swarsel/.dotfiles
1
0
Fork 0
mirror of https://github.com/Swarsel/.dotfiles.git synced 2025-12-06 09:07:21 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Compare commits

base: swarsel:35f108e3fcc6ee620db080ee74cb30b7c6c59117
Branches Tags
swarsel:main
swarsel:feat/router
swarsel:feat/nixos-dns
swarsel:test-extra-modules
swarsel:feat/microvm-preparation
swarsel:v1.1.4
swarsel:v1.1.3
swarsel:v1.1.2
swarsel:v1.1.1
swarsel:v1.1.0
swarsel:v1.0.0
swarsel:v0.1.0
swarsel:v1.0.0-1
...
compare: swarsel:64e6a9c1599004c002e4c12926898ba5232fb513
Branches Tags
swarsel:feat/router
swarsel:main
swarsel:feat/nixos-dns
swarsel:test-extra-modules
swarsel:feat/microvm-preparation
swarsel:v1.1.4
swarsel:v1.1.3
swarsel:v1.1.2
swarsel:v1.1.1
swarsel:v1.1.0
swarsel:v1.0.0
swarsel:v0.1.0
swarsel:v1.0.0-1

4 commits
35f108e3fc ... 64e6a9c159

Author SHA1 Message Date
Leon Schwarzäugl
64e6a9c159
fix[work,client]: get home-manager working on dgx
Some checks failed
Flake check / Check flake (push) Has been cancelled
Details
2025-10-31 15:04:59 +01:00
Leon Schwarzäugl
c8a49d4f47
feat[work]: improve git-replace 2025-10-31 15:03:52 +01:00
Leon Schwarzäugl
ed9008112b
feat[work]: improve git-replace 2025-10-31 15:02:49 +01:00
Leon Schwarzäugl
ae98f0d5df
feat[work]: mako: no disturb during presentations 2025-10-31 15:01:56 +01:00
21 changed files with 1098 additions and 897 deletions
Download patch file Download diff file Expand all files Collapse all files

989
SwarselSystems.org
View file

File diff suppressed because it is too large Load diff

6
flake.lock generated
View file

@ -6365,11 +6365,11 @@
}, },
"nixpkgs-dev": { "nixpkgs-dev": {
"locked": { "locked": {
"lastModified": 1759233809, "lastModified": 1761589965,
"narHash": "sha256-ww6JlKuclxzcBb+cb4GCnVw4PtI+7xd3J9/ctINWKeA=", "narHash": "sha256-ZtypYmGwo7wUOo88UKVAdUZCYCpvFM8O0bEmI7+NW5k=",
"owner": "Swarsel", "owner": "Swarsel",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "d3e334a2a4f9d50568bf03ec62cd445faac7ce9e", "rev": "ed3254fbd834e5bfbf6bc9586d57307a92f1a269",
"type": "github" "type": "github"
}, },
"original": { "original": {

4
hosts/home/treehouse/default.nix
View file

@ -2,8 +2,8 @@
{ {
imports = [ imports = [
inputs.stylix.homeManagerModules.stylix inputs.stylix.homeModules.stylix
inputs.sops-nix.homeManagerModules.sops # inputs.sops-nix.homeManagerModules.sops
inputs.nix-index-database.homeModules.nix-index inputs.nix-index-database.homeModules.nix-index
"${self}/modules/home" "${self}/modules/home"
"${self}/modules/nixos/common/pii.nix" "${self}/modules/nixos/common/pii.nix"

109
modules/home/common/anki.nix
View file

@ -1,65 +1,66 @@
{ lib, config, pkgs, globals, nixosConfig ? config, ... }: { lib, config, pkgs, globals, inputs, nixosConfig ? config, ... }:
let let
moduleName = "anki"; moduleName = "anki";
inherit (config.swarselsystems) isPublic isNixos; inherit (config.swarselsystems) isPublic isNixos;
in in
{ {
options.swarselmodules.${moduleName} = lib.mkEnableOption "enable ${moduleName} and settings"; options.swarselmodules.${moduleName} = lib.mkEnableOption "enable ${moduleName} and settings";
config = lib.mkIf config.swarselmodules.${moduleName} { config = lib.mkIf config.swarselmodules.${moduleName}
({
sops = lib.mkIf (!isPublic && !isNixos) { programs.anki = {
secrets = { enable = true;
anki-user = { }; # # package = pkgs.anki;
anki-pw = { }; hideBottomBar = true;
hideBottomBarMode = "always";
hideTopBar = true;
hideTopBarMode = "always";
reduceMotion = true;
spacebarRatesCard = true;
# videoDriver = "opengl";
sync = {
autoSync = false; # sync on profile close will delay system shutdown
syncMedia = true;
autoSyncMediaMinutes = 5;
url = "https://${globals.services.ankisync.domain}";
usernameFile = nixosConfig.sops.secrets.anki-user.path;
# this is not the password but the syncKey
# get it by logging in or out, saving preferences and then
# show details on the "settings wont be saved" dialog
keyFile = nixosConfig.sops.secrets.anki-pw.path;
};
addons =
let
minimize-to-tray = pkgs.anki-utils.buildAnkiAddon
(finalAttrs: {
pname = "minimize-to-tray";
version = "2.0.1";
src = pkgs.fetchFromGitHub {
owner = "simgunz";
repo = "anki21-addons_minimize-to-tray";
rev = finalAttrs.version;
sparseCheckout = [ "src" ];
hash = "sha256-xmvbIOfi9K0yEUtUNKtuvv2Vmqrkaa4Jie6J1s+FuqY=";
};
sourceRoot = "${finalAttrs.src.name}/src";
});
in
[
(minimize-to-tray.withConfig
{
config = {
hide_on_startup = "true";
};
})
];
}; };
}; } // lib.optionalAttrs (inputs ? sops) {
sops = lib.mkIf (!isPublic && !isNixos) {
programs.anki = { secrets = {
enable = true; anki-user = { };
# # package = pkgs.anki; anki-pw = { };
hideBottomBar = true; };
hideBottomBarMode = "always";
hideTopBar = true;
hideTopBarMode = "always";
reduceMotion = true;
spacebarRatesCard = true;
# videoDriver = "opengl";
sync = {
autoSync = false; # sync on profile close will delay system shutdown
syncMedia = true;
autoSyncMediaMinutes = 5;
url = "https://${globals.services.ankisync.domain}";
usernameFile = nixosConfig.sops.secrets.anki-user.path;
# this is not the password but the syncKey
# get it by logging in or out, saving preferences and then
# show details on the "settings wont be saved" dialog
keyFile = nixosConfig.sops.secrets.anki-pw.path;
}; };
addons = });
let
minimize-to-tray = pkgs.anki-utils.buildAnkiAddon
(finalAttrs: {
pname = "minimize-to-tray";
version = "2.0.1";
src = pkgs.fetchFromGitHub {
owner = "simgunz";
repo = "anki21-addons_minimize-to-tray";
rev = finalAttrs.version;
sparseCheckout = [ "src" ];
hash = "sha256-xmvbIOfi9K0yEUtUNKtuvv2Vmqrkaa4Jie6J1s+FuqY=";
};
sourceRoot = "${finalAttrs.src.name}/src";
});
in
[
(minimize-to-tray.withConfig
{
config = {
hide_on_startup = "true";
};
})
];
};
};
} }

