
-3.4.1.6. Yubikey
+3.4.1.7. Yubikey
-{ lib, nix-secrets, ... }:
+{ lib, config, nix-secrets, ... }:
let
secretsDirectory = builtins.toString nix-secrets;
yubikey1 = lib.swarselsystems.getSecret "${secretsDirectory}/yubikey/yubikey1";
yubikey2 = lib.swarselsystems.getSecret "${secretsDirectory}/yubikey/yubikey2";
in
{
- pam.yubico.authorizedYubiKeys = {
- ids = [
- "${yubikey1}"
- "${yubikey2}"
- ];
+ options.swarselsystems.modules.yubikey = lib.mkEnableOption "yubikey settings";
+ config = lib.mkIf config.swarselsystems.modules.yubikey {
+ pam.yubico.authorizedYubiKeys = {
+ ids = [
+ "${yubikey1}"
+ "${yubikey2}"
+ ];
+ };
};
}
@@ -10323,46 +10861,49 @@ in
-3.4.1.7. SSH Machines
+3.4.1.8. SSH Machines
It is very convenient to have SSH aliases in place for machines that I use. This is mainly used for some server machines and some university clusters. We also enable agent forwarding to have our Yubikey SSH key accessible on the remote host.
-_:
+{ lib, config, ... }:
{
- programs.ssh = {
- enable = true;
- forwardAgent = true;
- extraConfig = ''
- SetEnv TERM=xterm-256color
- ServerAliveInterval 20
- '';
- matchBlocks = {
- "pfsense" = {
- hostname = "192.168.1.1";
- user = "root";
- };
- "winters" = {
- hostname = "192.168.1.2";
- user = "swarsel";
- };
- "minecraft" = {
- hostname = "130.61.119.129";
- user = "opc";
- };
- "sync" = {
- hostname = "193.122.53.173";
- user = "root";
- };
- "songdiver" = {
- hostname = "89.168.100.65";
- user = "ubuntu";
- };
- "pkv" = {
- hostname = "46.232.248.161";
- user = "root";
+ options.swarselsystems.modules.ssh = lib.mkEnableOption "ssh settings";
+ config = lib.mkIf config.swarselsystems.modules.ssh {
+ programs.ssh = {
+ enable = true;
+ forwardAgent = true;
+ extraConfig = ''
+ SetEnv TERM=xterm-256color
+ ServerAliveInterval 20
+ '';
+ matchBlocks = {
+ "pfsense" = {
+ hostname = "192.168.1.1";
+ user = "root";
+ };
+ "winters" = {
+ hostname = "192.168.1.2";
+ user = "swarsel";
+ };
+ "minecraft" = {
+ hostname = "130.61.119.129";
+ user = "opc";
+ };
+ "sync" = {
+ hostname = "193.122.53.173";
+ user = "root";
+ };
+ "songdiver" = {
+ hostname = "89.168.100.65";
+ user = "ubuntu";
+ };
+ "pkv" = {
+ hostname = "46.232.248.161";
+ user = "root";
+ };
};
};
};
@@ -10372,7 +10913,7 @@ It is very convenient to have SSH aliases in place for machines that I use. This
-3.4.1.8. Theme (stylix)
+3.4.1.9. Theme (stylix)
These section allows home-manager to allow theme settings, and handles some other appearance-related settings like cursor styles. Interestingly, system icons (adwaita) still need to be setup on system-level, and will break if defined here.
@@ -10389,24 +10930,22 @@ This section has been notably empty ever since switching to stylix. Only Emacs i
{ lib, config, ... }:
{
- stylix = lib.mkIf (!config.swarselsystems.isNixos) (lib.recursiveUpdate
- {
- image = config.swarselsystems.wallpaper;
- targets = {
- emacs.enable = false;
- waybar.enable = false;
- sway.useWallpaper = false;
- firefox.profileNames = [ "default" ];
- };
- }
- config.swarselsystems.stylix);
+ options.swarselsystems.modules.stylix = lib.mkEnableOption "stylix settings";
+ config = lib.mkIf config.swarselsystems.modules.stylix {
+ stylix = lib.mkIf (!config.swarselsystems.isNixos) (lib.recursiveUpdate
+ {
+ image = config.swarselsystems.wallpaper;
+ targets = config.swarselsystems.stylixHomeTargets;
+ }
+ config.swarselsystems.stylix);
+ };
}
-3.4.1.9. Desktop Entries, MIME types (xdg)
+3.4.1.10. Desktop Entries, MIME types (xdg)
Some programs lack a dmenu launcher - I define them myself here.
@@ -10417,95 +10956,97 @@ TODO: Non-NixOS machines (=sp3) should not use these by default, but instead the
-
-_:
+{ lib, config, ... }:
{
- xdg.desktopEntries = {
+ options.swarselsystems.modules.desktop = lib.mkEnableOption "desktop settings";
+ config = lib.mkIf config.swarselsystems.modules.desktop {
+ xdg.desktopEntries = {
+
+ cura = {
+ name = "Ultimaker Cura";
+ genericName = "Cura";
+ exec = "cura";
+ terminal = false;
+ categories = [ "Application" ];
+ };
+
+ rustdesk-vbc = {
+ name = "Rustdesk VBC";
+ genericName = "rustdesk-vbc";
+ exec = "rustdesk-vbc";
+ terminal = false;
+ categories = [ "Application" ];
+ };
+
+ anki = {
+ name = "Anki Flashcards";
+ genericName = "Anki";
+ exec = "anki";
+ terminal = false;
+ categories = [ "Application" ];
+ };
+
+ element = {
+ name = "Element Matrix Client";
+ genericName = "Element";
+ exec = "element-desktop -enable-features=UseOzonePlatform -ozone-platform=wayland --disable-gpu-driver-bug-workarounds";
+ terminal = false;
+ categories = [ "Application" ];
+ };
+
+ emacsclient-newframe = {
+ name = "Emacs (Client, New Frame)";
+ genericName = "Emacs (Client, New Frame)";
+ exec = "emacsclient -r %u";
+ icon = "emacs";
+ terminal = false;
+ categories = [ "Development" "TextEditor" ];
+ };
- cura = {
- name = "Ultimaker Cura";
- genericName = "Cura";
- exec = "cura";
- terminal = false;
- categories = [ "Application" ];
};
- rustdesk-vbc = {
- name = "Rustdesk VBC";
- genericName = "rustdesk-vbc";
- exec = "rustdesk-vbc";
- terminal = false;
- categories = [ "Application" ];
- };
+ xdg.mimeApps = {
- anki = {
- name = "Anki Flashcards";
- genericName = "Anki";
- exec = "anki";
- terminal = false;
- categories = [ "Application" ];
- };
-
- element = {
- name = "Element Matrix Client";
- genericName = "Element";
- exec = "element-desktop -enable-features=UseOzonePlatform -ozone-platform=wayland --disable-gpu-driver-bug-workarounds";
- terminal = false;
- categories = [ "Application" ];
- };
-
- emacsclient-newframe = {
- name = "Emacs (Client, New Frame)";
- genericName = "Emacs (Client, New Frame)";
- exec = "emacsclient -r %u";
- icon = "emacs";
- terminal = false;
- categories = [ "Development" "TextEditor" ];
- };
-
- };
-
- xdg.mimeApps = {
-
- enable = true;
- defaultApplications = {
- "x-scheme-handler/http" = [ "firefox.desktop" ];
- "x-scheme-handler/https" = [ "firefox.desktop" ];
- "x-scheme-handler/chrome" = [ "firefox.desktop" ];
- "text/plain" = [ "emacsclient.desktop" ];
- "text/csv" = [ "emacsclient.desktop" ];
- "text/html" = [ "firefox.desktop" ];
- "application/x-extension-htm" = [ "firefox.desktop" ];
- "application/x-extension-html" = [ "firefox.desktop" ];
- "application/x-extension-shtml" = [ "firefox.desktop" ];
- "application/xhtml+xml" = [ "firefox.desktop" ];
- "application/x-extension-xhtml" = [ "firefox.desktop" ];
- "application/x-extension-xht" = [ "firefox.desktop" ];
- "image/png" = [ "imv.desktop" ];
- "image/jpeg" = [ "imv.desktop" ];
- "image/gif" = [ "imv.desktop" ];
- "image/svg" = [ "imv.desktop" ];
- "image/webp" = [ "firefox.desktop" ];
- "image/vnd.adobe.photoshop" = [ "gimp.desktop" ];
- "image/vnd.dxf" = [ "org.inkscape.Inkscape.desktop" ];
- "audio/flac" = [ "mpv.desktop" ];
- "audio/mp3" = [ "mpv.desktop" ];
- "audio/ogg" = [ "mpv.desktop" ];
- "audio/wav" = [ "mpv.desktop" ];
- "video/mp4" = [ "umpv.desktop" ];
- "video/mkv" = [ "umpv.desktop" ];
- "video/flv" = [ "umpv.desktop" ];
- "video/3gp" = [ "umpv.desktop" ];
- "application/pdf" = [ "org.gnome.Evince.desktop" ];
- "application/metalink+xml" = [ "emacsclient.desktop" ];
- "application/sql" = [ "emacsclient.desktop" ];
- "application/vnd.ms-powerpoint" = [ "impress.desktop" ];
- "application/msword" = [ "writer.desktop" ];
- "application/vnd.ms-excel" = [ "calc.desktop" ];
- };
- associations = {
- added = {
- "application/x-zerosize" = [ "emacsclient.desktop" ];
+ enable = true;
+ defaultApplications = {
+ "x-scheme-handler/http" = [ "firefox.desktop" ];
+ "x-scheme-handler/https" = [ "firefox.desktop" ];
+ "x-scheme-handler/chrome" = [ "firefox.desktop" ];
+ "text/plain" = [ "emacsclient.desktop" ];
+ "text/csv" = [ "emacsclient.desktop" ];
+ "text/html" = [ "firefox.desktop" ];
+ "application/x-extension-htm" = [ "firefox.desktop" ];
+ "application/x-extension-html" = [ "firefox.desktop" ];
+ "application/x-extension-shtml" = [ "firefox.desktop" ];
+ "application/xhtml+xml" = [ "firefox.desktop" ];
+ "application/x-extension-xhtml" = [ "firefox.desktop" ];
+ "application/x-extension-xht" = [ "firefox.desktop" ];
+ "image/png" = [ "imv.desktop" ];
+ "image/jpeg" = [ "imv.desktop" ];
+ "image/gif" = [ "imv.desktop" ];
+ "image/svg" = [ "imv.desktop" ];
+ "image/webp" = [ "firefox.desktop" ];
+ "image/vnd.adobe.photoshop" = [ "gimp.desktop" ];
+ "image/vnd.dxf" = [ "org.inkscape.Inkscape.desktop" ];
+ "audio/flac" = [ "mpv.desktop" ];
+ "audio/mp3" = [ "mpv.desktop" ];
+ "audio/ogg" = [ "mpv.desktop" ];
+ "audio/wav" = [ "mpv.desktop" ];
+ "video/mp4" = [ "umpv.desktop" ];
+ "video/mkv" = [ "umpv.desktop" ];
+ "video/flv" = [ "umpv.desktop" ];
+ "video/3gp" = [ "umpv.desktop" ];
+ "application/pdf" = [ "org.gnome.Evince.desktop" ];
+ "application/metalink+xml" = [ "emacsclient.desktop" ];
+ "application/sql" = [ "emacsclient.desktop" ];
+ "application/vnd.ms-powerpoint" = [ "impress.desktop" ];
+ "application/msword" = [ "writer.desktop" ];
+ "application/vnd.ms-excel" = [ "calc.desktop" ];
+ };
+ associations = {
+ added = {
+ "application/x-zerosize" = [ "emacsclient.desktop" ];
+ };
};
};
};
@@ -10515,7 +11056,7 @@ _:
-3.4.1.10. Linking dotfiles (Symlinks home.file)
+3.4.1.11. Linking dotfiles (Symlinks home.file)
This section should be used in order to symlink already existing configuration files using `home.file` and setting session variables using `home.sessionVariables`.
@@ -10531,32 +11072,36 @@ Also in firefox `about:config > toolkit.legacyUserProfileCustomizations.style
-{ self, lib, ... }:
+{ self, lib, config, ... }:
{
- home.file = {
- "init.el" = lib.mkDefault {
- source = self + /programs/emacs/init.el;
- target = ".emacs.d/init.el";
+ options.swarselsystems.modules.symlink = lib.mkEnableOption "symlink settings";
+ config = lib.mkIf config.swarselsystems.modules.symlink {
+ home.file = {
+ "init.el" = lib.mkDefault {
+ source = self + /programs/emacs/init.el;
+ target = ".emacs.d/init.el";
+ };
+ "early-init.el" = {
+ source = self + /programs/emacs/early-init.el;
+ target = ".emacs.d/early-init.el";
+ };
+ # on NixOS, Emacs does not find the aspell dicts easily. Write the configuration manually
+ ".aspell.conf" = {
+ source = self + /programs/config/.aspell.conf;
+ target = ".aspell.conf";
+ };
+ ".gitmessage" = {
+ source = self + /programs/git/.gitmessage;
+ target = ".gitmessage";
+ };
};
- "early-init.el" = {
- source = self + /programs/emacs/early-init.el;
- target = ".emacs.d/early-init.el";
- };
- # on NixOS, Emacs does not find the aspell dicts easily. Write the configuration manually
- ".aspell.conf" = {
- source = self + /programs/config/.aspell.conf;
- target = ".aspell.conf";
- };
- ".gitmessage" = {
- source = self + /programs/git/.gitmessage;
- target = ".gitmessage";
- };
- };
- xdg.configFile = {
- "tridactyl/tridactylrc".source = self + /programs/firefox/tridactyl/tridactylrc;
- "tridactyl/themes/base16-codeschool.css".source = self + /programs/firefox/tridactyl/themes/base16-codeschool.css;
- "swayidle/config".source = self + /programs/swayidle/config;
+ xdg.configFile = {
+ "tridactyl/tridactylrc".source = self + /programs/firefox/tridactyl/tridactylrc;
+ "tridactyl/themes/base16-codeschool.css".source = self + /programs/firefox/tridactyl/themes/base16-codeschool.css;
+ "tridactyl/themes/swarsel.css".source = self + /programs/firefox/tridactyl/themes/swarsel.css;
+ "swayidle/config".source = self + /programs/swayidle/config;
+ };
};
}
@@ -10564,7 +11109,7 @@ Also in firefox `about:config > toolkit.legacyUserProfileCustomizations.style
-3.4.1.11. Sourcing environment variables
+3.4.1.12. Sourcing environment variables
Sets environment variables. Here I am only setting the EDITOR variable, most variables are set in the Sway section.
@@ -10582,19 +11127,22 @@ let
allMailAddresses = lib.swarselsystems.getSecret "${secretsDirectory}/mail/list";
in
{
- home.sessionVariables = {
- EDITOR = "e -w";
- DISPLAY = ":0";
- SWARSEL_LO_RES = config.swarselsystems.lowResolution;
- SWARSEL_HI_RES = config.swarselsystems.highResolution;
- };
- systemd.user.sessionVariables = {
- SWARSEL_LEON_MAIL = leonMail;
- SWARSEL_NAUTILUS_MAIL = nautilusMail;
- SWARSEL_MRSWARSEL_MAIL = mrswarselMail;
- SWARSEL_SWARSEL_MAIL = swarselMail;
- SWARSEL_FULLNAME = fullName;
- SWARSEL_MAIL_ALL = allMailAddresses;
+ options.swarselsystems.modules.env = lib.mkEnableOption "env settings";
+ config = lib.mkIf config.swarselsystems.modules.env {
+ home.sessionVariables = {
+ EDITOR = "e -w";
+ DISPLAY = ":0";
+ SWARSEL_LO_RES = config.swarselsystems.lowResolution;
+ SWARSEL_HI_RES = config.swarselsystems.highResolution;
+ };
+ systemd.user.sessionVariables = {
+ SWARSEL_LEON_MAIL = leonMail;
+ SWARSEL_NAUTILUS_MAIL = nautilusMail;
+ SWARSEL_MRSWARSEL_MAIL = mrswarselMail;
+ SWARSEL_SWARSEL_MAIL = swarselMail;
+ SWARSEL_FULLNAME = fullName;
+ SWARSEL_MAIL_ALL = allMailAddresses;
+ };
};
}
@@ -10602,33 +11150,36 @@ in
-3.4.1.12. General Programs: bottom, imv, sioyek, bat, carapace, wlogout, swayr, yt-dlp, mpv, jq, nix-index, ripgrep, pandoc, fzf
+3.4.1.13. General Programs: bottom, imv, sioyek, bat, carapace, wlogout, swayr, yt-dlp, mpv, jq, nix-index, ripgrep, pandoc, fzf
This section is for programs that require no further configuration. zsh Integration is enabled by default for these.
-{ pkgs, ... }:
+{ lib, config, pkgs, ... }:
{
- programs = {
- bottom.enable = true;
- imv.enable = true;
- sioyek.enable = true;
- bat = {
- enable = true;
- extraPackages = with pkgs.bat-extras; [ batdiff batman batgrep batwatch ];
+ options.swarselsystems.modules.programs = lib.mkEnableOption "programs settings";
+ config = lib.mkIf config.swarselsystems.modules.programs {
+ programs = {
+ bottom.enable = true;
+ imv.enable = true;
+ sioyek.enable = true;
+ bat = {
+ enable = true;
+ extraPackages = with pkgs.bat-extras; [ batdiff batman batgrep batwatch ];
+ };
+ carapace.enable = true;
+ wlogout.enable = true;
+ swayr.enable = true;
+ yt-dlp.enable = true;
+ mpv.enable = true;
+ jq.enable = true;
+ ripgrep.enable = true;
+ pandoc.enable = true;
+ fzf.enable = true;
+ zoxide.enable = true;
};
- carapace.enable = true;
- wlogout.enable = true;
- swayr.enable = true;
- yt-dlp.enable = true;
- mpv.enable = true;
- jq.enable = true;
- ripgrep.enable = true;
- pandoc.enable = true;
- fzf.enable = true;
- zoxide.enable = true;
};
}
@@ -10636,54 +11187,60 @@ This section is for programs that require no further configuration. zsh Integrat
-3.4.1.13. nix-index
+3.4.1.14. nix-index
nix-index provides a way to find out which packages are provided by which derivations. By default it also comes with a replacement for command-not-found.sh, however, the implementation is based on a channel based setup. I like consistency, so I replace the command with one that provides a flakes-based output.
-{ self, pkgs, ... }:
+{ self, lib, config, pkgs, ... }:
{
- programs.nix-index =
- let
- commandNotFound = pkgs.runCommandLocal "command-not-found.sh" { } ''
- mkdir -p $out/etc/profile.d
- substitute ${self + /scripts/command-not-found.sh} \
- $out/etc/profile.d/command-not-found.sh \
- --replace-fail @nix-locate@ ${pkgs.nix-index}/bin/nix-locate \
- --replace-fail @tput@ ${pkgs.ncurses}/bin/tput
- '';
- in
+ options.swarselsystems.modules.nix-index = lib.mkEnableOption "nix-index settings";
+ config = lib.mkIf config.swarselsystems.modules.nix-index {
+ programs.nix-index =
+ let
+ commandNotFound = pkgs.runCommandLocal "command-not-found.sh" { } ''
+ mkdir -p $out/etc/profile.d
+ substitute ${self + /scripts/command-not-found.sh} \
+ $out/etc/profile.d/command-not-found.sh \
+ --replace-fail @nix-locate@ ${pkgs.nix-index}/bin/nix-locate \
+ --replace-fail @tput@ ${pkgs.ncurses}/bin/tput
+ '';
+ in
- {
- enable = true;
- package = pkgs.symlinkJoin {
- name = "nix-index";
- paths = [ commandNotFound ];
+ {
+ enable = true;
+ package = pkgs.symlinkJoin {
+ name = "nix-index";
+ paths = [ commandNotFound ];
+ };
};
- };
+ };
}
-3.4.1.14. password-store
+3.4.1.15. password-store
Enables password store with the pass-otp extension which allows me to store and generate one-time-passwords.
