diff --git a/.github/README.md b/.github/README.md index d5d7313..f31bb06 100644 --- a/.github/README.md +++ b/.github/README.md @@ -121,29 +121,30 @@ Alternatively, to install this from any NixOS live ISO, run `nix run --experimen ### Services -| Topic | Program | -|-----------------------|---------------------------------| -|📖 **Books** | [Kavita](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/kavita.nix) | -|📼 **Videos** | [Jellyfin](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/jellyfin.nix) | -|🎵 **Music** | [Navidrome](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/navidrome.nix) + [Spotifyd](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/spotifyd.nix) + [MPD](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/mpd.nix) | -|🗨️ **Messaging** | [Matrix](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/matrix.nix) | +| Topic | Program | +|-----------------------|---------------------------------------------------------------------------------------------------------------------| +|📖 **Books** | [Kavita](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/kavita.nix) | +|📼 **Videos** | [Jellyfin](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/jellyfin.nix) | +|🎵 **Music** | [Navidrome](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/navidrome.nix) + [Spotifyd](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/spotifyd.nix) + [MPD](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/mpd.nix) | +|🗨️ **Messaging** | [Matrix](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/matrix.nix) | |📁 **Filesharing** | [Nectcloud](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/nextcloud.nix) | -|📷 **Photos** | [Immich](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/immich.nix) | +|🎞️ **Photos** | [Immich](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/immich.nix) | |📄 **Documents** | [Paperless](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/paperless.nix) | |🔄 **File Sync** | [Syncthing](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/syncthing.nix) | -|💾 **Backups** | [Restic](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/restic.nix) | -|👁️ **Monitoring** | [Grafana](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/monitoring.nix) | -|🍴 **RSS** | [FreshRss](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/freshrss.nix) | -|🌳 **Git** | [Forgejo](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/forgejo.nix) | -|⚓ **Anki Sync** | [Anki Sync Server](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/ankisync.nix) | -|🪪 **SSO** | [Kanidm](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/kanidm.nix) + [oauth2-proxy](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/oauth2-proxy.nix) | -|💸 **Finance** | [Firefly-III](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/firefly-iii.nix) | -|🃏 **Collections** | [Koillection](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/koillection.nix) | -|🗃️ **Shell History** | [Atuin](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/atuin.nix) | -|📅 **CalDav/CardDav** | [Radicale](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/radicale.nix) | -|↔️ **P2P Filesharing** | [Croc](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/croc.nix) | -|✂️ **Paste Tool** | [Microbin](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/microbin.nix) | -|🔗 **Link Shortener** | [Shlink](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/shlink.nix) | +|💾 **Backups** | [Restic](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/restic.nix) | +|👁️ **Monitoring** | [Grafana](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/monitoring.nix) | +|🍴 **RSS** | [FreshRss](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/freshrss.nix) | +|🌳 **Git** | [Forgejo](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/forgejo.nix) | +|⚓ **Anki Sync** | [Anki Sync Server](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/ankisync.nix) | +|🪪 **SSO** | [Kanidm](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/kanidm.nix) + [oauth2-proxy](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/oauth2-proxy.nix) | +|💸 **Finance** | [Firefly-III](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/firefly-iii.nix) | +|🃏 **Collections** | [Koillection](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/koillection.nix) | +|🗃️ **Shell History** | [Atuin](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/atuin.nix) | +|📅 **CalDav/CardDav** | [Radicale](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/radicale.nix) | +|↔️ **P2P Filesharing** | [Croc](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/croc.nix) | +|✂️ **Paste Tool** | [Microbin](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/microbin.nix) | +|📸 **Image Sharing** | [Slink](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/slink.nix) | +|🔗 **Link Shortener** | [Shlink](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/shlink.nix) | ### Hosts diff --git a/SwarselSystems.org b/SwarselSystems.org index a31f31c..282c040 100644 --- a/SwarselSystems.org +++ b/SwarselSystems.org @@ -268,29 +268,30 @@ Here I give a brief overview over the hostmachines that I am using. This is held :END: #+begin_src markdown :tangle no :noweb-ref services - | Topic | Program | - |-----------------------|---------------------------------| - |📖 **Books** | [Kavita](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/kavita.nix) | - |📼 **Videos** | [Jellyfin](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/jellyfin.nix) | - |🎵 **Music** | [Navidrome](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/navidrome.nix) + [Spotifyd](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/spotifyd.nix) + [MPD](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/mpd.nix) | - |🗨️ **Messaging** | [Matrix](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/matrix.nix) | + | Topic | Program | + |-----------------------|---------------------------------------------------------------------------------------------------------------------| + |📖 **Books** | [Kavita](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/kavita.nix) | + |📼 **Videos** | [Jellyfin](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/jellyfin.nix) | + |🎵 **Music** | [Navidrome](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/navidrome.nix) + [Spotifyd](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/spotifyd.nix) + [MPD](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/mpd.nix) | + |🗨️ **Messaging** | [Matrix](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/matrix.nix) | |📁 **Filesharing** | [Nectcloud](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/nextcloud.nix) | - |📷 **Photos** | [Immich](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/immich.nix) | + |🎞️ **Photos** | [Immich](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/immich.nix) | |📄 **Documents** | [Paperless](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/paperless.nix) | |🔄 **File Sync** | [Syncthing](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/syncthing.nix) | - |💾 **Backups** | [Restic](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/restic.nix) | - |👁️ **Monitoring** | [Grafana](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/monitoring.nix) | - |🍴 **RSS** | [FreshRss](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/freshrss.nix) | - |🌳 **Git** | [Forgejo](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/forgejo.nix) | - |⚓ **Anki Sync** | [Anki Sync Server](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/ankisync.nix) | - |🪪 **SSO** | [Kanidm](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/kanidm.nix) + [oauth2-proxy](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/oauth2-proxy.nix) | - |💸 **Finance** | [Firefly-III](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/firefly-iii.nix) | - |🃏 **Collections** | [Koillection](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/koillection.nix) | - |🗃️ **Shell History** | [Atuin](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/atuin.nix) | - |📅 **CalDav/CardDav** | [Radicale](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/radicale.nix) | - |↔️ **P2P Filesharing** | [Croc](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/croc.nix) | - |✂️ **Paste Tool** | [Microbin](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/microbin.nix) | - |🔗 **Link Shortener** | [Shlink](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/shlink.nix) | + |💾 **Backups** | [Restic](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/restic.nix) | + |👁️ **Monitoring** | [Grafana](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/monitoring.nix) | + |🍴 **RSS** | [FreshRss](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/freshrss.nix) | + |🌳 **Git** | [Forgejo](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/forgejo.nix) | + |⚓ **Anki Sync** | [Anki Sync Server](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/ankisync.nix) | + |🪪 **SSO** | [Kanidm](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/kanidm.nix) + [oauth2-proxy](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/oauth2-proxy.nix) | + |💸 **Finance** | [Firefly-III](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/firefly-iii.nix) | + |🃏 **Collections** | [Koillection](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/koillection.nix) | + |🗃️ **Shell History** | [Atuin](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/atuin.nix) | + |📅 **CalDav/CardDav** | [Radicale](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/radicale.nix) | + |↔️ **P2P Filesharing** | [Croc](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/croc.nix) | + |✂️ **Paste Tool** | [Microbin](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/microbin.nix) | + |📸 **Image Sharing** | [Slink](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/slink.nix) | + |🔗 **Link Shortener** | [Shlink](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/shlink.nix) | #+end_src * flake.nix @@ -781,6 +782,7 @@ Lastly, in order make this actually available to my configurations, i use the =i domains services user + root ; }; }; @@ -838,6 +840,14 @@ The rest of the outputs either define or help define the actual configurations: name = configName; secretsDir = ../hosts/nixos/${configName}/secrets; }; + + swarselprofiles = { + minimal = lib.mkIf minimal (lib.mkDefault true); + }; + + swarselsystems = { + mainUser = lib.mkDefault "swarsel"; + }; } ]; }; @@ -861,6 +871,7 @@ The rest of the outputs either define or help define the actual configurations: { node.name = configName; node.secretsDir = ../hosts/darwin/${configName}/secrets; + } ]; }; @@ -1771,19 +1782,6 @@ My work machine. Built for more security, this is the gold standard of my config { self, config, inputs, lib, minimal, ... }: let primaryUser = config.swarselsystems.mainUser; - sharedOptions = { - isLaptop = true; - isNixos = true; - isBtrfs = true; - isLinux = true; - sharescreen = "eDP-2"; - profiles = { - personal = lib.mkIf (!minimal) true; - minimal = lib.mkIf minimal true; - work = lib.mkIf (!minimal) true; - framework = lib.mkIf (!minimal) true; - }; - }; in { @@ -1796,54 +1794,57 @@ My work machine. Built for more security, this is the gold standard of my config ]; - swarselsystems = lib.recursiveUpdate - { - info = "Framework Laptop 16, 7940HS, RX7700S, 64GB RAM"; - firewall = lib.mkForce true; - wallpaper = self + /files/wallpaper/lenovowp.png; - hasBluetooth = true; - hasFingerprint = true; - isImpermanence = false; - isSecureBoot = true; - isCrypted = true; - inherit (config.repo.secrets.local) hostName; - inherit (config.repo.secrets.local) fqdn; - hibernation.offset = 533760; - profiles = { - amdcpu = true; - amdgpu = true; - hibernation = true; - btrfs = true; - }; - } - sharedOptions; + swarselprofiles = { + personal = lib.mkIf (!minimal) true; + work = lib.mkIf (!minimal) true; + framework = lib.mkIf (!minimal) true; + amdcpu = true; + amdgpu = true; + hibernation = true; + btrfs = true; + }; + swarselsystems = { + lowResolution = "1280x800"; + highResolution = "2560x1600"; + isLaptop = true; + isNixos = true; + isBtrfs = true; + isLinux = true; + sharescreen = "eDP-2"; + info = "Framework Laptop 16, 7940HS, RX7700S, 64GB RAM"; + firewall = lib.mkForce true; + wallpaper = self + /files/wallpaper/lenovowp.png; + hasBluetooth = true; + hasFingerprint = true; + isImpermanence = false; + isSecureBoot = true; + isCrypted = true; + inherit (config.repo.secrets.local) hostName; + inherit (config.repo.secrets.local) fqdn; + hibernation.offset = 533760; + }; home-manager.users."${primaryUser}" = { - # home.stateVersion = lib.mkForce "23.05"; - swarselsystems = lib.recursiveUpdate - { - isSecondaryGpu = true; - SecondaryGpuCard = "pci-0000_03_00_0"; - cpuCount = 16; - temperatureHwmon = { - isAbsolutePath = true; - path = "/sys/devices/virtual/thermal/thermal_zone0/"; - input-filename = "temp4_input"; + swarselsystems = { + isSecondaryGpu = true; + SecondaryGpuCard = "pci-0000_03_00_0"; + cpuCount = 16; + temperatureHwmon = { + isAbsolutePath = true; + path = "/sys/devices/virtual/thermal/thermal_zone0/"; + input-filename = "temp4_input"; + }; + monitors = { + main = { + name = "BOE 0x0BC9 Unknown"; + mode = "2560x1600"; # TEMPLATE + scale = "1"; + position = "2560,0"; + workspace = "15:L"; + output = "eDP-2"; }; - lowResolution = "1280x800"; - highResolution = "2560x1600"; - monitors = { - main = { - name = "BOE 0x0BC9 Unknown"; - mode = "2560x1600"; # TEMPLATE - scale = "1"; - position = "2560,0"; - workspace = "15:L"; - output = "eDP-2"; - }; - }; - } - sharedOptions; + }; + }; }; } @@ -2032,17 +2033,7 @@ My personal laptop. { self, config, inputs, lib, minimal, ... }: let primaryUser = config.swarselsystems.mainUser; - sharedOptions = { - isLaptop = true; - isNixos = true; - isBtrfs = true; - isLinux = true; - sharescreen = "eDP-1"; - profiles = { - reduced = lib.mkIf (!minimal) true; - minimal = lib.mkIf minimal true; - }; - }; + sharedOptions = { }; in { @@ -2054,9 +2045,20 @@ My personal laptop. ]; + swarselprofiles = { + reduced = lib.mkIf (!minimal) true; + btrfs = true; + }; swarselsystems = lib.recursiveUpdate { + isLaptop = true; + isNixos = true; + isBtrfs = true; + isLinux = true; + lowResolution = "1280x800"; + highResolution = "1920x1080"; + sharescreen = "eDP-1"; info = "Lenovo ThinkPad"; firewall = lib.mkForce true; wallpaper = self + /files/wallpaper/lenovowp.png; @@ -2069,30 +2071,23 @@ My personal laptop. rootDisk = "/dev/nvme0n1"; swapSize = "4G"; hostName = config.node.name; - profiles = { - btrfs = true; - }; } sharedOptions; home-manager.users."${primaryUser}" = { # home.stateVersion = lib.mkForce "23.05"; - swarselsystems = lib.recursiveUpdate - { - lowResolution = "1280x800"; - highResolution = "1920x1080"; - monitors = { - main = { - name = "LG Display 0x04EF Unknown"; - mode = "1920x1080"; # TEMPLATE - scale = "1"; - position = "1920,0"; - workspace = "15:L"; - output = "eDP-1"; - }; + swarselsystems = { + monitors = { + main = { + name = "LG Display 0x04EF Unknown"; + mode = "1920x1080"; # TEMPLATE + scale = "1"; + position = "1920,0"; + workspace = "15:L"; + output = "eDP-1"; }; - } - sharedOptions; + }; + }; }; } @@ -2272,18 +2267,7 @@ This is my main server that I run at home. It handles most tasks that require bi :CUSTOM_ID: h:8ad68406-4a75-45ba-97ad-4c310b921124 :END: #+begin_src nix-ts :tangle hosts/nixos/winters/default.nix - { lib, config, ... }: - let - primaryUser = config.swarselsystems.mainUser; - sharedOptions = { - isBtrfs = false; - isLinux = true; - isNixos = true; - profiles = { - server.local = true; - }; - }; - in + { config, ... }: { imports = [ @@ -2304,21 +2288,20 @@ This is my main server that I run at home. It handles most tasks that require bi }; - swarselsystems = lib.recursiveUpdate - { - info = "ASRock J4105-ITX, 32GB RAM"; - isImpermanence = false; - isSecureBoot = true; - isCrypted = true; - } - sharedOptions; - - home-manager.users."${primaryUser}" = { - home.stateVersion = lib.mkForce "23.05"; - swarselsystems = lib.recursiveUpdate - { } - sharedOptions; + swarselprofiles = { + server.local = true; }; + + swarselsystems = { + info = "ASRock J4105-ITX, 32GB RAM"; + isImpermanence = false; + isSecureBoot = true; + isCrypted = true; + isBtrfs = false; + isLinux = true; + isNixos = true; + }; + } @@ -2494,18 +2477,7 @@ This machine mainly acts as an external sync helper. It manages the following th :END: #+begin_src nix-ts :tangle hosts/nixos/milkywell/default.nix - { lib, config, minimal, ... }: - let - primaryUser = config.swarselsystems.mainUser; - sharedOptions = { - isBtrfs = true; - isLinux = true; - isNixos = true; - }; - profiles = { - minimal = lib.mkIf minimal true; - }; - in + { lib, minimal, ... }: { imports = [ ./hardware-configuration.nix @@ -2528,25 +2500,21 @@ This machine mainly acts as an external sync helper. It manages the following th enableAllFirmware = lib.mkForce false; }; - swarselsystems = lib.recursiveUpdate - { - info = "VM.Standard.E2.1.Micro"; - isImpermanence = true; - isSecureBoot = false; - isCrypted = true; - isSwap = true; - rootDisk = "/dev/sda"; - swapSize = "4G"; - profiles = { - server.syncserver = true; - }; - } - sharedOptions; - - home-manager.users."${primaryUser}" = { - swarselsystems = lib.recursiveUpdate - { } - sharedOptions; + swarselprofiles = { + minimal = lib.mkIf minimal true; + server.syncserver = true; + }; + swarselsystems = { + info = "VM.Standard.E2.1.Micro"; + isImpermanence = true; + isSecureBoot = false; + isCrypted = true; + isSwap = true; + rootDisk = "/dev/sda"; + swapSize = "4G"; + isBtrfs = true; + isLinux = true; + isNixos = true; }; } @@ -2698,19 +2666,10 @@ This machine mainly acts as an external sync helper. It manages the following th :END: #+begin_src nix-ts :tangle hosts/nixos/moonside/default.nix - { lib, config, globals, ... }: + { lib, config, ... }: let - primaryUser = config.swarselsystems.mainUser; - inherit (config.repo.secrets.common) workHostName; inherit (config.repo.secrets.local.syncthing) dev1 dev2 dev3 loc1; inherit (config.swarselsystems) sopsFile; - serviceDomain = config.repo.secrets.common.services.domains.syncthing3; - - sharedOptions = { - isBtrfs = true; - isNixos = true; - isLinux = true; - }; in { imports = [ @@ -2733,15 +2692,6 @@ This machine mainly acts as an external sync helper. It manages the following th environment = { etc."issue".text = "\4"; - - persistence."/persist".directories = lib.mkIf config.swarselsystems.isImpermanence [ - { - directory = "/var/lib/syncthing"; - user = "syncthing"; - group = "syncthing"; - mode = "0700"; - } - ]; }; topology.self.interfaces.wg = { @@ -2788,148 +2738,74 @@ This machine mainly acts as an external sync helper. It manages the following th system.stateVersion = "23.11"; - globals.services."syncthing-${config.networking.hostName}".domain = serviceDomain; - - services = { - nginx = { - virtualHosts = { - ${serviceDomain} = { - enableACME = true; - forceSSL = true; - acmeRoot = null; - locations = { - "/" = { - proxyPass = "http://localhost:8384"; - extraConfig = '' - client_max_body_size 0; - ''; - }; + services.syncthing = { + dataDir = lib.mkForce "/sync"; + settings = { + devices = config.swarselsystems.syncthing.devices // { + "${dev1}" = { + id = "OCCDGDF-IPZ6HHQ-5SSLQ3L-MSSL5ZW-IX5JTAM-PW4PYEK-BRNMJ7E-Q7YDMA7"; + }; + "${dev2}" = { + id = "LPCFIIB-ENUM2V6-F2BWVZ6-F2HXCL2-BSBZXUF-TIMNKYB-7CATP7H-YU5D3AH"; + }; + "${dev3}" = { + id = "LAUT2ZP-KEZY35H-AHR3ARD-URAREJI-2B22P5T-PIMUNWW-PQRDETU-7KIGNQR"; + }; + }; + folders = { + "Documents" = { + path = "/sync/Documents"; + type = "receiveonly"; + versioning = { + type = "simple"; + params.keep = "2"; }; + devices = [ "pyramid" ]; + id = "hgr3d-pfu3w"; + }; + "runandbun" = { + path = "/sync/runandbun"; + type = "receiveonly"; + versioning = { + type = "simple"; + params.keep = "5"; + }; + devices = [ "winters" "magicant" ]; + id = "kwnql-ev64v"; + }; + "${loc1}" = { + path = "/sync/${loc1}"; + type = "receiveonly"; + versioning = { + type = "simple"; + params.keep = "3"; + }; + devices = [ dev1 dev2 dev3 ]; + id = "5gsxv-rzzst"; }; }; }; + }; + swarselprofiles = { + server.moonside = true; + }; + + swarselsystems = { + info = "VM.Standard.A1.Flex, 4 OCPUs, 24GB RAM"; + isImpermanence = true; + isSecureBoot = false; + isCrypted = false; + isSwap = false; + rootDisk = "/dev/sda"; + isBtrfs = true; + isNixos = true; + isLinux = true; syncthing = { - enable = true; - guiAddress = "0.0.0.0:8384"; - openDefaultPorts = true; - relay.enable = false; - settings = { - urAccepted = -1; - devices = { - "magicant" = { - id = "VMWGEE2-4HDS2QO-KNQOVGN-LXLX6LA-666E4EK-ZBRYRRO-XFEX6FB-6E3XLQO"; - }; - "winters" = { - id = "O7RWDMD-AEAHPP7-7TAVLKZ-BSWNBTU-2VA44MS-EYGUNBB-SLHKB3C-ZSLMOAA"; - }; - "${workHostName}" = { - id = "YAPV4BV-I26WPTN-SIP32MV-SQP5TBZ-3CHMTCI-Z3D6EP2-MNDQGLP-53FT3AB"; - }; - "${dev1}" = { - id = "OCCDGDF-IPZ6HHQ-5SSLQ3L-MSSL5ZW-IX5JTAM-PW4PYEK-BRNMJ7E-Q7YDMA7"; - }; - "${dev2}" = { - id = "LPCFIIB-ENUM2V6-F2BWVZ6-F2HXCL2-BSBZXUF-TIMNKYB-7CATP7H-YU5D3AH"; - }; - "${dev3}" = { - id = "LAUT2ZP-KEZY35H-AHR3ARD-URAREJI-2B22P5T-PIMUNWW-PQRDETU-7KIGNQR"; - }; - }; - folders = { - "Default Folder" = lib.mkForce { - path = "/sync/Sync"; - type = "receiveonly"; - versioning = null; - devices = [ "winters" "magicant" "${workHostName}" ]; - id = "default"; - }; - "Obsidian" = { - path = "/sync/Obsidian"; - type = "receiveonly"; - versioning = { - type = "simple"; - params.keep = "5"; - }; - devices = [ "winters" "magicant" "${workHostName}" ]; - id = "yjvni-9eaa7"; - }; - "Org" = { - path = "/sync/Org"; - type = "receiveonly"; - versioning = { - type = "simple"; - params.keep = "5"; - }; - devices = [ "winters" "magicant" "${workHostName}" ]; - id = "a7xnl-zjj3d"; - }; - "Vpn" = { - path = "/sync/Vpn"; - type = "receiveonly"; - versioning = { - type = "simple"; - params.keep = "5"; - }; - devices = [ "winters" "magicant" "${workHostName}" ]; - id = "hgp9s-fyq3p"; - }; - "Documents" = { - path = "/sync/Documents"; - type = "receiveonly"; - versioning = { - type = "simple"; - params.keep = "2"; - }; - devices = [ "winters" ]; - id = "hgr3d-pfu3w"; - }; - "runandbun" = { - path = "/sync/runandbun"; - type = "receiveonly"; - versioning = { - type = "simple"; - params.keep = "5"; - }; - devices = [ "winters" "magicant" ]; - id = "kwnql-ev64v"; - }; - "${loc1}" = { - path = "/sync/${loc1}"; - type = "receiveonly"; - versioning = { - type = "simple"; - params.keep = "3"; - }; - devices = [ dev1 dev2 dev3 ]; - id = "5gsxv-rzzst"; - }; - }; - }; + serviceDomain = config.repo.secrets.common.services.domains.syncthing3; + serviceIP = "localhost"; }; }; - - swarselsystems = lib.recursiveUpdate - { - info = "VM.Standard.A1.Flex, 4 OCPUs, 24GB RAM"; - isImpermanence = true; - isSecureBoot = false; - isCrypted = false; - isSwap = false; - rootDisk = "/dev/sda"; - profiles = { - server.moonside = true; - }; - } - sharedOptions; - - home-manager.users."${primaryUser}" = { - home.stateVersion = lib.mkForce "23.11"; - swarselsystems = lib.recursiveUpdate - { } - sharedOptions; - }; - } #+end_src @@ -3104,18 +2980,7 @@ This is a slim setup for developing base configuration. I do not track the hardw :CUSTOM_ID: h:4e53b40b-98b2-4615-b1b0-3696a75edd6e :END: #+begin_src nix-ts :tangle hosts/nixos/toto/default.nix - { self, config, lib, minimal, ... }: - let - primaryUser = config.swarselsystems.mainUser; - sharedOptions = { - isBtrfs = true; - isLinux = true; - profiles = { - toto = lib.mkIf (!minimal) true; - minimal = lib.mkIf minimal true; - }; - }; - in + { self, lib, minimal, ... }: { imports = [ @@ -3123,38 +2988,33 @@ This is a slim setup for developing base configuration. I do not track the hardw ./hardware-configuration.nix ]; - - networking = { hostName = "toto"; firewall.enable = false; }; - swarselsystems = lib.recursiveUpdate - { - info = "~SwarselSystems~ remote install helper"; - wallpaper = self + /files/wallpaper/lenovowp.png; - isImpermanence = true; - isCrypted = true; - isSecureBoot = false; - isSwap = true; - swapSize = "2G"; - # rootDisk = "/dev/nvme0n1"; - rootDisk = "/dev/vda"; - profiles.btrfs = true; - # rootDisk = "/dev/vda"; - } - sharedOptions; - - home-manager.users.${primaryUser} = { - home.stateVersion = lib.mkForce "23.05"; - swarselsystems = lib.recursiveUpdate - { - isLaptop = false; - isNixos = true; - } - sharedOptions; + swarselprofiles = { + toto = lib.mkIf (!minimal) true; + btrfs = true; }; + + swarselsystems = { + info = "~SwarselSystems~ remote install helper"; + wallpaper = self + /files/wallpaper/lenovowp.png; + isImpermanence = true; + isCrypted = true; + isSecureBoot = false; + isSwap = true; + swapSize = "2G"; + # rootDisk = "/dev/nvme0n1"; + rootDisk = "/dev/vda"; + # rootDisk = "/dev/vda"; + isBtrfs = true; + isLinux = true; + isLaptop = false; + isNixos = true; + }; + } @@ -3489,6 +3349,8 @@ This is the "reference implementation" of a setup that runs without NixOS, only inputs.sops-nix.homeManagerModules.sops inputs.nix-index-database.hmModules.nix-index "${self}/modules/home" + "${self}/modules/nixos/common/pii.nix" + "${self}/modules/nixos/common/meta.nix" ]; nixpkgs = { @@ -3539,67 +3401,56 @@ I also set the =WLR_RENDERER_ALLOW_SOFTWARE=1= to allow this configuration to ru { self, config, pkgs, lib, minimal, ... }: let mainUser = "demo"; - sharedOptions = { - inherit mainUser; + in + { + + imports = [ + ./hardware-configuration.nix + ./disk-config.nix + { + _module.args.diskDevice = config.swarselsystems.rootDisk; + } + ]; + + environment.variables = { + WLR_RENDERER_ALLOW_SOFTWARE = 1; + }; + + services.qemuGuest.enable = true; + + boot = { + loader.systemd-boot.enable = lib.mkForce true; + loader.efi.canTouchEfiVariables = true; + kernelPackages = lib.mkDefault pkgs.linuxPackages_latest; + }; + + networking = { + hostName = "chaostheatre"; + firewall.enable = true; + }; + + swarselprofiles = { + chaostheatre = lib.mkIf (!minimal) true; + minimal = lib.mkIf minimal true; + btrfs = true; + }; + swarselsystems = { + info = "~SwarselSystems~ demo host"; + wallpaper = self + /files/wallpaper/lenovowp.png; + isImpermanence = true; + isCrypted = true; + isSecureBoot = false; + isSwap = true; + swapSize = "4G"; + rootDisk = "/dev/vda"; isBtrfs = false; + inherit mainUser; isLinux = true; isPublic = true; - profiles = { - chaostheatre = lib.mkIf (!minimal) true; - minimal = lib.mkIf minimal true; - }; + isNixos = true; }; - in - { - imports = [ - ./hardware-configuration.nix - ./disk-config.nix - { - _module.args.diskDevice = config.swarselsystems.rootDisk; - } - ]; - - environment.variables = { - WLR_RENDERER_ALLOW_SOFTWARE = 1; - }; - - services.qemuGuest.enable = true; - - boot = { - loader.systemd-boot.enable = lib.mkForce true; - loader.efi.canTouchEfiVariables = true; - kernelPackages = lib.mkDefault pkgs.linuxPackages_latest; - }; - - networking = { - hostName = "chaostheatre"; - firewall.enable = true; - }; - - swarselsystems = lib.recursiveUpdate - { - info = "~SwarselSystems~ demo host"; - wallpaper = self + /files/wallpaper/lenovowp.png; - isImpermanence = true; - isCrypted = true; - isSecureBoot = false; - isSwap = true; - swapSize = "4G"; - rootDisk = "/dev/vda"; - profiles.btrfs = true; - } - sharedOptions; - - home-manager.users.${mainUser} = { - home.stateVersion = lib.mkForce "23.05"; - swarselsystems = lib.recursiveUpdate - { - isNixos = true; - } - sharedOptions; - }; - } + } #+end_src @@ -3795,17 +3646,15 @@ These are system-level settings specific to NixOS machines. All settings that ar This section is for setting things that should be used on hosts that are using the default NixOS configuration. This means that servers should NOT import this, as much of these imported modules are user-configured. #+begin_src nix-ts :tangle modules/nixos/common/default.nix - { self, lib, ... }: - let - importNames = lib.swarselsystems.readNix "modules/nixos/common"; - in - { - imports = lib.swarselsystems.mkImports importNames "modules/nixos/common" ++ [ - "${self}/modules/shared/sharedsetup.nix" - ]; - - - } +{ lib, ... }: +let + importNames = lib.swarselsystems.readNix "modules/nixos/common"; + sharedNames = lib.swarselsystems.readNix "modules/shared"; +in +{ + imports = lib.swarselsystems.mkImports importNames "modules/nixos/common" ++ + lib.swarselsystems.mkImports sharedNames "modules/shared"; +} #+end_src @@ -3892,56 +3741,62 @@ This section is for setting things that should be used on hosts that are using t inherit (lib) mkOption types - ; + ; in { - options = { - globals = mkOption { - default = { }; - type = types.submodule { - options = { - user = { - name = mkOption { - type = types.str; - }; - work = mkOption { - type = types.str; - }; + options = { + globals = mkOption { + default = { }; + type = types.submodule { + options = { + root = { + hashedPassword = mkOption { + type = types.str; }; + }; + + user = { + name = mkOption { + type = types.str; + }; + work = mkOption { + type = types.str; + }; + }; - services = mkOption { - type = types.attrsOf ( - types.submodule { - options = { - domain = mkOption { - type = types.str; - }; + services = mkOption { + type = types.attrsOf ( + types.submodule { + options = { + domain = mkOption { + type = types.str; }; - } - ); - }; + }; + } + ); + }; - domains = { - main = mkOption { - type = types.str; - }; + domains = { + main = mkOption { + type = types.str; }; }; }; }; - - _globalsDefs = mkOption { - type = types.unspecified; - default = options.globals.definitions; - readOnly = true; - internal = true; - }; }; - } + + _globalsDefs = mkOption { + type = types.unspecified; + default = options.globals.definitions; + readOnly = true; + internal = true; + }; + }; + } #+end_src -**** Meta options (automatically active) +**** Meta options (options only) :PROPERTIES: :CUSTOM_ID: h:30b81bf9-1e69-4ce8-88af-5592896bcee4 :END: @@ -3966,38 +3821,42 @@ This section is for setting things that should be used on hosts that are using t } #+end_src -**** Shared Configuration Options (automatically active) -:PROPERTIES: -:CUSTOM_ID: h:f4f22166-e345-43e6-b15f-b7f5bb886554 -:END: +**** Expose home-manager secrets in NixOS (automatically active) -I usually use =mutableUsers = false= in my NixOS configuration. However, on a new system where sops-keys have not been deployed, this would immediately lock me out of the system. Hence this flag can be used until sops-keys are created. - -#+begin_src nix-ts :tangle modules/nixos/common/sharedsetup.nix - { lib, ... }: +#+begin_src nix-ts :tangle modules/nixos/common/home-manager-secrets.nix + { lib, config, globals, ... }: + let + inherit (config.swarselsystems) mainUser homeDir; + inherit (config.repo.secrets.common.emacs) radicaleUser; + modules = config.home-manager.users.${mainUser}.swarselmodules; + in { - options = { - swarselsystems = { - withHomeManager = lib.mkOption { - type = lib.types.bool; - default = true; + config = lib.mkIf config.swarselsystems.withHomeManager { + sops = { + secrets = (lib.optionalAttrs modules.mail + { + address1-token = { owner = mainUser; }; + address2-token = { owner = mainUser; }; + address3-token = { owner = mainUser; }; + address4-token = { owner = mainUser; }; + }) // (lib.optionalAttrs modules.waybar { + github-notifications-token = { owner = mainUser; }; + }) // (lib.optionalAttrs modules.emacs { + fever-pw = { path = "${homeDir}/.emacs.d/.fever"; owner = mainUser; }; + }) // (lib.optionalAttrs modules.zsh { + croc-password = { owner = mainUser; }; + }) // (lib.optionalAttrs modules.emacs { + emacs-radicale-pw = { owner = mainUser; }; + }); + templates = { + authinfo = { + path = "${homeDir}/.emacs.d/.authinfo"; + content = '' + machine ${globals.services.radicale.domain} login ${radicaleUser} password ${config.sops.placeholder.emacs-radicale-pw} + ''; + owner = mainUser; + }; }; - isSwap = lib.mkOption { - type = lib.types.bool; - default = true; - }; - swapSize = lib.mkOption { - type = lib.types.str; - default = "8G"; - }; - rootDisk = lib.mkOption { - type = lib.types.str; - default = ""; - }; - isCrypted = lib.mkEnableOption "uses full disk encryption"; - - isImpermanence = lib.mkEnableOption "use impermanence on this system"; - isSecureBoot = lib.mkEnableOption "use secure boot on this system"; }; }; } @@ -4111,8 +3970,8 @@ A breakdown of the flags being set: }; in { - options.swarselsystems.modules.general = lib.mkEnableOption "general nix settings"; - config = lib.mkIf config.swarselsystems.modules.general + options.swarselmodules.general = lib.mkEnableOption "general nix settings"; + config = lib.mkIf config.swarselmodules.general (lib.recursiveUpdate { sops.secrets.github-api-token = lib.mkIf (!minimal) { @@ -4168,15 +4027,15 @@ A breakdown of the flags being set: We enable the use of =home-manager= as a NixoS module. A nice trick here is the =extraSpecialArgs = inputs= line, which enables the use of =seflf= in most parts of the configuration. This is useful to refer to the root of the flake (which is otherwise quite hard while maintaining flake purity). #+begin_src nix-ts :tangle modules/nixos/common/home-manager.nix - { self, inputs, config, lib, outputs, globals, nodes, minimal, configName, ... }: + { self, inputs, config, lib, outputs, globals, options, nodes, minimal, configName, ... }: { - options.swarselsystems.modules.home-manager = lib.mkEnableOption "home-manager"; - config = lib.mkIf config.swarselsystems.modules.home-manager { + options.swarselmodules.home-manager = lib.mkEnableOption "home-manager"; + config = lib.mkIf config.swarselmodules.home-manager { home-manager = lib.mkIf config.swarselsystems.withHomeManager { useGlobalPkgs = true; useUserPackages = true; verbose = true; - users.swarsel.imports = [ + users.${config.swarselsystems.mainUser}.imports = [ inputs.nix-index-database.hmModules.nix-index inputs.sops-nix.homeManagerModules.sops # inputs.stylix.homeModules.stylix @@ -4184,8 +4043,11 @@ We enable the use of =home-manager= as a NixoS module. A nice trick here is the imports = [ "${self}/profiles/home" "${self}/modules/home" - # "${self}/modules/nixos/common/pii.nix" - # "${self}/modules/nixos/common/meta.nix" + { + swarselprofiles = { + minimal = lib.mkIf minimal true; + }; + } ]; # node = { # secretsDir = if (!config.swarselsystems.isNixos) then ../../../hosts/home/${configName}/secrets else ../../../hosts/nixos/${configName}/secrets; @@ -4210,24 +4072,30 @@ In case of using a fully setup system, this makes also sure that no further user For that reason, make sure that =sops-nix= is properly working before finishing the minimal setup, otherwise we might lose user access. The bootstrapping script takes care of this. #+begin_src nix-ts :tangle modules/nixos/common/users.nix - { self, pkgs, config, lib, minimal, ... }: + { self, pkgs, config, lib, globals, minimal, ... }: let sopsFile = self + /secrets/general/secrets.yaml; in { - options.swarselsystems.modules.users = lib.mkEnableOption "user config"; - config = lib.mkIf config.swarselsystems.modules.users { + options.swarselmodules.users = lib.mkEnableOption "user config"; + config = lib.mkIf config.swarselmodules.users { sops.secrets.main-user-hashed-pw = lib.mkIf (!config.swarselsystems.isPublic) { inherit sopsFile; neededForUsers = true; }; users = { mutableUsers = lib.mkIf (!minimal) false; - users."${config.swarselsystems.mainUser}" = { + users = { + root = { + inherit (globals.root) hashedPassword; + shell = pkgs.zsh; + }; + "${config.swarselsystems.mainUser}" = { isNormalUser = true; description = "Leon S"; - password = lib.mkIf minimal "setup"; - hashedPasswordFile = lib.mkIf (!minimal) config.sops.secrets.main-user-hashed-pw.path; + password = lib.mkIf (minimal || config.swarselsystems.isPublic) "setup"; + hashedPasswordFile = lib.mkIf (!minimal && !config.swarselsystems.isPublic) config.sops.secrets.main-user-hashed-pw.path; extraGroups = [ "wheel" ] ++ lib.optionals (!minimal) [ "networkmanager" "syncthing" "docker" "lp" "audio" "video" "vboxusers" "libvirtd" "scanner" ]; packages = with pkgs; [ ]; + }; }; }; }; @@ -4244,8 +4112,8 @@ Next, we setup the keymap in case we are not in a graphical session. At this poi #+begin_src nix-ts :tangle modules/nixos/common/xserver.nix { lib, config, ... }: { - options.swarselsystems.modules.xserver = lib.mkEnableOption "xserver keymap"; - config = lib.mkIf config.swarselsystems.modules.packages { + options.swarselmodules.xserver = lib.mkEnableOption "xserver keymap"; + config = lib.mkIf config.swarselmodules.packages { services.xserver = { xkb = { layout = "us"; @@ -4266,8 +4134,8 @@ Setup timezone and locale. I want to use the US layout, but have the rest adapte #+begin_src nix-ts :tangle modules/nixos/common/time.nix { lib, config, ... }: { - options.swarselsystems.modules.time = lib.mkEnableOption "time config"; - config = lib.mkIf config.swarselsystems.modules.time { + options.swarselmodules.time = lib.mkEnableOption "time config"; + config = lib.mkIf config.swarselmodules.time { time = { timeZone = "Europe/Vienna"; # hardwareClockInLocalTime = true; @@ -4359,9 +4227,9 @@ This is also exposed to home-manager configurations, in case this ever breaks, I description = "Exposes the loaded repo secrets. This option is read-only."; }; }; - swarselsystems.modules.pii = lib.mkEnableOption "enable pii management"; + swarselmodules.pii = lib.mkEnableOption "enable pii management"; }; - config = lib.mkIf config.swarselsystems.modules.pii { + config = lib.mkIf config.swarselmodules.pii { repo.secretFiles = let local = config.node.secretsDir + "/pii.nix.enc"; @@ -4384,8 +4252,8 @@ This dynamically uses systemd boot or Lanzaboote depending on the minimal system #+begin_src nix-ts :tangle modules/nixos/common/lanzaboote.nix { lib, pkgs, config, minimal, ... }: { - options.swarselsystems.modules.lanzaboote = lib.mkEnableOption "lanzaboote config"; - config = lib.mkIf config.swarselsystems.modules.lanzaboote { + options.swarselmodules.lanzaboote = lib.mkEnableOption "lanzaboote config"; + config = lib.mkIf config.swarselmodules.lanzaboote { environment.systemPackages = lib.mkIf config.swarselsystems.isSecureBoot [ pkgs.sbctl @@ -4406,6 +4274,36 @@ This dynamically uses systemd boot or Lanzaboote depending on the minimal system } #+end_src +**** Boot + +#+begin_src nix-ts :tangle modules/nixos/common/boot.nix + { lib, pkgs, config, globals, ... }: + { + options.swarselmodules.boot = lib.mkEnableOption "boot config"; + config = lib.mkIf config.swarselmodules.boot { + boot = { + initrd.systemd = { + enable = true; + emergencyAccess = globals.root.hashedPassword; + users.root.shell = "${pkgs.bashInteractive}/bin/bash"; + storePaths = [ "${pkgs.bashInteractive}/bin/bash" ]; + extraBin = { + ip = "${pkgs.iproute2}/bin/ip"; + ping = "${pkgs.iputils}/bin/ping"; + cryptsetup = "${pkgs.cryptsetup}/bin/cryptsetup"; + }; + }; + kernelParams = [ "log_buf_len=16M" ]; + tmp.useTmpfs = true; + loader.timeout = lib.mkDefault 2; + }; + + console.earlySetup = true; + + }; + } +#+end_src + **** Impermanence :PROPERTIES: :CUSTOM_ID: h:e7668594-fa8b-4d36-a695-a58222478988 @@ -4422,8 +4320,8 @@ Normally, doing that also resets the lecture that happens on the first use of =s inherit (config.swarselsystems) isImpermanence isCrypted; in { - options.swarselsystems.modules.impermanence = lib.mkEnableOption "impermanence config"; - config = lib.mkIf config.swarselsystems.modules.impermanence { + options.swarselmodules.impermanence = lib.mkEnableOption "impermanence config"; + config = lib.mkIf config.swarselmodules.impermanence { security.sudo.extraConfig = lib.mkIf isImpermanence '' @@ -4544,8 +4442,8 @@ Mostly used to install some compilers and lsp's that I want to have available wh #+begin_src nix-ts :tangle modules/nixos/client/packages.nix { lib, config, pkgs, minimal, ... }: { - options.swarselsystems.modules.packages = lib.mkEnableOption "install packages"; - config = lib.mkIf config.swarselsystems.modules.packages { + options.swarselmodules.packages = lib.mkEnableOption "install packages"; + config = lib.mkIf config.swarselmodules.packages { environment.systemPackages = with pkgs; lib.optionals (!minimal) [ # yubikey packages @@ -4650,8 +4548,8 @@ Next, we will setup some environment variables that need to be set on the system #+begin_src nix-ts :tangle modules/nixos/client/env.nix { lib, config, pkgs, ... }: { - options.swarselsystems.modules.env = lib.mkEnableOption "environment config"; - config = lib.mkIf config.swarselsystems.modules.env { + options.swarselmodules.env = lib.mkEnableOption "environment config"; + config = lib.mkIf config.swarselmodules.env { environment = { wordlist.enable = true; @@ -4679,8 +4577,8 @@ Needed for control over system-wide privileges etc. Also I make sure that the ro #+begin_src nix-ts :tangle modules/nixos/client/polkit.nix { lib, config, minimal, ... }: { - options.swarselsystems.modules.security = lib.mkEnableOption "security config"; - config = lib.mkIf config.swarselsystems.modules.security { + options.swarselmodules.security = lib.mkEnableOption "security config"; + config = lib.mkIf config.swarselmodules.security { security = { pam.services = lib.mkIf (!minimal) { @@ -4712,8 +4610,8 @@ There is a persistent bug over Linux kernels that makes the user wait 1m30s on s #+begin_src nix-ts :tangle modules/nixos/client/systemd.nix { lib, config, ... }: { - options.swarselsystems.modules.systemdTimeout = lib.mkEnableOption "systemd timeout config"; - config = lib.mkIf config.swarselsystems.modules.systemdTimeout { + options.swarselmodules.systemdTimeout = lib.mkEnableOption "systemd timeout config"; + config = lib.mkIf config.swarselmodules.systemdTimeout { # systemd systemd.extraConfig = '' DefaultTimeoutStartSec=60s @@ -4734,8 +4632,8 @@ Enable OpenGL, Sound, Bluetooth and various drivers. { pkgs, config, lib, ... }: { + options.swarselmodules.hardware = lib.mkEnableOption "hardware config"; options.swarselsystems = { - modules.hardware = lib.mkEnableOption "hardware config"; hasBluetooth = lib.mkEnableOption "bluetooth availability"; hasFingerprint = lib.mkEnableOption "fingerprint sensor availability"; trackpoint = { @@ -4746,7 +4644,7 @@ Enable OpenGL, Sound, Bluetooth and various drivers. }; }; }; - config = lib.mkIf config.swarselsystems.modules.hardware { + config = lib.mkIf config.swarselmodules.hardware { hardware = { # opengl.driSupport32Bit = true is replaced with graphics.enable32Bit and hence redundant graphics = { @@ -4792,8 +4690,8 @@ This is only used on systems not running Pipewire. #+begin_src nix-ts :tangle modules/nixos/client/pulseaudio.nix { config, pkgs, lib, ... }: { - options.swarselsystems.modules.pulseaudio = lib.mkEnableOption "pulseaudio config"; - config = lib.mkIf config.swarselsystems.modules.pulseaudio { + options.swarselmodules.pulseaudio = lib.mkEnableOption "pulseaudio config"; + config = lib.mkIf config.swarselmodules.pulseaudio { services.pulseaudio = { enable = lib.mkIf (!config.services.pipewire.enable) true; package = pkgs.pulseaudioFull; @@ -4812,8 +4710,8 @@ Pipewire handles communication on Wayland. This enables several sound tools as w #+begin_src nix-ts :tangle modules/nixos/client/pipewire.nix { lib, config, pkgs, ... }: { - options.swarselsystems.modules.pipewire = lib.mkEnableOption "pipewire config"; - config = lib.mkIf config.swarselsystems.modules.pipewire { + options.swarselmodules.pipewire = lib.mkEnableOption "pipewire config"; + config = lib.mkIf config.swarselmodules.pipewire { security.rtkit.enable = true; # this is required for pipewire real-time access services.pipewire = { @@ -4851,10 +4749,10 @@ Here I only enable =networkmanager= and a few default networks. The rest of the in { options.swarselsystems = { - modules.network = lib.mkEnableOption "network config"; firewall = lib.swarselsystems.mkTrueOption; }; - config = lib.mkIf config.swarselsystems.modules.network { + options.swarselmodules.network = lib.mkEnableOption "network config"; + config = lib.mkIf config.swarselmodules.network { sops = { secrets = lib.mkIf (!config.swarselsystems.isPublic) { @@ -4958,7 +4856,7 @@ Here I only enable =networkmanager= and a few default networks. The rest of the wifi-security = { auth-alg = "open"; key-mgmt = "wpa-psk"; - psk = "WLAN1_PW"; + psk = "$WLAN1_PW"; }; }; @@ -5174,8 +5072,8 @@ I use sops-nix to handle secrets that I want to have available on my machines at #+begin_src nix-ts :tangle modules/nixos/client/sops.nix { config, lib, ... }: { - options.swarselsystems.modules.sops = lib.mkEnableOption "sops config"; - config = lib.mkIf config.swarselsystems.modules.sops { + options.swarselmodules.sops = lib.mkEnableOption "sops config"; + config = lib.mkIf config.swarselmodules.sops { sops = { # age.sshKeyPaths = lib.swarselsystems.mkIfElseList config.swarselsystems.isBtrfs [ "/persist/.ssh/sops" "/persist/.ssh/ssh_host_ed25519_key" ] [ "${config.swarselsystems.homeDir}/.ssh/sops" "/etc/ssh/sops" "/etc/ssh/ssh_host_ed25519_key" ]; @@ -5199,23 +5097,23 @@ By default, [[https://github.com/danth/stylix][stylix]] wants to style GRUB as w =theme= is defined in [[#h:5bc1b0c9-dc59-4c81-b5b5-e60699deda78][Theme (stylix)]]. #+begin_src nix-ts :noweb yes :tangle modules/nixos/client/stylix.nix - { self, lib, config, ... }: + { self, lib, config, vars, ... }: { - options.swarselsystems.modules.stylix = lib.mkEnableOption "stylix config"; + options.swarselmodules.stylix = lib.mkEnableOption "stylix config"; config = { stylix = { enable = true; base16Scheme = "${self}/files/stylix/swarsel.yaml"; - } // lib.optionalAttrs config.swarselsystems.modules.stylix + } // lib.optionalAttrs config.swarselmodules.stylix (lib.recursiveUpdate { targets.grub.enable = false; # the styling makes grub more ugly image = config.swarselsystems.wallpaper; } - config.swarselsystems.stylix); + vars.stylix); home-manager.users."