37
modules/home/common/emacs.nix
View file

@ -5,23 +5,8 @@ let
in in
{ {
options.swarselmodules.emacs = lib.mkEnableOption "emacs settings"; options.swarselmodules.emacs = lib.mkEnableOption "emacs settings";
config = lib.mkIf config.swarselmodules.emacs { config = lib.mkIf config.swarselmodules.emacs ({
# needed for elfeed # needed for elfeed
sops = lib.mkIf (!isPublic && !isNixos) {
secrets = {
fever-pw = { path = "${homeDir}/.emacs.d/.fever"; };
emacs-radicale-pw = { };
};
templates = {
authinfo = {
path = "${homeDir}/.emacs.d/.authinfo";
content = ''
machine ${globals.services.radicale.domain} login ${radicaleUser} password ${config.sops.placeholder.emacs-radicale-pw}
'';
};
};
};
# enable emacs overlay for bleeding edge features # enable emacs overlay for bleeding edge features
# also read init.el file and install use-package packages # also read init.el file and install use-package packages
programs.emacs = { programs.emacs = {
@ -91,5 +76,23 @@ in
socketActivation.enable = false; socketActivation.enable = false;
startWithUserSession = "graphical"; startWithUserSession = "graphical";
}; };
};
} // lib.optionalAttrs (inputs ? sops) {
sops = lib.mkIf (!isPublic && !isNixos) {
secrets = {
fever-pw = { path = "${homeDir}/.emacs.d/.fever"; };
emacs-radicale-pw = { };
};
templates = {
authinfo = {
path = "${homeDir}/.emacs.d/.authinfo";
content = ''
machine ${globals.services.radicale.domain} login ${radicaleUser} password ${config.sops.placeholder.emacs-radicale-pw}
'';
};
};
};
});
} }