-{ pkgs, ... }:
+{ lib, config, pkgs, ... }:
{
- programs.password-store = {
- enable = true;
- settings = {
- PASSWORD_STORE_DIR = "$HOME/.local/share/password-store";
+ options.swarselsystems.modules.passwordstore = lib.mkEnableOption "passwordstore settings";
+ config = lib.mkIf config.swarselsystems.modules.passwordstore {
+ programs.password-store = {
+ enable = true;
+ settings = {
+ PASSWORD_STORE_DIR = "$HOME/.local/share/password-store";
+ };
+ package = pkgs.pass.withExtensions (exts: [ exts.pass-otp ]);
};
- package = pkgs.pass.withExtensions (exts: [ exts.pass-otp ]);
};
}
@@ -10691,19 +11248,22 @@ Enables password store with the pass-otp extension which allows me
-3.4.1.15. direnv
+3.4.1.16. direnv
Enables direnv, which I use for nearly all of my nix dev flakes.
-_:
+{ lib, config, ... }:
{
- programs.direnv = {
- enable = true;
- silent = true;
- nix-direnv.enable = true;
+ options.swarselsystems.modules.direnv = lib.mkEnableOption "direnv settings";
+ config = lib.mkIf config.swarselsystems.modules.direnv {
+ programs.direnv = {
+ enable = true;
+ silent = true;
+ nix-direnv.enable = true;
+ };
};
}
@@ -10711,23 +11271,26 @@ Enables direnv, which I use for nearly all of my nix dev flakes.
-3.4.1.16. eza
+3.4.1.17. eza
Eza provides me with a better ls command and some other useful aliases.
-_:
+{ lib, config, ... }:
{
- programs.eza = {
- enable = true;
- icons = "auto";
- git = true;
- extraOptions = [
- "-l"
- "--group-directories-first"
- ];
+ options.swarselsystems.modules.eza = lib.mkEnableOption "eza settings";
+ config = lib.mkIf config.swarselsystems.modules.eza {
+ programs.eza = {
+ enable = true;
+ icons = "auto";
+ git = true;
+ extraOptions = [
+ "-l"
+ "--group-directories-first"
+ ];
+ };
};
}
@@ -10735,55 +11298,58 @@ Eza provides me with a better ls command and some other useful alia
-3.4.1.17. git
+3.4.1.18. git
Here I set up my git config, automatic signing of commits, useful aliases for my ost used commands (for when I am not using Magit) as well as a git template defined in Linking dotfiles.
-{ lib, nix-secrets, ... }:
+{ lib, config, nix-secrets, ... }:
let
secretsDirectory = builtins.toString nix-secrets;
leonMail = lib.swarselsystems.getSecret "${secretsDirectory}/mail/leon";
fullName = lib.swarselsystems.getSecret "${secretsDirectory}/info/fullname";
in
{
- programs.git = {
- enable = true;
- aliases = {
- a = "add";
- c = "commit";
- cl = "clone";
- co = "checkout";
- b = "branch";
- i = "init";
- m = "merge";
- s = "status";
- r = "restore";
- p = "pull";
- pp = "push";
- };
- signing = {
- key = "0x76FD3810215AE097";
- signByDefault = true;
- };
- userEmail = lib.mkDefault leonMail;
- userName = fullName;
- difftastic.enable = true;
- lfs.enable = true;
- includes = [
- {
- contents = {
- github = {
- user = "Swarsel";
+ options.swarselsystems.modules.git = lib.mkEnableOption "git settings";
+ config = lib.mkIf config.swarselsystems.modules.git {
+ programs.git = {
+ enable = true;
+ aliases = {
+ a = "add";
+ c = "commit";
+ cl = "clone";
+ co = "checkout";
+ b = "branch";
+ i = "init";
+ m = "merge";
+ s = "status";
+ r = "restore";
+ p = "pull";
+ pp = "push";
+ };
+ signing = {
+ key = "0x76FD3810215AE097";
+ signByDefault = true;
+ };
+ userEmail = lib.mkDefault leonMail;
+ userName = fullName;
+ difftastic.enable = true;
+ lfs.enable = true;
+ includes = [
+ {
+ contents = {
+ github = {
+ user = "Swarsel";
+ };
+ commit = {
+ template = "~/.gitmessage";
+ };
};
- commit = {
- template = "~/.gitmessage";
- };
- };
- }
- ];
+ }
+ ];
+ };
};
}
@@ -10791,24 +11357,27 @@ in
-3.4.1.18. Fuzzel
+3.4.1.19. Fuzzel
Here I only need to set basic layout options - the rest is being managed by stylix.
-_:
+{ lib, config, ... }:
{
- programs.fuzzel = {
- enable = true;
- settings = {
- main = {
- layer = "overlay";
- lines = "10";
- width = "40";
+ options.swarselsystems.modules.fuzzel = lib.mkEnableOption "fuzzel settings";
+ config = lib.mkIf config.swarselsystems.modules.fuzzel {
+ programs.fuzzel = {
+ enable = true;
+ settings = {
+ main = {
+ layer = "overlay";
+ lines = "10";
+ width = "40";
+ };
+ border.radius = "0";
};
- border.radius = "0";
};
};
}
@@ -10817,131 +11386,134 @@ Here I only need to set basic layout options - the rest is being managed by styl
-3.4.1.19. Starship
+3.4.1.20. Starship
Starship makes my zsh look cooler! I have symbols for most programming languages and toolchains, also I build my own powerline.
-_:
+{ lib, config, ... }:
{
- programs.starship = {
- enable = true;
- enableZshIntegration = true;
- settings = {
- add_newline = false;
- format = "$shlvl$character";
- right_format = "$all";
- command_timeout = 3000;
+ options.swarselsystems.modules.starship = lib.mkEnableOption "starship settings";
+ config = lib.mkIf config.swarselsystems.modules.starship {
+ programs.starship = {
+ enable = true;
+ enableZshIntegration = true;
+ settings = {
+ add_newline = false;
+ format = "$shlvl$character";
+ right_format = "$all";
+ command_timeout = 3000;
- directory.substitutions = {
- "Documents" = " ";
- "Downloads" = " ";
- "Music" = " ";
- "Pictures" = " ";
+ directory.substitutions = {
+ "Documents" = " ";
+ "Downloads" = " ";
+ "Music" = " ";
+ "Pictures" = " ";
+ };
+
+ git_status = {
+ style = "bg:#394260";
+ format = "[[($all_status$ahead_behind)](fg:#769ff0 bg:#394260)]($style) ";
+ };
+
+ character = {
+ success_symbol = "[λ](bold green)";
+ error_symbol = "[λ](bold red)";
+ };
+
+ shlvl = {
+ disabled = false;
+ symbol = "↳";
+ format = "[$symbol]($style) ";
+ repeat = true;
+ repeat_offset = 1;
+ style = "blue";
+ };
+
+ nix_shell = {
+ disabled = false;
+ heuristic = true;
+ format = "[$symbol$name]($style)";
+ symbol = " ";
+ };
+
+ aws.symbol = " ";
+ buf.symbol = " ";
+ c.symbol = " ";
+ conda.symbol = " ";
+ dart.symbol = " ";
+ directory.read_only = " ";
+ docker_context.symbol = " ";
+ elixir.symbol = " ";
+ elm.symbol = " ";
+ fossil_branch.symbol = " ";
+ git_branch.symbol = " ";
+ golang.symbol = " ";
+ guix_shell.symbol = " ";
+ haskell.symbol = " ";
+ haxe.symbol = " ";
+ hg_branch.symbol = " ";
+ hostname.ssh_symbol = " ";
+ java.symbol = " ";
+ julia.symbol = " ";
+ lua.symbol = " ";
+ memory_usage.symbol = " ";
+ meson.symbol = " ";
+ nim.symbol = " ";
+ nodejs.symbol = " ";
+
+ os.symbols = {
+ Alpaquita = " ";
+ Alpine = " ";
+ Amazon = " ";
+ Android = " ";
+ Arch = " ";
+ Artix = " ";
+ CentOS = " ";
+ Debian = " ";
+ DragonFly = " ";
+ Emscripten = " ";
+ EndeavourOS = " ";
+ Fedora = " ";
+ FreeBSD = " ";
+ Garuda = " ";
+ Gentoo = " ";
+ HardenedBSD = " ";
+ Illumos = " ";
+ Linux = " ";
+ Mabox = " ";
+ Macos = " ";
+ Manjaro = " ";
+ Mariner = " ";
+ MidnightBSD = " ";
+ Mint = " ";
+ NetBSD = " ";
+ NixOS = " ";
+ OpenBSD = " ";
+ openSUSE = " ";
+ OracleLinux = " ";
+ Pop = " ";
+ Raspbian = " ";
+ Redhat = " ";
+ RedHatEnterprise = " ";
+ Redox = " ";
+ Solus = " ";
+ SUSE = " ";
+ Ubuntu = " ";
+ Unknown = " ";
+ Windows = " ";
+ };
+
+ package.symbol = " ";
+ pijul_channel.symbol = " ";
+ python.symbol = " ";
+ rlang.symbol = " ";
+ ruby.symbol = " ";
+ rust.symbol = " ";
+ scala.symbol = " ";
};
-
- git_status = {
- style = "bg:#394260";
- format = "[[($all_status$ahead_behind)](fg:#769ff0 bg:#394260)]($style) ";
- };
-
- character = {
- success_symbol = "[λ](bold green)";
- error_symbol = "[λ](bold red)";
- };
-
- shlvl = {
- disabled = false;
- symbol = "↳";
- format = "[$symbol]($style) ";
- repeat = true;
- repeat_offset = 1;
- style = "blue";
- };
-
- nix_shell = {
- disabled = false;
- heuristic = true;
- format = "[$symbol$name]($style)";
- symbol = " ";
- };
-
- aws.symbol = " ";
- buf.symbol = " ";
- c.symbol = " ";
- conda.symbol = " ";
- dart.symbol = " ";
- directory.read_only = " ";
- docker_context.symbol = " ";
- elixir.symbol = " ";
- elm.symbol = " ";
- fossil_branch.symbol = " ";
- git_branch.symbol = " ";
- golang.symbol = " ";
- guix_shell.symbol = " ";
- haskell.symbol = " ";
- haxe.symbol = " ";
- hg_branch.symbol = " ";
- hostname.ssh_symbol = " ";
- java.symbol = " ";
- julia.symbol = " ";
- lua.symbol = " ";
- memory_usage.symbol = " ";
- meson.symbol = " ";
- nim.symbol = " ";
- nodejs.symbol = " ";
-
- os.symbols = {
- Alpaquita = " ";
- Alpine = " ";
- Amazon = " ";
- Android = " ";
- Arch = " ";
- Artix = " ";
- CentOS = " ";
- Debian = " ";
- DragonFly = " ";
- Emscripten = " ";
- EndeavourOS = " ";
- Fedora = " ";
- FreeBSD = " ";
- Garuda = " ";
- Gentoo = " ";
- HardenedBSD = " ";
- Illumos = " ";
- Linux = " ";
- Mabox = " ";
- Macos = " ";
- Manjaro = " ";
- Mariner = " ";
- MidnightBSD = " ";
- Mint = " ";
- NetBSD = " ";
- NixOS = " ";
- OpenBSD = " ";
- openSUSE = " ";
- OracleLinux = " ";
- Pop = " ";
- Raspbian = " ";
- Redhat = " ";
- RedHatEnterprise = " ";
- Redox = " ";
- Solus = " ";
- SUSE = " ";
- Ubuntu = " ";
- Unknown = " ";
- Windows = " ";
- };
-
- package.symbol = " ";
- pijul_channel.symbol = " ";
- python.symbol = " ";
- rlang.symbol = " ";
- ruby.symbol = " ";
- rust.symbol = " ";
- scala.symbol = " ";
};
};
}
@@ -10950,7 +11522,7 @@ Starship makes my zsh look cooler! I have symbols for most programm
-3.4.1.20. Kitty
+3.4.1.21. Kitty
Kitty is the terminal emulator of choice for me, it is nice to configure using nix, fast, and has a nice style.
@@ -10961,15 +11533,18 @@ The theme is handled by stylix.
-_:
+{ lib, config, ... }:
{
- programs.kitty = {
- enable = true;
- keybindings = { };
- settings = {
- scrollback_lines = 10000;
- enable_audio_bell = false;
- notify_on_cmd_finish = "always 20";
+ options.swarselsystems.modules.kitty = lib.mkEnableOption "kitty settings";
+ config = lib.mkIf config.swarselsystems.modules.kitty {
+ programs.kitty = {
+ enable = true;
+ keybindings = { };
+ settings = {
+ scrollback_lines = 10000;
+ enable_audio_bell = false;
+ notify_on_cmd_finish = "always 20";
+ };
};
};
}
@@ -10978,7 +11553,7 @@ The theme is handled by stylix.
-3.4.1.21. zsh
+3.4.1.22. zsh
zsh is the most convenient shell for me and it happens to be super neat to configure within home manager.
@@ -10986,6 +11561,7 @@ zsh is the most convenient shell for me and it happens to be super neat to confi
Here we set some aliases (some of them should be shellApplications instead) as well as some zsh plugins like fzf-tab.
+Concerning the shell extensions, zle <widget-name> will run an existing widget and zle -N <function_name> will make a function available for use. The my- functions all remove . / and : from the WORDCHARS so that functions will stop there. The keycodes can be found using showkeys -a
@@ -10994,103 +11570,117 @@ let
inherit (config.swarselsystems) flakePath;
in
{
- programs.zsh = {
- enable = true;
- shellAliases = lib.recursiveUpdate
- {
- hg = "history | grep";
- hmswitch = "home-manager --flake ${flakePath}#$(whoami)@$(hostname) switch |& nom";
- nswitch = "sudo nixos-rebuild --flake ${flakePath}#$(hostname) --show-trace --log-format internal-json -v switch |& nom --json";
- nboot = "sudo nixos-rebuild --flake ${flakePath}#$(hostname) --show-trace --log-format internal-json -v boot |& nom --json";
- magit = "emacsclient -nc -e \"(magit-status)\"";
- config = "git --git-dir=$HOME/.cfg/ --work-tree=$HOME";
- g = "git";
- c = "git --git-dir=$FLAKE/.git --work-tree=$FLAKE/";
- passpush = "cd ~/.local/share/password-store; git add .; git commit -m 'pass file changes'; git push; cd -;";
- passpull = "cd ~/.local/share/password-store; git pull; cd -;";
- hotspot = "nmcli connection up local; nmcli device wifi hotspot;";
- cd = "z";
- youtube-dl = "yt-dlp";
- cd-orig = "cd";
- cat-orig = "cat";
- cdr = "cd \"$( (find $DOCUMENT_DIR_WORK $DOCUMENT_DIR_PRIV -maxdepth 1 && echo $FLAKE) | fzf )\"";
- nix-ldd-ldd = "LD_LIBRARY_PATH=$NIX_LD_LIBRARY_PATH ldd";
- nix-ldd = "LD_LIBRARY_PATH=$NIX_LD_LIBRARY_PATH ldd";
- nix-ldd-locate = "nix-locate --minimal --top-level -w ";
- nix-store-search = "ls /nix/store | grep";
- fs-diff = "sudo mount -o subvol=/ /dev/mapper/cryptroot /mnt ; fs-diff";
- lt = "eza -las modified --total-size";
- boot-diff = "nix store diff-closures /run/*-system";
- gen-diff = "nix profile diff-closures --profile /nix/var/nix/profiles/system";
- cc = "wl-copy";
- }
- config.swarselsystems.shellAliases;
- autosuggestion.enable = true;
- enableCompletion = true;
- syntaxHighlighting.enable = true;
- autocd = false;
- cdpath = [
- "~/.dotfiles"
- # "~/Documents/GitHub"
- ];
- defaultKeymap = "emacs";
- dirHashes = {
- dl = "$HOME/Downloads";
- gh = "$HOME/Documents/GitHub";
+ options.swarselsystems = {
+ modules.zsh = lib.mkEnableOption "zsh settings";
+ shellAliases = lib.mkOption {
+ type = lib.types.attrsOf lib.types.str;
+ default = { };
};
- history = {
- expireDuplicatesFirst = true;
- path = "$HOME/.histfile";
- save = 10000;
- size = 10000;
- };
- historySubstringSearch = {
+ };
+ config = lib.mkIf config.swarselsystems.modules.zsh {
+ programs.zsh = {
enable = true;
- searchDownKey = "^[OB";
- searchUpKey = "^[OA";
- };
- plugins = [
- {
- name = "fzf-tab";
- src = pkgs.zsh-fzf-tab;
- }
- ];
- initExtra = ''
- bindkey "^[[1;5D" backward-word
- bindkey "^[[1;5C" forward-word
-
- my-backward-delete-word() {
- # Copy the global WORDCHARS variable to a local variable. That way any
- # modifications are scoped to this function only
+ shellAliases = lib.recursiveUpdate
+ {
+ hg = "history | grep";
+ hmswitch = "home-manager --flake ${flakePath}#$(whoami)@$(hostname) switch |& nom";
+ nswitch = "sudo nixos-rebuild --flake ${flakePath}#$(hostname) --show-trace --log-format internal-json -v switch |& nom --json";
+ nboot = "sudo nixos-rebuild --flake ${flakePath}#$(hostname) --show-trace --log-format internal-json -v boot |& nom --json";
+ magit = "emacsclient -nc -e \"(magit-status)\"";
+ config = "git --git-dir=$HOME/.cfg/ --work-tree=$HOME";
+ g = "git";
+ c = "git --git-dir=$FLAKE/.git --work-tree=$FLAKE/";
+ passpush = "cd ~/.local/share/password-store; git add .; git commit -m 'pass file changes'; git push; cd -;";
+ passpull = "cd ~/.local/share/password-store; git pull; cd -;";
+ hotspot = "nmcli connection up local; nmcli device wifi hotspot;";
+ cd = "z";
+ youtube-dl = "yt-dlp";
+ cd-orig = "cd";
+ cat-orig = "cat";
+ cdr = "cd \"$( (find $DOCUMENT_DIR_WORK $DOCUMENT_DIR_PRIV -maxdepth 1 && echo $FLAKE) | fzf )\"";
+ nix-ldd-ldd = "LD_LIBRARY_PATH=$NIX_LD_LIBRARY_PATH ldd";
+ nix-ldd = "LD_LIBRARY_PATH=$NIX_LD_LIBRARY_PATH ldd";
+ nix-ldd-locate = "nix-locate --minimal --top-level -w ";
+ nix-store-search = "ls /nix/store | grep";
+ fs-diff = "sudo mount -o subvol=/ /dev/mapper/cryptroot /mnt ; fs-diff";
+ lt = "eza -las modified --total-size";
+ boot-diff = "nix store diff-closures /run/*-system";
+ gen-diff = "nix profile diff-closures --profile /nix/var/nix/profiles/system";
+ cc = "wl-copy";
+ }
+ config.swarselsystems.shellAliases;
+ autosuggestion.enable = true;
+ enableCompletion = true;
+ syntaxHighlighting.enable = true;
+ autocd = false;
+ cdpath = [
+ "~/.dotfiles"
+ # "~/Documents/GitHub"
+ ];
+ defaultKeymap = "emacs";
+ dirHashes = {
+ dl = "$HOME/Downloads";
+ gh = "$HOME/Documents/GitHub";
+ };
+ history = {
+ expireDuplicatesFirst = true;
+ path = "$HOME/.histfile";
+ save = 100000;
+ size = 100000;
+ };
+ historySubstringSearch = {
+ enable = true;
+ searchDownKey = "^[OB";
+ searchUpKey = "^[OA";
+ };
+ plugins = [
+ {
+ name = "fzf-tab";
+ src = pkgs.zsh-fzf-tab;
+ }
+ ];
+ initExtra = ''
+ my-forward-word() {
local WORDCHARS=$WORDCHARS
- # Use bash string manipulation to remove `:` so our delete will stop at it
WORDCHARS="''${WORDCHARS//:}"
- # Use bash string manipulation to remove `/` so our delete will stop at it
WORDCHARS="''${WORDCHARS//\/}"
- # Use bash string manipulation to remove `.` so our delete will stop at it
WORDCHARS="''${WORDCHARS//.}"
- # zle <widget-name> will run an existing widget.
