From 57d5ea065ada50e304c5cbffe985614e274cc449 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leon=20Schwarz=C3=A4ugl?= Date: Wed, 16 Jul 2025 18:23:00 +0200 Subject: [PATCH 01/16] feat: share config between nixos / home-manager --- SwarselSystems.org | 986 +++++++++--------- hosts/nixos/bakery/default.nix | 16 +- hosts/nixos/chaostheatre/default.nix | 10 +- hosts/nixos/milkywell/default.nix | 10 +- hosts/nixos/moonside/default.nix | 6 +- hosts/nixos/pyramid/default.nix | 106 +- hosts/nixos/toto/default.nix | 10 +- hosts/nixos/winters/default.nix | 6 +- modules/home/common/atuin.nix | 4 +- modules/home/common/custom-packages.nix | 4 +- modules/home/common/default.nix | 6 +- modules/home/common/desktop.nix | 4 +- modules/home/common/direnv.nix | 4 +- modules/home/common/emacs.nix | 4 +- modules/home/common/env.nix | 4 +- modules/home/common/eza.nix | 4 +- modules/home/common/firefox.nix | 4 +- modules/home/common/fuzzel.nix | 4 +- modules/home/common/gammastep.nix | 4 +- modules/home/common/git.nix | 4 +- modules/home/common/gnome-keyring.nix | 4 +- modules/home/common/gpg-agent.nix | 4 +- modules/home/common/kanshi.nix | 4 +- modules/home/common/kdeconnect.nix | 4 +- modules/home/common/kitty.nix | 4 +- modules/home/common/mail.nix | 4 +- modules/home/common/mako.nix | 4 +- modules/home/common/nix-index.nix | 4 +- modules/home/common/nixgl.nix | 4 +- modules/home/common/packages.nix | 4 +- modules/home/common/password-store.nix | 4 +- modules/home/common/programs.nix | 4 +- modules/home/common/settings.nix | 4 +- modules/home/common/sharedoptions.nix | 12 + modules/home/common/sops.nix | 4 +- modules/home/common/ssh.nix | 4 +- modules/home/common/starship.nix | 4 +- modules/home/common/stylix.nix | 4 +- modules/home/common/sway.nix | 4 +- modules/home/common/swayosd.nix | 4 +- modules/home/common/symlink.nix | 4 +- modules/home/common/tmux.nix | 4 +- modules/home/common/waybar.nix | 4 +- .../home/common/yubikey-touch-detector.nix | 4 +- modules/home/common/yubikey.nix | 4 +- modules/home/common/zellij.nix | 4 +- modules/home/common/zsh.nix | 4 +- modules/home/darwin/default.nix | 3 +- modules/home/optional/framework.nix | 4 +- modules/home/optional/gaming.nix | 4 +- modules/home/optional/work.nix | 4 +- modules/home/server/default.nix | 1 - modules/home/server/symlink.nix | 4 +- modules/nixos/client/appimage.nix | 4 +- modules/nixos/client/autologin.nix | 4 +- modules/nixos/client/blueman.nix | 4 +- modules/nixos/client/distrobox.nix | 4 +- modules/nixos/client/env.nix | 4 +- modules/nixos/client/gnome-keyring.nix | 4 +- modules/nixos/client/gvfs.nix | 4 +- modules/nixos/client/hardware.nix | 4 +- .../hardwarecompatibility-keyboards.nix | 4 +- .../client/hardwarecompatibility-ledger.nix | 4 +- .../client/hardwarecompatibility-yubikey.nix | 4 +- modules/nixos/client/interceptiontools.nix | 4 +- modules/nixos/client/lid.nix | 4 +- modules/nixos/client/login.nix | 4 +- modules/nixos/client/lowbattery.nix | 4 +- modules/nixos/client/network.nix | 4 +- modules/nixos/client/networkdevices.nix | 4 +- modules/nixos/client/nix-ld.nix | 4 +- modules/nixos/client/nvd-rebuild.nix | 4 +- modules/nixos/client/packages.nix | 4 +- modules/nixos/client/pipewire.nix | 4 +- modules/nixos/client/polkit.nix | 4 +- .../nixos/client/power-profiles-daemon.nix | 4 +- modules/nixos/client/programs.nix | 4 +- modules/nixos/client/pulseaudio.nix | 4 +- modules/nixos/client/sops.nix | 4 +- modules/nixos/client/stylix.nix | 4 +- modules/nixos/client/sway.nix | 4 +- modules/nixos/client/swayosd.nix | 4 +- modules/nixos/client/syncthing.nix | 4 +- modules/nixos/client/systemd.nix | 4 +- modules/nixos/client/xdg-portal.nix | 4 +- modules/nixos/client/zsh.nix | 4 +- modules/nixos/common/home-manager.nix | 11 +- modules/nixos/common/impermanence.nix | 4 +- modules/nixos/common/lanzaboote.nix | 4 +- modules/nixos/common/pii.nix | 4 +- modules/nixos/common/settings.nix | 4 +- modules/nixos/common/sharedsetup.nix | 27 - modules/nixos/common/time.nix | 4 +- modules/nixos/common/users.nix | 4 +- modules/nixos/common/xserver.nix | 4 +- modules/nixos/darwin/default.nix | 4 +- modules/nixos/optional/amdcpu.nix | 4 +- modules/nixos/optional/amdgpu.nix | 4 +- modules/nixos/optional/btrfs.nix | 4 +- modules/nixos/optional/default.nix | 7 +- modules/nixos/optional/framework.nix | 4 +- modules/nixos/optional/gaming.nix | 4 +- modules/nixos/optional/hibernation.nix | 4 +- modules/nixos/optional/nswitch-rcm.nix | 4 +- modules/nixos/optional/virtualbox.nix | 4 +- modules/nixos/optional/vmware.nix | 4 +- modules/nixos/optional/work.nix | 4 +- modules/nixos/server/ankisync.nix | 4 +- modules/nixos/server/atuin.nix | 4 +- modules/nixos/server/croc.nix | 4 +- modules/nixos/server/emacs.nix | 4 +- modules/nixos/server/firefly-iii.nix | 4 +- modules/nixos/server/forgejo.nix | 4 +- modules/nixos/server/freshrss.nix | 4 +- modules/nixos/server/immich.nix | 4 +- modules/nixos/server/jellyfin.nix | 4 +- modules/nixos/server/jenkins.nix | 4 +- modules/nixos/server/kanidm.nix | 4 +- modules/nixos/server/kavita.nix | 4 +- modules/nixos/server/koillection.nix | 4 +- modules/nixos/server/matrix.nix | 4 +- modules/nixos/server/microbin.nix | 4 +- modules/nixos/server/monitoring.nix | 6 +- modules/nixos/server/mpd.nix | 4 +- modules/nixos/server/navidrome.nix | 4 +- modules/nixos/server/nextcloud.nix | 4 +- modules/nixos/server/nfs.nix | 4 +- modules/nixos/server/nginx.nix | 4 +- modules/nixos/server/oauth2-proxy.nix | 4 +- modules/nixos/server/packages.nix | 4 +- modules/nixos/server/paperless.nix | 4 +- modules/nixos/server/pipewire.nix | 2 +- modules/nixos/server/postgresql.nix | 4 +- modules/nixos/server/radicale.nix | 4 +- modules/nixos/server/restic.nix | 4 +- modules/nixos/server/settings.nix | 5 +- modules/nixos/server/shlink.nix | 4 +- modules/nixos/server/spotifyd.nix | 4 +- modules/nixos/server/ssh.nix | 4 +- modules/nixos/server/syncthing.nix | 4 +- modules/nixos/server/transmission.nix | 4 +- .../{home/common => shared}/sharedsetup.nix | 31 +- nix/hosts.nix | 6 + profiles/home/chaostheatre/default.nix | 6 +- profiles/home/darwin/default.nix | 10 - profiles/home/framework/default.nix | 6 +- profiles/home/localserver/default.nix | 6 +- profiles/home/minimal/default.nix | 6 +- profiles/home/personal/default.nix | 6 +- profiles/home/reduced/default.nix | 6 +- profiles/home/toto/default.nix | 6 +- profiles/home/work/default.nix | 6 +- profiles/nixos/amdcpu/default.nix | 6 +- profiles/nixos/amdgpu/default.nix | 6 +- profiles/nixos/btrfs/default.nix | 6 +- profiles/nixos/chaostheatre/default.nix | 6 +- profiles/nixos/framework/default.nix | 13 +- profiles/nixos/hibernation/default.nix | 6 +- profiles/nixos/localserver/default.nix | 80 +- profiles/nixos/minimal/default.nix | 6 +- profiles/nixos/moonside/default.nix | 40 +- profiles/nixos/personal/default.nix | 13 +- profiles/nixos/reduced/default.nix | 6 +- profiles/nixos/syncserver/default.nix | 36 +- profiles/nixos/toto/default.nix | 6 +- profiles/nixos/work/default.nix | 13 +- 166 files changed, 1029 insertions(+), 1031 deletions(-) create mode 100644 modules/home/common/sharedoptions.nix delete mode 100644 modules/nixos/common/sharedsetup.nix rename modules/{home/common => shared}/sharedsetup.nix (93%) delete mode 100644 profiles/home/darwin/default.nix diff --git a/SwarselSystems.org b/SwarselSystems.org index a31f31c..9eb466c 100644 --- a/SwarselSystems.org +++ b/SwarselSystems.org @@ -838,6 +838,11 @@ The rest of the outputs either define or help define the actual configurations: name = configName; secretsDir = ../hosts/nixos/${configName}/secrets; }; + + swarselprofiles = { + minimal = lib.mkIf minimal true; + }; + } ]; }; @@ -861,6 +866,7 @@ The rest of the outputs either define or help define the actual configurations: { node.name = configName; node.secretsDir = ../hosts/darwin/${configName}/secrets; + } ]; }; @@ -1771,19 +1777,6 @@ My work machine. Built for more security, this is the gold standard of my config { self, config, inputs, lib, minimal, ... }: let primaryUser = config.swarselsystems.mainUser; - sharedOptions = { - isLaptop = true; - isNixos = true; - isBtrfs = true; - isLinux = true; - sharescreen = "eDP-2"; - profiles = { - personal = lib.mkIf (!minimal) true; - minimal = lib.mkIf minimal true; - work = lib.mkIf (!minimal) true; - framework = lib.mkIf (!minimal) true; - }; - }; in { @@ -1796,54 +1789,57 @@ My work machine. Built for more security, this is the gold standard of my config ]; - swarselsystems = lib.recursiveUpdate - { - info = "Framework Laptop 16, 7940HS, RX7700S, 64GB RAM"; - firewall = lib.mkForce true; - wallpaper = self + /files/wallpaper/lenovowp.png; - hasBluetooth = true; - hasFingerprint = true; - isImpermanence = false; - isSecureBoot = true; - isCrypted = true; - inherit (config.repo.secrets.local) hostName; - inherit (config.repo.secrets.local) fqdn; - hibernation.offset = 533760; - profiles = { - amdcpu = true; - amdgpu = true; - hibernation = true; - btrfs = true; - }; - } - sharedOptions; + swarselprofiles = { + personal = lib.mkIf (!minimal) true; + work = lib.mkIf (!minimal) true; + framework = lib.mkIf (!minimal) true; + amdcpu = true; + amdgpu = true; + hibernation = true; + btrfs = true; + }; + swarselsystems = { + lowResolution = "1280x800"; + highResolution = "2560x1600"; + isLaptop = true; + isNixos = true; + isBtrfs = true; + isLinux = true; + sharescreen = "eDP-2"; + info = "Framework Laptop 16, 7940HS, RX7700S, 64GB RAM"; + firewall = lib.mkForce true; + wallpaper = self + /files/wallpaper/lenovowp.png; + hasBluetooth = true; + hasFingerprint = true; + isImpermanence = false; + isSecureBoot = true; + isCrypted = true; + inherit (config.repo.secrets.local) hostName; + inherit (config.repo.secrets.local) fqdn; + hibernation.offset = 533760; + }; home-manager.users."${primaryUser}" = { - # home.stateVersion = lib.mkForce "23.05"; - swarselsystems = lib.recursiveUpdate - { - isSecondaryGpu = true; - SecondaryGpuCard = "pci-0000_03_00_0"; - cpuCount = 16; - temperatureHwmon = { - isAbsolutePath = true; - path = "/sys/devices/virtual/thermal/thermal_zone0/"; - input-filename = "temp4_input"; + swarselsystems = { + isSecondaryGpu = true; + SecondaryGpuCard = "pci-0000_03_00_0"; + cpuCount = 16; + temperatureHwmon = { + isAbsolutePath = true; + path = "/sys/devices/virtual/thermal/thermal_zone0/"; + input-filename = "temp4_input"; + }; + monitors = { + main = { + name = "BOE 0x0BC9 Unknown"; + mode = "2560x1600"; # TEMPLATE + scale = "1"; + position = "2560,0"; + workspace = "15:L"; + output = "eDP-2"; }; - lowResolution = "1280x800"; - highResolution = "2560x1600"; - monitors = { - main = { - name = "BOE 0x0BC9 Unknown"; - mode = "2560x1600"; # TEMPLATE - scale = "1"; - position = "2560,0"; - workspace = "15:L"; - output = "eDP-2"; - }; - }; - } - sharedOptions; + }; + }; }; } @@ -2038,10 +2034,6 @@ My personal laptop. isBtrfs = true; isLinux = true; sharescreen = "eDP-1"; - profiles = { - reduced = lib.mkIf (!minimal) true; - minimal = lib.mkIf minimal true; - }; }; in { @@ -2054,6 +2046,11 @@ My personal laptop. ]; + swarselprofiles = { + reduced = lib.mkIf (!minimal) true; + minimal = lib.mkIf minimal true; + btrfs = true; + }; swarselsystems = lib.recursiveUpdate { @@ -2069,13 +2066,14 @@ My personal laptop. rootDisk = "/dev/nvme0n1"; swapSize = "4G"; hostName = config.node.name; - profiles = { - btrfs = true; - }; } sharedOptions; home-manager.users."${primaryUser}" = { + swarselprofiles = { + reduced = lib.mkIf (!minimal) true; + minimal = lib.mkIf minimal true; + }; # home.stateVersion = lib.mkForce "23.05"; swarselsystems = lib.recursiveUpdate { @@ -2279,9 +2277,6 @@ This is my main server that I run at home. It handles most tasks that require bi isBtrfs = false; isLinux = true; isNixos = true; - profiles = { - server.local = true; - }; }; in { @@ -2304,6 +2299,9 @@ This is my main server that I run at home. It handles most tasks that require bi }; + swarselprofiles = { + server.local = true; + }; swarselsystems = lib.recursiveUpdate { info = "ASRock J4105-ITX, 32GB RAM"; @@ -2502,9 +2500,6 @@ This machine mainly acts as an external sync helper. It manages the following th isLinux = true; isNixos = true; }; - profiles = { - minimal = lib.mkIf minimal true; - }; in { imports = [ @@ -2528,6 +2523,10 @@ This machine mainly acts as an external sync helper. It manages the following th enableAllFirmware = lib.mkForce false; }; + swarselprofiles = { + minimal = lib.mkIf minimal true; + server.syncserver = true; + }; swarselsystems = lib.recursiveUpdate { info = "VM.Standard.E2.1.Micro"; @@ -2537,9 +2536,6 @@ This machine mainly acts as an external sync helper. It manages the following th isSwap = true; rootDisk = "/dev/sda"; swapSize = "4G"; - profiles = { - server.syncserver = true; - }; } sharedOptions; @@ -2909,6 +2905,9 @@ This machine mainly acts as an external sync helper. It manages the following th }; }; + swarselprofiles = { + server.moonside = true; + }; swarselsystems = lib.recursiveUpdate { info = "VM.Standard.A1.Flex, 4 OCPUs, 24GB RAM"; @@ -2917,9 +2916,6 @@ This machine mainly acts as an external sync helper. It manages the following th isCrypted = false; isSwap = false; rootDisk = "/dev/sda"; - profiles = { - server.moonside = true; - }; } sharedOptions; @@ -3110,10 +3106,6 @@ This is a slim setup for developing base configuration. I do not track the hardw sharedOptions = { isBtrfs = true; isLinux = true; - profiles = { - toto = lib.mkIf (!minimal) true; - minimal = lib.mkIf minimal true; - }; }; in { @@ -3130,6 +3122,11 @@ This is a slim setup for developing base configuration. I do not track the hardw firewall.enable = false; }; + swarselprofiles = { + toto = lib.mkIf (!minimal) true; + minimal = lib.mkIf minimal true; + btrfs = true; + }; swarselsystems = lib.recursiveUpdate { info = "~SwarselSystems~ remote install helper"; @@ -3141,7 +3138,6 @@ This is a slim setup for developing base configuration. I do not track the hardw swapSize = "2G"; # rootDisk = "/dev/nvme0n1"; rootDisk = "/dev/vda"; - profiles.btrfs = true; # rootDisk = "/dev/vda"; } sharedOptions; @@ -3544,10 +3540,6 @@ I also set the =WLR_RENDERER_ALLOW_SOFTWARE=1= to allow this configuration to ru isBtrfs = false; isLinux = true; isPublic = true; - profiles = { - chaostheatre = lib.mkIf (!minimal) true; - minimal = lib.mkIf minimal true; - }; }; in { @@ -3577,6 +3569,11 @@ I also set the =WLR_RENDERER_ALLOW_SOFTWARE=1= to allow this configuration to ru firewall.enable = true; }; + swarselprofiles = { + chaostheatre = lib.mkIf (!minimal) true; + minimal = lib.mkIf minimal true; + btrfs = true; + }; swarselsystems = lib.recursiveUpdate { info = "~SwarselSystems~ demo host"; @@ -3587,7 +3584,6 @@ I also set the =WLR_RENDERER_ALLOW_SOFTWARE=1= to allow this configuration to ru isSwap = true; swapSize = "4G"; rootDisk = "/dev/vda"; - profiles.btrfs = true; } sharedOptions; @@ -3966,41 +3962,25 @@ This section is for setting things that should be used on hosts that are using t } #+end_src -**** Shared Configuration Options (automatically active) +**** Mirror home-manager shared options (automatically active) :PROPERTIES: -:CUSTOM_ID: h:f4f22166-e345-43e6-b15f-b7f5bb886554 +:CUSTOM_ID: h:30b81bf9-1e69-4ce8-88af-5592896bcee4 :END: -I usually use =mutableUsers = false= in my NixOS configuration. However, on a new system where sops-keys have not been deployed, this would immediately lock me out of the system. Hence this flag can be used until sops-keys are created. -#+begin_src nix-ts :tangle modules/nixos/common/sharedsetup.nix - { lib, ... }: - { - options = { - swarselsystems = { - withHomeManager = lib.mkOption { - type = lib.types.bool; - default = true; - }; - isSwap = lib.mkOption { - type = lib.types.bool; - default = true; - }; - swapSize = lib.mkOption { - type = lib.types.str; - default = "8G"; - }; - rootDisk = lib.mkOption { - type = lib.types.str; - default = ""; - }; - isCrypted = lib.mkEnableOption "uses full disk encryption"; - - isImpermanence = lib.mkEnableOption "use impermanence on this system"; - isSecureBoot = lib.mkEnableOption "use secure boot on this system"; - }; - }; - } +#+begin_src nix-ts :tangle modules/home/common/sharedoptions.nix + { lib, config, nixosConfig, ... }: + let + # mirrorAttrs = lib.mapAttrs (_: v: lib.mkDefault v) nixosConfig.swarselsystems; + inherit (lib) mkDefault mapAttrs filterAttrs; + mkDefaultCommonAttrs = base: defaults: + lib.mapAttrs (_: v: lib.mkDefault v) + (lib.filterAttrs (k: _: base ? ${k}) defaults); + in + { + # config.swarselsystems = mirrorAttrs; + config.swarselsystems = mkDefaultCommonAttrs config.swarselsystems nixosConfig.swarselsystems; + } #+end_src **** Topology (automatically active) @@ -4111,8 +4091,8 @@ A breakdown of the flags being set: }; in { - options.swarselsystems.modules.general = lib.mkEnableOption "general nix settings"; - config = lib.mkIf config.swarselsystems.modules.general + options.swarselmodules.general = lib.mkEnableOption "general nix settings"; + config = lib.mkIf config.swarselmodules.general (lib.recursiveUpdate { sops.secrets.github-api-token = lib.mkIf (!minimal) { @@ -4168,10 +4148,10 @@ A breakdown of the flags being set: We enable the use of =home-manager= as a NixoS module. A nice trick here is the =extraSpecialArgs = inputs= line, which enables the use of =seflf= in most parts of the configuration. This is useful to refer to the root of the flake (which is otherwise quite hard while maintaining flake purity). #+begin_src nix-ts :tangle modules/nixos/common/home-manager.nix - { self, inputs, config, lib, outputs, globals, nodes, minimal, configName, ... }: + { self, inputs, config, lib, outputs, globals, options, nodes, minimal, configName, ... }: { - options.swarselsystems.modules.home-manager = lib.mkEnableOption "home-manager"; - config = lib.mkIf config.swarselsystems.modules.home-manager { + options.swarselmodules.home-manager = lib.mkEnableOption "home-manager"; + config = lib.mkIf config.swarselmodules.home-manager { home-manager = lib.mkIf config.swarselsystems.withHomeManager { useGlobalPkgs = true; useUserPackages = true; @@ -4184,6 +4164,11 @@ We enable the use of =home-manager= as a NixoS module. A nice trick here is the imports = [ "${self}/profiles/home" "${self}/modules/home" + { + swarselprofiles = { + minimal = lib.mkIf minimal true; + }; + } # "${self}/modules/nixos/common/pii.nix" # "${self}/modules/nixos/common/meta.nix" ]; @@ -4215,8 +4200,8 @@ For that reason, make sure that =sops-nix= is properly working before finishing sopsFile = self + /secrets/general/secrets.yaml; in { - options.swarselsystems.modules.users = lib.mkEnableOption "user config"; - config = lib.mkIf config.swarselsystems.modules.users { + options.swarselmodules.users = lib.mkEnableOption "user config"; + config = lib.mkIf config.swarselmodules.users { sops.secrets.main-user-hashed-pw = lib.mkIf (!config.swarselsystems.isPublic) { inherit sopsFile; neededForUsers = true; }; users = { @@ -4244,8 +4229,8 @@ Next, we setup the keymap in case we are not in a graphical session. At this poi #+begin_src nix-ts :tangle modules/nixos/common/xserver.nix { lib, config, ... }: { - options.swarselsystems.modules.xserver = lib.mkEnableOption "xserver keymap"; - config = lib.mkIf config.swarselsystems.modules.packages { + options.swarselmodules.xserver = lib.mkEnableOption "xserver keymap"; + config = lib.mkIf config.swarselmodules.packages { services.xserver = { xkb = { layout = "us"; @@ -4266,8 +4251,8 @@ Setup timezone and locale. I want to use the US layout, but have the rest adapte #+begin_src nix-ts :tangle modules/nixos/common/time.nix { lib, config, ... }: { - options.swarselsystems.modules.time = lib.mkEnableOption "time config"; - config = lib.mkIf config.swarselsystems.modules.time { + options.swarselmodules.time = lib.mkEnableOption "time config"; + config = lib.mkIf config.swarselmodules.time { time = { timeZone = "Europe/Vienna"; # hardwareClockInLocalTime = true; @@ -4359,9 +4344,9 @@ This is also exposed to home-manager configurations, in case this ever breaks, I description = "Exposes the loaded repo secrets. This option is read-only."; }; }; - swarselsystems.modules.pii = lib.mkEnableOption "enable pii management"; + swarselmodules.pii = lib.mkEnableOption "enable pii management"; }; - config = lib.mkIf config.swarselsystems.modules.pii { + config = lib.mkIf config.swarselmodules.pii { repo.secretFiles = let local = config.node.secretsDir + "/pii.nix.enc"; @@ -4384,8 +4369,8 @@ This dynamically uses systemd boot or Lanzaboote depending on the minimal system #+begin_src nix-ts :tangle modules/nixos/common/lanzaboote.nix { lib, pkgs, config, minimal, ... }: { - options.swarselsystems.modules.lanzaboote = lib.mkEnableOption "lanzaboote config"; - config = lib.mkIf config.swarselsystems.modules.lanzaboote { + options.swarselmodules.lanzaboote = lib.mkEnableOption "lanzaboote config"; + config = lib.mkIf config.swarselmodules.lanzaboote { environment.systemPackages = lib.mkIf config.swarselsystems.isSecureBoot [ pkgs.sbctl @@ -4422,8 +4407,8 @@ Normally, doing that also resets the lecture that happens on the first use of =s inherit (config.swarselsystems) isImpermanence isCrypted; in { - options.swarselsystems.modules.impermanence = lib.mkEnableOption "impermanence config"; - config = lib.mkIf config.swarselsystems.modules.impermanence { + options.swarselmodules.impermanence = lib.mkEnableOption "impermanence config"; + config = lib.mkIf config.swarselmodules.impermanence { security.sudo.extraConfig = lib.mkIf isImpermanence '' @@ -4544,8 +4529,8 @@ Mostly used to install some compilers and lsp's that I want to have available wh #+begin_src nix-ts :tangle modules/nixos/client/packages.nix { lib, config, pkgs, minimal, ... }: { - options.swarselsystems.modules.packages = lib.mkEnableOption "install packages"; - config = lib.mkIf config.swarselsystems.modules.packages { + options.swarselmodules.packages = lib.mkEnableOption "install packages"; + config = lib.mkIf config.swarselmodules.packages { environment.systemPackages = with pkgs; lib.optionals (!minimal) [ # yubikey packages @@ -4650,8 +4635,8 @@ Next, we will setup some environment variables that need to be set on the system #+begin_src nix-ts :tangle modules/nixos/client/env.nix { lib, config, pkgs, ... }: { - options.swarselsystems.modules.env = lib.mkEnableOption "environment config"; - config = lib.mkIf config.swarselsystems.modules.env { + options.swarselmodules.env = lib.mkEnableOption "environment config"; + config = lib.mkIf config.swarselmodules.env { environment = { wordlist.enable = true; @@ -4679,8 +4664,8 @@ Needed for control over system-wide privileges etc. Also I make sure that the ro #+begin_src nix-ts :tangle modules/nixos/client/polkit.nix { lib, config, minimal, ... }: { - options.swarselsystems.modules.security = lib.mkEnableOption "security config"; - config = lib.mkIf config.swarselsystems.modules.security { + options.swarselmodules.security = lib.mkEnableOption "security config"; + config = lib.mkIf config.swarselmodules.security { security = { pam.services = lib.mkIf (!minimal) { @@ -4712,8 +4697,8 @@ There is a persistent bug over Linux kernels that makes the user wait 1m30s on s #+begin_src nix-ts :tangle modules/nixos/client/systemd.nix { lib, config, ... }: { - options.swarselsystems.modules.systemdTimeout = lib.mkEnableOption "systemd timeout config"; - config = lib.mkIf config.swarselsystems.modules.systemdTimeout { + options.swarselmodules.systemdTimeout = lib.mkEnableOption "systemd timeout config"; + config = lib.mkIf config.swarselmodules.systemdTimeout { # systemd systemd.extraConfig = '' DefaultTimeoutStartSec=60s @@ -4734,8 +4719,8 @@ Enable OpenGL, Sound, Bluetooth and various drivers. { pkgs, config, lib, ... }: { + options.swarselmodules.hardware = lib.mkEnableOption "hardware config"; options.swarselsystems = { - modules.hardware = lib.mkEnableOption "hardware config"; hasBluetooth = lib.mkEnableOption "bluetooth availability"; hasFingerprint = lib.mkEnableOption "fingerprint sensor availability"; trackpoint = { @@ -4746,7 +4731,7 @@ Enable OpenGL, Sound, Bluetooth and various drivers. }; }; }; - config = lib.mkIf config.swarselsystems.modules.hardware { + config = lib.mkIf config.swarselmodules.hardware { hardware = { # opengl.driSupport32Bit = true is replaced with graphics.enable32Bit and hence redundant graphics = { @@ -4792,8 +4777,8 @@ This is only used on systems not running Pipewire. #+begin_src nix-ts :tangle modules/nixos/client/pulseaudio.nix { config, pkgs, lib, ... }: { - options.swarselsystems.modules.pulseaudio = lib.mkEnableOption "pulseaudio config"; - config = lib.mkIf config.swarselsystems.modules.pulseaudio { + options.swarselmodules.pulseaudio = lib.mkEnableOption "pulseaudio config"; + config = lib.mkIf config.swarselmodules.pulseaudio { services.pulseaudio = { enable = lib.mkIf (!config.services.pipewire.enable) true; package = pkgs.pulseaudioFull; @@ -4812,8 +4797,8 @@ Pipewire handles communication on Wayland. This enables several sound tools as w #+begin_src nix-ts :tangle modules/nixos/client/pipewire.nix { lib, config, pkgs, ... }: { - options.swarselsystems.modules.pipewire = lib.mkEnableOption "pipewire config"; - config = lib.mkIf config.swarselsystems.modules.pipewire { + options.swarselmodules.pipewire = lib.mkEnableOption "pipewire config"; + config = lib.mkIf config.swarselmodules.pipewire { security.rtkit.enable = true; # this is required for pipewire real-time access services.pipewire = { @@ -4851,10 +4836,10 @@ Here I only enable =networkmanager= and a few default networks. The rest of the in { options.swarselsystems = { - modules.network = lib.mkEnableOption "network config"; firewall = lib.swarselsystems.mkTrueOption; }; - config = lib.mkIf config.swarselsystems.modules.network { + options.swarselmodules.network = lib.mkEnableOption "network config"; + config = lib.mkIf config.swarselmodules.network { sops = { secrets = lib.mkIf (!config.swarselsystems.isPublic) { @@ -5174,8 +5159,8 @@ I use sops-nix to handle secrets that I want to have available on my machines at #+begin_src nix-ts :tangle modules/nixos/client/sops.nix { config, lib, ... }: { - options.swarselsystems.modules.sops = lib.mkEnableOption "sops config"; - config = lib.mkIf config.swarselsystems.modules.sops { + options.swarselmodules.sops = lib.mkEnableOption "sops config"; + config = lib.mkIf config.swarselmodules.sops { sops = { # age.sshKeyPaths = lib.swarselsystems.mkIfElseList config.swarselsystems.isBtrfs [ "/persist/.ssh/sops" "/persist/.ssh/ssh_host_ed25519_key" ] [ "${config.swarselsystems.homeDir}/.ssh/sops" "/etc/ssh/sops" "/etc/ssh/ssh_host_ed25519_key" ]; @@ -5201,12 +5186,12 @@ By default, [[https://github.com/danth/stylix][stylix]] wants to style GRUB as w #+begin_src nix-ts :noweb yes :tangle modules/nixos/client/stylix.nix { self, lib, config, ... }: { - options.swarselsystems.modules.stylix = lib.mkEnableOption "stylix config"; + options.swarselmodules.stylix = lib.mkEnableOption "stylix config"; config = { stylix = { enable = true; base16Scheme = "${self}/files/stylix/swarsel.yaml"; - } // lib.optionalAttrs config.swarselsystems.modules.stylix + } // lib.optionalAttrs config.swarselmodules.stylix (lib.recursiveUpdate { targets.grub.enable = false; # the styling makes grub more ugly @@ -5232,8 +5217,8 @@ Some programs profit from being installed through dedicated NixOS settings on sy #+begin_src nix-ts :tangle modules/nixos/client/programs.nix { lib, config, ... }: { - options.swarselsystems.modules.programs = lib.mkEnableOption "small program modules config"; - config = lib.mkIf config.swarselsystems.modules.programs { + options.swarselmodules.programs = lib.mkEnableOption "small program modules config"; + config = lib.mkIf config.swarselmodules.programs { programs = { dconf.enable = true; evince.enable = true; @@ -5252,8 +5237,8 @@ Here I disable global completion to prevent redundant compinit calls and cache i #+begin_src nix-ts :tangle modules/nixos/client/zsh.nix { lib, config, pkgs, ... }: { - options.swarselsystems.modules.zsh = lib.mkEnableOption "zsh base config"; - config = lib.mkIf config.swarselsystems.modules.zsh { + options.swarselmodules.zsh = lib.mkEnableOption "zsh base config"; + config = lib.mkIf config.swarselmodules.zsh { programs.zsh = { enable = true; enableCompletion = false; @@ -5275,8 +5260,8 @@ Here I disable global completion to prevent redundant compinit calls and cache i inherit (config.swarselsystems) mainUser homeDir; in { - options.swarselsystems.modules.syncthing = lib.mkEnableOption "syncthing config"; - config = lib.mkIf config.swarselsystems.modules.syncthing { + options.swarselmodules.syncthing = lib.mkEnableOption "syncthing config"; + config = lib.mkIf config.swarselmodules.syncthing { services.syncthing = { enable = true; package = pkgs.stable.syncthing; @@ -5349,8 +5334,8 @@ Enables the blueman service including the nice system tray icon. #+begin_src nix-ts :tangle modules/nixos/client/blueman.nix { lib, config, ... }: { - options.swarselsystems.modules.blueman = lib.mkEnableOption "blueman config"; - config = lib.mkIf config.swarselsystems.modules.blueman { + options.swarselmodules.blueman = lib.mkEnableOption "blueman config"; + config = lib.mkIf config.swarselmodules.blueman { services.blueman.enable = true; services.hardware.bolt.enable = true; }; @@ -5371,8 +5356,8 @@ Avahi is the service used for the network discovery. #+begin_src nix-ts :tangle modules/nixos/client/networkdevices.nix { lib, config, pkgs, ... }: { - options.swarselsystems.modules.networkDevices = lib.mkEnableOption "network device config"; - config = lib.mkIf config.swarselsystems.modules.networkDevices { + options.swarselmodules.networkDevices = lib.mkEnableOption "network device config"; + config = lib.mkIf config.swarselmodules.networkDevices { # enable scanners over network hardware.sane = { enable = true; @@ -5414,8 +5399,8 @@ This is being set to allow myself to use all functions of nautilus in NixOS #+begin_src nix-ts :tangle modules/nixos/client/gvfs.nix { lib, config, ... }: { - options.swarselsystems.modules.gvfs = lib.mkEnableOption "gvfs config for nautilus"; - config = lib.mkIf config.swarselsystems.modules.gvfs { + options.swarselmodules.gvfs = lib.mkEnableOption "gvfs config for nautilus"; + config = lib.mkIf config.swarselmodules.gvfs { services.gvfs.enable = true; }; } @@ -5431,8 +5416,8 @@ This is a super-convenient package that lets my remap my =CAPS= key to =ESC= if #+begin_src nix-ts :tangle modules/nixos/client/interceptiontools.nix { lib, config, pkgs, ... }: { - options.swarselsystems.modules.interceptionTools = lib.mkEnableOption "interception tools config"; - config = lib.mkIf config.swarselsystems.modules.interceptionTools { + options.swarselmodules.interceptionTools = lib.mkEnableOption "interception tools config"; + config = lib.mkIf config.swarselmodules.interceptionTools { # Make CAPS work as a dual function ESC/CTRL key services.interception-tools = { enable = true; @@ -5479,8 +5464,8 @@ Most of the time I am using =power-saver=, however, it is good to be able to cho #+begin_src nix-ts :tangle modules/nixos/client/power-profiles-daemon.nix { lib, config, ... }: { - options.swarselsystems.modules.ppd = lib.mkEnableOption "power profiles daemon config"; - config = lib.mkIf config.swarselsystems.modules.ppd { + options.swarselmodules.ppd = lib.mkEnableOption "power profiles daemon config"; + config = lib.mkIf config.swarselmodules.ppd { services.power-profiles-daemon.enable = true; }; } @@ -5494,8 +5479,8 @@ Most of the time I am using =power-saver=, however, it is good to be able to cho #+begin_src nix-ts :tangle modules/nixos/client/swayosd.nix { lib, pkgs, config, ... }: { - options.swarselsystems.modules.swayosd = lib.mkEnableOption "swayosd settings"; - config = lib.mkIf config.swarselsystems.modules.swayosd { + options.swarselmodules.swayosd = lib.mkEnableOption "swayosd settings"; + config = lib.mkIf config.swarselmodules.swayosd { environment.systemPackages = [ pkgs.dev.swayosd ]; services.udev.packages = [ pkgs.dev.swayosd ]; systemd.services.swayosd-libinput-backend = { @@ -5540,8 +5525,8 @@ Also, since I use a GPG key in sops, it seems that scdaemon creates an instance inherit (config.repo.secrets.common.yubikeys) cfg1 cfg2; in { - options.swarselsystems.modules.yubikey = lib.mkEnableOption "yubikey config"; - config = lib.mkIf config.swarselsystems.modules.yubikey { + options.swarselmodules.yubikey = lib.mkEnableOption "yubikey config"; + config = lib.mkIf config.swarselmodules.yubikey { programs.ssh.startAgent = false; services.pcscd.enable = false; @@ -5581,8 +5566,8 @@ This performs the necessary configuration to support this hardware. #+begin_src nix-ts :tangle modules/nixos/client/hardwarecompatibility-ledger.nix { lib, config, pkgs, ... }: { - options.swarselsystems.modules.ledger = lib.mkEnableOption "ledger config"; - config = lib.mkIf config.swarselsystems.modules.ledger { + options.swarselmodules.ledger = lib.mkEnableOption "ledger config"; + config = lib.mkIf config.swarselmodules.ledger { hardware.ledger.enable = true; services.udev.packages = with pkgs; [ @@ -5603,8 +5588,8 @@ This loads some udev rules that I need for my split keyboards. #+begin_src nix-ts :tangle modules/nixos/client/hardwarecompatibility-keyboards.nix { lib, config, pkgs, ... }: { - options.swarselsystems.modules.keyboards = lib.mkEnableOption "keyboards config"; - config = lib.mkIf config.swarselsystems.modules.keyboards { + options.swarselmodules.keyboards = lib.mkEnableOption "keyboards config"; + config = lib.mkIf config.swarselmodules.keyboards { services.udev.packages = with pkgs; [ qmk-udev-rules vial @@ -5624,8 +5609,8 @@ This section houses the greetd related settings. I do not really want to use a d #+begin_src nix-ts :tangle modules/nixos/client/login.nix { lib, config, pkgs, ... }: { - options.swarselsystems.modules.login = lib.mkEnableOption "login config"; - config = lib.mkIf config.swarselsystems.modules.login { + options.swarselmodules.login = lib.mkEnableOption "login config"; + config = lib.mkIf config.swarselmodules.login { services.greetd = { enable = true; settings = { @@ -5661,8 +5646,8 @@ When a program does not work, start with =nix-ldd =. This will tell you #+begin_src nix-ts :tangle modules/nixos/client/nix-ld.nix { lib, config, pkgs, ... }: { - options.swarselsystems.modules.nix-ld = lib.mkEnableOption "nix-ld config"; - config = lib.mkIf config.swarselsystems.modules.nix-ld { + options.swarselmodules.nix-ld = lib.mkEnableOption "nix-ld config"; + config = lib.mkIf config.swarselmodules.nix-ld { programs.nix-ld = { enable = true; libraries = with pkgs; [ @@ -5784,8 +5769,8 @@ This snipped is added to the activation script that is run after every rebuild a #+begin_src nix-ts :tangle modules/nixos/client/nvd-rebuild.nix { lib, config, pkgs, ... }: { - options.swarselsystems.modules.nvd = lib.mkEnableOption "nvd config"; - config = lib.mkIf config.swarselsystems.modules.nvd { + options.swarselmodules.nvd = lib.mkEnableOption "nvd config"; + config = lib.mkIf config.swarselmodules.nvd { environment.systemPackages = [ pkgs.nvd @@ -5812,8 +5797,8 @@ Used for storing sessions in e.g. Nextcloud. Using this on a system level keeps #+begin_src nix-ts :tangle modules/nixos/client/gnome-keyring.nix { lib, config, ... }: { - options.swarselsystems.modules.gnome-keyring = lib.mkEnableOption "gnome-keyring config"; - config = lib.mkIf config.swarselsystems.modules.gnome-keyring { + options.swarselmodules.gnome-keyring = lib.mkEnableOption "gnome-keyring config"; + config = lib.mkIf config.swarselmodules.gnome-keyring { services.gnome.gnome-keyring = { enable = true; }; @@ -5833,8 +5818,8 @@ This is used to better integrate Sway into the system on NixOS hosts. On the hom #+begin_src nix-ts :tangle modules/nixos/client/sway.nix { lib, config, pkgs, ... }: { - options.swarselsystems.modules.sway = lib.mkEnableOption "sway config"; - config = lib.mkIf config.swarselsystems.modules.sway { + options.swarselmodules.sway = lib.mkEnableOption "sway config"; + config = lib.mkIf config.swarselmodules.sway { programs.sway = { enable = true; package = pkgs.dev.swayfx; @@ -5867,8 +5852,8 @@ This allows me to use screen sharing on Wayland. The implementation is a bit cru #+begin_src nix-ts :tangle modules/nixos/client/xdg-portal.nix { lib, config, pkgs, ... }: { - options.swarselsystems.modules.xdg-portal = lib.mkEnableOption "xdg portal config"; - config = lib.mkIf config.swarselsystems.modules.xdg-portal { + options.swarselmodules.xdg-portal = lib.mkEnableOption "xdg portal config"; + config = lib.mkIf config.swarselmodules.xdg-portal { xdg.portal = { enable = true; config = { @@ -5897,8 +5882,8 @@ I am using distrobox to quickly circumvent isses that I cannot immediately solve #+begin_src nix-ts :tangle modules/nixos/client/distrobox.nix { lib, config, pkgs, ... }: { - options.swarselsystems.modules.distrobox = lib.mkEnableOption "distrobox config"; - config = lib.mkIf config.swarselsystems.modules.distrobox { + options.swarselmodules.distrobox = lib.mkEnableOption "distrobox config"; + config = lib.mkIf config.swarselmodules.distrobox { environment.systemPackages = with pkgs; [ distrobox boxbuddy @@ -5922,8 +5907,8 @@ Adds the necessary tools to allow .appimage programs easily. #+begin_src nix-ts :tangle modules/nixos/client/appimage.nix { lib, config, ... }: { - options.swarselsystems.modules.appimage = lib.mkEnableOption "appimage config"; - config = lib.mkIf config.swarselsystems.modules.appimage { + options.swarselmodules.appimage = lib.mkEnableOption "appimage config"; + config = lib.mkIf config.swarselmodules.appimage { programs.appimage = { enable = true; binfmt = true; @@ -5943,8 +5928,8 @@ This turns off the display when the lid is closed. #+begin_src nix-ts :tangle modules/nixos/client/lid.nix { lib, config, ... }: { - options.swarselsystems.modules.lid = lib.mkEnableOption "lid config"; - config = lib.mkIf config.swarselsystems.modules.lid { + options.swarselmodules.lid = lib.mkEnableOption "lid config"; + config = lib.mkIf config.swarselmodules.lid { services.logind = { lidSwitch = "suspend"; lidSwitchDocked = "ignore"; @@ -5990,8 +5975,8 @@ Since I hide the waybar completely during normal operation, I run the risk of no #+begin_src nix-ts :tangle modules/nixos/client/lowbattery.nix { pkgs, lib, config, ... }: { - options.swarselsystems.modules.lowBattery = lib.mkEnableOption "low battery notification config"; - config = lib.mkIf config.swarselsystems.modules.lowBattery { + options.swarselmodules.lowBattery = lib.mkEnableOption "low battery notification config"; + config = lib.mkIf config.swarselmodules.lowBattery { systemd.user.services."battery-low" = { enable = true; description = "Timer for battery check that alerts at 10% or less"; @@ -6032,8 +6017,8 @@ Auto login for the initial session. inherit (config.swarselsystems) mainUser; in { - options.swarselsystems.modules.autologin = lib.mkEnableOption "optional autologin settings"; - config = lib.mkIf config.swarselsystems.modules.autologin { + options.swarselmodules.autologin = lib.mkEnableOption "optional autologin settings"; + config = lib.mkIf config.swarselmodules.autologin { services = { getty.autologinUser = mainUser; greetd.settings.initial_session.user = mainUser; @@ -6080,14 +6065,15 @@ Here we just define some aliases for rebuilding the system, and we allow some in inherit (config.swarselsystems) flakePath; in { + + options.swarselmodules.server.general = lib.mkEnableOption "general setting on server"; options.swarselsystems = { - modules.server.general = lib.mkEnableOption "general setting on server"; shellAliases = lib.mkOption { type = lib.types.attrsOf lib.types.str; default = { }; }; }; - config = lib.mkIf config.swarselsystems.modules.server.general { + config = lib.mkIf config.swarselmodules.server.general { environment.shellAliases = lib.recursiveUpdate { @@ -6122,8 +6108,8 @@ Here we just define some aliases for rebuilding the system, and we allow some in #+begin_src nix-ts :tangle modules/nixos/server/packages.nix { lib, config, pkgs, ... }: { - options.swarselsystems.modules.server.packages = lib.mkEnableOption "enable packages on server"; - config = lib.mkIf config.swarselsystems.modules.server.packages { + options.swarselmodules.server.packages = lib.mkEnableOption "enable packages on server"; + config = lib.mkIf config.swarselmodules.server.packages { environment.systemPackages = with pkgs; [ gnupg nix-index @@ -6152,8 +6138,8 @@ Here we just define some aliases for rebuilding the system, and we allow some in nfsUser = globals.user.name; in { - options.swarselsystems.modules.server.nfs = lib.mkEnableOption "enable nfs on server"; - config = lib.mkIf config.swarselsystems.modules.server.nfs { + options.swarselmodules.server.nfs = lib.mkEnableOption "enable nfs on server"; + config = lib.mkIf config.swarselmodules.server.nfs { services = { # add a user with sudo smbpasswd -a samba = { @@ -6216,8 +6202,8 @@ Here we just define some aliases for rebuilding the system, and we allow some in in { - options.swarselsystems.modules.server.nginx = lib.mkEnableOption "enable nginx on server"; - config = lib.mkIf config.swarselsystems.modules.server.nginx { + options.swarselmodules.server.nginx = lib.mkEnableOption "enable nginx on server"; + config = lib.mkIf config.swarselmodules.server.nginx { environment.systemPackages = with pkgs; [ lego ]; @@ -6262,8 +6248,8 @@ Here I am forcing =startWhenNeeded= to false so that the value will not be set t #+begin_src nix-ts :tangle modules/nixos/server/ssh.nix { self, lib, config, ... }: { - options.swarselsystems.modules.server.ssh = lib.mkEnableOption "enable ssh on server"; - config = lib.mkIf config.swarselsystems.modules.server.ssh { + options.swarselmodules.server.ssh = lib.mkEnableOption "enable ssh on server"; + config = lib.mkIf config.swarselmodules.server.ssh { services.openssh = { enable = true; startWhenNeeded = lib.mkForce false; @@ -6310,8 +6296,8 @@ Here I am forcing =startWhenNeeded= to false so that the value will not be set t serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; in { - options.swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; - config = lib.mkIf config.swarselsystems.modules.server.${serviceName} { + options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; + config = lib.mkIf config.swarselmodules.server.${serviceName} { environment.systemPackages = with pkgs; [ calibre ]; @@ -6381,8 +6367,8 @@ Here I am forcing =startWhenNeeded= to false so that the value will not be set t serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; in { - options.swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; - config = lib.mkIf config.swarselsystems.modules.server.${serviceName} { + options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; + config = lib.mkIf config.swarselmodules.server.${serviceName} { users.users.${serviceUser} = { extraGroups = [ "video" "render" "users" ]; }; @@ -6452,8 +6438,8 @@ Here I am forcing =startWhenNeeded= to false so that the value will not be set t serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; in { - options.swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; - config = lib.mkIf config.swarselsystems.modules.server.${serviceName} { + options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; + config = lib.mkIf config.swarselmodules.server.${serviceName} { environment.systemPackages = with pkgs; [ pciutils alsa-utils @@ -6595,8 +6581,8 @@ Here I am forcing =startWhenNeeded= to false so that the value will not be set t serviceGroup = serviceUser; in { - options.swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; - config = lib.mkIf config.swarselsystems.modules.server.${serviceName} { + options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; + config = lib.mkIf config.swarselmodules.server.${serviceName} { users.groups.${serviceGroup} = { gid = 65136; }; @@ -6646,8 +6632,8 @@ Here I am forcing =startWhenNeeded= to false so that the value will not be set t serviceName = "mpd"; in { - options.swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; - config = lib.mkIf config.swarselsystems.modules.server.${serviceName} { + options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; + config = lib.mkIf config.swarselmodules.server.${serviceName} { users = { groups = { mpd = { }; @@ -6712,7 +6698,7 @@ Here I am forcing =startWhenNeeded= to false so that the value will not be set t #+begin_src nix-ts :tangle modules/nixos/server/pipewire.nix { lib, config, ... }: { - config = lib.mkIf (config?swarselsystems.modules.server.mpd || config?swarselsystems.modules.server.navidrome) { + config = lib.mkIf (config?swarselmodules.server.mpd || config?swarselmodules.server.navidrome) { security.rtkit.enable = true; # this is required for pipewire real-time access @@ -6744,8 +6730,8 @@ Here I am forcing =startWhenNeeded= to false so that the value will not be set t postgresVersion = 14; in { - options.swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; - config = lib.mkIf config.swarselsystems.modules.server.${serviceName} { + options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; + config = lib.mkIf config.swarselmodules.server.${serviceName} { services = { ${serviceName} = { enable = true; @@ -6786,8 +6772,8 @@ Here I am forcing =startWhenNeeded= to false so that the value will not be set t ''; in { - options.swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; - config = lib.mkIf config.swarselsystems.modules.server.${serviceName} { + options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; + config = lib.mkIf config.swarselmodules.server.${serviceName} { environment.systemPackages = with pkgs; [ matrix-synapse lottieconverter @@ -7130,8 +7116,8 @@ Here I am forcing =startWhenNeeded= to false so that the value will not be set t serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; in { - options.swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; - config = lib.mkIf config.swarselsystems.modules.server.${serviceName} { + options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; + config = lib.mkIf config.swarselmodules.server.${serviceName} { sops.secrets = { nextcloud-admin-pw = { inherit sopsFile; owner = serviceUser; group = serviceGroup; mode = "0440"; }; @@ -7206,8 +7192,8 @@ Here I am forcing =startWhenNeeded= to false so that the value will not be set t serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; in { - options.swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; - config = lib.mkIf config.swarselsystems.modules.server.${serviceName} { + options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; + config = lib.mkIf config.swarselmodules.server.${serviceName} { users.users.${serviceUser} = { extraGroups = [ "video" "render" "users" ]; @@ -7293,8 +7279,8 @@ Also I install Tika and Gotenberg, which are needed to create PDFs out of =.eml= kanidmDomain = globals.services.kanidm.domain; in { - options.swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; - config = lib.mkIf config.swarselsystems.modules.server.${serviceName} { + options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; + config = lib.mkIf config.swarselmodules.server.${serviceName} { users.users.${serviceUser} = { extraGroups = [ "users" ]; @@ -7438,8 +7424,8 @@ Also I install Tika and Gotenberg, which are needed to create PDFs out of =.eml= prowlarrPort = 9696; in { - options.swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} and friends on server"; - config = lib.mkIf config.swarselsystems.modules.server.${serviceName} { + options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} and friends on server"; + config = lib.mkIf config.swarselmodules.server.${serviceName} { # this user/group section is probably unneeded users = { @@ -7618,8 +7604,8 @@ Also I install Tika and Gotenberg, which are needed to create PDFs out of =.eml= cfg = config.services.${serviceName}; in { - options.swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; - config = lib.mkIf config.swarselsystems.modules.server.${serviceName} { + options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; + config = lib.mkIf config.swarselmodules.server.${serviceName} { users.users.