325
modules/home/common/mail.nix
View file

@ -1,4 +1,4 @@
{ lib, config, nixosConfig ? config, ... }: { lib, config, inputs, nixosConfig ? config, ... }:
let let
inherit (nixosConfig.repo.secrets.common.mail) address1 address2 address2-name address3 address3-name address4 address4-user address4-host; inherit (nixosConfig.repo.secrets.common.mail) address1 address2 address2-name address3 address3-name address4 address4-user address4-host;
inherit (nixosConfig.repo.secrets.common) fullName; inherit (nixosConfig.repo.secrets.common) fullName;
@ -6,186 +6,187 @@ let
in in
{ {
options.swarselmodules.mail = lib.mkEnableOption "mail settings"; options.swarselmodules.mail = lib.mkEnableOption "mail settings";
config = lib.mkIf config.swarselmodules.mail { config = lib.mkIf config.swarselmodules.mail
({
sops.secrets = lib.mkIf (!config.swarselsystems.isPublic && !config.swarselsystems.isNixos) { programs = {
address1-token = { path = "${xdgDir}/secrets/address1-token"; }; mbsync = {
address2-token = { path = "${xdgDir}/secrets/address2-token"; }; enable = true;
address3-token = { path = "${xdgDir}/secrets/address3-token"; }; };
address4-token = { path = "${xdgDir}/secrets/address4-token"; }; msmtp = {
}; enable = true;
};
programs = { mu = {
mbsync = { enable = true;
enable = true;
};
msmtp = {
enable = true;
};
mu = {
enable = true;
};
};
services.mbsync = {
enable = true;
};
# this is needed so that mbsync can use the passwords from sops
systemd.user.services.mbsync.Unit.After = [ "sops-nix.service" ];
programs.thunderbird = {
enable = true;
profiles.default = {
isDefault = true;
withExternalGnupg = true;
settings = {
"mail.identity.default.archive_enabled" = true;
"mail.identity.default.archive_keep_folder_structure" = true;
"mail.identity.default.compose_html" = false;
"mail.identity.default.protectSubject" = true;
"mail.identity.default.reply_on_top" = 1;
"mail.identity.default.sig_on_reply" = false;
"mail.identity.default.sig_bottom" = false;
"gfx.webrender.all" = true;
"gfx.webrender.enabled" = true;
}; };
}; };
settings = { services.mbsync = {
"mail.server.default.allow_utf8_accept" = true; enable = true;
"mail.server.default.max_articles" = 1000;
"mail.server.default.check_all_folders_for_new" = true;
"mail.show_headers" = 1;
"mail.identity.default.auto_quote" = true;
"mail.identity.default.attachPgpKey" = true;
"mailnews.default_sort_order" = 2;
"mailnews.default_sort_type" = 18;
"mailnews.default_view_flags" = 0;
"mailnews.sort_threads_by_root" = true;
"mailnews.headers.showMessageId" = true;
"mailnews.headers.showOrganization" = true;
"mailnews.headers.showReferences" = true;
"mailnews.headers.showUserAgent" = true;
"mail.imap.expunge_after_delete" = true;
"mail.server.default.delete_model" = 2;
"mail.warn_on_delete_from_trash" = false;
"mail.warn_on_shift_delete" = false;
"toolkit.telemetry.enabled" = false;
"toolkit.telemetry.rejected" = true;
"toolkit.telemetry.prompted" = 2;
"app.update.auto" = false;
"privacy.donottrackheader.enabled" = true;
}; };
}; # this is needed so that mbsync can use the passwords from sops
systemd.user.services.mbsync.Unit.After = [ "sops-nix.service" ];
xdg.mimeApps.defaultApplications = { programs.thunderbird = {
"x-scheme-handler/mailto" = [ "thunderbird.desktop" ]; enable = true;
"x-scheme-handler/mid" = [ "thunderbird.desktop" ]; profiles.default = {
"message/rfc822" = [ "thunderbird.desktop" ]; isDefault = true;
}; withExternalGnupg = true;
settings = {
"mail.identity.default.archive_enabled" = true;
"mail.identity.default.archive_keep_folder_structure" = true;
"mail.identity.default.compose_html" = false;
"mail.identity.default.protectSubject" = true;
"mail.identity.default.reply_on_top" = 1;
"mail.identity.default.sig_on_reply" = false;
"mail.identity.default.sig_bottom" = false;
accounts = lib.mkIf (config.swarselsystems.isNixos && !config.swarselsystems.isPublic) { "gfx.webrender.all" = true;
email = "gfx.webrender.enabled" = true;
let
defaultSettings = {
imap = {
host = "imap.gmail.com";
port = 993;
tls.enable = true; # SSL/TLS
};
smtp = {
host = "smtp.gmail.com";
port = 465;
tls.enable = true; # SSL/TLS
};
thunderbird = {
enable = true;
profiles = [ "default" ];
};
mu.enable = true;
msmtp = {
enable = true;
};
mbsync = {
enable = true;
create = "maildir";
expunge = "both";
patterns = [ "*" "![Gmail]*" "[Gmail]/Sent Mail" "[Gmail]/Starred" "[Gmail]/All Mail" ];
extraConfig = {
channel = {
Sync = "All";
};
account = {
Timeout = 120;
PipelineDepth = 1;
AuthMechs = "LOGIN";
};
};
};
}; };
in };
{
maildirBasePath = "Mail"; settings = {
accounts = { "mail.server.default.allow_utf8_accept" = true;
swarsel = { "mail.server.default.max_articles" = 1000;
address = address4; "mail.server.default.check_all_folders_for_new" = true;
userName = address4-user; "mail.show_headers" = 1;
realName = fullName; "mail.identity.default.auto_quote" = true;
passwordCommand = "cat ${nixosConfig.sops.secrets.address4-token.path}"; "mail.identity.default.attachPgpKey" = true;
smtp = { "mailnews.default_sort_order" = 2;
host = address4-host; "mailnews.default_sort_type" = 18;
port = 587; "mailnews.default_view_flags" = 0;
tls = { "mailnews.sort_threads_by_root" = true;
enable = true; "mailnews.headers.showMessageId" = true;
useStartTls = true; "mailnews.headers.showOrganization" = true;
}; "mailnews.headers.showReferences" = true;
"mailnews.headers.showUserAgent" = true;
"mail.imap.expunge_after_delete" = true;
"mail.server.default.delete_model" = 2;
"mail.warn_on_delete_from_trash" = false;
"mail.warn_on_shift_delete" = false;
"toolkit.telemetry.enabled" = false;
"toolkit.telemetry.rejected" = true;
"toolkit.telemetry.prompted" = 2;
"app.update.auto" = false;
"privacy.donottrackheader.enabled" = true;
};
};
xdg.mimeApps.defaultApplications = {
"x-scheme-handler/mailto" = [ "thunderbird.desktop" ];
"x-scheme-handler/mid" = [ "thunderbird.desktop" ];
"message/rfc822" = [ "thunderbird.desktop" ];
};
accounts = lib.mkIf (config.swarselsystems.isNixos && !config.swarselsystems.isPublic) {
email =
let
defaultSettings = {
imap = {
host = "imap.gmail.com";
port = 993;
tls.enable = true; # SSL/TLS
}; };
mu.enable = false; smtp = {
host = "smtp.gmail.com";
port = 465;
tls.enable = true; # SSL/TLS
};
thunderbird = {
enable = true;
profiles = [ "default" ];
};
mu.enable = true;
msmtp = { msmtp = {
enable = true; enable = true;
}; };
mbsync = { mbsync = {
enable = false; enable = true;
create = "maildir";
expunge = "both";
patterns = [ "*" "![Gmail]*" "[Gmail]/Sent Mail" "[Gmail]/Starred" "[Gmail]/All Mail" ];
extraConfig = {
channel = {
Sync = "All";
};
account = {
Timeout = 120;
PipelineDepth = 1;
AuthMechs = "LOGIN";
};
};
}; };
}; };
in
leon = lib.recursiveUpdate {
{ maildirBasePath = "Mail";
primary = true; accounts = {
address = address1; swarsel = {
userName = address1; address = address4;
userName = address4-user;
realName = fullName; realName = fullName;
passwordCommand = "cat ${nixosConfig.sops.secrets.address1-token.path}"; passwordCommand = "cat ${nixosConfig.sops.secrets.address4-token.path}";
gpg = { smtp = {
key = "0x76FD3810215AE097"; host = address4-host;
signByDefault = true; port = 587;
tls = {
enable = true;
useStartTls = true;
};
}; };
} mu.enable = false;
defaultSettings; msmtp = {
enable = true;
};
mbsync = {
enable = false;
};
};
nautilus = lib.recursiveUpdate leon = lib.recursiveUpdate
{ {
primary = false; primary = true;
address = address2; address = address1;
userName = address2; userName = address1;
realName = address2-name; realName = fullName;
passwordCommand = "cat ${nixosConfig.sops.secrets.address2-token.path}"; passwordCommand = "cat ${nixosConfig.sops.secrets.address1-token.path}";
} gpg = {
defaultSettings; key = "0x76FD3810215AE097";
signByDefault = true;
};
}
defaultSettings;
mrswarsel = lib.recursiveUpdate nautilus = lib.recursiveUpdate
{ {
primary = false; primary = false;
address = address3; address = address2;
userName = address3; userName = address2;
realName = address3-name; realName = address2-name;
passwordCommand = "cat ${nixosConfig.sops.secrets.address3-token.path}"; passwordCommand = "cat ${nixosConfig.sops.secrets.address2-token.path}";
} }
defaultSettings; defaultSettings;
mrswarsel = lib.recursiveUpdate
{
primary = false;
address = address3;
userName = address3;
realName = address3-name;
passwordCommand = "cat ${nixosConfig.sops.secrets.address3-token.path}";
}
defaultSettings;
};
}; };
}; };
}; } // lib.optionalAttrs (inputs ? sops) {
}; sops.secrets = lib.mkIf (!config.swarselsystems.isPublic && !config.swarselsystems.isNixos) {
address1-token = { path = "${xdgDir}/secrets/address1-token"; };
address2-token = { path = "${xdgDir}/secrets/address2-token"; };
address3-token = { path = "${xdgDir}/secrets/address3-token"; };
address4-token = { path = "${xdgDir}/secrets/address4-token"; };
};
});
} }