- zle backward-delete-word
- }
- zle -N my-backward-delete-word
- bindkey '^H' my-backward-delete-word
+ zle forward-word
+ }
+ zle -N my-forward-word
+ # ctrl + right
+ bindkey "^[[1;5C" my-forward-word
- # This will be our `ctrl+alt+w` command
- my-backward-delete-whole-word() {
- # Copy the global WORDCHARS variable to a local variable. That way any
- # modifications are scoped to this function only
+ # shift + right
+ bindkey "^[[1;2C" forward-word
+
+ my-backward-word() {
local WORDCHARS=$WORDCHARS
- # Use bash string manipulation to add `:` to WORDCHARS if it's not present
- # already.
- [[ ! $WORDCHARS == *":"* ]] && WORDCHARS="$WORDCHARS"":"
- # zle <widget-name> will run that widget.
+ WORDCHARS="''${WORDCHARS//:}"
+ WORDCHARS="''${WORDCHARS//\/}"
+ WORDCHARS="''${WORDCHARS//.}"
+ zle backward-word
+ }
+ zle -N my-backward-word
+ # ctrl + left
+ bindkey "^[[1;5D" my-backward-word
+
+ # shift + left
+ bindkey "^[[1;2D" backward-word
+
+ my-backward-delete-word() {
+ local WORDCHARS=$WORDCHARS
+ WORDCHARS="''${WORDCHARS//:}"
+ WORDCHARS="''${WORDCHARS//\/}"
+ WORDCHARS="''${WORDCHARS//.}"
zle backward-delete-word
- }
- # `zle -N` will create a new widget that we can use on the command line
- zle -N my-backward-delete-whole-word
- # bind this new widget to `ctrl+alt+w`
- bindkey '^W' my-backward-delete-whole-word
- '';
+ }
+ zle -N my-backward-delete-word
+ # ctrl + del
+ bindkey '^H' my-backward-delete-word
+
+ '';
+ };
};
}
@@ -11098,24 +11688,26 @@ in
-3.4.1.22. zellij
+3.4.1.23. zellij
-{ self, config, pkgs, ... }:
+{ self, lib, config, pkgs, ... }:
{
+ options.swarselsystems.modules.zellij = lib.mkEnableOption "zellij settings";
+ config = lib.mkIf config.swarselsystems.modules.zellij {
+ programs.zellij = {
+ enable = true;
+ enableZshIntegration = true;
+ };
- programs.zellij = {
- enable = true;
- enableZshIntegration = true;
- };
+ home.packages = with pkgs; [
+ zjstatus
+ ];
- home.packages = with pkgs; [
- zjstatus
- ];
-
- xdg.configFile = {
- "zellij/config.kdl".text = import "${self}/programs/zellij/config.kdl.nix" { inherit config; };
- "zellij/layouts/default.kdl".text = import "${self}/programs/zellij/layouts/default.kdl.nix" { inherit config pkgs; };
+ xdg.configFile = {
+ "zellij/config.kdl".text = import "${self}/programs/zellij/config.kdl.nix" { inherit config; };
+ "zellij/layouts/default.kdl".text = import "${self}/programs/zellij/layouts/default.kdl.nix" { inherit config pkgs; };
+ };
};
}
@@ -11124,11 +11716,10 @@ in
-3.4.1.23. tmux
+3.4.1.24. tmux
-
-{ pkgs, ... }:
+{ lib, config, pkgs, ... }:
let
tmux-super-fingers = pkgs.tmuxPlugins.mkTmuxPlugin
{
@@ -11143,86 +11734,88 @@ let
};
in
{
+ options.swarselsystems.modules.tmux = lib.mkEnableOption "tmux settings";
+ config = lib.mkIf config.swarselsystems.modules.tmux {
+ home.packages = with pkgs; [
+ lsof
+ sesh
+ ];
- home.packages = with pkgs; [
- lsof
- sesh
- ];
+ programs.tmux = {
+ enable = true;
+ shell = "${pkgs.zsh}/bin/zsh";
+ terminal = "tmux-256color";
+ historyLimit = 100000;
+ plugins = with pkgs;
+ [
+ tmuxPlugins.tmux-thumbs
+ {
+ plugin = tmux-super-fingers;
+ extraConfig = "set -g @super-fingers-key f";
+ }
- programs.tmux = {
- enable = true;
- shell = "${pkgs.zsh}/bin/zsh";
- terminal = "tmux-256color";
- historyLimit = 100000;
- plugins = with pkgs;
- [
- tmuxPlugins.tmux-thumbs
- {
- plugin = tmux-super-fingers;
- extraConfig = "set -g @super-fingers-key f";
- }
+ tmuxPlugins.sensible
+ # must be before continuum edits right status bar
+ {
+ plugin = tmuxPlugins.catppuccin;
+ extraConfig = ''
+ set -g @catppuccin_flavour 'frappe'
+ set -g @catppuccin_window_tabs_enabled on
+ set -g @catppuccin_date_time "%H:%M"
+ '';
+ }
+ {
+ plugin = tmuxPlugins.resurrect;
+ extraConfig = ''
+ set -g @resurrect-strategy-vim 'session'
+ set -g @resurrect-strategy-nvim 'session'
+ set -g @resurrect-capture-pane-contents 'on'
+ '';
+ }
+ {
+ plugin = tmuxPlugins.continuum;
+ extraConfig = ''
+ set -g @continuum-restore 'on'
+ set -g @continuum-boot 'on'
+ set -g @continuum-save-interval '10'
+ '';
+ }
+ tmuxPlugins.better-mouse-mode
+ tmuxPlugins.yank
+ ];
+ extraConfig = ''
+ set -g default-terminal "tmux-256color"
+ set -ag terminal-overrides ",xterm-256color:RGB"
- tmuxPlugins.sensible
- # must be before continuum edits right status bar
- {
- plugin = tmuxPlugins.catppuccin;
- extraConfig = ''
- set -g @catppuccin_flavour 'frappe'
- set -g @catppuccin_window_tabs_enabled on
- set -g @catppuccin_date_time "%H:%M"
- '';
- }
- {
- plugin = tmuxPlugins.resurrect;
- extraConfig = ''
- set -g @resurrect-strategy-vim 'session'
- set -g @resurrect-strategy-nvim 'session'
- set -g @resurrect-capture-pane-contents 'on'
- '';
- }
- {
- plugin = tmuxPlugins.continuum;
- extraConfig = ''
- set -g @continuum-restore 'on'
- set -g @continuum-boot 'on'
- set -g @continuum-save-interval '10'
- '';
- }
- tmuxPlugins.better-mouse-mode
- tmuxPlugins.yank
- ];
- extraConfig = ''
- set -g default-terminal "tmux-256color"
- set -ag terminal-overrides ",xterm-256color:RGB"
+ set-option -g prefix C-a
+ unbind-key C-b
+ bind-key C-a send-prefix
- set-option -g prefix C-a
- unbind-key C-b
- bind-key C-a send-prefix
+ set -g mouse on
- set -g mouse on
+ # Open new split at cwd of current split
+ bind | split-window -h -c "#{pane_current_path}"
+ bind - split-window -v -c "#{pane_current_path}"
- # Open new split at cwd of current split
- bind | split-window -h -c "#{pane_current_path}"
- bind - split-window -v -c "#{pane_current_path}"
+ # Use vim keybindings in copy mode
+ set-window-option -g mode-keys vi
- # Use vim keybindings in copy mode
- set-window-option -g mode-keys vi
+ # v in copy mode starts making selection
+ bind-key -T copy-mode-vi v send-keys -X begin-selection
+ bind-key -T copy-mode-vi C-v send-keys -X rectangle-toggle
+ bind-key -T copy-mode-vi y send-keys -X copy-selection-and-cancel
- # v in copy mode starts making selection
- bind-key -T copy-mode-vi v send-keys -X begin-selection
- bind-key -T copy-mode-vi C-v send-keys -X rectangle-toggle
- bind-key -T copy-mode-vi y send-keys -X copy-selection-and-cancel
+ # Escape turns on copy mode
+ bind Escape copy-mode
- # Escape turns on copy mode
- bind Escape copy-mode
+ set-option -g status-position top
- set-option -g status-position top
+ # make Prefix p paste the buffer.
+ unbind p
+ bind p paste-buffer
- # make Prefix p paste the buffer.
- unbind p
- bind p paste-buffer
-
- '';
+ '';
+ };
};
}
@@ -11232,7 +11825,7 @@ in
-3.4.1.24. Mail
+3.4.1.25. Mail
Normally I use 4 mail accounts - here I set them all up. Three of them are Google accounts (sadly), which are a chore to setup. The last is just a sender account that I setup SMTP for here.
@@ -11249,137 +11842,140 @@ let
fullName = lib.swarselsystems.getSecret "${secretsDirectory}/info/fullname";
in
{
- programs = {
- mbsync = {
- enable = true;
+ options.swarselsystems.modules.mail = lib.mkEnableOption "mail settings";
+ config = lib.mkIf config.swarselsystems.modules.mail {
+ programs = {
+ mbsync = {
+ enable = true;
+ };
+ msmtp = {
+ enable = true;
+ };
+ mu = {
+ enable = true;
+ };
};
- msmtp = {
- enable = true;
- };
- mu = {
- enable = true;
- };
- };
- services.mbsync = {
- enable = true;
- };
- # this is needed so that mbsync can use the passwords from sops
- systemd.user.services.mbsync.Unit.After = [ "sops-nix.service" ];
+ services.mbsync = {
+ enable = true;
+ };
+ # this is needed so that mbsync can use the passwords from sops
+ systemd.user.services.mbsync.Unit.After = [ "sops-nix.service" ];
- accounts = lib.mkIf (!config.swarselsystems.isPublic) {
- email = {
- maildirBasePath = "Mail";
- accounts = {
- leon = {
- primary = true;
- address = leonMail;
- userName = leonMail;
- realName = fullName;
- passwordCommand = "cat ${config.sops.secrets.leon.path}";
- gpg = {
- key = "0x76FD3810215AE097";
- signByDefault = true;
- };
- imap.host = "imap.gmail.com";
- smtp.host = "smtp.gmail.com";
- mu.enable = true;
- msmtp = {
- enable = true;
- };
- mbsync = {
- enable = true;
- create = "maildir";
- expunge = "both";
- patterns = [ "*" "![Gmail]*" "[Gmail]/Sent Mail" "[Gmail]/Starred" "[Gmail]/All Mail" ];
- extraConfig = {
- channel = {
- Sync = "All";
- };
- account = {
- Timeout = 120;
- PipelineDepth = 1;
- };
+ accounts = lib.mkIf (!config.swarselsystems.isPublic) {
+ email = {
+ maildirBasePath = "Mail";
+ accounts = {
+ leon = {
+ primary = true;
+ address = leonMail;
+ userName = leonMail;
+ realName = fullName;
+ passwordCommand = "cat ${config.sops.secrets.leon.path}";
+ gpg = {
+ key = "0x76FD3810215AE097";
+ signByDefault = true;
};
- };
- };
-
- swarsel = {
- address = swarselMail;
- userName = "8227dc594dd515ce232eda1471cb9a19";
- realName = fullName;
- passwordCommand = "cat ${config.sops.secrets.swarselmail.path}";
- smtp = {
- host = "in-v3.mailjet.com";
- port = 587;
- tls = {
+ imap.host = "imap.gmail.com";
+ smtp.host = "smtp.gmail.com";
+ mu.enable = true;
+ msmtp = {
enable = true;
- useStartTls = true;
};
- };
- mu.enable = false;
- msmtp = {
- enable = true;
- };
- mbsync = {
- enable = false;
- };
- };
-
- nautilus = {
- primary = false;
- address = nautilusMail;
- userName = nautilusMail;
- realName = "Nautilus";
- passwordCommand = "cat ${config.sops.secrets.nautilus.path}";
- imap.host = "imap.gmail.com";
- smtp.host = "smtp.gmail.com";
- msmtp.enable = true;
- mu.enable = true;
- mbsync = {
- enable = true;
- create = "maildir";
- expunge = "both";
- patterns = [ "*" "![Gmail]*" "[Gmail]/Sent Mail" "[Gmail]/Starred" "[Gmail]/All Mail" ];
- extraConfig = {
- channel = {
- Sync = "All";
- };
- account = {
- Timeout = 120;
- PipelineDepth = 1;
+ mbsync = {
+ enable = true;
+ create = "maildir";
+ expunge = "both";
+ patterns = [ "*" "![Gmail]*" "[Gmail]/Sent Mail" "[Gmail]/Starred" "[Gmail]/All Mail" ];
+ extraConfig = {
+ channel = {
+ Sync = "All";
+ };
+ account = {
+ Timeout = 120;
+ PipelineDepth = 1;
+ };
};
};
};
- };
- mrswarsel = {
- primary = false;
- address = mrswarselMail;
- userName = mrswarselMail;
- realName = "Swarsel";
- passwordCommand = "cat ${config.sops.secrets.mrswarsel.path}";
- imap.host = "imap.gmail.com";
- smtp.host = "smtp.gmail.com";
- msmtp.enable = true;
- mu.enable = true;
- mbsync = {
- enable = true;
- create = "maildir";
- expunge = "both";
- patterns = [ "*" "![Gmail]*" "[Gmail]/Sent Mail" "[Gmail]/Starred" "[Gmail]/All Mail" ];
- extraConfig = {
- channel = {
- Sync = "All";
+ swarsel = {
+ address = swarselMail;
+ userName = "8227dc594dd515ce232eda1471cb9a19";
+ realName = fullName;
+ passwordCommand = "cat ${config.sops.secrets.swarselmail.path}";
+ smtp = {
+ host = "in-v3.mailjet.com";
+ port = 587;
+ tls = {
+ enable = true;
+ useStartTls = true;
};
- account = {
- Timeout = 120;
- PipelineDepth = 1;
+ };
+ mu.enable = false;
+ msmtp = {
+ enable = true;
+ };
+ mbsync = {
+ enable = false;
+ };
+ };
+
+ nautilus = {
+ primary = false;
+ address = nautilusMail;
+ userName = nautilusMail;
+ realName = "Nautilus";
+ passwordCommand = "cat ${config.sops.secrets.nautilus.path}";
+ imap.host = "imap.gmail.com";
+ smtp.host = "smtp.gmail.com";
+ msmtp.enable = true;
+ mu.enable = true;
+ mbsync = {
+ enable = true;
+ create = "maildir";
+ expunge = "both";
+ patterns = [ "*" "![Gmail]*" "[Gmail]/Sent Mail" "[Gmail]/Starred" "[Gmail]/All Mail" ];
+ extraConfig = {
+ channel = {
+ Sync = "All";
+ };
+ account = {
+ Timeout = 120;
+ PipelineDepth = 1;
+ };
};
};
};
- };
+ mrswarsel = {
+ primary = false;
+ address = mrswarselMail;
+ userName = mrswarselMail;
+ realName = "Swarsel";
+ passwordCommand = "cat ${config.sops.secrets.mrswarsel.path}";
+ imap.host = "imap.gmail.com";
+ smtp.host = "smtp.gmail.com";
+ msmtp.enable = true;
+ mu.enable = true;
+ mbsync = {
+ enable = true;
+ create = "maildir";
+ expunge = "both";
+ patterns = [ "*" "![Gmail]*" "[Gmail]/Sent Mail" "[Gmail]/Starred" "[Gmail]/All Mail" ];
+ extraConfig = {
+ channel = {
+ Sync = "All";
+ };
+ account = {
+ Timeout = 120;
+ PipelineDepth = 1;
+ };
+ };
+ };
+ };
+
+ };
};
};
};
@@ -11389,7 +11985,7 @@ in
-3.4.1.25. Home-manager: Emacs
+3.4.1.26. Home-manager: Emacs
By using the emacs-overlay NixOS module, I can install all Emacs packages that I want to use right through NixOS. This is done by passing my init.el file to the configuration which will then be parsed upon system rebuild, looking for use-package sections in the Elisp code. Also I define here the style of Emacs that I want to run - I am going with native Wayland Emacs here (emacs-pgtk). All of the nice options such as tree-sitter support are enabled by default, so I do not need to adjust the build process.