${serviceUser} = { extraGroups = [ "users" ]; @@ -7751,8 +7737,8 @@ This manages backups for my pictures and obsidian files. inherit (config.swarselsystems) sopsFile; in { - options.swarselsystems.modules.server.restic = lib.mkEnableOption "enable restic backups on server"; - config = lib.mkIf config.swarselsystems.modules.server.restic { + options.swarselmodules.server.restic = lib.mkEnableOption "enable restic backups on server"; + config = lib.mkIf config.swarselmodules.server.restic { sops = { secrets = { @@ -7833,8 +7819,8 @@ This section exposes several metrics that I use to check the health of my server inherit (config.swarselsystems) sopsFile; in { - options.swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; - config = lib.mkIf config.swarselsystems.modules.server.${serviceName} { + options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; + config = lib.mkIf config.swarselmodules.server.${serviceName} { sops = { secrets = { @@ -8009,7 +7995,7 @@ This section exposes several metrics that I use to check the health of my server sslVerify = false; scrapeUri = "http://localhost/nginx_status"; }; - nextcloud = lib.mkIf config.swarselsystems.modules.server.nextcloud { + nextcloud = lib.mkIf config.swarselmodules.server.nextcloud { enable = true; port = 9205; url = "https://${serviceDomain}/ocs/v2.php/apps/serverinfo/api/v1/info"; @@ -8076,8 +8062,8 @@ This is a WIP Jenkins instance. It is used to automatically build a new system w serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; in { - options.swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; - config = lib.mkIf config.swarselsystems.modules.server.${serviceName} { + options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; + config = lib.mkIf config.swarselmodules.server.${serviceName} { services.jenkins = { enable = true; @@ -8131,8 +8117,8 @@ This was an approach of hosting an RSS server from within emacs. That would have servicePort = 9812; in { - options.swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} server on server"; - config = lib.mkIf config.swarselsystems.modules.server.${serviceName} { + options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} server on server"; + config = lib.mkIf config.swarselmodules.server.${serviceName} { networking.firewall.allowedTCPPorts = [ servicePort ]; @@ -8172,8 +8158,8 @@ FreshRSS claims to support HTTP header auth, but at least it does not work with inherit (config.swarselsystems) sopsFile; in { - options.swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; - config = lib.mkIf config.swarselsystems.modules.server.${serviceName} { + options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; + config = lib.mkIf config.swarselmodules.server.${serviceName} { users.users.${serviceUser} = { extraGroups = [ "users" ]; @@ -8287,8 +8273,8 @@ FreshRSS claims to support HTTP header auth, but at least it does not work with kanidmDomain = globals.services.kanidm.domain; in { - options.swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; - config = lib.mkIf config.swarselsystems.modules.server.${serviceName} { + options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; + config = lib.mkIf config.swarselmodules.server.${serviceName} { networking.firewall.allowedTCPPorts = [ servicePort ]; @@ -8450,8 +8436,8 @@ FreshRSS claims to support HTTP header auth, but at least it does not work with ankiUser = globals.user.name; in { - options.swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; - config = lib.mkIf config.swarselsystems.modules.server.${serviceName} { + options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; + config = lib.mkIf config.swarselmodules.server.${serviceName} { networking.firewall.allowedTCPPorts = [ servicePort ]; @@ -8539,8 +8525,8 @@ To get other URLs (token, etc.), use https:///oauth2/openid//oauth2/openid//oauth2/openid//oauth2/openid//oauth2/openid//oauth2/openid//oauth2/openid//oauth2/openid//oauth2/openid//oauth2/openid/ toolkit.legacyUserProfileCustomizations.styleshe #+begin_src nix-ts :tangle modules/home/common/symlink.nix { self, lib, config, ... }: { - options.swarselsystems.modules.symlink = lib.mkEnableOption "symlink settings"; - config = lib.mkIf config.swarselsystems.modules.symlink { + options.swarselmodules.symlink = lib.mkEnableOption "symlink settings"; + config = lib.mkIf config.swarselmodules.symlink { home.file = { "init.el" = lib.mkDefault { source = self + /files/emacs/init.el; @@ -11355,8 +11359,8 @@ Sets environment variables. Here I am only setting the EDITOR variable, most var crocDomain = globals.services.croc.domain; in { - options.swarselsystems.modules.env = lib.mkEnableOption "env settings"; - config = lib.mkIf config.swarselsystems.modules.env { + options.swarselmodules.env = lib.mkEnableOption "env settings"; + config = lib.mkIf config.swarselmodules.env { home.sessionVariables = { EDITOR = "e -w"; DISPLAY = ":0"; @@ -11386,8 +11390,8 @@ This section is for programs that require no further configuration. zsh Integrat #+begin_src nix-ts :tangle modules/home/common/programs.nix { lib, config, pkgs, ... }: { - options.swarselsystems.modules.programs = lib.mkEnableOption "programs settings"; - config = lib.mkIf config.swarselsystems.modules.programs { + options.swarselmodules.programs = lib.mkEnableOption "programs settings"; + config = lib.mkIf config.swarselmodules.programs { programs = { bottom.enable = true; imv.enable = true; @@ -11427,8 +11431,8 @@ nix-index provides a way to find out which packages are provided by which deriva #+begin_src nix-ts :tangle modules/home/common/nix-index.nix { self, lib, config, pkgs, ... }: { - options.swarselsystems.modules.nix-index = lib.mkEnableOption "nix-index settings"; - config = lib.mkIf config.swarselsystems.modules.nix-index { + options.swarselmodules.nix-index = lib.mkEnableOption "nix-index settings"; + config = lib.mkIf config.swarselmodules.nix-index { programs.nix-index = let commandNotFound = pkgs.runCommandLocal "command-not-found.sh" { } '' @@ -11461,8 +11465,8 @@ Enables password store with the =pass-otp= extension which allows me to store an #+begin_src nix-ts :tangle modules/home/common/password-store.nix { lib, config, pkgs, ... }: { - options.swarselsystems.modules.passwordstore = lib.mkEnableOption "passwordstore settings"; - config = lib.mkIf config.swarselsystems.modules.passwordstore { + options.swarselmodules.passwordstore = lib.mkEnableOption "passwordstore settings"; + config = lib.mkIf config.swarselmodules.passwordstore { programs.password-store = { enable = true; settings = { @@ -11484,8 +11488,8 @@ Enables direnv, which I use for nearly all of my nix dev flakes. #+begin_src nix-ts :tangle modules/home/common/direnv.nix { lib, config, ... }: { - options.swarselsystems.modules.direnv = lib.mkEnableOption "direnv settings"; - config = lib.mkIf config.swarselsystems.modules.direnv { + options.swarselmodules.direnv = lib.mkEnableOption "direnv settings"; + config = lib.mkIf config.swarselmodules.direnv { programs.direnv = { enable = true; silent = true; @@ -11505,8 +11509,8 @@ Eza provides me with a better =ls= command and some other useful aliases. #+begin_src nix-ts :tangle modules/home/common/eza.nix { lib, config, ... }: { - options.swarselsystems.modules.eza = lib.mkEnableOption "eza settings"; - config = lib.mkIf config.swarselsystems.modules.eza { + options.swarselmodules.eza = lib.mkEnableOption "eza settings"; + config = lib.mkIf config.swarselmodules.eza { programs.eza = { enable = true; icons = "auto"; @@ -11531,8 +11535,8 @@ Eza provides me with a better =ls= command and some other useful aliases. atuinDomain = globals.services.atuin.domain; in { - options.swarselsystems.modules.atuin = lib.mkEnableOption "atuin settings"; - config = lib.mkIf config.swarselsystems.modules.atuin { + options.swarselmodules.atuin = lib.mkEnableOption "atuin settings"; + config = lib.mkIf config.swarselmodules.atuin { programs.atuin = { enable = true; enableZshIntegration = true; @@ -11562,8 +11566,8 @@ Here I set up my git config, automatic signing of commits, useful aliases for my gitUser = globals.user.name; in { - options.swarselsystems.modules.git = lib.mkEnableOption "git settings"; - config = lib.mkIf config.swarselsystems.modules.git { + options.swarselmodules.git = lib.mkEnableOption "git settings"; + config = lib.mkIf config.swarselmodules.git { programs.git = { enable = true; } // lib.optionalAttrs (!minimal) { @@ -11615,8 +11619,8 @@ Here I only need to set basic layout options - the rest is being managed by styl #+begin_src nix-ts :tangle modules/home/common/fuzzel.nix { lib, config, ... }: { - options.swarselsystems.modules.fuzzel = lib.mkEnableOption "fuzzel settings"; - config = lib.mkIf config.swarselsystems.modules.fuzzel { + options.swarselmodules.fuzzel = lib.mkEnableOption "fuzzel settings"; + config = lib.mkIf config.swarselmodules.fuzzel { programs.fuzzel = { enable = true; settings = { @@ -11642,8 +11646,8 @@ Starship makes my =zsh= look cooler! I have symbols for most programming languag #+begin_src nix-ts :tangle modules/home/common/starship.nix { lib, config, ... }: { - options.swarselsystems.modules.starship = lib.mkEnableOption "starship settings"; - config = lib.mkIf config.swarselsystems.modules.starship { + options.swarselmodules.starship = lib.mkEnableOption "starship settings"; + config = lib.mkIf config.swarselmodules.starship { programs.starship = { enable = true; enableZshIntegration = true; @@ -11778,8 +11782,8 @@ The theme is handled by stylix. #+begin_src nix-ts :tangle modules/home/common/kitty.nix { lib, config, ... }: { - options.swarselsystems.modules.kitty = lib.mkEnableOption "kitty settings"; - config = lib.mkIf config.swarselsystems.modules.kitty { + options.swarselmodules.kitty = lib.mkEnableOption "kitty settings"; + config = lib.mkIf config.swarselmodules.kitty { programs.kitty = { enable = true; keybindings = { }; @@ -11830,14 +11834,14 @@ Currently I only use it as before with =initExtra= though. inherit (config.swarselsystems) flakePath; in { + options.swarselmodules.zsh = lib.mkEnableOption "zsh settings"; options.swarselsystems = { - modules.zsh = lib.mkEnableOption "zsh settings"; shellAliases = lib.mkOption { type = lib.types.attrsOf lib.types.str; default = { }; }; }; - config = lib.mkIf config.swarselsystems.modules.zsh + config = lib.mkIf config.swarselmodules.zsh { sops.secrets = { @@ -11961,8 +11965,8 @@ Currently I only use it as before with =initExtra= though. #+begin_src nix-ts :tangle modules/home/common/zellij.nix { self, lib, config, pkgs, ... }: { - options.swarselsystems.modules.zellij = lib.mkEnableOption "zellij settings"; - config = lib.mkIf config.swarselsystems.modules.zellij { + options.swarselmodules.zellij = lib.mkEnableOption "zellij settings"; + config = lib.mkIf config.swarselmodules.zellij { programs.zellij = { enable = true; enableZshIntegration = true; @@ -12000,8 +12004,8 @@ Currently I only use it as before with =initExtra= though. }; in { - options.swarselsystems.modules.tmux = lib.mkEnableOption "tmux settings"; - config = lib.mkIf config.swarselsystems.modules.tmux { + options.swarselmodules.tmux = lib.mkEnableOption "tmux settings"; + config = lib.mkIf config.swarselmodules.tmux { home.packages = with pkgs; [ lsof sesh @@ -12102,8 +12106,8 @@ Normally I use 4 mail accounts - here I set them all up. Three of them are Googl inherit (config.swarselsystems) xdgDir; in { - options.swarselsystems.modules.mail = lib.mkEnableOption "mail settings"; - config = lib.mkIf config.swarselsystems.modules.mail { + options.swarselmodules.mail = lib.mkEnableOption "mail settings"; + config = lib.mkIf config.swarselmodules.mail { sops.secrets = lib.mkIf (!config.swarselsystems.isPublic) { address1-token = { path = "${xdgDir}/secrets/address1-token"; }; @@ -12265,8 +12269,8 @@ Lastly, I am defining some more packages here that the parser has problems findi inherit (config.swarselsystems) homeDir isPublic; in { - options.swarselsystems.modules.emacs = lib.mkEnableOption "emacs settings"; - config = lib.mkIf config.swarselsystems.modules.emacs { + options.swarselmodules.emacs = lib.mkEnableOption "emacs settings"; + config = lib.mkIf config.swarselmodules.emacs { # needed for elfeed sops.secrets.fever-pw = lib.mkIf (!isPublic) { path = "${homeDir}/.emacs.d/.fever"; }; @@ -12381,8 +12385,8 @@ The rest of the related configuration is found here: ]; in { + options.swarselmodules.waybar = lib.mkEnableOption "waybar settings"; options.swarselsystems = { - modules.waybar = lib.mkEnableOption "waybar settings"; cpuCount = lib.mkOption { type = lib.types.int; default = 8; @@ -12411,7 +12415,7 @@ The rest of the related configuration is found here: internal = true; }; }; - config = lib.mkIf config.swarselsystems.modules.waybar { + config = lib.mkIf config.swarselmodules.waybar { swarselsystems = { waybarModules = lib.mkIf config.swarselsystems.isLaptop (modulesLeft ++ [ @@ -12692,8 +12696,8 @@ I used to build the firefox addon =bypass-paywalls-clean= myself here, but the m #+begin_src nix-ts :tangle modules/home/common/firefox.nix { config, pkgs, lib, ... }: { - options.swarselsystems.modules.firefox = lib.mkEnableOption "firefox settings"; - config = lib.mkIf config.swarselsystems.modules.firefox { + options.swarselmodules.firefox = lib.mkEnableOption "firefox settings"; + config = lib.mkIf config.swarselmodules.firefox { programs.firefox = { enable = true; package = pkgs.firefox; # uses overrides @@ -12859,8 +12863,8 @@ Used for storing sessions in e.g. Nextcloud #+begin_src nix-ts :tangle modules/home/common/gnome-keyring.nix { lib, config, ... }: { - options.swarselsystems.modules.gnome-keyring = lib.mkEnableOption "gnome keyring settings"; - config = lib.mkIf config.swarselsystems.modules.gnome-keyring { + options.swarselmodules.gnome-keyring = lib.mkEnableOption "gnome keyring settings"; + config = lib.mkIf config.swarselmodules.gnome-keyring { services.gnome-keyring = lib.mkIf (!config.swarselsystems.isNixos) { enable = true; }; @@ -12878,8 +12882,8 @@ This enables phone/computer communication, including sending clipboard, files et #+begin_src nix-ts :tangle modules/home/common/kdeconnect.nix { lib, config, ... }: { - options.swarselsystems.modules.kdeconnect = lib.mkEnableOption "kdeconnect settings"; - config = lib.mkIf config.swarselsystems.modules.kdeconnect { + options.swarselmodules.kdeconnect = lib.mkEnableOption "kdeconnect settings"; + config = lib.mkIf config.swarselmodules.kdeconnect { services.kdeconnect = { enable = true; indicator = true; @@ -12901,8 +12905,8 @@ The `extraConfig` section here CANNOT be reindented. This has something to do wi #+begin_src nix-ts :tangle modules/home/common/mako.nix { lib, config, ... }: { - options.swarselsystems.modules.mako = lib.mkEnableOption "mako settings"; - config = lib.mkIf config.swarselsystems.modules.mako { + options.swarselmodules.mako = lib.mkEnableOption "mako settings"; + config = lib.mkIf config.swarselmodules.mako { services.mako = { enable = true; settings = { @@ -12944,8 +12948,8 @@ The `extraConfig` section here CANNOT be reindented. This has something to do wi #+begin_src nix-ts :tangle modules/home/common/swayosd.nix { lib, pkgs, config, ... }: { - options.swarselsystems.modules.swayosd = lib.mkEnableOption "swayosd settings"; - config = lib.mkIf config.swarselsystems.modules.swayosd { + options.swarselmodules.swayosd = lib.mkEnableOption "swayosd settings"; + config = lib.mkIf config.swarselmodules.swayosd { services.swayosd = { enable = true; package = pkgs.dev.swayosd; @@ -12963,8 +12967,8 @@ The `extraConfig` section here CANNOT be reindented. This has something to do wi #+begin_src nix-ts :tangle modules/home/common/yubikey-touch-detector.nix { lib, config, pkgs, ... }: { - options.swarselsystems.modules.yubikeytouch = lib.mkEnableOption "yubikey touch detector service settings"; - config = lib.mkIf config.swarselsystems.modules.yubikeytouch { + options.swarselmodules.yubikeytouch = lib.mkEnableOption "yubikey touch detector service settings"; + config = lib.mkIf config.swarselmodules.yubikeytouch { systemd.user.services.yubikey-touch-detector = { Unit = { Description = "Detects when your YubiKey is waiting for a touch"; @@ -13013,8 +13017,8 @@ Currently, I am too lazy to explain every option here, but most of it is very se }; in { + options.swarselmodules.sway = lib.mkEnableOption "sway settings"; options.swarselsystems = { - modules.sway = lib.mkEnableOption "sway settings"; inputs = lib.mkOption { type = lib.types.attrsOf (lib.types.attrsOf lib.types.str); default = { }; @@ -13079,7 +13083,7 @@ Currently, I am too lazy to explain every option here, but most of it is very se internal = true; }; }; - config = lib.mkIf config.swarselsystems.modules.sway { + config = lib.mkIf config.swarselmodules.sway { swarselsystems = { touchpad = lib.mkIf config.swarselsystems.isLaptop { "type:touchpad" = { @@ -13426,8 +13430,8 @@ Currently, I am too lazy to explain every option here, but most of it is very se #+begin_src nix-ts :tangle modules/home/common/kanshi.nix { lib, config, ... }: { - options.swarselsystems.modules.kanshi = lib.mkEnableOption "kanshi settings"; - config = lib.mkIf config.swarselsystems.modules.kanshi { + options.swarselmodules.kanshi = lib.mkEnableOption "kanshi settings"; + config = lib.mkIf config.swarselmodules.kanshi { swarselsystems = { monitors = { homedesktop = { @@ -13527,8 +13531,8 @@ Settinfs that are needed for the gpg-agent. Also we are enabling emacs support f inherit (config.swarselsystems) mainUser homeDir; in { - options.swarselsystems.modules.gpgagent = lib.mkEnableOption "gpg agent settings"; - config = lib.mkIf config.swarselsystems.modules.gpgagent { + options.swarselmodules.gpgagent = lib.mkEnableOption "gpg agent settings"; + config = lib.mkIf config.swarselmodules.gpgagent { services.gpg-agent = { enable = true; enableZshIntegration = true; @@ -13579,8 +13583,8 @@ This service changes the screen hue at night. I am not sure if that really does inherit (nixosConfig.repo.secrets.common.location) latitude longitude; in { - options.swarselsystems.modules.gammastep = lib.mkEnableOption "gammastep settings"; - config = lib.mkIf config.swarselsystems.modules.gammastep { + options.swarselmodules.gammastep = lib.mkEnableOption "gammastep settings"; + config = lib.mkIf config.swarselmodules.gammastep { services.gammastep = lib.mkIf (config.swarselsystems.isNixos && !config.swarselsystems.isPublic) { enable = true; provider = "manual"; @@ -13611,7 +13615,6 @@ This section sets up all the imports that are used in the home-manager section. { imports = lib.swarselsystems.mkImports importNames "modules/home/server" ++ [ "${modulesPath}/home/common/settings.nix" - "${modulesPath}/home/common/sharedsetup.nix" ]; } #+end_src @@ -13628,8 +13631,8 @@ As for the `home.sessionVariables`, it should be noted that environment variable #+begin_src nix-ts :tangle modules/home/server/symlink.nix { self, lib, config, ... }: { - options.swarselsystems.modules.server.dotfiles = lib.mkEnableOption "server dotfiles settings"; - config = lib.mkIf config.swarselsystems.modules.server.dotfiles { + options.swarselmodules.server.dotfiles = lib.mkEnableOption "server dotfiles settings"; + config = lib.mkIf config.swarselmodules.server.dotfiles { home.file = { "init.el" = lib.mkForce { source = self + /files/emacs/server.el; @@ -13655,9 +13658,10 @@ This section sets up all the imports that are used in the home-manager section. #+begin_src nix-ts :tangle modules/home/darwin/default.nix { self, ... }: { + home.stateVersion = "23.05"; imports = [ "${self}/modules/home/common/settings.nix" - "${self}/modules/home/common/sharedsetup.nix" + "${self}/modules/shared/sharedsetup.nix" ]; } #+end_src @@ -13689,8 +13693,8 @@ The rest of the settings is at [[#h:fb3f3e01-7df4-4b06-9e91-aa9cac61a431][gaming #+begin_src nix-ts :tangle modules/home/optional/gaming.nix { lib, config, pkgs, ... }: { - options.swarselsystems.modules.optional.gaming = lib.mkEnableOption "optional gaming settings"; - config = lib.mkIf config.swarselsystems.modules.optional.gaming { + options.swarselmodules.optional.gaming = lib.mkEnableOption "optional gaming settings"; + config = lib.mkIf config.swarselmodules.optional.gaming { # specialisation = { # gaming.configuration = { home.packages = with pkgs; [ @@ -13742,8 +13746,8 @@ The rest of the settings is at [[#h:bbf2ecb6-c8ff-4462-b5d5-d45b28604ddf][work]] inherit (config.swarselsystems) homeDir; in { - options.swarselsystems.modules.optional.work = lib.mkEnableOption "optional work settings"; - config = lib.mkIf config.swarselsystems.modules.optional.work { + options.swarselmodules.optional.work = lib.mkEnableOption "optional work settings"; + config = lib.mkIf config.swarselmodules.optional.work { home.packages = with pkgs; [ stable.teams-for-linux shellcheck @@ -14198,8 +14202,8 @@ This holds configuration that is specific to framework laptops. #+begin_src nix-ts :tangle modules/home/optional/framework.nix { lib, config, ... }: { - options.swarselsystems.modules.optional.framework = lib.mkEnableOption "optional framework machine settings"; - config = lib.mkIf config.swarselsystems.modules.optional.framework { + options.swarselmodules.optional.framework = lib.mkEnableOption "optional framework machine settings"; + config = lib.mkIf config.swarselmodules.optional.framework { swarselsystems = { inputs = { "12972:18:Framework_Laptop_16_Keyboard_Module_-_ANSI_Keyboard" = { @@ -16119,11 +16123,11 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a :END: #+begin_src nix-ts :tangle profiles/nixos/personal/default.nix :mkdirp yes - { lib, config, ... }: + { lib, config, minimal, ... }: { - options.swarselsystems.profiles.personal = lib.mkEnableOption "is this a personal host"; - config = lib.mkIf config.swarselsystems.profiles.personal { - swarselsystems.modules = { + options.swarselprofiles.personal = lib.mkEnableOption "is this a personal host"; + config = lib.mkIf config.swarselprofiles.personal { + swarselmodules = { packages = lib.mkDefault true; pii = lib.mkDefault true; general = lib.mkDefault true; @@ -16176,6 +16180,11 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a ssh = lib.mkDefault true; }; }; + home-manager.users."${config.swarselsystems.mainUser}" = { + swarselprofiles = { + personal = lib.mkIf (!minimal) true; + }; + }; }; @@ -16191,9 +16200,9 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a #+begin_src nix-ts :tangle profiles/nixos/reduced/default.nix :mkdirp yes { lib, config, ... }: { - options.swarselsystems.profiles.reduced = lib.mkEnableOption "is this a reduced personal host"; - config = lib.mkIf config.swarselsystems.profiles.reduced { - swarselsystems.modules = { + options.swarselprofiles.reduced = lib.mkEnableOption "is this a reduced personal host"; + config = lib.mkIf config.swarselprofiles.reduced { + swarselmodules = { packages = lib.mkDefault true; pii = lib.mkDefault true; general = lib.mkDefault true; @@ -16255,9 +16264,9 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a #+begin_src nix-ts :tangle profiles/nixos/minimal/default.nix :mkdirp yes { lib, config, ... }: { - options.swarselsystems.profiles.minimal = lib.mkEnableOption "declare this a minimal host"; - config = lib.mkIf config.swarselsystems.profiles.minimal { - swarselsystems.modules = { + options.swarselprofiles.minimal = lib.mkEnableOption "declare this a minimal host"; + config = lib.mkIf config.swarselprofiles.minimal { + swarselmodules = { general = lib.mkDefault true; home-manager = lib.mkDefault true; xserver = lib.mkDefault true; @@ -16291,9 +16300,9 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a #+begin_src nix-ts :tangle profiles/nixos/chaostheatre/default.nix :mkdirp yes { lib, config, ... }: { - options.swarselsystems.profiles.chaostheatre = lib.mkEnableOption "is this a chaostheatre host"; - config = lib.mkIf config.swarselsystems.profiles.chaostheatre { - swarselsystems.modules = { + options.swarselprofiles.chaostheatre = lib.mkEnableOption "is this a chaostheatre host"; + config = lib.mkIf config.swarselprofiles.chaostheatre { + swarselmodules = { packages = lib.mkDefault true; general = lib.mkDefault true; home-manager = lib.mkDefault true; @@ -16350,9 +16359,9 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a #+begin_src nix-ts :tangle profiles/nixos/toto/default.nix :mkdirp yes { lib, config, ... }: { - options.swarselsystems.profiles.toto = lib.mkEnableOption "is this a toto (setup) host"; - config = lib.mkIf config.swarselsystems.profiles.toto { - swarselsystems.modules = { + options.swarselprofiles.toto = lib.mkEnableOption "is this a toto (setup) host"; + config = lib.mkIf config.swarselprofiles.toto { + swarselmodules = { general = lib.mkDefault true; packages = lib.mkDefault true; home-manager = lib.mkDefault true; @@ -16380,15 +16389,20 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a :END: #+begin_src nix-ts :tangle profiles/nixos/work/default.nix :mkdirp yes - { lib, config, ... }: + { lib, config, minimal, ... }: { - options.swarselsystems.profiles.work = lib.mkEnableOption "is this a work host"; - config = lib.mkIf config.swarselsystems.profiles.work { - swarselsystems.modules = { + options.swarselprofiles.work = lib.mkEnableOption "is this a work host"; + config = lib.mkIf config.swarselprofiles.work { + swarselmodules = { optional = { work = lib.mkDefault true; }; }; + home-manager.users."${config.swarselsystems.mainUser}" = { + swarselprofiles = { + work = lib.mkIf (!minimal) true; + }; + }; }; @@ -16402,15 +16416,20 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a :END: #+begin_src nix-ts :tangle profiles/nixos/framework/default.nix :mkdirp yes - { lib, config, ... }: + { lib, config, minimal, ... }: { - options.swarselsystems.profiles.framework = lib.mkEnableOption "is this a framework brand host"; - config = lib.mkIf config.swarselsystems.profiles.framework { - swarselsystems.modules = { + options.swarselprofiles.framework = lib.mkEnableOption "is this a framework brand host"; + config = lib.mkIf config.swarselprofiles.framework { + swarselmodules = { optional = { framework = lib.mkDefault true; }; }; + home-manager.users."${config.swarselsystems.mainUser}" = { + swarselprofiles = { + framework = lib.mkIf (!minimal) true; + }; + }; }; @@ -16426,9 +16445,9 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a #+begin_src nix-ts :tangle profiles/nixos/amdcpu/default.nix :mkdirp yes { lib, config, ... }: { - options.swarselsystems.profiles.amdcpu = lib.mkEnableOption "is this a host with amd cpu"; - config = lib.mkIf config.swarselsystems.profiles.amdcpu { - swarselsystems.modules = { + options.swarselprofiles.amdcpu = lib.mkEnableOption "is this a host with amd cpu"; + config = lib.mkIf config.swarselprofiles.amdcpu { + swarselmodules = { optional = { amdcpu = lib.mkDefault true; }; @@ -16448,9 +16467,9 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a #+begin_src nix-ts :tangle profiles/nixos/amdgpu/default.nix :mkdirp yes { lib, config, ... }: { - options.swarselsystems.profiles.amdgpu = lib.mkEnableOption "is this a host with amd gpu"; - config = lib.mkIf config.swarselsystems.profiles.amdgpu { - swarselsystems.modules = { + options.swarselprofiles.amdgpu = lib.mkEnableOption "is this a host with amd gpu"; + config = lib.mkIf config.swarselprofiles.amdgpu { + swarselmodules = { optional = { amdgpu = lib.mkDefault true; }; @@ -16470,9 +16489,9 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a #+begin_src nix-ts :tangle profiles/nixos/hibernation/default.nix :mkdirp yes { lib, config, ... }: { - options.swarselsystems.profiles.hibernation = lib.mkEnableOption "is this a host using hibernation"; - config = lib.mkIf config.swarselsystems.profiles.hibernation { - swarselsystems.modules = { + options.swarselprofiles.hibernation = lib.mkEnableOption "is this a host using hibernation"; + config = lib.mkIf config.swarselprofiles.hibernation { + swarselmodules = { optional = { hibernation = lib.mkDefault true; }; @@ -16492,9 +16511,9 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a #+begin_src nix-ts :tangle profiles/nixos/btrfs/default.nix :mkdirp yes { lib, config, ... }: { - options.swarselsystems.profiles.btrfs = lib.mkEnableOption "is this a host using btrfs"; - config = lib.mkIf config.swarselsystems.profiles.btrfs { - swarselsystems.modules = { + options.swarselprofiles.btrfs = lib.mkEnableOption "is this a host using btrfs"; + config = lib.mkIf config.swarselprofiles.btrfs { + swarselmodules = { optional = { btrfs = lib.mkDefault true; }; @@ -16514,10 +16533,9 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a #+begin_src nix-ts :tangle profiles/nixos/localserver/default.nix :mkdirp yes { lib, config, ... }: { - options.swarselsystems.profiles.server.local = lib.mkEnableOption "is this a local server"; - config = lib.mkIf config.swarselsystems.profiles.server.local { - swarselsystems = { - modules = { + options.swarselprofiles.server.local = lib.mkEnableOption "is this a local server"; + config = lib.mkIf config.swarselprofiles.server.local { + swarselmodules = { general = lib.mkDefault true; pii = lib.mkDefault true; home-manager = lib.mkDefault true; @@ -16557,7 +16575,6 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a ankisync = lib.mkDefault true; }; }; - }; }; } @@ -16571,10 +16588,9 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a #+begin_src nix-ts :tangle profiles/nixos/syncserver/default.nix :mkdirp yes { lib, config, ... }: { - options.swarselsystems.profiles.server.syncserver = lib.mkEnableOption "is this a oci syncserver server"; - config = lib.mkIf config.swarselsystems.profiles.server.syncserver { - swarselsystems = { - modules = { + options.swarselprofiles.server.syncserver = lib.mkEnableOption "is this a oci syncserver server"; + config = lib.mkIf config.swarselprofiles.server.syncserver { + swarselmodules = { general = lib.mkDefault true; nix-ld = lib.mkDefault true; pii = lib.mkDefault true; @@ -16592,7 +16608,6 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a ankisync = lib.mkDefault false; }; }; - }; }; } @@ -16606,10 +16621,9 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a #+begin_src nix-ts :tangle profiles/nixos/moonside/default.nix :mkdirp yes { lib, config, ... }: { - options.swarselsystems.profiles.server.moonside = lib.mkEnableOption "is this a moonside server"; - config = lib.mkIf config.swarselsystems.profiles.server.moonside { - swarselsystems = { - modules = { + options.swarselprofiles.server.moonside = lib.mkEnableOption "is this a moonside server"; + config = lib.mkIf config.swarselprofiles.server.moonside { + swarselmodules= { general = lib.mkDefault true; pii = lib.mkDefault true; home-manager = lib.mkDefault true; @@ -16628,7 +16642,6 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a microbin = lib.mkDefault true; shlink = lib.mkDefault true; }; - }; }; }; @@ -16660,9 +16673,9 @@ This holds modules that are to be used on most hosts. These are also the most im #+begin_src nix-ts :tangle profiles/home/personal/default.nix :mkdirp yes { lib, config, ... }: { - options.swarselsystems.profiles.personal = lib.mkEnableOption "is this a personal host"; - config = lib.mkIf config.swarselsystems.profiles.personal { - swarselsystems.modules = { + options.swarselprofiles.personal = lib.mkEnableOption "is this a personal host"; + config = lib.mkIf config.swarselprofiles.personal { + swarselmodules = { packages = lib.mkDefault true; ownpackages = lib.mkDefault true; general = lib.mkDefault true; @@ -16719,9 +16732,9 @@ This holds modules that are to be used on most hosts. These are also the most im #+begin_src nix-ts :tangle profiles/home/reduced/default.nix :mkdirp yes { lib, config, ... }: { - options.swarselsystems.profiles.reduced = lib.mkEnableOption "is this a reduced personal host"; - config = lib.mkIf config.swarselsystems.profiles.reduced { - swarselsystems.modules = { + options.swarselprofiles.reduced = lib.mkEnableOption "is this a reduced personal host"; + config = lib.mkIf config.swarselprofiles.reduced { + swarselmodules = { packages = lib.mkDefault true; ownpackages = lib.mkDefault true; general = lib.mkDefault true; @@ -16775,9 +16788,9 @@ This holds modules that are to be used on most hosts. These are also the most im #+begin_src nix-ts :tangle profiles/home/minimal/default.nix :mkdirp yes { lib, config, ... }: { - options.swarselsystems.profiles.minimal = lib.mkEnableOption "is this a personal host"; - config = lib.mkIf config.swarselsystems.profiles.minimal { - swarselsystems.modules = { + options.swarselprofiles.minimal = lib.mkEnableOption "is this a personal host"; + config = lib.mkIf config.swarselprofiles.minimal { + swarselmodules = { general = lib.mkDefault true; sops = lib.mkDefault true; kitty = lib.mkDefault true; @@ -16798,9 +16811,9 @@ This holds modules that are to be used on most hosts. These are also the most im #+begin_src nix-ts :tangle profiles/home/chaostheatre/default.nix :mkdirp yes { lib, config, ... }: { - options.swarselsystems.profiles.chaostheatre = lib.mkEnableOption "is this a chaostheatre host"; - config = lib.mkIf config.swarselsystems.profiles.chaostheatre { - swarselsystems.modules = { + options.swarselprofiles.chaostheatre = lib.mkEnableOption "is this a chaostheatre host"; + config = lib.mkIf config.swarselprofiles.chaostheatre { + swarselmodules = { packages = lib.mkDefault true; ownpackages = lib.mkDefault true; general = lib.mkDefault true; @@ -16851,9 +16864,9 @@ This holds modules that are to be used on most hosts. These are also the most im #+begin_src nix-ts :tangle profiles/home/toto/default.nix :mkdirp yes { lib, config, ... }: { - options.swarselsystems.profiles.toto = lib.mkEnableOption "is this a toto (setup) host"; - config = lib.mkIf config.swarselsystems.profiles.toto { - swarselsystems.modules = { + options.swarselprofiles.toto = lib.mkEnableOption "is this a toto (setup) host"; + config = lib.mkIf config.swarselprofiles.toto { + swarselmodules = { general = lib.mkDefault true; sops = lib.mkDefault true; ssh = lib.mkDefault true; @@ -16874,9 +16887,9 @@ This holds modules that are to be used on most hosts. These are also the most im #+begin_src nix-ts :tangle profiles/home/work/default.nix :mkdirp yes { lib, config, ... }: { - options.swarselsystems.profiles.work = lib.mkEnableOption "is this a work host"; - config = lib.mkIf config.swarselsystems.profiles.work { - swarselsystems.modules = { + options.swarselprofiles.work = lib.mkEnableOption "is this a work host"; + config = lib.mkIf config.swarselprofiles.work { + swarselmodules = { optional = { work = lib.mkDefault true; }; @@ -16895,9 +16908,9 @@ This holds modules that are to be used on most hosts. These are also the most im #+begin_src nix-ts :tangle profiles/home/framework/default.nix :mkdirp yes { lib, config, ... }: { - options.swarselsystems.profiles.framework = lib.mkEnableOption "is this a framework brand host"; - config = lib.mkIf config.swarselsystems.profiles.framework { - swarselsystems.modules = { + options.swarselprofiles.framework = lib.mkEnableOption "is this a framework brand host"; + config = lib.mkIf config.swarselprofiles.framework { + swarselmodules = { optional = { framework = lib.mkDefault true; }; @@ -16909,25 +16922,6 @@ This holds modules that are to be used on most hosts. These are also the most im #+end_src -**** Darwin -:PROPERTIES: -:CUSTOM_ID: h:24e6d661-f498-478c-9008-e8d8c17432ca -:END: - -#+begin_src nix-ts :tangle profiles/home/darwin/default.nix :mkdirp yes - { lib, config, ... }: - { - options.swarselsystems.profiles.darwin = lib.mkEnableOption "is this a darwin host"; - config = lib.mkIf config.swarselsystems.profiles.darwin { - swarselsystems.modules = { - general = lib.mkDefault true; - }; - }; - - } - -#+end_src - **** Local Server :PROPERTIES: :CUSTOM_ID: h:8027b858-369e-4f12-bbaf-f15eeee3d904 @@ -16936,9 +16930,9 @@ This holds modules that are to be used on most hosts. These are also the most im #+begin_src nix-ts :tangle profiles/home/localserver/default.nix :mkdirp yes { lib, config, ... }: { - options.swarselsystems.profiles.server.local = lib.mkEnableOption "is this a local server"; - config = lib.mkIf config.swarselsystems.profiles.server.local { - swarselsystems.modules = { + options.swarselprofiles.server.local = lib.mkEnableOption "is this a local server"; + config = lib.mkIf config.swarselprofiles.server.local { + swarselmodules = { general = lib.mkDefault true; server = { dotfiles = lib.mkDefault true; diff --git a/hosts/nixos/bakery/default.nix b/hosts/nixos/bakery/default.nix index 1e0b9bf..b130252 100644 --- a/hosts/nixos/bakery/default.nix +++ b/hosts/nixos/bakery/default.nix @@ -7,10 +7,6 @@ let isBtrfs = true; isLinux = true; sharescreen = "eDP-1"; - profiles = { - reduced = lib.mkIf (!minimal) true; - minimal = lib.mkIf minimal true; - }; }; in { @@ -23,6 +19,11 @@ in ]; + swarselprofiles = { + reduced = lib.mkIf (!minimal) true; + minimal = lib.mkIf minimal true; + btrfs = true; + }; swarselsystems = lib.recursiveUpdate { @@ -38,13 +39,14 @@ in rootDisk = "/dev/nvme0n1"; swapSize = "4G"; hostName = config.node.name; - profiles = { - btrfs = true; - }; } sharedOptions; home-manager.users."${primaryUser}" = { + swarselprofiles = { + reduced = lib.mkIf (!minimal) true; + minimal = lib.mkIf minimal true; + }; # home.stateVersion = lib.mkForce "23.05"; swarselsystems = lib.recursiveUpdate { diff --git a/hosts/nixos/chaostheatre/default.nix b/hosts/nixos/chaostheatre/default.nix index e3c10d2..a15954b 100644 --- a/hosts/nixos/chaostheatre/default.nix +++ b/hosts/nixos/chaostheatre/default.nix @@ -6,10 +6,6 @@ let isBtrfs = false; isLinux = true; isPublic = true; - profiles = { - chaostheatre = lib.mkIf (!minimal) true; - minimal = lib.mkIf minimal true; - }; }; in { @@ -39,6 +35,11 @@ in firewall.enable = true; }; + swarselprofiles = { + chaostheatre = lib.mkIf (!minimal) true; + minimal = lib.mkIf minimal true; + btrfs = true; + }; swarselsystems = lib.recursiveUpdate { info = "~SwarselSystems~ demo host"; @@ -49,7 +50,6 @@ in isSwap = true; swapSize = "4G"; rootDisk = "/dev/vda"; - profiles.btrfs = true; } sharedOptions; diff --git a/hosts/nixos/milkywell/default.nix b/hosts/nixos/milkywell/default.nix index 2554037..21733d5 100644 --- a/hosts/nixos/milkywell/default.nix +++ b/hosts/nixos/milkywell/default.nix @@ -6,9 +6,6 @@ let isLinux = true; isNixos = true; }; - profiles = { - minimal = lib.mkIf minimal true; - }; in { imports = [ @@ -32,6 +29,10 @@ in enableAllFirmware = lib.mkForce false; }; + swarselprofiles = { + minimal = lib.mkIf minimal true; + server.syncserver = true; + }; swarselsystems = lib.recursiveUpdate { info = "VM.Standard.E2.1.Micro"; @@ -41,9 +42,6 @@ in isSwap = true; rootDisk = "/dev/sda"; swapSize = "4G"; - profiles = { - server.syncserver = true; - }; } sharedOptions; diff --git a/hosts/nixos/moonside/default.nix b/hosts/nixos/moonside/default.nix index ba84c3b..ed18302 100644 --- a/hosts/nixos/moonside/default.nix +++ b/hosts/nixos/moonside/default.nix @@ -209,6 +209,9 @@ in }; }; + swarselprofiles = { + server.moonside = true; + }; swarselsystems = lib.recursiveUpdate { info = "VM.Standard.A1.Flex, 4 OCPUs, 24GB RAM"; @@ -217,9 +220,6 @@ in isCrypted = false; isSwap = false; rootDisk = "/dev/sda"; - profiles = { - server.moonside = true; - }; } sharedOptions; diff --git a/hosts/nixos/pyramid/default.nix b/hosts/nixos/pyramid/default.nix index e3607c7..79541c3 100644 --- a/hosts/nixos/pyramid/default.nix +++ b/hosts/nixos/pyramid/default.nix @@ -1,19 +1,6 @@ { self, config, inputs, lib, minimal, ... }: let primaryUser = config.swarselsystems.mainUser; - sharedOptions = { - isLaptop = true; - isNixos = true; - isBtrfs = true; - isLinux = true; - sharescreen = "eDP-2"; - profiles = { - personal = lib.mkIf (!minimal) true; - minimal = lib.mkIf minimal true; - work = lib.mkIf (!minimal) true; - framework = lib.mkIf (!minimal) true; - }; - }; in { @@ -26,53 +13,56 @@ in ]; - swarselsystems = lib.recursiveUpdate - { - info = "Framework Laptop 16, 7940HS, RX7700S, 64GB RAM"; - firewall = lib.mkForce true; - wallpaper = self + /files/wallpaper/lenovowp.png; - hasBluetooth = true; - hasFingerprint = true; - isImpermanence = false; - isSecureBoot = true; - isCrypted = true; - inherit (config.repo.secrets.local) hostName; - inherit (config.repo.secrets.local) fqdn; - hibernation.offset = 533760; - profiles = { - amdcpu = true; - amdgpu = true; - hibernation = true; - btrfs = true; - }; - } - sharedOptions; + swarselprofiles = { + personal = lib.mkIf (!minimal) true; + work = lib.mkIf (!minimal) true; + framework = lib.mkIf (!minimal) true; + amdcpu = true; + amdgpu = true; + hibernation = true; + btrfs = true; + }; + swarselsystems = { + lowResolution = "1280x800"; + highResolution = "2560x1600"; + isLaptop = true; + isNixos = true; + isBtrfs = true; + isLinux = true; + sharescreen = "eDP-2"; + info = "Framework Laptop 16, 7940HS, RX7700S, 64GB RAM"; + firewall = lib.mkForce true; + wallpaper = self + /files/wallpaper/lenovowp.png; + hasBluetooth = true; + hasFingerprint = true; + isImpermanence = false; + isSecureBoot = true; + isCrypted = true; + inherit (config.repo.secrets.local) hostName; + inherit (config.repo.secrets.local) fqdn; + hibernation.offset = 533760; + }; home-manager.users."${primaryUser}" = { - # home.stateVersion = lib.mkForce "23.05"; - swarselsystems = lib.recursiveUpdate - { - isSecondaryGpu = true; - SecondaryGpuCard = "pci-0000_03_00_0"; - cpuCount = 16; - temperatureHwmon = { - isAbsolutePath = true; - path = "/sys/devices/virtual/thermal/thermal_zone0/"; - input-filename = "temp4_input"; + swarselsystems = { + isSecondaryGpu = true; + SecondaryGpuCard = "pci-0000_03_00_0"; + cpuCount = 16; + temperatureHwmon = { + isAbsolutePath = true; + path = "/sys/devices/virtual/thermal/thermal_zone0/"; + input-filename = "temp4_input"; + }; + monitors = { + main = { + name = "BOE 0x0BC9 Unknown"; + mode = "2560x1600"; # TEMPLATE + scale = "1"; + position = "2560,0"; + workspace = "15:L"; + output = "eDP-2"; }; - lowResolution = "1280x800"; - highResolution = "2560x1600"; - monitors = { - main = { - name = "BOE 0x0BC9 Unknown"; - mode = "2560x1600"; # TEMPLATE - scale = "1"; - position = "2560,0"; - workspace = "15:L"; - output = "eDP-2"; - }; - }; - } - sharedOptions; + }; + }; }; } diff --git a/hosts/nixos/toto/default.nix b/hosts/nixos/toto/default.nix index 8a37895..9522528 100644 --- a/hosts/nixos/toto/default.nix +++ b/hosts/nixos/toto/default.nix @@ -4,10 +4,6 @@ let sharedOptions = { isBtrfs = true; isLinux = true; - profiles = { - toto = lib.mkIf (!minimal) true; - minimal = lib.mkIf minimal true; - }; }; in { @@ -24,6 +20,11 @@ in firewall.enable = false; }; + swarselprofiles = { + toto = lib.mkIf (!minimal) true; + minimal = lib.mkIf minimal true; + btrfs = true; + }; swarselsystems = lib.recursiveUpdate { info = "~SwarselSystems~ remote install helper"; @@ -35,7 +36,6 @@ in swapSize = "2G"; # rootDisk = "/dev/nvme0n1"; rootDisk = "/dev/vda"; - profiles.btrfs = true; # rootDisk = "/dev/vda"; } sharedOptions; diff --git a/hosts/nixos/winters/default.nix b/hosts/nixos/winters/default.nix index 6b65107..c0b71d4 100644 --- a/hosts/nixos/winters/default.nix +++ b/hosts/nixos/winters/default.nix @@ -5,9 +5,6 @@ let isBtrfs = false; isLinux = true; isNixos = true; - profiles = { - server.local = true; - }; }; in { @@ -30,6 +27,9 @@ in }; + swarselprofiles = { + server.local = true; + }; swarselsystems = lib.recursiveUpdate { info = "ASRock J4105-ITX, 32GB RAM"; diff --git a/modules/home/common/atuin.nix b/modules/home/common/atuin.nix index f0623e1..82383f5 100644 --- a/modules/home/common/atuin.nix +++ b/modules/home/common/atuin.nix @@ -3,8 +3,8 @@ let atuinDomain = globals.services.atuin.domain; in { - options.swarselsystems.modules.atuin = lib.mkEnableOption "atuin settings"; - config = lib.mkIf config.swarselsystems.modules.atuin { + options.swarselmodules.atuin = lib.mkEnableOption "atuin settings"; + config = lib.mkIf config.swarselmodules.atuin { programs.atuin = { enable = true; enableZshIntegration = true; diff --git a/modules/home/common/custom-packages.nix b/modules/home/common/custom-packages.nix index 8c38d7f..5c66542 100644 --- a/modules/home/common/custom-packages.nix +++ b/modules/home/common/custom-packages.nix @@ -1,8 +1,8 @@ { lib, config, pkgs, ... }: { - options.swarselsystems.modules.ownpackages = lib.mkEnableOption "own packages settings"; - config = lib.mkIf config.swarselsystems.modules.ownpackages { + options.swarselmodules.ownpackages = lib.mkEnableOption "own packages settings"; + config = lib.mkIf config.swarselmodules.ownpackages { home.packages = with pkgs; lib.mkIf (!config.swarselsystems.isPublic) [ pass-fuzzel cdw diff --git a/modules/home/common/default.nix b/modules/home/common/default.nix index 18e0ee1..a7035d0 100644 --- a/modules/home/common/default.nix +++ b/modules/home/common/default.nix @@ -1,7 +1,9 @@ -{ lib, ... }: +{ self, lib, ... }: let importNames = lib.swarselsystems.readNix "modules/home/common"; in { - imports = lib.swarselsystems.mkImports importNames "modules/home/common"; + imports = lib.swarselsystems.mkImports importNames "modules/home/common" ++ [ + "${self}/modules/shared/sharedsetup.nix" + ]; } diff --git a/modules/home/common/desktop.nix b/modules/home/common/desktop.nix index 05b03fd..a24eb94 100644 --- a/modules/home/common/desktop.nix +++ b/modules/home/common/desktop.nix @@ -1,7 +1,7 @@ { lib, config, ... }: { - options.swarselsystems.modules.desktop = lib.mkEnableOption "desktop settings"; - config = lib.mkIf config.swarselsystems.modules.desktop { + options.swarselmodules.desktop = lib.mkEnableOption "desktop settings"; + config = lib.mkIf config.swarselmodules.desktop { xdg.desktopEntries = { cura = { diff --git a/modules/home/common/direnv.nix b/modules/home/common/direnv.nix index 0e84503..ea72d7d 100644 --- a/modules/home/common/direnv.nix +++ b/modules/home/common/direnv.nix @@ -1,7 +1,7 @@ { lib, config, ... }: { - options.swarselsystems.modules.direnv = lib.mkEnableOption "direnv settings"; - config = lib.mkIf config.swarselsystems.modules.direnv { + options.swarselmodules.direnv = lib.mkEnableOption "direnv settings"; + config = lib.mkIf config.swarselmodules.direnv { programs.direnv = { enable = true; silent = true; diff --git a/modules/home/common/emacs.nix b/modules/home/common/emacs.nix index 8f5863e..5cb16e4 100644 --- a/modules/home/common/emacs.nix +++ b/modules/home/common/emacs.nix @@ -3,8 +3,8 @@ let inherit (config.swarselsystems) homeDir isPublic; in { - options.swarselsystems.modules.emacs = lib.mkEnableOption "emacs settings"; - config = lib.mkIf config.swarselsystems.modules.emacs { + options.swarselmodules.emacs = lib.mkEnableOption "emacs settings"; + config = lib.mkIf config.swarselmodules.emacs { # needed for elfeed sops.secrets.fever-pw = lib.mkIf (!isPublic) { path = "${homeDir}/.emacs.d/.fever"; }; diff --git a/modules/home/common/env.nix b/modules/home/common/env.nix index a8acacd..e4d9da2 100644 --- a/modules/home/common/env.nix +++ b/modules/home/common/env.nix @@ -5,8 +5,8 @@ let crocDomain = globals.services.croc.domain; in { - options.swarselsystems.modules.env = lib.mkEnableOption "env settings"; - config = lib.mkIf config.swarselsystems.modules.env { + options.swarselmodules.env = lib.mkEnableOption "env settings"; + config = lib.mkIf config.swarselmodules.env { home.sessionVariables = { EDITOR = "e -w"; DISPLAY = ":0"; diff --git a/modules/home/common/eza.nix b/modules/home/common/eza.nix index c78a30b..56316f6 100644 --- a/modules/home/common/eza.nix +++ b/modules/home/common/eza.nix @@ -1,7 +1,7 @@ { lib, config, ... }: { - options.swarselsystems.modules.eza = lib.mkEnableOption "eza settings"; - config = lib.mkIf config.swarselsystems.modules.eza { + options.swarselmodules.eza = lib.mkEnableOption "eza settings"; + config = lib.mkIf config.swarselmodules.eza { programs.eza = { enable = true; icons = "auto"; diff --git a/modules/home/common/firefox.nix b/modules/home/common/firefox.nix index 0095a39..7f7e3fe 100644 --- a/modules/home/common/firefox.nix +++ b/modules/home/common/firefox.nix @@ -1,7 +1,7 @@ { config, pkgs, lib, ... }: { - options.swarselsystems.modules.firefox = lib.mkEnableOption "firefox settings"; - config = lib.mkIf config.swarselsystems.modules.firefox { + options.swarselmodules.firefox = lib.mkEnableOption "firefox settings"; + config = lib.mkIf config.swarselmodules.firefox { programs.firefox = { enable = true; package = pkgs.firefox; # uses overrides diff --git a/modules/home/common/fuzzel.nix b/modules/home/common/fuzzel.nix index 8c646ca..89e6689 100644 --- a/modules/home/common/fuzzel.nix +++ b/modules/home/common/fuzzel.nix @@ -1,7 +1,7 @@ { lib, config, ... }: { - options.swarselsystems.modules.fuzzel = lib.mkEnableOption "fuzzel settings"; - config = lib.mkIf config.swarselsystems.modules.fuzzel { + options.swarselmodules.fuzzel = lib.mkEnableOption "fuzzel settings"; + config = lib.mkIf config.swarselmodules.fuzzel { programs.fuzzel = { enable = true; settings = { diff --git a/modules/home/common/gammastep.nix b/modules/home/common/gammastep.nix index e6d9e73..1109d75 100644 --- a/modules/home/common/gammastep.nix +++ b/modules/home/common/gammastep.nix @@ -3,8 +3,8 @@ let inherit (nixosConfig.repo.secrets.common.location) latitude longitude; in { - options.swarselsystems.modules.gammastep = lib.mkEnableOption "gammastep settings"; - config = lib.mkIf config.swarselsystems.modules.gammastep { + options.swarselmodules.gammastep = lib.mkEnableOption "gammastep settings"; + config = lib.mkIf config.swarselmodules.gammastep { services.gammastep = lib.mkIf (config.swarselsystems.isNixos && !config.swarselsystems.isPublic) { enable = true; provider = "manual"; diff --git a/modules/home/common/git.nix b/modules/home/common/git.nix index 97632a1..4f522f5 100644 --- a/modules/home/common/git.nix +++ b/modules/home/common/git.nix @@ -6,8 +6,8 @@ let gitUser = globals.user.name; in { - options.swarselsystems.modules.git = lib.mkEnableOption "git settings"; - config = lib.mkIf config.swarselsystems.modules.git { + options.swarselmodules.git = lib.mkEnableOption "git settings"; + config = lib.mkIf config.swarselmodules.git { programs.git = { enable = true; } // lib.optionalAttrs (!minimal) { diff --git a/modules/home/common/gnome-keyring.nix b/modules/home/common/gnome-keyring.nix index 9fb5ec6..c952e7b 100644 --- a/modules/home/common/gnome-keyring.nix +++ b/modules/home/common/gnome-keyring.nix @@ -1,7 +1,7 @@ { lib, config, ... }: { - options.swarselsystems.modules.gnome-keyring = lib.mkEnableOption "gnome keyring settings"; - config = lib.mkIf config.swarselsystems.modules.gnome-keyring { + options.swarselmodules.gnome-keyring = lib.mkEnableOption "gnome keyring settings"; + config = lib.mkIf config.swarselmodules.gnome-keyring { services.gnome-keyring = lib.mkIf (!config.swarselsystems.isNixos) { enable = true; }; diff --git a/modules/home/common/gpg-agent.nix b/modules/home/common/gpg-agent.nix index 0ef546d..f8da000 100644 --- a/modules/home/common/gpg-agent.nix +++ b/modules/home/common/gpg-agent.nix @@ -3,8 +3,8 @@ let inherit (config.swarselsystems) mainUser homeDir; in { - options.swarselsystems.modules.gpgagent = lib.mkEnableOption "gpg agent settings"; - config = lib.mkIf config.swarselsystems.modules.gpgagent { + options.swarselmodules.gpgagent = lib.mkEnableOption "gpg agent settings"; + config = lib.mkIf config.swarselmodules.gpgagent { services.gpg-agent = { enable = true; enableZshIntegration = true; diff --git a/modules/home/common/kanshi.nix b/modules/home/common/kanshi.nix index 352666d..026450e 100644 --- a/modules/home/common/kanshi.nix +++ b/modules/home/common/kanshi.nix @@ -1,7 +1,7 @@ { lib, config, ... }: { - options.swarselsystems.modules.kanshi = lib.mkEnableOption "kanshi settings"; - config = lib.mkIf config.swarselsystems.modules.kanshi { + options.swarselmodules.kanshi = lib.mkEnableOption "kanshi settings"; + config = lib.mkIf config.swarselmodules.kanshi { swarselsystems = { monitors = { homedesktop = { diff --git a/modules/home/common/kdeconnect.nix b/modules/home/common/kdeconnect.nix index b36122e..c51ca32 100644 --- a/modules/home/common/kdeconnect.nix +++ b/modules/home/common/kdeconnect.nix @@ -1,7 +1,7 @@ { lib, config, ... }: { - options.swarselsystems.modules.kdeconnect = lib.mkEnableOption "kdeconnect settings"; - config = lib.mkIf config.swarselsystems.modules.kdeconnect { + options.swarselmodules.kdeconnect = lib.mkEnableOption "kdeconnect settings"; + config = lib.mkIf config.swarselmodules.kdeconnect { services.kdeconnect = { enable = true; indicator = true; diff --git a/modules/home/common/kitty.nix b/modules/home/common/kitty.nix index a7774ec..2b57e93 100644 --- a/modules/home/common/kitty.nix +++ b/modules/home/common/kitty.nix @@ -1,7 +1,7 @@ { lib, config, ... }: { - options.swarselsystems.modules.kitty = lib.mkEnableOption "kitty settings"; - config = lib.mkIf config.swarselsystems.modules.kitty { + options.swarselmodules.kitty = lib.mkEnableOption "kitty settings"; + config = lib.mkIf config.swarselmodules.kitty { programs.kitty = { enable = true; keybindings = { }; diff --git a/modules/home/common/mail.nix b/modules/home/common/mail.nix index ad5d529..77e67d4 100644 --- a/modules/home/common/mail.nix +++ b/modules/home/common/mail.nix @@ -5,8 +5,8 @@ let inherit (config.swarselsystems) xdgDir; in { - options.swarselsystems.modules.mail = lib.mkEnableOption "mail settings"; - config = lib.mkIf config.swarselsystems.modules.mail { + options.swarselmodules.mail = lib.mkEnableOption "mail settings"; + config = lib.mkIf config.swarselmodules.mail { sops.secrets = lib.mkIf (!config.swarselsystems.isPublic) { address1-token = { path = "${xdgDir}/secrets/address1-token"; }; diff --git a/modules/home/common/mako.nix b/modules/home/common/mako.nix index bbff8c3..45d7cfa 100644 --- a/modules/home/common/mako.nix +++ b/modules/home/common/mako.nix @@ -1,7 +1,7 @@ { lib, config, ... }: { - options.swarselsystems.modules.mako = lib.mkEnableOption "mako settings"; - config = lib.mkIf config.swarselsystems.modules.mako { + options.swarselmodules.mako = lib.mkEnableOption "mako settings"; + config = lib.mkIf config.swarselmodules.mako { services.mako = { enable = true; settings = { diff --git a/modules/home/common/nix-index.nix b/modules/home/common/nix-index.nix index b23b1c1..42aa8d1 100644 --- a/modules/home/common/nix-index.nix +++ b/modules/home/common/nix-index.nix @@ -1,7 +1,7 @@ { self, lib, config, pkgs, ... }: { - options.swarselsystems.modules.nix-index = lib.mkEnableOption "nix-index settings"; - config = lib.mkIf config.swarselsystems.modules.nix-index { + options.swarselmodules.nix-index = lib.mkEnableOption "nix-index settings"; + config = lib.mkIf config.swarselmodules.nix-index { programs.nix-index = let commandNotFound = pkgs.runCommandLocal "command-not-found.sh" { } '' diff --git a/modules/home/common/nixgl.nix b/modules/home/common/nixgl.nix index 4fac380..0ba9d1a 100644 --- a/modules/home/common/nixgl.nix +++ b/modules/home/common/nixgl.nix @@ -1,14 +1,14 @@ { lib, config, nixgl, ... }: { + options.swarselmodules.nixgl = lib.mkEnableOption "nixgl settings"; options.swarselsystems = { - modules.nixgl = lib.mkEnableOption "nixgl settings"; isSecondaryGpu = lib.mkEnableOption "device has a secondary GPU"; SecondaryGpuCard = lib.mkOption { type = lib.types.str; default = ""; }; }; - config = lib.mkIf config.swarselsystems.modules.nixgl { + config = lib.mkIf config.swarselmodules.nixgl { nixGL = lib.mkIf (!config.swarselsystems.isNixos) { inherit (nixgl) packages; defaultWrapper = lib.mkDefault "mesa"; diff --git a/modules/home/common/packages.nix b/modules/home/common/packages.nix index f01c6ee..c9c3ba1 100644 --- a/modules/home/common/packages.nix +++ b/modules/home/common/packages.nix @@ -1,8 +1,8 @@ { lib, config, pkgs, ... }: { - options.swarselsystems.modules.packages = lib.mkEnableOption "packages settings"; - config = lib.mkIf config.swarselsystems.modules.packages { + options.swarselmodules.packages = lib.mkEnableOption "packages settings"; + config = lib.mkIf config.swarselmodules.packages { home.packages = with pkgs; [ # audio stuff diff --git a/modules/home/common/password-store.nix b/modules/home/common/password-store.nix index a6f05b7..bd9f640 100644 --- a/modules/home/common/password-store.nix +++ b/modules/home/common/password-store.nix @@ -1,7 +1,7 @@ { lib, config, pkgs, ... }: { - options.swarselsystems.modules.passwordstore = lib.mkEnableOption "passwordstore settings"; - config = lib.mkIf config.swarselsystems.modules.passwordstore { + options.swarselmodules.passwordstore = lib.mkEnableOption "passwordstore settings"; + config = lib.mkIf config.swarselmodules.passwordstore { programs.password-store = { enable = true; settings = { diff --git a/modules/home/common/programs.nix b/modules/home/common/programs.nix index 27948d0..26f2619 100644 --- a/modules/home/common/programs.nix +++ b/modules/home/common/programs.nix @@ -1,7 +1,7 @@ { lib, config, pkgs, ... }: { - options.swarselsystems.modules.programs = lib.mkEnableOption "programs settings"; - config = lib.mkIf config.swarselsystems.modules.programs { + options.swarselmodules.programs = lib.mkEnableOption "programs settings"; + config = lib.mkIf config.swarselmodules.programs { programs = { bottom.enable = true; imv.enable = true; diff --git a/modules/home/common/settings.nix b/modules/home/common/settings.nix index 540837a..3a349f7 100644 --- a/modules/home/common/settings.nix +++ b/modules/home/common/settings.nix @@ -3,8 +3,8 @@ let inherit (config.swarselsystems) mainUser; in { - options.swarselsystems.modules.general = lib.mkEnableOption "general nix settings"; - config = lib.mkIf config.swarselsystems.modules.general { + options.swarselmodules.general = lib.mkEnableOption "general nix settings"; + config = lib.mkIf config.swarselmodules.general { nix = lib.mkIf (!config.swarselsystems.isNixos) { package = lib.mkForce pkgs.nixVersions.nix_2_28; extraOptions = '' diff --git a/modules/home/common/sharedoptions.nix b/modules/home/common/sharedoptions.nix new file mode 100644 index 0000000..343518f --- /dev/null +++ b/modules/home/common/sharedoptions.nix @@ -0,0 +1,12 @@ +{ lib, config, nixosConfig, ... }: +let + # mirrorAttrs = lib.mapAttrs (_: v: lib.mkDefault v) nixosConfig.swarselsystems; + inherit (lib) mkDefault mapAttrs filterAttrs; + mkDefaultCommonAttrs = base: defaults: + lib.mapAttrs (_: v: lib.mkDefault v) + (lib.filterAttrs (k: _: base ? ${k}) defaults); +in +{ + # config.swarselsystems = mirrorAttrs; + config.swarselsystems = mkDefaultCommonAttrs config.swarselsystems nixosConfig.swarselsystems; +} diff --git a/modules/home/common/sops.nix b/modules/home/common/sops.nix index fd93900..9fbdafc 100644 --- a/modules/home/common/sops.nix +++ b/modules/home/common/sops.nix @@ -3,8 +3,8 @@ let inherit (config.swarselsystems) homeDir; in { - options.swarselsystems.modules.sops = lib.mkEnableOption "sops settings"; - config = lib.mkIf config.swarselsystems.modules.sops { + options.swarselmodules.sops = lib.mkEnableOption "sops settings"; + config = lib.mkIf config.swarselmodules.sops { sops = { age.sshKeyPaths = [ "${homeDir}/.ssh/sops" "${homeDir}/.ssh/ssh_host_ed25519_key" ]; defaultSopsFile = "${homeDir}/.dotfiles/secrets/general/secrets.yaml"; diff --git a/modules/home/common/ssh.nix b/modules/home/common/ssh.nix index dd7361a..052e9a1 100644 --- a/modules/home/common/ssh.nix +++ b/modules/home/common/ssh.nix @@ -1,7 +1,7 @@ { lib, config, ... }: { - options.swarselsystems.modules.ssh = lib.mkEnableOption "ssh settings"; - config = lib.mkIf config.swarselsystems.modules.ssh { + options.swarselmodules.ssh = lib.mkEnableOption "ssh settings"; + config = lib.mkIf config.swarselmodules.ssh { programs.ssh = { enable = true; forwardAgent = true; diff --git a/modules/home/common/starship.nix b/modules/home/common/starship.nix index bee6aeb..ba0e897 100644 --- a/modules/home/common/starship.nix +++ b/modules/home/common/starship.nix @@ -1,7 +1,7 @@ { lib, config, ... }: { - options.swarselsystems.modules.starship = lib.mkEnableOption "starship settings"; - config = lib.mkIf config.swarselsystems.modules.starship { + options.swarselmodules.starship = lib.mkEnableOption "starship settings"; + config = lib.mkIf config.swarselmodules.starship { programs.starship = { enable = true; enableZshIntegration = true; diff --git a/modules/home/common/stylix.nix b/modules/home/common/stylix.nix index eecdb83..10dd04e 100644 --- a/modules/home/common/stylix.nix +++ b/modules/home/common/stylix.nix @@ -1,7 +1,7 @@ { lib, config, ... }: { - options.swarselsystems.modules.stylix = lib.mkEnableOption "stylix settings"; - config = lib.mkIf config.swarselsystems.modules.stylix { + options.swarselmodules.stylix = lib.mkEnableOption "stylix settings"; + config = lib.mkIf config.swarselmodules.stylix { stylix = lib.mkIf (!config.swarselsystems.isNixos) (lib.recursiveUpdate { image = config.swarselsystems.wallpaper; diff --git a/modules/home/common/sway.nix b/modules/home/common/sway.nix index 4e19ab2..3dd5363 100644 --- a/modules/home/common/sway.nix +++ b/modules/home/common/sway.nix @@ -6,8 +6,8 @@ let }; in { + options.swarselmodules.sway = lib.mkEnableOption "sway settings"; options.swarselsystems = { - modules.sway = lib.mkEnableOption "sway settings"; inputs = lib.mkOption { type = lib.types.attrsOf (lib.types.attrsOf lib.types.str); default = { }; @@ -72,7 +72,7 @@ in internal = true; }; }; - config = lib.mkIf config.swarselsystems.modules.sway { + config = lib.mkIf config.swarselmodules.sway { swarselsystems = { touchpad = lib.mkIf config.swarselsystems.isLaptop { "type:touchpad" = { diff --git a/modules/home/common/swayosd.nix b/modules/home/common/swayosd.nix index e422fc2..706aa25 100644 --- a/modules/home/common/swayosd.nix +++ b/modules/home/common/swayosd.nix @@ -1,7 +1,7 @@ { lib, pkgs, config, ... }: { - options.swarselsystems.modules.swayosd = lib.mkEnableOption "swayosd settings"; - config = lib.mkIf config.swarselsystems.modules.swayosd { + options.swarselmodules.swayosd = lib.mkEnableOption "swayosd settings"; + config = lib.mkIf config.swarselmodules.swayosd { services.swayosd = { enable = true; package = pkgs.dev.swayosd; diff --git a/modules/home/common/symlink.nix b/modules/home/common/symlink.nix index a0f1e89..8caca6e 100644 --- a/modules/home/common/symlink.nix +++ b/modules/home/common/symlink.nix @@ -1,7 +1,7 @@ { self, lib, config, ... }: { - options.swarselsystems.modules.symlink = lib.mkEnableOption "symlink settings"; - config = lib.mkIf config.swarselsystems.modules.symlink { + options.swarselmodules.symlink = lib.mkEnableOption "symlink settings"; + config = lib.mkIf config.swarselmodules.symlink { home.file = { "init.el" = lib.mkDefault { source = self + /files/emacs/init.el; diff --git a/modules/home/common/tmux.nix b/modules/home/common/tmux.nix index f5daa4d..f642c6b 100644 --- a/modules/home/common/tmux.nix +++ b/modules/home/common/tmux.nix @@ -13,8 +13,8 @@ let }; in { - options.swarselsystems.modules.tmux = lib.mkEnableOption "tmux settings"; - config = lib.mkIf config.swarselsystems.modules.tmux { + options.swarselmodules.tmux = lib.mkEnableOption "tmux settings"; + config = lib.mkIf config.swarselmodules.tmux { home.packages = with pkgs; [ lsof sesh diff --git a/modules/home/common/waybar.nix b/modules/home/common/waybar.nix index 238af30..b1f2960 100644 --- a/modules/home/common/waybar.nix +++ b/modules/home/common/waybar.nix @@ -22,8 +22,8 @@ let ]; in { + options.swarselmodules.waybar = lib.mkEnableOption "waybar settings"; options.swarselsystems = { - modules.waybar = lib.mkEnableOption "waybar settings"; cpuCount = lib.mkOption { type = lib.types.int; default = 8; @@ -52,7 +52,7 @@ in internal = true; }; }; - config = lib.mkIf config.swarselsystems.modules.waybar { + config = lib.mkIf config.swarselmodules.waybar { swarselsystems = { waybarModules = lib.mkIf config.swarselsystems.isLaptop (modulesLeft ++ [ diff --git a/modules/home/common/yubikey-touch-detector.nix b/modules/home/common/yubikey-touch-detector.nix index 53e5721..fc28488 100644 --- a/modules/home/common/yubikey-touch-detector.nix +++ b/modules/home/common/yubikey-touch-detector.nix @@ -1,7 +1,7 @@ { lib, config, pkgs, ... }: { - options.swarselsystems.modules.yubikeytouch = lib.mkEnableOption "yubikey touch detector service settings"; - config = lib.mkIf config.swarselsystems.modules.yubikeytouch { + options.swarselmodules.yubikeytouch = lib.mkEnableOption "yubikey touch detector service settings"; + config = lib.mkIf config.swarselmodules.yubikeytouch { systemd.user.services.yubikey-touch-detector = { Unit = { Description = "Detects when your YubiKey is waiting for a touch"; diff --git a/modules/home/common/yubikey.nix b/modules/home/common/yubikey.nix index 04e21f0..61224f1 100644 --- a/modules/home/common/yubikey.nix +++ b/modules/home/common/yubikey.nix @@ -3,9 +3,9 @@ let inherit (config.swarselsystems) homeDir; in { - options.swarselsystems.modules.yubikey = lib.mkEnableOption "yubikey settings"; + options.swarselmodules.yubikey = lib.mkEnableOption "yubikey settings"; - config = lib.mkIf config.swarselsystems.modules.yubikey { + config = lib.mkIf config.swarselmodules.yubikey { sops.secrets = lib.mkIf (!config.swarselsystems.isPublic) { u2f-keys = { path = "${homeDir}/.config/Yubico/u2f_keys"; }; diff --git a/modules/home/common/zellij.nix b/modules/home/common/zellij.nix index e2b80c0..92d4507 100644 --- a/modules/home/common/zellij.nix +++ b/modules/home/common/zellij.nix @@ -1,7 +1,7 @@ { self, lib, config, pkgs, ... }: { - options.swarselsystems.modules.zellij = lib.mkEnableOption "zellij settings"; - config = lib.mkIf config.swarselsystems.modules.zellij { + options.swarselmodules.zellij = lib.mkEnableOption "zellij settings"; + config = lib.mkIf config.swarselmodules.zellij { programs.zellij = { enable = true; enableZshIntegration = true; diff --git a/modules/home/common/zsh.nix b/modules/home/common/zsh.nix index f0d18b9..def981f 100644 --- a/modules/home/common/zsh.nix +++ b/modules/home/common/zsh.nix @@ -3,14 +3,14 @@ let inherit (config.swarselsystems) flakePath; in { + options.swarselmodules.zsh = lib.mkEnableOption "zsh settings"; options.swarselsystems = { - modules.zsh = lib.mkEnableOption "zsh settings"; shellAliases = lib.mkOption { type = lib.types.attrsOf lib.types.str; default = { }; }; }; - config = lib.mkIf config.swarselsystems.modules.zsh + config = lib.mkIf config.swarselmodules.zsh { sops.secrets = { diff --git a/modules/home/darwin/default.nix b/modules/home/darwin/default.nix index e90171c..f6ebde9 100644 --- a/modules/home/darwin/default.nix +++ b/modules/home/darwin/default.nix @@ -1,7 +1,8 @@ { self, ... }: { + home.stateVersion = "23.05"; imports = [ "${self}/modules/home/common/settings.nix" - "${self}/modules/home/common/sharedsetup.nix" + "${self}/modules/shared/sharedsetup.nix" ]; } diff --git a/modules/home/optional/framework.nix b/modules/home/optional/framework.nix index 46fe225..9e8a9d8 100644 --- a/modules/home/optional/framework.nix +++ b/modules/home/optional/framework.nix @@ -1,7 +1,7 @@ { lib, config, ... }: { - options.swarselsystems.modules.optional.framework = lib.mkEnableOption "optional framework machine settings"; - config = lib.mkIf config.swarselsystems.modules.optional.framework { + options.swarselmodules.optional.framework = lib.mkEnableOption "optional framework machine settings"; + config = lib.mkIf config.swarselmodules.optional.framework { swarselsystems = { inputs = { "12972:18:Framework_Laptop_16_Keyboard_Module_-_ANSI_Keyboard" = { diff --git a/modules/home/optional/gaming.nix b/modules/home/optional/gaming.nix index e55718c..e523332 100644 --- a/modules/home/optional/gaming.nix +++ b/modules/home/optional/gaming.nix @@ -1,7 +1,7 @@ { lib, config, pkgs, ... }: { - options.swarselsystems.modules.optional.gaming = lib.mkEnableOption "optional gaming settings"; - config = lib.mkIf config.swarselsystems.modules.optional.gaming { + options.swarselmodules.optional.gaming = lib.mkEnableOption "optional gaming settings"; + config = lib.mkIf config.swarselmodules.optional.gaming { # specialisation = { # gaming.configuration = { home.packages = with pkgs; [ diff --git a/modules/home/optional/work.nix b/modules/home/optional/work.nix index bbd5201..0de809b 100644 --- a/modules/home/optional/work.nix +++ b/modules/home/optional/work.nix @@ -3,8 +3,8 @@ let inherit (config.swarselsystems) homeDir; in { - options.swarselsystems.modules.optional.work = lib.mkEnableOption "optional work settings"; - config = lib.mkIf config.swarselsystems.modules.optional.work { + options.swarselmodules.optional.work = lib.mkEnableOption "optional work settings"; + config = lib.mkIf config.swarselmodules.optional.work { home.packages = with pkgs; [ stable.teams-for-linux shellcheck diff --git a/modules/home/server/default.nix b/modules/home/server/default.nix index 0d107f1..f70c4b3 100644 --- a/modules/home/server/default.nix +++ b/modules/home/server/default.nix @@ -6,6 +6,5 @@ in { imports = lib.swarselsystems.mkImports importNames "modules/home/server" ++ [ "${modulesPath}/home/common/settings.nix" - "${modulesPath}/home/common/sharedsetup.nix" ]; } diff --git a/modules/home/server/symlink.nix b/modules/home/server/symlink.nix index 27c3bf6..76ddb32 100644 --- a/modules/home/server/symlink.nix +++ b/modules/home/server/symlink.nix @@ -1,7 +1,7 @@ { self, lib, config, ... }: { - options.swarselsystems.modules.server.dotfiles = lib.mkEnableOption "server dotfiles settings"; - config = lib.mkIf config.swarselsystems.modules.server.dotfiles { + options.swarselmodules.server.dotfiles = lib.mkEnableOption "server dotfiles settings"; + config = lib.mkIf config.swarselmodules.server.dotfiles { home.file = { "init.el" = lib.mkForce { source = self + /files/emacs/server.el; diff --git a/modules/nixos/client/appimage.nix b/modules/nixos/client/appimage.nix index 209fda0..b32e107 100644 --- a/modules/nixos/client/appimage.nix +++ b/modules/nixos/client/appimage.nix @@ -1,7 +1,7 @@ { lib, config, ... }: { - options.swarselsystems.modules.appimage = lib.mkEnableOption "appimage config"; - config = lib.mkIf config.swarselsystems.modules.appimage { + options.swarselmodules.appimage = lib.mkEnableOption "appimage config"; + config = lib.mkIf config.swarselmodules.appimage { programs.appimage = { enable = true; binfmt = true; diff --git a/modules/nixos/client/autologin.nix b/modules/nixos/client/autologin.nix index 4343a56..0d27f6d 100644 --- a/modules/nixos/client/autologin.nix +++ b/modules/nixos/client/autologin.nix @@ -3,8 +3,8 @@ let inherit (config.swarselsystems) mainUser; in { - options.swarselsystems.modules.autologin = lib.mkEnableOption "optional autologin settings"; - config = lib.mkIf config.swarselsystems.modules.autologin { + options.swarselmodules.autologin = lib.mkEnableOption "optional autologin settings"; + config = lib.mkIf config.swarselmodules.autologin { services = { getty.autologinUser = mainUser; greetd.settings.initial_session.user = mainUser; diff --git a/modules/nixos/client/blueman.nix b/modules/nixos/client/blueman.nix index ad4513c..cadc5e6 100644 --- a/modules/nixos/client/blueman.nix +++ b/modules/nixos/client/blueman.nix @@ -1,7 +1,7 @@ { lib, config, ... }: { - options.swarselsystems.modules.blueman = lib.mkEnableOption "blueman config"; - config = lib.mkIf config.swarselsystems.modules.blueman { + options.swarselmodules.blueman = lib.mkEnableOption "blueman config"; + config = lib.mkIf config.swarselmodules.blueman { services.blueman.enable = true; services.hardware.bolt.enable = true; }; diff --git a/modules/nixos/client/distrobox.nix b/modules/nixos/client/distrobox.nix index cfe367b..d44fc7c 100644 --- a/modules/nixos/client/distrobox.nix +++ b/modules/nixos/client/distrobox.nix @@ -1,7 +1,7 @@ { lib, config, pkgs, ... }: { - options.swarselsystems.modules.distrobox = lib.mkEnableOption "distrobox config"; - config = lib.mkIf config.swarselsystems.modules.distrobox { + options.swarselmodules.distrobox = lib.mkEnableOption "distrobox config"; + config = lib.mkIf config.swarselmodules.distrobox { environment.systemPackages = with pkgs; [ distrobox boxbuddy diff --git a/modules/nixos/client/env.nix b/modules/nixos/client/env.nix index 110efe1..ad9fad9 100644 --- a/modules/nixos/client/env.nix +++ b/modules/nixos/client/env.nix @@ -1,7 +1,7 @@ { lib, config, pkgs, ... }: { - options.swarselsystems.modules.env = lib.mkEnableOption "environment config"; - config = lib.mkIf config.swarselsystems.modules.env { + options.swarselmodules.env = lib.mkEnableOption "environment config"; + config = lib.mkIf config.swarselmodules.env { environment = { wordlist.enable = true; diff --git a/modules/nixos/client/gnome-keyring.nix b/modules/nixos/client/gnome-keyring.nix index 07131eb..403bdfb 100644 --- a/modules/nixos/client/gnome-keyring.nix +++ b/modules/nixos/client/gnome-keyring.nix @@ -1,7 +1,7 @@ { lib, config, ... }: { - options.swarselsystems.modules.gnome-keyring = lib.mkEnableOption "gnome-keyring config"; - config = lib.mkIf config.swarselsystems.modules.gnome-keyring { + options.swarselmodules.gnome-keyring = lib.mkEnableOption "gnome-keyring config"; + config = lib.mkIf config.swarselmodules.gnome-keyring { services.gnome.gnome-keyring = { enable = true; }; diff --git a/modules/nixos/client/gvfs.nix b/modules/nixos/client/gvfs.nix index 1f6bbd0..059723b 100644 --- a/modules/nixos/client/gvfs.nix +++ b/modules/nixos/client/gvfs.nix @@ -1,7 +1,7 @@ { lib, config, ... }: { - options.swarselsystems.modules.gvfs = lib.mkEnableOption "gvfs config for nautilus"; - config = lib.mkIf config.swarselsystems.modules.gvfs { + options.swarselmodules.gvfs = lib.mkEnableOption "gvfs config for nautilus"; + config = lib.mkIf config.swarselmodules.gvfs { services.gvfs.enable = true; }; } diff --git a/modules/nixos/client/hardware.nix b/modules/nixos/client/hardware.nix index 13ca819..fd69f7c 100644 --- a/modules/nixos/client/hardware.nix +++ b/modules/nixos/client/hardware.nix @@ -1,8 +1,8 @@ { pkgs, config, lib, ... }: { + options.swarselmodules.hardware = lib.mkEnableOption "hardware config"; options.swarselsystems = { - modules.hardware = lib.mkEnableOption "hardware config"; hasBluetooth = lib.mkEnableOption "bluetooth availability"; hasFingerprint = lib.mkEnableOption "fingerprint sensor availability"; trackpoint = { @@ -13,7 +13,7 @@ }; }; }; - config = lib.mkIf config.swarselsystems.modules.hardware { + config = lib.mkIf config.swarselmodules.hardware { hardware = { # opengl.driSupport32Bit = true is replaced with graphics.enable32Bit and hence redundant graphics = { diff --git a/modules/nixos/client/hardwarecompatibility-keyboards.nix b/modules/nixos/client/hardwarecompatibility-keyboards.nix index 8a17a5f..346c0c2 100644 --- a/modules/nixos/client/hardwarecompatibility-keyboards.nix +++ b/modules/nixos/client/hardwarecompatibility-keyboards.nix @@ -1,7 +1,7 @@ { lib, config, pkgs, ... }: { - options.swarselsystems.modules.keyboards = lib.mkEnableOption "keyboards config"; - config = lib.mkIf config.swarselsystems.modules.keyboards { + options.swarselmodules.keyboards = lib.mkEnableOption "keyboards config"; + config = lib.mkIf config.swarselmodules.keyboards { services.udev.packages = with pkgs; [ qmk-udev-rules vial diff --git a/modules/nixos/client/hardwarecompatibility-ledger.nix b/modules/nixos/client/hardwarecompatibility-ledger.nix index 85e87a1..b919e7a 100644 --- a/modules/nixos/client/hardwarecompatibility-ledger.nix +++ b/modules/nixos/client/hardwarecompatibility-ledger.nix @@ -1,7 +1,7 @@ { lib, config, pkgs, ... }: { - options.swarselsystems.modules.ledger = lib.mkEnableOption "ledger config"; - config = lib.mkIf config.swarselsystems.modules.ledger { + options.swarselmodules.ledger = lib.mkEnableOption "ledger config"; + config = lib.mkIf config.swarselmodules.ledger { hardware.ledger.enable = true; services.udev.packages = with pkgs; [ diff --git a/modules/nixos/client/hardwarecompatibility-yubikey.nix b/modules/nixos/client/hardwarecompatibility-yubikey.nix index 1974260..75f55bc 100644 --- a/modules/nixos/client/hardwarecompatibility-yubikey.nix +++ b/modules/nixos/client/hardwarecompatibility-yubikey.nix @@ -4,8 +4,8 @@ let inherit (config.repo.secrets.common.yubikeys) cfg1 cfg2; in { - options.swarselsystems.modules.yubikey = lib.mkEnableOption "yubikey config"; - config = lib.mkIf config.swarselsystems.modules.yubikey { + options.swarselmodules.yubikey = lib.mkEnableOption "yubikey config"; + config = lib.mkIf config.swarselmodules.yubikey { programs.ssh.startAgent = false; services.pcscd.enable = false; diff --git a/modules/nixos/client/interceptiontools.nix b/modules/nixos/client/interceptiontools.nix index 5be8b9a..935829f 100644 --- a/modules/nixos/client/interceptiontools.nix +++ b/modules/nixos/client/interceptiontools.nix @@ -1,7 +1,7 @@ { lib, config, pkgs, ... }: { - options.swarselsystems.modules.interceptionTools = lib.mkEnableOption "interception tools config"; - config = lib.mkIf config.swarselsystems.modules.interceptionTools { + options.swarselmodules.interceptionTools = lib.mkEnableOption "interception tools config"; + config = lib.mkIf config.swarselmodules.interceptionTools { # Make CAPS work as a dual function ESC/CTRL key services.interception-tools = { enable = true; diff --git a/modules/nixos/client/lid.nix b/modules/nixos/client/lid.nix index b2d579d..faf1a84 100644 --- a/modules/nixos/client/lid.nix +++ b/modules/nixos/client/lid.nix @@ -1,7 +1,7 @@ { lib, config, ... }: { - options.swarselsystems.modules.lid = lib.mkEnableOption "lid config"; - config = lib.mkIf config.swarselsystems.modules.lid { + options.swarselmodules.lid = lib.mkEnableOption "lid config"; + config = lib.mkIf config.swarselmodules.lid { services.logind = { lidSwitch = "suspend"; lidSwitchDocked = "ignore"; diff --git a/modules/nixos/client/login.nix b/modules/nixos/client/login.nix index 5b1748f..11f0c37 100644 --- a/modules/nixos/client/login.nix +++ b/modules/nixos/client/login.nix @@ -1,7 +1,7 @@ { lib, config, pkgs, ... }: { - options.swarselsystems.modules.login = lib.mkEnableOption "login config"; - config = lib.mkIf config.swarselsystems.modules.login { + options.swarselmodules.login = lib.mkEnableOption "login config"; + config = lib.mkIf config.swarselmodules.login { services.greetd = { enable = true; settings = { diff --git a/modules/nixos/client/lowbattery.nix b/modules/nixos/client/lowbattery.nix index 12bad22..9dece08 100644 --- a/modules/nixos/client/lowbattery.nix +++ b/modules/nixos/client/lowbattery.nix @@ -1,7 +1,7 @@ { pkgs, lib, config, ... }: { - options.swarselsystems.modules.lowBattery = lib.mkEnableOption "low battery notification config"; - config = lib.mkIf config.swarselsystems.modules.lowBattery { + options.swarselmodules.lowBattery = lib.mkEnableOption "low battery notification config"; + config = lib.mkIf config.swarselmodules.lowBattery { systemd.user.services."battery-low" = { enable = true; description = "Timer for battery check that alerts at 10% or less"; diff --git a/modules/nixos/client/network.nix b/modules/nixos/client/network.nix index 40ebbd0..27809ab 100644 --- a/modules/nixos/client/network.nix +++ b/modules/nixos/client/network.nix @@ -10,10 +10,10 @@ let in { options.swarselsystems = { - modules.network = lib.mkEnableOption "network config"; firewall = lib.swarselsystems.mkTrueOption; }; - config = lib.mkIf config.swarselsystems.modules.network { + options.swarselmodules.network = lib.mkEnableOption "network config"; + config = lib.mkIf config.swarselmodules.network { sops = { secrets = lib.mkIf (!config.swarselsystems.isPublic) { diff --git a/modules/nixos/client/networkdevices.nix b/modules/nixos/client/networkdevices.nix index 07b2b9c..71b5f1d 100644 --- a/modules/nixos/client/networkdevices.nix +++ b/modules/nixos/client/networkdevices.nix @@ -1,7 +1,7 @@ { lib, config, pkgs, ... }: { - options.swarselsystems.modules.networkDevices = lib.mkEnableOption "network device config"; - config = lib.mkIf config.swarselsystems.modules.networkDevices { + options.swarselmodules.networkDevices = lib.mkEnableOption "network device config"; + config = lib.mkIf config.swarselmodules.networkDevices { # enable scanners over network hardware.sane = { enable = true; diff --git a/modules/nixos/client/nix-ld.nix b/modules/nixos/client/nix-ld.nix index 5b38b9d..48895bf 100644 --- a/modules/nixos/client/nix-ld.nix +++ b/modules/nixos/client/nix-ld.nix @@ -1,7 +1,7 @@ { lib, config, pkgs, ... }: { - options.swarselsystems.modules.nix-ld = lib.mkEnableOption "nix-ld config"; - config = lib.mkIf config.swarselsystems.modules.nix-ld { + options.swarselmodules.nix-ld = lib.mkEnableOption "nix-ld config"; + config = lib.mkIf config.swarselmodules.nix-ld { programs.nix-ld = { enable = true; libraries = with pkgs; [ diff --git a/modules/nixos/client/nvd-rebuild.nix b/modules/nixos/client/nvd-rebuild.nix index 36f6188..731ca3a 100644 --- a/modules/nixos/client/nvd-rebuild.nix +++ b/modules/nixos/client/nvd-rebuild.nix @@ -1,7 +1,7 @@ { lib, config, pkgs, ... }: { - options.swarselsystems.modules.nvd = lib.mkEnableOption "nvd config"; - config = lib.mkIf config.swarselsystems.modules.nvd { + options.swarselmodules.nvd = lib.mkEnableOption "nvd config"; + config = lib.mkIf config.swarselmodules.nvd { environment.systemPackages = [ pkgs.nvd diff --git a/modules/nixos/client/packages.nix b/modules/nixos/client/packages.nix index d613402..d44c15c 100644 --- a/modules/nixos/client/packages.nix +++ b/modules/nixos/client/packages.nix @@ -1,7 +1,7 @@ { lib, config, pkgs, minimal, ... }: { - options.swarselsystems.modules.packages = lib.mkEnableOption "install packages"; - config = lib.mkIf config.swarselsystems.modules.packages { + options.swarselmodules.packages = lib.mkEnableOption "install packages"; + config = lib.mkIf config.swarselmodules.packages { environment.systemPackages = with pkgs; lib.optionals (!minimal) [ # yubikey packages diff --git a/modules/nixos/client/pipewire.nix b/modules/nixos/client/pipewire.nix index db35a93..1f8ea4d 100644 --- a/modules/nixos/client/pipewire.nix +++ b/modules/nixos/client/pipewire.nix @@ -1,7 +1,7 @@ { lib, config, pkgs, ... }: { - options.swarselsystems.modules.pipewire = lib.mkEnableOption "pipewire config"; - config = lib.mkIf config.swarselsystems.modules.pipewire { + options.swarselmodules.pipewire = lib.mkEnableOption "pipewire config"; + config = lib.mkIf config.swarselmodules.pipewire { security.rtkit.enable = true; # this is required for pipewire real-time access services.pipewire = { diff --git a/modules/nixos/client/polkit.nix b/modules/nixos/client/polkit.nix index 8caf8e1..6d1129f 100644 --- a/modules/nixos/client/polkit.nix +++ b/modules/nixos/client/polkit.nix @@ -1,7 +1,7 @@ { lib, config, minimal, ... }: { - options.swarselsystems.modules.security = lib.mkEnableOption "security config"; - config = lib.mkIf config.swarselsystems.modules.security { + options.swarselmodules.security = lib.mkEnableOption "security config"; + config = lib.mkIf config.swarselmodules.security { security = { pam.services = lib.mkIf (!minimal) { diff --git a/modules/nixos/client/power-profiles-daemon.nix b/modules/nixos/client/power-profiles-daemon.nix index 86b0676..a3d8ac3 100644 --- a/modules/nixos/client/power-profiles-daemon.nix +++ b/modules/nixos/client/power-profiles-daemon.nix @@ -1,7 +1,7 @@ { lib, config, ... }: { - options.swarselsystems.modules.ppd = lib.mkEnableOption "power profiles daemon config"; - config = lib.mkIf config.swarselsystems.modules.ppd { + options.swarselmodules.ppd = lib.mkEnableOption "power profiles daemon config"; + config = lib.mkIf config.swarselmodules.ppd { services.power-profiles-daemon.enable = true; }; } diff --git a/modules/nixos/client/programs.nix b/modules/nixos/client/programs.nix index fb0b82d..893a11a 100644 --- a/modules/nixos/client/programs.nix +++ b/modules/nixos/client/programs.nix @@ -1,7 +1,7 @@ { lib, config, ... }: { - options.swarselsystems.modules.programs = lib.mkEnableOption "small program modules config"; - config = lib.mkIf config.swarselsystems.modules.programs { + options.swarselmodules.programs = lib.mkEnableOption "small program modules config"; + config = lib.mkIf config.swarselmodules.programs { programs = { dconf.enable = true; evince.enable = true; diff --git a/modules/nixos/client/pulseaudio.nix b/modules/nixos/client/pulseaudio.nix index 7e26a1c..84f4dea 100644 --- a/modules/nixos/client/pulseaudio.nix +++ b/modules/nixos/client/pulseaudio.nix @@ -1,7 +1,7 @@ { config, pkgs, lib, ... }: { - options.swarselsystems.modules.pulseaudio = lib.mkEnableOption "pulseaudio config"; - config = lib.mkIf config.swarselsystems.modules.pulseaudio { + options.swarselmodules.pulseaudio = lib.mkEnableOption "pulseaudio config"; + config = lib.mkIf config.swarselmodules.pulseaudio { services.pulseaudio = { enable = lib.mkIf (!config.services.pipewire.enable) true; package = pkgs.pulseaudioFull; diff --git a/modules/nixos/client/sops.nix b/modules/nixos/client/sops.nix index 2d4b0ce..2fa10eb 100644 --- a/modules/nixos/client/sops.nix +++ b/modules/nixos/client/sops.nix @@ -1,7 +1,7 @@ { config, lib, ... }: { - options.swarselsystems.modules.sops = lib.mkEnableOption "sops config"; - config = lib.mkIf config.swarselsystems.modules.sops { + options.swarselmodules.sops = lib.mkEnableOption "sops config"; + config = lib.mkIf config.swarselmodules.sops { sops = { # age.sshKeyPaths = lib.swarselsystems.mkIfElseList config.swarselsystems.isBtrfs [ "/persist/.ssh/sops" "/persist/.ssh/ssh_host_ed25519_key" ] [ "${config.swarselsystems.homeDir}/.ssh/sops" "/etc/ssh/sops" "/etc/ssh/ssh_host_ed25519_key" ]; diff --git a/modules/nixos/client/stylix.nix b/modules/nixos/client/stylix.nix index 8caa08d..6fbe7f3 100644 --- a/modules/nixos/client/stylix.nix +++ b/modules/nixos/client/stylix.nix @@ -1,11 +1,11 @@ { self, lib, config, ... }: { - options.swarselsystems.modules.stylix = lib.mkEnableOption "stylix config"; + options.swarselmodules.stylix = lib.mkEnableOption "stylix config"; config = { stylix = { enable = true; base16Scheme = "${self}/files/stylix/swarsel.yaml"; - } // lib.optionalAttrs config.swarselsystems.modules.stylix + } // lib.optionalAttrs config.swarselmodules.stylix (lib.recursiveUpdate { targets.grub.enable = false; # the styling makes grub more ugly diff --git a/modules/nixos/client/sway.nix b/modules/nixos/client/sway.nix index afd8157..8643b09 100644 --- a/modules/nixos/client/sway.nix +++ b/modules/nixos/client/sway.nix @@ -1,7 +1,7 @@ { lib, config, pkgs, ... }: { - options.swarselsystems.modules.sway = lib.mkEnableOption "sway config"; - config = lib.mkIf config.swarselsystems.modules.sway { + options.swarselmodules.sway = lib.mkEnableOption "sway config"; + config = lib.mkIf config.swarselmodules.sway { programs.sway = { enable = true; package = pkgs.dev.swayfx; diff --git a/modules/nixos/client/swayosd.nix b/modules/nixos/client/swayosd.nix index e0dcaeb..c8d1caf 100644 --- a/modules/nixos/client/swayosd.nix +++ b/modules/nixos/client/swayosd.nix @@ -1,7 +1,7 @@ { lib, pkgs, config, ... }: { - options.swarselsystems.modules.swayosd = lib.mkEnableOption "swayosd settings"; - config = lib.mkIf config.swarselsystems.modules.swayosd { + options.swarselmodules.swayosd = lib.mkEnableOption "swayosd settings"; + config = lib.mkIf config.swarselmodules.swayosd { environment.systemPackages = [ pkgs.dev.swayosd ]; services.udev.packages = [ pkgs.dev.swayosd ]; systemd.services.swayosd-libinput-backend = { diff --git a/modules/nixos/client/syncthing.nix b/modules/nixos/client/syncthing.nix index 7d7fc94..0e46751 100644 --- a/modules/nixos/client/syncthing.nix +++ b/modules/nixos/client/syncthing.nix @@ -3,8 +3,8 @@ let inherit (config.swarselsystems) mainUser homeDir; in { - options.swarselsystems.modules.syncthing = lib.mkEnableOption "syncthing config"; - config = lib.mkIf config.swarselsystems.modules.syncthing { + options.swarselmodules.syncthing = lib.mkEnableOption "syncthing config"; + config = lib.mkIf config.swarselmodules.syncthing { services.syncthing = { enable = true; package = pkgs.stable.syncthing; diff --git a/modules/nixos/client/systemd.nix b/modules/nixos/client/systemd.nix index 56da8a1..5ad6aaa 100644 --- a/modules/nixos/client/systemd.nix +++ b/modules/nixos/client/systemd.nix @@ -1,7 +1,7 @@ { lib, config, ... }: { - options.swarselsystems.modules.systemdTimeout = lib.mkEnableOption "systemd timeout config"; - config = lib.mkIf config.swarselsystems.modules.systemdTimeout { + options.swarselmodules.systemdTimeout = lib.mkEnableOption "systemd timeout config"; + config = lib.mkIf config.swarselmodules.systemdTimeout { # systemd systemd.extraConfig = '' DefaultTimeoutStartSec=60s diff --git a/modules/nixos/client/xdg-portal.nix b/modules/nixos/client/xdg-portal.nix index 22abdb7..9da6946 100644 --- a/modules/nixos/client/xdg-portal.nix +++ b/modules/nixos/client/xdg-portal.nix @@ -1,7 +1,7 @@ { lib, config, pkgs, ... }: { - options.swarselsystems.modules.xdg-portal = lib.mkEnableOption "xdg portal config"; - config = lib.mkIf config.swarselsystems.modules.xdg-portal { + options.swarselmodules.xdg-portal = lib.mkEnableOption "xdg portal config"; + config = lib.mkIf config.swarselmodules.xdg-portal { xdg.portal = { enable = true; config = { diff --git a/modules/nixos/client/zsh.nix b/modules/nixos/client/zsh.nix index e1eaaf6..3e6b771 100644 --- a/modules/nixos/client/zsh.nix +++ b/modules/nixos/client/zsh.nix @@ -1,7 +1,7 @@ { lib, config, pkgs, ... }: { - options.swarselsystems.modules.zsh = lib.mkEnableOption "zsh base config"; - config = lib.mkIf config.swarselsystems.modules.zsh { + options.swarselmodules.zsh = lib.mkEnableOption "zsh base config"; + config = lib.mkIf config.swarselmodules.zsh { programs.zsh = { enable = true; enableCompletion = false; diff --git a/modules/nixos/common/home-manager.nix b/modules/nixos/common/home-manager.nix index fb0b3ed..f4aeb3b 100644 --- a/modules/nixos/common/home-manager.nix +++ b/modules/nixos/common/home-manager.nix @@ -1,7 +1,7 @@ -{ self, inputs, config, lib, outputs, globals, nodes, minimal, configName, ... }: +{ self, inputs, config, lib, outputs, globals, options, nodes, minimal, configName, ... }: { - options.swarselsystems.modules.home-manager = lib.mkEnableOption "home-manager"; - config = lib.mkIf config.swarselsystems.modules.home-manager { + options.swarselmodules.home-manager = lib.mkEnableOption "home-manager"; + config = lib.mkIf config.swarselmodules.home-manager { home-manager = lib.mkIf config.swarselsystems.withHomeManager { useGlobalPkgs = true; useUserPackages = true; @@ -14,6 +14,11 @@ imports = [ "${self}/profiles/home" "${self}/modules/home" + { + swarselprofiles = { + minimal = lib.mkIf minimal true; + }; + } # "${self}/modules/nixos/common/pii.nix" # "${self}/modules/nixos/common/meta.nix" ]; diff --git a/modules/nixos/common/impermanence.nix b/modules/nixos/common/impermanence.nix index 3256df7..31f8641 100644 --- a/modules/nixos/common/impermanence.nix +++ b/modules/nixos/common/impermanence.nix @@ -4,8 +4,8 @@ let inherit (config.swarselsystems) isImpermanence isCrypted; in { - options.swarselsystems.modules.impermanence = lib.mkEnableOption "impermanence config"; - config = lib.mkIf config.swarselsystems.modules.impermanence { + options.swarselmodules.impermanence = lib.mkEnableOption "impermanence config"; + config = lib.mkIf config.swarselmodules.impermanence { security.sudo.extraConfig = lib.mkIf isImpermanence '' diff --git a/modules/nixos/common/lanzaboote.nix b/modules/nixos/common/lanzaboote.nix index b4c671e..8492eba 100644 --- a/modules/nixos/common/lanzaboote.nix +++ b/modules/nixos/common/lanzaboote.nix @@ -1,7 +1,7 @@ { lib, pkgs, config, minimal, ... }: { - options.swarselsystems.modules.lanzaboote = lib.mkEnableOption "lanzaboote config"; - config = lib.mkIf config.swarselsystems.modules.lanzaboote { + options.swarselmodules.lanzaboote = lib.mkEnableOption "lanzaboote config"; + config = lib.mkIf config.swarselmodules.lanzaboote { environment.systemPackages = lib.mkIf config.swarselsystems.isSecureBoot [ pkgs.sbctl diff --git a/modules/nixos/common/pii.nix b/modules/nixos/common/pii.nix index 6b8fd21..26b31d0 100644 --- a/modules/nixos/common/pii.nix +++ b/modules/nixos/common/pii.nix @@ -58,9 +58,9 @@ in description = "Exposes the loaded repo secrets. This option is read-only."; }; }; - swarselsystems.modules.pii = lib.mkEnableOption "enable pii management"; + swarselmodules.pii = lib.mkEnableOption "enable pii management"; }; - config = lib.mkIf config.swarselsystems.modules.pii { + config = lib.mkIf config.swarselmodules.pii { repo.secretFiles = let local = config.node.secretsDir + "/pii.nix.enc"; diff --git a/modules/nixos/common/settings.nix b/modules/nixos/common/settings.nix index 6edb610..57625c1 100644 --- a/modules/nixos/common/settings.nix +++ b/modules/nixos/common/settings.nix @@ -52,8 +52,8 @@ let }; in { - options.swarselsystems.modules.general = lib.mkEnableOption "general nix settings"; - config = lib.mkIf config.swarselsystems.modules.general + options.swarselmodules.general = lib.mkEnableOption "general nix settings"; + config = lib.mkIf config.swarselmodules.general (lib.recursiveUpdate { sops.secrets.github-api-token = lib.mkIf (!minimal) { diff --git a/modules/nixos/common/sharedsetup.nix b/modules/nixos/common/sharedsetup.nix deleted file mode 100644 index 1269fdd..0000000 --- a/modules/nixos/common/sharedsetup.nix +++ /dev/null @@ -1,27 +0,0 @@ -{ lib, ... }: -{ - options = { - swarselsystems = { - withHomeManager = lib.mkOption { - type = lib.types.bool; - default = true; - }; - isSwap = lib.mkOption { - type = lib.types.bool; - default = true; - }; - swapSize = lib.mkOption { - type = lib.types.str; - default = "8G"; - }; - rootDisk = lib.mkOption { - type = lib.types.str; - default = ""; - }; - isCrypted = lib.mkEnableOption "uses full disk encryption"; - - isImpermanence = lib.mkEnableOption "use impermanence on this system"; - isSecureBoot = lib.mkEnableOption "use secure boot on this system"; - }; - }; -} diff --git a/modules/nixos/common/time.nix b/modules/nixos/common/time.nix index 21c951a..10e21b4 100644 --- a/modules/nixos/common/time.nix +++ b/modules/nixos/common/time.nix @@ -1,7 +1,7 @@ { lib, config, ... }: { - options.swarselsystems.modules.time = lib.mkEnableOption "time config"; - config = lib.mkIf config.swarselsystems.modules.time { + options.swarselmodules.time = lib.mkEnableOption "time config"; + config = lib.mkIf config.swarselmodules.time { time = { timeZone = "Europe/Vienna"; # hardwareClockInLocalTime = true; diff --git a/modules/nixos/common/users.nix b/modules/nixos/common/users.nix index 79d2ed5..ceb6268 100644 --- a/modules/nixos/common/users.nix +++ b/modules/nixos/common/users.nix @@ -3,8 +3,8 @@ let sopsFile = self + /secrets/general/secrets.yaml; in { - options.swarselsystems.modules.users = lib.mkEnableOption "user config"; - config = lib.mkIf config.swarselsystems.modules.users { + options.swarselmodules.users = lib.mkEnableOption "user config"; + config = lib.mkIf config.swarselmodules.users { sops.secrets.main-user-hashed-pw = lib.mkIf (!config.swarselsystems.isPublic) { inherit sopsFile; neededForUsers = true; }; users = { diff --git a/modules/nixos/common/xserver.nix b/modules/nixos/common/xserver.nix index b529f9b..556011e 100644 --- a/modules/nixos/common/xserver.nix +++ b/modules/nixos/common/xserver.nix @@ -1,7 +1,7 @@ { lib, config, ... }: { - options.swarselsystems.modules.xserver = lib.mkEnableOption "xserver keymap"; - config = lib.mkIf config.swarselsystems.modules.packages { + options.swarselmodules.xserver = lib.mkEnableOption "xserver keymap"; + config = lib.mkIf config.swarselmodules.packages { services.xserver = { xkb = { layout = "us"; diff --git a/modules/nixos/darwin/default.nix b/modules/nixos/darwin/default.nix index e7b02e6..4e4d373 100644 --- a/modules/nixos/darwin/default.nix +++ b/modules/nixos/darwin/default.nix @@ -6,8 +6,8 @@ in imports = [ ]; - options.swarselsystems.modules.darwin.general = lib.mkEnableOption "darwin config"; - config = lib.mkIf config.swarselsystems.modules.darwin.general { + options.swarselmodules.optional.darwin = lib.mkEnableOption "optional darwin settings"; + config = lib.mkIf config.swarselmodules.optional.darwin { nix.settings.experimental-features = "nix-command flakes"; nixpkgs = { hostPlatform = "x86_64-darwin"; diff --git a/modules/nixos/optional/amdcpu.nix b/modules/nixos/optional/amdcpu.nix index 39028f5..9051b9d 100644 --- a/modules/nixos/optional/amdcpu.nix +++ b/modules/nixos/optional/amdcpu.nix @@ -1,7 +1,7 @@ { lib, config, ... }: { - options.swarselsystems.modules.optional.amdcpu = lib.mkEnableOption "optional amd cpu settings"; - config = lib.mkIf config.swarselsystems.modules.optional.amdcpu { + options.swarselmodules.optional.amdcpu = lib.mkEnableOption "optional amd cpu settings"; + config = lib.mkIf config.swarselmodules.optional.amdcpu { hardware = { cpu.amd.updateMicrocode = true; }; diff --git a/modules/nixos/optional/amdgpu.nix b/modules/nixos/optional/amdgpu.nix index 59bebe3..c6aa61f 100644 --- a/modules/nixos/optional/amdgpu.nix +++ b/modules/nixos/optional/amdgpu.nix @@ -1,7 +1,7 @@ { lib, config, ... }: { - options.swarselsystems.modules.optional.amdgpu = lib.mkEnableOption "optional amd gpu settings"; - config = lib.mkIf config.swarselsystems.modules.optional.amdgpu { + options.swarselmodules.optional.amdgpu = lib.mkEnableOption "optional amd gpu settings"; + config = lib.mkIf config.swarselmodules.optional.amdgpu { hardware = { amdgpu = { opencl.enable = true; diff --git a/modules/nixos/optional/btrfs.nix b/modules/nixos/optional/btrfs.nix index 5c6e9f6..e8d3b57 100644 --- a/modules/nixos/optional/btrfs.nix +++ b/modules/nixos/optional/btrfs.nix @@ -1,7 +1,7 @@ { lib, config, ... }: { - options.swarselsystems.modules.optional.btrfs = lib.mkEnableOption "optional btrfs settings"; - config = lib.mkIf config.swarselsystems.modules.optional.btrfs { + options.swarselmodules.optional.btrfs = lib.mkEnableOption "optional btrfs settings"; + config = lib.mkIf config.swarselmodules.optional.btrfs { boot = { supportedFilesystems = [ "btrfs" ]; }; diff --git a/modules/nixos/optional/default.nix b/modules/nixos/optional/default.nix index 9499b56..49b7058 100644 --- a/modules/nixos/optional/default.nix +++ b/modules/nixos/optional/default.nix @@ -1,10 +1,7 @@ -{ self, lib, ... }: +{ lib, ... }: let importNames = lib.swarselsystems.readNix "modules/nixos/optional"; - modulesPath = "${self}/modules"; in { - imports = lib.swarselsystems.mkImports importNames "modules/nixos/optional" ++ [ - "${modulesPath}/home/common/sharedsetup.nix" - ]; + imports = lib.swarselsystems.mkImports importNames "modules/nixos/optional"; } diff --git a/modules/nixos/optional/framework.nix b/modules/nixos/optional/framework.nix index 3627255..949cc82 100644 --- a/modules/nixos/optional/framework.nix +++ b/modules/nixos/optional/framework.nix @@ -3,8 +3,8 @@ imports = [ inputs.fw-fanctrl.nixosModules.default ]; - options.swarselsystems.modules.optional.framework = lib.mkEnableOption "optional framework machine settings"; - config = lib.mkIf config.swarselsystems.modules.optional.framework { + options.swarselmodules.optional.framework = lib.mkEnableOption "optional framework machine settings"; + config = lib.mkIf config.swarselmodules.optional.framework { services = { fwupd = { enable = true; diff --git a/modules/nixos/optional/gaming.nix b/modules/nixos/optional/gaming.nix index eafcf65..5f28872 100644 --- a/modules/nixos/optional/gaming.nix +++ b/modules/nixos/optional/gaming.nix @@ -1,7 +1,7 @@ { pkgs, lib, config, ... }: { - options.swarselsystems.modules.optional.gaming = lib.mkEnableOption "optional gaming settings"; - config = lib.mkIf config.swarselsystems.modules.optional.gaming { + options.swarselmodules.optional.gaming = lib.mkEnableOption "optional gaming settings"; + config = lib.mkIf config.swarselmodules.optional.gaming { programs.steam = { enable = true; package = pkgs.steam; diff --git a/modules/nixos/optional/hibernation.nix b/modules/nixos/optional/hibernation.nix index d013598..856b672 100644 --- a/modules/nixos/optional/hibernation.nix +++ b/modules/nixos/optional/hibernation.nix @@ -1,7 +1,7 @@ { lib, config, ... }: { + options.swarselmodules.optional.hibernation = lib.mkEnableOption "optional amd gpu settings"; options.swarselsystems = { - modules.optional.hibernation = lib.mkEnableOption "optional amd gpu settings"; hibernation = { offset = lib.mkOption { type = lib.types.int; @@ -13,7 +13,7 @@ }; }; }; - config = lib.mkIf config.swarselsystems.modules.optional.hibernation { + config = lib.mkIf config.swarselmodules.optional.hibernation { boot = { kernelParams = [ "resume_offset=${builtins.toString config.swarselsystems.hibernation.offset}" diff --git a/modules/nixos/optional/nswitch-rcm.nix b/modules/nixos/optional/nswitch-rcm.nix index 095524e..3af88db 100644 --- a/modules/nixos/optional/nswitch-rcm.nix +++ b/modules/nixos/optional/nswitch-rcm.nix @@ -1,7 +1,7 @@ { lib, config, pkgs, ... }: { - options.swarselsystems.modules.optional.nswitch-rcm = lib.mkEnableOption "optional nswitch-rcm settings"; - config = lib.mkIf config.swarselsystems.modules.optional.nswitch-rcm { + options.swarselmodules.optional.nswitch-rcm = lib.mkEnableOption "optional nswitch-rcm settings"; + config = lib.mkIf config.swarselmodules.optional.nswitch-rcm { services.nswitch-rcm = { enable = true; package = pkgs.fetchurl { diff --git a/modules/nixos/optional/virtualbox.nix b/modules/nixos/optional/virtualbox.nix index 4953b74..ee5a4b7 100644 --- a/modules/nixos/optional/virtualbox.nix +++ b/modules/nixos/optional/virtualbox.nix @@ -1,7 +1,7 @@ { lib, config, pkgs, ... }: { - options.swarselsystems.modules.optional.virtualbox = lib.mkEnableOption "optional VBox settings"; - config = lib.mkIf config.swarselsystems.modules.optional.virtualbox { + options.swarselmodules.optional.virtualbox = lib.mkEnableOption "optional VBox settings"; + config = lib.mkIf config.swarselmodules.optional.virtualbox { specialisation = { VBox.configuration = { virtualisation.virtualbox = { diff --git a/modules/nixos/optional/vmware.nix b/modules/nixos/optional/vmware.nix index d328f38..4236080 100644 --- a/modules/nixos/optional/vmware.nix +++ b/modules/nixos/optional/vmware.nix @@ -1,8 +1,8 @@ { lib, config, ... }: { - options.swarselsystems.modules.optional.vmware = lib.mkEnableOption "optional vmware settings"; - config = lib.mkIf config.swarselsystems.modules.optional.vmware { + options.swarselmodules.optional.vmware = lib.mkEnableOption "optional vmware settings"; + config = lib.mkIf config.swarselmodules.optional.vmware { virtualisation.vmware.host.enable = true; virtualisation.vmware.guest.enable = true; }; diff --git a/modules/nixos/optional/work.nix b/modules/nixos/optional/work.nix index fdf85d4..1e7058f 100644 --- a/modules/nixos/optional/work.nix +++ b/modules/nixos/optional/work.nix @@ -25,8 +25,8 @@ let }; in { + options.swarselmodules.optional.work = lib.mkEnableOption "optional work settings"; options.swarselsystems = { - modules.optional.work = lib.mkEnableOption "optional work settings"; hostName = lib.mkOption { type = lib.types.str; default = ""; @@ -36,7 +36,7 @@ in default = ""; }; }; - config = lib.mkIf config.swarselsystems.modules.optional.work { + config = lib.mkIf config.swarselmodules.optional.work { sops = let secretNames = [ diff --git a/modules/nixos/server/ankisync.nix b/modules/nixos/server/ankisync.nix index b7b3c6e..8f03d14 100644 --- a/modules/nixos/server/ankisync.nix +++ b/modules/nixos/server/ankisync.nix @@ -9,8 +9,8 @@ let ankiUser = globals.user.name; in { - options.swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; - config = lib.mkIf config.swarselsystems.modules.server.