swarsel/.dotfiles
1
0
Fork 0
mirror of https://github.com/Swarsel/.dotfiles.git synced 2025-12-06 09:07:21 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat: move drom pii-repo to repo-local piis

Browse source
This commit is contained in:
Leon Schwarzäugl 2025-06-11 21:37:26 +02:00
parent 85cbd5e1f6
commit f414735247
Signed by: swarsel
GPG key ID: 26A54C31F2A4FD84
21 changed files with 692 additions and 554 deletions
Download patch file Download diff file Expand all files Collapse all files

22
.sops.yaml
View file

@ -21,6 +21,28 @@ creation_rules:
- *toto - *toto
- *surface - *surface
- *nbl - *nbl
- path_regex: hosts/nixos/nbl-imba-2/secrets/pii.nix.enc
key_groups:
- pgp:
- *swarsel
age:
- *nbl
- path_regex: hosts/nixos/winters/secrets/pii.nix.enc
key_groups:
- pgp:
- *swarsel
age:
- *winters
- path_regex: hosts/nixos/sync/secrets/pii.nix.enc
key_groups:
- pgp:
- *swarsel
age:
- *sync
- path_regex: hosts/darwin/nbm-imba-166/secrets/pii.nix.enc
key_groups:
- pgp:
- *swarsel
- path_regex: secrets/repo/[^/]+$ - path_regex: secrets/repo/[^/]+$
key_groups: key_groups:
- pgp: - pgp:

