From e6c73510947024c980695663c7a9909ff306953d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leon=20Schwarz=C3=A4ugl?= Date: Sun, 10 Aug 2025 11:33:14 +0200 Subject: [PATCH] feat: add uni profile --- SwarselSystems.org | 137 ++++++++++++++++++------ hosts/nixos/pyramid/default.nix | 1 + hosts/nixos/pyramid/secrets/pii.nix.enc | 6 +- modules/home/common/packages.nix | 2 +- modules/home/optional/uni.nix | 24 +++++ modules/home/optional/work.nix | 54 ++++------ profiles/home/personal/default.nix | 1 + profiles/home/uni/default.nix | 12 +++ profiles/nixos/uni/default.nix | 18 ++++ 9 files changed, 181 insertions(+), 74 deletions(-) create mode 100644 modules/home/optional/uni.nix create mode 100644 profiles/home/uni/default.nix create mode 100644 profiles/nixos/uni/default.nix diff --git a/SwarselSystems.org b/SwarselSystems.org index d950608..c45b328 100644 --- a/SwarselSystems.org +++ b/SwarselSystems.org @@ -1855,6 +1855,7 @@ My work machine. Built for more security, this is the gold standard of my config swarselprofiles = { personal = lib.mkIf (!minimal) true; work = lib.mkIf (!minimal) true; + uni = lib.mkIf (!minimal) true; framework = lib.mkIf (!minimal) true; amdcpu = true; amdgpu = true; @@ -13678,26 +13679,8 @@ The rest of the settings is at [[#h:bbf2ecb6-c8ff-4462-b5d5-d45b28604ddf][work]] stable.prometheus.cli tigervnc openstackclient - pizauth ]; - systemd.user.services.pizauth = { - Unit = { - Description = "Pizauth OAuth2 token manager"; - }; - - Service = { - Type = "simple"; - ExecStart = "${pkgs.pizauth}/bin/pizauth server -vvvv -d"; - ExecReload = "${pkgs.pizauth}/bin/pizauth reload"; - ExecStop = "${pkgs.pizauth}/bin/pizauth shutdown"; - }; - - Install = { - WantedBy = [ "default.target" ]; - }; - }; - home.sessionVariables = { DOCUMENT_DIR_PRIV = lib.mkForce "${homeDir}/Documents/Private"; DOCUMENT_DIR_WORK = lib.mkForce "${homeDir}/Documents/Work"; @@ -14031,28 +14014,30 @@ The rest of the settings is at [[#h:bbf2ecb6-c8ff-4462-b5d5-d45b28604ddf][work]] }; }; + swarselservices.pizauth = { + enable = true; + accounts = { + work = { + authUri = "https://login.microsoftonline.com/common/oauth2/v2.0/authorize"; + tokenUri = "https://login.microsoftonline.com/common/oauth2/v2.0/token"; + clientId = "08162f7c-0fd2-4200-a84a-f25a4db0b584"; + clientSecret = "TxRBilcHdC6WGBee]fs?QR:SJ8nI[g82"; + scopes = [ + "https://outlook.office365.com/IMAP.AccessAsUser.All" + "https://outlook.office365.com/SMTP.Send" + "offline_access" + ]; + loginHint = "${nixosConfig.repo.secrets.local.work.mailAddress}"; + }; + }; + + }; + xdg = let inherit (nixosConfig.repo.secrets.local.work) user1 user2 user3; in { - configFile."pizauth.conf".text = '' - account "work" { - auth_uri = "https://login.microsoftonline.com/common/oauth2/v2.0/authorize"; - token_uri = "https://login.microsoftonline.com/common/oauth2/v2.0/token"; - client_id = "08162f7c-0fd2-4200-a84a-f25a4db0b584"; - client_secret = "TxRBilcHdC6WGBee]fs?QR:SJ8nI[g82"; - scopes = [ - "https://outlook.office365.com/IMAP.AccessAsUser.All", - "https://outlook.office365.com/SMTP.Send", - "offline_access" - ]; - // You don't have to specify login_hint, but it does make - // authentication a little easier. - login_hint = "${nixosConfig.repo.secrets.local.work.mailAddress}"; - } - ''; - mimeApps = { defaultApplications = { "x-scheme-handler/msteams" = [ "teams-for-linux.desktop" ]; @@ -14206,6 +14191,39 @@ The rest of the settings is at [[#h:bbf2ecb6-c8ff-4462-b5d5-d45b28604ddf][work]] #+end_src +**** Uni +:PROPERTIES: +:CUSTOM_ID: h:52b41e73-46f3-4c2c-af64-eafb51e3b6b6 +:END: + +#+begin_src nix-ts :tangle modules/home/optional/uni.nix :noweb yes + { config, lib, nixosConfig ? config, ... }: + { + options.swarselmodules.optional.uni = lib.mkEnableOption "optional uni settings"; + config = lib.mkIf config.swarselmodules.optional.uni + { + swarselservices.pizauth = { + enable = true; + accounts = { + uni = { + authUri = "https://login.microsoftonline.com/common/oauth2/v2.0/authorize"; + tokenUri = "https://login.microsoftonline.com/common/oauth2/v2.0/token"; + clientId = "08162f7c-0fd2-4200-a84a-f25a4db0b584"; + clientSecret = "TxRBilcHdC6WGBee]fs?QR:SJ8nI[g82"; + scopes = [ + "https://outlook.office365.com/IMAP.AccessAsUser.All" + "https://outlook.office365.com/SMTP.Send" + "offline_access" + ]; + loginHint = "${nixosConfig.repo.secrets.local.uni.mailAddress}"; + }; + }; + }; + }; + } + +#+end_src + **** Framework :PROPERTIES: :CUSTOM_ID: h:8a7b1c26-3448-42d3-932a-5d05d54b5490 @@ -16750,6 +16768,33 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a #+end_src +**** Uni +:PROPERTIES: +:CUSTOM_ID: h:87a83b10-3c2f-407c-89aa-922ad77748a4 +:END: + +#+begin_src nix-ts :tangle profiles/nixos/uni/default.nix :mkdirp yes + { lib, config, ... }: + { + options.swarselprofiles.uni = lib.mkEnableOption "is this a uni host"; + config = lib.mkIf config.swarselprofiles.uni { + # swarselmodules = { + # optional = { + # uni = lib.mkDefault true; + # }; + # }; + home-manager.users."