${serviceName} { + options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; + config = lib.mkIf config.swarselmodules.server.${serviceName} { networking.firewall.allowedTCPPorts = [ servicePort ]; diff --git a/modules/nixos/server/atuin.nix b/modules/nixos/server/atuin.nix index 790a900..59714f6 100644 --- a/modules/nixos/server/atuin.nix +++ b/modules/nixos/server/atuin.nix @@ -5,8 +5,8 @@ let serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; in { - options.swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; - config = lib.mkIf config.swarselsystems.modules.server.${serviceName} { + options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; + config = lib.mkIf config.swarselmodules.server.${serviceName} { topology.self.services.${serviceName}.info = "https://${serviceDomain}"; globals.services.${serviceName}.domain = serviceDomain; diff --git a/modules/nixos/server/croc.nix b/modules/nixos/server/croc.nix index c3d9f1d..d9c1286 100644 --- a/modules/nixos/server/croc.nix +++ b/modules/nixos/server/croc.nix @@ -15,8 +15,8 @@ let cfg = config.services.croc; in { - options.swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; - config = lib.mkIf config.swarselsystems.modules.server.${serviceName} { + options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; + config = lib.mkIf config.swarselmodules.server.${serviceName} { sops = { secrets = { diff --git a/modules/nixos/server/emacs.nix b/modules/nixos/server/emacs.nix index 598ee6b..03e1261 100644 --- a/modules/nixos/server/emacs.nix +++ b/modules/nixos/server/emacs.nix @@ -4,8 +4,8 @@ let servicePort = 9812; in { - options.swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} server on server"; - config = lib.mkIf config.swarselsystems.modules.server.${serviceName} { + options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} server on server"; + config = lib.mkIf config.swarselmodules.server.${serviceName} { networking.firewall.allowedTCPPorts = [ servicePort ]; diff --git a/modules/nixos/server/firefly-iii.nix b/modules/nixos/server/firefly-iii.nix index ce5e8ee..781da1a 100644 --- a/modules/nixos/server/firefly-iii.nix +++ b/modules/nixos/server/firefly-iii.nix @@ -12,8 +12,8 @@ let cfg = config.services.firefly-iii; in { - options.swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; - config = lib.mkIf config.swarselsystems.modules.server.${serviceName} { + options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; + config = lib.mkIf config.swarselmodules.server.${serviceName} { users = { groups.${serviceGroup} = { }; diff --git a/modules/nixos/server/forgejo.nix b/modules/nixos/server/forgejo.nix index a0ea0d5..949c2e7 100644 --- a/modules/nixos/server/forgejo.nix +++ b/modules/nixos/server/forgejo.nix @@ -11,8 +11,8 @@ let kanidmDomain = globals.services.kanidm.domain; in { - options.swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; - config = lib.mkIf config.swarselsystems.modules.server.${serviceName} { + options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; + config = lib.mkIf config.swarselmodules.server.${serviceName} { networking.firewall.allowedTCPPorts = [ servicePort ]; diff --git a/modules/nixos/server/freshrss.nix b/modules/nixos/server/freshrss.nix index 2e6e657..7f9362c 100644 --- a/modules/nixos/server/freshrss.nix +++ b/modules/nixos/server/freshrss.nix @@ -9,8 +9,8 @@ let inherit (config.swarselsystems) sopsFile; in { - options.swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; - config = lib.mkIf config.swarselsystems.modules.server.${serviceName} { + options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; + config = lib.mkIf config.swarselmodules.server.${serviceName} { users.users.${serviceUser} = { extraGroups = [ "users" ]; diff --git a/modules/nixos/server/immich.nix b/modules/nixos/server/immich.nix index f0d7bf1..a3e9eee 100644 --- a/modules/nixos/server/immich.nix +++ b/modules/nixos/server/immich.nix @@ -6,8 +6,8 @@ let serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; in { - options.swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; - config = lib.mkIf config.swarselsystems.modules.server.${serviceName} { + options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; + config = lib.mkIf config.swarselmodules.server.${serviceName} { users.users.${serviceUser} = { extraGroups = [ "video" "render" "users" ]; diff --git a/modules/nixos/server/jellyfin.nix b/modules/nixos/server/jellyfin.nix index 9762b79..296fa76 100644 --- a/modules/nixos/server/jellyfin.nix +++ b/modules/nixos/server/jellyfin.nix @@ -6,8 +6,8 @@ let serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; in { - options.swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; - config = lib.mkIf config.swarselsystems.modules.server.${serviceName} { + options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; + config = lib.mkIf config.swarselmodules.server.${serviceName} { users.users.${serviceUser} = { extraGroups = [ "video" "render" "users" ]; }; diff --git a/modules/nixos/server/jenkins.nix b/modules/nixos/server/jenkins.nix index c2bdaec..c9a587e 100644 --- a/modules/nixos/server/jenkins.nix +++ b/modules/nixos/server/jenkins.nix @@ -5,8 +5,8 @@ let serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; in { - options.swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; - config = lib.mkIf config.swarselsystems.modules.server.${serviceName} { + options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; + config = lib.mkIf config.swarselmodules.server.${serviceName} { services.jenkins = { enable = true; diff --git a/modules/nixos/server/kanidm.nix b/modules/nixos/server/kanidm.nix index 6096297..3f90e06 100644 --- a/modules/nixos/server/kanidm.nix +++ b/modules/nixos/server/kanidm.nix @@ -17,8 +17,8 @@ let nextcloudDomain = globals.services.nextcloud.domain; in { - options.swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; - config = lib.mkIf config.swarselsystems.modules.server.${serviceName} { + options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; + config = lib.mkIf config.swarselmodules.server.${serviceName} { users.users.${serviceUser} = { group = serviceGroup; diff --git a/modules/nixos/server/kavita.nix b/modules/nixos/server/kavita.nix index e24fdb7..e278037 100644 --- a/modules/nixos/server/kavita.nix +++ b/modules/nixos/server/kavita.nix @@ -8,8 +8,8 @@ let serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; in { - options.swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; - config = lib.mkIf config.swarselsystems.modules.server.${serviceName} { + options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; + config = lib.mkIf config.swarselmodules.server.${serviceName} { environment.systemPackages = with pkgs; [ calibre ]; diff --git a/modules/nixos/server/koillection.nix b/modules/nixos/server/koillection.nix index d022495..8db5b0d 100644 --- a/modules/nixos/server/koillection.nix +++ b/modules/nixos/server/koillection.nix @@ -13,8 +13,8 @@ let inherit (config.swarselsystems) sopsFile; in { - options.swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; - config = lib.mkIf config.swarselsystems.modules.server.${serviceName} { + options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; + config = lib.mkIf config.swarselmodules.server.${serviceName} { sops.secrets = { koillection-db-password = { inherit sopsFile; owner = postgresUser; group = postgresUser; mode = "0440"; }; diff --git a/modules/nixos/server/matrix.nix b/modules/nixos/server/matrix.nix index b95f03f..4f88707 100644 --- a/modules/nixos/server/matrix.nix +++ b/modules/nixos/server/matrix.nix @@ -21,8 +21,8 @@ let ''; in { - options.swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; - config = lib.mkIf config.swarselsystems.modules.server.${serviceName} { + options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; + config = lib.mkIf config.swarselmodules.server.${serviceName} { environment.systemPackages = with pkgs; [ matrix-synapse lottieconverter diff --git a/modules/nixos/server/microbin.nix b/modules/nixos/server/microbin.nix index 06dc4f5..1001d69 100644 --- a/modules/nixos/server/microbin.nix +++ b/modules/nixos/server/microbin.nix @@ -11,8 +11,8 @@ let cfg = config.services.${serviceName}; in { - options.swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; - config = lib.mkIf config.swarselsystems.modules.server.${serviceName} { + options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; + config = lib.mkIf config.swarselmodules.server.${serviceName} { users = { groups.${serviceGroup} = { }; diff --git a/modules/nixos/server/monitoring.nix b/modules/nixos/server/monitoring.nix index 183cb90..6a35c5c 100644 --- a/modules/nixos/server/monitoring.nix +++ b/modules/nixos/server/monitoring.nix @@ -17,8 +17,8 @@ let inherit (config.swarselsystems) sopsFile; in { - options.swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; - config = lib.mkIf config.swarselsystems.modules.server.${serviceName} { + options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; + config = lib.mkIf config.swarselmodules.server.${serviceName} { sops = { secrets = { @@ -193,7 +193,7 @@ in sslVerify = false; scrapeUri = "http://localhost/nginx_status"; }; - nextcloud = lib.mkIf config.swarselsystems.modules.server.nextcloud { + nextcloud = lib.mkIf config.swarselmodules.server.nextcloud { enable = true; port = 9205; url = "https://${serviceDomain}/ocs/v2.php/apps/serverinfo/api/v1/info"; diff --git a/modules/nixos/server/mpd.nix b/modules/nixos/server/mpd.nix index 454fbb1..0f7afc4 100644 --- a/modules/nixos/server/mpd.nix +++ b/modules/nixos/server/mpd.nix @@ -8,8 +8,8 @@ let serviceName = "mpd"; in { - options.swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; - config = lib.mkIf config.swarselsystems.modules.server.${serviceName} { + options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; + config = lib.mkIf config.swarselmodules.server.${serviceName} { users = { groups = { mpd = { }; diff --git a/modules/nixos/server/navidrome.nix b/modules/nixos/server/navidrome.nix index eed687f..3d6df90 100644 --- a/modules/nixos/server/navidrome.nix +++ b/modules/nixos/server/navidrome.nix @@ -7,8 +7,8 @@ let serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; in { - options.swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; - config = lib.mkIf config.swarselsystems.modules.server.${serviceName} { + options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; + config = lib.mkIf config.swarselmodules.server.${serviceName} { environment.systemPackages = with pkgs; [ pciutils alsa-utils diff --git a/modules/nixos/server/nextcloud.nix b/modules/nixos/server/nextcloud.nix index 143c677..1deeb81 100644 --- a/modules/nixos/server/nextcloud.nix +++ b/modules/nixos/server/nextcloud.nix @@ -10,8 +10,8 @@ let serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; in { - options.swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; - config = lib.mkIf config.swarselsystems.modules.server.${serviceName} { + options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; + config = lib.mkIf config.swarselmodules.server.${serviceName} { sops.secrets = { nextcloud-admin-pw = { inherit sopsFile; owner = serviceUser; group = serviceGroup; mode = "0440"; }; diff --git a/modules/nixos/server/nfs.nix b/modules/nixos/server/nfs.nix index 93f21b7..d2d97da 100644 --- a/modules/nixos/server/nfs.nix +++ b/modules/nixos/server/nfs.nix @@ -3,8 +3,8 @@ let nfsUser = globals.user.name; in { - options.swarselsystems.modules.server.nfs = lib.mkEnableOption "enable nfs on server"; - config = lib.mkIf config.swarselsystems.modules.server.nfs { + options.swarselmodules.server.nfs = lib.mkEnableOption "enable nfs on server"; + config = lib.mkIf config.swarselmodules.server.nfs { services = { # add a user with sudo smbpasswd -a samba = { diff --git a/modules/nixos/server/nginx.nix b/modules/nixos/server/nginx.nix index 354e444..97caafb 100644 --- a/modules/nixos/server/nginx.nix +++ b/modules/nixos/server/nginx.nix @@ -5,8 +5,8 @@ let in { - options.swarselsystems.modules.server.nginx = lib.mkEnableOption "enable nginx on server"; - config = lib.mkIf config.swarselsystems.modules.server.nginx { + options.swarselmodules.server.nginx = lib.mkEnableOption "enable nginx on server"; + config = lib.mkIf config.swarselmodules.server.nginx { environment.systemPackages = with pkgs; [ lego ]; diff --git a/modules/nixos/server/oauth2-proxy.nix b/modules/nixos/server/oauth2-proxy.nix index 401cd6b..d74a441 100644 --- a/modules/nixos/server/oauth2-proxy.nix +++ b/modules/nixos/server/oauth2-proxy.nix @@ -13,7 +13,7 @@ let in { options = { - swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; + swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; # largely based on https://github.com/oddlama/nix-config/blob/main/modules/oauth2-proxy.nix services.nginx.virtualHosts = lib.mkOption { type = lib.types.attrsOf ( @@ -121,7 +121,7 @@ in ); }; }; - config = lib.mkIf config.swarselsystems.modules.server.${serviceName} { + config = lib.mkIf config.swarselmodules.server.${serviceName} { sops = { secrets = { diff --git a/modules/nixos/server/packages.nix b/modules/nixos/server/packages.nix index 136245a..6f5f744 100644 --- a/modules/nixos/server/packages.nix +++ b/modules/nixos/server/packages.nix @@ -1,7 +1,7 @@ { lib, config, pkgs, ... }: { - options.swarselsystems.modules.server.packages = lib.mkEnableOption "enable packages on server"; - config = lib.mkIf config.swarselsystems.modules.server.packages { + options.swarselmodules.server.packages = lib.mkEnableOption "enable packages on server"; + config = lib.mkIf config.swarselmodules.server.packages { environment.systemPackages = with pkgs; [ gnupg nix-index diff --git a/modules/nixos/server/paperless.nix b/modules/nixos/server/paperless.nix index 9d52754..3172fd9 100644 --- a/modules/nixos/server/paperless.nix +++ b/modules/nixos/server/paperless.nix @@ -13,8 +13,8 @@ let kanidmDomain = globals.services.kanidm.domain; in { - options.swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; - config = lib.mkIf config.swarselsystems.modules.server.${serviceName} { + options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; + config = lib.mkIf config.swarselmodules.server.${serviceName} { users.users.${serviceUser} = { extraGroups = [ "users" ]; diff --git a/modules/nixos/server/pipewire.nix b/modules/nixos/server/pipewire.nix index faf8e90..b6b315a 100644 --- a/modules/nixos/server/pipewire.nix +++ b/modules/nixos/server/pipewire.nix @@ -1,6 +1,6 @@ { lib, config, ... }: { - config = lib.mkIf (config?swarselsystems.modules.server.mpd || config?swarselsystems.modules.server.navidrome) { + config = lib.mkIf (config?swarselmodules.server.mpd || config?swarselmodules.server.navidrome) { security.rtkit.enable = true; # this is required for pipewire real-time access diff --git a/modules/nixos/server/postgresql.nix b/modules/nixos/server/postgresql.nix index b2bc7e1..3cfa47d 100644 --- a/modules/nixos/server/postgresql.nix +++ b/modules/nixos/server/postgresql.nix @@ -4,8 +4,8 @@ let postgresVersion = 14; in { - options.swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; - config = lib.mkIf config.swarselsystems.modules.server.${serviceName} { + options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; + config = lib.mkIf config.swarselmodules.server.${serviceName} { services = { ${serviceName} = { enable = true; diff --git a/modules/nixos/server/radicale.nix b/modules/nixos/server/radicale.nix index 4d22aae..c9a1a8e 100644 --- a/modules/nixos/server/radicale.nix +++ b/modules/nixos/server/radicale.nix @@ -11,8 +11,8 @@ let cfg = config.services.${serviceName}; in { - options.swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; - config = lib.mkIf config.swarselsystems.modules.server.${serviceName} { + options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; + config = lib.mkIf config.swarselmodules.server.${serviceName} { sops = { secrets.radicale-user = { inherit sopsFile; owner = serviceUser; group = serviceGroup; mode = "0440"; }; diff --git a/modules/nixos/server/restic.nix b/modules/nixos/server/restic.nix index 804b18a..eb492b1 100644 --- a/modules/nixos/server/restic.nix +++ b/modules/nixos/server/restic.nix @@ -3,8 +3,8 @@ let inherit (config.swarselsystems) sopsFile; in { - options.swarselsystems.modules.server.restic = lib.mkEnableOption "enable restic backups on server"; - config = lib.mkIf config.swarselsystems.modules.server.restic { + options.swarselmodules.server.restic = lib.mkEnableOption "enable restic backups on server"; + config = lib.mkIf config.swarselmodules.server.restic { sops = { secrets = { diff --git a/modules/nixos/server/settings.nix b/modules/nixos/server/settings.nix index 11ddcac..31e7225 100644 --- a/modules/nixos/server/settings.nix +++ b/modules/nixos/server/settings.nix @@ -3,14 +3,15 @@ let inherit (config.swarselsystems) flakePath; in { + + options.swarselmodules.server.general = lib.mkEnableOption "general setting on server"; options.swarselsystems = { - modules.server.general = lib.mkEnableOption "general setting on server"; shellAliases = lib.mkOption { type = lib.types.attrsOf lib.types.str; default = { }; }; }; - config = lib.mkIf config.swarselsystems.modules.server.general { + config = lib.mkIf config.swarselmodules.server.general { environment.shellAliases = lib.recursiveUpdate { diff --git a/modules/nixos/server/shlink.nix b/modules/nixos/server/shlink.nix index e388ad3..59815c0 100644 --- a/modules/nixos/server/shlink.nix +++ b/modules/nixos/server/shlink.nix @@ -10,9 +10,9 @@ let in { options = { - swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; + swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; }; - config = lib.mkIf config.swarselsystems.modules.server.${serviceName} { + config = lib.mkIf config.swarselmodules.server.${serviceName} { sops = { secrets = { diff --git a/modules/nixos/server/spotifyd.nix b/modules/nixos/server/spotifyd.nix index 1de618a..ef4babd 100644 --- a/modules/nixos/server/spotifyd.nix +++ b/modules/nixos/server/spotifyd.nix @@ -6,8 +6,8 @@ let serviceGroup = serviceUser; in { - options.swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; - config = lib.mkIf config.swarselsystems.modules.server.${serviceName} { + options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; + config = lib.mkIf config.swarselmodules.server.${serviceName} { users.groups.${serviceGroup} = { gid = 65136; }; diff --git a/modules/nixos/server/ssh.nix b/modules/nixos/server/ssh.nix index cb8b7ad..a588edf 100644 --- a/modules/nixos/server/ssh.nix +++ b/modules/nixos/server/ssh.nix @@ -1,7 +1,7 @@ { self, lib, config, ... }: { - options.swarselsystems.modules.server.ssh = lib.mkEnableOption "enable ssh on server"; - config = lib.mkIf config.swarselsystems.modules.server.ssh { + options.swarselmodules.server.ssh = lib.mkEnableOption "enable ssh on server"; + config = lib.mkIf config.swarselmodules.server.ssh { services.openssh = { enable = true; startWhenNeeded = lib.mkForce false; diff --git a/modules/nixos/server/syncthing.nix b/modules/nixos/server/syncthing.nix index ef32693..26128a2 100644 --- a/modules/nixos/server/syncthing.nix +++ b/modules/nixos/server/syncthing.nix @@ -11,8 +11,8 @@ let cfg = config.services.${serviceName}; in { - options.swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; - config = lib.mkIf config.swarselsystems.modules.server.${serviceName} { + options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; + config = lib.mkIf config.swarselmodules.server.${serviceName} { users.users.${serviceUser} = { extraGroups = [ "users" ]; diff --git a/modules/nixos/server/transmission.nix b/modules/nixos/server/transmission.nix index 9c3376d..64c2199 100644 --- a/modules/nixos/server/transmission.nix +++ b/modules/nixos/server/transmission.nix @@ -20,8 +20,8 @@ let prowlarrPort = 9696; in { - options.swarselsystems.modules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} and friends on server"; - config = lib.mkIf config.swarselsystems.modules.server.${serviceName} { + options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} and friends on server"; + config = lib.mkIf config.swarselmodules.server.${serviceName} { # this user/group section is probably unneeded users = { diff --git a/modules/home/common/sharedsetup.nix b/modules/shared/sharedsetup.nix similarity index 93% rename from modules/home/common/sharedsetup.nix rename to modules/shared/sharedsetup.nix index ce37e10..13c96a2 100644 --- a/modules/home/common/sharedsetup.nix +++ b/modules/shared/sharedsetup.nix @@ -1,16 +1,36 @@ -{ self, config, lib, pkgs, globals, minimal, ... }: +{ self, config, lib, pkgs, ... }: { options.swarselsystems = { + withHomeManager = lib.mkOption { + type = lib.types.bool; + default = true; + }; + isSwap = lib.mkOption { + type = lib.types.bool; + default = true; + }; + swapSize = lib.mkOption { + type = lib.types.str; + default = "8G"; + }; + rootDisk = lib.mkOption { + type = lib.types.str; + default = ""; + }; + mainUser = lib.mkOption { + type = lib.types.str; + default = "swarsel"; + }; + isCrypted = lib.mkEnableOption "uses full disk encryption"; + + isImpermanence = lib.mkEnableOption "use impermanence on this system"; + isSecureBoot = lib.mkEnableOption "use secure boot on this system"; isLaptop = lib.mkEnableOption "laptop host"; isNixos = lib.mkEnableOption "nixos host"; isPublic = lib.mkEnableOption "is a public machine (no secrets)"; isDarwin = lib.mkEnableOption "darwin host"; isLinux = lib.mkEnableOption "whether this is a linux machine"; isBtrfs = lib.mkEnableOption "use btrfs filesystem"; - mainUser = lib.mkOption { - type = lib.types.str; - default = if (!minimal) then globals.user.name else "swarsel"; - }; sopsFile = lib.mkOption { type = lib.types.str; default = "${config.swarselsystems.flakePath}/secrets/${config.node.name}/secrets.yaml"; @@ -264,6 +284,5 @@ }; }; }; - }; } diff --git a/nix/hosts.nix b/nix/hosts.nix index 192c521..421618a 100644 --- a/nix/hosts.nix +++ b/nix/hosts.nix @@ -26,6 +26,11 @@ name = configName; secretsDir = ../hosts/nixos/${configName}/secrets; }; + + swarselprofiles = { + minimal = lib.mkIf minimal true; + }; + } ]; }; @@ -49,6 +54,7 @@ { node.name = configName; node.secretsDir = ../hosts/darwin/${configName}/secrets; + } ]; }; diff --git a/profiles/home/chaostheatre/default.nix b/profiles/home/chaostheatre/default.nix index 37bd0c4..2288a8a 100644 --- a/profiles/home/chaostheatre/default.nix +++ b/profiles/home/chaostheatre/default.nix @@ -1,8 +1,8 @@ { lib, config, ... }: { - options.swarselsystems.profiles.chaostheatre = lib.mkEnableOption "is this a chaostheatre host"; - config = lib.mkIf config.swarselsystems.profiles.chaostheatre { - swarselsystems.modules = { + options.swarselprofiles.chaostheatre = lib.mkEnableOption "is this a chaostheatre host"; + config = lib.mkIf config.swarselprofiles.chaostheatre { + swarselmodules = { packages = lib.mkDefault true; ownpackages = lib.mkDefault true; general = lib.mkDefault true; diff --git a/profiles/home/darwin/default.nix b/profiles/home/darwin/default.nix deleted file mode 100644 index 29c8307..0000000 --- a/profiles/home/darwin/default.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ lib, config, ... }: -{ - options.swarselsystems.profiles.darwin = lib.mkEnableOption "is this a darwin host"; - config = lib.mkIf config.swarselsystems.profiles.darwin { - swarselsystems.modules = { - general = lib.mkDefault true; - }; - }; - -} diff --git a/profiles/home/framework/default.nix b/profiles/home/framework/default.nix index cbde9f0..b4c28e2 100644 --- a/profiles/home/framework/default.nix +++ b/profiles/home/framework/default.nix @@ -1,8 +1,8 @@ { lib, config, ... }: { - options.swarselsystems.profiles.framework = lib.mkEnableOption "is this a framework brand host"; - config = lib.mkIf config.swarselsystems.profiles.framework { - swarselsystems.modules = { + options.swarselprofiles.framework = lib.mkEnableOption "is this a framework brand host"; + config = lib.mkIf config.swarselprofiles.framework { + swarselmodules = { optional = { framework = lib.mkDefault true; }; diff --git a/profiles/home/localserver/default.nix b/profiles/home/localserver/default.nix index 2a87f51..d906701 100644 --- a/profiles/home/localserver/default.nix +++ b/profiles/home/localserver/default.nix @@ -1,8 +1,8 @@ { lib, config, ... }: { - options.swarselsystems.profiles.server.local = lib.mkEnableOption "is this a local server"; - config = lib.mkIf config.swarselsystems.profiles.server.local { - swarselsystems.modules = { + options.swarselprofiles.server.local = lib.mkEnableOption "is this a local server"; + config = lib.mkIf config.swarselprofiles.server.local { + swarselmodules = { general = lib.mkDefault true; server = { dotfiles = lib.mkDefault true; diff --git a/profiles/home/minimal/default.nix b/profiles/home/minimal/default.nix index 1cca691..bea6b11 100644 --- a/profiles/home/minimal/default.nix +++ b/profiles/home/minimal/default.nix @@ -1,8 +1,8 @@ { lib, config, ... }: { - options.swarselsystems.profiles.minimal = lib.mkEnableOption "is this a personal host"; - config = lib.mkIf config.swarselsystems.profiles.minimal { - swarselsystems.modules = { + options.swarselprofiles.minimal = lib.mkEnableOption "is this a personal host"; + config = lib.mkIf config.swarselprofiles.minimal { + swarselmodules = { general = lib.mkDefault true; sops = lib.mkDefault true; kitty = lib.mkDefault true; diff --git a/profiles/home/personal/default.nix b/profiles/home/personal/default.nix index 5177629..91d44aa 100644 --- a/profiles/home/personal/default.nix +++ b/profiles/home/personal/default.nix @@ -1,8 +1,8 @@ { lib, config, ... }: { - options.swarselsystems.profiles.personal = lib.mkEnableOption "is this a personal host"; - config = lib.mkIf config.swarselsystems.profiles.personal { - swarselsystems.modules = { + options.swarselprofiles.personal = lib.mkEnableOption "is this a personal host"; + config = lib.mkIf config.swarselprofiles.personal { + swarselmodules = { packages = lib.mkDefault true; ownpackages = lib.mkDefault true; general = lib.mkDefault true; diff --git a/profiles/home/reduced/default.nix b/profiles/home/reduced/default.nix index 48ca3ce..7daec76 100644 --- a/profiles/home/reduced/default.nix +++ b/profiles/home/reduced/default.nix @@ -1,8 +1,8 @@ { lib, config, ... }: { - options.swarselsystems.profiles.reduced = lib.mkEnableOption "is this a reduced personal host"; - config = lib.mkIf config.swarselsystems.profiles.reduced { - swarselsystems.modules = { + options.swarselprofiles.reduced = lib.mkEnableOption "is this a reduced personal host"; + config = lib.mkIf config.swarselprofiles.reduced { + swarselmodules = { packages = lib.mkDefault true; ownpackages = lib.mkDefault true; general = lib.mkDefault true; diff --git a/profiles/home/toto/default.nix b/profiles/home/toto/default.nix index a434b37..2f1473a 100644 --- a/profiles/home/toto/default.nix +++ b/profiles/home/toto/default.nix @@ -1,8 +1,8 @@ { lib, config, ... }: { - options.swarselsystems.profiles.toto = lib.mkEnableOption "is this a toto (setup) host"; - config = lib.mkIf config.swarselsystems.profiles.toto { - swarselsystems.modules = { + options.swarselprofiles.toto = lib.mkEnableOption "is this a toto (setup) host"; + config = lib.mkIf config.swarselprofiles.toto { + swarselmodules = { general = lib.mkDefault true; sops = lib.mkDefault true; ssh = lib.mkDefault true; diff --git a/profiles/home/work/default.nix b/profiles/home/work/default.nix index 4653f87..a89b300 100644 --- a/profiles/home/work/default.nix +++ b/profiles/home/work/default.nix @@ -1,8 +1,8 @@ { lib, config, ... }: { - options.swarselsystems.profiles.work = lib.mkEnableOption "is this a work host"; - config = lib.mkIf config.swarselsystems.profiles.work { - swarselsystems.modules = { + options.swarselprofiles.work = lib.mkEnableOption "is this a work host"; + config = lib.mkIf config.swarselprofiles.work { + swarselmodules = { optional = { work = lib.mkDefault true; }; diff --git a/profiles/nixos/amdcpu/default.nix b/profiles/nixos/amdcpu/default.nix index 7d6177b..e0576d5 100644 --- a/profiles/nixos/amdcpu/default.nix +++ b/profiles/nixos/amdcpu/default.nix @@ -1,8 +1,8 @@ { lib, config, ... }: { - options.swarselsystems.profiles.amdcpu = lib.mkEnableOption "is this a host with amd cpu"; - config = lib.mkIf config.swarselsystems.profiles.amdcpu { - swarselsystems.modules = { + options.swarselprofiles.amdcpu = lib.mkEnableOption "is this a host with amd cpu"; + config = lib.mkIf config.swarselprofiles.amdcpu { + swarselmodules = { optional = { amdcpu = lib.mkDefault true; }; diff --git a/profiles/nixos/amdgpu/default.nix b/profiles/nixos/amdgpu/default.nix index 339451f..91810b8 100644 --- a/profiles/nixos/amdgpu/default.nix +++ b/profiles/nixos/amdgpu/default.nix @@ -1,8 +1,8 @@ { lib, config, ... }: { - options.swarselsystems.profiles.amdgpu = lib.mkEnableOption "is this a host with amd gpu"; - config = lib.mkIf config.swarselsystems.profiles.amdgpu { - swarselsystems.modules = { + options.swarselprofiles.amdgpu = lib.mkEnableOption "is this a host with amd gpu"; + config = lib.mkIf config.swarselprofiles.amdgpu { + swarselmodules = { optional = { amdgpu = lib.mkDefault true; }; diff --git a/profiles/nixos/btrfs/default.nix b/profiles/nixos/btrfs/default.nix index ec959ed..4e09c66 100644 --- a/profiles/nixos/btrfs/default.nix +++ b/profiles/nixos/btrfs/default.nix @@ -1,8 +1,8 @@ { lib, config, ... }: { - options.swarselsystems.profiles.btrfs = lib.mkEnableOption "is this a host using btrfs"; - config = lib.mkIf config.swarselsystems.profiles.btrfs { - swarselsystems.modules = { + options.swarselprofiles.btrfs = lib.mkEnableOption "is this a host using btrfs"; + config = lib.mkIf config.swarselprofiles.btrfs { + swarselmodules = { optional = { btrfs = lib.mkDefault true; }; diff --git a/profiles/nixos/chaostheatre/default.nix b/profiles/nixos/chaostheatre/default.nix index 4c677eb..cedf6d9 100644 --- a/profiles/nixos/chaostheatre/default.nix +++ b/profiles/nixos/chaostheatre/default.nix @@ -1,8 +1,8 @@ { lib, config, ... }: { - options.swarselsystems.profiles.chaostheatre = lib.mkEnableOption "is this a chaostheatre host"; - config = lib.mkIf config.swarselsystems.profiles.chaostheatre { - swarselsystems.modules = { + options.swarselprofiles.chaostheatre = lib.mkEnableOption "is this a chaostheatre host"; + config = lib.mkIf config.swarselprofiles.chaostheatre { + swarselmodules = { packages = lib.mkDefault true; general = lib.mkDefault true; home-manager = lib.mkDefault true; diff --git a/profiles/nixos/framework/default.nix b/profiles/nixos/framework/default.nix index cbde9f0..32b6b0e 100644 --- a/profiles/nixos/framework/default.nix +++ b/profiles/nixos/framework/default.nix @@ -1,12 +1,17 @@ -{ lib, config, ... }: +{ lib, config, minimal, ... }: { - options.swarselsystems.profiles.framework = lib.mkEnableOption "is this a framework brand host"; - config = lib.mkIf config.swarselsystems.profiles.framework { - swarselsystems.modules = { + options.swarselprofiles.framework = lib.mkEnableOption "is this a framework brand host"; + config = lib.mkIf config.swarselprofiles.framework { + swarselmodules = { optional = { framework = lib.mkDefault true; }; }; + home-manager.users."${config.swarselsystems.mainUser}" = { + swarselprofiles = { + framework = lib.mkIf (!minimal) true; + }; + }; }; diff --git a/profiles/nixos/hibernation/default.nix b/profiles/nixos/hibernation/default.nix index 6105cae..b529ff1 100644 --- a/profiles/nixos/hibernation/default.nix +++ b/profiles/nixos/hibernation/default.nix @@ -1,8 +1,8 @@ { lib, config, ... }: { - options.swarselsystems.profiles.hibernation = lib.mkEnableOption "is this a host using hibernation"; - config = lib.mkIf config.swarselsystems.profiles.hibernation { - swarselsystems.modules = { + options.swarselprofiles.hibernation = lib.mkEnableOption "is this a host using hibernation"; + config = lib.mkIf config.swarselprofiles.hibernation { + swarselmodules = { optional = { hibernation = lib.mkDefault true; }; diff --git a/profiles/nixos/localserver/default.nix b/profiles/nixos/localserver/default.nix index 6cb9a55..e3577e5 100644 --- a/profiles/nixos/localserver/default.nix +++ b/profiles/nixos/localserver/default.nix @@ -1,47 +1,45 @@ { lib, config, ... }: { - options.swarselsystems.profiles.server.local = lib.mkEnableOption "is this a local server"; - config = lib.mkIf config.swarselsystems.profiles.server.local { - swarselsystems = { - modules = { + options.swarselprofiles.server.local = lib.mkEnableOption "is this a local server"; + config = lib.mkIf config.swarselprofiles.server.local { + swarselmodules = { + general = lib.mkDefault true; + pii = lib.mkDefault true; + home-manager = lib.mkDefault true; + xserver = lib.mkDefault true; + time = lib.mkDefault true; + users = lib.mkDefault true; + sops = lib.mkDefault true; + server = { general = lib.mkDefault true; - pii = lib.mkDefault true; - home-manager = lib.mkDefault true; - xserver = lib.mkDefault true; - time = lib.mkDefault true; - users = lib.mkDefault true; - sops = lib.mkDefault true; - server = { - general = lib.mkDefault true; - packages = lib.mkDefault true; - nfs = lib.mkDefault true; - nginx = lib.mkDefault true; - ssh = lib.mkDefault true; - kavita = lib.mkDefault true; - restic = lib.mkDefault true; - jellyfin = lib.mkDefault true; - navidrome = lib.mkDefault true; - spotifyd = lib.mkDefault true; - mpd = lib.mkDefault true; - postgresql = lib.mkDefault true; - matrix = lib.mkDefault true; - nextcloud = lib.mkDefault true; - immich = lib.mkDefault true; - paperless = lib.mkDefault true; - transmission = lib.mkDefault true; - syncthing = lib.mkDefault true; - grafana = lib.mkDefault true; - emacs = lib.mkDefault true; - freshrss = lib.mkDefault true; - jenkins = lib.mkDefault false; - kanidm = lib.mkDefault true; - firefly-iii = lib.mkDefault true; - koillection = lib.mkDefault true; - radicale = lib.mkDefault true; - atuin = lib.mkDefault true; - forgejo = lib.mkDefault true; - ankisync = lib.mkDefault true; - }; + packages = lib.mkDefault true; + nfs = lib.mkDefault true; + nginx = lib.mkDefault true; + ssh = lib.mkDefault true; + kavita = lib.mkDefault true; + restic = lib.mkDefault true; + jellyfin = lib.mkDefault true; + navidrome = lib.mkDefault true; + spotifyd = lib.mkDefault true; + mpd = lib.mkDefault true; + postgresql = lib.mkDefault true; + matrix = lib.mkDefault true; + nextcloud = lib.mkDefault true; + immich = lib.mkDefault true; + paperless = lib.mkDefault true; + transmission = lib.mkDefault true; + syncthing = lib.mkDefault true; + grafana = lib.mkDefault true; + emacs = lib.mkDefault true; + freshrss = lib.mkDefault true; + jenkins = lib.mkDefault false; + kanidm = lib.mkDefault true; + firefly-iii = lib.mkDefault true; + koillection = lib.mkDefault true; + radicale = lib.mkDefault true; + atuin = lib.mkDefault true; + forgejo = lib.mkDefault true; + ankisync = lib.mkDefault true; }; }; }; diff --git a/profiles/nixos/minimal/default.nix b/profiles/nixos/minimal/default.nix index 9b948fa..d7afc1e 100644 --- a/profiles/nixos/minimal/default.nix +++ b/profiles/nixos/minimal/default.nix @@ -1,8 +1,8 @@ { lib, config, ... }: { - options.swarselsystems.profiles.minimal = lib.mkEnableOption "declare this a minimal host"; - config = lib.mkIf config.swarselsystems.profiles.minimal { - swarselsystems.modules = { + options.swarselprofiles.minimal = lib.mkEnableOption "declare this a minimal host"; + config = lib.mkIf config.swarselprofiles.minimal { + swarselmodules = { general = lib.mkDefault true; home-manager = lib.mkDefault true; xserver = lib.mkDefault true; diff --git a/profiles/nixos/moonside/default.nix b/profiles/nixos/moonside/default.nix index d1403c0..34674fd 100644 --- a/profiles/nixos/moonside/default.nix +++ b/profiles/nixos/moonside/default.nix @@ -1,27 +1,25 @@ { lib, config, ... }: { - options.swarselsystems.profiles.server.moonside = lib.mkEnableOption "is this a moonside server"; - config = lib.mkIf config.swarselsystems.profiles.server.moonside { - swarselsystems = { - modules = { + options.swarselprofiles.server.moonside = lib.mkEnableOption "is this a moonside server"; + config = lib.mkIf config.swarselprofiles.server.moonside { + swarselmodules = { + general = lib.mkDefault true; + pii = lib.mkDefault true; + home-manager = lib.mkDefault true; + xserver = lib.mkDefault true; + time = lib.mkDefault true; + users = lib.mkDefault true; + impermanence = lib.mkDefault true; + sops = lib.mkDefault true; + server = { general = lib.mkDefault true; - pii = lib.mkDefault true; - home-manager = lib.mkDefault true; - xserver = lib.mkDefault true; - time = lib.mkDefault true; - users = lib.mkDefault true; - impermanence = lib.mkDefault true; - sops = lib.mkDefault true; - server = { - general = lib.mkDefault true; - packages = lib.mkDefault true; - nginx = lib.mkDefault true; - ssh = lib.mkDefault true; - oauth2-proxy = lib.mkDefault true; - croc = lib.mkDefault true; - microbin = lib.mkDefault true; - shlink = lib.mkDefault true; - }; + packages = lib.mkDefault true; + nginx = lib.mkDefault true; + ssh = lib.mkDefault true; + oauth2-proxy = lib.mkDefault true; + croc = lib.mkDefault true; + microbin = lib.mkDefault true; + shlink = lib.mkDefault true; }; }; }; diff --git a/profiles/nixos/personal/default.nix b/profiles/nixos/personal/default.nix index d1c806c..27076c8 100644 --- a/profiles/nixos/personal/default.nix +++ b/profiles/nixos/personal/default.nix @@ -1,8 +1,8 @@ -{ lib, config, ... }: +{ lib, config, minimal, ... }: { - options.swarselsystems.profiles.personal = lib.mkEnableOption "is this a personal host"; - config = lib.mkIf config.swarselsystems.profiles.personal { - swarselsystems.modules = { + options.swarselprofiles.personal = lib.mkEnableOption "is this a personal host"; + config = lib.mkIf config.swarselprofiles.personal { + swarselmodules = { packages = lib.mkDefault true; pii = lib.mkDefault true; general = lib.mkDefault true; @@ -55,6 +55,11 @@ ssh = lib.mkDefault true; }; }; + home-manager.users."${config.swarselsystems.mainUser}" = { + swarselprofiles = { + personal = lib.mkIf (!minimal) true; + }; + }; }; diff --git a/profiles/nixos/reduced/default.nix b/profiles/nixos/reduced/default.nix index 3993fac..7c0f529 100644 --- a/profiles/nixos/reduced/default.nix +++ b/profiles/nixos/reduced/default.nix @@ -1,8 +1,8 @@ { lib, config, ... }: { - options.swarselsystems.profiles.reduced = lib.mkEnableOption "is this a reduced personal host"; - config = lib.mkIf config.swarselsystems.profiles.reduced { - swarselsystems.modules = { + options.swarselprofiles.reduced = lib.mkEnableOption "is this a reduced personal host"; + config = lib.mkIf config.swarselprofiles.reduced { + swarselmodules = { packages = lib.mkDefault true; pii = lib.mkDefault true; general = lib.mkDefault true; diff --git a/profiles/nixos/syncserver/default.nix b/profiles/nixos/syncserver/default.nix index a784c87..7c28a4b 100644 --- a/profiles/nixos/syncserver/default.nix +++ b/profiles/nixos/syncserver/default.nix @@ -1,25 +1,23 @@ { lib, config, ... }: { - options.swarselsystems.profiles.server.syncserver = lib.mkEnableOption "is this a oci syncserver server"; - config = lib.mkIf config.swarselsystems.profiles.server.syncserver { - swarselsystems = { - modules = { + options.swarselprofiles.server.syncserver = lib.mkEnableOption "is this a oci syncserver server"; + config = lib.mkIf config.swarselprofiles.server.syncserver { + swarselmodules = { + general = lib.mkDefault true; + nix-ld = lib.mkDefault true; + pii = lib.mkDefault true; + home-manager = lib.mkDefault true; + xserver = lib.mkDefault true; + time = lib.mkDefault true; + users = lib.mkDefault true; + sops = lib.mkDefault true; + server = { general = lib.mkDefault true; - nix-ld = lib.mkDefault true; - pii = lib.mkDefault true; - home-manager = lib.mkDefault true; - xserver = lib.mkDefault true; - time = lib.mkDefault true; - users = lib.mkDefault true; - sops = lib.mkDefault true; - server = { - general = lib.mkDefault true; - packages = lib.mkDefault true; - nginx = lib.mkDefault true; - ssh = lib.mkDefault true; - forgejo = lib.mkDefault false; - ankisync = lib.mkDefault false; - }; + packages = lib.mkDefault true; + nginx = lib.mkDefault true; + ssh = lib.mkDefault true; + forgejo = lib.mkDefault false; + ankisync = lib.mkDefault false; }; }; }; diff --git a/profiles/nixos/toto/default.nix b/profiles/nixos/toto/default.nix index 3647d2e..17532b0 100644 --- a/profiles/nixos/toto/default.nix +++ b/profiles/nixos/toto/default.nix @@ -1,8 +1,8 @@ { lib, config, ... }: { - options.swarselsystems.profiles.toto = lib.mkEnableOption "is this a toto (setup) host"; - config = lib.mkIf config.swarselsystems.profiles.toto { - swarselsystems.modules = { + options.swarselprofiles.toto = lib.mkEnableOption "is this a toto (setup) host"; + config = lib.mkIf config.swarselprofiles.toto { + swarselmodules = { general = lib.mkDefault true; packages = lib.mkDefault true; home-manager = lib.mkDefault true; diff --git a/profiles/nixos/work/default.nix b/profiles/nixos/work/default.nix index dca896e..6ab95d8 100644 --- a/profiles/nixos/work/default.nix +++ b/profiles/nixos/work/default.nix @@ -1,12 +1,17 @@ -{ lib, config, ... }: +{ lib, config, minimal, ... }: { - options.swarselsystems.profiles.work = lib.mkEnableOption "is this a work host"; - config = lib.mkIf config.swarselsystems.profiles.work { - swarselsystems.modules = { + options.swarselprofiles.work = lib.mkEnableOption "is this a work host"; + config = lib.mkIf config.swarselprofiles.work { + swarselmodules = { optional = { work = lib.mkDefault true; }; }; + home-manager.users."${config.swarselsystems.mainUser}" = { + swarselprofiles = { + work = lib.mkIf (!minimal) true; + }; + }; }; From e7d3def83052065b815bfcf5409a9897f1c36c2e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leon=20Schwarz=C3=A4ugl?