@@ -11405,76 +12001,78 @@ let
inherit (config.swarselsystems) homeDir isPublic;
in
{
+ options.swarselsystems.modules.emacs = lib.mkEnableOption "emacs settings";
+ config = lib.mkIf config.swarselsystems.modules.emacs {
+ # needed for elfeed
+ sops.secrets.fever = lib.mkIf (!isPublic) { path = "${homeDir}/.emacs.d/.fever"; };
- # needed for elfeed
- sops.secrets.fever = lib.mkIf (!isPublic) { path = "${homeDir}/.emacs.d/.fever"; };
+ # enable emacs overlay for bleeding edge features
+ # also read init.el file and install use-package packages
+ programs.emacs = {
+ enable = true;
+ package = pkgs.emacsWithPackagesFromUsePackage {
+ config = self + /programs/emacs/init.el;
+ package = pkgs.emacs-git-pgtk;
+ alwaysEnsure = true;
+ alwaysTangle = true;
+ extraEmacsPackages = epkgs: [
+ epkgs.mu4e
+ epkgs.use-package
+ epkgs.lsp-bridge
+ epkgs.doom-themes
+ epkgs.vterm
+ epkgs.treesit-grammars.with-all-grammars
- # enable emacs overlay for bleeding edge features
- # also read init.el file and install use-package packages
- programs.emacs = {
- enable = true;
- package = pkgs.emacsWithPackagesFromUsePackage {
- config = self + /programs/emacs/init.el;
- package = pkgs.emacs-git-pgtk;
- alwaysEnsure = true;
- alwaysTangle = true;
- extraEmacsPackages = epkgs: [
- epkgs.mu4e
- epkgs.use-package
- epkgs.lsp-bridge
- epkgs.doom-themes
- epkgs.vterm
- epkgs.treesit-grammars.with-all-grammars
+ # build the rest of the packages myself
+ # org-calfw is severely outdated on MELPA and throws many warnings on emacs startup
+ # build the package from the haji-ali fork, which is well-maintained
- # build the rest of the packages myself
- # org-calfw is severely outdated on MELPA and throws many warnings on emacs startup
- # build the package from the haji-ali fork, which is well-maintained
+ (epkgs.trivialBuild rec {
+ pname = "eglot-booster";
+ version = "main-29-10-2024";
- (epkgs.trivialBuild rec {
- pname = "eglot-booster";
- version = "main-29-10-2024";
+ src = pkgs.fetchFromGitHub {
+ owner = "jdtsmith";
+ repo = "eglot-booster";
+ rev = "e6daa6bcaf4aceee29c8a5a949b43eb1b89900ed";
+ hash = "sha256-PLfaXELkdX5NZcSmR1s/kgmU16ODF8bn56nfTh9g6bs=";
+ };
- src = pkgs.fetchFromGitHub {
- owner = "jdtsmith";
- repo = "eglot-booster";
- rev = "e6daa6bcaf4aceee29c8a5a949b43eb1b89900ed";
- hash = "sha256-PLfaXELkdX5NZcSmR1s/kgmU16ODF8bn56nfTh9g6bs=";
- };
+ packageRequires = [ epkgs.jsonrpc epkgs.eglot ];
+ })
+ (epkgs.trivialBuild rec {
+ pname = "calfw";
+ version = "1.0.0-20231002";
+ src = pkgs.fetchFromGitHub {
+ owner = "haji-ali";
+ repo = "emacs-calfw";
+ rev = "bc99afee611690f85f0cd0bd33300f3385ddd3d3";
+ hash = "sha256-0xMII1KJhTBgQ57tXJks0ZFYMXIanrOl9XyqVmu7a7Y=";
+ };
+ packageRequires = [ epkgs.howm ];
+ })
- packageRequires = [ epkgs.jsonrpc epkgs.eglot ];
- })
- (epkgs.trivialBuild rec {
- pname = "calfw";
- version = "1.0.0-20231002";
- src = pkgs.fetchFromGitHub {
- owner = "haji-ali";
- repo = "emacs-calfw";
- rev = "bc99afee611690f85f0cd0bd33300f3385ddd3d3";
- hash = "sha256-0xMII1KJhTBgQ57tXJks0ZFYMXIanrOl9XyqVmu7a7Y=";
- };
- packageRequires = [ epkgs.howm ];
- })
+ (epkgs.trivialBuild rec {
+ pname = "fast-scroll";
+ version = "1.0.0-20191016";
+ src = pkgs.fetchFromGitHub {
+ owner = "ahungry";
+ repo = "fast-scroll";
+ rev = "3f6ca0d5556fe9795b74714304564f2295dcfa24";
+ hash = "sha256-w1wmJW7YwXyjvXJOWdN2+k+QmhXr4IflES/c2bCX3CI=";
+ };
+ packageRequires = [ ];
+ })
- (epkgs.trivialBuild rec {
- pname = "fast-scroll";
- version = "1.0.0-20191016";
- src = pkgs.fetchFromGitHub {
- owner = "ahungry";
- repo = "fast-scroll";
- rev = "3f6ca0d5556fe9795b74714304564f2295dcfa24";
- hash = "sha256-w1wmJW7YwXyjvXJOWdN2+k+QmhXr4IflES/c2bCX3CI=";
- };
- packageRequires = [ ];
- })
-
- ];
+ ];
+ };
};
- };
- services.emacs = {
- enable = true;
- socketActivation.enable = false;
- startWithUserSession = "graphical";
+ services.emacs = {
+ enable = true;
+ socketActivation.enable = false;
+ startWithUserSession = "graphical";
+ };
};
}
@@ -11482,272 +12080,337 @@ in
-3.4.1.26. Waybar
+3.4.1.27. Waybar
Again I am just using the first bar option here that I was able to find good understandable documentation for. Of note is that the `cpu` section's `format` is not defined here, but in section 1 (since not every machine has the same number of cores)
+
+This section is mostly used to deliver the correct information to Waybar. AMD systems have changing hwmon paths that can be specifically set here. Also the cpu count can be set here for Waybars cpu module, but 8 is usually a good setting to show
+
+
+
+These are explicit waybar options. Laptops do not need the battery module. However, this leads to a slight problem with theming: my waybar modules alternate their background-color between black and grey. The battery module is usually on grey background. If I were to simply delete that, I would now have two modules on black background. To avoid this, I define a pseudo-module custom/pseudobat that simply shows a static image and calls wlogout on right click. This wastes a little bit of screen space, but that is a price I am willing to pay for consistency.
+
+
The rest of the related configuration is found here:
-- Waybar
+- [BROKEN LINK: h:a9530c81-1976-442b-b597-0b4bed6baf25]
- waybarupdate
{ self, config, lib, ... }:
+let
+ generateIcons = n: lib.concatStringsSep " " (builtins.map (x: "{icon" + toString x + "}") (lib.range 0 (n - 1)));
+ modulesLeft = [
+ "custom/outer-left-arrow-dark"
+ "mpris"
+ "custom/left-arrow-light"
+ "network"
+ "custom/vpn"
+ "custom/left-arrow-dark"
+ "pulseaudio"
+ "custom/left-arrow-light"
+ ];
+ modulesRight = [
+ "custom/left-arrow-dark"
+ "group/hardware"
+ "custom/left-arrow-light"
+ "clock#2"
+ "custom/left-arrow-dark"
+ "clock#1"
+ ];
+in
{
- programs.waybar = {
-
- enable = true;
- systemd = {
- enable = true;
- target = "sway-sessions.target";
+ options.swarselsystems = {
+ modules.waybar = lib.mkEnableOption "waybar settings";
+ cpuCount = lib.mkOption {
+ type = lib.types.int;
+ default = 8;
};
- settings = {
- mainBar = {
- ipc = true;
- id = "bar-0";
- layer = "top";
- position = "top";
- modules-left = [ "sway/workspaces" "custom/outer-right-arrow-dark" "sway/window" ];
- modules-center = [ "sway/mode" "privacy" "custom/github" "custom/configwarn" "custom/nix-updates" ];
- "sway/mode" = {
- format = "<span style=\"italic\" font-weight=\"bold\">{}</span>";
- };
-
- modules-right = config.swarselsystems.waybarModules;
-
- "custom/pseudobat" = lib.mkIf (!config.swarselsystems.isLaptop) {
- format = "";
- on-click-right = "wlogout -p layer-shell";
- };
-
- "custom/configwarn" = {
- exec = "waybarupdate";
- interval = 60;
- };
-
- "custom/scratchpad-indicator" = {
- interval = 3;
- exec = "swaymsg -t get_tree | jq 'recurse(.nodes[]) | first(select(.name==\"__i3_scratch\")) | .floating_nodes | length | select(. >= 1)'";
- format = "{} ";
- on-click = "swaymsg 'scratchpad show'";
- on-click-right = "swaymsg 'move scratchpad'";
- };
-
- "custom/github" = {
- format = "{} ";
- return-type = "json";
- interval = 60;
- exec = "github-notifications";
- on-click = "xdg-open https://github.com/notifications";
- };
-
- idle_inhibitor = {
- format = "{icon}";
- format-icons = {
- activated = "";
- deactivated = "";
- };
- };
-
- "group/hardware" = {
- orientation = "inherit";
- drawer = {
- "transition-left-to-right" = false;
- };
- modules = [
- "tray"
- "temperature"
- "power-profiles-daemon"
- "custom/left-arrow-light"
- "custom/left-arrow-dark"
- "custom/scratchpad-indicator"
- "custom/left-arrow-light"
- "disk"
- "custom/left-arrow-dark"
- "memory"
- "custom/left-arrow-light"
- "cpu"
- "custom/left-arrow-dark"
- "backlight/slider"
- "idle_inhibitor"
- ];
- };
-
- "backlight/slider" = {
- min = 0;
- max = 100;
- orientation = "horizontal";
- device = "intel_backlight";
- };
-
- power-profiles-daemon = {
- format = "{icon}";
- tooltip-format = "Power profile: {profile}\nDriver: {driver}";
- tooltip = true;
- format-icons = {
- "default" = "";
- "performance" = "";
- "balanced" = "";
- "power-saver" = "";
- };
- };
-
- temperature = {
- hwmon-path = lib.mkIf (!config.swarselsystems.temperatureHwmon.isAbsolutePath) config.swarselsystems.temperatureHwmon.path;
- hwmon-path-abs = lib.mkIf config.swarselsystems.temperatureHwmon.isAbsolutePath config.swarselsystems.temperatureHwmon.path;
- input-filename = lib.mkIf config.swarselsystems.temperatureHwmon.isAbsolutePath config.swarselsystems.temperatureHwmon.input-filename;
- critical-threshold = 80;
- format-critical = " {temperatureC}°C";
- format = " {temperatureC}°C";
-
- };
-
- mpris = {
- format = "{player_icon} {title} <small>[{position}/{length}]</small>";
- format-paused = "{player_icon} <i>{title} <small>[{position}/{length}]</small></i>";
- player-icons = {
- "default" = "▶ ";
- "mpv" = "🎵 ";
- "spotify" = " ";
- };
- status-icons = {
- "paused" = " ";
- };
- interval = 1;
- title-len = 20;
- artist-len = 20;
- album-len = 10;
- };
- "custom/left-arrow-dark" = {
- format = "";
- tooltip = false;
- };
- "custom/outer-left-arrow-dark" = {
- format = "";
- tooltip = false;
- };
- "custom/left-arrow-light" = {
- format = "";
- tooltip = false;
- };
- "custom/right-arrow-dark" = {
- format = "";
- tooltip = false;
- };
- "custom/outer-right-arrow-dark" = {
- format = "";
- tooltip = false;
- };
- "custom/right-arrow-light" = {
- format = "";
- tooltip = false;
- };
- "sway/workspaces" = {
- disable-scroll = true;
- format = "{name}";
- };
-
- "clock#1" = {
- min-length = 8;
- interval = 1;
- format = "{:%H:%M:%S}";
- # on-click-right= "gnome-clocks";
- tooltip-format = "<big>{:%Y %B}</big>\n<tt><small>{calendar}</small></tt>";
- };
-
- "clock#2" = {
- format = "{:%d. %B %Y}";
- # on-click-right= "gnome-clocks";
- tooltip-format = "<big>{:%Y %B}</big>\n<tt><small>{calendar}</small></tt>";
- };
-
- pulseaudio = {
- format = "{icon} {volume:2}%";
- format-bluetooth = "{icon} {volume}%";
- format-muted = "MUTE";
- format-icons = {
- headphones = "";
- default = [
- ""
- ""
- ];
- };
- scroll-step = 1;
- on-click = "pamixer -t";
- on-click-right = "pavucontrol";
- };
-
- memory = {
- interval = 5;
- format = " {}%";
- tooltip-format = "Memory: {used:0.1f}G/{total:0.1f}G\nSwap: {swapUsed}G/{swapTotal}G";
- };
- cpu = {
- format = config.swarselsystems.cpuString;
- min-length = 6;
- interval = 5;
- format-icons = [ "▁" "▂" "▃" "▄" "▅" "▆" "▇" "█" ];
- # on-click-right= "com.github.stsdc.monitor";
- on-click-right = "kitty -o confirm_os_window_close=0 btm";
-
- };
- "custom/vpn" = {
- format = "()";
- exec = "echo '{\"class\": \"connected\"}'";
- exec-if = "test -d /proc/sys/net/ipv4/conf/tun0";
- return-type = "json";
- interval = 5;
- };
- battery = {
- states = {
- "warning" = 60;
- "error" = 30;
- "critical" = 15;
- };
- interval = 5;
- format = "{icon} {capacity}%";
- format-charging = "{capacity}% ";
- format-plugged = "{capacity}% ";
- format-icons = [
- ""
- ""
- ""
- ""
- ""
- ];
- on-click-right = "wlogout -p layer-shell";
- };
- disk = {
- interval = 30;
- format = "Disk {percentage_used:2}%";
- path = "/";
- states = {
- "warning" = 80;
- "critical" = 90;
- };
- tooltip-format = "{used} used out of {total} on {path} ({percentage_used}%)\n{free} free on {path} ({percentage_free}%)";
- };
- tray = {
- icon-size = 20;
- };
- network = {
- interval = 5;
- format-wifi = "{signalStrength}% ";
- format-ethernet = "";
- format-linked = "{ifname} (No IP) ";
- format-disconnected = "Disconnected ⚠";
- format-alt = "{ifname}: {ipaddr}/{cidr}";
- tooltip-format-ethernet = "{ifname} via {gwaddr}: {essid} {ipaddr}/{cidr}\n\n⇡{bandwidthUpBytes} ⇣{bandwidthDownBytes}";
- tooltip-format-wifi = "{ifname} via {gwaddr}: {essid} {ipaddr}/{cidr} \n{signaldBm}dBm @ {frequency}MHz\n\n⇡{bandwidthUpBytes} ⇣{bandwidthDownBytes}";
- };
+ temperatureHwmon = {
+ isAbsolutePath = lib.mkEnableOption "absolute temperature path";
+ path = lib.mkOption {
+ type = lib.types.str;
+ default = "";
+ };
+ input-filename = lib.mkOption {
+ type = lib.types.str;
+ default = "";
};
};
- style = builtins.readFile (self + /programs/waybar/style.css);
+ waybarModules = lib.mkOption {
+ type = lib.types.listOf lib.types.str;
+ default = modulesLeft ++ [
+ "custom/pseudobat"
+ ] ++ modulesRight;
+ };
+ cpuString = lib.mkOption {
+ type = lib.types.str;
+ default = generateIcons config.swarselsystems.cpuCount;
+ description = "The generated icons string for use by Waybar.";
+ internal = true;
+ };
+ };
+ config = lib.mkIf config.swarselsystems.modules.waybar {
+ swarselsystems = {
+ waybarModules = lib.mkIf config.swarselsystems.isLaptop (modulesLeft ++ [
+ "battery"
+ ] ++ modulesRight);
+ };
+ programs.waybar = {
+ enable = true;
+ systemd = {
+ enable = true;
+ target = "sway-sessions.target";
+ };
+ settings = {
+ mainBar = {
+ ipc = true;
+ id = "bar-0";
+ layer = "top";
+ position = "top";
+ modules-left = [ "sway/workspaces" "custom/outer-right-arrow-dark" "sway/window" ];
+ modules-center = [ "sway/mode" "privacy" "custom/github" "custom/configwarn" "custom/nix-updates" ];
+ "sway/mode" = {
+ format = "<span style=\"italic\" font-weight=\"bold\">{}</span>";
+ };
+
+ modules-right = config.swarselsystems.waybarModules;
+
+ "custom/pseudobat" = lib.mkIf (!config.swarselsystems.isLaptop) {
+ format = "";
+ on-click-right = "wlogout -p layer-shell";
+ };
+
+ "custom/configwarn" = {
+ exec = "waybarupdate";
+ interval = 60;
+ };
+
+ "custom/scratchpad-indicator" = {
+ interval = 3;
+ exec = "swaymsg -t get_tree | jq 'recurse(.nodes[]) | first(select(.name==\"__i3_scratch\")) | .floating_nodes | length | select(. >= 1)'";
+ format = "{} ";
+ on-click = "swaymsg 'scratchpad show'";
+ on-click-right = "swaymsg 'move scratchpad'";
+ };
+
+ "custom/github" = {
+ format = "{} ";
+ return-type = "json";
+ interval = 60;
+ exec = "github-notifications";
+ on-click = "xdg-open https://github.com/notifications";
+ };
+
+ idle_inhibitor = {
+ format = "{icon}";
+ format-icons = {
+ activated = "";
+ deactivated = "";
+ };
+ };
+
+ "group/hardware" = {
+ orientation = "inherit";
+ drawer = {
+ "transition-left-to-right" = false;
+ };
+ modules = [
+ "tray"
+ "temperature"
+ "power-profiles-daemon"
+ "custom/left-arrow-light"
+ "custom/left-arrow-dark"
+ "custom/scratchpad-indicator"
+ "custom/left-arrow-light"
+ "disk"
+ "custom/left-arrow-dark"
+ "memory"
+ "custom/left-arrow-light"
+ "cpu"
+ "custom/left-arrow-dark"
+ "backlight/slider"
+ "idle_inhibitor"
+ ];
+ };
+
+ "backlight/slider" = {
+ min = 0;
+ max = 100;
+ orientation = "horizontal";
+ device = "intel_backlight";
+ };
+
+ power-profiles-daemon = {
+ format = "{icon}";
+ tooltip-format = "Power profile: {profile}\nDriver: {driver}";
+ tooltip = true;
+ format-icons = {
+ "default" = "";
+ "performance" = "";
+ "balanced" = "";
+ "power-saver" = "";
+ };
+ };
+
+ temperature = {
+ hwmon-path = lib.mkIf (!config.swarselsystems.temperatureHwmon.isAbsolutePath) config.swarselsystems.temperatureHwmon.path;
+ hwmon-path-abs = lib.mkIf config.swarselsystems.temperatureHwmon.isAbsolutePath config.swarselsystems.temperatureHwmon.path;
+ input-filename = lib.mkIf config.swarselsystems.temperatureHwmon.isAbsolutePath config.swarselsystems.temperatureHwmon.input-filename;
+ critical-threshold = 80;
+ format-critical = " {temperatureC}°C";
+ format = " {temperatureC}°C";
+
+ };
+
+ mpris = {
+ format = "{player_icon} {title} <small>[{position}/{length}]</small>";
+ format-paused = "{player_icon} <i>{title} <small>[{position}/{length}]</small></i>";
+ player-icons = {
+ "default" = "▶ ";
+ "mpv" = "🎵 ";
+ "spotify" = " ";
+ };
+ status-icons = {
+ "paused" = " ";
+ };
+ interval = 1;
+ title-len = 20;
+ artist-len = 20;
+ album-len = 10;
+ };
+ "custom/left-arrow-dark" = {
+ format = "";
+ tooltip = false;
+ };
+ "custom/outer-left-arrow-dark" = {
+ format = "";
+ tooltip = false;
+ };
+ "custom/left-arrow-light" = {
+ format = "";
+ tooltip = false;
+ };
+ "custom/right-arrow-dark" = {
+ format = "";
+ tooltip = false;
+ };
+ "custom/outer-right-arrow-dark" = {
+ format = "";
+ tooltip = false;
+ };
+ "custom/right-arrow-light" = {
+ format = "";
+ tooltip = false;
+ };
+ "sway/workspaces" = {
+ disable-scroll = true;
+ format = "{name}";
+ };
+
+ "clock#1" = {
+ min-length = 8;
+ interval = 1;
+ format = "{:%H:%M:%S}";
+ # on-click-right= "gnome-clocks";
+ tooltip-format = "<big>{:%Y %B}</big>\n<tt><small>{calendar}</small></tt>";
+ };
+
+ "clock#2" = {
+ format = "{:%d. %B %Y}";
+ # on-click-right= "gnome-clocks";
+ tooltip-format = "<big>{:%Y %B}</big>\n<tt><small>{calendar}</small></tt>";
+ };
+
+ pulseaudio = {
+ format = "{icon} {volume:2}%";
+ format-bluetooth = "{icon} {volume}%";
+ format-muted = "MUTE";
+ format-icons = {
+ headphones = "";
+ default = [
+ ""
+ ""
+ ];
+ };
+ scroll-step = 1;
+ on-click = "pamixer -t";
+ on-click-right = "pavucontrol";
+ };
+
+ memory = {
+ interval = 5;
+ format = " {}%";
+ tooltip-format = "Memory: {used:0.1f}G/{total:0.1f}G\nSwap: {swapUsed}G/{swapTotal}G";
+ };
+ cpu = {
+ format = config.swarselsystems.cpuString;
+ min-length = 6;
+ interval = 5;
+ format-icons = [ "▁" "▂" "▃" "▄" "▅" "▆" "▇" "█" ];
+ # on-click-right= "com.github.stsdc.monitor";
+ on-click-right = "kitty -o confirm_os_window_close=0 btm";
+
+ };
+ "custom/vpn" = {
+ format = "()";
+ exec = "echo '{\"class\": \"connected\"}'";
+ exec-if = "test -d /proc/sys/net/ipv4/conf/tun0";
+ return-type = "json";
+ interval = 5;
+ };
+ battery = {
+ states = {
+ "warning" = 60;
+ "error" = 30;
+ "critical" = 15;
+ };
+ interval = 5;
+ format = "{icon} {capacity}%";
+ format-charging = "{capacity}% ";
+ format-plugged = "{capacity}% ";
+ format-icons = [
+ ""
+ ""
+ ""
+ ""
+ ""
+ ];
+ on-click-right = "wlogout -p layer-shell";
+ };
+ disk = {
+ interval = 30;
+ format = "Disk {percentage_used:2}%";
+ path = "/";
+ states = {
+ "warning" = 80;
+ "critical" = 90;
+ };
+ tooltip-format = "{used} used out of {total} on {path} ({percentage_used}%)\n{free} free on {path} ({percentage_free}%)";
+ };
+ tray = {
+ icon-size = 20;
+ };
+ network = {
+ interval = 5;
+ format-wifi = "{signalStrength}% ";
+ format-ethernet = "";
+ format-linked = "{ifname} (No IP) ";
+ format-disconnected = "Disconnected ⚠";
+ format-alt = "{ifname}: {ipaddr}/{cidr}";
+ tooltip-format-ethernet = "{ifname} via {gwaddr}: {essid} {ipaddr}/{cidr}\n\n⇡{bandwidthUpBytes} ⇣{bandwidthDownBytes}";
+ tooltip-format-wifi = "{ifname} via {gwaddr}: {essid} {ipaddr}/{cidr} \n{signaldBm}dBm @ {frequency}MHz\n\n⇡{bandwidthUpBytes} ⇣{bandwidthDownBytes}";
+ };
+ };
+ };
+ style = builtins.readFile (self + /programs/waybar/style.css);
+ };
};
}
@@ -11755,7 +12418,7 @@ The rest of the related configuration is found here:
-3.4.1.27. Firefox
+3.4.1.28. Firefox
Setting up firefox along with some policies that are important to me (mostly disabling telemetry related stuff as well as Pocket). I also enable some integrations that enable super useful packages, namely tridactyl and browserpass.