3
modules/home/common/mako.nix
View file

@ -28,6 +28,9 @@
default-timeout = 2000; default-timeout = 2000;
group-by = "category"; group-by = "category";
}; };
"mode=do-not-disturb" = {
invisible = true;
};
}; };
}; };
}; };

8
modules/home/common/nixgl.nix
View file

@ -1,4 +1,4 @@
{ lib, config, nixgl, ... }: { lib, config, inputs, ... }:
{ {
options.swarselmodules.nixgl = lib.mkEnableOption "nixgl settings"; options.swarselmodules.nixgl = lib.mkEnableOption "nixgl settings";
options.swarselsystems = { options.swarselsystems = {
@ -10,11 +10,11 @@
}; };
config = lib.mkIf config.swarselmodules.nixgl { config = lib.mkIf config.swarselmodules.nixgl {
nixGL = lib.mkIf (!config.swarselsystems.isNixos) { nixGL = lib.mkIf (!config.swarselsystems.isNixos) {
inherit (nixgl) packages; inherit (inputs.nixgl) packages;
defaultWrapper = lib.mkDefault "mesa"; defaultWrapper = lib.mkDefault "mesa";
vulkan.enable = lib.mkDefault false; vulkan.enable = lib.mkDefault false;
prime = lib.mkIf config.swarselsystem.isSecondaryGpu { prime = lib.mkIf config.swarselsystems.isSecondaryGpu {
card = config.swarselsystem.secondaryGpuCard; card = config.swarselsystems.secondaryGpuCard;
installScript = "mesa"; installScript = "mesa";
}; };
offloadWrapper = lib.mkIf config.swarselsystem.isSecondaryGpu "mesaPrime"; offloadWrapper = lib.mkIf config.swarselsystem.isSecondaryGpu "mesaPrime";

