diff --git a/.github/README.md b/.github/README.md index f31bb06..d5d7313 100644 --- a/.github/README.md +++ b/.github/README.md @@ -121,30 +121,29 @@ Alternatively, to install this from any NixOS live ISO, run `nix run --experimen ### Services -| Topic | Program | -|-----------------------|---------------------------------------------------------------------------------------------------------------------| -|📖 **Books** | [Kavita](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/kavita.nix) | -|📼 **Videos** | [Jellyfin](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/jellyfin.nix) | -|🎵 **Music** | [Navidrome](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/navidrome.nix) + [Spotifyd](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/spotifyd.nix) + [MPD](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/mpd.nix) | -|🗨️ **Messaging** | [Matrix](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/matrix.nix) | +| Topic | Program | +|-----------------------|---------------------------------| +|📖 **Books** | [Kavita](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/kavita.nix) | +|📼 **Videos** | [Jellyfin](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/jellyfin.nix) | +|🎵 **Music** | [Navidrome](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/navidrome.nix) + [Spotifyd](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/spotifyd.nix) + [MPD](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/mpd.nix) | +|🗨️ **Messaging** | [Matrix](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/matrix.nix) | |📁 **Filesharing** | [Nectcloud](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/nextcloud.nix) | -|🎞️ **Photos** | [Immich](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/immich.nix) | +|📷 **Photos** | [Immich](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/immich.nix) | |📄 **Documents** | [Paperless](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/paperless.nix) | |🔄 **File Sync** | [Syncthing](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/syncthing.nix) | -|💾 **Backups** | [Restic](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/restic.nix) | -|👁️ **Monitoring** | [Grafana](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/monitoring.nix) | -|🍴 **RSS** | [FreshRss](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/freshrss.nix) | -|🌳 **Git** | [Forgejo](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/forgejo.nix) | -|⚓ **Anki Sync** | [Anki Sync Server](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/ankisync.nix) | -|🪪 **SSO** | [Kanidm](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/kanidm.nix) + [oauth2-proxy](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/oauth2-proxy.nix) | -|💸 **Finance** | [Firefly-III](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/firefly-iii.nix) | -|🃏 **Collections** | [Koillection](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/koillection.nix) | -|🗃️ **Shell History** | [Atuin](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/atuin.nix) | -|📅 **CalDav/CardDav** | [Radicale](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/radicale.nix) | -|↔️ **P2P Filesharing** | [Croc](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/croc.nix) | -|✂️ **Paste Tool** | [Microbin](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/microbin.nix) | -|📸 **Image Sharing** | [Slink](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/slink.nix) | -|🔗 **Link Shortener** | [Shlink](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/shlink.nix) | +|💾 **Backups** | [Restic](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/restic.nix) | +|👁️ **Monitoring** | [Grafana](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/monitoring.nix) | +|🍴 **RSS** | [FreshRss](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/freshrss.nix) | +|🌳 **Git** | [Forgejo](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/forgejo.nix) | +|⚓ **Anki Sync** | [Anki Sync Server](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/ankisync.nix) | +|🪪 **SSO** | [Kanidm](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/kanidm.nix) + [oauth2-proxy](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/oauth2-proxy.nix) | +|💸 **Finance** | [Firefly-III](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/firefly-iii.nix) | +|🃏 **Collections** | [Koillection](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/koillection.nix) | +|🗃️ **Shell History** | [Atuin](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/atuin.nix) | +|📅 **CalDav/CardDav** | [Radicale](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/radicale.nix) | +|↔️ **P2P Filesharing** | [Croc](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/croc.nix) | +|✂️ **Paste Tool** | [Microbin](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/microbin.nix) | +|🔗 **Link Shortener** | [Shlink](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/shlink.nix) | ### Hosts diff --git a/SwarselSystems.org b/SwarselSystems.org index 282c040..a31f31c 100644 --- a/SwarselSystems.org +++ b/SwarselSystems.org @@ -268,30 +268,29 @@ Here I give a brief overview over the hostmachines that I am using. This is held :END: #+begin_src markdown :tangle no :noweb-ref services - | Topic | Program | - |-----------------------|---------------------------------------------------------------------------------------------------------------------| - |📖 **Books** | [Kavita](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/kavita.nix) | - |📼 **Videos** | [Jellyfin](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/jellyfin.nix) | - |🎵 **Music** | [Navidrome](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/navidrome.nix) + [Spotifyd](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/spotifyd.nix) + [MPD](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/mpd.nix) | - |🗨️ **Messaging** | [Matrix](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/matrix.nix) | + | Topic | Program | + |-----------------------|---------------------------------| + |📖 **Books** | [Kavita](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/kavita.nix) | + |📼 **Videos** | [Jellyfin](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/jellyfin.nix) | + |🎵 **Music** | [Navidrome](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/navidrome.nix) + [Spotifyd](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/spotifyd.nix) + [MPD](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/mpd.nix) | + |🗨️ **Messaging** | [Matrix](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/matrix.nix) | |📁 **Filesharing** | [Nectcloud](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/nextcloud.nix) | - |🎞️ **Photos** | [Immich](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/immich.nix) | + |📷 **Photos** | [Immich](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/immich.nix) | |📄 **Documents** | [Paperless](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/paperless.nix) | |🔄 **File Sync** | [Syncthing](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/syncthing.nix) | - |💾 **Backups** | [Restic](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/restic.nix) | - |👁️ **Monitoring** | [Grafana](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/monitoring.nix) | - |🍴 **RSS** | [FreshRss](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/freshrss.nix) | - |🌳 **Git** | [Forgejo](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/forgejo.nix) | - |⚓ **Anki Sync** | [Anki Sync Server](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/ankisync.nix) | - |🪪 **SSO** | [Kanidm](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/kanidm.nix) + [oauth2-proxy](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/oauth2-proxy.nix) | - |💸 **Finance** | [Firefly-III](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/firefly-iii.nix) | - |🃏 **Collections** | [Koillection](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/koillection.nix) | - |🗃️ **Shell History** | [Atuin](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/atuin.nix) | - |📅 **CalDav/CardDav** | [Radicale](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/radicale.nix) | - |↔️ **P2P Filesharing** | [Croc](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/croc.nix) | - |✂️ **Paste Tool** | [Microbin](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/microbin.nix) | - |📸 **Image Sharing** | [Slink](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/slink.nix) | - |🔗 **Link Shortener** | [Shlink](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/shlink.nix) | + |💾 **Backups** | [Restic](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/restic.nix) | + |👁️ **Monitoring** | [Grafana](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/monitoring.nix) | + |🍴 **RSS** | [FreshRss](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/freshrss.nix) | + |🌳 **Git** | [Forgejo](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/forgejo.nix) | + |⚓ **Anki Sync** | [Anki Sync Server](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/ankisync.nix) | + |🪪 **SSO** | [Kanidm](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/kanidm.nix) + [oauth2-proxy](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/oauth2-proxy.nix) | + |💸 **Finance** | [Firefly-III](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/firefly-iii.nix) | + |🃏 **Collections** | [Koillection](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/koillection.nix) | + |🗃️ **Shell History** | [Atuin](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/atuin.nix) | + |📅 **CalDav/CardDav** | [Radicale](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/radicale.nix) | + |↔️ **P2P Filesharing** | [Croc](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/croc.nix) | + |✂️ **Paste Tool** | [Microbin](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/microbin.nix) | + |🔗 **Link Shortener** | [Shlink](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/shlink.nix) | #+end_src * flake.nix @@ -782,7 +781,6 @@ Lastly, in order make this actually available to my configurations, i use the =i domains services user - root ; }; }; @@ -840,14 +838,6 @@ The rest of the outputs either define or help define the actual configurations: name = configName; secretsDir = ../hosts/nixos/${configName}/secrets; }; - - swarselprofiles = { - minimal = lib.mkIf minimal (lib.mkDefault true); - }; - - swarselsystems = { - mainUser = lib.mkDefault "swarsel"; - }; } ]; }; @@ -871,7 +861,6 @@ The rest of the outputs either define or help define the actual configurations: { node.name = configName; node.secretsDir = ../hosts/darwin/${configName}/secrets; - } ]; }; @@ -1782,6 +1771,19 @@ My work machine. Built for more security, this is the gold standard of my config { self, config, inputs, lib, minimal, ... }: let primaryUser = config.swarselsystems.mainUser; + sharedOptions = { + isLaptop = true; + isNixos = true; + isBtrfs = true; + isLinux = true; + sharescreen = "eDP-2"; + profiles = { + personal = lib.mkIf (!minimal) true; + minimal = lib.mkIf minimal true; + work = lib.mkIf (!minimal) true; + framework = lib.mkIf (!minimal) true; + }; + }; in { @@ -1794,57 +1796,54 @@ My work machine. Built for more security, this is the gold standard of my config ]; - swarselprofiles = { - personal = lib.mkIf (!minimal) true; - work = lib.mkIf (!minimal) true; - framework = lib.mkIf (!minimal) true; - amdcpu = true; - amdgpu = true; - hibernation = true; - btrfs = true; - }; - swarselsystems = { - lowResolution = "1280x800"; - highResolution = "2560x1600"; - isLaptop = true; - isNixos = true; - isBtrfs = true; - isLinux = true; - sharescreen = "eDP-2"; - info = "Framework Laptop 16, 7940HS, RX7700S, 64GB RAM"; - firewall = lib.mkForce true; - wallpaper = self + /files/wallpaper/lenovowp.png; - hasBluetooth = true; - hasFingerprint = true; - isImpermanence = false; - isSecureBoot = true; - isCrypted = true; - inherit (config.repo.secrets.local) hostName; - inherit (config.repo.secrets.local) fqdn; - hibernation.offset = 533760; - }; + swarselsystems = lib.recursiveUpdate + { + info = "Framework Laptop 16, 7940HS, RX7700S, 64GB RAM"; + firewall = lib.mkForce true; + wallpaper = self + /files/wallpaper/lenovowp.png; + hasBluetooth = true; + hasFingerprint = true; + isImpermanence = false; + isSecureBoot = true; + isCrypted = true; + inherit (config.repo.secrets.local) hostName; + inherit (config.repo.secrets.local) fqdn; + hibernation.offset = 533760; + profiles = { + amdcpu = true; + amdgpu = true; + hibernation = true; + btrfs = true; + }; + } + sharedOptions; home-manager.users."${primaryUser}" = { - swarselsystems = { - isSecondaryGpu = true; - SecondaryGpuCard = "pci-0000_03_00_0"; - cpuCount = 16; - temperatureHwmon = { - isAbsolutePath = true; - path = "/sys/devices/virtual/thermal/thermal_zone0/"; - input-filename = "temp4_input"; - }; - monitors = { - main = { - name = "BOE 0x0BC9 Unknown"; - mode = "2560x1600"; # TEMPLATE - scale = "1"; - position = "2560,0"; - workspace = "15:L"; - output = "eDP-2"; + # home.stateVersion = lib.mkForce "23.05"; + swarselsystems = lib.recursiveUpdate + { + isSecondaryGpu = true; + SecondaryGpuCard = "pci-0000_03_00_0"; + cpuCount = 16; + temperatureHwmon = { + isAbsolutePath = true; + path = "/sys/devices/virtual/thermal/thermal_zone0/"; + input-filename = "temp4_input"; }; - }; - }; + lowResolution = "1280x800"; + highResolution = "2560x1600"; + monitors = { + main = { + name = "BOE 0x0BC9 Unknown"; + mode = "2560x1600"; # TEMPLATE + scale = "1"; + position = "2560,0"; + workspace = "15:L"; + output = "eDP-2"; + }; + }; + } + sharedOptions; }; } @@ -2033,7 +2032,17 @@ My personal laptop. { self, config, inputs, lib, minimal, ... }: let primaryUser = config.swarselsystems.mainUser; - sharedOptions = { }; + sharedOptions = { + isLaptop = true; + isNixos = true; + isBtrfs = true; + isLinux = true; + sharescreen = "eDP-1"; + profiles = { + reduced = lib.mkIf (!minimal) true; + minimal = lib.mkIf minimal true; + }; + }; in { @@ -2045,20 +2054,9 @@ My personal laptop. ]; - swarselprofiles = { - reduced = lib.mkIf (!minimal) true; - btrfs = true; - }; swarselsystems = lib.recursiveUpdate { - isLaptop = true; - isNixos = true; - isBtrfs = true; - isLinux = true; - lowResolution = "1280x800"; - highResolution = "1920x1080"; - sharescreen = "eDP-1"; info = "Lenovo ThinkPad"; firewall = lib.mkForce true; wallpaper = self + /files/wallpaper/lenovowp.png; @@ -2071,23 +2069,30 @@ My personal laptop. rootDisk = "/dev/nvme0n1"; swapSize = "4G"; hostName = config.node.name; + profiles = { + btrfs = true; + }; } sharedOptions; home-manager.users."${primaryUser}" = { # home.stateVersion = lib.mkForce "23.05"; - swarselsystems = { - monitors = { - main = { - name = "LG Display 0x04EF Unknown"; - mode = "1920x1080"; # TEMPLATE - scale = "1"; - position = "1920,0"; - workspace = "15:L"; - output = "eDP-1"; + swarselsystems = lib.recursiveUpdate + { + lowResolution = "1280x800"; + highResolution = "1920x1080"; + monitors = { + main = { + name = "LG Display 0x04EF Unknown"; + mode = "1920x1080"; # TEMPLATE + scale = "1"; + position = "1920,0"; + workspace = "15:L"; + output = "eDP-1"; + }; }; - }; - }; + } + sharedOptions; }; } @@ -2267,7 +2272,18 @@ This is my main server that I run at home. It handles most tasks that require bi :CUSTOM_ID: h:8ad68406-4a75-45ba-97ad-4c310b921124 :END: #+begin_src nix-ts :tangle hosts/nixos/winters/default.nix - { config, ... }: + { lib, config, ... }: + let + primaryUser = config.swarselsystems.mainUser; + sharedOptions = { + isBtrfs = false; + isLinux = true; + isNixos = true; + profiles = { + server.local = true; + }; + }; + in { imports = [ @@ -2288,20 +2304,21 @@ This is my main server that I run at home. It handles most tasks that require bi }; - swarselprofiles = { - server.local = true; - }; + swarselsystems = lib.recursiveUpdate + { + info = "ASRock J4105-ITX, 32GB RAM"; + isImpermanence = false; + isSecureBoot = true; + isCrypted = true; + } + sharedOptions; - swarselsystems = { - info = "ASRock J4105-ITX, 32GB RAM"; - isImpermanence = false; - isSecureBoot = true; - isCrypted = true; - isBtrfs = false; - isLinux = true; - isNixos = true; + home-manager.users."${primaryUser}" = { + home.stateVersion = lib.mkForce "23.05"; + swarselsystems = lib.recursiveUpdate + { } + sharedOptions; }; - } @@ -2477,7 +2494,18 @@ This machine mainly acts as an external sync helper. It manages the following th :END: #+begin_src nix-ts :tangle hosts/nixos/milkywell/default.nix - { lib, minimal, ... }: + { lib, config, minimal, ... }: + let + primaryUser = config.swarselsystems.mainUser; + sharedOptions = { + isBtrfs = true; + isLinux = true; + isNixos = true; + }; + profiles = { + minimal = lib.mkIf minimal true; + }; + in { imports = [ ./hardware-configuration.nix @@ -2500,21 +2528,25 @@ This machine mainly acts as an external sync helper. It manages the following th enableAllFirmware = lib.mkForce false; }; - swarselprofiles = { - minimal = lib.mkIf minimal true; - server.syncserver = true; - }; - swarselsystems = { - info = "VM.Standard.E2.1.Micro"; - isImpermanence = true; - isSecureBoot = false; - isCrypted = true; - isSwap = true; - rootDisk = "/dev/sda"; - swapSize = "4G"; - isBtrfs = true; - isLinux = true; - isNixos = true; + swarselsystems = lib.recursiveUpdate + { + info = "VM.Standard.E2.1.Micro"; + isImpermanence = true; + isSecureBoot = false; + isCrypted = true; + isSwap = true; + rootDisk = "/dev/sda"; + swapSize = "4G"; + profiles = { + server.syncserver = true; + }; + } + sharedOptions; + + home-manager.users."${primaryUser}" = { + swarselsystems = lib.recursiveUpdate + { } + sharedOptions; }; } @@ -2666,10 +2698,19 @@ This machine mainly acts as an external sync helper. It manages the following th :END: #+begin_src nix-ts :tangle hosts/nixos/moonside/default.nix - { lib, config, ... }: + { lib, config, globals, ... }: let + primaryUser = config.swarselsystems.mainUser; + inherit (config.repo.secrets.common) workHostName; inherit (config.repo.secrets.local.syncthing) dev1 dev2 dev3 loc1; inherit (config.swarselsystems) sopsFile; + serviceDomain = config.repo.secrets.common.services.domains.syncthing3; + + sharedOptions = { + isBtrfs = true; + isNixos = true; + isLinux = true; + }; in { imports = [ @@ -2692,6 +2733,15 @@ This machine mainly acts as an external sync helper. It manages the following th environment = { etc."issue".text = "\4"; + + persistence."/persist".directories = lib.mkIf config.swarselsystems.isImpermanence [ + { + directory = "/var/lib/syncthing"; + user = "syncthing"; + group = "syncthing"; + mode = "0700"; + } + ]; }; topology.self.interfaces.wg = { @@ -2738,74 +2788,148 @@ This machine mainly acts as an external sync helper. It manages the following th system.stateVersion = "23.11"; - services.syncthing = { - dataDir = lib.mkForce "/sync"; - settings = { - devices = config.swarselsystems.syncthing.devices // { - "${dev1}" = { - id = "OCCDGDF-IPZ6HHQ-5SSLQ3L-MSSL5ZW-IX5JTAM-PW4PYEK-BRNMJ7E-Q7YDMA7"; - }; - "${dev2}" = { - id = "LPCFIIB-ENUM2V6-F2BWVZ6-F2HXCL2-BSBZXUF-TIMNKYB-7CATP7H-YU5D3AH"; - }; - "${dev3}" = { - id = "LAUT2ZP-KEZY35H-AHR3ARD-URAREJI-2B22P5T-PIMUNWW-PQRDETU-7KIGNQR"; - }; - }; - folders = { - "Documents" = { - path = "/sync/Documents"; - type = "receiveonly"; - versioning = { - type = "simple"; - params.keep = "2"; + globals.services."syncthing-${config.networking.hostName}".domain = serviceDomain; + + services = { + nginx = { + virtualHosts = { + ${serviceDomain} = { + enableACME = true; + forceSSL = true; + acmeRoot = null; + locations = { + "/" = { + proxyPass = "http://localhost:8384"; + extraConfig = '' + client_max_body_size 0; + ''; + }; }; - devices = [ "pyramid" ]; - id = "hgr3d-pfu3w"; - }; - "runandbun" = { - path = "/sync/runandbun"; - type = "receiveonly"; - versioning = { - type = "simple"; - params.keep = "5"; - }; - devices = [ "winters" "magicant" ]; - id = "kwnql-ev64v"; - }; - "${loc1}" = { - path = "/sync/${loc1}"; - type = "receiveonly"; - versioning = { - type = "simple"; - params.keep = "3"; - }; - devices = [ dev1 dev2 dev3 ]; - id = "5gsxv-rzzst"; }; }; }; - }; - swarselprofiles = { - server.moonside = true; - }; - - swarselsystems = { - info = "VM.Standard.A1.Flex, 4 OCPUs, 24GB RAM"; - isImpermanence = true; - isSecureBoot = false; - isCrypted = false; - isSwap = false; - rootDisk = "/dev/sda"; - isBtrfs = true; - isNixos = true; - isLinux = true; syncthing = { - serviceDomain = config.repo.secrets.common.services.domains.syncthing3; - serviceIP = "localhost"; + enable = true; + guiAddress = "0.0.0.0:8384"; + openDefaultPorts = true; + relay.enable = false; + settings = { + urAccepted = -1; + devices = { + "magicant" = { + id = "VMWGEE2-4HDS2QO-KNQOVGN-LXLX6LA-666E4EK-ZBRYRRO-XFEX6FB-6E3XLQO"; + }; + "winters" = { + id = "O7RWDMD-AEAHPP7-7TAVLKZ-BSWNBTU-2VA44MS-EYGUNBB-SLHKB3C-ZSLMOAA"; + }; + "${workHostName}" = { + id = "YAPV4BV-I26WPTN-SIP32MV-SQP5TBZ-3CHMTCI-Z3D6EP2-MNDQGLP-53FT3AB"; + }; + "${dev1}" = { + id = "OCCDGDF-IPZ6HHQ-5SSLQ3L-MSSL5ZW-IX5JTAM-PW4PYEK-BRNMJ7E-Q7YDMA7"; + }; + "${dev2}" = { + id = "LPCFIIB-ENUM2V6-F2BWVZ6-F2HXCL2-BSBZXUF-TIMNKYB-7CATP7H-YU5D3AH"; + }; + "${dev3}" = { + id = "LAUT2ZP-KEZY35H-AHR3ARD-URAREJI-2B22P5T-PIMUNWW-PQRDETU-7KIGNQR"; + }; + }; + folders = { + "Default Folder" = lib.mkForce { + path = "/sync/Sync"; + type = "receiveonly"; + versioning = null; + devices = [ "winters" "magicant" "${workHostName}" ]; + id = "default"; + }; + "Obsidian" = { + path = "/sync/Obsidian"; + type = "receiveonly"; + versioning = { + type = "simple"; + params.keep = "5"; + }; + devices = [ "winters" "magicant" "${workHostName}" ]; + id = "yjvni-9eaa7"; + }; + "Org" = { + path = "/sync/Org"; + type = "receiveonly"; + versioning = { + type = "simple"; + params.keep = "5"; + }; + devices = [ "winters" "magicant" "${workHostName}" ]; + id = "a7xnl-zjj3d"; + }; + "Vpn" = { + path = "/sync/Vpn"; + type = "receiveonly"; + versioning = { + type = "simple"; + params.keep = "5"; + }; + devices = [ "winters" "magicant" "${workHostName}" ]; + id = "hgp9s-fyq3p"; + }; + "Documents" = { + path = "/sync/Documents"; + type = "receiveonly"; + versioning = { + type = "simple"; + params.keep = "2"; + }; + devices = [ "winters" ]; + id = "hgr3d-pfu3w"; + }; + "runandbun" = { + path = "/sync/runandbun"; + type = "receiveonly"; + versioning = { + type = "simple"; + params.keep = "5"; + }; + devices = [ "winters" "magicant" ]; + id = "kwnql-ev64v"; + }; + "${loc1}" = { + path = "/sync/${loc1}"; + type = "receiveonly"; + versioning = { + type = "simple"; + params.keep = "3"; + }; + devices = [ dev1 dev2 dev3 ]; + id = "5gsxv-rzzst"; + }; + }; + }; }; }; + + swarselsystems = lib.recursiveUpdate + { + info = "VM.Standard.A1.Flex, 4 OCPUs, 24GB RAM"; + isImpermanence = true; + isSecureBoot = false; + isCrypted = false; + isSwap = false; + rootDisk = "/dev/sda"; + profiles = { + server.moonside = true; + }; + } + sharedOptions; + + home-manager.users."${primaryUser}" = { + home.stateVersion = lib.mkForce "23.11"; + swarselsystems = lib.recursiveUpdate + { } + sharedOptions; + }; + } #+end_src @@ -2980,7 +3104,18 @@ This is a slim setup for developing base configuration. I do not track the hardw :CUSTOM_ID: h:4e53b40b-98b2-4615-b1b0-3696a75edd6e :END: #+begin_src nix-ts :tangle hosts/nixos/toto/default.nix - { self, lib, minimal, ... }: + { self, config, lib, minimal, ... }: + let + primaryUser = config.swarselsystems.mainUser; + sharedOptions = { + isBtrfs = true; + isLinux = true; + profiles = { + toto = lib.mkIf (!minimal) true; + minimal = lib.mkIf minimal true; + }; + }; + in { imports = [ @@ -2988,33 +3123,38 @@ This is a slim setup for developing base configuration. I do not track the hardw ./hardware-configuration.nix ]; + + networking = { hostName = "toto"; firewall.enable = false; }; - swarselprofiles = { - toto = lib.mkIf (!minimal) true; - btrfs = true; - }; + swarselsystems = lib.recursiveUpdate + { + info = "~SwarselSystems~ remote install helper"; + wallpaper = self + /files/wallpaper/lenovowp.png; + isImpermanence = true; + isCrypted = true; + isSecureBoot = false; + isSwap = true; + swapSize = "2G"; + # rootDisk = "/dev/nvme0n1"; + rootDisk = "/dev/vda"; + profiles.btrfs = true; + # rootDisk = "/dev/vda"; + } + sharedOptions; - swarselsystems = { - info = "~SwarselSystems~ remote install helper"; - wallpaper = self + /files/wallpaper/lenovowp.png; - isImpermanence = true; - isCrypted = true; - isSecureBoot = false; - isSwap = true; - swapSize = "2G"; - # rootDisk = "/dev/nvme0n1"; - rootDisk = "/dev/vda"; - # rootDisk = "/dev/vda"; - isBtrfs = true; - isLinux = true; - isLaptop = false; - isNixos = true; + home-manager.users.${primaryUser} = { + home.stateVersion = lib.mkForce "23.05"; + swarselsystems = lib.recursiveUpdate + { + isLaptop = false; + isNixos = true; + } + sharedOptions; }; - } @@ -3349,8 +3489,6 @@ This is the "reference implementation" of a setup that runs without NixOS, only inputs.sops-nix.homeManagerModules.sops inputs.nix-index-database.hmModules.nix-index "${self}/modules/home" - "${self}/modules/nixos/common/pii.nix" - "${self}/modules/nixos/common/meta.nix" ]; nixpkgs = { @@ -3401,56 +3539,67 @@ I also set the =WLR_RENDERER_ALLOW_SOFTWARE=1= to allow this configuration to ru { self, config, pkgs, lib, minimal, ... }: let mainUser = "demo"; - in - { - - imports = [ - ./hardware-configuration.nix - ./disk-config.nix - { - _module.args.diskDevice = config.swarselsystems.rootDisk; - } - ]; - - environment.variables = { - WLR_RENDERER_ALLOW_SOFTWARE = 1; - }; - - services.qemuGuest.enable = true; - - boot = { - loader.systemd-boot.enable = lib.mkForce true; - loader.efi.canTouchEfiVariables = true; - kernelPackages = lib.mkDefault pkgs.linuxPackages_latest; - }; - - networking = { - hostName = "chaostheatre"; - firewall.enable = true; - }; - - swarselprofiles = { - chaostheatre = lib.mkIf (!minimal) true; - minimal = lib.mkIf minimal true; - btrfs = true; - }; - swarselsystems = { - info = "~SwarselSystems~ demo host"; - wallpaper = self + /files/wallpaper/lenovowp.png; - isImpermanence = true; - isCrypted = true; - isSecureBoot = false; - isSwap = true; - swapSize = "4G"; - rootDisk = "/dev/vda"; - isBtrfs = false; + sharedOptions = { inherit mainUser; + isBtrfs = false; isLinux = true; isPublic = true; - isNixos = true; + profiles = { + chaostheatre = lib.mkIf (!minimal) true; + minimal = lib.mkIf minimal true; + }; }; + in + { - } + imports = [ + ./hardware-configuration.nix + ./disk-config.nix + { + _module.args.diskDevice = config.swarselsystems.rootDisk; + } + ]; + + environment.variables = { + WLR_RENDERER_ALLOW_SOFTWARE = 1; + }; + + services.qemuGuest.enable = true; + + boot = { + loader.systemd-boot.enable = lib.mkForce true; + loader.efi.canTouchEfiVariables = true; + kernelPackages = lib.mkDefault pkgs.linuxPackages_latest; + }; + + networking = { + hostName = "chaostheatre"; + firewall.enable = true; + }; + + swarselsystems = lib.recursiveUpdate + { + info = "~SwarselSystems~ demo host"; + wallpaper = self + /files/wallpaper/lenovowp.png; + isImpermanence = true; + isCrypted = true; + isSecureBoot = false; + isSwap = true; + swapSize = "4G"; + rootDisk = "/dev/vda"; + profiles.btrfs = true; + } + sharedOptions; + + home-manager.users.${mainUser} = { + home.stateVersion = lib.mkForce "23.05"; + swarselsystems = lib.recursiveUpdate + { + isNixos = true; + } + sharedOptions; + }; + } #+end_src @@ -3646,15 +3795,17 @@ These are system-level settings specific to NixOS machines. All settings that ar This section is for setting things that should be used on hosts that are using the default NixOS configuration. This means that servers should NOT import this, as much of these imported modules are user-configured. #+begin_src nix-ts :tangle modules/nixos/common/default.nix -{ lib, ... }: -let - importNames = lib.swarselsystems.readNix "modules/nixos/common"; - sharedNames = lib.swarselsystems.readNix "modules/shared"; -in -{ - imports = lib.swarselsystems.mkImports importNames "modules/nixos/common" ++ - lib.swarselsystems.mkImports sharedNames "modules/shared"; -} + { self, lib, ... }: + let + importNames = lib.swarselsystems.readNix "modules/nixos/common"; + in + { + imports = lib.swarselsystems.mkImports importNames "modules/nixos/common" ++ [ + "${self}/modules/shared/sharedsetup.nix" + ]; + + + } #+end_src @@ -3741,62 +3892,56 @@ in inherit (lib) mkOption types - ; + ; in { - options = { - globals = mkOption { - default = { }; - type = types.submodule { - options = { - root = { - hashedPassword = mkOption { - type = types.str; + options = { + globals = mkOption { + default = { }; + type = types.submodule { + options = { + user = { + name = mkOption { + type = types.str; + }; + work = mkOption { + type = types.str; + }; }; - }; - - user = { - name = mkOption { - type = types.str; - }; - work = mkOption { - type = types.str; - }; - }; - services = mkOption { - type = types.attrsOf ( - types.submodule { - options = { - domain = mkOption { - type = types.str; + services = mkOption { + type = types.attrsOf ( + types.submodule { + options = { + domain = mkOption { + type = types.str; + }; }; - }; - } - ); - }; + } + ); + }; - domains = { - main = mkOption { - type = types.str; + domains = { + main = mkOption { + type = types.str; + }; }; }; }; }; - }; - _globalsDefs = mkOption { - type = types.unspecified; - default = options.globals.definitions; - readOnly = true; - internal = true; + _globalsDefs = mkOption { + type = types.unspecified; + default = options.globals.definitions; + readOnly = true; + internal = true; + }; }; - }; - } + } #+end_src -**** Meta options (options only) +**** Meta options (automatically active) :PROPERTIES: :CUSTOM_ID: h:30b81bf9-1e69-4ce8-88af-5592896bcee4 :END: @@ -3821,42 +3966,38 @@ in } #+end_src -**** Expose home-manager secrets in NixOS (automatically active) +**** Shared Configuration Options (automatically active) +:PROPERTIES: +:CUSTOM_ID: h:f4f22166-e345-43e6-b15f-b7f5bb886554 +:END: -#+begin_src nix-ts :tangle modules/nixos/common/home-manager-secrets.nix - { lib, config, globals, ... }: - let - inherit (config.swarselsystems) mainUser homeDir; - inherit (config.repo.secrets.common.emacs) radicaleUser; - modules = config.home-manager.users.${mainUser}.swarselmodules; - in +I usually use =mutableUsers = false= in my NixOS configuration. However, on a new system where sops-keys have not been deployed, this would immediately lock me out of the system. Hence this flag can be used until sops-keys are created. + +#+begin_src nix-ts :tangle modules/nixos/common/sharedsetup.nix + { lib, ... }: { - config = lib.mkIf config.swarselsystems.withHomeManager { - sops = { - secrets = (lib.optionalAttrs modules.mail - { - address1-token = { owner = mainUser; }; - address2-token = { owner = mainUser; }; - address3-token = { owner = mainUser; }; - address4-token = { owner = mainUser; }; - }) // (lib.optionalAttrs modules.waybar { - github-notifications-token = { owner = mainUser; }; - }) // (lib.optionalAttrs modules.emacs { - fever-pw = { path = "${homeDir}/.emacs.d/.fever"; owner = mainUser; }; - }) // (lib.optionalAttrs modules.zsh { - croc-password = { owner = mainUser; }; - }) // (lib.optionalAttrs modules.emacs { - emacs-radicale-pw = { owner = mainUser; }; - }); - templates = { - authinfo = { - path = "${homeDir}/.emacs.d/.authinfo"; - content = '' - machine ${globals.services.radicale.domain} login ${radicaleUser} password ${config.sops.placeholder.emacs-radicale-pw} - ''; - owner = mainUser; - }; + options = { + swarselsystems = { + withHomeManager = lib.mkOption { + type = lib.types.bool; + default = true; }; + isSwap = lib.mkOption { + type = lib.types.bool; + default = true; + }; + swapSize = lib.mkOption { + type = lib.types.str; + default = "8G"; + }; + rootDisk = lib.mkOption { + type = lib.types.str; + default = ""; + }; + isCrypted = lib.mkEnableOption "uses full disk encryption"; + + isImpermanence = lib.mkEnableOption "use impermanence on this system"; + isSecureBoot = lib.mkEnableOption "use secure boot on this system"; }; }; } @@ -3970,8 +4111,8 @@ A breakdown of the flags being set: }; in { - options.swarselmodules.general = lib.mkEnableOption "general nix settings"; - config = lib.mkIf config.swarselmodules.general + options.swarselsystems.modules.general = lib.mkEnableOption "general nix settings"; + config = lib.mkIf config.swarselsystems.modules.general (lib.recursiveUpdate { sops.secrets.github-api-token = lib.mkIf (!minimal) { @@ -4027,15 +4168,15 @@ A breakdown of the flags being set: We enable the use of =home-manager= as a NixoS module. A nice trick here is the =extraSpecialArgs = inputs= line, which enables the use of =seflf= in most parts of the configuration. This is useful to refer to the root of the flake (which is otherwise quite hard while maintaining flake purity). #+begin_src nix-ts :tangle modules/nixos/common/home-manager.nix - { self, inputs, config, lib, outputs, globals, options, nodes, minimal, configName, ... }: + { self, inputs, config, lib, outputs, globals, nodes, minimal, configName, ... }: { - options.swarselmodules.home-manager = lib.mkEnableOption "home-manager"; - config = lib.mkIf config.swarselmodules.home-manager { + options.swarselsystems.modules.home-manager = lib.mkEnableOption "home-manager"; + config = lib.mkIf config.swarselsystems.modules.home-manager { home-manager = lib.mkIf config.swarselsystems.withHomeManager { useGlobalPkgs = true; useUserPackages = true; verbose = true; - users.${config.swarselsystems.mainUser}.imports = [ + users.swarsel.imports = [ inputs.nix-index-database.hmModules.nix-index inputs.sops-nix.homeManagerModules.sops # inputs.stylix.homeModules.stylix @@ -4043,11 +4184,8 @@ We enable the use of =home-manager= as a NixoS module. A nice trick here is the imports = [ "${self}/profiles/home" "${self}/modules/home" - { - swarselprofiles = { - minimal = lib.mkIf minimal true; - }; - } + # "${self}/modules/nixos/common/pii.nix" + # "${self}/modules/nixos/common/meta.nix" ]; # node = { # secretsDir = if (!config.swarselsystems.isNixos) then ../../../hosts/home/${configName}/secrets else ../../../hosts/nixos/${configName}/secrets; @@ -4072,30 +4210,24 @@ In case of using a fully setup system, this makes also sure that no further user For that reason, make sure that =sops-nix= is properly working before finishing the minimal setup, otherwise we might lose user access. The bootstrapping script takes care of this. #+begin_src nix-ts :tangle modules/nixos/common/users.nix - { self, pkgs, config, lib, globals, minimal, ... }: + { self, pkgs, config, lib, minimal, ... }: let sopsFile = self + /secrets/general/secrets.yaml; in { - options.swarselmodules.users = lib.mkEnableOption "user config"; - config = lib.mkIf config.swarselmodules.users { + options.swarselsystems.modules.users = lib.mkEnableOption "user config"; + config = lib.mkIf config.swarselsystems.modules.users { sops.secrets.main-user-hashed-pw = lib.mkIf (!config.swarselsystems.isPublic) { inherit sopsFile; neededForUsers = true; }; users = { mutableUsers = lib.mkIf (!minimal) false; - users = { - root = { - inherit (globals.root) hashedPassword; - shell = pkgs.zsh; - }; - "${config.swarselsystems.mainUser}" = { + users."${config.swarselsystems.mainUser}" = { isNormalUser = true; description = "Leon S"; - password = lib.mkIf (minimal || config.swarselsystems.isPublic) "setup"; - hashedPasswordFile = lib.mkIf (!minimal && !config.swarselsystems.isPublic) config.sops.secrets.main-user-hashed-pw.path; + password = lib.mkIf minimal "setup"; + hashedPasswordFile = lib.mkIf (!minimal) config.sops.secrets.main-user-hashed-pw.path; extraGroups = [ "wheel" ] ++ lib.optionals (!minimal) [ "networkmanager" "syncthing" "docker" "lp" "audio" "video" "vboxusers" "libvirtd" "scanner" ]; packages = with pkgs; [ ]; - }; }; }; }; @@ -4112,8 +4244,8 @@ Next, we setup the keymap in case we are not in a graphical session. At this poi #+begin_src nix-ts :tangle modules/nixos/common/xserver.nix { lib, config, ... }: { - options.swarselmodules.xserver = lib.mkEnableOption "xserver keymap"; - config = lib.mkIf config.swarselmodules.packages { + options.swarselsystems.modules.xserver = lib.mkEnableOption "xserver keymap"; + config = lib.mkIf config.swarselsystems.modules.packages { services.xserver = { xkb = { layout = "us"; @@ -4134,8 +4266,8 @@ Setup timezone and locale. I want to use the US layout, but have the rest adapte #+begin_src nix-ts :tangle modules/nixos/common/time.nix { lib, config, ... }: { - options.swarselmodules.time = lib.mkEnableOption "time config"; - config = lib.mkIf config.swarselmodules.time { + options.swarselsystems.modules.time = lib.mkEnableOption "time config"; + config = lib.mkIf config.swarselsystems.modules.time { time = { timeZone = "Europe/Vienna"; # hardwareClockInLocalTime = true; @@ -4227,9 +4359,9 @@ This is also exposed to home-manager configurations, in case this ever breaks, I description = "Exposes the loaded repo secrets. This option is read-only."; }; }; - swarselmodules.pii = lib.mkEnableOption "enable pii management"; + swarselsystems.modules.pii = lib.mkEnableOption "enable pii management"; }; - config = lib.mkIf config.swarselmodules.pii { + config = lib.mkIf config.swarselsystems.modules.pii { repo.secretFiles = let local = config.node.secretsDir + "/pii.nix.enc"; @@ -4252,8 +4384,8 @@ This dynamically uses systemd boot or Lanzaboote depending on the minimal system #+begin_src nix-ts :tangle modules/nixos/common/lanzaboote.nix { lib, pkgs, config, minimal, ... }: { - options.swarselmodules.lanzaboote = lib.mkEnableOption "lanzaboote config"; - config = lib.mkIf config.swarselmodules.lanzaboote { + options.swarselsystems.modules.lanzaboote = lib.mkEnableOption "lanzaboote config"; + config = lib.mkIf config.swarselsystems.modules.lanzaboote { environment.systemPackages = lib.mkIf config.swarselsystems.isSecureBoot [ pkgs.sbctl @@ -4274,36 +4406,6 @@ This dynamically uses systemd boot or Lanzaboote depending on the minimal system } #+end_src -**** Boot - -#+begin_src nix-ts :tangle modules/nixos/common/boot.nix - { lib, pkgs, config, globals, ... }: - { - options.swarselmodules.boot = lib.mkEnableOption "boot config"; - config = lib.mkIf config.swarselmodules.boot { - boot = { - initrd.systemd = { - enable = true; - emergencyAccess = globals.root.hashedPassword; - users.root.shell = "${pkgs.bashInteractive}/bin/bash"; - storePaths = [ "${pkgs.bashInteractive}/bin/bash" ]; - extraBin = { - ip = "${pkgs.iproute2}/bin/ip"; - ping = "${pkgs.iputils}/bin/ping"; - cryptsetup = "${pkgs.cryptsetup}/bin/cryptsetup"; - }; - }; - kernelParams = [ "log_buf_len=16M" ]; - tmp.useTmpfs = true; - loader.timeout = lib.mkDefault 2; - }; - - console.earlySetup = true; - - }; - } -#+end_src - **** Impermanence :PROPERTIES: :CUSTOM_ID: h:e7668594-fa8b-4d36-a695-a58222478988 @@ -4320,8 +4422,8 @@ Normally, doing that also resets the lecture that happens on the first use of =s inherit (config.swarselsystems) isImpermanence isCrypted; in { - options.swarselmodules.impermanence = lib.mkEnableOption "impermanence config"; - config = lib.mkIf config.swarselmodules.impermanence { + options.swarselsystems.modules.impermanence = lib.mkEnableOption "impermanence config"; + config = lib.mkIf config.swarselsystems.modules.impermanence { security.sudo.extraConfig = lib.mkIf isImpermanence '' @@ -4442,8 +4544,8 @@ Mostly used to install some compilers and lsp's that I want to have available wh #+begin_src nix-ts :tangle modules/nixos/client/packages.nix { lib, config, pkgs, minimal, ... }: { - options.swarselmodules.packages = lib.mkEnableOption "install packages"; - config = lib.mkIf config.swarselmodules.packages { + options.swarselsystems.modules.packages = lib.mkEnableOption "install packages"; + config = lib.mkIf config.swarselsystems.modules.packages { environment.systemPackages = with pkgs; lib.optionals (!minimal) [ # yubikey packages @@ -4548,8 +4650,8 @@ Next, we will setup some environment variables that need to be set on the system #+begin_src nix-ts :tangle modules/nixos/client/env.nix { lib, config, pkgs, ... }: { - options.swarselmodules.env = lib.mkEnableOption "environment config"; - config = lib.mkIf config.swarselmodules.env { + options.swarselsystems.modules.env = lib.mkEnableOption "environment config"; + config = lib.mkIf config.swarselsystems.modules.env { environment = { wordlist.enable = true; @@ -4577,8 +4679,8 @@ Needed for control over system-wide privileges etc. Also I make sure that the ro #+begin_src nix-ts :tangle modules/nixos/client/polkit.nix { lib, config, minimal, ... }: { - options.swarselmodules.security = lib.mkEnableOption "security config"; - config = lib.mkIf config.swarselmodules.security { + options.swarselsystems.modules.security = lib.mkEnableOption "security config"; + config = lib.mkIf config.swarselsystems.modules.security { security = { pam.services = lib.mkIf (!minimal) { @@ -4610,8 +4712,8 @@ There is a persistent bug over Linux kernels that makes the user wait 1m30s on s #+begin_src nix-ts :tangle modules/nixos/client/systemd.nix { lib, config, ... }: { - options.swarselmodules.systemdTimeout = lib.mkEnableOption "systemd timeout config"; - config = lib.mkIf config.swarselmodules.systemdTimeout { + options.swarselsystems.modules.systemdTimeout = lib.mkEnableOption "systemd timeout config"; + config = lib.mkIf config.swarselsystems.modules.systemdTimeout { # systemd systemd.extraConfig = '' DefaultTimeoutStartSec=60s @@ -4632,8 +4734,8 @@ Enable OpenGL, Sound, Bluetooth and various drivers. { pkgs, config, lib, ... }: { - options.swarselmodules.hardware = lib.mkEnableOption "hardware config"; options.swarselsystems = { + modules.hardware = lib.mkEnableOption "hardware config"; hasBluetooth = lib.mkEnableOption "bluetooth availability"; hasFingerprint = lib.mkEnableOption "fingerprint sensor availability"; trackpoint = { @@ -4644,7 +4746,7 @@ Enable OpenGL, Sound, Bluetooth and various drivers. }; }; }; - config = lib.mkIf config.swarselmodules.hardware { + config = lib.mkIf config.swarselsystems.modules.hardware { hardware = { # opengl.driSupport32Bit = true is replaced with graphics.enable32Bit and hence redundant graphics = { @@ -4690,8 +4792,8 @@ This is only used on systems not running Pipewire. #+begin_src nix-ts :tangle modules/nixos/client/pulseaudio.nix { config, pkgs, lib, ... }: { - options.swarselmodules.pulseaudio = lib.mkEnableOption "pulseaudio config"; - config = lib.mkIf config.swarselmodules.pulseaudio { + options.swarselsystems.modules.pulseaudio = lib.mkEnableOption "pulseaudio config"; + config = lib.mkIf config.swarselsystems.modules.pulseaudio { services.pulseaudio = { enable = lib.mkIf (!config.services.pipewire.enable) true; package = pkgs.pulseaudioFull; @@ -4710,8 +4812,8 @@ Pipewire handles communication on Wayland. This enables several sound tools as w #+begin_src nix-ts :tangle modules/nixos/client/pipewire.nix { lib, config, pkgs, ... }: { - options.swarselmodules.pipewire = lib.mkEnableOption "pipewire config"; - config = lib.mkIf config.swarselmodules.pipewire { + options.swarselsystems.modules.pipewire = lib.mkEnableOption "pipewire config"; + config = lib.mkIf config.swarselsystems.modules.pipewire { security.rtkit.enable = true; # this is required for pipewire real-time access services.pipewire = { @@ -4749,10 +4851,10 @@ Here I only enable =networkmanager= and a few default networks. The rest of the in { options.swarselsystems = { + modules.network = lib.mkEnableOption "network config"; firewall = lib.swarselsystems.mkTrueOption; }; - options.swarselmodules.network = lib.mkEnableOption "network config"; - config = lib.mkIf config.swarselmodules.network { + config = lib.mkIf config.swarselsystems.modules.network { sops = { secrets = lib.mkIf (!config.swarselsystems.isPublic) { @@ -4856,7 +4958,7 @@ Here I only enable =networkmanager= and a few default networks. The rest of the wifi-security = { auth-alg = "open"; key-mgmt = "wpa-psk"; - psk = "$WLAN1_PW"; + psk = "WLAN1_PW"; }; }; @@ -5072,8 +5174,8 @@ I use sops-nix to handle secrets that I want to have available on my machines at #+begin_src nix-ts :tangle modules/nixos/client/sops.nix { config, lib, ... }: { - options.swarselmodules.sops = lib.mkEnableOption "sops config"; - config = lib.mkIf config.swarselmodules.sops { + options.swarselsystems.modules.sops = lib.mkEnableOption "sops config"; + config = lib.mkIf config.swarselsystems.modules.sops { sops = { # age.sshKeyPaths = lib.swarselsystems.mkIfElseList config.swarselsystems.isBtrfs [ "/persist/.ssh/sops" "/persist/.ssh/ssh_host_ed25519_key" ] [ "${config.swarselsystems.homeDir}/.ssh/sops" "/etc/ssh/sops" "/etc/ssh/ssh_host_ed25519_key" ]; @@ -5097,23 +5199,23 @@ By default, [[https://github.com/danth/stylix][stylix]] wants to style GRUB as w =theme= is defined in [[#h:5bc1b0c9-dc59-4c81-b5b5-e60699deda78][Theme (stylix)]]. #+begin_src nix-ts :noweb yes :tangle modules/nixos/client/stylix.nix - { self, lib, config, vars, ... }: + { self, lib, config, ... }: { - options.swarselmodules.stylix = lib.mkEnableOption "stylix config"; + options.swarselsystems.modules.stylix = lib.mkEnableOption "stylix config"; config = { stylix = { enable = true; base16Scheme = "${self}/files/stylix/swarsel.yaml"; - } // lib.optionalAttrs config.swarselmodules.stylix + } // lib.optionalAttrs config.swarselsystems.modules.stylix (lib.recursiveUpdate { targets.grub.enable = false; # the styling makes grub more ugly image = config.swarselsystems.wallpaper; } - vars.stylix); + config.swarselsystems.stylix); home-manager.users."