= Date: Thu, 17 Jul 2025 03:33:27 +0200 Subject: [PATCH 02/16] feat: make nixosConfig work on home-manager --- SwarselSystems.org | 40 +++++++++++++-------------- hosts/home/treehouse/default.nix | 2 ++ modules/home/common/env.nix | 2 +- modules/home/common/gammastep.nix | 2 +- modules/home/common/git.nix | 2 +- modules/home/common/mail.nix | 2 +- modules/home/common/sharedoptions.nix | 4 +-- modules/home/common/yubikey.nix | 2 +- modules/home/optional/work.nix | 2 +- modules/nixos/common/home-manager.nix | 2 -- 10 files changed, 30 insertions(+), 30 deletions(-) diff --git a/SwarselSystems.org b/SwarselSystems.org index 9eb466c..3a73652 100644 --- a/SwarselSystems.org +++ b/SwarselSystems.org @@ -3485,6 +3485,8 @@ This is the "reference implementation" of a setup that runs without NixOS, only inputs.sops-nix.homeManagerModules.sops inputs.nix-index-database.hmModules.nix-index "${self}/modules/home" + "${self}/modules/nixos/common/pii.nix" + "${self}/modules/nixos/common/meta.nix" ]; nixpkgs = { @@ -3969,18 +3971,18 @@ This section is for setting things that should be used on hosts that are using t #+begin_src nix-ts :tangle modules/home/common/sharedoptions.nix - { lib, config, nixosConfig, ... }: - let - # mirrorAttrs = lib.mapAttrs (_: v: lib.mkDefault v) nixosConfig.swarselsystems; - inherit (lib) mkDefault mapAttrs filterAttrs; - mkDefaultCommonAttrs = base: defaults: - lib.mapAttrs (_: v: lib.mkDefault v) - (lib.filterAttrs (k: _: base ? ${k}) defaults); - in - { - # config.swarselsystems = mirrorAttrs; - config.swarselsystems = mkDefaultCommonAttrs config.swarselsystems nixosConfig.swarselsystems; - } + { lib, config, nixosConfig ? null, ... }: + let + # mirrorAttrs = lib.mapAttrs (_: v: lib.mkDefault v) nixosConfig.swarselsystems; + inherit (lib) mkDefault mapAttrs filterAttrs; + mkDefaultCommonAttrs = base: defaults: + lib.mapAttrs (_: v: lib.mkDefault v) + (lib.filterAttrs (k: _: base ? ${k}) defaults); + in + { + # config.swarselsystems = mirrorAttrs; + config.swarselsystems = lib.mkIf (nixosConfig != null) (mkDefaultCommonAttrs config.swarselsystems nixosConfig.swarselsystems); + } #+end_src **** Topology (automatically active) @@ -4169,8 +4171,6 @@ We enable the use of =home-manager= as a NixoS module. A nice trick here is the minimal = lib.mkIf minimal true; }; } - # "${self}/modules/nixos/common/pii.nix" - # "${self}/modules/nixos/common/meta.nix" ]; # node = { # secretsDir = if (!config.swarselsystems.isNixos) then ../../../hosts/home/${configName}/secrets else ../../../hosts/nixos/${configName}/secrets; @@ -11075,7 +11075,7 @@ I use sops-nix to handle secrets that I want to have available on my machines at :END: #+begin_src nix-ts :tangle modules/home/common/yubikey.nix - { lib, config, nixosConfig, ... }: + { lib, config, nixosConfig ? config, ... }: let inherit (config.swarselsystems) homeDir; in @@ -11352,7 +11352,7 @@ Also in firefox `about:config > toolkit.legacyUserProfileCustomizations.styleshe Sets environment variables. Here I am only setting the EDITOR variable, most variables are set in the [[#h:02df9dfc-d1af-4a37-a7a0-d8da0af96a20][Sway]] section. #+begin_src nix-ts :tangle modules/home/common/env.nix - { lib, config, globals, nixosConfig, ... }: + { lib, config, globals, nixosConfig ? config, ... }: let inherit (nixosConfig.repo.secrets.common.mail) address1 address2 address3 address4 allMailAddresses; inherit (nixosConfig.repo.secrets.common) fullName; @@ -11558,7 +11558,7 @@ Eza provides me with a better =ls= command and some other useful aliases. Here I set up my git config, automatic signing of commits, useful aliases for my ost used commands (for when I am not using [[#h:d2c7323d-f8c6-4f23-b70a-930e3e4ecce5][Magit]]) as well as a git template defined in [[#h:5ef03803-e150-41bc-b603-e80d60d96efc][Linking dotfiles]]. #+begin_src nix-ts :tangle modules/home/common/git.nix - { lib, config, globals, minimal, nixosConfig, ... }: + { lib, config, globals, minimal, nixosConfig ? config, ... }: let inherit (nixosConfig.repo.secrets.common.mail) address1; inherit (nixosConfig.repo.secrets.common) fullName; @@ -12099,7 +12099,7 @@ Currently I only use it as before with =initExtra= though. Normally I use 4 mail accounts - here I set them all up. Three of them are Google accounts (sadly), which are a chore to setup. The last is just a sender account that I setup SMTP for here. #+begin_src nix-ts :tangle modules/home/common/mail.nix - { lib, config, nixosConfig, ... }: + { lib, config, nixosConfig ? config, ... }: let inherit (nixosConfig.repo.secrets.common.mail) address1 address2 address2-name address3 address3-name address4 address4-user address4-host; inherit (nixosConfig.repo.secrets.common) fullName; @@ -13578,7 +13578,7 @@ Settinfs that are needed for the gpg-agent. Also we are enabling emacs support f This service changes the screen hue at night. I am not sure if that really does something, but I like the color anyways. #+begin_src nix-ts :tangle modules/home/common/gammastep.nix - { lib, config, nixosConfig, ... }: + { lib, config, nixosConfig ? config, ... }: let inherit (nixosConfig.repo.secrets.common.location) latitude longitude; in @@ -13741,7 +13741,7 @@ The rest of the settings is at [[#h:fb3f3e01-7df4-4b06-9e91-aa9cac61a431][gaming The rest of the settings is at [[#h:bbf2ecb6-c8ff-4462-b5d5-d45b28604ddf][work]]. Here, I am setting up the different firefox profiles that I need for the SSO sites that I need to access at work as well as a few ssh shorthands. #+begin_src nix-ts :tangle modules/home/optional/work.nix :noweb yes - { self, config, pkgs, lib, nixosConfig, ... }: + { self, config, pkgs, lib, nixosConfig ? config, ... }: let inherit (config.swarselsystems) homeDir; in diff --git a/hosts/home/treehouse/default.nix b/hosts/home/treehouse/default.nix index 9f2b3e4..9ce0edf 100644 --- a/hosts/home/treehouse/default.nix +++ b/hosts/home/treehouse/default.nix @@ -6,6 +6,8 @@ inputs.sops-nix.homeManagerModules.sops inputs.nix-index-database.hmModules.nix-index "${self}/modules/home" + "${self}/modules/nixos/common/pii.nix" + "${self}/modules/nixos/common/meta.nix" ]; nixpkgs = { diff --git a/modules/home/common/env.nix b/modules/home/common/env.nix index e4d9da2..629acac 100644 --- a/modules/home/common/env.nix +++ b/modules/home/common/env.nix @@ -1,4 +1,4 @@ -{ lib, config, globals, nixosConfig, ... }: +{ lib, config, globals, nixosConfig ? config, ... }: let inherit (nixosConfig.repo.secrets.common.mail) address1 address2 address3 address4 allMailAddresses; inherit (nixosConfig.repo.secrets.common) fullName; diff --git a/modules/home/common/gammastep.nix b/modules/home/common/gammastep.nix index 1109d75..c8862c8 100644 --- a/modules/home/common/gammastep.nix +++ b/modules/home/common/gammastep.nix @@ -1,4 +1,4 @@ -{ lib, config, nixosConfig, ... }: +{ lib, config, nixosConfig ? config, ... }: let inherit (nixosConfig.repo.secrets.common.location) latitude longitude; in diff --git a/modules/home/common/git.nix b/modules/home/common/git.nix index 4f522f5..59035aa 100644 --- a/modules/home/common/git.nix +++ b/modules/home/common/git.nix @@ -1,4 +1,4 @@ -{ lib, config, globals, minimal, nixosConfig, ... }: +{ lib, config, globals, minimal, nixosConfig ? config, ... }: let inherit (nixosConfig.repo.secrets.common.mail) address1; inherit (nixosConfig.repo.secrets.common) fullName; diff --git a/modules/home/common/mail.nix b/modules/home/common/mail.nix index 77e67d4..cc14121 100644 --- a/modules/home/common/mail.nix +++ b/modules/home/common/mail.nix @@ -1,4 +1,4 @@ -{ lib, config, nixosConfig, ... }: +{ lib, config, nixosConfig ? config, ... }: let inherit (nixosConfig.repo.secrets.common.mail) address1 address2 address2-name address3 address3-name address4 address4-user address4-host; inherit (nixosConfig.repo.secrets.common) fullName; diff --git a/modules/home/common/sharedoptions.nix b/modules/home/common/sharedoptions.nix index 343518f..8edb073 100644 --- a/modules/home/common/sharedoptions.nix +++ b/modules/home/common/sharedoptions.nix @@ -1,4 +1,4 @@ -{ lib, config, nixosConfig, ... }: +{ lib, config, nixosConfig ? null, ... }: let # mirrorAttrs = lib.mapAttrs (_: v: lib.mkDefault v) nixosConfig.swarselsystems; inherit (lib) mkDefault mapAttrs filterAttrs; @@ -8,5 +8,5 @@ let in { # config.swarselsystems = mirrorAttrs; - config.swarselsystems = mkDefaultCommonAttrs config.swarselsystems nixosConfig.swarselsystems; + config.swarselsystems = lib.mkIf (nixosConfig != null) (mkDefaultCommonAttrs config.swarselsystems nixosConfig.swarselsystems); } diff --git a/modules/home/common/yubikey.nix b/modules/home/common/yubikey.nix index 61224f1..40c52cd 100644 --- a/modules/home/common/yubikey.nix +++ b/modules/home/common/yubikey.nix @@ -1,4 +1,4 @@ -{ lib, config, nixosConfig, ... }: +{ lib, config, nixosConfig ? config, ... }: let inherit (config.swarselsystems) homeDir; in diff --git a/modules/home/optional/work.nix b/modules/home/optional/work.nix index 0de809b..7c88a65 100644 --- a/modules/home/optional/work.nix +++ b/modules/home/optional/work.nix @@ -1,4 +1,4 @@ -{ self, config, pkgs, lib, nixosConfig, ... }: +{ self, config, pkgs, lib, nixosConfig ? config, ... }: let inherit (config.swarselsystems) homeDir; in diff --git a/modules/nixos/common/home-manager.nix b/modules/nixos/common/home-manager.nix index f4aeb3b..2c1dcf1 100644 --- a/modules/nixos/common/home-manager.nix +++ b/modules/nixos/common/home-manager.nix @@ -19,8 +19,6 @@ minimal = lib.mkIf minimal true; }; } - # "${self}/modules/nixos/common/pii.nix" - # "${self}/modules/nixos/common/meta.nix" ]; # node = { # secretsDir = if (!config.swarselsystems.isNixos) then ../../../hosts/home/${configName}/secrets else ../../../hosts/nixos/${configName}/secrets; From 1468f3d0fc4aa49a940e7b92dc30bfa1589caf1a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leon=20Schwarz=C3=A4ugl?= Date: Thu, 17 Jul 2025 21:50:14 +0200 Subject: [PATCH 03/16] chore: flake cleanup --- SwarselSystems.org | 370 ++++++++++-------------- flake.lock | 6 +- hosts/nixos/bakery/default.nix | 46 ++- hosts/nixos/chaostheatre/default.nix | 41 +-- hosts/nixos/milkywell/default.nix | 37 +-- hosts/nixos/moonside/default.nix | 33 +-- hosts/nixos/toto/default.nix | 50 ++-- hosts/nixos/winters/default.nix | 32 +- justfile | 2 +- modules/nixos/common/home-manager.nix | 2 +- modules/nixos/common/users.nix | 4 +- modules/nixos/optional/work.nix | 3 + nix/hosts.nix | 5 +- profiles/nixos/chaostheatre/default.nix | 4 +- profiles/nixos/framework/default.nix | 4 +- profiles/nixos/personal/default.nix | 4 +- profiles/nixos/reduced/default.nix | 5 + profiles/nixos/work/default.nix | 4 +- secrets/repo/pii.nix.enc | 6 +- 19 files changed, 267 insertions(+), 391 deletions(-) diff --git a/SwarselSystems.org b/SwarselSystems.org index 3a73652..6077782 100644 --- a/SwarselSystems.org +++ b/SwarselSystems.org @@ -840,9 +840,12 @@ The rest of the outputs either define or help define the actual configurations: }; swarselprofiles = { - minimal = lib.mkIf minimal true; + minimal = lib.mkIf minimal (lib.mkDefault true); }; + swarselsystems = { + mainUser = lib.mkDefault "swarsel"; + }; } ]; }; @@ -2028,13 +2031,7 @@ My personal laptop. { self, config, inputs, lib, minimal, ... }: let primaryUser = config.swarselsystems.mainUser; - sharedOptions = { - isLaptop = true; - isNixos = true; - isBtrfs = true; - isLinux = true; - sharescreen = "eDP-1"; - }; + sharedOptions = { }; in { @@ -2046,14 +2043,20 @@ My personal laptop. ]; - swarselprofiles = { - reduced = lib.mkIf (!minimal) true; - minimal = lib.mkIf minimal true; - btrfs = true; - }; + swarselprofiles = { + reduced = lib.mkIf (!minimal) true; + btrfs = true; + }; swarselsystems = lib.recursiveUpdate { + isLaptop = true; + isNixos = true; + isBtrfs = true; + isLinux = true; + lowResolution = "1280x800"; + highResolution = "1920x1080"; + sharescreen = "eDP-1"; info = "Lenovo ThinkPad"; firewall = lib.mkForce true; wallpaper = self + /files/wallpaper/lenovowp.png; @@ -2070,27 +2073,19 @@ My personal laptop. sharedOptions; home-manager.users."${primaryUser}" = { - swarselprofiles = { - reduced = lib.mkIf (!minimal) true; - minimal = lib.mkIf minimal true; - }; # home.stateVersion = lib.mkForce "23.05"; - swarselsystems = lib.recursiveUpdate - { - lowResolution = "1280x800"; - highResolution = "1920x1080"; - monitors = { - main = { - name = "LG Display 0x04EF Unknown"; - mode = "1920x1080"; # TEMPLATE - scale = "1"; - position = "1920,0"; - workspace = "15:L"; - output = "eDP-1"; - }; + swarselsystems = { + monitors = { + main = { + name = "LG Display 0x04EF Unknown"; + mode = "1920x1080"; # TEMPLATE + scale = "1"; + position = "1920,0"; + workspace = "15:L"; + output = "eDP-1"; }; - } - sharedOptions; + }; + }; }; } @@ -2270,15 +2265,7 @@ This is my main server that I run at home. It handles most tasks that require bi :CUSTOM_ID: h:8ad68406-4a75-45ba-97ad-4c310b921124 :END: #+begin_src nix-ts :tangle hosts/nixos/winters/default.nix - { lib, config, ... }: - let - primaryUser = config.swarselsystems.mainUser; - sharedOptions = { - isBtrfs = false; - isLinux = true; - isNixos = true; - }; - in + { config, ... }: { imports = [ @@ -2299,24 +2286,20 @@ This is my main server that I run at home. It handles most tasks that require bi }; - swarselprofiles = { - server.local = true; - }; - swarselsystems = lib.recursiveUpdate - { - info = "ASRock J4105-ITX, 32GB RAM"; - isImpermanence = false; - isSecureBoot = true; - isCrypted = true; - } - sharedOptions; - - home-manager.users."${primaryUser}" = { - home.stateVersion = lib.mkForce "23.05"; - swarselsystems = lib.recursiveUpdate - { } - sharedOptions; + swarselprofiles = { + server.local = true; }; + + swarselsystems = { + info = "ASRock J4105-ITX, 32GB RAM"; + isImpermanence = false; + isSecureBoot = true; + isCrypted = true; + isBtrfs = false; + isLinux = true; + isNixos = true; + }; + } @@ -2492,15 +2475,7 @@ This machine mainly acts as an external sync helper. It manages the following th :END: #+begin_src nix-ts :tangle hosts/nixos/milkywell/default.nix - { lib, config, minimal, ... }: - let - primaryUser = config.swarselsystems.mainUser; - sharedOptions = { - isBtrfs = true; - isLinux = true; - isNixos = true; - }; - in + { lib, minimal, ... }: { imports = [ ./hardware-configuration.nix @@ -2525,24 +2500,19 @@ This machine mainly acts as an external sync helper. It manages the following th swarselprofiles = { minimal = lib.mkIf minimal true; - server.syncserver = true; + server.syncserver = true; }; - swarselsystems = lib.recursiveUpdate - { - info = "VM.Standard.E2.1.Micro"; - isImpermanence = true; - isSecureBoot = false; - isCrypted = true; - isSwap = true; - rootDisk = "/dev/sda"; - swapSize = "4G"; - } - sharedOptions; - - home-manager.users."${primaryUser}" = { - swarselsystems = lib.recursiveUpdate - { } - sharedOptions; + swarselsystems = { + info = "VM.Standard.E2.1.Micro"; + isImpermanence = true; + isSecureBoot = false; + isCrypted = true; + isSwap = true; + rootDisk = "/dev/sda"; + swapSize = "4G"; + isBtrfs = true; + isLinux = true; + isNixos = true; }; } @@ -2696,17 +2666,10 @@ This machine mainly acts as an external sync helper. It manages the following th #+begin_src nix-ts :tangle hosts/nixos/moonside/default.nix { lib, config, globals, ... }: let - primaryUser = config.swarselsystems.mainUser; inherit (config.repo.secrets.common) workHostName; inherit (config.repo.secrets.local.syncthing) dev1 dev2 dev3 loc1; inherit (config.swarselsystems) sopsFile; serviceDomain = config.repo.secrets.common.services.domains.syncthing3; - - sharedOptions = { - isBtrfs = true; - isNixos = true; - isLinux = true; - }; in { imports = [ @@ -2905,27 +2868,21 @@ This machine mainly acts as an external sync helper. It manages the following th }; }; - swarselprofiles = { - server.moonside = true; - }; - swarselsystems = lib.recursiveUpdate - { - info = "VM.Standard.A1.Flex, 4 OCPUs, 24GB RAM"; - isImpermanence = true; - isSecureBoot = false; - isCrypted = false; - isSwap = false; - rootDisk = "/dev/sda"; - } - sharedOptions; - - home-manager.users."${primaryUser}" = { - home.stateVersion = lib.mkForce "23.11"; - swarselsystems = lib.recursiveUpdate - { } - sharedOptions; + swarselprofiles = { + server.moonside = true; }; + swarselsystems = { + info = "VM.Standard.A1.Flex, 4 OCPUs, 24GB RAM"; + isImpermanence = true; + isSecureBoot = false; + isCrypted = false; + isSwap = false; + rootDisk = "/dev/sda"; + isBtrfs = true; + isNixos = true; + isLinux = true; + }; } #+end_src @@ -3100,14 +3057,7 @@ This is a slim setup for developing base configuration. I do not track the hardw :CUSTOM_ID: h:4e53b40b-98b2-4615-b1b0-3696a75edd6e :END: #+begin_src nix-ts :tangle hosts/nixos/toto/default.nix - { self, config, lib, minimal, ... }: - let - primaryUser = config.swarselsystems.mainUser; - sharedOptions = { - isBtrfs = true; - isLinux = true; - }; - in + { self, lib, minimal, ... }: { imports = [ @@ -3115,42 +3065,33 @@ This is a slim setup for developing base configuration. I do not track the hardw ./hardware-configuration.nix ]; - - networking = { hostName = "toto"; firewall.enable = false; }; - swarselprofiles = { - toto = lib.mkIf (!minimal) true; - minimal = lib.mkIf minimal true; - btrfs = true; - }; - swarselsystems = lib.recursiveUpdate - { - info = "~SwarselSystems~ remote install helper"; - wallpaper = self + /files/wallpaper/lenovowp.png; - isImpermanence = true; - isCrypted = true; - isSecureBoot = false; - isSwap = true; - swapSize = "2G"; - # rootDisk = "/dev/nvme0n1"; - rootDisk = "/dev/vda"; - # rootDisk = "/dev/vda"; - } - sharedOptions; - - home-manager.users.${primaryUser} = { - home.stateVersion = lib.mkForce "23.05"; - swarselsystems = lib.recursiveUpdate - { - isLaptop = false; - isNixos = true; - } - sharedOptions; + swarselprofiles = { + toto = lib.mkIf (!minimal) true; + btrfs = true; }; + + swarselsystems = { + info = "~SwarselSystems~ remote install helper"; + wallpaper = self + /files/wallpaper/lenovowp.png; + isImpermanence = true; + isCrypted = true; + isSecureBoot = false; + isSwap = true; + swapSize = "2G"; + # rootDisk = "/dev/nvme0n1"; + rootDisk = "/dev/vda"; + # rootDisk = "/dev/vda"; + isBtrfs = true; + isLinux = true; + isLaptop = false; + isNixos = true; + }; + } @@ -3537,67 +3478,56 @@ I also set the =WLR_RENDERER_ALLOW_SOFTWARE=1= to allow this configuration to ru { self, config, pkgs, lib, minimal, ... }: let mainUser = "demo"; - sharedOptions = { - inherit mainUser; + in + { + + imports = [ + ./hardware-configuration.nix + ./disk-config.nix + { + _module.args.diskDevice = config.swarselsystems.rootDisk; + } + ]; + + environment.variables = { + WLR_RENDERER_ALLOW_SOFTWARE = 1; + }; + + services.qemuGuest.enable = true; + + boot = { + loader.systemd-boot.enable = lib.mkForce true; + loader.efi.canTouchEfiVariables = true; + kernelPackages = lib.mkDefault pkgs.linuxPackages_latest; + }; + + networking = { + hostName = "chaostheatre"; + firewall.enable = true; + }; + + swarselprofiles = { + chaostheatre = lib.mkIf (!minimal) true; + minimal = lib.mkIf minimal true; + btrfs = true; + }; + swarselsystems = { + info = "~SwarselSystems~ demo host"; + wallpaper = self + /files/wallpaper/lenovowp.png; + isImpermanence = true; + isCrypted = true; + isSecureBoot = false; + isSwap = true; + swapSize = "4G"; + rootDisk = "/dev/vda"; isBtrfs = false; + inherit mainUser; isLinux = true; isPublic = true; + isNixos = true; }; - in - { - imports = [ - ./hardware-configuration.nix - ./disk-config.nix - { - _module.args.diskDevice = config.swarselsystems.rootDisk; - } - ]; - - environment.variables = { - WLR_RENDERER_ALLOW_SOFTWARE = 1; - }; - - services.qemuGuest.enable = true; - - boot = { - loader.systemd-boot.enable = lib.mkForce true; - loader.efi.canTouchEfiVariables = true; - kernelPackages = lib.mkDefault pkgs.linuxPackages_latest; - }; - - networking = { - hostName = "chaostheatre"; - firewall.enable = true; - }; - - swarselprofiles = { - chaostheatre = lib.mkIf (!minimal) true; - minimal = lib.mkIf minimal true; - btrfs = true; - }; - swarselsystems = lib.recursiveUpdate - { - info = "~SwarselSystems~ demo host"; - wallpaper = self + /files/wallpaper/lenovowp.png; - isImpermanence = true; - isCrypted = true; - isSecureBoot = false; - isSwap = true; - swapSize = "4G"; - rootDisk = "/dev/vda"; - } - sharedOptions; - - home-manager.users.${mainUser} = { - home.stateVersion = lib.mkForce "23.05"; - swarselsystems = lib.recursiveUpdate - { - isNixos = true; - } - sharedOptions; - }; - } + } #+end_src @@ -4158,7 +4088,7 @@ We enable the use of =home-manager= as a NixoS module. A nice trick here is the useGlobalPkgs = true; useUserPackages = true; verbose = true; - users.swarsel.imports = [ + users.${config.swarselsystems.mainUser}.imports = [ inputs.nix-index-database.hmModules.nix-index inputs.sops-nix.homeManagerModules.sops # inputs.stylix.homeModules.stylix @@ -4209,8 +4139,8 @@ For that reason, make sure that =sops-nix= is properly working before finishing users."${config.swarselsystems.mainUser}" = { isNormalUser = true; description = "Leon S"; - password = lib.mkIf minimal "setup"; - hashedPasswordFile = lib.mkIf (!minimal) config.sops.secrets.main-user-hashed-pw.path; + password = lib.mkIf (minimal || config.swarselsystems.isPublic) "setup"; + hashedPasswordFile = lib.mkIf (!minimal && !config.swarselsystems.isPublic) config.sops.secrets.main-user-hashed-pw.path; extraGroups = [ "wheel" ] ++ lib.optionals (!minimal) [ "networkmanager" "syncthing" "docker" "lp" "audio" "video" "vboxusers" "libvirtd" "scanner" ]; packages = with pkgs; [ ]; }; @@ -10273,6 +10203,9 @@ Options that I need specifically at work. There are more options at [[#h:f0b2ea9 spice-protocol win-virtio win-spice + + powershell + gh ]; @@ -16123,7 +16056,7 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a :END: #+begin_src nix-ts :tangle profiles/nixos/personal/default.nix :mkdirp yes - { lib, config, minimal, ... }: + { lib, config, ... }: { options.swarselprofiles.personal = lib.mkEnableOption "is this a personal host"; config = lib.mkIf config.swarselprofiles.personal { @@ -16182,7 +16115,7 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a }; home-manager.users."${config.swarselsystems.mainUser}" = { swarselprofiles = { - personal = lib.mkIf (!minimal) true; + personal = lib.mkDefault true; }; }; @@ -16249,6 +16182,11 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a ssh = lib.mkDefault true; }; }; + home-manager.users."${config.swarselsystems.mainUser}" = { + swarselprofiles = { + personal = lib.mkDefault true; + }; + }; }; @@ -16308,6 +16246,7 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a home-manager = lib.mkDefault true; xserver = lib.mkDefault true; users = lib.mkDefault true; + sops = lib.mkDefault true; env = lib.mkDefault true; security = lib.mkDefault true; systemdTimeout = lib.mkDefault true; @@ -16316,7 +16255,6 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a pipewire = lib.mkDefault true; network = lib.mkDefault true; time = lib.mkDefault true; - sops = lib.mkDefault false; stylix = lib.mkDefault true; programs = lib.mkDefault true; zsh = lib.mkDefault true; @@ -16327,7 +16265,7 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a interceptionTools = lib.mkDefault true; swayosd = lib.mkDefault true; ppd = lib.mkDefault true; - yubikey = lib.mkDefault true; + yubikey = lib.mkDefault false; ledger = lib.mkDefault true; keyboards = lib.mkDefault true; login = lib.mkDefault true; @@ -16389,7 +16327,7 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a :END: #+begin_src nix-ts :tangle profiles/nixos/work/default.nix :mkdirp yes - { lib, config, minimal, ... }: + { lib, config, ... }: { options.swarselprofiles.work = lib.mkEnableOption "is this a work host"; config = lib.mkIf config.swarselprofiles.work { @@ -16400,7 +16338,7 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a }; home-manager.users."${config.swarselsystems.mainUser}" = { swarselprofiles = { - work = lib.mkIf (!minimal) true; + work = lib.mkDefault true; }; }; @@ -16416,7 +16354,7 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a :END: #+begin_src nix-ts :tangle profiles/nixos/framework/default.nix :mkdirp yes - { lib, config, minimal, ... }: + { lib, config, ... }: { options.swarselprofiles.framework = lib.mkEnableOption "is this a framework brand host"; config = lib.mkIf config.swarselprofiles.framework { @@ -16427,7 +16365,7 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a }; home-manager.users."${config.swarselsystems.mainUser}" = { swarselprofiles = { - framework = lib.mkIf (!minimal) true; + framework = lib.mkDefault true; }; }; @@ -20847,7 +20785,7 @@ This file defines a few workflows that I often need to run when working on my co sudo dd if=$(eza --sort changed {{ISO}} | tail -n1) of={{DRIVE}} bs=4M status=progress oflag=sync sync USER HOST: - rsync -av --filter=':- .gitignore' -e "ssh -l {{USER}}" . {{USER}}@{{HOST}}:.dotfiles/ + rsync -rltv --filter=':- .gitignore' -e "ssh -l {{USER}}" . {{USER}}@{{HOST}}:.dotfiles/ #+end_src ** aspell.conf diff --git a/flake.lock b/flake.lock index f3e8274..793d23f 100644 --- a/flake.lock +++ b/flake.lock @@ -1618,11 +1618,11 @@ }, "nixpkgs-dev": { "locked": { - "lastModified": 1752440522, - "narHash": "sha256-CInQkEG3f8XwIBQxYFhuFCT+T++JPstThfifAMD0yRk=", + "lastModified": 1752736260, + "narHash": "sha256-90Gt98hmw/20aOAd7KaSW6otXu7MOBctRmI9RlXD/s0=", "owner": "Swarsel", "repo": "nixpkgs", - "rev": "1f569e3bd49502cb4ec312214662d93619cf2c54", + "rev": "169c3483f7c06fbb58c9346e4d9d112c8aa7827e", "type": "github" }, "original": { diff --git a/hosts/nixos/bakery/default.nix b/hosts/nixos/bakery/default.nix index b130252..344ac42 100644 --- a/hosts/nixos/bakery/default.nix +++ b/hosts/nixos/bakery/default.nix @@ -1,13 +1,7 @@ { self, config, inputs, lib, minimal, ... }: let primaryUser = config.swarselsystems.mainUser; - sharedOptions = { - isLaptop = true; - isNixos = true; - isBtrfs = true; - isLinux = true; - sharescreen = "eDP-1"; - }; + sharedOptions = { }; in { @@ -21,12 +15,18 @@ in swarselprofiles = { reduced = lib.mkIf (!minimal) true; - minimal = lib.mkIf minimal true; btrfs = true; }; swarselsystems = lib.recursiveUpdate { + isLaptop = true; + isNixos = true; + isBtrfs = true; + isLinux = true; + lowResolution = "1280x800"; + highResolution = "1920x1080"; + sharescreen = "eDP-1"; info = "Lenovo ThinkPad"; firewall = lib.mkForce true; wallpaper = self + /files/wallpaper/lenovowp.png; @@ -43,26 +43,18 @@ in sharedOptions; home-manager.users."${primaryUser}" = { - swarselprofiles = { - reduced = lib.mkIf (!minimal) true; - minimal = lib.mkIf minimal true; - }; # home.stateVersion = lib.mkForce "23.05"; - swarselsystems = lib.recursiveUpdate - { - lowResolution = "1280x800"; - highResolution = "1920x1080"; - monitors = { - main = { - name = "LG Display 0x04EF Unknown"; - mode = "1920x1080"; # TEMPLATE - scale = "1"; - position = "1920,0"; - workspace = "15:L"; - output = "eDP-1"; - }; + swarselsystems = { + monitors = { + main = { + name = "LG Display 0x04EF Unknown"; + mode = "1920x1080"; # TEMPLATE + scale = "1"; + position = "1920,0"; + workspace = "15:L"; + output = "eDP-1"; }; - } - sharedOptions; + }; + }; }; } diff --git a/hosts/nixos/chaostheatre/default.nix b/hosts/nixos/chaostheatre/default.nix index a15954b..cf1ebb7 100644 --- a/hosts/nixos/chaostheatre/default.nix +++ b/hosts/nixos/chaostheatre/default.nix @@ -1,12 +1,6 @@ { self, config, pkgs, lib, minimal, ... }: let mainUser = "demo"; - sharedOptions = { - inherit mainUser; - isBtrfs = false; - isLinux = true; - isPublic = true; - }; in { @@ -40,25 +34,20 @@ in minimal = lib.mkIf minimal true; btrfs = true; }; - swarselsystems = lib.recursiveUpdate - { - info = "~SwarselSystems~ demo host"; - wallpaper = self + /files/wallpaper/lenovowp.png; - isImpermanence = true; - isCrypted = true; - isSecureBoot = false; - isSwap = true; - swapSize = "4G"; - rootDisk = "/dev/vda"; - } - sharedOptions; - - home-manager.users.${mainUser} = { - home.stateVersion = lib.mkForce "23.05"; - swarselsystems = lib.recursiveUpdate - { - isNixos = true; - } - sharedOptions; + swarselsystems = { + info = "~SwarselSystems~ demo host"; + wallpaper = self + /files/wallpaper/lenovowp.png; + isImpermanence = true; + isCrypted = true; + isSecureBoot = false; + isSwap = true; + swapSize = "4G"; + rootDisk = "/dev/vda"; + isBtrfs = false; + inherit mainUser; + isLinux = true; + isPublic = true; + isNixos = true; }; + } diff --git a/hosts/nixos/milkywell/default.nix b/hosts/nixos/milkywell/default.nix index 21733d5..1bc4e35 100644 --- a/hosts/nixos/milkywell/default.nix +++ b/hosts/nixos/milkywell/default.nix @@ -1,12 +1,4 @@ -{ lib, config, minimal, ... }: -let - primaryUser = config.swarselsystems.mainUser; - sharedOptions = { - isBtrfs = true; - isLinux = true; - isNixos = true; - }; -in +{ lib, minimal, ... }: { imports = [ ./hardware-configuration.nix @@ -33,22 +25,17 @@ in minimal = lib.mkIf minimal true; server.syncserver = true; }; - swarselsystems = lib.recursiveUpdate - { - info = "VM.Standard.E2.1.Micro"; - isImpermanence = true; - isSecureBoot = false; - isCrypted = true; - isSwap = true; - rootDisk = "/dev/sda"; - swapSize = "4G"; - } - sharedOptions; - - home-manager.users."${primaryUser}" = { - swarselsystems = lib.recursiveUpdate - { } - sharedOptions; + swarselsystems = { + info = "VM.Standard.E2.1.Micro"; + isImpermanence = true; + isSecureBoot = false; + isCrypted = true; + isSwap = true; + rootDisk = "/dev/sda"; + swapSize = "4G"; + isBtrfs = true; + isLinux = true; + isNixos = true; }; } diff --git a/hosts/nixos/moonside/default.nix b/hosts/nixos/moonside/default.nix index ed18302..58e6284 100644 --- a/hosts/nixos/moonside/default.nix +++ b/hosts/nixos/moonside/default.nix @@ -1,16 +1,9 @@ { lib, config, globals, ... }: let - primaryUser = config.swarselsystems.mainUser; inherit (config.repo.secrets.common) workHostName; inherit (config.repo.secrets.local.syncthing) dev1 dev2 dev3 loc1; inherit (config.swarselsystems) sopsFile; serviceDomain = config.repo.secrets.common.services.domains.syncthing3; - - sharedOptions = { - isBtrfs = true; - isNixos = true; - isLinux = true; - }; in { imports = [ @@ -212,22 +205,16 @@ in swarselprofiles = { server.moonside = true; }; - swarselsystems = lib.recursiveUpdate - { - info = "VM.Standard.A1.Flex, 4 OCPUs, 24GB RAM"; - isImpermanence = true; - isSecureBoot = false; - isCrypted = false; - isSwap = false; - rootDisk = "/dev/sda"; - } - sharedOptions; - home-manager.users."${primaryUser}" = { - home.stateVersion = lib.mkForce "23.11"; - swarselsystems = lib.recursiveUpdate - { } - sharedOptions; + swarselsystems = { + info = "VM.Standard.A1.Flex, 4 OCPUs, 24GB RAM"; + isImpermanence = true; + isSecureBoot = false; + isCrypted = false; + isSwap = false; + rootDisk = "/dev/sda"; + isBtrfs = true; + isNixos = true; + isLinux = true; }; - } diff --git a/hosts/nixos/toto/default.nix b/hosts/nixos/toto/default.nix index 9522528..dee2083 100644 --- a/hosts/nixos/toto/default.nix +++ b/hosts/nixos/toto/default.nix @@ -1,11 +1,4 @@ -{ self, config, lib, minimal, ... }: -let - primaryUser = config.swarselsystems.mainUser; - sharedOptions = { - isBtrfs = true; - isLinux = true; - }; -in +{ self, lib, minimal, ... }: { imports = [ @@ -13,8 +6,6 @@ in ./hardware-configuration.nix ]; - - networking = { hostName = "toto"; firewall.enable = false; @@ -22,31 +13,24 @@ in swarselprofiles = { toto = lib.mkIf (!minimal) true; - minimal = lib.mkIf minimal true; btrfs = true; }; - swarselsystems = lib.recursiveUpdate - { - info = "~SwarselSystems~ remote install helper"; - wallpaper = self + /files/wallpaper/lenovowp.png; - isImpermanence = true; - isCrypted = true; - isSecureBoot = false; - isSwap = true; - swapSize = "2G"; - # rootDisk = "/dev/nvme0n1"; - rootDisk = "/dev/vda"; - # rootDisk = "/dev/vda"; - } - sharedOptions; - home-manager.users.${primaryUser} = { - home.stateVersion = lib.mkForce "23.05"; - swarselsystems = lib.recursiveUpdate - { - isLaptop = false; - isNixos = true; - } - sharedOptions; + swarselsystems = { + info = "~SwarselSystems~ remote install helper"; + wallpaper = self + /files/wallpaper/lenovowp.png; + isImpermanence = true; + isCrypted = true; + isSecureBoot = false; + isSwap = true; + swapSize = "2G"; + # rootDisk = "/dev/nvme0n1"; + rootDisk = "/dev/vda"; + # rootDisk = "/dev/vda"; + isBtrfs = true; + isLinux = true; + isLaptop = false; + isNixos = true; }; + } diff --git a/hosts/nixos/winters/default.nix b/hosts/nixos/winters/default.nix index c0b71d4..9e872ff 100644 --- a/hosts/nixos/winters/default.nix +++ b/hosts/nixos/winters/default.nix @@ -1,12 +1,4 @@ -{ lib, config, ... }: -let - primaryUser = config.swarselsystems.mainUser; - sharedOptions = { - isBtrfs = false; - isLinux = true; - isNixos = true; - }; -in +{ config, ... }: { imports = [ @@ -30,19 +22,15 @@ in swarselprofiles = { server.local = true; }; - swarselsystems = lib.recursiveUpdate - { - info = "ASRock J4105-ITX, 32GB RAM"; - isImpermanence = false; - isSecureBoot = true; - isCrypted = true; - } - sharedOptions; - home-manager.users."${primaryUser}" = { - home.stateVersion = lib.mkForce "23.05"; - swarselsystems = lib.recursiveUpdate - { } - sharedOptions; + swarselsystems = { + info = "ASRock J4105-ITX, 32GB RAM"; + isImpermanence = false; + isSecureBoot = true; + isCrypted = true; + isBtrfs = false; + isLinux = true; + isNixos = true; }; + } diff --git a/justfile b/justfile index afde561..f2f9f7f 100644 --- a/justfile +++ b/justfile @@ -24,4 +24,4 @@ dd DRIVE ISO: sudo dd if=$(eza --sort changed {{ISO}} | tail -n1) of={{DRIVE}} bs=4M status=progress oflag=sync sync USER HOST: - rsync -av --filter=':- .gitignore' -e "ssh -l {{USER}}" . {{USER}}@{{HOST}}:.dotfiles/ + rsync -rltv --filter=':- .gitignore' -e "ssh -l {{USER}}" . {{USER}}@{{HOST}}:.dotfiles/ diff --git a/modules/nixos/common/home-manager.nix b/modules/nixos/common/home-manager.nix index 2c1dcf1..081b0b8 100644 --- a/modules/nixos/common/home-manager.nix +++ b/modules/nixos/common/home-manager.nix @@ -6,7 +6,7 @@ useGlobalPkgs = true; useUserPackages = true; verbose = true; - users.swarsel.imports = [ + users.${config.swarselsystems.mainUser}.imports = [ inputs.nix-index-database.hmModules.nix-index inputs.sops-nix.homeManagerModules.sops # inputs.stylix.homeModules.stylix diff --git a/modules/nixos/common/users.nix b/modules/nixos/common/users.nix index ceb6268..de19aa6 100644 --- a/modules/nixos/common/users.nix +++ b/modules/nixos/common/users.nix @@ -12,8 +12,8 @@ in users."${config.swarselsystems.mainUser}" = { isNormalUser = true; description = "Leon S"; - password = lib.mkIf minimal "setup"; - hashedPasswordFile = lib.mkIf (!minimal) config.sops.secrets.main-user-hashed-pw.path; + password = lib.mkIf (minimal || config.swarselsystems.isPublic) "setup"; + hashedPasswordFile = lib.mkIf (!minimal && !config.swarselsystems.isPublic) config.sops.secrets.main-user-hashed-pw.path; extraGroups = [ "wheel" ] ++ lib.optionals (!minimal) [ "networkmanager" "syncthing" "docker" "lp" "audio" "video" "vboxusers" "libvirtd" "scanner" ]; packages = with pkgs; [ ]; }; diff --git a/modules/nixos/optional/work.nix b/modules/nixos/optional/work.nix index 1e7058f..402851c 100644 --- a/modules/nixos/optional/work.nix +++ b/modules/nixos/optional/work.nix @@ -208,6 +208,9 @@ in spice-protocol win-virtio win-spice + + powershell + gh ]; diff --git a/nix/hosts.nix b/nix/hosts.nix index 421618a..85aeaf1 100644 --- a/nix/hosts.nix +++ b/nix/hosts.nix @@ -28,9 +28,12 @@ }; swarselprofiles = { - minimal = lib.mkIf minimal true; + minimal = lib.mkIf minimal (lib.mkDefault true); }; + swarselsystems = { + mainUser = lib.mkDefault "swarsel"; + }; } ]; }; diff --git a/profiles/nixos/chaostheatre/default.nix b/profiles/nixos/chaostheatre/default.nix index cedf6d9..093ca97 100644 --- a/profiles/nixos/chaostheatre/default.nix +++ b/profiles/nixos/chaostheatre/default.nix @@ -8,6 +8,7 @@ home-manager = lib.mkDefault true; xserver = lib.mkDefault true; users = lib.mkDefault true; + sops = lib.mkDefault true; env = lib.mkDefault true; security = lib.mkDefault true; systemdTimeout = lib.mkDefault true; @@ -16,7 +17,6 @@ pipewire = lib.mkDefault true; network = lib.mkDefault true; time = lib.mkDefault true; - sops = lib.mkDefault false; stylix = lib.mkDefault true; programs = lib.mkDefault true; zsh = lib.mkDefault true; @@ -27,7 +27,7 @@ interceptionTools = lib.mkDefault true; swayosd = lib.mkDefault true; ppd = lib.mkDefault true; - yubikey = lib.mkDefault true; + yubikey = lib.mkDefault false; ledger = lib.mkDefault true; keyboards = lib.mkDefault true; login = lib.mkDefault true; diff --git a/profiles/nixos/framework/default.nix b/profiles/nixos/framework/default.nix index 32b6b0e..060c3ec 100644 --- a/profiles/nixos/framework/default.nix +++ b/profiles/nixos/framework/default.nix @@ -1,4 +1,4 @@ -{ lib, config, minimal, ... }: +{ lib, config, ... }: { options.swarselprofiles.framework = lib.mkEnableOption "is this a framework brand host"; config = lib.mkIf config.swarselprofiles.framework { @@ -9,7 +9,7 @@ }; home-manager.users."${config.swarselsystems.mainUser}" = { swarselprofiles = { - framework = lib.mkIf (!minimal) true; + framework = lib.mkDefault true; }; }; diff --git a/profiles/nixos/personal/default.nix b/profiles/nixos/personal/default.nix index 27076c8..580f2af 100644 --- a/profiles/nixos/personal/default.nix +++ b/profiles/nixos/personal/default.nix @@ -1,4 +1,4 @@ -{ lib, config, minimal, ... }: +{ lib, config, ... }: { options.swarselprofiles.personal = lib.mkEnableOption "is this a personal host"; config = lib.mkIf config.swarselprofiles.personal { @@ -57,7 +57,7 @@ }; home-manager.users."${config.swarselsystems.mainUser}" = { swarselprofiles = { - personal = lib.mkIf (!minimal) true; + personal = lib.mkDefault true; }; }; diff --git a/profiles/nixos/reduced/default.nix b/profiles/nixos/reduced/default.nix index 7c0f529..0a64002 100644 --- a/profiles/nixos/reduced/default.nix +++ b/profiles/nixos/reduced/default.nix @@ -49,6 +49,11 @@ ssh = lib.mkDefault true; }; }; + home-manager.users."${config.swarselsystems.mainUser}" = { + swarselprofiles = { + personal = lib.mkDefault true; + }; + }; }; diff --git a/profiles/nixos/work/default.nix b/profiles/nixos/work/default.nix index 6ab95d8..0740cc4 100644 --- a/profiles/nixos/work/default.nix +++ b/profiles/nixos/work/default.nix @@ -1,4 +1,4 @@ -{ lib, config, minimal, ... }: +{ lib, config, ... }: { options.swarselprofiles.work = lib.mkEnableOption "is this a work host"; config = lib.mkIf config.swarselprofiles.work { @@ -9,7 +9,7 @@ }; home-manager.users."${config.swarselsystems.mainUser}" = { swarselprofiles = { - work = lib.mkIf (!minimal) true; + work = lib.mkDefault true; }; }; diff --git a/secrets/repo/pii.nix.enc b/secrets/repo/pii.nix.enc index b3c617b..f7b6d86 100644 --- a/secrets/repo/pii.nix.enc +++ b/secrets/repo/pii.nix.enc @@ -1,5 +1,5 @@ { - "data": "ENC[AES256_GCM,data:EF0WWDO7RbeBETTY74hH+dPkI0gxqZwJcciHT687Jj/w4T5MuiVBHd61LPhYsnMmoN//yBzRGgNqHr5Cw5EZiwnK2X2/tobv6f8iD56CLM8wQvtUtmRaqjwirSL2MVJlDuaGkUS2D+6hdzqGnRFRiL9FN0Lt/FLU4mX+Iv4iy+SOfd6gaGjJBq34ZdrL1EU5hdzoRFhQKWRi8GyBq5jhyn7JgTDF2q99Cx5EwuN1NrgKsMhtW0VaYxwL6wnhO/iHO0WIIf+ORXuRVZBLFr6AOAg4nG7JL9HWn+QZ8uUBCzYYryqPcUWZ/2V6e/gVsLCNpfVB0MqGnn8zLYx0ADeBnlKTWID2zp8Mb4Ygxx+2pj6pbVKWj2kPG1pMXH58NxaqSU1ouoh8+uhnGj/VMIvJ7I13eo/rf5ju13Qj9mh5MCFMTh8uBN9M6euGgHgwS41N/GmZIGa01qVDjIc4r0NQjIa5/31IcedTzrVaChjV5RVFJIMD0NmqKv4zkv95Q0+mlee/9SZXirXAfgA4bvUnBR/dTOogC7c2MrANyl/mUAch6UmA0FG5ALC+trlvfY2FYdsbKuL4TWN3CqUCO+bD2Nfeg1y7PK/2xZ5gVNCbIRQy/AdZMWU4NX1N4Hrm+seT9cP6etIu2JjFDg4VIyCCgnFW2O95GOHkBRcVZmBE6Y6ttZ7D+UNSsctXO4duerjMd1Hf2NwaDS0KBNPct2wbCfx5L6iCN4/5KW+vzzy3TPxti1qarZG7jyUeWWAsgn27mKq8v7xbAKIPs6+ebsAH2GB4dY1Bk+cr2mpNychJXJ9G+hfRPuU+7eMhNG/ckFx2Axw1BC6MYaz2zGPQZXayTWVvcbx1Lhx9jqL1QjC2WKc3bxPUKWZy9xhOTS/tGMK8MIWk75s5JnJfhnQ/wMMqXjEsaITSQ1hJhKKVDUTo6FfooZXgFhY7wKpW5gl6hstL9YI+ccZmRtHkyb03ibiOVBni0xzQlpY7vh+DKkOCgl+DcKwAslmhCDFyR9s4ARrQojY5LZtDwPStV/LklU5lcelzHiwUNdirWSd0xN7wobZDLO8U1SrMYkqdwKDNGGObc2G5DqDNtpIxv+bvAr5llth5GmVd0soJdTrORDO8ZfbbDcc145pfva58D4jptvpuTbMnTTtYh3vNHZDxUoTVICUsfA+EMKwNSAog4eQhc/jLdCgLO2AdfL+0bGhAu6mk270IOZOD8ZEXCW/ZC5JwYPXLmictIWGtGjZocV8qMXFJB4LDyLm/49HntW22xcgTEG56VN/Y9YHXDrA2KmjPWNRy9OazPwe4Xqk2CjtwL3be0XuQ/dwwUcd8jh7v765cDrLNWgmwFM2SdmImtyKTeevKPiQOjQgfa2yK5Mmmtw8HpyPkYjdGJSFHm+gco+HaEyl3EfZNB/zQ1vhkWK8Fo70FOZ4tCgi6u+6vuxKPSWz8Vgy4d/fWzF1r+/bite6b4fOQYQu7G0yMVMk2aDGJt5cLTsHLTKy/CNFCc8phBfJXi17u+YVvqyjLuD2QwK0ehF/XIvF5xyog7hWruGaAM1homjATItlLe2Bv6Ag8HXMmcS6CFK5FNKhoLIqiCP1rShzQpYQ94f3kwPFCtXehUSj4WY4XKsYGyFQYiQiqxG7SESXDsmaJKl688e/nsFBGNhJa/AKRflN6XC3ZCtarlG00RNiVjh+lpR8Qx2OFv+u96KumbZ+KDiN9s29AWNBJES0wLoLTZ4NDtIBTV6s5quEEh+R6+m0fLQXjvcnR0uQGtdIf4SDp4Is96oUHEfcmmp48lJD5s8nXT5cKA+ZeHyo7ixh/jiZWhHm2hMWK4+US/wPLoFaeiGGl5jaeV4RSL2uF+lJtfDRHR+4u9PFUro0RWNStHIov21kFkCyxzVQ5hBz2avGgqnoPDbYA31PcPlXXEttWmcEaq7Q+5v0Ttm50UBasS9D/gX+h9AzyP7xljf7i+lqlYjS8Abu8V1wwzPXt9kkYfOUX986QGittxhyKAffyGl/D6hvgv3kuzkzQivskrQLw+3y+My2JHRvIawkUVw2twr6sDY8hsNrvQHVfd6nfIBBsC7ZQO+xF68yjEAA2TwGu3eh3nD3i0G6XcZBHhmlTHM4gtRX4/BD2WM2JxSYlRg7cMtKObICP7cBSE7Mxy6Xatx49Ckp7+sE9H/y/EMCHUc48ayoasLPo8LwdjcZsWp69t9zFO1fdW/HBNCAmhrHwdvNieadPqjzGs7gU8cy/GE/pYXoBrWh2Qr3awMvAmmoshnVsHB8BATVo73FVI3UTkNOkppKhzcOFIULxa4qEI/tgjSGBqVTXdMPEX6WL7OQMm7bkhlUyU3BMcNd8IyxK2p+VsznOOQW8fN0NdZtqi6a8lYQIulX73oqM0p/th2eFl18bxMbkm5agEk+bzFPdAQmRKwExwzWDTxjKIf7jChQ8MYD4a7/i2Qc1qYXZGtkNAF6Yf7Rb7q8ECqkiIcAGDiPDtoncM5Fq4z/hFsPbKEypoZqgnRkMWDOGqQFDr6wpJ2U72CJ7FiZQ2Jhwqz8z/wKpRxI5srbzgRkIo/ZCThvKmFfcjLhZGqmtLk0F1VOzW6xgEh9rzaFEvsrY3lrwiDEN3f6D0XftXLYXw+jdqy9pN9twYsbAbWzYGvLp8vQAz6Q/uiyqYxzQnrUKLJYr5e3RfSEP4g8m97y6EqHx9IsYeT8Yybvnc+qKmh4H1xg0VgLzNDKOKjVP4XUtWJax61VDVzICFO/SX88hbmf6fEgNLO79OmWh8svkS7yYFdi4LxWlxeYQOf+hsfawCpRQ0d4AIvOATRDZK0itOKDU/Nx9wyj9MFSHDwAh9MzEQ3BknCNbo/feOx7pri66eVMNJlOTa7dSTAgQsiP8+weNkCWhJrnxgPlNXxicCkPjLtPWPQZm8gozjuNM3fe+YY4zkwkz7E7tctxq5Zai7Ple5stRUYHTPBOXP6TrUUVJfiElh6PHRhamAZUiMzcrM+qM4tdJjtvRJLR7JucAqZqW2dh6Yq9bfH1LufxvukwR+my5sND3mjz9E+S2YPV3fr2cB7sqQqrtBa+UtC3tywk4aVIJ6hTOiWB+HAGAsRGBNuxVb/oUZIlI7ub8N8Vf/tMPwLyfS49LKwwx4lFTxQRKkvpv/ZARR5PtZVIS3nLh4AORqylM2gIi2Lx2862tJ4SEo4WQy1aukQ==,iv:pEDV2WLEFisblx+XrhuoaNpxtk4Byj+jB/ixhsk3uPQ=,tag:T4xI5g6sIrIobuSuViG5+A==,type:str]", + "data": "ENC[AES256_GCM,data:qxu3uvHbL+/lGIh+ZFZ83Xvr6TWaP12ZnJtgE+d7idFV3/aVXGXoIFzKm7V7KUvHxNjN/1/w1VURBJwRy02dioCuumtxgPYwYRyeO2qjyYo+1oMJljrE0ajqRe0R3JsCapdPcoa91UAO0FqIi7szzA+yd9EHmUcCxEhSjfi0K9JXQfSksrY0ZqgeVf8VqeQ2IaTE4637K+ykNgiBrmifAyyeC/Zu9I3nUq9s9jXZDVf7CXs2UVrDt56gE6x6aMColPJo25f6jKEnvMRzWgzfOp1hwx7Bflq1U7c5icrrsHvQZvrdsgBWOH3EdSWDRUFkoPFfii4lru6uLsvD9e/1zWYOFEzXrucUwWRYskTTGLeYoaDiQzGr9RAO9KdU5UhwyBxYLqstLfxIcIJOK/aoyB0GdQP2LNwz1/5AbxFVtiXEVcY29XwuauiJU5H4xX9bR2DAnNSESkniqHIHDR1juLX59C+byqDj7tdWIvYuNEuFspGebmYG929+nRp/pS9AoqahzhfUrSLHI+IuJc4tI/4S8SrL2y5NQ8u3wV/GuecNVFKc0saX8kd8GU+kcE/TBdP01ZHaR58oDEte9eAxNJPyVP1V4rorI7+3Mw1opIp0xum5KAT5/X0GdBGSZC32Iff3KjhxKnbc/fHvMQOUIidrpc2JiGn8kQV5iyhog9oxXR/BzIV2HVg0z70OagSt1ERYwWmj6RhKwqKqm/kPW+0TsYJegq2rLafFsP11R2KX7Y3BkyZV0Orej3Gs0mj8cj4IdH/kaoM7rQ96Uvx3SRqm76PPpqJDku1LvquaDkqMUmYoBJLUh3VUtnXh01heOrrhWtvnJPgpqZ8JP0HCP4JwYyCByiWTeslk/m9GRWbB8l9ottBX+0E25lZW+OtcdYEUwQna8XIqf7vZGR/nNyLdAmQSuZ+05fV/4iiTEiFvFDhoA4EqZtB5oJPkgn1R3HIMo3EXo3NRnSVTfK35JLUDH9Gt8wDKJw+Joo28rBy270auFnf7B2GtcAnCAEkSeysDMpu6hk8Kl/itlNL+DA33tMnL8AZSBMw4KlT4E+ojz3RkPz31bi2PtV0gzkzkeRSX1R0IUbYmjPseyFc1CmhnulI3R+N2WCl7cEpMpBg1SJfENYytyl83J1Jn8ihMq2oj2Lwq+4R3X3CzAydzIQ7ROazTBeugnf0hTTzUUmMVKJGoPBOtS6/te2kcvL+s3cdNisDlSNYrMNHbAqR8HgnzHqYNXwdrhw5AMTorIA8x8SzXDYLP7kOiN3nw5sUcmQYxfzMwshisy3lOdlil4+HwQJkWVlJIOqrEzB+E1NezszZB/rnpohHUVOqlAyttHZDII9SAU1+vD7yP2ZNYqozqPSS1eJn3Vxhuv2kTtrK82noGv4txa6kMhoxUJ3evwk2ILGEGCnNHaMcMRWGtVtRrKV9AasBSjUnrB5+NEqVaTZDaGTZyJKNba+lG5pA5hZzlb608QyTl8nW7HMD1NP/X93zbjjsb0uyQf5EybPmqXd3AY0zupOi9Ibovqr5v1V7XKoGeaAEKmYOCOrRO19+u0kQQRvgEDmwpoglolusAzR8BDdnXFik2sKIiHinBvtn11EVlwaiJoNSSZd1f1KdImWDGgv2QaZeUVXJTumNcWJC6HJ26e4iS+vUXSizVuyAwMgATpIDcG2RMEhnjHRcAyZ9QdP8O5daahat+MvTJeEjNChRvZN07pjYZ6ZbELR4WECGsEcztOd3EgB/XRxOP11UAjC5EfkG247h0ECS4pecRa+oDPsqv5rmvx9A49DnRF64E13JzMuHjF1ysxSfL/HeEiXXIVHYxuyAwJmjCd8XE0cJ9IJgZ0XYBmz5QcXEtbrllRebuUbspNQH1EFRnXKeOYrWO7ig+AmAUKNeaRPg8+7et0+xWZOlSqjzoSmywm7Zmc1GdRdDt0DEQon4591R2aaUW8ui7Spl1dn2mX0l0LwZRgrZoYBaydvf6Wpd/YtLVFfbrFI4gxY4+vCdOptx15//+zqSYWt9Y8UvFeRDlz9nEWnNSr0qBlfjJ3HiqX8ZDM6ZvnjLtyYClUIgKRTHt8Low2xxH+kAzQ9fY8GS7nTWiU2QLr9AASbfU5GdXh/DfYdx96J7Ojwkntc7iNe2+1NcAa4cxkTasyi0BqC2fNQsQrP4AdNGKl7SRt2SHBl7nc0fiCMmJNqoaMyuRHI8pfi0gmX+FLieHFPKWiM6KRaXCK0J5r1jGH5mdQNVJBS5YivBTpaYi17P+pGWxadHnv/n80PpR95DCqX+0DadZwg8/ux4MprXIYOmHOWp0SQz8p4LpXDlG6ZfPprMr1rKkapIdaqCpZVkpYen1F8RYz20RBNi8SnPtn6Ank6+EewNp1ApTFfrdBkY3E6ikLCSl4skd9lnsOFI1VbxCiw0Xg6j45ubn/NXSSnxAdReFcdJWLGV+WBfFqSOa0bBL3xWmcHXgyoqtiRCHrWGO8OwDUuqaZWdd7/qAoMrKcKyPZO43Id7dakPDAtPGqkbRXL6k9gaEEmSw5esPLHC2NjGvzmhR8gIaSqWx1MeepprKSlDkVsYaWyE8wNVTAkwUA2EyW5m0lWjS3fn7wdMvWogdm1gAbFO/ytP4QAtyT6kf5zJ4yJHXb8Mkshr7fugVz4+4VwfPWW+YHHffgMkanLflB7tZv5HjAK+BQSgJk1/M4k8snEz6KhRcoU140k5iS+WAhrHGesH/N+jXhokcfAqgmnjCgAfoYrFalOIahgWaFteutKLu6QMXhTx2g8OXfqQxQgMO2XOWoTg99OkHTNryxwMC13KiSD8jItkNwhubosB3a2p2Ofw3HsRRK1crsRFs9Y3K2pygKpqlkgkPelK9+A+dBISW2ht9d1v/EMkLUW6dwbhTNCVMyZZvfHKt1mIh4k7YQrn+nqW7xPFUZd5P8Dvqag/yuNjiMpeEof2fgavo5lJzw1tVMSQZX3vdIiKlEepNZ8t9WuP5kgjN6nzAxW+ZAgSIRKSmWtdBuVjpuFAKOfw9W6ruqRS1HycwtQicFBJ1Anewq20OwPm2nADN62vnhmNzQF2TuRJJDXLZaQcoG9GvW67IyFdPkroh1Gshhzvu5RKNR7yZrpjOlIMV1+hKdgZzxZkfhihaABeumFWlDWZPDRzqzLHtTKDvkVWPNFHbu1oVKTdMFMGTRdYSLIdMqkMJwkEiLSf58qE8Tuf5tk8L6XFXdT8XejUlajz3vhq4WzN9LjW1zQ==,iv:2AkTWN5WCYjf9DWJGCsmRf3CLA/EMgpLaORWcB2pGvs=,tag:cbwxW35me7T1OZipxdHfvw==,type:str]", "sops": { "age": [ { @@ -27,8 +27,8 @@ "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtU240VjVRZmJ5TGsrclJF\nRXRLbTRCZURtR0Z3d2E2eDNNeGRDODlXVEY4CllTeVFYbDJQWlRSS1RFLzAxSnlM\nZi9NU1c3cWo3YWRLcUJ2U2ZFWFBBVEEKLS0tIGtmZU9qSWdBT3RDeStaaFFDSWtk\ndkUzZXJwZUl4LzVxYXdidmxXRnNnclUKyAMZqCKSY/RQvTR4bbjLaPnGKwdBcHXc\nvtiVSrLdIdzMa6id/J07TJH5UesUmcp0wjU41MDa4aMBLy+cXhuBHA==\n-----END AGE ENCRYPTED FILE-----\n" } ], - "lastmodified": "2025-07-14T02:08:47Z", - "mac": "ENC[AES256_GCM,data:ZT2q2cHleWw+h7JNzWi+UnFo7G72xMMjzkbr4Ixp09xT9jqHjeHRitRveoNyh8jcRSbWxVeYf1fpKEKPEAxqU77NORhD/QBFjQm1iG/UH/xkRNBTQ/kE+yp/6jlkyfJ/m8ulTSbegz2eQkko9HP9qG7+QMcESP6zE7ko8UFPXAY=,iv:AvQDzn9kQYj1cr6K/luFZkv2G1UAQT27cA9/pQMRJl0=,tag:uuH3aZSI644HrJXYR5I7UQ==,type:str]", + "lastmodified": "2025-07-17T19:47:10Z", + "mac": "ENC[AES256_GCM,data:rSJPK8zMaT+VGj92885MrhHf3VPWKChIGeoWAjWYzGS0GNd+ENThrx7SmKSA2GRgcvT52Xap+wZi8Vzzl0wZPyKiM3LwtQ1JDH401m+RJzqYmEmSmNWtBaXijMYzlW82oG6dJxsHPNAiZfV3iIrXfq4mDIs8KEjl/PwiW+5n3Is=,iv:WRFWcPwFD+Al+EsUMDnCKzXLGiH+xQXMa1ZOGMKgDKI=,tag:h9ObzyxKSXhQB84XVGv6Vw==,type:str]", "pgp": [ { "created_at": "2025-06-13T20:13:06Z", From 486f8b77325b094214e887ab8ce4a3f53aafebef Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leon=20Schwarz=C3=A4ugl?