${config.swarselsystems.mainUser}" = { + swarselprofiles = { + uni = lib.mkDefault true; + }; + }; + + }; + + } + +#+end_src + **** Framework :PROPERTIES: :CUSTOM_ID: h:eb272c99-842a-4095-bc65-283562749300 @@ -17061,6 +17106,7 @@ This holds modules that are to be used on most hosts. These are also the most im optional = { gaming = lib.mkDefault true; + uni = lib.mkDefault true; }; }; }; @@ -17245,6 +17291,27 @@ This holds modules that are to be used on most hosts. These are also the most im #+end_src +**** Uni +:PROPERTIES: +:CUSTOM_ID: h:56f509b9-3271-4212-b5ea-482dbe288bda +:END: + +#+begin_src nix-ts :tangle profiles/home/uni/default.nix :mkdirp yes + { lib, config, ... }: + { + options.swarselprofiles.uni = lib.mkEnableOption "is this a uni host"; + config = lib.mkIf config.swarselprofiles.uni { + swarselmodules = { + optional = { + uni = lib.mkDefault true; + }; + }; + }; + + } + +#+end_src + **** Framework :PROPERTIES: :CUSTOM_ID: h:712b9d7f-16c0-42b3-b02b-6d79ee15cfcc diff --git a/hosts/nixos/pyramid/default.nix b/hosts/nixos/pyramid/default.nix index 79541c3..b89f44d 100644 --- a/hosts/nixos/pyramid/default.nix +++ b/hosts/nixos/pyramid/default.nix @@ -16,6 +16,7 @@ in swarselprofiles = { personal = lib.mkIf (!minimal) true; work = lib.mkIf (!minimal) true; + uni = lib.mkIf (!minimal) true; framework = lib.mkIf (!minimal) true; amdcpu = true; amdgpu = true; diff --git a/hosts/nixos/pyramid/secrets/pii.nix.enc b/hosts/nixos/pyramid/secrets/pii.nix.enc index d902cda..f5a735a 100644 --- a/hosts/nixos/pyramid/secrets/pii.nix.enc +++ b/hosts/nixos/pyramid/secrets/pii.nix.enc @@ -1,5 +1,5 @@ { - "data": "ENC[AES256_GCM,data:kkwEMOzab5JK9G+rSfYygcAI6Y+b1tXkUFPdxN8e2Rnz2Uv4bDfITu8bmKqJ1q5kmHxQjQukioZkdQkabqBR8cx/CG3dRJfPAjEwMz4v8UYGSNSf8blJvdb4YKSizeOEALCuawBIm5hmvwuskXlol6UfkK66h9UnP94wwdh0KKemWinANxbIUX+cl6kK4X1eZrWRGr5Ts2HmjcowIbA+SmA8yVAwqoP6L1DuavilLGPfWhBI4Kj7ZTI3LRlvu4DZZ+DCAea3FgrrjbTWiWZfFW0YX2fDgNQkIxpp3N203zDu23HebZcmCrVBkfvFS7awBr5iVnwfsqOJR0LH92lIlUb8YoFShlJU/Day80i9uyYDCTHc4l2NBvjIH8NlpiYaA2A+rCW3VkVX3WzCGxBfi/kIqoNE3RdLJAYrIimsYaHSmk4o6jslR3xIRyQzDcNtWa92kINdCwBuJXc0UYe/HnR8tFlmOrlixMlVINTy45PRNYJoy7cuoJPd+aNIPQ2V31TB/CjUSZhEptVJSnQnKDui1xuV7vqcyPv06xftJGZRk/LL2cl3+HDLflkZYE7NVlLaOWMBOkX99W/WokF3NGBWuVeUp9bLCwpuEmzFafpCjKhGrQSDGkw17jmYWCULN9v3q6OvyylwqVuDDQZNSxGZFsSPr7qOxeENwTDQvRwpydthPRMMHh/wf3t5pyV/jW79SBuxIWvn4JbO8TBsd9TmVgXMgpd97+Zg3CnTqZApVVRzM8NzF25fMYHJv12YvkEmyOm0otFU84COhgNkpBRTJhyJdjKWVOTJFJyQviwy6BTBF6jqHyS+YP7BEZO2UID/9ODKVrSACCatSQlNtLQRrXOiE9h3g43uAJc/TyJ+A0IceUJ3BM+6PEJiqDWUfO5ucP3pLDdb4IDOAi/YeV9HQdyCdEVRf6a0CHmPcnkb+X+fxxcmZQCvuzQjOZQZw8UUwfhdJms6jTWqaN9leb3z4u8RPxOM1T+Qsu5dL5ouady7xVSO4c1Fw+EiiL9yOh42DTa4OyBlcTJiz5iigqmkaiQOwdwn+FlOYNraOd24h8+x7dDVQBbHjnV7xF7I1rmpOfA/lUbfovLU5SrIxLPT64J25ucudJWBTCDiYADUwhv+QmfJJsdt11+NWPkS