@@ -11774,293 +12437,152 @@ I used to build the firefox addon bypass-paywalls-clean myself here
-{ self, pkgs, lib, ... }:
-let
- lock-false = {
- Value = false;
- Status = "locked";
- };
- lock-true = {
- Value = true;
- Status = "locked";
- };
-in
+{ config, pkgs, lib, ... }:
{
- programs.firefox = {
- enable = true;
- package = pkgs.firefox; # uses overrides
- policies = {
- # CaptivePortal = false;
- AppAutoUpdate = false;
- BackgroundAppUpdate = false;
- DisableBuiltinPDFViewer = true;
- DisableFirefoxStudies = true;
- DisablePocket = true;
- DisableFirefoxScreenshots = true;
- DisableTelemetry = true;
- DisableFirefoxAccounts = false;
- DisableProfileImport = true;
- DisableProfileRefresh = true;
- DisplayBookmarksToolbar = "always";
- DontCheckDefaultBrowser = true;
- NoDefaultBookmarks = true;
- OfferToSaveLogins = false;
- OfferToSaveLoginsDefault = false;
- PasswordManagerEnabled = false;
- DisableMasterPasswordCreation = true;
- ExtensionUpdate = false;
- EnableTrackingProtection = {
- Value = true;
- Locked = true;
- Cryptomining = true;
- Fingerprinting = true;
- EmailTracking = true;
- # Exceptions = ["https://example.com"]
- };
- PDFjs = {
- Enabled = false;
- EnablePermissions = false;
- };
- Handlers = {
- mimeTypes."application/pdf".action = "saveToDisk";
- };
- extensions = {
- pdf = {
- action = "useHelperApp";
- ask = true;
- handlers = [
- {
- name = "GNOME Document Viewer";
- path = "${pkgs.evince}/bin/evince";
- }
- ];
+ options.swarselsystems.modules.firefox = lib.mkEnableOption "firefox settings";
+ config = lib.mkIf config.swarselsystems.modules.firefox {
+ programs.firefox = {
+ enable = true;
+ package = pkgs.firefox; # uses overrides
+ policies = {
+ # CaptivePortal = false;
+ AppAutoUpdate = false;
+ BackgroundAppUpdate = false;
+ DisableBuiltinPDFViewer = true;
+ DisableFirefoxStudies = true;
+ DisablePocket = true;
+ DisableFirefoxScreenshots = true;
+ DisableTelemetry = true;
+ DisableFirefoxAccounts = false;
+ DisableProfileImport = true;
+ DisableProfileRefresh = true;
+ DisplayBookmarksToolbar = "always";
+ DontCheckDefaultBrowser = true;
+ NoDefaultBookmarks = true;
+ OfferToSaveLogins = false;
+ OfferToSaveLoginsDefault = false;
+ PasswordManagerEnabled = false;
+ DisableMasterPasswordCreation = true;
+ ExtensionUpdate = false;
+ EnableTrackingProtection = {
+ Value = true;
+ Locked = true;
+ Cryptomining = true;
+ Fingerprinting = true;
+ EmailTracking = true;
+ # Exceptions = ["https://example.com"]
};
- };
- FirefoxHome = {
- Search = true;
- TopSites = true;
- SponsoredTopSites = false;
- Highlights = true;
- Pocket = false;
- SponsoredPocket = false;
- Snippets = false;
- Locked = true;
- };
- FirefoxSuggest = {
- WebSuggestions = false;
- SponsoredSuggestions = false;
- ImproveSuggest = false;
- Locked = true;
- };
- SanitizeOnShutdown = {
- Cache = true;
- Cookies = false;
- Downloads = true;
- FormData = true;
- History = false;
- Sessions = false;
- SiteSettings = false;
- OfflineApps = true;
- Locked = true;
- };
- SearchEngines = {
- PreventInstalls = true;
- Remove = [
- "Bing" # Fuck you
- ];
- };
- UserMessaging = {
- ExtensionRecommendations = false; # Don’t recommend extensions while the user is visiting web pages
- FeatureRecommendations = false; # Don’t recommend browser features
- Locked = true; # Prevent the user from changing user messaging preferences
- MoreFromMozilla = false; # Don’t show the “More from Mozilla” section in Preferences
- SkipOnboarding = true; # Don’t show onboarding messages on the new tab page
- UrlbarInterventions = false; # Don’t offer suggestions in the URL bar
- WhatsNew = false; # Remove the “What’s New” icon and menuitem
- };
- ExtensionSettings = {
- "3rdparty".Extensions = {
- # https://github.com/gorhill/uBlock/blob/master/platform/common/managed_storage.json
- "uBlock0@raymondhill.net".adminSettings = {
- userSettings = rec {
- uiTheme = "dark";
- uiAccentCustom = true;
- uiAccentCustom0 = "#0C8084";
- cloudStorageEnabled = lib.mkForce false;
- importedLists = [
- "https://filters.adtidy.org/extension/ublock/filters/3.txt"
- "https://github.com/DandelionSprout/adfilt/raw/master/LegitimateURLShortener.txt"
- ];
- externalLists = lib.concatStringsSep "\n" importedLists;
- };
- selectedFilterLists = [
- "CZE-0"
- "adguard-generic"
- "adguard-annoyance"
- "adguard-social"
- "adguard-spyware-url"
- "easylist"
- "easyprivacy"
- "https://github.com/DandelionSprout/adfilt/raw/master/LegitimateURLShortener.txt"
- "plowe-0"
- "ublock-abuse"
- "ublock-badware"
- "ublock-filters"
- "ublock-privacy"
- "ublock-quick-fixes"
- "ublock-unbreak"
- "urlhaus-1"
+ PDFjs = {
+ Enabled = false;
+ EnablePermissions = false;
+ };
+ Handlers = {
+ mimeTypes."application/pdf".action = "saveToDisk";
+ };
+ extensions = {
+ pdf = {
+ action = "useHelperApp";
+ ask = true;
+ handlers = [
+ {
+ name = "GNOME Document Viewer";
+ path = "${pkgs.evince}/bin/evince";
+ }
];
};
};
-
- };
-
- };
-
- profiles.default = {
- id = 0;
- isDefault = true;
- userChrome = builtins.readFile (self + /programs/firefox/chrome/userChrome.css);
- extensions = {
- packages = with pkgs.nur.repos.rycee.firefox-addons; [
- tridactyl
- tampermonkey
- sidebery
- browserpass
- clearurls
- darkreader
- enhancer-for-youtube
- istilldontcareaboutcookies
- translate-web-pages
- ublock-origin
- reddit-enhancement-suite
- sponsorblock
- web-archives
- single-file
- widegithub
- enhanced-github
- unpaywall
- don-t-fuck-with-paste
- plasma-integration
-
- # configure the default the same as trusted in order not to be annoyed
- noscript
-
- # configure a shortcut 'ctrl+shift+c' with behaviour 'do nothing' in order to disable the dev console shortcut
- (buildFirefoxXpiAddon {
- pname = "shortkeys";
- version = "4.0.2";
- addonId = "Shortkeys@Shortkeys.com";
- url = "https://addons.mozilla.org/firefox/downloads/file/3673761/shortkeys-4.0.2.xpi";
- sha256 = "c6fe12efdd7a871787ac4526eea79ecc1acda8a99724aa2a2a55c88a9acf467c";
- meta = with lib;
- {
- description = "Easily customizable custom keyboard shortcuts for Firefox. To configure this addon go to Addons (ctrl+shift+a) ->Shortkeys ->Options. Report issues here (please specify that the issue is found in Firefox): https://github.com/mikecrittenden/shortkeys";
- mozPermissions = [
- "tabs"
- "downloads"
- "clipboardWrite"
- "browsingData"
- "storage"
- "bookmarks"
- "sessions"
- "<all_urls>"
- ];
- platforms = platforms.all;
- };
- })
-
- ];
- };
-
- settings = {
- "extensions.autoDisableScopes" = 0;
- "browser.startup.homepage" = "https://outlook.office.com|https://satellite.vbc.ac.at|https://bitbucket.vbc.ac.at|https://github.com";
- "browser.bookmarks.showMobileBookmarks" = lock-true;
- "toolkit.legacyUserProfileCustomizations.stylesheets" = lock-true;
- "browser.search.suggest.enabled" = lock-false;
- "browser.search.suggest.enabled.private" = lock-false;
- "browser.urlbar.suggest.searches" = lock-false;
- "browser.urlbar.showSearchSuggestionsFirst" = lock-false;
- "browser.topsites.contile.enabled" = lock-false;
- "browser.newtabpage.activity-stream.feeds.section.topstories" = lock-false;
- "browser.newtabpage.activity-stream.feeds.snippets" = lock-false;
- "browser.newtabpage.activity-stream.section.highlights.includePocket" = lock-false;
- "browser.newtabpage.activity-stream.section.highlights.includeBookmarks" = lock-false;
- "browser.newtabpage.activity-stream.section.highlights.includeDownloads" = lock-false;
- "browser.newtabpage.activity-stream.section.highlights.includeVisited" = lock-false;
- "browser.newtabpage.activity-stream.showSponsored" = lock-false;
- "browser.newtabpage.activity-stream.system.showSponsored" = lock-false;
- "browser.newtabpage.activity-stream.showSponsoredTopSites" = lock-false;
- };
-
- search = {
- # default = "Kagi";
- default = "Google";
- # privateDefault = "Kagi";
- privateDefault = "Google";
- engines = {
- "Kagi" = {
- urls = [{
- template = "https://kagi.com/search";
- params = [
- { name = "q"; value = "{searchTerms}"; }
- ];
- }];
- iconUpdateURL = "https://kagi.com/favicon.ico";
- updateInterval = 24 * 60 * 60 * 1000; # every day
- definedAliases = [ "@k" ];
- };
-
- "Nix Packages" = {
- urls = [{
- template = "https://search.nixos.org/packages";
- params = [
- { name = "type"; value = "packages"; }
- { name = "query"; value = "{searchTerms}"; }
- ];
- }];
- icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg";
- definedAliases = [ "@np" ];
- };
-
- "NixOS Wiki" = {
- urls = [{
- template = "https://nixos.wiki/index.php?search={searchTerms}";
- }];
- iconUpdateURL = "https://nixos.wiki/favicon.png";
- updateInterval = 24 * 60 * 60 * 1000; # every day
- definedAliases = [ "@nw" ];
- };
-
- "NixOS Options" = {
- urls = [{
- template = "https://search.nixos.org/options";
- params = [
- { name = "query"; value = "{searchTerms}"; }
- ];
- }];
-
- icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg";
- definedAliases = [ "@no" ];
- };
-
- "Home Manager Options" = {
- urls = [{
- template = "https://home-manager-options.extranix.com/";
- params = [
- { name = "query"; value = "{searchTerms}"; }
- ];
- }];
-
- icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg";
- definedAliases = [ "@hm" "@ho" "@hmo" ];
- };
-
- "Google".metaData.alias = "@g";
+ FirefoxHome = {
+ Search = true;
+ TopSites = true;
+ SponsoredTopSites = false;
+ Highlights = true;
+ Pocket = false;
+ SponsoredPocket = false;
+ Snippets = false;
+ Locked = true;
};
- force = true; # this is required because otherwise the search.json.mozlz4 symlink gets replaced on every firefox restart
+ FirefoxSuggest = {
+ WebSuggestions = false;
+ SponsoredSuggestions = false;
+ ImproveSuggest = false;
+ Locked = true;
+ };
+ SanitizeOnShutdown = {
+ Cache = true;
+ Cookies = false;
+ Downloads = true;
+ FormData = true;
+ History = false;
+ Sessions = false;
+ SiteSettings = false;
+ OfflineApps = true;
+ Locked = true;
+ };
+ SearchEngines = {
+ PreventInstalls = true;
+ Remove = [
+ "Bing" # Fuck you
+ ];
+ };
+ UserMessaging = {
+ ExtensionRecommendations = false; # Don’t recommend extensions while the user is visiting web pages
+ FeatureRecommendations = false; # Don’t recommend browser features
+ Locked = true; # Prevent the user from changing user messaging preferences
+ MoreFromMozilla = false; # Don’t show the “More from Mozilla” section in Preferences
+ SkipOnboarding = true; # Don’t show onboarding messages on the new tab page
+ UrlbarInterventions = false; # Don’t offer suggestions in the URL bar
+ WhatsNew = false; # Remove the “What’s New” icon and menuitem
+ };
+ ExtensionSettings = {
+ "3rdparty".Extensions = {
+ # https://github.com/gorhill/uBlock/blob/master/platform/common/managed_storage.json
+ "uBlock0@raymondhill.net".adminSettings = {
+ userSettings = rec {
+ uiTheme = "dark";
+ uiAccentCustom = true;
+ uiAccentCustom0 = "#0C8084";
+ cloudStorageEnabled = lib.mkForce false;
+ importedLists = [
+ "https://filters.adtidy.org/extension/ublock/filters/3.txt"
+ "https://github.com/DandelionSprout/adfilt/raw/master/LegitimateURLShortener.txt"
+ ];
+ externalLists = lib.concatStringsSep "\n" importedLists;
+ };
+ selectedFilterLists = [
+ "CZE-0"
+ "adguard-generic"
+ "adguard-annoyance"
+ "adguard-social"
+ "adguard-spyware-url"
+ "easylist"
+ "easyprivacy"
+ "https://github.com/DandelionSprout/adfilt/raw/master/LegitimateURLShortener.txt"
+ "plowe-0"
+ "ublock-abuse"
+ "ublock-badware"
+ "ublock-filters"
+ "ublock-privacy"
+ "ublock-quick-fixes"
+ "ublock-unbreak"
+ "urlhaus-1"
+ ];
+ };
+ };
+
+ };
+
+ };
+
+ profiles = {
+ default = lib.recursiveUpdate
+ {
+ id = 0;
+ isDefault = true;
+ settings = {
+ "browser.startup.homepage" = "https://lobste.rs";
+ };
+ }
+ config.swarselsystems.firefox;
};
};
};
@@ -12070,14 +12592,14 @@ in
-3.4.1.28. Services
+3.4.1.29. Services
Services that can be defined through home-manager should be defined here.
-3.4.1.28.1. gnome-keyring
+3.4.1.29.1. gnome-keyring
Used for storing sessions in e.g. Nextcloud
@@ -12086,8 +12608,11 @@ Used for storing sessions in e.g. Nextcloud
{ lib, config, ... }:
{
- services.gnome-keyring = lib.mkIf (!config.swarselsystems.isNixos) {
- enable = true;
+ options.swarselsystems.modules.gnome-keyring = lib.mkEnableOption "gnome keyring settings";
+ config = lib.mkIf config.swarselsystems.modules.gnome-keyring {
+ services.gnome-keyring = lib.mkIf (!config.swarselsystems.isNixos) {
+ enable = true;
+ };
};
}
@@ -12095,18 +12620,21 @@ Used for storing sessions in e.g. Nextcloud
-3.4.1.28.2. KDE Connect
+3.4.1.29.2. KDE Connect
This enables phone/computer communication, including sending clipboard, files etc. Sadly on Wayland many of the features are broken (like remote control).
-_:
+{ lib, config, ... }:
{
- services.kdeconnect = {
- enable = true;
- indicator = true;
+ options.swarselsystems.modules.kdeconnect = lib.mkEnableOption "kdeconnect settings";
+ config = lib.mkIf config.swarselsystems.modules.kdeconnect {
+ services.kdeconnect = {
+ enable = true;
+ indicator = true;
+ };
};
}
@@ -12115,7 +12643,7 @@ This enables phone/computer communication, including sending clipboard, files et
-3.4.1.28.3. Mako
+3.4.1.29.3. Mako
Desktop notifications!