= Date: Thu, 17 Jul 2025 21:50:28 +0200 Subject: [PATCH 04/16] feat: add slink --- .github/README.md | 41 +++---- SwarselSystems.org | 141 ++++++++++++++++++++---- hosts/nixos/winters/secrets/pii.nix.enc | 6 +- modules/nixos/server/kanidm.nix | 7 ++ modules/nixos/server/radicale.nix | 2 +- modules/nixos/server/slink.nix | 80 ++++++++++++++ profiles/nixos/moonside/default.nix | 1 + secrets/repo/pii.nix.enc | 6 +- 8 files changed, 236 insertions(+), 48 deletions(-) create mode 100644 modules/nixos/server/slink.nix diff --git a/.github/README.md b/.github/README.md index d5d7313..f31bb06 100644 --- a/.github/README.md +++ b/.github/README.md @@ -121,29 +121,30 @@ Alternatively, to install this from any NixOS live ISO, run `nix run --experimen ### Services -| Topic | Program | -|-----------------------|---------------------------------| -|📖 **Books** | [Kavita](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/kavita.nix) | -|📼 **Videos** | [Jellyfin](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/jellyfin.nix) | -|🎵 **Music** | [Navidrome](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/navidrome.nix) + [Spotifyd](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/spotifyd.nix) + [MPD](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/mpd.nix) | -|🗨️ **Messaging** | [Matrix](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/matrix.nix) | +| Topic | Program | +|-----------------------|---------------------------------------------------------------------------------------------------------------------| +|📖 **Books** | [Kavita](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/kavita.nix) | +|📼 **Videos** | [Jellyfin](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/jellyfin.nix) | +|🎵 **Music** | [Navidrome](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/navidrome.nix) + [Spotifyd](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/spotifyd.nix) + [MPD](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/mpd.nix) | +|🗨️ **Messaging** | [Matrix](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/matrix.nix) | |📁 **Filesharing** | [Nectcloud](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/nextcloud.nix) | -|📷 **Photos** | [Immich](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/immich.nix) | +|🎞️ **Photos** | [Immich](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/immich.nix) | |📄 **Documents** | [Paperless](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/paperless.nix) | |🔄 **File Sync** | [Syncthing](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/syncthing.nix) | -|💾 **Backups** | [Restic](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/restic.nix) | -|👁️ **Monitoring** | [Grafana](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/monitoring.nix) | -|🍴 **RSS** | [FreshRss](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/freshrss.nix) | -|🌳 **Git** | [Forgejo](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/forgejo.nix) | -|⚓ **Anki Sync** | [Anki Sync Server](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/ankisync.nix) | -|🪪 **SSO** | [Kanidm](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/kanidm.nix) + [oauth2-proxy](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/oauth2-proxy.nix) | -|💸 **Finance** | [Firefly-III](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/firefly-iii.nix) | -|🃏 **Collections** | [Koillection](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/koillection.nix) | -|🗃️ **Shell History** | [Atuin](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/atuin.nix) | -|📅 **CalDav/CardDav** | [Radicale](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/radicale.nix) | -|↔️ **P2P Filesharing** | [Croc](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/croc.nix) | -|✂️ **Paste Tool** | [Microbin](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/microbin.nix) | -|🔗 **Link Shortener** | [Shlink](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/shlink.nix) | +|💾 **Backups** | [Restic](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/restic.nix) | +|👁️ **Monitoring** | [Grafana](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/monitoring.nix) | +|🍴 **RSS** | [FreshRss](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/freshrss.nix) | +|🌳 **Git** | [Forgejo](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/forgejo.nix) | +|⚓ **Anki Sync** | [Anki Sync Server](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/ankisync.nix) | +|🪪 **SSO** | [Kanidm](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/kanidm.nix) + [oauth2-proxy](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/oauth2-proxy.nix) | +|💸 **Finance** | [Firefly-III](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/firefly-iii.nix) | +|🃏 **Collections** | [Koillection](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/koillection.nix) | +|🗃️ **Shell History** | [Atuin](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/atuin.nix) | +|📅 **CalDav/CardDav** | [Radicale](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/radicale.nix) | +|↔️ **P2P Filesharing** | [Croc](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/croc.nix) | +|✂️ **Paste Tool** | [Microbin](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/microbin.nix) | +|📸 **Image Sharing** | [Slink](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/slink.nix) | +|🔗 **Link Shortener** | [Shlink](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/shlink.nix) | ### Hosts diff --git a/SwarselSystems.org b/SwarselSystems.org index 6077782..86d4d15 100644 --- a/SwarselSystems.org +++ b/SwarselSystems.org @@ -268,29 +268,30 @@ Here I give a brief overview over the hostmachines that I am using. This is held :END: #+begin_src markdown :tangle no :noweb-ref services - | Topic | Program | - |-----------------------|---------------------------------| - |📖 **Books** | [Kavita](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/kavita.nix) | - |📼 **Videos** | [Jellyfin](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/jellyfin.nix) | - |🎵 **Music** | [Navidrome](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/navidrome.nix) + [Spotifyd](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/spotifyd.nix) + [MPD](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/mpd.nix) | - |🗨️ **Messaging** | [Matrix](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/matrix.nix) | + | Topic | Program | + |-----------------------|---------------------------------------------------------------------------------------------------------------------| + |📖 **Books** | [Kavita](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/kavita.nix) | + |📼 **Videos** | [Jellyfin](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/jellyfin.nix) | + |🎵 **Music** | [Navidrome](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/navidrome.nix) + [Spotifyd](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/spotifyd.nix) + [MPD](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/mpd.nix) | + |🗨️ **Messaging** | [Matrix](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/matrix.nix) | |📁 **Filesharing** | [Nectcloud](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/nextcloud.nix) | - |📷 **Photos** | [Immich](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/immich.nix) | + |🎞️ **Photos** | [Immich](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/immich.nix) | |📄 **Documents** | [Paperless](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/paperless.nix) | |🔄 **File Sync** | [Syncthing](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/syncthing.nix) | - |💾 **Backups** | [Restic](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/restic.nix) | - |👁️ **Monitoring** | [Grafana](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/monitoring.nix) | - |🍴 **RSS** | [FreshRss](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/freshrss.nix) | - |🌳 **Git** | [Forgejo](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/forgejo.nix) | - |⚓ **Anki Sync** | [Anki Sync Server](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/ankisync.nix) | - |🪪 **SSO** | [Kanidm](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/kanidm.nix) + [oauth2-proxy](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/oauth2-proxy.nix) | - |💸 **Finance** | [Firefly-III](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/firefly-iii.nix) | - |🃏 **Collections** | [Koillection](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/koillection.nix) | - |🗃️ **Shell History** | [Atuin](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/atuin.nix) | - |📅 **CalDav/CardDav** | [Radicale](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/radicale.nix) | - |↔️ **P2P Filesharing** | [Croc](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/croc.nix) | - |✂️ **Paste Tool** | [Microbin](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/microbin.nix) | - |🔗 **Link Shortener** | [Shlink](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/shlink.nix) | + |💾 **Backups** | [Restic](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/restic.nix) | + |👁️ **Monitoring** | [Grafana](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/monitoring.nix) | + |🍴 **RSS** | [FreshRss](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/freshrss.nix) | + |🌳 **Git** | [Forgejo](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/forgejo.nix) | + |⚓ **Anki Sync** | [Anki Sync Server](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/ankisync.nix) | + |🪪 **SSO** | [Kanidm](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/kanidm.nix) + [oauth2-proxy](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/oauth2-proxy.nix) | + |💸 **Finance** | [Firefly-III](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/firefly-iii.nix) | + |🃏 **Collections** | [Koillection](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/koillection.nix) | + |🗃️ **Shell History** | [Atuin](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/atuin.nix) | + |📅 **CalDav/CardDav** | [Radicale](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/radicale.nix) | + |↔️ **P2P Filesharing** | [Croc](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/croc.nix) | + |✂️ **Paste Tool** | [Microbin](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/microbin.nix) | + |📸 **Image Sharing** | [Slink](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/slink.nix) | + |🔗 **Link Shortener** | [Shlink](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/shlink.nix) | #+end_src * flake.nix @@ -8522,6 +8523,7 @@ To get other URLs (token, etc.), use https:///oauth2/openid//oauth2/openid//oauth2/openid//oauth2/openid//oauth2/openid/= + - make user admin: =podman exec -it slink slink user:grant:role --email= ROLE_ADMIN= + - finally, disable new user registration in web ui + +#+begin_src nix-ts :tangle modules/nixos/server/slink.nix + { self, lib, config, ... }: + let + servicePort = 3000; + serviceName = "slink"; + serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; + serviceDir = "/var/lib/slink"; + + containerRev = "sha256:98b9442696f0a8cbc92f0447f54fa4bad227af5dcfd6680545fedab2ed28ddd9"; + in + { + options = { + swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; + }; + config = lib.mkIf config.swarselmodules.server.${serviceName} { + + virtualisation.oci-containers.containers.${serviceName} = { + image = "anirdev/slink@${containerRev}"; + environment = { + "ORIGIN" = "https://${serviceDomain}"; + "TZ" = config.repo.secrets.common.location.timezone; + "STORAGE_PROVIDER" = "local"; + "IMAGE_MAX_SIZE" = "50M"; + "USER_APPROVAL_REQUIRED" = "true"; + }; + ports = [ "${builtins.toString servicePort}:${builtins.toString servicePort}" ]; + volumes = [ + "${serviceDir}/var/data:/app/var/data" + "${serviceDir}/images:/app/slink/images" + ]; + }; + + systemd.tmpfiles.rules = [ + "d ${serviceDir}/var/data 0750 root root - -" + "d ${serviceDir}/images 0750 root root - -" + ]; + + networking.firewall.allowedTCPPorts = [ servicePort ]; + + environment.persistence."/persist".directories = lib.mkIf config.swarselsystems.isImpermanence [ + { directory = serviceDir; } + ]; + + topology.self.services.${serviceName} = { + name = lib.swarselsystems.toCapitalized serviceName; + info = "https://${serviceDomain}"; + icon = "${self}/files/topology-images/shlink.png"; + }; + globals.services.${serviceName}.domain = serviceDomain; + + services.nginx = { + upstreams = { + ${serviceName} = { + servers = { + "localhost:${builtins.toString servicePort}" = { }; + }; + }; + }; + virtualHosts = { + "${serviceDomain}" = { + enableACME = true; + forceSSL = true; + acmeRoot = null; + oauth2.enable = true; + oauth2.allowedGroups = [ "slink_access" ]; + locations = { + "/" = { + proxyPass = "http://${serviceName}"; + setOauth2Headers = false; + }; + "/image" = { + proxyPass = "http://${serviceName}"; + setOauth2Headers = false; + bypassAuth = true; + }; + }; + }; + }; + }; + }; + } +#+end_src + *** Darwin :PROPERTIES: :CUSTOM_ID: h:ac0cd8b3-06cf-4dca-ba73-6100c8fedb47 @@ -16579,6 +16677,7 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a croc = lib.mkDefault true; microbin = lib.mkDefault true; shlink = lib.mkDefault true; + slink = lib.mkDefault true; }; }; }; diff --git a/hosts/nixos/winters/secrets/pii.nix.enc b/hosts/nixos/winters/secrets/pii.nix.enc index 0a46cc3..9c0e82b 100644 --- a/hosts/nixos/winters/secrets/pii.nix.enc +++ b/hosts/nixos/winters/secrets/pii.nix.enc @@ -1,5 +1,5 @@ { - "data": "ENC[AES256_GCM,data:XEzKhJ1+iwQZ24wnf7FdThWMwOKEwaYr3ecGjjLpTqx4+kq3W9FWFDSKkHAwo6077tsVTu7NCGZfat/gAylg1xgqAZAHA8/PMQejowAgIPCG7eCQvQfTMepcuWjgc9BAyFYcBjPFmLnvX69LE80Fw0Io1QeKIa6CVJKp4P6eC8OIKeG1fTc3/sWxr+3ZKTzGPKiGCnSMo7qM0/2HlV0bhp8yWFni+2nZ8UlPJluEnmx0bBR0uZ6bdqzLX/fFrmgTd6m30+Zq8pjKVhiHpEQd9m5aU2inCWv4OeNE3EQsLYcnhcVdrcySZ6R4AZ1nlZZedDhf+Ee4AwcIPVsA8HHqlUEY1CayHF5wLpkxralOpt+RFZYJkvupmozP/uYRymoAA6YgJGesr2Oki0wT041nioB9AvpU9xFvfCqbqXXsBvwtvhxpwhEJJOogZENKnjvvoDoLGZlFVPzkfqDANuv5SAJQiWuFLWEdcmQncRlsjwSPOGOnI+r+puHszPOaDsZigF/yuL4rd5a0RkS6dCOfYtCvQBBAMfEAWX13AiKF0Dtz5/ijEEK7iojoMF/B6rnoENs2l0cSljq7TGV0DVRDjFUTiMNbfRxUJUkMuqJFnNzMwz4METmAwgqHn217uvUk2V8UJ5v9k4sapRmogPTfCwhvxGDV1e9AJvL6WXJ2m0ldhKOcQXFiO/+ZtNB1FHJ22ZFcxcSSOSRmEQsB5Yw3zPEjQ7sU93sKRLEPrTEqSSNG75iZ+vZm9iEI2trFhtEOlU98Ury/USC9sjPN/sxGGR5hcRZajY2HUxVTucMheIWJ7mxhxLHg7rz/qWLSqC6TqKwnyv+NdBnrVaLWaRnZGRCgtvN+oJKRjyxCsiDHVoY52cP5SmdXGn3yrVxDuYGrkLf/JOj76Hs/TCSsYptMvKqH4R4vT8SlDnplpcIfd5KTr4sM1n4q4sai1wRc1wlN0EkwK7+otTYcStxtvgUUtW/4jkk+73TdvvR9IkV0PqghKuB6FdAM6qRX1M8AebcXNyZYW9k7sHRVWGk+eMrMe/qX2IAY1WUgdt7hs2Ci9XoJqWKCG17rcKZ/ORu0utrJt+l0H9fZihO8+aYHabsHueiyJTKJvZx9+12r5a6deXShtdpsdQVnMlczWKGKUIdQ7TB12HILGPAvvZkJh0aDq043UU/4dUwyUezi70QnH/Z/GRip68kXH6njBmZRlmmNAFSCHkGxMKxpgssHyXXNEvET/TIVEJeR1vYjqFoGIBrFQV1Bqu2yk3A2pZLBEEbsCQrOuE2CPpfrn5kCUnw2sJOWpnVqyQ+SA4xZ7W1vw7i8aL2ThZlKE3zsriECpOfEaDWv8ME2HsiL42VUmgv+6zm/2hiVK+OayQucBUbY8IC6Yjl2kXB7EPvUsc60V2xOJl40KIAJxa0GNgaRMWkYoFtnVrYbY4yT37UjIAu2fJD725qgkXOJwbFPlX7na86PVVB0MQ==,iv:JSG8DynJg8t7HEDoW7IwYt189P22h4BPMFYsJmo3mcU=,tag:cHoNQBL2DCpntJyhqay54Q==,type:str]", + "data": "ENC[AES256_GCM,data:Ow17QtITRfXk4BJGWb4jw1gX8HRIAdpBDpyGtif3Vb42cCqSWpLaIR1KecbU3OPkGesC/vh2tgmfE/xlm6nUR8kvRDZdhFr7UckeKFiD4hlfHBhGckaCXOiRZ3ACHrHfM/a2CbKDl14xLDMFDervdMRfB/4vjvnn9xvhjepZ1e7+Iopd9agL8r658AMFF3j2tRYZp7l5GLArs+7mUsFfXujkui1Xgh5+TRvYPh3zQ18RWyP4QMYP6HPHgHRH7S6uciUb6Qq1yEytOy3pCJTb+gZaa9xI1azzP7r83b7KeXdukupR+9fNWN52swDHXRugThMrh4kOrBdyaafJ1v2w4FTTPwj6JQvkxT+vMV4+WIclhD/FWtEHtUqsHDFnMzTIQfyTMt42HZKNdQDwp2fwuV1BP0qOUqRnheaTPiyZiZL8I27xDfwp5zfSqxA7KEzLL2uRbIPefdqNFlcte/xL9IkbTux+AmHaIjQeLkiPyMf2wc2NTIabWPk/ILC917vnancdAQuujB38SaWPrKeCEqDKsArvgjnmn47ctBND73G4PszieneCnuq4sNT9QrC81mk/AQv5TFG0i0fvPoXfpO4ul7MgaP+iPodb2CThHKDAwL+Gnq/6+tg+vJbTKxrsixHvYViA9p/ke1YaRFg2R8V7NwRDl68NI2yCaqj3qlS6Sa8Mx7IUQR6aCN4nkpcJs2GLVCEhWKFBsNXXhPa01C/81JGJ6+/zfHuGbY6gGtS7k3cZ9+dfizN29nBlp+A1U+Noxjl9arYOX4gjEnQhvo9Tp/gBCmrvXjoE6ja8XXUv78/Bfnvup52gdNunYRYv3Aj91F0u6fH6UqoWPXVTy6eznV727Pj9H1BPzMEfmf3EPc6Qcg7AR7vKORfH3U0PFXxFMY0kGEJdug5jmLuwUoRR9zOyHOqdS4Tk9BcMT02gRyQf6LZ3drDoqC35L5hop/gfbleUXXODn3cE1mEuAuZ08OSavZ24IHo1aMr50gjn32WSBKkjfC0dobBWzWwykxhu0vZZI3xYJx/59qqsodDGAJAhry5N6vrwM/PK/O73L2QBqkaT50eImIQ4+vpahcvFPRIkHLvQkzxlyH0dafuGyyF2gfig5Rq3vw02pT8z06LjmJ/ehvteyy1BE9CdiUvYHjaBXiWg2n5FvAe5e8EQxUx9+SwfwEpnucuocp7g+d3W3cXJOU6m9JxwvK7LX95MbpKOtdPq11yi35LLb1TikFLdFZyu+SeaNFD3AzQMOSem6Lwc7N7WHC5z3Ah7FvqqnL2J51hDfMLW78A7DCI9GNRVoyVjx++gRr+ftEf8UUAYmkJdT/D898wtLWmBXikY/2e36q3QJV0Hy3fGBjxLmN/Tdz62jgCaXrNdJqJTFZ5h+hjd03GT6utmPwp0D2lBSM0LXsZsql+jI54P8cFdu3S4mNIjHZqV1kmsk0MCCVJKnGODeLQLxJhp287N3+0HJEm4KicGWMchef/YeiLLtD7mz7ov/9OI,iv:KvoTnlj+f+eMsFEZP8F1v0r/xZ4aVBUWmO+zsQCvhS4=,tag:U1ziE2832QfNkP0yjIzBeA==,type:str]", "sops": { "age": [ { @@ -7,8 +7,8 @@ "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyK0w2RjJ5R1l2ay94QXRj\nekJwSlowcFVLc1cvWVFjNEVFUnFocEJHYlNnCnBnUEYvNWdNWE9BTjB5ODRuTlAw\nMUh4QmlTeVVYNHM0S1FwWG5qUG42VDgKLS0tIHh5VlU2dVZmUlRIMDRlVEJmNU55\ncFlXR1BzMkVnMkFWN3BBZWhHalltMlEKibdARxBcFqaXUhYp3KkrrvO9YgaBDacl\n8BEv4ph0f2baDN0dsymJjmdHStwKTjOwDspRtCTs5u75hR35a2xyFQ==\n-----END AGE ENCRYPTED FILE-----\n" } ], - "lastmodified": "2025-07-02T10:26:33Z", - "mac": "ENC[AES256_GCM,data:/rmQKH7up3IcAdyYpdpx6H6gdyiNsnPS6TaozSU0EXxoaods50xC5sf2/quqLaeSRJE/NjKvh+3BWchbFJMQZM4PvSML3XAO8w9t/GqmOwwLJrvnMyulqS5y7BVDJZysmDe9TFNz05UJfZdbvLrH8kyhTHF7ciA8HgJq5JzFiBc=,iv:ORyza5fzjptuq5WD3NA9/OTFbACtzHp5e6kNKT/EaTE=,tag:wsp3Z/ySHVmDC9uRCn30Uw==,type:str]", + "lastmodified": "2025-07-17T20:14:29Z", + "mac": "ENC[AES256_GCM,data:4YP1fp9Mcbx0pvS5l9Xzc5cbhFnBo5GkqyRvcEspNYQ3IW5LIWtPwItwLZH/ymfEkpwIVYOugnB12HJJo9jpudgfUMXtp43ImDUNVHs59qkNhJFmTSoEZMBHQjPtE/jE17OIAZzeA41EAItesrmExV1W8ePy7rTgHQl5BDooWME=,iv:vyZ0BGjMUDeoVMkDw6wLZK3KKIECK5caz/nQB3nXlGs=,tag:GAqKNcSf3Ny/WsB3tYM/og==,type:str]", "pgp": [ { "created_at": "2025-06-11T11:42:23Z", diff --git a/modules/nixos/server/kanidm.nix b/modules/nixos/server/kanidm.nix index 3f90e06..e9b97cb 100644 --- a/modules/nixos/server/kanidm.nix +++ b/modules/nixos/server/kanidm.nix @@ -84,6 +84,7 @@ in "freshrss.access" = { }; "firefly.access" = { }; "radicale.access" = { }; + "slink.access" = { }; }; inherit (config.repo.secrets.local) persons; @@ -204,6 +205,11 @@ in "email" "profile" ]; + "slink.access" = [ + "openid" + "email" + "profile" + ]; }; preferShortUsername = true; claimMaps.groups = { @@ -213,6 +219,7 @@ in "navidrome.access" = [ "navidrome_access" ]; "firefly.access" = [ "firefly_access" ]; "radicale.access" = [ "radicale_access" ]; + "slink.access" = [ "slink_access" ]; }; }; }; diff --git a/modules/nixos/server/radicale.nix b/modules/nixos/server/radicale.nix index c9a1a8e..2917064 100644 --- a/modules/nixos/server/radicale.nix +++ b/modules/nixos/server/radicale.nix @@ -76,7 +76,7 @@ in }; systemd.tmpfiles.rules = [ - "d '${cfg.settings.storage.filesystem_folder}' 0750 ${serviceUser} ${serviceGroup} - -" + "d ${cfg.settings.storage.filesystem_folder} 0750 ${serviceUser} ${serviceGroup} - -" ]; networking.firewall.allowedTCPPorts = [ servicePort ]; diff --git a/modules/nixos/server/slink.nix b/modules/nixos/server/slink.nix new file mode 100644 index 0000000..547a2c7 --- /dev/null +++ b/modules/nixos/server/slink.nix @@ -0,0 +1,80 @@ +{ self, lib, config, ... }: +let + servicePort = 3000; + serviceName = "slink"; + serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; + serviceDir = "/var/lib/slink"; + + containerRev = "sha256:98b9442696f0a8cbc92f0447f54fa4bad227af5dcfd6680545fedab2ed28ddd9"; +in +{ + options = { + swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; + }; + config = lib.mkIf config.swarselmodules.server.${serviceName} { + + virtualisation.oci-containers.containers.${serviceName} = { + image = "anirdev/slink@${containerRev}"; + environment = { + "ORIGIN" = "https://${serviceDomain}"; + "TZ" = config.repo.secrets.common.location.timezone; + "STORAGE_PROVIDER" = "local"; + "IMAGE_MAX_SIZE" = "50M"; + "USER_APPROVAL_REQUIRED" = "true"; + }; + ports = [ "${builtins.toString servicePort}:${builtins.toString servicePort}" ]; + volumes = [ + "${serviceDir}/var/data:/app/var/data" + "${serviceDir}/images:/app/slink/images" + ]; + }; + + systemd.tmpfiles.rules = [ + "d ${serviceDir}/var/data 0750 root root - -" + "d ${serviceDir}/images 0750 root root - -" + ]; + + networking.firewall.allowedTCPPorts = [ servicePort ]; + + environment.persistence."/persist".directories = lib.mkIf config.swarselsystems.isImpermanence [ + { directory = serviceDir; } + ]; + + topology.self.services.${serviceName} = { + name = lib.swarselsystems.toCapitalized serviceName; + info = "https://${serviceDomain}"; + icon = "${self}/files/topology-images/shlink.png"; + }; + globals.services.${serviceName}.domain = serviceDomain; + + services.nginx = { + upstreams = { + ${serviceName} = { + servers = { + "localhost:${builtins.toString servicePort}" = { }; + }; + }; + }; + virtualHosts = { + "${serviceDomain}" = { + enableACME = true; + forceSSL = true; + acmeRoot = null; + oauth2.enable = true; + oauth2.allowedGroups = [ "slink_access" ]; + locations = { + "/" = { + proxyPass = "http://${serviceName}"; + setOauth2Headers = false; + }; + "/image" = { + proxyPass = "http://${serviceName}"; + setOauth2Headers = false; + bypassAuth = true; + }; + }; + }; + }; + }; + }; +} diff --git a/profiles/nixos/moonside/default.nix b/profiles/nixos/moonside/default.nix index 34674fd..e678778 100644 --- a/profiles/nixos/moonside/default.nix +++ b/profiles/nixos/moonside/default.nix @@ -20,6 +20,7 @@ croc = lib.mkDefault true; microbin = lib.mkDefault true; shlink = lib.mkDefault true; + slink = lib.mkDefault true; }; }; }; diff --git a/secrets/repo/pii.nix.enc b/secrets/repo/pii.nix.enc index f7b6d86..0ce9956 100644 --- a/secrets/repo/pii.nix.enc +++ b/secrets/repo/pii.nix.enc @@ -1,5 +1,5 @@ { - "data": "ENC[AES256_GCM,data:qxu3uvHbL+/lGIh+ZFZ83Xvr6TWaP12ZnJtgE+d7idFV3/aVXGXoIFzKm7V7KUvHxNjN/1/w1VURBJwRy02dioCuumtxgPYwYRyeO2qjyYo+1oMJljrE0ajqRe0R3JsCapdPcoa91UAO0FqIi7szzA+yd9EHmUcCxEhSjfi0K9JXQfSksrY0ZqgeVf8VqeQ2IaTE4637K+ykNgiBrmifAyyeC/Zu9I3nUq9s9jXZDVf7CXs2UVrDt56gE6x6aMColPJo25f6jKEnvMRzWgzfOp1hwx7Bflq1U7c5icrrsHvQZvrdsgBWOH3EdSWDRUFkoPFfii4lru6uLsvD9e/1zWYOFEzXrucUwWRYskTTGLeYoaDiQzGr9RAO9KdU5UhwyBxYLqstLfxIcIJOK/aoyB0GdQP2LNwz1/5AbxFVtiXEVcY29XwuauiJU5H4xX9bR2DAnNSESkniqHIHDR1juLX59C+byqDj7tdWIvYuNEuFspGebmYG929+nRp/pS9AoqahzhfUrSLHI+IuJc4tI/4S8SrL2y5NQ8u3wV/GuecNVFKc0saX8kd8GU+kcE/TBdP01ZHaR58oDEte9eAxNJPyVP1V4rorI7+3Mw1opIp0xum5KAT5/X0GdBGSZC32Iff3KjhxKnbc/fHvMQOUIidrpc2JiGn8kQV5iyhog9oxXR/BzIV2HVg0z70OagSt1ERYwWmj6RhKwqKqm/kPW+0TsYJegq2rLafFsP11R2KX7Y3BkyZV0Orej3Gs0mj8cj4IdH/kaoM7rQ96Uvx3SRqm76PPpqJDku1LvquaDkqMUmYoBJLUh3VUtnXh01heOrrhWtvnJPgpqZ8JP0HCP4JwYyCByiWTeslk/m9GRWbB8l9ottBX+0E25lZW+OtcdYEUwQna8XIqf7vZGR/nNyLdAmQSuZ+05fV/4iiTEiFvFDhoA4EqZtB5oJPkgn1R3HIMo3EXo3NRnSVTfK35JLUDH9Gt8wDKJw+Joo28rBy270auFnf7B2GtcAnCAEkSeysDMpu6hk8Kl/itlNL+DA33tMnL8AZSBMw4KlT4E+ojz3RkPz31bi2PtV0gzkzkeRSX1R0IUbYmjPseyFc1CmhnulI3R+N2WCl7cEpMpBg1SJfENYytyl83J1Jn8ihMq2oj2Lwq+4R3X3CzAydzIQ7ROazTBeugnf0hTTzUUmMVKJGoPBOtS6/te2kcvL+s3cdNisDlSNYrMNHbAqR8HgnzHqYNXwdrhw5AMTorIA8x8SzXDYLP7kOiN3nw5sUcmQYxfzMwshisy3lOdlil4+HwQJkWVlJIOqrEzB+E1NezszZB/rnpohHUVOqlAyttHZDII9SAU1+vD7yP2ZNYqozqPSS1eJn3Vxhuv2kTtrK82noGv4txa6kMhoxUJ3evwk2ILGEGCnNHaMcMRWGtVtRrKV9AasBSjUnrB5+NEqVaTZDaGTZyJKNba+lG5pA5hZzlb608QyTl8nW7HMD1NP/X93zbjjsb0uyQf5EybPmqXd3AY0zupOi9Ibovqr5v1V7XKoGeaAEKmYOCOrRO19+u0kQQRvgEDmwpoglolusAzR8BDdnXFik2sKIiHinBvtn11EVlwaiJoNSSZd1f1KdImWDGgv2QaZeUVXJTumNcWJC6HJ26e4iS+vUXSizVuyAwMgATpIDcG2RMEhnjHRcAyZ9QdP8O5daahat+MvTJeEjNChRvZN07pjYZ6ZbELR4WECGsEcztOd3EgB/XRxOP11UAjC5EfkG247h0ECS4pecRa+oDPsqv5rmvx9A49DnRF64E13JzMuHjF1ysxSfL/HeEiXXIVHYxuyAwJmjCd8XE0cJ9IJgZ0XYBmz5QcXEtbrllRebuUbspNQH1EFRnXKeOYrWO7ig+AmAUKNeaRPg8+7et0+xWZOlSqjzoSmywm7Zmc1GdRdDt0DEQon4591R2aaUW8ui7Spl1dn2mX0l0LwZRgrZoYBaydvf6Wpd/YtLVFfbrFI4gxY4+vCdOptx15//+zqSYWt9Y8UvFeRDlz9nEWnNSr0qBlfjJ3HiqX8ZDM6ZvnjLtyYClUIgKRTHt8Low2xxH+kAzQ9fY8GS7nTWiU2QLr9AASbfU5GdXh/DfYdx96J7Ojwkntc7iNe2+1NcAa4cxkTasyi0BqC2fNQsQrP4AdNGKl7SRt2SHBl7nc0fiCMmJNqoaMyuRHI8pfi0gmX+FLieHFPKWiM6KRaXCK0J5r1jGH5mdQNVJBS5YivBTpaYi17P+pGWxadHnv/n80PpR95DCqX+0DadZwg8/ux4MprXIYOmHOWp0SQz8p4LpXDlG6ZfPprMr1rKkapIdaqCpZVkpYen1F8RYz20RBNi8SnPtn6Ank6+EewNp1ApTFfrdBkY3E6ikLCSl4skd9lnsOFI1VbxCiw0Xg6j45ubn/NXSSnxAdReFcdJWLGV+WBfFqSOa0bBL3xWmcHXgyoqtiRCHrWGO8OwDUuqaZWdd7/qAoMrKcKyPZO43Id7dakPDAtPGqkbRXL6k9gaEEmSw5esPLHC2NjGvzmhR8gIaSqWx1MeepprKSlDkVsYaWyE8wNVTAkwUA2EyW5m0lWjS3fn7wdMvWogdm1gAbFO/ytP4QAtyT6kf5zJ4yJHXb8Mkshr7fugVz4+4VwfPWW+YHHffgMkanLflB7tZv5HjAK+BQSgJk1/M4k8snEz6KhRcoU140k5iS+WAhrHGesH/N+jXhokcfAqgmnjCgAfoYrFalOIahgWaFteutKLu6QMXhTx2g8OXfqQxQgMO2XOWoTg99OkHTNryxwMC13KiSD8jItkNwhubosB3a2p2Ofw3HsRRK1crsRFs9Y3K2pygKpqlkgkPelK9+A+dBISW2ht9d1v/EMkLUW6dwbhTNCVMyZZvfHKt1mIh4k7YQrn+nqW7xPFUZd5P8Dvqag/yuNjiMpeEof2fgavo5lJzw1tVMSQZX3vdIiKlEepNZ8t9WuP5kgjN6nzAxW+ZAgSIRKSmWtdBuVjpuFAKOfw9W6ruqRS1HycwtQicFBJ1Anewq20OwPm2nADN62vnhmNzQF2TuRJJDXLZaQcoG9GvW67IyFdPkroh1Gshhzvu5RKNR7yZrpjOlIMV1+hKdgZzxZkfhihaABeumFWlDWZPDRzqzLHtTKDvkVWPNFHbu1oVKTdMFMGTRdYSLIdMqkMJwkEiLSf58qE8Tuf5tk8L6XFXdT8XejUlajz3vhq4WzN9LjW1zQ==,iv:2AkTWN5WCYjf9DWJGCsmRf3CLA/EMgpLaORWcB2pGvs=,tag:cbwxW35me7T1OZipxdHfvw==,type:str]", + "data": "ENC[AES256_GCM,data:ZCr4rLLBECUNkFevlJ+D+F/EzVf2UiIEQ3+L7joyWsX2VRNYYNQGGy3PN20a3unME4PpeTeYNLTqrLOX2rSPO7SW5jOnesAEwLfVwIpUfcJAp37Mc0LOcs/nJHS9wkkIeIee5oOL2pzBtyBq2f6hdRewjwmJNOiXiK0z8WTo7peO72JihfLFAknAFYGvJUC0he1LsbOQIY7JQ0DACG5Kw+eNdYi8HnB47dwHnH+GKklfgOybQfRs0c/YGKKDuzaPSvzd3cdZdzhUPQao1YbvLIUI/VQeImZQvIMjgzkgY8AunbNYlxbDXlvJcXc6z2hXg0NQLndEGALsCAgxoARsxYI2yXIJZcRVqkwFG4beOuRTwoRoDD02IIuSVAT6X8GGf4+wWmWBetawO7Bfxxe4eFu1q2kzzS16XIy4+CllUYDhIyPi8Nig3gVN8ZF85X5r5grpeJBxrE8/cZPevX6OeFO/BxEkfwaukPTtqmPySNzYkcbPgiaYwTmgFrMcsn/RGPm5CrrY1RMiY+2M7RPn9bfvjbHR3U8IwKqM6TGTLAIodfW04Ee8mVH7S7SQnz3lzfmKhUWUw+BsKUgbObs9KIx2ytncuQwq1AubdZGPaZ5HgWCtIlvK2KsN/Y+hTZjkGiqk+K9pzhthQOrsLT6vOM50cNqUkzHcvu8TXnRknXzalH85VEB4Q+zQBRN4Qvu15tE9xTZYe32Xu4qCb9qvRcaCLAh4cmTAirORwVBNs5apEDl8Sl9MzM54+SM4QZbJ5XBLJzUsBqVEVSY9p43lTV1cpJtVbcZ2kTti9fj+7WMeFUAwuq0uVal0JTOHgpU0VcxwHPoXo2IC5KS/3TEaHEHtSIqOjsO/dqTfCqUuhUTDdLajTvOdqGShrQtaRq0sGa2b2n6dqj3CRNuwTSdqg9b19zABGBRTZ7QNTfYwZuiAAfUtYszd9JW4T7TZIocYNlvBSzhkc969WO+tAu/WChrHWuYPtz2sYxGaujFLEKiTEU1NnFiNel9wuqz5JnnQzxS19H3wiCroJ9kFrjFYtTeTTv4xe4197tq0eBs92JqzUi3M2bjSL/vBLWXG91eFxhMkucEg04KlBRcPACCGHM0q0ffrrHhHqRmDm53ba/74qA9jH64oIAPiRafk+5o32VCyaOhLEaP/iTDlaY1kdzMgrnkgVrcrXKQAOGO5mAVwvwreXGnBkubi2zf2AcbTKoG2d1rOlowkP+/x5x0fVXqQIjETFr1ZCt5qtf2uRn4o4Ee/JxbVor1+nGrToam0pF2gVY098ASzUeKBnNZPJLefnhfM9u3/TplfvTumcYd5ilM/FraKJ23E4UKQ8ErWDMTJUDse8KuIu6yRCGG7hLPo1OEXCyzKMigzZjkalv/BrKZgXUpZQ6VdBQj4EutetI62CwY3oJ/gy2c2WpLBi+YXGzIJiVVJuVoEg7UOjq6zYbrZc3kwYz/AUZjUsw0f2xJMhvsRrEgJzUEVUk+EsxtnNsEVKndnikwRjKjNeKT+gADEKdFQp5WTLT2jdEAynY6evR7cuLGt6yprnniiYn/QB5s3Q/ogOinkYj6zTcsL3PI0HI5pptVBccKTFA7v7CeRS840zcxYi7f7powNOKSqhZ2QtQv4mEkaW6+khx5lSM6mXAwgolknz3jmSvN7FC1qqIrFLeyKgtg/nCQWx/KdFuTYVzcIUHyL8HCdyl+X+MQa1ZMqyEYkQ3ap24pIhuQG8Eu5Jh+vIEcv7qOkBWsU6dyuyLd8GxIaJC/1qbYsETgCPW9Tmt3k63BdEDj/9QDoO1HxZJW65sJNOEyl/5fhhwt58J20UeXtLevVufG7ZthY860QMxiwtsRgae/jCKj1QtsepELWXovTIzl4D1U1j9GTgO4yxtUgPl3V0ukLHkdrptWOKLFo1BPbUaLRM7bTiEeHZvq9mDAl0kGyZ4Kl39b4/pvTydNlM+BywavjYSIijClg/I51tWY19YoHtyHHKyPpTSkgGJ120efATo86XxVz+yxtievPlgbqxilWUIm24igYBh9GUAzvmpDvnUHBfgpscnN3B1B3Kn6MXqzFV1oQ/q4ML77eAwUtOf9b4Hp4aeP85wa5fmxqC6zga/pa/NfE6v3LT26cwPYc6JAqg3W8Gmrhy6bJ6WO2pOf1Eh6wVs8Cu+Rsw9HND6xkjXN53R1/6U2Gsmv2+xY+D01rVPBndJSoeJPL7ujwh3kG1qmzeGbMYSbuG+eOrW9e8WiBBOnojfGHnfRBBCa46gvq/YdRtXMODRg03JJoPBZwHyc3o7ee8UIUtABu9PBkzhdspCy9v7V5rwRx19W4pf8T+igR41a+/qNP+zgPu62NtZ0BmxupAn5v4Nn4yCgEydifiu6KkeWEWmElzy/CwNRgZ0D7B/SQN1knr36fpLSLwdlyXNW7vqx15tgbYRBz29+ZWVoesM2M/gNrKUJtKs6jcAgxnKYD6tqyuQcF3G6p6aUQTrnXi7t3YVzFSSUCaaDSY9XGoZ6m8oN4bDgGkPnehtBch7XJn7oGHqvY2S+u3LuHIhhHK+hA8Si9WWpRPUbzjJRAQzlDf5zfRa2nPVVz4RpdVPPtrD8AnWkDgYn/JusNzIkLRr/0czSeqWtQRRthrY7YFqD12eI3JjSgk1G5KByfW5P/Iv8QUVb2btLYbkoy3J+5SvQhGKTiZEYD8mE2AL3ak3Al965jSVK3fJY4f53+hEhm1bVEtComhVB5X7+n82POOrhrgoas60aNeR8f1uxLzHNYoOY42TcwANqW0KG3+NHFGtIKCn0wLbAg91QSgaj/KMCVJuPVVUc0Uvt2xDd77qiIMKVqbxOlyWeVjUGfXykh5+NhlSE9TktlKjpVVsF+mWtA9di58JDlvc/OA4rSHnOnlL/8Tc9ZCUXO5iYB5/NsRY7o8UEEHMPOsYjNwii4RsIplcLitxj2kc8zSYYDO/7Tqil6Vo1fOWECbqcIEA2m59fNTQmSaZ1QCgEP/KsYswwGDxdZTDU2cyfcDsReNghUdg2u0pqJQdsaQn3C6yUNxBlnyuUW29BAlbOyUUPW+98EeW16PSNRM5JZLRXXJLqxcuPxF7XwLvzB8qYV8Oi34WWnKES4wOSZD3f2y2XlRvOzfK1+7c7ofOQ3v1ufu42x+tAvmnmc6YfNnU7ybeekHCDusKGORMlFl1N7a2RaT2mi72ems0ztTuGG7gdlrYldYOQ0dEqD1oeNWLrlOqnWVQwMT9eZ,iv:0eoQAssueYsHRvU1qHTSdryeZxeTYv+mDMt2uQR64hA=,tag:N62wqpHutX4mUAFkfiS6vQ==,type:str]", "sops": { "age": [ { @@ -27,8 +27,8 @@ "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtU240VjVRZmJ5TGsrclJF\nRXRLbTRCZURtR0Z3d2E2eDNNeGRDODlXVEY4CllTeVFYbDJQWlRSS1RFLzAxSnlM\nZi9NU1c3cWo3YWRLcUJ2U2ZFWFBBVEEKLS0tIGtmZU9qSWdBT3RDeStaaFFDSWtk\ndkUzZXJwZUl4LzVxYXdidmxXRnNnclUKyAMZqCKSY/RQvTR4bbjLaPnGKwdBcHXc\nvtiVSrLdIdzMa6id/J07TJH5UesUmcp0wjU41MDa4aMBLy+cXhuBHA==\n-----END AGE ENCRYPTED FILE-----\n" } ], - "lastmodified": "2025-07-17T19:47:10Z", - "mac": "ENC[AES256_GCM,data:rSJPK8zMaT+VGj92885MrhHf3VPWKChIGeoWAjWYzGS0GNd+ENThrx7SmKSA2GRgcvT52Xap+wZi8Vzzl0wZPyKiM3LwtQ1JDH401m+RJzqYmEmSmNWtBaXijMYzlW82oG6dJxsHPNAiZfV3iIrXfq4mDIs8KEjl/PwiW+5n3Is=,iv:WRFWcPwFD+Al+EsUMDnCKzXLGiH+xQXMa1ZOGMKgDKI=,tag:h9ObzyxKSXhQB84XVGv6Vw==,type:str]", + "lastmodified": "2025-07-17T19:51:34Z", + "mac": "ENC[AES256_GCM,data:c+ayFaTrFkoUcXF2YU5boi4twMg3ZUEPwAc8CUvIjxZWDVgqb4WZHPJ9j9T4hdZZq0URGAPTi4x8EXGTxv0pl7EQnAEYZEXPFwFjbuMzBvmsRfCsxeGFkgX1R3wg2PPs5ssXP22+rm7nuLKa91bloX5h3H7b1VbFQkWDJMg5QtM=,iv:5SblNcf0wAYHGd8NvCvxKTsg3ktr96aF6nUBtuZnfoM=,tag:ZIbmfUuW97RYbEqZn7iEnA==,type:str]", "pgp": [ { "created_at": "2025-06-13T20:13:06Z", From 234a5f2a9961ab26036dfe56eb357e0a449fbc0e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leon=20Schwarz=C3=A4ugl?= Date: Sun, 20 Jul 2025 16:00:28 +0200 Subject: [PATCH 05/16] fix: WLAN1 password was not set correctly --- SwarselSystems.org | 2 +- modules/nixos/client/network.nix | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/SwarselSystems.org b/SwarselSystems.org index 86d4d15..c43b236 100644 --- a/SwarselSystems.org +++ b/SwarselSystems.org @@ -4874,7 +4874,7 @@ Here I only enable =networkmanager= and a few default networks. The rest of the wifi-security = { auth-alg = "open"; key-mgmt = "wpa-psk"; - psk = "WLAN1_PW"; + psk = "$WLAN1_PW"; }; }; diff --git a/modules/nixos/client/network.nix b/modules/nixos/client/network.nix index 27809ab..8f7ffc3 100644 --- a/modules/nixos/client/network.nix +++ b/modules/nixos/client/network.nix @@ -118,7 +118,7 @@ in wifi-security = { auth-alg = "open"; key-mgmt = "wpa-psk"; - psk = "WLAN1_PW"; + psk = "$WLAN1_PW"; }; }; From 90efa8e67fa6c9b9a100e9ea004119b06fd31910 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leon=20Schwarz=C3=A4ugl?= Date: Sun, 20 Jul 2025 16:00:51 +0200 Subject: [PATCH 06/16] fix: koillection images lost in ephemeral storage --- SwarselSystems.org | 5 +++++ modules/nixos/server/koillection.nix | 5 +++++ 2 files changed, 10 insertions(+) diff --git a/SwarselSystems.org b/SwarselSystems.org index c43b236..2f36c8b 100644 --- a/SwarselSystems.org +++ b/SwarselSystems.org @@ -9065,6 +9065,7 @@ To get other URLs (token, etc.), use https:///oauth2/openid//oauth2/openid/ Date: Sun, 20 Jul 2025 16:01:19 +0200 Subject: [PATCH 07/16] fix: koillection not serving big collections --- SwarselSystems.org | 5 +++++ modules/nixos/server/koillection.nix | 5 +++++ 2 files changed, 10 insertions(+) diff --git a/SwarselSystems.org b/SwarselSystems.org index 2f36c8b..07eaa1c 100644 --- a/SwarselSystems.org +++ b/SwarselSystems.org @@ -9179,6 +9179,11 @@ To get other URLs (token, etc.), use https:///oauth2/openid/ Date: Sun, 20 Jul 2025 16:01:36 +0200 Subject: [PATCH 08/16] chore: backup more dirs --- SwarselSystems.org | 5 +++++ modules/nixos/server/restic.nix | 5 +++++ 2 files changed, 10 insertions(+) diff --git a/SwarselSystems.org b/SwarselSystems.org index 07eaa1c..abf3b0f 100644 --- a/SwarselSystems.org +++ b/SwarselSystems.org @@ -7696,6 +7696,11 @@ This manages backups for my pictures and obsidian files. passwordFile = config.sops.secrets.resticpw.path; paths = [ "/Vault/data/paperless" + "/Vault/data/koillection" + "/Vault/data/postgresql" + "/Vault/data/firefly-iii" + "/Vault/data/radicale" + "/Vault/data/matrix-synapse" "/Vault/Eternor/Paperless" "/Vault/Eternor/Bilder" "/Vault/Eternor/Immich" diff --git a/modules/nixos/server/restic.nix b/modules/nixos/server/restic.nix index eb492b1..f668104 100644 --- a/modules/nixos/server/restic.nix +++ b/modules/nixos/server/restic.nix @@ -31,6 +31,11 @@ in passwordFile = config.sops.secrets.resticpw.path; paths = [ "/Vault/data/paperless" + "/Vault/data/koillection" + "/Vault/data/postgresql" + "/Vault/data/firefly-iii" + "/Vault/data/radicale" + "/Vault/data/matrix-synapse" "/Vault/Eternor/Paperless" "/Vault/Eternor/Bilder" "/Vault/Eternor/Immich" From c3060b2be9e2b06c1e918f400f05121c49242870 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leon=20Schwarz=C3=A4ugl?= Date: Mon, 21 Jul 2025 22:28:48 +0200 Subject: [PATCH 09/16] chore: centralize syncthing config --- SwarselSystems.org | 278 ++++++++++------------------ hosts/nixos/moonside/default.nix | 165 +++++------------ modules/nixos/client/syncthing.nix | 24 +-- modules/nixos/server/syncthing.nix | 88 +++++---- profiles/nixos/moonside/default.nix | 1 + 5 files changed, 200 insertions(+), 356 deletions(-) diff --git a/SwarselSystems.org b/SwarselSystems.org index abf3b0f..f24c270 100644 --- a/SwarselSystems.org +++ b/SwarselSystems.org @@ -2665,12 +2665,10 @@ This machine mainly acts as an external sync helper. It manages the following th :END: #+begin_src nix-ts :tangle hosts/nixos/moonside/default.nix - { lib, config, globals, ... }: + { lib, config, ... }: let - inherit (config.repo.secrets.common) workHostName; inherit (config.repo.secrets.local.syncthing) dev1 dev2 dev3 loc1; inherit (config.swarselsystems) sopsFile; - serviceDomain = config.repo.secrets.common.services.domains.syncthing3; in { imports = [ @@ -2693,15 +2691,6 @@ This machine mainly acts as an external sync helper. It manages the following th environment = { etc."issue".text = "\4"; - - persistence."/persist".directories = lib.mkIf config.swarselsystems.isImpermanence [ - { - directory = "/var/lib/syncthing"; - user = "syncthing"; - group = "syncthing"; - mode = "0700"; - } - ]; }; topology.self.interfaces.wg = { @@ -2748,122 +2737,50 @@ This machine mainly acts as an external sync helper. It manages the following th system.stateVersion = "23.11"; - globals.services."syncthing-${config.networking.hostName}".domain = serviceDomain; - - services = { - nginx = { - virtualHosts = { - ${serviceDomain} = { - enableACME = true; - forceSSL = true; - acmeRoot = null; - locations = { - "/" = { - proxyPass = "http://localhost:8384"; - extraConfig = '' - client_max_body_size 0; - ''; - }; - }; + services.syncthing = { + dataDir = lib.mkForce "/sync"; + settings = { + devices = config.swarselsystems.syncthing.devices // { + "${dev1}" = { + id = "OCCDGDF-IPZ6HHQ-5SSLQ3L-MSSL5ZW-IX5JTAM-PW4PYEK-BRNMJ7E-Q7YDMA7"; + }; + "${dev2}" = { + id = "LPCFIIB-ENUM2V6-F2BWVZ6-F2HXCL2-BSBZXUF-TIMNKYB-7CATP7H-YU5D3AH"; + }; + "${dev3}" = { + id = "LAUT2ZP-KEZY35H-AHR3ARD-URAREJI-2B22P5T-PIMUNWW-PQRDETU-7KIGNQR"; }; }; - }; - - syncthing = { - enable = true; - guiAddress = "0.0.0.0:8384"; - openDefaultPorts = true; - relay.enable = false; - settings = { - urAccepted = -1; - devices = { - "magicant" = { - id = "VMWGEE2-4HDS2QO-KNQOVGN-LXLX6LA-666E4EK-ZBRYRRO-XFEX6FB-6E3XLQO"; - }; - "winters" = { - id = "O7RWDMD-AEAHPP7-7TAVLKZ-BSWNBTU-2VA44MS-EYGUNBB-SLHKB3C-ZSLMOAA"; - }; - "${workHostName}" = { - id = "YAPV4BV-I26WPTN-SIP32MV-SQP5TBZ-3CHMTCI-Z3D6EP2-MNDQGLP-53FT3AB"; - }; - "${dev1}" = { - id = "OCCDGDF-IPZ6HHQ-5SSLQ3L-MSSL5ZW-IX5JTAM-PW4PYEK-BRNMJ7E-Q7YDMA7"; - }; - "${dev2}" = { - id = "LPCFIIB-ENUM2V6-F2BWVZ6-F2HXCL2-BSBZXUF-TIMNKYB-7CATP7H-YU5D3AH"; - }; - "${dev3}" = { - id = "LAUT2ZP-KEZY35H-AHR3ARD-URAREJI-2B22P5T-PIMUNWW-PQRDETU-7KIGNQR"; + folders = { + "Documents" = { + path = "/sync/Documents"; + type = "receiveonly"; + versioning = { + type = "simple"; + params.keep = "2"; }; + devices = [ "pyramid" ]; + id = "hgr3d-pfu3w"; }; - folders = { - "Default Folder" = lib.mkForce { - path = "/sync/Sync"; - type = "receiveonly"; - versioning = null; - devices = [ "winters" "magicant" "${workHostName}" ]; - id = "default"; + "runandbun" = { + path = "/sync/runandbun"; + type = "receiveonly"; + versioning = { + type = "simple"; + params.keep = "5"; }; - "Obsidian" = { - path = "/sync/Obsidian"; - type = "receiveonly"; - versioning = { - type = "simple"; - params.keep = "5"; - }; - devices = [ "winters" "magicant" "${workHostName}" ]; - id = "yjvni-9eaa7"; - }; - "Org" = { - path = "/sync/Org"; - type = "receiveonly"; - versioning = { - type = "simple"; - params.keep = "5"; - }; - devices = [ "winters" "magicant" "${workHostName}" ]; - id = "a7xnl-zjj3d"; - }; - "Vpn" = { - path = "/sync/Vpn"; - type = "receiveonly"; - versioning = { - type = "simple"; - params.keep = "5"; - }; - devices = [ "winters" "magicant" "${workHostName}" ]; - id = "hgp9s-fyq3p"; - }; - "Documents" = { - path = "/sync/Documents"; - type = "receiveonly"; - versioning = { - type = "simple"; - params.keep = "2"; - }; - devices = [ "winters" ]; - id = "hgr3d-pfu3w"; - }; - "runandbun" = { - path = "/sync/runandbun"; - type = "receiveonly"; - versioning = { - type = "simple"; - params.keep = "5"; - }; - devices = [ "winters" "magicant" ]; - id = "kwnql-ev64v"; - }; - "${loc1}" = { - path = "/sync/${loc1}"; - type = "receiveonly"; - versioning = { - type = "simple"; - params.keep = "3"; - }; - devices = [ dev1 dev2 dev3 ]; - id = "5gsxv-rzzst"; + devices = [ "winters" "magicant" ]; + id = "kwnql-ev64v"; + }; + "${loc1}" = { + path = "/sync/${loc1}"; + type = "receiveonly"; + versioning = { + type = "simple"; + params.keep = "3"; }; + devices = [ dev1 dev2 dev3 ]; + id = "5gsxv-rzzst"; }; }; }; @@ -2883,6 +2800,10 @@ This machine mainly acts as an external sync helper. It manages the following th isBtrfs = true; isNixos = true; isLinux = true; + syncthing = { + serviceDomain = config.repo.secrets.common.services.domains.syncthing3; + serviceIP = "localhost"; + }; }; } @@ -5189,6 +5110,7 @@ Here I disable global completion to prevent redundant compinit calls and cache i { lib, config, pkgs, ... }: let inherit (config.swarselsystems) mainUser homeDir; + devices = config.swarselsystems.syncthing.syncDevices; in { options.swarselmodules.syncthing = lib.mkEnableOption "syncthing config"; @@ -5206,39 +5128,26 @@ Here I disable global completion to prevent redundant compinit calls and cache i options = { urAccepted = -1; }; - devices = { - "magicant" = { - id = "VMWGEE2-4HDS2QO-KNQOVGN-LXLX6LA-666E4EK-ZBRYRRO-XFEX6FB-6E3XLQO"; - }; - "sync@oracle" = { - id = "ETW6TST-NPK7MKZ-M4LXMHA-QUPQHDT-VTSHH5X-CR5EIN2-YU7E55F-MGT7DQB"; - }; - "winters" = { - id = "O7RWDMD-AEAHPP7-7TAVLKZ-BSWNBTU-2VA44MS-EYGUNBB-SLHKB3C-ZSLMOAA"; - }; - "moonside@oracle" = { - id = "VPCDZB6-MGVGQZD-Q6DIZW3-IZJRJTO-TCC3QUQ-2BNTL7P-AKE7FBO-N55UNQE"; - }; - }; + inherit (config.swarselsystems.syncthing) devices; folders = { "Default Folder" = lib.mkDefault { path = "${homeDir}/Sync"; - devices = [ "sync@oracle" "magicant" "winters" "moonside@oracle" ]; + inherit devices; id = "default"; }; "Obsidian" = { path = "${homeDir}/Nextcloud/Obsidian"; - devices = [ "sync@oracle" "magicant" "winters" "moonside@oracle" ]; + inherit devices; id = "yjvni-9eaa7"; }; "Org" = { path = "${homeDir}/Nextcloud/Org"; - devices = [ "sync@oracle" "magicant" "winters" "moonside@oracle" ]; + inherit devices; id = "a7xnl-zjj3d"; }; "Vpn" = { path = "${homeDir}/Vpn"; - devices = [ "sync@oracle" "magicant" "winters" "moonside@oracle" ]; + inherit devices; id = "hgp9s-fyq3p"; }; }; @@ -7522,20 +7431,55 @@ Also I install Tika and Gotenberg, which are needed to create PDFs out of =.eml= :END: #+begin_src nix-ts :tangle modules/nixos/server/syncthing.nix - { lib, config, ... }: + { lib, config, configName, ... }: let - inherit (config.repo.secrets.common) workHostName; - servicePort = 8384; serviceUser = "syncthing"; serviceGroup = serviceUser; serviceName = "syncthing"; - serviceDomain = config.repo.secrets.common.services.domains.syncthing1; + specificServiceName = "syncthing-${configName}"; + inherit (config.swarselsystems.syncthing) serviceDomain; + inherit (config.swarselsystems.syncthing) serviceIP; cfg = config.services.${serviceName}; + devices = config.swarselsystems.syncthing.syncDevices; in { - options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; + options = { + swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; + + swarselsystems.syncthing = { + serviceDomain = lib.mkOption { + type = lib.types.str; + default = config.repo.secrets.common.services.domains.syncthing1; + }; + serviceIP = lib.mkOption { + type = lib.types.str; + default = "192.168.1.2"; + }; + syncDevices = lib.mkOption { + type = lib.types.listOf lib.types.str; + default = [ "magicant" "winters" "pyramid" "moonside@oracle" ]; + }; + devices = lib.mkOption { + type = lib.types.attrs; + default = { + "magicant" = { + id = "VMWGEE2-4HDS2QO-KNQOVGN-LXLX6LA-666E4EK-ZBRYRRO-XFEX6FB-6E3XLQO"; + }; + "winters" = { + id = "O7RWDMD-AEAHPP7-7TAVLKZ-BSWNBTU-2VA44MS-EYGUNBB-SLHKB3C-ZSLMOAA"; + }; + "moonside@oracle" = { + id = "VPCDZB6-MGVGQZD-Q6DIZW3-IZJRJTO-TCC3QUQ-2BNTL7P-AKE7FBO-N55UNQE"; + }; + "pyramid" = { + id = "YAPV4BV-I26WPTN-SIP32MV-SQP5TBZ-3CHMTCI-Z3D6EP2-MNDQGLP-53FT3AB"; + }; + }; + }; + }; + }; config = lib.mkIf config.swarselmodules.server.${serviceName} { users.users.${serviceUser} = { @@ -7548,39 +7492,26 @@ Also I install Tika and Gotenberg, which are needed to create PDFs out of =.eml= networking.firewall.allowedTCPPorts = [ servicePort ]; - globals.services."${serviceName}-${config.networking.hostName}".domain = serviceDomain; + globals.services."${specificServiceName}".domain = serviceDomain; services.${serviceName} = rec { enable = true; user = serviceUser; group = serviceGroup; - dataDir = "/Vault/data/${serviceName}"; + dataDir = lib.mkDefault "/Vault/data/${serviceName}"; configDir = "${cfg.dataDir}/.config/${serviceName}"; guiAddress = "0.0.0.0:${builtins.toString servicePort}"; openDefaultPorts = true; # opens ports TCP/UDP 22000 and UDP 21027 for discovery relay.enable = false; settings = { urAccepted = -1; - devices = { - "magicant" = { - id = "VMWGEE2-4HDS2QO-KNQOVGN-LXLX6LA-666E4EK-ZBRYRRO-XFEX6FB-6E3XLQO"; - }; - "milkywell@oracle" = { - id = "ETW6TST-NPK7MKZ-M4LXMHA-QUPQHDT-VTSHH5X-CR5EIN2-YU7E55F-MGT7DQB"; - }; - "${workHostName}" = { - id = "YAPV4BV-I26WPTN-SIP32MV-SQP5TBZ-3CHMTCI-Z3D6EP2-MNDQGLP-53FT3AB"; - }; - "moonside@oracle" = { - id = "VPCDZB6-MGVGQZD-Q6DIZW3-IZJRJTO-TCC3QUQ-2BNTL7P-AKE7FBO-N55UNQE"; - }; - }; + inherit (config.swarselsystems.syncthing) devices; folders = { "Default Folder" = lib.mkForce { path = "${cfg.dataDir}/Sync"; type = "receiveonly"; versioning = null; - devices = [ "milkywell@oracle" "magicant" "${workHostName}" "moonside@oracle" ]; + inherit devices; id = "default"; }; "Obsidian" = { @@ -7590,7 +7521,7 @@ Also I install Tika and Gotenberg, which are needed to create PDFs out of =.eml= type = "simple"; params.keep = "5"; }; - devices = [ "milkywell@oracle" "magicant" "${workHostName}" "moonside@oracle" ]; + inherit devices; id = "yjvni-9eaa7"; }; "Org" = { @@ -7600,7 +7531,7 @@ Also I install Tika and Gotenberg, which are needed to create PDFs out of =.eml= type = "simple"; params.keep = "5"; }; - devices = [ "milkywell@oracle" "magicant" "${workHostName}" "moonside@oracle" ]; + inherit devices; id = "a7xnl-zjj3d"; }; "Vpn" = { @@ -7610,28 +7541,18 @@ Also I install Tika and Gotenberg, which are needed to create PDFs out of =.eml= type = "simple"; params.keep = "5"; }; - devices = [ "milkywell@oracle" "magicant" "${workHostName}" "moonside@oracle" ]; + inherit devices; id = "hgp9s-fyq3p"; }; - # "Documents" = { - # path = "${cfg.dataDir}/Documents"; - # type = "receiveonly"; - # versioning = { - # type = "simple"; - # params.keep = "5"; - # }; - # devices = [ "magicant" "${workHostName}" "moonside@oracle" ]; - # id = "hgr3d-pfu3w"; - # }; }; }; }; nodes.moonside.services.nginx = { upstreams = { - ${serviceName} = { + ${specificServiceName} = { servers = { - "192.168.1.2:${builtins.toString servicePort}" = { }; + "${serviceIP}:${builtins.toString servicePort}" = { }; }; }; }; @@ -7642,7 +7563,7 @@ Also I install Tika and Gotenberg, which are needed to create PDFs out of =.eml= acmeRoot = null; locations = { "/" = { - proxyPass = "http://${serviceName}"; + proxyPass = "http://${specificServiceName}"; extraConfig = '' client_max_body_size 0; ''; @@ -16693,6 +16614,7 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a microbin = lib.mkDefault true; shlink = lib.mkDefault true; slink = lib.mkDefault true; + syncthing = lib.mkDefault true; }; }; }; diff --git a/hosts/nixos/moonside/default.nix b/hosts/nixos/moonside/default.nix index 58e6284..cd14423 100644 --- a/hosts/nixos/moonside/default.nix +++ b/hosts/nixos/moonside/default.nix @@ -1,9 +1,7 @@ -{ lib, config, globals, ... }: +{ lib, config, ... }: let - inherit (config.repo.secrets.common) workHostName; inherit (config.repo.secrets.local.syncthing) dev1 dev2 dev3 loc1; inherit (config.swarselsystems) sopsFile; - serviceDomain = config.repo.secrets.common.services.domains.syncthing3; in { imports = [ @@ -26,15 +24,6 @@ in environment = { etc."issue".text = "\4"; - - persistence."/persist".directories = lib.mkIf config.swarselsystems.isImpermanence [ - { - directory = "/var/lib/syncthing"; - user = "syncthing"; - group = "syncthing"; - mode = "0700"; - } - ]; }; topology.self.interfaces.wg = { @@ -81,122 +70,50 @@ in system.stateVersion = "23.11"; - globals.services."syncthing-${config.networking.hostName}".domain = serviceDomain; - - services = { - nginx = { - virtualHosts = { - ${serviceDomain} = { - enableACME = true; - forceSSL = true; - acmeRoot = null; - locations = { - "/" = { - proxyPass = "http://localhost:8384"; - extraConfig = '' - client_max_body_size 0; - ''; - }; - }; + services.syncthing = { + dataDir = lib.mkForce "/sync"; + settings = { + devices = config.swarselsystems.syncthing.devices // { + "${dev1}" = { + id = "OCCDGDF-IPZ6HHQ-5SSLQ3L-MSSL5ZW-IX5JTAM-PW4PYEK-BRNMJ7E-Q7YDMA7"; + }; + "${dev2}" = { + id = "LPCFIIB-ENUM2V6-F2BWVZ6-F2HXCL2-BSBZXUF-TIMNKYB-7CATP7H-YU5D3AH"; + }; + "${dev3}" = { + id = "LAUT2ZP-KEZY35H-AHR3ARD-URAREJI-2B22P5T-PIMUNWW-PQRDETU-7KIGNQR"; }; }; - }; - - syncthing = { - enable = true; - guiAddress = "0.0.0.0:8384"; - openDefaultPorts = true; - relay.enable = false; - settings = { - urAccepted = -1; - devices = { - "magicant" = { - id = "VMWGEE2-4HDS2QO-KNQOVGN-LXLX6LA-666E4EK-ZBRYRRO-XFEX6FB-6E3XLQO"; - }; - "winters" = { - id = "O7RWDMD-AEAHPP7-7TAVLKZ-BSWNBTU-2VA44MS-EYGUNBB-SLHKB3C-ZSLMOAA"; - }; - "${workHostName}" = { - id = "YAPV4BV-I26WPTN-SIP32MV-SQP5TBZ-3CHMTCI-Z3D6EP2-MNDQGLP-53FT3AB"; - }; - "${dev1}" = { - id = "OCCDGDF-IPZ6HHQ-5SSLQ3L-MSSL5ZW-IX5JTAM-PW4PYEK-BRNMJ7E-Q7YDMA7"; - }; - "${dev2}" = { - id = "LPCFIIB-ENUM2V6-F2BWVZ6-F2HXCL2-BSBZXUF-TIMNKYB-7CATP7H-YU5D3AH"; - }; - "${dev3}" = { - id = "LAUT2ZP-KEZY35H-AHR3ARD-URAREJI-2B22P5T-PIMUNWW-PQRDETU-7KIGNQR"; + folders = { + "Documents" = { + path = "/sync/Documents"; + type = "receiveonly"; + versioning = { + type = "simple"; + params.keep = "2"; }; + devices = [ "pyramid" ]; + id = "hgr3d-pfu3w"; }; - folders = { - "Default Folder" = lib.mkForce { - path = "/sync/Sync"; - type = "receiveonly"; - versioning = null; - devices = [ "winters" "magicant" "${workHostName}" ]; - id = "default"; + "runandbun" = { + path = "/sync/runandbun"; + type = "receiveonly"; + versioning = { + type = "simple"; + params.keep = "5"; }; - "Obsidian" = { - path = "/sync/Obsidian"; - type = "receiveonly"; - versioning = { - type = "simple"; - params.keep = "5"; - }; - devices = [ "winters" "magicant" "${workHostName}" ]; - id = "yjvni-9eaa7"; - }; - "Org" = { - path = "/sync/Org"; - type = "receiveonly"; - versioning = { - type = "simple"; - params.keep = "5"; - }; - devices = [ "winters" "magicant" "${workHostName}" ]; - id = "a7xnl-zjj3d"; - }; - "Vpn" = { - path = "/sync/Vpn"; - type = "receiveonly"; - versioning = { - type = "simple"; - params.keep = "5"; - }; - devices = [ "winters" "magicant" "${workHostName}" ]; - id = "hgp9s-fyq3p"; - }; - "Documents" = { - path = "/sync/Documents"; - type = "receiveonly"; - versioning = { - type = "simple"; - params.keep = "2"; - }; - devices = [ "winters" ]; - id = "hgr3d-pfu3w"; - }; - "runandbun" = { - path = "/sync/runandbun"; - type = "receiveonly"; - versioning = { - type = "simple"; - params.keep = "5"; - }; - devices = [ "winters" "magicant" ]; - id = "kwnql-ev64v"; - }; - "${loc1}" = { - path = "/sync/${loc1}"; - type = "receiveonly"; - versioning = { - type = "simple"; - params.keep = "3"; - }; - devices = [ dev1 dev2 dev3 ]; - id = "5gsxv-rzzst"; + devices = [ "winters" "magicant" ]; + id = "kwnql-ev64v"; + }; + "${loc1}" = { + path = "/sync/${loc1}"; + type = "receiveonly"; + versioning = { + type = "simple"; + params.keep = "3"; }; + devices = [ dev1 dev2 dev3 ]; + id = "5gsxv-rzzst"; }; }; }; @@ -216,5 +133,9 @@ in isBtrfs = true; isNixos = true; isLinux = true; + syncthing = { + serviceDomain = config.repo.secrets.common.services.domains.syncthing3; + serviceIP = "localhost"; + }; }; } diff --git a/modules/nixos/client/syncthing.nix b/modules/nixos/client/syncthing.nix index 0e46751..d7ca383 100644 --- a/modules/nixos/client/syncthing.nix +++ b/modules/nixos/client/syncthing.nix @@ -1,6 +1,7 @@ { lib, config, pkgs, ... }: let inherit (config.swarselsystems) mainUser homeDir; + devices = config.swarselsystems.syncthing.syncDevices; in { options.swarselmodules.syncthing = lib.mkEnableOption "syncthing config"; @@ -18,39 +19,26 @@ in options = { urAccepted = -1; }; - devices = { - "magicant" = { - id = "VMWGEE2-4HDS2QO-KNQOVGN-LXLX6LA-666E4EK-ZBRYRRO-XFEX6FB-6E3XLQO"; - }; - "sync@oracle" = { - id = "ETW6TST-NPK7MKZ-M4LXMHA-QUPQHDT-VTSHH5X-CR5EIN2-YU7E55F-MGT7DQB"; - }; - "winters" = { - id = "O7RWDMD-AEAHPP7-7TAVLKZ-BSWNBTU-2VA44MS-EYGUNBB-SLHKB3C-ZSLMOAA"; - }; - "moonside@oracle" = { - id = "VPCDZB6-MGVGQZD-Q6DIZW3-IZJRJTO-TCC3QUQ-2BNTL7P-AKE7FBO-N55UNQE"; - }; - }; + inherit (config.swarselsystems.syncthing) devices; folders = { "Default Folder" = lib.mkDefault { path = "${homeDir}/Sync"; - devices = [ "sync@oracle" "magicant" "winters" "moonside@oracle" ]; + inherit devices; id = "default"; }; "Obsidian" = { path = "${homeDir}/Nextcloud/Obsidian"; - devices = [ "sync@oracle" "magicant" "winters" "moonside@oracle" ]; + inherit devices; id = "yjvni-9eaa7"; }; "Org" = { path = "${homeDir}/Nextcloud/Org"; - devices = [ "sync@oracle" "magicant" "winters" "moonside@oracle" ]; + inherit devices; id = "a7xnl-zjj3d"; }; "Vpn" = { path = "${homeDir}/Vpn"; - devices = [ "sync@oracle" "magicant" "winters" "moonside@oracle" ]; + inherit devices; id = "hgp9s-fyq3p"; }; }; diff --git a/modules/nixos/server/syncthing.nix b/modules/nixos/server/syncthing.nix index 26128a2..4bde68b 100644 --- a/modules/nixos/server/syncthing.nix +++ b/modules/nixos/server/syncthing.nix @@ -1,17 +1,52 @@ -{ lib, config, ... }: +{ lib, config, configName, ... }: let - inherit (config.repo.secrets.common) workHostName; - servicePort = 8384; serviceUser = "syncthing"; serviceGroup = serviceUser; serviceName = "syncthing"; - serviceDomain = config.repo.secrets.common.services.domains.syncthing1; + specificServiceName = "syncthing-${configName}"; + inherit (config.swarselsystems.syncthing) serviceDomain; + inherit (config.swarselsystems.syncthing) serviceIP; cfg = config.services.