${config.swarselsystems.mainUser}" = { stylix = { - targets = config.swarselsystems.stylixHomeTargets; + targets = vars.stylixHomeTargets; }; }; }; @@ -5232,8 +5130,8 @@ Some programs profit from being installed through dedicated NixOS settings on sy #+begin_src nix-ts :tangle modules/nixos/client/programs.nix { lib, config, ... }: { - options.swarselsystems.modules.programs = lib.mkEnableOption "small program modules config"; - config = lib.mkIf config.swarselsystems.modules.programs { + options.swarselmodules.programs = lib.mkEnableOption "small program modules config"; + config = lib.mkIf config.swarselmodules.programs { programs = { dconf.enable = true; evince.enable = true; @@ -5252,8 +5150,8 @@ Here I disable global completion to prevent redundant compinit calls and cache i #+begin_src nix-ts :tangle modules/nixos/client/zsh.nix { lib, config, pkgs, ... }: { - options.swarselsystems.modules.zsh = lib.mkEnableOption "zsh base config"; - config = lib.mkIf config.swarselsystems.modules.zsh { + options.swarselmodules.zsh = lib.mkEnableOption "zsh base config"; + config = lib.mkIf config.swarselmodules.zsh { programs.zsh = { enable = true; enableCompletion = false; @@ -5273,10 +5171,11 @@ Here I disable global completion to prevent redundant compinit calls and cache i { lib, config, pkgs, ... }: let inherit (config.swarselsystems) mainUser homeDir; + devices = config.swarselsystems.syncthing.syncDevices; in { - options.swarselsystems.modules.syncthing = lib.mkEnableOption "syncthing config"; - config = lib.mkIf config.swarselsystems.modules.syncthing { + options.swarselmodules.syncthing = lib.mkEnableOption "syncthing config"; + config = lib.mkIf config.swarselmodules.syncthing { services.syncthing = { enable = true; package = pkgs.stable.syncthing; @@ -5290,39 +5189,26 @@ Here I disable global completion to prevent redundant compinit calls and cache i options = { urAccepted = -1; }; - devices = { - "magicant" = { - id = "VMWGEE2-4HDS2QO-KNQOVGN-LXLX6LA-666E4EK-ZBRYRRO-XFEX6FB-6E3XLQO"; - }; - "sync@oracle" = { - id = "ETW6TST-NPK7MKZ-M4LXMHA-QUPQHDT-VTSHH5X-CR5EIN2-YU7E55F-MGT7DQB"; - }; - "winters" = { - id = "O7RWDMD-AEAHPP7-7TAVLKZ-BSWNBTU-2VA44MS-EYGUNBB-SLHKB3C-ZSLMOAA"; - }; - "moonside@oracle" = { - id = "VPCDZB6-MGVGQZD-Q6DIZW3-IZJRJTO-TCC3QUQ-2BNTL7P-AKE7FBO-N55UNQE"; - }; - }; + inherit (config.swarselsystems.syncthing) devices; folders = { "Default Folder" = lib.mkDefault { path = "${homeDir}/Sync"; - devices = [ "sync@oracle" "magicant" "winters" "moonside@oracle" ]; + inherit devices; id = "default"; }; "Obsidian" = { path = "${homeDir}/Nextcloud/Obsidian"; - devices = [ "sync@oracle" "magicant" "winters" "moonside@oracle" ]; + inherit devices; id = "yjvni-9eaa7"; }; "Org" = { path = "${homeDir}/Nextcloud/Org"; - devices = [ "sync@oracle" "magicant" "winters" "moonside@oracle" ]; + inherit devices; id = "a7xnl-zjj3d"; }; "Vpn" = { path = "${homeDir}/Vpn"; - devices = [ "sync@oracle" "magicant" "winters" "moonside@oracle" ]; + inherit devices; id = "hgp9s-fyq3p"; }; }; @@ -5349,8 +5235,8 @@ Enables the blueman service including the nice system tray icon. #+begin_src nix-ts :tangle modules/nixos/client/blueman.nix { lib, config, ... }: { - options.swarselsystems.modules.blueman = lib.mkEnableOption "blueman config"; - config = lib.mkIf config.swarselsystems.modules.blueman { + options.swarselmodules.blueman = lib.mkEnableOption "blueman config"; + config = lib.mkIf config.swarselmodules.blueman { services.blueman.enable = true; services.hardware.bolt.enable = true; }; @@ -5371,8 +5257,8 @@ Avahi is the service used for the network discovery. #+begin_src nix-ts :tangle modules/nixos/client/networkdevices.nix { lib, config, pkgs, ... }: { - options.swarselsystems.modules.networkDevices = lib.mkEnableOption "network device config"; - config = lib.mkIf config.swarselsystems.modules.networkDevices { + options.swarselmodules.networkDevices = lib.mkEnableOption "network device config"; + config = lib.mkIf config.swarselmodules.networkDevices { # enable scanners over network hardware.sane = { enable = true; @@ -5414,8 +5300,8 @@ This is being set to allow myself to use all functions of nautilus in NixOS #+begin_src nix-ts :tangle modules/nixos/client/gvfs.nix { lib, config, ... }: { - options.swarselsystems.modules.gvfs = lib.mkEnableOption "gvfs config for nautilus"; - config = lib.mkIf config.swarselsystems.modules.gvfs { + options.swarselmodules.gvfs = lib.mkEnableOption "gvfs config for nautilus"; + config = lib.mkIf config.swarselmodules.gvfs { services.gvfs.enable = true; }; } @@ -5431,8 +5317,8 @@ This is a super-convenient package that lets my remap my =CAPS= key to =ESC= if #+begin_src nix-ts :tangle modules/nixos/client/interceptiontools.nix { lib, config, pkgs, ... }: { - options.swarselsystems.modules.interceptionTools = lib.mkEnableOption "interception tools config"; - config = lib.mkIf config.swarselsystems.modules.interceptionTools { + options.swarselmodules.interceptionTools = lib.mkEnableOption "interception tools config"; + config = lib.mkIf config.swarselmodules.interceptionTools { # Make CAPS work as a dual function ESC/CTRL key services.interception-tools = { enable = true; @@ -5479,8 +5365,8 @@ Most of the time I am using =power-saver=, however, it is good to be able to cho #+begin_src nix-ts :tangle modules/nixos/client/power-profiles-daemon.nix { lib, config, ... }: { - options.swarselsystems.modules.ppd = lib.mkEnableOption "power profiles daemon config"; - config = lib.mkIf config.swarselsystems.modules.ppd { + options.swarselmodules.ppd = lib.mkEnableOption "power profiles daemon config"; + config = lib.mkIf config.swarselmodules.ppd { services.power-profiles-daemon.enable = true; }; } @@ -5494,8 +5380,8 @@ Most of the time I am using =power-saver=, however, it is good to be able to cho #+begin_src nix-ts :tangle modules/nixos/client/swayosd.nix { lib, pkgs, config, ... }: { - options.swarselsystems.modules.swayosd = lib.mkEnableOption "swayosd settings"; - config = lib.mkIf config.swarselsystems.modules.swayosd { + options.swarselmodules.swayosd = lib.mkEnableOption "swayosd settings"; + config = lib.mkIf config.swarselmodules.swayosd { environment.systemPackages = [ pkgs.dev.swayosd ]; services.udev.packages = [ pkgs.dev.swayosd ]; systemd.services.swayosd-libinput-backend = { @@ -5540,8 +5426,8 @@ Also, since I use a GPG key in sops, it seems that scdaemon creates an instance inherit (config.repo.secrets.common.yubikeys) cfg1 cfg2; in { - options.swarselsystems.modules.yubikey = lib.mkEnableOption "yubikey config"; - config = lib.mkIf config.swarselsystems.modules.yubikey { + options.swarselmodules.yubikey = lib.mkEnableOption "yubikey config"; + config = lib.mkIf config.swarselmodules.yubikey { programs.ssh.startAgent = false; services.pcscd.enable = false; @@ -5581,8 +5467,8 @@ This performs the necessary configuration to support this hardware. #+begin_src nix-ts :tangle modules/nixos/client/hardwarecompatibility-ledger.nix { lib, config, pkgs, ... }: { - options.swarselsystems.modules.ledger = lib.mkEnableOption "ledger config"; - config = lib.mkIf config.swarselsystems.modules.ledger { + options.swarselmodules.ledger = lib.mkEnableOption "ledger config"; + config = lib.mkIf config.swarselmodules.ledger { hardware.ledger.enable = true; services.udev.packages = with pkgs; [ @@ -5603,8 +5489,8 @@ This loads some udev rules that I need for my split keyboards. #+begin_src nix-ts :tangle modules/nixos/client/hardwarecompatibility-keyboards.nix { lib, config, pkgs, ... }: { - options.swarselsystems.modules.keyboards = lib.mkEnableOption "keyboards config"; - config = lib.mkIf config.swarselsystems.modules.keyboards { + options.swarselmodules.keyboards = lib.mkEnableOption "keyboards config"; + config = lib.mkIf config.swarselmodules.keyboards { services.udev.packages = with pkgs; [ qmk-udev-rules vial @@ -5624,8 +5510,8 @@ This section houses the greetd related settings. I do not really want to use a d #+begin_src nix-ts :tangle modules/nixos/client/login.nix { lib, config, pkgs, ... }: { - options.swarselsystems.modules.login = lib.mkEnableOption "login config"; - config = lib.mkIf config.swarselsystems.modules.login { + options.swarselmodules.login = lib.mkEnableOption "login config"; + config = lib.mkIf config.swarselmodules.login { services.greetd = { enable = true; settings = { @@ -5661,8 +5547,8 @@ When a program does not work, start with =nix-ldd =. This will tell you #+begin_src nix-ts :tangle modules/nixos/client/nix-ld.nix { lib, config, pkgs, ... }: { - options.swarselsystems.modules.nix-ld = lib.mkEnableOption "nix-ld config"; - config = lib.mkIf config.swarselsystems.modules.nix-ld { + options.swarselmodules.nix-ld = lib.mkEnableOption "nix-ld config"; + config = lib.mkIf config.swarselmodules.nix-ld { programs.nix-ld = { enable = true; libraries = with pkgs; [ @@ -5784,8 +5670,8 @@ This snipped is added to the activation script that is run after every rebuild a #+begin_src nix-ts :tangle modules/nixos/client/nvd-rebuild.nix { lib, config, pkgs, ... }: { - options.swarselsystems.modules.nvd = lib.mkEnableOption "nvd config"; - config = lib.mkIf config.swarselsystems.modules.nvd { + options.swarselmodules.nvd = lib.mkEnableOption "nvd config"; + config = lib.mkIf config.swarselmodules.nvd { environment.systemPackages = [ pkgs.nvd @@ -5812,8 +5698,8 @@ Used for storing sessions in e.g. Nextcloud. Using this on a system level keeps #+begin_src nix-ts :tangle modules/nixos/client/gnome-keyring.nix { lib, config, ... }: { - options.swarselsystems.modules.gnome-keyring = lib.mkEnableOption "gnome-keyring config"; - config = lib.mkIf config.swarselsystems.modules.gnome-keyring { + options.swarselmodules.gnome-keyring = lib.mkEnableOption "gnome-keyring config"; + config = lib.mkIf config.swarselmodules.gnome-keyring { services.gnome.gnome-keyring = { enable = true; }; @@ -5833,8 +5719,8 @@ This is used to better integrate Sway into the system on NixOS hosts. On the hom #+begin_src nix-ts :tangle modules/nixos/client/sway.nix { lib, config, pkgs, ... }: { - options.swarselsystems.modules.sway = lib.mkEnableOption "sway config"; - config = lib.mkIf config.swarselsystems.modules.sway { + options.swarselmodules.sway = lib.mkEnableOption "sway config"; + config = lib.mkIf config.swarselmodules.sway { programs.sway = { enable = true; package = pkgs.dev.swayfx; @@ -5867,8 +5753,8 @@ This allows me to use screen sharing on Wayland. The implementation is a bit cru #+begin_src nix-ts :tangle modules/nixos/client/xdg-portal.nix { lib, config, pkgs, ... }: { - options.swarselsystems.modules.xdg-portal = lib.mkEnableOption "xdg portal config"; - config = lib.mkIf config.swarselsystems.modules.xdg-portal { + options.swarselmodules.xdg-portal = lib.mkEnableOption "xdg portal config"; + config = lib.mkIf config.swarselmodules.xdg-portal { xdg.portal = { enable = true; config = { @@ -5887,7 +5773,7 @@ This allows me to use screen sharing on Wayland. The implementation is a bit cru } #+end_src -**** Podmam (distrobox) +**** Podman (distrobox) :PROPERTIES: :CUSTOM_ID: h:1bef3914-a258-4585-b232-e0fbe9e7a9b5 :END: @@ -5897,8 +5783,8 @@ I am using distrobox to quickly circumvent isses that I cannot immediately solve #+begin_src nix-ts :tangle modules/nixos/client/distrobox.nix { lib, config, pkgs, ... }: { - options.swarselsystems.modules.distrobox = lib.mkEnableOption "distrobox config"; - config = lib.mkIf config.swarselsystems.modules.distrobox { + options.swarselmodules.distrobox = lib.mkEnableOption "distrobox config"; + config = lib.mkIf config.swarselmodules.distrobox { environment.systemPackages = with pkgs; [ distrobox boxbuddy @@ -5922,8 +5808,8 @@ Adds the necessary tools to allow .appimage programs easily. #+begin_src nix-ts :tangle modules/nixos/client/appimage.nix { lib, config, ... }: { - options.swarselsystems.modules.appimage = lib.mkEnableOption "appimage config"; - config = lib.mkIf config.swarselsystems.modules.appimage { + options.swarselmodules.appimage = lib.mkEnableOption "appimage config"; + config = lib.mkIf config.swarselmodules.appimage { programs.appimage = { enable = true; binfmt = true; @@ -5943,8 +5829,8 @@ This turns off the display when the lid is closed. #+begin_src nix-ts :tangle modules/nixos/client/lid.nix { lib, config, ... }: { - options.swarselsystems.modules.lid = lib.mkEnableOption "lid config"; - config = lib.mkIf config.swarselsystems.modules.lid { + options.swarselmodules.lid = lib.mkEnableOption "lid config"; + config = lib.mkIf config.swarselmodules.lid { services.logind = { lidSwitch = "suspend"; lidSwitchDocked = "ignore"; @@ -5990,8 +5876,8 @@ Since I hide the waybar completely during normal operation, I run the risk of no #+begin_src nix-ts :tangle modules/nixos/client/lowbattery.nix { pkgs, lib, config, ... }: { - options.swarselsystems.modules.lowBattery = lib.mkEnableOption "low battery notification config"; - config = lib.mkIf config.swarselsystems.modules.lowBattery { + options.swarselmodules.lowBattery = lib.mkEnableOption "low battery notification config"; + config = lib.mkIf config.swarselmodules.lowBattery { systemd.user.services."battery-low" = { enable = true; description = "Timer for battery check that alerts at 10% or less"; @@ -6032,8 +5918,8 @@ Auto login for the initial session. inherit (config.swarselsystems) mainUser; in { - options.swarselsystems.modules.autologin = lib.mkEnableOption "optional autologin settings"; - config = lib.mkIf config.swarselsystems.modules.autologin { + options.swarselmodules.autologin = lib.mkEnableOption "optional autologin settings"; + config = lib.mkIf config.swarselmodules.autologin { services = { getty.autologinUser = mainUser; greetd.settings.initial_session.user = mainUser; @@ -6080,14 +5966,15 @@ Here we just define some aliases for rebuilding the system, and we allow some in inherit (config.swarselsystems) flakePath; in { + + options.swarselmodules.server.general = lib.mkEnableOption "general setting on server"; options.swarselsystems = { - modules.server.general = lib.mkEnableOption "general setting on server"; shellAliases = lib.mkOption { type = lib.types.attrsOf lib.types.str; default = { }; }; }; - config = lib.mkIf config.swarselsystems.modules.server.general { + config = lib.mkIf config.swarselmodules.server.general { environment.shellAliases = lib.recursiveUpdate { @@ -6122,8 +6009,8 @@ Here we just define some aliases for rebuilding the system, and we allow some in #+begin_src nix-ts :tangle modules/nixos/server/packages.nix { lib, config, pkgs, ... }: { - options.swarselsystems.modules.server.packages = lib.mkEnableOption "enable packages on server"; - config = lib.mkIf config.swarselsystems.modules.server.packages { + options.swarselmodules.server.packages = lib.mkEnableOption "enable packages on server"; + config = lib.mkIf config.swarselmodules.server.packages { environment.systemPackages = with pkgs; [ gnupg nix-index @@ -6152,8 +6039,8 @@ Here we just define some aliases for rebuilding the system, and we allow some in nfsUser = globals.user.name; in { - options.swarselsystems.modules.server.nfs = lib.mkEnableOption "enable nfs on server"; - config = lib.mkIf config.swarselsystems.modules.server.nfs { + options.swarselmodules.server.nfs = lib.mkEnableOption "enable nfs on server"; + config = lib.mkIf config.swarselmodules.server.nfs { services = { # add a user with sudo smbpasswd -a samba = { @@ -6216,8 +6103,8 @@ Here we just define some aliases for rebuilding the system, and we allow some in in { - options.swarselsystems.modules.server.nginx = lib.mkEnableOption "enable nginx on server"; - config = lib.mkIf config.swarselsystems.modules.server.nginx { + options.swarselmodules.server.nginx = lib.mkEnableOption "enable nginx on server"; + config = lib.mkIf config.swarselmodules.server.nginx { environment.systemPackages = with pkgs; [ lego ]; @@ -6262,8 +6149,8 @@ Here I am forcing =startWhenNeeded= to false so that the value will not be set t #+begin_src nix-ts :tangle modules/nixos/server/ssh.nix { self, lib, config, ... }: { - options.swarselsystems.modules.server.ssh = lib.mkEnableOption "enable ssh on server"; - config = lib.mkIf config.swarselsystems.modules.server.ssh { + options.swarselmodules.server.ssh = lib.mkEnableOption "enable ssh on server"; + config = lib.mkIf config.swarselmodules.server.ssh { services.openssh = { enable = true; startWhenNeeded = lib.mkForce false; @@ -6310,8 +6197,8 @@ Here I am forcing =startWhenNeeded= to false so that the value will not be set t serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; in { - options.swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; - config = lib.mkIf config.swarselsystems.modules.server.${serviceName} { + options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; + config = lib.mkIf config.swarselmodules.server.${serviceName} { environment.systemPackages = with pkgs; [ calibre ]; @@ -6381,8 +6268,8 @@ Here I am forcing =startWhenNeeded= to false so that the value will not be set t serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; in { - options.swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; - config = lib.mkIf config.swarselsystems.modules.server.${serviceName} { + options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; + config = lib.mkIf config.swarselmodules.server.${serviceName} { users.users.${serviceUser} = { extraGroups = [ "video" "render" "users" ]; }; @@ -6452,8 +6339,8 @@ Here I am forcing =startWhenNeeded= to false so that the value will not be set t serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; in { - options.swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; - config = lib.mkIf config.swarselsystems.modules.server.${serviceName} { + options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; + config = lib.mkIf config.swarselmodules.server.${serviceName} { environment.systemPackages = with pkgs; [ pciutils alsa-utils @@ -6595,8 +6482,8 @@ Here I am forcing =startWhenNeeded= to false so that the value will not be set t serviceGroup = serviceUser; in { - options.swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; - config = lib.mkIf config.swarselsystems.modules.server.${serviceName} { + options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; + config = lib.mkIf config.swarselmodules.server.${serviceName} { users.groups.${serviceGroup} = { gid = 65136; }; @@ -6646,8 +6533,8 @@ Here I am forcing =startWhenNeeded= to false so that the value will not be set t serviceName = "mpd"; in { - options.swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; - config = lib.mkIf config.swarselsystems.modules.server.${serviceName} { + options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; + config = lib.mkIf config.swarselmodules.server.${serviceName} { users = { groups = { mpd = { }; @@ -6712,7 +6599,7 @@ Here I am forcing =startWhenNeeded= to false so that the value will not be set t #+begin_src nix-ts :tangle modules/nixos/server/pipewire.nix { lib, config, ... }: { - config = lib.mkIf (config?swarselsystems.modules.server.mpd || config?swarselsystems.modules.server.navidrome) { + config = lib.mkIf (config?swarselmodules.server.mpd || config?swarselmodules.server.navidrome) { security.rtkit.enable = true; # this is required for pipewire real-time access @@ -6744,8 +6631,8 @@ Here I am forcing =startWhenNeeded= to false so that the value will not be set t postgresVersion = 14; in { - options.swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; - config = lib.mkIf config.swarselsystems.modules.server.${serviceName} { + options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; + config = lib.mkIf config.swarselmodules.server.${serviceName} { services = { ${serviceName} = { enable = true; @@ -6786,8 +6673,8 @@ Here I am forcing =startWhenNeeded= to false so that the value will not be set t ''; in { - options.swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; - config = lib.mkIf config.swarselsystems.modules.server.${serviceName} { + options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; + config = lib.mkIf config.swarselmodules.server.${serviceName} { environment.systemPackages = with pkgs; [ matrix-synapse lottieconverter @@ -7130,8 +7017,8 @@ Here I am forcing =startWhenNeeded= to false so that the value will not be set t serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; in { - options.swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; - config = lib.mkIf config.swarselsystems.modules.server.${serviceName} { + options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; + config = lib.mkIf config.swarselmodules.server.${serviceName} { sops.secrets = { nextcloud-admin-pw = { inherit sopsFile; owner = serviceUser; group = serviceGroup; mode = "0440"; }; @@ -7206,8 +7093,8 @@ Here I am forcing =startWhenNeeded= to false so that the value will not be set t serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; in { - options.swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; - config = lib.mkIf config.swarselsystems.modules.server.${serviceName} { + options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; + config = lib.mkIf config.swarselmodules.server.${serviceName} { users.users.${serviceUser} = { extraGroups = [ "video" "render" "users" ]; @@ -7293,8 +7180,8 @@ Also I install Tika and Gotenberg, which are needed to create PDFs out of =.eml= kanidmDomain = globals.services.kanidm.domain; in { - options.swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; - config = lib.mkIf config.swarselsystems.modules.server.${serviceName} { + options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; + config = lib.mkIf config.swarselmodules.server.${serviceName} { users.users.${serviceUser} = { extraGroups = [ "users" ]; @@ -7438,8 +7325,8 @@ Also I install Tika and Gotenberg, which are needed to create PDFs out of =.eml= prowlarrPort = 9696; in { - options.swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} and friends on server"; - config = lib.mkIf config.swarselsystems.modules.server.${serviceName} { + options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} and friends on server"; + config = lib.mkIf config.swarselmodules.server.${serviceName} { # this user/group section is probably unneeded users = { @@ -7605,21 +7492,56 @@ Also I install Tika and Gotenberg, which are needed to create PDFs out of =.eml= :END: #+begin_src nix-ts :tangle modules/nixos/server/syncthing.nix - { lib, config, ... }: + { lib, config, configName, ... }: let - inherit (config.repo.secrets.common) workHostName; - servicePort = 8384; serviceUser = "syncthing"; serviceGroup = serviceUser; serviceName = "syncthing"; - serviceDomain = config.repo.secrets.common.services.domains.syncthing1; + specificServiceName = "syncthing-${configName}"; + inherit (config.swarselsystems.syncthing) serviceDomain; + inherit (config.swarselsystems.syncthing) serviceIP; cfg = config.services.${serviceName}; + devices = config.swarselsystems.syncthing.syncDevices; in { - options.swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; - config = lib.mkIf config.swarselsystems.modules.server.${serviceName} { + options = { + swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; + + swarselsystems.syncthing = { + serviceDomain = lib.mkOption { + type = lib.types.str; + default = config.repo.secrets.common.services.domains.syncthing1; + }; + serviceIP = lib.mkOption { + type = lib.types.str; + default = "192.168.1.2"; + }; + syncDevices = lib.mkOption { + type = lib.types.listOf lib.types.str; + default = [ "magicant" "winters" "pyramid" "moonside@oracle" ]; + }; + devices = lib.mkOption { + type = lib.types.attrs; + default = { + "magicant" = { + id = "VMWGEE2-4HDS2QO-KNQOVGN-LXLX6LA-666E4EK-ZBRYRRO-XFEX6FB-6E3XLQO"; + }; + "winters" = { + id = "O7RWDMD-AEAHPP7-7TAVLKZ-BSWNBTU-2VA44MS-EYGUNBB-SLHKB3C-ZSLMOAA"; + }; + "moonside@oracle" = { + id = "VPCDZB6-MGVGQZD-Q6DIZW3-IZJRJTO-TCC3QUQ-2BNTL7P-AKE7FBO-N55UNQE"; + }; + "pyramid" = { + id = "YAPV4BV-I26WPTN-SIP32MV-SQP5TBZ-3CHMTCI-Z3D6EP2-MNDQGLP-53FT3AB"; + }; + }; + }; + }; + }; + config = lib.mkIf config.swarselmodules.server.${serviceName} { users.users.${serviceUser} = { extraGroups = [ "users" ]; @@ -7631,39 +7553,26 @@ Also I install Tika and Gotenberg, which are needed to create PDFs out of =.eml= networking.firewall.allowedTCPPorts = [ servicePort ]; - globals.services."${serviceName}-${config.networking.hostName}".domain = serviceDomain; + globals.services."${specificServiceName}".domain = serviceDomain; services.${serviceName} = rec { enable = true; user = serviceUser; group = serviceGroup; - dataDir = "/Vault/data/${serviceName}"; + dataDir = lib.mkDefault "/Vault/data/${serviceName}"; configDir = "${cfg.dataDir}/.config/${serviceName}"; guiAddress = "0.0.0.0:${builtins.toString servicePort}"; openDefaultPorts = true; # opens ports TCP/UDP 22000 and UDP 21027 for discovery relay.enable = false; settings = { urAccepted = -1; - devices = { - "magicant" = { - id = "VMWGEE2-4HDS2QO-KNQOVGN-LXLX6LA-666E4EK-ZBRYRRO-XFEX6FB-6E3XLQO"; - }; - "milkywell@oracle" = { - id = "ETW6TST-NPK7MKZ-M4LXMHA-QUPQHDT-VTSHH5X-CR5EIN2-YU7E55F-MGT7DQB"; - }; - "${workHostName}" = { - id = "YAPV4BV-I26WPTN-SIP32MV-SQP5TBZ-3CHMTCI-Z3D6EP2-MNDQGLP-53FT3AB"; - }; - "moonside@oracle" = { - id = "VPCDZB6-MGVGQZD-Q6DIZW3-IZJRJTO-TCC3QUQ-2BNTL7P-AKE7FBO-N55UNQE"; - }; - }; + inherit (config.swarselsystems.syncthing) devices; folders = { "Default Folder" = lib.mkForce { path = "${cfg.dataDir}/Sync"; type = "receiveonly"; versioning = null; - devices = [ "milkywell@oracle" "magicant" "${workHostName}" "moonside@oracle" ]; + inherit devices; id = "default"; }; "Obsidian" = { @@ -7673,7 +7582,7 @@ Also I install Tika and Gotenberg, which are needed to create PDFs out of =.eml= type = "simple"; params.keep = "5"; }; - devices = [ "milkywell@oracle" "magicant" "${workHostName}" "moonside@oracle" ]; + inherit devices; id = "yjvni-9eaa7"; }; "Org" = { @@ -7683,7 +7592,7 @@ Also I install Tika and Gotenberg, which are needed to create PDFs out of =.eml= type = "simple"; params.keep = "5"; }; - devices = [ "milkywell@oracle" "magicant" "${workHostName}" "moonside@oracle" ]; + inherit devices; id = "a7xnl-zjj3d"; }; "Vpn" = { @@ -7693,28 +7602,18 @@ Also I install Tika and Gotenberg, which are needed to create PDFs out of =.eml= type = "simple"; params.keep = "5"; }; - devices = [ "milkywell@oracle" "magicant" "${workHostName}" "moonside@oracle" ]; + inherit devices; id = "hgp9s-fyq3p"; }; - # "Documents" = { - # path = "${cfg.dataDir}/Documents"; - # type = "receiveonly"; - # versioning = { - # type = "simple"; - # params.keep = "5"; - # }; - # devices = [ "magicant" "${workHostName}" "moonside@oracle" ]; - # id = "hgr3d-pfu3w"; - # }; }; }; }; nodes.moonside.services.nginx = { upstreams = { - ${serviceName} = { + ${specificServiceName} = { servers = { - "192.168.1.2:${builtins.toString servicePort}" = { }; + "${serviceIP}:${builtins.toString servicePort}" = { }; }; }; }; @@ -7725,7 +7624,7 @@ Also I install Tika and Gotenberg, which are needed to create PDFs out of =.eml= acmeRoot = null; locations = { "/" = { - proxyPass = "http://${serviceName}"; + proxyPass = "http://${specificServiceName}"; extraConfig = '' client_max_body_size 0; ''; @@ -7751,8 +7650,8 @@ This manages backups for my pictures and obsidian files. inherit (config.swarselsystems) sopsFile; in { - options.swarselsystems.modules.server.restic = lib.mkEnableOption "enable restic backups on server"; - config = lib.mkIf config.swarselsystems.modules.server.restic { + options.swarselmodules.server.restic = lib.mkEnableOption "enable restic backups on server"; + config = lib.mkIf config.swarselmodules.server.restic { sops = { secrets = { @@ -7779,6 +7678,11 @@ This manages backups for my pictures and obsidian files. passwordFile = config.sops.secrets.resticpw.path; paths = [ "/Vault/data/paperless" + "/Vault/data/koillection" + "/Vault/data/postgresql" + "/Vault/data/firefly-iii" + "/Vault/data/radicale" + "/Vault/data/matrix-synapse" "/Vault/Eternor/Paperless" "/Vault/Eternor/Bilder" "/Vault/Eternor/Immich" @@ -7833,8 +7737,8 @@ This section exposes several metrics that I use to check the health of my server inherit (config.swarselsystems) sopsFile; in { - options.swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; - config = lib.mkIf config.swarselsystems.modules.server.${serviceName} { + options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; + config = lib.mkIf config.swarselmodules.server.${serviceName} { sops = { secrets = { @@ -8009,7 +7913,7 @@ This section exposes several metrics that I use to check the health of my server sslVerify = false; scrapeUri = "http://localhost/nginx_status"; }; - nextcloud = lib.mkIf config.swarselsystems.modules.server.nextcloud { + nextcloud = lib.mkIf config.swarselmodules.server.nextcloud { enable = true; port = 9205; url = "https://${serviceDomain}/ocs/v2.php/apps/serverinfo/api/v1/info"; @@ -8076,8 +7980,8 @@ This is a WIP Jenkins instance. It is used to automatically build a new system w serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; in { - options.swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; - config = lib.mkIf config.swarselsystems.modules.server.${serviceName} { + options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; + config = lib.mkIf config.swarselmodules.server.${serviceName} { services.jenkins = { enable = true; @@ -8131,8 +8035,8 @@ This was an approach of hosting an RSS server from within emacs. That would have servicePort = 9812; in { - options.swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} server on server"; - config = lib.mkIf config.swarselsystems.modules.server.${serviceName} { + options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} server on server"; + config = lib.mkIf config.swarselmodules.server.${serviceName} { networking.firewall.allowedTCPPorts = [ servicePort ]; @@ -8172,8 +8076,8 @@ FreshRSS claims to support HTTP header auth, but at least it does not work with inherit (config.swarselsystems) sopsFile; in { - options.swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; - config = lib.mkIf config.swarselsystems.modules.server.${serviceName} { + options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; + config = lib.mkIf config.swarselmodules.server.${serviceName} { users.users.${serviceUser} = { extraGroups = [ "users" ]; @@ -8287,8 +8191,8 @@ FreshRSS claims to support HTTP header auth, but at least it does not work with kanidmDomain = globals.services.kanidm.domain; in { - options.swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; - config = lib.mkIf config.swarselsystems.modules.server.${serviceName} { + options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; + config = lib.mkIf config.swarselmodules.server.${serviceName} { networking.firewall.allowedTCPPorts = [ servicePort ]; @@ -8450,8 +8354,8 @@ FreshRSS claims to support HTTP header auth, but at least it does not work with ankiUser = globals.user.name; in { - options.swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; - config = lib.mkIf config.swarselsystems.modules.server.${serviceName} { + options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; + config = lib.mkIf config.swarselmodules.server.${serviceName} { networking.firewall.allowedTCPPorts = [ servicePort ]; @@ -8539,8 +8443,8 @@ To get other URLs (token, etc.), use https:///oauth2/openid//oauth2/openid//oauth2/openid//oauth2/openid//oauth2/openid//oauth2/openid//oauth2/openid//oauth2/openid//oauth2/openid//oauth2/openid//oauth2/openid//oauth2/openid//oauth2/openid//oauth2/openid//oauth2/openid//oauth2/openid//oauth2/openid//oauth2/openid/= + - make user admin: =podman exec -it slink slink user:grant:role --email= ROLE_ADMIN= + - finally, disable new user registration in web ui + +#+begin_src nix-ts :tangle modules/nixos/server/slink.nix + { self, lib, config, ... }: + let + servicePort = 3000; + serviceName = "slink"; + serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; + serviceDir = "/var/lib/slink"; + + containerRev = "sha256:98b9442696f0a8cbc92f0447f54fa4bad227af5dcfd6680545fedab2ed28ddd9"; + in + { + options = { + swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; + }; + config = lib.mkIf config.swarselmodules.server.${serviceName} { + + virtualisation.oci-containers.containers.${serviceName} = { + image = "anirdev/slink@${containerRev}"; + environment = { + "ORIGIN" = "https://${serviceDomain}"; + "TZ" = config.repo.secrets.common.location.timezone; + "STORAGE_PROVIDER" = "local"; + "IMAGE_MAX_SIZE" = "50M"; + "USER_APPROVAL_REQUIRED" = "true"; + }; + ports = [ "${builtins.toString servicePort}:${builtins.toString servicePort}" ]; + volumes = [ + "${serviceDir}/var/data:/app/var/data" + "${serviceDir}/images:/app/slink/images" + ]; + }; + + systemd.tmpfiles.rules = [ + "d ${serviceDir}/var/data 0750 root root - -" + "d ${serviceDir}/images 0750 root root - -" + ]; + + networking.firewall.allowedTCPPorts = [ servicePort ]; + + environment.persistence."/persist".directories = lib.mkIf config.swarselsystems.isImpermanence [ + { directory = serviceDir; } + ]; + + topology.self.services.${serviceName} = { + name = lib.swarselsystems.toCapitalized serviceName; + info = "https://${serviceDomain}"; + icon = "${self}/files/topology-images/shlink.png"; + }; + globals.services.${serviceName}.domain = serviceDomain; + + services.nginx = { + upstreams = { + ${serviceName} = { + servers = { + "localhost:${builtins.toString servicePort}" = { }; + }; + }; + }; + virtualHosts = { + "${serviceDomain}" = { + enableACME = true; + forceSSL = true; + acmeRoot = null; + oauth2.enable = true; + oauth2.allowedGroups = [ "slink_access" ]; + locations = { + "/" = { + proxyPass = "http://${serviceName}"; + setOauth2Headers = false; + }; + "/image" = { + proxyPass = "http://${serviceName}"; + setOauth2Headers = false; + bypassAuth = true; + }; + }; + }; + }; + }; + }; + } +#+end_src + *** Darwin :PROPERTIES: :CUSTOM_ID: h:ac0cd8b3-06cf-4dca-ba73-6100c8fedb47 @@ -9762,23 +9773,23 @@ This section sets up all the imports that are used in the home-manager section. imports = [ ]; - options.swarselsystems.modules.darwin.general = lib.mkEnableOption "darwin config"; - config = lib.mkIf config.swarselsystems.modules.darwin.general { - nix.settings.experimental-features = "nix-command flakes"; - nixpkgs = { - hostPlatform = "x86_64-darwin"; - overlays = [ outputs.overlays.default ]; - config = { - allowUnfree = true; - }; + options.swarselmodules.optional.darwin = lib.mkEnableOption "optional darwin settings"; + config = lib.mkIf config.swarselmodules.optional.darwin { + nix.settings.experimental-features = "nix-command flakes"; + nixpkgs = { + hostPlatform = "x86_64-darwin"; + overlays = [ outputs.overlays.default ]; + config = { + allowUnfree = true; }; - - home-manager.users."${macUser}".imports = [ - "${self}/modules/home/darwin" - ]; - - system.stateVersion = 4; }; + + home-manager.users."