@@ -12126,35 +12654,57 @@ The `extraConfig` section here CANNOT be reindented. This has something to do wi
-_:
+{ lib, config, ... }:
{
- services.mako = {
- enable = true;
- # backgroundColor = "#2e3440";
- # borderColor = "#88c0d0";
- borderRadius = 15;
- borderSize = 1;
- defaultTimeout = 5000;
- height = 150;
- icons = true;
- ignoreTimeout = true;
- layer = "overlay";
- maxIconSize = 64;
- sort = "-time";
- width = 300;
- # font = "monospace 10";
- extraConfig = ''
- [urgency=low]
- border-color=#cccccc
- [urgency=normal]
- border-color=#d08770
- [urgency=high]
- border-color=#bf616a
- default-timeout=3000
- [category=mpd]
- default-timeout=2000
- group-by=category
- '';
+ options.swarselsystems.modules.mako = lib.mkEnableOption "mako settings";
+ config = lib.mkIf config.swarselsystems.modules.mako {
+ services.mako = {
+ enable = true;
+ # backgroundColor = "#2e3440";
+ # borderColor = "#88c0d0";
+ borderRadius = 15;
+ borderSize = 1;
+ defaultTimeout = 5000;
+ height = 150;
+ icons = true;
+ ignoreTimeout = true;
+ layer = "overlay";
+ maxIconSize = 64;
+ sort = "-time";
+ width = 300;
+ # font = "monospace 10";
+ extraConfig = ''
+ [urgency=low]
+ border-color=#cccccc
+ [urgency=normal]
+ border-color=#d08770
+ [urgency=high]
+ border-color=#bf616a
+ default-timeout=3000
+ [category=mpd]
+ default-timeout=2000
+ group-by=category
+ '';
+ };
+ };
+
+}
+
+
+
+
+
+3.4.1.29.4. SwayOSD
+
+
+{ lib, config, ... }:
+{
+ options.swarselsystems.modules.swayosd = lib.mkEnableOption "swayosd settings";
+ config = lib.mkIf config.swarselsystems.modules.swayosd {
+ services.swayosd = {
+ enable = true;
+ topMargin = 0.5;
+ };
};
}
@@ -12162,35 +12712,38 @@ The `extraConfig` section here CANNOT be reindented. This has something to do wi
-3.4.1.28.4. yubikey-touch-detector
+3.4.1.29.5. yubikey-touch-detector
-{ pkgs, ... }:
+{ lib, config, pkgs, ... }:
{
- systemd.user.services.yubikey-touch-detector = {
- Unit = {
- Description = "Detects when your YubiKey is waiting for a touch";
- Requires = [ "yubikey-touch-detector.socket" ];
+ options.swarselsystems.modules.yubikeytouch = lib.mkEnableOption "yubikey touch detector service settings";
+ config = lib.mkIf config.swarselsystems.modules.yubikeytouch {
+ systemd.user.services.yubikey-touch-detector = {
+ Unit = {
+ Description = "Detects when your YubiKey is waiting for a touch";
+ Requires = [ "yubikey-touch-detector.socket" ];
+ };
+ Service = {
+ ExecStart = "${pkgs.yubikey-touch-detector}/bin/yubikey-touch-detector --libnotify";
+ EnvironmentFile = "-%E/yubikey-touch-detector/service.conf";
+ };
+ Install = {
+ Also = [ "yubikey-touch-detector.socket" ];
+ WantedBy = [ "default.target" ];
+ };
};
- Service = {
- ExecStart = "${pkgs.yubikey-touch-detector}/bin/yubikey-touch-detector --libnotify";
- EnvironmentFile = "-%E/yubikey-touch-detector/service.conf";
- };
- Install = {
- Also = [ "yubikey-touch-detector.socket" ];
- WantedBy = [ "default.target" ];
- };
- };
- systemd.user.sockets.yubikey-touch-detector = {
- Unit = {
- Description = "Unix socket activation for YubiKey touch detector service";
- };
- Socket = {
- ListenStream = "%t/yubikey-touch-detector.socket";
- RemoveOnStop = true;
- };
- Install = {
- WantedBy = [ "sockets.target" ];
+ systemd.user.sockets.yubikey-touch-detector = {
+ Unit = {
+ Description = "Unix socket activation for YubiKey touch detector service";
+ };
+ Socket = {
+ ListenStream = "%t/yubikey-touch-detector.socket";
+ RemoveOnStop = true;
+ };
+ Install = {
+ WantedBy = [ "sockets.target" ];
+ };
};
};
}
@@ -12200,7 +12753,7 @@ The `extraConfig` section here CANNOT be reindented. This has something to do wi
-3.4.1.29. Sway
+3.4.1.30. Sway
I am currently using SwayFX, which adds some nice effects to sway, like rounded corners and hiding the separator between title and content of a window.
@@ -12212,324 +12765,408 @@ Currently, I am too lazy to explain every option here, but most of it is very se
{ self, config, lib, ... }:
-let
- inherit (config.swarselsystems) monitors;
- workplaceSets = lib.mapAttrs' lib.swarselsystems.eachOutput monitors;
- workplaceOutputs = map (key: lib.getAttr key workplaceSets) (lib.attrNames workplaceSets);
-in
{
- wayland.windowManager.sway = {
- enable = true;
- checkConfig = false; # delete this line once SwayFX is fixed upstream
- package = lib.mkIf config.swarselsystems.isNixos null;
- systemd = {
- enable = true;
- xdgAutostart = true;
+ options.swarselsystems = {
+ modules.sway = lib.mkEnableOption "sway settings";
+ inputs = lib.mkOption {
+ type = lib.types.attrsOf (lib.types.attrsOf lib.types.str);
+ default = { };
};
- wrapperFeatures.gtk = true;
- config = rec {
- modifier = "Mod4";
- # terminal = "kitty";
- menu = "fuzzel";
- bars = [{
- command = "waybar";
- mode = "hide";
- hiddenState = "hide";
- position = "top";
- extraConfig = "modifier Mod4";
- }];
- keybindings =
+ monitors = lib.mkOption {
+ type = lib.types.attrsOf (lib.types.attrsOf lib.types.str);
+ default = { };
+ };
+ keybindings = lib.mkOption {
+ type = lib.types.attrsOf lib.types.str;
+ default = { };
+ };
+
+ startup = lib.mkOption {
+ type = lib.types.listOf (lib.types.attrsOf lib.types.str);
+ default = [
+ { command = "nextcloud --background"; }
+ { command = "vesktop --start-minimized --enable-speech-dispatcher --ozone-platform-hint=auto --enable-features=WaylandWindowDecorations --enable-wayland-ime"; }
+ { command = "element-desktop --hidden --enable-features=UseOzonePlatform --ozone-platform=wayland --disable-gpu-driver-bug-workarounds"; }
+ { command = "ANKI_WAYLAND=1 anki"; }
+ { command = "OBSIDIAN_USE_WAYLAND=1 obsidian"; }
+ { command = "nm-applet"; }
+ { command = "feishin"; }
+ ];
+ };
+ kyria = lib.mkOption {
+ type = lib.types.attrsOf (lib.types.attrsOf lib.types.str);
+ default = {
+ "36125:53060:splitkb.com_splitkb.com_Kyria_rev3" = {
+ xkb_layout = "us";
+ xkb_variant = "altgr-intl";
+ };
+ "7504:24926:Kyria_Keyboard" = {
+ xkb_layout = "us";
+ xkb_variant = "altgr-intl";
+ };
+ };
+ internal = true;
+ };
+ standardinputs = lib.mkOption {
+ type = lib.types.attrsOf (lib.types.attrsOf lib.types.str);
+ default = lib.recursiveUpdate (lib.recursiveUpdate config.swarselsystems.touchpad config.swarselsystems.kyria) config.swarselsystems.inputs;
+ internal = true;
+ };
+ touchpad = lib.mkOption {
+ type = lib.types.attrsOf (lib.types.attrsOf lib.types.str);
+ default = { };
+ internal = true;
+ };
+ swayfxConfig = lib.mkOption {
+ type = lib.types.str;
+ default = "
+ blur enable
+ blur_xray disable
+ blur_passes 1
+ blur_radius 1
+ shadows enable
+ corner_radius 2
+ titlebar_separator disable
+ default_dim_inactive 0.02
+ ";
+ internal = true;
+ };
+ };
+ config = lib.mkIf config.swarselsystems.modules.sway {
+ swarselsystems = {
+ touchpad = lib.mkIf config.swarselsystems.isLaptop {
+ "type:touchpad" = {
+ dwt = "enabled";
+ tap = "enabled";
+ natural_scroll = "enabled";
+ middle_emulation = "enabled";
+ drag_lock = "disabled";
+ };
+ };
+ swayfxConfig = lib.mkIf (!config.swarselsystems.isNixos) " ";
+ };
+ wayland.windowManager.sway = {
+ enable = true;
+ checkConfig = false; # delete this line once SwayFX is fixed upstream
+ package = lib.mkIf config.swarselsystems.isNixos null;
+ systemd = {
+ enable = true;
+ xdgAutostart = true;
+ };
+ wrapperFeatures.gtk = true;
+ config = rec {
+ modifier = "Mod4";
+ # terminal = "kitty";
+ menu = "fuzzel";
+ bars = [{
+ command = "waybar";
+ mode = "hide";
+ hiddenState = "hide";
+ position = "top";
+ extraConfig = "modifier Mod4";
+ }];
+ keybindings =
+ let
+ inherit (config.wayland.windowManager.sway.config) modifier;
+ in
+ lib.recursiveUpdate
+ {
+ "${modifier}+q" = "kill";
+ "${modifier}+f" = "exec firefox";
+ "${modifier}+Shift+f" = "exec swaymsg fullscreen";
+ "${modifier}+Space" = "exec fuzzel";
+ "${modifier}+Shift+Space" = "floating toggle";
+ "${modifier}+e" = "exec emacsclient -nquc -a emacs -e \"(dashboard-open)\"";
+ "${modifier}+Shift+m" = "exec emacsclient -nquc -a emacs -e \"(mu4e)\"";
+ "${modifier}+Shift+c" = "exec emacsclient -nquc -a emacs -e \"(swarsel/open-calendar)\"";
+ "${modifier}+m" = "exec swaymsg workspace back_and_forth";
+ "${modifier}+a" = "exec swarselcheck -s";
+ "${modifier}+x" = "exec swarselcheck -k";
+ "${modifier}+d" = "exec swarselcheck -d";
+ "${modifier}+w" = "exec swarselcheck -e";
+ "${modifier}+Shift+t" = "exec opacitytoggle";
+ "${modifier}+Shift+F12" = "move scratchpad";
+ "${modifier}+F12" = "scratchpad show";
+ "${modifier}+c" = "exec qalculate-gtk";
+ "${modifier}+p" = "exec pass-fuzzel";
+ "${modifier}+o" = "exec pass-fuzzel --otp";
+ "${modifier}+Shift+p" = "exec pass-fuzzel --type";
+ "${modifier}+Shift+o" = "exec pass-fuzzel --otp --type";
+ "${modifier}+Ctrl+p" = "exec 1password --quick-acces";
+ "${modifier}+Escape" = "mode $exit";
+ "${modifier}+Shift+Escape" = "exec kitty -o confirm_os_window_close=0 btm";
+ "${modifier}+h" = "exec hyprpicker | wl-copy";
+ "${modifier}+s" = "exec grim -g \"$(slurp)\" -t png - | wl-copy -t image/png";
+ "${modifier}+Shift+s" = "exec slurp | grim -g - Pictures/Screenshots/$(date +'screenshot_%Y-%m-%d-%H%M%S.png')";
+ "${modifier}+Shift+v" = "exec wf-recorder -g '$(slurp -f %o -or)' -f ~/Videos/screenrecord_$(date +%Y-%m-%d-%H%M%S).mkv";
+ "${modifier}+1" = "workspace 1:一";
+ "${modifier}+Shift+1" = "move container to workspace 1:一";
+ "${modifier}+2" = "workspace 2:二";
+ "${modifier}+Shift+2" = "move container to workspace 2:二";
+ "${modifier}+3" = "workspace 3:三";
+ "${modifier}+Shift+3" = "move container to workspace 3:三";
+ "${modifier}+4" = "workspace 4:四";
+ "${modifier}+Shift+4" = "move container to workspace 4:四";
+ "${modifier}+5" = "workspace 5:五";
+ "${modifier}+Shift+5" = "move container to workspace 5:五";
+ "${modifier}+6" = "workspace 6:六";
+ "${modifier}+Shift+6" = "move container to workspace 6:六";
+ "${modifier}+7" = "workspace 7:七";
+ "${modifier}+Shift+7" = "move container to workspace 7:七";
+ "${modifier}+8" = "workspace 8:八";
+ "${modifier}+Shift+8" = "move container to workspace 8:八";
+ "${modifier}+9" = "workspace 9:九";
+ "${modifier}+Shift+9" = "move container to workspace 9:九";
+ "${modifier}+0" = "workspace 10:十";
+ "${modifier}+Shift+0" = "move container to workspace 10:十";
+ "${modifier}+Ctrl+m" = "workspace 11:M";
+ "${modifier}+Ctrl+Shift+m" = "move container to workspace 11:M";
+ "${modifier}+Ctrl+s" = "workspace 12:S";
+ "${modifier}+Ctrl+Shift+s" = "move container to workspace 12:S";
+ "${modifier}+Ctrl+e" = "workspace 13:E";
+ "${modifier}+Ctrl+Shift+e" = "move container to workspace 13:E";
+ "${modifier}+Ctrl+t" = "workspace 14:T";
+ "${modifier}+Ctrl+Shift+t" = "move container to workspace 14:T";
+ "${modifier}+Ctrl+l" = "workspace 15:L";
+ "${modifier}+Ctrl+Shift+l" = "move container to workspace 15:L";
+ "${modifier}+Ctrl+f" = "workspace 16:F";
+ "${modifier}+Ctrl+Shift+f" = "move container to workspace 16:F";
+ "${modifier}+Left" = "focus left";
+ "${modifier}+Right" = "focus right";
+ "${modifier}+Down" = "focus down";
+ "${modifier}+Up" = "focus up";
+ "${modifier}+Shift+Left" = "move left 40px";
+ "${modifier}+Shift+Right" = "move right 40px";
+ "${modifier}+Shift+Down" = "move down 40px";
+ "${modifier}+Shift+Up" = "move up 40px";
+ "${modifier}+Ctrl+Shift+c" = "reload";
+ "${modifier}+Ctrl+Shift+r" = "exec swarsel-displaypower";
+ "${modifier}+Shift+e" = "exec swaynag -t warning -m 'You pressed the exit shortcut. Do you really want to exit sway? This will end your Wayland session.' -b 'Yes, exit sway' 'swaymsg exit'";
+ "${modifier}+r" = "mode resize";
+ # "${modifier}+Return" = "exec kitty";
+ "${modifier}+Return" = "exec swarselzellij";
+ "${modifier}+Print" = "exec screenshare";
+ # exec swaymsg move workspace to "$(swaymsg -t get_outputs | jq '[.[] | select(.active == true)] | .[(map(.focused) | index(true) + 1) % length].name')"
+ # "XF86AudioRaiseVolume" = "exec pa 5%";
+ # "XF86AudioRaiseVolume" = "exec pamixer -i 5";
+ "XF86AudioRaiseVolume" = "exec swayosd-client --output-volume raise";
+ # "XF86AudioLowerVolume" = "exec pactl set-sink-volume @DEFAULT_SINK@ -5%";
+ # "XF86AudioLowerVolume" = "exec pamixer -d 5";
+ "XF86AudioLowerVolume" = "exec swayosd-client --output-volume lower";
+ # "XF86AudioMute" = "exec pactl set-sink-mute @DEFAULT_SINK@ toggle";
+ # "XF86AudioMute" = "exec pamixer -t";
+ "XF86AudioMute" = "exec swayosd-client --output-volume mute-toggle";
+ # "XF86MonBrightnessUp" = "exec brightnessctl set +5%";
+ "XF86MonBrightnessUp" = "exec swayosd-client --brightness raise";
+ # "XF86MonBrightnessDown" = "exec brightnessctl set 5%-";
+ "XF86MonBrightnessDown" = "exec swayosd-client --brightness lower";
+ "XF86Display" = "exec wl-mirror eDP-1";
+ }
+ config.swarselsystems.keybindings;
+ modes = {
+ resize = {
+ Down = "resize grow height 10 px or 10 ppt";
+ Escape = "mode default";
+ Left = "resize shrink width 10 px or 10 ppt";
+ Return = "mode default";
+ Right = "resize grow width 10 px or 10 ppt";
+ Up = "resize shrink height 10 px or 10 ppt";
+ Tab = "move position center, resize set width 50 ppt height 50 ppt";
+ };
+ };
+ defaultWorkspace = "workspace 1:一";
+ # output = lib.mapAttrs' lib.swarselsystems.eachMonitor monitors;
+ output = {
+ "${config.swarselsystems.sharescreen}" = {
+ bg = "${self}/wallpaper/lenovowp.png ${config.stylix.imageScalingMode}";
+ };
+ "Philips Consumer Electronics Company PHL BDM3270 AU11806002320" = {
+ bg = "${self}/wallpaper/standwp.png ${config.stylix.imageScalingMode}";
+ };
+ };
+ input = config.swarselsystems.standardinputs;
+ workspaceOutputAssign =
+ let
+ workplaceSets = lib.mapAttrs' lib.swarselsystems.eachOutput config.swarselsystems.monitors;
+ workplaceOutputs = map (key: lib.getAttr key workplaceSets) (lib.attrNames workplaceSets);
+ in
+ workplaceOutputs;
+ startup = config.swarselsystems.startup ++ [
+ { command = "kitty -T kittyterm -o confirm_os_window_close=0 zellij attach --create kittyterm"; }
+ { command = "sleep 60; kitty -T spotifytui -o confirm_os_window_close=0 spotify_player"; }
+ ];
+ seat = {
+ "*" = {
+ hide_cursor = "when-typing enable";
+ };
+ };
+ window = {
+ border = 1;
+ titlebar = false;
+ };
+ assigns = {
+ "15:L" = [{ app_id = "teams-for-linux"; }];
+ };
+ floating = {
+ border = 1;
+ criteria = [
+ { app_id = "qalculate-gtk"; }
+ { app_id = "blueman"; }
+ { app_id = "pavucontrol"; }
+ { app_id = "syncthingtray"; }
+ { app_id = "Element"; }
+ { class = "1Password"; }
+ { app_id = "com.nextcloud.desktopclient.nextcloud"; }
+ { title = "(?:Open|Save) (?:File|Folder|As)"; }
+ { title = "^Add$"; }
+ { title = "^Picture-in-Picture$"; }
+ { title = "Syncthing Tray"; }
+ { title = "^spotifytui$"; }
+ { title = "^kittyterm$"; }
+ { app_id = "vesktop"; }
+ { window_role = "pop-up"; }
+ { window_role = "bubble"; }
+ { window_role = "dialog"; }
+ { window_role = "task_dialog"; }
+ { window_role = "menu"; }
+ { window_role = "Preferences"; }
+ ];
+ titlebar = false;
+ };
+ window = {
+ commands = [
+ {
+ command = "opacity 0.95";
+ criteria = {
+ class = ".*";
+ };
+ }
+ {
+ command = "opacity 1";
+ criteria = {
+ app_id = "at.yrlf.wl_mirror";
+ };
+ }
+ {
+ command = "opacity 1";
+ criteria = {
+ app_id = "Gimp-2.10";
+ };
+ }
+ {
+ command = "opacity 0.99";
+ criteria = {
+ app_id = "firefox";
+ };
+ }
+ {
+ command = "opacity 0.99";
+ criteria = {
+ app_id = "chromium-browser";
+ };
+ }
+ {
+ command = "sticky enable, shadows enable";