${serviceName}; + devices = config.swarselsystems.syncthing.syncDevices; in { - options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; + options = { + swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; + + swarselsystems.syncthing = { + serviceDomain = lib.mkOption { + type = lib.types.str; + default = config.repo.secrets.common.services.domains.syncthing1; + }; + serviceIP = lib.mkOption { + type = lib.types.str; + default = "192.168.1.2"; + }; + syncDevices = lib.mkOption { + type = lib.types.listOf lib.types.str; + default = [ "magicant" "winters" "pyramid" "moonside@oracle" ]; + }; + devices = lib.mkOption { + type = lib.types.attrs; + default = { + "magicant" = { + id = "VMWGEE2-4HDS2QO-KNQOVGN-LXLX6LA-666E4EK-ZBRYRRO-XFEX6FB-6E3XLQO"; + }; + "winters" = { + id = "O7RWDMD-AEAHPP7-7TAVLKZ-BSWNBTU-2VA44MS-EYGUNBB-SLHKB3C-ZSLMOAA"; + }; + "moonside@oracle" = { + id = "VPCDZB6-MGVGQZD-Q6DIZW3-IZJRJTO-TCC3QUQ-2BNTL7P-AKE7FBO-N55UNQE"; + }; + "pyramid" = { + id = "YAPV4BV-I26WPTN-SIP32MV-SQP5TBZ-3CHMTCI-Z3D6EP2-MNDQGLP-53FT3AB"; + }; + }; + }; + }; + }; config = lib.mkIf config.swarselmodules.server.${serviceName} { users.users.${serviceUser} = { @@ -24,39 +59,26 @@ in networking.firewall.allowedTCPPorts = [ servicePort ]; - globals.services."${serviceName}-${config.networking.hostName}".domain = serviceDomain; + globals.services."${specificServiceName}".domain = serviceDomain; services.${serviceName} = rec { enable = true; user = serviceUser; group = serviceGroup; - dataDir = "/Vault/data/${serviceName}"; + dataDir = lib.mkDefault "/Vault/data/${serviceName}"; configDir = "${cfg.dataDir}/.config/${serviceName}"; guiAddress = "0.0.0.0:${builtins.toString servicePort}"; openDefaultPorts = true; # opens ports TCP/UDP 22000 and UDP 21027 for discovery relay.enable = false; settings = { urAccepted = -1; - devices = { - "magicant" = { - id = "VMWGEE2-4HDS2QO-KNQOVGN-LXLX6LA-666E4EK-ZBRYRRO-XFEX6FB-6E3XLQO"; - }; - "milkywell@oracle" = { - id = "ETW6TST-NPK7MKZ-M4LXMHA-QUPQHDT-VTSHH5X-CR5EIN2-YU7E55F-MGT7DQB"; - }; - "${workHostName}" = { - id = "YAPV4BV-I26WPTN-SIP32MV-SQP5TBZ-3CHMTCI-Z3D6EP2-MNDQGLP-53FT3AB"; - }; - "moonside@oracle" = { - id = "VPCDZB6-MGVGQZD-Q6DIZW3-IZJRJTO-TCC3QUQ-2BNTL7P-AKE7FBO-N55UNQE"; - }; - }; + inherit (config.swarselsystems.syncthing) devices; folders = { "Default Folder" = lib.mkForce { path = "${cfg.dataDir}/Sync"; type = "receiveonly"; versioning = null; - devices = [ "milkywell@oracle" "magicant" "${workHostName}" "moonside@oracle" ]; + inherit devices; id = "default"; }; "Obsidian" = { @@ -66,7 +88,7 @@ in type = "simple"; params.keep = "5"; }; - devices = [ "milkywell@oracle" "magicant" "${workHostName}" "moonside@oracle" ]; + inherit devices; id = "yjvni-9eaa7"; }; "Org" = { @@ -76,7 +98,7 @@ in type = "simple"; params.keep = "5"; }; - devices = [ "milkywell@oracle" "magicant" "${workHostName}" "moonside@oracle" ]; + inherit devices; id = "a7xnl-zjj3d"; }; "Vpn" = { @@ -86,28 +108,18 @@ in type = "simple"; params.keep = "5"; }; - devices = [ "milkywell@oracle" "magicant" "${workHostName}" "moonside@oracle" ]; + inherit devices; id = "hgp9s-fyq3p"; }; - # "Documents" = { - # path = "${cfg.dataDir}/Documents"; - # type = "receiveonly"; - # versioning = { - # type = "simple"; - # params.keep = "5"; - # }; - # devices = [ "magicant" "${workHostName}" "moonside@oracle" ]; - # id = "hgr3d-pfu3w"; - # }; }; }; }; nodes.moonside.services.nginx = { upstreams = { - ${serviceName} = { + ${specificServiceName} = { servers = { - "192.168.1.2:${builtins.toString servicePort}" = { }; + "${serviceIP}:${builtins.toString servicePort}" = { }; }; }; }; @@ -118,7 +130,7 @@ in acmeRoot = null; locations = { "/" = { - proxyPass = "http://${serviceName}"; + proxyPass = "http://${specificServiceName}"; extraConfig = '' client_max_body_size 0; ''; diff --git a/profiles/nixos/moonside/default.nix b/profiles/nixos/moonside/default.nix index e678778..d365d4c 100644 --- a/profiles/nixos/moonside/default.nix +++ b/profiles/nixos/moonside/default.nix @@ -21,6 +21,7 @@ microbin = lib.mkDefault true; shlink = lib.mkDefault true; slink = lib.mkDefault true; + syncthing = lib.mkDefault true; }; }; }; From c5c09b0358587946026d90f1d509a6e16fe74890 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leon=20Schwarz=C3=A4ugl?= Date: Mon, 21 Jul 2025 22:29:45 +0200 Subject: [PATCH 10/16] feat: vars in _module.args instead of options --- SwarselSystems.org | 673 ++++++++++--------- modules/home/common/default.nix | 8 +- modules/home/common/firefox.nix | 4 +- modules/home/common/stylix.nix | 6 +- modules/home/darwin/default.nix | 3 +- modules/home/optional/work.nix | 10 +- modules/nixos/client/stylix.nix | 6 +- modules/nixos/common/default.nix | 10 +- modules/shared/options.nix | 67 ++ modules/shared/{sharedsetup.nix => vars.nix} | 83 +-- secrets/repo/pii.nix.enc | 6 +- 11 files changed, 437 insertions(+), 439 deletions(-) create mode 100644 modules/shared/options.nix rename modules/shared/{sharedsetup.nix => vars.nix} (78%) diff --git a/SwarselSystems.org b/SwarselSystems.org index f24c270..eefc1a4 100644 --- a/SwarselSystems.org +++ b/SwarselSystems.org @@ -3645,17 +3645,15 @@ These are system-level settings specific to NixOS machines. All settings that ar This section is for setting things that should be used on hosts that are using the default NixOS configuration. This means that servers should NOT import this, as much of these imported modules are user-configured. #+begin_src nix-ts :tangle modules/nixos/common/default.nix - { self, lib, ... }: - let - importNames = lib.swarselsystems.readNix "modules/nixos/common"; - in - { - imports = lib.swarselsystems.mkImports importNames "modules/nixos/common" ++ [ - "${self}/modules/shared/sharedsetup.nix" - ]; - - - } +{ lib, ... }: +let + importNames = lib.swarselsystems.readNix "modules/nixos/common"; + sharedNames = lib.swarselsystems.readNix "modules/shared"; +in +{ + imports = lib.swarselsystems.mkImports importNames "modules/nixos/common" ++ + lib.swarselsystems.mkImports sharedNames "modules/shared"; +} #+end_src @@ -5036,7 +5034,7 @@ By default, [[https://github.com/danth/stylix][stylix]] wants to style GRUB as w =theme= is defined in [[#h:5bc1b0c9-dc59-4c81-b5b5-e60699deda78][Theme (stylix)]]. #+begin_src nix-ts :noweb yes :tangle modules/nixos/client/stylix.nix - { self, lib, config, ... }: + { self, lib, config, vars, ... }: { options.swarselmodules.stylix = lib.mkEnableOption "stylix config"; config = { @@ -5049,10 +5047,10 @@ By default, [[https://github.com/danth/stylix][stylix]] wants to style GRUB as w targets.grub.enable = false; # the styling makes grub more ugly image = config.swarselsystems.wallpaper; } - config.swarselsystems.stylix); + vars.stylix); home-manager.users."${config.swarselsystems.mainUser}" = { stylix = { - targets = config.swarselsystems.stylixHomeTargets; + targets = vars.stylixHomeTargets; }; }; }; @@ -10327,321 +10325,14 @@ The general structure is the same as in the [[#h:6da812f5-358c-49cb-aff2-0a94f20 This section sets up all the imports that are used in the home-manager section. #+begin_src nix-ts :tangle modules/home/common/default.nix - { self, lib, ... }: + { lib, ... }: let importNames = lib.swarselsystems.readNix "modules/home/common"; + sharedNames = lib.swarselsystems.readNix "modules/shared"; in { - imports = lib.swarselsystems.mkImports importNames "modules/home/common" ++ [ - "${self}/modules/shared/sharedsetup.nix" - ]; - } -#+end_src - -**** Shared Configuration Options (holds firefox & stylix config parts) -:PROPERTIES: -:CUSTOM_ID: h:79f7150f-b162-4f57-abdf-07f40dffd932 -:END: - -Provides settings related to nix-darwin systems. At the moment, I am only making use of a =isDarwin= flag. - -At work I am using several services that are using SSO login - however, as I am using four different accounts at work, this becomes a chore here. Hence, I have defined multiple profiles in [[#h:f0b2ea93-94c8-48d8-8d47-6fe58f58e0e6][Work]] that are all practically using the same configuration. To save screen space, I template that profile here. -Set in firefox =about:config > toolkit.legacyUserProfileCustomizations.stylesheets= to true. This should in principle be set automatically using the below config, but it seems not to be working reliably - -For styling, I am using the [[https://github.com/danth/stylix][stylix]] NixOS module, loaded by flake. This package is really great, as it adds nix expressions for basically everything. Ever since switching to this, I did not have to play around with theming anywhere else. - -The full list of nerd-fonts can be found here: https://github.com/NixOS/nixpkgs/blob/nixos-unstable/pkgs/data/fonts/nerd-fonts/manifests/fonts.json - -This is where the theme for the whole OS is defined. Originally, this noweb-ref section could not be copied to the general NixOS config since they are on different folder structure levels in the config, which would have made the flake impure. By now, I have found out that using the =${self}= method for referencing the flake root, I could circumvent this problem. Also, the noweb-ref block could in general be replaced by a custom attribute set (see for example [[#h:e7f98ad8-74a6-4860-a368-cce154285ff0][firefox]]). The difference here was, for a long time, that this block is used in a NixOS and a home-manager-only configuration, verbatim. If I were to use an attribute set, I would have to duplicate this block once each for NixOS and home-manager. Alas, this block stays (for now). However, I learned how to use an attribute set in a custom home-manager module and pass it to both NixOS and home-manager configurations, which also removed the need for that use of it. - -#+begin_src nix-ts :noweb yes :tangle modules/shared/sharedsetup.nix - { self, config, lib, pkgs, ... }: - { - options.swarselsystems = { - withHomeManager = lib.mkOption { - type = lib.types.bool; - default = true; - }; - isSwap = lib.mkOption { - type = lib.types.bool; - default = true; - }; - swapSize = lib.mkOption { - type = lib.types.str; - default = "8G"; - }; - rootDisk = lib.mkOption { - type = lib.types.str; - default = ""; - }; - mainUser = lib.mkOption { - type = lib.types.str; - default = "swarsel"; - }; - isCrypted = lib.mkEnableOption "uses full disk encryption"; - - isImpermanence = lib.mkEnableOption "use impermanence on this system"; - isSecureBoot = lib.mkEnableOption "use secure boot on this system"; - isLaptop = lib.mkEnableOption "laptop host"; - isNixos = lib.mkEnableOption "nixos host"; - isPublic = lib.mkEnableOption "is a public machine (no secrets)"; - isDarwin = lib.mkEnableOption "darwin host"; - isLinux = lib.mkEnableOption "whether this is a linux machine"; - isBtrfs = lib.mkEnableOption "use btrfs filesystem"; - sopsFile = lib.mkOption { - type = lib.types.str; - default = "${config.swarselsystems.flakePath}/secrets/${config.node.name}/secrets.yaml"; - }; - homeDir = lib.mkOption { - type = lib.types.str; - default = "/home/swarsel"; - }; - xdgDir = lib.mkOption { - type = lib.types.str; - default = "/run/user/1000"; - }; - flakePath = lib.mkOption { - type = lib.types.str; - default = "/home/swarsel/.dotfiles"; - }; - wallpaper = lib.mkOption { - type = lib.types.path; - default = "${self}/files/wallpaper/lenovowp.png"; - }; - sharescreen = lib.mkOption { - type = lib.types.str; - default = ""; - }; - lowResolution = lib.mkOption { - type = lib.types.str; - default = ""; - }; - highResolution = lib.mkOption { - type = lib.types.str; - default = ""; - }; - - stylix = lib.mkOption { - type = lib.types.attrs; - default = { - polarity = "dark"; - opacity.popups = 0.5; - cursor = { - package = pkgs.banana-cursor; - # package = pkgs.capitaine-cursors; - name = "Banana"; - # name = "capitaine-cursors"; - size = 16; - }; - fonts = { - sizes = { - terminal = 10; - applications = 11; - }; - serif = { - # package = (pkgs.nerdfonts.override { fonts = [ "FiraMono" "FiraCode"]; }); - package = pkgs.cantarell-fonts; - # package = pkgs.montserrat; - name = "Cantarell"; - # name = "FiraCode Nerd Font Propo"; - # name = "Montserrat"; - }; - sansSerif = { - # package = (pkgs.nerdfonts.override { fonts = [ "FiraMono" "FiraCode"]; }); - package = pkgs.cantarell-fonts; - # package = pkgs.montserrat; - name = "Cantarell"; - # name = "FiraCode Nerd Font Propo"; - # name = "Montserrat"; - }; - monospace = { - package = pkgs.nerd-fonts.fira-mono; # has overrides - name = "FiraCode Nerd Font Mono"; - }; - emoji = { - package = pkgs.noto-fonts-emoji; - name = "Noto Color Emoji"; - }; - }; - }; - }; - stylixHomeTargets = lib.mkOption { - type = lib.types.attrs; - default = { - emacs.enable = false; - waybar.enable = false; - sway.useWallpaper = false; - firefox.profileNames = [ "default" ]; - }; - }; - - firefox = lib.mkOption { - type = lib.types.attrs; - default = { - userChrome = builtins.readFile "${self}/files/firefox/chrome/userChrome.css"; - extensions = { - packages = with pkgs.nur.repos.rycee.firefox-addons; [ - tridactyl - tampermonkey - sidebery - browserpass - clearurls - darkreader - enhancer-for-youtube - istilldontcareaboutcookies - translate-web-pages - ublock-origin - reddit-enhancement-suite - sponsorblock - web-archives - onepassword-password-manager - single-file - widegithub - enhanced-github - unpaywall - don-t-fuck-with-paste - plasma-integration - noscript - - # configure a shortcut 'ctrl+shift+c' with behaviour 'do nothing' in order to disable the dev console shortcut - (buildFirefoxXpiAddon { - pname = "shortkeys"; - version = "4.0.2"; - addonId = "Shortkeys@Shortkeys.com"; - url = "https://addons.mozilla.org/firefox/downloads/file/3673761/shortkeys-4.0.2.xpi"; - sha256 = "c6fe12efdd7a871787ac4526eea79ecc1acda8a99724aa2a2a55c88a9acf467c"; - meta = with lib; - { - description = "Easily customizable custom keyboard shortcuts for Firefox. To configure this addon go to Addons (ctrl+shift+a) ->Shortkeys ->Options. Report issues here (please specify that the issue is found in Firefox): https://github.com/mikecrittenden/shortkeys"; - mozPermissions = [ - "tabs" - "downloads" - "clipboardWrite" - "browsingData" - "storage" - "bookmarks" - "sessions" - "" - ]; - platforms = platforms.all; - }; - }) - ]; - }; - - settings = - { - "extensions.autoDisableScopes" = 0; - "browser.bookmarks.showMobileBookmarks" = true; - "toolkit.legacyUserProfileCustomizations.stylesheets" = true; - "browser.search.suggest.enabled" = false; - "browser.search.suggest.enabled.private" = false; - "browser.urlbar.suggest.searches" = false; - "browser.urlbar.showSearchSuggestionsFirst" = false; - "browser.topsites.contile.enabled" = false; - "browser.newtabpage.activity-stream.feeds.section.topstories" = false; - "browser.newtabpage.activity-stream.feeds.snippets" = false; - "browser.newtabpage.activity-stream.section.highlights.includePocket" = false; - "browser.newtabpage.activity-stream.section.highlights.includeBookmarks" = false; - "browser.newtabpage.activity-stream.section.highlights.includeDownloads" = false; - "browser.newtabpage.activity-stream.section.highlights.includeVisited" = false; - "browser.newtabpage.activity-stream.showSponsored" = false; - "browser.newtabpage.activity-stream.system.showSponsored" = false; - "browser.newtabpage.activity-stream.showSponsoredTopSites" = false; - }; - - search = { - # default = "Kagi"; - default = "google"; - # privateDefault = "Kagi"; - privateDefault = "google"; - engines = { - "Kagi" = { - urls = [{ - template = "https://kagi.com/search"; - params = [ - { name = "q"; value = "{searchTerms}"; } - ]; - }]; - icon = "https://kagi.com/favicon.ico"; - updateInterval = 24 * 60 * 60 * 1000; # every day - definedAliases = [ "@k" ]; - }; - - "Nix Packages" = { - urls = [{ - template = "https://search.nixos.org/packages"; - params = [ - { name = "type"; value = "packages"; } - { name = "query"; value = "{searchTerms}"; } - ]; - }]; - icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; - definedAliases = [ "@np" ]; - }; - - "NixOS Wiki" = { - urls = [{ - template = "https://nixos.wiki/index.php?search={searchTerms}"; - }]; - icon = "https://nixos.wiki/favicon.png"; - updateInterval = 24 * 60 * 60 * 1000; # every day - definedAliases = [ "@nw" ]; - }; - - "NixOS Options" = { - urls = [{ - template = "https://search.nixos.org/options"; - params = [ - { name = "query"; value = "{searchTerms}"; } - ]; - }]; - - icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; - definedAliases = [ "@no" ]; - }; - - "Home Manager Options" = { - urls = [{ - template = "https://home-manager-options.extranix.com/"; - params = [ - { name = "query"; value = "{searchTerms}"; } - ]; - }]; - - icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; - definedAliases = [ "@hm" "@ho" "@hmo" ]; - }; - - "Confluence search" = { - urls = [{ - template = "https://vbc.atlassian.net/wiki/search"; - params = [ - { name = "text"; value = "{searchTerms}"; } - ]; - }]; - - definedAliases = [ "@c" "@cf" "@confluence" ]; - }; - - "Jira search" = { - urls = [{ - template = "https://vbc.atlassian.net/issues/"; - params = [ - { name = "jql"; value = "textfields ~ \"{searchTerms}*\"&wildcardFlag=true"; } - ]; - }]; - - definedAliases = [ "@j" "@jire" ]; - }; - - "google".metaData.alias = "@g"; - }; - force = true; # this is required because otherwise the search.json.mozlz4 symlink gets replaced on every firefox restart - }; - }; - }; - }; + imports = lib.swarselsystems.mkImports importNames "modules/home/common" ++ + lib.swarselsystems.mkImports sharedNames "modules/shared"; } #+end_src @@ -11135,16 +10826,16 @@ This section has been notably empty ever since switching to stylix. Only Emacs i =theme= is defined in [[#h:5bc1b0c9-dc59-4c81-b5b5-e60699deda78][Theme (stylix)]]. #+begin_src nix-ts :noweb yes :tangle modules/home/common/stylix.nix - { lib, config, ... }: + { lib, config, vars, ... }: { options.swarselmodules.stylix = lib.mkEnableOption "stylix settings"; config = lib.mkIf config.swarselmodules.stylix { stylix = lib.mkIf (!config.swarselsystems.isNixos) (lib.recursiveUpdate { image = config.swarselsystems.wallpaper; - targets = config.swarselsystems.stylixHomeTargets; + targets = vars.stylixHomeTargets; } - config.swarselsystems.stylix); + vars.stylix); }; } #+end_src @@ -12661,7 +12352,7 @@ Also, I setup some search aliases for functions I often use, such as NixOS optio I used to build the firefox addon =bypass-paywalls-clean= myself here, but the maintainer always deletes old packages, and it became a chore for me to maintain here, so I no longer do that. #+begin_src nix-ts :tangle modules/home/common/firefox.nix - { config, pkgs, lib, ... }: + { config, pkgs, lib, vars, ... }: { options.swarselmodules.firefox = lib.mkEnableOption "firefox settings"; config = lib.mkIf config.swarselmodules.firefox { @@ -12806,7 +12497,7 @@ I used to build the firefox addon =bypass-paywalls-clean= myself here, but the m "browser.startup.homepage" = "https://lobste.rs"; }; } - config.swarselsystems.firefox; + vars.firefox; }; }; }; @@ -13628,7 +13319,8 @@ This section sets up all the imports that are used in the home-manager section. home.stateVersion = "23.05"; imports = [ "${self}/modules/home/common/settings.nix" - "${self}/modules/shared/sharedsetup.nix" + "${self}/modules/shared/options.nix" + "${self}/modules/shared/vars.nix" ]; } #+end_src @@ -13708,7 +13400,7 @@ The rest of the settings is at [[#h:fb3f3e01-7df4-4b06-9e91-aa9cac61a431][gaming The rest of the settings is at [[#h:bbf2ecb6-c8ff-4462-b5d5-d45b28604ddf][work]]. Here, I am setting up the different firefox profiles that I need for the SSO sites that I need to access at work as well as a few ssh shorthands. #+begin_src nix-ts :tangle modules/home/optional/work.nix :noweb yes - { self, config, pkgs, lib, nixosConfig ? config, ... }: + { self, config, pkgs, lib, vars, nixosConfig ? config, ... }: let inherit (config.swarselsystems) homeDir; in @@ -13836,7 +13528,7 @@ The rest of the settings is at [[#h:bbf2ecb6-c8ff-4462-b5d5-d45b28604ddf][work]] "browser.startup.homepage" = "${site1}|${site2}"; }; } - config.swarselsystems.firefox; + vars.firefox; "${user2}" = lib.recursiveUpdate { inherit isDefault; @@ -13845,13 +13537,13 @@ The rest of the settings is at [[#h:bbf2ecb6-c8ff-4462-b5d5-d45b28604ddf][work]] "browser.startup.homepage" = "${site3}"; }; } - config.swarselsystems.firefox; + vars.firefox; "${user3}" = lib.recursiveUpdate { inherit isDefault; id = 3; } - config.swarselsystems.firefox; + vars.firefox; work = lib.recursiveUpdate { inherit isDefault; @@ -13860,7 +13552,7 @@ The rest of the settings is at [[#h:bbf2ecb6-c8ff-4462-b5d5-d45b28604ddf][work]] "browser.startup.homepage" = "${site4}|${site5}|${site6}|${site7}"; }; } - config.swarselsystems.firefox; + vars.firefox; }; }; @@ -14182,6 +13874,315 @@ This holds configuration that is specific to framework laptops. }; } #+end_src +** Shared +*** Configuration options +:PROPERTIES: +:CUSTOM_ID: h:79f7150f-b162-4f57-abdf-07f40dffd932 +:END: + +#+begin_src nix-ts :noweb yes :tangle modules/shared/options.nix + { self, config, lib, ... }: + { + options.swarselsystems = { + withHomeManager = lib.mkOption { + type = lib.types.bool; + default = true; + }; + isSwap = lib.mkOption { + type = lib.types.bool; + default = true; + }; + swapSize = lib.mkOption { + type = lib.types.str; + default = "8G"; + }; + rootDisk = lib.mkOption { + type = lib.types.str; + default = ""; + }; + mainUser = lib.mkOption { + type = lib.types.str; + default = "swarsel"; + }; + isCrypted = lib.mkEnableOption "uses full disk encryption"; + + isImpermanence = lib.mkEnableOption "use impermanence on this system"; + isSecureBoot = lib.mkEnableOption "use secure boot on this system"; + isLaptop = lib.mkEnableOption "laptop host"; + isNixos = lib.mkEnableOption "nixos host"; + isPublic = lib.mkEnableOption "is a public machine (no secrets)"; + isDarwin = lib.mkEnableOption "darwin host"; + isLinux = lib.mkEnableOption "whether this is a linux machine"; + isBtrfs = lib.mkEnableOption "use btrfs filesystem"; + sopsFile = lib.mkOption { + type = lib.types.str; + default = "${config.swarselsystems.flakePath}/secrets/${config.node.name}/secrets.yaml"; + }; + homeDir = lib.mkOption { + type = lib.types.str; + default = "/home/swarsel"; + }; + xdgDir = lib.mkOption { + type = lib.types.str; + default = "/run/user/1000"; + }; + flakePath = lib.mkOption { + type = lib.types.str; + default = "/home/swarsel/.dotfiles"; + }; + wallpaper = lib.mkOption { + type = lib.types.path; + default = "${self}/files/wallpaper/lenovowp.png"; + }; + sharescreen = lib.mkOption { + type = lib.types.str; + default = ""; + }; + lowResolution = lib.mkOption { + type = lib.types.str; + default = ""; + }; + highResolution = lib.mkOption { + type = lib.types.str; + default = ""; + }; + }; + } +#+end_src + +*** Variables (vars; holds firefox & stylix config parts) + +At work I am using several services that are using SSO login - however, as I am using four different accounts at work, this becomes a chore here. Hence, I have defined multiple profiles in [[#h:f0b2ea93-94c8-48d8-8d47-6fe58f58e0e6][Work]] that are all practically using the same configuration. To save screen space, I template that profile here. +Set in firefox =about:config > toolkit.legacyUserProfileCustomizations.stylesheets= to true. This should in principle be set automatically using the below config, but it seems not to be working reliably + +For styling, I am using the [[https://github.com/danth/stylix][stylix]] NixOS module, loaded by flake. This package is really great, as it adds nix expressions for basically everything. Ever since switching to this, I did not have to play around with theming anywhere else. + +The full list of nerd-fonts can be found here: https://github.com/NixOS/nixpkgs/blob/nixos-unstable/pkgs/data/fonts/nerd-fonts/manifests/fonts.json + +This is where the theme for the whole OS is defined. Originally, this noweb-ref section could not be copied to the general NixOS config since they are on different folder structure levels in the config, which would have made the flake impure. By now, I have found out that using the =${self}= method for referencing the flake root, I could circumvent this problem. Also, the noweb-ref block could in general be replaced by a custom attribute set (see for example [[#h:e7f98ad8-74a6-4860-a368-cce154285ff0][firefox]]). The difference here was, for a long time, that this block is used in a NixOS and a home-manager-only configuration, verbatim. If I were to use an attribute set, I would have to duplicate this block once each for NixOS and home-manager. Alas, this block stays (for now). However, I learned how to use an attribute set in a custom home-manager module and pass it to both NixOS and home-manager configurations, which also removed the need for that use of it. + +#+begin_src nix-ts :noweb yes :tangle modules/shared/vars.nix + { self, lib, pkgs, ... }: + { + _module.args = { + vars = { + stylix = { + polarity = "dark"; + opacity.popups = 0.5; + cursor = { + package = pkgs.banana-cursor; + # package = pkgs.capitaine-cursors; + name = "Banana"; + # name = "capitaine-cursors"; + size = 16; + }; + fonts = { + sizes = { + terminal = 10; + applications = 11; + }; + serif = { + # package = (pkgs.nerdfonts.override { fonts = [ "FiraMono" "FiraCode"]; }); + package = pkgs.cantarell-fonts; + # package = pkgs.montserrat; + name = "Cantarell"; + # name = "FiraCode Nerd Font Propo"; + # name = "Montserrat"; + }; + sansSerif = { + # package = (pkgs.nerdfonts.override { fonts = [ "FiraMono" "FiraCode"]; }); + package = pkgs.cantarell-fonts; + # package = pkgs.montserrat; + name = "Cantarell"; + # name = "FiraCode Nerd Font Propo"; + # name = "Montserrat"; + }; + monospace = { + package = pkgs.nerd-fonts.fira-mono; # has overrides + name = "FiraCode Nerd Font Mono"; + }; + emoji = { + package = pkgs.noto-fonts-emoji; + name = "Noto Color Emoji"; + }; + }; + }; + + stylixHomeTargets = { + emacs.enable = false; + waybar.enable = false; + sway.useWallpaper = false; + firefox.profileNames = [ "default" ]; + }; + + firefox = { + userChrome = builtins.readFile "${self}/files/firefox/chrome/userChrome.css"; + extensions = { + packages = with pkgs.nur.repos.rycee.firefox-addons; [ + tridactyl + tampermonkey + sidebery + browserpass + clearurls + darkreader + enhancer-for-youtube + istilldontcareaboutcookies + translate-web-pages + ublock-origin + reddit-enhancement-suite + sponsorblock + web-archives + onepassword-password-manager + single-file + widegithub + enhanced-github + unpaywall + don-t-fuck-with-paste + plasma-integration + noscript + + # configure a shortcut 'ctrl+shift+c' with behaviour 'do nothing' in order to disable the dev console shortcut + (buildFirefoxXpiAddon { + pname = "shortkeys"; + version = "4.0.2"; + addonId = "Shortkeys@Shortkeys.com"; + url = "https://addons.mozilla.org/firefox/downloads/file/3673761/shortkeys-4.0.2.xpi"; + sha256 = "c6fe12efdd7a871787ac4526eea79ecc1acda8a99724aa2a2a55c88a9acf467c"; + meta = with lib; + { + description = "Easily customizable custom keyboard shortcuts for Firefox. To configure this addon go to Addons (ctrl+shift+a) ->Shortkeys ->Options. Report issues here (please specify that the issue is found in Firefox): https://github.com/mikecrittenden/shortkeys"; + mozPermissions = [ + "tabs" + "downloads" + "clipboardWrite" + "browsingData" + "storage" + "bookmarks" + "sessions" + "" + ]; + platforms = platforms.all; + }; + }) + ]; + }; + + settings = + { + "extensions.autoDisableScopes" = 0; + "browser.bookmarks.showMobileBookmarks" = true; + "toolkit.legacyUserProfileCustomizations.stylesheets" = true; + "browser.search.suggest.enabled" = false; + "browser.search.suggest.enabled.private" = false; + "browser.urlbar.suggest.searches" = false; + "browser.urlbar.showSearchSuggestionsFirst" = false; + "browser.topsites.contile.enabled" = false; + "browser.newtabpage.activity-stream.feeds.section.topstories" = false; + "browser.newtabpage.activity-stream.feeds.snippets" = false; + "browser.newtabpage.activity-stream.section.highlights.includePocket" = false; + "browser.newtabpage.activity-stream.section.highlights.includeBookmarks" = false; + "browser.newtabpage.activity-stream.section.highlights.includeDownloads" = false; + "browser.newtabpage.activity-stream.section.highlights.includeVisited" = false; + "browser.newtabpage.activity-stream.showSponsored" = false; + "browser.newtabpage.activity-stream.system.showSponsored" = false; + "browser.newtabpage.activity-stream.showSponsoredTopSites" = false; + }; + + search = { + # default = "Kagi"; + default = "google"; + # privateDefault = "Kagi"; + privateDefault = "google"; + engines = { + "Kagi" = { + urls = [{ + template = "https://kagi.com/search"; + params = [ + { name = "q"; value = "{searchTerms}"; } + ]; + }]; + icon = "https://kagi.com/favicon.ico"; + updateInterval = 24 * 60 * 60 * 1000; # every day + definedAliases = [ "@k" ]; + }; + + "Nix Packages" = { + urls = [{ + template = "https://search.nixos.org/packages"; + params = [ + { name = "type"; value = "packages"; } + { name = "query"; value = "{searchTerms}"; } + ]; + }]; + icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; + definedAliases = [ "@np" ]; + }; + + "NixOS Wiki" = { + urls = [{ + template = "https://nixos.wiki/index.php?search={searchTerms}"; + }]; + icon = "https://nixos.wiki/favicon.png"; + updateInterval = 24 * 60 * 60 * 1000; # every day + definedAliases = [ "@nw" ]; + }; + + "NixOS Options" = { + urls = [{ + template = "https://search.nixos.org/options"; + params = [ + { name = "query"; value = "{searchTerms}"; } + ]; + }]; + + icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; + definedAliases = [ "@no" ]; + }; + + "Home Manager Options" = { + urls = [{ + template = "https://home-manager-options.extranix.com/"; + params = [ + { name = "query"; value = "{searchTerms}"; } + ]; + }]; + + icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; + definedAliases = [ "@hm" "@ho" "@hmo" ]; + }; + + "Confluence search" = { + urls = [{ + template = "https://vbc.atlassian.net/wiki/search"; + params = [ + { name = "text"; value = "{searchTerms}"; } + ]; + }]; + + definedAliases = [ "@c" "@cf" "@confluence" ]; + }; + + "Jira search" = { + urls = [{ + template = "https://vbc.atlassian.net/issues/"; + params = [ + { name = "jql"; value = "textfields ~ \"{searchTerms}*\"&wildcardFlag=true"; } + ]; + }]; + + definedAliases = [ "@j" "@jire" ]; + }; + + "google".metaData.alias = "@g"; + }; + force = true; # this is required because otherwise the search.json.mozlz4 symlink gets replaced on every firefox restart + }; + }; + }; + }; + } +#+end_src + ** Packages :PROPERTIES: :CUSTOM_ID: h:64a5cc16-6b16-4802-b421-c67ccef853e1 diff --git a/modules/home/common/default.nix b/modules/home/common/default.nix index a7035d0..e7b9ac5 100644 --- a/modules/home/common/default.nix +++ b/modules/home/common/default.nix @@ -1,9 +1,9 @@ -{ self, lib, ... }: +{ lib, ... }: let importNames = lib.swarselsystems.readNix "modules/home/common"; + sharedNames = lib.swarselsystems.readNix "modules/shared"; in { - imports = lib.swarselsystems.mkImports importNames "modules/home/common" ++ [ - "${self}/modules/shared/sharedsetup.nix" - ]; + imports = lib.swarselsystems.mkImports importNames "modules/home/common" ++ + lib.swarselsystems.mkImports sharedNames "modules/shared"; } diff --git a/modules/home/common/firefox.nix b/modules/home/common/firefox.nix index 7f7e3fe..7905b0b 100644 --- a/modules/home/common/firefox.nix +++ b/modules/home/common/firefox.nix @@ -1,4 +1,4 @@ -{ config, pkgs, lib, ... }: +{ config, pkgs, lib, vars, ... }: { options.swarselmodules.firefox = lib.mkEnableOption "firefox settings"; config = lib.mkIf config.swarselmodules.firefox { @@ -143,7 +143,7 @@ "browser.startup.homepage" = "https://lobste.rs"; }; } - config.swarselsystems.firefox; + vars.firefox; }; }; }; diff --git a/modules/home/common/stylix.nix b/modules/home/common/stylix.nix index 10dd04e..763c4d2 100644 --- a/modules/home/common/stylix.nix +++ b/modules/home/common/stylix.nix @@ -1,12 +1,12 @@ -{ lib, config, ... }: +{ lib, config, vars, ... }: { options.swarselmodules.stylix = lib.mkEnableOption "stylix settings"; config = lib.mkIf config.swarselmodules.stylix { stylix = lib.mkIf (!config.swarselsystems.isNixos) (lib.recursiveUpdate { image = config.swarselsystems.wallpaper; - targets = config.swarselsystems.stylixHomeTargets; + targets = vars.stylixHomeTargets; } - config.swarselsystems.stylix); + vars.stylix); }; } diff --git a/modules/home/darwin/default.nix b/modules/home/darwin/default.nix index f6ebde9..9ff48b2 100644 --- a/modules/home/darwin/default.nix +++ b/modules/home/darwin/default.nix @@ -3,6 +3,7 @@ home.stateVersion = "23.05"; imports = [ "${self}/modules/home/common/settings.nix" - "${self}/modules/shared/sharedsetup.nix" + "${self}/modules/shared/options.nix" + "${self}/modules/shared/vars.nix" ]; } diff --git a/modules/home/optional/work.nix b/modules/home/optional/work.nix index 7c88a65..cd91509 100644 --- a/modules/home/optional/work.nix +++ b/modules/home/optional/work.nix @@ -1,4 +1,4 @@ -{ self, config, pkgs, lib, nixosConfig ? config, ... }: +{ self, config, pkgs, lib, vars, nixosConfig ? config, ... }: let inherit (config.swarselsystems) homeDir; in @@ -126,7 +126,7 @@ in "browser.startup.homepage" = "${site1}|${site2}"; }; } - config.swarselsystems.firefox; + vars.firefox; "${user2}" = lib.recursiveUpdate { inherit isDefault; @@ -135,13 +135,13 @@ in "browser.startup.homepage" = "${site3}"; }; } - config.swarselsystems.firefox; + vars.firefox; "${user3}" = lib.recursiveUpdate { inherit isDefault; id = 3; } - config.swarselsystems.firefox; + vars.firefox; work = lib.recursiveUpdate { inherit isDefault; @@ -150,7 +150,7 @@ in "browser.startup.homepage" = "${site4}|${site5}|${site6}|${site7}"; }; } - config.swarselsystems.firefox; + vars.firefox; }; }; diff --git a/modules/nixos/client/stylix.nix b/modules/nixos/client/stylix.nix index 6fbe7f3..4c45cbe 100644 --- a/modules/nixos/client/stylix.nix +++ b/modules/nixos/client/stylix.nix @@ -1,4 +1,4 @@ -{ self, lib, config, ... }: +{ self, lib, config, vars, ... }: { options.swarselmodules.stylix = lib.mkEnableOption "stylix config"; config = { @@ -11,10 +11,10 @@ targets.grub.enable = false; # the styling makes grub more ugly image = config.swarselsystems.wallpaper; } - config.swarselsystems.stylix); + vars.stylix); home-manager.users."${config.swarselsystems.mainUser}" = { stylix = { - targets = config.swarselsystems.stylixHomeTargets; + targets = vars.stylixHomeTargets; }; }; }; diff --git a/modules/nixos/common/default.nix b/modules/nixos/common/default.nix index e76fb8b..8c1a26b 100644 --- a/modules/nixos/common/default.nix +++ b/modules/nixos/common/default.nix @@ -1,11 +1,9 @@ -{ self, lib, ... }: +{ lib, ... }: let importNames = lib.swarselsystems.readNix "modules/nixos/common"; + sharedNames = lib.swarselsystems.readNix "modules/shared"; in { - imports = lib.swarselsystems.mkImports importNames "modules/nixos/common" ++ [ - "${self}/modules/shared/sharedsetup.nix" - ]; - - + imports = lib.swarselsystems.mkImports importNames "modules/nixos/common" ++ + lib.swarselsystems.mkImports sharedNames "modules/shared"; } diff --git a/modules/shared/options.nix b/modules/shared/options.nix new file mode 100644 index 0000000..f126351 --- /dev/null +++ b/modules/shared/options.nix @@ -0,0 +1,67 @@ +{ self, config, lib, ... }: +{ + options.swarselsystems = { + withHomeManager = lib.mkOption { + type = lib.types.bool; + default = true; + }; + isSwap = lib.mkOption { + type = lib.types.bool; + default = true; + }; + swapSize = lib.mkOption { + type = lib.types.str; + default = "8G"; + }; + rootDisk = lib.mkOption { + type = lib.types.str; + default = ""; + }; + mainUser = lib.mkOption { + type = lib.types.str; + default = "swarsel"; + }; + isCrypted = lib.mkEnableOption "uses full disk encryption"; + + isImpermanence = lib.mkEnableOption "use impermanence on this system"; + isSecureBoot = lib.mkEnableOption "use secure boot on this system"; + isLaptop = lib.mkEnableOption "laptop host"; + isNixos = lib.mkEnableOption "nixos host"; + isPublic = lib.mkEnableOption "is a public machine (no secrets)"; + isDarwin = lib.mkEnableOption "darwin host"; + isLinux = lib.mkEnableOption "whether this is a linux machine"; + isBtrfs = lib.mkEnableOption "use btrfs filesystem"; + sopsFile = lib.mkOption { + type = lib.types.str; + default = "${config.swarselsystems.flakePath}/secrets/${config.node.name}/secrets.yaml"; + }; + homeDir = lib.mkOption { + type = lib.types.str; + default = "/home/swarsel"; + }; + xdgDir = lib.mkOption { + type = lib.types.str; + default = "/run/user/1000"; + }; + flakePath = lib.mkOption { + type = lib.types.str; + default = "/home/swarsel/.dotfiles"; + }; + wallpaper = lib.mkOption { + type = lib.types.path; + default = "${self}/files/wallpaper/lenovowp.png"; + }; + sharescreen = lib.mkOption { + type = lib.types.str; + default = ""; + }; + lowResolution = lib.mkOption { + type = lib.types.str; + default = ""; + }; + highResolution = lib.mkOption { + type = lib.types.str; + default = ""; + }; + }; +} diff --git a/modules/shared/sharedsetup.nix b/modules/shared/vars.nix similarity index 78% rename from modules/shared/sharedsetup.nix rename to modules/shared/vars.nix index 13c96a2..79b753a 100644 --- a/modules/shared/sharedsetup.nix +++ b/modules/shared/vars.nix @@ -1,72 +1,8 @@ -{ self, config, lib, pkgs, ... }: +{ self, lib, pkgs, ... }: { - options.swarselsystems = { - withHomeManager = lib.mkOption { - type = lib.types.bool; - default = true; - }; - isSwap = lib.mkOption { - type = lib.types.bool; - default = true; - }; - swapSize = lib.mkOption { - type = lib.types.str; - default = "8G"; - }; - rootDisk = lib.mkOption { - type = lib.types.str; - default = ""; - }; - mainUser = lib.mkOption { - type = lib.types.str; - default = "swarsel"; - }; - isCrypted = lib.mkEnableOption "uses full disk encryption"; - - isImpermanence = lib.mkEnableOption "use impermanence on this system"; - isSecureBoot = lib.mkEnableOption "use secure boot on this system"; - isLaptop = lib.mkEnableOption "laptop host"; - isNixos = lib.mkEnableOption "nixos host"; - isPublic = lib.mkEnableOption "is a public machine (no secrets)"; - isDarwin = lib.mkEnableOption "darwin host"; - isLinux = lib.mkEnableOption "whether this is a linux machine"; - isBtrfs = lib.mkEnableOption "use btrfs filesystem"; - sopsFile = lib.mkOption { - type = lib.types.str; - default = "${config.swarselsystems.flakePath}/secrets/${config.node.name}/secrets.yaml"; - }; - homeDir = lib.mkOption { - type = lib.types.str; - default = "/home/swarsel"; - }; - xdgDir = lib.mkOption { - type = lib.types.str; - default = "/run/user/1000"; - }; - flakePath = lib.mkOption { - type = lib.types.str; - default = "/home/swarsel/.dotfiles"; - }; - wallpaper = lib.mkOption { - type = lib.types.path; - default = "${self}/files/wallpaper/lenovowp.png"; - }; - sharescreen = lib.mkOption { - type = lib.types.str; - default = ""; - }; - lowResolution = lib.mkOption { - type = lib.types.str; - default = ""; - }; - highResolution = lib.mkOption { - type = lib.types.str; - default = ""; - }; - - stylix = lib.mkOption { - type = lib.types.attrs; - default = { + _module.args = { + vars = { + stylix = { polarity = "dark"; opacity.popups = 0.5; cursor = { @@ -107,20 +43,15 @@ }; }; }; - }; - stylixHomeTargets = lib.mkOption { - type = lib.types.attrs; - default = { + + stylixHomeTargets = { emacs.enable = false; waybar.enable = false; sway.useWallpaper = false; firefox.profileNames = [ "default" ]; }; - }; - firefox = lib.mkOption { - type = lib.types.attrs; - default = { + firefox = { userChrome = builtins.readFile "${self}/files/firefox/chrome/userChrome.css"; extensions = { packages = with pkgs.nur.repos.rycee.firefox-addons; [ diff --git a/secrets/repo/pii.nix.enc b/secrets/repo/pii.nix.enc index 0ce9956..06c93dc 100644 --- a/secrets/repo/pii.nix.enc +++ b/secrets/repo/pii.nix.enc @@ -1,5 +1,5 @@ { - "data": "ENC[AES256_GCM,data:ZCr4rLLBECUNkFevlJ+D+F/EzVf2UiIEQ3+L7joyWsX2VRNYYNQGGy3PN20a3unME4PpeTeYNLTqrLOX2rSPO7SW5jOnesAEwLfVwIpUfcJAp37Mc0LOcs/nJHS9wkkIeIee5oOL2pzBtyBq2f6hdRewjwmJNOiXiK0z8WTo7peO72JihfLFAknAFYGvJUC0he1LsbOQIY7JQ0DACG5Kw+eNdYi8HnB47dwHnH+GKklfgOybQfRs0c/YGKKDuzaPSvzd3cdZdzhUPQao1YbvLIUI/VQeImZQvIMjgzkgY8AunbNYlxbDXlvJcXc6z2hXg0NQLndEGALsCAgxoARsxYI2yXIJZcRVqkwFG4beOuRTwoRoDD02IIuSVAT6X8GGf4+wWmWBetawO7Bfxxe4eFu1q2kzzS16XIy4+CllUYDhIyPi8Nig3gVN8ZF85X5r5grpeJBxrE8/cZPevX6OeFO/BxEkfwaukPTtqmPySNzYkcbPgiaYwTmgFrMcsn/RGPm5CrrY1RMiY+2M7RPn9bfvjbHR3U8IwKqM6TGTLAIodfW04Ee8mVH7S7SQnz3lzfmKhUWUw+BsKUgbObs9KIx2ytncuQwq1AubdZGPaZ5HgWCtIlvK2KsN/Y+hTZjkGiqk+K9pzhthQOrsLT6vOM50cNqUkzHcvu8TXnRknXzalH85VEB4Q+zQBRN4Qvu15tE9xTZYe32Xu4qCb9qvRcaCLAh4cmTAirORwVBNs5apEDl8Sl9MzM54+SM4QZbJ5XBLJzUsBqVEVSY9p43lTV1cpJtVbcZ2kTti9fj+7WMeFUAwuq0uVal0JTOHgpU0VcxwHPoXo2IC5KS/3TEaHEHtSIqOjsO/dqTfCqUuhUTDdLajTvOdqGShrQtaRq0sGa2b2n6dqj3CRNuwTSdqg9b19zABGBRTZ7QNTfYwZuiAAfUtYszd9JW4T7TZIocYNlvBSzhkc969WO+tAu/WChrHWuYPtz2sYxGaujFLEKiTEU1NnFiNel9wuqz5JnnQzxS19H3wiCroJ9kFrjFYtTeTTv4xe4197tq0eBs92JqzUi3M2bjSL/vBLWXG91eFxhMkucEg04KlBRcPACCGHM0q0ffrrHhHqRmDm53ba/74qA9jH64oIAPiRafk+5o32VCyaOhLEaP/iTDlaY1kdzMgrnkgVrcrXKQAOGO5mAVwvwreXGnBkubi2zf2AcbTKoG2d1rOlowkP+/x5x0fVXqQIjETFr1ZCt5qtf2uRn4o4Ee/JxbVor1+nGrToam0pF2gVY098ASzUeKBnNZPJLefnhfM9u3/TplfvTumcYd5ilM/FraKJ23E4UKQ8ErWDMTJUDse8KuIu6yRCGG7hLPo1OEXCyzKMigzZjkalv/BrKZgXUpZQ6VdBQj4EutetI62CwY3oJ/gy2c2WpLBi+YXGzIJiVVJuVoEg7UOjq6zYbrZc3kwYz/AUZjUsw0f2xJMhvsRrEgJzUEVUk+EsxtnNsEVKndnikwRjKjNeKT+gADEKdFQp5WTLT2jdEAynY6evR7cuLGt6yprnniiYn/QB5s3Q/ogOinkYj6zTcsL3PI0HI5pptVBccKTFA7v7CeRS840zcxYi7f7powNOKSqhZ2QtQv4mEkaW6+khx5lSM6mXAwgolknz3jmSvN7FC1qqIrFLeyKgtg/nCQWx/KdFuTYVzcIUHyL8HCdyl+X+MQa1ZMqyEYkQ3ap24pIhuQG8Eu5Jh+vIEcv7qOkBWsU6dyuyLd8GxIaJC/1qbYsETgCPW9Tmt3k63BdEDj/9QDoO1HxZJW65sJNOEyl/5fhhwt58J20UeXtLevVufG7ZthY860QMxiwtsRgae/jCKj1QtsepELWXovTIzl4D1U1j9GTgO4yxtUgPl3V0ukLHkdrptWOKLFo1BPbUaLRM7bTiEeHZvq9mDAl0kGyZ4Kl39b4/pvTydNlM+BywavjYSIijClg/I51tWY19YoHtyHHKyPpTSkgGJ120efATo86XxVz+yxtievPlgbqxilWUIm24igYBh9GUAzvmpDvnUHBfgpscnN3B1B3Kn6MXqzFV1oQ/q4ML77eAwUtOf9b4Hp4aeP85wa5fmxqC6zga/pa/NfE6v3LT26cwPYc6JAqg3W8Gmrhy6bJ6WO2pOf1Eh6wVs8Cu+Rsw9HND6xkjXN53R1/6U2Gsmv2+xY+D01rVPBndJSoeJPL7ujwh3kG1qmzeGbMYSbuG+eOrW9e8WiBBOnojfGHnfRBBCa46gvq/YdRtXMODRg03JJoPBZwHyc3o7ee8UIUtABu9PBkzhdspCy9v7V5rwRx19W4pf8T+igR41a+/qNP+zgPu62NtZ0BmxupAn5v4Nn4yCgEydifiu6KkeWEWmElzy/CwNRgZ0D7B/SQN1knr36fpLSLwdlyXNW7vqx15tgbYRBz29+ZWVoesM2M/gNrKUJtKs6jcAgxnKYD6tqyuQcF3G6p6aUQTrnXi7t3YVzFSSUCaaDSY9XGoZ6m8oN4bDgGkPnehtBch7XJn7oGHqvY2S+u3LuHIhhHK+hA8Si9WWpRPUbzjJRAQzlDf5zfRa2nPVVz4RpdVPPtrD8AnWkDgYn/JusNzIkLRr/0czSeqWtQRRthrY7YFqD12eI3JjSgk1G5KByfW5P/Iv8QUVb2btLYbkoy3J+5SvQhGKTiZEYD8mE2AL3ak3Al965jSVK3fJY4f53+hEhm1bVEtComhVB5X7+n82POOrhrgoas60aNeR8f1uxLzHNYoOY42TcwANqW0KG3+NHFGtIKCn0wLbAg91QSgaj/KMCVJuPVVUc0Uvt2xDd77qiIMKVqbxOlyWeVjUGfXykh5+NhlSE9TktlKjpVVsF+mWtA9di58JDlvc/OA4rSHnOnlL/8Tc9ZCUXO5iYB5/NsRY7o8UEEHMPOsYjNwii4RsIplcLitxj2kc8zSYYDO/7Tqil6Vo1fOWECbqcIEA2m59fNTQmSaZ1QCgEP/KsYswwGDxdZTDU2cyfcDsReNghUdg2u0pqJQdsaQn3C6yUNxBlnyuUW29BAlbOyUUPW+98EeW16PSNRM5JZLRXXJLqxcuPxF7XwLvzB8qYV8Oi34WWnKES4wOSZD3f2y2XlRvOzfK1+7c7ofOQ3v1ufu42x+tAvmnmc6YfNnU7ybeekHCDusKGORMlFl1N7a2RaT2mi72ems0ztTuGG7gdlrYldYOQ0dEqD1oeNWLrlOqnWVQwMT9eZ,iv:0eoQAssueYsHRvU1qHTSdryeZxeTYv+mDMt2uQR64hA=,tag:N62wqpHutX4mUAFkfiS6vQ==,type:str]", + "data": "ENC[AES256_GCM,data:RXqAVgmdB8Ft+ESp72zdkSwT+WfIpbSPll7my39Tqfuo4HmoHlRJar7TfRfK2CDm1qKF1Zxg6CNt4P5lfX+CpdLkesPQ24wSKrIWYjE+Ayfns4V0je/OZKpIB+3nP0jVq5g2Cwf4bfV0SbH7O2Y3plU9mfhIiFw/EL7M+3KcmJks3etBjJQczrctQdfvZnnYelYIcwk2o1Gqv/DQROxtv32YxyXL3NHLhOwnNeIv4jQpR8iF0+yuV90NVzVuIVoGSfGmg1FgAWeu37Si0+qC2qqvw6aWRPnKSMqeydSFjR4O/2aQIBHy9VFLLP65Vd1DApUxRlwhDesMNOLLeC2+mw6G02o+vcHvkAR0NljUdPPfKPGr6bRYR//MDvAmIFX7ysJ7077vcKio5teecwEkW7I0dsRhMj2wex0z9GxztPOr9WIvSwBUfGwRkTAhEOQk9fTIc6FVWF/O2dZUFPGwhFMw4NOgSL/q6mmqmtqUjtyw+SWWoEUm4Y/P0FpZoiu0TxUDcyJQ/kZsLkbRzbMjFh9pzY/VakleW4sNqrcGlj0y8aQLw2Ct4FpgRL8YLd7P3VYP86231zsrlge6jLx8fZU4NGwq+BPgMqqJH44WmKT6my+LqPY2ktZij1JGom694vmu+yjP+JB2APNRV4qE0apR3qhWL0CBCXQUTJ6rKIPVgwMlCSb4eVKDgBq77idlkAuRb2ej+0+M2JWZen8dxp+CGZh/qwBB6UOG8MbceRupA/IjiXW3ssHNaKJDlWh5oxbBVlU1Gk3wULFR25Jgq4tEWQWkPPOF2iWyVI/n6kQXqg2IMeFIi3+MMxjNsKDIjvvvT7NeUU0y1WlcOUsxakWk/HP7+OacpySrlEpc0xJKOxITiiX6JWZDl51kau9W6ntyrOOoeLSCZdNBcTo43Mx3nHOlJ6I5R2O9A7axVV1jlJgshfAmyfyt+O4H1qoSLS1mZFk8D1qy+Eui8pZDHYK1A+5I0b/QiJ8EmmhNrL30g9lo97eTln+u3u2eZmSWqV3eWeeFSx1YxfYU6LWI8sz7qTbxSUndQ7IrvVazM/D8h0Xa24PsGB+c6PN9M74sQ6JJQ4CdeJGFmJkInVnK0HuqtF92IF/0xejqshX9xsWQ/VnK2QpIjtNWmH5merkEhKBOS2lnQePUQNJSTAYPcM5aGNVQmOUaEIE1+kDICa6HAGkCYU+1Cdi6+RUxlSqL6T9SESmxPepksMPukT14+Ah3tAl8iDKo5zLUx0g0a51JbuEsc0/u6jWF/9wfLM5N3kITEoplwkV8EYW/0NsSNwletUzA+DrV1EiVmL1dShbwIzU+He2EnzHytJX+J7XtXn8BBJNl0bL1kXT0EM+BF52qlMw+QpZWVdlxrCP7ysfnMUb3K1j8XiNGpFT4IXeYrI1UnnO1zH/sE2aoLe8PcZfqEXs2OyyGXeSk6dbSWMHDboTu+xwrHXfZ/JRjsw7BT+uvzqoNTqPB9xPRpNd58QejgiLTz4ko3KIPrUi8ri1v/5VusDdkKr6Reoa9/Tx7Ri8/BMENxpFWh7qrAU4Kk6jIrZnUf2h2bPCiRkWkBroknDaVjwtbgEYJtEePXplAVIJiwOZcno+gPAaEkDgurZMwTSBawNW9MwA9ANuJFUCFMoGZ6czVQBVvrN9VqL7v1qM0kwvGoM2b8BOWcntLjiXByWrX/1lY0qoHfxrIIf1gHH/irX4qiGhtoChlRvuOBeV2tHYjOrQOHsKOhlFNduGqKuaIYBerKlTbVDRPUC1tng6kMU9bcAQ6u/gjR3VyxleQkLwJ61RHKCO5e6hhM8hzhqHmjBljfF+JdgPyCbgmZIUcdqpgFL5l1z1YE5SFd5WV6q76mVu6paHYirZdZRvOQsVn52pihaN6FMRcNUrks64dF7CCXJ4Hnu3WBXl20F1/NPtEPFtKBdVjOfCBoTGtItreCEuWB5fpWzSE583p9znJI0beSHO5Yq0kB8ek1HDBZ7Tu8eiZAOR2QnGiONKSheDs6Tjc98ebaJhlelo4H7U7B5hWulXwViipDnilSSUO4ofD1mcU5AJ9QX54HUMWf6iiOIMZTtMA9gXAxkSwcEGDF3eBkVRCQuRz1N9kYbJhfhOYi9OLaB+AFbEBkm+XqZ/0i8jBjR3X87SXv3/drC3tumfDMmDCwj5tagvyMvQAm4ZV6cNn116T9YNY58zGyavEGCjM3RDinJ6EX6LLyUHGcnjUUtM5arI7PiSuYmxh4OcpEAcsNfVo+DSeC843X3wcRJvv5fx8WSUDszDCGPWCdF0LDrpYPu9KxzNqSVEXq+Vi1DPVE7Q7tuz5b9/gjo82tlQgdQIH3VQGCayncHt1u6D+oA0pBL79Nho/FHiI7ucZgivNmkET6swpmxjOSCNJOW9XYIqhjLCQ3y7JYnJ9fz2+sKKCBBc23O4BDWKXnkn7UqNyVoZCByJiWh/IBY/aTakJSymGvM14J1c+UEq4aFfi07WUW+NC5fpz446qggTLzA0JmFrRIuJLf5GbKFn3PpLseO4qTKnJu/XdvA+i0P3KDcIx7BVJ9065QK2NF2wBaWE105is2VWZ4sYyvKL9u0OxwlrnLS2+fBzf+f+EFCMLfa2UyVEqpKdJSB6h7H5yk4S8kt+BUHS1hAlgWGz3oID2i0lKqh7E9DzuQQh3pAGMIXhc3oFf90lAVeM6gQ6K25DK8LY8mXnVyL9Y9UOpLFLvlEdHZVsG6xDWBfuHeN8nMNSRircY2U/Vp9Y880OxUvPurSWXZk2SUFXkCC6QQdoSvJbgfymWoQe85aRJ8tRA2NQ+MtAygmflhQ1lCyGBMF4J1TNL5OyVnPXpeGZKGOXkz2pvNSZpfMYIm/WwOloapQZflSePmWRRjrMuAusPMrnAuRrDeBJl5LdKfuLg5AGyVI8/dd7T4mtbU3hefX04xRyR36oTxux/bpGFPoh6+keNHYpUWma5bwe7PAJ5D7IXb4+BvtxwU77x8ewM4TQ0tCvi5r05euPxkOdKxmF/gRFcB/MOQLCUlRiZ5OKVqXb41f+ydtj0IM78XNTa/yFdH9djLD1tPyKlX4DifzACPcvBuzelf01/8Ruyg7Xj/ow0nUmMxqLJmEmYckumhDjJQxP0UajtOFbk2mVIth3Vul2ipHFOC9rOMPbibZG33mY34jiswgvrD5RzgRVBl4x9pOvgdAQxfsuyc/B/8k7fWlsZMWFNA6aLwwPmo5BxdYSQfQ08,iv:I78O1MiGdRLzf7mA2MpIO0fdwjin1dDh82q4sRbOuMg=,tag:UQyx7W8C8FWmKGyVT9SpCg==,type:str]", "sops": { "age": [ { @@ -27,8 +27,8 @@ "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtU240VjVRZmJ5TGsrclJF\nRXRLbTRCZURtR0Z3d2E2eDNNeGRDODlXVEY4CllTeVFYbDJQWlRSS1RFLzAxSnlM\nZi9NU1c3cWo3YWRLcUJ2U2ZFWFBBVEEKLS0tIGtmZU9qSWdBT3RDeStaaFFDSWtk\ndkUzZXJwZUl4LzVxYXdidmxXRnNnclUKyAMZqCKSY/RQvTR4bbjLaPnGKwdBcHXc\nvtiVSrLdIdzMa6id/J07TJH5UesUmcp0wjU41MDa4aMBLy+cXhuBHA==\n-----END AGE ENCRYPTED FILE-----\n" } ], - "lastmodified": "2025-07-17T19:51:34Z", - "mac": "ENC[AES256_GCM,data:c+ayFaTrFkoUcXF2YU5boi4twMg3ZUEPwAc8CUvIjxZWDVgqb4WZHPJ9j9T4hdZZq0URGAPTi4x8EXGTxv0pl7EQnAEYZEXPFwFjbuMzBvmsRfCsxeGFkgX1R3wg2PPs5ssXP22+rm7nuLKa91bloX5h3H7b1VbFQkWDJMg5QtM=,iv:5SblNcf0wAYHGd8NvCvxKTsg3ktr96aF6nUBtuZnfoM=,tag:ZIbmfUuW97RYbEqZn7iEnA==,type:str]", + "lastmodified": "2025-07-21T20:19:47Z", + "mac": "ENC[AES256_GCM,data:vInt6XxnE3LhpOS/Q9gKI9We9PhC5hWcDDUTQ8LjGbLeXmC3wZb3E1gk8xZZRSCHr87Mb5tFG4fuMYLBLF9TGzbW5fYE6QgyshtszQZTh6CrbxrIQT2AWPPnUkBn46bOT1NEcIi3/oMUPUlDm5DxM2VUX5WnbzNTjif1g/khhtg=,iv:vAK5b2WB+ly48b92/Nd+6JjkPSikVYOuGN2KdF0W1Q0=,tag:xBS8uvcoh1D89qIcXSuy6A==,type:str]", "pgp": [ { "created_at": "2025-06-13T20:13:06Z", From 1ac888d5836c0ca6782b0543dfc6cfa40666f77c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leon=20Schwarz=C3=A4ugl?