127
modules/home/common/settings.nix
View file

@ -4,68 +4,75 @@ let
in in
{ {
options.swarselmodules.general = lib.mkEnableOption "general nix settings"; options.swarselmodules.general = lib.mkEnableOption "general nix settings";
config = lib.mkIf config.swarselmodules.general { config =
nix = lib.mkIf (!config.swarselsystems.isNixos) { let
package = lib.mkForce pkgs.nixVersions.nix_2_28; nix-version = "2_30";
# extraOptions = '' in
# plugin-files = ${pkgs.dev.nix-plugins}/lib/nix/plugins lib.mkIf config.swarselmodules.general {
# extra-builtins-file = ${self + /nix/extra-builtins.nix} nix = lib.mkIf (!config.swarselsystems.isNixos) {
# ''; package = lib.mkForce pkgs.nixVersions."nix_${nix-version}";
extraOptions = '' # extraOptions = ''
plugin-files = ${pkgs.nix-plugins.overrideAttrs (o: { # plugin-files = ${pkgs.dev.nix-plugins}/lib/nix/plugins
buildInputs = [config.nix.package pkgs.boost]; # extra-builtins-file = ${self + /nix/extra-builtins.nix}
patches = o.patches or []; # '';
})}/lib/nix/plugins extraOptions =
extra-builtins-file = ${self + /nix/extra-builtins.nix} let
''; nix-plugins = pkgs.nix-plugins.override {
settings = { nixComponents = pkgs.nixVersions."nixComponents_${nix-version}";
experimental-features = [ };
"nix-command" in
"flakes" ''
"ca-derivations" plugin-files = ${nix-plugins}/lib/nix/plugins
"cgroups" extra-builtins-file = ${self + /nix/extra-builtins.nix}
"pipe-operators" '';
settings = {
experimental-features = [
"nix-command"
"flakes"
"ca-derivations"
"cgroups"
"pipe-operators"
];
trusted-users = [ "@wheel" "${mainUser}" ];
connect-timeout = 5;
bash-prompt-prefix = "$SHLVL:\\w ";
bash-prompt = "$(if [[ $? -gt 0 ]]; then printf \"\"; else printf \"\"; fi)λ ";
fallback = true;
min-free = 128000000;
max-free = 1000000000;
auto-optimise-store = true;
warn-dirty = false;
max-jobs = 1;
use-cgroups = lib.mkIf config.swarselsystems.isLinux true;
};
};
nixpkgs.overlays = lib.mkIf config.swarselsystems.isNixos (lib.mkForce null);
programs = {
home-manager.enable = lib.mkIf (!config.swarselsystems.isNixos) true;
man = {
enable = true;
generateCaches = true;
};
};
targets.genericLinux.enable = lib.mkIf (!config.swarselsystems.isNixos) true;
home = {
username = lib.mkDefault mainUser;
homeDirectory = lib.mkDefault "/home/${mainUser}";
stateVersion = lib.mkDefault "23.05";
keyboard.layout = "us";
sessionVariables = {
FLAKE = "/home/${mainUser}/.dotfiles";
};
extraOutputsToInstall = [
"doc"
"info"
"devdoc"
]; ];
trusted-users = [ "@wheel" "${mainUser}" ];
connect-timeout = 5;
bash-prompt-prefix = "$SHLVL:\\w ";
bash-prompt = "$(if [[ $? -gt 0 ]]; then printf \"\"; else printf \"\"; fi)λ ";
fallback = true;
min-free = 128000000;
max-free = 1000000000;
auto-optimise-store = true;
warn-dirty = false;
max-jobs = 1;
use-cgroups = lib.mkIf config.swarselsystems.isLinux true;
}; };
}; };
nixpkgs.overlays = lib.mkIf config.swarselsystems.isNixos (lib.mkForce null);
programs = {
home-manager.enable = lib.mkIf (!config.swarselsystems.isNixos) true;
man = {
enable = true;
generateCaches = true;
};
};
targets.genericLinux.enable = lib.mkIf (!config.swarselsystems.isNixos) true;
home = {
username = lib.mkDefault mainUser;
homeDirectory = lib.mkDefault "/home/${mainUser}";
stateVersion = lib.mkDefault "23.05";
keyboard.layout = "us";
sessionVariables = {
FLAKE = "/home/${mainUser}/.dotfiles";
};
extraOutputsToInstall = [
"doc"
"info"
"devdoc"
];
};
};
} }

4
modules/home/common/sops.nix
View file

@ -1,10 +1,10 @@
{ config, lib, ... }: { config, lib, inputs, ... }:
let let
inherit (config.swarselsystems) homeDir; inherit (config.swarselsystems) homeDir;
in in
{ {
options.swarselmodules.sops = lib.mkEnableOption "sops settings"; options.swarselmodules.sops = lib.mkEnableOption "sops settings";
config = lib.mkIf config.swarselmodules.sops { config = lib.optionalAttrs (inputs ? sops) {
sops = { sops = {
age.sshKeyPaths = [ "${homeDir}/.ssh/sops" "${homeDir}/.ssh/ssh_host_ed25519_key" ]; age.sshKeyPaths = [ "${homeDir}/.ssh/sops" "${homeDir}/.ssh/ssh_host_ed25519_key" ];
defaultSopsFile = "${homeDir}/.dotfiles/secrets/general/secrets.yaml"; defaultSopsFile = "${homeDir}/.dotfiles/secrets/general/secrets.yaml";

4
modules/home/common/ssh.nix
View file

@ -30,6 +30,10 @@
hostname = "192.168.1.136"; hostname = "192.168.1.136";
user = "root"; user = "root";
}; };
"dgx" = {
hostname = "192.168.48.200";
user = "swarsel";
};
"winters" = { "winters" = {
hostname = "192.168.178.24"; hostname = "192.168.178.24";
user = "root"; user = "root";

3
modules/home/common/sway.nix
View file

@ -1,4 +1,4 @@
{ config, lib, vars, ... }: { config, lib, vars, nixosConfig ? config, ... }:
let let
eachOutput = _: monitor: { eachOutput = _: monitor: {
inherit (monitor) name; inherit (monitor) name;
@ -381,6 +381,7 @@ in
export XDG_CURRENT_DESKTOP=sway; export XDG_CURRENT_DESKTOP=sway;
export XDG_SESSION_DESKTOP=sway; export XDG_SESSION_DESKTOP=sway;
export _JAVA_AWT_WM_NONREPARENTING=1; export _JAVA_AWT_WM_NONREPARENTING=1;
export GITHUB_NOTIFICATION_TOKEN_PATH=${nixosConfig.sops.secrets.github-notifications-token.path};
'' + vars.waylandExports; '' + vars.waylandExports;
# extraConfigEarly = " # extraConfigEarly = "
# exec systemctl --user import-environment DISPLAY WAYLAND_DISPLAY SWAYSOCK # exec systemctl --user import-environment DISPLAY WAYLAND_DISPLAY SWAYSOCK