${macUser}".imports = [ + "${self}/modules/home/darwin" + ]; + + system.stateVersion = 4; + }; } #+end_src @@ -9796,15 +9807,12 @@ These sets of configuration do not need to be deployed on every host, for a mult - The work profile is only used on my work laptop. #+begin_src nix-ts :tangle modules/nixos/optional/default.nix - { self, lib, ... }: + { lib, ... }: let importNames = lib.swarselsystems.readNix "modules/nixos/optional"; - modulesPath = "${self}/modules"; in { - imports = lib.swarselsystems.mkImports importNames "modules/nixos/optional" ++ [ - "${modulesPath}/home/common/sharedsetup.nix" - ]; + imports = lib.swarselsystems.mkImports importNames "modules/nixos/optional"; } #+end_src @@ -9819,8 +9827,8 @@ This opens a few gaming ports and installs the steam configuration suite for gam #+begin_src nix-ts :tangle modules/nixos/optional/gaming.nix { pkgs, lib, config, ... }: { - options.swarselsystems.modules.optional.gaming = lib.mkEnableOption "optional gaming settings"; - config = lib.mkIf config.swarselsystems.modules.optional.gaming { + options.swarselmodules.optional.gaming = lib.mkEnableOption "optional gaming settings"; + config = lib.mkIf config.swarselmodules.optional.gaming { programs.steam = { enable = true; package = pkgs.steam; @@ -9871,8 +9879,8 @@ This sets the VirtualBox configuration. Guest should not be enabled if not direl #+begin_src nix-ts :tangle modules/nixos/optional/virtualbox.nix { lib, config, pkgs, ... }: { - options.swarselsystems.modules.optional.virtualbox = lib.mkEnableOption "optional VBox settings"; - config = lib.mkIf config.swarselsystems.modules.optional.virtualbox { + options.swarselmodules.optional.virtualbox = lib.mkEnableOption "optional VBox settings"; + config = lib.mkIf config.swarselmodules.optional.virtualbox { specialisation = { VBox.configuration = { virtualisation.virtualbox = { @@ -9911,8 +9919,8 @@ This sets the VirtualBox configuration. Guest should not be enabled if not direl { lib, config, ... }: { - options.swarselsystems.modules.optional.vmware = lib.mkEnableOption "optional vmware settings"; - config = lib.mkIf config.swarselsystems.modules.optional.vmware { + options.swarselmodules.optional.vmware = lib.mkEnableOption "optional vmware settings"; + config = lib.mkIf config.swarselmodules.optional.vmware { virtualisation.vmware.host.enable = true; virtualisation.vmware.guest.enable = true; }; @@ -9929,8 +9937,8 @@ This smashes Atmosphere 1.3.2 on the switch, which is what I am currenty using. #+begin_src nix-ts :tangle modules/nixos/optional/nswitch-rcm.nix { lib, config, pkgs, ... }: { - options.swarselsystems.modules.optional.nswitch-rcm = lib.mkEnableOption "optional nswitch-rcm settings"; - config = lib.mkIf config.swarselsystems.modules.optional.nswitch-rcm { + options.swarselmodules.optional.nswitch-rcm = lib.mkEnableOption "optional nswitch-rcm settings"; + config = lib.mkIf config.swarselmodules.optional.nswitch-rcm { services.nswitch-rcm = { enable = true; package = pkgs.fetchurl { @@ -9955,8 +9963,8 @@ This holds configuration that is specific to framework laptops. imports = [ inputs.fw-fanctrl.nixosModules.default ]; - options.swarselsystems.modules.optional.framework = lib.mkEnableOption "optional framework machine settings"; - config = lib.mkIf config.swarselsystems.modules.optional.framework { + options.swarselmodules.optional.framework = lib.mkEnableOption "optional framework machine settings"; + config = lib.mkIf config.swarselmodules.optional.framework { services = { fwupd = { enable = true; @@ -9990,8 +9998,8 @@ This holds configuration that is specific to framework laptops. #+begin_src nix-ts :tangle modules/nixos/optional/amdcpu.nix { lib, config, ... }: { - options.swarselsystems.modules.optional.amdcpu = lib.mkEnableOption "optional amd cpu settings"; - config = lib.mkIf config.swarselsystems.modules.optional.amdcpu { + options.swarselmodules.optional.amdcpu = lib.mkEnableOption "optional amd cpu settings"; + config = lib.mkIf config.swarselmodules.optional.amdcpu { hardware = { cpu.amd.updateMicrocode = true; }; @@ -10008,8 +10016,8 @@ This holds configuration that is specific to framework laptops. #+begin_src nix-ts :tangle modules/nixos/optional/amdgpu.nix { lib, config, ... }: { - options.swarselsystems.modules.optional.amdgpu = lib.mkEnableOption "optional amd gpu settings"; - config = lib.mkIf config.swarselsystems.modules.optional.amdgpu { + options.swarselmodules.optional.amdgpu = lib.mkEnableOption "optional amd gpu settings"; + config = lib.mkIf config.swarselmodules.optional.amdgpu { hardware = { amdgpu = { opencl.enable = true; @@ -10031,8 +10039,8 @@ This holds configuration that is specific to framework laptops. #+begin_src nix-ts :tangle modules/nixos/optional/hibernation.nix { lib, config, ... }: { + options.swarselmodules.optional.hibernation = lib.mkEnableOption "optional amd gpu settings"; options.swarselsystems = { - modules.optional.hibernation = lib.mkEnableOption "optional amd gpu settings"; hibernation = { offset = lib.mkOption { type = lib.types.int; @@ -10044,7 +10052,7 @@ This holds configuration that is specific to framework laptops. }; }; }; - config = lib.mkIf config.swarselsystems.modules.optional.hibernation { + config = lib.mkIf config.swarselmodules.optional.hibernation { boot = { kernelParams = [ "resume_offset=${builtins.toString config.swarselsystems.hibernation.offset}" @@ -10063,8 +10071,8 @@ This holds configuration that is specific to framework laptops. #+begin_src nix-ts :tangle modules/nixos/optional/btrfs.nix { lib, config, ... }: { - options.swarselsystems.modules.optional.btrfs = lib.mkEnableOption "optional btrfs settings"; - config = lib.mkIf config.swarselsystems.modules.optional.btrfs { + options.swarselmodules.optional.btrfs = lib.mkEnableOption "optional btrfs settings"; + config = lib.mkIf config.swarselmodules.optional.btrfs { boot = { supportedFilesystems = [ "btrfs" ]; }; @@ -10107,8 +10115,8 @@ Options that I need specifically at work. There are more options at [[#h:f0b2ea9 }; in { + options.swarselmodules.optional.work = lib.mkEnableOption "optional work settings"; options.swarselsystems = { - modules.optional.work = lib.mkEnableOption "optional work settings"; hostName = lib.mkOption { type = lib.types.str; default = ""; @@ -10118,7 +10126,7 @@ Options that I need specifically at work. There are more options at [[#h:f0b2ea9 default = ""; }; }; - config = lib.mkIf config.swarselsystems.modules.optional.work { + config = lib.mkIf config.swarselmodules.optional.work { sops = let secretNames = [ @@ -10290,6 +10298,9 @@ Options that I need specifically at work. There are more options at [[#h:f0b2ea9 spice-protocol win-virtio win-spice + + powershell + gh ]; @@ -10380,297 +10391,32 @@ This section sets up all the imports that are used in the home-manager section. { lib, ... }: let importNames = lib.swarselsystems.readNix "modules/home/common"; + sharedNames = lib.swarselsystems.readNix "modules/shared"; in { - imports = lib.swarselsystems.mkImports importNames "modules/home/common"; + imports = lib.swarselsystems.mkImports importNames "modules/home/common" ++ + lib.swarselsystems.mkImports sharedNames "modules/shared"; } #+end_src -**** Shared Configuration Options (holds firefox & stylix config parts) +**** Mirror home-manager shared options (automatically active) :PROPERTIES: -:CUSTOM_ID: h:79f7150f-b162-4f57-abdf-07f40dffd932 +:CUSTOM_ID: h:30b81bf9-1e69-4ce8-88af-5592896bcee4 :END: -Provides settings related to nix-darwin systems. At the moment, I am only making use of a =isDarwin= flag. -At work I am using several services that are using SSO login - however, as I am using four different accounts at work, this becomes a chore here. Hence, I have defined multiple profiles in [[#h:f0b2ea93-94c8-48d8-8d47-6fe58f58e0e6][Work]] that are all practically using the same configuration. To save screen space, I template that profile here. -Set in firefox =about:config > toolkit.legacyUserProfileCustomizations.stylesheets= to true. This should in principle be set automatically using the below config, but it seems not to be working reliably - -For styling, I am using the [[https://github.com/danth/stylix][stylix]] NixOS module, loaded by flake. This package is really great, as it adds nix expressions for basically everything. Ever since switching to this, I did not have to play around with theming anywhere else. - -The full list of nerd-fonts can be found here: https://github.com/NixOS/nixpkgs/blob/nixos-unstable/pkgs/data/fonts/nerd-fonts/manifests/fonts.json - -This is where the theme for the whole OS is defined. Originally, this noweb-ref section could not be copied to the general NixOS config since they are on different folder structure levels in the config, which would have made the flake impure. By now, I have found out that using the =${self}= method for referencing the flake root, I could circumvent this problem. Also, the noweb-ref block could in general be replaced by a custom attribute set (see for example [[#h:e7f98ad8-74a6-4860-a368-cce154285ff0][firefox]]). The difference here was, for a long time, that this block is used in a NixOS and a home-manager-only configuration, verbatim. If I were to use an attribute set, I would have to duplicate this block once each for NixOS and home-manager. Alas, this block stays (for now). However, I learned how to use an attribute set in a custom home-manager module and pass it to both NixOS and home-manager configurations, which also removed the need for that use of it. - -#+begin_src nix-ts :noweb yes :tangle modules/home/common/sharedsetup.nix - { self, config, lib, pkgs, globals, minimal, ... }: +#+begin_src nix-ts :tangle modules/home/common/sharedoptions.nix + { lib, config, nixosConfig ? null, ... }: + let + # mirrorAttrs = lib.mapAttrs (_: v: lib.mkDefault v) nixosConfig.swarselsystems; + inherit (lib) mkDefault mapAttrs filterAttrs; + mkDefaultCommonAttrs = base: defaults: + lib.mapAttrs (_: v: lib.mkDefault v) + (lib.filterAttrs (k: _: base ? ${k}) defaults); + in { - options.swarselsystems = { - isLaptop = lib.mkEnableOption "laptop host"; - isNixos = lib.mkEnableOption "nixos host"; - isPublic = lib.mkEnableOption "is a public machine (no secrets)"; - isDarwin = lib.mkEnableOption "darwin host"; - isLinux = lib.mkEnableOption "whether this is a linux machine"; - isBtrfs = lib.mkEnableOption "use btrfs filesystem"; - mainUser = lib.mkOption { - type = lib.types.str; - default = if (!minimal) then globals.user.name else "swarsel" ; - }; - sopsFile = lib.mkOption { - type = lib.types.str; - default = "${config.swarselsystems.flakePath}/secrets/${config.node.name}/secrets.yaml"; - }; - homeDir = lib.mkOption { - type = lib.types.str; - default = "/home/swarsel"; - }; - xdgDir = lib.mkOption { - type = lib.types.str; - default = "/run/user/1000"; - }; - flakePath = lib.mkOption { - type = lib.types.str; - default = "/home/swarsel/.dotfiles"; - }; - wallpaper = lib.mkOption { - type = lib.types.path; - default = "${self}/files/wallpaper/lenovowp.png"; - }; - sharescreen = lib.mkOption { - type = lib.types.str; - default = ""; - }; - lowResolution = lib.mkOption { - type = lib.types.str; - default = ""; - }; - highResolution = lib.mkOption { - type = lib.types.str; - default = ""; - }; - - stylix = lib.mkOption { - type = lib.types.attrs; - default = { - polarity = "dark"; - opacity.popups = 0.5; - cursor = { - package = pkgs.banana-cursor; - # package = pkgs.capitaine-cursors; - name = "Banana"; - # name = "capitaine-cursors"; - size = 16; - }; - fonts = { - sizes = { - terminal = 10; - applications = 11; - }; - serif = { - # package = (pkgs.nerdfonts.override { fonts = [ "FiraMono" "FiraCode"]; }); - package = pkgs.cantarell-fonts; - # package = pkgs.montserrat; - name = "Cantarell"; - # name = "FiraCode Nerd Font Propo"; - # name = "Montserrat"; - }; - sansSerif = { - # package = (pkgs.nerdfonts.override { fonts = [ "FiraMono" "FiraCode"]; }); - package = pkgs.cantarell-fonts; - # package = pkgs.montserrat; - name = "Cantarell"; - # name = "FiraCode Nerd Font Propo"; - # name = "Montserrat"; - }; - monospace = { - package = pkgs.nerd-fonts.fira-mono; # has overrides - name = "FiraCode Nerd Font Mono"; - }; - emoji = { - package = pkgs.noto-fonts-emoji; - name = "Noto Color Emoji"; - }; - }; - }; - }; - stylixHomeTargets = lib.mkOption { - type = lib.types.attrs; - default = { - emacs.enable = false; - waybar.enable = false; - sway.useWallpaper = false; - firefox.profileNames = [ "default" ]; - }; - }; - - firefox = lib.mkOption { - type = lib.types.attrs; - default = { - userChrome = builtins.readFile "${self}/files/firefox/chrome/userChrome.css"; - extensions = { - packages = with pkgs.nur.repos.rycee.firefox-addons; [ - tridactyl - tampermonkey - sidebery - browserpass - clearurls - darkreader - enhancer-for-youtube - istilldontcareaboutcookies - translate-web-pages - ublock-origin - reddit-enhancement-suite - sponsorblock - web-archives - onepassword-password-manager - single-file - widegithub - enhanced-github - unpaywall - don-t-fuck-with-paste - plasma-integration - noscript - - # configure a shortcut 'ctrl+shift+c' with behaviour 'do nothing' in order to disable the dev console shortcut - (buildFirefoxXpiAddon { - pname = "shortkeys"; - version = "4.0.2"; - addonId = "Shortkeys@Shortkeys.com"; - url = "https://addons.mozilla.org/firefox/downloads/file/3673761/shortkeys-4.0.2.xpi"; - sha256 = "c6fe12efdd7a871787ac4526eea79ecc1acda8a99724aa2a2a55c88a9acf467c"; - meta = with lib; - { - description = "Easily customizable custom keyboard shortcuts for Firefox. To configure this addon go to Addons (ctrl+shift+a) ->Shortkeys ->Options. Report issues here (please specify that the issue is found in Firefox): https://github.com/mikecrittenden/shortkeys"; - mozPermissions = [ - "tabs" - "downloads" - "clipboardWrite" - "browsingData" - "storage" - "bookmarks" - "sessions" - "" - ]; - platforms = platforms.all; - }; - }) - ]; - }; - - settings = - { - "extensions.autoDisableScopes" = 0; - "browser.bookmarks.showMobileBookmarks" = true; - "toolkit.legacyUserProfileCustomizations.stylesheets" = true; - "browser.search.suggest.enabled" = false; - "browser.search.suggest.enabled.private" = false; - "browser.urlbar.suggest.searches" = false; - "browser.urlbar.showSearchSuggestionsFirst" = false; - "browser.topsites.contile.enabled" = false; - "browser.newtabpage.activity-stream.feeds.section.topstories" = false; - "browser.newtabpage.activity-stream.feeds.snippets" = false; - "browser.newtabpage.activity-stream.section.highlights.includePocket" = false; - "browser.newtabpage.activity-stream.section.highlights.includeBookmarks" = false; - "browser.newtabpage.activity-stream.section.highlights.includeDownloads" = false; - "browser.newtabpage.activity-stream.section.highlights.includeVisited" = false; - "browser.newtabpage.activity-stream.showSponsored" = false; - "browser.newtabpage.activity-stream.system.showSponsored" = false; - "browser.newtabpage.activity-stream.showSponsoredTopSites" = false; - }; - - search = { - # default = "Kagi"; - default = "google"; - # privateDefault = "Kagi"; - privateDefault = "google"; - engines = { - "Kagi" = { - urls = [{ - template = "https://kagi.com/search"; - params = [ - { name = "q"; value = "{searchTerms}"; } - ]; - }]; - icon = "https://kagi.com/favicon.ico"; - updateInterval = 24 * 60 * 60 * 1000; # every day - definedAliases = [ "@k" ]; - }; - - "Nix Packages" = { - urls = [{ - template = "https://search.nixos.org/packages"; - params = [ - { name = "type"; value = "packages"; } - { name = "query"; value = "{searchTerms}"; } - ]; - }]; - icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; - definedAliases = [ "@np" ]; - }; - - "NixOS Wiki" = { - urls = [{ - template = "https://nixos.wiki/index.php?search={searchTerms}"; - }]; - icon = "https://nixos.wiki/favicon.png"; - updateInterval = 24 * 60 * 60 * 1000; # every day - definedAliases = [ "@nw" ]; - }; - - "NixOS Options" = { - urls = [{ - template = "https://search.nixos.org/options"; - params = [ - { name = "query"; value = "{searchTerms}"; } - ]; - }]; - - icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; - definedAliases = [ "@no" ]; - }; - - "Home Manager Options" = { - urls = [{ - template = "https://home-manager-options.extranix.com/"; - params = [ - { name = "query"; value = "{searchTerms}"; } - ]; - }]; - - icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; - definedAliases = [ "@hm" "@ho" "@hmo" ]; - }; - - "Confluence search" = { - urls = [{ - template = "https://vbc.atlassian.net/wiki/search"; - params = [ - { name = "text"; value = "{searchTerms}"; } - ]; - }]; - - definedAliases = [ "@c" "@cf" "@confluence" ]; - }; - - "Jira search" = { - urls = [{ - template = "https://vbc.atlassian.net/issues/"; - params = [ - { name = "jql"; value = "textfields ~ \"{searchTerms}*\"&wildcardFlag=true"; } - ]; - }]; - - definedAliases = [ "@j" "@jire" ]; - }; - - "google".metaData.alias = "@g"; - }; - force = true; # this is required because otherwise the search.json.mozlz4 symlink gets replaced on every firefox restart - }; - }; - }; - - }; + # config.swarselsystems = mirrorAttrs; + config.swarselsystems = lib.mkIf (nixosConfig != null) (mkDefaultCommonAttrs config.swarselsystems nixosConfig.swarselsystems); } #+end_src @@ -10687,8 +10433,8 @@ Again, we adapt =nix= to our needs, enable the home-manager command for non-NixO inherit (config.swarselsystems) mainUser; in { - options.swarselsystems.modules.general = lib.mkEnableOption "general nix settings"; - config = lib.mkIf config.swarselsystems.modules.general { + options.swarselmodules.general = lib.mkEnableOption "general nix settings"; + config = lib.mkIf config.swarselmodules.general { nix = lib.mkIf (!config.swarselsystems.isNixos) { package = lib.mkForce pkgs.nixVersions.nix_2_28; extraOptions = '' @@ -10755,15 +10501,15 @@ It can be set to either: #+begin_src nix-ts :tangle modules/home/common/nixgl.nix { lib, config, nixgl, ... }: { + options.swarselmodules.nixgl = lib.mkEnableOption "nixgl settings"; options.swarselsystems = { - modules.nixgl = lib.mkEnableOption "nixgl settings"; isSecondaryGpu = lib.mkEnableOption "device has a secondary GPU"; SecondaryGpuCard = lib.mkOption { type = lib.types.str; default = ""; }; }; - config = lib.mkIf config.swarselsystems.modules.nixgl { + config = lib.mkIf config.swarselmodules.nixgl { nixGL = lib.mkIf (!config.swarselsystems.isNixos) { inherit (nixgl) packages; defaultWrapper = lib.mkDefault "mesa"; @@ -10804,8 +10550,8 @@ This holds packages that I can use as provided, or with small modifications (as { lib, config, pkgs, ... }: { - options.swarselsystems.modules.packages = lib.mkEnableOption "packages settings"; - config = lib.mkIf config.swarselsystems.modules.packages { + options.swarselmodules.packages = lib.mkEnableOption "packages settings"; + config = lib.mkIf config.swarselmodules.packages { home.packages = with pkgs; [ # audio stuff @@ -10999,8 +10745,8 @@ This is just a separate container for derivations defined in [[#h:64a5cc16-6b16- { lib, config, pkgs, ... }: { - options.swarselsystems.modules.ownpackages = lib.mkEnableOption "own packages settings"; - config = lib.mkIf config.swarselsystems.modules.ownpackages { + options.swarselmodules.ownpackages = lib.mkEnableOption "own packages settings"; + config = lib.mkIf config.swarselmodules.ownpackages { home.packages = with pkgs; lib.mkIf (!config.swarselsystems.isPublic) [ pass-fuzzel cdw @@ -11053,8 +10799,8 @@ I use sops-nix to handle secrets that I want to have available on my machines at inherit (config.swarselsystems) homeDir; in { - options.swarselsystems.modules.sops = lib.mkEnableOption "sops settings"; - config = lib.mkIf config.swarselsystems.modules.sops { + options.swarselmodules.sops = lib.mkEnableOption "sops settings"; + config = lib.mkIf config.swarselmodules.sops { sops = { age.sshKeyPaths = [ "${homeDir}/.ssh/sops" "${homeDir}/.ssh/ssh_host_ed25519_key" ]; defaultSopsFile = "${homeDir}/.dotfiles/secrets/general/secrets.yaml"; @@ -11071,14 +10817,14 @@ I use sops-nix to handle secrets that I want to have available on my machines at :END: #+begin_src nix-ts :tangle modules/home/common/yubikey.nix - { lib, config, nixosConfig, ... }: + { lib, config, nixosConfig ? config, ... }: let inherit (config.swarselsystems) homeDir; in { - options.swarselsystems.modules.yubikey = lib.mkEnableOption "yubikey settings"; + options.swarselmodules.yubikey = lib.mkEnableOption "yubikey settings"; - config = lib.mkIf config.swarselsystems.modules.yubikey { + config = lib.mkIf config.swarselmodules.yubikey { sops.secrets = lib.mkIf (!config.swarselsystems.isPublic) { u2f-keys = { path = "${homeDir}/.config/Yubico/u2f_keys"; }; @@ -11104,8 +10850,8 @@ It is very convenient to have SSH aliases in place for machines that I use. This #+begin_src nix-ts :tangle modules/home/common/ssh.nix { lib, config, ... }: { - options.swarselsystems.modules.ssh = lib.mkEnableOption "ssh settings"; - config = lib.mkIf config.swarselsystems.modules.ssh { + options.swarselmodules.ssh = lib.mkEnableOption "ssh settings"; + config = lib.mkIf config.swarselmodules.ssh { programs.ssh = { enable = true; forwardAgent = true; @@ -11164,16 +10910,16 @@ This section has been notably empty ever since switching to stylix. Only Emacs i =theme= is defined in [[#h:5bc1b0c9-dc59-4c81-b5b5-e60699deda78][Theme (stylix)]]. #+begin_src nix-ts :noweb yes :tangle modules/home/common/stylix.nix - { lib, config, ... }: + { lib, config, vars, ... }: { - options.swarselsystems.modules.stylix = lib.mkEnableOption "stylix settings"; - config = lib.mkIf config.swarselsystems.modules.stylix { + options.swarselmodules.stylix = lib.mkEnableOption "stylix settings"; + config = lib.mkIf config.swarselmodules.stylix { stylix = lib.mkIf (!config.swarselsystems.isNixos) (lib.recursiveUpdate { image = config.swarselsystems.wallpaper; - targets = config.swarselsystems.stylixHomeTargets; + targets = vars.stylixHomeTargets; } - config.swarselsystems.stylix); + vars.stylix); }; } #+end_src @@ -11190,8 +10936,8 @@ TODO: Non-NixOS machines (=sp3) should not use these by default, but instead the #+begin_src nix-ts :tangle modules/home/common/desktop.nix { lib, config, ... }: { - options.swarselsystems.modules.desktop = lib.mkEnableOption "desktop settings"; - config = lib.mkIf config.swarselsystems.modules.desktop { + options.swarselmodules.desktop = lib.mkEnableOption "desktop settings"; + config = lib.mkIf config.swarselmodules.desktop { xdg.desktopEntries = { cura = { @@ -11308,8 +11054,8 @@ Also in firefox `about:config > toolkit.legacyUserProfileCustomizations.styleshe #+begin_src nix-ts :tangle modules/home/common/symlink.nix { self, lib, config, ... }: { - options.swarselsystems.modules.symlink = lib.mkEnableOption "symlink settings"; - config = lib.mkIf config.swarselsystems.modules.symlink { + options.swarselmodules.symlink = lib.mkEnableOption "symlink settings"; + config = lib.mkIf config.swarselmodules.symlink { home.file = { "init.el" = lib.mkDefault { source = self + /files/emacs/init.el; @@ -11348,32 +11094,41 @@ Also in firefox `about:config > toolkit.legacyUserProfileCustomizations.styleshe Sets environment variables. Here I am only setting the EDITOR variable, most variables are set in the [[#h:02df9dfc-d1af-4a37-a7a0-d8da0af96a20][Sway]] section. #+begin_src nix-ts :tangle modules/home/common/env.nix - { lib, config, globals, nixosConfig, ... }: - let - inherit (nixosConfig.repo.secrets.common.mail) address1 address2 address3 address4 allMailAddresses; - inherit (nixosConfig.repo.secrets.common) fullName; - crocDomain = globals.services.croc.domain; - in - { - options.swarselsystems.modules.env = lib.mkEnableOption "env settings"; - config = lib.mkIf config.swarselsystems.modules.env { - home.sessionVariables = { - EDITOR = "e -w"; - DISPLAY = ":0"; - CROC_RELAY = crocDomain; - SWARSEL_LO_RES = config.swarselsystems.lowResolution; - SWARSEL_HI_RES = config.swarselsystems.highResolution; + { lib, config, globals, nixosConfig ? config, ... }: + let + inherit (nixosConfig.repo.secrets.common.mail) address1 address2 address3 address4 allMailAddresses; + inherit (nixosConfig.repo.secrets.common.calendar) source1 source1-name source2 source2-name source3 source3-name; + inherit (nixosConfig.repo.secrets.common) fullName; + inherit (config.swarselsystems) isPublic; + crocDomain = globals.services.croc.domain; + in + { + options.swarselmodules.env = lib.mkEnableOption "env settings"; + config = lib.mkIf config.swarselmodules.env { + home.sessionVariables = { + EDITOR = "e -w"; + DISPLAY = ":0"; + SWARSEL_LO_RES = config.swarselsystems.lowResolution; + SWARSEL_HI_RES = config.swarselsystems.highResolution; + CROC_RELAY = lib.mkIf (!isPublic) crocDomain; + }; + systemd.user.sessionVariables = lib.mkIf (!isPublic) { + GITHUB_NOTIFICATION_TOKEN_PATH = nixosConfig.sops.secrets.github-notifications-token.path; + SWARSEL_MAIL1 = address1; + SWARSEL_MAIL2 = address2; + SWARSEL_MAIL3 = address3; + SWARSEL_MAIL4 = address4; + SWARSEL_CAL1 = source1; + SWARSEL_CAL1NAME = source1-name; + SWARSEL_CAL2 = source2; + SWARSEL_CAL2NAME = source2-name; + SWARSEL_CAL3 = source3; + SWARSEL_CAL3NAME = source3-name; + SWARSEL_FULLNAME = fullName; + SWARSEL_MAIL_ALL = allMailAddresses; + }; }; - systemd.user.sessionVariables = lib.mkIf (config.swarselsystems.isNixos && !config.swarselsystems.isPublic) { - SWARSEL_MAIL1 = address1; - SWARSEL_MAIL2 = address2; - SWARSEL_MAIL3 = address3; - SWARSEL_MAIL4 = address4; - SWARSEL_FULLNAME = fullName; - SWARSEL_MAIL_ALL = allMailAddresses; - }; - }; - } + } #+end_src **** General Programs: bottom, imv, sioyek, bat, carapace, wlogout, swayr, yt-dlp, mpv, jq, nix-index, ripgrep, pandoc, fzf, zoxide @@ -11386,8 +11141,8 @@ This section is for programs that require no further configuration. zsh Integrat #+begin_src nix-ts :tangle modules/home/common/programs.nix { lib, config, pkgs, ... }: { - options.swarselsystems.modules.programs = lib.mkEnableOption "programs settings"; - config = lib.mkIf config.swarselsystems.modules.programs { + options.swarselmodules.programs = lib.mkEnableOption "programs settings"; + config = lib.mkIf config.swarselmodules.programs { programs = { bottom.enable = true; imv.enable = true; @@ -11427,8 +11182,8 @@ nix-index provides a way to find out which packages are provided by which deriva #+begin_src nix-ts :tangle modules/home/common/nix-index.nix { self, lib, config, pkgs, ... }: { - options.swarselsystems.modules.nix-index = lib.mkEnableOption "nix-index settings"; - config = lib.mkIf config.swarselsystems.modules.nix-index { + options.swarselmodules.nix-index = lib.mkEnableOption "nix-index settings"; + config = lib.mkIf config.swarselmodules.nix-index { programs.nix-index = let commandNotFound = pkgs.runCommandLocal "command-not-found.sh" { } '' @@ -11461,8 +11216,8 @@ Enables password store with the =pass-otp= extension which allows me to store an #+begin_src nix-ts :tangle modules/home/common/password-store.nix { lib, config, pkgs, ... }: { - options.swarselsystems.modules.passwordstore = lib.mkEnableOption "passwordstore settings"; - config = lib.mkIf config.swarselsystems.modules.passwordstore { + options.swarselmodules.passwordstore = lib.mkEnableOption "passwordstore settings"; + config = lib.mkIf config.swarselmodules.passwordstore { programs.password-store = { enable = true; settings = { @@ -11484,8 +11239,8 @@ Enables direnv, which I use for nearly all of my nix dev flakes. #+begin_src nix-ts :tangle modules/home/common/direnv.nix { lib, config, ... }: { - options.swarselsystems.modules.direnv = lib.mkEnableOption "direnv settings"; - config = lib.mkIf config.swarselsystems.modules.direnv { + options.swarselmodules.direnv = lib.mkEnableOption "direnv settings"; + config = lib.mkIf config.swarselmodules.direnv { programs.direnv = { enable = true; silent = true; @@ -11505,8 +11260,8 @@ Eza provides me with a better =ls= command and some other useful aliases. #+begin_src nix-ts :tangle modules/home/common/eza.nix { lib, config, ... }: { - options.swarselsystems.modules.eza = lib.mkEnableOption "eza settings"; - config = lib.mkIf config.swarselsystems.modules.eza { + options.swarselmodules.eza = lib.mkEnableOption "eza settings"; + config = lib.mkIf config.swarselmodules.eza { programs.eza = { enable = true; icons = "auto"; @@ -11531,8 +11286,8 @@ Eza provides me with a better =ls= command and some other useful aliases. atuinDomain = globals.services.atuin.domain; in { - options.swarselsystems.modules.atuin = lib.mkEnableOption "atuin settings"; - config = lib.mkIf config.swarselsystems.modules.atuin { + options.swarselmodules.atuin = lib.mkEnableOption "atuin settings"; + config = lib.mkIf config.swarselmodules.atuin { programs.atuin = { enable = true; enableZshIntegration = true; @@ -11554,7 +11309,7 @@ Eza provides me with a better =ls= command and some other useful aliases. Here I set up my git config, automatic signing of commits, useful aliases for my ost used commands (for when I am not using [[#h:d2c7323d-f8c6-4f23-b70a-930e3e4ecce5][Magit]]) as well as a git template defined in [[#h:5ef03803-e150-41bc-b603-e80d60d96efc][Linking dotfiles]]. #+begin_src nix-ts :tangle modules/home/common/git.nix - { lib, config, globals, minimal, nixosConfig, ... }: + { lib, config, globals, minimal, nixosConfig ? config, ... }: let inherit (nixosConfig.repo.secrets.common.mail) address1; inherit (nixosConfig.repo.secrets.common) fullName; @@ -11562,8 +11317,8 @@ Here I set up my git config, automatic signing of commits, useful aliases for my gitUser = globals.user.name; in { - options.swarselsystems.modules.git = lib.mkEnableOption "git settings"; - config = lib.mkIf config.swarselsystems.modules.git { + options.swarselmodules.git = lib.mkEnableOption "git settings"; + config = lib.mkIf config.swarselmodules.git { programs.git = { enable = true; } // lib.optionalAttrs (!minimal) { @@ -11615,8 +11370,8 @@ Here I only need to set basic layout options - the rest is being managed by styl #+begin_src nix-ts :tangle modules/home/common/fuzzel.nix { lib, config, ... }: { - options.swarselsystems.modules.fuzzel = lib.mkEnableOption "fuzzel settings"; - config = lib.mkIf config.swarselsystems.modules.fuzzel { + options.swarselmodules.fuzzel = lib.mkEnableOption "fuzzel settings"; + config = lib.mkIf config.swarselmodules.fuzzel { programs.fuzzel = { enable = true; settings = { @@ -11642,8 +11397,8 @@ Starship makes my =zsh= look cooler! I have symbols for most programming languag #+begin_src nix-ts :tangle modules/home/common/starship.nix { lib, config, ... }: { - options.swarselsystems.modules.starship = lib.mkEnableOption "starship settings"; - config = lib.mkIf config.swarselsystems.modules.starship { + options.swarselmodules.starship = lib.mkEnableOption "starship settings"; + config = lib.mkIf config.swarselmodules.starship { programs.starship = { enable = true; enableZshIntegration = true; @@ -11778,8 +11533,8 @@ The theme is handled by stylix. #+begin_src nix-ts :tangle modules/home/common/kitty.nix { lib, config, ... }: { - options.swarselsystems.modules.kitty = lib.mkEnableOption "kitty settings"; - config = lib.mkIf config.swarselsystems.modules.kitty { + options.swarselmodules.kitty = lib.mkEnableOption "kitty settings"; + config = lib.mkIf config.swarselmodules.kitty { programs.kitty = { enable = true; keybindings = { }; @@ -11825,22 +11580,22 @@ lib.mkMerge [ zshConfigEarlyInit zshConfig ]; Currently I only use it as before with =initExtra= though. #+begin_src nix-ts :tangle modules/home/common/zsh.nix - { config, lib, minimal, ... }: + { config, lib, minimal, nixosConfig ? config, ... }: let inherit (config.swarselsystems) flakePath; in { + options.swarselmodules.zsh = lib.mkEnableOption "zsh settings"; options.swarselsystems = { - modules.zsh = lib.mkEnableOption "zsh settings"; shellAliases = lib.mkOption { type = lib.types.attrsOf lib.types.str; default = { }; }; }; - config = lib.mkIf config.swarselsystems.modules.zsh + config = lib.mkIf config.swarselmodules.zsh { - sops.secrets = { + sops.secrets = lib.mkIf (!config.swarselsystems.isPublic && !config.swarselsystems.isNixos) { croc-password = { }; }; @@ -11853,9 +11608,10 @@ Currently I only use it as before with =initExtra= though. hg = "history | grep"; hmswitch = "home-manager --flake ${flakePath}#$(whoami)@$(hostname) switch |& nom"; # nswitch = "sudo nixos-rebuild --flake ${flakePath}#$(hostname) --show-trace --log-format internal-json -v switch |& nom --json"; - nswitch = "swarsel-deploy $(hostname) switch"; + nswitch = "cd ${flakePath}; swarsel-deploy $(hostname) switch; cd -;"; + nboot = "cd ${flakePath}; swarsel-deploy $(hostname) boot; cd -;"; + ndry = "cd ${flakePath}; swarsel-deploy $(hostname) dry-activate; cd -;"; # nboot = "sudo nixos-rebuild --flake ${flakePath}#$(hostname) --show-trace --log-format internal-json -v boot |& nom --json"; - nboot = "swarsel-deploy $(hostname) boot"; magit = "emacsclient -nc -e \"(magit-status)\""; config = "git --git-dir=$HOME/.cfg/ --work-tree=$HOME"; g = "git"; @@ -11947,7 +11703,7 @@ Currently I only use it as before with =initExtra= though. # ctrl + del bindkey '^H' my-backward-delete-word - export CROC_PASS="$(cat ${config.sops.secrets.croc-password.path})" + export CROC_PASS="$(cat ${nixosConfig.sops.secrets.croc-password.path})" ''; }; }; @@ -11961,8 +11717,8 @@ Currently I only use it as before with =initExtra= though. #+begin_src nix-ts :tangle modules/home/common/zellij.nix { self, lib, config, pkgs, ... }: { - options.swarselsystems.modules.zellij = lib.mkEnableOption "zellij settings"; - config = lib.mkIf config.swarselsystems.modules.zellij { + options.swarselmodules.zellij = lib.mkEnableOption "zellij settings"; + config = lib.mkIf config.swarselmodules.zellij { programs.zellij = { enable = true; enableZshIntegration = true; @@ -12000,8 +11756,8 @@ Currently I only use it as before with =initExtra= though. }; in { - options.swarselsystems.modules.tmux = lib.mkEnableOption "tmux settings"; - config = lib.mkIf config.swarselsystems.modules.tmux { + options.swarselmodules.tmux = lib.mkEnableOption "tmux settings"; + config = lib.mkIf config.swarselmodules.tmux { home.packages = with pkgs; [ lsof sesh @@ -12095,17 +11851,17 @@ Currently I only use it as before with =initExtra= though. Normally I use 4 mail accounts - here I set them all up. Three of them are Google accounts (sadly), which are a chore to setup. The last is just a sender account that I setup SMTP for here. #+begin_src nix-ts :tangle modules/home/common/mail.nix - { lib, config, nixosConfig, ... }: + { lib, config, nixosConfig ? config, ... }: let inherit (nixosConfig.repo.secrets.common.mail) address1 address2 address2-name address3 address3-name address4 address4-user address4-host; inherit (nixosConfig.repo.secrets.common) fullName; inherit (config.swarselsystems) xdgDir; in { - options.swarselsystems.modules.mail = lib.mkEnableOption "mail settings"; - config = lib.mkIf config.swarselsystems.modules.mail { + options.swarselmodules.mail = lib.mkEnableOption "mail settings"; + config = lib.mkIf config.swarselmodules.mail { - sops.secrets = lib.mkIf (!config.swarselsystems.isPublic) { + sops.secrets = lib.mkIf (!config.swarselsystems.isPublic && !config.swarselsystems.isNixos) { address1-token = { path = "${xdgDir}/secrets/address1-token"; }; address2-token = { path = "${xdgDir}/secrets/address2-token"; }; address3-token = { path = "${xdgDir}/secrets/address3-token"; }; @@ -12139,7 +11895,7 @@ Normally I use 4 mail accounts - here I set them all up. Three of them are Googl address = address1; userName = address1; realName = fullName; - passwordCommand = "cat ${config.sops.secrets.address1-token.path}"; + passwordCommand = "cat ${nixosConfig.sops.secrets.address1-token.path}"; gpg = { key = "0x76FD3810215AE097"; signByDefault = true; @@ -12171,7 +11927,7 @@ Normally I use 4 mail accounts - here I set them all up. Three of them are Googl address = address4; userName = address4-user; realName = fullName; - passwordCommand = "cat ${config.sops.secrets.address4-token.path}"; + passwordCommand = "cat ${nixosConfig.sops.secrets.address4-token.path}"; smtp = { host = address4-host; port = 587; @@ -12194,7 +11950,7 @@ Normally I use 4 mail accounts - here I set them all up. Three of them are Googl address = address2; userName = address2; realName = address2-name; - passwordCommand = "cat ${config.sops.secrets.address2-token.path}"; + passwordCommand = "cat ${nixosConfig.sops.secrets.address2-token.path}"; imap.host = "imap.gmail.com"; smtp.host = "smtp.gmail.com"; msmtp.enable = true; @@ -12221,7 +11977,7 @@ Normally I use 4 mail accounts - here I set them all up. Three of them are Googl address = address3; userName = address3; realName = address3-name; - passwordCommand = "cat ${config.sops.secrets.address3-token.path}"; + passwordCommand = "cat ${nixosConfig.sops.secrets.address3-token.path}"; imap.host = "imap.gmail.com"; smtp.host = "smtp.gmail.com"; msmtp.enable = true; @@ -12260,15 +12016,29 @@ By using the emacs-overlay NixOS module, I can install all Emacs packages that I Lastly, I am defining some more packages here that the parser has problems finding. Also there are some packages that are not in ELPA or MELPA that I still want to use, like =calfw= and =fast-scroll=, so I build them here. #+begin_src nix-ts :tangle modules/home/common/emacs.nix - { self, lib, config, pkgs, ... }: + { self, lib, config, pkgs, globals, ... }: let - inherit (config.swarselsystems) homeDir isPublic; + inherit (config.swarselsystems) homeDir isPublic isNixos; + inherit (config.repo.secrets.common.emacs) radicaleUser; in { - options.swarselsystems.modules.emacs = lib.mkEnableOption "emacs settings"; - config = lib.mkIf config.swarselsystems.modules.emacs { + options.swarselmodules.emacs = lib.mkEnableOption "emacs settings"; + config = lib.mkIf config.swarselmodules.emacs { # needed for elfeed - sops.secrets.fever-pw = lib.mkIf (!isPublic) { path = "${homeDir}/.emacs.d/.fever"; }; + sops = lib.mkIf (!isPublic && !isNixos) { + secrets = { + fever-pw = { path = "${homeDir}/.emacs.d/.fever"; }; + emacs-radicale-pw = { }; + }; + templates = { + authinfo = { + path = "${homeDir}/.emacs.d/.authinfo"; + content = '' + machine ${globals.services.radicale.domain} login ${radicaleUser} password ${config.sops.placeholder.emacs-radicale-pw} + ''; + }; + }; + }; # enable emacs overlay for bleeding edge features # also read init.el file and install use-package packages @@ -12381,8 +12151,8 @@ The rest of the related configuration is found here: ]; in { + options.swarselmodules.waybar = lib.mkEnableOption "waybar settings"; options.swarselsystems = { - modules.waybar = lib.mkEnableOption "waybar settings"; cpuCount = lib.mkOption { type = lib.types.int; default = 8; @@ -12411,7 +12181,7 @@ The rest of the related configuration is found here: internal = true; }; }; - config = lib.mkIf config.swarselsystems.modules.waybar { + config = lib.mkIf config.swarselmodules.waybar { swarselsystems = { waybarModules = lib.mkIf config.swarselsystems.isLaptop (modulesLeft ++ [ @@ -12419,7 +12189,7 @@ The rest of the related configuration is found here: ] ++ modulesRight); }; - sops.secrets = lib.mkIf (!config.swarselsystems.isPublic) { + sops.secrets = lib.mkIf (!config.swarselsystems.isPublic && !config.swarselsystems.isNixos) { github-notifications-token = { path = "${xdgDir}/secrets/github-notifications-token"; }; }; @@ -12690,10 +12460,10 @@ Also, I setup some search aliases for functions I often use, such as NixOS optio I used to build the firefox addon =bypass-paywalls-clean= myself here, but the maintainer always deletes old packages, and it became a chore for me to maintain here, so I no longer do that. #+begin_src nix-ts :tangle modules/home/common/firefox.nix - { config, pkgs, lib, ... }: + { config, pkgs, lib, vars, ... }: { - options.swarselsystems.modules.firefox = lib.mkEnableOption "firefox settings"; - config = lib.mkIf config.swarselsystems.modules.firefox { + options.swarselmodules.firefox = lib.mkEnableOption "firefox settings"; + config = lib.mkIf config.swarselmodules.firefox { programs.firefox = { enable = true; package = pkgs.firefox; # uses overrides @@ -12835,7 +12605,7 @@ I used to build the firefox addon =bypass-paywalls-clean= myself here, but the m "browser.startup.homepage" = "https://lobste.rs"; }; } - config.swarselsystems.firefox; + vars.firefox; }; }; }; @@ -12859,8 +12629,8 @@ Used for storing sessions in e.g. Nextcloud #+begin_src nix-ts :tangle modules/home/common/gnome-keyring.nix { lib, config, ... }: { - options.swarselsystems.modules.gnome-keyring = lib.mkEnableOption "gnome keyring settings"; - config = lib.mkIf config.swarselsystems.modules.gnome-keyring { + options.swarselmodules.gnome-keyring = lib.mkEnableOption "gnome keyring settings"; + config = lib.mkIf config.swarselmodules.gnome-keyring { services.gnome-keyring = lib.mkIf (!config.swarselsystems.isNixos) { enable = true; }; @@ -12878,8 +12648,8 @@ This enables phone/computer communication, including sending clipboard, files et #+begin_src nix-ts :tangle modules/home/common/kdeconnect.nix { lib, config, ... }: { - options.swarselsystems.modules.kdeconnect = lib.mkEnableOption "kdeconnect settings"; - config = lib.mkIf config.swarselsystems.modules.kdeconnect { + options.swarselmodules.kdeconnect = lib.mkEnableOption "kdeconnect settings"; + config = lib.mkIf config.swarselmodules.kdeconnect { services.kdeconnect = { enable = true; indicator = true; @@ -12901,8 +12671,8 @@ The `extraConfig` section here CANNOT be reindented. This has something to do wi #+begin_src nix-ts :tangle modules/home/common/mako.nix { lib, config, ... }: { - options.swarselsystems.modules.mako = lib.mkEnableOption "mako settings"; - config = lib.mkIf config.swarselsystems.modules.mako { + options.swarselmodules.mako = lib.mkEnableOption "mako settings"; + config = lib.mkIf config.swarselmodules.mako { services.mako = { enable = true; settings = { @@ -12944,8 +12714,8 @@ The `extraConfig` section here CANNOT be reindented. This has something to do wi #+begin_src nix-ts :tangle modules/home/common/swayosd.nix { lib, pkgs, config, ... }: { - options.swarselsystems.modules.swayosd = lib.mkEnableOption "swayosd settings"; - config = lib.mkIf config.swarselsystems.modules.swayosd { + options.swarselmodules.swayosd = lib.mkEnableOption "swayosd settings"; + config = lib.mkIf config.swarselmodules.swayosd { services.swayosd = { enable = true; package = pkgs.dev.swayosd; @@ -12963,8 +12733,8 @@ The `extraConfig` section here CANNOT be reindented. This has something to do wi #+begin_src nix-ts :tangle modules/home/common/yubikey-touch-detector.nix { lib, config, pkgs, ... }: { - options.swarselsystems.modules.yubikeytouch = lib.mkEnableOption "yubikey touch detector service settings"; - config = lib.mkIf config.swarselsystems.modules.yubikeytouch { + options.swarselmodules.yubikeytouch = lib.mkEnableOption "yubikey touch detector service settings"; + config = lib.mkIf config.swarselmodules.yubikeytouch { systemd.user.services.yubikey-touch-detector = { Unit = { Description = "Detects when your YubiKey is waiting for a touch"; @@ -13013,8 +12783,8 @@ Currently, I am too lazy to explain every option here, but most of it is very se }; in { + options.swarselmodules.sway = lib.mkEnableOption "sway settings"; options.swarselsystems = { - modules.sway = lib.mkEnableOption "sway settings"; inputs = lib.mkOption { type = lib.types.attrsOf (lib.types.attrsOf lib.types.str); default = { }; @@ -13079,7 +12849,7 @@ Currently, I am too lazy to explain every option here, but most of it is very se internal = true; }; }; - config = lib.mkIf config.swarselsystems.modules.sway { + config = lib.mkIf config.swarselmodules.sway { swarselsystems = { touchpad = lib.mkIf config.swarselsystems.isLaptop { "type:touchpad" = { @@ -13124,8 +12894,6 @@ Currently, I am too lazy to explain every option here, but most of it is very se "${modifier}+Space" = "exec fuzzel"; "${modifier}+Shift+Space" = "floating toggle"; "${modifier}+e" = "exec emacsclient -nquc -a emacs -e \"(dashboard-open)\""; - "${modifier}+Shift+m" = "exec emacsclient -nquc -a emacs -e \"(mu4e)\""; - "${modifier}+Shift+c" = "exec emacsclient -nquc -a emacs -e \"(swarsel/open-calendar)\""; "${modifier}+m" = "exec swaymsg workspace back_and_forth"; "${modifier}+a" = "exec swarselcheck -s"; "${modifier}+x" = "exec swarselcheck -k"; @@ -13134,7 +12902,10 @@ Currently, I am too lazy to explain every option here, but most of it is very se "${modifier}+Shift+t" = "exec opacitytoggle"; "${modifier}+Shift+F12" = "move scratchpad"; "${modifier}+F12" = "scratchpad show"; - "${modifier}+c" = "exec qalculate-gtk"; + "${modifier}+Shift+c" = "exec qalculate-gtk"; + "${modifier}+c" = "emacsclient -e '(prot-window-popup-org-capture)'"; + "${modifier}+Shift+m" = "emacsclient -e '(prot-window-popup-mu4e)'"; + "${modifier}+Shift+a" = "emacsclient -e '(prot-window-popup-swarsel/open-calendar)'"; "${modifier}+p" = "exec pass-fuzzel"; "${modifier}+o" = "exec pass-fuzzel --otp"; "${modifier}+Shift+p" = "exec pass-fuzzel --type"; @@ -13267,6 +13038,7 @@ Currently, I am too lazy to explain every option here, but most of it is very se { title = "^Add$"; } { title = "^Picture-in-Picture$"; } { title = "Syncthing Tray"; } + { title = "Emacs Popup Frame"; } { title = "^spotifytui$"; } { title = "^kittyterm$"; } { app_id = "vesktop"; } @@ -13426,8 +13198,8 @@ Currently, I am too lazy to explain every option here, but most of it is very se #+begin_src nix-ts :tangle modules/home/common/kanshi.nix { lib, config, ... }: { - options.swarselsystems.modules.kanshi = lib.mkEnableOption "kanshi settings"; - config = lib.mkIf config.swarselsystems.modules.kanshi { + options.swarselmodules.kanshi = lib.mkEnableOption "kanshi settings"; + config = lib.mkIf config.swarselmodules.kanshi { swarselsystems = { monitors = { homedesktop = { @@ -13527,8 +13299,8 @@ Settinfs that are needed for the gpg-agent. Also we are enabling emacs support f inherit (config.swarselsystems) mainUser homeDir; in { - options.swarselsystems.modules.gpgagent = lib.mkEnableOption "gpg agent settings"; - config = lib.mkIf config.swarselsystems.modules.gpgagent { + options.swarselmodules.gpgagent = lib.mkEnableOption "gpg agent settings"; + config = lib.mkIf config.swarselmodules.gpgagent { services.gpg-agent = { enable = true; enableZshIntegration = true; @@ -13574,13 +13346,13 @@ Settinfs that are needed for the gpg-agent. Also we are enabling emacs support f This service changes the screen hue at night. I am not sure if that really does something, but I like the color anyways. #+begin_src nix-ts :tangle modules/home/common/gammastep.nix - { lib, config, nixosConfig, ... }: + { lib, config, nixosConfig ? config, ... }: let inherit (nixosConfig.repo.secrets.common.location) latitude longitude; in { - options.swarselsystems.modules.gammastep = lib.mkEnableOption "gammastep settings"; - config = lib.mkIf config.swarselsystems.modules.gammastep { + options.swarselmodules.gammastep = lib.mkEnableOption "gammastep settings"; + config = lib.mkIf config.swarselmodules.gammastep { services.gammastep = lib.mkIf (config.swarselsystems.isNixos && !config.swarselsystems.isPublic) { enable = true; provider = "manual"; @@ -13611,7 +13383,6 @@ This section sets up all the imports that are used in the home-manager section. { imports = lib.swarselsystems.mkImports importNames "modules/home/server" ++ [ "${modulesPath}/home/common/settings.nix" - "${modulesPath}/home/common/sharedsetup.nix" ]; } #+end_src @@ -13628,8 +13399,8 @@ As for the `home.sessionVariables`, it should be noted that environment variable #+begin_src nix-ts :tangle modules/home/server/symlink.nix { self, lib, config, ... }: { - options.swarselsystems.modules.server.dotfiles = lib.mkEnableOption "server dotfiles settings"; - config = lib.mkIf config.swarselsystems.modules.server.dotfiles { + options.swarselmodules.server.dotfiles = lib.mkEnableOption "server dotfiles settings"; + config = lib.mkIf config.swarselmodules.server.dotfiles { home.file = { "init.el" = lib.mkForce { source = self + /files/emacs/server.el; @@ -13655,9 +13426,11 @@ This section sets up all the imports that are used in the home-manager section. #+begin_src nix-ts :tangle modules/home/darwin/default.nix { self, ... }: { + home.stateVersion = "23.05"; imports = [ "${self}/modules/home/common/settings.nix" - "${self}/modules/home/common/sharedsetup.nix" + "${self}/modules/shared/options.nix" + "${self}/modules/shared/vars.nix" ]; } #+end_src @@ -13689,8 +13462,8 @@ The rest of the settings is at [[#h:fb3f3e01-7df4-4b06-9e91-aa9cac61a431][gaming #+begin_src nix-ts :tangle modules/home/optional/gaming.nix { lib, config, pkgs, ... }: { - options.swarselsystems.modules.optional.gaming = lib.mkEnableOption "optional gaming settings"; - config = lib.mkIf config.swarselsystems.modules.optional.gaming { + options.swarselmodules.optional.gaming = lib.mkEnableOption "optional gaming settings"; + config = lib.mkIf config.swarselmodules.optional.gaming { # specialisation = { # gaming.configuration = { home.packages = with pkgs; [ @@ -13737,13 +13510,13 @@ The rest of the settings is at [[#h:fb3f3e01-7df4-4b06-9e91-aa9cac61a431][gaming The rest of the settings is at [[#h:bbf2ecb6-c8ff-4462-b5d5-d45b28604ddf][work]]. Here, I am setting up the different firefox profiles that I need for the SSO sites that I need to access at work as well as a few ssh shorthands. #+begin_src nix-ts :tangle modules/home/optional/work.nix :noweb yes - { self, config, pkgs, lib, nixosConfig, ... }: + { self, config, pkgs, lib, vars, nixosConfig ? config, ... }: let inherit (config.swarselsystems) homeDir; in { - options.swarselsystems.modules.optional.work = lib.mkEnableOption "optional work settings"; - config = lib.mkIf config.swarselsystems.modules.optional.work { + options.swarselmodules.optional.work = lib.mkEnableOption "optional work settings"; + config = lib.mkIf config.swarselmodules.optional.work { home.packages = with pkgs; [ stable.teams-for-linux shellcheck @@ -13865,7 +13638,7 @@ The rest of the settings is at [[#h:bbf2ecb6-c8ff-4462-b5d5-d45b28604ddf][work]] "browser.startup.homepage" = "${site1}|${site2}"; }; } - config.swarselsystems.firefox; + vars.firefox; "${user2}" = lib.recursiveUpdate { inherit isDefault; @@ -13874,13 +13647,13 @@ The rest of the settings is at [[#h:bbf2ecb6-c8ff-4462-b5d5-d45b28604ddf][work]] "browser.startup.homepage" = "${site3}"; }; } - config.swarselsystems.firefox; + vars.firefox; "${user3}" = lib.recursiveUpdate { inherit isDefault; id = 3; } - config.swarselsystems.firefox; + vars.firefox; work = lib.recursiveUpdate { inherit isDefault; @@ -13889,7 +13662,7 @@ The rest of the settings is at [[#h:bbf2ecb6-c8ff-4462-b5d5-d45b28604ddf][work]] "browser.startup.homepage" = "${site4}|${site5}|${site6}|${site7}"; }; } - config.swarselsystems.firefox; + vars.firefox; }; }; @@ -14198,8 +13971,8 @@ This holds configuration that is specific to framework laptops. #+begin_src nix-ts :tangle modules/home/optional/framework.nix { lib, config, ... }: { - options.swarselsystems.modules.optional.framework = lib.mkEnableOption "optional framework machine settings"; - config = lib.mkIf config.swarselsystems.modules.optional.framework { + options.swarselmodules.optional.framework = lib.mkEnableOption "optional framework machine settings"; + config = lib.mkIf config.swarselmodules.optional.framework { swarselsystems = { inputs = { "12972:18:Framework_Laptop_16_Keyboard_Module_-_ANSI_Keyboard" = { @@ -14211,6 +13984,315 @@ This holds configuration that is specific to framework laptops. }; } #+end_src +** Shared +*** Configuration options +:PROPERTIES: +:CUSTOM_ID: h:79f7150f-b162-4f57-abdf-07f40dffd932 +:END: + +#+begin_src nix-ts :noweb yes :tangle modules/shared/options.nix + { self, config, lib, ... }: + { + options.swarselsystems = { + withHomeManager = lib.mkOption { + type = lib.types.bool; + default = true; + }; + isSwap = lib.mkOption { + type = lib.types.bool; + default = true; + }; + swapSize = lib.mkOption { + type = lib.types.str; + default = "8G"; + }; + rootDisk = lib.mkOption { + type = lib.types.str; + default = ""; + }; + mainUser = lib.mkOption { + type = lib.types.str; + default = "swarsel"; + }; + isCrypted = lib.mkEnableOption "uses full disk encryption"; + + isImpermanence = lib.mkEnableOption "use impermanence on this system"; + isSecureBoot = lib.mkEnableOption "use secure boot on this system"; + isLaptop = lib.mkEnableOption "laptop host"; + isNixos = lib.mkEnableOption "nixos host"; + isPublic = lib.mkEnableOption "is a public machine (no secrets)"; + isDarwin = lib.mkEnableOption "darwin host"; + isLinux = lib.mkEnableOption "whether this is a linux machine"; + isBtrfs = lib.mkEnableOption "use btrfs filesystem"; + sopsFile = lib.mkOption { + type = lib.types.str; + default = "${config.swarselsystems.flakePath}/secrets/${config.node.name}/secrets.yaml"; + }; + homeDir = lib.mkOption { + type = lib.types.str; + default = "/home/swarsel"; + }; + xdgDir = lib.mkOption { + type = lib.types.str; + default = "/run/user/1000"; + }; + flakePath = lib.mkOption { + type = lib.types.str; + default = "/home/swarsel/.dotfiles"; + }; + wallpaper = lib.mkOption { + type = lib.types.path; + default = "${self}/files/wallpaper/lenovowp.png"; + }; + sharescreen = lib.mkOption { + type = lib.types.str; + default = ""; + }; + lowResolution = lib.mkOption { + type = lib.types.str; + default = ""; + }; + highResolution = lib.mkOption { + type = lib.types.str; + default = ""; + }; + }; + } +#+end_src + +*** Variables (vars; holds firefox & stylix config parts) + +At work I am using several services that are using SSO login - however, as I am using four different accounts at work, this becomes a chore here. Hence, I have defined multiple profiles in [[#h:f0b2ea93-94c8-48d8-8d47-6fe58f58e0e6][Work]] that are all practically using the same configuration. To save screen space, I template that profile here. +Set in firefox =about:config > toolkit.legacyUserProfileCustomizations.stylesheets= to true. This should in principle be set automatically using the below config, but it seems not to be working reliably + +For styling, I am using the [[https://github.com/danth/stylix][stylix]] NixOS module, loaded by flake. This package is really great, as it adds nix expressions for basically everything. Ever since switching to this, I did not have to play around with theming anywhere else. + +The full list of nerd-fonts can be found here: https://github.com/NixOS/nixpkgs/blob/nixos-unstable/pkgs/data/fonts/nerd-fonts/manifests/fonts.json + +This is where the theme for the whole OS is defined. Originally, this noweb-ref section could not be copied to the general NixOS config since they are on different folder structure levels in the config, which would have made the flake impure. By now, I have found out that using the =${self}= method for referencing the flake root, I could circumvent this problem. Also, the noweb-ref block could in general be replaced by a custom attribute set (see for example [[#h:e7f98ad8-74a6-4860-a368-cce154285ff0][firefox]]). The difference here was, for a long time, that this block is used in a NixOS and a home-manager-only configuration, verbatim. If I were to use an attribute set, I would have to duplicate this block once each for NixOS and home-manager. Alas, this block stays (for now). However, I learned how to use an attribute set in a custom home-manager module and pass it to both NixOS and home-manager configurations, which also removed the need for that use of it. + +#+begin_src nix-ts :noweb yes :tangle modules/shared/vars.nix + { self, lib, pkgs, ... }: + { + _module.args = { + vars = { + stylix = { + polarity = "dark"; + opacity.popups = 0.5; + cursor = { + package = pkgs.banana-cursor; + # package = pkgs.capitaine-cursors; + name = "Banana"; + # name = "capitaine-cursors"; + size = 16; + }; + fonts = { + sizes = { + terminal = 10; + applications = 11; + }; + serif = { + # package = (pkgs.nerdfonts.override { fonts = [ "FiraMono" "FiraCode"]; }); + package = pkgs.cantarell-fonts; + # package = pkgs.montserrat; + name = "Cantarell"; + # name = "FiraCode Nerd Font Propo"; + # name = "Montserrat"; + }; + sansSerif = { + # package = (pkgs.nerdfonts.override { fonts = [ "FiraMono" "FiraCode"]; }); + package = pkgs.cantarell-fonts; + # package = pkgs.montserrat; + name = "Cantarell"; + # name = "FiraCode Nerd Font Propo"; + # name = "Montserrat"; + }; + monospace = { + package = pkgs.nerd-fonts.fira-mono; # has overrides + name = "FiraCode Nerd Font Mono"; + }; + emoji = { + package = pkgs.noto-fonts-emoji; + name = "Noto Color Emoji"; + }; + }; + }; + + stylixHomeTargets = { + emacs.enable = false; + waybar.enable = false; + sway.useWallpaper = false; + firefox.profileNames = [ "default" ]; + }; + + firefox = { + userChrome = builtins.readFile "${self}/files/firefox/chrome/userChrome.css"; + extensions = { + packages = with pkgs.nur.repos.rycee.firefox-addons; [ + tridactyl + tampermonkey + sidebery + browserpass + clearurls + darkreader + enhancer-for-youtube + istilldontcareaboutcookies + translate-web-pages + ublock-origin + reddit-enhancement-suite + sponsorblock + web-archives + onepassword-password-manager + single-file + widegithub + enhanced-github + unpaywall + don-t-fuck-with-paste + plasma-integration + noscript + + # configure a shortcut 'ctrl+shift+c' with behaviour 'do nothing' in order to disable the dev console shortcut + (buildFirefoxXpiAddon { + pname = "shortkeys"; + version = "4.0.2"; + addonId = "Shortkeys@Shortkeys.com"; + url = "https://addons.mozilla.org/firefox/downloads/file/3673761/shortkeys-4.0.2.xpi"; + sha256 = "c6fe12efdd7a871787ac4526eea79ecc1acda8a99724aa2a2a55c88a9acf467c"; + meta = with lib; + { + description = "Easily customizable custom keyboard shortcuts for Firefox. To configure this addon go to Addons (ctrl+shift+a) ->Shortkeys ->Options. Report issues here (please specify that the issue is found in Firefox): https://github.com/mikecrittenden/shortkeys"; + mozPermissions = [ + "tabs" + "downloads" + "clipboardWrite" + "browsingData" + "storage" + "bookmarks" + "sessions" + "" + ]; + platforms = platforms.all; + }; + }) + ]; + }; + + settings = + { + "extensions.autoDisableScopes" = 0; + "browser.bookmarks.showMobileBookmarks" = true; + "toolkit.legacyUserProfileCustomizations.stylesheets" = true; + "browser.search.suggest.enabled" = false; + "browser.search.suggest.enabled.private" = false; + "browser.urlbar.suggest.searches" = false; + "browser.urlbar.showSearchSuggestionsFirst" = false; + "browser.topsites.contile.enabled" = false; + "browser.newtabpage.activity-stream.feeds.section.topstories" = false; + "browser.newtabpage.activity-stream.feeds.snippets" = false; + "browser.newtabpage.activity-stream.section.highlights.includePocket" = false; + "browser.newtabpage.activity-stream.section.highlights.includeBookmarks" = false; + "browser.newtabpage.activity-stream.section.highlights.includeDownloads" = false; + "browser.newtabpage.activity-stream.section.highlights.includeVisited" = false; + "browser.newtabpage.activity-stream.showSponsored" = false; + "browser.newtabpage.activity-stream.system.showSponsored" = false; + "browser.newtabpage.activity-stream.showSponsoredTopSites" = false; + }; + + search = { + # default = "Kagi"; + default = "google"; + # privateDefault = "Kagi"; + privateDefault = "google"; + engines = { + "Kagi" = { + urls = [{ + template = "https://kagi.com/search"; + params = [ + { name = "q"; value = "{searchTerms}"; } + ]; + }]; + icon = "https://kagi.com/favicon.ico"; + updateInterval = 24 * 60 * 60 * 1000; # every day + definedAliases = [ "@k" ]; + }; + + "Nix Packages" = { + urls = [{ + template = "https://search.nixos.org/packages"; + params = [ + { name = "type"; value = "packages"; } + { name = "query"; value = "{searchTerms}"; } + ]; + }]; + icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; + definedAliases = [ "@np" ]; + }; + + "NixOS Wiki" = { + urls = [{ + template = "https://nixos.wiki/index.php?search={searchTerms}"; + }]; + icon = "https://nixos.wiki/favicon.png"; + updateInterval = 24 * 60 * 60 * 1000; # every day + definedAliases = [ "@nw" ]; + }; + + "NixOS Options" = { + urls = [{ + template = "https://search.nixos.org/options"; + params = [ + { name = "query"; value = "{searchTerms}"; } + ]; + }]; + + icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; + definedAliases = [ "@no" ]; + }; + + "Home Manager Options" = { + urls = [{ + template = "https://home-manager-options.extranix.com/"; + params = [ + { name = "query"; value = "{searchTerms}"; } + ]; + }]; + + icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; + definedAliases = [ "@hm" "@ho" "@hmo" ]; + }; + + "Confluence search" = { + urls = [{ + template = "https://vbc.atlassian.net/wiki/search"; + params = [ + { name = "text"; value = "{searchTerms}"; } + ]; + }]; + + definedAliases = [ "@c" "@cf" "@confluence" ]; + }; + + "Jira search" = { + urls = [{ + template = "https://vbc.atlassian.net/issues/"; + params = [ + { name = "jql"; value = "textfields ~ \"{searchTerms}*\"&wildcardFlag=true"; } + ]; + }]; + + definedAliases = [ "@j" "@jire" ]; + }; + + "google".metaData.alias = "@g"; + }; + force = true; # this is required because otherwise the search.json.mozlz4 symlink gets replaced on every firefox restart + }; + }; + }; + }; + } +#+end_src + ** Packages :PROPERTIES: :CUSTOM_ID: h:64a5cc16-6b16-4802-b421-c67ccef853e1 @@ -14772,7 +14854,7 @@ This utility checks if there are updated packages in nixpkgs-unstable. It does s inherit name; runtimeInputs = [ jq ]; text = '' - count=$(curl -u Swarsel:"$(cat "$XDG_RUNTIME_DIR/secrets/github-notifications-token")" https://api.github.com/notifications | jq '. | length') + count=$(curl -u Swarsel:"$(cat "$GITHUB_NOTIFICATION_TOKEN_PATH")" https://api.github.com/notifications | jq '. | length') if [[ "$count" != "0" ]]; then echo "{\"text\":\"$count\"}" @@ -16121,9 +16203,9 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a #+begin_src nix-ts :tangle profiles/nixos/personal/default.nix :mkdirp yes { lib, config, ... }: { - options.swarselsystems.profiles.personal = lib.mkEnableOption "is this a personal host"; - config = lib.mkIf config.swarselsystems.profiles.personal { - swarselsystems.modules = { + options.swarselprofiles.personal = lib.mkEnableOption "is this a personal host"; + config = lib.mkIf config.swarselprofiles.personal { + swarselmodules = { packages = lib.mkDefault true; pii = lib.mkDefault true; general = lib.mkDefault true; @@ -16165,6 +16247,7 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a lowBattery = lib.mkDefault true; lanzaboote = lib.mkDefault true; autologin = lib.mkDefault true; + boot = lib.mkDefault true; optional = { gaming = lib.mkDefault true; @@ -16176,6 +16259,11 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a ssh = lib.mkDefault true; }; }; + home-manager.users."${config.swarselsystems.mainUser}" = { + swarselprofiles = { + personal = lib.mkDefault true; + }; + }; }; @@ -16191,9 +16279,9 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a #+begin_src nix-ts :tangle profiles/nixos/reduced/default.nix :mkdirp yes { lib, config, ... }: { - options.swarselsystems.profiles.reduced = lib.mkEnableOption "is this a reduced personal host"; - config = lib.mkIf config.swarselsystems.profiles.reduced { - swarselsystems.modules = { + options.swarselprofiles.reduced = lib.mkEnableOption "is this a reduced personal host"; + config = lib.mkIf config.swarselprofiles.reduced { + swarselmodules = { packages = lib.mkDefault true; pii = lib.mkDefault true; general = lib.mkDefault true; @@ -16235,11 +16323,17 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a lowBattery = lib.mkDefault true; lanzaboote = lib.mkDefault true; autologin = lib.mkDefault true; + boot = lib.mkDefault true; server = { ssh = lib.mkDefault true; }; }; + home-manager.users."${config.swarselsystems.mainUser}" = { + swarselprofiles = { + personal = lib.mkDefault true; + }; + }; }; @@ -16255,9 +16349,9 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a #+begin_src nix-ts :tangle profiles/nixos/minimal/default.nix :mkdirp yes { lib, config, ... }: { - options.swarselsystems.profiles.minimal = lib.mkEnableOption "declare this a minimal host"; - config = lib.mkIf config.swarselsystems.profiles.minimal { - swarselsystems.modules = { + options.swarselprofiles.minimal = lib.mkEnableOption "declare this a minimal host"; + config = lib.mkIf config.swarselprofiles.minimal { + swarselmodules = { general = lib.mkDefault true; home-manager = lib.mkDefault true; xserver = lib.mkDefault true; @@ -16271,6 +16365,7 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a zsh = lib.mkDefault true; yubikey = lib.mkDefault true; autologin = lib.mkDefault true; + boot = lib.mkDefault true; server = { ssh = lib.mkDefault true; @@ -16291,14 +16386,15 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a #+begin_src nix-ts :tangle profiles/nixos/chaostheatre/default.nix :mkdirp yes { lib, config, ... }: { - options.swarselsystems.profiles.chaostheatre = lib.mkEnableOption "is this a chaostheatre host"; - config = lib.mkIf config.swarselsystems.profiles.chaostheatre { - swarselsystems.modules = { + options.swarselprofiles.chaostheatre = lib.mkEnableOption "is this a chaostheatre host"; + config = lib.mkIf config.swarselprofiles.chaostheatre { + swarselmodules = { packages = lib.mkDefault true; general = lib.mkDefault true; home-manager = lib.mkDefault true; xserver = lib.mkDefault true; users = lib.mkDefault true; + sops = lib.mkDefault true; env = lib.mkDefault true; security = lib.mkDefault true; systemdTimeout = lib.mkDefault true; @@ -16307,7 +16403,6 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a pipewire = lib.mkDefault true; network = lib.mkDefault true; time = lib.mkDefault true; - sops = lib.mkDefault false; stylix = lib.mkDefault true; programs = lib.mkDefault true; zsh = lib.mkDefault true; @@ -16318,7 +16413,7 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a interceptionTools = lib.mkDefault true; swayosd = lib.mkDefault true; ppd = lib.mkDefault true; - yubikey = lib.mkDefault true; + yubikey = lib.mkDefault false; ledger = lib.mkDefault true; keyboards = lib.mkDefault true; login = lib.mkDefault true; @@ -16350,9 +16445,9 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a #+begin_src nix-ts :tangle profiles/nixos/toto/default.nix :mkdirp yes { lib, config, ... }: { - options.swarselsystems.profiles.toto = lib.mkEnableOption "is this a toto (setup) host"; - config = lib.mkIf config.swarselsystems.profiles.toto { - swarselsystems.modules = { + options.swarselprofiles.toto = lib.mkEnableOption "is this a toto (setup) host"; + config = lib.mkIf config.swarselprofiles.toto { + swarselmodules = { general = lib.mkDefault true; packages = lib.mkDefault true; home-manager = lib.mkDefault true; @@ -16382,13 +16477,18 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a #+begin_src nix-ts :tangle profiles/nixos/work/default.nix :mkdirp yes { lib, config, ... }: { - options.swarselsystems.profiles.work = lib.mkEnableOption "is this a work host"; - config = lib.mkIf config.swarselsystems.profiles.work { - swarselsystems.modules = { + options.swarselprofiles.work = lib.mkEnableOption "is this a work host"; + config = lib.mkIf config.swarselprofiles.work { + swarselmodules = { optional = { work = lib.mkDefault true; }; }; + home-manager.users."${config.swarselsystems.mainUser}" = { + swarselprofiles = { + work = lib.mkDefault true; + }; + }; }; @@ -16404,13 +16504,18 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a #+begin_src nix-ts :tangle profiles/nixos/framework/default.nix :mkdirp yes { lib, config, ... }: { - options.swarselsystems.profiles.framework = lib.mkEnableOption "is this a framework brand host"; - config = lib.mkIf config.swarselsystems.profiles.framework { - swarselsystems.modules = { + options.swarselprofiles.framework = lib.mkEnableOption "is this a framework brand host"; + config = lib.mkIf config.swarselprofiles.framework { + swarselmodules = { optional = { framework = lib.mkDefault true; }; }; + home-manager.users."${config.swarselsystems.mainUser}" = { + swarselprofiles = { + framework = lib.mkDefault true; + }; + }; }; @@ -16426,9 +16531,9 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a #+begin_src nix-ts :tangle profiles/nixos/amdcpu/default.nix :mkdirp yes { lib, config, ... }: { - options.swarselsystems.profiles.amdcpu = lib.mkEnableOption "is this a host with amd cpu"; - config = lib.mkIf config.swarselsystems.profiles.amdcpu { - swarselsystems.modules = { + options.swarselprofiles.amdcpu = lib.mkEnableOption "is this a host with amd cpu"; + config = lib.mkIf config.swarselprofiles.amdcpu { + swarselmodules = { optional = { amdcpu = lib.mkDefault true; }; @@ -16448,9 +16553,9 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a #+begin_src nix-ts :tangle profiles/nixos/amdgpu/default.nix :mkdirp yes { lib, config, ... }: { - options.swarselsystems.profiles.amdgpu = lib.mkEnableOption "is this a host with amd gpu"; - config = lib.mkIf config.swarselsystems.profiles.amdgpu { - swarselsystems.modules = { + options.swarselprofiles.amdgpu = lib.mkEnableOption "is this a host with amd gpu"; + config = lib.mkIf config.swarselprofiles.amdgpu { + swarselmodules = { optional = { amdgpu = lib.mkDefault true; }; @@ -16470,9 +16575,9 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a #+begin_src nix-ts :tangle profiles/nixos/hibernation/default.nix :mkdirp yes { lib, config, ... }: { - options.swarselsystems.profiles.hibernation = lib.mkEnableOption "is this a host using hibernation"; - config = lib.mkIf config.swarselsystems.profiles.hibernation { - swarselsystems.modules = { + options.swarselprofiles.hibernation = lib.mkEnableOption "is this a host using hibernation"; + config = lib.mkIf config.swarselprofiles.hibernation { + swarselmodules = { optional = { hibernation = lib.mkDefault true; }; @@ -16492,9 +16597,9 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a #+begin_src nix-ts :tangle profiles/nixos/btrfs/default.nix :mkdirp yes { lib, config, ... }: { - options.swarselsystems.profiles.btrfs = lib.mkEnableOption "is this a host using btrfs"; - config = lib.mkIf config.swarselsystems.profiles.btrfs { - swarselsystems.modules = { + options.swarselprofiles.btrfs = lib.mkEnableOption "is this a host using btrfs"; + config = lib.mkIf config.swarselprofiles.btrfs { + swarselmodules = { optional = { btrfs = lib.mkDefault true; }; @@ -16514,10 +16619,9 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a #+begin_src nix-ts :tangle profiles/nixos/localserver/default.nix :mkdirp yes { lib, config, ... }: { - options.swarselsystems.profiles.server.local = lib.mkEnableOption "is this a local server"; - config = lib.mkIf config.swarselsystems.profiles.server.local { - swarselsystems = { - modules = { + options.swarselprofiles.server.local = lib.mkEnableOption "is this a local server"; + config = lib.mkIf config.swarselprofiles.server.local { + swarselmodules = { general = lib.mkDefault true; pii = lib.mkDefault true; home-manager = lib.mkDefault true; @@ -16525,6 +16629,7 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a time = lib.mkDefault true; users = lib.mkDefault true; sops = lib.mkDefault true; + boot = lib.mkDefault true; server = { general = lib.mkDefault true; packages = lib.mkDefault true; @@ -16557,7 +16662,6 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a ankisync = lib.mkDefault true; }; }; - }; }; } @@ -16571,10 +16675,9 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a #+begin_src nix-ts :tangle profiles/nixos/syncserver/default.nix :mkdirp yes { lib, config, ... }: { - options.swarselsystems.profiles.server.syncserver = lib.mkEnableOption "is this a oci syncserver server"; - config = lib.mkIf config.swarselsystems.profiles.server.syncserver { - swarselsystems = { - modules = { + options.swarselprofiles.server.syncserver = lib.mkEnableOption "is this a oci syncserver server"; + config = lib.mkIf config.swarselprofiles.server.syncserver { + swarselmodules = { general = lib.mkDefault true; nix-ld = lib.mkDefault true; pii = lib.mkDefault true; @@ -16583,6 +16686,7 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a time = lib.mkDefault true; users = lib.mkDefault true; sops = lib.mkDefault true; + boot = lib.mkDefault true; server = { general = lib.mkDefault true; packages = lib.mkDefault true; @@ -16592,7 +16696,6 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a ankisync = lib.mkDefault false; }; }; - }; }; } @@ -16606,10 +16709,9 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a #+begin_src nix-ts :tangle profiles/nixos/moonside/default.nix :mkdirp yes { lib, config, ... }: { - options.swarselsystems.profiles.server.moonside = lib.mkEnableOption "is this a moonside server"; - config = lib.mkIf config.swarselsystems.profiles.server.moonside { - swarselsystems = { - modules = { + options.swarselprofiles.server.moonside = lib.mkEnableOption "is this a moonside server"; + config = lib.mkIf config.swarselprofiles.server.moonside { + swarselmodules= { general = lib.mkDefault true; pii = lib.mkDefault true; home-manager = lib.mkDefault true; @@ -16618,6 +16720,7 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a users = lib.mkDefault true; impermanence = lib.mkDefault true; sops = lib.mkDefault true; + boot = lib.mkDefault true; server = { general = lib.mkDefault true; packages = lib.mkDefault true; @@ -16627,8 +16730,9 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a croc = lib.mkDefault true; microbin = lib.mkDefault true; shlink = lib.mkDefault true; + slink = lib.mkDefault true; + syncthing = lib.mkDefault true; }; - }; }; }; @@ -16660,14 +16764,14 @@ This holds modules that are to be used on most hosts. These are also the most im #+begin_src nix-ts :tangle profiles/home/personal/default.nix :mkdirp yes { lib, config, ... }: { - options.swarselsystems.profiles.personal = lib.mkEnableOption "is this a personal host"; - config = lib.mkIf config.swarselsystems.profiles.personal { - swarselsystems.modules = { + options.swarselprofiles.personal = lib.mkEnableOption "is this a personal host"; + config = lib.mkIf config.swarselprofiles.personal { + swarselmodules = { packages = lib.mkDefault true; ownpackages = lib.mkDefault true; general = lib.mkDefault true; nixgl = lib.mkDefault true; - sops = lib.mkDefault true; + sops = lib.mkDefault false; yubikey = lib.mkDefault false; ssh = lib.mkDefault true; stylix = lib.mkDefault true; @@ -16719,9 +16823,9 @@ This holds modules that are to be used on most hosts. These are also the most im #+begin_src nix-ts :tangle profiles/home/reduced/default.nix :mkdirp yes { lib, config, ... }: { - options.swarselsystems.profiles.reduced = lib.mkEnableOption "is this a reduced personal host"; - config = lib.mkIf config.swarselsystems.profiles.reduced { - swarselsystems.modules = { + options.swarselprofiles.reduced = lib.mkEnableOption "is this a reduced personal host"; + config = lib.mkIf config.swarselprofiles.reduced { + swarselmodules = { packages = lib.mkDefault true; ownpackages = lib.mkDefault true; general = lib.mkDefault true; @@ -16775,9 +16879,9 @@ This holds modules that are to be used on most hosts. These are also the most im #+begin_src nix-ts :tangle profiles/home/minimal/default.nix :mkdirp yes { lib, config, ... }: { - options.swarselsystems.profiles.minimal = lib.mkEnableOption "is this a personal host"; - config = lib.mkIf config.swarselsystems.profiles.minimal { - swarselsystems.modules = { + options.swarselprofiles.minimal = lib.mkEnableOption "is this a personal host"; + config = lib.mkIf config.swarselprofiles.minimal { + swarselmodules = { general = lib.mkDefault true; sops = lib.mkDefault true; kitty = lib.mkDefault true; @@ -16798,9 +16902,9 @@ This holds modules that are to be used on most hosts. These are also the most im #+begin_src nix-ts :tangle profiles/home/chaostheatre/default.nix :mkdirp yes { lib, config, ... }: { - options.swarselsystems.profiles.chaostheatre = lib.mkEnableOption "is this a chaostheatre host"; - config = lib.mkIf config.swarselsystems.profiles.chaostheatre { - swarselsystems.modules = { + options.swarselprofiles.chaostheatre = lib.mkEnableOption "is this a chaostheatre host"; + config = lib.mkIf config.swarselprofiles.chaostheatre { + swarselmodules = { packages = lib.mkDefault true; ownpackages = lib.mkDefault true; general = lib.mkDefault true; @@ -16851,9 +16955,9 @@ This holds modules that are to be used on most hosts. These are also the most im #+begin_src nix-ts :tangle profiles/home/toto/default.nix :mkdirp yes { lib, config, ... }: { - options.swarselsystems.profiles.toto = lib.mkEnableOption "is this a toto (setup) host"; - config = lib.mkIf config.swarselsystems.profiles.toto { - swarselsystems.modules = { + options.swarselprofiles.toto = lib.mkEnableOption "is this a toto (setup) host"; + config = lib.mkIf config.swarselprofiles.toto { + swarselmodules = { general = lib.mkDefault true; sops = lib.mkDefault true; ssh = lib.mkDefault true; @@ -16874,9 +16978,9 @@ This holds modules that are to be used on most hosts. These are also the most im #+begin_src nix-ts :tangle profiles/home/work/default.nix :mkdirp yes { lib, config, ... }: { - options.swarselsystems.profiles.work = lib.mkEnableOption "is this a work host"; - config = lib.mkIf config.swarselsystems.profiles.work { - swarselsystems.modules = { + options.swarselprofiles.work = lib.mkEnableOption "is this a work host"; + config = lib.mkIf config.swarselprofiles.work { + swarselmodules = { optional = { work = lib.mkDefault true; }; @@ -16895,9 +16999,9 @@ This holds modules that are to be used on most hosts. These are also the most im #+begin_src nix-ts :tangle profiles/home/framework/default.nix :mkdirp yes { lib, config, ... }: { - options.swarselsystems.profiles.framework = lib.mkEnableOption "is this a framework brand host"; - config = lib.mkIf config.swarselsystems.profiles.framework { - swarselsystems.modules = { + options.swarselprofiles.framework = lib.mkEnableOption "is this a framework brand host"; + config = lib.mkIf config.swarselprofiles.framework { + swarselmodules = { optional = { framework = lib.mkDefault true; }; @@ -16909,25 +17013,6 @@ This holds modules that are to be used on most hosts. These are also the most im #+end_src -**** Darwin -:PROPERTIES: -:CUSTOM_ID: h:24e6d661-f498-478c-9008-e8d8c17432ca -:END: - -#+begin_src nix-ts :tangle profiles/home/darwin/default.nix :mkdirp yes - { lib, config, ... }: - { - options.swarselsystems.profiles.darwin = lib.mkEnableOption "is this a darwin host"; - config = lib.mkIf config.swarselsystems.profiles.darwin { - swarselsystems.modules = { - general = lib.mkDefault true; - }; - }; - - } - -#+end_src - **** Local Server :PROPERTIES: :CUSTOM_ID: h:8027b858-369e-4f12-bbaf-f15eeee3d904 @@ -16936,9 +17021,9 @@ This holds modules that are to be used on most hosts. These are also the most im #+begin_src nix-ts :tangle profiles/home/localserver/default.nix :mkdirp yes { lib, config, ... }: { - options.swarselsystems.profiles.server.local = lib.mkEnableOption "is this a local server"; - config = lib.mkIf config.swarselsystems.profiles.server.local { - swarselsystems.modules = { + options.swarselprofiles.server.local = lib.mkEnableOption "is this a local server"; + config = lib.mkIf config.swarselprofiles.server.local { + swarselmodules = { general = lib.mkDefault true; server = { dotfiles = lib.mkDefault true; @@ -16975,6 +17060,7 @@ In the end, we need to restore those values to values that will work during norm Also packed into the hook function is the line =(fset 'epg-wait-for-status 'ignore)=. This line is needed at the end of the configuration in order to allow for my Yubikey to be used to encrypt and decrypt =.gpg= files. Without it, Emacs will just hang forever and basically crash. #+begin_src emacs-lisp :tangle files/emacs/early-init.el :mkdirp yes +;; -*- lexical-binding: t; -*- (defvar swarsel-file-name-handler-alist file-name-handler-alist) (defvar swarsel-vc-handled-backends vc-handled-backends) @@ -17094,6 +17180,7 @@ In this section I define extra functions that I need. Some of these functions I Since I am rebinding the =C-z= hotkey for emacs-evil-state toggling, I want to have a function that still lets me perform this action quickly. #+begin_src emacs-lisp +;; -*- lexical-binding: t; -*- (defun swarsel/toggle-evil-state () (interactive) @@ -17156,7 +17243,7 @@ Used here: [[#h:b92a18cf-eec3-4605-a8c2-37133ade3574][mu4e]] (insert (format "%s <%s>" (or from-user user-full-name) from-addr))))))) (defun swarsel/mu4e-restore-default () - (setq user-mail-address (getenv "SWARSEL_SWARSEL_MAIL") + (setq user-mail-address (getenv "SWARSEL_MAIL4") user-full-name (getenv "SWARSEL_FULLNAME"))) @@ -17484,7 +17571,7 @@ These functions are used here: [[#h:5653d693-ecca-4c95-9633-66b9e3241070][Corfu] #+end_src -**** Disable garbace collection while minibuffer is active +**** Disable garbage collection while minibuffer is active :PROPERTIES: :CUSTOM_ID: h:3c436647-71e6-441c-b452-d817ad2f8331 :END: @@ -19972,11 +20059,11 @@ Yes, I am aware that I am exposing my university-calendar to the public here. I :init ;; set org-caldav-sync-initalization (setq swarsel-caldav-synced 0) - (setq org-caldav-url "https://stash.swarsel.win/remote.php/dav/calendars/Swarsel") - (setq org-caldav-calendars - '((:calendar-id "personal" - :inbox "~/Calendars/leon_cal.org"))) - (setq org-caldav-files '("~/Calendars/leon_cal.org")) + ;; (setq org-caldav-url "https://schedule.swarsel.win/swarsel/calendar") + ;; (setq org-caldav-calendars + ;; '((:calendar-id "personal" + ;; :inbox "~/Calendars/leon_cal.org"))) + ;; (setq org-caldav-files '("~/Calendars/leon_cal.org")) ;; (setq org-caldav-backup-file "~/org-caldav/org-caldav-backup.org") ;; (setq org-caldav-save-directory "~/org-caldav/") @@ -20003,6 +20090,14 @@ Yes, I am aware that I am exposing my university-calendar to the public here. I :config (bind-key "g" 'cfw:refresh-calendar-buffer cfw:calendar-mode-map) (bind-key "q" 'evil-quit cfw:details-mode-map) + ;; dont change the order of days in this one, as it will break weekend markings + (setq calendar-day-name-array + ["Sunday" "Monday" "Tuesday" "Wednesday" "Thursday" "Friday" "Saturday"]) + + ;; First day of the week + (setq calendar-week-start-day 1) ; 0:Sunday, 1:Monday + + ;; (custom-set-faces ;; '(cfw:face-title ((t (:foreground "#f0dfaf" :weight bold :height 65)))) ;; ) @@ -20010,14 +20105,17 @@ Yes, I am aware that I am exposing my university-calendar to the public here. I (defun swarsel/open-calendar () (interactive) - (unless (eq swarsel-caldav-synced 1) (org-caldav-sync) (setq swarsel-caldav-synced 1)) + ;; (unless (eq swarsel-caldav-synced 1) (org-caldav-sync) (setq swarsel-caldav-synced 1)) ;; (select-frame (make-frame '((name . "calendar")))) ; makes a new frame and selects it ;; (set-face-attribute 'default (selected-frame) :height 65) ; reduces the font size of the new frame (cfw:open-calendar-buffer :contents-sources (list - (cfw:org-create-source "Purple") ; orgmode source - (cfw:ical-create-source "TISS" "https://tiss.tuwien.ac.at/events/rest/calendar/personal?locale=de&token=4463bf7a-87a3-490a-b54c-99b4a65192f3" "Cyan")))) + (cfw:org-create-source "Blue") ; orgmode source + (cfw:ical-create-source (getenv "SWARSEL_CAL1NAME") (getenv "SWARSEL_CAL1") "Cyan") + (cfw:ical-create-source (getenv "SWARSEL_CAL2NAME") (getenv "SWARSEL_CAL2") "Green") + (cfw:ical-create-source (getenv "SWARSEL_CAL3NAME") (getenv "SWARSEL_CAL3") "Magenta") + ))) #+end_src @@ -20127,6 +20225,49 @@ This sets up the =dashboard=, which is really quite useless. But, it looks cool (add-hook 'comint-output-filter-functions 'comint-truncate-buffer) #+end_src +*** Popup frames + +#+begin_src emacs-lisp + (defun prot-window-delete-popup-frame (&rest _) + "Kill selected selected frame if it has parameter `prot-window-popup-frame'. + Use this function via a hook." + (when (frame-parameter nil 'prot-window-popup-frame) + (delete-frame))) + + (defmacro prot-window-define-with-popup-frame (command) + "Define interactive function which calls COMMAND in a new frame. + Make the new frame have the `prot-window-popup-frame' parameter." + `(defun ,(intern (format "prot-window-popup-%s" command)) () + ,(format "Run `%s' in a popup frame with `prot-window-popup-frame' parameter. + Also see `prot-window-delete-popup-frame'." command) + (interactive) + (let ((frame (make-frame '((prot-window-popup-frame . t))))) + (select-frame frame) + (modify-frame-parameters nil '((title . "Emacs Popup Frame"))) + (switch-to-buffer " prot-window-hidden-buffer-for-popup-frame") + (condition-case nil + (call-interactively ',command) + ((quit error user-error) + (delete-frame frame)))))) + + (declare-function org-capture "org-capture" (&optional goto keys)) + (defvar org-capture-after-finalize-hook) + ;;;###autoload (autoload 'prot-window-popup-org-capture "prot-window") + (prot-window-define-with-popup-frame org-capture) + (add-hook 'org-capture-after-finalize-hook #'prot-window-delete-popup-frame) + + (declare-function mu4e "mu4e" (&optional goto keys)) + ;;;###autoload (autoload 'prot-window-popup-mu4e "prot-window") + (prot-window-define-with-popup-frame mu4e) + (advice-add 'mu4e-quit :after #'prot-window-delete-popup-frame) + + (declare-function swarsel/open-calendar "swarsel/open-calendar" (&optional goto keys)) + ;;;###autoload (autoload 'prot-window-popup-swarsel/open-calendar "prot-window") + (prot-window-define-with-popup-frame swarsel/open-calendar) + (advice-add 'bury-buffer :after #'prot-window-delete-popup-frame) + +#+end_src + * Appendix A: Noweb-Ref blocks :PROPERTIES: :CUSTOM_ID: h:dae0c5bb-edb7-4fe4-ae31-9f8f064cc53c @@ -20853,7 +20994,7 @@ This file defines a few workflows that I often need to run when working on my co sudo dd if=$(eza --sort changed {{ISO}} | tail -n1) of={{DRIVE}} bs=4M status=progress oflag=sync sync USER HOST: - rsync -av --filter=':- .gitignore' -e "ssh -l {{USER}}" . {{USER}}@{{HOST}}:.dotfiles/ + rsync -rltv --filter=':- .gitignore' -e "ssh -l {{USER}}" . {{USER}}@{{HOST}}:.dotfiles/ #+end_src ** aspell.conf diff --git a/files/emacs/early-init.el b/files/emacs/early-init.el index 7156518..b86d1c1 100644 --- a/files/emacs/early-init.el +++ b/files/emacs/early-init.el @@ -1,22 +1,23 @@ -(defvar swarsel-file-name-handler-alist file-name-handler-alist) -(defvar swarsel-vc-handled-backends vc-handled-backends) +;; -*- lexical-binding: t; -*- + (defvar swarsel-file-name-handler-alist file-name-handler-alist) + (defvar swarsel-vc-handled-backends vc-handled-backends) -(setq gc-cons-threshold most-positive-fixnum - gc-cons-percentage 0.6 - file-name-handler-alist nil - vc-handled-backends nil) + (setq gc-cons-threshold most-positive-fixnum + gc-cons-percentage 0.6 + file-name-handler-alist nil + vc-handled-backends nil) -(add-hook 'emacs-startup-hook - (lambda () - (progn - (setq gc-cons-threshold (* 32 1024 1024) - gc-cons-percentage 0.1 - jit-lock-defer-time 0.05 - read-process-output-max (* 1024 1024) - file-name-handler-alist swarsel-file-name-handler-alist - vc-handled-backends swarsel-vc-handled-backends) - (fset 'epg-wait-for-status 'ignore) - ))) + (add-hook 'emacs-startup-hook + (lambda () + (progn + (setq gc-cons-threshold (* 32 1024 1024) + gc-cons-percentage 0.1 + jit-lock-defer-time 0.05 + read-process-output-max (* 1024 1024) + file-name-handler-alist swarsel-file-name-handler-alist + vc-handled-backends swarsel-vc-handled-backends) + (fset 'epg-wait-for-status 'ignore) + ))) (tool-bar-mode 0) (menu-bar-mode 0) diff --git a/files/emacs/init.el b/files/emacs/init.el index 90f8a4f..d9c090a 100644 --- a/files/emacs/init.el +++ b/files/emacs/init.el @@ -1,8 +1,10 @@ -(defun swarsel/toggle-evil-state () - (interactive) - (if (or (evil-emacs-state-p) (evil-insert-state-p)) - (evil-normal-state) - (evil-emacs-state))) +;; -*- lexical-binding: t; -*- + + (defun swarsel/toggle-evil-state () + (interactive) + (if (or (evil-emacs-state-p) (evil-insert-state-p)) + (evil-normal-state) + (evil-emacs-state))) (defun swarsel/last-buffer () (interactive) (switch-to-buffer nil)) @@ -34,7 +36,7 @@ (insert (format "%s <%s>" (or from-user user-full-name) from-addr))))))) (defun swarsel/mu4e-restore-default () - (setq user-mail-address (getenv "SWARSEL_SWARSEL_MAIL") + (setq user-mail-address (getenv "SWARSEL_MAIL4") user-full-name (getenv "SWARSEL_FULLNAME"))) (defun swarsel/with-buffer-name-prompt-and-make-subdirs () @@ -1581,11 +1583,11 @@ create a new one." :init ;; set org-caldav-sync-initalization (setq swarsel-caldav-synced 0) - (setq org-caldav-url "https://stash.swarsel.win/remote.php/dav/calendars/Swarsel") - (setq org-caldav-calendars - '((:calendar-id "personal" - :inbox "~/Calendars/leon_cal.org"))) - (setq org-caldav-files '("~/Calendars/leon_cal.org")) + ;; (setq org-caldav-url "https://schedule.swarsel.win/swarsel/calendar") + ;; (setq org-caldav-calendars + ;; '((:calendar-id "personal" + ;; :inbox "~/Calendars/leon_cal.org"))) + ;; (setq org-caldav-files '("~/Calendars/leon_cal.org")) ;; (setq org-caldav-backup-file "~/org-caldav/org-caldav-backup.org") ;; (setq org-caldav-save-directory "~/org-caldav/") @@ -1612,6 +1614,14 @@ create a new one." :config (bind-key "g" 'cfw:refresh-calendar-buffer cfw:calendar-mode-map) (bind-key "q" 'evil-quit cfw:details-mode-map) + ;; dont change the order of days in this one, as it will break weekend markings + (setq calendar-day-name-array + ["Sunday" "Monday" "Tuesday" "Wednesday" "Thursday" "Friday" "Saturday"]) + + ;; First day of the week + (setq calendar-week-start-day 1) ; 0:Sunday, 1:Monday + + ;; (custom-set-faces ;; '(cfw:face-title ((t (:foreground "#f0dfaf" :weight bold :height 65)))) ;; ) @@ -1619,14 +1629,17 @@ create a new one." (defun swarsel/open-calendar () (interactive) - (unless (eq swarsel-caldav-synced 1) (org-caldav-sync) (setq swarsel-caldav-synced 1)) + ;; (unless (eq swarsel-caldav-synced 1) (org-caldav-sync) (setq swarsel-caldav-synced 1)) ;; (select-frame (make-frame '((name . "calendar")))) ; makes a new frame and selects it ;; (set-face-attribute 'default (selected-frame) :height 65) ; reduces the font size of the new frame (cfw:open-calendar-buffer :contents-sources (list - (cfw:org-create-source "Purple") ; orgmode source - (cfw:ical-create-source "TISS" "https://tiss.tuwien.ac.at/events/rest/calendar/personal?locale=de&token=4463bf7a-87a3-490a-b54c-99b4a65192f3" "Cyan")))) + (cfw:org-create-source "Blue") ; orgmode source + (cfw:ical-create-source (getenv "SWARSEL_CAL1NAME") (getenv "SWARSEL_CAL1") "Cyan") + (cfw:ical-create-source (getenv "SWARSEL_CAL2NAME") (getenv "SWARSEL_CAL2") "Green") + (cfw:ical-create-source (getenv "SWARSEL_CAL3NAME") (getenv "SWARSEL_CAL3") "Magenta") + ))) (use-package dashboard :ensure t @@ -1696,3 +1709,41 @@ create a new one." (setq message-log-max 30) (setq comint-buffer-maximum-size 50) (add-hook 'comint-output-filter-functions 'comint-truncate-buffer) + +(defun prot-window-delete-popup-frame (&rest _) + "Kill selected selected frame if it has parameter `prot-window-popup-frame'. +Use this function via a hook." + (when (frame-parameter nil 'prot-window-popup-frame) + (delete-frame))) + +(defmacro prot-window-define-with-popup-frame (command) + "Define interactive function which calls COMMAND in a new frame. +Make the new frame have the `prot-window-popup-frame' parameter." + `(defun ,(intern (format "prot-window-popup-%s" command)) () + ,(format "Run `%s' in a popup frame with `prot-window-popup-frame' parameter. +Also see `prot-window-delete-popup-frame'." command) + (interactive) + (let ((frame (make-frame '((prot-window-popup-frame . t))))) + (select-frame frame) + (modify-frame-parameters nil '((title . "Emacs Popup Frame"))) + (switch-to-buffer " prot-window-hidden-buffer-for-popup-frame") + (condition-case nil + (call-interactively ',command) + ((quit error user-error) + (delete-frame frame)))))) + +(declare-function org-capture "org-capture" (&optional goto keys)) +(defvar org-capture-after-finalize-hook) +;;;###autoload (autoload 'prot-window-popup-org-capture "prot-window") +(prot-window-define-with-popup-frame org-capture) +(add-hook 'org-capture-after-finalize-hook #'prot-window-delete-popup-frame) + +(declare-function mu4e "mu4e" (&optional goto keys)) +;;;###autoload (autoload 'prot-window-popup-mu4e "prot-window") +(prot-window-define-with-popup-frame mu4e) +(advice-add 'mu4e-quit :after #'prot-window-delete-popup-frame) + +(declare-function swarsel/open-calendar "swarsel/open-calendar" (&optional goto keys)) +;;;###autoload (autoload 'prot-window-popup-swarsel/open-calendar "prot-window") +(prot-window-define-with-popup-frame swarsel/open-calendar) +(advice-add 'bury-buffer :after #'prot-window-delete-popup-frame) diff --git a/flake.lock b/flake.lock index f3e8274..793d23f 100644 --- a/flake.lock +++ b/flake.lock @@ -1618,11 +1618,11 @@ }, "nixpkgs-dev": { "locked": { - "lastModified": 1752440522, - "narHash": "sha256-CInQkEG3f8XwIBQxYFhuFCT+T++JPstThfifAMD0yRk=", + "lastModified": 1752736260, + "narHash": "sha256-90Gt98hmw/20aOAd7KaSW6otXu7MOBctRmI9RlXD/s0=", "owner": "Swarsel", "repo": "nixpkgs", - "rev": "1f569e3bd49502cb4ec312214662d93619cf2c54", + "rev": "169c3483f7c06fbb58c9346e4d9d112c8aa7827e", "type": "github" }, "original": { diff --git a/hosts/home/treehouse/default.nix b/hosts/home/treehouse/default.nix index 9f2b3e4..9ce0edf 100644 --- a/hosts/home/treehouse/default.nix +++ b/hosts/home/treehouse/default.nix @@ -6,6 +6,8 @@ inputs.sops-nix.homeManagerModules.sops inputs.nix-index-database.hmModules.nix-index "${self}/modules/home" + "${self}/modules/nixos/common/pii.nix" + "${self}/modules/nixos/common/meta.nix" ]; nixpkgs = { diff --git a/hosts/nixos/bakery/default.nix b/hosts/nixos/bakery/default.nix index 1e0b9bf..344ac42 100644 --- a/hosts/nixos/bakery/default.nix +++ b/hosts/nixos/bakery/default.nix @@ -1,17 +1,7 @@ { self, config, inputs, lib, minimal, ... }: let primaryUser = config.swarselsystems.mainUser; - sharedOptions = { - isLaptop = true; - isNixos = true; - isBtrfs = true; - isLinux = true; - sharescreen = "eDP-1"; - profiles = { - reduced = lib.mkIf (!minimal) true; - minimal = lib.mkIf minimal true; - }; - }; + sharedOptions = { }; in { @@ -23,9 +13,20 @@ in ]; + swarselprofiles = { + reduced = lib.mkIf (!minimal) true; + btrfs = true; + }; swarselsystems = lib.recursiveUpdate { + isLaptop = true; + isNixos = true; + isBtrfs = true; + isLinux = true; + lowResolution = "1280x800"; + highResolution = "1920x1080"; + sharescreen = "eDP-1"; info = "Lenovo ThinkPad"; firewall = lib.mkForce true; wallpaper = self + /files/wallpaper/lenovowp.png; @@ -38,29 +39,22 @@ in rootDisk = "/dev/nvme0n1"; swapSize = "4G"; hostName = config.node.name; - profiles = { - btrfs = true; - }; } sharedOptions; home-manager.users."${primaryUser}" = { # home.stateVersion = lib.mkForce "23.05"; - swarselsystems = lib.recursiveUpdate - { - lowResolution = "1280x800"; - highResolution = "1920x1080"; - monitors = { - main = { - name = "LG Display 0x04EF Unknown"; - mode = "1920x1080"; # TEMPLATE - scale = "1"; - position = "1920,0"; - workspace = "15:L"; - output = "eDP-1"; - }; + swarselsystems = { + monitors = { + main = { + name = "LG Display 0x04EF Unknown"; + mode = "1920x1080"; # TEMPLATE + scale = "1"; + position = "1920,0"; + workspace = "15:L"; + output = "eDP-1"; }; - } - sharedOptions; + }; + }; }; } diff --git a/hosts/nixos/chaostheatre/default.nix b/hosts/nixos/chaostheatre/default.nix index e3c10d2..cf1ebb7 100644 --- a/hosts/nixos/chaostheatre/default.nix +++ b/hosts/nixos/chaostheatre/default.nix @@ -1,16 +1,6 @@ { self, config, pkgs, lib, minimal, ... }: let mainUser = "demo"; - sharedOptions = { - inherit mainUser; - isBtrfs = false; - isLinux = true; - isPublic = true; - profiles = { - chaostheatre = lib.mkIf (!minimal) true; - minimal = lib.mkIf minimal true; - }; - }; in { @@ -39,26 +29,25 @@ in firewall.enable = true; }; - swarselsystems = lib.recursiveUpdate - { - info = "~SwarselSystems~ demo host"; - wallpaper = self + /files/wallpaper/lenovowp.png; - isImpermanence = true; - isCrypted = true; - isSecureBoot = false; - isSwap = true; - swapSize = "4G"; - rootDisk = "/dev/vda"; - profiles.btrfs = true; - } - sharedOptions; - - home-manager.users.${mainUser} = { - home.stateVersion = lib.mkForce "23.05"; - swarselsystems = lib.recursiveUpdate - { - isNixos = true; - } - sharedOptions; + swarselprofiles = { + chaostheatre = lib.mkIf (!minimal) true; + minimal = lib.mkIf minimal true; + btrfs = true; }; + swarselsystems = { + info = "~SwarselSystems~ demo host"; + wallpaper = self + /files/wallpaper/lenovowp.png; + isImpermanence = true; + isCrypted = true; + isSecureBoot = false; + isSwap = true; + swapSize = "4G"; + rootDisk = "/dev/vda"; + isBtrfs = false; + inherit mainUser; + isLinux = true; + isPublic = true; + isNixos = true; + }; + } diff --git a/hosts/nixos/milkywell/default.nix b/hosts/nixos/milkywell/default.nix index 2554037..1bc4e35 100644 --- a/hosts/nixos/milkywell/default.nix +++ b/hosts/nixos/milkywell/default.nix @@ -1,15 +1,4 @@ -{ lib, config, minimal, ... }: -let - primaryUser = config.swarselsystems.mainUser; - sharedOptions = { - isBtrfs = true; - isLinux = true; - isNixos = true; - }; - profiles = { - minimal = lib.mkIf minimal true; - }; -in +{ lib, minimal, ... }: { imports = [ ./hardware-configuration.nix @@ -32,25 +21,21 @@ in enableAllFirmware = lib.mkForce false; }; - swarselsystems = lib.recursiveUpdate - { - info = "VM.Standard.E2.1.Micro"; - isImpermanence = true; - isSecureBoot = false; - isCrypted = true; - isSwap = true; - rootDisk = "/dev/sda"; - swapSize = "4G"; - profiles = { - server.syncserver = true; - }; - } - sharedOptions; - - home-manager.users."${primaryUser}" = { - swarselsystems = lib.recursiveUpdate - { } - sharedOptions; + swarselprofiles = { + minimal = lib.mkIf minimal true; + server.syncserver = true; + }; + swarselsystems = { + info = "VM.Standard.E2.1.Micro"; + isImpermanence = true; + isSecureBoot = false; + isCrypted = true; + isSwap = true; + rootDisk = "/dev/sda"; + swapSize = "4G"; + isBtrfs = true; + isLinux = true; + isNixos = true; }; } diff --git a/hosts/nixos/moonside/default.nix b/hosts/nixos/moonside/default.nix index ba84c3b..cd14423 100644 --- a/hosts/nixos/moonside/default.nix +++ b/hosts/nixos/moonside/default.nix @@ -1,16 +1,7 @@ -{ lib, config, globals, ... }: +{ lib, config, ... }: let - primaryUser = config.swarselsystems.mainUser; - inherit (config.repo.secrets.common) workHostName; inherit (config.repo.secrets.local.syncthing) dev1 dev2 dev3 loc1; inherit (config.swarselsystems) sopsFile; - serviceDomain = config.repo.secrets.common.services.domains.syncthing3; - - sharedOptions = { - isBtrfs = true; - isNixos = true; - isLinux = true; - }; in { imports = [ @@ -33,15 +24,6 @@ in environment = { etc."issue".text = "\4"; - - persistence."/persist".directories = lib.mkIf config.swarselsystems.isImpermanence [ - { - directory = "/var/lib/syncthing"; - user = "syncthing"; - group = "syncthing"; - mode = "0700"; - } - ]; }; topology.self.interfaces.wg = { @@ -88,146 +70,72 @@ in system.stateVersion = "23.11"; - globals.services."syncthing-${config.networking.hostName}".domain = serviceDomain; - - services = { - nginx = { - virtualHosts = { - ${serviceDomain} = { - enableACME = true; - forceSSL = true; - acmeRoot = null; - locations = { - "/" = { - proxyPass = "http://localhost:8384"; - extraConfig = '' - client_max_body_size 0; - ''; - }; + services.syncthing = { + dataDir = lib.mkForce "/sync"; + settings = { + devices = config.swarselsystems.syncthing.devices // { + "${dev1}" = { + id = "OCCDGDF-IPZ6HHQ-5SSLQ3L-MSSL5ZW-IX5JTAM-PW4PYEK-BRNMJ7E-Q7YDMA7"; + }; + "${dev2}" = { + id = "LPCFIIB-ENUM2V6-F2BWVZ6-F2HXCL2-BSBZXUF-TIMNKYB-7CATP7H-YU5D3AH"; + }; + "${dev3}" = { + id = "LAUT2ZP-KEZY35H-AHR3ARD-URAREJI-2B22P5T-PIMUNWW-PQRDETU-7KIGNQR"; + }; + }; + folders = { + "Documents" = { + path = "/sync/Documents"; + type = "receiveonly"; + versioning = { + type = "simple"; + params.keep = "2"; }; + devices = [ "pyramid" ]; + id = "hgr3d-pfu3w"; + }; + "runandbun" = { + path = "/sync/runandbun"; + type = "receiveonly"; + versioning = { + type = "simple"; + params.keep = "5"; + }; + devices = [ "winters" "magicant" ]; + id = "kwnql-ev64v"; + }; + "${loc1}" = { + path = "/sync/${loc1}"; + type = "receiveonly"; + versioning = { + type = "simple"; + params.keep = "3"; + }; + devices = [ dev1 dev2 dev3 ]; + id = "5gsxv-rzzst"; }; }; }; + }; + swarselprofiles = { + server.moonside = true; + }; + + swarselsystems = { + info = "VM.Standard.A1.Flex, 4 OCPUs, 24GB RAM"; + isImpermanence = true; + isSecureBoot = false; + isCrypted = false; + isSwap = false; + rootDisk = "/dev/sda"; + isBtrfs = true; + isNixos = true; + isLinux = true; syncthing = { - enable = true; - guiAddress = "0.0.0.0:8384"; - openDefaultPorts = true; - relay.enable = false; - settings = { - urAccepted = -1; - devices = { - "magicant" = { - id = "VMWGEE2-4HDS2QO-KNQOVGN-LXLX6LA-666E4EK-ZBRYRRO-XFEX6FB-6E3XLQO"; - }; - "winters" = { - id = "O7RWDMD-AEAHPP7-7TAVLKZ-BSWNBTU-2VA44MS-EYGUNBB-SLHKB3C-ZSLMOAA"; - }; - "${workHostName}" = { - id = "YAPV4BV-I26WPTN-SIP32MV-SQP5TBZ-3CHMTCI-Z3D6EP2-MNDQGLP-53FT3AB"; - }; - "${dev1}" = { - id = "OCCDGDF-IPZ6HHQ-5SSLQ3L-MSSL5ZW-IX5JTAM-PW4PYEK-BRNMJ7E-Q7YDMA7"; - }; - "${dev2}" = { - id = "LPCFIIB-ENUM2V6-F2BWVZ6-F2HXCL2-BSBZXUF-TIMNKYB-7CATP7H-YU5D3AH"; - }; - "${dev3}" = { - id = "LAUT2ZP-KEZY35H-AHR3ARD-URAREJI-2B22P5T-PIMUNWW-PQRDETU-7KIGNQR"; - }; - }; - folders = { - "Default Folder" = lib.mkForce { - path = "/sync/Sync"; - type = "receiveonly"; - versioning = null; - devices = [ "winters" "magicant" "${workHostName}" ]; - id = "default"; - }; - "Obsidian" = { - path = "/sync/Obsidian"; - type = "receiveonly"; - versioning = { - type = "simple"; - params.keep = "5"; - }; - devices = [ "winters" "magicant" "${workHostName}" ]; - id = "yjvni-9eaa7"; - }; - "Org" = { - path = "/sync/Org"; - type = "receiveonly"; - versioning = { - type = "simple"; - params.keep = "5"; - }; - devices = [ "winters" "magicant" "${workHostName}" ]; - id = "a7xnl-zjj3d"; - }; - "Vpn" = { - path = "/sync/Vpn"; - type = "receiveonly"; - versioning = { - type = "simple"; - params.keep = "5"; - }; - devices = [ "winters" "magicant" "${workHostName}" ]; - id = "hgp9s-fyq3p"; - }; - "Documents" = { - path = "/sync/Documents"; - type = "receiveonly"; - versioning = { - type = "simple"; - params.keep = "2"; - }; - devices = [ "winters" ]; - id = "hgr3d-pfu3w"; - }; - "runandbun" = { - path = "/sync/runandbun"; - type = "receiveonly"; - versioning = { - type = "simple"; - params.keep = "5"; - }; - devices = [ "winters" "magicant" ]; - id = "kwnql-ev64v"; - }; - "${loc1}" = { - path = "/sync/${loc1}"; - type = "receiveonly"; - versioning = { - type = "simple"; - params.keep = "3"; - }; - devices = [ dev1 dev2 dev3 ]; - id = "5gsxv-rzzst"; - }; - }; - }; + serviceDomain = config.repo.secrets.common.services.domains.syncthing3; + serviceIP = "localhost"; }; }; - - swarselsystems = lib.recursiveUpdate - { - info = "VM.Standard.A1.Flex, 4 OCPUs, 24GB RAM"; - isImpermanence = true; - isSecureBoot = false; - isCrypted = false; - isSwap = false; - rootDisk = "/dev/sda"; - profiles = { - server.moonside = true; - }; - } - sharedOptions; - - home-manager.users."${primaryUser}" = { - home.stateVersion = lib.mkForce "23.11"; - swarselsystems = lib.recursiveUpdate - { } - sharedOptions; - }; - } diff --git a/hosts/nixos/pyramid/default.nix b/hosts/nixos/pyramid/default.nix index e3607c7..79541c3 100644 --- a/hosts/nixos/pyramid/default.nix +++ b/hosts/nixos/pyramid/default.nix @@ -1,19 +1,6 @@ { self, config, inputs, lib, minimal, ... }: let primaryUser = config.swarselsystems.mainUser; - sharedOptions = { - isLaptop = true; - isNixos = true; - isBtrfs = true; - isLinux = true; - sharescreen = "eDP-2"; - profiles = { - personal = lib.mkIf (!minimal) true; - minimal = lib.mkIf minimal true; - work = lib.mkIf (!minimal) true; - framework = lib.mkIf (!minimal) true; - }; - }; in { @@ -26,53 +13,56 @@ in ]; - swarselsystems = lib.recursiveUpdate - { - info = "Framework Laptop 16, 7940HS, RX7700S, 64GB RAM"; - firewall = lib.mkForce true; - wallpaper = self + /files/wallpaper/lenovowp.png; - hasBluetooth = true; - hasFingerprint = true; - isImpermanence = false; - isSecureBoot = true; - isCrypted = true; - inherit (config.repo.secrets.local) hostName; - inherit (config.repo.secrets.local) fqdn; - hibernation.offset = 533760; - profiles = { - amdcpu = true; - amdgpu = true; - hibernation = true; - btrfs = true; - }; - } - sharedOptions; + swarselprofiles = { + personal = lib.mkIf (!minimal) true; + work = lib.mkIf (!minimal) true; + framework = lib.mkIf (!minimal) true; + amdcpu = true; + amdgpu = true; + hibernation = true; + btrfs = true; + }; + swarselsystems = { + lowResolution = "1280x800"; + highResolution = "2560x1600"; + isLaptop = true; + isNixos = true; + isBtrfs = true; + isLinux = true; + sharescreen = "eDP-2"; + info = "Framework Laptop 16, 7940HS, RX7700S, 64GB RAM"; + firewall = lib.mkForce true; + wallpaper = self + /files/wallpaper/lenovowp.png; + hasBluetooth = true; + hasFingerprint = true; + isImpermanence = false; + isSecureBoot = true; + isCrypted = true; + inherit (config.repo.secrets.local) hostName; + inherit (config.repo.secrets.local) fqdn; + hibernation.offset = 533760; + }; home-manager.users."${primaryUser}" = { - # home.stateVersion = lib.mkForce "23.05"; - swarselsystems = lib.recursiveUpdate - { - isSecondaryGpu = true; - SecondaryGpuCard = "pci-0000_03_00_0"; - cpuCount = 16; - temperatureHwmon = { - isAbsolutePath = true; - path = "/sys/devices/virtual/thermal/thermal_zone0/"; - input-filename = "temp4_input"; + swarselsystems = { + isSecondaryGpu = true; + SecondaryGpuCard = "pci-0000_03_00_0"; + cpuCount = 16; + temperatureHwmon = { + isAbsolutePath = true; + path = "/sys/devices/virtual/thermal/thermal_zone0/"; + input-filename = "temp4_input"; + }; + monitors = { + main = { + name = "BOE 0x0BC9 Unknown"; + mode = "2560x1600"; # TEMPLATE + scale = "1"; + position = "2560,0"; + workspace = "15:L"; + output = "eDP-2"; }; - lowResolution = "1280x800"; - highResolution = "2560x1600"; - monitors = { - main = { - name = "BOE 0x0BC9 Unknown"; - mode = "2560x1600"; # TEMPLATE - scale = "1"; - position = "2560,0"; - workspace = "15:L"; - output = "eDP-2"; - }; - }; - } - sharedOptions; + }; + }; }; } diff --git a/hosts/nixos/toto/default.nix b/hosts/nixos/toto/default.nix index 8a37895..dee2083 100644 --- a/hosts/nixos/toto/default.nix +++ b/hosts/nixos/toto/default.nix @@ -1,15 +1,4 @@ -{ self, config, lib, minimal, ... }: -let - primaryUser = config.swarselsystems.mainUser; - sharedOptions = { - isBtrfs = true; - isLinux = true; - profiles = { - toto = lib.mkIf (!minimal) true; - minimal = lib.mkIf minimal true; - }; - }; -in +{ self, lib, minimal, ... }: { imports = [ @@ -17,36 +6,31 @@ in ./hardware-configuration.nix ]; - - networking = { hostName = "toto"; firewall.enable = false; }; - swarselsystems = lib.recursiveUpdate - { - info = "~SwarselSystems~ remote install helper"; - wallpaper = self + /files/wallpaper/lenovowp.png; - isImpermanence = true; - isCrypted = true; - isSecureBoot = false; - isSwap = true; - swapSize = "2G"; - # rootDisk = "/dev/nvme0n1"; - rootDisk = "/dev/vda"; - profiles.btrfs = true; - # rootDisk = "/dev/vda"; - } - sharedOptions; - - home-manager.users.${primaryUser} = { - home.stateVersion = lib.mkForce "23.05"; - swarselsystems = lib.recursiveUpdate - { - isLaptop = false; - isNixos = true; - } - sharedOptions; + swarselprofiles = { + toto = lib.mkIf (!minimal) true; + btrfs = true; }; + + swarselsystems = { + info = "~SwarselSystems~ remote install helper"; + wallpaper = self + /files/wallpaper/lenovowp.png; + isImpermanence = true; + isCrypted = true; + isSecureBoot = false; + isSwap = true; + swapSize = "2G"; + # rootDisk = "/dev/nvme0n1"; + rootDisk = "/dev/vda"; + # rootDisk = "/dev/vda"; + isBtrfs = true; + isLinux = true; + isLaptop = false; + isNixos = true; + }; + } diff --git a/hosts/nixos/winters/default.nix b/hosts/nixos/winters/default.nix index 6b65107..9e872ff 100644 --- a/hosts/nixos/winters/default.nix +++ b/hosts/nixos/winters/default.nix @@ -1,15 +1,4 @@ -{ lib, config, ... }: -let - primaryUser = config.swarselsystems.mainUser; - sharedOptions = { - isBtrfs = false; - isLinux = true; - isNixos = true; - profiles = { - server.local = true; - }; - }; -in +{ config, ... }: { imports = [ @@ -30,19 +19,18 @@ in }; - swarselsystems = lib.recursiveUpdate - { - info = "ASRock J4105-ITX, 32GB RAM"; - isImpermanence = false; - isSecureBoot = true; - isCrypted = true; - } - sharedOptions; - - home-manager.users."${primaryUser}" = { - home.stateVersion = lib.mkForce "23.05"; - swarselsystems = lib.recursiveUpdate - { } - sharedOptions; + swarselprofiles = { + server.local = true; }; + + swarselsystems = { + info = "ASRock J4105-ITX, 32GB RAM"; + isImpermanence = false; + isSecureBoot = true; + isCrypted = true; + isBtrfs = false; + isLinux = true; + isNixos = true; + }; + } diff --git a/hosts/nixos/winters/secrets/pii.nix.enc b/hosts/nixos/winters/secrets/pii.nix.enc index 0a46cc3..9c0e82b 100644 --- a/hosts/nixos/winters/secrets/pii.nix.enc +++ b/hosts/nixos/winters/secrets/pii.nix.enc @@ -1,5 +1,5 @@ { - "data": "ENC[AES256_GCM,data:XEzKhJ1+iwQZ24wnf7FdThWMwOKEwaYr3ecGjjLpTqx4+kq3W9FWFDSKkHAwo6077tsVTu7NCGZfat/gAylg1xgqAZAHA8/PMQejowAgIPCG7eCQvQfTMepcuWjgc9BAyFYcBjPFmLnvX69LE80Fw0Io1QeKIa6CVJKp4P6eC8OIKeG1fTc3/sWxr+3ZKTzGPKiGCnSMo7qM0/2HlV0bhp8yWFni+2nZ8UlPJluEnmx0bBR0uZ6bdqzLX/fFrmgTd6m30+Zq8pjKVhiHpEQd9m5aU2inCWv4OeNE3EQsLYcnhcVdrcySZ6R4AZ1nlZZedDhf+Ee4AwcIPVsA8HHqlUEY1CayHF5wLpkxralOpt+RFZYJkvupmozP/uYRymoAA6YgJGesr2Oki0wT041nioB9AvpU9xFvfCqbqXXsBvwtvhxpwhEJJOogZENKnjvvoDoLGZlFVPzkfqDANuv5SAJQiWuFLWEdcmQncRlsjwSPOGOnI+r+puHszPOaDsZigF/yuL4rd5a0RkS6dCOfYtCvQBBAMfEAWX13AiKF0Dtz5/ijEEK7iojoMF/B6rnoENs2l0cSljq7TGV0DVRDjFUTiMNbfRxUJUkMuqJFnNzMwz4METmAwgqHn217uvUk2V8UJ5v9k4sapRmogPTfCwhvxGDV1e9AJvL6WXJ2m0ldhKOcQXFiO/+ZtNB1FHJ22ZFcxcSSOSRmEQsB5Yw3zPEjQ7sU93sKRLEPrTEqSSNG75iZ+vZm9iEI2trFhtEOlU98Ury/USC9sjPN/sxGGR5hcRZajY2HUxVTucMheIWJ7mxhxLHg7rz/qWLSqC6TqKwnyv+NdBnrVaLWaRnZGRCgtvN+oJKRjyxCsiDHVoY52cP5SmdXGn3yrVxDuYGrkLf/JOj76Hs/TCSsYptMvKqH4R4vT8SlDnplpcIfd5KTr4sM1n4q4sai1wRc1wlN0EkwK7+otTYcStxtvgUUtW/4jkk+73TdvvR9IkV0PqghKuB6FdAM6qRX1M8AebcXNyZYW9k7sHRVWGk+eMrMe/qX2IAY1WUgdt7hs2Ci9XoJqWKCG17rcKZ/ORu0utrJt+l0H9fZihO8+aYHabsHueiyJTKJvZx9+12r5a6deXShtdpsdQVnMlczWKGKUIdQ7TB12HILGPAvvZkJh0aDq043UU/4dUwyUezi70QnH/Z/GRip68kXH6njBmZRlmmNAFSCHkGxMKxpgssHyXXNEvET/TIVEJeR1vYjqFoGIBrFQV1Bqu2yk3A2pZLBEEbsCQrOuE2CPpfrn5kCUnw2sJOWpnVqyQ+SA4xZ7W1vw7i8aL2ThZlKE3zsriECpOfEaDWv8ME2HsiL42VUmgv+6zm/2hiVK+OayQucBUbY8IC6Yjl2kXB7EPvUsc60V2xOJl40KIAJxa0GNgaRMWkYoFtnVrYbY4yT37UjIAu2fJD725qgkXOJwbFPlX7na86PVVB0MQ==,iv:JSG8DynJg8t7HEDoW7IwYt189P22h4BPMFYsJmo3mcU=,tag:cHoNQBL2DCpntJyhqay54Q==,type:str]", + "data": "ENC[AES256_GCM,data:Ow17QtITRfXk4BJGWb4jw1gX8HRIAdpBDpyGtif3Vb42cCqSWpLaIR1KecbU3OPkGesC/vh2tgmfE/xlm6nUR8kvRDZdhFr7UckeKFiD4hlfHBhGckaCXOiRZ3ACHrHfM/a2CbKDl14xLDMFDervdMRfB/4vjvnn9xvhjepZ1e7+Iopd9agL8r658AMFF3j2tRYZp7l5GLArs+7mUsFfXujkui1Xgh5+TRvYPh3zQ18RWyP4QMYP6HPHgHRH7S6uciUb6Qq1yEytOy3pCJTb+gZaa9xI1azzP7r83b7KeXdukupR+9fNWN52swDHXRugThMrh4kOrBdyaafJ1v2w4FTTPwj6JQvkxT+vMV4+WIclhD/FWtEHtUqsHDFnMzTIQfyTMt42HZKNdQDwp2fwuV1BP0qOUqRnheaTPiyZiZL8I27xDfwp5zfSqxA7KEzLL2uRbIPefdqNFlcte/xL9IkbTux+AmHaIjQeLkiPyMf2wc2NTIabWPk/ILC917vnancdAQuujB38SaWPrKeCEqDKsArvgjnmn47ctBND73G4PszieneCnuq4sNT9QrC81mk/AQv5TFG0i0fvPoXfpO4ul7MgaP+iPodb2CThHKDAwL+Gnq/6+tg+vJbTKxrsixHvYViA9p/ke1YaRFg2R8V7NwRDl68NI2yCaqj3qlS6Sa8Mx7IUQR6aCN4nkpcJs2GLVCEhWKFBsNXXhPa01C/81JGJ6+/zfHuGbY6gGtS7k3cZ9+dfizN29nBlp+A1U+Noxjl9arYOX4gjEnQhvo9Tp/gBCmrvXjoE6ja8XXUv78/Bfnvup52gdNunYRYv3Aj91F0u6fH6UqoWPXVTy6eznV727Pj9H1BPzMEfmf3EPc6Qcg7AR7vKORfH3U0PFXxFMY0kGEJdug5jmLuwUoRR9zOyHOqdS4Tk9BcMT02gRyQf6LZ3drDoqC35L5hop/gfbleUXXODn3cE1mEuAuZ08OSavZ24IHo1aMr50gjn32WSBKkjfC0dobBWzWwykxhu0vZZI3xYJx/59qqsodDGAJAhry5N6vrwM/PK/O73L2QBqkaT50eImIQ4+vpahcvFPRIkHLvQkzxlyH0dafuGyyF2gfig5Rq3vw02pT8z06LjmJ/ehvteyy1BE9CdiUvYHjaBXiWg2n5FvAe5e8EQxUx9+SwfwEpnucuocp7g+d3W3cXJOU6m9JxwvK7LX95MbpKOtdPq11yi35LLb1TikFLdFZyu+SeaNFD3AzQMOSem6Lwc7N7WHC5z3Ah7FvqqnL2J51hDfMLW78A7DCI9GNRVoyVjx++gRr+ftEf8UUAYmkJdT/D898wtLWmBXikY/2e36q3QJV0Hy3fGBjxLmN/Tdz62jgCaXrNdJqJTFZ5h+hjd03GT6utmPwp0D2lBSM0LXsZsql+jI54P8cFdu3S4mNIjHZqV1kmsk0MCCVJKnGODeLQLxJhp287N3+0HJEm4KicGWMchef/YeiLLtD7mz7ov/9OI,iv:KvoTnlj+f+eMsFEZP8F1v0r/xZ4aVBUWmO+zsQCvhS4=,tag:U1ziE2832QfNkP0yjIzBeA==,type:str]", "sops": { "age": [ { @@ -7,8 +7,8 @@ "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyK0w2RjJ5R1l2ay94QXRj\nekJwSlowcFVLc1cvWVFjNEVFUnFocEJHYlNnCnBnUEYvNWdNWE9BTjB5ODRuTlAw\nMUh4QmlTeVVYNHM0S1FwWG5qUG42VDgKLS0tIHh5VlU2dVZmUlRIMDRlVEJmNU55\ncFlXR1BzMkVnMkFWN3BBZWhHalltMlEKibdARxBcFqaXUhYp3KkrrvO9YgaBDacl\n8BEv4ph0f2baDN0dsymJjmdHStwKTjOwDspRtCTs5u75hR35a2xyFQ==\n-----END AGE ENCRYPTED FILE-----\n" } ], - "lastmodified": "2025-07-02T10:26:33Z", - "mac": "ENC[AES256_GCM,data:/rmQKH7up3IcAdyYpdpx6H6gdyiNsnPS6TaozSU0EXxoaods50xC5sf2/quqLaeSRJE/NjKvh+3BWchbFJMQZM4PvSML3XAO8w9t/GqmOwwLJrvnMyulqS5y7BVDJZysmDe9TFNz05UJfZdbvLrH8kyhTHF7ciA8HgJq5JzFiBc=,iv:ORyza5fzjptuq5WD3NA9/OTFbACtzHp5e6kNKT/EaTE=,tag:wsp3Z/ySHVmDC9uRCn30Uw==,type:str]", + "lastmodified": "2025-07-17T20:14:29Z", + "mac": "ENC[AES256_GCM,data:4YP1fp9Mcbx0pvS5l9Xzc5cbhFnBo5GkqyRvcEspNYQ3IW5LIWtPwItwLZH/ymfEkpwIVYOugnB12HJJo9jpudgfUMXtp43ImDUNVHs59qkNhJFmTSoEZMBHQjPtE/jE17OIAZzeA41EAItesrmExV1W8ePy7rTgHQl5BDooWME=,iv:vyZ0BGjMUDeoVMkDw6wLZK3KKIECK5caz/nQB3nXlGs=,tag:GAqKNcSf3Ny/WsB3tYM/og==,type:str]", "pgp": [ { "created_at": "2025-06-11T11:42:23Z", diff --git a/justfile b/justfile index afde561..f2f9f7f 100644 --- a/justfile +++ b/justfile @@ -24,4 +24,4 @@ dd DRIVE ISO: sudo dd if=$(eza --sort changed {{ISO}} | tail -n1) of={{DRIVE}} bs=4M status=progress oflag=sync sync USER HOST: - rsync -av --filter=':- .gitignore' -e "ssh -l {{USER}}" . {{USER}}@{{HOST}}:.dotfiles/ + rsync -rltv --filter=':- .gitignore' -e "ssh -l {{USER}}" . {{USER}}@{{HOST}}:.dotfiles/ diff --git a/modules/home/common/atuin.nix b/modules/home/common/atuin.nix index f0623e1..82383f5 100644 --- a/modules/home/common/atuin.nix +++ b/modules/home/common/atuin.nix @@ -3,8 +3,8 @@ let atuinDomain = globals.services.atuin.domain; in { - options.swarselsystems.modules.atuin = lib.mkEnableOption "atuin settings"; - config = lib.mkIf config.swarselsystems.modules.atuin { + options.swarselmodules.atuin = lib.mkEnableOption "atuin settings"; + config = lib.mkIf config.swarselmodules.atuin { programs.atuin = { enable = true; enableZshIntegration = true; diff --git a/modules/home/common/custom-packages.nix b/modules/home/common/custom-packages.nix index 8c38d7f..5c66542 100644 --- a/modules/home/common/custom-packages.nix +++ b/modules/home/common/custom-packages.nix @@ -1,8 +1,8 @@ { lib, config, pkgs, ... }: { - options.swarselsystems.modules.ownpackages = lib.mkEnableOption "own packages settings"; - config = lib.mkIf config.swarselsystems.modules.ownpackages { + options.swarselmodules.ownpackages = lib.mkEnableOption "own packages settings"; + config = lib.mkIf config.swarselmodules.ownpackages { home.packages = with pkgs; lib.mkIf (!config.swarselsystems.isPublic) [ pass-fuzzel cdw diff --git a/modules/home/common/default.nix b/modules/home/common/default.nix index 18e0ee1..e7b9ac5 100644 --- a/modules/home/common/default.nix +++ b/modules/home/common/default.nix @@ -1,7 +1,9 @@ { lib, ... }: let importNames = lib.swarselsystems.readNix "modules/home/common"; + sharedNames = lib.swarselsystems.readNix "modules/shared"; in { - imports = lib.swarselsystems.mkImports importNames "modules/home/common"; + imports = lib.swarselsystems.mkImports importNames "modules/home/common" ++ + lib.swarselsystems.mkImports sharedNames "modules/shared"; } diff --git a/modules/home/common/desktop.nix b/modules/home/common/desktop.nix index 05b03fd..a24eb94 100644 --- a/modules/home/common/desktop.nix +++ b/modules/home/common/desktop.nix @@ -1,7 +1,7 @@ { lib, config, ... }: { - options.swarselsystems.modules.desktop = lib.mkEnableOption "desktop settings"; - config = lib.mkIf config.swarselsystems.modules.desktop { + options.swarselmodules.desktop = lib.mkEnableOption "desktop settings"; + config = lib.mkIf config.swarselmodules.desktop { xdg.desktopEntries = { cura = { diff --git a/modules/home/common/direnv.nix b/modules/home/common/direnv.nix index 0e84503..ea72d7d 100644 --- a/modules/home/common/direnv.nix +++ b/modules/home/common/direnv.nix @@ -1,7 +1,7 @@ { lib, config, ... }: { - options.swarselsystems.modules.direnv = lib.mkEnableOption "direnv settings"; - config = lib.mkIf config.swarselsystems.modules.direnv { + options.swarselmodules.direnv = lib.mkEnableOption "direnv settings"; + config = lib.mkIf config.swarselmodules.direnv { programs.direnv = { enable = true; silent = true; diff --git a/modules/home/common/emacs.nix b/modules/home/common/emacs.nix index 8f5863e..2a0d331 100644 --- a/modules/home/common/emacs.nix +++ b/modules/home/common/emacs.nix @@ -1,12 +1,26 @@ -{ self, lib, config, pkgs, ... }: +{ self, lib, config, pkgs, globals, ... }: let - inherit (config.swarselsystems) homeDir isPublic; + inherit (config.swarselsystems) homeDir isPublic isNixos; + inherit (config.repo.secrets.common.emacs) radicaleUser; in { - options.swarselsystems.modules.emacs = lib.mkEnableOption "emacs settings"; - config = lib.mkIf config.swarselsystems.modules.emacs { + options.swarselmodules.emacs = lib.mkEnableOption "emacs settings"; + config = lib.mkIf config.swarselmodules.emacs { # needed for elfeed - sops.secrets.fever-pw = lib.mkIf (!isPublic) { path = "${homeDir}/.emacs.d/.fever"; }; + sops = lib.mkIf (!isPublic && !isNixos) { + secrets = { + fever-pw = { path = "${homeDir}/.emacs.d/.fever"; }; + emacs-radicale-pw = { }; + }; + templates = { + authinfo = { + path = "${homeDir}/.emacs.d/.authinfo"; + content = '' + machine ${globals.services.radicale.domain} login ${radicaleUser} password ${config.sops.placeholder.emacs-radicale-pw} + ''; + }; + }; + }; # enable emacs overlay for bleeding edge features # also read init.el file and install use-package packages diff --git a/modules/home/common/env.nix b/modules/home/common/env.nix index a8acacd..0148b9d 100644 --- a/modules/home/common/env.nix +++ b/modules/home/common/env.nix @@ -1,24 +1,33 @@ -{ lib, config, globals, nixosConfig, ... }: +{ lib, config, globals, nixosConfig ? config, ... }: let inherit (nixosConfig.repo.secrets.common.mail) address1 address2 address3 address4 allMailAddresses; + inherit (nixosConfig.repo.secrets.common.calendar) source1 source1-name source2 source2-name source3 source3-name; inherit (nixosConfig.repo.secrets.common) fullName; + inherit (config.swarselsystems) isPublic; crocDomain = globals.services.croc.domain; in { - options.swarselsystems.modules.env = lib.mkEnableOption "env settings"; - config = lib.mkIf config.swarselsystems.modules.env { + options.swarselmodules.env = lib.mkEnableOption "env settings"; + config = lib.mkIf config.swarselmodules.env { home.sessionVariables = { EDITOR = "e -w"; DISPLAY = ":0"; - CROC_RELAY = crocDomain; SWARSEL_LO_RES = config.swarselsystems.lowResolution; SWARSEL_HI_RES = config.swarselsystems.highResolution; + CROC_RELAY = lib.mkIf (!isPublic) crocDomain; }; - systemd.user.sessionVariables = lib.mkIf (config.swarselsystems.isNixos && !config.swarselsystems.isPublic) { + systemd.user.sessionVariables = lib.mkIf (!isPublic) { + GITHUB_NOTIFICATION_TOKEN_PATH = nixosConfig.sops.secrets.github-notifications-token.path; SWARSEL_MAIL1 = address1; SWARSEL_MAIL2 = address2; SWARSEL_MAIL3 = address3; SWARSEL_MAIL4 = address4; + SWARSEL_CAL1 = source1; + SWARSEL_CAL1NAME = source1-name; + SWARSEL_CAL2 = source2; + SWARSEL_CAL2NAME = source2-name; + SWARSEL_CAL3 = source3; + SWARSEL_CAL3NAME = source3-name; SWARSEL_FULLNAME = fullName; SWARSEL_MAIL_ALL = allMailAddresses; }; diff --git a/modules/home/common/eza.nix b/modules/home/common/eza.nix index c78a30b..56316f6 100644 --- a/modules/home/common/eza.nix +++ b/modules/home/common/eza.nix @@ -1,7 +1,7 @@ { lib, config, ... }: { - options.swarselsystems.modules.eza = lib.mkEnableOption "eza settings"; - config = lib.mkIf config.swarselsystems.modules.eza { + options.swarselmodules.eza = lib.mkEnableOption "eza settings"; + config = lib.mkIf config.swarselmodules.eza { programs.eza = { enable = true; icons = "auto"; diff --git a/modules/home/common/firefox.nix b/modules/home/common/firefox.nix index 0095a39..7905b0b 100644 --- a/modules/home/common/firefox.nix +++ b/modules/home/common/firefox.nix @@ -1,7 +1,7 @@ -{ config, pkgs, lib, ... }: +{ config, pkgs, lib, vars, ... }: { - options.swarselsystems.modules.firefox = lib.mkEnableOption "firefox settings"; - config = lib.mkIf config.swarselsystems.modules.firefox { + options.swarselmodules.firefox = lib.mkEnableOption "firefox settings"; + config = lib.mkIf config.swarselmodules.firefox { programs.firefox = { enable = true; package = pkgs.firefox; # uses overrides @@ -143,7 +143,7 @@ "browser.startup.homepage" = "https://lobste.rs"; }; } - config.swarselsystems.firefox; + vars.firefox; }; }; }; diff --git a/modules/home/common/fuzzel.nix b/modules/home/common/fuzzel.nix index 8c646ca..89e6689 100644 --- a/modules/home/common/fuzzel.nix +++ b/modules/home/common/fuzzel.nix @@ -1,7 +1,7 @@ { lib, config, ... }: { - options.swarselsystems.modules.fuzzel = lib.mkEnableOption "fuzzel settings"; - config = lib.mkIf config.swarselsystems.modules.fuzzel { + options.swarselmodules.fuzzel = lib.mkEnableOption "fuzzel settings"; + config = lib.mkIf config.swarselmodules.fuzzel { programs.fuzzel = { enable = true; settings = { diff --git a/modules/home/common/gammastep.nix b/modules/home/common/gammastep.nix index e6d9e73..c8862c8 100644 --- a/modules/home/common/gammastep.nix +++ b/modules/home/common/gammastep.nix @@ -1,10 +1,10 @@ -{ lib, config, nixosConfig, ... }: +{ lib, config, nixosConfig ? config, ... }: let inherit (nixosConfig.repo.secrets.common.location) latitude longitude; in { - options.swarselsystems.modules.gammastep = lib.mkEnableOption "gammastep settings"; - config = lib.mkIf config.swarselsystems.modules.gammastep { + options.swarselmodules.gammastep = lib.mkEnableOption "gammastep settings"; + config = lib.mkIf config.swarselmodules.gammastep { services.gammastep = lib.mkIf (config.swarselsystems.isNixos && !config.swarselsystems.isPublic) { enable = true; provider = "manual"; diff --git a/modules/home/common/git.nix b/modules/home/common/git.nix index 97632a1..59035aa 100644 --- a/modules/home/common/git.nix +++ b/modules/home/common/git.nix @@ -1,4 +1,4 @@ -{ lib, config, globals, minimal, nixosConfig, ... }: +{ lib, config, globals, minimal, nixosConfig ? config, ... }: let inherit (nixosConfig.repo.secrets.common.mail) address1; inherit (nixosConfig.repo.secrets.common) fullName; @@ -6,8 +6,8 @@ let gitUser = globals.user.name; in { - options.swarselsystems.modules.git = lib.mkEnableOption "git settings"; - config = lib.mkIf config.swarselsystems.modules.git { + options.swarselmodules.git = lib.mkEnableOption "git settings"; + config = lib.mkIf config.swarselmodules.git { programs.git = { enable = true; } // lib.optionalAttrs (!minimal) { diff --git a/modules/home/common/gnome-keyring.nix b/modules/home/common/gnome-keyring.nix index 9fb5ec6..c952e7b 100644 --- a/modules/home/common/gnome-keyring.nix +++ b/modules/home/common/gnome-keyring.nix @@ -1,7 +1,7 @@ { lib, config, ... }: { - options.swarselsystems.modules.gnome-keyring = lib.mkEnableOption "gnome keyring settings"; - config = lib.mkIf config.swarselsystems.modules.gnome-keyring { + options.swarselmodules.gnome-keyring = lib.mkEnableOption "gnome keyring settings"; + config = lib.mkIf config.swarselmodules.gnome-keyring { services.gnome-keyring = lib.mkIf (!config.swarselsystems.isNixos) { enable = true; }; diff --git a/modules/home/common/gpg-agent.nix b/modules/home/common/gpg-agent.nix index 0ef546d..f8da000 100644 --- a/modules/home/common/gpg-agent.nix +++ b/modules/home/common/gpg-agent.nix @@ -3,8 +3,8 @@ let inherit (config.swarselsystems) mainUser homeDir; in { - options.swarselsystems.modules.gpgagent = lib.mkEnableOption "gpg agent settings"; - config = lib.mkIf config.swarselsystems.modules.gpgagent { + options.swarselmodules.gpgagent = lib.mkEnableOption "gpg agent settings"; + config = lib.mkIf config.swarselmodules.gpgagent { services.gpg-agent = { enable = true; enableZshIntegration = true; diff --git a/modules/home/common/kanshi.nix b/modules/home/common/kanshi.nix index 352666d..026450e 100644 --- a/modules/home/common/kanshi.nix +++ b/modules/home/common/kanshi.nix @@ -1,7 +1,7 @@ { lib, config, ... }: { - options.swarselsystems.modules.kanshi = lib.mkEnableOption "kanshi settings"; - config = lib.mkIf config.swarselsystems.modules.kanshi { + options.swarselmodules.kanshi = lib.mkEnableOption "kanshi settings"; + config = lib.mkIf config.swarselmodules.kanshi { swarselsystems = { monitors = { homedesktop = { diff --git a/modules/home/common/kdeconnect.nix b/modules/home/common/kdeconnect.nix index b36122e..c51ca32 100644 --- a/modules/home/common/kdeconnect.nix +++ b/modules/home/common/kdeconnect.nix @@ -1,7 +1,7 @@ { lib, config, ... }: { - options.swarselsystems.modules.kdeconnect = lib.mkEnableOption "kdeconnect settings"; - config = lib.mkIf config.swarselsystems.modules.kdeconnect { + options.swarselmodules.kdeconnect = lib.mkEnableOption "kdeconnect settings"; + config = lib.mkIf config.swarselmodules.kdeconnect { services.kdeconnect = { enable = true; indicator = true; diff --git a/modules/home/common/kitty.nix b/modules/home/common/kitty.nix index a7774ec..2b57e93 100644 --- a/modules/home/common/kitty.nix +++ b/modules/home/common/kitty.nix @@ -1,7 +1,7 @@ { lib, config, ... }: { - options.swarselsystems.modules.kitty = lib.mkEnableOption "kitty settings"; - config = lib.mkIf config.swarselsystems.modules.kitty { + options.swarselmodules.kitty = lib.mkEnableOption "kitty settings"; + config = lib.mkIf config.swarselmodules.kitty { programs.kitty = { enable = true; keybindings = { }; diff --git a/modules/home/common/mail.nix b/modules/home/common/mail.nix index ad5d529..8d1750f 100644 --- a/modules/home/common/mail.nix +++ b/modules/home/common/mail.nix @@ -1,14 +1,14 @@ -{ lib, config, nixosConfig, ... }: +{ lib, config, nixosConfig ? config, ... }: let inherit (nixosConfig.repo.secrets.common.mail) address1 address2 address2-name address3 address3-name address4 address4-user address4-host; inherit (nixosConfig.repo.secrets.common) fullName; inherit (config.swarselsystems) xdgDir; in { - options.swarselsystems.modules.mail = lib.mkEnableOption "mail settings"; - config = lib.mkIf config.swarselsystems.modules.mail { + options.swarselmodules.mail = lib.mkEnableOption "mail settings"; + config = lib.mkIf config.swarselmodules.mail { - sops.secrets = lib.mkIf (!config.swarselsystems.isPublic) { + sops.secrets = lib.mkIf (!config.swarselsystems.isPublic && !config.swarselsystems.isNixos) { address1-token = { path = "${xdgDir}/secrets/address1-token"; }; address2-token = { path = "${xdgDir}/secrets/address2-token"; }; address3-token = { path = "${xdgDir}/secrets/address3-token"; }; @@ -42,7 +42,7 @@ in address = address1; userName = address1; realName = fullName; - passwordCommand = "cat ${config.sops.secrets.address1-token.path}"; + passwordCommand = "cat ${nixosConfig.sops.secrets.address1-token.path}"; gpg = { key = "0x76FD3810215AE097"; signByDefault = true; @@ -74,7 +74,7 @@ in address = address4; userName = address4-user; realName = fullName; - passwordCommand = "cat ${config.sops.secrets.address4-token.path}"; + passwordCommand = "cat ${nixosConfig.sops.secrets.address4-token.path}"; smtp = { host = address4-host; port = 587; @@ -97,7 +97,7 @@ in address = address2; userName = address2; realName = address2-name; - passwordCommand = "cat ${config.sops.secrets.address2-token.path}"; + passwordCommand = "cat ${nixosConfig.sops.secrets.address2-token.path}"; imap.host = "imap.gmail.com"; smtp.host = "smtp.gmail.com"; msmtp.enable = true; @@ -124,7 +124,7 @@ in address = address3; userName = address3; realName = address3-name; - passwordCommand = "cat ${config.sops.secrets.address3-token.path}"; + passwordCommand = "cat ${nixosConfig.sops.secrets.address3-token.path}"; imap.host = "imap.gmail.com"; smtp.host = "smtp.gmail.com"; msmtp.enable = true; diff --git a/modules/home/common/mako.nix b/modules/home/common/mako.nix index bbff8c3..45d7cfa 100644 --- a/modules/home/common/mako.nix +++ b/modules/home/common/mako.nix @@ -1,7 +1,7 @@ { lib, config, ... }: { - options.swarselsystems.modules.mako = lib.mkEnableOption "mako settings"; - config = lib.mkIf config.swarselsystems.modules.mako { + options.swarselmodules.mako = lib.mkEnableOption "mako settings"; + config = lib.mkIf config.swarselmodules.mako { services.mako = { enable = true; settings = { diff --git a/modules/home/common/nix-index.nix b/modules/home/common/nix-index.nix index b23b1c1..42aa8d1 100644 --- a/modules/home/common/nix-index.nix +++ b/modules/home/common/nix-index.nix @@ -1,7 +1,7 @@ { self, lib, config, pkgs, ... }: { - options.swarselsystems.modules.nix-index = lib.mkEnableOption "nix-index settings"; - config = lib.mkIf config.swarselsystems.modules.nix-index { + options.swarselmodules.nix-index = lib.mkEnableOption "nix-index settings"; + config = lib.mkIf config.swarselmodules.nix-index { programs.nix-index = let commandNotFound = pkgs.runCommandLocal "command-not-found.sh" { } '' diff --git a/modules/home/common/nixgl.nix b/modules/home/common/nixgl.nix index 4fac380..0ba9d1a 100644 --- a/modules/home/common/nixgl.nix +++ b/modules/home/common/nixgl.nix @@ -1,14 +1,14 @@ { lib, config, nixgl, ... }: { + options.swarselmodules.nixgl = lib.mkEnableOption "nixgl settings"; options.swarselsystems = { - modules.nixgl = lib.mkEnableOption "nixgl settings"; isSecondaryGpu = lib.mkEnableOption "device has a secondary