225
SwarselSystems.org
View file

@ -809,9 +809,8 @@ My work machine. Built for more security, this is the gold standard of my config
:CUSTOM_ID: h:567c0055-f5f7-4e53-8f13-d767d7166e9d :CUSTOM_ID: h:567c0055-f5f7-4e53-8f13-d767d7166e9d
:END: :END:
#+begin_src nix :tangle hosts/nixos/nbl-imba-2/default.nix #+begin_src nix :tangle hosts/nixos/nbl-imba-2/default.nix
{ self, inputs, lib, primaryUser, ... }: { self, config, inputs, lib, primaryUser, ... }:
let let
secretsDirectory = builtins.toString inputs.nix-secrets;
sharedOptions = { sharedOptions = {
isBtrfs = true; isBtrfs = true;
isLinux = true; isLinux = true;
@ -834,7 +833,7 @@ My work machine. Built for more security, this is the gold standard of my config
]; ];
node.secretsDir = ./secrets;
swarselsystems = lib.recursiveUpdate swarselsystems = lib.recursiveUpdate
{ {
firewall = lib.mkForce true; firewall = lib.mkForce true;
@ -844,8 +843,8 @@ My work machine. Built for more security, this is the gold standard of my config
isImpermanence = false; isImpermanence = false;
isSecureBoot = true; isSecureBoot = true;
isCrypted = true; isCrypted = true;
hostName = lib.swarselsystems.getSecret "${secretsDirectory}/work/worklaptop-hostname"; inherit (config.repo.secrets.local) hostName;
fqdn = lib.swarselsystems.getSecret "${secretsDirectory}/work/worklaptop-fqdn"; inherit (config.repo.secrets.local) fqdn;
hibernation.offset = 533760; hibernation.offset = 533760;
profiles = { profiles = {
amdcpu = true; amdcpu = true;
@ -1062,7 +1061,7 @@ This is my main server that I run at home. It handles most tasks that require bi
:CUSTOM_ID: h:8ad68406-4a75-45ba-97ad-4c310b921124 :CUSTOM_ID: h:8ad68406-4a75-45ba-97ad-4c310b921124
:END: :END:
#+begin_src nix :tangle hosts/nixos/winters/default.nix #+begin_src nix :tangle hosts/nixos/winters/default.nix
{ lib, primaryUser, ... }: { lib, config, primaryUser, ... }:
let let
sharedOptions = { sharedOptions = {
isBtrfs = false; isBtrfs = false;
@ -1084,14 +1083,15 @@ This is my main server that I run at home. It handles most tasks that require bi
}; };
networking = { networking = {
inherit (config.repo.secrets.local) hostId;
hostName = "winters"; hostName = "winters";
hostId = "b7778a4a";
firewall.enable = true; firewall.enable = true;
enableIPv6 = false; enableIPv6 = false;
firewall.allowedTCPPorts = [ 80 443 ]; firewall.allowedTCPPorts = [ 80 443 ];
}; };
node.secretsDir = ./secrets;
swarselsystems = lib.recursiveUpdate swarselsystems = lib.recursiveUpdate
{ {
isImpermanence = false; isImpermanence = false;
@ -1170,10 +1170,9 @@ This is my main server that I run at home. It handles most tasks that require bi
A Mac notebook that I have received from work. I use this machine for getting accustomed to the Apple ecosystem as well as as a sandbox for nix-darwin configurations. A Mac notebook that I have received from work. I use this machine for getting accustomed to the Apple ecosystem as well as as a sandbox for nix-darwin configurations.
#+begin_src nix :tangle hosts/darwin/nbm-imba-166/default.nix #+begin_src nix :tangle hosts/darwin/nbm-imba-166/default.nix
{ lib, inputs, ... }: { lib, ... }:
let let
secretsDirectory = builtins.toString inputs.nix-secrets; inherit (config.repo.secrets.local) workUser;
workUser = lib.swarselsystems.getSecret "${secretsDirectory}/work/work-user";
in in
{ {
@ -1276,18 +1275,14 @@ This machine mainly acts as an external sync helper. It manages the following th
All of these are processes that use little cpu but can take a lot of storage. For this I use a free Ampere instance from OCI with 50G of space. In case my account gets terminated, all of this data is easily replaceable or backed up regularly anyways. All of these are processes that use little cpu but can take a lot of storage. For this I use a free Ampere instance from OCI with 50G of space. In case my account gets terminated, all of this data is easily replaceable or backed up regularly anyways.
#+begin_src nix :tangle hosts/nixos/sync/default.nix #+begin_src nix :tangle hosts/nixos/sync/default.nix
{ lib, primaryUser, inputs, ... }: { lib, primaryUser, ... }:
let let
sharedOptions = { sharedOptions = {
isBtrfs = false; isBtrfs = false;
isLinux = true; isLinux = true;
}; };
secretsDirectory = builtins.toString inputs.nix-secrets; inherit (config.repo.secrets.common) workHostName;
workHostName = lib.swarselsystems.getSecret "${secretsDirectory}/work/worklaptop-hostname"; inherit (config.repo.secrets.local.syncthing) dev1 dev2 dev3 loc1;
dev1 = lib.swarselsystems.getSecret "${secretsDirectory}/oci/sync/syncthing/dev1";
dev2 = lib.swarselsystems.getSecret "${secretsDirectory}/oci/sync/syncthing/dev2";
dev3 = lib.swarselsystems.getSecret "${secretsDirectory}/oci/sync/syncthing/dev3";
loc1 = lib.swarselsystems.getSecret "${secretsDirectory}/oci/sync/syncthing/loc1";
in in
{ {
imports = [ imports = [
@ -7159,10 +7154,7 @@ Here I am forcing =startWhenNeeded= to false so that the value will not be set t
:END: :END:
#+begin_src nix :tangle modules/nixos/server/navidrome.nix #+begin_src nix :tangle modules/nixos/server/navidrome.nix
{ pkgs, lib, inputs, config, ... }: { pkgs, config, lib, ... }:
let
secretsDirectory = builtins.toString inputs.nix-secrets;
in
{ {
options.swarselsystems.modules.server.navidrome = lib.mkEnableOption "enable navidrome on server"; options.swarselsystems.modules.server.navidrome = lib.mkEnableOption "enable navidrome on server";
config = lib.mkIf config.swarselsystems.modules.server.navidrome { config = lib.mkIf config.swarselsystems.modules.server.navidrome {
@ -7221,10 +7213,12 @@ Here I am forcing =startWhenNeeded= to false so that the value will not be set t
}; };
# Switch using --impure as these credential files are not stored within the flake # Switch using --impure as these credential files are not stored within the flake
# sops-nix is not supported for these which is why we need to resort to these # sops-nix is not supported for these which is why we need to resort to these
LastFM.ApiKey = lib.swarselsystems.getSecret "${secretsDirectory}/navidrome/lastfm-secret"; LastFM = {
LastFM.Secret = lib.swarselsystems.getSecret "${secretsDirectory}/navidrome/lastfm-key"; inherit (config.repo.secrets.local.LastFM) ApiKey Secret;
Spotify.ID = lib.swarselsystems.getSecret "${secretsDirectory}/navidrome/spotify-id"; };
Spotify.Secret = lib.swarselsystems.getSecret "${secretsDirectory}/navidrome/spotify-secret"; Spotify = {
inherit (config.repo.secrets.local.Spotify) ID Secret;
};
UILoginBackgroundUrl = "https://i.imgur.com/OMLxi7l.png"; UILoginBackgroundUrl = "https://i.imgur.com/OMLxi7l.png";
UIWelcomeMessage = "~SwarselSound~"; UIWelcomeMessage = "~SwarselSound~";
}; };
@ -8115,10 +8109,9 @@ Also I install Tika and Gotenberg, which are needed to create PDFs out of =.eml=
:END: :END:
#+begin_src nix :tangle modules/nixos/server/syncthing.nix #+begin_src nix :tangle modules/nixos/server/syncthing.nix
{ lib, config, inputs, ... }: { lib, config, ... }:
let let
secretsDirectory = builtins.toString inputs.nix-secrets; inherit (config.repo.secrets.common) workHostName;
workHostName = lib.swarselsystems.getSecret "${secretsDirectory}/work/worklaptop-hostname";
in in
{ {
options.swarselsystems.modules.server.syncthing = lib.mkEnableOption "enable syncthing on server"; options.swarselsystems.modules.server.syncthing = lib.mkEnableOption "enable syncthing on server";
@ -8240,10 +8233,9 @@ Also I install Tika and Gotenberg, which are needed to create PDFs out of =.eml=
This manages backups for my pictures and obsidian files. This manages backups for my pictures and obsidian files.
#+begin_src nix :tangle modules/nixos/server/restic.nix #+begin_src nix :tangle modules/nixos/server/restic.nix
{ lib, pkgs, config, inputs, ... }: { lib, pkgs, config, ... }:
let let
secretsDirectory = builtins.toString inputs.nix-secrets; inherit (config.repo.secrets.local) resticRepo;
resticRepo = lib.swarselsystems.getSecret "${secretsDirectory}/restic/wintersRepo";
in in
{ {
options.swarselsystems.modules.server.restic = lib.mkEnableOption "enable restic backups on server"; options.swarselsystems.modules.server.restic = lib.mkEnableOption "enable restic backups on server";
@ -10807,15 +10799,10 @@ Also in firefox `about:config > toolkit.legacyUserProfileCustomizations.styleshe
Sets environment variables. Here I am only setting the EDITOR variable, most variables are set in the [[#h:02df9dfc-d1af-4a37-a7a0-d8da0af96a20][Sway]] section. Sets environment variables. Here I am only setting the EDITOR variable, most variables are set in the [[#h:02df9dfc-d1af-4a37-a7a0-d8da0af96a20][Sway]] section.
#+begin_src nix :tangle modules/home/common/env.nix #+begin_src nix :tangle modules/home/common/env.nix
{ lib, config, nix-secrets, ... }: { lib, config, nixosConfig, ... }:
let let
secretsDirectory = builtins.toString nix-secrets; inherit (nixosConfig.repo.secrets.common.mail) address1 address2 address3 address4 allMailAddresses;
leonMail = lib.swarselsystems.getSecret "${secretsDirectory}/mail/leon"; inherit (nixosConfig.repo.secrets.common) fullName;
nautilusMail = lib.swarselsystems.getSecret "${secretsDirectory}/mail/nautilus";
mrswarselMail = lib.swarselsystems.getSecret "${secretsDirectory}/mail/mrswarsel";
swarselMail = lib.swarselsystems.getSecret "${secretsDirectory}/mail/swarsel";
fullName = lib.swarselsystems.getSecret "${secretsDirectory}/info/fullname";
allMailAddresses = lib.swarselsystems.getSecret "${secretsDirectory}/mail/list";
in in
{ {
options.swarselsystems.modules.env = lib.mkEnableOption "env settings"; options.swarselsystems.modules.env = lib.mkEnableOption "env settings";
@ -10827,10 +10814,10 @@ Sets environment variables. Here I am only setting the EDITOR variable, most var
SWARSEL_HI_RES = config.swarselsystems.highResolution; SWARSEL_HI_RES = config.swarselsystems.highResolution;
}; };
systemd.user.sessionVariables = { systemd.user.sessionVariables = {
SWARSEL_LEON_MAIL = leonMail; SWARSEL_MAIL1 = address1;
SWARSEL_NAUTILUS_MAIL = nautilusMail; SWARSEL_MAIL2 = address2;
SWARSEL_MRSWARSEL_MAIL = mrswarselMail; SWARSEL_MAIL3 = address3;
SWARSEL_SWARSEL_MAIL = swarselMail; SWARSEL_MAIL4 = address4;
SWARSEL_FULLNAME = fullName; SWARSEL_FULLNAME = fullName;
SWARSEL_MAIL_ALL = allMailAddresses; SWARSEL_MAIL_ALL = allMailAddresses;
}; };
@ -10984,11 +10971,10 @@ Eza provides me with a better =ls= command and some other useful aliases.
Here I set up my git config, automatic signing of commits, useful aliases for my ost used commands (for when I am not using [[#h:d2c7323d-f8c6-4f23-b70a-930e3e4ecce5][Magit]]) as well as a git template defined in [[#h:5ef03803-e150-41bc-b603-e80d60d96efc][Linking dotfiles]]. Here I set up my git config, automatic signing of commits, useful aliases for my ost used commands (for when I am not using [[#h:d2c7323d-f8c6-4f23-b70a-930e3e4ecce5][Magit]]) as well as a git template defined in [[#h:5ef03803-e150-41bc-b603-e80d60d96efc][Linking dotfiles]].
#+begin_src nix :tangle modules/home/common/git.nix #+begin_src nix :tangle modules/home/common/git.nix
{ lib, config, nix-secrets, ... }: { lib, config, nixosConfig, ... }:
let let
secretsDirectory = builtins.toString nix-secrets; inherit (nixosConfig.repo.secrets.common.mail) address1;
leonMail = lib.swarselsystems.getSecret "${secretsDirectory}/mail/leon"; inherit (nixosConfig.repo.secrets.common) fullName;
fullName = lib.swarselsystems.getSecret "${secretsDirectory}/info/fullname";
in in
{ {
options.swarselsystems.modules.git = lib.mkEnableOption "git settings"; options.swarselsystems.modules.git = lib.mkEnableOption "git settings";
@ -11012,7 +10998,7 @@ Here I set up my git config, automatic signing of commits, useful aliases for my
key = "0x76FD3810215AE097"; key = "0x76FD3810215AE097";
signByDefault = true; signByDefault = true;
}; };
userEmail = lib.mkDefault leonMail; userEmail = lib.mkDefault address1;
userName = fullName; userName = fullName;
difftastic.enable = true; difftastic.enable = true;