16
modules/home/common/waybar.nix
View file

@ -1,4 +1,4 @@
{ self, config, lib, pkgs, ... }: { self, config, lib, inputs, pkgs, ... }:
let let
inherit (config.swarselsystems) xdgDir; inherit (config.swarselsystems) xdgDir;
generateIcons = n: lib.concatStringsSep " " (builtins.map (x: "{icon" + toString x + "}") (lib.range 0 (n - 1))); generateIcons = n: lib.concatStringsSep " " (builtins.map (x: "{icon" + toString x + "}") (lib.range 0 (n - 1)));
@ -52,7 +52,7 @@ in
internal = true; internal = true;
}; };
}; };
config = lib.mkIf config.swarselmodules.waybar { config = lib.mkIf config.swarselmodules.waybar ({
swarselsystems = { swarselsystems = {
waybarModules = lib.mkIf config.swarselsystems.isLaptop (modulesLeft ++ [ waybarModules = lib.mkIf config.swarselsystems.isLaptop (modulesLeft ++ [
@ -60,16 +60,12 @@ in
] ++ modulesRight); ] ++ modulesRight);
}; };
sops.secrets = lib.mkIf (!config.swarselsystems.isPublic && !config.swarselsystems.isNixos) {
github-notifications-token = { path = "${xdgDir}/secrets/github-notifications-token"; };
};
services.playerctld.enable = true; services.playerctld.enable = true;
programs.waybar = { programs.waybar = {
enable = true; enable = true;
systemd = { systemd = {
enable = true; enable = false;
# target = "sway-session.target"; # target = "sway-session.target";
inherit (config.wayland.systemd) target; inherit (config.wayland.systemd) target;
}; };
@ -324,5 +320,9 @@ in
}; };
style = builtins.readFile (self + /files/waybar/style.css); style = builtins.readFile (self + /files/waybar/style.css);
}; };
}; } // lib.optionalAttrs (inputs ? sops) {
sops.secrets = lib.mkIf (!config.swarselsystems.isPublic && !config.swarselsystems.isNixos) {
github-notifications-token = { path = "${xdgDir}/secrets/github-notifications-token"; };
};
});
} }

14
modules/home/common/yubikey.nix
View file

@ -1,15 +1,11 @@
{ lib, config, nixosConfig ? config, ... }: { lib, config, inputs, nixosConfig ? config, ... }:
let let
inherit (config.swarselsystems) homeDir; inherit (config.swarselsystems) homeDir;
in in
{ {
options.swarselmodules.yubikey = lib.mkEnableOption "yubikey settings"; options.swarselmodules.yubikey = lib.mkEnableOption "yubikey settings";
config = lib.mkIf config.swarselmodules.yubikey { config = lib.mkIf config.swarselmodules.yubikey ({
sops.secrets = lib.mkIf (!config.swarselsystems.isPublic) {
u2f-keys = { path = "${homeDir}/.config/Yubico/u2f_keys"; };
};
pam.yubico.authorizedYubiKeys = lib.mkIf (config.swarselsystems.isNixos && !config.swarselsystems.isPublic) { pam.yubico.authorizedYubiKeys = lib.mkIf (config.swarselsystems.isNixos && !config.swarselsystems.isPublic) {
ids = [ ids = [
@ -17,5 +13,9 @@ in
nixosConfig.repo.secrets.common.yubikeys.dev2 nixosConfig.repo.secrets.common.yubikeys.dev2
]; ];
}; };
}; } // lib.optionalAttrs (inputs ? sops) {
sops.secrets = lib.mkIf (!config.swarselsystems.isPublic) {
u2f-keys = { path = "${homeDir}/.config/Yubico/u2f_keys"; };
};
});
} }

22
modules/home/common/zsh.nix
View file

@ -1,4 +1,4 @@
{ config, pkgs, lib, minimal, globals, nixosConfig ? config, ... }: { config, pkgs, lib, minimal, inputs, globals, nixosConfig ? config, ... }:
let let
inherit (config.swarselsystems) flakePath; inherit (config.swarselsystems) flakePath;
crocDomain = globals.services.croc.domain; crocDomain = globals.services.croc.domain;
@ -12,12 +12,7 @@ in
}; };
}; };
config = lib.mkIf config.swarselmodules.zsh config = lib.mkIf config.swarselmodules.zsh
{ ({
sops.secrets = lib.mkIf (!config.swarselsystems.isPublic && !config.swarselsystems.isNixos) {
croc-password = { };
github-nixpkgs-review-token = { };
};
programs.zsh = { programs.zsh = {
enable = true; enable = true;
@ -129,11 +124,18 @@ in
''; '';
sessionVariables = lib.mkIf (!config.swarselsystems.isPublic) { sessionVariables = lib.mkIf (!config.swarselsystems.isPublic) {
CROC_RELAY = crocDomain; CROC_RELAY = crocDomain;
CROC_PASS = "$(cat ${nixosConfig.sops.secrets.croc-password.path})"; CROC_PASS = "$(cat ${nixosConfig.sops.secrets.croc-password.path or ""})";
GITHUB_TOKEN = "$(cat ${nixosConfig.sops.secrets.github-nixpkgs-review-token.path})"; GITHUB_TOKEN = "$(cat ${nixosConfig.sops.secrets.github-nixpkgs-review-token.path or ""})";
QT_QPA_PLATFORM_PLUGIN_PATH = "${pkgs.libsForQt5.qt5.qtbase.bin}/lib/qt-${pkgs.libsForQt5.qt5.qtbase.version}/plugins"; QT_QPA_PLATFORM_PLUGIN_PATH = "${pkgs.libsForQt5.qt5.qtbase.bin}/lib/qt-${pkgs.libsForQt5.qt5.qtbase.version}/plugins";
# QTWEBENGINE_CHROMIUM_FLAGS = "--no-sandbox"; # QTWEBENGINE_CHROMIUM_FLAGS = "--no-sandbox";
}; };
}; };
}; } // lib.optionalAttrs (inputs ? sops) {
sops.secrets = lib.mkIf (!config.swarselsystems.isPublic && !config.swarselsystems.isNixos) {
croc-password = { };
github-nixpkgs-review-token = { };
};
});
} }