GPU"; SecondaryGpuCard = lib.mkOption { type = lib.types.str; default = ""; }; }; - config = lib.mkIf config.swarselsystems.modules.nixgl { + config = lib.mkIf config.swarselmodules.nixgl { nixGL = lib.mkIf (!config.swarselsystems.isNixos) { inherit (nixgl) packages; defaultWrapper = lib.mkDefault "mesa"; diff --git a/modules/home/common/packages.nix b/modules/home/common/packages.nix index f01c6ee..c9c3ba1 100644 --- a/modules/home/common/packages.nix +++ b/modules/home/common/packages.nix @@ -1,8 +1,8 @@ { lib, config, pkgs, ... }: { - options.swarselsystems.modules.packages = lib.mkEnableOption "packages settings"; - config = lib.mkIf config.swarselsystems.modules.packages { + options.swarselmodules.packages = lib.mkEnableOption "packages settings"; + config = lib.mkIf config.swarselmodules.packages { home.packages = with pkgs; [ # audio stuff diff --git a/modules/home/common/password-store.nix b/modules/home/common/password-store.nix index a6f05b7..bd9f640 100644 --- a/modules/home/common/password-store.nix +++ b/modules/home/common/password-store.nix @@ -1,7 +1,7 @@ { lib, config, pkgs, ... }: { - options.swarselsystems.modules.passwordstore = lib.mkEnableOption "passwordstore settings"; - config = lib.mkIf config.swarselsystems.modules.passwordstore { + options.swarselmodules.passwordstore = lib.mkEnableOption "passwordstore settings"; + config = lib.mkIf config.swarselmodules.passwordstore { programs.password-store = { enable = true; settings = { diff --git a/modules/home/common/programs.nix b/modules/home/common/programs.nix index 27948d0..26f2619 100644 --- a/modules/home/common/programs.nix +++ b/modules/home/common/programs.nix @@ -1,7 +1,7 @@ { lib, config, pkgs, ... }: { - options.swarselsystems.modules.programs = lib.mkEnableOption "programs settings"; - config = lib.mkIf config.swarselsystems.modules.programs { + options.swarselmodules.programs = lib.mkEnableOption "programs settings"; + config = lib.mkIf config.swarselmodules.programs { programs = { bottom.enable = true; imv.enable = true; diff --git a/modules/home/common/settings.nix b/modules/home/common/settings.nix index 540837a..3a349f7 100644 --- a/modules/home/common/settings.nix +++ b/modules/home/common/settings.nix @@ -3,8 +3,8 @@ let inherit (config.swarselsystems) mainUser; in { - options.swarselsystems.modules.general = lib.mkEnableOption "general nix settings"; - config = lib.mkIf config.swarselsystems.modules.general { + options.swarselmodules.general = lib.mkEnableOption "general nix settings"; + config = lib.mkIf config.swarselmodules.general { nix = lib.mkIf (!config.swarselsystems.isNixos) { package = lib.mkForce pkgs.nixVersions.nix_2_28; extraOptions = '' diff --git a/modules/home/common/sharedoptions.nix b/modules/home/common/sharedoptions.nix new file mode 100644 index 0000000..8edb073 --- /dev/null +++ b/modules/home/common/sharedoptions.nix @@ -0,0 +1,12 @@ +{ lib, config, nixosConfig ? null, ... }: +let + # mirrorAttrs = lib.mapAttrs (_: v: lib.mkDefault v) nixosConfig.swarselsystems; + inherit (lib) mkDefault mapAttrs filterAttrs; + mkDefaultCommonAttrs = base: defaults: + lib.mapAttrs (_: v: lib.mkDefault v) + (lib.filterAttrs (k: _: base ? ${k}) defaults); +in +{ + # config.swarselsystems = mirrorAttrs; + config.swarselsystems = lib.mkIf (nixosConfig != null) (mkDefaultCommonAttrs config.swarselsystems nixosConfig.swarselsystems); +} diff --git a/modules/home/common/sops.nix b/modules/home/common/sops.nix index fd93900..9fbdafc 100644 --- a/modules/home/common/sops.nix +++ b/modules/home/common/sops.nix @@ -3,8 +3,8 @@ let inherit (config.swarselsystems) homeDir; in { - options.swarselsystems.modules.sops = lib.mkEnableOption "sops settings"; - config = lib.mkIf config.swarselsystems.modules.sops { + options.swarselmodules.sops = lib.mkEnableOption "sops settings"; + config = lib.mkIf config.swarselmodules.sops { sops = { age.sshKeyPaths = [ "${homeDir}/.ssh/sops" "${homeDir}/.ssh/ssh_host_ed25519_key" ]; defaultSopsFile = "${homeDir}/.dotfiles/secrets/general/secrets.yaml"; diff --git a/modules/home/common/ssh.nix b/modules/home/common/ssh.nix index dd7361a..052e9a1 100644 --- a/modules/home/common/ssh.nix +++ b/modules/home/common/ssh.nix @@ -1,7 +1,7 @@ { lib, config, ... }: { - options.swarselsystems.modules.ssh = lib.mkEnableOption "ssh settings"; - config = lib.mkIf config.swarselsystems.modules.ssh { + options.swarselmodules.ssh = lib.mkEnableOption "ssh settings"; + config = lib.mkIf config.swarselmodules.ssh { programs.ssh = { enable = true; forwardAgent = true; diff --git a/modules/home/common/starship.nix b/modules/home/common/starship.nix index bee6aeb..ba0e897 100644 --- a/modules/home/common/starship.nix +++ b/modules/home/common/starship.nix @@ -1,7 +1,7 @@ { lib, config, ... }: { - options.swarselsystems.modules.starship = lib.mkEnableOption "starship settings"; - config = lib.mkIf config.swarselsystems.modules.starship { + options.swarselmodules.starship = lib.mkEnableOption "starship settings"; + config = lib.mkIf config.swarselmodules.starship { programs.starship = { enable = true; enableZshIntegration = true; diff --git a/modules/home/common/stylix.nix b/modules/home/common/stylix.nix index eecdb83..763c4d2 100644 --- a/modules/home/common/stylix.nix +++ b/modules/home/common/stylix.nix @@ -1,12 +1,12 @@ -{ lib, config, ... }: +{ lib, config, vars, ... }: { - options.swarselsystems.modules.stylix = lib.mkEnableOption "stylix settings"; - config = lib.mkIf config.swarselsystems.modules.stylix { + options.swarselmodules.stylix = lib.mkEnableOption "stylix settings"; + config = lib.mkIf config.swarselmodules.stylix { stylix = lib.mkIf (!config.swarselsystems.isNixos) (lib.recursiveUpdate { image = config.swarselsystems.wallpaper; - targets = config.swarselsystems.stylixHomeTargets; + targets = vars.stylixHomeTargets; } - config.swarselsystems.stylix); + vars.stylix); }; } diff --git a/modules/home/common/sway.nix b/modules/home/common/sway.nix index 4e19ab2..bb429dc 100644 --- a/modules/home/common/sway.nix +++ b/modules/home/common/sway.nix @@ -6,8 +6,8 @@ let }; in { + options.swarselmodules.sway = lib.mkEnableOption "sway settings"; options.swarselsystems = { - modules.sway = lib.mkEnableOption "sway settings"; inputs = lib.mkOption { type = lib.types.attrsOf (lib.types.attrsOf lib.types.str); default = { }; @@ -72,7 +72,7 @@ in internal = true; }; }; - config = lib.mkIf config.swarselsystems.modules.sway { + config = lib.mkIf config.swarselmodules.sway { swarselsystems = { touchpad = lib.mkIf config.swarselsystems.isLaptop { "type:touchpad" = { @@ -117,8 +117,6 @@ in "${modifier}+Space" = "exec fuzzel"; "${modifier}+Shift+Space" = "floating toggle"; "${modifier}+e" = "exec emacsclient -nquc -a emacs -e \"(dashboard-open)\""; - "${modifier}+Shift+m" = "exec emacsclient -nquc -a emacs -e \"(mu4e)\""; - "${modifier}+Shift+c" = "exec emacsclient -nquc -a emacs -e \"(swarsel/open-calendar)\""; "${modifier}+m" = "exec swaymsg workspace back_and_forth"; "${modifier}+a" = "exec swarselcheck -s"; "${modifier}+x" = "exec swarselcheck -k"; @@ -127,7 +125,10 @@ in "${modifier}+Shift+t" = "exec opacitytoggle"; "${modifier}+Shift+F12" = "move scratchpad"; "${modifier}+F12" = "scratchpad show"; - "${modifier}+c" = "exec qalculate-gtk"; + "${modifier}+Shift+c" = "exec qalculate-gtk"; + "${modifier}+c" = "emacsclient -e '(prot-window-popup-org-capture)'"; + "${modifier}+Shift+m" = "emacsclient -e '(prot-window-popup-mu4e)'"; + "${modifier}+Shift+a" = "emacsclient -e '(prot-window-popup-swarsel/open-calendar)'"; "${modifier}+p" = "exec pass-fuzzel"; "${modifier}+o" = "exec pass-fuzzel --otp"; "${modifier}+Shift+p" = "exec pass-fuzzel --type"; @@ -260,6 +261,7 @@ in { title = "^Add$"; } { title = "^Picture-in-Picture$"; } { title = "Syncthing Tray"; } + { title = "Emacs Popup Frame"; } { title = "^spotifytui$"; } { title = "^kittyterm$"; } { app_id = "vesktop"; } diff --git a/modules/home/common/swayosd.nix b/modules/home/common/swayosd.nix index e422fc2..706aa25 100644 --- a/modules/home/common/swayosd.nix +++ b/modules/home/common/swayosd.nix @@ -1,7 +1,7 @@ { lib, pkgs, config, ... }: { - options.swarselsystems.modules.swayosd = lib.mkEnableOption "swayosd settings"; - config = lib.mkIf config.swarselsystems.modules.swayosd { + options.swarselmodules.swayosd = lib.mkEnableOption "swayosd settings"; + config = lib.mkIf config.swarselmodules.swayosd { services.swayosd = { enable = true; package = pkgs.dev.swayosd; diff --git a/modules/home/common/symlink.nix b/modules/home/common/symlink.nix index a0f1e89..8caca6e 100644 --- a/modules/home/common/symlink.nix +++ b/modules/home/common/symlink.nix @@ -1,7 +1,7 @@ { self, lib, config, ... }: { - options.swarselsystems.modules.symlink = lib.mkEnableOption "symlink settings"; - config = lib.mkIf config.swarselsystems.modules.symlink { + options.swarselmodules.symlink = lib.mkEnableOption "symlink settings"; + config = lib.mkIf config.swarselmodules.symlink { home.file = { "init.el" = lib.mkDefault { source = self + /files/emacs/init.el; diff --git a/modules/home/common/tmux.nix b/modules/home/common/tmux.nix index f5daa4d..f642c6b 100644 --- a/modules/home/common/tmux.nix +++ b/modules/home/common/tmux.nix @@ -13,8 +13,8 @@ let }; in { - options.swarselsystems.modules.tmux = lib.mkEnableOption "tmux settings"; - config = lib.mkIf config.swarselsystems.modules.tmux { + options.swarselmodules.tmux = lib.mkEnableOption "tmux settings"; + config = lib.mkIf config.swarselmodules.tmux { home.packages = with pkgs; [ lsof sesh diff --git a/modules/home/common/waybar.nix b/modules/home/common/waybar.nix index 238af30..27fd79a 100644 --- a/modules/home/common/waybar.nix +++ b/modules/home/common/waybar.nix @@ -22,8 +22,8 @@ let ]; in { + options.swarselmodules.waybar = lib.mkEnableOption "waybar settings"; options.swarselsystems = { - modules.waybar = lib.mkEnableOption "waybar settings"; cpuCount = lib.mkOption { type = lib.types.int; default = 8; @@ -52,7 +52,7 @@ in internal = true; }; }; - config = lib.mkIf config.swarselsystems.modules.waybar { + config = lib.mkIf config.swarselmodules.waybar { swarselsystems = { waybarModules = lib.mkIf config.swarselsystems.isLaptop (modulesLeft ++ [ @@ -60,7 +60,7 @@ in ] ++ modulesRight); }; - sops.secrets = lib.mkIf (!config.swarselsystems.isPublic) { + sops.secrets = lib.mkIf (!config.swarselsystems.isPublic && !config.swarselsystems.isNixos) { github-notifications-token = { path = "${xdgDir}/secrets/github-notifications-token"; }; }; diff --git a/modules/home/common/yubikey-touch-detector.nix b/modules/home/common/yubikey-touch-detector.nix index 53e5721..fc28488 100644 --- a/modules/home/common/yubikey-touch-detector.nix +++ b/modules/home/common/yubikey-touch-detector.nix @@ -1,7 +1,7 @@ { lib, config, pkgs, ... }: { - options.swarselsystems.modules.yubikeytouch = lib.mkEnableOption "yubikey touch detector service settings"; - config = lib.mkIf config.swarselsystems.modules.yubikeytouch { + options.swarselmodules.yubikeytouch = lib.mkEnableOption "yubikey touch detector service settings"; + config = lib.mkIf config.swarselmodules.yubikeytouch { systemd.user.services.yubikey-touch-detector = { Unit = { Description = "Detects when your YubiKey is waiting for a touch"; diff --git a/modules/home/common/yubikey.nix b/modules/home/common/yubikey.nix index 04e21f0..40c52cd 100644 --- a/modules/home/common/yubikey.nix +++ b/modules/home/common/yubikey.nix @@ -1,11 +1,11 @@ -{ lib, config, nixosConfig, ... }: +{ lib, config, nixosConfig ? config, ... }: let inherit (config.swarselsystems) homeDir; in { - options.swarselsystems.modules.yubikey = lib.mkEnableOption "yubikey settings"; + options.swarselmodules.yubikey = lib.mkEnableOption "yubikey settings"; - config = lib.mkIf config.swarselsystems.modules.yubikey { + config = lib.mkIf config.swarselmodules.yubikey { sops.secrets = lib.mkIf (!config.swarselsystems.isPublic) { u2f-keys = { path = "${homeDir}/.config/Yubico/u2f_keys"; }; diff --git a/modules/home/common/zellij.nix b/modules/home/common/zellij.nix index e2b80c0..92d4507 100644 --- a/modules/home/common/zellij.nix +++ b/modules/home/common/zellij.nix @@ -1,7 +1,7 @@ { self, lib, config, pkgs, ... }: { - options.swarselsystems.modules.zellij = lib.mkEnableOption "zellij settings"; - config = lib.mkIf config.swarselsystems.modules.zellij { + options.swarselmodules.zellij = lib.mkEnableOption "zellij settings"; + config = lib.mkIf config.swarselmodules.zellij { programs.zellij = { enable = true; enableZshIntegration = true; diff --git a/modules/home/common/zsh.nix b/modules/home/common/zsh.nix index f0d18b9..cb45839 100644 --- a/modules/home/common/zsh.nix +++ b/modules/home/common/zsh.nix @@ -1,19 +1,19 @@ -{ config, lib, minimal, ... }: +{ config, lib, minimal, nixosConfig ? config, ... }: let inherit (config.swarselsystems) flakePath; in { + options.swarselmodules.zsh = lib.mkEnableOption "zsh settings"; options.swarselsystems = { - modules.zsh = lib.mkEnableOption "zsh settings"; shellAliases = lib.mkOption { type = lib.types.attrsOf lib.types.str; default = { }; }; }; - config = lib.mkIf config.swarselsystems.modules.zsh + config = lib.mkIf config.swarselmodules.zsh { - sops.secrets = { + sops.secrets = lib.mkIf (!config.swarselsystems.isPublic && !config.swarselsystems.isNixos) { croc-password = { }; }; @@ -26,9 +26,10 @@ in hg = "history | grep"; hmswitch = "home-manager --flake ${flakePath}#$(whoami)@$(hostname) switch |& nom"; # nswitch = "sudo nixos-rebuild --flake ${flakePath}#$(hostname) --show-trace --log-format internal-json -v switch |& nom --json"; - nswitch = "swarsel-deploy $(hostname) switch"; + nswitch = "cd ${flakePath}; swarsel-deploy $(hostname) switch; cd -;"; + nboot = "cd ${flakePath}; swarsel-deploy $(hostname) boot; cd -;"; + ndry = "cd ${flakePath}; swarsel-deploy $(hostname) dry-activate; cd -;"; # nboot = "sudo nixos-rebuild --flake ${flakePath}#$(hostname) --show-trace --log-format internal-json -v boot |& nom --json"; - nboot = "swarsel-deploy $(hostname) boot"; magit = "emacsclient -nc -e \"(magit-status)\""; config = "git --git-dir=$HOME/.cfg/ --work-tree=$HOME"; g = "git"; @@ -120,7 +121,7 @@ in # ctrl + del bindkey '^H' my-backward-delete-word - export CROC_PASS="$(cat ${config.sops.secrets.croc-password.path})" + export CROC_PASS="$(cat ${nixosConfig.sops.secrets.croc-password.path})" ''; }; }; diff --git a/modules/home/darwin/default.nix b/modules/home/darwin/default.nix index e90171c..9ff48b2 100644 --- a/modules/home/darwin/default.nix +++ b/modules/home/darwin/default.nix @@ -1,7 +1,9 @@ { self, ... }: { + home.stateVersion = "23.05"; imports = [ "${self}/modules/home/common/settings.nix" - "${self}/modules/home/common/sharedsetup.nix" + "${self}/modules/shared/options.nix" + "${self}/modules/shared/vars.nix" ]; } diff --git a/modules/home/optional/framework.nix b/modules/home/optional/framework.nix index 46fe225..9e8a9d8 100644 --- a/modules/home/optional/framework.nix +++ b/modules/home/optional/framework.nix @@ -1,7 +1,7 @@ { lib, config, ... }: { - options.swarselsystems.modules.optional.framework = lib.mkEnableOption "optional framework machine settings"; - config = lib.mkIf config.swarselsystems.modules.optional.framework { + options.swarselmodules.optional.framework = lib.mkEnableOption "optional framework machine settings"; + config = lib.mkIf config.swarselmodules.optional.framework { swarselsystems = { inputs = { "12972:18:Framework_Laptop_16_Keyboard_Module_-_ANSI_Keyboard" = { diff --git a/modules/home/optional/gaming.nix b/modules/home/optional/gaming.nix index e55718c..e523332 100644 --- a/modules/home/optional/gaming.nix +++ b/modules/home/optional/gaming.nix @@ -1,7 +1,7 @@ { lib, config, pkgs, ... }: { - options.swarselsystems.modules.optional.gaming = lib.mkEnableOption "optional gaming settings"; - config = lib.mkIf config.swarselsystems.modules.optional.gaming { + options.swarselmodules.optional.gaming = lib.mkEnableOption "optional gaming settings"; + config = lib.mkIf config.swarselmodules.optional.gaming { # specialisation = { # gaming.configuration = { home.packages = with pkgs; [ diff --git a/modules/home/optional/work.nix b/modules/home/optional/work.nix index bbd5201..cd91509 100644 --- a/modules/home/optional/work.nix +++ b/modules/home/optional/work.nix @@ -1,10 +1,10 @@ -{ self, config, pkgs, lib, nixosConfig, ... }: +{ self, config, pkgs, lib, vars, nixosConfig ? config, ... }: let inherit (config.swarselsystems) homeDir; in { - options.swarselsystems.modules.optional.work = lib.mkEnableOption "optional work settings"; - config = lib.mkIf config.swarselsystems.modules.optional.work { + options.swarselmodules.optional.work = lib.mkEnableOption "optional work settings"; + config = lib.mkIf config.swarselmodules.optional.work { home.packages = with pkgs; [ stable.teams-for-linux shellcheck @@ -126,7 +126,7 @@ in "browser.startup.homepage" = "${site1}|${site2}"; }; } - config.swarselsystems.firefox; + vars.firefox; "${user2}" = lib.recursiveUpdate { inherit isDefault; @@ -135,13 +135,13 @@ in "browser.startup.homepage" = "${site3}"; }; } - config.swarselsystems.firefox; + vars.firefox; "${user3}" = lib.recursiveUpdate { inherit isDefault; id = 3; } - config.swarselsystems.firefox; + vars.firefox; work = lib.recursiveUpdate { inherit isDefault; @@ -150,7 +150,7 @@ in "browser.startup.homepage" = "${site4}|${site5}|${site6}|${site7}"; }; } - config.swarselsystems.firefox; + vars.firefox; }; }; diff --git a/modules/home/server/default.nix b/modules/home/server/default.nix index 0d107f1..f70c4b3 100644 --- a/modules/home/server/default.nix +++ b/modules/home/server/default.nix @@ -6,6 +6,5 @@ in { imports = lib.swarselsystems.mkImports importNames "modules/home/server" ++ [ "${modulesPath}/home/common/settings.nix" - "${modulesPath}/home/common/sharedsetup.nix" ]; } diff --git a/modules/home/server/symlink.nix b/modules/home/server/symlink.nix index 27c3bf6..76ddb32 100644 --- a/modules/home/server/symlink.nix +++ b/modules/home/server/symlink.nix @@ -1,7 +1,7 @@ { self, lib, config, ... }: { - options.swarselsystems.modules.server.dotfiles = lib.mkEnableOption "server dotfiles settings"; - config = lib.mkIf config.swarselsystems.modules.server.dotfiles { + options.swarselmodules.server.dotfiles = lib.mkEnableOption "server dotfiles settings"; + config = lib.mkIf config.swarselmodules.server.dotfiles { home.file = { "init.el" = lib.mkForce { source = self + /files/emacs/server.el; diff --git a/modules/nixos/client/appimage.nix b/modules/nixos/client/appimage.nix index 209fda0..b32e107 100644 --- a/modules/nixos/client/appimage.nix +++ b/modules/nixos/client/appimage.nix @@ -1,7 +1,7 @@ { lib, config, ... }: { - options.swarselsystems.modules.appimage = lib.mkEnableOption "appimage config"; - config = lib.mkIf config.swarselsystems.modules.appimage { + options.swarselmodules.appimage = lib.mkEnableOption "appimage config"; + config = lib.mkIf config.swarselmodules.appimage { programs.appimage = { enable = true; binfmt = true; diff --git a/modules/nixos/client/autologin.nix b/modules/nixos/client/autologin.nix index 4343a56..0d27f6d 100644 --- a/modules/nixos/client/autologin.nix +++ b/modules/nixos/client/autologin.nix @@ -3,8 +3,8 @@ let inherit (config.swarselsystems) mainUser; in { - options.swarselsystems.modules.autologin = lib.mkEnableOption "optional autologin settings"; - config = lib.mkIf config.swarselsystems.modules.autologin { + options.swarselmodules.autologin = lib.mkEnableOption "optional autologin settings"; + config = lib.mkIf config.swarselmodules.autologin { services = { getty.autologinUser = mainUser; greetd.settings.initial_session.user = mainUser; diff --git a/modules/nixos/client/blueman.nix b/modules/nixos/client/blueman.nix index ad4513c..cadc5e6 100644 --- a/modules/nixos/client/blueman.nix +++ b/modules/nixos/client/blueman.nix @@ -1,7 +1,7 @@ { lib, config, ... }: { - options.swarselsystems.modules.blueman = lib.mkEnableOption "blueman config"; - config = lib.mkIf config.swarselsystems.modules.blueman { + options.swarselmodules.blueman = lib.mkEnableOption "blueman config"; + config = lib.mkIf config.swarselmodules.blueman { services.blueman.enable = true; services.hardware.bolt.enable = true; }; diff --git a/modules/nixos/client/distrobox.nix b/modules/nixos/client/distrobox.nix index cfe367b..d44fc7c 100644 --- a/modules/nixos/client/distrobox.nix +++ b/modules/nixos/client/distrobox.nix @@ -1,7 +1,7 @@ { lib, config, pkgs, ... }: { - options.swarselsystems.modules.distrobox = lib.mkEnableOption "distrobox config"; - config = lib.mkIf config.swarselsystems.modules.distrobox { + options.swarselmodules.distrobox = lib.mkEnableOption "distrobox config"; + config = lib.mkIf config.swarselmodules.distrobox { environment.systemPackages = with pkgs; [ distrobox boxbuddy diff --git a/modules/nixos/client/env.nix b/modules/nixos/client/env.nix index 110efe1..ad9fad9 100644 --- a/modules/nixos/client/env.nix +++ b/modules/nixos/client/env.nix @@ -1,7 +1,7 @@ { lib, config, pkgs, ... }: { - options.swarselsystems.modules.env = lib.mkEnableOption "environment config"; - config = lib.mkIf config.swarselsystems.modules.env { + options.swarselmodules.env = lib.mkEnableOption "environment config"; + config = lib.mkIf config.swarselmodules.env { environment = { wordlist.enable = true; diff --git a/modules/nixos/client/gnome-keyring.nix b/modules/nixos/client/gnome-keyring.nix index 07131eb..403bdfb 100644 --- a/modules/nixos/client/gnome-keyring.nix +++ b/modules/nixos/client/gnome-keyring.nix @@ -1,7 +1,7 @@ { lib, config, ... }: { - options.swarselsystems.modules.gnome-keyring = lib.mkEnableOption "gnome-keyring config"; - config = lib.mkIf config.swarselsystems.modules.gnome-keyring { + options.swarselmodules.gnome-keyring = lib.mkEnableOption "gnome-keyring config"; + config = lib.mkIf config.swarselmodules.gnome-keyring { services.gnome.gnome-keyring = { enable = true; }; diff --git a/modules/nixos/client/gvfs.nix b/modules/nixos/client/gvfs.nix index 1f6bbd0..059723b 100644 --- a/modules/nixos/client/gvfs.nix +++ b/modules/nixos/client/gvfs.nix @@ -1,7 +1,7 @@ { lib, config, ... }: { - options.swarselsystems.modules.gvfs = lib.mkEnableOption "gvfs config for nautilus"; - config = lib.mkIf config.swarselsystems.modules.gvfs { + options.swarselmodules.gvfs = lib.mkEnableOption "gvfs config for nautilus"; + config = lib.mkIf config.swarselmodules.gvfs { services.gvfs.enable = true; }; } diff --git a/modules/nixos/client/hardware.nix b/modules/nixos/client/hardware.nix index 13ca819..fd69f7c 100644 --- a/modules/nixos/client/hardware.nix +++ b/modules/nixos/client/hardware.nix @@ -1,8 +1,8 @@ { pkgs, config, lib, ... }: { + options.swarselmodules.hardware = lib.mkEnableOption "hardware config"; options.swarselsystems = { - modules.hardware = lib.mkEnableOption "hardware config"; hasBluetooth = lib.mkEnableOption "bluetooth availability"; hasFingerprint = lib.mkEnableOption "fingerprint sensor availability"; trackpoint = { @@ -13,7 +13,7 @@ }; }; }; - config = lib.mkIf config.swarselsystems.modules.hardware { + config = lib.mkIf config.swarselmodules.hardware { hardware = { # opengl.driSupport32Bit = true is replaced with graphics.enable32Bit and hence redundant graphics = { diff --git a/modules/nixos/client/hardwarecompatibility-keyboards.nix b/modules/nixos/client/hardwarecompatibility-keyboards.nix index 8a17a5f..346c0c2 100644 --- a/modules/nixos/client/hardwarecompatibility-keyboards.nix +++ b/modules/nixos/client/hardwarecompatibility-keyboards.nix @@ -1,7 +1,7 @@ { lib, config, pkgs, ... }: { - options.swarselsystems.modules.keyboards = lib.mkEnableOption "keyboards config"; - config = lib.mkIf config.swarselsystems.modules.keyboards { + options.swarselmodules.keyboards = lib.mkEnableOption "keyboards config"; + config = lib.mkIf config.swarselmodules.keyboards { services.udev.packages = with pkgs; [ qmk-udev-rules vial diff --git a/modules/nixos/client/hardwarecompatibility-ledger.nix b/modules/nixos/client/hardwarecompatibility-ledger.nix index 85e87a1..b919e7a 100644 --- a/modules/nixos/client/hardwarecompatibility-ledger.nix +++ b/modules/nixos/client/hardwarecompatibility-ledger.nix @@ -1,7 +1,7 @@ { lib, config, pkgs, ... }: { - options.swarselsystems.modules.ledger = lib.mkEnableOption "ledger config"; - config = lib.mkIf config.swarselsystems.modules.ledger { + options.swarselmodules.ledger = lib.mkEnableOption "ledger config"; + config = lib.mkIf config.swarselmodules.ledger { hardware.ledger.enable = true; services.udev.packages = with pkgs; [ diff --git a/modules/nixos/client/hardwarecompatibility-yubikey.nix b/modules/nixos/client/hardwarecompatibility-yubikey.nix index 1974260..75f55bc 100644 --- a/modules/nixos/client/hardwarecompatibility-yubikey.nix +++ b/modules/nixos/client/hardwarecompatibility-yubikey.nix @@ -4,8 +4,8 @@ let inherit (config.repo.secrets.common.yubikeys) cfg1 cfg2; in { - options.swarselsystems.modules.yubikey = lib.mkEnableOption "yubikey config"; - config = lib.mkIf config.swarselsystems.modules.yubikey { + options.swarselmodules.yubikey = lib.mkEnableOption "yubikey config"; + config = lib.mkIf config.swarselmodules.yubikey { programs.ssh.startAgent = false; services.pcscd.enable = false; diff --git a/modules/nixos/client/interceptiontools.nix b/modules/nixos/client/interceptiontools.nix index 5be8b9a..935829f 100644 --- a/modules/nixos/client/interceptiontools.nix +++ b/modules/nixos/client/interceptiontools.nix @@ -1,7 +1,7 @@ { lib, config, pkgs, ... }: { - options.swarselsystems.modules.interceptionTools = lib.mkEnableOption "interception tools config"; - config = lib.mkIf config.swarselsystems.modules.interceptionTools { + options.swarselmodules.interceptionTools = lib.mkEnableOption "interception tools config"; + config = lib.mkIf config.swarselmodules.interceptionTools { # Make CAPS work as a dual function ESC/CTRL key services.interception-tools = { enable = true; diff --git a/modules/nixos/client/lid.nix b/modules/nixos/client/lid.nix index b2d579d..faf1a84 100644 --- a/modules/nixos/client/lid.nix +++ b/modules/nixos/client/lid.nix @@ -1,7 +1,7 @@ { lib, config, ... }: { - options.swarselsystems.modules.lid = lib.mkEnableOption "lid config"; - config = lib.mkIf config.swarselsystems.modules.lid { + options.swarselmodules.lid = lib.mkEnableOption "lid config"; + config = lib.mkIf config.swarselmodules.lid { services.logind = { lidSwitch = "suspend"; lidSwitchDocked = "ignore"; diff --git a/modules/nixos/client/login.nix b/modules/nixos/client/login.nix index 5b1748f..11f0c37 100644 --- a/modules/nixos/client/login.nix +++ b/modules/nixos/client/login.nix @@ -1,7 +1,7 @@ { lib, config, pkgs, ... }: { - options.swarselsystems.modules.login = lib.mkEnableOption "login config"; - config = lib.mkIf config.swarselsystems.modules.login { + options.swarselmodules.login = lib.mkEnableOption "login config"; + config = lib.mkIf config.swarselmodules.login { services.greetd = { enable = true; settings = { diff --git a/modules/nixos/client/lowbattery.nix b/modules/nixos/client/lowbattery.nix index 12bad22..9dece08 100644 --- a/modules/nixos/client/lowbattery.nix +++ b/modules/nixos/client/lowbattery.nix @@ -1,7 +1,7 @@ { pkgs, lib, config, ... }: { - options.swarselsystems.modules.lowBattery = lib.mkEnableOption "low battery notification config"; - config = lib.mkIf config.swarselsystems.modules.lowBattery { + options.swarselmodules.lowBattery = lib.mkEnableOption "low battery notification config"; + config = lib.mkIf config.swarselmodules.lowBattery { systemd.user.services."battery-low" = { enable = true; description = "Timer for battery check that alerts at 10% or less"; diff --git a/modules/nixos/client/network.nix b/modules/nixos/client/network.nix index 40ebbd0..8f7ffc3 100644 --- a/modules/nixos/client/network.nix +++ b/modules/nixos/client/network.nix @@ -10,10 +10,10 @@ let in { options.swarselsystems = { - modules.network = lib.mkEnableOption "network config"; firewall = lib.swarselsystems.mkTrueOption; }; - config = lib.mkIf config.swarselsystems.modules.network { + options.swarselmodules.network = lib.mkEnableOption "network config"; + config = lib.mkIf config.swarselmodules.network { sops = { secrets = lib.mkIf (!config.swarselsystems.isPublic) { @@ -118,7 +118,7 @@ in wifi-security = { auth-alg = "open"; key-mgmt = "wpa-psk"; - psk = "WLAN1_PW"; + psk = "$WLAN1_PW"; }; }; diff --git a/modules/nixos/client/networkdevices.nix b/modules/nixos/client/networkdevices.nix index 07b2b9c..71b5f1d 100644 --- a/modules/nixos/client/networkdevices.nix +++ b/modules/nixos/client/networkdevices.nix @@ -1,7 +1,7 @@ { lib, config, pkgs, ... }: { - options.swarselsystems.modules.networkDevices = lib.mkEnableOption "network device config"; - config = lib.mkIf config.swarselsystems.modules.networkDevices { + options.swarselmodules.networkDevices = lib.mkEnableOption "network device config"; + config = lib.mkIf config.swarselmodules.networkDevices { # enable scanners over network hardware.sane = { enable = true; diff --git a/modules/nixos/client/nix-ld.nix b/modules/nixos/client/nix-ld.nix index 5b38b9d..48895bf 100644 --- a/modules/nixos/client/nix-ld.nix +++ b/modules/nixos/client/nix-ld.nix @@ -1,7 +1,7 @@ { lib, config, pkgs, ... }: { - options.swarselsystems.modules.nix-ld = lib.mkEnableOption "nix-ld config"; - config = lib.mkIf config.swarselsystems.modules.nix-ld { + options.swarselmodules.nix-ld = lib.mkEnableOption "nix-ld config"; + config = lib.mkIf config.swarselmodules.nix-ld { programs.nix-ld = { enable = true; libraries = with pkgs; [ diff --git a/modules/nixos/client/nvd-rebuild.nix b/modules/nixos/client/nvd-rebuild.nix index 36f6188..731ca3a 100644 --- a/modules/nixos/client/nvd-rebuild.nix +++ b/modules/nixos/client/nvd-rebuild.nix @@ -1,7 +1,7 @@ { lib, config, pkgs, ... }: { - options.swarselsystems.modules.nvd = lib.mkEnableOption "nvd config"; - config = lib.mkIf config.swarselsystems.modules.nvd { + options.swarselmodules.nvd = lib.mkEnableOption "nvd config"; + config = lib.mkIf config.swarselmodules.nvd { environment.systemPackages = [ pkgs.nvd diff --git a/modules/nixos/client/packages.nix b/modules/nixos/client/packages.nix index d613402..d44c15c 100644 --- a/modules/nixos/client/packages.nix +++ b/modules/nixos/client/packages.nix @@ -1,7 +1,7 @@ { lib, config, pkgs, minimal, ... }: { - options.swarselsystems.modules.packages = lib.mkEnableOption "install packages"; - config = lib.mkIf config.swarselsystems.modules.packages { + options.swarselmodules.packages = lib.mkEnableOption "install packages"; + config = lib.mkIf config.swarselmodules.packages { environment.systemPackages = with pkgs; lib.optionals (!minimal) [ # yubikey packages diff --git a/modules/nixos/client/pipewire.nix b/modules/nixos/client/pipewire.nix index db35a93..1f8ea4d 100644 --- a/modules/nixos/client/pipewire.nix +++ b/modules/nixos/client/pipewire.nix @@ -1,7 +1,7 @@ { lib, config, pkgs, ... }: { - options.swarselsystems.modules.pipewire = lib.mkEnableOption "pipewire config"; - config = lib.mkIf config.swarselsystems.modules.pipewire { + options.swarselmodules.pipewire = lib.mkEnableOption "pipewire config"; + config = lib.mkIf config.swarselmodules.pipewire { security.rtkit.enable = true; # this is required for pipewire real-time access services.pipewire = { diff --git a/modules/nixos/client/polkit.nix b/modules/nixos/client/polkit.nix index 8caf8e1..6d1129f 100644 --- a/modules/nixos/client/polkit.nix +++ b/modules/nixos/client/polkit.nix @@ -1,7 +1,7 @@ { lib, config, minimal, ... }: { - options.swarselsystems.modules.security = lib.mkEnableOption "security config"; - config = lib.mkIf config.swarselsystems.modules.security { + options.swarselmodules.security = lib.mkEnableOption "security config"; + config = lib.mkIf config.swarselmodules.security { security = { pam.services = lib.mkIf (!minimal) { diff --git a/modules/nixos/client/power-profiles-daemon.nix b/modules/nixos/client/power-profiles-daemon.nix index 86b0676..a3d8ac3 100644 --- a/modules/nixos/client/power-profiles-daemon.nix +++ b/modules/nixos/client/power-profiles-daemon.nix @@ -1,7 +1,7 @@ { lib, config, ... }: { - options.swarselsystems.modules.ppd = lib.mkEnableOption "power profiles daemon config"; - config = lib.mkIf config.swarselsystems.modules.ppd { + options.swarselmodules.ppd = lib.mkEnableOption "power profiles daemon config"; + config = lib.mkIf config.swarselmodules.ppd { services.power-profiles-daemon.enable = true; }; } diff --git a/modules/nixos/client/programs.nix b/modules/nixos/client/programs.nix index fb0b82d..893a11a 100644 --- a/modules/nixos/client/programs.nix +++ b/modules/nixos/client/programs.nix @@ -1,7 +1,7 @@ { lib, config, ... }: { - options.swarselsystems.modules.programs = lib.mkEnableOption "small program modules config"; - config = lib.mkIf config.swarselsystems.modules.programs { + options.swarselmodules.programs = lib.mkEnableOption "small program modules config"; + config = lib.mkIf config.swarselmodules.programs { programs = { dconf.enable = true; evince.enable = true; diff --git a/modules/nixos/client/pulseaudio.nix b/modules/nixos/client/pulseaudio.nix index 7e26a1c..84f4dea 100644 --- a/modules/nixos/client/pulseaudio.nix +++ b/modules/nixos/client/pulseaudio.nix @@ -1,7 +1,7 @@ { config, pkgs, lib, ... }: { - options.swarselsystems.modules.pulseaudio = lib.mkEnableOption "pulseaudio config"; - config = lib.mkIf config.swarselsystems.modules.pulseaudio { + options.swarselmodules.pulseaudio = lib.mkEnableOption "pulseaudio config"; + config = lib.mkIf config.swarselmodules.pulseaudio { services.pulseaudio = { enable = lib.mkIf (!config.services.pipewire.enable) true; package = pkgs.pulseaudioFull; diff --git a/modules/nixos/client/sops.nix b/modules/nixos/client/sops.nix index 2d4b0ce..2fa10eb 100644 --- a/modules/nixos/client/sops.nix +++ b/modules/nixos/client/sops.nix @@ -1,7 +1,7 @@ { config, lib, ... }: { - options.swarselsystems.modules.sops = lib.mkEnableOption "sops config"; - config = lib.mkIf config.swarselsystems.modules.sops { + options.swarselmodules.sops = lib.mkEnableOption "sops config"; + config = lib.mkIf config.swarselmodules.sops { sops = { # age.sshKeyPaths = lib.swarselsystems.mkIfElseList config.swarselsystems.isBtrfs [ "/persist/.ssh/sops" "/persist/.ssh/ssh_host_ed25519_key" ] [ "${config.swarselsystems.homeDir}/.ssh/sops" "/etc/ssh/sops" "/etc/ssh/ssh_host_ed25519_key" ]; diff --git a/modules/nixos/client/stylix.nix b/modules/nixos/client/stylix.nix index 8caa08d..4c45cbe 100644 --- a/modules/nixos/client/stylix.nix +++ b/modules/nixos/client/stylix.nix @@ -1,20 +1,20 @@ -{ self, lib, config, ... }: +{ self, lib, config, vars, ... }: { - options.swarselsystems.modules.stylix = lib.mkEnableOption "stylix config"; + options.swarselmodules.stylix = lib.mkEnableOption "stylix config"; config = { stylix = { enable = true; base16Scheme = "${self}/files/stylix/swarsel.yaml"; - } // lib.optionalAttrs config.swarselsystems.modules.stylix + } // lib.optionalAttrs config.swarselmodules.stylix (lib.recursiveUpdate { targets.grub.enable = false; # the styling makes grub more ugly image = config.swarselsystems.wallpaper; } - config.swarselsystems.stylix); + vars.stylix); home-manager.users."${config.swarselsystems.mainUser}" = { stylix = { - targets = config.swarselsystems.stylixHomeTargets; + targets = vars.stylixHomeTargets; }; }; }; diff --git a/modules/nixos/client/sway.nix b/modules/nixos/client/sway.nix index afd8157..8643b09 100644 --- a/modules/nixos/client/sway.nix +++ b/modules/nixos/client/sway.nix @@ -1,7 +1,7 @@ { lib, config, pkgs, ... }: { - options.swarselsystems.modules.sway = lib.mkEnableOption "sway config"; - config = lib.mkIf config.swarselsystems.modules.sway { + options.swarselmodules.sway = lib.mkEnableOption "sway config"; + config = lib.mkIf config.swarselmodules.sway { programs.sway = { enable = true; package = pkgs.dev.swayfx; diff --git a/modules/nixos/client/swayosd.nix b/modules/nixos/client/swayosd.nix index e0dcaeb..c8d1caf 100644 --- a/modules/nixos/client/swayosd.nix +++ b/modules/nixos/client/swayosd.nix @@ -1,7 +1,7 @@ { lib, pkgs, config, ... }: { - options.swarselsystems.modules.swayosd = lib.mkEnableOption "swayosd settings"; - config = lib.mkIf config.swarselsystems.modules.swayosd { + options.swarselmodules.swayosd = lib.mkEnableOption "swayosd settings"; + config = lib.mkIf config.swarselmodules.swayosd { environment.systemPackages = [ pkgs.dev.swayosd ]; services.udev.packages = [ pkgs.dev.swayosd ]; systemd.services.swayosd-libinput-backend = { diff --git a/modules/nixos/client/syncthing.nix b/modules/nixos/client/syncthing.nix index 7d7fc94..d7ca383 100644 --- a/modules/nixos/client/syncthing.nix +++ b/modules/nixos/client/syncthing.nix @@ -1,10 +1,11 @@ { lib, config, pkgs, ... }: let inherit (config.swarselsystems) mainUser homeDir; + devices = config.swarselsystems.syncthing.syncDevices; in { - options.swarselsystems.modules.syncthing = lib.mkEnableOption "syncthing config"; - config = lib.mkIf config.swarselsystems.modules.syncthing { + options.swarselmodules.syncthing = lib.mkEnableOption "syncthing config"; + config = lib.mkIf config.swarselmodules.syncthing { services.syncthing = { enable = true; package = pkgs.stable.syncthing; @@ -18,39 +19,26 @@ in options = { urAccepted = -1; }; - devices = { - "magicant" = { - id = "VMWGEE2-4HDS2QO-KNQOVGN-LXLX6LA-666E4EK-ZBRYRRO-XFEX6FB-6E3XLQO"; - }; - "sync@oracle" = { - id = "ETW6TST-NPK7MKZ-M4LXMHA-QUPQHDT-VTSHH5X-CR5EIN2-YU7E55F-MGT7DQB"; - }; - "winters" = { - id = "O7RWDMD-AEAHPP7-7TAVLKZ-BSWNBTU-2VA44MS-EYGUNBB-SLHKB3C-ZSLMOAA"; - }; - "moonside@oracle" = { - id = "VPCDZB6-MGVGQZD-Q6DIZW3-IZJRJTO-TCC3QUQ-2BNTL7P-AKE7FBO-N55UNQE"; - }; - }; + inherit (config.swarselsystems.syncthing) devices; folders = { "Default Folder" = lib.mkDefault { path = "${homeDir}/Sync"; - devices = [ "sync@oracle" "magicant" "winters" "moonside@oracle" ]; + inherit devices; id = "default"; }; "Obsidian" = { path = "${homeDir}/Nextcloud/Obsidian"; - devices = [ "sync@oracle" "magicant" "winters" "moonside@oracle" ]; + inherit devices; id = "yjvni-9eaa7"; }; "Org" = { path = "${homeDir}/Nextcloud/Org"; - devices = [ "sync@oracle" "magicant" "winters" "moonside@oracle" ]; + inherit devices; id = "a7xnl-zjj3d"; }; "Vpn" = { path = "${homeDir}/Vpn"; - devices = [ "sync@oracle" "magicant" "winters" "moonside@oracle" ]; + inherit devices; id = "hgp9s-fyq3p"; }; }; diff --git a/modules/nixos/client/systemd.nix b/modules/nixos/client/systemd.nix index 56da8a1..5ad6aaa 100644 --- a/modules/nixos/client/systemd.nix +++ b/modules/nixos/client/systemd.nix @@ -1,7 +1,7 @@ { lib, config, ... }: { - options.swarselsystems.modules.systemdTimeout = lib.mkEnableOption "systemd timeout config"; - config = lib.mkIf config.swarselsystems.modules.systemdTimeout { + options.swarselmodules.systemdTimeout = lib.mkEnableOption "systemd timeout config"; + config = lib.mkIf config.swarselmodules.systemdTimeout { # systemd systemd.extraConfig = '' DefaultTimeoutStartSec=60s diff --git a/modules/nixos/client/xdg-portal.nix b/modules/nixos/client/xdg-portal.nix index 22abdb7..9da6946 100644 --- a/modules/nixos/client/xdg-portal.nix +++ b/modules/nixos/client/xdg-portal.nix @@ -1,7 +1,7 @@ { lib, config, pkgs, ... }: { - options.swarselsystems.modules.xdg-portal = lib.mkEnableOption "xdg portal config"; - config = lib.mkIf config.swarselsystems.modules.xdg-portal { + options.swarselmodules.xdg-portal = lib.mkEnableOption "xdg portal config"; + config = lib.mkIf config.swarselmodules.xdg-portal { xdg.portal = { enable = true; config = { diff --git a/modules/nixos/client/zsh.nix b/modules/nixos/client/zsh.nix index e1eaaf6..3e6b771 100644 --- a/modules/nixos/client/zsh.nix +++ b/modules/nixos/client/zsh.nix @@ -1,7 +1,7 @@ { lib, config, pkgs, ... }: { - options.swarselsystems.modules.zsh = lib.mkEnableOption "zsh base config"; - config = lib.mkIf config.swarselsystems.modules.zsh { + options.swarselmodules.zsh = lib.mkEnableOption "zsh base config"; + config = lib.mkIf config.swarselmodules.zsh { programs.zsh = { enable = true; enableCompletion = false; diff --git a/modules/nixos/common/boot.nix b/modules/nixos/common/boot.nix new file mode 100644 index 0000000..758f29c --- /dev/null +++ b/modules/nixos/common/boot.nix @@ -0,0 +1,25 @@ +{ lib, pkgs, config, globals, ... }: +{ + options.swarselmodules.boot = lib.mkEnableOption "boot config"; + config = lib.mkIf config.swarselmodules.boot { + boot = { + initrd.systemd = { + enable = true; + emergencyAccess = globals.root.hashedPassword; + users.root.shell = "${pkgs.bashInteractive}/bin/bash"; + storePaths = [ "${pkgs.bashInteractive}/bin/bash" ]; + extraBin = { + ip = "${pkgs.iproute2}/bin/ip"; + ping = "${pkgs.iputils}/bin/ping"; + cryptsetup = "${pkgs.cryptsetup}/bin/cryptsetup"; + }; + }; + kernelParams = [ "log_buf_len=16M" ]; + tmp.useTmpfs = true; + loader.timeout = lib.mkDefault 2; + }; + + console.earlySetup = true; + + }; +} diff --git a/modules/nixos/common/default.nix b/modules/nixos/common/default.nix index e76fb8b..8c1a26b 100644 --- a/modules/nixos/common/default.nix +++ b/modules/nixos/common/default.nix @@ -1,11 +1,9 @@ -{ self, lib, ... }: +{ lib, ... }: let importNames = lib.swarselsystems.readNix "modules/nixos/common"; + sharedNames = lib.swarselsystems.readNix "modules/shared"; in { - imports = lib.swarselsystems.mkImports importNames "modules/nixos/common" ++ [ - "${self}/modules/shared/sharedsetup.nix" - ]; - - + imports = lib.swarselsystems.mkImports importNames "modules/nixos/common" ++ + lib.swarselsystems.mkImports sharedNames "modules/shared"; } diff --git a/modules/nixos/common/globals.nix b/modules/nixos/common/globals.nix index 74fcf6a..24e3793 100644 --- a/modules/nixos/common/globals.nix +++ b/modules/nixos/common/globals.nix @@ -11,6 +11,12 @@ in default = { }; type = types.submodule { options = { + root = { + hashedPassword = mkOption { + type = types.str; + }; + }; + user = { name = mkOption { type = types.str; diff --git a/modules/nixos/common/home-manager-secrets.nix b/modules/nixos/common/home-manager-secrets.nix new file mode 100644 index 0000000..a4ade64 --- /dev/null +++ b/modules/nixos/common/home-manager-secrets.nix @@ -0,0 +1,36 @@ +{ lib, config, globals, ... }: +let + inherit (config.swarselsystems) mainUser homeDir; + inherit (config.repo.secrets.common.emacs) radicaleUser; + modules = config.home-manager.users.