${config.swarselsystems.mainUser}" = { stylix = { - targets = vars.stylixHomeTargets; + targets = config.swarselsystems.stylixHomeTargets; }; }; }; @@ -5130,8 +5232,8 @@ Some programs profit from being installed through dedicated NixOS settings on sy #+begin_src nix-ts :tangle modules/nixos/client/programs.nix { lib, config, ... }: { - options.swarselmodules.programs = lib.mkEnableOption "small program modules config"; - config = lib.mkIf config.swarselmodules.programs { + options.swarselsystems.modules.programs = lib.mkEnableOption "small program modules config"; + config = lib.mkIf config.swarselsystems.modules.programs { programs = { dconf.enable = true; evince.enable = true; @@ -5150,8 +5252,8 @@ Here I disable global completion to prevent redundant compinit calls and cache i #+begin_src nix-ts :tangle modules/nixos/client/zsh.nix { lib, config, pkgs, ... }: { - options.swarselmodules.zsh = lib.mkEnableOption "zsh base config"; - config = lib.mkIf config.swarselmodules.zsh { + options.swarselsystems.modules.zsh = lib.mkEnableOption "zsh base config"; + config = lib.mkIf config.swarselsystems.modules.zsh { programs.zsh = { enable = true; enableCompletion = false; @@ -5171,11 +5273,10 @@ Here I disable global completion to prevent redundant compinit calls and cache i { lib, config, pkgs, ... }: let inherit (config.swarselsystems) mainUser homeDir; - devices = config.swarselsystems.syncthing.syncDevices; in { - options.swarselmodules.syncthing = lib.mkEnableOption "syncthing config"; - config = lib.mkIf config.swarselmodules.syncthing { + options.swarselsystems.modules.syncthing = lib.mkEnableOption "syncthing config"; + config = lib.mkIf config.swarselsystems.modules.syncthing { services.syncthing = { enable = true; package = pkgs.stable.syncthing; @@ -5189,26 +5290,39 @@ Here I disable global completion to prevent redundant compinit calls and cache i options = { urAccepted = -1; }; - inherit (config.swarselsystems.syncthing) devices; + devices = { + "magicant" = { + id = "VMWGEE2-4HDS2QO-KNQOVGN-LXLX6LA-666E4EK-ZBRYRRO-XFEX6FB-6E3XLQO"; + }; + "sync@oracle" = { + id = "ETW6TST-NPK7MKZ-M4LXMHA-QUPQHDT-VTSHH5X-CR5EIN2-YU7E55F-MGT7DQB"; + }; + "winters" = { + id = "O7RWDMD-AEAHPP7-7TAVLKZ-BSWNBTU-2VA44MS-EYGUNBB-SLHKB3C-ZSLMOAA"; + }; + "moonside@oracle" = { + id = "VPCDZB6-MGVGQZD-Q6DIZW3-IZJRJTO-TCC3QUQ-2BNTL7P-AKE7FBO-N55UNQE"; + }; + }; folders = { "Default Folder" = lib.mkDefault { path = "${homeDir}/Sync"; - inherit devices; + devices = [ "sync@oracle" "magicant" "winters" "moonside@oracle" ]; id = "default"; }; "Obsidian" = { path = "${homeDir}/Nextcloud/Obsidian"; - inherit devices; + devices = [ "sync@oracle" "magicant" "winters" "moonside@oracle" ]; id = "yjvni-9eaa7"; }; "Org" = { path = "${homeDir}/Nextcloud/Org"; - inherit devices; + devices = [ "sync@oracle" "magicant" "winters" "moonside@oracle" ]; id = "a7xnl-zjj3d"; }; "Vpn" = { path = "${homeDir}/Vpn"; - inherit devices; + devices = [ "sync@oracle" "magicant" "winters" "moonside@oracle" ]; id = "hgp9s-fyq3p"; }; }; @@ -5235,8 +5349,8 @@ Enables the blueman service including the nice system tray icon. #+begin_src nix-ts :tangle modules/nixos/client/blueman.nix { lib, config, ... }: { - options.swarselmodules.blueman = lib.mkEnableOption "blueman config"; - config = lib.mkIf config.swarselmodules.blueman { + options.swarselsystems.modules.blueman = lib.mkEnableOption "blueman config"; + config = lib.mkIf config.swarselsystems.modules.blueman { services.blueman.enable = true; services.hardware.bolt.enable = true; }; @@ -5257,8 +5371,8 @@ Avahi is the service used for the network discovery. #+begin_src nix-ts :tangle modules/nixos/client/networkdevices.nix { lib, config, pkgs, ... }: { - options.swarselmodules.networkDevices = lib.mkEnableOption "network device config"; - config = lib.mkIf config.swarselmodules.networkDevices { + options.swarselsystems.modules.networkDevices = lib.mkEnableOption "network device config"; + config = lib.mkIf config.swarselsystems.modules.networkDevices { # enable scanners over network hardware.sane = { enable = true; @@ -5300,8 +5414,8 @@ This is being set to allow myself to use all functions of nautilus in NixOS #+begin_src nix-ts :tangle modules/nixos/client/gvfs.nix { lib, config, ... }: { - options.swarselmodules.gvfs = lib.mkEnableOption "gvfs config for nautilus"; - config = lib.mkIf config.swarselmodules.gvfs { + options.swarselsystems.modules.gvfs = lib.mkEnableOption "gvfs config for nautilus"; + config = lib.mkIf config.swarselsystems.modules.gvfs { services.gvfs.enable = true; }; } @@ -5317,8 +5431,8 @@ This is a super-convenient package that lets my remap my =CAPS= key to =ESC= if #+begin_src nix-ts :tangle modules/nixos/client/interceptiontools.nix { lib, config, pkgs, ... }: { - options.swarselmodules.interceptionTools = lib.mkEnableOption "interception tools config"; - config = lib.mkIf config.swarselmodules.interceptionTools { + options.swarselsystems.modules.interceptionTools = lib.mkEnableOption "interception tools config"; + config = lib.mkIf config.swarselsystems.modules.interceptionTools { # Make CAPS work as a dual function ESC/CTRL key services.interception-tools = { enable = true; @@ -5365,8 +5479,8 @@ Most of the time I am using =power-saver=, however, it is good to be able to cho #+begin_src nix-ts :tangle modules/nixos/client/power-profiles-daemon.nix { lib, config, ... }: { - options.swarselmodules.ppd = lib.mkEnableOption "power profiles daemon config"; - config = lib.mkIf config.swarselmodules.ppd { + options.swarselsystems.modules.ppd = lib.mkEnableOption "power profiles daemon config"; + config = lib.mkIf config.swarselsystems.modules.ppd { services.power-profiles-daemon.enable = true; }; } @@ -5380,8 +5494,8 @@ Most of the time I am using =power-saver=, however, it is good to be able to cho #+begin_src nix-ts :tangle modules/nixos/client/swayosd.nix { lib, pkgs, config, ... }: { - options.swarselmodules.swayosd = lib.mkEnableOption "swayosd settings"; - config = lib.mkIf config.swarselmodules.swayosd { + options.swarselsystems.modules.swayosd = lib.mkEnableOption "swayosd settings"; + config = lib.mkIf config.swarselsystems.modules.swayosd { environment.systemPackages = [ pkgs.dev.swayosd ]; services.udev.packages = [ pkgs.dev.swayosd ]; systemd.services.swayosd-libinput-backend = { @@ -5426,8 +5540,8 @@ Also, since I use a GPG key in sops, it seems that scdaemon creates an instance inherit (config.repo.secrets.common.yubikeys) cfg1 cfg2; in { - options.swarselmodules.yubikey = lib.mkEnableOption "yubikey config"; - config = lib.mkIf config.swarselmodules.yubikey { + options.swarselsystems.modules.yubikey = lib.mkEnableOption "yubikey config"; + config = lib.mkIf config.swarselsystems.modules.yubikey { programs.ssh.startAgent = false; services.pcscd.enable = false; @@ -5467,8 +5581,8 @@ This performs the necessary configuration to support this hardware. #+begin_src nix-ts :tangle modules/nixos/client/hardwarecompatibility-ledger.nix { lib, config, pkgs, ... }: { - options.swarselmodules.ledger = lib.mkEnableOption "ledger config"; - config = lib.mkIf config.swarselmodules.ledger { + options.swarselsystems.modules.ledger = lib.mkEnableOption "ledger config"; + config = lib.mkIf config.swarselsystems.modules.ledger { hardware.ledger.enable = true; services.udev.packages = with pkgs; [ @@ -5489,8 +5603,8 @@ This loads some udev rules that I need for my split keyboards. #+begin_src nix-ts :tangle modules/nixos/client/hardwarecompatibility-keyboards.nix { lib, config, pkgs, ... }: { - options.swarselmodules.keyboards = lib.mkEnableOption "keyboards config"; - config = lib.mkIf config.swarselmodules.keyboards { + options.swarselsystems.modules.keyboards = lib.mkEnableOption "keyboards config"; + config = lib.mkIf config.swarselsystems.modules.keyboards { services.udev.packages = with pkgs; [ qmk-udev-rules vial @@ -5510,8 +5624,8 @@ This section houses the greetd related settings. I do not really want to use a d #+begin_src nix-ts :tangle modules/nixos/client/login.nix { lib, config, pkgs, ... }: { - options.swarselmodules.login = lib.mkEnableOption "login config"; - config = lib.mkIf config.swarselmodules.login { + options.swarselsystems.modules.login = lib.mkEnableOption "login config"; + config = lib.mkIf config.swarselsystems.modules.login { services.greetd = { enable = true; settings = { @@ -5547,8 +5661,8 @@ When a program does not work, start with =nix-ldd =. This will tell you #+begin_src nix-ts :tangle modules/nixos/client/nix-ld.nix { lib, config, pkgs, ... }: { - options.swarselmodules.nix-ld = lib.mkEnableOption "nix-ld config"; - config = lib.mkIf config.swarselmodules.nix-ld { + options.swarselsystems.modules.nix-ld = lib.mkEnableOption "nix-ld config"; + config = lib.mkIf config.swarselsystems.modules.nix-ld { programs.nix-ld = { enable = true; libraries = with pkgs; [ @@ -5670,8 +5784,8 @@ This snipped is added to the activation script that is run after every rebuild a #+begin_src nix-ts :tangle modules/nixos/client/nvd-rebuild.nix { lib, config, pkgs, ... }: { - options.swarselmodules.nvd = lib.mkEnableOption "nvd config"; - config = lib.mkIf config.swarselmodules.nvd { + options.swarselsystems.modules.nvd = lib.mkEnableOption "nvd config"; + config = lib.mkIf config.swarselsystems.modules.nvd { environment.systemPackages = [ pkgs.nvd @@ -5698,8 +5812,8 @@ Used for storing sessions in e.g. Nextcloud. Using this on a system level keeps #+begin_src nix-ts :tangle modules/nixos/client/gnome-keyring.nix { lib, config, ... }: { - options.swarselmodules.gnome-keyring = lib.mkEnableOption "gnome-keyring config"; - config = lib.mkIf config.swarselmodules.gnome-keyring { + options.swarselsystems.modules.gnome-keyring = lib.mkEnableOption "gnome-keyring config"; + config = lib.mkIf config.swarselsystems.modules.gnome-keyring { services.gnome.gnome-keyring = { enable = true; }; @@ -5719,8 +5833,8 @@ This is used to better integrate Sway into the system on NixOS hosts. On the hom #+begin_src nix-ts :tangle modules/nixos/client/sway.nix { lib, config, pkgs, ... }: { - options.swarselmodules.sway = lib.mkEnableOption "sway config"; - config = lib.mkIf config.swarselmodules.sway { + options.swarselsystems.modules.sway = lib.mkEnableOption "sway config"; + config = lib.mkIf config.swarselsystems.modules.sway { programs.sway = { enable = true; package = pkgs.dev.swayfx; @@ -5753,8 +5867,8 @@ This allows me to use screen sharing on Wayland. The implementation is a bit cru #+begin_src nix-ts :tangle modules/nixos/client/xdg-portal.nix { lib, config, pkgs, ... }: { - options.swarselmodules.xdg-portal = lib.mkEnableOption "xdg portal config"; - config = lib.mkIf config.swarselmodules.xdg-portal { + options.swarselsystems.modules.xdg-portal = lib.mkEnableOption "xdg portal config"; + config = lib.mkIf config.swarselsystems.modules.xdg-portal { xdg.portal = { enable = true; config = { @@ -5773,7 +5887,7 @@ This allows me to use screen sharing on Wayland. The implementation is a bit cru } #+end_src -**** Podman (distrobox) +**** Podmam (distrobox) :PROPERTIES: :CUSTOM_ID: h:1bef3914-a258-4585-b232-e0fbe9e7a9b5 :END: @@ -5783,8 +5897,8 @@ I am using distrobox to quickly circumvent isses that I cannot immediately solve #+begin_src nix-ts :tangle modules/nixos/client/distrobox.nix { lib, config, pkgs, ... }: { - options.swarselmodules.distrobox = lib.mkEnableOption "distrobox config"; - config = lib.mkIf config.swarselmodules.distrobox { + options.swarselsystems.modules.distrobox = lib.mkEnableOption "distrobox config"; + config = lib.mkIf config.swarselsystems.modules.distrobox { environment.systemPackages = with pkgs; [ distrobox boxbuddy @@ -5808,8 +5922,8 @@ Adds the necessary tools to allow .appimage programs easily. #+begin_src nix-ts :tangle modules/nixos/client/appimage.nix { lib, config, ... }: { - options.swarselmodules.appimage = lib.mkEnableOption "appimage config"; - config = lib.mkIf config.swarselmodules.appimage { + options.swarselsystems.modules.appimage = lib.mkEnableOption "appimage config"; + config = lib.mkIf config.swarselsystems.modules.appimage { programs.appimage = { enable = true; binfmt = true; @@ -5829,8 +5943,8 @@ This turns off the display when the lid is closed. #+begin_src nix-ts :tangle modules/nixos/client/lid.nix { lib, config, ... }: { - options.swarselmodules.lid = lib.mkEnableOption "lid config"; - config = lib.mkIf config.swarselmodules.lid { + options.swarselsystems.modules.lid = lib.mkEnableOption "lid config"; + config = lib.mkIf config.swarselsystems.modules.lid { services.logind = { lidSwitch = "suspend"; lidSwitchDocked = "ignore"; @@ -5876,8 +5990,8 @@ Since I hide the waybar completely during normal operation, I run the risk of no #+begin_src nix-ts :tangle modules/nixos/client/lowbattery.nix { pkgs, lib, config, ... }: { - options.swarselmodules.lowBattery = lib.mkEnableOption "low battery notification config"; - config = lib.mkIf config.swarselmodules.lowBattery { + options.swarselsystems.modules.lowBattery = lib.mkEnableOption "low battery notification config"; + config = lib.mkIf config.swarselsystems.modules.lowBattery { systemd.user.services."battery-low" = { enable = true; description = "Timer for battery check that alerts at 10% or less"; @@ -5918,8 +6032,8 @@ Auto login for the initial session. inherit (config.swarselsystems) mainUser; in { - options.swarselmodules.autologin = lib.mkEnableOption "optional autologin settings"; - config = lib.mkIf config.swarselmodules.autologin { + options.swarselsystems.modules.autologin = lib.mkEnableOption "optional autologin settings"; + config = lib.mkIf config.swarselsystems.modules.autologin { services = { getty.autologinUser = mainUser; greetd.settings.initial_session.user = mainUser; @@ -5966,15 +6080,14 @@ Here we just define some aliases for rebuilding the system, and we allow some in inherit (config.swarselsystems) flakePath; in { - - options.swarselmodules.server.general = lib.mkEnableOption "general setting on server"; options.swarselsystems = { + modules.server.general = lib.mkEnableOption "general setting on server"; shellAliases = lib.mkOption { type = lib.types.attrsOf lib.types.str; default = { }; }; }; - config = lib.mkIf config.swarselmodules.server.general { + config = lib.mkIf config.swarselsystems.modules.server.general { environment.shellAliases = lib.recursiveUpdate { @@ -6009,8 +6122,8 @@ Here we just define some aliases for rebuilding the system, and we allow some in #+begin_src nix-ts :tangle modules/nixos/server/packages.nix { lib, config, pkgs, ... }: { - options.swarselmodules.server.packages = lib.mkEnableOption "enable packages on server"; - config = lib.mkIf config.swarselmodules.server.packages { + options.swarselsystems.modules.server.packages = lib.mkEnableOption "enable packages on server"; + config = lib.mkIf config.swarselsystems.modules.server.packages { environment.systemPackages = with pkgs; [ gnupg nix-index @@ -6039,8 +6152,8 @@ Here we just define some aliases for rebuilding the system, and we allow some in nfsUser = globals.user.name; in { - options.swarselmodules.server.nfs = lib.mkEnableOption "enable nfs on server"; - config = lib.mkIf config.swarselmodules.server.nfs { + options.swarselsystems.modules.server.nfs = lib.mkEnableOption "enable nfs on server"; + config = lib.mkIf config.swarselsystems.modules.server.nfs { services = { # add a user with sudo smbpasswd -a samba = { @@ -6103,8 +6216,8 @@ Here we just define some aliases for rebuilding the system, and we allow some in in { - options.swarselmodules.server.nginx = lib.mkEnableOption "enable nginx on server"; - config = lib.mkIf config.swarselmodules.server.nginx { + options.swarselsystems.modules.server.nginx = lib.mkEnableOption "enable nginx on server"; + config = lib.mkIf config.swarselsystems.modules.server.nginx { environment.systemPackages = with pkgs; [ lego ]; @@ -6149,8 +6262,8 @@ Here I am forcing =startWhenNeeded= to false so that the value will not be set t #+begin_src nix-ts :tangle modules/nixos/server/ssh.nix { self, lib, config, ... }: { - options.swarselmodules.server.ssh = lib.mkEnableOption "enable ssh on server"; - config = lib.mkIf config.swarselmodules.server.ssh { + options.swarselsystems.modules.server.ssh = lib.mkEnableOption "enable ssh on server"; + config = lib.mkIf config.swarselsystems.modules.server.ssh { services.openssh = { enable = true; startWhenNeeded = lib.mkForce false; @@ -6197,8 +6310,8 @@ Here I am forcing =startWhenNeeded= to false so that the value will not be set t serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; in { - options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; - config = lib.mkIf config.swarselmodules.server.${serviceName} { + options.swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; + config = lib.mkIf config.swarselsystems.modules.server.${serviceName} { environment.systemPackages = with pkgs; [ calibre ]; @@ -6268,8 +6381,8 @@ Here I am forcing =startWhenNeeded= to false so that the value will not be set t serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; in { - options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; - config = lib.mkIf config.swarselmodules.server.${serviceName} { + options.swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; + config = lib.mkIf config.swarselsystems.modules.server.${serviceName} { users.users.${serviceUser} = { extraGroups = [ "video" "render" "users" ]; }; @@ -6339,8 +6452,8 @@ Here I am forcing =startWhenNeeded= to false so that the value will not be set t serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; in { - options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; - config = lib.mkIf config.swarselmodules.server.${serviceName} { + options.swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; + config = lib.mkIf config.swarselsystems.modules.server.${serviceName} { environment.systemPackages = with pkgs; [ pciutils alsa-utils @@ -6482,8 +6595,8 @@ Here I am forcing =startWhenNeeded= to false so that the value will not be set t serviceGroup = serviceUser; in { - options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; - config = lib.mkIf config.swarselmodules.server.${serviceName} { + options.swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; + config = lib.mkIf config.swarselsystems.modules.server.${serviceName} { users.groups.${serviceGroup} = { gid = 65136; }; @@ -6533,8 +6646,8 @@ Here I am forcing =startWhenNeeded= to false so that the value will not be set t serviceName = "mpd"; in { - options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; - config = lib.mkIf config.swarselmodules.server.${serviceName} { + options.swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; + config = lib.mkIf config.swarselsystems.modules.server.${serviceName} { users = { groups = { mpd = { }; @@ -6599,7 +6712,7 @@ Here I am forcing =startWhenNeeded= to false so that the value will not be set t #+begin_src nix-ts :tangle modules/nixos/server/pipewire.nix { lib, config, ... }: { - config = lib.mkIf (config?swarselmodules.server.mpd || config?swarselmodules.server.navidrome) { + config = lib.mkIf (config?swarselsystems.modules.server.mpd || config?swarselsystems.modules.server.navidrome) { security.rtkit.enable = true; # this is required for pipewire real-time access @@ -6631,8 +6744,8 @@ Here I am forcing =startWhenNeeded= to false so that the value will not be set t postgresVersion = 14; in { - options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; - config = lib.mkIf config.swarselmodules.server.${serviceName} { + options.swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; + config = lib.mkIf config.swarselsystems.modules.server.${serviceName} { services = { ${serviceName} = { enable = true; @@ -6673,8 +6786,8 @@ Here I am forcing =startWhenNeeded= to false so that the value will not be set t ''; in { - options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; - config = lib.mkIf config.swarselmodules.server.${serviceName} { + options.swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; + config = lib.mkIf config.swarselsystems.modules.server.${serviceName} { environment.systemPackages = with pkgs; [ matrix-synapse lottieconverter @@ -7017,8 +7130,8 @@ Here I am forcing =startWhenNeeded= to false so that the value will not be set t serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; in { - options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; - config = lib.mkIf config.swarselmodules.server.${serviceName} { + options.swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; + config = lib.mkIf config.swarselsystems.modules.server.${serviceName} { sops.secrets = { nextcloud-admin-pw = { inherit sopsFile; owner = serviceUser; group = serviceGroup; mode = "0440"; }; @@ -7093,8 +7206,8 @@ Here I am forcing =startWhenNeeded= to false so that the value will not be set t serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; in { - options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; - config = lib.mkIf config.swarselmodules.server.${serviceName} { + options.swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; + config = lib.mkIf config.swarselsystems.modules.server.${serviceName} { users.users.${serviceUser} = { extraGroups = [ "video" "render" "users" ]; @@ -7180,8 +7293,8 @@ Also I install Tika and Gotenberg, which are needed to create PDFs out of =.eml= kanidmDomain = globals.services.kanidm.domain; in { - options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; - config = lib.mkIf config.swarselmodules.server.${serviceName} { + options.swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; + config = lib.mkIf config.swarselsystems.modules.server.${serviceName} { users.users.${serviceUser} = { extraGroups = [ "users" ]; @@ -7325,8 +7438,8 @@ Also I install Tika and Gotenberg, which are needed to create PDFs out of =.eml= prowlarrPort = 9696; in { - options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} and friends on server"; - config = lib.mkIf config.swarselmodules.server.${serviceName} { + options.swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} and friends on server"; + config = lib.mkIf config.swarselsystems.modules.server.${serviceName} { # this user/group section is probably unneeded users = { @@ -7492,56 +7605,21 @@ Also I install Tika and Gotenberg, which are needed to create PDFs out of =.eml= :END: #+begin_src nix-ts :tangle modules/nixos/server/syncthing.nix - { lib, config, configName, ... }: + { lib, config, ... }: let + inherit (config.repo.secrets.common) workHostName; + servicePort = 8384; serviceUser = "syncthing"; serviceGroup = serviceUser; serviceName = "syncthing"; - specificServiceName = "syncthing-${configName}"; - inherit (config.swarselsystems.syncthing) serviceDomain; - inherit (config.swarselsystems.syncthing) serviceIP; + serviceDomain = config.repo.secrets.common.services.domains.syncthing1; cfg = config.services.${serviceName}; - devices = config.swarselsystems.syncthing.syncDevices; in { - options = { - swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; - - swarselsystems.syncthing = { - serviceDomain = lib.mkOption { - type = lib.types.str; - default = config.repo.secrets.common.services.domains.syncthing1; - }; - serviceIP = lib.mkOption { - type = lib.types.str; - default = "192.168.1.2"; - }; - syncDevices = lib.mkOption { - type = lib.types.listOf lib.types.str; - default = [ "magicant" "winters" "pyramid" "moonside@oracle" ]; - }; - devices = lib.mkOption { - type = lib.types.attrs; - default = { - "magicant" = { - id = "VMWGEE2-4HDS2QO-KNQOVGN-LXLX6LA-666E4EK-ZBRYRRO-XFEX6FB-6E3XLQO"; - }; - "winters" = { - id = "O7RWDMD-AEAHPP7-7TAVLKZ-BSWNBTU-2VA44MS-EYGUNBB-SLHKB3C-ZSLMOAA"; - }; - "moonside@oracle" = { - id = "VPCDZB6-MGVGQZD-Q6DIZW3-IZJRJTO-TCC3QUQ-2BNTL7P-AKE7FBO-N55UNQE"; - }; - "pyramid" = { - id = "YAPV4BV-I26WPTN-SIP32MV-SQP5TBZ-3CHMTCI-Z3D6EP2-MNDQGLP-53FT3AB"; - }; - }; - }; - }; - }; - config = lib.mkIf config.swarselmodules.server.${serviceName} { + options.swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; + config = lib.mkIf config.swarselsystems.modules.server.${serviceName} { users.users.${serviceUser} = { extraGroups = [ "users" ]; @@ -7553,26 +7631,39 @@ Also I install Tika and Gotenberg, which are needed to create PDFs out of =.eml= networking.firewall.allowedTCPPorts = [ servicePort ]; - globals.services."${specificServiceName}".domain = serviceDomain; + globals.services."${serviceName}-${config.networking.hostName}".domain = serviceDomain; services.${serviceName} = rec { enable = true; user = serviceUser; group = serviceGroup; - dataDir = lib.mkDefault "/Vault/data/${serviceName}"; + dataDir = "/Vault/data/${serviceName}"; configDir = "${cfg.dataDir}/.config/${serviceName}"; guiAddress = "0.0.0.0:${builtins.toString servicePort}"; openDefaultPorts = true; # opens ports TCP/UDP 22000 and UDP 21027 for discovery relay.enable = false; settings = { urAccepted = -1; - inherit (config.swarselsystems.syncthing) devices; + devices = { + "magicant" = { + id = "VMWGEE2-4HDS2QO-KNQOVGN-LXLX6LA-666E4EK-ZBRYRRO-XFEX6FB-6E3XLQO"; + }; + "milkywell@oracle" = { + id = "ETW6TST-NPK7MKZ-M4LXMHA-QUPQHDT-VTSHH5X-CR5EIN2-YU7E55F-MGT7DQB"; + }; + "${workHostName}" = { + id = "YAPV4BV-I26WPTN-SIP32MV-SQP5TBZ-3CHMTCI-Z3D6EP2-MNDQGLP-53FT3AB"; + }; + "moonside@oracle" = { + id = "VPCDZB6-MGVGQZD-Q6DIZW3-IZJRJTO-TCC3QUQ-2BNTL7P-AKE7FBO-N55UNQE"; + }; + }; folders = { "Default Folder" = lib.mkForce { path = "${cfg.dataDir}/Sync"; type = "receiveonly"; versioning = null; - inherit devices; + devices = [ "milkywell@oracle" "magicant" "${workHostName}" "moonside@oracle" ]; id = "default"; }; "Obsidian" = { @@ -7582,7 +7673,7 @@ Also I install Tika and Gotenberg, which are needed to create PDFs out of =.eml= type = "simple"; params.keep = "5"; }; - inherit devices; + devices = [ "milkywell@oracle" "magicant" "${workHostName}" "moonside@oracle" ]; id = "yjvni-9eaa7"; }; "Org" = { @@ -7592,7 +7683,7 @@ Also I install Tika and Gotenberg, which are needed to create PDFs out of =.eml= type = "simple"; params.keep = "5"; }; - inherit devices; + devices = [ "milkywell@oracle" "magicant" "${workHostName}" "moonside@oracle" ]; id = "a7xnl-zjj3d"; }; "Vpn" = { @@ -7602,18 +7693,28 @@ Also I install Tika and Gotenberg, which are needed to create PDFs out of =.eml= type = "simple"; params.keep = "5"; }; - inherit devices; + devices = [ "milkywell@oracle" "magicant" "${workHostName}" "moonside@oracle" ]; id = "hgp9s-fyq3p"; }; + # "Documents" = { + # path = "${cfg.dataDir}/Documents"; + # type = "receiveonly"; + # versioning = { + # type = "simple"; + # params.keep = "5"; + # }; + # devices = [ "magicant" "${workHostName}" "moonside@oracle" ]; + # id = "hgr3d-pfu3w"; + # }; }; }; }; nodes.moonside.services.nginx = { upstreams = { - ${specificServiceName} = { + ${serviceName} = { servers = { - "${serviceIP}:${builtins.toString servicePort}" = { }; + "192.168.1.2:${builtins.toString servicePort}" = { }; }; }; }; @@ -7624,7 +7725,7 @@ Also I install Tika and Gotenberg, which are needed to create PDFs out of =.eml= acmeRoot = null; locations = { "/" = { - proxyPass = "http://${specificServiceName}"; + proxyPass = "http://${serviceName}"; extraConfig = '' client_max_body_size 0; ''; @@ -7650,8 +7751,8 @@ This manages backups for my pictures and obsidian files. inherit (config.swarselsystems) sopsFile; in { - options.swarselmodules.server.restic = lib.mkEnableOption "enable restic backups on server"; - config = lib.mkIf config.swarselmodules.server.restic { + options.swarselsystems.modules.server.restic = lib.mkEnableOption "enable restic backups on server"; + config = lib.mkIf config.swarselsystems.modules.server.restic { sops = { secrets = { @@ -7678,11 +7779,6 @@ This manages backups for my pictures and obsidian files. passwordFile = config.sops.secrets.resticpw.path; paths = [ "/Vault/data/paperless" - "/Vault/data/koillection" - "/Vault/data/postgresql" - "/Vault/data/firefly-iii" - "/Vault/data/radicale" - "/Vault/data/matrix-synapse" "/Vault/Eternor/Paperless" "/Vault/Eternor/Bilder" "/Vault/Eternor/Immich" @@ -7737,8 +7833,8 @@ This section exposes several metrics that I use to check the health of my server inherit (config.swarselsystems) sopsFile; in { - options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; - config = lib.mkIf config.swarselmodules.server.${serviceName} { + options.swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; + config = lib.mkIf config.swarselsystems.modules.server.${serviceName} { sops = { secrets = { @@ -7913,7 +8009,7 @@ This section exposes several metrics that I use to check the health of my server sslVerify = false; scrapeUri = "http://localhost/nginx_status"; }; - nextcloud = lib.mkIf config.swarselmodules.server.nextcloud { + nextcloud = lib.mkIf config.swarselsystems.modules.server.nextcloud { enable = true; port = 9205; url = "https://${serviceDomain}/ocs/v2.php/apps/serverinfo/api/v1/info"; @@ -7980,8 +8076,8 @@ This is a WIP Jenkins instance. It is used to automatically build a new system w serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; in { - options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; - config = lib.mkIf config.swarselmodules.server.${serviceName} { + options.swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; + config = lib.mkIf config.swarselsystems.modules.server.${serviceName} { services.jenkins = { enable = true; @@ -8035,8 +8131,8 @@ This was an approach of hosting an RSS server from within emacs. That would have servicePort = 9812; in { - options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} server on server"; - config = lib.mkIf config.swarselmodules.server.${serviceName} { + options.swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} server on server"; + config = lib.mkIf config.swarselsystems.modules.server.${serviceName} { networking.firewall.allowedTCPPorts = [ servicePort ]; @@ -8076,8 +8172,8 @@ FreshRSS claims to support HTTP header auth, but at least it does not work with inherit (config.swarselsystems) sopsFile; in { - options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; - config = lib.mkIf config.swarselmodules.server.${serviceName} { + options.swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; + config = lib.mkIf config.swarselsystems.modules.server.${serviceName} { users.users.${serviceUser} = { extraGroups = [ "users" ]; @@ -8191,8 +8287,8 @@ FreshRSS claims to support HTTP header auth, but at least it does not work with kanidmDomain = globals.services.kanidm.domain; in { - options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; - config = lib.mkIf config.swarselmodules.server.${serviceName} { + options.swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; + config = lib.mkIf config.swarselsystems.modules.server.${serviceName} { networking.firewall.allowedTCPPorts = [ servicePort ]; @@ -8354,8 +8450,8 @@ FreshRSS claims to support HTTP header auth, but at least it does not work with ankiUser = globals.user.name; in { - options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; - config = lib.mkIf config.swarselmodules.server.${serviceName} { + options.swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; + config = lib.mkIf config.swarselsystems.modules.server.${serviceName} { networking.firewall.allowedTCPPorts = [ servicePort ]; @@ -8443,8 +8539,8 @@ To get other URLs (token, etc.), use https:///oauth2/openid//oauth2/openid//oauth2/openid//oauth2/openid//oauth2/openid//oauth2/openid//oauth2/openid//oauth2/openid//oauth2/openid//oauth2/openid//oauth2/openid//oauth2/openid//oauth2/openid//oauth2/openid//oauth2/openid//oauth2/openid//oauth2/openid//oauth2/openid/= - - make user admin: =podman exec -it slink slink user:grant:role --email= ROLE_ADMIN= - - finally, disable new user registration in web ui - -#+begin_src nix-ts :tangle modules/nixos/server/slink.nix - { self, lib, config, ... }: - let - servicePort = 3000; - serviceName = "slink"; - serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; - serviceDir = "/var/lib/slink"; - - containerRev = "sha256:98b9442696f0a8cbc92f0447f54fa4bad227af5dcfd6680545fedab2ed28ddd9"; - in - { - options = { - swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; - }; - config = lib.mkIf config.swarselmodules.server.${serviceName} { - - virtualisation.oci-containers.containers.${serviceName} = { - image = "anirdev/slink@${containerRev}"; - environment = { - "ORIGIN" = "https://${serviceDomain}"; - "TZ" = config.repo.secrets.common.location.timezone; - "STORAGE_PROVIDER" = "local"; - "IMAGE_MAX_SIZE" = "50M"; - "USER_APPROVAL_REQUIRED" = "true"; - }; - ports = [ "${builtins.toString servicePort}:${builtins.toString servicePort}" ]; - volumes = [ - "${serviceDir}/var/data:/app/var/data" - "${serviceDir}/images:/app/slink/images" - ]; - }; - - systemd.tmpfiles.rules = [ - "d ${serviceDir}/var/data 0750 root root - -" - "d ${serviceDir}/images 0750 root root - -" - ]; - - networking.firewall.allowedTCPPorts = [ servicePort ]; - - environment.persistence."/persist".directories = lib.mkIf config.swarselsystems.isImpermanence [ - { directory = serviceDir; } - ]; - - topology.self.services.${serviceName} = { - name = lib.swarselsystems.toCapitalized serviceName; - info = "https://${serviceDomain}"; - icon = "${self}/files/topology-images/shlink.png"; - }; - globals.services.${serviceName}.domain = serviceDomain; - - services.nginx = { - upstreams = { - ${serviceName} = { - servers = { - "localhost:${builtins.toString servicePort}" = { }; - }; - }; - }; - virtualHosts = { - "${serviceDomain}" = { - enableACME = true; - forceSSL = true; - acmeRoot = null; - oauth2.enable = true; - oauth2.allowedGroups = [ "slink_access" ]; - locations = { - "/" = { - proxyPass = "http://${serviceName}"; - setOauth2Headers = false; - }; - "/image" = { - proxyPass = "http://${serviceName}"; - setOauth2Headers = false; - bypassAuth = true; - }; - }; - }; - }; - }; - }; - } -#+end_src - *** Darwin :PROPERTIES: :CUSTOM_ID: h:ac0cd8b3-06cf-4dca-ba73-6100c8fedb47 @@ -9773,23 +9762,23 @@ This section sets up all the imports that are used in the home-manager section. imports = [ ]; - options.swarselmodules.optional.darwin = lib.mkEnableOption "optional darwin settings"; - config = lib.mkIf config.swarselmodules.optional.darwin { - nix.settings.experimental-features = "nix-command flakes"; - nixpkgs = { - hostPlatform = "x86_64-darwin"; - overlays = [ outputs.overlays.default ]; - config = { - allowUnfree = true; + options.swarselsystems.modules.darwin.general = lib.mkEnableOption "darwin config"; + config = lib.mkIf config.swarselsystems.modules.darwin.general { + nix.settings.experimental-features = "nix-command flakes"; + nixpkgs = { + hostPlatform = "x86_64-darwin"; + overlays = [ outputs.overlays.default ]; + config = { + allowUnfree = true; + }; }; + + home-manager.users."${macUser}".imports = [ + "${self}/modules/home/darwin" + ]; + + system.stateVersion = 4; }; - - home-manager.users."