3ymFbbWPtpZvhCaawrNKb3s/ohOEi8JIAyY9dtfRGuRoTsCcsJ4xjeSLehX4TgR0cl31Jmm+0kO2uuP7veDrqyUg1Swqsq4+BKfimprh/QzwSoB9lOdEPu0bdQza9sk+D5+H2ooXsVXA2YJscBZ/Kv+YYW57LlfwEvfpJDx5XiQtAYYlUeN8SPx72i9QzYugm339gj+eB8gtbX3W8Sl+D9Vs0P+GZ4G7K03JvzEExtA=,iv:Go3U5S9ZxtPawFoVjknH8j8WDg2TJLIU6mp5DQDj9BE=,tag:0QPJYyQsuZ4hz8xZZ2V4xw==,type:str]", + "data": "ENC[AES256_GCM,data:p68IT8Bx7PKlHX5ZI5L0pU64WGA+q3byfbT9yOceKKq4BxD2ZX4zwxXrTsb1q6WOcxOfr7aqqJ8uzkSURKbSbjd1sImBrrzTh2BU80PnM7d8n2GuqJdj2TsiJ25MD5BNG2v0Ib3jDErI5cA6DWkQgzZV3gyfc486XpsFP8TZLjdHBqVO+FcDde/yqLMbAzaGfsOL/yvqsKgoCLQIsY9XyKVuVYuzreBRKo/kXUROCIB9wNFKvXvsMquCPGGDeumjVmcOvKqds3Gz4Ij3YjMiuLEcy4fJCl+Oqt9uKTAzETtxh+0G6UxqPc0IpS3ZzBGKVN+waOqbee0EgZys187qDVkg57L2QZ8I5An7EsMpo7T4KQDhxE8ZU4aLvwS/fobHaFW/9pSjqnH1v1O7gVpPS1T+GDTBHUDvlFVA3EtmTaXT2P3JHpFZCGex9AuyqQPOggwC2CVedmeWEc5osbGJhJjWjHvqkfcfLjIJB8bvp5y3FBXodJAEX9lW+Kbhe3121JU5pAlDp9QWG7a9wHdTSLbhC3qJXAtovOrOqrPTUD/LkSVMYDI+MaN+kw1kgCXH/ZXZmE8WCu7e8g7Vh4XEuRwhwAloGN6KyU+0LUP1SaMRTktur6sUtTIGdWdkaIVXn5sHMiLFYmwXy07uSZ3bGQ8nb3D0yInLkxCH/C/czS+bW3GFACo+bx9GcmDCPYXT1ay4HNFicCwcFNseDnbJMhs9SmI/EXQs1f7AaojMTnBmRpZLvAa++s5cW+GGYjoqZXn7CpGS9bPyv16MLv+81Is2zg1yXYTAwZyGjDrqYYBgsC0I1VgY1sDf1MRZtucL46GMaveIgrx8nlNB2vWkN9pky3GeZL9YvQgw6WEd32pnDxH2d7In83wqPjzk2Ce1fUG24nCBS/GLMEeE+DGud0jMaRbOkR4JmYGw9ej3En+52HHn+Nwy7nQy9gpvf0jOpzPyImCDbtIa+SgFm81nj3Di2SEcxhzqzY3oJbWdNmhbJzacxik73qi+PvY+s5eEr5/Xav8yUltWJHof7vCxw6qejBYa6gb01GOuWfyVVwMpmycrt7bbnWJQ1cULXnChwX3RaktMn1gYAO1kXpgOAEzGE0c/nIqnNWYdzQnfPmFUrBUSLj0SyymsGzBsTc8AmCk0ue8K8Z2lGYgSwHVRgvspWX4W3fvyL0AYwCureXh2MyqohNOEilKqolxQjNIM2B1hDNBWqN3dO6NnJKSE4XicfXHfd/6VVmpNVquWMq3SpcWMhiG3ZWMEWsJ8tTARlCg45uWCKq1iONd8baXLV3C+lutzQ86By5jmEGVYerSLvTsDN1t/VENaNqGCeJPNY5uLuhhoC55C/6zRYNQvzppWru7L+dMh/+t4i9cAgEgsVej5nJKnBPFlUFd2ZaaSoMf1Od1JjJSp3XdaQiXmAS2SUPPU3pLjM2xkpSSK0l1W7EKeQN2CA+dX3Whz3zBmRl8=,iv:DftbkwcfZYce8u+4APA0Od/J6gijDN1c35rBobS7kB4=,tag:IpqjdivPHQrjK/7oRx6spw==,type:str]", "sops": { "age": [ { @@ -11,8 +11,8 @@ "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0Z2tONmQxTUhZUW12Z2Jm\nUnoxSnpYcnZDNGNzSko1ckl2RDh3NG1VS2dFCmIwUXhmSk1OUk02S0JPVDR5UWJ4\na0gwWlg0V005ZWxYa29PZ0laS2VqM0kKLS0tIHN5SU9pQ090eHljeXJGWm5hRFQ4\nZ001Nzkyb29RYkNUMDNDNlo4YnVQeTQK34bNIBgxId2+DHKQNVV3Iro3KGkE03Sp\niB1+dADT6nRvGvoyPqnLq/NYfw7eQ6XqYt55zkdCta8v6L1UNUkw8g==\n-----END AGE ENCRYPTED