${mainUser}.swarselmodules; +in +{ + config = lib.mkIf config.swarselsystems.withHomeManager { + sops = { + secrets = (lib.optionalAttrs modules.mail + { + address1-token = { owner = mainUser; }; + address2-token = { owner = mainUser; }; + address3-token = { owner = mainUser; }; + address4-token = { owner = mainUser; }; + }) // (lib.optionalAttrs modules.waybar { + github-notifications-token = { owner = mainUser; }; + }) // (lib.optionalAttrs modules.emacs { + fever-pw = { path = "${homeDir}/.emacs.d/.fever"; owner = mainUser; }; + }) // (lib.optionalAttrs modules.zsh { + croc-password = { owner = mainUser; }; + }) // (lib.optionalAttrs modules.emacs { + emacs-radicale-pw = { owner = mainUser; }; + }); + templates = { + authinfo = { + path = "${homeDir}/.emacs.d/.authinfo"; + content = '' + machine ${globals.services.radicale.domain} login ${radicaleUser} password ${config.sops.placeholder.emacs-radicale-pw} + ''; + owner = mainUser; + }; + }; + }; + }; +} diff --git a/modules/nixos/common/home-manager.nix b/modules/nixos/common/home-manager.nix index fb0b3ed..081b0b8 100644 --- a/modules/nixos/common/home-manager.nix +++ b/modules/nixos/common/home-manager.nix @@ -1,12 +1,12 @@ -{ self, inputs, config, lib, outputs, globals, nodes, minimal, configName, ... }: +{ self, inputs, config, lib, outputs, globals, options, nodes, minimal, configName, ... }: { - options.swarselsystems.modules.home-manager = lib.mkEnableOption "home-manager"; - config = lib.mkIf config.swarselsystems.modules.home-manager { + options.swarselmodules.home-manager = lib.mkEnableOption "home-manager"; + config = lib.mkIf config.swarselmodules.home-manager { home-manager = lib.mkIf config.swarselsystems.withHomeManager { useGlobalPkgs = true; useUserPackages = true; verbose = true; - users.swarsel.imports = [ + users.${config.swarselsystems.mainUser}.imports = [ inputs.nix-index-database.hmModules.nix-index inputs.sops-nix.homeManagerModules.sops # inputs.stylix.homeModules.stylix @@ -14,8 +14,11 @@ imports = [ "${self}/profiles/home" "${self}/modules/home" - # "${self}/modules/nixos/common/pii.nix" - # "${self}/modules/nixos/common/meta.nix" + { + swarselprofiles = { + minimal = lib.mkIf minimal true; + }; + } ]; # node = { # secretsDir = if (!config.swarselsystems.isNixos) then ../../../hosts/home/${configName}/secrets else ../../../hosts/nixos/${configName}/secrets; diff --git a/modules/nixos/common/impermanence.nix b/modules/nixos/common/impermanence.nix index 3256df7..31f8641 100644 --- a/modules/nixos/common/impermanence.nix +++ b/modules/nixos/common/impermanence.nix @@ -4,8 +4,8 @@ let inherit (config.swarselsystems) isImpermanence isCrypted; in { - options.swarselsystems.modules.impermanence = lib.mkEnableOption "impermanence config"; - config = lib.mkIf config.swarselsystems.modules.impermanence { + options.swarselmodules.impermanence = lib.mkEnableOption "impermanence config"; + config = lib.mkIf config.swarselmodules.impermanence { security.sudo.extraConfig = lib.mkIf isImpermanence '' diff --git a/modules/nixos/common/lanzaboote.nix b/modules/nixos/common/lanzaboote.nix index b4c671e..8492eba 100644 --- a/modules/nixos/common/lanzaboote.nix +++ b/modules/nixos/common/lanzaboote.nix @@ -1,7 +1,7 @@ { lib, pkgs, config, minimal, ... }: { - options.swarselsystems.modules.lanzaboote = lib.mkEnableOption "lanzaboote config"; - config = lib.mkIf config.swarselsystems.modules.lanzaboote { + options.swarselmodules.lanzaboote = lib.mkEnableOption "lanzaboote config"; + config = lib.mkIf config.swarselmodules.lanzaboote { environment.systemPackages = lib.mkIf config.swarselsystems.isSecureBoot [ pkgs.sbctl diff --git a/modules/nixos/common/pii.nix b/modules/nixos/common/pii.nix index 6b8fd21..26b31d0 100644 --- a/modules/nixos/common/pii.nix +++ b/modules/nixos/common/pii.nix @@ -58,9 +58,9 @@ in description = "Exposes the loaded repo secrets. This option is read-only."; }; }; - swarselsystems.modules.pii = lib.mkEnableOption "enable pii management"; + swarselmodules.pii = lib.mkEnableOption "enable pii management"; }; - config = lib.mkIf config.swarselsystems.modules.pii { + config = lib.mkIf config.swarselmodules.pii { repo.secretFiles = let local = config.node.secretsDir + "/pii.nix.enc"; diff --git a/modules/nixos/common/settings.nix b/modules/nixos/common/settings.nix index 6edb610..57625c1 100644 --- a/modules/nixos/common/settings.nix +++ b/modules/nixos/common/settings.nix @@ -52,8 +52,8 @@ let }; in { - options.swarselsystems.modules.general = lib.mkEnableOption "general nix settings"; - config = lib.mkIf config.swarselsystems.modules.general + options.swarselmodules.general = lib.mkEnableOption "general nix settings"; + config = lib.mkIf config.swarselmodules.general (lib.recursiveUpdate { sops.secrets.github-api-token = lib.mkIf (!minimal) { diff --git a/modules/nixos/common/sharedsetup.nix b/modules/nixos/common/sharedsetup.nix deleted file mode 100644 index 1269fdd..0000000 --- a/modules/nixos/common/sharedsetup.nix +++ /dev/null @@ -1,27 +0,0 @@ -{ lib, ... }: -{ - options = { - swarselsystems = { - withHomeManager = lib.mkOption { - type = lib.types.bool; - default = true; - }; - isSwap = lib.mkOption { - type = lib.types.bool; - default = true; - }; - swapSize = lib.mkOption { - type = lib.types.str; - default = "8G"; - }; - rootDisk = lib.mkOption { - type = lib.types.str; - default = ""; - }; - isCrypted = lib.mkEnableOption "uses full disk encryption"; - - isImpermanence = lib.mkEnableOption "use impermanence on this system"; - isSecureBoot = lib.mkEnableOption "use secure boot on this system"; - }; - }; -} diff --git a/modules/nixos/common/time.nix b/modules/nixos/common/time.nix index 21c951a..10e21b4 100644 --- a/modules/nixos/common/time.nix +++ b/modules/nixos/common/time.nix @@ -1,7 +1,7 @@ { lib, config, ... }: { - options.swarselsystems.modules.time = lib.mkEnableOption "time config"; - config = lib.mkIf config.swarselsystems.modules.time { + options.swarselmodules.time = lib.mkEnableOption "time config"; + config = lib.mkIf config.swarselmodules.time { time = { timeZone = "Europe/Vienna"; # hardwareClockInLocalTime = true; diff --git a/modules/nixos/common/users.nix b/modules/nixos/common/users.nix index 79d2ed5..29d3afb 100644 --- a/modules/nixos/common/users.nix +++ b/modules/nixos/common/users.nix @@ -1,21 +1,27 @@ -{ self, pkgs, config, lib, minimal, ... }: +{ self, pkgs, config, lib, globals, minimal, ... }: let sopsFile = self + /secrets/general/secrets.yaml; in { - options.swarselsystems.modules.users = lib.mkEnableOption "user config"; - config = lib.mkIf config.swarselsystems.modules.users { + options.swarselmodules.users = lib.mkEnableOption "user config"; + config = lib.mkIf config.swarselmodules.users { sops.secrets.main-user-hashed-pw = lib.mkIf (!config.swarselsystems.isPublic) { inherit sopsFile; neededForUsers = true; }; users = { mutableUsers = lib.mkIf (!minimal) false; - users."${config.swarselsystems.mainUser}" = { - isNormalUser = true; - description = "Leon S"; - password = lib.mkIf minimal "setup"; - hashedPasswordFile = lib.mkIf (!minimal) config.sops.secrets.main-user-hashed-pw.path; - extraGroups = [ "wheel" ] ++ lib.optionals (!minimal) [ "networkmanager" "syncthing" "docker" "lp" "audio" "video" "vboxusers" "libvirtd" "scanner" ]; - packages = with pkgs; [ ]; + users = { + root = { + inherit (globals.root) hashedPassword; + shell = pkgs.zsh; + }; + "${config.swarselsystems.mainUser}" = { + isNormalUser = true; + description = "Leon S"; + password = lib.mkIf (minimal || config.swarselsystems.isPublic) "setup"; + hashedPasswordFile = lib.mkIf (!minimal && !config.swarselsystems.isPublic) config.sops.secrets.main-user-hashed-pw.path; + extraGroups = [ "wheel" ] ++ lib.optionals (!minimal) [ "networkmanager" "syncthing" "docker" "lp" "audio" "video" "vboxusers" "libvirtd" "scanner" ]; + packages = with pkgs; [ ]; + }; }; }; }; diff --git a/modules/nixos/common/xserver.nix b/modules/nixos/common/xserver.nix index b529f9b..556011e 100644 --- a/modules/nixos/common/xserver.nix +++ b/modules/nixos/common/xserver.nix @@ -1,7 +1,7 @@ { lib, config, ... }: { - options.swarselsystems.modules.xserver = lib.mkEnableOption "xserver keymap"; - config = lib.mkIf config.swarselsystems.modules.packages { + options.swarselmodules.xserver = lib.mkEnableOption "xserver keymap"; + config = lib.mkIf config.swarselmodules.packages { services.xserver = { xkb = { layout = "us"; diff --git a/modules/nixos/darwin/default.nix b/modules/nixos/darwin/default.nix index e7b02e6..4e4d373 100644 --- a/modules/nixos/darwin/default.nix +++ b/modules/nixos/darwin/default.nix @@ -6,8 +6,8 @@ in imports = [ ]; - options.swarselsystems.modules.darwin.general = lib.mkEnableOption "darwin config"; - config = lib.mkIf config.swarselsystems.modules.darwin.general { + options.swarselmodules.optional.darwin = lib.mkEnableOption "optional darwin settings"; + config = lib.mkIf config.swarselmodules.optional.darwin { nix.settings.experimental-features = "nix-command flakes"; nixpkgs = { hostPlatform = "x86_64-darwin"; diff --git a/modules/nixos/optional/amdcpu.nix b/modules/nixos/optional/amdcpu.nix index 39028f5..9051b9d 100644 --- a/modules/nixos/optional/amdcpu.nix +++ b/modules/nixos/optional/amdcpu.nix @@ -1,7 +1,7 @@ { lib, config, ... }: { - options.swarselsystems.modules.optional.amdcpu = lib.mkEnableOption "optional amd cpu settings"; - config = lib.mkIf config.swarselsystems.modules.optional.amdcpu { + options.swarselmodules.optional.amdcpu = lib.mkEnableOption "optional amd cpu settings"; + config = lib.mkIf config.swarselmodules.optional.amdcpu { hardware = { cpu.amd.updateMicrocode = true; }; diff --git a/modules/nixos/optional/amdgpu.nix b/modules/nixos/optional/amdgpu.nix index 59bebe3..c6aa61f 100644 --- a/modules/nixos/optional/amdgpu.nix +++ b/modules/nixos/optional/amdgpu.nix @@ -1,7 +1,7 @@ { lib, config, ... }: { - options.swarselsystems.modules.optional.amdgpu = lib.mkEnableOption "optional amd gpu settings"; - config = lib.mkIf config.swarselsystems.modules.optional.amdgpu { + options.swarselmodules.optional.amdgpu = lib.mkEnableOption "optional amd gpu settings"; + config = lib.mkIf config.swarselmodules.optional.amdgpu { hardware = { amdgpu = { opencl.enable = true; diff --git a/modules/nixos/optional/btrfs.nix b/modules/nixos/optional/btrfs.nix index 5c6e9f6..e8d3b57 100644 --- a/modules/nixos/optional/btrfs.nix +++ b/modules/nixos/optional/btrfs.nix @@ -1,7 +1,7 @@ { lib, config, ... }: { - options.swarselsystems.modules.optional.btrfs = lib.mkEnableOption "optional btrfs settings"; - config = lib.mkIf config.swarselsystems.modules.optional.btrfs { + options.swarselmodules.optional.btrfs = lib.mkEnableOption "optional btrfs settings"; + config = lib.mkIf config.swarselmodules.optional.btrfs { boot = { supportedFilesystems = [ "btrfs" ]; }; diff --git a/modules/nixos/optional/default.nix b/modules/nixos/optional/default.nix index 9499b56..49b7058 100644 --- a/modules/nixos/optional/default.nix +++ b/modules/nixos/optional/default.nix @@ -1,10 +1,7 @@ -{ self, lib, ... }: +{ lib, ... }: let importNames = lib.swarselsystems.readNix "modules/nixos/optional"; - modulesPath = "${self}/modules"; in { - imports = lib.swarselsystems.mkImports importNames "modules/nixos/optional" ++ [ - "${modulesPath}/home/common/sharedsetup.nix" - ]; + imports = lib.swarselsystems.mkImports importNames "modules/nixos/optional"; } diff --git a/modules/nixos/optional/framework.nix b/modules/nixos/optional/framework.nix index 3627255..949cc82 100644 --- a/modules/nixos/optional/framework.nix +++ b/modules/nixos/optional/framework.nix @@ -3,8 +3,8 @@ imports = [ inputs.fw-fanctrl.nixosModules.default ]; - options.swarselsystems.modules.optional.framework = lib.mkEnableOption "optional framework machine settings"; - config = lib.mkIf config.swarselsystems.modules.optional.framework { + options.swarselmodules.optional.framework = lib.mkEnableOption "optional framework machine settings"; + config = lib.mkIf config.swarselmodules.optional.framework { services = { fwupd = { enable = true; diff --git a/modules/nixos/optional/gaming.nix b/modules/nixos/optional/gaming.nix index eafcf65..5f28872 100644 --- a/modules/nixos/optional/gaming.nix +++ b/modules/nixos/optional/gaming.nix @@ -1,7 +1,7 @@ { pkgs, lib, config, ... }: { - options.swarselsystems.modules.optional.gaming = lib.mkEnableOption "optional gaming settings"; - config = lib.mkIf config.swarselsystems.modules.optional.gaming { + options.swarselmodules.optional.gaming = lib.mkEnableOption "optional gaming settings"; + config = lib.mkIf config.swarselmodules.optional.gaming { programs.steam = { enable = true; package = pkgs.steam; diff --git a/modules/nixos/optional/hibernation.nix b/modules/nixos/optional/hibernation.nix index d013598..856b672 100644 --- a/modules/nixos/optional/hibernation.nix +++ b/modules/nixos/optional/hibernation.nix @@ -1,7 +1,7 @@ { lib, config, ... }: { + options.swarselmodules.optional.hibernation = lib.mkEnableOption "optional amd gpu settings"; options.swarselsystems = { - modules.optional.hibernation = lib.mkEnableOption "optional amd gpu settings"; hibernation = { offset = lib.mkOption { type = lib.types.int; @@ -13,7 +13,7 @@ }; }; }; - config = lib.mkIf config.swarselsystems.modules.optional.hibernation { + config = lib.mkIf config.swarselmodules.optional.hibernation { boot = { kernelParams = [ "resume_offset=${builtins.toString config.swarselsystems.hibernation.offset}" diff --git a/modules/nixos/optional/nswitch-rcm.nix b/modules/nixos/optional/nswitch-rcm.nix index 095524e..3af88db 100644 --- a/modules/nixos/optional/nswitch-rcm.nix +++ b/modules/nixos/optional/nswitch-rcm.nix @@ -1,7 +1,7 @@ { lib, config, pkgs, ... }: { - options.swarselsystems.modules.optional.nswitch-rcm = lib.mkEnableOption "optional nswitch-rcm settings"; - config = lib.mkIf config.swarselsystems.modules.optional.nswitch-rcm { + options.swarselmodules.optional.nswitch-rcm = lib.mkEnableOption "optional nswitch-rcm settings"; + config = lib.mkIf config.swarselmodules.optional.nswitch-rcm { services.nswitch-rcm = { enable = true; package = pkgs.fetchurl { diff --git a/modules/nixos/optional/virtualbox.nix b/modules/nixos/optional/virtualbox.nix index 4953b74..ee5a4b7 100644 --- a/modules/nixos/optional/virtualbox.nix +++ b/modules/nixos/optional/virtualbox.nix @@ -1,7 +1,7 @@ { lib, config, pkgs, ... }: { - options.swarselsystems.modules.optional.virtualbox = lib.mkEnableOption "optional VBox settings"; - config = lib.mkIf config.swarselsystems.modules.optional.virtualbox { + options.swarselmodules.optional.virtualbox = lib.mkEnableOption "optional VBox settings"; + config = lib.mkIf config.swarselmodules.optional.virtualbox { specialisation = { VBox.configuration = { virtualisation.virtualbox = { diff --git a/modules/nixos/optional/vmware.nix b/modules/nixos/optional/vmware.nix index d328f38..4236080 100644 --- a/modules/nixos/optional/vmware.nix +++ b/modules/nixos/optional/vmware.nix @@ -1,8 +1,8 @@ { lib, config, ... }: { - options.swarselsystems.modules.optional.vmware = lib.mkEnableOption "optional vmware settings"; - config = lib.mkIf config.swarselsystems.modules.optional.vmware { + options.swarselmodules.optional.vmware = lib.mkEnableOption "optional vmware settings"; + config = lib.mkIf config.swarselmodules.optional.vmware { virtualisation.vmware.host.enable = true; virtualisation.vmware.guest.enable = true; }; diff --git a/modules/nixos/optional/work.nix b/modules/nixos/optional/work.nix index fdf85d4..402851c 100644 --- a/modules/nixos/optional/work.nix +++ b/modules/nixos/optional/work.nix @@ -25,8 +25,8 @@ let }; in { + options.swarselmodules.optional.work = lib.mkEnableOption "optional work settings"; options.swarselsystems = { - modules.optional.work = lib.mkEnableOption "optional work settings"; hostName = lib.mkOption { type = lib.types.str; default = ""; @@ -36,7 +36,7 @@ in default = ""; }; }; - config = lib.mkIf config.swarselsystems.modules.optional.work { + config = lib.mkIf config.swarselmodules.optional.work { sops = let secretNames = [ @@ -208,6 +208,9 @@ in spice-protocol win-virtio win-spice + + powershell + gh ]; diff --git a/modules/nixos/server/ankisync.nix b/modules/nixos/server/ankisync.nix index b7b3c6e..8f03d14 100644 --- a/modules/nixos/server/ankisync.nix +++ b/modules/nixos/server/ankisync.nix @@ -9,8 +9,8 @@ let ankiUser = globals.user.name; in { - options.swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; - config = lib.mkIf config.swarselsystems.modules.server.${serviceName} { + options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; + config = lib.mkIf config.swarselmodules.server.${serviceName} { networking.firewall.allowedTCPPorts = [ servicePort ]; diff --git a/modules/nixos/server/atuin.nix b/modules/nixos/server/atuin.nix index 790a900..59714f6 100644 --- a/modules/nixos/server/atuin.nix +++ b/modules/nixos/server/atuin.nix @@ -5,8 +5,8 @@ let serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; in { - options.swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; - config = lib.mkIf config.swarselsystems.modules.server.${serviceName} { + options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; + config = lib.mkIf config.swarselmodules.server.${serviceName} { topology.self.services.${serviceName}.info = "https://${serviceDomain}"; globals.services.${serviceName}.domain = serviceDomain; diff --git a/modules/nixos/server/croc.nix b/modules/nixos/server/croc.nix index c3d9f1d..d9c1286 100644 --- a/modules/nixos/server/croc.nix +++ b/modules/nixos/server/croc.nix @@ -15,8 +15,8 @@ let cfg = config.services.croc; in { - options.swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; - config = lib.mkIf config.swarselsystems.modules.server.${serviceName} { + options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; + config = lib.mkIf config.swarselmodules.server.${serviceName} { sops = { secrets = { diff --git a/modules/nixos/server/emacs.nix b/modules/nixos/server/emacs.nix index 598ee6b..03e1261 100644 --- a/modules/nixos/server/emacs.nix +++ b/modules/nixos/server/emacs.nix @@ -4,8 +4,8 @@ let servicePort = 9812; in { - options.swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} server on server"; - config = lib.mkIf config.swarselsystems.modules.server.${serviceName} { + options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} server on server"; + config = lib.mkIf config.swarselmodules.server.${serviceName} { networking.firewall.allowedTCPPorts = [ servicePort ]; diff --git a/modules/nixos/server/firefly-iii.nix b/modules/nixos/server/firefly-iii.nix index ce5e8ee..781da1a 100644 --- a/modules/nixos/server/firefly-iii.nix +++ b/modules/nixos/server/firefly-iii.nix @@ -12,8 +12,8 @@ let cfg = config.services.firefly-iii; in { - options.swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; - config = lib.mkIf config.swarselsystems.modules.server.${serviceName} { + options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; + config = lib.mkIf config.swarselmodules.server.${serviceName} { users = { groups.${serviceGroup} = { }; diff --git a/modules/nixos/server/forgejo.nix b/modules/nixos/server/forgejo.nix index a0ea0d5..949c2e7 100644 --- a/modules/nixos/server/forgejo.nix +++ b/modules/nixos/server/forgejo.nix @@ -11,8 +11,8 @@ let kanidmDomain = globals.services.kanidm.domain; in { - options.swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; - config = lib.mkIf config.swarselsystems.modules.server.${serviceName} { + options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; + config = lib.mkIf config.swarselmodules.server.${serviceName} { networking.firewall.allowedTCPPorts = [ servicePort ]; diff --git a/modules/nixos/server/freshrss.nix b/modules/nixos/server/freshrss.nix index 2e6e657..7f9362c 100644 --- a/modules/nixos/server/freshrss.nix +++ b/modules/nixos/server/freshrss.nix @@ -9,8 +9,8 @@ let inherit (config.swarselsystems) sopsFile; in { - options.swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; - config = lib.mkIf config.swarselsystems.modules.server.${serviceName} { + options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; + config = lib.mkIf config.swarselmodules.server.${serviceName} { users.users.${serviceUser} = { extraGroups = [ "users" ]; diff --git a/modules/nixos/server/immich.nix b/modules/nixos/server/immich.nix index f0d7bf1..a3e9eee 100644 --- a/modules/nixos/server/immich.nix +++ b/modules/nixos/server/immich.nix @@ -6,8 +6,8 @@ let serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; in { - options.swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; - config = lib.mkIf config.swarselsystems.modules.server.${serviceName} { + options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; + config = lib.mkIf config.swarselmodules.server.${serviceName} { users.users.${serviceUser} = { extraGroups = [ "video" "render" "users" ]; diff --git a/modules/nixos/server/jellyfin.nix b/modules/nixos/server/jellyfin.nix index 9762b79..296fa76 100644 --- a/modules/nixos/server/jellyfin.nix +++ b/modules/nixos/server/jellyfin.nix @@ -6,8 +6,8 @@ let serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; in { - options.swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; - config = lib.mkIf config.swarselsystems.modules.server.${serviceName} { + options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; + config = lib.mkIf config.swarselmodules.server.${serviceName} { users.users.${serviceUser} = { extraGroups = [ "video" "render" "users" ]; }; diff --git a/modules/nixos/server/jenkins.nix b/modules/nixos/server/jenkins.nix index c2bdaec..c9a587e 100644 --- a/modules/nixos/server/jenkins.nix +++ b/modules/nixos/server/jenkins.nix @@ -5,8 +5,8 @@ let serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; in { - options.swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; - config = lib.mkIf config.swarselsystems.modules.server.${serviceName} { + options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; + config = lib.mkIf config.swarselmodules.server.${serviceName} { services.jenkins = { enable = true; diff --git a/modules/nixos/server/kanidm.nix b/modules/nixos/server/kanidm.nix index 6096297..e9b97cb 100644 --- a/modules/nixos/server/kanidm.nix +++ b/modules/nixos/server/kanidm.nix @@ -17,8 +17,8 @@ let nextcloudDomain = globals.services.nextcloud.domain; in { - options.swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; - config = lib.mkIf config.swarselsystems.modules.server.${serviceName} { + options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; + config = lib.mkIf config.swarselmodules.server.${serviceName} { users.users.${serviceUser} = { group = serviceGroup; @@ -84,6 +84,7 @@ in "freshrss.access" = { }; "firefly.access" = { }; "radicale.access" = { }; + "slink.access" = { }; }; inherit (config.repo.secrets.local) persons; @@ -204,6 +205,11 @@ in "email" "profile" ]; + "slink.access" = [ + "openid" + "email" + "profile" + ]; }; preferShortUsername = true; claimMaps.groups = { @@ -213,6 +219,7 @@ in "navidrome.access" = [ "navidrome_access" ]; "firefly.access" = [ "firefly_access" ]; "radicale.access" = [ "radicale_access" ]; + "slink.access" = [ "slink_access" ]; }; }; }; diff --git a/modules/nixos/server/kavita.nix b/modules/nixos/server/kavita.nix index e24fdb7..e278037 100644 --- a/modules/nixos/server/kavita.nix +++ b/modules/nixos/server/kavita.nix @@ -8,8 +8,8 @@ let serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; in { - options.swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; - config = lib.mkIf config.swarselsystems.modules.server.${serviceName} { + options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; + config = lib.mkIf config.swarselmodules.server.${serviceName} { environment.systemPackages = with pkgs; [ calibre ]; diff --git a/modules/nixos/server/koillection.nix b/modules/nixos/server/koillection.nix index d022495..3ebb23b 100644 --- a/modules/nixos/server/koillection.nix +++ b/modules/nixos/server/koillection.nix @@ -5,6 +5,7 @@ let serviceName = "koillection"; servicePort = 2282; serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; + serviceDir = "/Vault/data/koillection"; postgresUser = config.systemd.services.postgresql.serviceConfig.User; # postgres postgresPort = config.services.postgresql.settings.port; # 5432 @@ -13,8 +14,8 @@ let inherit (config.swarselsystems) sopsFile; in { - options.swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; - config = lib.mkIf config.swarselsystems.modules.server.${serviceName} { + options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; + config = lib.mkIf config.swarselmodules.server.${serviceName} { sops.secrets = { koillection-db-password = { inherit sopsFile; owner = postgresUser; group = postgresUser; mode = "0440"; }; @@ -36,6 +37,10 @@ in "${toString servicePort}:80" ]; + volumes = [ + "${serviceDir}/uploads:/uploads" + ]; + environment = { APP_DEBUG = "0"; APP_ENV = "prod"; @@ -114,6 +119,11 @@ in locations = { "/" = { proxyPass = "http://${serviceName}"; + extraConfig = '' + proxy_buffer_size 128k; + proxy_buffers 4 256k; + proxy_busy_buffers_size 256k; + ''; }; }; }; diff --git a/modules/nixos/server/matrix.nix b/modules/nixos/server/matrix.nix index b95f03f..4f88707 100644 --- a/modules/nixos/server/matrix.nix +++ b/modules/nixos/server/matrix.nix @@ -21,8 +21,8 @@ let ''; in { - options.swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; - config = lib.mkIf config.swarselsystems.modules.server.${serviceName} { + options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; + config = lib.mkIf config.swarselmodules.server.${serviceName} { environment.systemPackages = with pkgs; [ matrix-synapse lottieconverter diff --git a/modules/nixos/server/microbin.nix b/modules/nixos/server/microbin.nix index 06dc4f5..1001d69 100644 --- a/modules/nixos/server/microbin.nix +++ b/modules/nixos/server/microbin.nix @@ -11,8 +11,8 @@ let cfg = config.services.${serviceName}; in { - options.swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; - config = lib.mkIf config.swarselsystems.modules.server.${serviceName} { + options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; + config = lib.mkIf config.swarselmodules.server.${serviceName} { users = { groups.${serviceGroup} = { }; diff --git a/modules/nixos/server/monitoring.nix b/modules/nixos/server/monitoring.nix index 183cb90..6a35c5c 100644 --- a/modules/nixos/server/monitoring.nix +++ b/modules/nixos/server/monitoring.nix @@ -17,8 +17,8 @@ let inherit (config.swarselsystems) sopsFile; in { - options.swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; - config = lib.mkIf config.swarselsystems.modules.server.${serviceName} { + options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; + config = lib.mkIf config.swarselmodules.server.${serviceName} { sops = { secrets = { @@ -193,7 +193,7 @@ in sslVerify = false; scrapeUri = "http://localhost/nginx_status"; }; - nextcloud = lib.mkIf config.swarselsystems.modules.server.nextcloud { + nextcloud = lib.mkIf config.swarselmodules.server.nextcloud { enable = true; port = 9205; url = "https://${serviceDomain}/ocs/v2.php/apps/serverinfo/api/v1/info"; diff --git a/modules/nixos/server/mpd.nix b/modules/nixos/server/mpd.nix index 454fbb1..0f7afc4 100644 --- a/modules/nixos/server/mpd.nix +++ b/modules/nixos/server/mpd.nix @@ -8,8 +8,8 @@ let serviceName = "mpd"; in { - options.swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; - config = lib.mkIf config.swarselsystems.modules.server.${serviceName} { + options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; + config = lib.mkIf config.swarselmodules.server.${serviceName} { users = { groups = { mpd = { }; diff --git a/modules/nixos/server/navidrome.nix b/modules/nixos/server/navidrome.nix index eed687f..3d6df90 100644 --- a/modules/nixos/server/navidrome.nix +++ b/modules/nixos/server/navidrome.nix @@ -7,8 +7,8 @@ let serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; in { - options.swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; - config = lib.mkIf config.swarselsystems.modules.server.${serviceName} { + options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; + config = lib.mkIf config.swarselmodules.server.${serviceName} { environment.systemPackages = with pkgs; [ pciutils alsa-utils diff --git a/modules/nixos/server/nextcloud.nix b/modules/nixos/server/nextcloud.nix index 143c677..1deeb81 100644 --- a/modules/nixos/server/nextcloud.nix +++ b/modules/nixos/server/nextcloud.nix @@ -10,8 +10,8 @@ let serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; in { - options.swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; - config = lib.mkIf config.swarselsystems.modules.server.${serviceName} { + options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; + config = lib.mkIf config.swarselmodules.server.${serviceName} { sops.secrets = { nextcloud-admin-pw = { inherit sopsFile; owner = serviceUser; group = serviceGroup; mode = "0440"; }; diff --git a/modules/nixos/server/nfs.nix b/modules/nixos/server/nfs.nix index 93f21b7..d2d97da 100644 --- a/modules/nixos/server/nfs.nix +++ b/modules/nixos/server/nfs.nix @@ -3,8 +3,8 @@ let nfsUser = globals.user.name; in { - options.swarselsystems.modules.server.nfs = lib.mkEnableOption "enable nfs on server"; - config = lib.mkIf config.swarselsystems.modules.server.nfs { + options.swarselmodules.server.nfs = lib.mkEnableOption "enable nfs on server"; + config = lib.mkIf config.swarselmodules.server.nfs { services = { # add a user with sudo smbpasswd -a samba = { diff --git a/modules/nixos/server/nginx.nix b/modules/nixos/server/nginx.nix index 354e444..97caafb 100644 --- a/modules/nixos/server/nginx.nix +++ b/modules/nixos/server/nginx.nix @@ -5,8 +5,8 @@ let in { - options.swarselsystems.modules.server.nginx = lib.mkEnableOption "enable nginx on server"; - config = lib.mkIf config.swarselsystems.modules.server.nginx { + options.swarselmodules.server.nginx = lib.mkEnableOption "enable nginx on server"; + config = lib.mkIf config.swarselmodules.server.nginx { environment.systemPackages = with pkgs; [ lego ]; diff --git a/modules/nixos/server/oauth2-proxy.nix b/modules/nixos/server/oauth2-proxy.nix index 401cd6b..d74a441 100644 --- a/modules/nixos/server/oauth2-proxy.nix +++ b/modules/nixos/server/oauth2-proxy.nix @@ -13,7 +13,7 @@ let in { options = { - swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; + swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; # largely based on https://github.com/oddlama/nix-config/blob/main/modules/oauth2-proxy.nix services.nginx.virtualHosts = lib.mkOption { type = lib.types.attrsOf ( @@ -121,7 +121,7 @@ in ); }; }; - config = lib.mkIf config.swarselsystems.modules.server.${serviceName} { + config = lib.mkIf config.swarselmodules.server.${serviceName} { sops = { secrets = { diff --git a/modules/nixos/server/packages.nix b/modules/nixos/server/packages.nix index 136245a..6f5f744 100644 --- a/modules/nixos/server/packages.nix +++ b/modules/nixos/server/packages.nix @@ -1,7 +1,7 @@ { lib, config, pkgs, ... }: { - options.swarselsystems.modules.server.packages = lib.mkEnableOption "enable packages on server"; - config = lib.mkIf config.swarselsystems.modules.server.packages { + options.swarselmodules.server.packages = lib.mkEnableOption "enable packages on server"; + config = lib.mkIf config.swarselmodules.server.packages { environment.systemPackages = with pkgs; [ gnupg nix-index diff --git a/modules/nixos/server/paperless.nix b/modules/nixos/server/paperless.nix index 9d52754..3172fd9 100644 --- a/modules/nixos/server/paperless.nix +++ b/modules/nixos/server/paperless.nix @@ -13,8 +13,8 @@ let kanidmDomain = globals.services.kanidm.domain; in { - options.swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; - config = lib.mkIf config.swarselsystems.modules.server.${serviceName} { + options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; + config = lib.mkIf config.swarselmodules.server.${serviceName} { users.users.${serviceUser} = { extraGroups = [ "users" ]; diff --git a/modules/nixos/server/pipewire.nix b/modules/nixos/server/pipewire.nix index faf8e90..b6b315a 100644 --- a/modules/nixos/server/pipewire.nix +++ b/modules/nixos/server/pipewire.nix @@ -1,6 +1,6 @@ { lib, config, ... }: { - config = lib.mkIf (config?swarselsystems.modules.server.mpd || config?swarselsystems.modules.server.navidrome) { + config = lib.mkIf (config?swarselmodules.server.mpd || config?swarselmodules.server.navidrome) { security.rtkit.enable = true; # this is required for pipewire real-time access diff --git a/modules/nixos/server/postgresql.nix b/modules/nixos/server/postgresql.nix index b2bc7e1..3cfa47d 100644 --- a/modules/nixos/server/postgresql.nix +++ b/modules/nixos/server/postgresql.nix @@ -4,8 +4,8 @@ let postgresVersion = 14; in { - options.swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; - config = lib.mkIf config.swarselsystems.modules.server.${serviceName} { + options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; + config = lib.mkIf config.swarselmodules.server.${serviceName} { services = { ${serviceName} = { enable = true; diff --git a/modules/nixos/server/radicale.nix b/modules/nixos/server/radicale.nix index 4d22aae..2917064 100644 --- a/modules/nixos/server/radicale.nix +++ b/modules/nixos/server/radicale.nix @@ -11,8 +11,8 @@ let cfg = config.services.${serviceName}; in { - options.swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; - config = lib.mkIf config.swarselsystems.modules.server.${serviceName} { + options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; + config = lib.mkIf config.swarselmodules.server.${serviceName} { sops = { secrets.radicale-user = { inherit sopsFile; owner = serviceUser; group = serviceGroup; mode = "0440"; }; @@ -76,7 +76,7 @@ in }; systemd.tmpfiles.rules = [ - "d '${cfg.settings.storage.filesystem_folder}' 0750 ${serviceUser} ${serviceGroup} - -" + "d ${cfg.settings.storage.filesystem_folder} 0750 ${serviceUser} ${serviceGroup} - -" ]; networking.firewall.allowedTCPPorts = [ servicePort ]; diff --git a/modules/nixos/server/restic.nix b/modules/nixos/server/restic.nix index 804b18a..f668104 100644 --- a/modules/nixos/server/restic.nix +++ b/modules/nixos/server/restic.nix @@ -3,8 +3,8 @@ let inherit (config.swarselsystems) sopsFile; in { - options.swarselsystems.modules.server.restic = lib.mkEnableOption "enable restic backups on server"; - config = lib.mkIf config.swarselsystems.modules.server.restic { + options.swarselmodules.server.restic = lib.mkEnableOption "enable restic backups on server"; + config = lib.mkIf config.swarselmodules.server.restic { sops = { secrets = { @@ -31,6 +31,11 @@ in passwordFile = config.sops.secrets.resticpw.path; paths = [ "/Vault/data/paperless" + "/Vault/data/koillection" + "/Vault/data/postgresql" + "/Vault/data/firefly-iii" + "/Vault/data/radicale" + "/Vault/data/matrix-synapse" "/Vault/Eternor/Paperless" "/Vault/Eternor/Bilder" "/Vault/Eternor/Immich" diff --git a/modules/nixos/server/settings.nix b/modules/nixos/server/settings.nix index 11ddcac..31e7225 100644 --- a/modules/nixos/server/settings.nix +++ b/modules/nixos/server/settings.nix @@ -3,14 +3,15 @@ let inherit (config.swarselsystems) flakePath; in { + + options.swarselmodules.server.general = lib.mkEnableOption "general setting on server"; options.swarselsystems = { - modules.server.general = lib.mkEnableOption "general setting on server"; shellAliases = lib.mkOption { type = lib.types.attrsOf lib.types.str; default = { }; }; }; - config = lib.mkIf config.swarselsystems.modules.server.general { + config = lib.mkIf config.swarselmodules.server.general { environment.shellAliases = lib.recursiveUpdate { diff --git a/modules/nixos/server/shlink.nix b/modules/nixos/server/shlink.nix index e388ad3..59815c0 100644 --- a/modules/nixos/server/shlink.nix +++ b/modules/nixos/server/shlink.nix @@ -10,9 +10,9 @@ let in { options = { - swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; + swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; }; - config = lib.mkIf config.swarselsystems.modules.server.${serviceName} { + config = lib.mkIf config.swarselmodules.server.${serviceName} { sops = { secrets = { diff --git a/modules/nixos/server/slink.nix b/modules/nixos/server/slink.nix new file mode 100644 index 0000000..547a2c7 --- /dev/null +++ b/modules/nixos/server/slink.nix @@ -0,0 +1,80 @@ +{ self, lib, config, ... }: +let + servicePort = 3000; + serviceName = "slink"; + serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; + serviceDir = "/var/lib/slink"; + + containerRev = "sha256:98b9442696f0a8cbc92f0447f54fa4bad227af5dcfd6680545fedab2ed28ddd9"; +in +{ + options = { + swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; + }; + config = lib.mkIf config.swarselmodules.server.${serviceName} { + + virtualisation.oci-containers.containers.${serviceName} = { + image = "anirdev/slink@${containerRev}"; + environment = { + "ORIGIN" = "https://${serviceDomain}"; + "TZ" = config.repo.secrets.common.location.timezone; + "STORAGE_PROVIDER" = "local"; + "IMAGE_MAX_SIZE" = "50M"; + "USER_APPROVAL_REQUIRED" = "true"; + }; + ports = [ "${builtins.toString servicePort}:${builtins.toString servicePort}" ]; + volumes = [ + "${serviceDir}/var/data:/app/var/data" + "${serviceDir}/images:/app/slink/images" + ]; + }; + + systemd.tmpfiles.rules = [ + "d ${serviceDir}/var/data 0750 root root - -" + "d ${serviceDir}/images 0750 root root - -" + ]; + + networking.firewall.allowedTCPPorts = [ servicePort ]; + + environment.persistence."/persist".directories = lib.mkIf config.swarselsystems.isImpermanence [ + { directory = serviceDir; } + ]; + + topology.self.services.${serviceName} = { + name = lib.swarselsystems.toCapitalized serviceName; + info = "https://${serviceDomain}"; + icon = "${self}/files/topology-images/shlink.png"; + }; + globals.services.${serviceName}.domain = serviceDomain; + + services.nginx = { + upstreams = { + ${serviceName} = { + servers = { + "localhost:${builtins.toString servicePort}" = { }; + }; + }; + }; + virtualHosts = { + "${serviceDomain}" = { + enableACME = true; + forceSSL = true; + acmeRoot = null; + oauth2.enable = true; + oauth2.allowedGroups = [ "slink_access" ]; + locations = { + "/" = { + proxyPass = "http://${serviceName}"; + setOauth2Headers = false; + }; + "/image" = { + proxyPass = "http://${serviceName}"; + setOauth2Headers = false; + bypassAuth = true; + }; + }; + }; + }; + }; + }; +} diff --git a/modules/nixos/server/spotifyd.nix b/modules/nixos/server/spotifyd.nix index 1de618a..ef4babd 100644 --- a/modules/nixos/server/spotifyd.nix +++ b/modules/nixos/server/spotifyd.nix @@ -6,8 +6,8 @@ let serviceGroup = serviceUser; in { - options.swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; - config = lib.mkIf config.swarselsystems.modules.server.${serviceName} { + options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; + config = lib.mkIf config.swarselmodules.server.${serviceName} { users.groups.${serviceGroup} = { gid = 65136; }; diff --git a/modules/nixos/server/ssh.nix b/modules/nixos/server/ssh.nix index cb8b7ad..a588edf 100644 --- a/modules/nixos/server/ssh.nix +++ b/modules/nixos/server/ssh.nix @@ -1,7 +1,7 @@ { self, lib, config, ... }: { - options.swarselsystems.modules.server.ssh = lib.mkEnableOption "enable ssh on server"; - config = lib.mkIf config.swarselsystems.modules.server.ssh { + options.swarselmodules.server.ssh = lib.mkEnableOption "enable ssh on server"; + config = lib.mkIf config.swarselmodules.server.ssh { services.openssh = { enable = true; startWhenNeeded = lib.mkForce false; diff --git a/modules/nixos/server/syncthing.nix b/modules/nixos/server/syncthing.nix index ef32693..4bde68b 100644 --- a/modules/nixos/server/syncthing.nix +++ b/modules/nixos/server/syncthing.nix @@ -1,18 +1,53 @@ -{ lib, config, ... }: +{ lib, config, configName, ... }: let - inherit (config.repo.secrets.common) workHostName; - servicePort = 8384; serviceUser = "syncthing"; serviceGroup = serviceUser; serviceName = "syncthing"; - serviceDomain = config.repo.secrets.common.services.domains.syncthing1; + specificServiceName = "syncthing-${configName}"; + inherit (config.swarselsystems.syncthing) serviceDomain; + inherit (config.swarselsystems.syncthing) serviceIP; cfg = config.services.${serviceName}; + devices = config.swarselsystems.syncthing.syncDevices; in { - options.swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; - config = lib.mkIf config.swarselsystems.modules.server.${serviceName} { + options = { + swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; + + swarselsystems.syncthing = { + serviceDomain = lib.mkOption { + type = lib.types.str; + default = config.repo.secrets.common.services.domains.syncthing1; + }; + serviceIP = lib.mkOption { + type = lib.types.str; + default = "192.168.1.2"; + }; + syncDevices = lib.mkOption { + type = lib.types.listOf lib.types.str; + default = [ "magicant" "winters" "pyramid" "moonside@oracle" ]; + }; + devices = lib.mkOption { + type = lib.types.attrs; + default = { + "magicant" = { + id = "VMWGEE2-4HDS2QO-KNQOVGN-LXLX6LA-666E4EK-ZBRYRRO-XFEX6FB-6E3XLQO"; + }; + "winters" = { + id = "O7RWDMD-AEAHPP7-7TAVLKZ-BSWNBTU-2VA44MS-EYGUNBB-SLHKB3C-ZSLMOAA"; + }; + "moonside@oracle" = { + id = "VPCDZB6-MGVGQZD-Q6DIZW3-IZJRJTO-TCC3QUQ-2BNTL7P-AKE7FBO-N55UNQE"; + }; + "pyramid" = { + id = "YAPV4BV-I26WPTN-SIP32MV-SQP5TBZ-3CHMTCI-Z3D6EP2-MNDQGLP-53FT3AB"; + }; + }; + }; + }; + }; + config = lib.mkIf config.swarselmodules.server.${serviceName} { users.users.${serviceUser} = { extraGroups = [ "users" ]; @@ -24,39 +59,26 @@ in networking.firewall.allowedTCPPorts = [ servicePort ]; - globals.services."${serviceName}-${config.networking.hostName}".domain = serviceDomain; + globals.services."${specificServiceName}".domain = serviceDomain; services.