3
modules/nixos/client/login.nix
View file

@ -7,12 +7,13 @@
settings = { settings = {
# initial_session.command = "sway"; # initial_session.command = "sway";
initial_session.command = "uwsm start -- sway-uwsm.desktop"; initial_session.command = "uwsm start -- sway-uwsm.desktop";
# --cmd sway
default_session.command = '' default_session.command = ''
${pkgs.tuigreet}/bin/tuigreet \ ${pkgs.tuigreet}/bin/tuigreet \
--time \ --time \
--asterisks \ --asterisks \
--user-menu \ --user-menu \
--cmd sway --cmd "uwsm start -- sway-uwsm.desktop"
''; '';
}; };
}; };

69
modules/nixos/common/settings.nix
View file

@ -60,34 +60,49 @@ in
sopsFile = "${config.swarselsystems.flakePath}/secrets/general/secrets.yaml"; sopsFile = "${config.swarselsystems.flakePath}/secrets/general/secrets.yaml";
}; };
nix = { nix =
package = pkgs.nixVersions.nix_2_28; let
settings = { nix-version = "2_30";
experimental-features = [ in
"nix-command" {
"flakes" package = pkgs.nixVersions."nix_${nix-version}";
"ca-derivations" settings = {
"cgroups" experimental-features = [
"pipe-operators" "nix-command"
]; "flakes"
trusted-users = [ "@wheel" "${config.swarselsystems.mainUser}" ]; "ca-derivations"
"cgroups"
"pipe-operators"
];
trusted-users = [ "@wheel" "${config.swarselsystems.mainUser}" ];
};
# extraOptions = ''
# plugin-files = ${pkgs.dev.nix-plugins}/lib/nix/plugins
# extra-builtins-file = ${self + /nix/extra-builtins.nix}
# '' + lib.optionalString (!minimal) ''
# !include ${config.sops.secrets.github-api-token.path}
# '';
# extraOptions = ''
# plugin-files = ${pkgs.nix-plugins.overrideAttrs (o: {
# buildInputs = [config.nix.package pkgs.boost];
# patches = o.patches or [];
# })}/lib/nix/plugins
# extra-builtins-file = ${self + /nix/extra-builtins.nix}
# '';
extraOptions =
let
nix-plugins = pkgs.nix-plugins.override {
nixComponents = pkgs.nixVersions."nixComponents_${nix-version}";
};
in
''
plugin-files = ${nix-plugins}/lib/nix/plugins
extra-builtins-file = ${self + /nix/extra-builtins.nix}
'' + lib.optionalString (!minimal) ''
!include ${config.sops.secrets.github-api-token.path}
'';
}; };
# extraOptions = ''
# plugin-files = ${pkgs.dev.nix-plugins}/lib/nix/plugins
# extra-builtins-file = ${self + /nix/extra-builtins.nix}
# '' + lib.optionalString (!minimal) ''
# !include ${config.sops.secrets.github-api-token.path}
# '';
extraOptions = ''
plugin-files = ${pkgs.nix-plugins.overrideAttrs (o: {
buildInputs = [config.nix.package pkgs.boost];
patches = o.patches or [];
})}/lib/nix/plugins
extra-builtins-file = ${self + /nix/extra-builtins.nix}
'' + lib.optionalString (!minimal) ''
!include ${config.sops.secrets.github-api-token.path}
'';
};
system.stateVersion = lib.mkDefault "23.05"; system.stateVersion = lib.mkDefault "23.05";