lfs.enable = true; lfs.enable = true;
@ -11516,14 +11502,10 @@ Currently I only use it as before with =initExtra= though.
Normally I use 4 mail accounts - here I set them all up. Three of them are Google accounts (sadly), which are a chore to setup. The last is just a sender account that I setup SMTP for here. Normally I use 4 mail accounts - here I set them all up. Three of them are Google accounts (sadly), which are a chore to setup. The last is just a sender account that I setup SMTP for here.
#+begin_src nix :tangle modules/home/common/mail.nix #+begin_src nix :tangle modules/home/common/mail.nix
{ lib, config, nix-secrets, ... }: { lib, config, nixosConfig, ... }:
let let
secretsDirectory = builtins.toString nix-secrets; inherit (nixosConfig.repo.secrets.common.mail) address1 address2 add2Name address3 add3Name address4;
leonMail = lib.swarselsystems.getSecret "${secretsDirectory}/mail/leon"; inherit (nixosConfig.repo.secrets.common) fullName;
nautilusMail = lib.swarselsystems.getSecret "${secretsDirectory}/mail/nautilus";
mrswarselMail = lib.swarselsystems.getSecret "${secretsDirectory}/mail/mrswarsel";
swarselMail = lib.swarselsystems.getSecret "${secretsDirectory}/mail/swarsel";
fullName = lib.swarselsystems.getSecret "${secretsDirectory}/info/fullname";
in in
{ {
options.swarselsystems.modules.mail = lib.mkEnableOption "mail settings"; options.swarselsystems.modules.mail = lib.mkEnableOption "mail settings";
@ -11552,8 +11534,8 @@ Normally I use 4 mail accounts - here I set them all up. Three of them are Googl
accounts = { accounts = {
leon = { leon = {
primary = true; primary = true;
address = leonMail; address = address1;
userName = leonMail; userName = address1;
realName = fullName; realName = fullName;
passwordCommand = "cat ${config.sops.secrets.leon.path}"; passwordCommand = "cat ${config.sops.secrets.leon.path}";
gpg = { gpg = {
@ -11584,7 +11566,7 @@ Normally I use 4 mail accounts - here I set them all up. Three of them are Googl
}; };
swarsel = { swarsel = {
address = swarselMail; address = address4;
userName = "8227dc594dd515ce232eda1471cb9a19"; userName = "8227dc594dd515ce232eda1471cb9a19";
realName = fullName; realName = fullName;
passwordCommand = "cat ${config.sops.secrets.swarselmail.path}"; passwordCommand = "cat ${config.sops.secrets.swarselmail.path}";
@ -11607,9 +11589,9 @@ Normally I use 4 mail accounts - here I set them all up. Three of them are Googl
nautilus = { nautilus = {
primary = false; primary = false;
address = nautilusMail; address = address2;
userName = nautilusMail; userName = address2;
realName = "Nautilus"; realName = add2Name;
passwordCommand = "cat ${config.sops.secrets.nautilus.path}"; passwordCommand = "cat ${config.sops.secrets.nautilus.path}";
imap.host = "imap.gmail.com"; imap.host = "imap.gmail.com";
smtp.host = "smtp.gmail.com"; smtp.host = "smtp.gmail.com";
@ -11634,9 +11616,9 @@ Normally I use 4 mail accounts - here I set them all up. Three of them are Googl
mrswarsel = { mrswarsel = {
primary = false; primary = false;
address = mrswarselMail; address = address3;
userName = mrswarselMail; userName = address3;
realName = "Swarsel"; realName = add3Name;
passwordCommand = "cat ${config.sops.secrets.mrswarsel.path}"; passwordCommand = "cat ${config.sops.secrets.mrswarsel.path}";
imap.host = "imap.gmail.com"; imap.host = "imap.gmail.com";
smtp.host = "smtp.gmail.com"; smtp.host = "smtp.gmail.com";
@ -12974,9 +12956,9 @@ Settinfs that are needed for the gpg-agent. Also we are enabling emacs support f
This service changes the screen hue at night. I am not sure if that really does something, but I like the color anyways. This service changes the screen hue at night. I am not sure if that really does something, but I like the color anyways.
#+begin_src nix :tangle modules/home/common/gammastep.nix #+begin_src nix :tangle modules/home/common/gammastep.nix
{ lib, config, nix-secrets, ... }: { lib, config, nixosConfig, ... }:
let let
secretsDirectory = builtins.toString nix-secrets; inherit (nixosConfig.repo.secrets.common.location) latitude longitude;
in in
{ {
options.swarselsystems.modules.gammastep = lib.mkEnableOption "gammastep settings"; options.swarselsystems.modules.gammastep = lib.mkEnableOption "gammastep settings";
@ -12984,8 +12966,7 @@ This service changes the screen hue at night. I am not sure if that really does
services.gammastep = { services.gammastep = {
enable = true; enable = true;
provider = "manual"; provider = "manual";
latitude = lib.swarselsystems.getSecret "${secretsDirectory}/home/gammastep-latitude"; inherit longitude latitude;
longitude = lib.swarselsystems.getSecret "${secretsDirectory}/home/gammastep-longitude";
}; };
}; };
} }
@ -13131,13 +13112,10 @@ The rest of the settings is at [[#h:fb3f3e01-7df4-4b06-9e91-aa9cac61a431][gaming
The rest of the settings is at [[#h:bbf2ecb6-c8ff-4462-b5d5-d45b28604ddf][work]]. Here, I am setting up the different firefox profiles that I need for the SSO sites that I need to access at work as well as a few ssh shorthands. The rest of the settings is at [[#h:bbf2ecb6-c8ff-4462-b5d5-d45b28604ddf][work]]. Here, I am setting up the different firefox profiles that I need for the SSO sites that I need to access at work as well as a few ssh shorthands.
#+begin_src nix :tangle modules/home/optional/work.nix :noweb yes #+begin_src nix :tangle modules/home/optional/work.nix :noweb yes
{ self, config, pkgs, lib, nix-secrets, ... }: { self, config, pkgs, lib, nixosConfig, ... }:
let let
inherit (config.swarselsystems) homeDir; inherit (config.swarselsystems) homeDir;
secretsDirectory = builtins.toString nix-secrets; inherit (nixosConfig.repo.secrets.local.work) user1 user1Long user2 user2Long user3 user3Long user4 path1 loc1 loc2 site1 site2 site3 site4 site5 site6 site7 lifecycle1 lifecycle2 domain1 domain2 gitMail;
dcUser = lib.swarselsystems.getSecret "${secretsDirectory}/work/dc-user";
clUser = lib.swarselsystems.getSecret "${secretsDirectory}/work/cl-user";
wsUser = lib.swarselsystems.getSecret "${secretsDirectory}/work/ws-user";
in in
{ {
options.swarselsystems.modules.optional.work = lib.mkEnableOption "optional work settings"; options.swarselsystems.modules.optional.work = lib.mkEnableOption "optional work settings";
@ -13176,20 +13154,20 @@ The rest of the settings is at [[#h:bbf2ecb6-c8ff-4462-b5d5-d45b28604ddf][work]]
}; };
stylix.targets.firefox.profileNames = [ stylix.targets.firefox.profileNames = [
"dc" "${user1}"
"cl" "${user2}"
"ws" "${user3}"
"work" "work"
]; ];
programs = { programs = {
git.userEmail = lib.swarselsystems.getSecret "${secretsDirectory}/work/git-email"; git.userEmail = lib.mkForce gitMail;
zsh = { zsh = {
shellAliases = { shellAliases = {
dssh = "ssh -l ${dcUser}"; dssh = "ssh -l ${user1Long}";
cssh = "ssh -l ${clUser}"; cssh = "ssh -l ${user2Long}";
wssh = "ssh -l ${wsUser}"; wssh = "ssh -l ${user3Long}";
}; };
cdpath = [ cdpath = [
"~/Documents/Work" "~/Documents/Work"
@ -13199,42 +13177,42 @@ The rest of the settings is at [[#h:bbf2ecb6-c8ff-4462-b5d5-d45b28604ddf][work]]
w = "$HOME/Documents/Work"; w = "$HOME/Documents/Work";
s = "$HOME/.dotfiles/secrets"; s = "$HOME/.dotfiles/secrets";
pr = "$HOME/Documents/Private"; pr = "$HOME/Documents/Private";
ac = "$HOME/.ansible/collections/ansible_collections/vbc/linux/roles"; ac = path1;
}; };
}; };
ssh = { ssh = {
matchBlocks = { matchBlocks = {
"uc" = { "${loc1}" = {
hostname = lib.swarselsystems.getSecret "${secretsDirectory}/work/uc-prod"; hostname = "${loc1}.${domain2}";
user = "stack"; user = user4;
}; };
"uc.stg" = { "${loc1}.stg" = {
hostname = lib.swarselsystems.getSecret "${secretsDirectory}/work/uc-stg"; hostname = "${loc1}.${lifecycle1}.${domain2}";
user = "stack"; user = user4;
}; };
"uc.staging" = { "${loc1}.staging" = {
hostname = lib.swarselsystems.getSecret "${secretsDirectory}/work/uc-stg"; hostname = "${loc1}.${lifecycle1}.${domain2}";
user = "stack"; user = user4;
}; };
"uc.dev" = { "${loc1}.dev" = {
hostname = lib.swarselsystems.getSecret "${secretsDirectory}/work/uc-dev"; hostname = "${loc1}.${lifecycle2}.${domain2}";
user = "stack"; user = user4;
}; };
"cbe" = { "${loc2}" = {
hostname = lib.swarselsystems.getSecret "${secretsDirectory}/work/cbe-prod"; hostname = "${loc2}.${domain1}";
user = dcUser; user = user1Long;
}; };
"cbe.stg" = { "${loc2}.stg" = {
hostname = lib.swarselsystems.getSecret "${secretsDirectory}/work/cbe-stg"; hostname = "${loc2}.${lifecycle1}.${domain2}";
user = dcUser; user = user1Long;
}; };
"cbe.staging" = { "${loc2}.staging" = {
hostname = lib.swarselsystems.getSecret "${secretsDirectory}/work/cbe-stg"; hostname = "${loc2}.${lifecycle1}.${domain2}";
user = dcUser; user = user1Long;
}; };
"*.vbc.ac.at" = { "*.${domain1}" = {
user = dcUser; user = user1Long;
}; };
}; };
}; };
@ -13245,25 +13223,25 @@ The rest of the settings is at [[#h:bbf2ecb6-c8ff-4462-b5d5-d45b28604ddf][work]]
isDefault = false; isDefault = false;
in in
{ {
dc = lib.recursiveUpdate "${user1}" = lib.recursiveUpdate
{ {
inherit isDefault; inherit isDefault;
id = 1; id = 1;
settings = { settings = {
"browser.startup.homepage" = "https://tower.vbc.ac.at|https://artifactory.vbc.ac.at"; "browser.startup.homepage" = "${site1}|${site2}";
}; };
} }
config.swarselsystems.firefox; config.swarselsystems.firefox;
cl = lib.recursiveUpdate "${user2}" = lib.recursiveUpdate
{ {
inherit isDefault; inherit isDefault;
id = 2; id = 2;
settings = { settings = {
"browser.startup.homepage" = "https://portal.azure.com"; "browser.startup.homepage" = "${site3}";
}; };
} }
config.swarselsystems.firefox; config.swarselsystems.firefox;
ws = lib.recursiveUpdate "${user3}" = lib.recursiveUpdate
{ {
inherit isDefault; inherit isDefault;
id = 3; id = 3;
@ -13274,7 +13252,7 @@ The rest of the settings is at [[#h:bbf2ecb6-c8ff-4462-b5d5-d45b28604ddf][work]]
inherit isDefault; inherit isDefault;
id = 4; id = 4;
settings = { settings = {
"browser.startup.homepage" = "https://outlook.office.com|https://satellite.vbc.ac.at|https://bitbucket.vbc.ac.at|https://github.com"; "browser.startup.homepage" = "${site4}|${site5}|${site6}|${site7}";
}; };
} }
config.swarselsystems.firefox; config.swarselsystems.firefox;
@ -13437,27 +13415,28 @@ The rest of the settings is at [[#h:bbf2ecb6-c8ff-4462-b5d5-d45b28604ddf][work]]
exec = "firefox -p work"; exec = "firefox -p work";
inherit terminal categories icon; inherit terminal categories icon;
}; };
firefox_dc = { "firefox_${user1}" = {
name = "Firefox (dc)"; name = "Firefox (${user1})";
genericName = "Firefox dc"; genericName = "Firefox ${user1}";
exec = "firefox -p dc"; exec = "firefox -p ${user4}";
inherit terminal categories icon; inherit terminal categories icon;
}; };
firefox_ws = { "firefox_${user2}" = {
name = "Firefox (ws)"; name = "Firefox (${user2})";
genericName = "Firefox ws"; genericName = "Firefox ${user2}";
exec = "firefox -p ws"; exec = "firefox -p ${user2}";
inherit terminal categories icon; inherit terminal categories icon;
}; };
firefox_cl = { "firefox_${user3}" = {
name = "Firefox (cl)"; name = "Firefox (${user3})";
genericName = "Firefox cl"; genericName = "Firefox ${user3}";
exec = "firefox -p cl"; exec = "firefox -p ${user3}";
inherit terminal categories icon; inherit terminal categories icon;
}; };
}; };
}; };
swarselsystems = { swarselsystems = {
@ -16506,7 +16485,7 @@ The hook functions are defined here: [[#h:34506761-06b9-43b5-a818-506d9b3faf28][
(:maildir "/Drafts" :key ?d) (:maildir "/Drafts" :key ?d)
(:maildir "/All Mail" :key ?a))) (:maildir "/All Mail" :key ?a)))
(setq user-mail-address (getenv "SWARSEL_SWARSEL_MAIL") (setq user-mail-address (getenv "SWARSEL_MAIL4")
user-full-name (getenv "SWARSEL_FULLNAME")) user-full-name (getenv "SWARSEL_FULLNAME"))
;; this does the equivalent of (setq mu4e-user-mail-address-list '(address1@about.com address2@about.com [...]))) ;; this does the equivalent of (setq mu4e-user-mail-address-list '(address1@about.com address2@about.com [...])))