${macUser}".imports = [ - "${self}/modules/home/darwin" - ]; - - system.stateVersion = 4; - }; } #+end_src @@ -9807,12 +9796,15 @@ These sets of configuration do not need to be deployed on every host, for a mult - The work profile is only used on my work laptop. #+begin_src nix-ts :tangle modules/nixos/optional/default.nix - { lib, ... }: + { self, lib, ... }: let importNames = lib.swarselsystems.readNix "modules/nixos/optional"; + modulesPath = "${self}/modules"; in { - imports = lib.swarselsystems.mkImports importNames "modules/nixos/optional"; + imports = lib.swarselsystems.mkImports importNames "modules/nixos/optional" ++ [ + "${modulesPath}/home/common/sharedsetup.nix" + ]; } #+end_src @@ -9827,8 +9819,8 @@ This opens a few gaming ports and installs the steam configuration suite for gam #+begin_src nix-ts :tangle modules/nixos/optional/gaming.nix { pkgs, lib, config, ... }: { - options.swarselmodules.optional.gaming = lib.mkEnableOption "optional gaming settings"; - config = lib.mkIf config.swarselmodules.optional.gaming { + options.swarselsystems.modules.optional.gaming = lib.mkEnableOption "optional gaming settings"; + config = lib.mkIf config.swarselsystems.modules.optional.gaming { programs.steam = { enable = true; package = pkgs.steam; @@ -9879,8 +9871,8 @@ This sets the VirtualBox configuration. Guest should not be enabled if not direl #+begin_src nix-ts :tangle modules/nixos/optional/virtualbox.nix { lib, config, pkgs, ... }: { - options.swarselmodules.optional.virtualbox = lib.mkEnableOption "optional VBox settings"; - config = lib.mkIf config.swarselmodules.optional.virtualbox { + options.swarselsystems.modules.optional.virtualbox = lib.mkEnableOption "optional VBox settings"; + config = lib.mkIf config.swarselsystems.modules.optional.virtualbox { specialisation = { VBox.configuration = { virtualisation.virtualbox = { @@ -9919,8 +9911,8 @@ This sets the VirtualBox configuration. Guest should not be enabled if not direl { lib, config, ... }: { - options.swarselmodules.optional.vmware = lib.mkEnableOption "optional vmware settings"; - config = lib.mkIf config.swarselmodules.optional.vmware { + options.swarselsystems.modules.optional.vmware = lib.mkEnableOption "optional vmware settings"; + config = lib.mkIf config.swarselsystems.modules.optional.vmware { virtualisation.vmware.host.enable = true; virtualisation.vmware.guest.enable = true; }; @@ -9937,8 +9929,8 @@ This smashes Atmosphere 1.3.2 on the switch, which is what I am currenty using. #+begin_src nix-ts :tangle modules/nixos/optional/nswitch-rcm.nix { lib, config, pkgs, ... }: { - options.swarselmodules.optional.nswitch-rcm = lib.mkEnableOption "optional nswitch-rcm settings"; - config = lib.mkIf config.swarselmodules.optional.nswitch-rcm { + options.swarselsystems.modules.optional.nswitch-rcm = lib.mkEnableOption "optional nswitch-rcm settings"; + config = lib.mkIf config.swarselsystems.modules.optional.nswitch-rcm { services.nswitch-rcm = { enable = true; package = pkgs.fetchurl { @@ -9963,8 +9955,8 @@ This holds configuration that is specific to framework laptops. imports = [ inputs.fw-fanctrl.nixosModules.default ]; - options.swarselmodules.optional.framework = lib.mkEnableOption "optional framework machine settings"; - config = lib.mkIf config.swarselmodules.optional.framework { + options.swarselsystems.modules.optional.framework = lib.mkEnableOption "optional framework machine settings"; + config = lib.mkIf config.swarselsystems.modules.optional.framework { services = { fwupd = { enable = true; @@ -9998,8 +9990,8 @@ This holds configuration that is specific to framework laptops. #+begin_src nix-ts :tangle modules/nixos/optional/amdcpu.nix { lib, config, ... }: { - options.swarselmodules.optional.amdcpu = lib.mkEnableOption "optional amd cpu settings"; - config = lib.mkIf config.swarselmodules.optional.amdcpu { + options.swarselsystems.modules.optional.amdcpu = lib.mkEnableOption "optional amd cpu settings"; + config = lib.mkIf config.swarselsystems.modules.optional.amdcpu { hardware = { cpu.amd.updateMicrocode = true; }; @@ -10016,8 +10008,8 @@ This holds configuration that is specific to framework laptops. #+begin_src nix-ts :tangle modules/nixos/optional/amdgpu.nix { lib, config, ... }: { - options.swarselmodules.optional.amdgpu = lib.mkEnableOption "optional amd gpu settings"; - config = lib.mkIf config.swarselmodules.optional.amdgpu { + options.swarselsystems.modules.optional.amdgpu = lib.mkEnableOption "optional amd gpu settings"; + config = lib.mkIf config.swarselsystems.modules.optional.amdgpu { hardware = { amdgpu = { opencl.enable = true; @@ -10039,8 +10031,8 @@ This holds configuration that is specific to framework laptops. #+begin_src nix-ts :tangle modules/nixos/optional/hibernation.nix { lib, config, ... }: { - options.swarselmodules.optional.hibernation = lib.mkEnableOption "optional amd gpu settings"; options.swarselsystems = { + modules.optional.hibernation = lib.mkEnableOption "optional amd gpu settings"; hibernation = { offset = lib.mkOption { type = lib.types.int; @@ -10052,7 +10044,7 @@ This holds configuration that is specific to framework laptops. }; }; }; - config = lib.mkIf config.swarselmodules.optional.hibernation { + config = lib.mkIf config.swarselsystems.modules.optional.hibernation { boot = { kernelParams = [ "resume_offset=${builtins.toString config.swarselsystems.hibernation.offset}" @@ -10071,8 +10063,8 @@ This holds configuration that is specific to framework laptops. #+begin_src nix-ts :tangle modules/nixos/optional/btrfs.nix { lib, config, ... }: { - options.swarselmodules.optional.btrfs = lib.mkEnableOption "optional btrfs settings"; - config = lib.mkIf config.swarselmodules.optional.btrfs { + options.swarselsystems.modules.optional.btrfs = lib.mkEnableOption "optional btrfs settings"; + config = lib.mkIf config.swarselsystems.modules.optional.btrfs { boot = { supportedFilesystems = [ "btrfs" ]; }; @@ -10115,8 +10107,8 @@ Options that I need specifically at work. There are more options at [[#h:f0b2ea9 }; in { - options.swarselmodules.optional.work = lib.mkEnableOption "optional work settings"; options.swarselsystems = { + modules.optional.work = lib.mkEnableOption "optional work settings"; hostName = lib.mkOption { type = lib.types.str; default = ""; @@ -10126,7 +10118,7 @@ Options that I need specifically at work. There are more options at [[#h:f0b2ea9 default = ""; }; }; - config = lib.mkIf config.swarselmodules.optional.work { + config = lib.mkIf config.swarselsystems.modules.optional.work { sops = let secretNames = [ @@ -10298,9 +10290,6 @@ Options that I need specifically at work. There are more options at [[#h:f0b2ea9 spice-protocol win-virtio win-spice - - powershell - gh ]; @@ -10391,32 +10380,297 @@ This section sets up all the imports that are used in the home-manager section. { lib, ... }: let importNames = lib.swarselsystems.readNix "modules/home/common"; - sharedNames = lib.swarselsystems.readNix "modules/shared"; in { - imports = lib.swarselsystems.mkImports importNames "modules/home/common" ++ - lib.swarselsystems.mkImports sharedNames "modules/shared"; + imports = lib.swarselsystems.mkImports importNames "modules/home/common"; } #+end_src -**** Mirror home-manager shared options (automatically active) +**** Shared Configuration Options (holds firefox & stylix config parts) :PROPERTIES: -:CUSTOM_ID: h:30b81bf9-1e69-4ce8-88af-5592896bcee4 +:CUSTOM_ID: h:79f7150f-b162-4f57-abdf-07f40dffd932 :END: +Provides settings related to nix-darwin systems. At the moment, I am only making use of a =isDarwin= flag. -#+begin_src nix-ts :tangle modules/home/common/sharedoptions.nix - { lib, config, nixosConfig ? null, ... }: - let - # mirrorAttrs = lib.mapAttrs (_: v: lib.mkDefault v) nixosConfig.swarselsystems; - inherit (lib) mkDefault mapAttrs filterAttrs; - mkDefaultCommonAttrs = base: defaults: - lib.mapAttrs (_: v: lib.mkDefault v) - (lib.filterAttrs (k: _: base ? ${k}) defaults); - in +At work I am using several services that are using SSO login - however, as I am using four different accounts at work, this becomes a chore here. Hence, I have defined multiple profiles in [[#h:f0b2ea93-94c8-48d8-8d47-6fe58f58e0e6][Work]] that are all practically using the same configuration. To save screen space, I template that profile here. +Set in firefox =about:config > toolkit.legacyUserProfileCustomizations.stylesheets= to true. This should in principle be set automatically using the below config, but it seems not to be working reliably + +For styling, I am using the [[https://github.com/danth/stylix][stylix]] NixOS module, loaded by flake. This package is really great, as it adds nix expressions for basically everything. Ever since switching to this, I did not have to play around with theming anywhere else. + +The full list of nerd-fonts can be found here: https://github.com/NixOS/nixpkgs/blob/nixos-unstable/pkgs/data/fonts/nerd-fonts/manifests/fonts.json + +This is where the theme for the whole OS is defined. Originally, this noweb-ref section could not be copied to the general NixOS config since they are on different folder structure levels in the config, which would have made the flake impure. By now, I have found out that using the =${self}= method for referencing the flake root, I could circumvent this problem. Also, the noweb-ref block could in general be replaced by a custom attribute set (see for example [[#h:e7f98ad8-74a6-4860-a368-cce154285ff0][firefox]]). The difference here was, for a long time, that this block is used in a NixOS and a home-manager-only configuration, verbatim. If I were to use an attribute set, I would have to duplicate this block once each for NixOS and home-manager. Alas, this block stays (for now). However, I learned how to use an attribute set in a custom home-manager module and pass it to both NixOS and home-manager configurations, which also removed the need for that use of it. + +#+begin_src nix-ts :noweb yes :tangle modules/home/common/sharedsetup.nix + { self, config, lib, pkgs, globals, minimal, ... }: { - # config.swarselsystems = mirrorAttrs; - config.swarselsystems = lib.mkIf (nixosConfig != null) (mkDefaultCommonAttrs config.swarselsystems nixosConfig.swarselsystems); + options.swarselsystems = { + isLaptop = lib.mkEnableOption "laptop host"; + isNixos = lib.mkEnableOption "nixos host"; + isPublic = lib.mkEnableOption "is a public machine (no secrets)"; + isDarwin = lib.mkEnableOption "darwin host"; + isLinux = lib.mkEnableOption "whether this is a linux machine"; + isBtrfs = lib.mkEnableOption "use btrfs filesystem"; + mainUser = lib.mkOption { + type = lib.types.str; + default = if (!minimal) then globals.user.name else "swarsel" ; + }; + sopsFile = lib.mkOption { + type = lib.types.str; + default = "${config.swarselsystems.flakePath}/secrets/${config.node.name}/secrets.yaml"; + }; + homeDir = lib.mkOption { + type = lib.types.str; + default = "/home/swarsel"; + }; + xdgDir = lib.mkOption { + type = lib.types.str; + default = "/run/user/1000"; + }; + flakePath = lib.mkOption { + type = lib.types.str; + default = "/home/swarsel/.dotfiles"; + }; + wallpaper = lib.mkOption { + type = lib.types.path; + default = "${self}/files/wallpaper/lenovowp.png"; + }; + sharescreen = lib.mkOption { + type = lib.types.str; + default = ""; + }; + lowResolution = lib.mkOption { + type = lib.types.str; + default = ""; + }; + highResolution = lib.mkOption { + type = lib.types.str; + default = ""; + }; + + stylix = lib.mkOption { + type = lib.types.attrs; + default = { + polarity = "dark"; + opacity.popups = 0.5; + cursor = { + package = pkgs.banana-cursor; + # package = pkgs.capitaine-cursors; + name = "Banana"; + # name = "capitaine-cursors"; + size = 16; + }; + fonts = { + sizes = { + terminal = 10; + applications = 11; + }; + serif = { + # package = (pkgs.nerdfonts.override { fonts = [ "FiraMono" "FiraCode"]; }); + package = pkgs.cantarell-fonts; + # package = pkgs.montserrat; + name = "Cantarell"; + # name = "FiraCode Nerd Font Propo"; + # name = "Montserrat"; + }; + sansSerif = { + # package = (pkgs.nerdfonts.override { fonts = [ "FiraMono" "FiraCode"]; }); + package = pkgs.cantarell-fonts; + # package = pkgs.montserrat; + name = "Cantarell"; + # name = "FiraCode Nerd Font Propo"; + # name = "Montserrat"; + }; + monospace = { + package = pkgs.nerd-fonts.fira-mono; # has overrides + name = "FiraCode Nerd Font Mono"; + }; + emoji = { + package = pkgs.noto-fonts-emoji; + name = "Noto Color Emoji"; + }; + }; + }; + }; + stylixHomeTargets = lib.mkOption { + type = lib.types.attrs; + default = { + emacs.enable = false; + waybar.enable = false; + sway.useWallpaper = false; + firefox.profileNames = [ "default" ]; + }; + }; + + firefox = lib.mkOption { + type = lib.types.attrs; + default = { + userChrome = builtins.readFile "${self}/files/firefox/chrome/userChrome.css"; + extensions = { + packages = with pkgs.nur.repos.rycee.firefox-addons; [ + tridactyl + tampermonkey + sidebery + browserpass + clearurls + darkreader + enhancer-for-youtube + istilldontcareaboutcookies + translate-web-pages + ublock-origin + reddit-enhancement-suite + sponsorblock + web-archives + onepassword-password-manager + single-file + widegithub + enhanced-github + unpaywall + don-t-fuck-with-paste + plasma-integration + noscript + + # configure a shortcut 'ctrl+shift+c' with behaviour 'do nothing' in order to disable the dev console shortcut + (buildFirefoxXpiAddon { + pname = "shortkeys"; + version = "4.0.2"; + addonId = "Shortkeys@Shortkeys.com"; + url = "https://addons.mozilla.org/firefox/downloads/file/3673761/shortkeys-4.0.2.xpi"; + sha256 = "c6fe12efdd7a871787ac4526eea79ecc1acda8a99724aa2a2a55c88a9acf467c"; + meta = with lib; + { + description = "Easily customizable custom keyboard shortcuts for Firefox. To configure this addon go to Addons (ctrl+shift+a) ->Shortkeys ->Options. Report issues here (please specify that the issue is found in Firefox): https://github.com/mikecrittenden/shortkeys"; + mozPermissions = [ + "tabs" + "downloads" + "clipboardWrite" + "browsingData" + "storage" + "bookmarks" + "sessions" + "" + ]; + platforms = platforms.all; + }; + }) + ]; + }; + + settings = + { + "extensions.autoDisableScopes" = 0; + "browser.bookmarks.showMobileBookmarks" = true; + "toolkit.legacyUserProfileCustomizations.stylesheets" = true; + "browser.search.suggest.enabled" = false; + "browser.search.suggest.enabled.private" = false; + "browser.urlbar.suggest.searches" = false; + "browser.urlbar.showSearchSuggestionsFirst" = false; + "browser.topsites.contile.enabled" = false; + "browser.newtabpage.activity-stream.feeds.section.topstories" = false; + "browser.newtabpage.activity-stream.feeds.snippets" = false; + "browser.newtabpage.activity-stream.section.highlights.includePocket" = false; + "browser.newtabpage.activity-stream.section.highlights.includeBookmarks" = false; + "browser.newtabpage.activity-stream.section.highlights.includeDownloads" = false; + "browser.newtabpage.activity-stream.section.highlights.includeVisited" = false; + "browser.newtabpage.activity-stream.showSponsored" = false; + "browser.newtabpage.activity-stream.system.showSponsored" = false; + "browser.newtabpage.activity-stream.showSponsoredTopSites" = false; + }; + + search = { + # default = "Kagi"; + default = "google"; + # privateDefault = "Kagi"; + privateDefault = "google"; + engines = { + "Kagi" = { + urls = [{ + template = "https://kagi.com/search"; + params = [ + { name = "q"; value = "{searchTerms}"; } + ]; + }]; + icon = "https://kagi.com/favicon.ico"; + updateInterval = 24 * 60 * 60 * 1000; # every day + definedAliases = [ "@k" ]; + }; + + "Nix Packages" = { + urls = [{ + template = "https://search.nixos.org/packages"; + params = [ + { name = "type"; value = "packages"; } + { name = "query"; value = "{searchTerms}"; } + ]; + }]; + icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; + definedAliases = [ "@np" ]; + }; + + "NixOS Wiki" = { + urls = [{ + template = "https://nixos.wiki/index.php?search={searchTerms}"; + }]; + icon = "https://nixos.wiki/favicon.png"; + updateInterval = 24 * 60 * 60 * 1000; # every day + definedAliases = [ "@nw" ]; + }; + + "NixOS Options" = { + urls = [{ + template = "https://search.nixos.org/options"; + params = [ + { name = "query"; value = "{searchTerms}"; } + ]; + }]; + + icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; + definedAliases = [ "@no" ]; + }; + + "Home Manager Options" = { + urls = [{ + template = "https://home-manager-options.extranix.com/"; + params = [ + { name = "query"; value = "{searchTerms}"; } + ]; + }]; + + icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; + definedAliases = [ "@hm" "@ho" "@hmo" ]; + }; + + "Confluence search" = { + urls = [{ + template = "https://vbc.atlassian.net/wiki/search"; + params = [ + { name = "text"; value = "{searchTerms}"; } + ]; + }]; + + definedAliases = [ "@c" "@cf" "@confluence" ]; + }; + + "Jira search" = { + urls = [{ + template = "https://vbc.atlassian.net/issues/"; + params = [ + { name = "jql"; value = "textfields ~ \"{searchTerms}*\"&wildcardFlag=true"; } + ]; + }]; + + definedAliases = [ "@j" "@jire" ]; + }; + + "google".metaData.alias = "@g"; + }; + force = true; # this is required because otherwise the search.json.mozlz4 symlink gets replaced on every firefox restart + }; + }; + }; + + }; } #+end_src @@ -10433,8 +10687,8 @@ Again, we adapt =nix= to our needs, enable the home-manager command for non-NixO inherit (config.swarselsystems) mainUser; in { - options.swarselmodules.general = lib.mkEnableOption "general nix settings"; - config = lib.mkIf config.swarselmodules.general { + options.swarselsystems.modules.general = lib.mkEnableOption "general nix settings"; + config = lib.mkIf config.swarselsystems.modules.general { nix = lib.mkIf (!config.swarselsystems.isNixos) { package = lib.mkForce pkgs.nixVersions.nix_2_28; extraOptions = '' @@ -10501,15 +10755,15 @@ It can be set to either: #+begin_src nix-ts :tangle modules/home/common/nixgl.nix { lib, config, nixgl, ... }: { - options.swarselmodules.nixgl = lib.mkEnableOption "nixgl settings"; options.swarselsystems = { + modules.nixgl = lib.mkEnableOption "nixgl settings"; isSecondaryGpu = lib.mkEnableOption "device has a secondary GPU"; SecondaryGpuCard = lib.mkOption { type = lib.types.str; default = ""; }; }; - config = lib.mkIf config.swarselmodules.nixgl { + config = lib.mkIf config.swarselsystems.modules.nixgl { nixGL = lib.mkIf (!config.swarselsystems.isNixos) { inherit (nixgl) packages; defaultWrapper = lib.mkDefault "mesa"; @@ -10550,8 +10804,8 @@ This holds packages that I can use as provided, or with small modifications (as { lib, config, pkgs, ... }: { - options.swarselmodules.packages = lib.mkEnableOption "packages settings"; - config = lib.mkIf config.swarselmodules.packages { + options.swarselsystems.modules.packages = lib.mkEnableOption "packages settings"; + config = lib.mkIf config.swarselsystems.modules.packages { home.packages = with pkgs; [ # audio stuff @@ -10745,8 +10999,8 @@ This is just a separate container for derivations defined in [[#h:64a5cc16-6b16- { lib, config, pkgs, ... }: { - options.swarselmodules.ownpackages = lib.mkEnableOption "own packages settings"; - config = lib.mkIf config.swarselmodules.ownpackages { + options.swarselsystems.modules.ownpackages = lib.mkEnableOption "own packages settings"; + config = lib.mkIf config.swarselsystems.modules.ownpackages { home.packages = with pkgs; lib.mkIf (!config.swarselsystems.isPublic) [ pass-fuzzel cdw @@ -10799,8 +11053,8 @@ I use sops-nix to handle secrets that I want to have available on my machines at inherit (config.swarselsystems) homeDir; in { - options.swarselmodules.sops = lib.mkEnableOption "sops settings"; - config = lib.mkIf config.swarselmodules.sops { + options.swarselsystems.modules.sops = lib.mkEnableOption "sops settings"; + config = lib.mkIf config.swarselsystems.modules.sops { sops = { age.sshKeyPaths = [ "${homeDir}/.ssh/sops" "${homeDir}/.ssh/ssh_host_ed25519_key" ]; defaultSopsFile = "${homeDir}/.dotfiles/secrets/general/secrets.yaml"; @@ -10817,14 +11071,14 @@ I use sops-nix to handle secrets that I want to have available on my machines at :END: #+begin_src nix-ts :tangle modules/home/common/yubikey.nix - { lib, config, nixosConfig ? config, ... }: + { lib, config, nixosConfig, ... }: let inherit (config.swarselsystems) homeDir; in { - options.swarselmodules.yubikey = lib.mkEnableOption "yubikey settings"; + options.swarselsystems.modules.yubikey = lib.mkEnableOption "yubikey settings"; - config = lib.mkIf config.swarselmodules.yubikey { + config = lib.mkIf config.swarselsystems.modules.yubikey { sops.secrets = lib.mkIf (!config.swarselsystems.isPublic) { u2f-keys = { path = "${homeDir}/.config/Yubico/u2f_keys"; }; @@ -10850,8 +11104,8 @@ It is very convenient to have SSH aliases in place for machines that I use. This #+begin_src nix-ts :tangle modules/home/common/ssh.nix { lib, config, ... }: { - options.swarselmodules.ssh = lib.mkEnableOption "ssh settings"; - config = lib.mkIf config.swarselmodules.ssh { + options.swarselsystems.modules.ssh = lib.mkEnableOption "ssh settings"; + config = lib.mkIf config.swarselsystems.modules.ssh { programs.ssh = { enable = true; forwardAgent = true; @@ -10910,16 +11164,16 @@ This section has been notably empty ever since switching to stylix. Only Emacs i =theme= is defined in [[#h:5bc1b0c9-dc59-4c81-b5b5-e60699deda78][Theme (stylix)]]. #+begin_src nix-ts :noweb yes :tangle modules/home/common/stylix.nix - { lib, config, vars, ... }: + { lib, config, ... }: { - options.swarselmodules.stylix = lib.mkEnableOption "stylix settings"; - config = lib.mkIf config.swarselmodules.stylix { + options.swarselsystems.modules.stylix = lib.mkEnableOption "stylix settings"; + config = lib.mkIf config.swarselsystems.modules.stylix { stylix = lib.mkIf (!config.swarselsystems.isNixos) (lib.recursiveUpdate { image = config.swarselsystems.wallpaper; - targets = vars.stylixHomeTargets; + targets = config.swarselsystems.stylixHomeTargets; } - vars.stylix); + config.swarselsystems.stylix); }; } #+end_src @@ -10936,8 +11190,8 @@ TODO: Non-NixOS machines (=sp3) should not use these by default, but instead the #+begin_src nix-ts :tangle modules/home/common/desktop.nix { lib, config, ... }: { - options.swarselmodules.desktop = lib.mkEnableOption "desktop settings"; - config = lib.mkIf config.swarselmodules.desktop { + options.swarselsystems.modules.desktop = lib.mkEnableOption "desktop settings"; + config = lib.mkIf config.swarselsystems.modules.desktop { xdg.desktopEntries = { cura = { @@ -11054,8 +11308,8 @@ Also in firefox `about:config > toolkit.legacyUserProfileCustomizations.styleshe #+begin_src nix-ts :tangle modules/home/common/symlink.nix { self, lib, config, ... }: { - options.swarselmodules.symlink = lib.mkEnableOption "symlink settings"; - config = lib.mkIf config.swarselmodules.symlink { + options.swarselsystems.modules.symlink = lib.mkEnableOption "symlink settings"; + config = lib.mkIf config.swarselsystems.modules.symlink { home.file = { "init.el" = lib.mkDefault { source = self + /files/emacs/init.el; @@ -11094,41 +11348,32 @@ Also in firefox `about:config > toolkit.legacyUserProfileCustomizations.styleshe Sets environment variables. Here I am only setting the EDITOR variable, most variables are set in the [[#h:02df9dfc-d1af-4a37-a7a0-d8da0af96a20][Sway]] section. #+begin_src nix-ts :tangle modules/home/common/env.nix - { lib, config, globals, nixosConfig ? config, ... }: - let - inherit (nixosConfig.repo.secrets.common.mail) address1 address2 address3 address4 allMailAddresses; - inherit (nixosConfig.repo.secrets.common.calendar) source1 source1-name source2 source2-name source3 source3-name; - inherit (nixosConfig.repo.secrets.common) fullName; - inherit (config.swarselsystems) isPublic; - crocDomain = globals.services.croc.domain; - in - { - options.swarselmodules.env = lib.mkEnableOption "env settings"; - config = lib.mkIf config.swarselmodules.env { - home.sessionVariables = { - EDITOR = "e -w"; - DISPLAY = ":0"; - SWARSEL_LO_RES = config.swarselsystems.lowResolution; - SWARSEL_HI_RES = config.swarselsystems.highResolution; - CROC_RELAY = lib.mkIf (!isPublic) crocDomain; - }; - systemd.user.sessionVariables = lib.mkIf (!isPublic) { - GITHUB_NOTIFICATION_TOKEN_PATH = nixosConfig.sops.secrets.github-notifications-token.path; - SWARSEL_MAIL1 = address1; - SWARSEL_MAIL2 = address2; - SWARSEL_MAIL3 = address3; - SWARSEL_MAIL4 = address4; - SWARSEL_CAL1 = source1; - SWARSEL_CAL1NAME = source1-name; - SWARSEL_CAL2 = source2; - SWARSEL_CAL2NAME = source2-name; - SWARSEL_CAL3 = source3; - SWARSEL_CAL3NAME = source3-name; - SWARSEL_FULLNAME = fullName; - SWARSEL_MAIL_ALL = allMailAddresses; - }; + { lib, config, globals, nixosConfig, ... }: + let + inherit (nixosConfig.repo.secrets.common.mail) address1 address2 address3 address4 allMailAddresses; + inherit (nixosConfig.repo.secrets.common) fullName; + crocDomain = globals.services.croc.domain; + in + { + options.swarselsystems.modules.env = lib.mkEnableOption "env settings"; + config = lib.mkIf config.swarselsystems.modules.env { + home.sessionVariables = { + EDITOR = "e -w"; + DISPLAY = ":0"; + CROC_RELAY = crocDomain; + SWARSEL_LO_RES = config.swarselsystems.lowResolution; + SWARSEL_HI_RES = config.swarselsystems.highResolution; }; - } + systemd.user.sessionVariables = lib.mkIf (config.swarselsystems.isNixos && !config.swarselsystems.isPublic) { + SWARSEL_MAIL1 = address1; + SWARSEL_MAIL2 = address2; + SWARSEL_MAIL3 = address3; + SWARSEL_MAIL4 = address4; + SWARSEL_FULLNAME = fullName; + SWARSEL_MAIL_ALL = allMailAddresses; + }; + }; + } #+end_src **** General Programs: bottom, imv, sioyek, bat, carapace, wlogout, swayr, yt-dlp, mpv, jq, nix-index, ripgrep, pandoc, fzf, zoxide @@ -11141,8 +11386,8 @@ This section is for programs that require no further configuration. zsh Integrat #+begin_src nix-ts :tangle modules/home/common/programs.nix { lib, config, pkgs, ... }: { - options.swarselmodules.programs = lib.mkEnableOption "programs settings"; - config = lib.mkIf config.swarselmodules.programs { + options.swarselsystems.modules.programs = lib.mkEnableOption "programs settings"; + config = lib.mkIf config.swarselsystems.modules.programs { programs = { bottom.enable = true; imv.enable = true; @@ -11182,8 +11427,8 @@ nix-index provides a way to find out which packages are provided by which deriva #+begin_src nix-ts :tangle modules/home/common/nix-index.nix { self, lib, config, pkgs, ... }: { - options.swarselmodules.nix-index = lib.mkEnableOption "nix-index settings"; - config = lib.mkIf config.swarselmodules.nix-index { + options.swarselsystems.modules.nix-index = lib.mkEnableOption "nix-index settings"; + config = lib.mkIf config.swarselsystems.modules.nix-index { programs.nix-index = let commandNotFound = pkgs.runCommandLocal "command-not-found.sh" { } '' @@ -11216,8 +11461,8 @@ Enables password store with the =pass-otp= extension which allows me to store an #+begin_src nix-ts :tangle modules/home/common/password-store.nix { lib, config, pkgs, ... }: { - options.swarselmodules.passwordstore = lib.mkEnableOption "passwordstore settings"; - config = lib.mkIf config.swarselmodules.passwordstore { + options.swarselsystems.modules.passwordstore = lib.mkEnableOption "passwordstore settings"; + config = lib.mkIf config.swarselsystems.modules.passwordstore { programs.password-store = { enable = true; settings = { @@ -11239,8 +11484,8 @@ Enables direnv, which I use for nearly all of my nix dev flakes. #+begin_src nix-ts :tangle modules/home/common/direnv.nix { lib, config, ... }: { - options.swarselmodules.direnv = lib.mkEnableOption "direnv settings"; - config = lib.mkIf config.swarselmodules.direnv { + options.swarselsystems.modules.direnv = lib.mkEnableOption "direnv settings"; + config = lib.mkIf config.swarselsystems.modules.direnv { programs.direnv = { enable = true; silent = true; @@ -11260,8 +11505,8 @@ Eza provides me with a better =ls= command and some other useful aliases. #+begin_src nix-ts :tangle modules/home/common/eza.nix { lib, config, ... }: { - options.swarselmodules.eza = lib.mkEnableOption "eza settings"; - config = lib.mkIf config.swarselmodules.eza { + options.swarselsystems.modules.eza = lib.mkEnableOption "eza settings"; + config = lib.mkIf config.swarselsystems.modules.eza { programs.eza = { enable = true; icons = "auto"; @@ -11286,8 +11531,8 @@ Eza provides me with a better =ls= command and some other useful aliases. atuinDomain = globals.services.atuin.domain; in { - options.swarselmodules.atuin = lib.mkEnableOption "atuin settings"; - config = lib.mkIf config.swarselmodules.atuin { + options.swarselsystems.modules.atuin = lib.mkEnableOption "atuin settings"; + config = lib.mkIf config.swarselsystems.modules.atuin { programs.atuin = { enable = true; enableZshIntegration = true; @@ -11309,7 +11554,7 @@ Eza provides me with a better =ls= command and some other useful aliases. Here I set up my git config, automatic signing of commits, useful aliases for my ost used commands (for when I am not using [[#h:d2c7323d-f8c6-4f23-b70a-930e3e4ecce5][Magit]]) as well as a git template defined in [[#h:5ef03803-e150-41bc-b603-e80d60d96efc][Linking dotfiles]]. #+begin_src nix-ts :tangle modules/home/common/git.nix - { lib, config, globals, minimal, nixosConfig ? config, ... }: + { lib, config, globals, minimal, nixosConfig, ... }: let inherit (nixosConfig.repo.secrets.common.mail) address1; inherit (nixosConfig.repo.secrets.common) fullName; @@ -11317,8 +11562,8 @@ Here I set up my git config, automatic signing of commits, useful aliases for my gitUser = globals.user.name; in { - options.swarselmodules.git = lib.mkEnableOption "git settings"; - config = lib.mkIf config.swarselmodules.git { + options.swarselsystems.modules.git = lib.mkEnableOption "git settings"; + config = lib.mkIf config.swarselsystems.modules.git { programs.git = { enable = true; } // lib.optionalAttrs (!minimal) { @@ -11370,8 +11615,8 @@ Here I only need to set basic layout options - the rest is being managed by styl #+begin_src nix-ts :tangle modules/home/common/fuzzel.nix { lib, config, ... }: { - options.swarselmodules.fuzzel = lib.mkEnableOption "fuzzel settings"; - config = lib.mkIf config.swarselmodules.fuzzel { + options.swarselsystems.modules.fuzzel = lib.mkEnableOption "fuzzel settings"; + config = lib.mkIf config.swarselsystems.modules.fuzzel { programs.fuzzel = { enable = true; settings = { @@ -11397,8 +11642,8 @@ Starship makes my =zsh= look cooler! I have symbols for most programming languag #+begin_src nix-ts :tangle modules/home/common/starship.nix { lib, config, ... }: { - options.swarselmodules.starship = lib.mkEnableOption "starship settings"; - config = lib.mkIf config.swarselmodules.starship { + options.swarselsystems.modules.starship = lib.mkEnableOption "starship settings"; + config = lib.mkIf config.swarselsystems.modules.starship { programs.starship = { enable = true; enableZshIntegration = true; @@ -11533,8 +11778,8 @@ The theme is handled by stylix. #+begin_src nix-ts :tangle modules/home/common/kitty.nix { lib, config, ... }: { - options.swarselmodules.kitty = lib.mkEnableOption "kitty settings"; - config = lib.mkIf config.swarselmodules.kitty { + options.swarselsystems.modules.kitty = lib.mkEnableOption "kitty settings"; + config = lib.mkIf config.swarselsystems.modules.kitty { programs.kitty = { enable = true; keybindings = { }; @@ -11580,22 +11825,22 @@ lib.mkMerge [ zshConfigEarlyInit zshConfig ]; Currently I only use it as before with =initExtra= though. #+begin_src nix-ts :tangle modules/home/common/zsh.nix - { config, lib, minimal, nixosConfig ? config, ... }: + { config, lib, minimal, ... }: let inherit (config.swarselsystems) flakePath; in { - options.swarselmodules.zsh = lib.mkEnableOption "zsh settings"; options.swarselsystems = { + modules.zsh = lib.mkEnableOption "zsh settings"; shellAliases = lib.mkOption { type = lib.types.attrsOf lib.types.str; default = { }; }; }; - config = lib.mkIf config.swarselmodules.zsh + config = lib.mkIf config.swarselsystems.modules.zsh { - sops.secrets = lib.mkIf (!config.swarselsystems.isPublic && !config.swarselsystems.isNixos) { + sops.secrets = { croc-password = { }; }; @@ -11608,10 +11853,9 @@ Currently I only use it as before with =initExtra= though. hg = "history | grep"; hmswitch = "home-manager --flake ${flakePath}#$(whoami)@$(hostname) switch |& nom"; # nswitch = "sudo nixos-rebuild --flake ${flakePath}#$(hostname) --show-trace --log-format internal-json -v switch |& nom --json"; - nswitch = "cd ${flakePath}; swarsel-deploy $(hostname) switch; cd -;"; - nboot = "cd ${flakePath}; swarsel-deploy $(hostname) boot; cd -;"; - ndry = "cd ${flakePath}; swarsel-deploy $(hostname) dry-activate; cd -;"; + nswitch = "swarsel-deploy $(hostname) switch"; # nboot = "sudo nixos-rebuild --flake ${flakePath}#$(hostname) --show-trace --log-format internal-json -v boot |& nom --json"; + nboot = "swarsel-deploy $(hostname) boot"; magit = "emacsclient -nc -e \"(magit-status)\""; config = "git --git-dir=$HOME/.cfg/ --work-tree=$HOME"; g = "git"; @@ -11703,7 +11947,7 @@ Currently I only use it as before with =initExtra= though. # ctrl + del bindkey '^H' my-backward-delete-word - export CROC_PASS="$(cat ${nixosConfig.sops.secrets.croc-password.path})" + export CROC_PASS="$(cat ${config.sops.secrets.croc-password.path})" ''; }; }; @@ -11717,8 +11961,8 @@ Currently I only use it as before with =initExtra= though. #+begin_src nix-ts :tangle modules/home/common/zellij.nix { self, lib, config, pkgs, ... }: { - options.swarselmodules.zellij = lib.mkEnableOption "zellij settings"; - config = lib.mkIf config.swarselmodules.zellij { + options.swarselsystems.modules.zellij = lib.mkEnableOption "zellij settings"; + config = lib.mkIf config.swarselsystems.modules.zellij { programs.zellij = { enable = true; enableZshIntegration = true; @@ -11756,8 +12000,8 @@ Currently I only use it as before with =initExtra= though. }; in { - options.swarselmodules.tmux = lib.mkEnableOption "tmux settings"; - config = lib.mkIf config.swarselmodules.tmux { + options.swarselsystems.modules.tmux = lib.mkEnableOption "tmux settings"; + config = lib.mkIf config.swarselsystems.modules.tmux { home.packages = with pkgs; [ lsof sesh @@ -11851,17 +12095,17 @@ Currently I only use it as before with =initExtra= though. Normally I use 4 mail accounts - here I set them all up. Three of them are Google accounts (sadly), which are a chore to setup. The last is just a sender account that I setup SMTP for here. #+begin_src nix-ts :tangle modules/home/common/mail.nix - { lib, config, nixosConfig ? config, ... }: + { lib, config, nixosConfig, ... }: let inherit (nixosConfig.repo.secrets.common.mail) address1 address2 address2-name address3 address3-name address4 address4-user address4-host; inherit (nixosConfig.repo.secrets.common) fullName; inherit (config.swarselsystems) xdgDir; in { - options.swarselmodules.mail = lib.mkEnableOption "mail settings"; - config = lib.mkIf config.swarselmodules.mail { + options.swarselsystems.modules.mail = lib.mkEnableOption "mail settings"; + config = lib.mkIf config.swarselsystems.modules.mail { - sops.secrets = lib.mkIf (!config.swarselsystems.isPublic && !config.swarselsystems.isNixos) { + sops.secrets = lib.mkIf (!config.swarselsystems.isPublic) { address1-token = { path = "${xdgDir}/secrets/address1-token"; }; address2-token = { path = "${xdgDir}/secrets/address2-token"; }; address3-token = { path = "${xdgDir}/secrets/address3-token"; }; @@ -11895,7 +12139,7 @@ Normally I use 4 mail accounts - here I set them all up. Three of them are Googl address = address1; userName = address1; realName = fullName; - passwordCommand = "cat ${nixosConfig.sops.secrets.address1-token.path}"; + passwordCommand = "cat ${config.sops.secrets.address1-token.path}"; gpg = { key = "0x76FD3810215AE097"; signByDefault = true; @@ -11927,7 +12171,7 @@ Normally I use 4 mail accounts - here I set them all up. Three of them are Googl address = address4; userName = address4-user; realName = fullName; - passwordCommand = "cat ${nixosConfig.sops.secrets.address4-token.path}"; + passwordCommand = "cat ${config.sops.secrets.address4-token.path}"; smtp = { host = address4-host; port = 587; @@ -11950,7 +12194,7 @@ Normally I use 4 mail accounts - here I set them all up. Three of them are Googl address = address2; userName = address2; realName = address2-name; - passwordCommand = "cat ${nixosConfig.sops.secrets.address2-token.path}"; + passwordCommand = "cat ${config.sops.secrets.address2-token.path}"; imap.host = "imap.gmail.com"; smtp.host = "smtp.gmail.com"; msmtp.enable = true; @@ -11977,7 +12221,7 @@ Normally I use 4 mail accounts - here I set them all up. Three of them are Googl address = address3; userName = address3; realName = address3-name; - passwordCommand = "cat ${nixosConfig.sops.secrets.address3-token.path}"; + passwordCommand = "cat ${config.sops.secrets.address3-token.path}"; imap.host = "imap.gmail.com"; smtp.host = "smtp.gmail.com"; msmtp.enable = true; @@ -12016,29 +12260,15 @@ By using the emacs-overlay NixOS module, I can install all Emacs packages that I Lastly, I am defining some more packages here that the parser has problems finding. Also there are some packages that are not in ELPA or MELPA that I still want to use, like =calfw= and =fast-scroll=, so I build them here. #+begin_src nix-ts :tangle modules/home/common/emacs.nix - { self, lib, config, pkgs, globals, ... }: + { self, lib, config, pkgs, ... }: let - inherit (config.swarselsystems) homeDir isPublic isNixos; - inherit (config.repo.secrets.common.emacs) radicaleUser; + inherit (config.swarselsystems) homeDir isPublic; in { - options.swarselmodules.emacs = lib.mkEnableOption "emacs settings"; - config = lib.mkIf config.swarselmodules.emacs { + options.swarselsystems.modules.emacs = lib.mkEnableOption "emacs settings"; + config = lib.mkIf config.swarselsystems.modules.emacs { # needed for elfeed - sops = lib.mkIf (!isPublic && !isNixos) { - secrets = { - fever-pw = { path = "${homeDir}/.emacs.d/.fever"; }; - emacs-radicale-pw = { }; - }; - templates = { - authinfo = { - path = "${homeDir}/.emacs.d/.authinfo"; - content = '' - machine ${globals.services.radicale.domain} login ${radicaleUser} password ${config.sops.placeholder.emacs-radicale-pw} - ''; - }; - }; - }; + sops.secrets.fever-pw = lib.mkIf (!isPublic) { path = "${homeDir}/.emacs.d/.fever"; }; # enable emacs overlay for bleeding edge features # also read init.el file and install use-package packages @@ -12151,8 +12381,8 @@ The rest of the related configuration is found here: ]; in { - options.swarselmodules.waybar = lib.mkEnableOption "waybar settings"; options.swarselsystems = { + modules.waybar = lib.mkEnableOption "waybar settings"; cpuCount = lib.mkOption { type = lib.types.int; default = 8; @@ -12181,7 +12411,7 @@ The rest of the related configuration is found here: internal = true; }; }; - config = lib.mkIf config.swarselmodules.waybar { + config = lib.mkIf config.swarselsystems.modules.waybar { swarselsystems = { waybarModules = lib.mkIf config.swarselsystems.isLaptop (modulesLeft ++ [ @@ -12189,7 +12419,7 @@ The rest of the related configuration is found here: ] ++ modulesRight); }; - sops.secrets = lib.mkIf (!config.swarselsystems.isPublic && !config.swarselsystems.isNixos) { + sops.secrets = lib.mkIf (!config.swarselsystems.isPublic) { github-notifications-token = { path = "${xdgDir}/secrets/github-notifications-token"; }; }; @@ -12460,10 +12690,10 @@ Also, I setup some search aliases for functions I often use, such as NixOS optio I used to build the firefox addon =bypass-paywalls-clean= myself here, but the maintainer always deletes old packages, and it became a chore for me to maintain here, so I no longer do that. #+begin_src nix-ts :tangle modules/home/common/firefox.nix - { config, pkgs, lib, vars, ... }: + { config, pkgs, lib, ... }: { - options.swarselmodules.firefox = lib.mkEnableOption "firefox settings"; - config = lib.mkIf config.swarselmodules.firefox { + options.swarselsystems.modules.firefox = lib.mkEnableOption "firefox settings"; + config = lib.mkIf config.swarselsystems.modules.firefox { programs.firefox = { enable = true; package = pkgs.firefox; # uses overrides @@ -12605,7 +12835,7 @@ I used to build the firefox addon =bypass-paywalls-clean= myself here, but the m "browser.startup.homepage" = "https://lobste.rs"; }; } - vars.firefox; + config.swarselsystems.firefox; }; }; }; @@ -12629,8 +12859,8 @@ Used for storing sessions in e.g. Nextcloud #+begin_src nix-ts :tangle modules/home/common/gnome-keyring.nix { lib, config, ... }: { - options.swarselmodules.gnome-keyring = lib.mkEnableOption "gnome keyring settings"; - config = lib.mkIf config.swarselmodules.gnome-keyring { + options.swarselsystems.modules.gnome-keyring = lib.mkEnableOption "gnome keyring settings"; + config = lib.mkIf config.swarselsystems.modules.gnome-keyring { services.gnome-keyring = lib.mkIf (!config.swarselsystems.isNixos) { enable = true; }; @@ -12648,8 +12878,8 @@ This enables phone/computer communication, including sending clipboard, files et #+begin_src nix-ts :tangle modules/home/common/kdeconnect.nix { lib, config, ... }: { - options.swarselmodules.kdeconnect = lib.mkEnableOption "kdeconnect settings"; - config = lib.mkIf config.swarselmodules.kdeconnect { + options.swarselsystems.modules.kdeconnect = lib.mkEnableOption "kdeconnect settings"; + config = lib.mkIf config.swarselsystems.modules.kdeconnect { services.kdeconnect = { enable = true; indicator = true; @@ -12671,8 +12901,8 @@ The `extraConfig` section here CANNOT be reindented. This has something to do wi #+begin_src nix-ts :tangle modules/home/common/mako.nix { lib, config, ... }: { - options.swarselmodules.mako = lib.mkEnableOption "mako settings"; - config = lib.mkIf config.swarselmodules.mako { + options.swarselsystems.modules.mako = lib.mkEnableOption "mako settings"; + config = lib.mkIf config.swarselsystems.modules.mako { services.mako = { enable = true; settings = { @@ -12714,8 +12944,8 @@ The `extraConfig` section here CANNOT be reindented. This has something to do wi #+begin_src nix-ts :tangle modules/home/common/swayosd.nix { lib, pkgs, config, ... }: { - options.swarselmodules.swayosd = lib.mkEnableOption "swayosd settings"; - config = lib.mkIf config.swarselmodules.swayosd { + options.swarselsystems.modules.swayosd = lib.mkEnableOption "swayosd settings"; + config = lib.mkIf config.swarselsystems.modules.swayosd { services.swayosd = { enable = true; package = pkgs.dev.swayosd; @@ -12733,8 +12963,8 @@ The `extraConfig` section here CANNOT be reindented. This has something to do wi #+begin_src nix-ts :tangle modules/home/common/yubikey-touch-detector.nix { lib, config, pkgs, ... }: { - options.swarselmodules.yubikeytouch = lib.mkEnableOption "yubikey touch detector service settings"; - config = lib.mkIf config.swarselmodules.yubikeytouch { + options.swarselsystems.modules.yubikeytouch = lib.mkEnableOption "yubikey touch detector service settings"; + config = lib.mkIf config.swarselsystems.modules.yubikeytouch { systemd.user.services.yubikey-touch-detector = { Unit = { Description = "Detects when your YubiKey is waiting for a touch"; @@ -12783,8 +13013,8 @@ Currently, I am too lazy to explain every option here, but most of it is very se }; in { - options.swarselmodules.sway = lib.mkEnableOption "sway settings"; options.swarselsystems = { + modules.sway = lib.mkEnableOption "sway settings"; inputs = lib.mkOption { type = lib.types.attrsOf (lib.types.attrsOf lib.types.str); default = { }; @@ -12849,7 +13079,7 @@ Currently, I am too lazy to explain every option here, but most of it is very se internal = true; }; }; - config = lib.mkIf config.swarselmodules.sway { + config = lib.mkIf config.swarselsystems.modules.sway { swarselsystems = { touchpad = lib.mkIf config.swarselsystems.isLaptop { "type:touchpad" = { @@ -12894,6 +13124,8 @@ Currently, I am too lazy to explain every option here, but most of it is very se "${modifier}+Space" = "exec fuzzel"; "${modifier}+Shift+Space" = "floating toggle"; "${modifier}+e" = "exec emacsclient -nquc -a emacs -e \"(dashboard-open)\""; + "${modifier}+Shift+m" = "exec emacsclient -nquc -a emacs -e \"(mu4e)\""; + "${modifier}+Shift+c" = "exec emacsclient -nquc -a emacs -e \"(swarsel/open-calendar)\""; "${modifier}+m" = "exec swaymsg workspace back_and_forth"; "${modifier}+a" = "exec swarselcheck -s"; "${modifier}+x" = "exec swarselcheck -k"; @@ -12902,10 +13134,7 @@ Currently, I am too lazy to explain every option here, but most of it is very se "${modifier}+Shift+t" = "exec opacitytoggle"; "${modifier}+Shift+F12" = "move scratchpad"; "${modifier}+F12" = "scratchpad show"; - "${modifier}+Shift+c" = "exec qalculate-gtk"; - "${modifier}+c" = "emacsclient -e '(prot-window-popup-org-capture)'"; - "${modifier}+Shift+m" = "emacsclient -e '(prot-window-popup-mu4e)'"; - "${modifier}+Shift+a" = "emacsclient -e '(prot-window-popup-swarsel/open-calendar)'"; + "${modifier}+c" = "exec qalculate-gtk"; "${modifier}+p" = "exec pass-fuzzel"; "${modifier}+o" = "exec pass-fuzzel --otp"; "${modifier}+Shift+p" = "exec pass-fuzzel --type"; @@ -13038,7 +13267,6 @@ Currently, I am too lazy to explain every option here, but most of it is very se { title = "^Add$"; } { title = "^Picture-in-Picture$"; } { title = "Syncthing Tray"; } - { title = "Emacs Popup Frame"; } { title = "^spotifytui$"; } { title = "^kittyterm$"; } { app_id = "vesktop"; } @@ -13198,8 +13426,8 @@ Currently, I am too lazy to explain every option here, but most of it is very se #+begin_src nix-ts :tangle modules/home/common/kanshi.nix { lib, config, ... }: { - options.swarselmodules.kanshi = lib.mkEnableOption "kanshi settings"; - config = lib.mkIf config.swarselmodules.kanshi { + options.swarselsystems.modules.kanshi = lib.mkEnableOption "kanshi settings"; + config = lib.mkIf config.swarselsystems.modules.kanshi { swarselsystems = { monitors = { homedesktop = { @@ -13299,8 +13527,8 @@ Settinfs that are needed for the gpg-agent. Also we are enabling emacs support f inherit (config.swarselsystems) mainUser homeDir; in { - options.swarselmodules.gpgagent = lib.mkEnableOption "gpg agent settings"; - config = lib.mkIf config.swarselmodules.gpgagent { + options.swarselsystems.modules.gpgagent = lib.mkEnableOption "gpg agent settings"; + config = lib.mkIf config.swarselsystems.modules.gpgagent { services.gpg-agent = { enable = true; enableZshIntegration = true; @@ -13346,13 +13574,13 @@ Settinfs that are needed for the gpg-agent. Also we are enabling emacs support f This service changes the screen hue at night. I am not sure if that really does something, but I like the color anyways. #+begin_src nix-ts :tangle modules/home/common/gammastep.nix - { lib, config, nixosConfig ? config, ... }: + { lib, config, nixosConfig, ... }: let inherit (nixosConfig.repo.secrets.common.location) latitude longitude; in { - options.swarselmodules.gammastep = lib.mkEnableOption "gammastep settings"; - config = lib.mkIf config.swarselmodules.gammastep { + options.swarselsystems.modules.gammastep = lib.mkEnableOption "gammastep settings"; + config = lib.mkIf config.swarselsystems.modules.gammastep { services.gammastep = lib.mkIf (config.swarselsystems.isNixos && !config.swarselsystems.isPublic) { enable = true; provider = "manual"; @@ -13383,6 +13611,7 @@ This section sets up all the imports that are used in the home-manager section. { imports = lib.swarselsystems.mkImports importNames "modules/home/server" ++ [ "${modulesPath}/home/common/settings.nix" + "${modulesPath}/home/common/sharedsetup.nix" ]; } #+end_src @@ -13399,8 +13628,8 @@ As for the `home.sessionVariables`, it should be noted that environment variable #+begin_src nix-ts :tangle modules/home/server/symlink.nix { self, lib, config, ... }: { - options.swarselmodules.server.dotfiles = lib.mkEnableOption "server dotfiles settings"; - config = lib.mkIf config.swarselmodules.server.dotfiles { + options.swarselsystems.modules.server.dotfiles = lib.mkEnableOption "server dotfiles settings"; + config = lib.mkIf config.swarselsystems.modules.server.dotfiles { home.file = { "init.el" = lib.mkForce { source = self + /files/emacs/server.el; @@ -13426,11 +13655,9 @@ This section sets up all the imports that are used in the home-manager section. #+begin_src nix-ts :tangle modules/home/darwin/default.nix { self, ... }: { - home.stateVersion = "23.05"; imports = [ "${self}/modules/home/common/settings.nix" - "${self}/modules/shared/options.nix" - "${self}/modules/shared/vars.nix" + "${self}/modules/home/common/sharedsetup.nix" ]; } #+end_src @@ -13462,8 +13689,8 @@ The rest of the settings is at [[#h:fb3f3e01-7df4-4b06-9e91-aa9cac61a431][gaming #+begin_src nix-ts :tangle modules/home/optional/gaming.nix { lib, config, pkgs, ... }: { - options.swarselmodules.optional.gaming = lib.mkEnableOption "optional gaming settings"; - config = lib.mkIf config.swarselmodules.optional.gaming { + options.swarselsystems.modules.optional.gaming = lib.mkEnableOption "optional gaming settings"; + config = lib.mkIf config.swarselsystems.modules.optional.gaming { # specialisation = { # gaming.configuration = { home.packages = with pkgs; [ @@ -13510,13 +13737,13 @@ The rest of the settings is at [[#h:fb3f3e01-7df4-4b06-9e91-aa9cac61a431][gaming The rest of the settings is at [[#h:bbf2ecb6-c8ff-4462-b5d5-d45b28604ddf][work]]. Here, I am setting up the different firefox profiles that I need for the SSO sites that I need to access at work as well as a few ssh shorthands. #+begin_src nix-ts :tangle modules/home/optional/work.nix :noweb yes - { self, config, pkgs, lib, vars, nixosConfig ? config, ... }: + { self, config, pkgs, lib, nixosConfig, ... }: let inherit (config.swarselsystems) homeDir; in { - options.swarselmodules.optional.work = lib.mkEnableOption "optional work settings"; - config = lib.mkIf config.swarselmodules.optional.work { + options.swarselsystems.modules.optional.work = lib.mkEnableOption "optional work settings"; + config = lib.mkIf config.swarselsystems.modules.optional.work { home.packages = with pkgs; [ stable.teams-for-linux shellcheck @@ -13638,7 +13865,7 @@ The rest of the settings is at [[#h:bbf2ecb6-c8ff-4462-b5d5-d45b28604ddf][work]] "browser.startup.homepage" = "${site1}|${site2}"; }; } - vars.firefox; + config.swarselsystems.firefox; "${user2}" = lib.recursiveUpdate { inherit isDefault; @@ -13647,13 +13874,13 @@ The rest of the settings is at [[#h:bbf2ecb6-c8ff-4462-b5d5-d45b28604ddf][work]] "browser.startup.homepage" = "${site3}"; }; } - vars.firefox; + config.swarselsystems.firefox; "${user3}" = lib.recursiveUpdate { inherit isDefault; id = 3; } - vars.firefox; + config.swarselsystems.firefox; work = lib.recursiveUpdate { inherit isDefault; @@ -13662,7 +13889,7 @@ The rest of the settings is at [[#h:bbf2ecb6-c8ff-4462-b5d5-d45b28604ddf][work]] "browser.startup.homepage" = "${site4}|${site5}|${site6}|${site7}"; }; } - vars.firefox; + config.swarselsystems.firefox; }; }; @@ -13971,8 +14198,8 @@ This holds configuration that is specific to framework laptops. #+begin_src nix-ts :tangle modules/home/optional/framework.nix { lib, config, ... }: { - options.swarselmodules.optional.framework = lib.mkEnableOption "optional framework machine settings"; - config = lib.mkIf config.swarselmodules.optional.framework { + options.swarselsystems.modules.optional.framework = lib.mkEnableOption "optional framework machine settings"; + config = lib.mkIf config.swarselsystems.modules.optional.framework { swarselsystems = { inputs = { "12972:18:Framework_Laptop_16_Keyboard_Module_-_ANSI_Keyboard" = { @@ -13984,315 +14211,6 @@ This holds configuration that is specific to framework laptops. }; } #+end_src -** Shared -*** Configuration options -:PROPERTIES: -:CUSTOM_ID: h:79f7150f-b162-4f57-abdf-07f40dffd932 -:END: - -#+begin_src nix-ts :noweb yes :tangle modules/shared/options.nix - { self, config, lib, ... }: - { - options.swarselsystems = { - withHomeManager = lib.mkOption { - type = lib.types.bool; - default = true; - }; - isSwap = lib.mkOption { - type = lib.types.bool; - default = true; - }; - swapSize = lib.mkOption { - type = lib.types.str; - default = "8G"; - }; - rootDisk = lib.mkOption { - type = lib.types.str; - default = ""; - }; - mainUser = lib.mkOption { - type = lib.types.str; - default = "swarsel"; - }; - isCrypted = lib.mkEnableOption "uses full disk encryption"; - - isImpermanence = lib.mkEnableOption "use impermanence on this system"; - isSecureBoot = lib.mkEnableOption "use secure boot on this system"; - isLaptop = lib.mkEnableOption "laptop host"; - isNixos = lib.mkEnableOption "nixos host"; - isPublic = lib.mkEnableOption "is a public machine (no secrets)"; - isDarwin = lib.mkEnableOption "darwin host"; - isLinux = lib.mkEnableOption "whether this is a linux machine"; - isBtrfs = lib.mkEnableOption "use btrfs filesystem"; - sopsFile = lib.mkOption { - type = lib.types.str; - default = "${config.swarselsystems.flakePath}/secrets/${config.node.name}/secrets.yaml"; - }; - homeDir = lib.mkOption { - type = lib.types.str; - default = "/home/swarsel"; - }; - xdgDir = lib.mkOption { - type = lib.types.str; - default = "/run/user/1000"; - }; - flakePath = lib.mkOption { - type = lib.types.str; - default = "/home/swarsel/.dotfiles"; - }; - wallpaper = lib.mkOption { - type = lib.types.path; - default = "${self}/files/wallpaper/lenovowp.png"; - }; - sharescreen = lib.mkOption { - type = lib.types.str; - default = ""; - }; - lowResolution = lib.mkOption { - type = lib.types.str; - default = ""; - }; - highResolution = lib.mkOption { - type = lib.types.str; - default = ""; - }; - }; - } -#+end_src - -*** Variables (vars; holds firefox & stylix config parts) - -At work I am using several services that are using SSO login - however, as I am using four different accounts at work, this becomes a chore here. Hence, I have defined multiple profiles in [[#h:f0b2ea93-94c8-48d8-8d47-6fe58f58e0e6][Work]] that are all practically using the same configuration. To save screen space, I template that profile here. -Set in firefox =about:config > toolkit.legacyUserProfileCustomizations.stylesheets= to true. This should in principle be set automatically using the below config, but it seems not to be working reliably - -For styling, I am using the [[https://github.com/danth/stylix][stylix]] NixOS module, loaded by flake. This package is really great, as it adds nix expressions for basically everything. Ever since switching to this, I did not have to play around with theming anywhere else. - -The full list of nerd-fonts can be found here: https://github.com/NixOS/nixpkgs/blob/nixos-unstable/pkgs/data/fonts/nerd-fonts/manifests/fonts.json - -This is where the theme for the whole OS is defined. Originally, this noweb-ref section could not be copied to the general NixOS config since they are on different folder structure levels in the config, which would have made the flake impure. By now, I have found out that using the =${self}= method for referencing the flake root, I could circumvent this problem. Also, the noweb-ref block could in general be replaced by a custom attribute set (see for example [[#h:e7f98ad8-74a6-4860-a368-cce154285ff0][firefox]]). The difference here was, for a long time, that this block is used in a NixOS and a home-manager-only configuration, verbatim. If I were to use an attribute set, I would have to duplicate this block once each for NixOS and home-manager. Alas, this block stays (for now). However, I learned how to use an attribute set in a custom home-manager module and pass it to both NixOS and home-manager configurations, which also removed the need for that use of it. - -#+begin_src nix-ts :noweb yes :tangle modules/shared/vars.nix - { self, lib, pkgs, ... }: - { - _module.args = { - vars = { - stylix = { - polarity = "dark"; - opacity.popups = 0.5; - cursor = { - package = pkgs.banana-cursor; - # package = pkgs.capitaine-cursors; - name = "Banana"; - # name = "capitaine-cursors"; - size = 16; - }; - fonts = { - sizes = { - terminal = 10; - applications = 11; - }; - serif = { - # package = (pkgs.nerdfonts.override { fonts = [ "FiraMono" "FiraCode"]; }); - package = pkgs.cantarell-fonts; - # package = pkgs.montserrat; - name = "Cantarell"; - # name = "FiraCode Nerd Font Propo"; - # name = "Montserrat"; - }; - sansSerif = { - # package = (pkgs.nerdfonts.override { fonts = [ "FiraMono" "FiraCode"]; }); - package = pkgs.cantarell-fonts; - # package = pkgs.montserrat; - name = "Cantarell"; - # name = "FiraCode Nerd Font Propo"; - # name = "Montserrat"; - }; - monospace = { - package = pkgs.nerd-fonts.fira-mono; # has overrides - name = "FiraCode Nerd Font Mono"; - }; - emoji = { - package = pkgs.noto-fonts-emoji; - name = "Noto Color Emoji"; - }; - }; - }; - - stylixHomeTargets = { - emacs.enable = false; - waybar.enable = false; - sway.useWallpaper = false; - firefox.profileNames = [ "default" ]; - }; - - firefox = { - userChrome = builtins.readFile "${self}/files/firefox/chrome/userChrome.css"; - extensions = { - packages = with pkgs.nur.repos.rycee.firefox-addons; [ - tridactyl - tampermonkey - sidebery - browserpass - clearurls - darkreader - enhancer-for-youtube - istilldontcareaboutcookies - translate-web-pages - ublock-origin - reddit-enhancement-suite - sponsorblock - web-archives - onepassword-password-manager - single-file - widegithub - enhanced-github - unpaywall - don-t-fuck-with-paste - plasma-integration - noscript - - # configure a shortcut 'ctrl+shift+c' with behaviour 'do nothing' in order to disable the dev console shortcut - (buildFirefoxXpiAddon { - pname = "shortkeys"; - version = "4.0.2"; - addonId = "Shortkeys@Shortkeys.com"; - url = "https://addons.mozilla.org/firefox/downloads/file/3673761/shortkeys-4.0.2.xpi"; - sha256 = "c6fe12efdd7a871787ac4526eea79ecc1acda8a99724aa2a2a55c88a9acf467c"; - meta = with lib; - { - description = "Easily customizable custom keyboard shortcuts for Firefox. To configure this addon go to Addons (ctrl+shift+a) ->Shortkeys ->Options. Report issues here (please specify that the issue is found in Firefox): https://github.com/mikecrittenden/shortkeys"; - mozPermissions = [ - "tabs" - "downloads" - "clipboardWrite" - "browsingData" - "storage" - "bookmarks" - "sessions" - "" - ]; - platforms = platforms.all; - }; - }) - ]; - }; - - settings = - { - "extensions.autoDisableScopes" = 0; - "browser.bookmarks.showMobileBookmarks" = true; - "toolkit.legacyUserProfileCustomizations.stylesheets" = true; - "browser.search.suggest.enabled" = false; - "browser.search.suggest.enabled.private" = false; - "browser.urlbar.suggest.searches" = false; - "browser.urlbar.showSearchSuggestionsFirst" = false; - "browser.topsites.contile.enabled" = false; - "browser.newtabpage.activity-stream.feeds.section.topstories" = false; - "browser.newtabpage.activity-stream.feeds.snippets" = false; - "browser.newtabpage.activity-stream.section.highlights.includePocket" = false; - "browser.newtabpage.activity-stream.section.highlights.includeBookmarks" = false; - "browser.newtabpage.activity-stream.section.highlights.includeDownloads" = false; - "browser.newtabpage.activity-stream.section.highlights.includeVisited" = false; - "browser.newtabpage.activity-stream.showSponsored" = false; - "browser.newtabpage.activity-stream.system.showSponsored" = false; - "browser.newtabpage.activity-stream.showSponsoredTopSites" = false; - }; - - search = { - # default = "Kagi"; - default = "google"; - # privateDefault = "Kagi"; - privateDefault = "google"; - engines = { - "Kagi" = { - urls = [{ - template = "https://kagi.com/search"; - params = [ - { name = "q"; value = "{searchTerms}"; } - ]; - }]; - icon = "https://kagi.com/favicon.ico"; - updateInterval = 24 * 60 * 60 * 1000; # every day - definedAliases = [ "@k" ]; - }; - - "Nix Packages" = { - urls = [{ - template = "https://search.nixos.org/packages"; - params = [ - { name = "type"; value = "packages"; } - { name = "query"; value = "{searchTerms}"; } - ]; - }]; - icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; - definedAliases = [ "@np" ]; - }; - - "NixOS Wiki" = { - urls = [{ - template = "https://nixos.wiki/index.php?search={searchTerms}"; - }]; - icon = "https://nixos.wiki/favicon.png"; - updateInterval = 24 * 60 * 60 * 1000; # every day - definedAliases = [ "@nw" ]; - }; - - "NixOS Options" = { - urls = [{ - template = "https://search.nixos.org/options"; - params = [ - { name = "query"; value = "{searchTerms}"; } - ]; - }]; - - icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; - definedAliases = [ "@no" ]; - }; - - "Home Manager Options" = { - urls = [{ - template = "https://home-manager-options.extranix.com/"; - params = [ - { name = "query"; value = "{searchTerms}"; } - ]; - }]; - - icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; - definedAliases = [ "@hm" "@ho" "@hmo" ]; - }; - - "Confluence search" = { - urls = [{ - template = "https://vbc.atlassian.net/wiki/search"; - params = [ - { name = "text"; value = "{searchTerms}"; } - ]; - }]; - - definedAliases = [ "@c" "@cf" "@confluence" ]; - }; - - "Jira search" = { - urls = [{ - template = "https://vbc.atlassian.net/issues/"; - params = [ - { name = "jql"; value = "textfields ~ \"{searchTerms}*\"&wildcardFlag=true"; } - ]; - }]; - - definedAliases = [ "@j" "@jire" ]; - }; - - "google".metaData.alias = "@g"; - }; - force = true; # this is required because otherwise the search.json.mozlz4 symlink gets replaced on every firefox restart - }; - }; - }; - }; - } -#+end_src - ** Packages :PROPERTIES: :CUSTOM_ID: h:64a5cc16-6b16-4802-b421-c67ccef853e1 @@ -14854,7 +14772,7 @@ This utility checks if there are updated packages in nixpkgs-unstable. It does s inherit name; runtimeInputs = [ jq ]; text = '' - count=$(curl -u Swarsel:"$(cat "$GITHUB_NOTIFICATION_TOKEN_PATH")" https://api.github.com/notifications | jq '. | length') + count=$(curl -u Swarsel:"$(cat "$XDG_RUNTIME_DIR/secrets/github-notifications-token")" https://api.github.com/notifications | jq '. | length') if [[ "$count" != "0" ]]; then echo "{\"text\":\"$count\"}" @@ -16203,9 +16121,9 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a #+begin_src nix-ts :tangle profiles/nixos/personal/default.nix :mkdirp yes { lib, config, ... }: { - options.swarselprofiles.personal = lib.mkEnableOption "is this a personal host"; - config = lib.mkIf config.swarselprofiles.personal { - swarselmodules = { + options.swarselsystems.profiles.personal = lib.mkEnableOption "is this a personal host"; + config = lib.mkIf config.swarselsystems.profiles.personal { + swarselsystems.modules = { packages = lib.mkDefault true; pii = lib.mkDefault true; general = lib.mkDefault true; @@ -16247,7 +16165,6 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a lowBattery = lib.mkDefault true; lanzaboote = lib.mkDefault true; autologin = lib.mkDefault true; - boot = lib.mkDefault true; optional = { gaming = lib.mkDefault true; @@ -16259,11 +16176,6 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a ssh = lib.mkDefault true; }; }; - home-manager.users."${config.swarselsystems.mainUser}" = { - swarselprofiles = { - personal = lib.mkDefault true; - }; - }; }; @@ -16279,9 +16191,9 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a #+begin_src nix-ts :tangle profiles/nixos/reduced/default.nix :mkdirp yes { lib, config, ... }: { - options.swarselprofiles.reduced = lib.mkEnableOption "is this a reduced personal host"; - config = lib.mkIf config.swarselprofiles.reduced { - swarselmodules = { + options.swarselsystems.profiles.reduced = lib.mkEnableOption "is this a reduced personal host"; + config = lib.mkIf config.swarselsystems.profiles.reduced { + swarselsystems.modules = { packages = lib.mkDefault true; pii = lib.mkDefault true; general = lib.mkDefault true; @@ -16323,17 +16235,11 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a lowBattery = lib.mkDefault true; lanzaboote = lib.mkDefault true; autologin = lib.mkDefault true; - boot = lib.mkDefault true; server = { ssh = lib.mkDefault true; }; }; - home-manager.users."${config.swarselsystems.mainUser}" = { - swarselprofiles = { - personal = lib.mkDefault true; - }; - }; }; @@ -16349,9 +16255,9 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a #+begin_src nix-ts :tangle profiles/nixos/minimal/default.nix :mkdirp yes { lib, config, ... }: { - options.swarselprofiles.minimal = lib.mkEnableOption "declare this a minimal host"; - config = lib.mkIf config.swarselprofiles.minimal { - swarselmodules = { + options.swarselsystems.profiles.minimal = lib.mkEnableOption "declare this a minimal host"; + config = lib.mkIf config.swarselsystems.profiles.minimal { + swarselsystems.modules = { general = lib.mkDefault true; home-manager = lib.mkDefault true; xserver = lib.mkDefault true; @@ -16365,7 +16271,6 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a zsh = lib.mkDefault true; yubikey = lib.mkDefault true; autologin = lib.mkDefault true; - boot = lib.mkDefault true; server = { ssh = lib.mkDefault true; @@ -16386,15 +16291,14 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a #+begin_src nix-ts :tangle profiles/nixos/chaostheatre/default.nix :mkdirp yes { lib, config, ... }: { - options.swarselprofiles.chaostheatre = lib.mkEnableOption "is this a chaostheatre host"; - config = lib.mkIf config.swarselprofiles.chaostheatre { - swarselmodules = { + options.swarselsystems.profiles.chaostheatre = lib.mkEnableOption "is this a chaostheatre host"; + config = lib.mkIf config.swarselsystems.profiles.chaostheatre { + swarselsystems.modules = { packages = lib.mkDefault true; general = lib.mkDefault true; home-manager = lib.mkDefault true; xserver = lib.mkDefault true; users = lib.mkDefault true; - sops = lib.mkDefault true; env = lib.mkDefault true; security = lib.mkDefault true; systemdTimeout = lib.mkDefault true; @@ -16403,6 +16307,7 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a pipewire = lib.mkDefault true; network = lib.mkDefault true; time = lib.mkDefault true; + sops = lib.mkDefault false; stylix = lib.mkDefault true; programs = lib.mkDefault true; zsh = lib.mkDefault true; @@ -16413,7 +16318,7 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a interceptionTools = lib.mkDefault true; swayosd = lib.mkDefault true; ppd = lib.mkDefault true; - yubikey = lib.mkDefault false; + yubikey = lib.mkDefault true; ledger = lib.mkDefault true; keyboards = lib.mkDefault true; login = lib.mkDefault true; @@ -16445,9 +16350,9 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a #+begin_src nix-ts :tangle profiles/nixos/toto/default.nix :mkdirp yes { lib, config, ... }: { - options.swarselprofiles.toto = lib.mkEnableOption "is this a toto (setup) host"; - config = lib.mkIf config.swarselprofiles.toto { - swarselmodules = { + options.swarselsystems.profiles.toto = lib.mkEnableOption "is this a toto (setup) host"; + config = lib.mkIf config.swarselsystems.profiles.toto { + swarselsystems.modules = { general = lib.mkDefault true; packages = lib.mkDefault true; home-manager = lib.mkDefault true; @@ -16477,18 +16382,13 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a #+begin_src nix-ts :tangle profiles/nixos/work/default.nix :mkdirp yes { lib, config, ... }: { - options.swarselprofiles.work = lib.mkEnableOption "is this a work host"; - config = lib.mkIf config.swarselprofiles.work { - swarselmodules = { + options.swarselsystems.profiles.work = lib.mkEnableOption "is this a work host"; + config = lib.mkIf config.swarselsystems.profiles.work { + swarselsystems.modules = { optional = { work = lib.mkDefault true; }; }; - home-manager.users."${config.swarselsystems.mainUser}" = { - swarselprofiles = { - work = lib.mkDefault true; - }; - }; }; @@ -16504,18 +16404,13 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a #+begin_src nix-ts :tangle profiles/nixos/framework/default.nix :mkdirp yes { lib, config, ... }: { - options.swarselprofiles.framework = lib.mkEnableOption "is this a framework brand host"; - config = lib.mkIf config.swarselprofiles.framework { - swarselmodules = { + options.swarselsystems.profiles.framework = lib.mkEnableOption "is this a framework brand host"; + config = lib.mkIf config.swarselsystems.profiles.framework { + swarselsystems.modules = { optional = { framework = lib.mkDefault true; }; }; - home-manager.users."${config.swarselsystems.mainUser}" = { - swarselprofiles = { - framework = lib.mkDefault true; - }; - }; }; @@ -16531,9 +16426,9 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a #+begin_src nix-ts :tangle profiles/nixos/amdcpu/default.nix :mkdirp yes { lib, config, ... }: { - options.swarselprofiles.amdcpu = lib.mkEnableOption "is this a host with amd cpu"; - config = lib.mkIf config.swarselprofiles.amdcpu { - swarselmodules = { + options.swarselsystems.profiles.amdcpu = lib.mkEnableOption "is this a host with amd cpu"; + config = lib.mkIf config.swarselsystems.profiles.amdcpu { + swarselsystems.modules = { optional = { amdcpu = lib.mkDefault true; }; @@ -16553,9 +16448,9 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a #+begin_src nix-ts :tangle profiles/nixos/amdgpu/default.nix :mkdirp yes { lib, config, ... }: { - options.swarselprofiles.amdgpu = lib.mkEnableOption "is this a host with amd gpu"; - config = lib.mkIf config.swarselprofiles.amdgpu { - swarselmodules = { + options.swarselsystems.profiles.amdgpu = lib.mkEnableOption "is this a host with amd gpu"; + config = lib.mkIf config.swarselsystems.profiles.amdgpu { + swarselsystems.modules = { optional = { amdgpu = lib.mkDefault true; }; @@ -16575,9 +16470,9 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a #+begin_src nix-ts :tangle profiles/nixos/hibernation/default.nix :mkdirp yes { lib, config, ... }: { - options.swarselprofiles.hibernation = lib.mkEnableOption "is this a host using hibernation"; - config = lib.mkIf config.swarselprofiles.hibernation { - swarselmodules = { + options.swarselsystems.profiles.hibernation = lib.mkEnableOption "is this a host using hibernation"; + config = lib.mkIf config.swarselsystems.profiles.hibernation { + swarselsystems.modules = { optional = { hibernation = lib.mkDefault true; }; @@ -16597,9 +16492,9 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a #+begin_src nix-ts :tangle profiles/nixos/btrfs/default.nix :mkdirp yes { lib, config, ... }: { - options.swarselprofiles.btrfs = lib.mkEnableOption "is this a host using btrfs"; - config = lib.mkIf config.swarselprofiles.btrfs { - swarselmodules = { + options.swarselsystems.profiles.btrfs = lib.mkEnableOption "is this a host using btrfs"; + config = lib.mkIf config.swarselsystems.profiles.btrfs { + swarselsystems.modules = { optional = { btrfs = lib.mkDefault true; }; @@ -16619,9 +16514,10 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a #+begin_src nix-ts :tangle profiles/nixos/localserver/default.nix :mkdirp yes { lib, config, ... }: { - options.swarselprofiles.server.local = lib.mkEnableOption "is this a local server"; - config = lib.mkIf config.swarselprofiles.server.local { - swarselmodules = { + options.swarselsystems.profiles.server.local = lib.mkEnableOption "is this a local server"; + config = lib.mkIf config.swarselsystems.profiles.server.local { + swarselsystems = { + modules = { general = lib.mkDefault true; pii = lib.mkDefault true; home-manager = lib.mkDefault true; @@ -16629,7 +16525,6 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a time = lib.mkDefault true; users = lib.mkDefault true; sops = lib.mkDefault true; - boot = lib.mkDefault true; server = { general = lib.mkDefault true; packages = lib.mkDefault true; @@ -16662,6 +16557,7 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a ankisync = lib.mkDefault true; }; }; + }; }; } @@ -16675,9 +16571,10 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a #+begin_src nix-ts :tangle profiles/nixos/syncserver/default.nix :mkdirp yes { lib, config, ... }: { - options.swarselprofiles.server.syncserver = lib.mkEnableOption "is this a oci syncserver server"; - config = lib.mkIf config.swarselprofiles.server.syncserver { - swarselmodules = { + options.swarselsystems.profiles.server.syncserver = lib.mkEnableOption "is this a oci syncserver server"; + config = lib.mkIf config.swarselsystems.profiles.server.syncserver { + swarselsystems = { + modules = { general = lib.mkDefault true; nix-ld = lib.mkDefault true; pii = lib.mkDefault true; @@ -16686,7 +16583,6 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a time = lib.mkDefault true; users = lib.mkDefault true; sops = lib.mkDefault true; - boot = lib.mkDefault true; server = { general = lib.mkDefault true; packages = lib.mkDefault true; @@ -16696,6 +16592,7 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a ankisync = lib.mkDefault false; }; }; + }; }; } @@ -16709,9 +16606,10 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a #+begin_src nix-ts :tangle profiles/nixos/moonside/default.nix :mkdirp yes { lib, config, ... }: { - options.swarselprofiles.server.moonside = lib.mkEnableOption "is this a moonside server"; - config = lib.mkIf config.swarselprofiles.server.moonside { - swarselmodules= { + options.swarselsystems.profiles.server.moonside = lib.mkEnableOption "is this a moonside server"; + config = lib.mkIf config.swarselsystems.profiles.server.moonside { + swarselsystems = { + modules = { general = lib.mkDefault true; pii = lib.mkDefault true; home-manager = lib.mkDefault true; @@ -16720,7 +16618,6 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a users = lib.mkDefault true; impermanence = lib.mkDefault true; sops = lib.mkDefault true; - boot = lib.mkDefault true; server = { general = lib.mkDefault true; packages = lib.mkDefault true; @@ -16730,9 +16627,8 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a croc = lib.mkDefault true; microbin = lib.mkDefault true; shlink = lib.mkDefault true; - slink = lib.mkDefault true; - syncthing = lib.mkDefault true; }; + }; }; }; @@ -16764,14 +16660,14 @@ This holds modules that are to be used on most hosts. These are also the most im #+begin_src nix-ts :tangle profiles/home/personal/default.nix :mkdirp yes { lib, config, ... }: { - options.swarselprofiles.personal = lib.mkEnableOption "is this a personal host"; - config = lib.mkIf config.swarselprofiles.personal { - swarselmodules = { + options.swarselsystems.profiles.personal = lib.mkEnableOption "is this a personal host"; + config = lib.mkIf config.swarselsystems.profiles.personal { + swarselsystems.modules = { packages = lib.mkDefault true; ownpackages = lib.mkDefault true; general = lib.mkDefault true; nixgl = lib.mkDefault true; - sops = lib.mkDefault false; + sops = lib.mkDefault true; yubikey = lib.mkDefault false; ssh = lib.mkDefault true; stylix = lib.mkDefault true; @@ -16823,9 +16719,9 @@ This holds modules that are to be used on most hosts. These are also the most im #+begin_src nix-ts :tangle profiles/home/reduced/default.nix :mkdirp yes { lib, config, ... }: { - options.swarselprofiles.reduced = lib.mkEnableOption "is this a reduced personal host"; - config = lib.mkIf config.swarselprofiles.reduced { - swarselmodules = { + options.swarselsystems.profiles.reduced = lib.mkEnableOption "is this a reduced personal host"; + config = lib.mkIf config.swarselsystems.profiles.reduced { + swarselsystems.modules = { packages = lib.mkDefault true; ownpackages = lib.mkDefault true; general = lib.mkDefault true; @@ -16879,9 +16775,9 @@ This holds modules that are to be used on most hosts. These are also the most im #+begin_src nix-ts :tangle profiles/home/minimal/default.nix :mkdirp yes { lib, config, ... }: { - options.swarselprofiles.minimal = lib.mkEnableOption "is this a personal host"; - config = lib.mkIf config.swarselprofiles.minimal { - swarselmodules = { + options.swarselsystems.profiles.minimal = lib.mkEnableOption "is this a personal host"; + config = lib.mkIf config.swarselsystems.profiles.minimal { + swarselsystems.modules = { general = lib.mkDefault true; sops = lib.mkDefault true; kitty = lib.mkDefault true; @@ -16902,9 +16798,9 @@ This holds modules that are to be used on most hosts. These are also the most im #+begin_src nix-ts :tangle profiles/home/chaostheatre/default.nix :mkdirp yes { lib, config, ... }: { - options.swarselprofiles.chaostheatre = lib.mkEnableOption "is this a chaostheatre host"; - config = lib.mkIf config.swarselprofiles.chaostheatre { - swarselmodules = { + options.swarselsystems.profiles.chaostheatre = lib.mkEnableOption "is this a chaostheatre host"; + config = lib.mkIf config.swarselsystems.profiles.chaostheatre { + swarselsystems.modules = { packages = lib.mkDefault true; ownpackages = lib.mkDefault true; general = lib.mkDefault true; @@ -16955,9 +16851,9 @@ This holds modules that are to be used on most hosts. These are also the most im #+begin_src nix-ts :tangle profiles/home/toto/default.nix :mkdirp yes { lib, config, ... }: { - options.swarselprofiles.toto = lib.mkEnableOption "is this a toto (setup) host"; - config = lib.mkIf config.swarselprofiles.toto { - swarselmodules = { + options.swarselsystems.profiles.toto = lib.mkEnableOption "is this a toto (setup) host"; + config = lib.mkIf config.swarselsystems.profiles.toto { + swarselsystems.modules = { general = lib.mkDefault true; sops = lib.mkDefault true; ssh = lib.mkDefault true; @@ -16978,9 +16874,9 @@ This holds modules that are to be used on most hosts. These are also the most im #+begin_src nix-ts :tangle profiles/home/work/default.nix :mkdirp yes { lib, config, ... }: { - options.swarselprofiles.work = lib.mkEnableOption "is this a work host"; - config = lib.mkIf config.swarselprofiles.work { - swarselmodules = { + options.swarselsystems.profiles.work = lib.mkEnableOption "is this a work host"; + config = lib.mkIf config.swarselsystems.profiles.work { + swarselsystems.modules = { optional = { work = lib.mkDefault true; }; @@ -16999,9 +16895,9 @@ This holds modules that are to be used on most hosts. These are also the most im #+begin_src nix-ts :tangle profiles/home/framework/default.nix :mkdirp yes { lib, config, ... }: { - options.swarselprofiles.framework = lib.mkEnableOption "is this a framework brand host"; - config = lib.mkIf config.swarselprofiles.framework { - swarselmodules = { + options.swarselsystems.profiles.framework = lib.mkEnableOption "is this a framework brand host"; + config = lib.mkIf config.swarselsystems.profiles.framework { + swarselsystems.modules = { optional = { framework = lib.mkDefault true; }; @@ -17013,6 +16909,25 @@ This holds modules that are to be used on most hosts. These are also the most im #+end_src +**** Darwin +:PROPERTIES: +:CUSTOM_ID: h:24e6d661-f498-478c-9008-e8d8c17432ca +:END: + +#+begin_src nix-ts :tangle profiles/home/darwin/default.nix :mkdirp yes + { lib, config, ... }: + { + options.swarselsystems.profiles.darwin = lib.mkEnableOption "is this a darwin host"; + config = lib.mkIf config.swarselsystems.profiles.darwin { + swarselsystems.modules = { + general = lib.mkDefault true; + }; + }; + + } + +#+end_src + **** Local Server :PROPERTIES: :CUSTOM_ID: h:8027b858-369e-4f12-bbaf-f15eeee3d904 @@ -17021,9 +16936,9 @@ This holds modules that are to be used on most hosts. These are also the most im #+begin_src nix-ts :tangle profiles/home/localserver/default.nix :mkdirp yes { lib, config, ... }: { - options.swarselprofiles.server.local = lib.mkEnableOption "is this a local server"; - config = lib.mkIf config.swarselprofiles.server.local { - swarselmodules = { + options.swarselsystems.profiles.server.local = lib.mkEnableOption "is this a local server"; + config = lib.mkIf config.swarselsystems.profiles.server.local { + swarselsystems.modules = { general = lib.mkDefault true; server = { dotfiles = lib.mkDefault true; @@ -17060,7 +16975,6 @@ In the end, we need to restore those values to values that will work during norm Also packed into the hook function is the line =(fset 'epg-wait-for-status 'ignore)=. This line is needed at the end of the configuration in order to allow for my Yubikey to be used to encrypt and decrypt =.gpg= files. Without it, Emacs will just hang forever and basically crash. #+begin_src emacs-lisp :tangle files/emacs/early-init.el :mkdirp yes -;; -*- lexical-binding: t; -*- (defvar swarsel-file-name-handler-alist file-name-handler-alist) (defvar swarsel-vc-handled-backends vc-handled-backends) @@ -17180,7 +17094,6 @@ In this section I define extra functions that I need. Some of these functions I Since I am rebinding the =C-z= hotkey for emacs-evil-state toggling, I want to have a function that still lets me perform this action quickly. #+begin_src emacs-lisp -;; -*- lexical-binding: t; -*- (defun swarsel/toggle-evil-state () (interactive) @@ -17243,7 +17156,7 @@ Used here: [[#h:b92a18cf-eec3-4605-a8c2-37133ade3574][mu4e]] (insert (format "%s <%s>" (or from-user user-full-name) from-addr))))))) (defun swarsel/mu4e-restore-default () - (setq user-mail-address (getenv "SWARSEL_MAIL4") + (setq user-mail-address (getenv "SWARSEL_SWARSEL_MAIL") user-full-name (getenv "SWARSEL_FULLNAME"))) @@ -17571,7 +17484,7 @@ These functions are used here: [[#h:5653d693-ecca-4c95-9633-66b9e3241070][Corfu] #+end_src -**** Disable garbage collection while minibuffer is active +**** Disable garbace collection while minibuffer is active :PROPERTIES: :CUSTOM_ID: h:3c436647-71e6-441c-b452-d817ad2f8331 :END: @@ -20059,11 +19972,11 @@ Yes, I am aware that I am exposing my university-calendar to the public here. I :init ;; set org-caldav-sync-initalization (setq swarsel-caldav-synced 0) - ;; (setq org-caldav-url "https://schedule.swarsel.win/swarsel/calendar") - ;; (setq org-caldav-calendars - ;; '((:calendar-id "personal" - ;; :inbox "~/Calendars/leon_cal.org"))) - ;; (setq org-caldav-files '("~/Calendars/leon_cal.org")) + (setq org-caldav-url "https://stash.swarsel.win/remote.php/dav/calendars/Swarsel") + (setq org-caldav-calendars + '((:calendar-id "personal" + :inbox "~/Calendars/leon_cal.org"))) + (setq org-caldav-files '("~/Calendars/leon_cal.org")) ;; (setq org-caldav-backup-file "~/org-caldav/org-caldav-backup.org") ;; (setq org-caldav-save-directory "~/org-caldav/") @@ -20090,14 +20003,6 @@ Yes, I am aware that I am exposing my university-calendar to the public here. I :config (bind-key "g" 'cfw:refresh-calendar-buffer cfw:calendar-mode-map) (bind-key "q" 'evil-quit cfw:details-mode-map) - ;; dont change the order of days in this one, as it will break weekend markings - (setq calendar-day-name-array - ["Sunday" "Monday" "Tuesday" "Wednesday" "Thursday" "Friday" "Saturday"]) - - ;; First day of the week - (setq calendar-week-start-day 1) ; 0:Sunday, 1:Monday - - ;; (custom-set-faces ;; '(cfw:face-title ((t (:foreground "#f0dfaf" :weight bold :height 65)))) ;; ) @@ -20105,17 +20010,14 @@ Yes, I am aware that I am exposing my university-calendar to the public here. I (defun swarsel/open-calendar () (interactive) - ;; (unless (eq swarsel-caldav-synced 1) (org-caldav-sync) (setq swarsel-caldav-synced 1)) + (unless (eq swarsel-caldav-synced 1) (org-caldav-sync) (setq swarsel-caldav-synced 1)) ;; (select-frame (make-frame '((name . "calendar")))) ; makes a new frame and selects it ;; (set-face-attribute 'default (selected-frame) :height 65) ; reduces the font size of the new frame (cfw:open-calendar-buffer :contents-sources (list - (cfw:org-create-source "Blue") ; orgmode source - (cfw:ical-create-source (getenv "SWARSEL_CAL1NAME") (getenv "SWARSEL_CAL1") "Cyan") - (cfw:ical-create-source (getenv "SWARSEL_CAL2NAME") (getenv "SWARSEL_CAL2") "Green") - (cfw:ical-create-source (getenv "SWARSEL_CAL3NAME") (getenv "SWARSEL_CAL3") "Magenta") - ))) + (cfw:org-create-source "Purple") ; orgmode source + (cfw:ical-create-source "TISS" "https://tiss.tuwien.ac.at/events/rest/calendar/personal?locale=de&token=4463bf7a-87a3-490a-b54c-99b4a65192f3" "Cyan")))) #+end_src @@ -20225,49 +20127,6 @@ This sets up the =dashboard=, which is really quite useless. But, it looks cool (add-hook 'comint-output-filter-functions 'comint-truncate-buffer) #+end_src -*** Popup frames - -#+begin_src emacs-lisp - (defun prot-window-delete-popup-frame (&rest _) - "Kill selected selected frame if it has parameter `prot-window-popup-frame'. - Use this function via a hook." - (when (frame-parameter nil 'prot-window-popup-frame) - (delete-frame))) - - (defmacro prot-window-define-with-popup-frame (command) - "Define interactive function which calls COMMAND in a new frame. - Make the new frame have the `prot-window-popup-frame' parameter." - `(defun ,(intern (format "prot-window-popup-%s" command)) () - ,(format "Run `%s' in a popup frame with `prot-window-popup-frame' parameter. - Also see `prot-window-delete-popup-frame'." command) - (interactive) - (let ((frame (make-frame '((prot-window-popup-frame . t))))) - (select-frame frame) - (modify-frame-parameters nil '((title . "Emacs Popup Frame"))) - (switch-to-buffer " prot-window-hidden-buffer-for-popup-frame") - (condition-case nil - (call-interactively ',command) - ((quit error user-error) - (delete-frame frame)))))) - - (declare-function org-capture "org-capture" (&optional goto keys)) - (defvar org-capture-after-finalize-hook) - ;;;###autoload (autoload 'prot-window-popup-org-capture "prot-window") - (prot-window-define-with-popup-frame org-capture) - (add-hook 'org-capture-after-finalize-hook #'prot-window-delete-popup-frame) - - (declare-function mu4e "mu4e" (&optional goto keys)) - ;;;###autoload (autoload 'prot-window-popup-mu4e "prot-window") - (prot-window-define-with-popup-frame mu4e) - (advice-add 'mu4e-quit :after #'prot-window-delete-popup-frame) - - (declare-function swarsel/open-calendar "swarsel/open-calendar" (&optional goto keys)) - ;;;###autoload (autoload 'prot-window-popup-swarsel/open-calendar "prot-window") - (prot-window-define-with-popup-frame swarsel/open-calendar) - (advice-add 'bury-buffer :after #'prot-window-delete-popup-frame) - -#+end_src - * Appendix A: Noweb-Ref blocks :PROPERTIES: :CUSTOM_ID: h:dae0c5bb-edb7-4fe4-ae31-9f8f064cc53c @@ -20994,7 +20853,7 @@ This file defines a few workflows that I often need to run when working on my co sudo dd if=$(eza --sort changed {{ISO}} | tail -n1) of={{DRIVE}} bs=4M status=progress oflag=sync sync USER HOST: - rsync -rltv --filter=':- .gitignore' -e "ssh -l {{USER}}" . {{USER}}@{{HOST}}:.dotfiles/ + rsync -av --filter=':- .gitignore' -e "ssh -l {{USER}}" . {{USER}}@{{HOST}}:.dotfiles/ #+end_src ** aspell.conf diff --git a/files/emacs/early-init.el b/files/emacs/early-init.el index b86d1c1..7156518 100644 --- a/files/emacs/early-init.el +++ b/files/emacs/early-init.el @@ -1,23 +1,22 @@ -;; -*- lexical-binding: t; -*- - (defvar swarsel-file-name-handler-alist file-name-handler-alist) - (defvar swarsel-vc-handled-backends vc-handled-backends) +(defvar swarsel-file-name-handler-alist file-name-handler-alist) +(defvar swarsel-vc-handled-backends vc-handled-backends) - (setq gc-cons-threshold most-positive-fixnum - gc-cons-percentage 0.6 - file-name-handler-alist nil - vc-handled-backends nil) +(setq gc-cons-threshold most-positive-fixnum + gc-cons-percentage 0.6 + file-name-handler-alist nil + vc-handled-backends nil) - (add-hook 'emacs-startup-hook - (lambda () - (progn - (setq gc-cons-threshold (* 32 1024 1024) - gc-cons-percentage 0.1 - jit-lock-defer-time 0.05 - read-process-output-max (* 1024 1024) - file-name-handler-alist swarsel-file-name-handler-alist - vc-handled-backends swarsel-vc-handled-backends) - (fset 'epg-wait-for-status 'ignore) - ))) +(add-hook 'emacs-startup-hook + (lambda () + (progn + (setq gc-cons-threshold (* 32 1024 1024) + gc-cons-percentage 0.1 + jit-lock-defer-time 0.05 + read-process-output-max (* 1024 1024) + file-name-handler-alist swarsel-file-name-handler-alist + vc-handled-backends swarsel-vc-handled-backends) + (fset 'epg-wait-for-status 'ignore) + ))) (tool-bar-mode 0) (menu-bar-mode 0) diff --git a/files/emacs/init.el b/files/emacs/init.el index d9c090a..90f8a4f 100644 --- a/files/emacs/init.el +++ b/files/emacs/init.el @@ -1,10 +1,8 @@ -;; -*- lexical-binding: t; -*- - - (defun swarsel/toggle-evil-state () - (interactive) - (if (or (evil-emacs-state-p) (evil-insert-state-p)) - (evil-normal-state) - (evil-emacs-state))) +(defun swarsel/toggle-evil-state () + (interactive) + (if (or (evil-emacs-state-p) (evil-insert-state-p)) + (evil-normal-state) + (evil-emacs-state))) (defun swarsel/last-buffer () (interactive) (switch-to-buffer nil)) @@ -36,7 +34,7 @@ (insert (format "%s <%s>" (or from-user user-full-name) from-addr))))))) (defun swarsel/mu4e-restore-default () - (setq user-mail-address (getenv "SWARSEL_MAIL4") + (setq user-mail-address (getenv "SWARSEL_SWARSEL_MAIL") user-full-name (getenv "SWARSEL_FULLNAME"))) (defun swarsel/with-buffer-name-prompt-and-make-subdirs () @@ -1583,11 +1581,11 @@ create a new one." :init ;; set org-caldav-sync-initalization (setq swarsel-caldav-synced 0) - ;; (setq org-caldav-url "https://schedule.swarsel.win/swarsel/calendar") - ;; (setq org-caldav-calendars - ;; '((:calendar-id "personal" - ;; :inbox "~/Calendars/leon_cal.org"))) - ;; (setq org-caldav-files '("~/Calendars/leon_cal.org")) + (setq org-caldav-url "https://stash.swarsel.win/remote.php/dav/calendars/Swarsel") + (setq org-caldav-calendars + '((:calendar-id "personal" + :inbox "~/Calendars/leon_cal.org"))) + (setq org-caldav-files '("~/Calendars/leon_cal.org")) ;; (setq org-caldav-backup-file "~/org-caldav/org-caldav-backup.org") ;; (setq org-caldav-save-directory "~/org-caldav/") @@ -1614,14 +1612,6 @@ create a new one." :config (bind-key "g" 'cfw:refresh-calendar-buffer cfw:calendar-mode-map) (bind-key "q" 'evil-quit cfw:details-mode-map) - ;; dont change the order of days in this one, as it will break weekend markings - (setq calendar-day-name-array - ["Sunday" "Monday" "Tuesday" "Wednesday" "Thursday" "Friday" "Saturday"]) - - ;; First day of the week - (setq calendar-week-start-day 1) ; 0:Sunday, 1:Monday - - ;; (custom-set-faces ;; '(cfw:face-title ((t (:foreground "#f0dfaf" :weight bold :height 65)))) ;; ) @@ -1629,17 +1619,14 @@ create a new one." (defun swarsel/open-calendar () (interactive) - ;; (unless (eq swarsel-caldav-synced 1) (org-caldav-sync) (setq swarsel-caldav-synced 1)) + (unless (eq swarsel-caldav-synced 1) (org-caldav-sync) (setq swarsel-caldav-synced 1)) ;; (select-frame (make-frame '((name . "calendar")))) ; makes a new frame and selects it ;; (set-face-attribute 'default (selected-frame) :height 65) ; reduces the font size of the new frame (cfw:open-calendar-buffer :contents-sources (list - (cfw:org-create-source "Blue") ; orgmode source - (cfw:ical-create-source (getenv "SWARSEL_CAL1NAME") (getenv "SWARSEL_CAL1") "Cyan") - (cfw:ical-create-source (getenv "SWARSEL_CAL2NAME") (getenv "SWARSEL_CAL2") "Green") - (cfw:ical-create-source (getenv "SWARSEL_CAL3NAME") (getenv "SWARSEL_CAL3") "Magenta") - ))) + (cfw:org-create-source "Purple") ; orgmode source + (cfw:ical-create-source "TISS" "https://tiss.tuwien.ac.at/events/rest/calendar/personal?locale=de&token=4463bf7a-87a3-490a-b54c-99b4a65192f3" "Cyan")))) (use-package dashboard :ensure t @@ -1709,41 +1696,3 @@ create a new one." (setq message-log-max 30) (setq comint-buffer-maximum-size 50) (add-hook 'comint-output-filter-functions 'comint-truncate-buffer) - -(defun prot-window-delete-popup-frame (&rest _) - "Kill selected selected frame if it has parameter `prot-window-popup-frame'. -Use this function via a hook." - (when (frame-parameter nil 'prot-window-popup-frame) - (delete-frame))) - -(defmacro prot-window-define-with-popup-frame (command) - "Define interactive function which calls COMMAND in a new frame. -Make the new frame have the `prot-window-popup-frame' parameter." - `(defun ,(intern (format "prot-window-popup-%s" command)) () - ,(format "Run `%s' in a popup frame with `prot-window-popup-frame' parameter. -Also see `prot-window-delete-popup-frame'." command) - (interactive) - (let ((frame (make-frame '((prot-window-popup-frame . t))))) - (select-frame frame) - (modify-frame-parameters nil '((title . "Emacs Popup Frame"))) - (switch-to-buffer " prot-window-hidden-buffer-for-popup-frame") - (condition-case nil - (call-interactively ',command) - ((quit error user-error) - (delete-frame frame)))))) - -(declare-function org-capture "org-capture" (&optional goto keys)) -(defvar org-capture-after-finalize-hook) -;;;###autoload (autoload 'prot-window-popup-org-capture "prot-window") -(prot-window-define-with-popup-frame org-capture) -(add-hook 'org-capture-after-finalize-hook #'prot-window-delete-popup-frame) - -(declare-function mu4e "mu4e" (&optional goto keys)) -;;;###autoload (autoload 'prot-window-popup-mu4e "prot-window") -(prot-window-define-with-popup-frame mu4e) -(advice-add 'mu4e-quit :after #'prot-window-delete-popup-frame) - -(declare-function swarsel/open-calendar "swarsel/open-calendar" (&optional goto keys)) -;;;###autoload (autoload 'prot-window-popup-swarsel/open-calendar "prot-window") -(prot-window-define-with-popup-frame swarsel/open-calendar) -(advice-add 'bury-buffer :after #'prot-window-delete-popup-frame) diff --git a/flake.lock b/flake.lock index 793d23f..f3e8274 100644 --- a/flake.lock +++ b/flake.lock @@ -1618,11 +1618,11 @@ }, "nixpkgs-dev": { "locked": { - "lastModified": 1752736260, - "narHash": "sha256-90Gt98hmw/20aOAd7KaSW6otXu7MOBctRmI9RlXD/s0=", + "lastModified": 1752440522, + "narHash": "sha256-CInQkEG3f8XwIBQxYFhuFCT+T++JPstThfifAMD0yRk=", "owner": "Swarsel", "repo": "nixpkgs", - "rev": "169c3483f7c06fbb58c9346e4d9d112c8aa7827e", + "rev": "1f569e3bd49502cb4ec312214662d93619cf2c54", "type": "github" }, "original": { diff --git a/hosts/home/treehouse/default.nix b/hosts/home/treehouse/default.nix index 9ce0edf..9f2b3e4 100644 --- a/hosts/home/treehouse/default.nix +++ b/hosts/home/treehouse/default.nix @@ -6,8 +6,6 @@ inputs.sops-nix.homeManagerModules.sops inputs.nix-index-database.hmModules.nix-index "${self}/modules/home" - "${self}/modules/nixos/common/pii.nix" - "${self}/modules/nixos/common/meta.nix" ]; nixpkgs = { diff --git a/hosts/nixos/bakery/default.nix b/hosts/nixos/bakery/default.nix index 344ac42..1e0b9bf 100644 --- a/hosts/nixos/bakery/default.nix +++ b/hosts/nixos/bakery/default.nix @@ -1,7 +1,17 @@ { self, config, inputs, lib, minimal, ... }: let primaryUser = config.swarselsystems.mainUser; - sharedOptions = { }; + sharedOptions = { + isLaptop = true; + isNixos = true; + isBtrfs = true; + isLinux = true; + sharescreen = "eDP-1"; + profiles = { + reduced = lib.mkIf (!minimal) true; + minimal = lib.mkIf minimal true; + }; + }; in { @@ -13,20 +23,9 @@ in ]; - swarselprofiles = { - reduced = lib.mkIf (!minimal) true; - btrfs = true; - }; swarselsystems = lib.recursiveUpdate { - isLaptop = true; - isNixos = true; - isBtrfs = true; - isLinux = true; - lowResolution = "1280x800"; - highResolution = "1920x1080"; - sharescreen = "eDP-1"; info = "Lenovo ThinkPad"; firewall = lib.mkForce true; wallpaper = self + /files/wallpaper/lenovowp.png; @@ -39,22 +38,29 @@ in rootDisk = "/dev/nvme0n1"; swapSize = "4G"; hostName = config.node.name; + profiles = { + btrfs = true; + }; } sharedOptions; home-manager.users."${primaryUser}" = { # home.stateVersion = lib.mkForce "23.05"; - swarselsystems = { - monitors = { - main = { - name = "LG Display 0x04EF Unknown"; - mode = "1920x1080"; # TEMPLATE - scale = "1"; - position = "1920,0"; - workspace = "15:L"; - output = "eDP-1"; + swarselsystems = lib.recursiveUpdate + { + lowResolution = "1280x800"; + highResolution = "1920x1080"; + monitors = { + main = { + name = "LG Display 0x04EF Unknown"; + mode = "1920x1080"; # TEMPLATE + scale = "1"; + position = "1920,0"; + workspace = "15:L"; + output = "eDP-1"; + }; }; - }; - }; + } + sharedOptions; }; } diff --git a/hosts/nixos/chaostheatre/default.nix b/hosts/nixos/chaostheatre/default.nix index cf1ebb7..e3c10d2 100644 --- a/hosts/nixos/chaostheatre/default.nix +++ b/hosts/nixos/chaostheatre/default.nix @@ -1,6 +1,16 @@ { self, config, pkgs, lib, minimal, ... }: let mainUser = "demo"; + sharedOptions = { + inherit mainUser; + isBtrfs = false; + isLinux = true; + isPublic = true; + profiles = { + chaostheatre = lib.mkIf (!minimal) true; + minimal = lib.mkIf minimal true; + }; + }; in { @@ -29,25 +39,26 @@ in firewall.enable = true; }; - swarselprofiles = { - chaostheatre = lib.mkIf (!minimal) true; - minimal = lib.mkIf minimal true; - btrfs = true; - }; - swarselsystems = { - info = "~SwarselSystems~ demo host"; - wallpaper = self + /files/wallpaper/lenovowp.png; - isImpermanence = true; - isCrypted = true; - isSecureBoot = false; - isSwap = true; - swapSize = "4G"; - rootDisk = "/dev/vda"; - isBtrfs = false; - inherit mainUser; - isLinux = true; - isPublic = true; - isNixos = true; - }; + swarselsystems = lib.recursiveUpdate + { + info = "~SwarselSystems~ demo host"; + wallpaper = self + /files/wallpaper/lenovowp.png; + isImpermanence = true; + isCrypted = true; + isSecureBoot = false; + isSwap = true; + swapSize = "4G"; + rootDisk = "/dev/vda"; + profiles.btrfs = true; + } + sharedOptions; + home-manager.users.${mainUser} = { + home.stateVersion = lib.mkForce "23.05"; + swarselsystems = lib.recursiveUpdate + { + isNixos = true; + } + sharedOptions; + }; } diff --git a/hosts/nixos/milkywell/default.nix b/hosts/nixos/milkywell/default.nix index 1bc4e35..2554037 100644 --- a/hosts/nixos/milkywell/default.nix +++ b/hosts/nixos/milkywell/default.nix @@ -1,4 +1,15 @@ -{ lib, minimal, ... }: +{ lib, config, minimal, ... }: +let + primaryUser = config.swarselsystems.mainUser; + sharedOptions = { + isBtrfs = true; + isLinux = true; + isNixos = true; + }; + profiles = { + minimal = lib.mkIf minimal true; + }; +in { imports = [ ./hardware-configuration.nix @@ -21,21 +32,25 @@ enableAllFirmware = lib.mkForce false; }; - swarselprofiles = { - minimal = lib.mkIf minimal true; - server.syncserver = true; - }; - swarselsystems = { - info = "VM.Standard.E2.1.Micro"; - isImpermanence = true; - isSecureBoot = false; - isCrypted = true; - isSwap = true; - rootDisk = "/dev/sda"; - swapSize = "4G"; - isBtrfs = true; - isLinux = true; - isNixos = true; + swarselsystems = lib.recursiveUpdate + { + info = "VM.Standard.E2.1.Micro"; + isImpermanence = true; + isSecureBoot = false; + isCrypted = true; + isSwap = true; + rootDisk = "/dev/sda"; + swapSize = "4G"; + profiles = { + server.syncserver = true; + }; + } + sharedOptions; + + home-manager.users."${primaryUser}" = { + swarselsystems = lib.recursiveUpdate + { } + sharedOptions; }; } diff --git a/hosts/nixos/moonside/default.nix b/hosts/nixos/moonside/default.nix index cd14423..ba84c3b 100644 --- a/hosts/nixos/moonside/default.nix +++ b/hosts/nixos/moonside/default.nix @@ -1,7 +1,16 @@ -{ lib, config, ... }: +{ lib, config, globals, ... }: let + primaryUser = config.swarselsystems.mainUser; + inherit (config.repo.secrets.common) workHostName; inherit (config.repo.secrets.local.syncthing) dev1 dev2 dev3 loc1; inherit (config.swarselsystems) sopsFile; + serviceDomain = config.repo.secrets.common.services.domains.syncthing3; + + sharedOptions = { + isBtrfs = true; + isNixos = true; + isLinux = true; + }; in { imports = [ @@ -24,6 +33,15 @@ in environment = { etc."issue".text = "\4"; + + persistence."/persist".directories = lib.mkIf config.swarselsystems.isImpermanence [ + { + directory = "/var/lib/syncthing"; + user = "syncthing"; + group = "syncthing"; + mode = "0700"; + } + ]; }; topology.self.interfaces.wg = { @@ -70,72 +88,146 @@ in system.stateVersion = "23.11"; - services.syncthing = { - dataDir = lib.mkForce "/sync"; - settings = { - devices = config.swarselsystems.syncthing.devices // { - "${dev1}" = { - id = "OCCDGDF-IPZ6HHQ-5SSLQ3L-MSSL5ZW-IX5JTAM-PW4PYEK-BRNMJ7E-Q7YDMA7"; - }; - "${dev2}" = { - id = "LPCFIIB-ENUM2V6-F2BWVZ6-F2HXCL2-BSBZXUF-TIMNKYB-7CATP7H-YU5D3AH"; - }; - "${dev3}" = { - id = "LAUT2ZP-KEZY35H-AHR3ARD-URAREJI-2B22P5T-PIMUNWW-PQRDETU-7KIGNQR"; - }; - }; - folders = { - "Documents" = { - path = "/sync/Documents"; - type = "receiveonly"; - versioning = { - type = "simple"; - params.keep = "2"; + globals.services."syncthing-${config.networking.hostName}".domain = serviceDomain; + + services = { + nginx = { + virtualHosts = { + ${serviceDomain} = { + enableACME = true; + forceSSL = true; + acmeRoot = null; + locations = { + "/" = { + proxyPass = "http://localhost:8384"; + extraConfig = '' + client_max_body_size 0; + ''; + }; }; - devices = [ "pyramid" ]; - id = "hgr3d-pfu3w"; - }; - "runandbun" = { - path = "/sync/runandbun"; - type = "receiveonly"; - versioning = { - type = "simple"; - params.keep = "5"; - }; - devices = [ "winters" "magicant" ]; - id = "kwnql-ev64v"; - }; - "${loc1}" = { - path = "/sync/${loc1}"; - type = "receiveonly"; - versioning = { - type = "simple"; - params.keep = "3"; - }; - devices = [ dev1 dev2 dev3 ]; - id = "5gsxv-rzzst"; }; }; }; - }; - swarselprofiles = { - server.moonside = true; - }; - - swarselsystems = { - info = "VM.Standard.A1.Flex, 4 OCPUs, 24GB RAM"; - isImpermanence = true; - isSecureBoot = false; - isCrypted = false; - isSwap = false; - rootDisk = "/dev/sda"; - isBtrfs = true; - isNixos = true; - isLinux = true; syncthing = { - serviceDomain = config.repo.secrets.common.services.domains.syncthing3; - serviceIP = "localhost"; + enable = true; + guiAddress = "0.0.0.0:8384"; + openDefaultPorts = true; + relay.enable = false; + settings = { + urAccepted = -1; + devices = { + "magicant" = { + id = "VMWGEE2-4HDS2QO-KNQOVGN-LXLX6LA-666E4EK-ZBRYRRO-XFEX6FB-6E3XLQO"; + }; + "winters" = { + id = "O7RWDMD-AEAHPP7-7TAVLKZ-BSWNBTU-2VA44MS-EYGUNBB-SLHKB3C-ZSLMOAA"; + }; + "${workHostName}" = { + id = "YAPV4BV-I26WPTN-SIP32MV-SQP5TBZ-3CHMTCI-Z3D6EP2-MNDQGLP-53FT3AB"; + }; + "${dev1}" = { + id = "OCCDGDF-IPZ6HHQ-5SSLQ3L-MSSL5ZW-IX5JTAM-PW4PYEK-BRNMJ7E-Q7YDMA7"; + }; + "${dev2}" = { + id = "LPCFIIB-ENUM2V6-F2BWVZ6-F2HXCL2-BSBZXUF-TIMNKYB-7CATP7H-YU5D3AH"; + }; + "${dev3}" = { + id = "LAUT2ZP-KEZY35H-AHR3ARD-URAREJI-2B22P5T-PIMUNWW-PQRDETU-7KIGNQR"; + }; + }; + folders = { + "Default Folder" = lib.mkForce { + path = "/sync/Sync"; + type = "receiveonly"; + versioning = null; + devices = [ "winters" "magicant" "${workHostName}" ]; + id = "default"; + }; + "Obsidian" = { + path = "/sync/Obsidian"; + type = "receiveonly"; + versioning = { + type = "simple"; + params.keep = "5"; + }; + devices = [ "winters" "magicant" "${workHostName}" ]; + id = "yjvni-9eaa7"; + }; + "Org" = { + path = "/sync/Org"; + type = "receiveonly"; + versioning = { + type = "simple"; + params.keep = "5"; + }; + devices = [ "winters" "magicant" "${workHostName}" ]; + id = "a7xnl-zjj3d"; + }; + "Vpn" = { + path = "/sync/Vpn"; + type = "receiveonly"; + versioning = { + type = "simple"; + params.keep = "5"; + }; + devices = [ "winters" "magicant" "${workHostName}" ]; + id = "hgp9s-fyq3p"; + }; + "Documents" = { + path = "/sync/Documents"; + type = "receiveonly"; + versioning = { + type = "simple"; + params.keep = "2"; + }; + devices = [ "winters" ]; + id = "hgr3d-pfu3w"; + }; + "runandbun" = { + path = "/sync/runandbun"; + type = "receiveonly"; + versioning = { + type = "simple"; + params.keep = "5"; + }; + devices = [ "winters" "magicant" ]; + id = "kwnql-ev64v"; + }; + "${loc1}" = { + path = "/sync/${loc1}"; + type = "receiveonly"; + versioning = { + type = "simple"; + params.keep = "3"; + }; + devices = [ dev1 dev2 dev3 ]; + id = "5gsxv-rzzst"; + }; + }; + }; }; }; + + swarselsystems = lib.recursiveUpdate + { + info = "VM.Standard.A1.Flex, 4 OCPUs, 24GB RAM"; + isImpermanence = true; + isSecureBoot = false; + isCrypted = false; + isSwap = false; + rootDisk = "/dev/sda"; + profiles = { + server.moonside = true; + }; + } + sharedOptions; + + home-manager.users."${primaryUser}" = { + home.stateVersion = lib.mkForce "23.11"; + swarselsystems = lib.recursiveUpdate + { } + sharedOptions; + }; + } diff --git a/hosts/nixos/pyramid/default.nix b/hosts/nixos/pyramid/default.nix index 79541c3..e3607c7 100644 --- a/hosts/nixos/pyramid/default.nix +++ b/hosts/nixos/pyramid/default.nix @@ -1,6 +1,19 @@ { self, config, inputs, lib, minimal, ... }: let primaryUser = config.swarselsystems.mainUser; + sharedOptions = { + isLaptop = true; + isNixos = true; + isBtrfs = true; + isLinux = true; + sharescreen = "eDP-2"; + profiles = { + personal = lib.mkIf (!minimal) true; + minimal = lib.mkIf minimal true; + work = lib.mkIf (!minimal) true; + framework = lib.mkIf (!minimal) true; + }; + }; in { @@ -13,56 +26,53 @@ in ]; - swarselprofiles = { - personal = lib.mkIf (!minimal) true; - work = lib.mkIf (!minimal) true; - framework = lib.mkIf (!minimal) true; - amdcpu = true; - amdgpu = true; - hibernation = true; - btrfs = true; - }; - swarselsystems = { - lowResolution = "1280x800"; - highResolution = "2560x1600"; - isLaptop = true; - isNixos = true; - isBtrfs = true; - isLinux = true; - sharescreen = "eDP-2"; - info = "Framework Laptop 16, 7940HS, RX7700S, 64GB RAM"; - firewall = lib.mkForce true; - wallpaper = self + /files/wallpaper/lenovowp.png; - hasBluetooth = true; - hasFingerprint = true; - isImpermanence = false; - isSecureBoot = true; - isCrypted = true; - inherit (config.repo.secrets.local) hostName; - inherit (config.repo.secrets.local) fqdn; - hibernation.offset = 533760; - }; + swarselsystems = lib.recursiveUpdate + { + info = "Framework Laptop 16, 7940HS, RX7700S, 64GB RAM"; + firewall = lib.mkForce true; + wallpaper = self + /files/wallpaper/lenovowp.png; + hasBluetooth = true; + hasFingerprint = true; + isImpermanence = false; + isSecureBoot = true; + isCrypted = true; + inherit (config.repo.secrets.local) hostName; + inherit (config.repo.secrets.local) fqdn; + hibernation.offset = 533760; + profiles = { + amdcpu = true; + amdgpu = true; + hibernation = true; + btrfs = true; + }; + } + sharedOptions; home-manager.users."${primaryUser}" = { - swarselsystems = { - isSecondaryGpu = true; - SecondaryGpuCard = "pci-0000_03_00_0"; - cpuCount = 16; - temperatureHwmon = { - isAbsolutePath = true; - path = "/sys/devices/virtual/thermal/thermal_zone0/"; - input-filename = "temp4_input"; - }; - monitors = { - main = { - name = "BOE 0x0BC9 Unknown"; - mode = "2560x1600"; # TEMPLATE - scale = "1"; - position = "2560,0"; - workspace = "15:L"; - output = "eDP-2"; + # home.stateVersion = lib.mkForce "23.05"; + swarselsystems = lib.recursiveUpdate + { + isSecondaryGpu = true; + SecondaryGpuCard = "pci-0000_03_00_0"; + cpuCount = 16; + temperatureHwmon = { + isAbsolutePath = true; + path = "/sys/devices/virtual/thermal/thermal_zone0/"; + input-filename = "temp4_input"; }; - }; - }; + lowResolution = "1280x800"; + highResolution = "2560x1600"; + monitors = { + main = { + name = "BOE 0x0BC9 Unknown"; + mode = "2560x1600"; # TEMPLATE + scale = "1"; + position = "2560,0"; + workspace = "15:L"; + output = "eDP-2"; + }; + }; + } + sharedOptions; }; } diff --git a/hosts/nixos/toto/default.nix b/hosts/nixos/toto/default.nix index dee2083..8a37895 100644 --- a/hosts/nixos/toto/default.nix +++ b/hosts/nixos/toto/default.nix @@ -1,4 +1,15 @@ -{ self, lib, minimal, ... }: +{ self, config, lib, minimal, ... }: +let + primaryUser = config.swarselsystems.mainUser; + sharedOptions = { + isBtrfs = true; + isLinux = true; + profiles = { + toto = lib.mkIf (!minimal) true; + minimal = lib.mkIf minimal true; + }; + }; +in { imports = [ @@ -6,31 +17,36 @@ ./hardware-configuration.nix ]; + + networking = { hostName = "toto"; firewall.enable = false; }; - swarselprofiles = { - toto = lib.mkIf (!minimal) true; - btrfs = true; - }; + swarselsystems = lib.recursiveUpdate + { + info = "~SwarselSystems~ remote install helper"; + wallpaper = self + /files/wallpaper/lenovowp.png; + isImpermanence = true; + isCrypted = true; + isSecureBoot = false; + isSwap = true; + swapSize = "2G"; + # rootDisk = "/dev/nvme0n1"; + rootDisk = "/dev/vda"; + profiles.btrfs = true; + # rootDisk = "/dev/vda"; + } + sharedOptions; - swarselsystems = { - info = "~SwarselSystems~ remote install helper"; - wallpaper = self + /files/wallpaper/lenovowp.png; - isImpermanence = true; - isCrypted = true; - isSecureBoot = false; - isSwap = true; - swapSize = "2G"; - # rootDisk = "/dev/nvme0n1"; - rootDisk = "/dev/vda"; - # rootDisk = "/dev/vda"; - isBtrfs = true; - isLinux = true; - isLaptop = false; - isNixos = true; + home-manager.users.${primaryUser} = { + home.stateVersion = lib.mkForce "23.05"; + swarselsystems = lib.recursiveUpdate + { + isLaptop = false; + isNixos = true; + } + sharedOptions; }; - } diff --git a/hosts/nixos/winters/default.nix b/hosts/nixos/winters/default.nix index 9e872ff..6b65107 100644 --- a/hosts/nixos/winters/default.nix +++ b/hosts/nixos/winters/default.nix @@ -1,4 +1,15 @@ -{ config, ... }: +{ lib, config, ... }: +let + primaryUser = config.swarselsystems.mainUser; + sharedOptions = { + isBtrfs = false; + isLinux = true; + isNixos = true; + profiles = { + server.local = true; + }; + }; +in { imports = [ @@ -19,18 +30,19 @@ }; - swarselprofiles = { - server.local = true; - }; + swarselsystems = lib.recursiveUpdate + { + info = "ASRock J4105-ITX, 32GB RAM"; + isImpermanence = false; + isSecureBoot = true; + isCrypted = true; + } + sharedOptions; - swarselsystems = { - info = "ASRock J4105-ITX, 32GB RAM"; - isImpermanence = false; - isSecureBoot = true; - isCrypted = true; - isBtrfs = false; - isLinux = true; - isNixos = true; + home-manager.users."${primaryUser}" = { + home.stateVersion = lib.mkForce "23.05"; + swarselsystems = lib.recursiveUpdate + { } + sharedOptions; }; - } diff --git a/hosts/nixos/winters/secrets/pii.nix.enc b/hosts/nixos/winters/secrets/pii.nix.enc index 9c0e82b..0a46cc3 100644 --- a/hosts/nixos/winters/secrets/pii.nix.enc +++ b/hosts/nixos/winters/secrets/pii.nix.enc @@ -1,5 +1,5 @@ { - "data": "ENC[AES256_GCM,data:Ow17QtITRfXk4BJGWb4jw1gX8HRIAdpBDpyGtif3Vb42cCqSWpLaIR1KecbU3OPkGesC/vh2tgmfE/xlm6nUR8kvRDZdhFr7UckeKFiD4hlfHBhGckaCXOiRZ3ACHrHfM/a2CbKDl14xLDMFDervdMRfB/4vjvnn9xvhjepZ1e7+Iopd9agL8r658AMFF3j2tRYZp7l5GLArs+7mUsFfXujkui1Xgh5+TRvYPh3zQ18RWyP4QMYP6HPHgHRH7S6uciUb6Qq1yEytOy3pCJTb+gZaa9xI1azzP7r83b7KeXdukupR+9fNWN52swDHXRugThMrh4kOrBdyaafJ1v2w4FTTPwj6JQvkxT+vMV4+WIclhD/FWtEHtUqsHDFnMzTIQfyTMt42HZKNdQDwp2fwuV1BP0qOUqRnheaTPiyZiZL8I27xDfwp5zfSqxA7KEzLL2uRbIPefdqNFlcte/xL9IkbTux+AmHaIjQeLkiPyMf2wc2NTIabWPk/ILC917vnancdAQuujB38SaWPrKeCEqDKsArvgjnmn47ctBND73G4PszieneCnuq4sNT9QrC81mk/AQv5TFG0i0fvPoXfpO4ul7MgaP+iPodb2CThHKDAwL+Gnq/6+tg+vJbTKxrsixHvYViA9p/ke1YaRFg2R8V7NwRDl68NI2yCaqj3qlS6Sa8Mx7IUQR6aCN4nkpcJs2GLVCEhWKFBsNXXhPa01C/81JGJ6+/zfHuGbY6gGtS7k3cZ9+dfizN29nBlp+A1U+Noxjl9arYOX4gjEnQhvo9Tp/gBCmrvXjoE6ja8XXUv78/Bfnvup52gdNunYRYv3Aj91F0u6fH6UqoWPXVTy6eznV727Pj9H1BPzMEfmf3EPc6Qcg7AR7vKORfH3U0PFXxFMY0kGEJdug5jmLuwUoRR9zOyHOqdS4Tk9BcMT02gRyQf6LZ3drDoqC35L5hop/gfbleUXXODn3cE1mEuAuZ08OSavZ24IHo1aMr50gjn32WSBKkjfC0dobBWzWwykxhu0vZZI3xYJx/59qqsodDGAJAhry5N6vrwM/PK/O73L2QBqkaT50eImIQ4+vpahcvFPRIkHLvQkzxlyH0dafuGyyF2gfig5Rq3vw02pT8z06LjmJ/ehvteyy1BE9CdiUvYHjaBXiWg2n5FvAe5e8EQxUx9+SwfwEpnucuocp7g+d3W3cXJOU6m9JxwvK7LX95MbpKOtdPq11yi35LLb1TikFLdFZyu+SeaNFD3AzQMOSem6Lwc7N7WHC5z3Ah7FvqqnL2J51hDfMLW78A7DCI9GNRVoyVjx++gRr+ftEf8UUAYmkJdT/D898wtLWmBXikY/2e36q3QJV0Hy3fGBjxLmN/Tdz62jgCaXrNdJqJTFZ5h+hjd03GT6utmPwp0D2lBSM0LXsZsql+jI54P8cFdu3S4mNIjHZqV1kmsk0MCCVJKnGODeLQLxJhp287N3+0HJEm4KicGWMchef/YeiLLtD7mz7ov/9OI,iv:KvoTnlj+f+eMsFEZP8F1v0r/xZ4aVBUWmO+zsQCvhS4=,tag:U1ziE2832QfNkP0yjIzBeA==,type:str]", + "data": "ENC[AES256_GCM,data:XEzKhJ1+iwQZ24wnf7FdThWMwOKEwaYr3ecGjjLpTqx4+kq3W9FWFDSKkHAwo6077tsVTu7NCGZfat/gAylg1xgqAZAHA8/PMQejowAgIPCG7eCQvQfTMepcuWjgc9BAyFYcBjPFmLnvX69LE80Fw0Io1QeKIa6CVJKp4P6eC8OIKeG1fTc3/sWxr+3ZKTzGPKiGCnSMo7qM0/2HlV0bhp8yWFni+2nZ8UlPJluEnmx0bBR0uZ6bdqzLX/fFrmgTd6m30+Zq8pjKVhiHpEQd9m5aU2inCWv4OeNE3EQsLYcnhcVdrcySZ6R4AZ1nlZZedDhf+Ee4AwcIPVsA8HHqlUEY1CayHF5wLpkxralOpt+RFZYJkvupmozP/uYRymoAA6YgJGesr2Oki0wT041nioB9AvpU9xFvfCqbqXXsBvwtvhxpwhEJJOogZENKnjvvoDoLGZlFVPzkfqDANuv5SAJQiWuFLWEdcmQncRlsjwSPOGOnI+r+puHszPOaDsZigF/yuL4rd5a0RkS6dCOfYtCvQBBAMfEAWX13AiKF0Dtz5/ijEEK7iojoMF/B6rnoENs2l0cSljq7TGV0DVRDjFUTiMNbfRxUJUkMuqJFnNzMwz4METmAwgqHn217uvUk2V8UJ5v9k4sapRmogPTfCwhvxGDV1e9AJvL6WXJ2m0ldhKOcQXFiO/+ZtNB1FHJ22ZFcxcSSOSRmEQsB5Yw3zPEjQ7sU93sKRLEPrTEqSSNG75iZ+vZm9iEI2trFhtEOlU98Ury/USC9sjPN/sxGGR5hcRZajY2HUxVTucMheIWJ7mxhxLHg7rz/qWLSqC6TqKwnyv+NdBnrVaLWaRnZGRCgtvN+oJKRjyxCsiDHVoY52cP5SmdXGn3yrVxDuYGrkLf/JOj76Hs/TCSsYptMvKqH4R4vT8SlDnplpcIfd5KTr4sM1n4q4sai1wRc1wlN0EkwK7+otTYcStxtvgUUtW/4jkk+73TdvvR9IkV0PqghKuB6FdAM6qRX1M8AebcXNyZYW9k7sHRVWGk+eMrMe/qX2IAY1WUgdt7hs2Ci9XoJqWKCG17rcKZ/ORu0utrJt+l0H9fZihO8+aYHabsHueiyJTKJvZx9+12r5a6deXShtdpsdQVnMlczWKGKUIdQ7TB12HILGPAvvZkJh0aDq043UU/4dUwyUezi70QnH/Z/GRip68kXH6njBmZRlmmNAFSCHkGxMKxpgssHyXXNEvET/TIVEJeR1vYjqFoGIBrFQV1Bqu2yk3A2pZLBEEbsCQrOuE2CPpfrn5kCUnw2sJOWpnVqyQ+SA4xZ7W1vw7i8aL2ThZlKE3zsriECpOfEaDWv8ME2HsiL42VUmgv+6zm/2hiVK+OayQucBUbY8IC6Yjl2kXB7EPvUsc60V2xOJl40KIAJxa0GNgaRMWkYoFtnVrYbY4yT37UjIAu2fJD725qgkXOJwbFPlX7na86PVVB0MQ==,iv:JSG8DynJg8t7HEDoW7IwYt189P22h4BPMFYsJmo3mcU=,tag:cHoNQBL2DCpntJyhqay54Q==,type:str]", "sops": { "age": [ { @@ -7,8 +7,8 @@ "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyK0w2RjJ5R1l2ay94QXRj\nekJwSlowcFVLc1cvWVFjNEVFUnFocEJHYlNnCnBnUEYvNWdNWE9BTjB5ODRuTlAw\nMUh4QmlTeVVYNHM0S1FwWG5qUG42VDgKLS0tIHh5VlU2dVZmUlRIMDRlVEJmNU55\ncFlXR1BzMkVnMkFWN3BBZWhHalltMlEKibdARxBcFqaXUhYp3KkrrvO9YgaBDacl\n8BEv4ph0f2baDN0dsymJjmdHStwKTjOwDspRtCTs5u75hR35a2xyFQ==\n-----END AGE ENCRYPTED FILE-----\n" } ], - "lastmodified": "2025-07-17T20:14:29Z", - "mac": "ENC[AES256_GCM,data:4YP1fp9Mcbx0pvS5l9Xzc5cbhFnBo5GkqyRvcEspNYQ3IW5LIWtPwItwLZH/ymfEkpwIVYOugnB12HJJo9jpudgfUMXtp43ImDUNVHs59qkNhJFmTSoEZMBHQjPtE/jE17OIAZzeA41EAItesrmExV1W8ePy7rTgHQl5BDooWME=,iv:vyZ0BGjMUDeoVMkDw6wLZK3KKIECK5caz/nQB3nXlGs=,tag:GAqKNcSf3Ny/WsB3tYM/og==,type:str]", + "lastmodified": "2025-07-02T10:26:33Z", + "mac": "ENC[AES256_GCM,data:/rmQKH7up3IcAdyYpdpx6H6gdyiNsnPS6TaozSU0EXxoaods50xC5sf2/quqLaeSRJE/NjKvh+3BWchbFJMQZM4PvSML3XAO8w9t/GqmOwwLJrvnMyulqS5y7BVDJZysmDe9TFNz05UJfZdbvLrH8kyhTHF7ciA8HgJq5JzFiBc=,iv:ORyza5fzjptuq5WD3NA9/OTFbACtzHp5e6kNKT/EaTE=,tag:wsp3Z/ySHVmDC9uRCn30Uw==,type:str]", "pgp": [ { "created_at": "2025-06-11T11:42:23Z", diff --git a/justfile b/justfile index f2f9f7f..afde561 100644 --- a/justfile +++ b/justfile @@ -24,4 +24,4 @@ dd DRIVE ISO: sudo dd if=$(eza --sort changed {{ISO}} | tail -n1) of={{DRIVE}} bs=4M status=progress oflag=sync sync USER HOST: - rsync -rltv --filter=':- .gitignore' -e "ssh -l {{USER}}" . {{USER}}@{{HOST}}:.dotfiles/ + rsync -av --filter=':- .gitignore' -e "ssh -l {{USER}}" . {{USER}}@{{HOST}}:.dotfiles/ diff --git a/modules/home/common/atuin.nix b/modules/home/common/atuin.nix index 82383f5..f0623e1 100644 --- a/modules/home/common/atuin.nix +++ b/modules/home/common/atuin.nix @@ -3,8 +3,8 @@ let atuinDomain = globals.services.atuin.domain; in { - options.swarselmodules.atuin = lib.mkEnableOption "atuin settings"; - config = lib.mkIf config.swarselmodules.atuin { + options.swarselsystems.modules.atuin = lib.mkEnableOption "atuin settings"; + config = lib.mkIf config.swarselsystems.modules.atuin { programs.atuin = { enable = true; enableZshIntegration = true; diff --git a/modules/home/common/custom-packages.nix b/modules/home/common/custom-packages.nix index 5c66542..8c38d7f 100644 --- a/modules/home/common/custom-packages.nix +++ b/modules/home/common/custom-packages.nix @@ -1,8 +1,8 @@ { lib, config, pkgs, ... }: { - options.swarselmodules.ownpackages = lib.mkEnableOption "own packages settings"; - config = lib.mkIf config.swarselmodules.ownpackages { + options.swarselsystems.modules.ownpackages = lib.mkEnableOption "own packages settings"; + config = lib.mkIf config.swarselsystems.modules.ownpackages { home.packages = with pkgs; lib.mkIf (!config.swarselsystems.isPublic) [ pass-fuzzel cdw diff --git a/modules/home/common/default.nix b/modules/home/common/default.nix index e7b9ac5..18e0ee1 100644 --- a/modules/home/common/default.nix +++ b/modules/home/common/default.nix @@ -1,9 +1,7 @@ { lib, ... }: let importNames = lib.swarselsystems.readNix "modules/home/common"; - sharedNames = lib.swarselsystems.readNix "modules/shared"; in { - imports = lib.swarselsystems.mkImports importNames "modules/home/common" ++ - lib.swarselsystems.mkImports sharedNames "modules/shared"; + imports = lib.swarselsystems.mkImports importNames "modules/home/common"; } diff --git a/modules/home/common/desktop.nix b/modules/home/common/desktop.nix index a24eb94..05b03fd 100644 --- a/modules/home/common/desktop.nix +++ b/modules/home/common/desktop.nix @@ -1,7 +1,7 @@ { lib, config, ... }: { - options.swarselmodules.desktop = lib.mkEnableOption "desktop settings"; - config = lib.mkIf config.swarselmodules.desktop { + options.swarselsystems.modules.desktop = lib.mkEnableOption "desktop settings"; + config = lib.mkIf config.swarselsystems.modules.desktop { xdg.desktopEntries = { cura = { diff --git a/modules/home/common/direnv.nix b/modules/home/common/direnv.nix index ea72d7d..0e84503 100644 --- a/modules/home/common/direnv.nix +++ b/modules/home/common/direnv.nix @@ -1,7 +1,7 @@ { lib, config, ... }: { - options.swarselmodules.direnv = lib.mkEnableOption "direnv settings"; - config = lib.mkIf config.swarselmodules.direnv { + options.swarselsystems.modules.direnv = lib.mkEnableOption "direnv settings"; + config = lib.mkIf config.swarselsystems.modules.direnv { programs.direnv = { enable = true; silent = true; diff --git a/modules/home/common/emacs.nix b/modules/home/common/emacs.nix index 2a0d331..8f5863e 100644 --- a/modules/home/common/emacs.nix +++ b/modules/home/common/emacs.nix @@ -1,26 +1,12 @@ -{ self, lib, config, pkgs, globals, ... }: +{ self, lib, config, pkgs, ... }: let - inherit (config.swarselsystems) homeDir isPublic isNixos; - inherit (config.repo.secrets.common.emacs) radicaleUser; + inherit (config.swarselsystems) homeDir isPublic; in { - options.swarselmodules.emacs = lib.mkEnableOption "emacs settings"; - config = lib.mkIf config.swarselmodules.emacs { + options.swarselsystems.modules.emacs = lib.mkEnableOption "emacs settings"; + config = lib.mkIf config.swarselsystems.modules.emacs { # needed for elfeed - sops = lib.mkIf (!isPublic && !isNixos) { - secrets = { - fever-pw = { path = "${homeDir}/.emacs.d/.fever"; }; - emacs-radicale-pw = { }; - }; - templates = { - authinfo = { - path = "${homeDir}/.emacs.d/.authinfo"; - content = '' - machine ${globals.services.radicale.domain} login ${radicaleUser} password ${config.sops.placeholder.emacs-radicale-pw} - ''; - }; - }; - }; + sops.secrets.fever-pw = lib.mkIf (!isPublic) { path = "${homeDir}/.emacs.d/.fever"; }; # enable emacs overlay for bleeding edge features # also read init.el file and install use-package packages diff --git a/modules/home/common/env.nix b/modules/home/common/env.nix index 0148b9d..a8acacd 100644 --- a/modules/home/common/env.nix +++ b/modules/home/common/env.nix @@ -1,33 +1,24 @@ -{ lib, config, globals, nixosConfig ? config, ... }: +{ lib, config, globals, nixosConfig, ... }: let inherit (nixosConfig.repo.secrets.common.mail) address1 address2 address3 address4 allMailAddresses; - inherit (nixosConfig.repo.secrets.common.calendar) source1 source1-name source2 source2-name source3 source3-name; inherit (nixosConfig.repo.secrets.common) fullName; - inherit (config.swarselsystems) isPublic; crocDomain = globals.services.croc.domain; in { - options.swarselmodules.env = lib.mkEnableOption "env settings"; - config = lib.mkIf config.swarselmodules.env { + options.swarselsystems.modules.env = lib.mkEnableOption "env settings"; + config = lib.mkIf config.swarselsystems.modules.env { home.sessionVariables = { EDITOR = "e -w"; DISPLAY = ":0"; + CROC_RELAY = crocDomain; SWARSEL_LO_RES = config.swarselsystems.lowResolution; SWARSEL_HI_RES = config.swarselsystems.highResolution; - CROC_RELAY = lib.mkIf (!isPublic) crocDomain; }; - systemd.user.sessionVariables = lib.mkIf (!isPublic) { - GITHUB_NOTIFICATION_TOKEN_PATH = nixosConfig.sops.secrets.github-notifications-token.path; + systemd.user.sessionVariables = lib.mkIf (config.swarselsystems.isNixos && !config.swarselsystems.isPublic) { SWARSEL_MAIL1 = address1; SWARSEL_MAIL2 = address2; SWARSEL_MAIL3 = address3; SWARSEL_MAIL4 = address4; - SWARSEL_CAL1 = source1; - SWARSEL_CAL1NAME = source1-name; - SWARSEL_CAL2 = source2; - SWARSEL_CAL2NAME = source2-name; - SWARSEL_CAL3 = source3; - SWARSEL_CAL3NAME = source3-name; SWARSEL_FULLNAME = fullName; SWARSEL_MAIL_ALL = allMailAddresses; }; diff --git a/modules/home/common/eza.nix b/modules/home/common/eza.nix index 56316f6..c78a30b 100644 --- a/modules/home/common/eza.nix +++ b/modules/home/common/eza.nix @@ -1,7 +1,7 @@ { lib, config, ... }: { - options.swarselmodules.eza = lib.mkEnableOption "eza settings"; - config = lib.mkIf config.swarselmodules.eza { + options.swarselsystems.modules.eza = lib.mkEnableOption "eza settings"; + config = lib.mkIf config.swarselsystems.modules.eza { programs.eza = { enable = true; icons = "auto"; diff --git a/modules/home/common/firefox.nix b/modules/home/common/firefox.nix index 7905b0b..0095a39 100644 --- a/modules/home/common/firefox.nix +++ b/modules/home/common/firefox.nix @@ -1,7 +1,7 @@ -{ config, pkgs, lib, vars, ... }: +{ config, pkgs, lib, ... }: { - options.swarselmodules.firefox = lib.mkEnableOption "firefox settings"; - config = lib.mkIf config.swarselmodules.firefox { + options.swarselsystems.modules.firefox = lib.mkEnableOption "firefox settings"; + config = lib.mkIf config.swarselsystems.modules.firefox { programs.firefox = { enable = true; package = pkgs.firefox; # uses overrides @@ -143,7 +143,7 @@ "browser.startup.homepage" = "https://lobste.rs"; }; } - vars.firefox; + config.swarselsystems.firefox; }; }; }; diff --git a/modules/home/common/fuzzel.nix b/modules/home/common/fuzzel.nix index 89e6689..8c646ca 100644 --- a/modules/home/common/fuzzel.nix +++ b/modules/home/common/fuzzel.nix @@ -1,7 +1,7 @@ { lib, config, ... }: { - options.swarselmodules.fuzzel = lib.mkEnableOption "fuzzel settings"; - config = lib.mkIf config.swarselmodules.fuzzel { + options.swarselsystems.modules.fuzzel = lib.mkEnableOption "fuzzel settings"; + config = lib.mkIf config.swarselsystems.modules.fuzzel { programs.fuzzel = { enable = true; settings = { diff --git a/modules/home/common/gammastep.nix b/modules/home/common/gammastep.nix index c8862c8..e6d9e73 100644 --- a/modules/home/common/gammastep.nix +++ b/modules/home/common/gammastep.nix @@ -1,10 +1,10 @@ -{ lib, config, nixosConfig ? config, ... }: +{ lib, config, nixosConfig, ... }: let inherit (nixosConfig.repo.secrets.common.location) latitude longitude; in { - options.swarselmodules.gammastep = lib.mkEnableOption "gammastep settings"; - config = lib.mkIf config.swarselmodules.gammastep { + options.swarselsystems.modules.gammastep = lib.mkEnableOption "gammastep settings"; + config = lib.mkIf config.swarselsystems.modules.gammastep { services.gammastep = lib.mkIf (config.swarselsystems.isNixos && !config.swarselsystems.isPublic) { enable = true; provider = "manual"; diff --git a/modules/home/common/git.nix b/modules/home/common/git.nix index 59035aa..97632a1 100644 --- a/modules/home/common/git.nix +++ b/modules/home/common/git.nix @@ -1,4 +1,4 @@ -{ lib, config, globals, minimal, nixosConfig ? config, ... }: +{ lib, config, globals, minimal, nixosConfig, ... }: let inherit (nixosConfig.repo.secrets.common.mail) address1; inherit (nixosConfig.repo.secrets.common) fullName; @@ -6,8 +6,8 @@ let gitUser = globals.user.name; in { - options.swarselmodules.git = lib.mkEnableOption "git settings"; - config = lib.mkIf config.swarselmodules.git { + options.swarselsystems.modules.git = lib.mkEnableOption "git settings"; + config = lib.mkIf config.swarselsystems.modules.git { programs.git = { enable = true; } // lib.optionalAttrs (!minimal) { diff --git a/modules/home/common/gnome-keyring.nix b/modules/home/common/gnome-keyring.nix index c952e7b..9fb5ec6 100644 --- a/modules/home/common/gnome-keyring.nix +++ b/modules/home/common/gnome-keyring.nix @@ -1,7 +1,7 @@ { lib, config, ... }: { - options.swarselmodules.gnome-keyring = lib.mkEnableOption "gnome keyring settings"; - config = lib.mkIf config.swarselmodules.gnome-keyring { + options.swarselsystems.modules.gnome-keyring = lib.mkEnableOption "gnome keyring settings"; + config = lib.mkIf config.swarselsystems.modules.gnome-keyring { services.gnome-keyring = lib.mkIf (!config.swarselsystems.isNixos) { enable = true; }; diff --git a/modules/home/common/gpg-agent.nix b/modules/home/common/gpg-agent.nix index f8da000..0ef546d 100644 --- a/modules/home/common/gpg-agent.nix +++ b/modules/home/common/gpg-agent.nix @@ -3,8 +3,8 @@ let inherit (config.swarselsystems) mainUser homeDir; in { - options.swarselmodules.gpgagent = lib.mkEnableOption "gpg agent settings"; - config = lib.mkIf config.swarselmodules.gpgagent { + options.swarselsystems.modules.gpgagent = lib.mkEnableOption "gpg agent settings"; + config = lib.mkIf config.swarselsystems.modules.gpgagent { services.gpg-agent = { enable = true; enableZshIntegration = true; diff --git a/modules/home/common/kanshi.nix b/modules/home/common/kanshi.nix index 026450e..352666d 100644 --- a/modules/home/common/kanshi.nix +++ b/modules/home/common/kanshi.nix @@ -1,7 +1,7 @@ { lib, config, ... }: { - options.swarselmodules.kanshi = lib.mkEnableOption "kanshi settings"; - config = lib.mkIf config.swarselmodules.kanshi { + options.swarselsystems.modules.kanshi = lib.mkEnableOption "kanshi settings"; + config = lib.mkIf config.swarselsystems.modules.kanshi { swarselsystems = { monitors = { homedesktop = { diff --git a/modules/home/common/kdeconnect.nix b/modules/home/common/kdeconnect.nix index c51ca32..b36122e 100644 --- a/modules/home/common/kdeconnect.nix +++ b/modules/home/common/kdeconnect.nix @@ -1,7 +1,7 @@ { lib, config, ... }: { - options.swarselmodules.kdeconnect = lib.mkEnableOption "kdeconnect settings"; - config = lib.mkIf config.swarselmodules.kdeconnect { + options.swarselsystems.modules.kdeconnect = lib.mkEnableOption "kdeconnect settings"; + config = lib.mkIf config.swarselsystems.modules.kdeconnect { services.kdeconnect = { enable = true; indicator = true; diff --git a/modules/home/common/kitty.nix b/modules/home/common/kitty.nix index 2b57e93..a7774ec 100644 --- a/modules/home/common/kitty.nix +++ b/modules/home/common/kitty.nix @@ -1,7 +1,7 @@ { lib, config, ... }: { - options.swarselmodules.kitty = lib.mkEnableOption "kitty settings"; - config = lib.mkIf config.swarselmodules.kitty { + options.swarselsystems.modules.kitty = lib.mkEnableOption "kitty settings"; + config = lib.mkIf config.swarselsystems.modules.kitty { programs.kitty = { enable = true; keybindings = { }; diff --git a/modules/home/common/mail.nix b/modules/home/common/mail.nix index 8d1750f..ad5d529 100644 --- a/modules/home/common/mail.nix +++ b/modules/home/common/mail.nix @@ -1,14 +1,14 @@ -{ lib, config, nixosConfig ? config, ... }: +{ lib, config, nixosConfig, ... }: let inherit (nixosConfig.repo.secrets.common.mail) address1 address2 address2-name address3 address3-name address4 address4-user address4-host; inherit (nixosConfig.repo.secrets.common) fullName; inherit (config.swarselsystems) xdgDir; in { - options.swarselmodules.mail = lib.mkEnableOption "mail settings"; - config = lib.mkIf config.swarselmodules.mail { + options.swarselsystems.modules.mail = lib.mkEnableOption "mail settings"; + config = lib.mkIf config.swarselsystems.modules.mail { - sops.secrets = lib.mkIf (!config.swarselsystems.isPublic && !config.swarselsystems.isNixos) { + sops.secrets = lib.mkIf (!config.swarselsystems.isPublic) { address1-token = { path = "${xdgDir}/secrets/address1-token"; }; address2-token = { path = "${xdgDir}/secrets/address2-token"; }; address3-token = { path = "${xdgDir}/secrets/address3-token"; }; @@ -42,7 +42,7 @@ in address = address1; userName = address1; realName = fullName; - passwordCommand = "cat ${nixosConfig.sops.secrets.address1-token.path}"; + passwordCommand = "cat ${config.sops.secrets.address1-token.path}"; gpg = { key = "0x76FD3810215AE097"; signByDefault = true; @@ -74,7 +74,7 @@ in address = address4; userName = address4-user; realName = fullName; - passwordCommand = "cat ${nixosConfig.sops.secrets.address4-token.path}"; + passwordCommand = "cat ${config.sops.secrets.address4-token.path}"; smtp = { host = address4-host; port = 587; @@ -97,7 +97,7 @@ in address = address2; userName = address2; realName = address2-name; - passwordCommand = "cat ${nixosConfig.sops.secrets.address2-token.path}"; + passwordCommand = "cat ${config.sops.secrets.address2-token.path}"; imap.host = "imap.gmail.com"; smtp.host = "smtp.gmail.com"; msmtp.enable = true; @@ -124,7 +124,7 @@ in address = address3; userName = address3; realName = address3-name; - passwordCommand = "cat ${nixosConfig.sops.secrets.address3-token.path}"; + passwordCommand = "cat ${config.sops.secrets.address3-token.path}"; imap.host = "imap.gmail.com"; smtp.host = "smtp.gmail.com"; msmtp.enable = true; diff --git a/modules/home/common/mako.nix b/modules/home/common/mako.nix index 45d7cfa..bbff8c3 100644 --- a/modules/home/common/mako.nix +++ b/modules/home/common/mako.nix @@ -1,7 +1,7 @@ { lib, config, ... }: { - options.swarselmodules.mako = lib.mkEnableOption "mako settings"; - config = lib.mkIf config.swarselmodules.mako { + options.swarselsystems.modules.mako = lib.mkEnableOption "mako settings"; + config = lib.mkIf config.swarselsystems.modules.mako { services.mako = { enable = true; settings = { diff --git a/modules/home/common/nix-index.nix b/modules/home/common/nix-index.nix index 42aa8d1..b23b1c1 100644 --- a/modules/home/common/nix-index.nix +++ b/modules/home/common/nix-index.nix @@ -1,7 +1,7 @@ { self, lib, config, pkgs, ... }: { - options.swarselmodules.nix-index = lib.mkEnableOption "nix-index settings"; - config = lib.mkIf config.swarselmodules.nix-index { + options.swarselsystems.modules.nix-index = lib.mkEnableOption "nix-index settings"; + config = lib.mkIf config.swarselsystems.modules.nix-index { programs.nix-index = let commandNotFound = pkgs.runCommandLocal "command-not-found.sh" { } '' diff --git a/modules/home/common/nixgl.nix b/modules/home/common/nixgl.nix index 0ba9d1a..4fac380 100644 --- a/modules/home/common/nixgl.nix +++ b/modules/home/common/nixgl.nix @@ -1,14 +1,14 @@ { lib, config, nixgl, ... }: { - options.swarselmodules.nixgl = lib.mkEnableOption "nixgl settings"; options.swarselsystems = { + modules.nixgl = lib.mkEnableOption "nixgl settings"; isSecondaryGpu = lib.mkEnableOption "device has a secondary GPU"; SecondaryGpuCard = lib.mkOption { type = lib.types.str; default = ""; }; }; - config = lib.mkIf config.swarselmodules.nixgl { + config = lib.mkIf config.swarselsystems.modules.nixgl { nixGL = lib.mkIf (!config.swarselsystems.isNixos) { inherit (nixgl) packages; defaultWrapper = lib.mkDefault "mesa"; diff --git a/modules/home/common/packages.nix b/modules/home/common/packages.nix index c9c3ba1..f01c6ee 100644 --- a/modules/home/common/packages.nix +++ b/modules/home/common/packages.nix @@ -1,8 +1,8 @@ { lib, config, pkgs, ... }: { - options.swarselmodules.packages = lib.mkEnableOption "packages settings"; - config = lib.mkIf config.swarselmodules.packages { + options.swarselsystems.modules.packages = lib.mkEnableOption "packages settings"; + config = lib.mkIf config.swarselsystems.modules.packages { home.packages = with pkgs; [ # audio stuff diff --git a/modules/home/common/password-store.nix b/modules/home/common/password-store.nix index bd9f640..a6f05b7 100644 --- a/modules/home/common/password-store.nix +++ b/modules/home/common/password-store.nix @@ -1,7 +1,7 @@ { lib, config, pkgs, ... }: { - options.swarselmodules.passwordstore = lib.mkEnableOption "passwordstore settings"; - config = lib.mkIf config.swarselmodules.passwordstore { + options.swarselsystems.modules.passwordstore = lib.mkEnableOption "passwordstore settings"; + config = lib.mkIf config.swarselsystems.modules.passwordstore { programs.password-store = { enable = true; settings = { diff --git a/modules/home/common/programs.nix b/modules/home/common/programs.nix index 26f2619..27948d0 100644 --- a/modules/home/common/programs.nix +++ b/modules/home/common/programs.nix @@ -1,7 +1,7 @@ { lib, config, pkgs, ... }: { - options.swarselmodules.programs = lib.mkEnableOption "programs settings"; - config = lib.mkIf config.swarselmodules.programs { + options.swarselsystems.modules.programs = lib.mkEnableOption "programs settings"; + config = lib.mkIf config.swarselsystems.modules.programs { programs = { bottom.enable = true; imv.enable = true; diff --git a/modules/home/common/settings.nix b/modules/home/common/settings.nix index 3a349f7..540837a 100644 --- a/modules/home/common/settings.nix +++ b/modules/home/common/settings.nix @@ -3,8 +3,8 @@ let inherit (config.swarselsystems) mainUser; in { - options.swarselmodules.general = lib.mkEnableOption "general nix settings"; - config = lib.mkIf config.swarselmodules.general { + options.swarselsystems.modules.general = lib.mkEnableOption "general nix settings"; + config = lib.mkIf config.swarselsystems.modules.general { nix = lib.mkIf (!config.swarselsystems.isNixos) { package = lib.mkForce pkgs.nixVersions.nix_2_28; extraOptions = '' diff --git a/modules/home/common/sharedoptions.nix b/modules/home/common/sharedoptions.nix deleted file mode 100644 index 8edb073..0000000 --- a/modules/home/common/sharedoptions.