FILE-----\n" } ], - "lastmodified": "2025-08-07T12:21:20Z", - "mac": "ENC[AES256_GCM,data:JxNvTsW6D7IbaczGsdgfTJcACm5VLrOw6Ep+RU9PoXn2LJZeJ9U8KIlnNdODtxMpiIpZ+ZPeJgQk+EXlUVd5n2dJQEr6vqfs4o85givDWE29Pki12Zb7jMhiW8/z9GYQ/TcskkWUfA0Brz9fKVKXLARvQdL1/9Rlw+F1VwWWBOo=,iv:V31hoIpUgq6X47D0B+MtBMsdD0oDpPkh2kvQWRJtS3w=,tag:dsW9SUIdGipX5rKyLAvCvQ==,type:str]", + "lastmodified": "2025-08-09T20:09:09Z", + "mac": "ENC[AES256_GCM,data:s+LaqADPYV1UjsYZlxh6LGqaTwGzDYWyfcxPXakVUEmCe0YHfphSyRmhWwlr7WWM3w6BsZESq+PKYKtL7UunoolPh0KVEcobsvp7K/ZEPzDOH14ddOGiXDEpYRNqVYZtprR9pvrydOCPJbXO+klpLl0o3mm6j9VX2tIQdx3HNiA=,iv:rI2MG8OJUM6RNkJ3GsSYedOnRBTa+tbpporHC337unE=,tag:SY4yi5T7sFTIV02I8BbISg==,type:str]", "pgp": [ { "created_at": "2025-06-14T22:31:01Z", diff --git a/modules/home/common/packages.nix b/modules/home/common/packages.nix index c9c3ba1..0e066d8 100644 --- a/modules/home/common/packages.nix +++ b/modules/home/common/packages.nix @@ -77,7 +77,7 @@ libreoffice-qt xournalpp obsidian - spotify + # spotify vesktop # discord client # nextcloud-client # enables a systemd service that I do not want spotify-player diff --git a/modules/home/optional/uni.nix b/modules/home/optional/uni.nix new file mode 100644 index 0000000..6fb253f --- /dev/null +++ b/modules/home/optional/uni.nix @@ -0,0 +1,24 @@ +{ config, lib, nixosConfig ? config, ... }: +{ + options.swarselmodules.optional.uni = lib.mkEnableOption "optional uni settings"; + config = lib.mkIf config.swarselmodules.optional.uni + { + swarselservices.pizauth = { + enable = true; + accounts = { + uni = { + authUri = "https://login.microsoftonline.com/common/oauth2/v2.0/authorize"; + tokenUri = "https://login.microsoftonline.com/common/oauth2/v2.0/token"; + clientId = "08162f7c-0fd2-4200-a84a-f25a4db0b584"; + clientSecret = "TxRBilcHdC6WGBee]fs?QR:SJ8nI[g82"; + scopes = [ + "https://outlook.office365.com/IMAP.AccessAsUser.All" + "https://outlook.office365.com/SMTP.Send" + "offline_access" + ]; + loginHint = "${nixosConfig.repo.secrets.local.uni.mailAddress}"; + }; + }; + }; + }; +} diff --git a/modules/home/optional/work.nix b/modules/home/optional/work.nix index 6941c79..bb35779 100644 --- a/modules/home/optional/work.nix +++ b/modules/home/optional/work.nix @@ -18,26 +18,8 @@ in stable.prometheus.cli tigervnc openstackclient - pizauth ]; - systemd.user.services.pizauth = { - Unit = { - Description = "Pizauth OAuth2 token manager"; - }; - - Service = { - Type = "simple"; - ExecStart = "${pkgs.pizauth}/bin/pizauth server -vvvv -d"; - ExecReload = "${pkgs.pizauth}/bin/pizauth reload"; - ExecStop = "${pkgs.pizauth}/bin/pizauth shutdown"; - }; - - Install = { - WantedBy = [ "default.target" ]; - }; - }; - home.sessionVariables = { DOCUMENT_DIR_PRIV = lib.mkForce "${homeDir}/Documents/Private"; DOCUMENT_DIR_WORK = lib.mkForce "${homeDir}/Documents/Work"; @@ -371,28 +353,30 @@ in }; }; + swarselservices.pizauth = { + enable = true; + accounts = { + work = { + authUri = "https://login.microsoftonline.com/common/oauth2/v2.0/authorize"; + tokenUri = "https://login.microsoftonline.com/common/oauth2/v2.0/token"; + clientId = "08162f7c-0fd2-4200-a84a-f25a4db0b584"; + clientSecret = "TxRBilcHdC6WGBee]fs?QR:SJ8nI[g82"; + scopes = [ + "https://outlook.office365.com/IMAP.AccessAsUser.All" + "https://outlook.office365.com/SMTP.Send" + "offline_access" + ]; + loginHint = "${nixosConfig.repo.secrets.local.work.mailAddress}"; + }; + }; + + }; + xdg = let inherit (nixosConfig.repo.secrets.local.work) user1 user2 user3; in { - configFile."pizauth.conf".text = '' - account "work" { - auth_uri = "https://login.microsoftonline.com/common/oauth2/v2.0/authorize"; - token_uri = "https://login.microsoftonline.com/common/oauth2/v2.0/token"; - client_id = "08162f7c-0fd2-4200-a84a-f25a4db0b584"; - client_secret = "TxRBilcHdC6WGBee]fs?QR:SJ8nI[g82"; - scopes = [ - "https://outlook.office365.com/IMAP.AccessAsUser.All", - "https://outlook.office365.com/SMTP.Send", - "offline_access" - ]; - // You don't have to specify login_hint, but it does make - // authentication a little easier. - login_hint = "${nixosConfig.repo.secrets.local.work.mailAddress}"; - } - ''; - mimeApps = { defaultApplications = { "x-scheme-handler/msteams" = [ "teams-for-linux.desktop" ]; diff --git a/profiles/home/personal/default.nix b/profiles/home/personal/default.nix index 6cb0b04..b19f5a8 100644 --- a/profiles/home/personal/default.nix +++ b/profiles/home/personal/default.nix @@ -43,6 +43,7 @@ optional = { gaming = lib.mkDefault true; + uni = lib.mkDefault true; }; }; }; diff --git a/profiles/home/uni/default.nix b/profiles/home/uni/default.nix new file mode 100644 index 0000000..e816f45 --- /dev/null +++ b/profiles/home/uni/default.nix @@ -0,0 +1,12 @@ +{ lib, config, ... }: +{ + options.swarselprofiles.uni = lib.mkEnableOption "is this a uni host"; + config = lib.mkIf config.swarselprofiles.uni { + swarselmodules = { + optional = { + uni = lib.mkDefault true; + }; + }; + }; + +} diff --git a/profiles/nixos/uni/default.nix b/profiles/nixos/uni/default.nix new file mode 100644 index 0000000..24fa649 --- /dev/null +++ b/profiles/nixos/uni/default.nix @@ -0,0 +1,18 @@ +{ lib, config, ... }: +{ + options.swarselprofiles.uni = lib.mkEnableOption "is this a uni host"; + config = lib.mkIf config.swarselprofiles.uni { + # swarselmodules = { + # optional = { + # uni = lib.mkDefault true; + # }; + # }; + home-manager.users."${config.swarselsystems.mainUser}" = { + swarselprofiles = { + uni = lib.mkDefault true; + }; + }; + + }; + +}