5
hosts/darwin/nbm-imba-166/default.nix
View file

@ -1,7 +1,6 @@
{ lib, inputs, ... }: { lib, ... }:
let let
secretsDirectory = builtins.toString inputs.nix-secrets; inherit (config.repo.secrets.local) workUser;
workUser = lib.swarselsystems.getSecret "${secretsDirectory}/work/work-user";
in in
{ {

16
hosts/darwin/nbm-imba-166/secrets/pii.nix.enc Normal file
View file

@ -0,0 +1,16 @@
{
"data": "ENC[AES256_GCM,data:6u0RRfaZaNk5KwnMoWY4dUC7xn132a7yKDZnStUSRS+Ci7XHMak=,iv:VQ2cYcdOS+S31d1yQioj95CTVmuvBVkgojIs6ib9iOM=,tag:QtC54hIryboeaOnDf1u2yw==,type:str]",
"sops": {
"lastmodified": "2025-06-11T13:04:16Z",
"mac": "ENC[AES256_GCM,data:sOzsL5QIET0hGTR3UwcKx7G8RAlOoLZaDlqsn9Yqw2+0yHPmNFs1N1BST3NNaNe+P9j2XruGgBNGCCm9igq8j37W46hf6uAy69Rx1Kzvrxih2Qu3P0Bb1ozyymQxeXDtKdvC0pxOFsgEk05l9VG0JM2Calxq/pK/EoGPfRQS1Zg=,iv:l0M0BrEQSixlU4I2UrB5g0FaKL32/VrCyJcm3MXujRs=,tag:hiNfmFMpHtoghOEv5JmVKw==,type:str]",
"pgp": [
{
"created_at": "2025-06-11T13:03:51Z",
"enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMAwDh3VI7VctTAQ//cqwpzR+VevsftDMoj79xiFvayPxluot/mZKQAMPNpMIG\nKDNMYYnIKa1z5TBeDVuivslEytIqB8zEmiZ0Sa6oMJ3T1t72cQbKjARKyKxneGAz\nYqVEM/zHq6W4E0NwE74F4ZAhGA8abFu6nKxQwITwyw28TiOzkNHG0W49ZRLXAHRm\nRBih8p6B05Q1EPK3I3Gz4KUklqNptrbjtRvTzcLcVEkfbOhKz2OOck1a/kqjmKrb\n7/9ORD00wfcXnUykIzN7noe5WixEuDdaE1T2f7kgB1749OVPNW4ZhWsm6yGsRJbJ\nh3n4xUhTrwRZ+9MtWqOdoJ8Z2I8ylUmXiHJYfOj/U/BG7H4y/EMXQ8RR4sMZjlcm\nqhuzor4Ku8Og72RHhY7SnSCCSH10uHVqlfapVH7iLkwywg3pKWdqqEv7wU7A83tR\noDa7+zD4wZYS4p6TEvvv9jyUE9r5A0r5evqHSHzM6Cgkp42FDWkTb30NeBvX2RJC\nyBeQEPqiaAIM+dUdxvM+cFzYBMVdfMtgQHwr3Wkw+Bb2+Pt/JDxcSDBtJbxl+GGp\n+tWn6etfSe4Nr0Z0abgUcKq+niaM8rD4W0DhLNDLhXE2KRTbQV0YgBqlXZf+uY8A\nHagbCeGGT0k67PJs++hlDEeVhB980eMzHdLsv0w+Ie6bttgY81gOvsrr23RQN42F\nAgwDC9FRLmchgYQBD/46neLbZcA0IIPUyeOjwiS2p1O1sR/i9UaSALa+4lw/pdCu\n7iPWwGMDNkh6I+5A3++3lC3MME7A846MFGq9iFpH/+TyTZrqnwcwGY92CE60T1Q6\nouA+g7C/CIX1r04IiAVxi9tBjUmB+dFApdFCC5Mg6Yx+3zh6Z49zvMoO5yGqLLhE\nhqAgxJB0lB07nepgB0spJAaKBs7GyYEss3Cm5WpsitLitPRMEUKLcdvYUw6G09Kc\ndmJb9LbZy4Mn7YziIb+czWZ/hW6B7BUSUZMhQJwMcRFBT6+6aTpO6zWM7URbPQaO\nieN+2ShM5OotiUiO3nfRquBw5mUFDOR1ZVxF/rBtiZe2Jt0URE7pKfcuFQREKp01\nVgI+JUrEl0t8e5J3SSAoXColf+Oq4xDY+CNUJOAtuJ/LrNc0+Q0KwZwShHzGOl5M\neqUgkS+IMYrfJjuJZjTzQTJJ6PeC2VpEGO7czgCn9/5FftsrH2wSSLL4FGX4tXfU\nhrbtt4gMN0had0QkZkuhxlIwYcATjUQ7CGQfrhINC+EpEju/NlE6zuuIa+05eigR\n3kEemBa5Ely4onQeMh81nOAyhkhj6QcbE7qn+ueUMAb70u5B115ULLQUrivLu2jI\nSK6o1WAeZKZIcf0/6iB+mMc7qbG36nelK2JYK8e0KiVSIUGehpYwV3ELwuhzEtJc\nAYobc//aa6GU3pCFzp90TA9kAZXhqgaw9wkzicueAhgCfr8s0FxG5WxWQxfJBLYF\nVSPqrqJ0EBU1EF9G2nz0ynJL1iWiN5VcN7JTXYXTK8TPJUe0ZU1boS4AhOY=\n=AG4y\n-----END PGP MESSAGE-----",
"fp": "4BE7925262289B476DBBC17B76FD3810215AE097"
}
],
"unencrypted_suffix": "_unencrypted",
"version": "3.10.2"
}
}

9
hosts/nixos/nbl-imba-2/default.nix
View file

@ -1,6 +1,5 @@
{ self, inputs, lib, primaryUser, ... }: { self, config, inputs, lib, primaryUser, ... }:
let let
secretsDirectory = builtins.toString inputs.nix-secrets;
sharedOptions = { sharedOptions = {
isBtrfs = true; isBtrfs = true;
isLinux = true; isLinux = true;
@ -23,7 +22,7 @@ in
]; ];
node.secretsDir = ./secrets;
swarselsystems = lib.recursiveUpdate swarselsystems = lib.recursiveUpdate
{ {
firewall = lib.mkForce true; firewall = lib.mkForce true;
@ -33,8 +32,8 @@ in
isImpermanence = false; isImpermanence = false;
isSecureBoot = true; isSecureBoot = true;
isCrypted = true; isCrypted = true;
hostName = lib.swarselsystems.getSecret "${secretsDirectory}/work/worklaptop-hostname"; inherit (config.repo.secrets.local) hostName;
fqdn = lib.swarselsystems.getSecret "${secretsDirectory}/work/worklaptop-fqdn"; inherit (config.repo.secrets.local) fqdn;
hibernation.offset = 533760; hibernation.offset = 533760;
profiles = { profiles = {
amdcpu = true; amdcpu = true;

22
hosts/nixos/nbl-imba-2/secrets/pii.nix.enc Normal file
View file

@ -0,0 +1,22 @@
{
"data": "ENC[AES256_GCM,data:7NtG3UFeZ4Ao/g/kfJzSfdwpiOxOT2c3N1NRsFAx2wRLnRHpsT3bgFtkQxiw8hz0GOmZXHktFvoTt6xHv7wjBk8rIil1fUJoWdqGymQWMzjb3crFDWQOkUGJxVl9ARxTQew630ITtezThuGzuOBewBuJ7ha/SAoGLqPwLuitBIuK9nC6szAIN0wdqM+S1KSNyj6yQitUNpL00/cV4PwKE6+slzjO24OEk6Ut5CO5zdS03Kv6vpXHGY2a+13xmkeusuMrfdZPkGt707FDZx5qBOZka8IEThSawZxwqVjgPfUFNwqc7l+OSMkAjgzqZ+XNsQaDGWfrZrHTkIVSGW8C40Zhvz4q2v2BtRREbWCY/mLJVf5ZP0duD95gYk+MA/4pkriPQY1SmF3ci89i3+pWWhJ4QN9fG5eEA6mvDmVquYXa3q5D2MBOnrZw5hPxM5kgwZiC1Km0aCs8yjS2PPxqZZxgjo39to4GjuLnnu+iDy/8T0IQ7vcI1f9cPQpKTUtNHiBf5SJFsDdDgzCuKR3UTBA5Nq9mvUhcSSIvzG03z0QLVHUISdKyLVWFQcmTCsrRbxfsjryPZ2MQF0sda+6/XWDzW3cdXRCUw+H3ac8XHii0xsgD08l1cBXPtDFa/TebiCsbms9tdJoAuTU7n58d0CT9LDqnutCHOUl/38eSNbg1ZpQh1TVvlW+rV9QIxYjPJulOG/USaR17mR3AZ5pwuFLr9YWOipLmSj3ivHxmnpoeQNoHNbcs2lJX40oNmxnB3wHoaicHibNkX/nMkRjYJYz1h+ocZ3sA3HQvzm21JxvDttHucO2y3LL4jq/R5KawrmD6PRl9l0faR2Z+J0m0HAVHCAAfznbQmwCipgVHuXQX0wrKVjwAngXVdYJWWNx154tdp/tDvT/rLSEBgFdVkwJHL5YXu1Vo/nw0bCQWqkoappEpTSDxcEv1MIsF83wwEo3kKrzvwA90X8m34DU2A1NMfvhE3ZJ0wBxGAG3s1BQNfRiHQNnzwqyn7MEbp9+5xHd6FJ6tiC8TByEWZt5MKXTklHf447UTq2yR7ZX+FnKdOjzgCbpH32GddSVaDbNxt91eBg/XOK5lrJTpGqVhl+E7MfLoOuRW,iv:5zbIXCwGyPZZTLscwd9VaCoEriZtaZwsxoGh2Qv4c6g=,tag:Tf7gxYE0aZCrD486M2SMzQ==,type:str]",
"sops": {
"age": [
{
"recipient": "age16lnmuuxfuxxtty3atnhut8wseppwnhp7rdhmxqd5tdvs9qnjffjq42sqyy",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQVXVBVndUU2tDdnlWd3Bu\ndi9DMzFseEtGUVFEWnVEMndWTk9GSGl2SFFjCk9QbnpYS2dYVElJQ28yWGw4Umd0\nS1k0Wk9Yc2hrUUc3dkpGb05EYkFHdVEKLS0tIDYvMUh3NEtlY3FWYVdJbTFRaXlW\neU80R1B0aHprSlI5NkJzRldOSFNMTmcKD4DCuREVbI/Qy3sEyEEWtjW/KbIPuN76\nqoteCCN4mGIR7241e5NwMRlFqxgHyod5mpJfwnUbkYBZZZ/u9PDGmw==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2025-06-11T13:48:16Z",
"mac": "ENC[AES256_GCM,data:6WiY/gpT7V+xQCuotG41Mh+dTSjYT/sg/14Gt7Z7PsrG+WRR33N1OhBV3EVdXeeE8NXkvvoZL/wypgQTWk7wfWpzwhWH478OXc3yaVx7G/nTsDhX/XjKvajpKnXLdn/s2xt9vhPmYuJidR7JYoHN4iv1Lv1eC1mAYKpW4i+sNJk=,iv:ThUxocoeMC1GAfSSeDF9P+m4BZpNuiyWiBrwDPhvNe0=,tag:AxvMKzkG1HBdUqPbbz4Qqg==,type:str]",
"pgp": [
{
"created_at": "2025-06-11T09:18:35Z",
"enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMAwDh3VI7VctTARAAzg39i9TFW/qilR+HdUpNlgp3KXnW0kwYk7CI8Ie7RJOz\nAop/ak/nokwooxlLGJOiNsFS1//5PxiwOyxZzPmGvTTH8o8tUNZQSULhDnBKHUWG\n44KkerCk2CjbgOrcL7SzaZsFufGRJRcW1700EGatl8D3U1o94isYbArzQqjVXu7Z\nC3VRE80zV25TO9FzxCWCPOj/ML+vo+gq/rgUNQi4JKKBf01Ti142nlJ8hcMX23cb\n2KZkT0VOTz0uouc1J5hXiYmBLVEfsrKUTcamUE1S/dAGuaMe41F8oHt9Rw0YxP+g\nj1PjVuk/F44CRnVVNo8ScihNmvX+ex6+2n1JWmSFkCHtx054bMHTBiVMf86gYiy6\nUqbhuQw52U4/p3U8h7gYjU8yBuHMnCxxL3u1362lz2fDIOxyKtvMH0NGhw8cp7/+\nZbJ6fAUezn8xCXyzhl88XVYNXvM4Vjq6D3qBjjlyDJe9wXXsoPSAUNuVqBDbfnm0\ngOCnT6yOPj1Zv39IvQR+k73ISwBJySpqGgIYvjRtH0JGkXt2exayvWCqeRArkSQ4\nBITQKHFmSrBxo4ndnsTYWC+5v9VBLSUFEXpwrRZY9L5Zqw9Gyqj6hThzTMJiyaiV\ngMzK1JbGaEOd0f8QDfJfwn6VmmhW67w775V98n2wSejWb4WfogDXKe8DbIqrxp6F\nAgwDC9FRLmchgYQBEACPCA/rrYva4WKx9RrDiVkqi0sUM+xHEC17a9FyVXH+grwK\nwB+7prQjx9P4z2/qqlASuBjBjE8MvG4SIgJ6lziLstqrWpNHDuPJoXCTwdYbiqME\nb2V2VPC+PmulvUNcWDVEv4PWIYnKmvlhC/pxsyGtSfxRWgNYGCCx4eTa2OfYgswd\nnHnS+qT+cC6RTjqyeftJxlII2ocMduNpqFr9pVnPlNq3C++6bw/g/Il/YhGFJmr2\nvOl2WPhExh5CSux+oKjXdzsim1Ltz8KOmkSXNCEdI0v/X6OPNfGhnsKLYxaQMJst\nYfu8PIiVHPOYao2kVMstOeH5d/9LLV8MChKLTUelkZWrl1US0yBoCambl77Ooxx3\n14pTXosVSlShSBTGvGjlQS9Jnp+s75TMr4YoBe9UuK22iwtyq69ZKgNiAv+j0LIA\nOWSazSkbwikPsfFLmBuUWJjb5nvM9TUocDdwQIUE2AmmsXNnhnzd8CMnTRE05Go3\n4IVJXKHlKuiW53ji0b2GjPyT/WR9cLIpXRkh/ruTMQ7unljRLY9Ln92spbipg9wW\n4LXxRQ1pJcSOfMuDspLo12fts+gWaxQnkaHxRFoXORDmUmv1la1fHqFCeJRuNKIl\n+u0a9J2ra5S3f1rN2jsHcX4qLe+uq9rH/hKjPmE3CdMv0m9uifP7DfQiTnJcCdJc\nAR4qlFAxNnJyV3zavOuY410oYQYR9s9lqDWI20k1Gkgf8K668hrIPr9FeTuSCuGf\nCqjQ15D9MmBihKbB2gaMuJ6hV6+cAW6QEqUABMu7jT8oFixTHh42F8PFyxc=\n=lm7F\n-----END PGP MESSAGE-----",
"fp": "4BE7925262289B476DBBC17B76FD3810215AE097"
}
],
"unencrypted_suffix": "_unencrypted",
"version": "3.10.2"
}
}