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ lib, config, nixosConfig ? null, ... }: -let - # mirrorAttrs = lib.mapAttrs (_: v: lib.mkDefault v) nixosConfig.swarselsystems; - inherit (lib) mkDefault mapAttrs filterAttrs; - mkDefaultCommonAttrs = base: defaults: - lib.mapAttrs (_: v: lib.mkDefault v) - (lib.filterAttrs (k: _: base ? ${k}) defaults); -in -{ - # config.swarselsystems = mirrorAttrs; - config.swarselsystems = lib.mkIf (nixosConfig != null) (mkDefaultCommonAttrs config.swarselsystems nixosConfig.swarselsystems); -} diff --git a/modules/shared/vars.nix b/modules/home/common/sharedsetup.nix similarity index 82% rename from modules/shared/vars.nix rename to modules/home/common/sharedsetup.nix index 79b753a..ce37e10 100644 --- a/modules/shared/vars.nix +++ b/modules/home/common/sharedsetup.nix @@ -1,8 +1,52 @@ -{ self, lib, pkgs, ... }: +{ self, config, lib, pkgs, globals, minimal, ... }: { - _module.args = { - vars = { - stylix = { + options.swarselsystems = { + isLaptop = lib.mkEnableOption "laptop host"; + isNixos = lib.mkEnableOption "nixos host"; + isPublic = lib.mkEnableOption "is a public machine (no secrets)"; + isDarwin = lib.mkEnableOption "darwin host"; + isLinux = lib.mkEnableOption "whether this is a linux machine"; + isBtrfs = lib.mkEnableOption "use btrfs filesystem"; + mainUser = lib.mkOption { + type = lib.types.str; + default = if (!minimal) then globals.user.name else "swarsel"; + }; + sopsFile = lib.mkOption { + type = lib.types.str; + default = "${config.swarselsystems.flakePath}/secrets/${config.node.name}/secrets.yaml"; + }; + homeDir = lib.mkOption { + type = lib.types.str; + default = "/home/swarsel"; + }; + xdgDir = lib.mkOption { + type = lib.types.str; + default = "/run/user/1000"; + }; + flakePath = lib.mkOption { + type = lib.types.str; + default = "/home/swarsel/.dotfiles"; + }; + wallpaper = lib.mkOption { + type = lib.types.path; + default = "${self}/files/wallpaper/lenovowp.png"; + }; + sharescreen = lib.mkOption { + type = lib.types.str; + default = ""; + }; + lowResolution = lib.mkOption { + type = lib.types.str; + default = ""; + }; + highResolution = lib.mkOption { + type = lib.types.str; + default = ""; + }; + + stylix = lib.mkOption { + type = lib.types.attrs; + default = { polarity = "dark"; opacity.popups = 0.5; cursor = { @@ -43,15 +87,20 @@ }; }; }; - - stylixHomeTargets = { + }; + stylixHomeTargets = lib.mkOption { + type = lib.types.attrs; + default = { emacs.enable = false; waybar.enable = false; sway.useWallpaper = false; firefox.profileNames = [ "default" ]; }; + }; - firefox = { + firefox = lib.mkOption { + type = lib.types.attrs; + default = { userChrome = builtins.readFile "${self}/files/firefox/chrome/userChrome.css"; extensions = { packages = with pkgs.nur.repos.rycee.firefox-addons; [ @@ -215,5 +264,6 @@ }; }; }; + }; } diff --git a/modules/home/common/sops.nix b/modules/home/common/sops.nix index 9fbdafc..fd93900 100644 --- a/modules/home/common/sops.nix +++ b/modules/home/common/sops.nix @@ -3,8 +3,8 @@ let inherit (config.swarselsystems) homeDir; in { - options.swarselmodules.sops = lib.mkEnableOption "sops settings"; - config = lib.mkIf config.swarselmodules.sops { + options.swarselsystems.modules.sops = lib.mkEnableOption "sops settings"; + config = lib.mkIf config.swarselsystems.modules.sops { sops = { age.sshKeyPaths = [ "${homeDir}/.ssh/sops" "${homeDir}/.ssh/ssh_host_ed25519_key" ]; defaultSopsFile = "${homeDir}/.dotfiles/secrets/general/secrets.yaml"; diff --git a/modules/home/common/ssh.nix b/modules/home/common/ssh.nix index 052e9a1..dd7361a 100644 --- a/modules/home/common/ssh.nix +++ b/modules/home/common/ssh.nix @@ -1,7 +1,7 @@ { lib, config, ... }: { - options.swarselmodules.ssh = lib.mkEnableOption "ssh settings"; - config = lib.mkIf config.swarselmodules.ssh { + options.swarselsystems.modules.ssh = lib.mkEnableOption "ssh settings"; + config = lib.mkIf config.swarselsystems.modules.ssh { programs.ssh = { enable = true; forwardAgent = true; diff --git a/modules/home/common/starship.nix b/modules/home/common/starship.nix index ba0e897..bee6aeb 100644 --- a/modules/home/common/starship.nix +++ b/modules/home/common/starship.nix @@ -1,7 +1,7 @@ { lib, config, ... }: { - options.swarselmodules.starship = lib.mkEnableOption "starship settings"; - config = lib.mkIf config.swarselmodules.starship { + options.swarselsystems.modules.starship = lib.mkEnableOption "starship settings"; + config = lib.mkIf config.swarselsystems.modules.starship { programs.starship = { enable = true; enableZshIntegration = true; diff --git a/modules/home/common/stylix.nix b/modules/home/common/stylix.nix index 763c4d2..eecdb83 100644 --- a/modules/home/common/stylix.nix +++ b/modules/home/common/stylix.nix @@ -1,12 +1,12 @@ -{ lib, config, vars, ... }: +{ lib, config, ... }: { - options.swarselmodules.stylix = lib.mkEnableOption "stylix settings"; - config = lib.mkIf config.swarselmodules.stylix { + options.swarselsystems.modules.stylix = lib.mkEnableOption "stylix settings"; + config = lib.mkIf config.swarselsystems.modules.stylix { stylix = lib.mkIf (!config.swarselsystems.isNixos) (lib.recursiveUpdate { image = config.swarselsystems.wallpaper; - targets = vars.stylixHomeTargets; + targets = config.swarselsystems.stylixHomeTargets; } - vars.stylix); + config.swarselsystems.stylix); }; } diff --git a/modules/home/common/sway.nix b/modules/home/common/sway.nix index bb429dc..4e19ab2 100644 --- a/modules/home/common/sway.nix +++ b/modules/home/common/sway.nix @@ -6,8 +6,8 @@ let }; in { - options.swarselmodules.sway = lib.mkEnableOption "sway settings"; options.swarselsystems = { + modules.sway = lib.mkEnableOption "sway settings"; inputs = lib.mkOption { type = lib.types.attrsOf (lib.types.attrsOf lib.types.str); default = { }; @@ -72,7 +72,7 @@ in internal = true; }; }; - config = lib.mkIf config.swarselmodules.sway { + config = lib.mkIf config.swarselsystems.modules.sway { swarselsystems = { touchpad = lib.mkIf config.swarselsystems.isLaptop { "type:touchpad" = { @@ -117,6 +117,8 @@ in "${modifier}+Space" = "exec fuzzel"; "${modifier}+Shift+Space" = "floating toggle"; "${modifier}+e" = "exec emacsclient -nquc -a emacs -e \"(dashboard-open)\""; + "${modifier}+Shift+m" = "exec emacsclient -nquc -a emacs -e \"(mu4e)\""; + "${modifier}+Shift+c" = "exec emacsclient -nquc -a emacs -e \"(swarsel/open-calendar)\""; "${modifier}+m" = "exec swaymsg workspace back_and_forth"; "${modifier}+a" = "exec swarselcheck -s"; "${modifier}+x" = "exec swarselcheck -k"; @@ -125,10 +127,7 @@ in "${modifier}+Shift+t" = "exec opacitytoggle"; "${modifier}+Shift+F12" = "move scratchpad"; "${modifier}+F12" = "scratchpad show"; - "${modifier}+Shift+c" = "exec qalculate-gtk"; - "${modifier}+c" = "emacsclient -e '(prot-window-popup-org-capture)'"; - "${modifier}+Shift+m" = "emacsclient -e '(prot-window-popup-mu4e)'"; - "${modifier}+Shift+a" = "emacsclient -e '(prot-window-popup-swarsel/open-calendar)'"; + "${modifier}+c" = "exec qalculate-gtk"; "${modifier}+p" = "exec pass-fuzzel"; "${modifier}+o" = "exec pass-fuzzel --otp"; "${modifier}+Shift+p" = "exec pass-fuzzel --type"; @@ -261,7 +260,6 @@ in { title = "^Add$"; } { title = "^Picture-in-Picture$"; } { title = "Syncthing Tray"; } - { title = "Emacs Popup Frame"; } { title = "^spotifytui$"; } { title = "^kittyterm$"; } { app_id = "vesktop"; } diff --git a/modules/home/common/swayosd.nix b/modules/home/common/swayosd.nix index 706aa25..e422fc2 100644 --- a/modules/home/common/swayosd.nix +++ b/modules/home/common/swayosd.nix @@ -1,7 +1,7 @@ { lib, pkgs, config, ... }: { - options.swarselmodules.swayosd = lib.mkEnableOption "swayosd settings"; - config = lib.mkIf config.swarselmodules.swayosd { + options.swarselsystems.modules.swayosd = lib.mkEnableOption "swayosd settings"; + config = lib.mkIf config.swarselsystems.modules.swayosd { services.swayosd = { enable = true; package = pkgs.dev.swayosd; diff --git a/modules/home/common/symlink.nix b/modules/home/common/symlink.nix index 8caca6e..a0f1e89 100644 --- a/modules/home/common/symlink.nix +++ b/modules/home/common/symlink.nix @@ -1,7 +1,7 @@ { self, lib, config, ... }: { - options.swarselmodules.symlink = lib.mkEnableOption "symlink settings"; - config = lib.mkIf config.swarselmodules.symlink { + options.swarselsystems.modules.symlink = lib.mkEnableOption "symlink settings"; + config = lib.mkIf config.swarselsystems.modules.symlink { home.file = { "init.el" = lib.mkDefault { source = self + /files/emacs/init.el; diff --git a/modules/home/common/tmux.nix b/modules/home/common/tmux.nix index f642c6b..f5daa4d 100644 --- a/modules/home/common/tmux.nix +++ b/modules/home/common/tmux.nix @@ -13,8 +13,8 @@ let }; in { - options.swarselmodules.tmux = lib.mkEnableOption "tmux settings"; - config = lib.mkIf config.swarselmodules.tmux { + options.swarselsystems.modules.tmux = lib.mkEnableOption "tmux settings"; + config = lib.mkIf config.swarselsystems.modules.tmux { home.packages = with pkgs; [ lsof sesh diff --git a/modules/home/common/waybar.nix b/modules/home/common/waybar.nix index 27fd79a..238af30 100644 --- a/modules/home/common/waybar.nix +++ b/modules/home/common/waybar.nix @@ -22,8 +22,8 @@ let ]; in { - options.swarselmodules.waybar = lib.mkEnableOption "waybar settings"; options.swarselsystems = { + modules.waybar = lib.mkEnableOption "waybar settings"; cpuCount = lib.mkOption { type = lib.types.int; default = 8; @@ -52,7 +52,7 @@ in internal = true; }; }; - config = lib.mkIf config.swarselmodules.waybar { + config = lib.mkIf config.swarselsystems.modules.waybar { swarselsystems = { waybarModules = lib.mkIf config.swarselsystems.isLaptop (modulesLeft ++ [ @@ -60,7 +60,7 @@ in ] ++ modulesRight); }; - sops.secrets = lib.mkIf (!config.swarselsystems.isPublic && !config.swarselsystems.isNixos) { + sops.secrets = lib.mkIf (!config.swarselsystems.isPublic) { github-notifications-token = { path = "${xdgDir}/secrets/github-notifications-token"; }; }; diff --git a/modules/home/common/yubikey-touch-detector.nix b/modules/home/common/yubikey-touch-detector.nix index fc28488..53e5721 100644 --- a/modules/home/common/yubikey-touch-detector.nix +++ b/modules/home/common/yubikey-touch-detector.nix @@ -1,7 +1,7 @@ { lib, config, pkgs, ... }: { - options.swarselmodules.yubikeytouch = lib.mkEnableOption "yubikey touch detector service settings"; - config = lib.mkIf config.swarselmodules.yubikeytouch { + options.swarselsystems.modules.yubikeytouch = lib.mkEnableOption "yubikey touch detector service settings"; + config = lib.mkIf config.swarselsystems.modules.yubikeytouch { systemd.user.services.yubikey-touch-detector = { Unit = { Description = "Detects when your YubiKey is waiting for a touch"; diff --git a/modules/home/common/yubikey.nix b/modules/home/common/yubikey.nix index 40c52cd..04e21f0 100644 --- a/modules/home/common/yubikey.nix +++ b/modules/home/common/yubikey.nix @@ -1,11 +1,11 @@ -{ lib, config, nixosConfig ? config, ... }: +{ lib, config, nixosConfig, ... }: let inherit (config.swarselsystems) homeDir; in { - options.swarselmodules.yubikey = lib.mkEnableOption "yubikey settings"; + options.swarselsystems.modules.yubikey = lib.mkEnableOption "yubikey settings"; - config = lib.mkIf config.swarselmodules.yubikey { + config = lib.mkIf config.swarselsystems.modules.yubikey { sops.secrets = lib.mkIf (!config.swarselsystems.isPublic) { u2f-keys = { path = "${homeDir}/.config/Yubico/u2f_keys"; }; diff --git a/modules/home/common/zellij.nix b/modules/home/common/zellij.nix index 92d4507..e2b80c0 100644 --- a/modules/home/common/zellij.nix +++ b/modules/home/common/zellij.nix @@ -1,7 +1,7 @@ { self, lib, config, pkgs, ... }: { - options.swarselmodules.zellij = lib.mkEnableOption "zellij settings"; - config = lib.mkIf config.swarselmodules.zellij { + options.swarselsystems.modules.zellij = lib.mkEnableOption "zellij settings"; + config = lib.mkIf config.swarselsystems.modules.zellij { programs.zellij = { enable = true; enableZshIntegration = true; diff --git a/modules/home/common/zsh.nix b/modules/home/common/zsh.nix index cb45839..f0d18b9 100644 --- a/modules/home/common/zsh.nix +++ b/modules/home/common/zsh.nix @@ -1,19 +1,19 @@ -{ config, lib, minimal, nixosConfig ? config, ... }: +{ config, lib, minimal, ... }: let inherit (config.swarselsystems) flakePath; in { - options.swarselmodules.zsh = lib.mkEnableOption "zsh settings"; options.swarselsystems = { + modules.zsh = lib.mkEnableOption "zsh settings"; shellAliases = lib.mkOption { type = lib.types.attrsOf lib.types.str; default = { }; }; }; - config = lib.mkIf config.swarselmodules.zsh + config = lib.mkIf config.swarselsystems.modules.zsh { - sops.secrets = lib.mkIf (!config.swarselsystems.isPublic && !config.swarselsystems.isNixos) { + sops.secrets = { croc-password = { }; }; @@ -26,10 +26,9 @@ in hg = "history | grep"; hmswitch = "home-manager --flake ${flakePath}#$(whoami)@$(hostname) switch |& nom"; # nswitch = "sudo nixos-rebuild --flake ${flakePath}#$(hostname) --show-trace --log-format internal-json -v switch |& nom --json"; - nswitch = "cd ${flakePath}; swarsel-deploy $(hostname) switch; cd -;"; - nboot = "cd ${flakePath}; swarsel-deploy $(hostname) boot; cd -;"; - ndry = "cd ${flakePath}; swarsel-deploy $(hostname) dry-activate; cd -;"; + nswitch = "swarsel-deploy $(hostname) switch"; # nboot = "sudo nixos-rebuild --flake ${flakePath}#$(hostname) --show-trace --log-format internal-json -v boot |& nom --json"; + nboot = "swarsel-deploy $(hostname) boot"; magit = "emacsclient -nc -e \"(magit-status)\""; config = "git --git-dir=$HOME/.cfg/ --work-tree=$HOME"; g = "git"; @@ -121,7 +120,7 @@ in # ctrl + del bindkey '^H' my-backward-delete-word - export CROC_PASS="$(cat ${nixosConfig.sops.secrets.croc-password.path})" + export CROC_PASS="$(cat ${config.sops.secrets.croc-password.path})" ''; }; }; diff --git a/modules/home/darwin/default.nix b/modules/home/darwin/default.nix index 9ff48b2..e90171c 100644 --- a/modules/home/darwin/default.nix +++ b/modules/home/darwin/default.nix @@ -1,9 +1,7 @@ { self, ... }: { - home.stateVersion = "23.05"; imports = [ "${self}/modules/home/common/settings.nix" - "${self}/modules/shared/options.nix" - "${self}/modules/shared/vars.nix" + "${self}/modules/home/common/sharedsetup.nix" ]; } diff --git a/modules/home/optional/framework.nix b/modules/home/optional/framework.nix index 9e8a9d8..46fe225 100644 --- a/modules/home/optional/framework.nix +++ b/modules/home/optional/framework.nix @@ -1,7 +1,7 @@ { lib, config, ... }: { - options.swarselmodules.optional.framework = lib.mkEnableOption "optional framework machine settings"; - config = lib.mkIf config.swarselmodules.optional.framework { + options.swarselsystems.modules.optional.framework = lib.mkEnableOption "optional framework machine settings"; + config = lib.mkIf config.swarselsystems.modules.optional.framework { swarselsystems = { inputs = { "12972:18:Framework_Laptop_16_Keyboard_Module_-_ANSI_Keyboard" = { diff --git a/modules/home/optional/gaming.nix b/modules/home/optional/gaming.nix index e523332..e55718c 100644 --- a/modules/home/optional/gaming.nix +++ b/modules/home/optional/gaming.nix @@ -1,7 +1,7 @@ { lib, config, pkgs, ... }: { - options.swarselmodules.optional.gaming = lib.mkEnableOption "optional gaming settings"; - config = lib.mkIf config.swarselmodules.optional.gaming { + options.swarselsystems.modules.optional.gaming = lib.mkEnableOption "optional gaming settings"; + config = lib.mkIf config.swarselsystems.modules.optional.gaming { # specialisation = { # gaming.configuration = { home.packages = with pkgs; [ diff --git a/modules/home/optional/work.nix b/modules/home/optional/work.nix index cd91509..bbd5201 100644 --- a/modules/home/optional/work.nix +++ b/modules/home/optional/work.nix @@ -1,10 +1,10 @@ -{ self, config, pkgs, lib, vars, nixosConfig ? config, ... }: +{ self, config, pkgs, lib, nixosConfig, ... }: let inherit (config.swarselsystems) homeDir; in { - options.swarselmodules.optional.work = lib.mkEnableOption "optional work settings"; - config = lib.mkIf config.swarselmodules.optional.work { + options.swarselsystems.modules.optional.work = lib.mkEnableOption "optional work settings"; + config = lib.mkIf config.swarselsystems.modules.optional.work { home.packages = with pkgs; [ stable.teams-for-linux shellcheck @@ -126,7 +126,7 @@ in "browser.startup.homepage" = "${site1}|${site2}"; }; } - vars.firefox; + config.swarselsystems.firefox; "${user2}" = lib.recursiveUpdate { inherit isDefault; @@ -135,13 +135,13 @@ in "browser.startup.homepage" = "${site3}"; }; } - vars.firefox; + config.swarselsystems.firefox; "${user3}" = lib.recursiveUpdate { inherit isDefault; id = 3; } - vars.firefox; + config.swarselsystems.firefox; work = lib.recursiveUpdate { inherit isDefault; @@ -150,7 +150,7 @@ in "browser.startup.homepage" = "${site4}|${site5}|${site6}|${site7}"; }; } - vars.firefox; + config.swarselsystems.firefox; }; }; diff --git a/modules/home/server/default.nix b/modules/home/server/default.nix index f70c4b3..0d107f1 100644 --- a/modules/home/server/default.nix +++ b/modules/home/server/default.nix @@ -6,5 +6,6 @@ in { imports = lib.swarselsystems.mkImports importNames "modules/home/server" ++ [ "${modulesPath}/home/common/settings.nix" + "${modulesPath}/home/common/sharedsetup.nix" ]; } diff --git a/modules/home/server/symlink.nix b/modules/home/server/symlink.nix index 76ddb32..27c3bf6 100644 --- a/modules/home/server/symlink.nix +++ b/modules/home/server/symlink.nix @@ -1,7 +1,7 @@ { self, lib, config, ... }: { - options.swarselmodules.server.dotfiles = lib.mkEnableOption "server dotfiles settings"; - config = lib.mkIf config.swarselmodules.server.dotfiles { + options.swarselsystems.modules.server.dotfiles = lib.mkEnableOption "server dotfiles settings"; + config = lib.mkIf config.swarselsystems.modules.server.dotfiles { home.file = { "init.el" = lib.mkForce { source = self + /files/emacs/server.el; diff --git a/modules/nixos/client/appimage.nix b/modules/nixos/client/appimage.nix index b32e107..209fda0 100644 --- a/modules/nixos/client/appimage.nix +++ b/modules/nixos/client/appimage.nix @@ -1,7 +1,7 @@ { lib, config, ... }: { - options.swarselmodules.appimage = lib.mkEnableOption "appimage config"; - config = lib.mkIf config.swarselmodules.appimage { + options.swarselsystems.modules.appimage = lib.mkEnableOption "appimage config"; + config = lib.mkIf config.swarselsystems.modules.appimage { programs.appimage = { enable = true; binfmt = true; diff --git a/modules/nixos/client/autologin.nix b/modules/nixos/client/autologin.nix index 0d27f6d..4343a56 100644 --- a/modules/nixos/client/autologin.nix +++ b/modules/nixos/client/autologin.nix @@ -3,8 +3,8 @@ let inherit (config.swarselsystems) mainUser; in { - options.swarselmodules.autologin = lib.mkEnableOption "optional autologin settings"; - config = lib.mkIf config.swarselmodules.autologin { + options.swarselsystems.modules.autologin = lib.mkEnableOption "optional autologin settings"; + config = lib.mkIf config.swarselsystems.modules.autologin { services = { getty.autologinUser = mainUser; greetd.settings.initial_session.user = mainUser; diff --git a/modules/nixos/client/blueman.nix b/modules/nixos/client/blueman.nix index cadc5e6..ad4513c 100644 --- a/modules/nixos/client/blueman.nix +++ b/modules/nixos/client/blueman.nix @@ -1,7 +1,7 @@ { lib, config, ... }: { - options.swarselmodules.blueman = lib.mkEnableOption "blueman config"; - config = lib.mkIf config.swarselmodules.blueman { + options.swarselsystems.modules.blueman = lib.mkEnableOption "blueman config"; + config = lib.mkIf config.swarselsystems.modules.blueman { services.blueman.enable = true; services.hardware.bolt.enable = true; }; diff --git a/modules/nixos/client/distrobox.nix b/modules/nixos/client/distrobox.nix index d44fc7c..cfe367b 100644 --- a/modules/nixos/client/distrobox.nix +++ b/modules/nixos/client/distrobox.nix @@ -1,7 +1,7 @@ { lib, config, pkgs, ... }: { - options.swarselmodules.distrobox = lib.mkEnableOption "distrobox config"; - config = lib.mkIf config.swarselmodules.distrobox { + options.swarselsystems.modules.distrobox = lib.mkEnableOption "distrobox config"; + config = lib.mkIf config.swarselsystems.modules.distrobox { environment.systemPackages = with pkgs; [ distrobox boxbuddy diff --git a/modules/nixos/client/env.nix b/modules/nixos/client/env.nix index ad9fad9..110efe1 100644 --- a/modules/nixos/client/env.nix +++ b/modules/nixos/client/env.nix @@ -1,7 +1,7 @@ { lib, config, pkgs, ... }: { - options.swarselmodules.env = lib.mkEnableOption "environment config"; - config = lib.mkIf config.swarselmodules.env { + options.swarselsystems.modules.env = lib.mkEnableOption "environment config"; + config = lib.mkIf config.swarselsystems.modules.env { environment = { wordlist.enable = true; diff --git a/modules/nixos/client/gnome-keyring.nix b/modules/nixos/client/gnome-keyring.nix index 403bdfb..07131eb 100644 --- a/modules/nixos/client/gnome-keyring.nix +++ b/modules/nixos/client/gnome-keyring.nix @@ -1,7 +1,7 @@ { lib, config, ... }: { - options.swarselmodules.gnome-keyring = lib.mkEnableOption "gnome-keyring config"; - config = lib.mkIf config.swarselmodules.gnome-keyring { + options.swarselsystems.modules.gnome-keyring = lib.mkEnableOption "gnome-keyring config"; + config = lib.mkIf config.swarselsystems.modules.gnome-keyring { services.gnome.gnome-keyring = { enable = true; }; diff --git a/modules/nixos/client/gvfs.nix b/modules/nixos/client/gvfs.nix index 059723b..1f6bbd0 100644 --- a/modules/nixos/client/gvfs.nix +++ b/modules/nixos/client/gvfs.nix @@ -1,7 +1,7 @@ { lib, config, ... }: { - options.swarselmodules.gvfs = lib.mkEnableOption "gvfs config for nautilus"; - config = lib.mkIf config.swarselmodules.gvfs { + options.swarselsystems.modules.gvfs = lib.mkEnableOption "gvfs config for nautilus"; + config = lib.mkIf config.swarselsystems.modules.gvfs { services.gvfs.enable = true; }; } diff --git a/modules/nixos/client/hardware.nix b/modules/nixos/client/hardware.nix index fd69f7c..13ca819 100644 --- a/modules/nixos/client/hardware.nix +++ b/modules/nixos/client/hardware.nix @@ -1,8 +1,8 @@ { pkgs, config, lib, ... }: { - options.swarselmodules.hardware = lib.mkEnableOption "hardware config"; options.swarselsystems = { + modules.hardware = lib.mkEnableOption "hardware config"; hasBluetooth = lib.mkEnableOption "bluetooth availability"; hasFingerprint = lib.mkEnableOption "fingerprint sensor availability"; trackpoint = { @@ -13,7 +13,7 @@ }; }; }; - config = lib.mkIf config.swarselmodules.hardware { + config = lib.mkIf config.swarselsystems.modules.hardware { hardware = { # opengl.driSupport32Bit = true is replaced with graphics.enable32Bit and hence redundant graphics = { diff --git a/modules/nixos/client/hardwarecompatibility-keyboards.nix b/modules/nixos/client/hardwarecompatibility-keyboards.nix index 346c0c2..8a17a5f 100644 --- a/modules/nixos/client/hardwarecompatibility-keyboards.nix +++ b/modules/nixos/client/hardwarecompatibility-keyboards.nix @@ -1,7 +1,7 @@ { lib, config, pkgs, ... }: { - options.swarselmodules.keyboards = lib.mkEnableOption "keyboards config"; - config = lib.mkIf config.swarselmodules.keyboards { + options.swarselsystems.modules.keyboards = lib.mkEnableOption "keyboards config"; + config = lib.mkIf config.swarselsystems.modules.keyboards { services.udev.packages = with pkgs; [ qmk-udev-rules vial diff --git a/modules/nixos/client/hardwarecompatibility-ledger.nix b/modules/nixos/client/hardwarecompatibility-ledger.nix index b919e7a..85e87a1 100644 --- a/modules/nixos/client/hardwarecompatibility-ledger.nix +++ b/modules/nixos/client/hardwarecompatibility-ledger.nix @@ -1,7 +1,7 @@ { lib, config, pkgs, ... }: { - options.swarselmodules.ledger = lib.mkEnableOption "ledger config"; - config = lib.mkIf config.swarselmodules.ledger { + options.swarselsystems.modules.ledger = lib.mkEnableOption "ledger config"; + config = lib.mkIf config.swarselsystems.modules.ledger { hardware.ledger.enable = true; services.udev.packages = with pkgs; [ diff --git a/modules/nixos/client/hardwarecompatibility-yubikey.nix b/modules/nixos/client/hardwarecompatibility-yubikey.nix index 75f55bc..1974260 100644 --- a/modules/nixos/client/hardwarecompatibility-yubikey.nix +++ b/modules/nixos/client/hardwarecompatibility-yubikey.nix @@ -4,8 +4,8 @@ let inherit (config.repo.secrets.common.yubikeys) cfg1 cfg2; in { - options.swarselmodules.yubikey = lib.mkEnableOption "yubikey config"; - config = lib.mkIf config.swarselmodules.yubikey { + options.swarselsystems.modules.yubikey = lib.mkEnableOption "yubikey config"; + config = lib.mkIf config.swarselsystems.modules.yubikey { programs.ssh.startAgent = false; services.pcscd.enable = false; diff --git a/modules/nixos/client/interceptiontools.nix b/modules/nixos/client/interceptiontools.nix index 935829f..5be8b9a 100644 --- a/modules/nixos/client/interceptiontools.nix +++ b/modules/nixos/client/interceptiontools.nix @@ -1,7 +1,7 @@ { lib, config, pkgs, ... }: { - options.swarselmodules.interceptionTools = lib.mkEnableOption "interception tools config"; - config = lib.mkIf config.swarselmodules.interceptionTools { + options.swarselsystems.modules.interceptionTools = lib.mkEnableOption "interception tools config"; + config = lib.mkIf config.swarselsystems.modules.interceptionTools { # Make CAPS work as a dual function ESC/CTRL key services.interception-tools = { enable = true; diff --git a/modules/nixos/client/lid.nix b/modules/nixos/client/lid.nix index faf1a84..b2d579d 100644 --- a/modules/nixos/client/lid.nix +++ b/modules/nixos/client/lid.nix @@ -1,7 +1,7 @@ { lib, config, ... }: { - options.swarselmodules.lid = lib.mkEnableOption "lid config"; - config = lib.mkIf config.swarselmodules.lid { + options.swarselsystems.modules.lid = lib.mkEnableOption "lid config"; + config = lib.mkIf config.swarselsystems.modules.lid { services.logind = { lidSwitch = "suspend"; lidSwitchDocked = "ignore"; diff --git a/modules/nixos/client/login.nix b/modules/nixos/client/login.nix index 11f0c37..5b1748f 100644 --- a/modules/nixos/client/login.nix +++ b/modules/nixos/client/login.nix @@ -1,7 +1,7 @@ { lib, config, pkgs, ... }: { - options.swarselmodules.login = lib.mkEnableOption "login config"; - config = lib.mkIf config.swarselmodules.login { + options.swarselsystems.modules.login = lib.mkEnableOption "login config"; + config = lib.mkIf config.swarselsystems.modules.login { services.greetd = { enable = true; settings = { diff --git a/modules/nixos/client/lowbattery.nix b/modules/nixos/client/lowbattery.nix index 9dece08..12bad22 100644 --- a/modules/nixos/client/lowbattery.nix +++ b/modules/nixos/client/lowbattery.nix @@ -1,7 +1,7 @@ { pkgs, lib, config, ... }: { - options.swarselmodules.lowBattery = lib.mkEnableOption "low battery notification config"; - config = lib.mkIf config.swarselmodules.lowBattery { + options.swarselsystems.modules.lowBattery = lib.mkEnableOption "low battery notification config"; + config = lib.mkIf config.swarselsystems.modules.lowBattery { systemd.user.services."battery-low" = { enable = true; description = "Timer for battery check that alerts at 10% or less"; diff --git a/modules/nixos/client/network.nix b/modules/nixos/client/network.nix index 8f7ffc3..40ebbd0 100644 --- a/modules/nixos/client/network.nix +++ b/modules/nixos/client/network.nix @@ -10,10 +10,10 @@ let in { options.swarselsystems = { + modules.network = lib.mkEnableOption "network config"; firewall = lib.swarselsystems.mkTrueOption; }; - options.swarselmodules.network = lib.mkEnableOption "network config"; - config = lib.mkIf config.swarselmodules.network { + config = lib.mkIf config.swarselsystems.modules.network { sops = { secrets = lib.mkIf (!config.swarselsystems.isPublic) { @@ -118,7 +118,7 @@ in wifi-security = { auth-alg = "open"; key-mgmt = "wpa-psk"; - psk = "$WLAN1_PW"; + psk = "WLAN1_PW"; }; }; diff --git a/modules/nixos/client/networkdevices.nix b/modules/nixos/client/networkdevices.nix index 71b5f1d..07b2b9c 100644 --- a/modules/nixos/client/networkdevices.nix +++ b/modules/nixos/client/networkdevices.nix @@ -1,7 +1,7 @@ { lib, config, pkgs, ... }: { - options.swarselmodules.networkDevices = lib.mkEnableOption "network device config"; - config = lib.mkIf config.swarselmodules.networkDevices { + options.swarselsystems.modules.networkDevices = lib.mkEnableOption "network device config"; + config = lib.mkIf config.swarselsystems.modules.networkDevices { # enable scanners over network hardware.sane = { enable = true; diff --git a/modules/nixos/client/nix-ld.nix b/modules/nixos/client/nix-ld.nix index 48895bf..5b38b9d 100644 --- a/modules/nixos/client/nix-ld.nix +++ b/modules/nixos/client/nix-ld.nix @@ -1,7 +1,7 @@ { lib, config, pkgs, ... }: { - options.swarselmodules.nix-ld = lib.mkEnableOption "nix-ld config"; - config = lib.mkIf config.swarselmodules.nix-ld { + options.swarselsystems.modules.nix-ld = lib.mkEnableOption "nix-ld config"; + config = lib.mkIf config.swarselsystems.modules.nix-ld { programs.nix-ld = { enable = true; libraries = with pkgs; [ diff --git a/modules/nixos/client/nvd-rebuild.nix b/modules/nixos/client/nvd-rebuild.nix index 731ca3a..36f6188 100644 --- a/modules/nixos/client/nvd-rebuild.nix +++ b/modules/nixos/client/nvd-rebuild.nix @@ -1,7 +1,7 @@ { lib, config, pkgs, ... }: { - options.swarselmodules.nvd = lib.mkEnableOption "nvd config"; - config = lib.mkIf config.swarselmodules.nvd { + options.swarselsystems.modules.nvd = lib.mkEnableOption "nvd config"; + config = lib.mkIf config.swarselsystems.modules.nvd { environment.systemPackages = [ pkgs.nvd diff --git a/modules/nixos/client/packages.nix b/modules/nixos/client/packages.nix index d44c15c..d613402 100644 --- a/modules/nixos/client/packages.nix +++ b/modules/nixos/client/packages.nix @@ -1,7 +1,7 @@ { lib, config, pkgs, minimal, ... }: { - options.swarselmodules.packages = lib.mkEnableOption "install packages"; - config = lib.mkIf config.swarselmodules.packages { + options.swarselsystems.modules.packages = lib.mkEnableOption "install packages"; + config = lib.mkIf config.swarselsystems.modules.packages { environment.systemPackages = with pkgs; lib.optionals (!minimal) [ # yubikey packages diff --git a/modules/nixos/client/pipewire.nix b/modules/nixos/client/pipewire.nix index 1f8ea4d..db35a93 100644 --- a/modules/nixos/client/pipewire.nix +++ b/modules/nixos/client/pipewire.nix @@ -1,7 +1,7 @@ { lib, config, pkgs, ... }: { - options.swarselmodules.pipewire = lib.mkEnableOption "pipewire config"; - config = lib.mkIf config.swarselmodules.pipewire { + options.swarselsystems.modules.pipewire = lib.mkEnableOption "pipewire config"; + config = lib.mkIf config.swarselsystems.modules.pipewire { security.rtkit.enable = true; # this is required for pipewire real-time access services.pipewire = { diff --git a/modules/nixos/client/polkit.nix b/modules/nixos/client/polkit.nix index 6d1129f..8caf8e1 100644 --- a/modules/nixos/client/polkit.nix +++ b/modules/nixos/client/polkit.nix @@ -1,7 +1,7 @@ { lib, config, minimal, ... }: { - options.swarselmodules.security = lib.mkEnableOption "security config"; - config = lib.mkIf config.swarselmodules.security { + options.swarselsystems.modules.security = lib.mkEnableOption "security config"; + config = lib.mkIf config.swarselsystems.modules.security { security = { pam.services = lib.mkIf (!minimal) { diff --git a/modules/nixos/client/power-profiles-daemon.nix b/modules/nixos/client/power-profiles-daemon.nix index a3d8ac3..86b0676 100644 --- a/modules/nixos/client/power-profiles-daemon.nix +++ b/modules/nixos/client/power-profiles-daemon.nix @@ -1,7 +1,7 @@ { lib, config, ... }: { - options.swarselmodules.ppd = lib.mkEnableOption "power profiles daemon config"; - config = lib.mkIf config.swarselmodules.ppd { + options.swarselsystems.modules.ppd = lib.mkEnableOption "power profiles daemon config"; + config = lib.mkIf config.swarselsystems.modules.ppd { services.power-profiles-daemon.enable = true; }; } diff --git a/modules/nixos/client/programs.nix b/modules/nixos/client/programs.nix index 893a11a..fb0b82d 100644 --- a/modules/nixos/client/programs.nix +++ b/modules/nixos/client/programs.nix @@ -1,7 +1,7 @@ { lib, config, ... }: { - options.swarselmodules.programs = lib.mkEnableOption "small program modules config"; - config = lib.mkIf config.swarselmodules.programs { + options.swarselsystems.modules.programs = lib.mkEnableOption "small program modules config"; + config = lib.mkIf config.swarselsystems.modules.programs { programs = { dconf.enable = true; evince.enable = true; diff --git a/modules/nixos/client/pulseaudio.nix b/modules/nixos/client/pulseaudio.nix index 84f4dea..7e26a1c 100644 --- a/modules/nixos/client/pulseaudio.nix +++ b/modules/nixos/client/pulseaudio.nix @@ -1,7 +1,7 @@ { config, pkgs, lib, ... }: { - options.swarselmodules.pulseaudio = lib.mkEnableOption "pulseaudio config"; - config = lib.mkIf config.swarselmodules.pulseaudio { + options.swarselsystems.modules.pulseaudio = lib.mkEnableOption "pulseaudio config"; + config = lib.mkIf config.swarselsystems.modules.pulseaudio { services.pulseaudio = { enable = lib.mkIf (!config.services.pipewire.enable) true; package = pkgs.pulseaudioFull; diff --git a/modules/nixos/client/sops.nix b/modules/nixos/client/sops.nix index 2fa10eb..2d4b0ce 100644 --- a/modules/nixos/client/sops.nix +++ b/modules/nixos/client/sops.nix @@ -1,7 +1,7 @@ { config, lib, ... }: { - options.swarselmodules.sops = lib.mkEnableOption "sops config"; - config = lib.mkIf config.swarselmodules.sops { + options.swarselsystems.modules.sops = lib.mkEnableOption "sops config"; + config = lib.mkIf config.swarselsystems.modules.sops { sops = { # age.sshKeyPaths = lib.swarselsystems.mkIfElseList config.swarselsystems.isBtrfs [ "/persist/.ssh/sops" "/persist/.ssh/ssh_host_ed25519_key" ] [ "${config.swarselsystems.homeDir}/.ssh/sops" "/etc/ssh/sops" "/etc/ssh/ssh_host_ed25519_key" ]; diff --git a/modules/nixos/client/stylix.nix b/modules/nixos/client/stylix.nix index 4c45cbe..8caa08d 100644 --- a/modules/nixos/client/stylix.nix +++ b/modules/nixos/client/stylix.nix @@ -1,20 +1,20 @@ -{ self, lib, config, vars, ... }: +{ self, lib, config, ... }: { - options.swarselmodules.stylix = lib.mkEnableOption "stylix config"; + options.swarselsystems.modules.stylix = lib.mkEnableOption "stylix config"; config = { stylix = { enable = true; base16Scheme = "${self}/files/stylix/swarsel.yaml"; - } // lib.optionalAttrs config.swarselmodules.stylix + } // lib.optionalAttrs config.swarselsystems.modules.stylix (lib.recursiveUpdate { targets.grub.enable = false; # the styling makes grub more ugly image = config.swarselsystems.wallpaper; } - vars.stylix); + config.swarselsystems.stylix); home-manager.users."${config.swarselsystems.mainUser}" = { stylix = { - targets = vars.stylixHomeTargets; + targets = config.swarselsystems.stylixHomeTargets; }; }; }; diff --git a/modules/nixos/client/sway.nix b/modules/nixos/client/sway.nix index 8643b09..afd8157 100644 --- a/modules/nixos/client/sway.nix +++ b/modules/nixos/client/sway.nix @@ -1,7 +1,7 @@ { lib, config, pkgs, ... }: { - options.swarselmodules.sway = lib.mkEnableOption "sway config"; - config = lib.mkIf config.swarselmodules.sway { + options.swarselsystems.modules.sway = lib.mkEnableOption "sway config"; + config = lib.mkIf config.swarselsystems.modules.sway { programs.sway = { enable = true; package = pkgs.dev.swayfx; diff --git a/modules/nixos/client/swayosd.nix b/modules/nixos/client/swayosd.nix index c8d1caf..e0dcaeb 100644 --- a/modules/nixos/client/swayosd.nix +++ b/modules/nixos/client/swayosd.nix @@ -1,7 +1,7 @@ { lib, pkgs, config, ... }: { - options.swarselmodules.swayosd = lib.mkEnableOption "swayosd settings"; - config = lib.mkIf config.swarselmodules.swayosd { + options.swarselsystems.modules.swayosd = lib.mkEnableOption "swayosd settings"; + config = lib.mkIf config.swarselsystems.modules.swayosd { environment.systemPackages = [ pkgs.dev.swayosd ]; services.udev.packages = [ pkgs.dev.swayosd ]; systemd.services.swayosd-libinput-backend = { diff --git a/modules/nixos/client/syncthing.nix b/modules/nixos/client/syncthing.nix index d7ca383..7d7fc94 100644 --- a/modules/nixos/client/syncthing.nix +++ b/modules/nixos/client/syncthing.nix @@ -1,11 +1,10 @@ { lib, config, pkgs, ... }: let inherit (config.swarselsystems) mainUser homeDir; - devices = config.swarselsystems.syncthing.syncDevices; in { - options.swarselmodules.syncthing = lib.mkEnableOption "syncthing config"; - config = lib.mkIf config.swarselmodules.syncthing { + options.swarselsystems.modules.syncthing = lib.mkEnableOption "syncthing config"; + config = lib.mkIf config.swarselsystems.modules.syncthing { services.syncthing = { enable = true; package = pkgs.stable.syncthing; @@ -19,26 +18,39 @@ in options = { urAccepted = -1; }; - inherit (config.swarselsystems.syncthing) devices; + devices = { + "magicant" = { + id = "VMWGEE2-4HDS2QO-KNQOVGN-LXLX6LA-666E4EK-ZBRYRRO-XFEX6FB-6E3XLQO"; + }; + "sync@oracle" = { + id = "ETW6TST-NPK7MKZ-M4LXMHA-QUPQHDT-VTSHH5X-CR5EIN2-YU7E55F-MGT7DQB"; + }; + "winters" = { + id = "O7RWDMD-AEAHPP7-7TAVLKZ-BSWNBTU-2VA44MS-EYGUNBB-SLHKB3C-ZSLMOAA"; + }; + "moonside@oracle" = { + id = "VPCDZB6-MGVGQZD-Q6DIZW3-IZJRJTO-TCC3QUQ-2BNTL7P-AKE7FBO-N55UNQE"; + }; + }; folders = { "Default Folder" = lib.mkDefault { path = "${homeDir}/Sync"; - inherit devices; + devices = [ "sync@oracle" "magicant" "winters" "moonside@oracle" ]; id = "default"; }; "Obsidian" = { path = "${homeDir}/Nextcloud/Obsidian"; - inherit devices; + devices = [ "sync@oracle" "magicant" "winters" "moonside@oracle" ]; id = "yjvni-9eaa7"; }; "Org" = { path = "${homeDir}/Nextcloud/Org"; - inherit devices; + devices = [ "sync@oracle" "magicant" "winters" "moonside@oracle" ]; id = "a7xnl-zjj3d"; }; "Vpn" = { path = "${homeDir}/Vpn"; - inherit devices; + devices = [ "sync@oracle" "magicant" "winters" "moonside@oracle" ]; id = "hgp9s-fyq3p"; }; }; diff --git a/modules/nixos/client/systemd.nix b/modules/nixos/client/systemd.nix index 5ad6aaa..56da8a1 100644 --- a/modules/nixos/client/systemd.nix +++ b/modules/nixos/client/systemd.nix @@ -1,7 +1,7 @@ { lib, config, ... }: { - options.swarselmodules.systemdTimeout = lib.mkEnableOption "systemd timeout config"; - config = lib.mkIf config.swarselmodules.systemdTimeout { + options.swarselsystems.modules.systemdTimeout = lib.mkEnableOption "systemd timeout config"; + config = lib.mkIf config.swarselsystems.modules.systemdTimeout { # systemd systemd.extraConfig = '' DefaultTimeoutStartSec=60s diff --git a/modules/nixos/client/xdg-portal.nix b/modules/nixos/client/xdg-portal.nix index 9da6946..22abdb7 100644 --- a/modules/nixos/client/xdg-portal.nix +++ b/modules/nixos/client/xdg-portal.nix @@ -1,7 +1,7 @@ { lib, config, pkgs, ... }: { - options.swarselmodules.xdg-portal = lib.mkEnableOption "xdg portal config"; - config = lib.mkIf config.swarselmodules.xdg-portal { + options.swarselsystems.modules.xdg-portal = lib.mkEnableOption "xdg portal config"; + config = lib.mkIf config.swarselsystems.modules.xdg-portal { xdg.portal = { enable = true; config = { diff --git a/modules/nixos/client/zsh.nix b/modules/nixos/client/zsh.nix index 3e6b771..e1eaaf6 100644 --- a/modules/nixos/client/zsh.nix +++ b/modules/nixos/client/zsh.nix @@ -1,7 +1,7 @@ { lib, config, pkgs, ... }: { - options.swarselmodules.zsh = lib.mkEnableOption "zsh base config"; - config = lib.mkIf config.swarselmodules.zsh { + options.swarselsystems.modules.zsh = lib.mkEnableOption "zsh base config"; + config = lib.mkIf config.swarselsystems.modules.zsh { programs.zsh = { enable = true; enableCompletion = false; diff --git a/modules/nixos/common/boot.nix b/modules/nixos/common/boot.nix deleted file mode 100644 index 758f29c..0000000 --- a/modules/nixos/common/boot.nix +++ /dev/null @@ -1,25 +0,0 @@ -{ lib, pkgs, config, globals, ... }: -{ - options.swarselmodules.boot = lib.mkEnableOption "boot config"; - config = lib.mkIf config.swarselmodules.boot { - boot = { - initrd.systemd = { - enable = true; - emergencyAccess = globals.root.hashedPassword; - users.root.shell = "${pkgs.bashInteractive}/bin/bash"; - storePaths = [ "${pkgs.bashInteractive}/bin/bash" ]; - extraBin = { - ip = "${pkgs.iproute2}/bin/ip"; - ping = "${pkgs.iputils}/bin/ping"; - cryptsetup = "${pkgs.cryptsetup}/bin/cryptsetup"; - }; - }; - kernelParams = [ "log_buf_len=16M" ]; - tmp.useTmpfs = true; - loader.timeout = lib.mkDefault 2; - }; - - console.earlySetup = true; - - }; -} diff --git a/modules/nixos/common/default.nix b/modules/nixos/common/default.nix index 8c1a26b..e76fb8b 100644 --- a/modules/nixos/common/default.nix +++ b/modules/nixos/common/default.nix @@ -1,9 +1,11 @@ -{ lib, ... }: +{ self, lib, ... }: let importNames = lib.swarselsystems.readNix "modules/nixos/common"; - sharedNames = lib.swarselsystems.readNix "modules/shared"; in { - imports = lib.swarselsystems.mkImports importNames "modules/nixos/common" ++ - lib.swarselsystems.mkImports sharedNames "modules/shared"; + imports = lib.swarselsystems.mkImports importNames "modules/nixos/common" ++ [ + "${self}/modules/shared/sharedsetup.nix" + ]; + + } diff --git a/modules/nixos/common/globals.nix b/modules/nixos/common/globals.nix index 24e3793..74fcf6a 100644 --- a/modules/nixos/common/globals.nix +++ b/modules/nixos/common/globals.nix @@ -11,12 +11,6 @@ in default = { }; type = types.submodule { options = { - root = { - hashedPassword = mkOption { - type = types.str; - }; - }; - user = { name = mkOption { type = types.str; diff --git a/modules/nixos/common/home-manager-secrets.nix b/modules/nixos/common/home-manager-secrets.nix deleted file mode 100644 index a4ade64..0000000 --- a/modules/nixos/common/home-manager-secrets.nix +++ /dev/null @@ -1,36 +0,0 @@ -{ lib, config, globals, ... }: -let - inherit (config.swarselsystems) mainUser homeDir; - inherit (config.repo.secrets.common.emacs) radicaleUser; - modules = config.home-manager.users.