+ criteria = {
+ title = "^Picture-in-Picture$";
+ };
+ }
+ {
+ command = "resize set width 60 ppt height 60 ppt, opacity 0.8, sticky enable, border normal, move container to scratchpad";
+ criteria = {
+ title = "^kittyterm$";
+ };
+ }
+ {
+ command = "resize set width 60 ppt height 60 ppt, opacity 0.95, sticky enable, border normal, move container to scratchpad";
+ criteria = {
+ title = "^spotifytui$";
+ };
+ }
+ {
+
+ command = "resize set width 60 ppt height 60 ppt, sticky enable, move container to scratchpad";
+ criteria = {
+ class = "Spotify";
+ };
+ }
+ {
+ command = "resize set width 60 ppt height 60 ppt, sticky enable";
+ criteria = {
+ app_id = "vesktop";
+ };
+ }
+ {
+ command = "resize set width 60 ppt height 60 ppt, sticky enable";
+ criteria = {
+ class = "Element";
+ };
+ }
+ # {
+ # command = "resize set width 60 ppt height 60 ppt, sticky enable, move container to scratchpad";
+ # criteria = {
+ # app_id="^$";
+ # class="^$";
+ # };
+ # }
+ ];
+ };
+ gaps = {
+ inner = 5;
+ };
+ };
+ extraSessionCommands = ''
+ export SDL_VIDEODRIVER=wayland
+ export QT_QPA_PLATFORM=wayland
+ export QT_WAYLAND_DISABLE_WINDOWDECORATION="1"
+ export _JAVA_AWT_WM_NONREPARENTING=1
+ export XDG_CURRENT_DESKTOP=sway
+ export XDG_SESSION_DESKTOP=sway
+ export QTWEBENGINE_CHROMIUM_FLAGS="--no-sandbox";
+ export ANKI_WAYLAND=1;
+ export OBSIDIAN_USE_WAYLAND=1;
+ '';
+ # extraConfigEarly = "
+ # exec systemctl --user import-environment DISPLAY WAYLAND_DISPLAY SWAYSOCK
+ # exec hash dbus-update-activation-environment 2>/dev/null && dbus-update-activation-environment --systemd DISPLAY WAYLAND_DISPLAY SWAYSOCK
+ # ";
+ extraConfig =
let
inherit (config.wayland.windowManager.sway.config) modifier;
+ swayfxSettings = config.swarselsystems.swayfxConfig;
in
- lib.recursiveUpdate
- {
- "${modifier}+q" = "kill";
- "${modifier}+f" = "exec firefox";
- "${modifier}+Shift+f" = "exec swaymsg fullscreen";
- "${modifier}+Space" = "exec fuzzel";
- "${modifier}+Shift+Space" = "floating toggle";
- "${modifier}+e" = "exec emacsclient -nquc -a emacs -e \"(dashboard-open)\"";
- "${modifier}+Shift+m" = "exec emacsclient -nquc -a emacs -e \"(mu4e)\"";
- "${modifier}+Shift+c" = "exec emacsclient -nquc -a emacs -e \"(swarsel/open-calendar)\"";
- "${modifier}+m" = "exec swaymsg workspace back_and_forth";
- "${modifier}+a" = "exec swarselcheck -s";
- "${modifier}+x" = "exec swarselcheck -k";
- "${modifier}+d" = "exec swarselcheck -d";
- "${modifier}+w" = "exec swarselcheck -e";
- "${modifier}+Shift+t" = "exec opacitytoggle";
- "${modifier}+Shift+F12" = "move scratchpad";
- "${modifier}+F12" = "scratchpad show";
- "${modifier}+c" = "exec qalculate-gtk";
- "${modifier}+p" = "exec pass-fuzzel";
- "${modifier}+o" = "exec pass-fuzzel --otp";
- "${modifier}+Shift+p" = "exec pass-fuzzel --type";
- "${modifier}+Shift+o" = "exec pass-fuzzel --otp --type";
- "${modifier}+Ctrl+p" = "exec 1password --quick-acces";
- "${modifier}+Escape" = "mode $exit";
- "${modifier}+Shift+Escape" = "exec kitty -o confirm_os_window_close=0 btm";
- "${modifier}+h" = "exec hyprpicker | wl-copy";
- "${modifier}+s" = "exec grim -g \"$(slurp)\" -t png - | wl-copy -t image/png";
- "${modifier}+Shift+s" = "exec slurp | grim -g - Pictures/Screenshots/$(date +'screenshot_%Y-%m-%d-%H%M%S.png')";
- "${modifier}+Shift+v" = "exec wf-recorder -g '$(slurp -f %o -or)' -f ~/Videos/screenrecord_$(date +%Y-%m-%d-%H%M%S).mkv";
- "${modifier}+1" = "workspace 1:一";
- "${modifier}+Shift+1" = "move container to workspace 1:一";
- "${modifier}+2" = "workspace 2:二";
- "${modifier}+Shift+2" = "move container to workspace 2:二";
- "${modifier}+3" = "workspace 3:三";
- "${modifier}+Shift+3" = "move container to workspace 3:三";
- "${modifier}+4" = "workspace 4:四";
- "${modifier}+Shift+4" = "move container to workspace 4:四";
- "${modifier}+5" = "workspace 5:五";
- "${modifier}+Shift+5" = "move container to workspace 5:五";
- "${modifier}+6" = "workspace 6:六";
- "${modifier}+Shift+6" = "move container to workspace 6:六";
- "${modifier}+7" = "workspace 7:七";
- "${modifier}+Shift+7" = "move container to workspace 7:七";
- "${modifier}+8" = "workspace 8:八";
- "${modifier}+Shift+8" = "move container to workspace 8:八";
- "${modifier}+9" = "workspace 9:九";
- "${modifier}+Shift+9" = "move container to workspace 9:九";
- "${modifier}+0" = "workspace 10:十";
- "${modifier}+Shift+0" = "move container to workspace 10:十";
- "${modifier}+Ctrl+m" = "workspace 11:M";
- "${modifier}+Ctrl+Shift+m" = "move container to workspace 11:M";
- "${modifier}+Ctrl+s" = "workspace 12:S";
- "${modifier}+Ctrl+Shift+s" = "move container to workspace 12:S";
- "${modifier}+Ctrl+e" = "workspace 13:E";
- "${modifier}+Ctrl+Shift+e" = "move container to workspace 13:E";
- "${modifier}+Ctrl+t" = "workspace 14:T";
- "${modifier}+Ctrl+Shift+t" = "move container to workspace 14:T";
- "${modifier}+Ctrl+l" = "workspace 15:L";
- "${modifier}+Ctrl+Shift+l" = "move container to workspace 15:L";
- "${modifier}+Ctrl+f" = "workspace 16:F";
- "${modifier}+Ctrl+Shift+f" = "move container to workspace 16:F";
- "${modifier}+Left" = "focus left";
- "${modifier}+Right" = "focus right";
- "${modifier}+Down" = "focus down";
- "${modifier}+Up" = "focus up";
- "${modifier}+Shift+Left" = "move left 40px";
- "${modifier}+Shift+Right" = "move right 40px";
- "${modifier}+Shift+Down" = "move down 40px";
- "${modifier}+Shift+Up" = "move up 40px";
- "${modifier}+Ctrl+Shift+c" = "reload";
- "${modifier}+Ctrl+Shift+r" = "exec swarsel-displaypower";
- "${modifier}+Shift+e" = "exec swaynag -t warning -m 'You pressed the exit shortcut. Do you really want to exit sway? This will end your Wayland session.' -b 'Yes, exit sway' 'swaymsg exit'";
- "${modifier}+r" = "mode resize";
- # "${modifier}+Return" = "exec kitty";
- "${modifier}+Return" = "exec swarselzellij";
- "${modifier}+Print" = "exec screenshare";
- # exec swaymsg move workspace to "$(swaymsg -t get_outputs | jq '[.[] | select(.active == true)] | .[(map(.focused) | index(true) + 1) % length].name')"
- # "XF86AudioRaiseVolume" = "exec pa 5%";
- "XF86AudioRaiseVolume" = "exec pamixer -i 5";
- # "XF86AudioLowerVolume" = "exec pactl set-sink-volume @DEFAULT_SINK@ -5%";
- "XF86AudioLowerVolume" = "exec pamixer -d 5";
- # "XF86AudioMute" = "exec pactl set-sink-mute @DEFAULT_SINK@ toggle";
- "XF86AudioMute" = "exec pamixer -t";
- "XF86MonBrightnessUp" = "exec brightnessctl set +5%";
- "XF86MonBrightnessDown" = "exec brightnessctl set 5%-";
- "XF86Display" = "exec wl-mirror eDP-1";
- }
- config.swarselsystems.keybindings;
- modes = {
- resize = {
- Down = "resize grow height 10 px or 10 ppt";
- Escape = "mode default";
- Left = "resize shrink width 10 px or 10 ppt";
- Return = "mode default";
- Right = "resize grow width 10 px or 10 ppt";
- Up = "resize shrink height 10 px or 10 ppt";
- Tab = "move position center, resize set width 50 ppt height 50 ppt";
- };
- };
- defaultWorkspace = "workspace 1:一";
- # output = lib.mapAttrs' lib.swarselsystems.eachMonitor monitors;
- output = {
- "${config.swarselsystems.sharescreen}" = {
- bg = "${self}/wallpaper/lenovowp.png ${config.stylix.imageScalingMode}";
- };
- "Philips Consumer Electronics Company PHL BDM3270 AU11806002320" = {
- bg = "${self}/wallpaper/standwp.png ${config.stylix.imageScalingMode}";
- };
- };
- input = config.swarselsystems.standardinputs;
- workspaceOutputAssign = workplaceOutputs;
- startup = config.swarselsystems.startup ++ [
- { command = "kitty -T kittyterm -o confirm_os_window_close=0 zellij attach --create kittyterm"; }
- { command = "sleep 60; kitty -T spotifytui -o confirm_os_window_close=0 spotify_player"; }
- ];
- seat = {
- "*" = {
- hide_cursor = "when-typing enable";
- };
- };
- window = {
- border = 1;
- titlebar = false;
- };
- assigns = {
- "15:L" = [{ app_id = "teams-for-linux"; }];
- };
- floating = {
- border = 1;
- criteria = [
- { app_id = "qalculate-gtk"; }
- { app_id = "blueman"; }
- { app_id = "pavucontrol"; }
- { app_id = "syncthingtray"; }
- { app_id = "Element"; }
- { class = "1Password"; }
- { app_id = "com.nextcloud.desktopclient.nextcloud"; }
- { title = "(?:Open|Save) (?:File|Folder|As)"; }
- { title = "^Add$"; }
- { title = "^Picture-in-Picture$"; }
- { title = "Syncthing Tray"; }
- { title = "^spotifytui$"; }
- { title = "^kittyterm$"; }
- { app_id = "vesktop"; }
- { window_role = "pop-up"; }
- { window_role = "bubble"; }
- { window_role = "dialog"; }
- { window_role = "task_dialog"; }
- { window_role = "menu"; }
- { window_role = "Preferences"; }
- ];
- titlebar = false;
- };
- window = {
- commands = [
- {
- command = "opacity 0.95";
- criteria = {
- class = ".*";
- };
- }
- {
- command = "opacity 1";
- criteria = {
- app_id = "at.yrlf.wl_mirror";
- };
- }
- {
- command = "opacity 1";
- criteria = {
- app_id = "Gimp-2.10";
- };
- }
- {
- command = "opacity 0.99";
- criteria = {
- app_id = "firefox";
- };
- }
- {
- command = "opacity 0.99";
- criteria = {
- app_id = "chromium-browser";
- };
- }
- {
- command = "sticky enable, shadows enable";
- criteria = {
- title = "^Picture-in-Picture$";
- };
- }
- {
- command = "resize set width 60 ppt height 60 ppt, opacity 0.8, sticky enable, border normal, move container to scratchpad";
- criteria = {
- title = "^kittyterm$";
- };
- }
- {
- command = "resize set width 60 ppt height 60 ppt, opacity 0.95, sticky enable, border normal, move container to scratchpad";
- criteria = {
- title = "^spotifytui$";
- };
- }
- {
+ "
+ exec_always autotiling
+ set $exit \"exit: [s]leep, [l]ock, [p]oweroff, [r]eboot, [u]ser logout\"
- command = "resize set width 60 ppt height 60 ppt, sticky enable, move container to scratchpad";
- criteria = {
- class = "Spotify";
- };
+ mode $exit {
+ bindsym --to-code {
+ s exec \"systemctl suspend\", mode \"default\"
+ h exec \"systemctl hibernate\", mode \"default\"
+ l exec \"swaylock --screenshots --clock --effect-blur 7x5 --effect-vignette 0.5:0.5 --fade-in 0.2 --daemonize\", mode \"default\
+ p exec \"systemctl poweroff\"
+ r exec \"systemctl reboot\"
+ u exec \"swaymsg exit\"
+
+ Return mode \"default\"
+ Escape mode \"default\"
+ ${modifier}+Escape mode \"default\"
}
- {
- command = "resize set width 60 ppt height 60 ppt, sticky enable";
- criteria = {
- app_id = "vesktop";
- };
- }
- {
- command = "resize set width 60 ppt height 60 ppt, sticky enable";
- criteria = {
- class = "Element";
- };
- }
- # {
- # command = "resize set width 60 ppt height 60 ppt, sticky enable, move container to scratchpad";
- # criteria = {
- # app_id="^$";
- # class="^$";
- # };
- # }
- ];
- };
- gaps = {
- inner = 5;
- };
+ }
+
+ exec systemctl --user import-environment
+ exec swayidle -w
+
+ seat * hide_cursor 2000
+
+ exec_always kill -1 $(pidof kanshi)
+
+ bindswitch --locked lid:on exec kanshictl switch lidclosed
+ bindswitch --locked lid:off exec kanshictl switch lidopen
+
+ ${swayfxSettings}
+ ";
};
- extraSessionCommands = ''
- export SDL_VIDEODRIVER=wayland
- export QT_QPA_PLATFORM=wayland
- export QT_WAYLAND_DISABLE_WINDOWDECORATION="1"
- export _JAVA_AWT_WM_NONREPARENTING=1
- export XDG_CURRENT_DESKTOP=sway
- export XDG_SESSION_DESKTOP=sway
- export QTWEBENGINE_CHROMIUM_FLAGS="--no-sandbox";
- export ANKI_WAYLAND=1;
- export OBSIDIAN_USE_WAYLAND=1;
- '';
- # extraConfigEarly = "
- # exec systemctl --user import-environment DISPLAY WAYLAND_DISPLAY SWAYSOCK
- # exec hash dbus-update-activation-environment 2>/dev/null && dbus-update-activation-environment --systemd DISPLAY WAYLAND_DISPLAY SWAYSOCK
- # ";
- extraConfig =
- let
- inherit (config.wayland.windowManager.sway.config) modifier;
- swayfxSettings = config.swarselsystems.swayfxConfig;
- in
- "
- exec_always autotiling
- set $exit \"exit: [s]leep, [l]ock, [p]oweroff, [r]eboot, [u]ser logout\"
-
- mode $exit {
- bindsym --to-code {
- s exec \"systemctl suspend\", mode \"default\"
- h exec \"systemctl hibernate\", mode \"default\"
- l exec \"swaylock --screenshots --clock --effect-blur 7x5 --effect-vignette 0.5:0.5 --fade-in 0.2 --daemonize\", mode \"default\
- p exec \"systemctl poweroff\"
- r exec \"systemctl reboot\"
- u exec \"swaymsg exit\"
-
- Return mode \"default\"
- Escape mode \"default\"
- ${modifier}+Escape mode \"default\"
- }
- }
-
- exec systemctl --user import-environment
- exec swayidle -w
-
- seat * hide_cursor 2000
-
- exec kanshi
- exec_always kill -1 $(pidof kanshi)
-
- bindswitch --locked lid:on exec kanshictl switch lidclosed
- bindswitch --locked lid:off exec kanshictl switch lidopen
-
- ${swayfxSettings}
- ";
};
}
@@ -12537,80 +13174,95 @@ in
-3.4.1.30. Kanshi
+3.4.1.31. Kanshi
-{ config, ... }:
+{ lib, config, ... }:
{
- services.kanshi = {
- enable = true;
- settings = [
- {
- # laptop screen
- output = {
- criteria = config.swarselsystems.sharescreen;
- mode = config.swarselsystems.highResolution;
- scale = 1.0;
- };
- }
- {
- # home main screen
- output = {
- criteria = "Philips Consumer Electronics Company PHL BDM3270 AU11806002320";
- scale = 1.0;
+ options.swarselsystems.modules.kanshi = lib.mkEnableOption "kanshi settings";
+ config = lib.mkIf config.swarselsystems.modules.kanshi {
+ swarselsystems = {
+ monitors = {
+ homedesktop = {
+ name = "Philips Consumer Electronics Company PHL BDM3270 AU11806002320";
mode = "2560x1440";
+ scale = "1";
+ position = "0,0";
+ workspace = "1:一";
+ output = "DP-11";
};
- }
- {
- profile = {
- name = "lidopen";
- outputs = [
- {
- criteria = "eDP-2";
- status = "enable";
- scale = 1.0;
- }
- ];
- };
- }
- {
- profile = {
- name = "lidopen";
- outputs = [
- {
- criteria = config.swarselsystems.sharescreen;
- status = "enable";
- scale = 1.7;
- position = "2560,0";
- }
- {
- criteria = "Philips Consumer Electronics Company PHL BDM3270 AU11806002320";
- scale = 1.0;
- mode = "2560x1440";
- position = "0,0";
- }
- ];
- };
- }
- {
- profile = {
- name = "lidclosed";
- outputs = [
- {
- criteria = config.swarselsystems.sharescreen;
- status = "disable";
- position = "2560,0";
- }
- {
- criteria = "Philips Consumer Electronics Company PHL BDM3270 AU11806002320";
- scale = 1.0;
- mode = "2560x1440";
- position = "0,0";
- }
- ];
- };
- }
- ];
+ };
+ };
+ services.kanshi = {
+ enable = true;
+ settings = [
+ {
+ # laptop screen
+ output = {
+ criteria = config.swarselsystems.sharescreen;
+ mode = config.swarselsystems.highResolution;
+ scale = 1.0;
+ };
+ }
+ {
+ # home main screen
+ output = {
+ criteria = "Philips Consumer Electronics Company PHL BDM3270 AU11806002320";
+ scale = 1.0;
+ mode = "2560x1440";
+ };
+ }
+ {
+ profile = {
+ name = "lidopen";
+ outputs = [
+ {
+ criteria = "eDP-2";
+ status = "enable";
+ scale = 1.0;
+ }
+ ];
+ };
+ }
+ {
+ profile = {
+ name = "lidopen";
+ outputs = [
+ {
+ criteria = config.swarselsystems.sharescreen;
+ status = "enable";
+ scale = 1.7;
+ position = "2560,0";
+ }
+ {
+ criteria = "Philips Consumer Electronics Company PHL BDM3270 AU11806002320";
+ scale = 1.0;
+ mode = "2560x1440";
+ position = "0,0";
+ }
+ ];
+ };
+ }
+ {
+ profile = {
+ name = "lidclosed";
+ outputs = [
+ {
+ criteria = config.swarselsystems.sharescreen;
+ status = "disable";
+ position = "2560,0";
+ }
+ {
+ criteria = "Philips Consumer Electronics Company PHL BDM3270 AU11806002320";
+ scale = 1.0;
+ mode = "2560x1440";
+ position = "0,0";
+ }
+ ];
+ };
+ }
+ ];
+ };
};
}
@@ -12618,74 +13270,80 @@ in
-3.4.1.31. gpg-agent
+3.4.1.32. gpg-agent
Settinfs that are needed for the gpg-agent. Also we are enabling emacs support for unlocking my Yubikey here.