10
hosts/nixos/sync/default.nix
View file

@ -1,15 +1,11 @@
{ lib, primaryUser, inputs, ... }: { lib, primaryUser, ... }:
let let
sharedOptions = { sharedOptions = {
isBtrfs = false; isBtrfs = false;
isLinux = true; isLinux = true;
}; };
secretsDirectory = builtins.toString inputs.nix-secrets; inherit (config.repo.secrets.common) workHostName;
workHostName = lib.swarselsystems.getSecret "${secretsDirectory}/work/worklaptop-hostname"; inherit (config.repo.secrets.local.syncthing) dev1 dev2 dev3 loc1;
dev1 = lib.swarselsystems.getSecret "${secretsDirectory}/oci/sync/syncthing/dev1";
dev2 = lib.swarselsystems.getSecret "${secretsDirectory}/oci/sync/syncthing/dev2";
dev3 = lib.swarselsystems.getSecret "${secretsDirectory}/oci/sync/syncthing/dev3";
loc1 = lib.swarselsystems.getSecret "${secretsDirectory}/oci/sync/syncthing/loc1";
in in
{ {
imports = [ imports = [

22
hosts/nixos/sync/secrets/pii.nix.enc Normal file
View file

@ -0,0 +1,22 @@
{
"data": "ENC[AES256_GCM,data:4mDIWJ+WBn4c3US7Gby15hCtYYS6gYR1asm3SafO6/qyPKrcfKN42d2iIZEIPEq5yVj6OKt7ccFjQI2q3p8Dpb+HNYzHeGRcwBXKPL5hbVziP7Ik8pAYib7klUSmMelqOkc0aS1kyRyQzpvQoA6T7vNqEdm8kBR4SRs=,iv:7ZTbZh7TnCnfZ33g88Bsk3TISfhxz3+4cB1KiFucCMM=,tag:QgPChPUmZiB4AhH2xXturA==,type:str]",
"sops": {
"age": [
{
"recipient": "age1glge4e97vgqzh332mqs5990vteezu2m8k4wq3z35jk0q8czw3gks2d7a3h",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1ZWxybEZUcjlIdmtOS3Az\nbGt2czliWHBlUWNsNDA0cTJLeXdFOXE1NHh3CllaWGh1ZEZINDhPMUdCZUQ3Ritj\ncTdpRFRHaFdBa3NPWk40WjVlaTlrQmMKLS0tIEZnYkc3Z2hzZXV1eGlsaktyckVT\nbTIrZ3BvZDNkRGpoZ2ZncVlwZysxMW8KU0vsVA9gG63M1ecqk918QHh7P+MSbKaM\nRv/HVAvCzNcMFwPUC7zF0jN0FpAl7eNGkniUMCzGyXHty4anSDyt1g==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2025-06-11T13:01:41Z",
"mac": "ENC[AES256_GCM,data:urkp4cEP8fzSvroewVTbVfFK4O03qKnd+Ch3ASJAo1xu++y+fuFFyRcvrY57xU32H+mK2ipSkl2FkeTYB2fNDpXzTIyCWGQPZ4i3doqmFkV1UPjjov8Cc/LY7eRQYj84pF9sFRMdAwtaUL3Kd4Ab45mO1fy7KYAW57zuUeZks/o=,iv:efnEEPHFu2EtRSyob3ozjHz4L1YHJ0AqzLb566pg5ZQ=,tag:VnrO5QFhdQFe9/7aJ9C/qw==,type:str]",
"pgp": [
{
"created_at": "2025-06-11T12:59:00Z",
"enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMAwDh3VI7VctTARAAvlrXaui4wqN1kgpfcZMf53RsJYbZp6//miZzas2xKVW3\nyvtubrrYBrHGPEnUuoHexsN4xiQ0zayOn+eLrbv5+8/jhjL6cxtv894+iHYcgkD7\nDc9M4f57Lf7qF9lGTo1pgPKRf2GbHbHfDgUjz5XcIUD0WAz0PCkGQqutP5daw7wV\nMo+fKm6yOxb+e89rlOUY26/LSy+5WMIoQ03tcWu92UZeVRvtEL2LIDQJ3+gCEBrL\nPI0SU84tIl1At1TkKhJkcZ9axn0vOc+LzhcdZ3K5AkAlvnx6/+KdFiVj7xQNQyfN\nJJs3U1HKDca0R6efTRveEoi5nWew2FPGmRfOD34DorokM46Ol0l1c4gL+2LjvPUj\ntEG3slBFoKYbPuj6GSA2H3U2LcgVbPtZggr7VN7d4bLiqT/PkUa2jjAcsqyb+Twc\ng9nmCiWFvrGR76dpvSdx6oO6O/etMcWT9A4fYMPStXcnT32N4q+qrV/+nFZm4BLp\nWvDYkgVWmiAwYTcwuAHS12yH9ymEQMRanSNyzRqjax+GVN70B5nNU5sn8Ch0ex7Q\n6qJZq1j+i/OtNITvnnCdOxefntM4UZzyeyqvU+rZx40KepyVD2XFWkp+9abev0iL\nVbJK5PmNRRxqLaRWxJu2f/Jb86hy60XjCcsWGxuo67ZReRWOHIuyQB15tr3DdReF\nAgwDC9FRLmchgYQBD/49wGPgfs1G4Y0qcAoqZWbdpbcqCwYEzlRK1DJdjFTtE8LO\n+IpA03seoy7qCAp3v86qg7YwjydA+vCJUk7FRFbLiesKDxS1ZRwZSWHuM/v46rj4\nJoTqOPjuJDzed8dFdl4082PrQ0z+dXjsK/ua6d6eQRw6JEgpTLbv7f6Ru4RyM93h\n3wUodncoqcyZ/Wy7qLKCy10CTaD/RRpVrKt18J0L17Qbevmap6tqRZI11GWBnb+R\nqChAvuBQnhN19+MxgJ9AC20SqUht2pBvUXAhWf9vEGoygWR2kXuxyxK2XYu26zXa\nBb33xNAd2BZ/zr7fDnwjROkhRJ0YWk4GqaUCfo3zmT/OtHUzoyIvi0um7obOPzUk\n6RJw3q3siiUXavvTvgJMhCySwzHLtrPGYzCiHfkQc555yRqoz1XrdZOoQyba288y\niMFVzrIp+jlN+shNfsumGIgtogiYl3yI+Ecib7ozwIXDyOmBfsGUFLZkleGXWoH+\n/ZU3stAVFsSzOVkw656NWgsAEnqP1T7TGBMP1vibDPNZBp9aExA+1XLyVbr7sFJG\nWT9ypYorj7hF3UW1Ep/1fmcYovXICieKPR8sLVdWrPxRXArezfoqMAFhxdw6y87n\nQUrOTy8XOwsERmMOWhcU54NgdU21MDI3/sgh20KznNUU1iIOPQgfeobJ0rR/htJe\nAYaaMHhkJvSkiuXBKJIaz125xQrKvwLpB+OsuezPhT5Qn4MZUEoUa5Ft1GhiDqWM\nSB8o70nlAcw0CFvNlsYRZdVY5FACj81B1H6JH5eNUx6f2FVhcO61kc60LJvzug==\n=zX1v\n-----END PGP MESSAGE-----",
"fp": "4BE7925262289B476DBBC17B76FD3810215AE097"
}
],
"unencrypted_suffix": "_unencrypted",
"version": "3.10.2"
}
}