${mainUser}.swarselmodules; -in -{ - config = lib.mkIf config.swarselsystems.withHomeManager { - sops = { - secrets = (lib.optionalAttrs modules.mail - { - address1-token = { owner = mainUser; }; - address2-token = { owner = mainUser; }; - address3-token = { owner = mainUser; }; - address4-token = { owner = mainUser; }; - }) // (lib.optionalAttrs modules.waybar { - github-notifications-token = { owner = mainUser; }; - }) // (lib.optionalAttrs modules.emacs { - fever-pw = { path = "${homeDir}/.emacs.d/.fever"; owner = mainUser; }; - }) // (lib.optionalAttrs modules.zsh { - croc-password = { owner = mainUser; }; - }) // (lib.optionalAttrs modules.emacs { - emacs-radicale-pw = { owner = mainUser; }; - }); - templates = { - authinfo = { - path = "${homeDir}/.emacs.d/.authinfo"; - content = '' - machine ${globals.services.radicale.domain} login ${radicaleUser} password ${config.sops.placeholder.emacs-radicale-pw} - ''; - owner = mainUser; - }; - }; - }; - }; -} diff --git a/modules/nixos/common/home-manager.nix b/modules/nixos/common/home-manager.nix index 081b0b8..fb0b3ed 100644 --- a/modules/nixos/common/home-manager.nix +++ b/modules/nixos/common/home-manager.nix @@ -1,12 +1,12 @@ -{ self, inputs, config, lib, outputs, globals, options, nodes, minimal, configName, ... }: +{ self, inputs, config, lib, outputs, globals, nodes, minimal, configName, ... }: { - options.swarselmodules.home-manager = lib.mkEnableOption "home-manager"; - config = lib.mkIf config.swarselmodules.home-manager { + options.swarselsystems.modules.home-manager = lib.mkEnableOption "home-manager"; + config = lib.mkIf config.swarselsystems.modules.home-manager { home-manager = lib.mkIf config.swarselsystems.withHomeManager { useGlobalPkgs = true; useUserPackages = true; verbose = true; - users.${config.swarselsystems.mainUser}.imports = [ + users.swarsel.imports = [ inputs.nix-index-database.hmModules.nix-index inputs.sops-nix.homeManagerModules.sops # inputs.stylix.homeModules.stylix @@ -14,11 +14,8 @@ imports = [ "${self}/profiles/home" "${self}/modules/home" - { - swarselprofiles = { - minimal = lib.mkIf minimal true; - }; - } + # "${self}/modules/nixos/common/pii.nix" + # "${self}/modules/nixos/common/meta.nix" ]; # node = { # secretsDir = if (!config.swarselsystems.isNixos) then ../../../hosts/home/${configName}/secrets else ../../../hosts/nixos/${configName}/secrets; diff --git a/modules/nixos/common/impermanence.nix b/modules/nixos/common/impermanence.nix index 31f8641..3256df7 100644 --- a/modules/nixos/common/impermanence.nix +++ b/modules/nixos/common/impermanence.nix @@ -4,8 +4,8 @@ let inherit (config.swarselsystems) isImpermanence isCrypted; in { - options.swarselmodules.impermanence = lib.mkEnableOption "impermanence config"; - config = lib.mkIf config.swarselmodules.impermanence { + options.swarselsystems.modules.impermanence = lib.mkEnableOption "impermanence config"; + config = lib.mkIf config.swarselsystems.modules.impermanence { security.sudo.extraConfig = lib.mkIf isImpermanence '' diff --git a/modules/nixos/common/lanzaboote.nix b/modules/nixos/common/lanzaboote.nix index 8492eba..b4c671e 100644 --- a/modules/nixos/common/lanzaboote.nix +++ b/modules/nixos/common/lanzaboote.nix @@ -1,7 +1,7 @@ { lib, pkgs, config, minimal, ... }: { - options.swarselmodules.lanzaboote = lib.mkEnableOption "lanzaboote config"; - config = lib.mkIf config.swarselmodules.lanzaboote { + options.swarselsystems.modules.lanzaboote = lib.mkEnableOption "lanzaboote config"; + config = lib.mkIf config.swarselsystems.modules.lanzaboote { environment.systemPackages = lib.mkIf config.swarselsystems.isSecureBoot [ pkgs.sbctl diff --git a/modules/nixos/common/pii.nix b/modules/nixos/common/pii.nix index 26b31d0..6b8fd21 100644 --- a/modules/nixos/common/pii.nix +++ b/modules/nixos/common/pii.nix @@ -58,9 +58,9 @@ in description = "Exposes the loaded repo secrets. This option is read-only."; }; }; - swarselmodules.pii = lib.mkEnableOption "enable pii management"; + swarselsystems.modules.pii = lib.mkEnableOption "enable pii management"; }; - config = lib.mkIf config.swarselmodules.pii { + config = lib.mkIf config.swarselsystems.modules.pii { repo.secretFiles = let local = config.node.secretsDir + "/pii.nix.enc"; diff --git a/modules/nixos/common/settings.nix b/modules/nixos/common/settings.nix index 57625c1..6edb610 100644 --- a/modules/nixos/common/settings.nix +++ b/modules/nixos/common/settings.nix @@ -52,8 +52,8 @@ let }; in { - options.swarselmodules.general = lib.mkEnableOption "general nix settings"; - config = lib.mkIf config.swarselmodules.general + options.swarselsystems.modules.general = lib.mkEnableOption "general nix settings"; + config = lib.mkIf config.swarselsystems.modules.general (lib.recursiveUpdate { sops.secrets.github-api-token = lib.mkIf (!minimal) { diff --git a/modules/nixos/common/sharedsetup.nix b/modules/nixos/common/sharedsetup.nix new file mode 100644 index 0000000..1269fdd --- /dev/null +++ b/modules/nixos/common/sharedsetup.nix @@ -0,0 +1,27 @@ +{ lib, ... }: +{ + options = { + swarselsystems = { + withHomeManager = lib.mkOption { + type = lib.types.bool; + default = true; + }; + isSwap = lib.mkOption { + type = lib.types.bool; + default = true; + }; + swapSize = lib.mkOption { + type = lib.types.str; + default = "8G"; + }; + rootDisk = lib.mkOption { + type = lib.types.str; + default = ""; + }; + isCrypted = lib.mkEnableOption "uses full disk encryption"; + + isImpermanence = lib.mkEnableOption "use impermanence on this system"; + isSecureBoot = lib.mkEnableOption "use secure boot on this system"; + }; + }; +} diff --git a/modules/nixos/common/time.nix b/modules/nixos/common/time.nix index 10e21b4..21c951a 100644 --- a/modules/nixos/common/time.nix +++ b/modules/nixos/common/time.nix @@ -1,7 +1,7 @@ { lib, config, ... }: { - options.swarselmodules.time = lib.mkEnableOption "time config"; - config = lib.mkIf config.swarselmodules.time { + options.swarselsystems.modules.time = lib.mkEnableOption "time config"; + config = lib.mkIf config.swarselsystems.modules.time { time = { timeZone = "Europe/Vienna"; # hardwareClockInLocalTime = true; diff --git a/modules/nixos/common/users.nix b/modules/nixos/common/users.nix index 29d3afb..79d2ed5 100644 --- a/modules/nixos/common/users.nix +++ b/modules/nixos/common/users.nix @@ -1,27 +1,21 @@ -{ self, pkgs, config, lib, globals, minimal, ... }: +{ self, pkgs, config, lib, minimal, ... }: let sopsFile = self + /secrets/general/secrets.yaml; in { - options.swarselmodules.users = lib.mkEnableOption "user config"; - config = lib.mkIf config.swarselmodules.users { + options.swarselsystems.modules.users = lib.mkEnableOption "user config"; + config = lib.mkIf config.swarselsystems.modules.users { sops.secrets.main-user-hashed-pw = lib.mkIf (!config.swarselsystems.isPublic) { inherit sopsFile; neededForUsers = true; }; users = { mutableUsers = lib.mkIf (!minimal) false; - users = { - root = { - inherit (globals.root) hashedPassword; - shell = pkgs.zsh; - }; - "${config.swarselsystems.mainUser}" = { - isNormalUser = true; - description = "Leon S"; - password = lib.mkIf (minimal || config.swarselsystems.isPublic) "setup"; - hashedPasswordFile = lib.mkIf (!minimal && !config.swarselsystems.isPublic) config.sops.secrets.main-user-hashed-pw.path; - extraGroups = [ "wheel" ] ++ lib.optionals (!minimal) [ "networkmanager" "syncthing" "docker" "lp" "audio" "video" "vboxusers" "libvirtd" "scanner" ]; - packages = with pkgs; [ ]; - }; + users."${config.swarselsystems.mainUser}" = { + isNormalUser = true; + description = "Leon S"; + password = lib.mkIf minimal "setup"; + hashedPasswordFile = lib.mkIf (!minimal) config.sops.secrets.main-user-hashed-pw.path; + extraGroups = [ "wheel" ] ++ lib.optionals (!minimal) [ "networkmanager" "syncthing" "docker" "lp" "audio" "video" "vboxusers" "libvirtd" "scanner" ]; + packages = with pkgs; [ ]; }; }; }; diff --git a/modules/nixos/common/xserver.nix b/modules/nixos/common/xserver.nix index 556011e..b529f9b 100644 --- a/modules/nixos/common/xserver.nix +++ b/modules/nixos/common/xserver.nix @@ -1,7 +1,7 @@ { lib, config, ... }: { - options.swarselmodules.xserver = lib.mkEnableOption "xserver keymap"; - config = lib.mkIf config.swarselmodules.packages { + options.swarselsystems.modules.xserver = lib.mkEnableOption "xserver keymap"; + config = lib.mkIf config.swarselsystems.modules.packages { services.xserver = { xkb = { layout = "us"; diff --git a/modules/nixos/darwin/default.nix b/modules/nixos/darwin/default.nix index 4e4d373..e7b02e6 100644 --- a/modules/nixos/darwin/default.nix +++ b/modules/nixos/darwin/default.nix @@ -6,8 +6,8 @@ in imports = [ ]; - options.swarselmodules.optional.darwin = lib.mkEnableOption "optional darwin settings"; - config = lib.mkIf config.swarselmodules.optional.darwin { + options.swarselsystems.modules.darwin.general = lib.mkEnableOption "darwin config"; + config = lib.mkIf config.swarselsystems.modules.darwin.general { nix.settings.experimental-features = "nix-command flakes"; nixpkgs = { hostPlatform = "x86_64-darwin"; diff --git a/modules/nixos/optional/amdcpu.nix b/modules/nixos/optional/amdcpu.nix index 9051b9d..39028f5 100644 --- a/modules/nixos/optional/amdcpu.nix +++ b/modules/nixos/optional/amdcpu.nix @@ -1,7 +1,7 @@ { lib, config, ... }: { - options.swarselmodules.optional.amdcpu = lib.mkEnableOption "optional amd cpu settings"; - config = lib.mkIf config.swarselmodules.optional.amdcpu { + options.swarselsystems.modules.optional.amdcpu = lib.mkEnableOption "optional amd cpu settings"; + config = lib.mkIf config.swarselsystems.modules.optional.amdcpu { hardware = { cpu.amd.updateMicrocode = true; }; diff --git a/modules/nixos/optional/amdgpu.nix b/modules/nixos/optional/amdgpu.nix index c6aa61f..59bebe3 100644 --- a/modules/nixos/optional/amdgpu.nix +++ b/modules/nixos/optional/amdgpu.nix @@ -1,7 +1,7 @@ { lib, config, ... }: { - options.swarselmodules.optional.amdgpu = lib.mkEnableOption "optional amd gpu settings"; - config = lib.mkIf config.swarselmodules.optional.amdgpu { + options.swarselsystems.modules.optional.amdgpu = lib.mkEnableOption "optional amd gpu settings"; + config = lib.mkIf config.swarselsystems.modules.optional.amdgpu { hardware = { amdgpu = { opencl.enable = true; diff --git a/modules/nixos/optional/btrfs.nix b/modules/nixos/optional/btrfs.nix index e8d3b57..5c6e9f6 100644 --- a/modules/nixos/optional/btrfs.nix +++ b/modules/nixos/optional/btrfs.nix @@ -1,7 +1,7 @@ { lib, config, ... }: { - options.swarselmodules.optional.btrfs = lib.mkEnableOption "optional btrfs settings"; - config = lib.mkIf config.swarselmodules.optional.btrfs { + options.swarselsystems.modules.optional.btrfs = lib.mkEnableOption "optional btrfs settings"; + config = lib.mkIf config.swarselsystems.modules.optional.btrfs { boot = { supportedFilesystems = [ "btrfs" ]; }; diff --git a/modules/nixos/optional/default.nix b/modules/nixos/optional/default.nix index 49b7058..9499b56 100644 --- a/modules/nixos/optional/default.nix +++ b/modules/nixos/optional/default.nix @@ -1,7 +1,10 @@ -{ lib, ... }: +{ self, lib, ... }: let importNames = lib.swarselsystems.readNix "modules/nixos/optional"; + modulesPath = "${self}/modules"; in { - imports = lib.swarselsystems.mkImports importNames "modules/nixos/optional"; + imports = lib.swarselsystems.mkImports importNames "modules/nixos/optional" ++ [ + "${modulesPath}/home/common/sharedsetup.nix" + ]; } diff --git a/modules/nixos/optional/framework.nix b/modules/nixos/optional/framework.nix index 949cc82..3627255 100644 --- a/modules/nixos/optional/framework.nix +++ b/modules/nixos/optional/framework.nix @@ -3,8 +3,8 @@ imports = [ inputs.fw-fanctrl.nixosModules.default ]; - options.swarselmodules.optional.framework = lib.mkEnableOption "optional framework machine settings"; - config = lib.mkIf config.swarselmodules.optional.framework { + options.swarselsystems.modules.optional.framework = lib.mkEnableOption "optional framework machine settings"; + config = lib.mkIf config.swarselsystems.modules.optional.framework { services = { fwupd = { enable = true; diff --git a/modules/nixos/optional/gaming.nix b/modules/nixos/optional/gaming.nix index 5f28872..eafcf65 100644 --- a/modules/nixos/optional/gaming.nix +++ b/modules/nixos/optional/gaming.nix @@ -1,7 +1,7 @@ { pkgs, lib, config, ... }: { - options.swarselmodules.optional.gaming = lib.mkEnableOption "optional gaming settings"; - config = lib.mkIf config.swarselmodules.optional.gaming { + options.swarselsystems.modules.optional.gaming = lib.mkEnableOption "optional gaming settings"; + config = lib.mkIf config.swarselsystems.modules.optional.gaming { programs.steam = { enable = true; package = pkgs.steam; diff --git a/modules/nixos/optional/hibernation.nix b/modules/nixos/optional/hibernation.nix index 856b672..d013598 100644 --- a/modules/nixos/optional/hibernation.nix +++ b/modules/nixos/optional/hibernation.nix @@ -1,7 +1,7 @@ { lib, config, ... }: { - options.swarselmodules.optional.hibernation = lib.mkEnableOption "optional amd gpu settings"; options.swarselsystems = { + modules.optional.hibernation = lib.mkEnableOption "optional amd gpu settings"; hibernation = { offset = lib.mkOption { type = lib.types.int; @@ -13,7 +13,7 @@ }; }; }; - config = lib.mkIf config.swarselmodules.optional.hibernation { + config = lib.mkIf config.swarselsystems.modules.optional.hibernation { boot = { kernelParams = [ "resume_offset=${builtins.toString config.swarselsystems.hibernation.offset}" diff --git a/modules/nixos/optional/nswitch-rcm.nix b/modules/nixos/optional/nswitch-rcm.nix index 3af88db..095524e 100644 --- a/modules/nixos/optional/nswitch-rcm.nix +++ b/modules/nixos/optional/nswitch-rcm.nix @@ -1,7 +1,7 @@ { lib, config, pkgs, ... }: { - options.swarselmodules.optional.nswitch-rcm = lib.mkEnableOption "optional nswitch-rcm settings"; - config = lib.mkIf config.swarselmodules.optional.nswitch-rcm { + options.swarselsystems.modules.optional.nswitch-rcm = lib.mkEnableOption "optional nswitch-rcm settings"; + config = lib.mkIf config.swarselsystems.modules.optional.nswitch-rcm { services.nswitch-rcm = { enable = true; package = pkgs.fetchurl { diff --git a/modules/nixos/optional/virtualbox.nix b/modules/nixos/optional/virtualbox.nix index ee5a4b7..4953b74 100644 --- a/modules/nixos/optional/virtualbox.nix +++ b/modules/nixos/optional/virtualbox.nix @@ -1,7 +1,7 @@ { lib, config, pkgs, ... }: { - options.swarselmodules.optional.virtualbox = lib.mkEnableOption "optional VBox settings"; - config = lib.mkIf config.swarselmodules.optional.virtualbox { + options.swarselsystems.modules.optional.virtualbox = lib.mkEnableOption "optional VBox settings"; + config = lib.mkIf config.swarselsystems.modules.optional.virtualbox { specialisation = { VBox.configuration = { virtualisation.virtualbox = { diff --git a/modules/nixos/optional/vmware.nix b/modules/nixos/optional/vmware.nix index 4236080..d328f38 100644 --- a/modules/nixos/optional/vmware.nix +++ b/modules/nixos/optional/vmware.nix @@ -1,8 +1,8 @@ { lib, config, ... }: { - options.swarselmodules.optional.vmware = lib.mkEnableOption "optional vmware settings"; - config = lib.mkIf config.swarselmodules.optional.vmware { + options.swarselsystems.modules.optional.vmware = lib.mkEnableOption "optional vmware settings"; + config = lib.mkIf config.swarselsystems.modules.optional.vmware { virtualisation.vmware.host.enable = true; virtualisation.vmware.guest.enable = true; }; diff --git a/modules/nixos/optional/work.nix b/modules/nixos/optional/work.nix index 402851c..fdf85d4 100644 --- a/modules/nixos/optional/work.nix +++ b/modules/nixos/optional/work.nix @@ -25,8 +25,8 @@ let }; in { - options.swarselmodules.optional.work = lib.mkEnableOption "optional work settings"; options.swarselsystems = { + modules.optional.work = lib.mkEnableOption "optional work settings"; hostName = lib.mkOption { type = lib.types.str; default = ""; @@ -36,7 +36,7 @@ in default = ""; }; }; - config = lib.mkIf config.swarselmodules.optional.work { + config = lib.mkIf config.swarselsystems.modules.optional.work { sops = let secretNames = [ @@ -208,9 +208,6 @@ in spice-protocol win-virtio win-spice - - powershell - gh ]; diff --git a/modules/nixos/server/ankisync.nix b/modules/nixos/server/ankisync.nix index 8f03d14..b7b3c6e 100644 --- a/modules/nixos/server/ankisync.nix +++ b/modules/nixos/server/ankisync.nix @@ -9,8 +9,8 @@ let ankiUser = globals.user.name; in { - options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; - config = lib.mkIf config.swarselmodules.server.${serviceName} { + options.swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; + config = lib.mkIf config.swarselsystems.modules.server.${serviceName} { networking.firewall.allowedTCPPorts = [ servicePort ]; diff --git a/modules/nixos/server/atuin.nix b/modules/nixos/server/atuin.nix index 59714f6..790a900 100644 --- a/modules/nixos/server/atuin.nix +++ b/modules/nixos/server/atuin.nix @@ -5,8 +5,8 @@ let serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; in { - options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; - config = lib.mkIf config.swarselmodules.server.${serviceName} { + options.swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; + config = lib.mkIf config.swarselsystems.modules.server.${serviceName} { topology.self.services.${serviceName}.info = "https://${serviceDomain}"; globals.services.${serviceName}.domain = serviceDomain; diff --git a/modules/nixos/server/croc.nix b/modules/nixos/server/croc.nix index d9c1286..c3d9f1d 100644 --- a/modules/nixos/server/croc.nix +++ b/modules/nixos/server/croc.nix @@ -15,8 +15,8 @@ let cfg = config.services.croc; in { - options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; - config = lib.mkIf config.swarselmodules.server.${serviceName} { + options.swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; + config = lib.mkIf config.swarselsystems.modules.server.${serviceName} { sops = { secrets = { diff --git a/modules/nixos/server/emacs.nix b/modules/nixos/server/emacs.nix index 03e1261..598ee6b 100644 --- a/modules/nixos/server/emacs.nix +++ b/modules/nixos/server/emacs.nix @@ -4,8 +4,8 @@ let servicePort = 9812; in { - options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} server on server"; - config = lib.mkIf config.swarselmodules.server.${serviceName} { + options.swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} server on server"; + config = lib.mkIf config.swarselsystems.modules.server.${serviceName} { networking.firewall.allowedTCPPorts = [ servicePort ]; diff --git a/modules/nixos/server/firefly-iii.nix b/modules/nixos/server/firefly-iii.nix index 781da1a..ce5e8ee 100644 --- a/modules/nixos/server/firefly-iii.nix +++ b/modules/nixos/server/firefly-iii.nix @@ -12,8 +12,8 @@ let cfg = config.services.firefly-iii; in { - options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; - config = lib.mkIf config.swarselmodules.server.${serviceName} { + options.swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; + config = lib.mkIf config.swarselsystems.modules.server.${serviceName} { users = { groups.${serviceGroup} = { }; diff --git a/modules/nixos/server/forgejo.nix b/modules/nixos/server/forgejo.nix index 949c2e7..a0ea0d5 100644 --- a/modules/nixos/server/forgejo.nix +++ b/modules/nixos/server/forgejo.nix @@ -11,8 +11,8 @@ let kanidmDomain = globals.services.kanidm.domain; in { - options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; - config = lib.mkIf config.swarselmodules.server.${serviceName} { + options.swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; + config = lib.mkIf config.swarselsystems.modules.server.${serviceName} { networking.firewall.allowedTCPPorts = [ servicePort ]; diff --git a/modules/nixos/server/freshrss.nix b/modules/nixos/server/freshrss.nix index 7f9362c..2e6e657 100644 --- a/modules/nixos/server/freshrss.nix +++ b/modules/nixos/server/freshrss.nix @@ -9,8 +9,8 @@ let inherit (config.swarselsystems) sopsFile; in { - options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; - config = lib.mkIf config.swarselmodules.server.${serviceName} { + options.swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; + config = lib.mkIf config.swarselsystems.modules.server.${serviceName} { users.users.${serviceUser} = { extraGroups = [ "users" ]; diff --git a/modules/nixos/server/immich.nix b/modules/nixos/server/immich.nix index a3e9eee..f0d7bf1 100644 --- a/modules/nixos/server/immich.nix +++ b/modules/nixos/server/immich.nix @@ -6,8 +6,8 @@ let serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; in { - options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; - config = lib.mkIf config.swarselmodules.server.${serviceName} { + options.swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; + config = lib.mkIf config.swarselsystems.modules.server.${serviceName} { users.users.${serviceUser} = { extraGroups = [ "video" "render" "users" ]; diff --git a/modules/nixos/server/jellyfin.nix b/modules/nixos/server/jellyfin.nix index 296fa76..9762b79 100644 --- a/modules/nixos/server/jellyfin.nix +++ b/modules/nixos/server/jellyfin.nix @@ -6,8 +6,8 @@ let serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; in { - options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; - config = lib.mkIf config.swarselmodules.server.${serviceName} { + options.swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; + config = lib.mkIf config.swarselsystems.modules.server.${serviceName} { users.users.${serviceUser} = { extraGroups = [ "video" "render" "users" ]; }; diff --git a/modules/nixos/server/jenkins.nix b/modules/nixos/server/jenkins.nix index c9a587e..c2bdaec 100644 --- a/modules/nixos/server/jenkins.nix +++ b/modules/nixos/server/jenkins.nix @@ -5,8 +5,8 @@ let serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; in { - options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; - config = lib.mkIf config.swarselmodules.server.${serviceName} { + options.swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; + config = lib.mkIf config.swarselsystems.modules.server.${serviceName} { services.jenkins = { enable = true; diff --git a/modules/nixos/server/kanidm.nix b/modules/nixos/server/kanidm.nix index e9b97cb..6096297 100644 --- a/modules/nixos/server/kanidm.nix +++ b/modules/nixos/server/kanidm.nix @@ -17,8 +17,8 @@ let nextcloudDomain = globals.services.nextcloud.domain; in { - options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; - config = lib.mkIf config.swarselmodules.server.${serviceName} { + options.swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; + config = lib.mkIf config.swarselsystems.modules.server.${serviceName} { users.users.${serviceUser} = { group = serviceGroup; @@ -84,7 +84,6 @@ in "freshrss.access" = { }; "firefly.access" = { }; "radicale.access" = { }; - "slink.access" = { }; }; inherit (config.repo.secrets.local) persons; @@ -205,11 +204,6 @@ in "email" "profile" ]; - "slink.access" = [ - "openid" - "email" - "profile" - ]; }; preferShortUsername = true; claimMaps.groups = { @@ -219,7 +213,6 @@ in "navidrome.access" = [ "navidrome_access" ]; "firefly.access" = [ "firefly_access" ]; "radicale.access" = [ "radicale_access" ]; - "slink.access" = [ "slink_access" ]; }; }; }; diff --git a/modules/nixos/server/kavita.nix b/modules/nixos/server/kavita.nix index e278037..e24fdb7 100644 --- a/modules/nixos/server/kavita.nix +++ b/modules/nixos/server/kavita.nix @@ -8,8 +8,8 @@ let serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; in { - options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; - config = lib.mkIf config.swarselmodules.server.${serviceName} { + options.swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; + config = lib.mkIf config.swarselsystems.modules.server.${serviceName} { environment.systemPackages = with pkgs; [ calibre ]; diff --git a/modules/nixos/server/koillection.nix b/modules/nixos/server/koillection.nix index 3ebb23b..d022495 100644 --- a/modules/nixos/server/koillection.nix +++ b/modules/nixos/server/koillection.nix @@ -5,7 +5,6 @@ let serviceName = "koillection"; servicePort = 2282; serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; - serviceDir = "/Vault/data/koillection"; postgresUser = config.systemd.services.postgresql.serviceConfig.User; # postgres postgresPort = config.services.postgresql.settings.port; # 5432 @@ -14,8 +13,8 @@ let inherit (config.swarselsystems) sopsFile; in { - options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; - config = lib.mkIf config.swarselmodules.server.${serviceName} { + options.swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; + config = lib.mkIf config.swarselsystems.modules.server.${serviceName} { sops.secrets = { koillection-db-password = { inherit sopsFile; owner = postgresUser; group = postgresUser; mode = "0440"; }; @@ -37,10 +36,6 @@ in "${toString servicePort}:80" ]; - volumes = [ - "${serviceDir}/uploads:/uploads" - ]; - environment = { APP_DEBUG = "0"; APP_ENV = "prod"; @@ -119,11 +114,6 @@ in locations = { "/" = { proxyPass = "http://${serviceName}"; - extraConfig = '' - proxy_buffer_size 128k; - proxy_buffers 4 256k; - proxy_busy_buffers_size 256k; - ''; }; }; }; diff --git a/modules/nixos/server/matrix.nix b/modules/nixos/server/matrix.nix index 4f88707..b95f03f 100644 --- a/modules/nixos/server/matrix.nix +++ b/modules/nixos/server/matrix.nix @@ -21,8 +21,8 @@ let ''; in { - options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; - config = lib.mkIf config.swarselmodules.server.${serviceName} { + options.swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; + config = lib.mkIf config.swarselsystems.modules.server.${serviceName} { environment.systemPackages = with pkgs; [ matrix-synapse lottieconverter diff --git a/modules/nixos/server/microbin.nix b/modules/nixos/server/microbin.nix index 1001d69..06dc4f5 100644 --- a/modules/nixos/server/microbin.nix +++ b/modules/nixos/server/microbin.nix @@ -11,8 +11,8 @@ let cfg = config.services.${serviceName}; in { - options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; - config = lib.mkIf config.swarselmodules.server.${serviceName} { + options.swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; + config = lib.mkIf config.swarselsystems.modules.server.${serviceName} { users = { groups.${serviceGroup} = { }; diff --git a/modules/nixos/server/monitoring.nix b/modules/nixos/server/monitoring.nix index 6a35c5c..183cb90 100644 --- a/modules/nixos/server/monitoring.nix +++ b/modules/nixos/server/monitoring.nix @@ -17,8 +17,8 @@ let inherit (config.swarselsystems) sopsFile; in { - options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; - config = lib.mkIf config.swarselmodules.server.${serviceName} { + options.swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; + config = lib.mkIf config.swarselsystems.modules.server.${serviceName} { sops = { secrets = { @@ -193,7 +193,7 @@ in sslVerify = false; scrapeUri = "http://localhost/nginx_status"; }; - nextcloud = lib.mkIf config.swarselmodules.server.nextcloud { + nextcloud = lib.mkIf config.swarselsystems.modules.server.nextcloud { enable = true; port = 9205; url = "https://${serviceDomain}/ocs/v2.php/apps/serverinfo/api/v1/info"; diff --git a/modules/nixos/server/mpd.nix b/modules/nixos/server/mpd.nix index 0f7afc4..454fbb1 100644 --- a/modules/nixos/server/mpd.nix +++ b/modules/nixos/server/mpd.nix @@ -8,8 +8,8 @@ let serviceName = "mpd"; in { - options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; - config = lib.mkIf config.swarselmodules.server.${serviceName} { + options.swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; + config = lib.mkIf config.swarselsystems.modules.server.${serviceName} { users = { groups = { mpd = { }; diff --git a/modules/nixos/server/navidrome.nix b/modules/nixos/server/navidrome.nix index 3d6df90..eed687f 100644 --- a/modules/nixos/server/navidrome.nix +++ b/modules/nixos/server/navidrome.nix @@ -7,8 +7,8 @@ let serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; in { - options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; - config = lib.mkIf config.swarselmodules.server.${serviceName} { + options.swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; + config = lib.mkIf config.swarselsystems.modules.server.${serviceName} { environment.systemPackages = with pkgs; [ pciutils alsa-utils diff --git a/modules/nixos/server/nextcloud.nix b/modules/nixos/server/nextcloud.nix index 1deeb81..143c677 100644 --- a/modules/nixos/server/nextcloud.nix +++ b/modules/nixos/server/nextcloud.nix @@ -10,8 +10,8 @@ let serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; in { - options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; - config = lib.mkIf config.swarselmodules.server.${serviceName} { + options.swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; + config = lib.mkIf config.swarselsystems.modules.server.${serviceName} { sops.secrets = { nextcloud-admin-pw = { inherit sopsFile; owner = serviceUser; group = serviceGroup; mode = "0440"; }; diff --git a/modules/nixos/server/nfs.nix b/modules/nixos/server/nfs.nix index d2d97da..93f21b7 100644 --- a/modules/nixos/server/nfs.nix +++ b/modules/nixos/server/nfs.nix @@ -3,8 +3,8 @@ let nfsUser = globals.user.name; in { - options.swarselmodules.server.nfs = lib.mkEnableOption "enable nfs on server"; - config = lib.mkIf config.swarselmodules.server.nfs { + options.swarselsystems.modules.server.nfs = lib.mkEnableOption "enable nfs on server"; + config = lib.mkIf config.swarselsystems.modules.server.nfs { services = { # add a user with sudo smbpasswd -a samba = { diff --git a/modules/nixos/server/nginx.nix b/modules/nixos/server/nginx.nix index 97caafb..354e444 100644 --- a/modules/nixos/server/nginx.nix +++ b/modules/nixos/server/nginx.nix @@ -5,8 +5,8 @@ let in { - options.swarselmodules.server.nginx = lib.mkEnableOption "enable nginx on server"; - config = lib.mkIf config.swarselmodules.server.nginx { + options.swarselsystems.modules.server.nginx = lib.mkEnableOption "enable nginx on server"; + config = lib.mkIf config.swarselsystems.modules.server.nginx { environment.systemPackages = with pkgs; [ lego ]; diff --git a/modules/nixos/server/oauth2-proxy.nix b/modules/nixos/server/oauth2-proxy.nix index d74a441..401cd6b 100644 --- a/modules/nixos/server/oauth2-proxy.nix +++ b/modules/nixos/server/oauth2-proxy.nix @@ -13,7 +13,7 @@ let in { options = { - swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; + swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; # largely based on https://github.com/oddlama/nix-config/blob/main/modules/oauth2-proxy.nix services.nginx.virtualHosts = lib.mkOption { type = lib.types.attrsOf ( @@ -121,7 +121,7 @@ in ); }; }; - config = lib.mkIf config.swarselmodules.server.${serviceName} { + config = lib.mkIf config.swarselsystems.modules.server.${serviceName} { sops = { secrets = { diff --git a/modules/nixos/server/packages.nix b/modules/nixos/server/packages.nix index 6f5f744..136245a 100644 --- a/modules/nixos/server/packages.nix +++ b/modules/nixos/server/packages.nix @@ -1,7 +1,7 @@ { lib, config, pkgs, ... }: { - options.swarselmodules.server.packages = lib.mkEnableOption "enable packages on server"; - config = lib.mkIf config.swarselmodules.server.packages { + options.swarselsystems.modules.server.packages = lib.mkEnableOption "enable packages on server"; + config = lib.mkIf config.swarselsystems.modules.server.packages { environment.systemPackages = with pkgs; [ gnupg nix-index diff --git a/modules/nixos/server/paperless.nix b/modules/nixos/server/paperless.nix index 3172fd9..9d52754 100644 --- a/modules/nixos/server/paperless.nix +++ b/modules/nixos/server/paperless.nix @@ -13,8 +13,8 @@ let kanidmDomain = globals.services.kanidm.domain; in { - options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; - config = lib.mkIf config.swarselmodules.server.${serviceName} { + options.swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; + config = lib.mkIf config.swarselsystems.modules.server.${serviceName} { users.users.${serviceUser} = { extraGroups = [ "users" ]; diff --git a/modules/nixos/server/pipewire.nix b/modules/nixos/server/pipewire.nix index b6b315a..faf8e90 100644 --- a/modules/nixos/server/pipewire.nix +++ b/modules/nixos/server/pipewire.nix @@ -1,6 +1,6 @@ { lib, config, ... }: { - config = lib.mkIf (config?swarselmodules.server.mpd || config?swarselmodules.server.navidrome) { + config = lib.mkIf (config?swarselsystems.modules.server.mpd || config?swarselsystems.modules.server.navidrome) { security.rtkit.enable = true; # this is required for pipewire real-time access diff --git a/modules/nixos/server/postgresql.nix b/modules/nixos/server/postgresql.nix index 3cfa47d..b2bc7e1 100644 --- a/modules/nixos/server/postgresql.nix +++ b/modules/nixos/server/postgresql.nix @@ -4,8 +4,8 @@ let postgresVersion = 14; in { - options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; - config = lib.mkIf config.swarselmodules.server.${serviceName} { + options.swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; + config = lib.mkIf config.swarselsystems.modules.server.${serviceName} { services = { ${serviceName} = { enable = true; diff --git a/modules/nixos/server/radicale.nix b/modules/nixos/server/radicale.nix index 2917064..4d22aae 100644 --- a/modules/nixos/server/radicale.nix +++ b/modules/nixos/server/radicale.nix @@ -11,8 +11,8 @@ let cfg = config.services.${serviceName}; in { - options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; - config = lib.mkIf config.swarselmodules.server.${serviceName} { + options.swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; + config = lib.mkIf config.swarselsystems.modules.server.${serviceName} { sops = { secrets.radicale-user = { inherit sopsFile; owner = serviceUser; group = serviceGroup; mode = "0440"; }; @@ -76,7 +76,7 @@ in }; systemd.tmpfiles.rules = [ - "d ${cfg.settings.storage.filesystem_folder} 0750 ${serviceUser} ${serviceGroup} - -" + "d '${cfg.settings.storage.filesystem_folder}' 0750 ${serviceUser} ${serviceGroup} - -" ]; networking.firewall.allowedTCPPorts = [ servicePort ]; diff --git a/modules/nixos/server/restic.nix b/modules/nixos/server/restic.nix index f668104..804b18a 100644 --- a/modules/nixos/server/restic.nix +++ b/modules/nixos/server/restic.nix @@ -3,8 +3,8 @@ let inherit (config.swarselsystems) sopsFile; in { - options.swarselmodules.server.restic = lib.mkEnableOption "enable restic backups on server"; - config = lib.mkIf config.swarselmodules.server.restic { + options.swarselsystems.modules.server.restic = lib.mkEnableOption "enable restic backups on server"; + config = lib.mkIf config.swarselsystems.modules.server.restic { sops = { secrets = { @@ -31,11 +31,6 @@ in passwordFile = config.sops.secrets.resticpw.path; paths = [ "/Vault/data/paperless" - "/Vault/data/koillection" - "/Vault/data/postgresql" - "/Vault/data/firefly-iii" - "/Vault/data/radicale" - "/Vault/data/matrix-synapse" "/Vault/Eternor/Paperless" "/Vault/Eternor/Bilder" "/Vault/Eternor/Immich" diff --git a/modules/nixos/server/settings.nix b/modules/nixos/server/settings.nix index 31e7225..11ddcac 100644 --- a/modules/nixos/server/settings.nix +++ b/modules/nixos/server/settings.nix @@ -3,15 +3,14 @@ let inherit (config.swarselsystems) flakePath; in { - - options.swarselmodules.server.general = lib.mkEnableOption "general setting on server"; options.swarselsystems = { + modules.server.general = lib.mkEnableOption "general setting on server"; shellAliases = lib.mkOption { type = lib.types.attrsOf lib.types.str; default = { }; }; }; - config = lib.mkIf config.swarselmodules.server.general { + config = lib.mkIf config.swarselsystems.modules.server.general { environment.shellAliases = lib.recursiveUpdate { diff --git a/modules/nixos/server/shlink.nix b/modules/nixos/server/shlink.nix index 59815c0..e388ad3 100644 --- a/modules/nixos/server/shlink.nix +++ b/modules/nixos/server/shlink.nix @@ -10,9 +10,9 @@ let in { options = { - swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; + swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; }; - config = lib.mkIf config.swarselmodules.server.${serviceName} { + config = lib.mkIf config.swarselsystems.modules.server.${serviceName} { sops = { secrets = { diff --git a/modules/nixos/server/slink.nix b/modules/nixos/server/slink.nix deleted file mode 100644 index 547a2c7..0000000 --- a/modules/nixos/server/slink.nix +++ /dev/null @@ -1,80 +0,0 @@ -{ self, lib, config, ... }: -let - servicePort = 3000; - serviceName = "slink"; - serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; - serviceDir = "/var/lib/slink"; - - containerRev = "sha256:98b9442696f0a8cbc92f0447f54fa4bad227af5dcfd6680545fedab2ed28ddd9"; -in -{ - options = { - swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; - }; - config = lib.mkIf config.swarselmodules.server.${serviceName} { - - virtualisation.oci-containers.containers.${serviceName} = { - image = "anirdev/slink@${containerRev}"; - environment = { - "ORIGIN" = "https://${serviceDomain}"; - "TZ" = config.repo.secrets.common.location.timezone; - "STORAGE_PROVIDER" = "local"; - "IMAGE_MAX_SIZE" = "50M"; - "USER_APPROVAL_REQUIRED" = "true"; - }; - ports = [ "${builtins.toString servicePort}:${builtins.toString servicePort}" ]; - volumes = [ - "${serviceDir}/var/data:/app/var/data" - "${serviceDir}/images:/app/slink/images" - ]; - }; - - systemd.tmpfiles.rules = [ - "d ${serviceDir}/var/data 0750 root root - -" - "d ${serviceDir}/images 0750 root root - -" - ]; - - networking.firewall.allowedTCPPorts = [ servicePort ]; - - environment.persistence."/persist".directories = lib.mkIf config.swarselsystems.isImpermanence [ - { directory = serviceDir; } - ]; - - topology.self.services.${serviceName} = { - name = lib.swarselsystems.toCapitalized serviceName; - info = "https://${serviceDomain}"; - icon = "${self}/files/topology-images/shlink.png"; - }; - globals.services.${serviceName}.domain = serviceDomain; - - services.nginx = { - upstreams = { - ${serviceName} = { - servers = { - "localhost:${builtins.toString servicePort}" = { }; - }; - }; - }; - virtualHosts = { - "${serviceDomain}" = { - enableACME = true; - forceSSL = true; - acmeRoot = null; - oauth2.enable = true; - oauth2.allowedGroups = [ "slink_access" ]; - locations = { - "/" = { - proxyPass = "http://${serviceName}"; - setOauth2Headers = false; - }; - "/image" = { - proxyPass = "http://${serviceName}"; - setOauth2Headers = false; - bypassAuth = true; - }; - }; - }; - }; - }; - }; -} diff --git a/modules/nixos/server/spotifyd.nix b/modules/nixos/server/spotifyd.nix index ef4babd..1de618a 100644 --- a/modules/nixos/server/spotifyd.nix +++ b/modules/nixos/server/spotifyd.nix @@ -6,8 +6,8 @@ let serviceGroup = serviceUser; in { - options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; - config = lib.mkIf config.swarselmodules.server.${serviceName} { + options.swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; + config = lib.mkIf config.swarselsystems.modules.server.${serviceName} { users.groups.${serviceGroup} = { gid = 65136; }; diff --git a/modules/nixos/server/ssh.nix b/modules/nixos/server/ssh.nix index a588edf..cb8b7ad 100644 --- a/modules/nixos/server/ssh.nix +++ b/modules/nixos/server/ssh.nix @@ -1,7 +1,7 @@ { self, lib, config, ... }: { - options.swarselmodules.server.ssh = lib.mkEnableOption "enable ssh on server"; - config = lib.mkIf config.swarselmodules.server.ssh { + options.swarselsystems.modules.server.ssh = lib.mkEnableOption "enable ssh on server"; + config = lib.mkIf config.swarselsystems.modules.server.ssh { services.openssh = { enable = true; startWhenNeeded = lib.mkForce false; diff --git a/modules/nixos/server/syncthing.nix b/modules/nixos/server/syncthing.nix index 4bde68b..ef32693 100644 --- a/modules/nixos/server/syncthing.nix +++ b/modules/nixos/server/syncthing.nix @@ -1,53 +1,18 @@ -{ lib, config, configName, ... }: +{ lib, config, ... }: let + inherit (config.repo.secrets.common) workHostName; + servicePort = 8384; serviceUser = "syncthing"; serviceGroup = serviceUser; serviceName = "syncthing"; - specificServiceName = "syncthing-${configName}"; - inherit (config.swarselsystems.syncthing) serviceDomain; - inherit (config.swarselsystems.syncthing) serviceIP; + serviceDomain = config.repo.secrets.common.services.domains.syncthing1; cfg = config.services.