${serviceName} = rec { enable = true; user = serviceUser; group = serviceGroup; - dataDir = "/Vault/data/${serviceName}"; + dataDir = lib.mkDefault "/Vault/data/${serviceName}"; configDir = "${cfg.dataDir}/.config/${serviceName}"; guiAddress = "0.0.0.0:${builtins.toString servicePort}"; openDefaultPorts = true; # opens ports TCP/UDP 22000 and UDP 21027 for discovery relay.enable = false; settings = { urAccepted = -1; - devices = { - "magicant" = { - id = "VMWGEE2-4HDS2QO-KNQOVGN-LXLX6LA-666E4EK-ZBRYRRO-XFEX6FB-6E3XLQO"; - }; - "milkywell@oracle" = { - id = "ETW6TST-NPK7MKZ-M4LXMHA-QUPQHDT-VTSHH5X-CR5EIN2-YU7E55F-MGT7DQB"; - }; - "${workHostName}" = { - id = "YAPV4BV-I26WPTN-SIP32MV-SQP5TBZ-3CHMTCI-Z3D6EP2-MNDQGLP-53FT3AB"; - }; - "moonside@oracle" = { - id = "VPCDZB6-MGVGQZD-Q6DIZW3-IZJRJTO-TCC3QUQ-2BNTL7P-AKE7FBO-N55UNQE"; - }; - }; + inherit (config.swarselsystems.syncthing) devices; folders = { "Default Folder" = lib.mkForce { path = "${cfg.dataDir}/Sync"; type = "receiveonly"; versioning = null; - devices = [ "milkywell@oracle" "magicant" "${workHostName}" "moonside@oracle" ]; + inherit devices; id = "default"; }; "Obsidian" = { @@ -66,7 +88,7 @@ in type = "simple"; params.keep = "5"; }; - devices = [ "milkywell@oracle" "magicant" "${workHostName}" "moonside@oracle" ]; + inherit devices; id = "yjvni-9eaa7"; }; "Org" = { @@ -76,7 +98,7 @@ in type = "simple"; params.keep = "5"; }; - devices = [ "milkywell@oracle" "magicant" "${workHostName}" "moonside@oracle" ]; + inherit devices; id = "a7xnl-zjj3d"; }; "Vpn" = { @@ -86,28 +108,18 @@ in type = "simple"; params.keep = "5"; }; - devices = [ "milkywell@oracle" "magicant" "${workHostName}" "moonside@oracle" ]; + inherit devices; id = "hgp9s-fyq3p"; }; - # "Documents" = { - # path = "${cfg.dataDir}/Documents"; - # type = "receiveonly"; - # versioning = { - # type = "simple"; - # params.keep = "5"; - # }; - # devices = [ "magicant" "${workHostName}" "moonside@oracle" ]; - # id = "hgr3d-pfu3w"; - # }; }; }; }; nodes.moonside.services.nginx = { upstreams = { - ${serviceName} = { + ${specificServiceName} = { servers = { - "192.168.1.2:${builtins.toString servicePort}" = { }; + "${serviceIP}:${builtins.toString servicePort}" = { }; }; }; }; @@ -118,7 +130,7 @@ in acmeRoot = null; locations = { "/" = { - proxyPass = "http://${serviceName}"; + proxyPass = "http://${specificServiceName}"; extraConfig = '' client_max_body_size 0; ''; diff --git a/modules/nixos/server/transmission.nix b/modules/nixos/server/transmission.nix index 9c3376d..64c2199 100644 --- a/modules/nixos/server/transmission.nix +++ b/modules/nixos/server/transmission.nix @@ -20,8 +20,8 @@ let prowlarrPort = 9696; in { - options.swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} and friends on server"; - config = lib.mkIf config.swarselsystems.modules.server.${serviceName} { + options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} and friends on server"; + config = lib.mkIf config.swarselmodules.server.${serviceName} { # this user/group section is probably unneeded users = { diff --git a/modules/shared/options.nix b/modules/shared/options.nix new file mode 100644 index 0000000..f126351 --- /dev/null +++ b/modules/shared/options.nix @@ -0,0 +1,67 @@ +{ self, config, lib, ... }: +{ + options.swarselsystems = { + withHomeManager = lib.mkOption { + type = lib.types.bool; + default = true; + }; + isSwap = lib.mkOption { + type = lib.types.bool; + default = true; + }; + swapSize = lib.mkOption { + type = lib.types.str; + default = "8G"; + }; + rootDisk = lib.mkOption { + type = lib.types.str; + default = ""; + }; + mainUser = lib.mkOption { + type = lib.types.str; + default = "swarsel"; + }; + isCrypted = lib.mkEnableOption "uses full disk encryption"; + + isImpermanence = lib.mkEnableOption "use impermanence on this system"; + isSecureBoot = lib.mkEnableOption "use secure boot on this system"; + isLaptop = lib.mkEnableOption "laptop host"; + isNixos = lib.mkEnableOption "nixos host"; + isPublic = lib.mkEnableOption "is a public machine (no secrets)"; + isDarwin = lib.mkEnableOption "darwin host"; + isLinux = lib.mkEnableOption "whether this is a linux machine"; + isBtrfs = lib.mkEnableOption "use btrfs filesystem"; + sopsFile = lib.mkOption { + type = lib.types.str; + default = "${config.swarselsystems.flakePath}/secrets/${config.node.name}/secrets.yaml"; + }; + homeDir = lib.mkOption { + type = lib.types.str; + default = "/home/swarsel"; + }; + xdgDir = lib.mkOption { + type = lib.types.str; + default = "/run/user/1000"; + }; + flakePath = lib.mkOption { + type = lib.types.str; + default = "/home/swarsel/.dotfiles"; + }; + wallpaper = lib.mkOption { + type = lib.types.path; + default = "${self}/files/wallpaper/lenovowp.png"; + }; + sharescreen = lib.mkOption { + type = lib.types.str; + default = ""; + }; + lowResolution = lib.mkOption { + type = lib.types.str; + default = ""; + }; + highResolution = lib.mkOption { + type = lib.types.str; + default = ""; + }; + }; +} diff --git a/modules/home/common/sharedsetup.nix b/modules/shared/vars.nix similarity index 82% rename from modules/home/common/sharedsetup.nix rename to modules/shared/vars.nix index ce37e10..79b753a 100644 --- a/modules/home/common/sharedsetup.nix +++ b/modules/shared/vars.nix @@ -1,52 +1,8 @@ -{ self, config, lib, pkgs, globals, minimal, ... }: +{ self, lib, pkgs, ... }: { - options.swarselsystems = { - isLaptop = lib.mkEnableOption "laptop host"; - isNixos = lib.mkEnableOption "nixos host"; - isPublic = lib.mkEnableOption "is a public machine (no secrets)"; - isDarwin = lib.mkEnableOption "darwin host"; - isLinux = lib.mkEnableOption "whether this is a linux machine"; - isBtrfs = lib.mkEnableOption "use btrfs filesystem"; - mainUser = lib.mkOption { - type = lib.types.str; - default = if (!minimal) then globals.user.name else "swarsel"; - }; - sopsFile = lib.mkOption { - type = lib.types.str; - default = "${config.swarselsystems.flakePath}/secrets/${config.node.name}/secrets.yaml"; - }; - homeDir = lib.mkOption { - type = lib.types.str; - default = "/home/swarsel"; - }; - xdgDir = lib.mkOption { - type = lib.types.str; - default = "/run/user/1000"; - }; - flakePath = lib.mkOption { - type = lib.types.str; - default = "/home/swarsel/.dotfiles"; - }; - wallpaper = lib.mkOption { - type = lib.types.path; - default = "${self}/files/wallpaper/lenovowp.png"; - }; - sharescreen = lib.mkOption { - type = lib.types.str; - default = ""; - }; - lowResolution = lib.mkOption { - type = lib.types.str; - default = ""; - }; - highResolution = lib.mkOption { - type = lib.types.str; - default = ""; - }; - - stylix = lib.mkOption { - type = lib.types.attrs; - default = { + _module.args = { + vars = { + stylix = { polarity = "dark"; opacity.popups = 0.5; cursor = { @@ -87,20 +43,15 @@ }; }; }; - }; - stylixHomeTargets = lib.mkOption { - type = lib.types.attrs; - default = { + + stylixHomeTargets = { emacs.enable = false; waybar.enable = false; sway.useWallpaper = false; firefox.profileNames = [ "default" ]; }; - }; - firefox = lib.mkOption { - type = lib.types.attrs; - default = { + firefox = { userChrome = builtins.readFile "${self}/files/firefox/chrome/userChrome.css"; extensions = { packages = with pkgs.nur.repos.rycee.firefox-addons; [ @@ -264,6 +215,5 @@ }; }; }; - }; } diff --git a/nix/globals.nix b/nix/globals.nix index d1f0c77..77d5e01 100644 --- a/nix/globals.nix +++ b/nix/globals.nix @@ -55,6 +55,7 @@ domains services user + root ; }; }; diff --git a/nix/hosts.nix b/nix/hosts.nix index 192c521..85aeaf1 100644 --- a/nix/hosts.nix +++ b/nix/hosts.nix @@ -26,6 +26,14 @@ name = configName; secretsDir = ../hosts/nixos/${configName}/secrets; }; + + swarselprofiles = { + minimal = lib.mkIf minimal (lib.mkDefault true); + }; + + swarselsystems = { + mainUser = lib.mkDefault "swarsel"; + }; } ]; }; @@ -49,6 +57,7 @@ { node.name = configName; node.secretsDir = ../hosts/darwin/${configName}/secrets; + } ]; }; diff --git a/pkgs/github-notifications/default.nix b/pkgs/github-notifications/default.nix index 53b8ce3..c3638e2 100644 --- a/pkgs/github-notifications/default.nix +++ b/pkgs/github-notifications/default.nix @@ -4,7 +4,7 @@ writeShellApplication { inherit name; runtimeInputs = [ jq ]; text = '' - count=$(curl -u Swarsel:"$(cat "$XDG_RUNTIME_DIR/secrets/github-notifications-token")" https://api.github.com/notifications | jq '. | length') + count=$(curl -u Swarsel:"$(cat "$GITHUB_NOTIFICATION_TOKEN_PATH")" https://api.github.com/notifications | jq '. | length') if [[ "$count" != "0" ]]; then echo "{\"text\":\"$count\"}" diff --git a/profiles/home/chaostheatre/default.nix b/profiles/home/chaostheatre/default.nix index 37bd0c4..2288a8a 100644 --- a/profiles/home/chaostheatre/default.nix +++ b/profiles/home/chaostheatre/default.nix @@ -1,8 +1,8 @@ { lib, config, ... }: { - options.swarselsystems.profiles.chaostheatre = lib.mkEnableOption "is this a chaostheatre host"; - config = lib.mkIf config.swarselsystems.profiles.chaostheatre { - swarselsystems.modules = { + options.swarselprofiles.chaostheatre = lib.mkEnableOption "is this a chaostheatre host"; + config = lib.mkIf config.swarselprofiles.chaostheatre { + swarselmodules = { packages = lib.mkDefault true; ownpackages = lib.mkDefault true; general = lib.mkDefault true; diff --git a/profiles/home/darwin/default.nix b/profiles/home/darwin/default.nix deleted file mode 100644 index 29c8307..0000000 --- a/profiles/home/darwin/default.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ lib, config, ... }: -{ - options.swarselsystems.profiles.darwin = lib.mkEnableOption "is this a darwin host"; - config = lib.mkIf config.swarselsystems.profiles.darwin { - swarselsystems.modules = { - general = lib.mkDefault true; - }; - }; - -} diff --git a/profiles/home/framework/default.nix b/profiles/home/framework/default.nix index cbde9f0..b4c28e2 100644 --- a/profiles/home/framework/default.nix +++ b/profiles/home/framework/default.nix @@ -1,8 +1,8 @@ { lib, config, ... }: { - options.swarselsystems.profiles.framework = lib.mkEnableOption "is this a framework brand host"; - config = lib.mkIf config.swarselsystems.profiles.framework { - swarselsystems.modules = { + options.swarselprofiles.framework = lib.mkEnableOption "is this a framework brand host"; + config = lib.mkIf config.swarselprofiles.framework { + swarselmodules = { optional = { framework = lib.mkDefault true; }; diff --git a/profiles/home/localserver/default.nix b/profiles/home/localserver/default.nix index 2a87f51..d906701 100644 --- a/profiles/home/localserver/default.nix +++ b/profiles/home/localserver/default.nix @@ -1,8 +1,8 @@ { lib, config, ... }: { - options.swarselsystems.profiles.server.local = lib.mkEnableOption "is this a local server"; - config = lib.mkIf config.swarselsystems.profiles.server.local { - swarselsystems.modules = { + options.swarselprofiles.server.local = lib.mkEnableOption "is this a local server"; + config = lib.mkIf config.swarselprofiles.server.local { + swarselmodules = { general = lib.mkDefault true; server = { dotfiles = lib.mkDefault true; diff --git a/profiles/home/minimal/default.nix b/profiles/home/minimal/default.nix index 1cca691..bea6b11 100644 --- a/profiles/home/minimal/default.nix +++ b/profiles/home/minimal/default.nix @@ -1,8 +1,8 @@ { lib, config, ... }: { - options.swarselsystems.profiles.minimal = lib.mkEnableOption "is this a personal host"; - config = lib.mkIf config.swarselsystems.profiles.minimal { - swarselsystems.modules = { + options.swarselprofiles.minimal = lib.mkEnableOption "is this a personal host"; + config = lib.mkIf config.swarselprofiles.minimal { + swarselmodules = { general = lib.mkDefault true; sops = lib.mkDefault true; kitty = lib.mkDefault true; diff --git a/profiles/home/personal/default.nix b/profiles/home/personal/default.nix index 5177629..6cb0b04 100644 --- a/profiles/home/personal/default.nix +++ b/profiles/home/personal/default.nix @@ -1,13 +1,13 @@ { lib, config, ... }: { - options.swarselsystems.profiles.personal = lib.mkEnableOption "is this a personal host"; - config = lib.mkIf config.swarselsystems.profiles.personal { - swarselsystems.modules = { + options.swarselprofiles.personal = lib.mkEnableOption "is this a personal host"; + config = lib.mkIf config.swarselprofiles.personal { + swarselmodules = { packages = lib.mkDefault true; ownpackages = lib.mkDefault true; general = lib.mkDefault true; nixgl = lib.mkDefault true; - sops = lib.mkDefault true; + sops = lib.mkDefault false; yubikey = lib.mkDefault false; ssh = lib.mkDefault true; stylix = lib.mkDefault true; diff --git a/profiles/home/reduced/default.nix b/profiles/home/reduced/default.nix index 48ca3ce..7daec76 100644 --- a/profiles/home/reduced/default.nix +++ b/profiles/home/reduced/default.nix @@ -1,8 +1,8 @@ { lib, config, ... }: { - options.swarselsystems.profiles.reduced = lib.mkEnableOption "is this a reduced personal host"; - config = lib.mkIf config.swarselsystems.profiles.reduced { - swarselsystems.modules = { + options.swarselprofiles.reduced = lib.mkEnableOption "is this a reduced personal host"; + config = lib.mkIf config.swarselprofiles.reduced { + swarselmodules = { packages = lib.mkDefault true; ownpackages = lib.mkDefault true; general = lib.mkDefault true; diff --git a/profiles/home/toto/default.nix b/profiles/home/toto/default.nix index a434b37..2f1473a 100644 --- a/profiles/home/toto/default.nix +++ b/profiles/home/toto/default.nix @@ -1,8 +1,8 @@ { lib, config, ... }: { - options.swarselsystems.profiles.toto = lib.mkEnableOption "is this a toto (setup) host"; - config = lib.mkIf config.swarselsystems.profiles.toto { - swarselsystems.modules = { + options.swarselprofiles.toto = lib.mkEnableOption "is this a toto (setup) host"; + config = lib.mkIf config.swarselprofiles.toto { + swarselmodules = { general = lib.mkDefault true; sops = lib.mkDefault true; ssh = lib.mkDefault true; diff --git a/profiles/home/work/default.nix b/profiles/home/work/default.nix index 4653f87..a89b300 100644 --- a/profiles/home/work/default.nix +++ b/profiles/home/work/default.nix @@ -1,8 +1,8 @@ { lib, config, ... }: { - options.swarselsystems.profiles.work = lib.mkEnableOption "is this a work host"; - config = lib.mkIf config.swarselsystems.profiles.work { - swarselsystems.modules = { + options.swarselprofiles.work = lib.mkEnableOption "is this a work host"; + config = lib.mkIf config.swarselprofiles.work { + swarselmodules = { optional = { work = lib.mkDefault true; }; diff --git a/profiles/nixos/amdcpu/default.nix b/profiles/nixos/amdcpu/default.nix index 7d6177b..e0576d5 100644 --- a/profiles/nixos/amdcpu/default.nix +++ b/profiles/nixos/amdcpu/default.nix @@ -1,8 +1,8 @@ { lib, config, ... }: { - options.swarselsystems.profiles.amdcpu = lib.mkEnableOption "is this a host with amd cpu"; - config = lib.mkIf config.swarselsystems.profiles.amdcpu { - swarselsystems.modules = { + options.swarselprofiles.amdcpu = lib.mkEnableOption "is this a host with amd cpu"; + config = lib.mkIf config.swarselprofiles.amdcpu { + swarselmodules = { optional = { amdcpu = lib.mkDefault true; }; diff --git a/profiles/nixos/amdgpu/default.nix b/profiles/nixos/amdgpu/default.nix index 339451f..91810b8 100644 --- a/profiles/nixos/amdgpu/default.nix +++ b/profiles/nixos/amdgpu/default.nix @@ -1,8 +1,8 @@ { lib, config, ... }: { - options.swarselsystems.profiles.amdgpu = lib.mkEnableOption "is this a host with amd gpu"; - config = lib.mkIf config.swarselsystems.profiles.amdgpu { - swarselsystems.modules = { + options.swarselprofiles.amdgpu = lib.mkEnableOption "is this a host with amd gpu"; + config = lib.mkIf config.swarselprofiles.amdgpu { + swarselmodules = { optional = { amdgpu = lib.mkDefault true; }; diff --git a/profiles/nixos/btrfs/default.nix b/profiles/nixos/btrfs/default.nix index ec959ed..4e09c66 100644 --- a/profiles/nixos/btrfs/default.nix +++ b/profiles/nixos/btrfs/default.nix @@ -1,8 +1,8 @@ { lib, config, ... }: { - options.swarselsystems.profiles.btrfs = lib.mkEnableOption "is this a host using btrfs"; - config = lib.mkIf config.swarselsystems.profiles.btrfs { - swarselsystems.modules = { + options.swarselprofiles.btrfs = lib.mkEnableOption "is this a host using btrfs"; + config = lib.mkIf config.swarselprofiles.btrfs { + swarselmodules = { optional = { btrfs = lib.mkDefault true; }; diff --git a/profiles/nixos/chaostheatre/default.nix b/profiles/nixos/chaostheatre/default.nix index 4c677eb..093ca97 100644 --- a/profiles/nixos/chaostheatre/default.nix +++ b/profiles/nixos/chaostheatre/default.nix @@ -1,13 +1,14 @@ { lib, config, ... }: { - options.swarselsystems.profiles.chaostheatre = lib.mkEnableOption "is this a chaostheatre host"; - config = lib.mkIf config.swarselsystems.profiles.chaostheatre { - swarselsystems.modules = { + options.swarselprofiles.chaostheatre = lib.mkEnableOption "is this a chaostheatre host"; + config = lib.mkIf config.swarselprofiles.chaostheatre { + swarselmodules = { packages = lib.mkDefault true; general = lib.mkDefault true; home-manager = lib.mkDefault true; xserver = lib.mkDefault true; users = lib.mkDefault true; + sops = lib.mkDefault true; env = lib.mkDefault true; security = lib.mkDefault true; systemdTimeout = lib.mkDefault true; @@ -16,7 +17,6 @@ pipewire = lib.mkDefault true; network = lib.mkDefault true; time = lib.mkDefault true; - sops = lib.mkDefault false; stylix = lib.mkDefault true; programs = lib.mkDefault true; zsh = lib.mkDefault true; @@ -27,7 +27,7 @@ interceptionTools = lib.mkDefault true; swayosd = lib.mkDefault true; ppd = lib.mkDefault true; - yubikey = lib.mkDefault true; + yubikey = lib.mkDefault false; ledger = lib.mkDefault true; keyboards = lib.mkDefault true; login = lib.mkDefault true; diff --git a/profiles/nixos/framework/default.nix b/profiles/nixos/framework/default.nix index cbde9f0..060c3ec 100644 --- a/profiles/nixos/framework/default.nix +++ b/profiles/nixos/framework/default.nix @@ -1,12 +1,17 @@ { lib, config, ... }: { - options.swarselsystems.profiles.framework = lib.mkEnableOption "is this a framework brand host"; - config = lib.mkIf config.swarselsystems.profiles.framework { - swarselsystems.modules = { + options.swarselprofiles.framework = lib.mkEnableOption "is this a framework brand host"; + config = lib.mkIf config.swarselprofiles.framework { + swarselmodules = { optional = { framework = lib.mkDefault true; }; }; + home-manager.users."${config.swarselsystems.mainUser}" = { + swarselprofiles = { + framework = lib.mkDefault true; + }; + }; }; diff --git a/profiles/nixos/hibernation/default.nix b/profiles/nixos/hibernation/default.nix index 6105cae..b529ff1 100644 --- a/profiles/nixos/hibernation/default.nix +++ b/profiles/nixos/hibernation/default.nix @@ -1,8 +1,8 @@ { lib, config, ... }: { - options.swarselsystems.profiles.hibernation = lib.mkEnableOption "is this a host using hibernation"; - config = lib.mkIf config.swarselsystems.profiles.hibernation { - swarselsystems.modules = { + options.swarselprofiles.hibernation = lib.mkEnableOption "is this a host using hibernation"; + config = lib.mkIf config.swarselprofiles.hibernation { + swarselmodules = { optional = { hibernation = lib.mkDefault true; }; diff --git a/profiles/nixos/localserver/default.nix b/profiles/nixos/localserver/default.nix index 6cb9a55..ada2738 100644 --- a/profiles/nixos/localserver/default.nix +++ b/profiles/nixos/localserver/default.nix @@ -1,47 +1,46 @@ { lib, config, ... }: { - options.swarselsystems.profiles.server.local = lib.mkEnableOption "is this a local server"; - config = lib.mkIf config.swarselsystems.profiles.server.local { - swarselsystems = { - modules = { + options.swarselprofiles.server.local = lib.mkEnableOption "is this a local server"; + config = lib.mkIf config.swarselprofiles.server.local { + swarselmodules = { + general = lib.mkDefault true; + pii = lib.mkDefault true; + home-manager = lib.mkDefault true; + xserver = lib.mkDefault true; + time = lib.mkDefault true; + users = lib.mkDefault true; + sops = lib.mkDefault true; + boot = lib.mkDefault true; + server = { general = lib.mkDefault true; - pii = lib.mkDefault true; - home-manager = lib.mkDefault true; - xserver = lib.mkDefault true; - time = lib.mkDefault true; - users = lib.mkDefault true; - sops = lib.mkDefault true; - server = { - general = lib.mkDefault true; - packages = lib.mkDefault true; - nfs = lib.mkDefault true; - nginx = lib.mkDefault true; - ssh = lib.mkDefault true; - kavita = lib.mkDefault true; - restic = lib.mkDefault true; - jellyfin = lib.mkDefault true; - navidrome = lib.mkDefault true; - spotifyd = lib.mkDefault true; - mpd = lib.mkDefault true; - postgresql = lib.mkDefault true; - matrix = lib.mkDefault true; - nextcloud = lib.mkDefault true; - immich = lib.mkDefault true; - paperless = lib.mkDefault true; - transmission = lib.mkDefault true; - syncthing = lib.mkDefault true; - grafana = lib.mkDefault true; - emacs = lib.mkDefault true; - freshrss = lib.mkDefault true; - jenkins = lib.mkDefault false; - kanidm = lib.mkDefault true; - firefly-iii = lib.mkDefault true; - koillection = lib.mkDefault true; - radicale = lib.mkDefault true; - atuin = lib.mkDefault true; - forgejo = lib.mkDefault true; - ankisync = lib.mkDefault true; - }; + packages = lib.mkDefault true; + nfs = lib.mkDefault true; + nginx = lib.mkDefault true; + ssh = lib.mkDefault true; + kavita = lib.mkDefault true; + restic = lib.mkDefault true; + jellyfin = lib.mkDefault true; + navidrome = lib.mkDefault true; + spotifyd = lib.mkDefault true; + mpd = lib.mkDefault true; + postgresql = lib.mkDefault true; + matrix = lib.mkDefault true; + nextcloud = lib.mkDefault true; + immich = lib.mkDefault true; + paperless = lib.mkDefault true; + transmission = lib.mkDefault true; + syncthing = lib.mkDefault true; + grafana = lib.mkDefault true; + emacs = lib.mkDefault true; + freshrss = lib.mkDefault true; + jenkins = lib.mkDefault false; + kanidm = lib.mkDefault true; + firefly-iii = lib.mkDefault true; + koillection = lib.mkDefault true; + radicale = lib.mkDefault true; + atuin = lib.mkDefault true; + forgejo = lib.mkDefault true; + ankisync = lib.mkDefault true; }; }; }; diff --git a/profiles/nixos/minimal/default.nix b/profiles/nixos/minimal/default.nix index 9b948fa..9929e27 100644 --- a/profiles/nixos/minimal/default.nix +++ b/profiles/nixos/minimal/default.nix @@ -1,8 +1,8 @@ { lib, config, ... }: { - options.swarselsystems.profiles.minimal = lib.mkEnableOption "declare this a minimal host"; - config = lib.mkIf config.swarselsystems.profiles.minimal { - swarselsystems.modules = { + options.swarselprofiles.minimal = lib.mkEnableOption "declare this a minimal host"; + config = lib.mkIf config.swarselprofiles.minimal { + swarselmodules = { general = lib.mkDefault true; home-manager = lib.mkDefault true; xserver = lib.mkDefault true; @@ -16,6 +16,7 @@ zsh = lib.mkDefault true; yubikey = lib.mkDefault true; autologin = lib.mkDefault true; + boot = lib.mkDefault true; server = { ssh = lib.mkDefault true; diff --git a/profiles/nixos/moonside/default.nix b/profiles/nixos/moonside/default.nix index d1403c0..cf80ece 100644 --- a/profiles/nixos/moonside/default.nix +++ b/profiles/nixos/moonside/default.nix @@ -1,27 +1,28 @@ { lib, config, ... }: { - options.swarselsystems.profiles.server.moonside = lib.mkEnableOption "is this a moonside server"; - config = lib.mkIf config.swarselsystems.profiles.server.moonside { - swarselsystems = { - modules = { + options.swarselprofiles.server.moonside = lib.mkEnableOption "is this a moonside server"; + config = lib.mkIf config.swarselprofiles.server.moonside { + swarselmodules = { + general = lib.mkDefault true; + pii = lib.mkDefault true; + home-manager = lib.mkDefault true; + xserver = lib.mkDefault true; + time = lib.mkDefault true; + users = lib.mkDefault true; + impermanence = lib.mkDefault true; + sops = lib.mkDefault true; + boot = lib.mkDefault true; + server = { general = lib.mkDefault true; - pii = lib.mkDefault true; - home-manager = lib.mkDefault true; - xserver = lib.mkDefault true; - time = lib.mkDefault true; - users = lib.mkDefault true; - impermanence = lib.mkDefault true; - sops = lib.mkDefault true; - server = { - general = lib.mkDefault true; - packages = lib.mkDefault true; - nginx = lib.mkDefault true; - ssh = lib.mkDefault true; - oauth2-proxy = lib.mkDefault true; - croc = lib.mkDefault true; - microbin = lib.mkDefault true; - shlink = lib.mkDefault true; - }; + packages = lib.mkDefault true; + nginx = lib.mkDefault true; + ssh = lib.mkDefault true; + oauth2-proxy = lib.mkDefault true; + croc = lib.mkDefault true; + microbin = lib.mkDefault true; + shlink = lib.mkDefault true; + slink = lib.mkDefault true; + syncthing = lib.mkDefault true; }; }; }; diff --git a/profiles/nixos/personal/default.nix b/profiles/nixos/personal/default.nix index d1c806c..c34af54 100644 --- a/profiles/nixos/personal/default.nix +++ b/profiles/nixos/personal/default.nix @@ -1,8 +1,8 @@ { lib, config, ... }: { - options.swarselsystems.profiles.personal = lib.mkEnableOption "is this a personal host"; - config = lib.mkIf config.swarselsystems.profiles.personal { - swarselsystems.modules = { + options.swarselprofiles.personal = lib.mkEnableOption "is this a personal host"; + config = lib.mkIf config.swarselprofiles.personal { + swarselmodules = { packages = lib.mkDefault true; pii = lib.mkDefault true; general = lib.mkDefault true; @@ -44,6 +44,7 @@ lowBattery = lib.mkDefault true; lanzaboote = lib.mkDefault true; autologin = lib.mkDefault true; + boot = lib.mkDefault true; optional = { gaming = lib.mkDefault true; @@ -55,6 +56,11 @@ ssh = lib.mkDefault true; }; }; + home-manager.users."${config.swarselsystems.mainUser}" = { + swarselprofiles = { + personal = lib.mkDefault true; + }; + }; }; diff --git a/profiles/nixos/reduced/default.nix b/profiles/nixos/reduced/default.nix index 3993fac..71bce91 100644 --- a/profiles/nixos/reduced/default.nix +++ b/profiles/nixos/reduced/default.nix @@ -1,8 +1,8 @@ { lib, config, ... }: { - options.swarselsystems.profiles.reduced = lib.mkEnableOption "is this a reduced personal host"; - config = lib.mkIf config.swarselsystems.profiles.reduced { - swarselsystems.modules = { + options.swarselprofiles.reduced = lib.mkEnableOption "is this a reduced personal host"; + config = lib.mkIf config.swarselprofiles.reduced { + swarselmodules = { packages = lib.mkDefault true; pii = lib.mkDefault true; general = lib.mkDefault true; @@ -44,11 +44,17 @@ lowBattery = lib.mkDefault true; lanzaboote = lib.mkDefault true; autologin = lib.mkDefault true; + boot = lib.mkDefault true; server = { ssh = lib.mkDefault true; }; }; + home-manager.users."${config.swarselsystems.mainUser}" = { + swarselprofiles = { + personal = lib.mkDefault true; + }; + }; }; diff --git a/profiles/nixos/syncserver/default.nix b/profiles/nixos/syncserver/default.nix index a784c87..b511dd5 100644 --- a/profiles/nixos/syncserver/default.nix +++ b/profiles/nixos/syncserver/default.nix @@ -1,25 +1,24 @@ { lib, config, ... }: { - options.swarselsystems.profiles.server.syncserver = lib.mkEnableOption "is this a oci syncserver server"; - config = lib.mkIf config.swarselsystems.profiles.server.syncserver { - swarselsystems = { - modules = { + options.swarselprofiles.server.syncserver = lib.mkEnableOption "is this a oci syncserver server"; + config = lib.mkIf config.swarselprofiles.server.syncserver { + swarselmodules = { + general = lib.mkDefault true; + nix-ld = lib.mkDefault true; + pii = lib.mkDefault true; + home-manager = lib.mkDefault true; + xserver = lib.mkDefault true; + time = lib.mkDefault true; + users = lib.mkDefault true; + sops = lib.mkDefault true; + boot = lib.mkDefault true; + server = { general = lib.mkDefault true; - nix-ld = lib.mkDefault true; - pii = lib.mkDefault true; - home-manager = lib.mkDefault true; - xserver = lib.mkDefault true; - time = lib.mkDefault true; - users = lib.mkDefault true; - sops = lib.mkDefault true; - server = { - general = lib.mkDefault true; - packages = lib.mkDefault true; - nginx = lib.mkDefault true; - ssh = lib.mkDefault true; - forgejo = lib.mkDefault false; - ankisync = lib.mkDefault false; - }; + packages = lib.mkDefault true; + nginx = lib.mkDefault true; + ssh = lib.mkDefault true; + forgejo = lib.mkDefault false; + ankisync = lib.mkDefault false; }; }; }; diff --git a/profiles/nixos/toto/default.nix b/profiles/nixos/toto/default.nix index 3647d2e..17532b0 100644 --- a/profiles/nixos/toto/default.nix +++ b/profiles/nixos/toto/default.nix @@ -1,8 +1,8 @@ { lib, config, ... }: { - options.swarselsystems.profiles.toto = lib.mkEnableOption "is this a toto (setup) host"; - config = lib.mkIf config.swarselsystems.profiles.toto { - swarselsystems.modules = { + options.swarselprofiles.toto = lib.mkEnableOption "is this a toto (setup) host"; + config = lib.mkIf config.swarselprofiles.toto { + swarselmodules = { general = lib.mkDefault true; packages = lib.mkDefault true; home-manager = lib.mkDefault true; diff --git a/profiles/nixos/work/default.nix b/profiles/nixos/work/default.nix index dca896e..0740cc4 100644 --- a/profiles/nixos/work/default.nix +++ b/profiles/nixos/work/default.nix @@ -1,12 +1,17 @@ { lib, config, ... }: { - options.swarselsystems.profiles.work = lib.mkEnableOption "is this a work host"; - config = lib.mkIf config.swarselsystems.profiles.work { - swarselsystems.modules = { + options.swarselprofiles.work = lib.mkEnableOption "is this a work host"; + config = lib.mkIf config.swarselprofiles.work { + swarselmodules = { optional = { work = lib.mkDefault true; }; }; + home-manager.users."${config.swarselsystems.mainUser}" = { + swarselprofiles = { + work = lib.mkDefault true; + }; + }; }; diff --git a/secrets/general/secrets.yaml b/secrets/general/secrets.yaml index 88d54c0..ebaf097 100644 --- a/secrets/general/secrets.yaml +++ b/secrets/general/secrets.yaml @@ -20,6 +20,8 @@ u2f-keys: ENC[AES256_GCM,data:4UPXyOYEQR1oybxPLR3JW8ro5gTzq0YQse1lnAP020Nm4JG4El croc-password: ENC[AES256_GCM,data:uz7vI2rrPi1uTKEks4IPnWOt/R6ydlp/cQ==,iv:ZE01XcS6nF1sqz04rC1o20l+1DpNSRVjhC40ZmTVCww=,tag:REjnDQBcDkUzLg2ZsiDUvA==,type:str] #ENC[AES256_GCM,data:qsBNKxd3Ng==,iv:1fNMDJt7vgKFSdghYBZsuDoZ1sWvzj1Zu8NmkjX6Zh8=,tag:0D7EsgN8B1z7/y4iZS/PtQ==,type:comment] github-api-token: ENC[AES256_GCM,data:9AhHkmv4JUjmir77INYflGvjNWW/E17FmfoXs5IUnAlL7B/l8s7UlVob0Az4lOUnm3+R0RWJz0HKMvOdZVZjd3RakdoWqvBHFqOVNF1MNthg2izIiaERsnDXcxj54qJfpD505xFSBWmnTKWVwRZlW5WEsFPuvaVy,iv:wzXT+qsn4VG+R8tGU33EWoaMKs4c/BB5W7f2JvuX2eY=,tag:EEhbktsmWHBwh0iBtfaXlA==,type:str] +#ENC[AES256_GCM,data:vQF1i7rtfz/MBElKIN9j8N0=,iv:jf2SZpulx85yx2sHcnA3iwkiXJcHq4x1fdBUcSRuiK0=,tag:WpUNpH6/8jDvQA8zRGrdKg==,type:comment] +emacs-radicale-pw: ENC[AES256_GCM,data:BIORG0geX8s1WOA=,iv:SeoVn8xHlqQGxZzHrm5I5LITMoutRnz3OygswDc96ew=,tag:C3S4a8IEvCjHgAyRrCaaRw==,type:str] sops: age: - recipient: age1h72072slm2pthn9m2qwjsyy2dsazc6hz97kpzh4gksvv0r2jqecqul8w63 @@ -85,8 +87,8 @@ sops: SjV6L3crUkdLWTlsNFgyRHBla2FFam8KILYsNbLdCirfoC/Vex8yEYpS2G4O0EQP wa1xzPk3Ue0/g67dv5UZFhUn0ZB2XGFC3kEPWpptTj0VL+9Z/r0zKA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-07-07T15:40:09Z" - mac: ENC[AES256_GCM,data:IgodPXcdFB7zYwt1dbRXkuQ2Ko2cAy4L6BvObuP8sWRO26Sn0CRvBtfwEtJLRMoXyS3hXJ25hzTeQOUaTVRw/5GEViM4SxdUuE9b5rX1J7tRftgdI45f12tsBMJQhk4NDtxpm4CSUvh11XqNdBkBjFUMxfZVweXFhoZ7tJ3oElg=,iv:9WNevYqRUe5DtCWN6mMNNwQvxB4Z8ac/zKPocjMa33A=,tag:n/DL3B8WB/YKfcbo6ArMDw==,type:str] + lastmodified: "2025-07-22T05:16:03Z" + mac: ENC[AES256_GCM,data:CoOd5ki9DoSBzwTeTw3JDGPReJD4th+v20AItwIZBLX15eLb1KXANdz5ekHeFZ6ntHq4ij0FUH63W6ojpBdvzJS7GgboQyAThkyJSmqtr7lN9rTa3XZSIKDTZCKm4wrG60q17vUIZXPLxM+NN1Fp2oEyCwt1s7SHM11xJ3JdyBk=,iv:ofyAhu4pjzNAJguU5Z5H9Capqcky/mTMXHEYS/qhvNs=,tag:L9tZRzd5VgbB7lyCkT6yTA==,type:str] pgp: - created_at: "2025-07-10T23:51:26Z" enc: |- diff --git a/secrets/repo/globals.nix.enc b/secrets/repo/globals.nix.enc index 00450be..64a35db 100644 --- a/secrets/repo/globals.nix.enc +++ b/secrets/repo/globals.nix.enc @@ -1,5 +1,5 @@ { - "data": "ENC[AES256_GCM,data:PW4DwwvVLuaUtuvJr/h+Zx+8V1i1D3hVlATFr5yI5nykn7T/ZLf7lJFYJGqms9DHExxiGmYNWCXkFrRqOnKpBajxUuuljaE0Yd4bxIga4hF5KC+nJS5BGT9tVOQfp/sopJvp7QjxLKBcZcZ9uya2+DhxJdhmtRUj5A04ze68PsQMl4zuU7Y=,iv:1rblF4XnYDHpwz0Sl6E/3Xd9ITP5KWC8Qm5Ghf+TaTI=,tag:JmxpswTJZO7y9D4hQEn1Gw==,type:str]", + "data": "ENC[AES256_GCM,data:8qexHpKJg6o1Fb9H50I3H25UOpNFs2sQl2hd3B2hdJRTjc96aVgTgI838Fnn7G6mFBpHqP0SFCU0/CP6SKqbhJ6SucrfpQN/RqZlSCxmuZi3sqv3voNd7/5JzY0D/5XUTfzHkeEA34HS0GcNLLY7m+QskfJdqGSMB5P++88xCNETqv+sRPVegm1ZGttj+tttesLkAcIU0556WiQhyIcpR4ZiO75NWRFerOmb4LxADR+bwBfesfGUfjflsqOSJll17N9SECSWE7o75Ojn+yde/EznK+zQlsCYvPp90d2xU6dpdRNtp9jrjvXvEVCmcwjIqIKXqurc2CU=,iv:xBYgbmjHwhbH+7WR5MLVysrChxr6rERo6WZuu07sUS0=,tag:vMoMu9mrrGRTA3oO2wsnWw==,type:str]", "sops": { "age": [ { @@ -27,8 +27,8 @@ "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBibGlMSU4vUEF5UlNVZzlr\nMTMyOFY2Zi8rZFdZT1JrelZEUUZkZHFvOFdzCjVPbVovaU9nZklJQWNZeDJZNm0r\nMXBIK2hsZEY0NElxTVVMWmN6WU1Ld28KLS0tIENaallkK05SMllia3prV25hZDR2\nZDBNU0dYYnJESG1JZGpvSGp1WW9UMVEKJgfdLp7BRXvyAekecNJiaBXmxSj1qNxx\nZeHceqEkfWV/PzX+RP4LHjXTQCLEOJijbKxDmxSsYq49hC9xjZASuw==\n-----END AGE ENCRYPTED FILE-----\n" } ], - "lastmodified": "2025-07-03T16:55:42Z", - "mac": "ENC[AES256_GCM,data:+k6CeK5XiwsJJtvqr/NnRQvERqsV46tQoDnY6L5ptKQLyhMC8HPhrfn/LTJmRNqA8VXaDwSqm8zn+l8mJK55P/kZeeuLSmsvSYIgKlbp6naAbhyWM/q7IsT1fOAmFGKuG5nKaOy+ufxaXwIWWRPejmi9i+gmEw2FOTNimwyOqwc=,iv:q6P6QuipKMGc5i5oZ7XoU/qkbgo4X/SejfJUorAGb1M=,tag:sGfym1AaYAYHEzwDC5Dgsg==,type:str]", + "lastmodified": "2025-07-22T17:19:04Z", + "mac": "ENC[AES256_GCM,data:r1h9ouXb8o8Vk3/l3SX6hxbPApMn4BcCIs52Jhv9s9RYURMGb9qqPipbX7yFIYDBMka2qJJ0BneJz2EI60nTxx+QqATImR2oot2U6iONrelgs+AL3We//xpHOVHSxQ9XMmeEOcVqXEU3u843jV1RElxarRCwB9yM6IWTPx2qNzA=,iv:bS571Ddgz6Fbhyxy2bL/087ZTD7egcvPoLXD9uF8aN0=,tag:HJBI6G6ivRHhJMXYrNhIKw==,type:str]", "pgp": [ { "created_at": "2025-07-02T12:10:18Z", diff --git a/secrets/repo/pii.nix.enc b/secrets/repo/pii.nix.enc index b3c617b..4a55990 100644 --- a/secrets/repo/pii.nix.enc +++ b/secrets/repo/pii.nix.enc @@ -1,5 +1,5 @@ { - "data": "ENC[AES256_GCM,data:EF0WWDO7RbeBETTY74hH+dPkI0gxqZwJcciHT687Jj/w4T5MuiVBHd61LPhYsnMmoN//yBzRGgNqHr5Cw5EZiwnK2X2/tobv6f8iD56CLM8wQvtUtmRaqjwirSL2MVJlDuaGkUS2D+6hdzqGnRFRiL9FN0Lt/FLU4mX+Iv4iy+SOfd6gaGjJBq34ZdrL1EU5hdzoRFhQKWRi8GyBq5jhyn7JgTDF2q99Cx5EwuN1NrgKsMhtW0VaYxwL6wnhO/iHO0WIIf+ORXuRVZBLFr6AOAg4nG7JL9HWn+QZ8uUBCzYYryqPcUWZ/2V6e/gVsLCNpfVB0MqGnn8zLYx0ADeBnlKTWID2zp8Mb4Ygxx+2pj6pbVKWj2kPG1pMXH58NxaqSU1ouoh8+uhnGj/VMIvJ7I13eo/rf5ju13Qj9mh5MCFMTh8uBN9M6euGgHgwS41N/GmZIGa01qVDjIc4r0NQjIa5/31IcedTzrVaChjV5RVFJIMD0NmqKv4zkv95Q0+mlee/9SZXirXAfgA4bvUnBR/dTOogC7c2MrANyl/mUAch6UmA0FG5ALC+trlvfY2FYdsbKuL4TWN3CqUCO+bD2Nfeg1y7PK/2xZ5gVNCbIRQy/AdZMWU4NX1N4Hrm+seT9cP6etIu2JjFDg4VIyCCgnFW2O95GOHkBRcVZmBE6Y6ttZ7D+UNSsctXO4duerjMd1Hf2NwaDS0KBNPct2wbCfx5L6iCN4/5KW+vzzy3TPxti1qarZG7jyUeWWAsgn27mKq8v7xbAKIPs6+ebsAH2GB4dY1Bk+cr2mpNychJXJ9G+hfRPuU+7eMhNG/ckFx2Axw1BC6MYaz2zGPQZXayTWVvcbx1Lhx9jqL1QjC2WKc3bxPUKWZy9xhOTS/tGMK8MIWk75s5JnJfhnQ/wMMqXjEsaITSQ1hJhKKVDUTo6FfooZXgFhY7wKpW5gl6hstL9YI+ccZmRtHkyb03ibiOVBni0xzQlpY7vh+DKkOCgl+DcKwAslmhCDFyR9s4ARrQojY5LZtDwPStV/LklU5lcelzHiwUNdirWSd0xN7wobZDLO8U1SrMYkqdwKDNGGObc2G5DqDNtpIxv+bvAr5llth5GmVd0soJdTrORDO8ZfbbDcc145pfva58D4jptvpuTbMnTTtYh3vNHZDxUoTVICUsfA+EMKwNSAog4eQhc/jLdCgLO2AdfL+0bGhAu6mk270IOZOD8ZEXCW/ZC5JwYPXLmictIWGtGjZocV8qMXFJB4LDyLm/49HntW22xcgTEG56VN/Y9YHXDrA2KmjPWNRy9OazPwe4Xqk2CjtwL3be0XuQ/dwwUcd8jh7v765cDrLNWgmwFM2SdmImtyKTeevKPiQOjQgfa2yK5Mmmtw8HpyPkYjdGJSFHm+gco+HaEyl3EfZNB/zQ1vhkWK8Fo70FOZ4tCgi6u+6vuxKPSWz8Vgy4d/fWzF1r+/bite6b4fOQYQu7G0yMVMk2aDGJt5cLTsHLTKy/CNFCc8phBfJXi17u+YVvqyjLuD2QwK0ehF/XIvF5xyog7hWruGaAM1homjATItlLe2Bv6Ag8HXMmcS6CFK5FNKhoLIqiCP1rShzQpYQ94f3kwPFCtXehUSj4WY4XKsYGyFQYiQiqxG7SESXDsmaJKl688e/nsFBGNhJa/AKRflN6XC3ZCtarlG00RNiVjh+lpR8Qx2OFv+u96KumbZ+KDiN9s29AWNBJES0wLoLTZ4NDtIBTV6s5quEEh+R6+m0fLQXjvcnR0uQGtdIf4SDp4Is96oUHEfcmmp48lJD5s8nXT5cKA+ZeHyo7ixh/jiZWhHm2hMWK4+US/wPLoFaeiGGl5jaeV4RSL2uF+lJtfDRHR+4u9PFUro0RWNStHIov21kFkCyxzVQ5hBz2avGgqnoPDbYA31PcPlXXEttWmcEaq7Q+5v0Ttm50UBasS9D/gX+h9AzyP7xljf7i+lqlYjS8Abu8V1wwzPXt9kkYfOUX986QGittxhyKAffyGl/D6hvgv3kuzkzQivskrQLw+3y+My2JHRvIawkUVw2twr6sDY8hsNrvQHVfd6nfIBBsC7ZQO+xF68yjEAA2TwGu3eh3nD3i0G6XcZBHhmlTHM4gtRX4/BD2WM2JxSYlRg7cMtKObICP7cBSE7Mxy6Xatx49Ckp7+sE9H/y/EMCHUc48ayoasLPo8LwdjcZsWp69t9zFO1fdW/HBNCAmhrHwdvNieadPqjzGs7gU8cy/GE/pYXoBrWh2Qr3awMvAmmoshnVsHB8BATVo73FVI3UTkNOkppKhzcOFIULxa4qEI/tgjSGBqVTXdMPEX6WL7OQMm7bkhlUyU3BMcNd8IyxK2p+VsznOOQW8fN0NdZtqi6a8lYQIulX73oqM0p/th2eFl18bxMbkm5agEk+bzFPdAQmRKwExwzWDTxjKIf7jChQ8MYD4a7/i2Qc1qYXZGtkNAF6Yf7Rb7q8ECqkiIcAGDiPDtoncM5Fq4z/hFsPbKEypoZqgnRkMWDOGqQFDr6wpJ2U72CJ7FiZQ2Jhwqz8z/wKpRxI5srbzgRkIo/ZCThvKmFfcjLhZGqmtLk0F1VOzW6xgEh9rzaFEvsrY3lrwiDEN3f6D0XftXLYXw+jdqy9pN9twYsbAbWzYGvLp8vQAz6Q/uiyqYxzQnrUKLJYr5e3RfSEP4g8m97y6EqHx9IsYeT8Yybvnc+qKmh4H1xg0VgLzNDKOKjVP4XUtWJax61VDVzICFO/SX88hbmf6fEgNLO79OmWh8svkS7yYFdi4LxWlxeYQOf+hsfawCpRQ0d4AIvOATRDZK0itOKDU/Nx9wyj9MFSHDwAh9MzEQ3BknCNbo/feOx7pri66eVMNJlOTa7dSTAgQsiP8+weNkCWhJrnxgPlNXxicCkPjLtPWPQZm8gozjuNM3fe+YY4zkwkz7E7tctxq5Zai7Ple5stRUYHTPBOXP6TrUUVJfiElh6PHRhamAZUiMzcrM+qM4tdJjtvRJLR7JucAqZqW2dh6Yq9bfH1LufxvukwR+my5sND3mjz9E+S2YPV3fr2cB7sqQqrtBa+UtC3tywk4aVIJ6hTOiWB+HAGAsRGBNuxVb/oUZIlI7ub8N8Vf/tMPwLyfS49LKwwx4lFTxQRKkvpv/ZARR5PtZVIS3nLh4AORqylM2gIi2Lx2862tJ4SEo4WQy1aukQ==,iv:pEDV2WLEFisblx+XrhuoaNpxtk4Byj+jB/ixhsk3uPQ=,tag:T4xI5g6sIrIobuSuViG5+A==,type:str]", + "data": "ENC[AES256_GCM,data:93ubLQUuSE0QMWwXadiH4HGCTMXFj25AbstjRt7Cvwh/jwpsmNcsnJfv7zBE2bl33ystKzMRHVjbp/IPKI0VSBbPbX5joKr0U9tMOXo+9Nc6Z6wFVSO8x5WjxZnj/8WxJMCmON+8lFvadegPxT1gy8aPtK1HKMDYzZp4wEiKzuJNrmwAA7Ofy5nWj1HVVCL7C2PDC7JUJZWVoNx4PITUIJYzc6F5nSCOz8SmIyHewAyUovFLmdnnRYsmyJOYpe3chXxgO60huQEhvJw0lt+OxGNONhGsYUeMFIsA84hfaqosXCXXVC7R8Z8Xr7EvyKoUiQnTr1iSCXFN4FO6PhhM8KO17BXREAmrqlcA74a+csLLj2iAmJ1mMMT2EuIaC3W5XJO6YsVxb8hCNjP2tUg/RxwhiRXN/elhhmsPyk2Csxx9yYOFR3q7BXgRKLvGHQIQZ+HS/vy4m0qsZyKInsDHahcgqggKxsLeGUzOSKEXmznM9Hu058Mn0+i5NoDitZfZ41JZuEaz6bvP6AqLz7mVMiHzfnR9JuuoqpQyHxlq3OQyQGQHJpl6Wmc1lG/QOgHchHxgDJYkGxUNPiC5Y5hV9XxFaVQ8QzArt/nScC7r4ZI2vcMBWAgb5tPJZkltPzuymmJXe5N3T4y7dKb1PaJnWO1rN1A/qYtB31K+bCsguFuo8S7P4mkdHIhJ0f1+dykHmDIlmeN5wJWZHO+Zg47KH1X8pqOFCiZcE0hFkqzlSiuKWNOMFN8WuVqw/JjUf59AD2WPKsuyshaKxjkCoZXKH89mO/9qOpx7R7vAybJHit6X4PeyKUizEl5lCWSW7HmnQPVy2Z8yc2o/rnO3G1lThqeGwqG4uVrEdQvH8oRCDDm9LjRN7TTo77cdZgVnc2bT8UyFOqLg9r0Ux4+0TuQse2ibiGHERNYU/UKZQBVvz28yG5o7LkpIfqHuo4JHpbF20MLoOzYWDj2A+s0pEWlPT7P0EF9POiuK5TKxPCcjCWtd2IgHiPhatNIMD9ygpvfw8f9wkPBTuPN0yJaXa+JlyXf73K+cmigTOhAyoGRB40QzxeZP2/hexUinNBPwy8r+D07bSP9EJi245yKmaZyNn9fEKjGCY4xJeroPY5jTgs8T74k+6onISXzv37XbqTRLfykdjJ3ttk6R2McnS2h1YwTvlTbw0Wsf9ocWc8qjPz4mggxiDalxemKCabM9pRcepGmbkXdtXQi7G17VxT8Ur8Y0zy/M8bVfwYCmhOq0JqHqJuRbo2nMX0kSXFKwZDeNiwmWF77YJscCW3ZU/k0p6yHzWXwk7jTmUD60Ht+kR0uQSt5LNqNty7i9uo783kMXmHoX7Q3UVPf3wtjRDgOxLPMaTFHWeHWoSpHHmCuxvKRBDt0mg3rvtmeRrTgFXCNIBBwgks65TpMrzj/0Pw7GyqZOHvC7GKJY8kwGssS6X8XRD6gxQqPfNl5REv4yT+Oa+6tG6rD6zkFv0pkJIRm0EXRZ+w0gqUzduTE1n64IS/yBJexgVjkJfJKbRinWk50yzymZYeMEIsutpRAiZZ0nBiGRngl0KzvvUA8ranyRUkKD7m5lS+vfwtsKSI6OixK8hBwypUGqR9vD2qWvQVUjkvltPFMiONoLEC6bt/mNuhQGscFGi6tIkra0PUovk0msJ5SnjFpj1hFTs/QEL2xNHx+9q+7XqddzAn6j4t3UjYhyuf3B2QuZ7au2q+NRdzoGDaXM5eJyvCYSMDmZq0vZ0LK60h44b7T5JnstuO59pr6fGKCoQRYfT0eTp86cWRcPugIh05I0CF82080vQhNXvjYxzzLwjkx9zYBCJk5KDE4Q9nZSLzDRl5IwGysOqqwO5t//CAF4tpsyTE81OSgi1ca/+hbl+ro6wQiWVlMhXObuFf/4+6UtsRouY35tXGlgclpvLMsQfpE5Y7HcLQ3+tlsZncXjG2PGNeGyWHZqsWmJjT5p1D9UVRMFwGxQpQiCE6NaVbHN4rIuD5jEDkM6Z/l8nPFSesU2ddQGi8Xtg3gdP+AFXWiIGEqIKSlG7drJ3WMK2FAgkaYk/zgvFYTK8jMjJBm25baJa0LLKGv3v5mU+w/bXr6CmGM+1GbhM0jnb3LSCsDIFJFpeILWsI7Ej62w/knwNzaHw251fquecbUEUkXkGeBq/izATp6TXHB07RL9BIMDaOlrSI3Pb/ej77MjcNkvZMfSJdDL+O/Ob5JgPQYp+tyubipLNaAxnlNlKvEzm5KSacHIXyDHUpYzsx84J6x65i2AbrtmJ1O2ontwOY2vlrSEQgduDuTZm48D2BBCZZ7TTAP2E+yD1GllGlSZY69TQSKF08gFbrSf+Jj+AXKOrQQerXc47hFAMPFScTH0rtN1zsM9pV0d/5zhkFePatL8Ztoa8uJUCVpJxu2z+h8BedIDfhXtijCxEmOKc+9iLokTyWupk/uCQyLqJO+cqYqf6T4Rf4S9XmlkPELGPSRwpOjSDhlKyWf72sbvokgIQ6G/TRQIGlOMlmTn60j0Mf6kWmL3hx6LWVN7kH4TpHmryWy2s0pgKEiqNihvoM3IR9NhM4cv2RTbY6NG3x5ql3Y8A9Aoor9tuS4IDCDb8n/TZ63CxSui+c7qGLCdg0znUlWv2XvTOTjleCHgukMbUqDqXphE3/vwMePJ/uXA3PBZ8gWCuOhsa5FU9ABi17h37XKhZG6Vys6iw2EWN3VbIEsdjjVPBDNCluy7eoEJGNKATS4Y6/5bhXUBtYOYI2WvoJCdR35WR0grkDsV7AaGdKGg/slKByWXmyOw2Rrj0siz0SC/42DhwDB46dL+0EZpL+pnBv/pT/PcMJ/hrp1blgdgXgRSH56cLHQhmX6SdZT55DSCW6BKfSDSAH9fVuSAVzdqBgjMhzQ3ar94UjTCkSXVu0NspZm2BKQprsgnAbUz192/phZ+jrVkcIb+iq6+HgJ3BYT+ByKR3e4AoBN6HvANYjXOgLe3iExeo7QIgdDWyXZH8mxOz4j/BPN8EjsHrk7FazgrID5oJSHDDBJ36hKoAvjCSsMHveWrbBwS00hGIpgGX5EaCaeTE/6UYZ0DF56M8/pa4L3khyDs/sXUCsJEoxQcvMkt2IFAnoKXpkWPND8iLFt0DSq7ov9+rKjXpgeH0K/DIj0Qfkwk66EusEUtwux4EYTofwcyorlpgA5RXzAZB5jroqmcL5I79uZ/oLyoBjulS4nEcKQihcSEozRVSSiQlKHsb0DWOKovUlwdBossAQUXcrShAhkfddc3iqIonpFDJYw6np9HwZ+QSOXNaEkRtucW+J0I6YSTHnRF64GARGpvF9DXlpbhfONm96mgTpkCkO2NekNP2nuvWnIs+MDmD8BZd2o2hLPo1Hmr+2n0Gkvd5DJAemfggTrEZ8YuaMnQbhwOKJ79Vu4N7mmhghDjuHi55hnzZDEUXgeyJ/rQTsiD4V29kOnPvoMBNRGSD74LPptOceXw1HqoOyMI+wDXHTj00Elr33rTEJ0lfcFvtW8EgvU85mCHP1/TC5Ms2jKAUvVBGSC7CGkwx7O0mSCujU+BYTD/1r1a2KdGyhvU5xVcMp0RMm7y25I+5ckWJUzrN2A3wO3ANJZ0PE6qk49316/XDyK0xn2C1EvFxT7nl/e/KTmCUBm/8Bx0suiAand4PhCbuMT8IcENCBEglwg0aEYTo2HkKmJFOkPzVjW0VAyXR4/NYjt0lAIGN7AsBVo+Wp2N3O+67eqA+wjMFV/6pAc8u0Pla7NfzCiM9hcgWH0+fKD+DJSiRU536gucBA0vXMWzjEzy6Hy2cn3j7fm6Q6B1MjVHzAmZqElPm3frGxv7eOTJzKS+YhqzPkBuF5wa0MUskmFd4aHt/zchSlMD183A3CmPxV7lwM+d0q0O7OoB8uH4AyM4DnkTvBP+jDxlEaVP85dbX0EHexmTLGweH2QL5W2stLNxGGPjROIMJRUz1yc=,iv:sTMh997U5saMDn6pvEmSjEv9czye1NhMPJOwrcb/JHs=,tag:56yLcBmZ0bu89cBTYHEFuw==,type:str]", "sops": { "age": [ { @@ -27,8 +27,8 @@ "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtU240VjVRZmJ5TGsrclJF\nRXRLbTRCZURtR0Z3d2E2eDNNeGRDODlXVEY4CllTeVFYbDJQWlRSS1RFLzAxSnlM\nZi9NU1c3cWo3YWRLcUJ2U2ZFWFBBVEEKLS0tIGtmZU9qSWdBT3RDeStaaFFDSWtk\ndkUzZXJwZUl4LzVxYXdidmxXRnNnclUKyAMZqCKSY/RQvTR4bbjLaPnGKwdBcHXc\nvtiVSrLdIdzMa6id/J07TJH5UesUmcp0wjU41MDa4aMBLy+cXhuBHA==\n-----END AGE ENCRYPTED FILE-----\n" } ], - "lastmodified": "2025-07-14T02:08:47Z", - "mac": "ENC[AES256_GCM,data:ZT2q2cHleWw+h7JNzWi+UnFo7G72xMMjzkbr4Ixp09xT9jqHjeHRitRveoNyh8jcRSbWxVeYf1fpKEKPEAxqU77NORhD/QBFjQm1iG/UH/xkRNBTQ/kE+yp/6jlkyfJ/m8ulTSbegz2eQkko9HP9qG7+QMcESP6zE7ko8UFPXAY=,iv:AvQDzn9kQYj1cr6K/luFZkv2G1UAQT27cA9/pQMRJl0=,tag:uuH3aZSI644HrJXYR5I7UQ==,type:str]", + "lastmodified": "2025-07-22T05:18:26Z", + "mac": "ENC[AES256_GCM,data:lxQFZ8hWrBepjVzeaBrHS4SpkwQzXyEvJu6fclWAvEby1w+eG7kMR3quHzD/F6zPoT3jLdFM3fSIhjVOSslSnut0pTtselvco23YtbYzEz1JK/mTGW6IytGQvZVH1HGM3lwHJ9G7jLPRUq5CBQr4zULtqZBO4rK+f9YnFChhPyY=,iv:DsgxvDPHWv8qHqYB3RXiVmZcZfdxI6iUFABHj2iE0Bg=,tag:KK0RYpLgyzVSQPYIr4DLTQ==,type:str]", "pgp": [ { "created_at": "2025-06-13T20:13:06Z",