5
hosts/nixos/winters/default.nix
View file

@ -1,4 +1,4 @@
{ lib, primaryUser, ... }: { lib, config, primaryUser, ... }:
let let
sharedOptions = { sharedOptions = {
isBtrfs = false; isBtrfs = false;
@ -20,14 +20,15 @@ in
}; };
networking = { networking = {
inherit (config.repo.secrets.local) hostId;
hostName = "winters"; hostName = "winters";
hostId = "b7778a4a";
firewall.enable = true; firewall.enable = true;
enableIPv6 = false; enableIPv6 = false;
firewall.allowedTCPPorts = [ 80 443 ]; firewall.allowedTCPPorts = [ 80 443 ];
}; };
node.secretsDir = ./secrets;
swarselsystems = lib.recursiveUpdate swarselsystems = lib.recursiveUpdate
{ {
isImpermanence = false; isImpermanence = false;

22
hosts/nixos/winters/secrets/pii.nix.enc Normal file
View file

@ -0,0 +1,22 @@
{
"data": "ENC[AES256_GCM,data:fV+l+oFGo7zQFxQG+EYbLzUjkqClszi79/LpPvhJNl4IBXjSSMUo6E3vGnB/RRoAWwix9EurHDYV9jydd67uQ6Lx1Y31+0daflC/BNYsDYDNUKvDJDWvhbONs2Xg3RGDNacQ+EoHN7mCyHuaiNW7OXHBPhzs+rLlADdgtZ6CNR9bLV2HRpeR+d6uTne5ex8SJ4m3ChJe1O9Cyir4/z4eftfnKtAIezPrAxUPlm1QxnU7/z4YipWVw4HkYVzzWvi9Ewbis1j9C2TRkuOpEWU+I7zrIWiWdsWwnpKZqQv5FJEo3MZpVKcMMlNltvlJiUC+abC9K7079C+5XHhrZgJ73jAQ5fkcSspT5y6JfA+NveqYx7ZmOdS/yg90lrM4X8eE4SlqeN7gdW6nxPOzGZwMQQYeLjGdanKKQhUDQsf8iFW7egfCB+o=,iv:OO+Y91C90hLtZ0ZegEX00ukTUyBHnRqBRTff1LLX5/0=,tag:gZS0S9RrqWZlB5Nyjp6kfA==,type:str]",
"sops": {
"age": [
{
"recipient": "age1h72072slm2pthn9m2qwjsyy2dsazc6hz97kpzh4gksvv0r2jqecqul8w63",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyK0w2RjJ5R1l2ay94QXRj\nekJwSlowcFVLc1cvWVFjNEVFUnFocEJHYlNnCnBnUEYvNWdNWE9BTjB5ODRuTlAw\nMUh4QmlTeVVYNHM0S1FwWG5qUG42VDgKLS0tIHh5VlU2dVZmUlRIMDRlVEJmNU55\ncFlXR1BzMkVnMkFWN3BBZWhHalltMlEKibdARxBcFqaXUhYp3KkrrvO9YgaBDacl\n8BEv4ph0f2baDN0dsymJjmdHStwKTjOwDspRtCTs5u75hR35a2xyFQ==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2025-06-11T12:16:31Z",
"mac": "ENC[AES256_GCM,data:cdN7ip4KbuZVXfbNv3lCacXj6VImR5XLQgDG8u9336MAqERKRdumjj+z9vHNozK+Q2AAAvRuqqCO23RllYlqYpiL++UUEkSe4FNPt0yRQWZFUjHwBeitW4Rlk2PKnoFLngrmBN7+1nrSaFV1aZCQWDybgvBqUv7paBVR0y5cN9E=,iv:FhZsbGT5Z4s2r+1LxSxBYrglr+KWqh+gKeXQF6gflNg=,tag:kkaPCxtx1JQuRPXkl9nA+A==,type:str]",
"pgp": [
{
"created_at": "2025-06-11T11:42:23Z",
"enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMAwDh3VI7VctTARAAnyYWn0oJCbksEr9jIZOTWwnFLVO5zZ1E7tuFahemk6RZ\ncxgYfM+w68PtZ+/2ixCecwrL6k3dVdlEq6eePifweWLFyexUjxxha/AKrCAjNkSa\n4gK/GYE/jPalcc8cfP6R/uXhWo/le+nB5XU92SZ0rtihD5yvHCYBdhOKq29F1hEk\nZCVIfkElwra72PO4pHMN0sBqca3iT4ryUrYZ/qwZa/7xKFBIGW2yaaAmgYDU1an8\nWeyk3h1JMshPtR++hpojKFuhnqSnUBOyOvM7BCwNyKsEGXfVdypFz7dF+lJejADb\nLeFH/XfLCgLIJ8npedBEUFfzo5VSTnbtX8VOEfzxgKaZZN7uK0aZQShBjUK+tc7D\nQRDUK0WUV+68Wk+4mzZsLfMWUP4sM8X4w8Z1mNmyyzntPHt9x8aZ/uCHdZnKs55c\nRKzcGEncI3qxen7JiI+tsKbIf+i1rPGTshy+T3YBg+HnuOl9J2sOin3UE1i88uxd\nOMwzDx5/X3VExxaoI3HP4k+cLHhrl6mbuzEuMDV2Penn+gCFuMiiIM+4WB7BZY6G\n9Tm5eX6muaIGxAK9IRA1uHwdLC28JnJQyrvgHE31axcFb+0MG2TkxlNOlOt0gQAp\n9+vN0meOJEfWB3bUjWSYvrboSOR7oNK7lZYob4YureWUAWfLg8KSsUyjNV4zlzGF\nAgwDC9FRLmchgYQBD/9NGOJqsqESVWL37cpkybyh9xKo45bHcGGSMOHQaqqcntyo\nqCmMS9y6uIBypmd/qKK8csLYAask4UQm8/8GDtUDn0IbE7p5eJ73iHJ3wtkEojig\nXroCV3a8rgaVtSueRGzYuR9UHRU5GgDkW76aAtdiT6lecBs+Mu8rs0++kw8hD7tN\ntSuGeImbwSvR4ow1sSsN2XQLPptgYRjDJ86fvjK6CWQrnKCwJa+R6GN7V+K+kQIK\nTfpJhDtL7JQdz0t/zS5NsnMLhfVHeL9WLjEeOp4VTPflBfAMPLxnC3iVnferCehI\nY8rLWsPfJDDij3nf2QHMTeSMgiminR2gDoNVJ/j5Ac88zNxReQpFh0YAoYtzs27O\nKoDZc8xVxnesx6Yyq+f2d79RqM2swyuP1go5RnrrHdOP25mJLb2yhPCv5765fPRr\ni+9iTSTJn5XNwybvRBYp0l4zTeSSRdVky/8sWXDnJo23uvRXdW1lqJTgsWvseSLD\nugJP5QpCg4mynViWUlQvHpYS0E1xi4lSA0y6HFA6SyIUqupLBtazaOJGUv1MMUBp\n3nLviBtbyWn/9mSlXvzpjKKneNc6jKft1lsUczYfXU7ErMrDHYpHULL0+HbYfFss\nqe2QYzWfWB0yW4FxOiqf2nFkUhoADDbUoBOlRJycZR589MCnKonMYlqtCdf87tJe\nAVJDXU2PQebZ8ef2O5S/zoP6bryOwLJ+6FciXimxHFK+b5PWRAiBvw3epsvohkYd\ny776qjx+U8nWKCR54H/i6pZlfnRM3XnSvUBKKnWlhfEB8CeDcG250AZUfp2T4w==\n=Aj1y\n-----END PGP MESSAGE-----",
"fp": "4BE7925262289B476DBBC17B76FD3810215AE097"
}
],
"unencrypted_suffix": "_unencrypted",
"version": "3.10.2"
}
}

686
index.html
View file

File diff suppressed because it is too large Load diff

19
modules/home/common/env.nix
View file

@ -1,12 +1,7 @@
{ lib, config, nix-secrets, ... }: { lib, config, nixosConfig, ... }:
let let
secretsDirectory = builtins.toString nix-secrets; inherit (nixosConfig.repo.secrets.common.mail) address1 address2 address3 address4 allMailAddresses;
leonMail = lib.swarselsystems.getSecret "${secretsDirectory}/mail/leon"; inherit (nixosConfig.repo.secrets.common) fullName;
nautilusMail = lib.swarselsystems.getSecret "${secretsDirectory}/mail/nautilus";
mrswarselMail = lib.swarselsystems.getSecret "${secretsDirectory}/mail/mrswarsel";
swarselMail = lib.swarselsystems.getSecret "${secretsDirectory}/mail/swarsel";
fullName = lib.swarselsystems.getSecret "${secretsDirectory}/info/fullname";
allMailAddresses = lib.swarselsystems.getSecret "${secretsDirectory}/mail/list";
in in
{ {
options.swarselsystems.modules.env = lib.mkEnableOption "env settings"; options.swarselsystems.modules.env = lib.mkEnableOption "env settings";
@ -18,10 +13,10 @@ in
SWARSEL_HI_RES = config.swarselsystems.highResolution; SWARSEL_HI_RES = config.swarselsystems.highResolution;
}; };
systemd.user.sessionVariables = { systemd.user.sessionVariables = {
SWARSEL_LEON_MAIL = leonMail; SWARSEL_MAIL1 = address1;
SWARSEL_NAUTILUS_MAIL = nautilusMail; SWARSEL_MAIL2 = address2;
SWARSEL_MRSWARSEL_MAIL = mrswarselMail; SWARSEL_MAIL3 = address3;
SWARSEL_SWARSEL_MAIL = swarselMail; SWARSEL_MAIL4 = address4;
SWARSEL_FULLNAME = fullName; SWARSEL_FULLNAME = fullName;
SWARSEL_MAIL_ALL = allMailAddresses; SWARSEL_MAIL_ALL = allMailAddresses;
}; };

7
modules/home/common/gammastep.nix
View file

@ -1,6 +1,6 @@
{ lib, config, nix-secrets, ... }: { lib, config, nixosConfig, ... }:
let let
secretsDirectory = builtins.toString nix-secrets; inherit (nixosConfig.repo.secrets.common.location) latitude longitude;
in in
{ {
options.swarselsystems.modules.gammastep = lib.mkEnableOption "gammastep settings"; options.swarselsystems.modules.gammastep = lib.mkEnableOption "gammastep settings";
@ -8,8 +8,7 @@ in
services.gammastep = { services.gammastep = {
enable = true; enable = true;
provider = "manual"; provider = "manual";
latitude = lib.swarselsystems.getSecret "${secretsDirectory}/home/gammastep-latitude"; inherit longitude latitude;
longitude = lib.swarselsystems.getSecret "${secretsDirectory}/home/gammastep-longitude";
}; };
}; };
} }