${serviceName}; - devices = config.swarselsystems.syncthing.syncDevices; in { - options = { - swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; - - swarselsystems.syncthing = { - serviceDomain = lib.mkOption { - type = lib.types.str; - default = config.repo.secrets.common.services.domains.syncthing1; - }; - serviceIP = lib.mkOption { - type = lib.types.str; - default = "192.168.1.2"; - }; - syncDevices = lib.mkOption { - type = lib.types.listOf lib.types.str; - default = [ "magicant" "winters" "pyramid" "moonside@oracle" ]; - }; - devices = lib.mkOption { - type = lib.types.attrs; - default = { - "magicant" = { - id = "VMWGEE2-4HDS2QO-KNQOVGN-LXLX6LA-666E4EK-ZBRYRRO-XFEX6FB-6E3XLQO"; - }; - "winters" = { - id = "O7RWDMD-AEAHPP7-7TAVLKZ-BSWNBTU-2VA44MS-EYGUNBB-SLHKB3C-ZSLMOAA"; - }; - "moonside@oracle" = { - id = "VPCDZB6-MGVGQZD-Q6DIZW3-IZJRJTO-TCC3QUQ-2BNTL7P-AKE7FBO-N55UNQE"; - }; - "pyramid" = { - id = "YAPV4BV-I26WPTN-SIP32MV-SQP5TBZ-3CHMTCI-Z3D6EP2-MNDQGLP-53FT3AB"; - }; - }; - }; - }; - }; - config = lib.mkIf config.swarselmodules.server.${serviceName} { + options.swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; + config = lib.mkIf config.swarselsystems.modules.server.${serviceName} { users.users.${serviceUser} = { extraGroups = [ "users" ]; @@ -59,26 +24,39 @@ in networking.firewall.allowedTCPPorts = [ servicePort ]; - globals.services."${specificServiceName}".domain = serviceDomain; + globals.services."${serviceName}-${config.networking.hostName}".domain = serviceDomain; services.${serviceName} = rec { enable = true; user = serviceUser; group = serviceGroup; - dataDir = lib.mkDefault "/Vault/data/${serviceName}"; + dataDir = "/Vault/data/${serviceName}"; configDir = "${cfg.dataDir}/.config/${serviceName}"; guiAddress = "0.0.0.0:${builtins.toString servicePort}"; openDefaultPorts = true; # opens ports TCP/UDP 22000 and UDP 21027 for discovery relay.enable = false; settings = { urAccepted = -1; - inherit (config.swarselsystems.syncthing) devices; + devices = { + "magicant" = { + id = "VMWGEE2-4HDS2QO-KNQOVGN-LXLX6LA-666E4EK-ZBRYRRO-XFEX6FB-6E3XLQO"; + }; + "milkywell@oracle" = { + id = "ETW6TST-NPK7MKZ-M4LXMHA-QUPQHDT-VTSHH5X-CR5EIN2-YU7E55F-MGT7DQB"; + }; + "${workHostName}" = { + id = "YAPV4BV-I26WPTN-SIP32MV-SQP5TBZ-3CHMTCI-Z3D6EP2-MNDQGLP-53FT3AB"; + }; + "moonside@oracle" = { + id = "VPCDZB6-MGVGQZD-Q6DIZW3-IZJRJTO-TCC3QUQ-2BNTL7P-AKE7FBO-N55UNQE"; + }; + }; folders = { "Default Folder" = lib.mkForce { path = "${cfg.dataDir}/Sync"; type = "receiveonly"; versioning = null; - inherit devices; + devices = [ "milkywell@oracle" "magicant" "${workHostName}" "moonside@oracle" ]; id = "default"; }; "Obsidian" = { @@ -88,7 +66,7 @@ in type = "simple"; params.keep = "5"; }; - inherit devices; + devices = [ "milkywell@oracle" "magicant" "${workHostName}" "moonside@oracle" ]; id = "yjvni-9eaa7"; }; "Org" = { @@ -98,7 +76,7 @@ in type = "simple"; params.keep = "5"; }; - inherit devices; + devices = [ "milkywell@oracle" "magicant" "${workHostName}" "moonside@oracle" ]; id = "a7xnl-zjj3d"; }; "Vpn" = { @@ -108,18 +86,28 @@ in type = "simple"; params.keep = "5"; }; - inherit devices; + devices = [ "milkywell@oracle" "magicant" "${workHostName}" "moonside@oracle" ]; id = "hgp9s-fyq3p"; }; + # "Documents" = { + # path = "${cfg.dataDir}/Documents"; + # type = "receiveonly"; + # versioning = { + # type = "simple"; + # params.keep = "5"; + # }; + # devices = [ "magicant" "${workHostName}" "moonside@oracle" ]; + # id = "hgr3d-pfu3w"; + # }; }; }; }; nodes.moonside.services.nginx = { upstreams = { - ${specificServiceName} = { + ${serviceName} = { servers = { - "${serviceIP}:${builtins.toString servicePort}" = { }; + "192.168.1.2:${builtins.toString servicePort}" = { }; }; }; }; @@ -130,7 +118,7 @@ in acmeRoot = null; locations = { "/" = { - proxyPass = "http://${specificServiceName}"; + proxyPass = "http://${serviceName}"; extraConfig = '' client_max_body_size 0; ''; diff --git a/modules/nixos/server/transmission.nix b/modules/nixos/server/transmission.nix index 64c2199..9c3376d 100644 --- a/modules/nixos/server/transmission.nix +++ b/modules/nixos/server/transmission.nix @@ -20,8 +20,8 @@ let prowlarrPort = 9696; in { - options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} and friends on server"; - config = lib.mkIf config.swarselmodules.server.${serviceName} { + options.swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} and friends on server"; + config = lib.mkIf config.swarselsystems.modules.server.${serviceName} { # this user/group section is probably unneeded users = { diff --git a/modules/shared/options.nix b/modules/shared/options.nix deleted file mode 100644 index f126351..0000000 --- a/modules/shared/options.nix +++ /dev/null @@ -1,67 +0,0 @@ -{ self, config, lib, ... }: -{ - options.swarselsystems = { - withHomeManager = lib.mkOption { - type = lib.types.bool; - default = true; - }; - isSwap = lib.mkOption { - type = lib.types.bool; - default = true; - }; - swapSize = lib.mkOption { - type = lib.types.str; - default = "8G"; - }; - rootDisk = lib.mkOption { - type = lib.types.str; - default = ""; - }; - mainUser = lib.mkOption { - type = lib.types.str; - default = "swarsel"; - }; - isCrypted = lib.mkEnableOption "uses full disk encryption"; - - isImpermanence = lib.mkEnableOption "use impermanence on this system"; - isSecureBoot = lib.mkEnableOption "use secure boot on this system"; - isLaptop = lib.mkEnableOption "laptop host"; - isNixos = lib.mkEnableOption "nixos host"; - isPublic = lib.mkEnableOption "is a public machine (no secrets)"; - isDarwin = lib.mkEnableOption "darwin host"; - isLinux = lib.mkEnableOption "whether this is a linux machine"; - isBtrfs = lib.mkEnableOption "use btrfs filesystem"; - sopsFile = lib.mkOption { - type = lib.types.str; - default = "${config.swarselsystems.flakePath}/secrets/${config.node.name}/secrets.yaml"; - }; - homeDir = lib.mkOption { - type = lib.types.str; - default = "/home/swarsel"; - }; - xdgDir = lib.mkOption { - type = lib.types.str; - default = "/run/user/1000"; - }; - flakePath = lib.mkOption { - type = lib.types.str; - default = "/home/swarsel/.dotfiles"; - }; - wallpaper = lib.mkOption { - type = lib.types.path; - default = "${self}/files/wallpaper/lenovowp.png"; - }; - sharescreen = lib.mkOption { - type = lib.types.str; - default = ""; - }; - lowResolution = lib.mkOption { - type = lib.types.str; - default = ""; - }; - highResolution = lib.mkOption { - type = lib.types.str; - default = ""; - }; - }; -} diff --git a/nix/globals.nix b/nix/globals.nix index 77d5e01..d1f0c77 100644 --- a/nix/globals.nix +++ b/nix/globals.nix @@ -55,7 +55,6 @@ domains services user - root ; }; }; diff --git a/nix/hosts.nix b/nix/hosts.nix index 85aeaf1..192c521 100644 --- a/nix/hosts.nix +++ b/nix/hosts.nix @@ -26,14 +26,6 @@ name = configName; secretsDir = ../hosts/nixos/${configName}/secrets; }; - - swarselprofiles = { - minimal = lib.mkIf minimal (lib.mkDefault true); - }; - - swarselsystems = { - mainUser = lib.mkDefault "swarsel"; - }; } ]; }; @@ -57,7 +49,6 @@ { node.name = configName; node.secretsDir = ../hosts/darwin/${configName}/secrets; - } ]; }; diff --git a/pkgs/github-notifications/default.nix b/pkgs/github-notifications/default.nix index c3638e2..53b8ce3 100644 --- a/pkgs/github-notifications/default.nix +++ b/pkgs/github-notifications/default.nix @@ -4,7 +4,7 @@ writeShellApplication { inherit name; runtimeInputs = [ jq ]; text = '' - count=$(curl -u Swarsel:"$(cat "$GITHUB_NOTIFICATION_TOKEN_PATH")" https://api.github.com/notifications | jq '. | length') + count=$(curl -u Swarsel:"$(cat "$XDG_RUNTIME_DIR/secrets/github-notifications-token")" https://api.github.com/notifications | jq '. | length') if [[ "$count" != "0" ]]; then echo "{\"text\":\"$count\"}" diff --git a/profiles/home/chaostheatre/default.nix b/profiles/home/chaostheatre/default.nix index 2288a8a..37bd0c4 100644 --- a/profiles/home/chaostheatre/default.nix +++ b/profiles/home/chaostheatre/default.nix @@ -1,8 +1,8 @@ { lib, config, ... }: { - options.swarselprofiles.chaostheatre = lib.mkEnableOption "is this a chaostheatre host"; - config = lib.mkIf config.swarselprofiles.chaostheatre { - swarselmodules = { + options.swarselsystems.profiles.chaostheatre = lib.mkEnableOption "is this a chaostheatre host"; + config = lib.mkIf config.swarselsystems.profiles.chaostheatre { + swarselsystems.modules = { packages = lib.mkDefault true; ownpackages = lib.mkDefault true; general = lib.mkDefault true; diff --git a/profiles/home/darwin/default.nix b/profiles/home/darwin/default.nix new file mode 100644 index 0000000..29c8307 --- /dev/null +++ b/profiles/home/darwin/default.nix @@ -0,0 +1,10 @@ +{ lib, config, ... }: +{ + options.swarselsystems.profiles.darwin = lib.mkEnableOption "is this a darwin host"; + config = lib.mkIf config.swarselsystems.profiles.darwin { + swarselsystems.modules = { + general = lib.mkDefault true; + }; + }; + +} diff --git a/profiles/home/framework/default.nix b/profiles/home/framework/default.nix index b4c28e2..cbde9f0 100644 --- a/profiles/home/framework/default.nix +++ b/profiles/home/framework/default.nix @@ -1,8 +1,8 @@ { lib, config, ... }: { - options.swarselprofiles.framework = lib.mkEnableOption "is this a framework brand host"; - config = lib.mkIf config.swarselprofiles.framework { - swarselmodules = { + options.swarselsystems.profiles.framework = lib.mkEnableOption "is this a framework brand host"; + config = lib.mkIf config.swarselsystems.profiles.framework { + swarselsystems.modules = { optional = { framework = lib.mkDefault true; }; diff --git a/profiles/home/localserver/default.nix b/profiles/home/localserver/default.nix index d906701..2a87f51 100644 --- a/profiles/home/localserver/default.nix +++ b/profiles/home/localserver/default.nix @@ -1,8 +1,8 @@ { lib, config, ... }: { - options.swarselprofiles.server.local = lib.mkEnableOption "is this a local server"; - config = lib.mkIf config.swarselprofiles.server.local { - swarselmodules = { + options.swarselsystems.profiles.server.local = lib.mkEnableOption "is this a local server"; + config = lib.mkIf config.swarselsystems.profiles.server.local { + swarselsystems.modules = { general = lib.mkDefault true; server = { dotfiles = lib.mkDefault true; diff --git a/profiles/home/minimal/default.nix b/profiles/home/minimal/default.nix index bea6b11..1cca691 100644 --- a/profiles/home/minimal/default.nix +++ b/profiles/home/minimal/default.nix @@ -1,8 +1,8 @@ { lib, config, ... }: { - options.swarselprofiles.minimal = lib.mkEnableOption "is this a personal host"; - config = lib.mkIf config.swarselprofiles.minimal { - swarselmodules = { + options.swarselsystems.profiles.minimal = lib.mkEnableOption "is this a personal host"; + config = lib.mkIf config.swarselsystems.profiles.minimal { + swarselsystems.modules = { general = lib.mkDefault true; sops = lib.mkDefault true; kitty = lib.mkDefault true; diff --git a/profiles/home/personal/default.nix b/profiles/home/personal/default.nix index 6cb0b04..5177629 100644 --- a/profiles/home/personal/default.nix +++ b/profiles/home/personal/default.nix @@ -1,13 +1,13 @@ { lib, config, ... }: { - options.swarselprofiles.personal = lib.mkEnableOption "is this a personal host"; - config = lib.mkIf config.swarselprofiles.personal { - swarselmodules = { + options.swarselsystems.profiles.personal = lib.mkEnableOption "is this a personal host"; + config = lib.mkIf config.swarselsystems.profiles.personal { + swarselsystems.modules = { packages = lib.mkDefault true; ownpackages = lib.mkDefault true; general = lib.mkDefault true; nixgl = lib.mkDefault true; - sops = lib.mkDefault false; + sops = lib.mkDefault true; yubikey = lib.mkDefault false; ssh = lib.mkDefault true; stylix = lib.mkDefault true; diff --git a/profiles/home/reduced/default.nix b/profiles/home/reduced/default.nix index 7daec76..48ca3ce 100644 --- a/profiles/home/reduced/default.nix +++ b/profiles/home/reduced/default.nix @@ -1,8 +1,8 @@ { lib, config, ... }: { - options.swarselprofiles.reduced = lib.mkEnableOption "is this a reduced personal host"; - config = lib.mkIf config.swarselprofiles.reduced { - swarselmodules = { + options.swarselsystems.profiles.reduced = lib.mkEnableOption "is this a reduced personal host"; + config = lib.mkIf config.swarselsystems.profiles.reduced { + swarselsystems.modules = { packages = lib.mkDefault true; ownpackages = lib.mkDefault true; general = lib.mkDefault true; diff --git a/profiles/home/toto/default.nix b/profiles/home/toto/default.nix index 2f1473a..a434b37 100644 --- a/profiles/home/toto/default.nix +++ b/profiles/home/toto/default.nix @@ -1,8 +1,8 @@ { lib, config, ... }: { - options.swarselprofiles.toto = lib.mkEnableOption "is this a toto (setup) host"; - config = lib.mkIf config.swarselprofiles.toto { - swarselmodules = { + options.swarselsystems.profiles.toto = lib.mkEnableOption "is this a toto (setup) host"; + config = lib.mkIf config.swarselsystems.profiles.toto { + swarselsystems.modules = { general = lib.mkDefault true; sops = lib.mkDefault true; ssh = lib.mkDefault true; diff --git a/profiles/home/work/default.nix b/profiles/home/work/default.nix index a89b300..4653f87 100644 --- a/profiles/home/work/default.nix +++ b/profiles/home/work/default.nix @@ -1,8 +1,8 @@ { lib, config, ... }: { - options.swarselprofiles.work = lib.mkEnableOption "is this a work host"; - config = lib.mkIf config.swarselprofiles.work { - swarselmodules = { + options.swarselsystems.profiles.work = lib.mkEnableOption "is this a work host"; + config = lib.mkIf config.swarselsystems.profiles.work { + swarselsystems.modules = { optional = { work = lib.mkDefault true; }; diff --git a/profiles/nixos/amdcpu/default.nix b/profiles/nixos/amdcpu/default.nix index e0576d5..7d6177b 100644 --- a/profiles/nixos/amdcpu/default.nix +++ b/profiles/nixos/amdcpu/default.nix @@ -1,8 +1,8 @@ { lib, config, ... }: { - options.swarselprofiles.amdcpu = lib.mkEnableOption "is this a host with amd cpu"; - config = lib.mkIf config.swarselprofiles.amdcpu { - swarselmodules = { + options.swarselsystems.profiles.amdcpu = lib.mkEnableOption "is this a host with amd cpu"; + config = lib.mkIf config.swarselsystems.profiles.amdcpu { + swarselsystems.modules = { optional = { amdcpu = lib.mkDefault true; }; diff --git a/profiles/nixos/amdgpu/default.nix b/profiles/nixos/amdgpu/default.nix index 91810b8..339451f 100644 --- a/profiles/nixos/amdgpu/default.nix +++ b/profiles/nixos/amdgpu/default.nix @@ -1,8 +1,8 @@ { lib, config, ... }: { - options.swarselprofiles.amdgpu = lib.mkEnableOption "is this a host with amd gpu"; - config = lib.mkIf config.swarselprofiles.amdgpu { - swarselmodules = { + options.swarselsystems.profiles.amdgpu = lib.mkEnableOption "is this a host with amd gpu"; + config = lib.mkIf config.swarselsystems.profiles.amdgpu { + swarselsystems.modules = { optional = { amdgpu = lib.mkDefault true; }; diff --git a/profiles/nixos/btrfs/default.nix b/profiles/nixos/btrfs/default.nix index 4e09c66..ec959ed 100644 --- a/profiles/nixos/btrfs/default.nix +++ b/profiles/nixos/btrfs/default.nix @@ -1,8 +1,8 @@ { lib, config, ... }: { - options.swarselprofiles.btrfs = lib.mkEnableOption "is this a host using btrfs"; - config = lib.mkIf config.swarselprofiles.btrfs { - swarselmodules = { + options.swarselsystems.profiles.btrfs = lib.mkEnableOption "is this a host using btrfs"; + config = lib.mkIf config.swarselsystems.profiles.btrfs { + swarselsystems.modules = { optional = { btrfs = lib.mkDefault true; }; diff --git a/profiles/nixos/chaostheatre/default.nix b/profiles/nixos/chaostheatre/default.nix index 093ca97..4c677eb 100644 --- a/profiles/nixos/chaostheatre/default.nix +++ b/profiles/nixos/chaostheatre/default.nix @@ -1,14 +1,13 @@ { lib, config, ... }: { - options.swarselprofiles.chaostheatre = lib.mkEnableOption "is this a chaostheatre host"; - config = lib.mkIf config.swarselprofiles.chaostheatre { - swarselmodules = { + options.swarselsystems.profiles.chaostheatre = lib.mkEnableOption "is this a chaostheatre host"; + config = lib.mkIf config.swarselsystems.profiles.chaostheatre { + swarselsystems.modules = { packages = lib.mkDefault true; general = lib.mkDefault true; home-manager = lib.mkDefault true; xserver = lib.mkDefault true; users = lib.mkDefault true; - sops = lib.mkDefault true; env = lib.mkDefault true; security = lib.mkDefault true; systemdTimeout = lib.mkDefault true; @@ -17,6 +16,7 @@ pipewire = lib.mkDefault true; network = lib.mkDefault true; time = lib.mkDefault true; + sops = lib.mkDefault false; stylix = lib.mkDefault true; programs = lib.mkDefault true; zsh = lib.mkDefault true; @@ -27,7 +27,7 @@ interceptionTools = lib.mkDefault true; swayosd = lib.mkDefault true; ppd = lib.mkDefault true; - yubikey = lib.mkDefault false; + yubikey = lib.mkDefault true; ledger = lib.mkDefault true; keyboards = lib.mkDefault true; login = lib.mkDefault true; diff --git a/profiles/nixos/framework/default.nix b/profiles/nixos/framework/default.nix index 060c3ec..cbde9f0 100644 --- a/profiles/nixos/framework/default.nix +++ b/profiles/nixos/framework/default.nix @@ -1,17 +1,12 @@ { lib, config, ... }: { - options.swarselprofiles.framework = lib.mkEnableOption "is this a framework brand host"; - config = lib.mkIf config.swarselprofiles.framework { - swarselmodules = { + options.swarselsystems.profiles.framework = lib.mkEnableOption "is this a framework brand host"; + config = lib.mkIf config.swarselsystems.profiles.framework { + swarselsystems.modules = { optional = { framework = lib.mkDefault true; }; }; - home-manager.users."${config.swarselsystems.mainUser}" = { - swarselprofiles = { - framework = lib.mkDefault true; - }; - }; }; diff --git a/profiles/nixos/hibernation/default.nix b/profiles/nixos/hibernation/default.nix index b529ff1..6105cae 100644 --- a/profiles/nixos/hibernation/default.nix +++ b/profiles/nixos/hibernation/default.nix @@ -1,8 +1,8 @@ { lib, config, ... }: { - options.swarselprofiles.hibernation = lib.mkEnableOption "is this a host using hibernation"; - config = lib.mkIf config.swarselprofiles.hibernation { - swarselmodules = { + options.swarselsystems.profiles.hibernation = lib.mkEnableOption "is this a host using hibernation"; + config = lib.mkIf config.swarselsystems.profiles.hibernation { + swarselsystems.modules = { optional = { hibernation = lib.mkDefault true; }; diff --git a/profiles/nixos/localserver/default.nix b/profiles/nixos/localserver/default.nix index ada2738..6cb9a55 100644 --- a/profiles/nixos/localserver/default.nix +++ b/profiles/nixos/localserver/default.nix @@ -1,46 +1,47 @@ { lib, config, ... }: { - options.swarselprofiles.server.local = lib.mkEnableOption "is this a local server"; - config = lib.mkIf config.swarselprofiles.server.local { - swarselmodules = { - general = lib.mkDefault true; - pii = lib.mkDefault true; - home-manager = lib.mkDefault true; - xserver = lib.mkDefault true; - time = lib.mkDefault true; - users = lib.mkDefault true; - sops = lib.mkDefault true; - boot = lib.mkDefault true; - server = { + options.swarselsystems.profiles.server.local = lib.mkEnableOption "is this a local server"; + config = lib.mkIf config.swarselsystems.profiles.server.local { + swarselsystems = { + modules = { general = lib.mkDefault true; - packages = lib.mkDefault true; - nfs = lib.mkDefault true; - nginx = lib.mkDefault true; - ssh = lib.mkDefault true; - kavita = lib.mkDefault true; - restic = lib.mkDefault true; - jellyfin = lib.mkDefault true; - navidrome = lib.mkDefault true; - spotifyd = lib.mkDefault true; - mpd = lib.mkDefault true; - postgresql = lib.mkDefault true; - matrix = lib.mkDefault true; - nextcloud = lib.mkDefault true; - immich = lib.mkDefault true; - paperless = lib.mkDefault true; - transmission = lib.mkDefault true; - syncthing = lib.mkDefault true; - grafana = lib.mkDefault true; - emacs = lib.mkDefault true; - freshrss = lib.mkDefault true; - jenkins = lib.mkDefault false; - kanidm = lib.mkDefault true; - firefly-iii = lib.mkDefault true; - koillection = lib.mkDefault true; - radicale = lib.mkDefault true; - atuin = lib.mkDefault true; - forgejo = lib.mkDefault true; - ankisync = lib.mkDefault true; + pii = lib.mkDefault true; + home-manager = lib.mkDefault true; + xserver = lib.mkDefault true; + time = lib.mkDefault true; + users = lib.mkDefault true; + sops = lib.mkDefault true; + server = { + general = lib.mkDefault true; + packages = lib.mkDefault true; + nfs = lib.mkDefault true; + nginx = lib.mkDefault true; + ssh = lib.mkDefault true; + kavita = lib.mkDefault true; + restic = lib.mkDefault true; + jellyfin = lib.mkDefault true; + navidrome = lib.mkDefault true; + spotifyd = lib.mkDefault true; + mpd = lib.mkDefault true; + postgresql = lib.mkDefault true; + matrix = lib.mkDefault true; + nextcloud = lib.mkDefault true; + immich = lib.mkDefault true; + paperless = lib.mkDefault true; + transmission = lib.mkDefault true; + syncthing = lib.mkDefault true; + grafana = lib.mkDefault true; + emacs = lib.mkDefault true; + freshrss = lib.mkDefault true; + jenkins = lib.mkDefault false; + kanidm = lib.mkDefault true; + firefly-iii = lib.mkDefault true; + koillection = lib.mkDefault true; + radicale = lib.mkDefault true; + atuin = lib.mkDefault true; + forgejo = lib.mkDefault true; + ankisync = lib.mkDefault true; + }; }; }; }; diff --git a/profiles/nixos/minimal/default.nix b/profiles/nixos/minimal/default.nix index 9929e27..9b948fa 100644 --- a/profiles/nixos/minimal/default.nix +++ b/profiles/nixos/minimal/default.nix @@ -1,8 +1,8 @@ { lib, config, ... }: { - options.swarselprofiles.minimal = lib.mkEnableOption "declare this a minimal host"; - config = lib.mkIf config.swarselprofiles.minimal { - swarselmodules = { + options.swarselsystems.profiles.minimal = lib.mkEnableOption "declare this a minimal host"; + config = lib.mkIf config.swarselsystems.profiles.minimal { + swarselsystems.modules = { general = lib.mkDefault true; home-manager = lib.mkDefault true; xserver = lib.mkDefault true; @@ -16,7 +16,6 @@ zsh = lib.mkDefault true; yubikey = lib.mkDefault true; autologin = lib.mkDefault true; - boot = lib.mkDefault true; server = { ssh = lib.mkDefault true; diff --git a/profiles/nixos/moonside/default.nix b/profiles/nixos/moonside/default.nix index cf80ece..d1403c0 100644 --- a/profiles/nixos/moonside/default.nix +++ b/profiles/nixos/moonside/default.nix @@ -1,28 +1,27 @@ { lib, config, ... }: { - options.swarselprofiles.server.moonside = lib.mkEnableOption "is this a moonside server"; - config = lib.mkIf config.swarselprofiles.server.moonside { - swarselmodules = { - general = lib.mkDefault true; - pii = lib.mkDefault true; - home-manager = lib.mkDefault true; - xserver = lib.mkDefault true; - time = lib.mkDefault true; - users = lib.mkDefault true; - impermanence = lib.mkDefault true; - sops = lib.mkDefault true; - boot = lib.mkDefault true; - server = { + options.swarselsystems.profiles.server.moonside = lib.mkEnableOption "is this a moonside server"; + config = lib.mkIf config.swarselsystems.profiles.server.moonside { + swarselsystems = { + modules = { general = lib.mkDefault true; - packages = lib.mkDefault true; - nginx = lib.mkDefault true; - ssh = lib.mkDefault true; - oauth2-proxy = lib.mkDefault true; - croc = lib.mkDefault true; - microbin = lib.mkDefault true; - shlink = lib.mkDefault true; - slink = lib.mkDefault true; - syncthing = lib.mkDefault true; + pii = lib.mkDefault true; + home-manager = lib.mkDefault true; + xserver = lib.mkDefault true; + time = lib.mkDefault true; + users = lib.mkDefault true; + impermanence = lib.mkDefault true; + sops = lib.mkDefault true; + server = { + general = lib.mkDefault true; + packages = lib.mkDefault true; + nginx = lib.mkDefault true; + ssh = lib.mkDefault true; + oauth2-proxy = lib.mkDefault true; + croc = lib.mkDefault true; + microbin = lib.mkDefault true; + shlink = lib.mkDefault true; + }; }; }; }; diff --git a/profiles/nixos/personal/default.nix b/profiles/nixos/personal/default.nix index c34af54..d1c806c 100644 --- a/profiles/nixos/personal/default.nix +++ b/profiles/nixos/personal/default.nix @@ -1,8 +1,8 @@ { lib, config, ... }: { - options.swarselprofiles.personal = lib.mkEnableOption "is this a personal host"; - config = lib.mkIf config.swarselprofiles.personal { - swarselmodules = { + options.swarselsystems.profiles.personal = lib.mkEnableOption "is this a personal host"; + config = lib.mkIf config.swarselsystems.profiles.personal { + swarselsystems.modules = { packages = lib.mkDefault true; pii = lib.mkDefault true; general = lib.mkDefault true; @@ -44,7 +44,6 @@ lowBattery = lib.mkDefault true; lanzaboote = lib.mkDefault true; autologin = lib.mkDefault true; - boot = lib.mkDefault true; optional = { gaming = lib.mkDefault true; @@ -56,11 +55,6 @@ ssh = lib.mkDefault true; }; }; - home-manager.users."${config.swarselsystems.mainUser}" = { - swarselprofiles = { - personal = lib.mkDefault true; - }; - }; }; diff --git a/profiles/nixos/reduced/default.nix b/profiles/nixos/reduced/default.nix index 71bce91..3993fac 100644 --- a/profiles/nixos/reduced/default.nix +++ b/profiles/nixos/reduced/default.nix @@ -1,8 +1,8 @@ { lib, config, ... }: { - options.swarselprofiles.reduced = lib.mkEnableOption "is this a reduced personal host"; - config = lib.mkIf config.swarselprofiles.reduced { - swarselmodules = { + options.swarselsystems.profiles.reduced = lib.mkEnableOption "is this a reduced personal host"; + config = lib.mkIf config.swarselsystems.profiles.reduced { + swarselsystems.modules = { packages = lib.mkDefault true; pii = lib.mkDefault true; general = lib.mkDefault true; @@ -44,17 +44,11 @@ lowBattery = lib.mkDefault true; lanzaboote = lib.mkDefault true; autologin = lib.mkDefault true; - boot = lib.mkDefault true; server = { ssh = lib.mkDefault true; }; }; - home-manager.users."${config.swarselsystems.mainUser}" = { - swarselprofiles = { - personal = lib.mkDefault true; - }; - }; }; diff --git a/profiles/nixos/syncserver/default.nix b/profiles/nixos/syncserver/default.nix index b511dd5..a784c87 100644 --- a/profiles/nixos/syncserver/default.nix +++ b/profiles/nixos/syncserver/default.nix @@ -1,24 +1,25 @@ { lib, config, ... }: { - options.swarselprofiles.server.syncserver = lib.mkEnableOption "is this a oci syncserver server"; - config = lib.mkIf config.swarselprofiles.server.syncserver { - swarselmodules = { - general = lib.mkDefault true; - nix-ld = lib.mkDefault true; - pii = lib.mkDefault true; - home-manager = lib.mkDefault true; - xserver = lib.mkDefault true; - time = lib.mkDefault true; - users = lib.mkDefault true; - sops = lib.mkDefault true; - boot = lib.mkDefault true; - server = { + options.swarselsystems.profiles.server.syncserver = lib.mkEnableOption "is this a oci syncserver server"; + config = lib.mkIf config.swarselsystems.profiles.server.syncserver { + swarselsystems = { + modules = { general = lib.mkDefault true; - packages = lib.mkDefault true; - nginx = lib.mkDefault true; - ssh = lib.mkDefault true; - forgejo = lib.mkDefault false; - ankisync = lib.mkDefault false; + nix-ld = lib.mkDefault true; + pii = lib.mkDefault true; + home-manager = lib.mkDefault true; + xserver = lib.mkDefault true; + time = lib.mkDefault true; + users = lib.mkDefault true; + sops = lib.mkDefault true; + server = { + general = lib.mkDefault true; + packages = lib.mkDefault true; + nginx = lib.mkDefault true; + ssh = lib.mkDefault true; + forgejo = lib.mkDefault false; + ankisync = lib.mkDefault false; + }; }; }; }; diff --git a/profiles/nixos/toto/default.nix b/profiles/nixos/toto/default.nix index 17532b0..3647d2e 100644 --- a/profiles/nixos/toto/default.nix +++ b/profiles/nixos/toto/default.nix @@ -1,8 +1,8 @@ { lib, config, ... }: { - options.swarselprofiles.toto = lib.mkEnableOption "is this a toto (setup) host"; - config = lib.mkIf config.swarselprofiles.toto { - swarselmodules = { + options.swarselsystems.profiles.toto = lib.mkEnableOption "is this a toto (setup) host"; + config = lib.mkIf config.swarselsystems.profiles.toto { + swarselsystems.modules = { general = lib.mkDefault true; packages = lib.mkDefault true; home-manager = lib.mkDefault true; diff --git a/profiles/nixos/work/default.nix b/profiles/nixos/work/default.nix index 0740cc4..dca896e 100644 --- a/profiles/nixos/work/default.nix +++ b/profiles/nixos/work/default.nix @@ -1,17 +1,12 @@ { lib, config, ... }: { - options.swarselprofiles.work = lib.mkEnableOption "is this a work host"; - config = lib.mkIf config.swarselprofiles.work { - swarselmodules = { + options.swarselsystems.profiles.work = lib.mkEnableOption "is this a work host"; + config = lib.mkIf config.swarselsystems.profiles.work { + swarselsystems.modules = { optional = { work = lib.mkDefault true; }; }; - home-manager.users."${config.swarselsystems.mainUser}" = { - swarselprofiles = { - work = lib.mkDefault true; - }; - }; }; diff --git a/secrets/general/secrets.yaml b/secrets/general/secrets.yaml index ebaf097..88d54c0 100644 --- a/secrets/general/secrets.yaml +++ b/secrets/general/secrets.yaml @@ -20,8 +20,6 @@ u2f-keys: ENC[AES256_GCM,data:4UPXyOYEQR1oybxPLR3JW8ro5gTzq0YQse1lnAP020Nm4JG4El croc-password: ENC[AES256_GCM,data:uz7vI2rrPi1uTKEks4IPnWOt/R6ydlp/cQ==,iv:ZE01XcS6nF1sqz04rC1o20l+1DpNSRVjhC40ZmTVCww=,tag:REjnDQBcDkUzLg2ZsiDUvA==,type:str] #ENC[AES256_GCM,data:qsBNKxd3Ng==,iv:1fNMDJt7vgKFSdghYBZsuDoZ1sWvzj1Zu8NmkjX6Zh8=,tag:0D7EsgN8B1z7/y4iZS/PtQ==,type:comment] github-api-token: ENC[AES256_GCM,data:9AhHkmv4JUjmir77INYflGvjNWW/E17FmfoXs5IUnAlL7B/l8s7UlVob0Az4lOUnm3+R0RWJz0HKMvOdZVZjd3RakdoWqvBHFqOVNF1MNthg2izIiaERsnDXcxj54qJfpD505xFSBWmnTKWVwRZlW5WEsFPuvaVy,iv:wzXT+qsn4VG+R8tGU33EWoaMKs4c/BB5W7f2JvuX2eY=,tag:EEhbktsmWHBwh0iBtfaXlA==,type:str] -#ENC[AES256_GCM,data:vQF1i7rtfz/MBElKIN9j8N0=,iv:jf2SZpulx85yx2sHcnA3iwkiXJcHq4x1fdBUcSRuiK0=,tag:WpUNpH6/8jDvQA8zRGrdKg==,type:comment] -emacs-radicale-pw: ENC[AES256_GCM,data:BIORG0geX8s1WOA=,iv:SeoVn8xHlqQGxZzHrm5I5LITMoutRnz3OygswDc96ew=,tag:C3S4a8IEvCjHgAyRrCaaRw==,type:str] sops: age: - recipient: age1h72072slm2pthn9m2qwjsyy2dsazc6hz97kpzh4gksvv0r2jqecqul8w63 @@ -87,8 +85,8 @@ sops: SjV6L3crUkdLWTlsNFgyRHBla2FFam8KILYsNbLdCirfoC/Vex8yEYpS2G4O0EQP wa1xzPk3Ue0/g67dv5UZFhUn0ZB2XGFC3kEPWpptTj0VL+9Z/r0zKA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-07-22T05:16:03Z" - mac: ENC[AES256_GCM,data:CoOd5ki9DoSBzwTeTw3JDGPReJD4th+v20AItwIZBLX15eLb1KXANdz5ekHeFZ6ntHq4ij0FUH63W6ojpBdvzJS7GgboQyAThkyJSmqtr7lN9rTa3XZSIKDTZCKm4wrG60q17vUIZXPLxM+NN1Fp2oEyCwt1s7SHM11xJ3JdyBk=,iv:ofyAhu4pjzNAJguU5Z5H9Capqcky/mTMXHEYS/qhvNs=,tag:L9tZRzd5VgbB7lyCkT6yTA==,type:str] + lastmodified: "2025-07-07T15:40:09Z" + mac: ENC[AES256_GCM,data:IgodPXcdFB7zYwt1dbRXkuQ2Ko2cAy4L6BvObuP8sWRO26Sn0CRvBtfwEtJLRMoXyS3hXJ25hzTeQOUaTVRw/5GEViM4SxdUuE9b5rX1J7tRftgdI45f12tsBMJQhk4NDtxpm4CSUvh11XqNdBkBjFUMxfZVweXFhoZ7tJ3oElg=,iv:9WNevYqRUe5DtCWN6mMNNwQvxB4Z8ac/zKPocjMa33A=,tag:n/DL3B8WB/YKfcbo6ArMDw==,type:str] pgp: - created_at: "2025-07-10T23:51:26Z" enc: |- diff --git a/secrets/repo/globals.nix.enc b/secrets/repo/globals.nix.enc index 64a35db..00450be 100644 --- a/secrets/repo/globals.nix.enc +++ b/secrets/repo/globals.nix.enc @@ -1,5 +1,5 @@ { - "data": "ENC[AES256_GCM,data:8qexHpKJg6o1Fb9H50I3H25UOpNFs2sQl2hd3B2hdJRTjc96aVgTgI838Fnn7G6mFBpHqP0SFCU0/CP6SKqbhJ6SucrfpQN/RqZlSCxmuZi3sqv3voNd7/5JzY0D/5XUTfzHkeEA34HS0GcNLLY7m+QskfJdqGSMB5P++88xCNETqv+sRPVegm1ZGttj+tttesLkAcIU0556WiQhyIcpR4ZiO75NWRFerOmb4LxADR+bwBfesfGUfjflsqOSJll17N9SECSWE7o75Ojn+yde/EznK+zQlsCYvPp90d2xU6dpdRNtp9jrjvXvEVCmcwjIqIKXqurc2CU=,iv:xBYgbmjHwhbH+7WR5MLVysrChxr6rERo6WZuu07sUS0=,tag:vMoMu9mrrGRTA3oO2wsnWw==,type:str]", + "data": "ENC[AES256_GCM,data:PW4DwwvVLuaUtuvJr/h+Zx+8V1i1D3hVlATFr5yI5nykn7T/ZLf7lJFYJGqms9DHExxiGmYNWCXkFrRqOnKpBajxUuuljaE0Yd4bxIga4hF5KC+nJS5BGT9tVOQfp/sopJvp7QjxLKBcZcZ9uya2+DhxJdhmtRUj5A04ze68PsQMl4zuU7Y=,iv:1rblF4XnYDHpwz0Sl6E/3Xd9ITP5KWC8Qm5Ghf+TaTI=,tag:JmxpswTJZO7y9D4hQEn1Gw==,type:str]", "sops": { "age": [ { @@ -27,8 +27,8 @@ "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBibGlMSU4vUEF5UlNVZzlr\nMTMyOFY2Zi8rZFdZT1JrelZEUUZkZHFvOFdzCjVPbVovaU9nZklJQWNZeDJZNm0r\nMXBIK2hsZEY0NElxTVVMWmN6WU1Ld28KLS0tIENaallkK05SMllia3prV25hZDR2\nZDBNU0dYYnJESG1JZGpvSGp1WW9UMVEKJgfdLp7BRXvyAekecNJiaBXmxSj1qNxx\nZeHceqEkfWV/PzX+RP4LHjXTQCLEOJijbKxDmxSsYq49hC9xjZASuw==\n-----END AGE ENCRYPTED FILE-----\n" } ], - "lastmodified": "2025-07-22T17:19:04Z", - "mac": "ENC[AES256_GCM,data:r1h9ouXb8o8Vk3/l3SX6hxbPApMn4BcCIs52Jhv9s9RYURMGb9qqPipbX7yFIYDBMka2qJJ0BneJz2EI60nTxx+QqATImR2oot2U6iONrelgs+AL3We//xpHOVHSxQ9XMmeEOcVqXEU3u843jV1RElxarRCwB9yM6IWTPx2qNzA=,iv:bS571Ddgz6Fbhyxy2bL/087ZTD7egcvPoLXD9uF8aN0=,tag:HJBI6G6ivRHhJMXYrNhIKw==,type:str]", + "lastmodified": "2025-07-03T16:55:42Z", + "mac": "ENC[AES256_GCM,data:+k6CeK5XiwsJJtvqr/NnRQvERqsV46tQoDnY6L5ptKQLyhMC8HPhrfn/LTJmRNqA8VXaDwSqm8zn+l8mJK55P/kZeeuLSmsvSYIgKlbp6naAbhyWM/q7IsT1fOAmFGKuG5nKaOy+ufxaXwIWWRPejmi9i+gmEw2FOTNimwyOqwc=,iv:q6P6QuipKMGc5i5oZ7XoU/qkbgo4X/SejfJUorAGb1M=,tag:sGfym1AaYAYHEzwDC5Dgsg==,type:str]", "pgp": [ { "created_at": "2025-07-02T12:10:18Z", diff --git a/secrets/repo/pii.nix.enc b/secrets/repo/pii.nix.enc index 4a55990..b3c617b 100644 --- a/secrets/repo/pii.nix.enc +++ b/secrets/repo/pii.nix.enc @@ -1,5 +1,5 @@ { - "data": "ENC[AES256_GCM,data:93ubLQUuSE0QMWwXadiH4HGCTMXFj25AbstjRt7Cvwh/jwpsmNcsnJfv7zBE2bl33ystKzMRHVjbp/IPKI0VSBbPbX5joKr0U9tMOXo+9Nc6Z6wFVSO8x5WjxZnj/8WxJMCmON+8lFvadegPxT1gy8aPtK1HKMDYzZp4wEiKzuJNrmwAA7Ofy5nWj1HVVCL7C2PDC7JUJZWVoNx4PITUIJYzc6F5nSCOz8SmIyHewAyUovFLmdnnRYsmyJOYpe3chXxgO60huQEhvJw0lt+OxGNONhGsYUeMFIsA84hfaqosXCXXVC7R8Z8Xr7EvyKoUiQnTr1iSCXFN4FO6PhhM8KO17BXREAmrqlcA74a+csLLj2iAmJ1mMMT2EuIaC3W5XJO6YsVxb8hCNjP2tUg/RxwhiRXN/elhhmsPyk2Csxx9yYOFR3q7BXgRKLvGHQIQZ+HS/vy4m0qsZyKInsDHahcgqggKxsLeGUzOSKEXmznM9Hu058Mn0+i5NoDitZfZ41JZuEaz6bvP6AqLz7mVMiHzfnR9JuuoqpQyHxlq3OQyQGQHJpl6Wmc1lG/QOgHchHxgDJYkGxUNPiC5Y5hV9XxFaVQ8QzArt/nScC7r4ZI2vcMBWAgb5tPJZkltPzuymmJXe5N3T4y7dKb1PaJnWO1rN1A/qYtB31K+bCsguFuo8S7P4mkdHIhJ0f1+dykHmDIlmeN5wJWZHO+Zg47KH1X8pqOFCiZcE0hFkqzlSiuKWNOMFN8WuVqw/JjUf59AD2WPKsuyshaKxjkCoZXKH89mO/9qOpx7R7vAybJHit6X4PeyKUizEl5lCWSW7HmnQPVy2Z8yc2o/rnO3G1lThqeGwqG4uVrEdQvH8oRCDDm9LjRN7TTo77cdZgVnc2bT8UyFOqLg9r0Ux4+0TuQse2ibiGHERNYU/UKZQBVvz28yG5o7LkpIfqHuo4JHpbF20MLoOzYWDj2A+s0pEWlPT7P0EF9POiuK5TKxPCcjCWtd2IgHiPhatNIMD9ygpvfw8f9wkPBTuPN0yJaXa+JlyXf73K+cmigTOhAyoGRB40QzxeZP2/hexUinNBPwy8r+D07bSP9EJi245yKmaZyNn9fEKjGCY4xJeroPY5jTgs8T74k+6onISXzv37XbqTRLfykdjJ3ttk6R2McnS2h1YwTvlTbw0Wsf9ocWc8qjPz4mggxiDalxemKCabM9pRcepGmbkXdtXQi7G17VxT8Ur8Y0zy/M8bVfwYCmhOq0JqHqJuRbo2nMX0kSXFKwZDeNiwmWF77YJscCW3ZU/k0p6yHzWXwk7jTmUD60Ht+kR0uQSt5LNqNty7i9uo783kMXmHoX7Q3UVPf3wtjRDgOxLPMaTFHWeHWoSpHHmCuxvKRBDt0mg3rvtmeRrTgFXCNIBBwgks65TpMrzj/0Pw7GyqZOHvC7GKJY8kwGssS6X8XRD6gxQqPfNl5REv4yT+Oa+6tG6rD6zkFv0pkJIRm0EXRZ+w0gqUzduTE1n64IS/yBJexgVjkJfJKbRinWk50yzymZYeMEIsutpRAiZZ0nBiGRngl0KzvvUA8ranyRUkKD7m5lS+vfwtsKSI6OixK8hBwypUGqR9vD2qWvQVUjkvltPFMiONoLEC6bt/mNuhQGscFGi6tIkra0PUovk0msJ5SnjFpj1hFTs/QEL2xNHx+9q+7XqddzAn6j4t3UjYhyuf3B2QuZ7au2q+NRdzoGDaXM5eJyvCYSMDmZq0vZ0LK60h44b7T5JnstuO59pr6fGKCoQRYfT0eTp86cWRcPugIh05I0CF82080vQhNXvjYxzzLwjkx9zYBCJk5KDE4Q9nZSLzDRl5IwGysOqqwO5t//CAF4tpsyTE81OSgi1ca/+hbl+ro6wQiWVlMhXObuFf/4+6UtsRouY35tXGlgclpvLMsQfpE5Y7HcLQ3+tlsZncXjG2PGNeGyWHZqsWmJjT5p1D9UVRMFwGxQpQiCE6NaVbHN4rIuD5jEDkM6Z/l8nPFSesU2ddQGi8Xtg3gdP+AFXWiIGEqIKSlG7drJ3WMK2FAgkaYk/zgvFYTK8jMjJBm25baJa0LLKGv3v5mU+w/bXr6CmGM+1GbhM0jnb3LSCsDIFJFpeILWsI7Ej62w/knwNzaHw251fquecbUEUkXkGeBq/izATp6TXHB07RL9BIMDaOlrSI3Pb/ej77MjcNkvZMfSJdDL+O/Ob5JgPQYp+tyubipLNaAxnlNlKvEzm5KSacHIXyDHUpYzsx84J6x65i2AbrtmJ1O2ontwOY2vlrSEQgduDuTZm48D2BBCZZ7TTAP2E+yD1GllGlSZY69TQSKF08gFbrSf+Jj+AXKOrQQerXc47hFAMPFScTH0rtN1zsM9pV0d/5zhkFePatL8Ztoa8uJUCVpJxu2z+h8BedIDfhXtijCxEmOKc+9iLokTyWupk/uCQyLqJO+cqYqf6T4Rf4S9XmlkPELGPSRwpOjSDhlKyWf72sbvokgIQ6G/TRQIGlOMlmTn60j0Mf6kWmL3hx6LWVN7kH4TpHmryWy2s0pgKEiqNihvoM3IR9NhM4cv2RTbY6NG3x5ql3Y8A9Aoor9tuS4IDCDb8n/TZ63CxSui+c7qGLCdg0znUlWv2XvTOTjleCHgukMbUqDqXphE3/vwMePJ/uXA3PBZ8gWCuOhsa5FU9ABi17h37XKhZG6Vys6iw2EWN3VbIEsdjjVPBDNCluy7eoEJGNKATS4Y6/5bhXUBtYOYI2WvoJCdR35WR0grkDsV7AaGdKGg/slKByWXmyOw2Rrj0siz0SC/42DhwDB46dL+0EZpL+pnBv/pT/PcMJ/hrp1blgdgXgRSH56cLHQhmX6SdZT55DSCW6BKfSDSAH9fVuSAVzdqBgjMhzQ3ar94UjTCkSXVu0NspZm2BKQprsgnAbUz192/phZ+jrVkcIb+iq6+HgJ3BYT+ByKR3e4AoBN6HvANYjXOgLe3iExeo7QIgdDWyXZH8mxOz4j/BPN8EjsHrk7FazgrID5oJSHDDBJ36hKoAvjCSsMHveWrbBwS00hGIpgGX5EaCaeTE/6UYZ0DF56M8/pa4L3khyDs/sXUCsJEoxQcvMkt2IFAnoKXpkWPND8iLFt0DSq7ov9+rKjXpgeH0K/DIj0Qfkwk66EusEUtwux4EYTofwcyorlpgA5RXzAZB5jroqmcL5I79uZ/oLyoBjulS4nEcKQihcSEozRVSSiQlKHsb0DWOKovUlwdBossAQUXcrShAhkfddc3iqIonpFDJYw6np9HwZ+QSOXNaEkRtucW+J0I6YSTHnRF64GARGpvF9DXlpbhfONm96mgTpkCkO2NekNP2nuvWnIs+MDmD8BZd2o2hLPo1Hmr+2n0Gkvd5DJAemfggTrEZ8YuaMnQbhwOKJ79Vu4N7mmhghDjuHi55hnzZDEUXgeyJ/rQTsiD4V29kOnPvoMBNRGSD74LPptOceXw1HqoOyMI+wDXHTj00Elr33rTEJ0lfcFvtW8EgvU85mCHP1/TC5Ms2jKAUvVBGSC7CGkwx7O0mSCujU+BYTD/1r1a2KdGyhvU5xVcMp0RMm7y25I+5ckWJUzrN2A3wO3ANJZ0PE6qk49316/XDyK0xn2C1EvFxT7nl/e/KTmCUBm/8Bx0suiAand4PhCbuMT8IcENCBEglwg0aEYTo2HkKmJFOkPzVjW0VAyXR4/NYjt0lAIGN7AsBVo+Wp2N3O+67eqA+wjMFV/6pAc8u0Pla7NfzCiM9hcgWH0+fKD+DJSiRU536gucBA0vXMWzjEzy6Hy2cn3j7fm6Q6B1MjVHzAmZqElPm3frGxv7eOTJzKS+YhqzPkBuF5wa0MUskmFd4aHt/zchSlMD183A3CmPxV7lwM+d0q0O7OoB8uH4AyM4DnkTvBP+jDxlEaVP85dbX0EHexmTLGweH2QL5W2stLNxGGPjROIMJRUz1yc=,iv:sTMh997U5saMDn6pvEmSjEv9czye1NhMPJOwrcb/JHs=,tag:56yLcBmZ0bu89cBTYHEFuw==,type:str]", + "data": "ENC[AES256_GCM,data:EF0WWDO7RbeBETTY74hH+dPkI0gxqZwJcciHT687Jj/w4T5MuiVBHd61LPhYsnMmoN//yBzRGgNqHr5Cw5EZiwnK2X2/tobv6f8iD56CLM8wQvtUtmRaqjwirSL2MVJlDuaGkUS2D+6hdzqGnRFRiL9FN0Lt/FLU4mX+Iv4iy+SOfd6gaGjJBq34ZdrL1EU5hdzoRFhQKWRi8GyBq5jhyn7JgTDF2q99Cx5EwuN1NrgKsMhtW0VaYxwL6wnhO/iHO0WIIf+ORXuRVZBLFr6AOAg4nG7JL9HWn+QZ8uUBCzYYryqPcUWZ/2V6e/gVsLCNpfVB0MqGnn8zLYx0ADeBnlKTWID2zp8Mb4Ygxx+2pj6pbVKWj2kPG1pMXH58NxaqSU1ouoh8+uhnGj/VMIvJ7I13eo/rf5ju13Qj9mh5MCFMTh8uBN9M6euGgHgwS41N/GmZIGa01qVDjIc4r0NQjIa5/31IcedTzrVaChjV5RVFJIMD0NmqKv4zkv95Q0+mlee/9SZXirXAfgA4bvUnBR/dTOogC7c2MrANyl/mUAch6UmA0FG5ALC+trlvfY2FYdsbKuL4TWN3CqUCO+bD2Nfeg1y7PK/2xZ5gVNCbIRQy/AdZMWU4NX1N4Hrm+seT9cP6etIu2JjFDg4VIyCCgnFW2O95GOHkBRcVZmBE6Y6ttZ7D+UNSsctXO4duerjMd1Hf2NwaDS0KBNPct2wbCfx5L6iCN4/5KW+vzzy3TPxti1qarZG7jyUeWWAsgn27mKq8v7xbAKIPs6+ebsAH2GB4dY1Bk+cr2mpNychJXJ9G+hfRPuU+7eMhNG/ckFx2Axw1BC6MYaz2zGPQZXayTWVvcbx1Lhx9jqL1QjC2WKc3bxPUKWZy9xhOTS/tGMK8MIWk75s5JnJfhnQ/wMMqXjEsaITSQ1hJhKKVDUTo6FfooZXgFhY7wKpW5gl6hstL9YI+ccZmRtHkyb03ibiOVBni0xzQlpY7vh+DKkOCgl+DcKwAslmhCDFyR9s4ARrQojY5LZtDwPStV/LklU5lcelzHiwUNdirWSd0xN7wobZDLO8U1SrMYkqdwKDNGGObc2G5DqDNtpIxv+bvAr5llth5GmVd0soJdTrORDO8ZfbbDcc145pfva58D4jptvpuTbMnTTtYh3vNHZDxUoTVICUsfA+EMKwNSAog4eQhc/jLdCgLO2AdfL+0bGhAu6mk270IOZOD8ZEXCW/ZC5JwYPXLmictIWGtGjZocV8qMXFJB4LDyLm/49HntW22xcgTEG56VN/Y9YHXDrA2KmjPWNRy9OazPwe4Xqk2CjtwL3be0XuQ/dwwUcd8jh7v765cDrLNWgmwFM2SdmImtyKTeevKPiQOjQgfa2yK5Mmmtw8HpyPkYjdGJSFHm+gco+HaEyl3EfZNB/zQ1vhkWK8Fo70FOZ4tCgi6u+6vuxKPSWz8Vgy4d/fWzF1r+/bite6b4fOQYQu7G0yMVMk2aDGJt5cLTsHLTKy/CNFCc8phBfJXi17u+YVvqyjLuD2QwK0ehF/XIvF5xyog7hWruGaAM1homjATItlLe2Bv6Ag8HXMmcS6CFK5FNKhoLIqiCP1rShzQpYQ94f3kwPFCtXehUSj4WY4XKsYGyFQYiQiqxG7SESXDsmaJKl688e/nsFBGNhJa/AKRflN6XC3ZCtarlG00RNiVjh+lpR8Qx2OFv+u96KumbZ+KDiN9s29AWNBJES0wLoLTZ4NDtIBTV6s5quEEh+R6+m0fLQXjvcnR0uQGtdIf4SDp4Is96oUHEfcmmp48lJD5s8nXT5cKA+ZeHyo7ixh/jiZWhHm2hMWK4+US/wPLoFaeiGGl5jaeV4RSL2uF+lJtfDRHR+4u9PFUro0RWNStHIov21kFkCyxzVQ5hBz2avGgqnoPDbYA31PcPlXXEttWmcEaq7Q+5v0Ttm50UBasS9D/gX+h9AzyP7xljf7i+lqlYjS8Abu8V1wwzPXt9kkYfOUX986QGittxhyKAffyGl/D6hvgv3kuzkzQivskrQLw+3y+My2JHRvIawkUVw2twr6sDY8hsNrvQHVfd6nfIBBsC7ZQO+xF68yjEAA2TwGu3eh3nD3i0G6XcZBHhmlTHM4gtRX4/BD2WM2JxSYlRg7cMtKObICP7cBSE7Mxy6Xatx49Ckp7+sE9H/y/EMCHUc48ayoasLPo8LwdjcZsWp69t9zFO1fdW/HBNCAmhrHwdvNieadPqjzGs7gU8cy/GE/pYXoBrWh2Qr3awMvAmmoshnVsHB8BATVo73FVI3UTkNOkppKhzcOFIULxa4qEI/tgjSGBqVTXdMPEX6WL7OQMm7bkhlUyU3BMcNd8IyxK2p+VsznOOQW8fN0NdZtqi6a8lYQIulX73oqM0p/th2eFl18bxMbkm5agEk+bzFPdAQmRKwExwzWDTxjKIf7jChQ8MYD4a7/i2Qc1qYXZGtkNAF6Yf7Rb7q8ECqkiIcAGDiPDtoncM5Fq4z/hFsPbKEypoZqgnRkMWDOGqQFDr6wpJ2U72CJ7FiZQ2Jhwqz8z/wKpRxI5srbzgRkIo/ZCThvKmFfcjLhZGqmtLk0F1VOzW6xgEh9rzaFEvsrY3lrwiDEN3f6D0XftXLYXw+jdqy9pN9twYsbAbWzYGvLp8vQAz6Q/uiyqYxzQnrUKLJYr5e3RfSEP4g8m97y6EqHx9IsYeT8Yybvnc+qKmh4H1xg0VgLzNDKOKjVP4XUtWJax61VDVzICFO/SX88hbmf6fEgNLO79OmWh8svkS7yYFdi4LxWlxeYQOf+hsfawCpRQ0d4AIvOATRDZK0itOKDU/Nx9wyj9MFSHDwAh9MzEQ3BknCNbo/feOx7pri66eVMNJlOTa7dSTAgQsiP8+weNkCWhJrnxgPlNXxicCkPjLtPWPQZm8gozjuNM3fe+YY4zkwkz7E7tctxq5Zai7Ple5stRUYHTPBOXP6TrUUVJfiElh6PHRhamAZUiMzcrM+qM4tdJjtvRJLR7JucAqZqW2dh6Yq9bfH1LufxvukwR+my5sND3mjz9E+S2YPV3fr2cB7sqQqrtBa+UtC3tywk4aVIJ6hTOiWB+HAGAsRGBNuxVb/oUZIlI7ub8N8Vf/tMPwLyfS49LKwwx4lFTxQRKkvpv/ZARR5PtZVIS3nLh4AORqylM2gIi2Lx2862tJ4SEo4WQy1aukQ==,iv:pEDV2WLEFisblx+XrhuoaNpxtk4Byj+jB/ixhsk3uPQ=,tag:T4xI5g6sIrIobuSuViG5+A==,type:str]", "sops": { "age": [ { @@ -27,8 +27,8 @@ "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtU240VjVRZmJ5TGsrclJF\nRXRLbTRCZURtR0Z3d2E2eDNNeGRDODlXVEY4CllTeVFYbDJQWlRSS1RFLzAxSnlM\nZi9NU1c3cWo3YWRLcUJ2U2ZFWFBBVEEKLS0tIGtmZU9qSWdBT3RDeStaaFFDSWtk\ndkUzZXJwZUl4LzVxYXdidmxXRnNnclUKyAMZqCKSY/RQvTR4bbjLaPnGKwdBcHXc\nvtiVSrLdIdzMa6id/J07TJH5UesUmcp0wjU41MDa4aMBLy+cXhuBHA==\n-----END AGE ENCRYPTED FILE-----\n" } ], - "lastmodified": "2025-07-22T05:18:26Z", - "mac": "ENC[AES256_GCM,data:lxQFZ8hWrBepjVzeaBrHS4SpkwQzXyEvJu6fclWAvEby1w+eG7kMR3quHzD/F6zPoT3jLdFM3fSIhjVOSslSnut0pTtselvco23YtbYzEz1JK/mTGW6IytGQvZVH1HGM3lwHJ9G7jLPRUq5CBQr4zULtqZBO4rK+f9YnFChhPyY=,iv:DsgxvDPHWv8qHqYB3RXiVmZcZfdxI6iUFABHj2iE0Bg=,tag:KK0RYpLgyzVSQPYIr4DLTQ==,type:str]", + "lastmodified": "2025-07-14T02:08:47Z", + "mac": "ENC[AES256_GCM,data:ZT2q2cHleWw+h7JNzWi+UnFo7G72xMMjzkbr4Ixp09xT9jqHjeHRitRveoNyh8jcRSbWxVeYf1fpKEKPEAxqU77NORhD/QBFjQm1iG/UH/xkRNBTQ/kE+yp/6jlkyfJ/m8ulTSbegz2eQkko9HP9qG7+QMcESP6zE7ko8UFPXAY=,iv:AvQDzn9kQYj1cr6K/luFZkv2G1UAQT27cA9/pQMRJl0=,tag:uuH3aZSI644HrJXYR5I7UQ==,type:str]", "pgp": [ { "created_at": "2025-06-13T20:13:06Z",