-{ self, config, pkgs, ... }:
+{ self, lib, config, pkgs, ... }:
let
inherit (config.swarselsystems) mainUser homeDir;
in
{
- services.gpg-agent = {
- enable = true;
- enableZshIntegration = true;
- enableScDaemon = true;
- enableSshSupport = true;
- enableExtraSocket = true;
- pinentryPackage = pkgs.pinentry.gtk2;
- defaultCacheTtl = 600;
- maxCacheTtl = 7200;
- extraConfig = ''
- allow-loopback-pinentry
- allow-emacs-pinentry
- '';
- sshKeys = [
- "4BE7925262289B476DBBC17B76FD3810215AE097"
+ options.swarselsystems.modules.gpgagent = lib.mkEnableOption "gpg agent settings";
+ config = lib.mkIf config.swarselsystems.modules.gpgagent {
+ services.gpg-agent = {
+ enable = true;
+ enableZshIntegration = true;
+ enableScDaemon = true;
+ enableSshSupport = true;
+ enableExtraSocket = true;
+ pinentryPackage = pkgs.pinentry.gtk2;
+ defaultCacheTtl = 600;
+ maxCacheTtl = 7200;
+ extraConfig = ''
+ allow-loopback-pinentry
+ allow-emacs-pinentry
+ '';
+ sshKeys = [
+ "4BE7925262289B476DBBC17B76FD3810215AE097"
+ ];
+ };
+
+ programs.gpg = {
+ enable = true;
+ publicKeys = [
+ {
+ source = "${self}/secrets/keys/gpg/gpg-public-key-0x76FD3810215AE097.asc";
+ trust = 5;
+ }
+ ];
+ };
+
+ # assure correct permissions
+ systemd.user.tmpfiles.rules = [
+ "d ${homeDir}/.gnupg 700 ${mainUser} users"
];
};
- programs.gpg = {
- enable = true;
- publicKeys = [
- {
- source = "${self}/secrets/keys/gpg/gpg-public-key-0x76FD3810215AE097.asc";
- trust = 5;
- }
- ];
- };
-
- # assure correct permissions
- systemd.user.tmpfiles.rules = [
- "d ${homeDir}/.gnupg 700 ${mainUser} users"
- ];
-
}
-3.4.1.32. gammastep
+3.4.1.33. gammastep
This service changes the screen hue at night. I am not sure if that really does something, but I like the color anyways.
-{ lib, nix-secrets, ... }:
+{ lib, config, nix-secrets, ... }:
let
secretsDirectory = builtins.toString nix-secrets;
in
{
- services.gammastep = {
- enable = true;
- provider = "manual";
- latitude = lib.swarselsystems.getSecret "${secretsDirectory}/home/gammastep-latitude";
- longitude = lib.swarselsystems.getSecret "${secretsDirectory}/home/gammastep-longitude";
+ options.swarselsystems.modules.gammastep = lib.mkEnableOption "gammastep settings";
+ config = lib.mkIf config.swarselsystems.modules.gammastep {
+ services.gammastep = {
+ enable = true;
+ provider = "manual";
+ latitude = lib.swarselsystems.getSecret "${secretsDirectory}/home/gammastep-latitude";
+ longitude = lib.swarselsystems.getSecret "${secretsDirectory}/home/gammastep-longitude";
+ };
};
}
@@ -12707,12 +13365,13 @@ This section sets up all the imports that are used in the home-manager section.
{ self, lib, ... }:
let
- importNames = lib.swarselsystems.readNix "profiles/home/server";
- profilesPath = "${self}/profiles";
+ importNames = lib.swarselsystems.readNix "modules/home/server";
+ modulesPath = "${self}/modules";
in
{
- imports = lib.swarselsystems.mkImports importNames "profiles/home/server" ++ [
- "${profilesPath}/home/common/settings.nix"
+ imports = lib.swarselsystems.mkImports importNames "modules/home/server" ++ [
+ "${modulesPath}/home/common/settings.nix"
+ "${modulesPath}/home/common/sharedsetup.nix"
];
}
@@ -12731,12 +13390,15 @@ As for the `home.sessionVariables`, it should be noted that environment variable
+
+3.4.4.3. Framework
+
+
+This holds configuration that is specific to framework laptops.
+
+
+
+{ lib, config, ... }:
+{
+ options.swarselsystems.modules.optional.framework = lib.mkEnableOption "optional framework machine settings";
+ config = lib.mkIf config.swarselsystems.modules.optional.framework {
+ swarselsystems = {
+ inputs = {
+ "12972:18:Framework_Laptop_16_Keyboard_Module_-_ANSI_Keyboard" = {
+ xkb_layout = "us";
+ xkb_variant = "altgr-intl";
+ };
+ };
+ };
+ };
+}
@@ -14971,6 +15799,7 @@ This part of the configuration mostly makes some aesthetic changes, enables neat
(use-package org
;;:diminish (org-indent-mode)
:hook (org-mode . swarsel/org-mode-setup)
+ ;; :mode "\\.nix\\'"
:bind
(("C-<tab>" . org-fold-outer)
("C-c s" . org-store-link))
@@ -16246,12 +17075,12 @@ Dirvish is an improvement upon the dired-framework and has more features like fi
:config
(dirvish-peek-mode)
(dirvish-side-follow-mode)
- (setq dirvish-open-with-programs
- (append dirvish-open-with-programs '(
- (("xlsx" "docx" "doc" "odt" "ods") "libreoffice" "%f")
- (("jpg" "jpeg" "png") "imv" "%f")
- (("pdf") "sioyek" "%f")
- (("xopp") "xournalpp" "%f"))))
+ ;; (setq dirvish-open-with-programs
+ ;; (append dirvish-open-with-programs '(
+ ;; (("xlsx" "docx" "doc" "odt" "ods") "libreoffice" "%f")
+ ;; (("jpg" "jpeg" "png") "imv" "%f")
+ ;; (("pdf") "sioyek" "%f")
+ ;; (("xopp") "xournalpp" "%f"))))
:custom
(delete-by-moving-to-trash t)
(dired-listing-switches
@@ -16659,7 +17488,7 @@ The full list of nerd-fonts can be found here: firefox). The difference here was, for a long time, that this block is used in a NixOS and a home-manager-only configuration, verbatim. If I were to use an attribute set, I would have to duplicate this block once each for NixOS and home-manager. Alas, this block stays (for now). However, I learned how to use an attribute set in a custom home-manager module and pass it to both NixOS and home-manager configurations, which also removed the need for that use of it.
+This is where the theme for the whole OS is defined. Originally, this noweb-ref section could not be copied to the general NixOS config since they are on different folder structure levels in the config, which would have made the flake impure. By now, I have found out that using the ${self} method for referencing the flake root, I could circumvent this problem. Also, the noweb-ref block could in general be replaced by a custom attribute set (see for example [BROKEN LINK: h:e7f98ad8-74a6-4860-a368-cce154285ff0]). The difference here was, for a long time, that this block is used in a NixOS and a home-manager-only configuration, verbatim. If I were to use an attribute set, I would have to duplicate this block once each for NixOS and home-manager. Alas, this block stays (for now). However, I learned how to use an attribute set in a custom home-manager module and pass it to both NixOS and home-manager configurations, which also removed the need for that use of it.
@@ -16822,10 +17651,10 @@ The command command can be supplied with a -p flag tha
-
+
sanitise tridactyllocal tridactylsync
-colourscheme base16-codeschool
+colourscheme swarsel
" General Settings
set update.lastchecktime 1720629386560
@@ -16837,9 +17666,12 @@ set configversion 2.0
set searchurls.no https://search.nixos.org/options?query=
set searchurls.np https://search.nixos.org/packages?query=
set searchurls.hm https://home-manager-options.extranix.com/?query=
+set searchurls.@c https://vbc.atlassian.net/wiki/search?text=
+set searchurls.@j https://vbc.atlassian.net/issues/?jql=textfields%20~%20%22%s*%22&wildcardFlag=true
set completions.Tab.statusstylepretty true
set hintfiltermode vimperator-reflow
set hintnames numeric
+unbind --mode=hint <Space>
" Binds
bind <C-m> buffer #
@@ -16854,30 +17686,32 @@ bindurl ^http(s)?://lobste\.rs c hint -Jc [class="u-url"],[class="comments_label
bindurl ^http(s)?://www\.google\.com gi composite focusinput -l ; text.end_of_line
" Work
-command tab_or_tabopen jsb -p (async () => { let tabs = await browser.tabs.query({}); let tab = tabs.find(t => t.url.includes(JS_ARG)); if (tab) {browser.tabs.update(tab.id, { active: true });} else {tri.excmds.tabopen(JS_ARG);}})()
+command tab_or_tabopen jsb -p (async () => {let tabs = await browser.tabs.query({}); let tab = tabs.find(t => t.url.includes(JS_ARG)); if (tab) {browser.tabs.update(tab.id, { active: true });} else {tri.excmds.tabopen(JS_ARG);}})()
-bind gwa tab_or_tabopen apic-impimba-1.m.imp.ac.at
-bind gwA tab_or_tabopen artifactory.imp.ac.at
-bind gwb tab_or_tabopen bitbucket.vbc.ac.at
-bind gwc tab_or_tabopen vbc.atlassian.net/wiki
-bind gwd tab_or_tabopen datadomain-impimba-2.imp.ac.at
-bind gwe tab_or_tabopen exivity.vbc.ac.at
-bind gwg tab_or_tabopen github.com
-bind gwG tab_or_tabopen goc.egi.eu
-bind gwh tab_or_tabopen jupyterhub.vbc.ac.at
-bind gwH tab_or_tabopen test-jupyterhub.vbc.ac.at
-bind gwj tab_or_tabopen jenkins.vbc.ac.at
-bind gwJ tab_or_tabopen test-jenkins.vbc.ac.at
-bind gwl tab_or_tabopen lucid.app
-bind gwm tab_or_tabopen monitoring.vbc.ac.at/grafana
-bind gwM tab_or_tabopen monitoring.vbc.ac.at/prometheus
-bind gwn tab_or_tabopen netbox.vbc.ac.at
-bind gwN tab_or_tabopen nap.imp.ac.at
-bind gwo tab_or_tabopen outlook.office.com
-bind gws tab_or_tabopen satellite.vbc.ac.at
-bind gwt tab_or_tabopen tower.vbc.ac.at
-bind gwv tab_or_tabopen vc-impimba-1.m.imp.ac.at/ui
-bind gwx tab_or_tabopen xclarity.vbc.ac.at
+command tab_or_tabopen_local jsb -p (async () => {const currentWindow = await browser.windows.getCurrent(); const tabs = await browser.tabs.query({ windowId: currentWindow.id }); const tab = tabs.find(t => t.url.includes(JS_ARG)); if (tab) {browser.tabs.update(tab.id, { active: true });} else {tri.excmds.tabopen(JS_ARG);}})()
+
+bind gwa tab_or_tabopen_local apic-impimba-1.m.imp.ac.at
+bind gwA tab_or_tabopen_local artifactory.imp.ac.at
+bind gwb tab_or_tabopen_local bitbucket.vbc.ac.at
+bind gwc tab_or_tabopen_local vbc.atlassian.net/wiki
+bind gwd tab_or_tabopen_local datadomain-impimba-2.imp.ac.at
+bind gwe tab_or_tabopen_local exivity.vbc.ac.at
+bind gwg tab_or_tabopen_local github.com
+bind gwG tab_or_tabopen_local goc.egi.eu
+bind gwh tab_or_tabopen_local jupyterhub.vbc.ac.at
+bind gwH tab_or_tabopen_local test-jupyterhub.vbc.ac.at
+bind gwj tab_or_tabopen_local jenkins.vbc.ac.at
+bind gwJ tab_or_tabopen_local test-jenkins.vbc.ac.at
+bind gwl tab_or_tabopen_local lucid.app
+bind gwm tab_or_tabopen_local monitoring.vbc.ac.at/grafana
+bind gwM tab_or_tabopen_local monitoring.vbc.ac.at/prometheus
+bind gwn tab_or_tabopen_local netbox.vbc.ac.at
+bind gwN tab_or_tabopen_local nap.imp.ac.at
+bind gwo tab_or_tabopen_local outlook.office.com
+bind gws tab_or_tabopen_local satellite.vbc.ac.at
+bind gwt tab_or_tabopen_local tower.vbc.ac.at
+bind gwv tab_or_tabopen_local vc-impimba-1.m.imp.ac.at/ui
+bind gwx tab_or_tabopen_local xclarity.vbc.ac.at
" Search in page
set findcase smart
@@ -16946,12 +17780,183 @@ autocmd DocStart vc-impimba-1.m.imp.ac.at/ui/webconsole mode ignore
" For syntax highlighting see https://github.com/tridactyl/vim-tridactyl
" vim: set filetype=tridactyl
+
+
+
+
+
+6.3. tridactyl theme
+
+
+
+:root {
+
+ --base00: #1D252C;
+ --base01: #171D23;
+ --base02: #5EC4FF;
+ --base03: #566C7D;
+ --base04: #5EC4FF;
+ --base05: #A0B3C5;
+ --base06: #C06ECE;
+ --base07: #A0B3C5;
+ --base08: #D95468;
+ --base09: #FFA880;
+ --base0A: #5EC4FF;
+ --base0B: #8BD49C;
+ --base0C: #008B94;
+ --base0D: #5EC4FF;
+ --base0E: #C06ECE;
+ --base0F: #5EC4FF;
+
+ --tridactyl-def-fg: var(--base02);
+ --tridactyl-cmdl-bg: var(--base00);
+ --tridactyl-cmdl-fg: var(--base0C);
+
+ --tridactyl-font-family: "San Francisco", sans-serif;
+
+ --tridactyl-cmdl-font-size: 1.5rem;
+ --tridactyl-cmdl-line-height: 1.5;
+
+ --tridactyl-cmplt-option-height: 1.4em;
+ --tridactyl-cmplt-font-size: var(--tridactyl-small-font-size);
+ --tridactyl-cmplt-border-top: unset;
+
+ --tridactyl-status-font-size: 9px;
+ --tridactyl-status-font-family: "Fira Code", monospace;
+ --tridactyl-status-border: 1px var(--tridactyl-fg) solid;
+
+ --tridactyl-header-font-size: var(--tridactyl-small-font-size);
+ --tridactyl-header-font-weight: 200;
+ --tridactyl-header-border-bottom: unset;
+
+ --tridactyl-hintspan-font-size: var(--tridactyl-font-size);
+ --tridactyl-hint-active-fg: none;
+
+}
+
+:root #command-line-holder {
+ order: 1;
+ border: 2px solid var(--tridactyl-cmdl-fg);
+ color: var(--tridactyl-cmdl-bg);
+}
+
+:root #tridactyl-input {
+ width: 90%;
+ padding: 1rem;
+ color: var(--tridactyl-def-fg);
+}
+
+:root #completions table {
+ font-size: 0.8rem;
+ font-weight: 200;
+ border-spacing: 0;
+ table-layout: fixed;
+ padding: 1rem;
+ padding-top: 0;
+}
+
+:root #completions > div {
+ max-height: calc(20 * var(--tridactyl-cmplt-option-height));
+ min-height: calc(10 * var(--tridactyl-cmplt-option-height));
+}
+
+/* COMPLETIONS */
+
+:root #completions {
+ font-weight: 200;
+ order: 2;
+ color: var(--tridactyl-def-fg);
+ background: var(--tridactyl-cmdl-bg);
+
+}
+
+/* Olie doesn't know how CSS inheritance works */
+:root #completions .HistoryCompletionSource {
+ max-height: unset;
+ min-height: unset;
+}
+
+:root #completions .HistoryCompletionSource table {
+ width: 100%;
+ font-size: 9pt;
+ border-spacing: 0;
+ table-layout: fixed;
+}
+
+/* redundancy 2: redundancy 2: more redundancy */
+:root #completions .BmarkCompletionSource {
+ max-height: unset;
+ min-height: unset;
+}
+
+:root #completions table tr { white-space: nowrap;
+ overflow: hidden;
+ text-overflow: ellipsis;
+}
+
+:root #completions .url {
+ background: var(--tridactyl-cmdl-bg);
+}
+
+:root #completions .focused {
+ background: #44391F;
+}
+:root #completions .focused .url {
+ background: #44391F;
+}
+
+:root #completions .BufferCompletionSource table {
+ width: unset;
+ font-size: unset;
+ border-spacing: unset;
+ table-layout: unset;
+}
+
+:root #completions table tr {
+ white-space: nowrap;
+ overflow: hidden;
+ text-overflow: ellipsis;
+}
+
+:root #completions .sectionHeader {
+ background: unset;
+ padding: 1rem !important;
+ padding-left: unset;
+ padding-bottom: 0.2rem;
+}
+
+:root #cmdline_iframe {
+ position: fixed !important;
+ bottom: unset;
+ top: 25% !important;
+ left: 10% !important;
+ z-index: 2147483647 !important;
+ width: 80% !important;
+ box-shadow: rgba(0, 0, 0, 0.5) 0px 0px 15px !important;
+}
+
+:root .TridactylStatusIndicator {
+ position: fixed !important;
+ bottom: 0 !important;
+ font-weight: 200 !important;
+ padding: 0.8ex !important;
+}
+
+/* #Shydactyl-normal { */
+/* border-color: green !important; */
+/* } */
+
+/* #Shydactyl-insert { */
+/* border-color: yellow !important; */
+/* } */
+
+
-6.3. Waybar style.css
+6.4. Waybar style.css
This is the stylesheet used by waybar.
@@ -17229,7 +18234,7 @@ window#waybar.hidden {
-6.4. justfile
+6.5. justfile
This file defines a few workflows that I often need to run when working on my configuration. This works similar to make, but is geared towards general tasks and as such requires no extra handling (as long as there are no dependencies involved) or .PHONY recipes.
@@ -17277,7 +18282,7 @@ sync USER HOST:
diff --git a/programs/firefox/tridactyl/themes/.#base16-codeschool.css b/programs/firefox/tridactyl/themes/.#base16-codeschool.css
deleted file mode 120000
index d94e40c..0000000
--- a/programs/firefox/tridactyl/themes/.#base16-codeschool.css
+++ /dev/null
@@ -1 +0,0 @@
-swarsel@nbl-imba-2.3038:1743148454
\ No newline at end of file
diff --git a/programs/stylix/.#swarsel.yaml b/programs/stylix/.#swarsel.yaml
deleted file mode 120000
index d94e40c..0000000
--- a/programs/stylix/.#swarsel.yaml
+++ /dev/null
@@ -1 +0,0 @@
-swarsel@nbl-imba-2.3038:1743148454
\ No newline at end of file