9
modules/home/common/git.nix
View file

@ -1,8 +1,7 @@
{ lib, config, nix-secrets, ... }: { lib, config, nixosConfig, ... }:
let let
secretsDirectory = builtins.toString nix-secrets; inherit (nixosConfig.repo.secrets.common.mail) address1;
leonMail = lib.swarselsystems.getSecret "${secretsDirectory}/mail/leon"; inherit (nixosConfig.repo.secrets.common) fullName;
fullName = lib.swarselsystems.getSecret "${secretsDirectory}/info/fullname";
in in
{ {
options.swarselsystems.modules.git = lib.mkEnableOption "git settings"; options.swarselsystems.modules.git = lib.mkEnableOption "git settings";
@ -26,7 +25,7 @@ in
key = "0x76FD3810215AE097"; key = "0x76FD3810215AE097";
signByDefault = true; signByDefault = true;
}; };
userEmail = lib.mkDefault leonMail; userEmail = lib.mkDefault address1;
userName = fullName; userName = fullName;
difftastic.enable = true; difftastic.enable = true;
lfs.enable = true; lfs.enable = true;

28
modules/home/common/mail.nix
View file

@ -1,11 +1,7 @@
{ lib, config, nix-secrets, ... }: { lib, config, nixosConfig, ... }:
let let
secretsDirectory = builtins.toString nix-secrets; inherit (nixosConfig.repo.secrets.common.mail) address1 address2 add2Name address3 add3Name address4;
leonMail = lib.swarselsystems.getSecret "${secretsDirectory}/mail/leon"; inherit (nixosConfig.repo.secrets.common) fullName;
nautilusMail = lib.swarselsystems.getSecret "${secretsDirectory}/mail/nautilus";
mrswarselMail = lib.swarselsystems.getSecret "${secretsDirectory}/mail/mrswarsel";
swarselMail = lib.swarselsystems.getSecret "${secretsDirectory}/mail/swarsel";
fullName = lib.swarselsystems.getSecret "${secretsDirectory}/info/fullname";
in in
{ {
options.swarselsystems.modules.mail = lib.mkEnableOption "mail settings"; options.swarselsystems.modules.mail = lib.mkEnableOption "mail settings";
@ -34,8 +30,8 @@ in
accounts = { accounts = {
leon = { leon = {
primary = true; primary = true;
address = leonMail; address = address1;
userName = leonMail; userName = address1;
realName = fullName; realName = fullName;
passwordCommand = "cat ${config.sops.secrets.leon.path}"; passwordCommand = "cat ${config.sops.secrets.leon.path}";
gpg = { gpg = {
@ -66,7 +62,7 @@ in
}; };
swarsel = { swarsel = {
address = swarselMail; address = address4;
userName = "8227dc594dd515ce232eda1471cb9a19"; userName = "8227dc594dd515ce232eda1471cb9a19";
realName = fullName; realName = fullName;
passwordCommand = "cat ${config.sops.secrets.swarselmail.path}"; passwordCommand = "cat ${config.sops.secrets.swarselmail.path}";
@ -89,9 +85,9 @@ in
nautilus = { nautilus = {
primary = false; primary = false;
address = nautilusMail; address = address2;
userName = nautilusMail; userName = address2;
realName = "Nautilus"; realName = add2Name;
passwordCommand = "cat ${config.sops.secrets.nautilus.path}"; passwordCommand = "cat ${config.sops.secrets.nautilus.path}";
imap.host = "imap.gmail.com"; imap.host = "imap.gmail.com";
smtp.host = "smtp.gmail.com"; smtp.host = "smtp.gmail.com";
@ -116,9 +112,9 @@ in
mrswarsel = { mrswarsel = {
primary = false; primary = false;
address = mrswarselMail; address = address3;
userName = mrswarselMail; userName = address3;
realName = "Swarsel"; realName = add3Name;
passwordCommand = "cat ${config.sops.secrets.mrswarsel.path}"; passwordCommand = "cat ${config.sops.secrets.mrswarsel.path}";
imap.host = "imap.gmail.com"; imap.host = "imap.gmail.com";
smtp.host = "smtp.gmail.com"; smtp.host = "smtp.gmail.com";

106
modules/home/optional/work.nix
View file

@ -1,10 +1,7 @@
{ self, config, pkgs, lib, nix-secrets, ... }: { self, config, pkgs, lib, nixosConfig, ... }:
let let
inherit (config.swarselsystems) homeDir; inherit (config.swarselsystems) homeDir;
secretsDirectory = builtins.toString nix-secrets; inherit (nixosConfig.repo.secrets.local.work) user1 user1Long user2 user2Long user3 user3Long user4 path1 loc1 loc2 site1 site2 site3 site4 site5 site6 site7 lifecycle1 lifecycle2 domain1 domain2 gitMail;
dcUser = lib.swarselsystems.getSecret "${secretsDirectory}/work/dc-user";
clUser = lib.swarselsystems.getSecret "${secretsDirectory}/work/cl-user";
wsUser = lib.swarselsystems.getSecret "${secretsDirectory}/work/ws-user";
in in
{ {
options.swarselsystems.modules.optional.work = lib.mkEnableOption "optional work settings"; options.swarselsystems.modules.optional.work = lib.mkEnableOption "optional work settings";
@ -43,20 +40,20 @@ in
}; };
stylix.targets.firefox.profileNames = [ stylix.targets.firefox.profileNames = [
"dc" "${user1}"
"cl" "${user2}"
"ws" "${user3}"
"work" "work"
]; ];
programs = { programs = {
git.userEmail = lib.swarselsystems.getSecret "${secretsDirectory}/work/git-email"; git.userEmail = lib.mkForce gitMail;
zsh = { zsh = {
shellAliases = { shellAliases = {
dssh = "ssh -l ${dcUser}"; dssh = "ssh -l ${user1Long}";
cssh = "ssh -l ${clUser}"; cssh = "ssh -l ${user2Long}";
wssh = "ssh -l ${wsUser}"; wssh = "ssh -l ${user3Long}";
}; };
cdpath = [ cdpath = [
"~/Documents/Work" "~/Documents/Work"
@ -66,42 +63,42 @@ in
w = "$HOME/Documents/Work"; w = "$HOME/Documents/Work";
s = "$HOME/.dotfiles/secrets"; s = "$HOME/.dotfiles/secrets";
pr = "$HOME/Documents/Private"; pr = "$HOME/Documents/Private";
ac = "$HOME/.ansible/collections/ansible_collections/vbc/linux/roles"; ac = path1;
}; };
}; };
ssh = { ssh = {
matchBlocks = { matchBlocks = {
"uc" = { "${loc1}" = {
hostname = lib.swarselsystems.getSecret "${secretsDirectory}/work/uc-prod"; hostname = "${loc1}.${domain2}";
user = "stack"; user = user4;
}; };
"uc.stg" = { "${loc1}.stg" = {
hostname = lib.swarselsystems.getSecret "${secretsDirectory}/work/uc-stg"; hostname = "${loc1}.${lifecycle1}.${domain2}";
user = "stack"; user = user4;
}; };
"uc.staging" = { "${loc1}.staging" = {
hostname = lib.swarselsystems.getSecret "${secretsDirectory}/work/uc-stg"; hostname = "${loc1}.${lifecycle1}.${domain2}";
user = "stack"; user = user4;
}; };
"uc.dev" = { "${loc1}.dev" = {
hostname = lib.swarselsystems.getSecret "${secretsDirectory}/work/uc-dev"; hostname = "${loc1}.${lifecycle2}.${domain2}";
user = "stack"; user = user4;
}; };
"cbe" = { "${loc2}" = {
hostname = lib.swarselsystems.getSecret "${secretsDirectory}/work/cbe-prod"; hostname = "${loc2}.${domain1}";
user = dcUser; user = user1Long;
}; };
"cbe.stg" = { "${loc2}.stg" = {
hostname = lib.swarselsystems.getSecret "${secretsDirectory}/work/cbe-stg"; hostname = "${loc2}.${lifecycle1}.${domain2}";
user = dcUser; user = user1Long;
}; };
"cbe.staging" = { "${loc2}.staging" = {
hostname = lib.swarselsystems.getSecret "${secretsDirectory}/work/cbe-stg"; hostname = "${loc2}.${lifecycle1}.${domain2}";
user = dcUser; user = user1Long;
}; };
"*.vbc.ac.at" = { "*.${domain1}" = {
user = dcUser; user = user1Long;
}; };
}; };
}; };
@ -112,25 +109,25 @@ in
isDefault = false; isDefault = false;
in in
{ {
dc = lib.recursiveUpdate "${user1}" = lib.recursiveUpdate
{ {
inherit isDefault; inherit isDefault;
id = 1; id = 1;
settings = { settings = {
"browser.startup.homepage" = "https://tower.vbc.ac.at|https://artifactory.vbc.ac.at"; "browser.startup.homepage" = "${site1}|${site2}";
}; };
} }
config.swarselsystems.firefox; config.swarselsystems.firefox;
cl = lib.recursiveUpdate "${user2}" = lib.recursiveUpdate
{ {
inherit isDefault; inherit isDefault;
id = 2; id = 2;
settings = { settings = {
"browser.startup.homepage" = "https://portal.azure.com"; "browser.startup.homepage" = "${site3}";
}; };
} }
config.swarselsystems.firefox; config.swarselsystems.firefox;
ws = lib.recursiveUpdate "${user3}" = lib.recursiveUpdate
{ {
inherit isDefault; inherit isDefault;
id = 3; id = 3;
@ -141,7 +138,7 @@ in
inherit isDefault; inherit isDefault;
id = 4; id = 4;
settings = { settings = {
"browser.startup.homepage" = "https://outlook.office.com|https://satellite.vbc.ac.at|https://bitbucket.vbc.ac.at|https://github.com"; "browser.startup.homepage" = "${site4}|${site5}|${site6}|${site7}";
}; };
} }
config.swarselsystems.firefox; config.swarselsystems.firefox;
@ -304,27 +301,28 @@ in
exec = "firefox -p work"; exec = "firefox -p work";
inherit terminal categories icon; inherit terminal categories icon;
}; };
firefox_dc = { "firefox_${user1}" = {
name = "Firefox (dc)"; name = "Firefox (${user1})";
genericName = "Firefox dc"; genericName = "Firefox ${user1}";
exec = "firefox -p dc"; exec = "firefox -p ${user4}";
inherit terminal categories icon; inherit terminal categories icon;
}; };
firefox_ws = { "firefox_${user2}" = {
name = "Firefox (ws)"; name = "Firefox (${user2})";
genericName = "Firefox ws"; genericName = "Firefox ${user2}";
exec = "firefox -p ws"; exec = "firefox -p ${user2}";
inherit terminal categories icon; inherit terminal categories icon;
}; };
firefox_cl = { "firefox_${user3}" = {
name = "Firefox (cl)"; name = "Firefox (${user3})";
genericName = "Firefox cl"; genericName = "Firefox ${user3}";
exec = "firefox -p cl"; exec = "firefox -p ${user3}";
inherit terminal categories icon; inherit terminal categories icon;
}; };
}; };
}; };
swarselsystems = { swarselsystems = {