186
nix/devshell.nix
View file

@ -46,96 +46,106 @@
}; };
}; };
devshells.default = { devshells.default =
packages = [ let
(builtins.trace "alarm: we pinned nix_2_28 because of https://github.com/shlevy/nix-plugins/issues/20" pkgs.nixVersions.nix_2_28) # Always use the nix version from this flake's nixpkgs version, so that nix-plugins (below) doesn't fail because of different nix versions. nix-version = "2_30";
pkgs.git in
pkgs.just {
pkgs.age packages = [
pkgs.ssh-to-age (builtins.trace "alarm: pinned nix_${nix-version}" pkgs.nixVersions."nix_${nix-version}")
pkgs.sops pkgs.git
pkgs.home-manager pkgs.just
pkgs.nixpkgs-fmt pkgs.age
self.packages.${system}.swarsel-build pkgs.ssh-to-age
self.packages.${system}.swarsel-deploy pkgs.sops
]; pkgs.home-manager
pkgs.nixpkgs-fmt
self.packages.${system}.swarsel-build
self.packages.${system}.swarsel-deploy
];
commands = [ commands = [
{ {
package = pkgs.statix; package = pkgs.statix;
help = "Lint flake"; help = "Lint flake";
} }
{ {
package = pkgs.deadnix; package = pkgs.deadnix;
help = "Check flake for dead code"; help = "Check flake for dead code";
} }
{ {
package = pkgs.nix-tree; package = pkgs.nix-tree;
help = "Interactively browse dependency graphs of Nix derivations"; help = "Interactively browse dependency graphs of Nix derivations";
} }
{ {
package = pkgs.nvd; package = pkgs.nvd;
help = "Diff two nix toplevels and show which packages were upgraded"; help = "Diff two nix toplevels and show which packages were upgraded";
} }
{ {
package = pkgs.nix-diff; package = pkgs.nix-diff;
help = "Explain why two Nix derivations differ"; help = "Explain why two Nix derivations differ";
} }
{ {
package = pkgs.nix-output-monitor; package = pkgs.nix-output-monitor;
help = "Nix Output Monitor (a drop-in alternative for `nix` which shows a build graph)"; help = "Nix Output Monitor (a drop-in alternative for `nix` which shows a build graph)";
name = "nom"; name = "nom \"$@\"";
} }
{ {
name = "hm"; name = "hm";
help = "Manage home-manager config"; help = "Manage home-manager config";
command = "home-manager"; command = "home-manager \"$@\"";
} }
{ {
name = "fmt"; name = "fmt";
help = "Format flake"; help = "Format flake";
command = "nixpkgs-fmt --check \"$FLAKE\""; command = "nixpkgs-fmt --check \"$FLAKE\"";
} }
{ {
name = "sd"; name = "sd";
help = "Build and deploy this nix config to nodes"; help = "Build and deploy this nix config to nodes";
command = "swarsel-deploy \"$@\""; command = "swarsel-deploy \"$@\"";
} }
{ {
name = "sl"; name = "sl";
help = "Build and deploy a config to nodes"; help = "Build and deploy a config to nodes";
command = "swarsel-deploy \${1} switch"; command = "swarsel-deploy \${1} switch";
} }
{ {
name = "sw"; name = "sw";
help = "Build and switch to the host's config locally"; help = "Build and switch to the host's config locally";
command = "swarsel-deploy $(hostname) switch"; command = "swarsel-deploy $(hostname) switch";
} }
{ {
name = "bld"; name = "bld";
help = "Build a number of configurations"; help = "Build a number of configurations";
command = "swarel-build \"$@\""; command = "swarsel-build \"$@\"";
} }
{ {
name = "c"; name = "c";
help = "Work with the flake git repository"; help = "Work with the flake git repository";
command = "git --git-dir=$FLAKE/.git --work-tree=$FLAKE/ \"$@\""; command = "git --git-dir=$FLAKE/.git --work-tree=$FLAKE/ \"$@\"";
} }
]; ];
devshell.startup.pre-commit-install.text = "pre-commit install"; devshell.startup.pre-commit-install.text = "pre-commit install";
env = [ env =
{ let
# Additionally configure nix-plugins with our extra builtins file. nix-plugins = pkgs.nix-plugins.override {
# We need this for our repo secrets. nixComponents = pkgs.nixVersions."nixComponents_${nix-version}";
name = "NIX_CONFIG"; };
value = '' in
plugin-files = ${pkgs.nix-plugins}/lib/nix/plugins [
extra-builtins-file = ${self + /nix/extra-builtins.nix} {
''; # Additionally configure nix-plugins with our extra builtins file.
} # We need this for our repo secrets.
]; name = "NIX_CONFIG";
}; value = ''
plugin-files = ${nix-plugins}/lib/nix/plugins
extra-builtins-file = ${self + /nix/extra-builtins.nix}
'';
}
];
};
}; };
} }

2
nix/hosts.nix
View file

@ -93,7 +93,7 @@
modules = [ modules = [
inputs.niri-flake.homeModules.niri inputs.niri-flake.homeModules.niri
inputs.nix-index-database.homeModules.nix-index inputs.nix-index-database.homeModules.nix-index
inputs.sops-nix.homeManagerModules.sops # inputs.sops-nix.homeManagerModules.sops
inputs.spicetify-nix.homeManagerModules.default inputs.spicetify-nix.homeManagerModules.default
inputs.swarsel-nix.homeModules.default inputs.swarsel-nix.homeModules.default
"${self}/hosts/${type}/${configName}" "${self}/hosts/${type}/${configName}"

58
pkgs/git-replace/default.nix
View file

@ -4,6 +4,60 @@ writeShellApplication {
inherit name; inherit name;
runtimeInputs = [ git gnugrep findutils ]; runtimeInputs = [ git gnugrep findutils ];
text = '' text = ''
git grep -l "$1" | xargs sed -i "s/$1/$2/g"
''; function help_and_exit() {
echo
echo "Remotely installs SwarselSystem on a target machine including secret deployment."
echo
echo "USAGE: $0 [-f/-t} <from> <to>"
echo
echo "ARGS:"
echo " -f | --filenames Replace in filenames."
echo " -d | --directory Replace text in files within this directory."
echo " -r | --repo Replace text in files in the entire git repo."
echo " -h | --help Print this help."
exit 0
}
target_files=false
target_repo=false
target_dirs=false
while [[ $# -gt 0 ]]; do
case "$1" in
-f | --filenames)
shift
target_files=true
;;
-r | --repo)
shift
target_repo=rue
;;
-d | --directory)
shift
target_dirs=rue
;;
-h | --help) help_and_exit ;;
*)
echo "Invalid option detected."
help_and_exit
;;
esac
shift
done
if [[ $target_files == "true" ]]; then
for file in $(git ls-files | grep "$1" | sed -e "s/\($1[^/]*\).*/\1/" | uniq); do
git mv "$file" "''${file//$1/$2}"
done
fi
if [[ $target_repo == "true" ]]; then
git grep -l "$1" | xargs sed -i "s/$1/$2/g"
fi
if [[ $target_dirs == "true" ]]; then
grep -rl "$1" . | xargs sed -i "s/$1/$2/g"
fi
'';
} }

6
pkgs/kanshare/default.nix
View file

@ -1,9 +1,11 @@
{ name, writeShellApplication, wlr-randr, busybox, wl-mirror, ... }: { name, writeShellApplication, wlr-randr, busybox, wl-mirror, mako, ... }:
writeShellApplication { writeShellApplication {
inherit name; inherit name;
runtimeInputs = [ wlr-randr busybox wl-mirror ]; runtimeInputs = [ wlr-randr busybox wl-mirror mako ];
text = '' text = ''
makoctl mode -a do-not-disturb
wlr-randr | grep "$2" | cut -d" " -f1 | xargs -I{} wl-present mirror "$1" --fullscreen-output {} wlr-randr | grep "$2" | cut -d" " -f1 | xargs -I{} wl-present mirror "$1" --fullscreen-output {}
makoctl mode -r do-not-disturb
''; '';
} }