15
modules/nixos/server/navidrome.nix
View file

@ -1,7 +1,4 @@
{ pkgs, lib, inputs, config, ... }: { pkgs, config, lib, ... }:
let
secretsDirectory = builtins.toString inputs.nix-secrets;
in
{ {
options.swarselsystems.modules.server.navidrome = lib.mkEnableOption "enable navidrome on server"; options.swarselsystems.modules.server.navidrome = lib.mkEnableOption "enable navidrome on server";
config = lib.mkIf config.swarselsystems.modules.server.navidrome { config = lib.mkIf config.swarselsystems.modules.server.navidrome {
@ -60,10 +57,12 @@ in
}; };
# Switch using --impure as these credential files are not stored within the flake # Switch using --impure as these credential files are not stored within the flake
# sops-nix is not supported for these which is why we need to resort to these # sops-nix is not supported for these which is why we need to resort to these
LastFM.ApiKey = lib.swarselsystems.getSecret "${secretsDirectory}/navidrome/lastfm-secret"; LastFM = {
LastFM.Secret = lib.swarselsystems.getSecret "${secretsDirectory}/navidrome/lastfm-key"; inherit (config.repo.secrets.local.LastFM) ApiKey Secret;
Spotify.ID = lib.swarselsystems.getSecret "${secretsDirectory}/navidrome/spotify-id"; };
Spotify.Secret = lib.swarselsystems.getSecret "${secretsDirectory}/navidrome/spotify-secret"; Spotify = {
inherit (config.repo.secrets.local.Spotify) ID Secret;
};
UILoginBackgroundUrl = "https://i.imgur.com/OMLxi7l.png"; UILoginBackgroundUrl = "https://i.imgur.com/OMLxi7l.png";
UIWelcomeMessage = "~SwarselSound~"; UIWelcomeMessage = "~SwarselSound~";
}; };

5
modules/nixos/server/restic.nix
View file

@ -1,7 +1,6 @@
{ lib, pkgs, config, inputs, ... }: { lib, pkgs, config, ... }:
let let
secretsDirectory = builtins.toString inputs.nix-secrets; inherit (config.repo.secrets.local) resticRepo;
resticRepo = lib.swarselsystems.getSecret "${secretsDirectory}/restic/wintersRepo";
in in
{ {
options.swarselsystems.modules.server.restic = lib.mkEnableOption "enable restic backups on server"; options.swarselsystems.modules.server.restic = lib.mkEnableOption "enable restic backups on server";

5
modules/nixos/server/syncthing.nix
View file

@ -1,7 +1,6 @@
{ lib, config, inputs, ... }: { lib, config, ... }:
let let
secretsDirectory = builtins.toString inputs.nix-secrets; inherit (config.repo.secrets.common) workHostName;
workHostName = lib.swarselsystems.getSecret "${secretsDirectory}/work/worklaptop-hostname";
in in
{ {
options.swarselsystems.modules.server.syncthing = lib.mkEnableOption "enable syncthing on server"; options.swarselsystems.modules.server.syncthing = lib.mkEnableOption "enable syncthing on server";

2
programs/emacs/init.el
View file

@ -1502,7 +1502,7 @@ create a new one."
(:maildir "/Drafts" :key ?d) (:maildir "/Drafts" :key ?d)
(:maildir "/All Mail" :key ?a))) (:maildir "/All Mail" :key ?a)))
(setq user-mail-address (getenv "SWARSEL_SWARSEL_MAIL") (setq user-mail-address (getenv "SWARSEL_MAIL4")
user-full-name (getenv "SWARSEL_FULLNAME")) user-full-name (getenv "SWARSEL_FULLNAME"))
;; this does the equivalent of (setq mu4e-user-mail-address-list '(address1@about.com address2@about.com [...]))) ;; this does the equivalent of (setq mu4e-user-mail-address-list '(address1@about.com address2@about.com [...])))

6
secrets/repo/pii.nix.enc
View file

@ -1,5 +1,5 @@
{ {
"data": "ENC[AES256_GCM,data:s7upsped0qBHSmSbW4ESqH9RbroHNMSO7wYwXRf12aWo6Ula6vpwQYHyCqhuiI4WtSL1osRLoosLipfNJLJRgunLB+qAJgkof+5njmCw,iv:ywC5bm4W9dkuxgqA7GxTE40pgzjGdLsHQifoMHYgEaY=,tag:bOf0xTa2VxZ+zONVRoXf9g==,type:str]", "data": "ENC[AES256_GCM,data:t46tqCQNV0Anyt3ZhfoFA6HnSC7ECCjbsdMAGQ+Xno4BjBFXBJdhcKuEdfqqKylBberfQ5zpS7PI9TWUrhjJdQJq8uC7pMcLK652OjAJAdxHaHAt2eBPq2+UXAHvwzXwEauEZ78m7iv0VuFvN9pLbUBVDGFRdWLrt32DD2xVASLSscn/wpYnXhBrd+fi9nKtt41mhe8UvAEIxdYtIEh4/ylL3PjvCEJBBEci7Fe/UuokNxhlMNc2xV0AVo25aM3mQbXny8LPF5++PVteVr4RWHm9R1qtRR8cKmJI/j2ObwS5WSsnRAJHgO6b6Wq9F4SNdEFscqW7d8/WWBPTvv+H3VSQ3K0xxaOrbnJYxBbSAboTDZogkbYSrY41SXqXh1Gorvh92eCvYCSxTFLnbkKVx3F35+3NKYK8RQ0OYsIl+k8qE9kK35kNjXrm3gl7p/WjyDXJ2mhHmt5ZQSleseh4meOhg73kJFC+VeUlI5no+kDeaYwn5EM/pi/ZzsAQwq/wGqVrPgSVnTbyfBAD1FRqeUxNCo2ceTGW12ZvOvm+XxUJ8tVef2PvUuqKvg1Xx4TN3hRQUcYhXwZWzKgseiAonRA4Euzs/BKA5K233uP22t8klCy23Ngti0LJt5tbmsNeBBwb2f5Wcs4oDn2YIFTm9Bg9QLbfkYyZf/ZkbA0U7HfbvhlIKANmzy1G8+MYlpS4ZED36wT1fEDcEBVygzyHVx9sXEZuj6Nm1ekxSGgJciVL,iv:PBwZiNQjDguQF/GFegm1oVYHF0lG6fjK0vxBuQN1HFo=,tag:VH2pH+rKgyBSIzGo8py6bw==,type:str]",
"sops": { "sops": {
"age": [ "age": [
{ {
@ -23,8 +23,8 @@
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4bFIrQjZ5cUFBQUp4dTRW\ndEdaZys0OHE5L3BPaVNic3ZZRDQ5N09SaGdZCllhWnY4T2lLZzVUMlp5VjMvQ2lP\ndGFNSTBqbjNMaUcwbVRaWFVCazU3OEUKLS0tIHBIWUZCYjFDVDgzbUUxMC9TNzdp\naFdiWmV6TGIva0RNUDNHWmdJZGgzNHMKiIzjo6sH/SP12cAXTvXiP0X9EE/A8Qw1\nIfgZfyEHdf/Mxd/iNzlWb2Nb0MLerYYw/qZ/+L5eDpUr4Vl051qOXA==\n-----END AGE ENCRYPTED FILE-----\n" "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4bFIrQjZ5cUFBQUp4dTRW\ndEdaZys0OHE5L3BPaVNic3ZZRDQ5N09SaGdZCllhWnY4T2lLZzVUMlp5VjMvQ2lP\ndGFNSTBqbjNMaUcwbVRaWFVCazU3OEUKLS0tIHBIWUZCYjFDVDgzbUUxMC9TNzdp\naFdiWmV6TGIva0RNUDNHWmdJZGgzNHMKiIzjo6sH/SP12cAXTvXiP0X9EE/A8Qw1\nIfgZfyEHdf/Mxd/iNzlWb2Nb0MLerYYw/qZ/+L5eDpUr4Vl051qOXA==\n-----END AGE ENCRYPTED FILE-----\n"
} }
], ],
"lastmodified": "2025-06-11T01:57:02Z", "lastmodified": "2025-06-11T12:35:26Z",
"mac": "ENC[AES256_GCM,data:c/fERNdNCLBb26sZzse/liAQWosjFB20nP7xje1qsJ+NpGa9fvZXGtbxMTbFx/BWy5VB2LEwXLzOTNv10gbjCa7Ovr6fzWaZZ9PoadsrDA2nSiAvTu3v+a70vKCwsTWTUA42w61lEEWBJwjU3kKiI3WF8TPOCeB0CLf3J1t4AHo=,iv:BoPCpP2VwDSHJllcQMpcClHFr6YWDQIT5GJGSZ1HAYY=,tag:hdQUQEFHH3a0PhlEmKdPoQ==,type:str]", "mac": "ENC[AES256_GCM,data:qySqNhw1CPbilUmJPSOsLGG3mbLrvPMXzkzUGIj5l1EBLl//BVfAqvkgc06AhjDexr708CyUU5tiW0JydFBkEcByxDK21JhnZGVTdiTidBUl5lS392bCxdnrWgNCm6BnIznLsF3UpuqStsztOgjRJa2pawC2b5i6VCm4asif2lQ=,iv:M0JEy5+8g2wesVMpfhl0OZOKh4MFnh6RwUm9tteSYJ4=,tag:2zxRZLab6Z5XDsh9MMHSlg==,type:str]",
"pgp": [ "pgp": [
{ {
"created_at": "2025-06-11T01:05:00Z", "created_at": "2025-06-11T01:05:00Z",