= Date: Mon, 21 Jul 2025 22:30:28 +0200 Subject: [PATCH 11/16] fix: make n[switch,boot,dry] work anywhere --- SwarselSystems.org | 5 +++-- modules/home/common/zsh.nix | 5 +++-- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/SwarselSystems.org b/SwarselSystems.org index eefc1a4..bb55bde 100644 --- a/SwarselSystems.org +++ b/SwarselSystems.org @@ -11515,9 +11515,10 @@ Currently I only use it as before with =initExtra= though. hg = "history | grep"; hmswitch = "home-manager --flake ${flakePath}#$(whoami)@$(hostname) switch |& nom"; # nswitch = "sudo nixos-rebuild --flake ${flakePath}#$(hostname) --show-trace --log-format internal-json -v switch |& nom --json"; - nswitch = "swarsel-deploy $(hostname) switch"; + nswitch = "cd ${flakePath}; swarsel-deploy $(hostname) switch; cd -;"; + nboot = "cd ${flakePath}; swarsel-deploy $(hostname) boot; cd -;"; + ndry = "cd ${flakePath}; swarsel-deploy $(hostname) dry-activate; cd -;"; # nboot = "sudo nixos-rebuild --flake ${flakePath}#$(hostname) --show-trace --log-format internal-json -v boot |& nom --json"; - nboot = "swarsel-deploy $(hostname) boot"; magit = "emacsclient -nc -e \"(magit-status)\""; config = "git --git-dir=$HOME/.cfg/ --work-tree=$HOME"; g = "git"; diff --git a/modules/home/common/zsh.nix b/modules/home/common/zsh.nix index def981f..30f929f 100644 --- a/modules/home/common/zsh.nix +++ b/modules/home/common/zsh.nix @@ -26,9 +26,10 @@ in hg = "history | grep"; hmswitch = "home-manager --flake ${flakePath}#$(whoami)@$(hostname) switch |& nom"; # nswitch = "sudo nixos-rebuild --flake ${flakePath}#$(hostname) --show-trace --log-format internal-json -v switch |& nom --json"; - nswitch = "swarsel-deploy $(hostname) switch"; + nswitch = "cd ${flakePath}; swarsel-deploy $(hostname) switch; cd -;"; + nboot = "cd ${flakePath}; swarsel-deploy $(hostname) boot; cd -;"; + ndry = "cd ${flakePath}; swarsel-deploy $(hostname) dry-activate; cd -;"; # nboot = "sudo nixos-rebuild --flake ${flakePath}#$(hostname) --show-trace --log-format internal-json -v boot |& nom --json"; - nboot = "swarsel-deploy $(hostname) boot"; magit = "emacsclient -nc -e \"(magit-status)\""; config = "git --git-dir=$HOME/.cfg/ --work-tree=$HOME"; g = "git"; From 708d65d696b9c08f3ef6788cc1f73fe0cdc6395c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leon=20Schwarz=C3=A4ugl?= Date: Tue, 22 Jul 2025 00:54:37 +0200 Subject: [PATCH 12/16] chore: move shared options to correct header --- SwarselSystems.org | 26 +++++++++++++++++++++----- 1 file changed, 21 insertions(+), 5 deletions(-) diff --git a/SwarselSystems.org b/SwarselSystems.org index bb55bde..dc06245 100644 --- a/SwarselSystems.org +++ b/SwarselSystems.org @@ -3814,11 +3814,6 @@ in } #+end_src -**** Mirror home-manager shared options (automatically active) -:PROPERTIES: -:CUSTOM_ID: h:30b81bf9-1e69-4ce8-88af-5592896bcee4 -:END: - #+begin_src nix-ts :tangle modules/home/common/sharedoptions.nix { lib, config, nixosConfig ? null, ... }: @@ -10336,6 +10331,27 @@ This section sets up all the imports that are used in the home-manager section. } #+end_src +**** Mirror home-manager shared options (automatically active) +:PROPERTIES: +:CUSTOM_ID: h:30b81bf9-1e69-4ce8-88af-5592896bcee4 +:END: + + +#+begin_src nix-ts :tangle modules/home/common/sharedoptions.nix + { lib, config, nixosConfig ? null, ... }: + let + # mirrorAttrs = lib.mapAttrs (_: v: lib.mkDefault v) nixosConfig.swarselsystems; + inherit (lib) mkDefault mapAttrs filterAttrs; + mkDefaultCommonAttrs = base: defaults: + lib.mapAttrs (_: v: lib.mkDefault v) + (lib.filterAttrs (k: _: base ? ${k}) defaults); + in + { + # config.swarselsystems = mirrorAttrs; + config.swarselsystems = lib.mkIf (nixosConfig != null) (mkDefaultCommonAttrs config.swarselsystems nixosConfig.swarselsystems); + } +#+end_src + **** General home-manager-settings :PROPERTIES: :CUSTOM_ID: h:4af4f67f-7c48-4754-b4bd-6800e3a66664 From d7f27943a508d92bab448824d22dc5e9db31e1cf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leon=20Schwarz=C3=A4ugl?= Date: Tue, 22 Jul 2025 00:59:55 +0200 Subject: [PATCH 13/16] feat: no more home-manager secrets on nixos hosts --- SwarselSystems.org | 63 +++++++++++-------- modules/home/common/emacs.nix | 4 +- modules/home/common/mail.nix | 10 +-- modules/home/common/waybar.nix | 2 +- modules/home/common/zsh.nix | 6 +- modules/nixos/common/home-manager-secrets.nix | 22 +++++++ profiles/home/personal/default.nix | 2 +- 7 files changed, 71 insertions(+), 38 deletions(-) create mode 100644 modules/nixos/common/home-manager-secrets.nix diff --git a/SwarselSystems.org b/SwarselSystems.org index dc06245..3f9f9b6 100644 --- a/SwarselSystems.org +++ b/SwarselSystems.org @@ -3789,7 +3789,7 @@ in } #+end_src -**** Meta options (automatically active) +**** Meta options (options only) :PROPERTIES: :CUSTOM_ID: h:30b81bf9-1e69-4ce8-88af-5592896bcee4 :END: @@ -3814,20 +3814,31 @@ in } #+end_src +**** Expose home-manager secrets in NixOS (automatically active) -#+begin_src nix-ts :tangle modules/home/common/sharedoptions.nix - { lib, config, nixosConfig ? null, ... }: - let - # mirrorAttrs = lib.mapAttrs (_: v: lib.mkDefault v) nixosConfig.swarselsystems; - inherit (lib) mkDefault mapAttrs filterAttrs; - mkDefaultCommonAttrs = base: defaults: - lib.mapAttrs (_: v: lib.mkDefault v) - (lib.filterAttrs (k: _: base ? ${k}) defaults); - in - { - # config.swarselsystems = mirrorAttrs; - config.swarselsystems = lib.mkIf (nixosConfig != null) (mkDefaultCommonAttrs config.swarselsystems nixosConfig.swarselsystems); - } +#+begin_src nix-ts :tangle modules/nixos/common/home-manager-secrets.nix +{ lib, config, ... }: +let + inherit (config.swarselsystems) mainUser xdgDir homeDir; + modules = config.home-manager.users.${mainUser}.swarselmodules; +in +{ + config = lib.mkIf config.swarselsystems.withHomeManager { + sops.secrets = (lib.optionalAttrs modules.mail + { + address1-token = { path = "${xdgDir}/secrets/address1-token"; owner = mainUser; }; + address2-token = { path = "${xdgDir}/secrets/address2-token"; owner = mainUser; }; + address3-token = { path = "${xdgDir}/secrets/address3-token"; owner = mainUser; }; + address4-token = { path = "${xdgDir}/secrets/address4-token"; owner = mainUser; }; + }) // (lib.optionalAttrs modules.waybar { + github-notifications-token = { path = "${xdgDir}/secrets/github-notifications-token"; owner = mainUser; }; + }) // (lib.optionalAttrs modules.emacs { + fever-pw = { path = "${homeDir}/.emacs.d/.fever"; owner = mainUser; }; + }) // (lib.optionalAttrs modules.zsh { + croc-password = { path = "${xdgDir}/secrets/croc-password"; owner = mainUser; }; + }); + }; +} #+end_src **** Topology (automatically active) @@ -11503,7 +11514,7 @@ lib.mkMerge [ zshConfigEarlyInit zshConfig ]; Currently I only use it as before with =initExtra= though. #+begin_src nix-ts :tangle modules/home/common/zsh.nix - { config, lib, minimal, ... }: + { config, lib, minimal, nixosConfig ? config, ... }: let inherit (config.swarselsystems) flakePath; in @@ -11518,7 +11529,7 @@ Currently I only use it as before with =initExtra= though. config = lib.mkIf config.swarselmodules.zsh { - sops.secrets = { + sops.secrets = lib.mkIf (!config.swarselsystems.isPublic && !config.swarselsystems.isNixos) { croc-password = { }; }; @@ -11626,7 +11637,7 @@ Currently I only use it as before with =initExtra= though. # ctrl + del bindkey '^H' my-backward-delete-word - export CROC_PASS="$(cat ${config.sops.secrets.croc-password.path})" + export CROC_PASS="$(cat ${nixosConfig.sops.secrets.croc-password.path})" ''; }; }; @@ -11784,7 +11795,7 @@ Normally I use 4 mail accounts - here I set them all up. Three of them are Googl options.swarselmodules.mail = lib.mkEnableOption "mail settings"; config = lib.mkIf config.swarselmodules.mail { - sops.secrets = lib.mkIf (!config.swarselsystems.isPublic) { + sops.secrets = lib.mkIf (!config.swarselsystems.isPublic && !config.swarselsystems.isNixos) { address1-token = { path = "${xdgDir}/secrets/address1-token"; }; address2-token = { path = "${xdgDir}/secrets/address2-token"; }; address3-token = { path = "${xdgDir}/secrets/address3-token"; }; @@ -11818,7 +11829,7 @@ Normally I use 4 mail accounts - here I set them all up. Three of them are Googl address = address1; userName = address1; realName = fullName; - passwordCommand = "cat ${config.sops.secrets.address1-token.path}"; + passwordCommand = "cat ${nixosConfig.sops.secrets.address1-token.path}"; gpg = { key = "0x76FD3810215AE097"; signByDefault = true; @@ -11850,7 +11861,7 @@ Normally I use 4 mail accounts - here I set them all up. Three of them are Googl address = address4; userName = address4-user; realName = fullName; - passwordCommand = "cat ${config.sops.secrets.address4-token.path}"; + passwordCommand = "cat ${nixosConfig.sops.secrets.address4-token.path}"; smtp = { host = address4-host; port = 587; @@ -11873,7 +11884,7 @@ Normally I use 4 mail accounts - here I set them all up. Three of them are Googl address = address2; userName = address2; realName = address2-name; - passwordCommand = "cat ${config.sops.secrets.address2-token.path}"; + passwordCommand = "cat ${nixosConfig.sops.secrets.address2-token.path}"; imap.host = "imap.gmail.com"; smtp.host = "smtp.gmail.com"; msmtp.enable = true; @@ -11900,7 +11911,7 @@ Normally I use 4 mail accounts - here I set them all up. Three of them are Googl address = address3; userName = address3; realName = address3-name; - passwordCommand = "cat ${config.sops.secrets.address3-token.path}"; + passwordCommand = "cat ${nixosConfig.sops.secrets.address3-token.path}"; imap.host = "imap.gmail.com"; smtp.host = "smtp.gmail.com"; msmtp.enable = true; @@ -11941,13 +11952,13 @@ Lastly, I am defining some more packages here that the parser has problems findi #+begin_src nix-ts :tangle modules/home/common/emacs.nix { self, lib, config, pkgs, ... }: let - inherit (config.swarselsystems) homeDir isPublic; + inherit (config.swarselsystems) homeDir isPublic isNixos; in { options.swarselmodules.emacs = lib.mkEnableOption "emacs settings"; config = lib.mkIf config.swarselmodules.emacs { # needed for elfeed - sops.secrets.fever-pw = lib.mkIf (!isPublic) { path = "${homeDir}/.emacs.d/.fever"; }; + sops.secrets.fever-pw = lib.mkIf (!isPublic && !isNixos) { path = "${homeDir}/.emacs.d/.fever"; }; # enable emacs overlay for bleeding edge features # also read init.el file and install use-package packages @@ -12098,7 +12109,7 @@ The rest of the related configuration is found here: ] ++ modulesRight); }; - sops.secrets = lib.mkIf (!config.swarselsystems.isPublic) { + sops.secrets = lib.mkIf (!config.swarselsystems.isPublic && !config.swarselsystems.isNixos) { github-notifications-token = { path = "${xdgDir}/secrets/github-notifications-token"; }; }; @@ -16672,7 +16683,7 @@ This holds modules that are to be used on most hosts. These are also the most im ownpackages = lib.mkDefault true; general = lib.mkDefault true; nixgl = lib.mkDefault true; - sops = lib.mkDefault true; + sops = lib.mkDefault false; yubikey = lib.mkDefault false; ssh = lib.mkDefault true; stylix = lib.mkDefault true; diff --git a/modules/home/common/emacs.nix b/modules/home/common/emacs.nix index 5cb16e4..e6df6c6 100644 --- a/modules/home/common/emacs.nix +++ b/modules/home/common/emacs.nix @@ -1,12 +1,12 @@ { self, lib, config, pkgs, ... }: let - inherit (config.swarselsystems) homeDir isPublic; + inherit (config.swarselsystems) homeDir isPublic isNixos; in { options.swarselmodules.emacs = lib.mkEnableOption "emacs settings"; config = lib.mkIf config.swarselmodules.emacs { # needed for elfeed - sops.secrets.fever-pw = lib.mkIf (!isPublic) { path = "${homeDir}/.emacs.d/.fever"; }; + sops.secrets.fever-pw = lib.mkIf (!isPublic && !isNixos) { path = "${homeDir}/.emacs.d/.fever"; }; # enable emacs overlay for bleeding edge features # also read init.el file and install use-package packages diff --git a/modules/home/common/mail.nix b/modules/home/common/mail.nix index cc14121..8d1750f 100644 --- a/modules/home/common/mail.nix +++ b/modules/home/common/mail.nix @@ -8,7 +8,7 @@ in options.swarselmodules.mail = lib.mkEnableOption "mail settings"; config = lib.mkIf config.swarselmodules.mail { - sops.secrets = lib.mkIf (!config.swarselsystems.isPublic) { + sops.secrets = lib.mkIf (!config.swarselsystems.isPublic && !config.swarselsystems.isNixos) { address1-token = { path = "${xdgDir}/secrets/address1-token"; }; address2-token = { path = "${xdgDir}/secrets/address2-token"; }; address3-token = { path = "${xdgDir}/secrets/address3-token"; }; @@ -42,7 +42,7 @@ in address = address1; userName = address1; realName = fullName; - passwordCommand = "cat ${config.sops.secrets.address1-token.path}"; + passwordCommand = "cat ${nixosConfig.sops.secrets.address1-token.path}"; gpg = { key = "0x76FD3810215AE097"; signByDefault = true; @@ -74,7 +74,7 @@ in address = address4; userName = address4-user; realName = fullName; - passwordCommand = "cat ${config.sops.secrets.address4-token.path}"; + passwordCommand = "cat ${nixosConfig.sops.secrets.address4-token.path}"; smtp = { host = address4-host; port = 587; @@ -97,7 +97,7 @@ in address = address2; userName = address2; realName = address2-name; - passwordCommand = "cat ${config.sops.secrets.address2-token.path}"; + passwordCommand = "cat ${nixosConfig.sops.secrets.address2-token.path}"; imap.host = "imap.gmail.com"; smtp.host = "smtp.gmail.com"; msmtp.enable = true; @@ -124,7 +124,7 @@ in address = address3; userName = address3; realName = address3-name; - passwordCommand = "cat ${config.sops.secrets.address3-token.path}"; + passwordCommand = "cat ${nixosConfig.sops.secrets.address3-token.path}"; imap.host = "imap.gmail.com"; smtp.host = "smtp.gmail.com"; msmtp.enable = true; diff --git a/modules/home/common/waybar.nix b/modules/home/common/waybar.nix index b1f2960..27fd79a 100644 --- a/modules/home/common/waybar.nix +++ b/modules/home/common/waybar.nix @@ -60,7 +60,7 @@ in ] ++ modulesRight); }; - sops.secrets = lib.mkIf (!config.swarselsystems.isPublic) { + sops.secrets = lib.mkIf (!config.swarselsystems.isPublic && !config.swarselsystems.isNixos) { github-notifications-token = { path = "${xdgDir}/secrets/github-notifications-token"; }; }; diff --git a/modules/home/common/zsh.nix b/modules/home/common/zsh.nix index 30f929f..cb45839 100644 --- a/modules/home/common/zsh.nix +++ b/modules/home/common/zsh.nix @@ -1,4 +1,4 @@ -{ config, lib, minimal, ... }: +{ config, lib, minimal, nixosConfig ? config, ... }: let inherit (config.swarselsystems) flakePath; in @@ -13,7 +13,7 @@ in config = lib.mkIf config.swarselmodules.zsh { - sops.secrets = { + sops.secrets = lib.mkIf (!config.swarselsystems.isPublic && !config.swarselsystems.isNixos) { croc-password = { }; }; @@ -121,7 +121,7 @@ in # ctrl + del bindkey '^H' my-backward-delete-word - export CROC_PASS="$(cat ${config.sops.secrets.croc-password.path})" + export CROC_PASS="$(cat ${nixosConfig.sops.secrets.croc-password.path})" ''; }; }; diff --git a/modules/nixos/common/home-manager-secrets.nix b/modules/nixos/common/home-manager-secrets.nix new file mode 100644 index 0000000..94cc9eb --- /dev/null +++ b/modules/nixos/common/home-manager-secrets.nix @@ -0,0 +1,22 @@ +{ lib, config, ... }: +let + inherit (config.swarselsystems) mainUser xdgDir homeDir; + modules = config.home-manager.users.${mainUser}.swarselmodules; +in +{ + config = lib.mkIf config.swarselsystems.withHomeManager { + sops.secrets = (lib.optionalAttrs modules.mail + { + address1-token = { path = "${xdgDir}/secrets/address1-token"; owner = mainUser; }; + address2-token = { path = "${xdgDir}/secrets/address2-token"; owner = mainUser; }; + address3-token = { path = "${xdgDir}/secrets/address3-token"; owner = mainUser; }; + address4-token = { path = "${xdgDir}/secrets/address4-token"; owner = mainUser; }; + }) // (lib.optionalAttrs modules.waybar { + github-notifications-token = { path = "${xdgDir}/secrets/github-notifications-token"; owner = mainUser; }; + }) // (lib.optionalAttrs modules.emacs { + fever-pw = { path = "${homeDir}/.emacs.d/.fever"; owner = mainUser; }; + }) // (lib.optionalAttrs modules.zsh { + croc-password = { path = "${xdgDir}/secrets/croc-password"; owner = mainUser; }; + }); + }; +} diff --git a/profiles/home/personal/default.nix b/profiles/home/personal/default.nix index 91d44aa..6cb0b04 100644 --- a/profiles/home/personal/default.nix +++ b/profiles/home/personal/default.nix @@ -7,7 +7,7 @@ ownpackages = lib.mkDefault true; general = lib.mkDefault true; nixgl = lib.mkDefault true; - sops = lib.mkDefault true; + sops = lib.mkDefault false; yubikey = lib.mkDefault false; ssh = lib.mkDefault true; stylix = lib.mkDefault true; From ba1bba39b479ba22d64e7e316682398590ae1517 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leon=20Schwarz=C3=A4ugl?= Date: Tue, 22 Jul 2025 01:25:27 +0200 Subject: [PATCH 14/16] fix: inaccuracies in emacs config --- SwarselSystems.org | 170 +++++++++++------- files/emacs/early-init.el | 35 ++-- files/emacs/init.el | 41 +++-- modules/home/common/emacs.nix | 18 +- modules/home/common/env.nix | 13 +- modules/nixos/common/home-manager-secrets.nix | 44 +++-- pkgs/github-notifications/default.nix | 2 +- secrets/general/secrets.yaml | 6 +- secrets/repo/pii.nix.enc | 6 +- 9 files changed, 219 insertions(+), 116 deletions(-) diff --git a/SwarselSystems.org b/SwarselSystems.org index 3f9f9b6..364adfa 100644 --- a/SwarselSystems.org +++ b/SwarselSystems.org @@ -3817,28 +3817,42 @@ in **** Expose home-manager secrets in NixOS (automatically active) #+begin_src nix-ts :tangle modules/nixos/common/home-manager-secrets.nix -{ lib, config, ... }: -let - inherit (config.swarselsystems) mainUser xdgDir homeDir; - modules = config.home-manager.users.${mainUser}.swarselmodules; -in -{ - config = lib.mkIf config.swarselsystems.withHomeManager { - sops.secrets = (lib.optionalAttrs modules.mail - { - address1-token = { path = "${xdgDir}/secrets/address1-token"; owner = mainUser; }; - address2-token = { path = "${xdgDir}/secrets/address2-token"; owner = mainUser; }; - address3-token = { path = "${xdgDir}/secrets/address3-token"; owner = mainUser; }; - address4-token = { path = "${xdgDir}/secrets/address4-token"; owner = mainUser; }; - }) // (lib.optionalAttrs modules.waybar { - github-notifications-token = { path = "${xdgDir}/secrets/github-notifications-token"; owner = mainUser; }; - }) // (lib.optionalAttrs modules.emacs { - fever-pw = { path = "${homeDir}/.emacs.d/.fever"; owner = mainUser; }; - }) // (lib.optionalAttrs modules.zsh { - croc-password = { path = "${xdgDir}/secrets/croc-password"; owner = mainUser; }; - }); - }; -} + { lib, config, globals, ... }: + let + inherit (config.swarselsystems) mainUser homeDir; + inherit (config.repo.secrets.common.emacs) radicaleUser; + modules = config.home-manager.users.${mainUser}.swarselmodules; + in + { + config = lib.mkIf config.swarselsystems.withHomeManager { + sops = { + secrets = (lib.optionalAttrs modules.mail + { + address1-token = { owner = mainUser; }; + address2-token = { owner = mainUser; }; + address3-token = { owner = mainUser; }; + address4-token = { owner = mainUser; }; + }) // (lib.optionalAttrs modules.waybar { + github-notifications-token = { owner = mainUser; }; + }) // (lib.optionalAttrs modules.emacs { + fever-pw = { path = "${homeDir}/.emacs.d/.fever"; owner = mainUser; }; + }) // (lib.optionalAttrs modules.zsh { + croc-password = { owner = mainUser; }; + }) // (lib.optionalAttrs modules.emacs { + emacs-radicale-pw = { owner = mainUser; }; + }); + templates = { + authinfo = { + path = "${homeDir}/.emacs.d/.authinfo"; + content = '' + machine ${globals.services.radicale.domain} login ${radicaleUser} password ${config.sops.placeholder.emacs-radicale-pw} + ''; + owner = mainUser; + }; + }; + }; + }; + } #+end_src **** Topology (automatically active) @@ -11037,32 +11051,41 @@ Also in firefox `about:config > toolkit.legacyUserProfileCustomizations.styleshe Sets environment variables. Here I am only setting the EDITOR variable, most variables are set in the [[#h:02df9dfc-d1af-4a37-a7a0-d8da0af96a20][Sway]] section. #+begin_src nix-ts :tangle modules/home/common/env.nix - { lib, config, globals, nixosConfig ? config, ... }: - let - inherit (nixosConfig.repo.secrets.common.mail) address1 address2 address3 address4 allMailAddresses; - inherit (nixosConfig.repo.secrets.common) fullName; - crocDomain = globals.services.croc.domain; - in - { - options.swarselmodules.env = lib.mkEnableOption "env settings"; - config = lib.mkIf config.swarselmodules.env { - home.sessionVariables = { - EDITOR = "e -w"; - DISPLAY = ":0"; - CROC_RELAY = crocDomain; - SWARSEL_LO_RES = config.swarselsystems.lowResolution; - SWARSEL_HI_RES = config.swarselsystems.highResolution; + { lib, config, globals, nixosConfig ? config, ... }: + let + inherit (nixosConfig.repo.secrets.common.mail) address1 address2 address3 address4 allMailAddresses; + inherit (nixosConfig.repo.secrets.common.calendar) source1 source1-name source2 source2-name source3 source3-name; + inherit (nixosConfig.repo.secrets.common) fullName; + inherit (config.swarselsystems) isPublic; + crocDomain = globals.services.croc.domain; + in + { + options.swarselmodules.env = lib.mkEnableOption "env settings"; + config = lib.mkIf config.swarselmodules.env { + home.sessionVariables = { + EDITOR = "e -w"; + DISPLAY = ":0"; + SWARSEL_LO_RES = config.swarselsystems.lowResolution; + SWARSEL_HI_RES = config.swarselsystems.highResolution; + CROC_RELAY = lib.mkIf (!isPublic) crocDomain; + }; + systemd.user.sessionVariables = lib.mkIf (!isPublic) { + GITHUB_NOTIFICATION_TOKEN_PATH = nixosConfig.sops.secrets.github-notifications-token.path; + SWARSEL_MAIL1 = address1; + SWARSEL_MAIL2 = address2; + SWARSEL_MAIL3 = address3; + SWARSEL_MAIL4 = address4; + SWARSEL_CAL1 = source1; + SWARSEL_CAL1NAME = source1-name; + SWARSEL_CAL2 = source2; + SWARSEL_CAL2NAME = source2-name; + SWARSEL_CAL3 = source3; + SWARSEL_CAL3NAME = source3-name; + SWARSEL_FULLNAME = fullName; + SWARSEL_MAIL_ALL = allMailAddresses; + }; }; - systemd.user.sessionVariables = lib.mkIf (config.swarselsystems.isNixos && !config.swarselsystems.isPublic) { - SWARSEL_MAIL1 = address1; - SWARSEL_MAIL2 = address2; - SWARSEL_MAIL3 = address3; - SWARSEL_MAIL4 = address4; - SWARSEL_FULLNAME = fullName; - SWARSEL_MAIL_ALL = allMailAddresses; - }; - }; - } + } #+end_src **** General Programs: bottom, imv, sioyek, bat, carapace, wlogout, swayr, yt-dlp, mpv, jq, nix-index, ripgrep, pandoc, fzf, zoxide @@ -11950,15 +11973,29 @@ By using the emacs-overlay NixOS module, I can install all Emacs packages that I Lastly, I am defining some more packages here that the parser has problems finding. Also there are some packages that are not in ELPA or MELPA that I still want to use, like =calfw= and =fast-scroll=, so I build them here. #+begin_src nix-ts :tangle modules/home/common/emacs.nix - { self, lib, config, pkgs, ... }: + { self, lib, config, pkgs, globals, ... }: let inherit (config.swarselsystems) homeDir isPublic isNixos; + inherit (config.repo.secrets.common.emacs) radicaleUser; in { options.swarselmodules.emacs = lib.mkEnableOption "emacs settings"; config = lib.mkIf config.swarselmodules.emacs { # needed for elfeed - sops.secrets.fever-pw = lib.mkIf (!isPublic && !isNixos) { path = "${homeDir}/.emacs.d/.fever"; }; + sops = lib.mkIf (!isPublic && !isNixos) { + secrets = { + fever-pw = { path = "${homeDir}/.emacs.d/.fever"; }; + emacs-radicale-pw = { }; + }; + templates = { + authinfo = { + path = "${homeDir}/.emacs.d/.authinfo"; + content = '' + machine ${globals.services.radicale.domain} login ${radicaleUser} password ${config.sops.placeholder.emacs-radicale-pw} + ''; + }; + }; + }; # enable emacs overlay for bleeding edge features # also read init.el file and install use-package packages @@ -14772,7 +14809,7 @@ This utility checks if there are updated packages in nixpkgs-unstable. It does s inherit name; runtimeInputs = [ jq ]; text = '' - count=$(curl -u Swarsel:"$(cat "$XDG_RUNTIME_DIR/secrets/github-notifications-token")" https://api.github.com/notifications | jq '. | length') + count=$(curl -u Swarsel:"$(cat "$GITHUB_NOTIFICATION_TOKEN_PATH")" https://api.github.com/notifications | jq '. | length') if [[ "$count" != "0" ]]; then echo "{\"text\":\"$count\"}" @@ -16972,6 +17009,7 @@ In the end, we need to restore those values to values that will work during norm Also packed into the hook function is the line =(fset 'epg-wait-for-status 'ignore)=. This line is needed at the end of the configuration in order to allow for my Yubikey to be used to encrypt and decrypt =.gpg= files. Without it, Emacs will just hang forever and basically crash. #+begin_src emacs-lisp :tangle files/emacs/early-init.el :mkdirp yes +;; -*- lexical-binding: t; -*- (defvar swarsel-file-name-handler-alist file-name-handler-alist) (defvar swarsel-vc-handled-backends vc-handled-backends) @@ -17091,6 +17129,7 @@ In this section I define extra functions that I need. Some of these functions I Since I am rebinding the =C-z= hotkey for emacs-evil-state toggling, I want to have a function that still lets me perform this action quickly. #+begin_src emacs-lisp +;; -*- lexical-binding: t; -*- (defun swarsel/toggle-evil-state () (interactive) @@ -17153,7 +17192,7 @@ Used here: [[#h:b92a18cf-eec3-4605-a8c2-37133ade3574][mu4e]] (insert (format "%s <%s>" (or from-user user-full-name) from-addr))))))) (defun swarsel/mu4e-restore-default () - (setq user-mail-address (getenv "SWARSEL_SWARSEL_MAIL") + (setq user-mail-address (getenv "SWARSEL_MAIL4") user-full-name (getenv "SWARSEL_FULLNAME"))) @@ -17481,7 +17520,7 @@ These functions are used here: [[#h:5653d693-ecca-4c95-9633-66b9e3241070][Corfu] #+end_src -**** Disable garbace collection while minibuffer is active +**** Disable garbage collection while minibuffer is active :PROPERTIES: :CUSTOM_ID: h:3c436647-71e6-441c-b452-d817ad2f8331 :END: @@ -19969,11 +20008,11 @@ Yes, I am aware that I am exposing my university-calendar to the public here. I :init ;; set org-caldav-sync-initalization (setq swarsel-caldav-synced 0) - (setq org-caldav-url "https://stash.swarsel.win/remote.php/dav/calendars/Swarsel") - (setq org-caldav-calendars - '((:calendar-id "personal" - :inbox "~/Calendars/leon_cal.org"))) - (setq org-caldav-files '("~/Calendars/leon_cal.org")) + ;; (setq org-caldav-url "https://schedule.swarsel.win/swarsel/calendar") + ;; (setq org-caldav-calendars + ;; '((:calendar-id "personal" + ;; :inbox "~/Calendars/leon_cal.org"))) + ;; (setq org-caldav-files '("~/Calendars/leon_cal.org")) ;; (setq org-caldav-backup-file "~/org-caldav/org-caldav-backup.org") ;; (setq org-caldav-save-directory "~/org-caldav/") @@ -20000,6 +20039,14 @@ Yes, I am aware that I am exposing my university-calendar to the public here. I :config (bind-key "g" 'cfw:refresh-calendar-buffer cfw:calendar-mode-map) (bind-key "q" 'evil-quit cfw:details-mode-map) + ;; dont change the order of days in this one, as it will break weekend markings + (setq calendar-day-name-array + ["Sunday" "Monday" "Tuesday" "Wednesday" "Thursday" "Friday" "Saturday"]) + + ;; First day of the week + (setq calendar-week-start-day 1) ; 0:Sunday, 1:Monday + + ;; (custom-set-faces ;; '(cfw:face-title ((t (:foreground "#f0dfaf" :weight bold :height 65)))) ;; ) @@ -20007,14 +20054,17 @@ Yes, I am aware that I am exposing my university-calendar to the public here. I (defun swarsel/open-calendar () (interactive) - (unless (eq swarsel-caldav-synced 1) (org-caldav-sync) (setq swarsel-caldav-synced 1)) + ;; (unless (eq swarsel-caldav-synced 1) (org-caldav-sync) (setq swarsel-caldav-synced 1)) ;; (select-frame (make-frame '((name . "calendar")))) ; makes a new frame and selects it ;; (set-face-attribute 'default (selected-frame) :height 65) ; reduces the font size of the new frame (cfw:open-calendar-buffer :contents-sources (list - (cfw:org-create-source "Purple") ; orgmode source - (cfw:ical-create-source "TISS" "https://tiss.tuwien.ac.at/events/rest/calendar/personal?locale=de&token=4463bf7a-87a3-490a-b54c-99b4a65192f3" "Cyan")))) + (cfw:org-create-source "Blue") ; orgmode source + (cfw:ical-create-source (getenv "SWARSEL_CAL1NAME") (getenv "SWARSEL_CAL1") "Cyan") + (cfw:ical-create-source (getenv "SWARSEL_CAL2NAME") (getenv "SWARSEL_CAL2") "Green") + (cfw:ical-create-source (getenv "SWARSEL_CAL3NAME") (getenv "SWARSEL_CAL3") "Magenta") + ))) #+end_src diff --git a/files/emacs/early-init.el b/files/emacs/early-init.el index 7156518..b86d1c1 100644 --- a/files/emacs/early-init.el +++ b/files/emacs/early-init.el @@ -1,22 +1,23 @@ -(defvar swarsel-file-name-handler-alist file-name-handler-alist) -(defvar swarsel-vc-handled-backends vc-handled-backends) +;; -*- lexical-binding: t; -*- + (defvar swarsel-file-name-handler-alist file-name-handler-alist) + (defvar swarsel-vc-handled-backends vc-handled-backends) -(setq gc-cons-threshold most-positive-fixnum - gc-cons-percentage 0.6 - file-name-handler-alist nil - vc-handled-backends nil) + (setq gc-cons-threshold most-positive-fixnum + gc-cons-percentage 0.6 + file-name-handler-alist nil + vc-handled-backends nil) -(add-hook 'emacs-startup-hook - (lambda () - (progn - (setq gc-cons-threshold (* 32 1024 1024) - gc-cons-percentage 0.1 - jit-lock-defer-time 0.05 - read-process-output-max (* 1024 1024) - file-name-handler-alist swarsel-file-name-handler-alist - vc-handled-backends swarsel-vc-handled-backends) - (fset 'epg-wait-for-status 'ignore) - ))) + (add-hook 'emacs-startup-hook + (lambda () + (progn + (setq gc-cons-threshold (* 32 1024 1024) + gc-cons-percentage 0.1 + jit-lock-defer-time 0.05 + read-process-output-max (* 1024 1024) + file-name-handler-alist swarsel-file-name-handler-alist + vc-handled-backends swarsel-vc-handled-backends) + (fset 'epg-wait-for-status 'ignore) + ))) (tool-bar-mode 0) (menu-bar-mode 0) diff --git a/files/emacs/init.el b/files/emacs/init.el index 90f8a4f..4c024ee 100644 --- a/files/emacs/init.el +++ b/files/emacs/init.el @@ -1,8 +1,10 @@ -(defun swarsel/toggle-evil-state () - (interactive) - (if (or (evil-emacs-state-p) (evil-insert-state-p)) - (evil-normal-state) - (evil-emacs-state))) +;; -*- lexical-binding: t; -*- + + (defun swarsel/toggle-evil-state () + (interactive) + (if (or (evil-emacs-state-p) (evil-insert-state-p)) + (evil-normal-state) + (evil-emacs-state))) (defun swarsel/last-buffer () (interactive) (switch-to-buffer nil)) @@ -34,7 +36,7 @@ (insert (format "%s <%s>" (or from-user user-full-name) from-addr))))))) (defun swarsel/mu4e-restore-default () - (setq user-mail-address (getenv "SWARSEL_SWARSEL_MAIL") + (setq user-mail-address (getenv "SWARSEL_MAIL4") user-full-name (getenv "SWARSEL_FULLNAME"))) (defun swarsel/with-buffer-name-prompt-and-make-subdirs () @@ -1581,11 +1583,11 @@ create a new one." :init ;; set org-caldav-sync-initalization (setq swarsel-caldav-synced 0) - (setq org-caldav-url "https://stash.swarsel.win/remote.php/dav/calendars/Swarsel") - (setq org-caldav-calendars - '((:calendar-id "personal" - :inbox "~/Calendars/leon_cal.org"))) - (setq org-caldav-files '("~/Calendars/leon_cal.org")) + ;; (setq org-caldav-url "https://schedule.swarsel.win/swarsel/calendar") + ;; (setq org-caldav-calendars + ;; '((:calendar-id "personal" + ;; :inbox "~/Calendars/leon_cal.org"))) + ;; (setq org-caldav-files '("~/Calendars/leon_cal.org")) ;; (setq org-caldav-backup-file "~/org-caldav/org-caldav-backup.org") ;; (setq org-caldav-save-directory "~/org-caldav/") @@ -1612,6 +1614,14 @@ create a new one." :config (bind-key "g" 'cfw:refresh-calendar-buffer cfw:calendar-mode-map) (bind-key "q" 'evil-quit cfw:details-mode-map) + ;; dont change the order of days in this one, as it will break weekend markings + (setq calendar-day-name-array + ["Sunday" "Monday" "Tuesday" "Wednesday" "Thursday" "Friday" "Saturday"]) + + ;; First day of the week + (setq calendar-week-start-day 1) ; 0:Sunday, 1:Monday + + ;; (custom-set-faces ;; '(cfw:face-title ((t (:foreground "#f0dfaf" :weight bold :height 65)))) ;; ) @@ -1619,14 +1629,17 @@ create a new one." (defun swarsel/open-calendar () (interactive) - (unless (eq swarsel-caldav-synced 1) (org-caldav-sync) (setq swarsel-caldav-synced 1)) + ;; (unless (eq swarsel-caldav-synced 1) (org-caldav-sync) (setq swarsel-caldav-synced 1)) ;; (select-frame (make-frame '((name . "calendar")))) ; makes a new frame and selects it ;; (set-face-attribute 'default (selected-frame) :height 65) ; reduces the font size of the new frame (cfw:open-calendar-buffer :contents-sources (list - (cfw:org-create-source "Purple") ; orgmode source - (cfw:ical-create-source "TISS" "https://tiss.tuwien.ac.at/events/rest/calendar/personal?locale=de&token=4463bf7a-87a3-490a-b54c-99b4a65192f3" "Cyan")))) + (cfw:org-create-source "Blue") ; orgmode source + (cfw:ical-create-source (getenv "SWARSEL_CAL1NAME") (getenv "SWARSEL_CAL1") "Cyan") + (cfw:ical-create-source (getenv "SWARSEL_CAL2NAME") (getenv "SWARSEL_CAL2") "Green") + (cfw:ical-create-source (getenv "SWARSEL_CAL3NAME") (getenv "SWARSEL_CAL3") "Magenta") + ))) (use-package dashboard :ensure t diff --git a/modules/home/common/emacs.nix b/modules/home/common/emacs.nix index e6df6c6..2a0d331 100644 --- a/modules/home/common/emacs.nix +++ b/modules/home/common/emacs.nix @@ -1,12 +1,26 @@ -{ self, lib, config, pkgs, ... }: +{ self, lib, config, pkgs, globals, ... }: let inherit (config.swarselsystems) homeDir isPublic isNixos; + inherit (config.repo.secrets.common.emacs) radicaleUser; in { options.swarselmodules.emacs = lib.mkEnableOption "emacs settings"; config = lib.mkIf config.swarselmodules.emacs { # needed for elfeed - sops.secrets.fever-pw = lib.mkIf (!isPublic && !isNixos) { path = "${homeDir}/.emacs.d/.fever"; }; + sops = lib.mkIf (!isPublic && !isNixos) { + secrets = { + fever-pw = { path = "${homeDir}/.emacs.d/.fever"; }; + emacs-radicale-pw = { }; + }; + templates = { + authinfo = { + path = "${homeDir}/.emacs.d/.authinfo"; + content = '' + machine ${globals.services.radicale.domain} login ${radicaleUser} password ${config.sops.placeholder.emacs-radicale-pw} + ''; + }; + }; + }; # enable emacs overlay for bleeding edge features # also read init.el file and install use-package packages diff --git a/modules/home/common/env.nix b/modules/home/common/env.nix index 629acac..0148b9d 100644 --- a/modules/home/common/env.nix +++ b/modules/home/common/env.nix @@ -1,7 +1,9 @@ { lib, config, globals, nixosConfig ? config, ... }: let inherit (nixosConfig.repo.secrets.common.mail) address1 address2 address3 address4 allMailAddresses; + inherit (nixosConfig.repo.secrets.common.calendar) source1 source1-name source2 source2-name source3 source3-name; inherit (nixosConfig.repo.secrets.common) fullName; + inherit (config.swarselsystems) isPublic; crocDomain = globals.services.croc.domain; in { @@ -10,15 +12,22 @@ in home.sessionVariables = { EDITOR = "e -w"; DISPLAY = ":0"; - CROC_RELAY = crocDomain; SWARSEL_LO_RES = config.swarselsystems.lowResolution; SWARSEL_HI_RES = config.swarselsystems.highResolution; + CROC_RELAY = lib.mkIf (!isPublic) crocDomain; }; - systemd.user.sessionVariables = lib.mkIf (config.swarselsystems.isNixos && !config.swarselsystems.isPublic) { + systemd.user.sessionVariables = lib.mkIf (!isPublic) { + GITHUB_NOTIFICATION_TOKEN_PATH = nixosConfig.sops.secrets.github-notifications-token.path; SWARSEL_MAIL1 = address1; SWARSEL_MAIL2 = address2; SWARSEL_MAIL3 = address3; SWARSEL_MAIL4 = address4; + SWARSEL_CAL1 = source1; + SWARSEL_CAL1NAME = source1-name; + SWARSEL_CAL2 = source2; + SWARSEL_CAL2NAME = source2-name; + SWARSEL_CAL3 = source3; + SWARSEL_CAL3NAME = source3-name; SWARSEL_FULLNAME = fullName; SWARSEL_MAIL_ALL = allMailAddresses; }; diff --git a/modules/nixos/common/home-manager-secrets.nix b/modules/nixos/common/home-manager-secrets.nix index 94cc9eb..a4ade64 100644 --- a/modules/nixos/common/home-manager-secrets.nix +++ b/modules/nixos/common/home-manager-secrets.nix @@ -1,22 +1,36 @@ -{ lib, config, ... }: +{ lib, config, globals, ... }: let - inherit (config.swarselsystems) mainUser xdgDir homeDir; + inherit (config.swarselsystems) mainUser homeDir; + inherit (config.repo.secrets.common.emacs) radicaleUser; modules = config.home-manager.users.${mainUser}.swarselmodules; in { config = lib.mkIf config.swarselsystems.withHomeManager { - sops.secrets = (lib.optionalAttrs modules.mail - { - address1-token = { path = "${xdgDir}/secrets/address1-token"; owner = mainUser; }; - address2-token = { path = "${xdgDir}/secrets/address2-token"; owner = mainUser; }; - address3-token = { path = "${xdgDir}/secrets/address3-token"; owner = mainUser; }; - address4-token = { path = "${xdgDir}/secrets/address4-token"; owner = mainUser; }; - }) // (lib.optionalAttrs modules.waybar { - github-notifications-token = { path = "${xdgDir}/secrets/github-notifications-token"; owner = mainUser; }; - }) // (lib.optionalAttrs modules.emacs { - fever-pw = { path = "${homeDir}/.emacs.d/.fever"; owner = mainUser; }; - }) // (lib.optionalAttrs modules.zsh { - croc-password = { path = "${xdgDir}/secrets/croc-password"; owner = mainUser; }; - }); + sops = { + secrets = (lib.optionalAttrs modules.mail + { + address1-token = { owner = mainUser; }; + address2-token = { owner = mainUser; }; + address3-token = { owner = mainUser; }; + address4-token = { owner = mainUser; }; + }) // (lib.optionalAttrs modules.waybar { + github-notifications-token = { owner = mainUser; }; + }) // (lib.optionalAttrs modules.emacs { + fever-pw = { path = "${homeDir}/.emacs.d/.fever"; owner = mainUser; }; + }) // (lib.optionalAttrs modules.zsh { + croc-password = { owner = mainUser; }; + }) // (lib.optionalAttrs modules.emacs { + emacs-radicale-pw = { owner = mainUser; }; + }); + templates = { + authinfo = { + path = "${homeDir}/.emacs.d/.authinfo"; + content = '' + machine ${globals.services.radicale.domain} login ${radicaleUser} password ${config.sops.placeholder.emacs-radicale-pw} + ''; + owner = mainUser; + }; + }; + }; }; } diff --git a/pkgs/github-notifications/default.nix b/pkgs/github-notifications/default.nix index 53b8ce3..c3638e2 100644 --- a/pkgs/github-notifications/default.nix +++ b/pkgs/github-notifications/default.nix @@ -4,7 +4,7 @@ writeShellApplication { inherit name; runtimeInputs = [ jq ]; text = '' - count=$(curl -u Swarsel:"$(cat "$XDG_RUNTIME_DIR/secrets/github-notifications-token")" https://api.github.com/notifications | jq '. | length') + count=$(curl -u Swarsel:"$(cat "$GITHUB_NOTIFICATION_TOKEN_PATH")" https://api.github.com/notifications | jq '. | length') if [[ "$count" != "0" ]]; then echo "{\"text\":\"$count\"}" diff --git a/secrets/general/secrets.yaml b/secrets/general/secrets.yaml index 88d54c0..ebaf097 100644 --- a/secrets/general/secrets.yaml +++ b/secrets/general/secrets.yaml @@ -20,6 +20,8 @@ u2f-keys: ENC[AES256_GCM,data:4UPXyOYEQR1oybxPLR3JW8ro5gTzq0YQse1lnAP020Nm4JG4El croc-password: ENC[AES256_GCM,data:uz7vI2rrPi1uTKEks4IPnWOt/R6ydlp/cQ==,iv:ZE01XcS6nF1sqz04rC1o20l+1DpNSRVjhC40ZmTVCww=,tag:REjnDQBcDkUzLg2ZsiDUvA==,type:str] #ENC[AES256_GCM,data:qsBNKxd3Ng==,iv:1fNMDJt7vgKFSdghYBZsuDoZ1sWvzj1Zu8NmkjX6Zh8=,tag:0D7EsgN8B1z7/y4iZS/PtQ==,type:comment] github-api-token: ENC[AES256_GCM,data:9AhHkmv4JUjmir77INYflGvjNWW/E17FmfoXs5IUnAlL7B/l8s7UlVob0Az4lOUnm3+R0RWJz0HKMvOdZVZjd3RakdoWqvBHFqOVNF1MNthg2izIiaERsnDXcxj54qJfpD505xFSBWmnTKWVwRZlW5WEsFPuvaVy,iv:wzXT+qsn4VG+R8tGU33EWoaMKs4c/BB5W7f2JvuX2eY=,tag:EEhbktsmWHBwh0iBtfaXlA==,type:str] +#ENC[AES256_GCM,data:vQF1i7rtfz/MBElKIN9j8N0=,iv:jf2SZpulx85yx2sHcnA3iwkiXJcHq4x1fdBUcSRuiK0=,tag:WpUNpH6/8jDvQA8zRGrdKg==,type:comment] +emacs-radicale-pw: ENC[AES256_GCM,data:BIORG0geX8s1WOA=,iv:SeoVn8xHlqQGxZzHrm5I5LITMoutRnz3OygswDc96ew=,tag:C3S4a8IEvCjHgAyRrCaaRw==,type:str] sops: age: - recipient: age1h72072slm2pthn9m2qwjsyy2dsazc6hz97kpzh4gksvv0r2jqecqul8w63 @@ -85,8 +87,8 @@ sops: SjV6L3crUkdLWTlsNFgyRHBla2FFam8KILYsNbLdCirfoC/Vex8yEYpS2G4O0EQP wa1xzPk3Ue0/g67dv5UZFhUn0ZB2XGFC3kEPWpptTj0VL+9Z/r0zKA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-07-07T15:40:09Z" - mac: ENC[AES256_GCM,data:IgodPXcdFB7zYwt1dbRXkuQ2Ko2cAy4L6BvObuP8sWRO26Sn0CRvBtfwEtJLRMoXyS3hXJ25hzTeQOUaTVRw/5GEViM4SxdUuE9b5rX1J7tRftgdI45f12tsBMJQhk4NDtxpm4CSUvh11XqNdBkBjFUMxfZVweXFhoZ7tJ3oElg=,iv:9WNevYqRUe5DtCWN6mMNNwQvxB4Z8ac/zKPocjMa33A=,tag:n/DL3B8WB/YKfcbo6ArMDw==,type:str] + lastmodified: "2025-07-22T05:16:03Z" + mac: ENC[AES256_GCM,data:CoOd5ki9DoSBzwTeTw3JDGPReJD4th+v20AItwIZBLX15eLb1KXANdz5ekHeFZ6ntHq4ij0FUH63W6ojpBdvzJS7GgboQyAThkyJSmqtr7lN9rTa3XZSIKDTZCKm4wrG60q17vUIZXPLxM+NN1Fp2oEyCwt1s7SHM11xJ3JdyBk=,iv:ofyAhu4pjzNAJguU5Z5H9Capqcky/mTMXHEYS/qhvNs=,tag:L9tZRzd5VgbB7lyCkT6yTA==,type:str] pgp: - created_at: "2025-07-10T23:51:26Z" enc: |- diff --git a/secrets/repo/pii.nix.enc b/secrets/repo/pii.nix.enc index 06c93dc..4a55990 100644 --- a/secrets/repo/pii.nix.enc +++ b/secrets/repo/pii.nix.enc @@ -1,5 +1,5 @@ { - "data": "ENC[AES256_GCM,data:RXqAVgmdB8Ft+ESp72zdkSwT+WfIpbSPll7my39Tqfuo4HmoHlRJar7TfRfK2CDm1qKF1Zxg6CNt4P5lfX+CpdLkesPQ24wSKrIWYjE+Ayfns4V0je/OZKpIB+3nP0jVq5g2Cwf4bfV0SbH7O2Y3plU9mfhIiFw/EL7M+3KcmJks3etBjJQczrctQdfvZnnYelYIcwk2o1Gqv/DQROxtv32YxyXL3NHLhOwnNeIv4jQpR8iF0+yuV90NVzVuIVoGSfGmg1FgAWeu37Si0+qC2qqvw6aWRPnKSMqeydSFjR4O/2aQIBHy9VFLLP65Vd1DApUxRlwhDesMNOLLeC2+mw6G02o+vcHvkAR0NljUdPPfKPGr6bRYR//MDvAmIFX7ysJ7077vcKio5teecwEkW7I0dsRhMj2wex0z9GxztPOr9WIvSwBUfGwRkTAhEOQk9fTIc6FVWF/O2dZUFPGwhFMw4NOgSL/q6mmqmtqUjtyw+SWWoEUm4Y/P0FpZoiu0TxUDcyJQ/kZsLkbRzbMjFh9pzY/VakleW4sNqrcGlj0y8aQLw2Ct4FpgRL8YLd7P3VYP86231zsrlge6jLx8fZU4NGwq+BPgMqqJH44WmKT6my+LqPY2ktZij1JGom694vmu+yjP+JB2APNRV4qE0apR3qhWL0CBCXQUTJ6rKIPVgwMlCSb4eVKDgBq77idlkAuRb2ej+0+M2JWZen8dxp+CGZh/qwBB6UOG8MbceRupA/IjiXW3ssHNaKJDlWh5oxbBVlU1Gk3wULFR25Jgq4tEWQWkPPOF2iWyVI/n6kQXqg2IMeFIi3+MMxjNsKDIjvvvT7NeUU0y1WlcOUsxakWk/HP7+OacpySrlEpc0xJKOxITiiX6JWZDl51kau9W6ntyrOOoeLSCZdNBcTo43Mx3nHOlJ6I5R2O9A7axVV1jlJgshfAmyfyt+O4H1qoSLS1mZFk8D1qy+Eui8pZDHYK1A+5I0b/QiJ8EmmhNrL30g9lo97eTln+u3u2eZmSWqV3eWeeFSx1YxfYU6LWI8sz7qTbxSUndQ7IrvVazM/D8h0Xa24PsGB+c6PN9M74sQ6JJQ4CdeJGFmJkInVnK0HuqtF92IF/0xejqshX9xsWQ/VnK2QpIjtNWmH5merkEhKBOS2lnQePUQNJSTAYPcM5aGNVQmOUaEIE1+kDICa6HAGkCYU+1Cdi6+RUxlSqL6T9SESmxPepksMPukT14+Ah3tAl8iDKo5zLUx0g0a51JbuEsc0/u6jWF/9wfLM5N3kITEoplwkV8EYW/0NsSNwletUzA+DrV1EiVmL1dShbwIzU+He2EnzHytJX+J7XtXn8BBJNl0bL1kXT0EM+BF52qlMw+QpZWVdlxrCP7ysfnMUb3K1j8XiNGpFT4IXeYrI1UnnO1zH/sE2aoLe8PcZfqEXs2OyyGXeSk6dbSWMHDboTu+xwrHXfZ/JRjsw7BT+uvzqoNTqPB9xPRpNd58QejgiLTz4ko3KIPrUi8ri1v/5VusDdkKr6Reoa9/Tx7Ri8/BMENxpFWh7qrAU4Kk6jIrZnUf2h2bPCiRkWkBroknDaVjwtbgEYJtEePXplAVIJiwOZcno+gPAaEkDgurZMwTSBawNW9MwA9ANuJFUCFMoGZ6czVQBVvrN9VqL7v1qM0kwvGoM2b8BOWcntLjiXByWrX/1lY0qoHfxrIIf1gHH/irX4qiGhtoChlRvuOBeV2tHYjOrQOHsKOhlFNduGqKuaIYBerKlTbVDRPUC1tng6kMU9bcAQ6u/gjR3VyxleQkLwJ61RHKCO5e6hhM8hzhqHmjBljfF+JdgPyCbgmZIUcdqpgFL5l1z1YE5SFd5WV6q76mVu6paHYirZdZRvOQsVn52pihaN6FMRcNUrks64dF7CCXJ4Hnu3WBXl20F1/NPtEPFtKBdVjOfCBoTGtItreCEuWB5fpWzSE583p9znJI0beSHO5Yq0kB8ek1HDBZ7Tu8eiZAOR2QnGiONKSheDs6Tjc98ebaJhlelo4H7U7B5hWulXwViipDnilSSUO4ofD1mcU5AJ9QX54HUMWf6iiOIMZTtMA9gXAxkSwcEGDF3eBkVRCQuRz1N9kYbJhfhOYi9OLaB+AFbEBkm+XqZ/0i8jBjR3X87SXv3/drC3tumfDMmDCwj5tagvyMvQAm4ZV6cNn116T9YNY58zGyavEGCjM3RDinJ6EX6LLyUHGcnjUUtM5arI7PiSuYmxh4OcpEAcsNfVo+DSeC843X3wcRJvv5fx8WSUDszDCGPWCdF0LDrpYPu9KxzNqSVEXq+Vi1DPVE7Q7tuz5b9/gjo82tlQgdQIH3VQGCayncHt1u6D+oA0pBL79Nho/FHiI7ucZgivNmkET6swpmxjOSCNJOW9XYIqhjLCQ3y7JYnJ9fz2+sKKCBBc23O4BDWKXnkn7UqNyVoZCByJiWh/IBY/aTakJSymGvM14J1c+UEq4aFfi07WUW+NC5fpz446qggTLzA0JmFrRIuJLf5GbKFn3PpLseO4qTKnJu/XdvA+i0P3KDcIx7BVJ9065QK2NF2wBaWE105is2VWZ4sYyvKL9u0OxwlrnLS2+fBzf+f+EFCMLfa2UyVEqpKdJSB6h7H5yk4S8kt+BUHS1hAlgWGz3oID2i0lKqh7E9DzuQQh3pAGMIXhc3oFf90lAVeM6gQ6K25DK8LY8mXnVyL9Y9UOpLFLvlEdHZVsG6xDWBfuHeN8nMNSRircY2U/Vp9Y880OxUvPurSWXZk2SUFXkCC6QQdoSvJbgfymWoQe85aRJ8tRA2NQ+MtAygmflhQ1lCyGBMF4J1TNL5OyVnPXpeGZKGOXkz2pvNSZpfMYIm/WwOloapQZflSePmWRRjrMuAusPMrnAuRrDeBJl5LdKfuLg5AGyVI8/dd7T4mtbU3hefX04xRyR36oTxux/bpGFPoh6+keNHYpUWma5bwe7PAJ5D7IXb4+BvtxwU77x8ewM4TQ0tCvi5r05euPxkOdKxmF/gRFcB/MOQLCUlRiZ5OKVqXb41f+ydtj0IM78XNTa/yFdH9djLD1tPyKlX4DifzACPcvBuzelf01/8Ruyg7Xj/ow0nUmMxqLJmEmYckumhDjJQxP0UajtOFbk2mVIth3Vul2ipHFOC9rOMPbibZG33mY34jiswgvrD5RzgRVBl4x9pOvgdAQxfsuyc/B/8k7fWlsZMWFNA6aLwwPmo5BxdYSQfQ08,iv:I78O1MiGdRLzf7mA2MpIO0fdwjin1dDh82q4sRbOuMg=,tag:UQyx7W8C8FWmKGyVT9SpCg==,type:str]", + "data": "ENC[AES256_GCM,data:93ubLQUuSE0QMWwXadiH4HGCTMXFj25AbstjRt7Cvwh/jwpsmNcsnJfv7zBE2bl33ystKzMRHVjbp/IPKI0VSBbPbX5joKr0U9tMOXo+9Nc6Z6wFVSO8x5WjxZnj/8WxJMCmON+8lFvadegPxT1gy8aPtK1HKMDYzZp4wEiKzuJNrmwAA7Ofy5nWj1HVVCL7C2PDC7JUJZWVoNx4PITUIJYzc6F5nSCOz8SmIyHewAyUovFLmdnnRYsmyJOYpe3chXxgO60huQEhvJw0lt+OxGNONhGsYUeMFIsA84hfaqosXCXXVC7R8Z8Xr7EvyKoUiQnTr1iSCXFN4FO6PhhM8KO17BXREAmrqlcA74a+csLLj2iAmJ1mMMT2EuIaC3W5XJO6YsVxb8hCNjP2tUg/RxwhiRXN/elhhmsPyk2Csxx9yYOFR3q7BXgRKLvGHQIQZ+HS/vy4m0qsZyKInsDHahcgqggKxsLeGUzOSKEXmznM9Hu058Mn0+i5NoDitZfZ41JZuEaz6bvP6AqLz7mVMiHzfnR9JuuoqpQyHxlq3OQyQGQHJpl6Wmc1lG/QOgHchHxgDJYkGxUNPiC5Y5hV9XxFaVQ8QzArt/nScC7r4ZI2vcMBWAgb5tPJZkltPzuymmJXe5N3T4y7dKb1PaJnWO1rN1A/qYtB31K+bCsguFuo8S7P4mkdHIhJ0f1+dykHmDIlmeN5wJWZHO+Zg47KH1X8pqOFCiZcE0hFkqzlSiuKWNOMFN8WuVqw/JjUf59AD2WPKsuyshaKxjkCoZXKH89mO/9qOpx7R7vAybJHit6X4PeyKUizEl5lCWSW7HmnQPVy2Z8yc2o/rnO3G1lThqeGwqG4uVrEdQvH8oRCDDm9LjRN7TTo77cdZgVnc2bT8UyFOqLg9r0Ux4+0TuQse2ibiGHERNYU/UKZQBVvz28yG5o7LkpIfqHuo4JHpbF20MLoOzYWDj2A+s0pEWlPT7P0EF9POiuK5TKxPCcjCWtd2IgHiPhatNIMD9ygpvfw8f9wkPBTuPN0yJaXa+JlyXf73K+cmigTOhAyoGRB40QzxeZP2/hexUinNBPwy8r+D07bSP9EJi245yKmaZyNn9fEKjGCY4xJeroPY5jTgs8T74k+6onISXzv37XbqTRLfykdjJ3ttk6R2McnS2h1YwTvlTbw0Wsf9ocWc8qjPz4mggxiDalxemKCabM9pRcepGmbkXdtXQi7G17VxT8Ur8Y0zy/M8bVfwYCmhOq0JqHqJuRbo2nMX0kSXFKwZDeNiwmWF77YJscCW3ZU/k0p6yHzWXwk7jTmUD60Ht+kR0uQSt5LNqNty7i9uo783kMXmHoX7Q3UVPf3wtjRDgOxLPMaTFHWeHWoSpHHmCuxvKRBDt0mg3rvtmeRrTgFXCNIBBwgks65TpMrzj/0Pw7GyqZOHvC7GKJY8kwGssS6X8XRD6gxQqPfNl5REv4yT+Oa+6tG6rD6zkFv0pkJIRm0EXRZ+w0gqUzduTE1n64IS/yBJexgVjkJfJKbRinWk50yzymZYeMEIsutpRAiZZ0nBiGRngl0KzvvUA8ranyRUkKD7m5lS+vfwtsKSI6OixK8hBwypUGqR9vD2qWvQVUjkvltPFMiONoLEC6bt/mNuhQGscFGi6tIkra0PUovk0msJ5SnjFpj1hFTs/QEL2xNHx+9q+7XqddzAn6j4t3UjYhyuf3B2QuZ7au2q+NRdzoGDaXM5eJyvCYSMDmZq0vZ0LK60h44b7T5JnstuO59pr6fGKCoQRYfT0eTp86cWRcPugIh05I0CF82080vQhNXvjYxzzLwjkx9zYBCJk5KDE4Q9nZSLzDRl5IwGysOqqwO5t//CAF4tpsyTE81OSgi1ca/+hbl+ro6wQiWVlMhXObuFf/4+6UtsRouY35tXGlgclpvLMsQfpE5Y7HcLQ3+tlsZncXjG2PGNeGyWHZqsWmJjT5p1D9UVRMFwGxQpQiCE6NaVbHN4rIuD5jEDkM6Z/l8nPFSesU2ddQGi8Xtg3gdP+AFXWiIGEqIKSlG7drJ3WMK2FAgkaYk/zgvFYTK8jMjJBm25baJa0LLKGv3v5mU+w/bXr6CmGM+1GbhM0jnb3LSCsDIFJFpeILWsI7Ej62w/knwNzaHw251fquecbUEUkXkGeBq/izATp6TXHB07RL9BIMDaOlrSI3Pb/ej77MjcNkvZMfSJdDL+O/Ob5JgPQYp+tyubipLNaAxnlNlKvEzm5KSacHIXyDHUpYzsx84J6x65i2AbrtmJ1O2ontwOY2vlrSEQgduDuTZm48D2BBCZZ7TTAP2E+yD1GllGlSZY69TQSKF08gFbrSf+Jj+AXKOrQQerXc47hFAMPFScTH0rtN1zsM9pV0d/5zhkFePatL8Ztoa8uJUCVpJxu2z+h8BedIDfhXtijCxEmOKc+9iLokTyWupk/uCQyLqJO+cqYqf6T4Rf4S9XmlkPELGPSRwpOjSDhlKyWf72sbvokgIQ6G/TRQIGlOMlmTn60j0Mf6kWmL3hx6LWVN7kH4TpHmryWy2s0pgKEiqNihvoM3IR9NhM4cv2RTbY6NG3x5ql3Y8A9Aoor9tuS4IDCDb8n/TZ63CxSui+c7qGLCdg0znUlWv2XvTOTjleCHgukMbUqDqXphE3/vwMePJ/uXA3PBZ8gWCuOhsa5FU9ABi17h37XKhZG6Vys6iw2EWN3VbIEsdjjVPBDNCluy7eoEJGNKATS4Y6/5bhXUBtYOYI2WvoJCdR35WR0grkDsV7AaGdKGg/slKByWXmyOw2Rrj0siz0SC/42DhwDB46dL+0EZpL+pnBv/pT/PcMJ/hrp1blgdgXgRSH56cLHQhmX6SdZT55DSCW6BKfSDSAH9fVuSAVzdqBgjMhzQ3ar94UjTCkSXVu0NspZm2BKQprsgnAbUz192/phZ+jrVkcIb+iq6+HgJ3BYT+ByKR3e4AoBN6HvANYjXOgLe3iExeo7QIgdDWyXZH8mxOz4j/BPN8EjsHrk7FazgrID5oJSHDDBJ36hKoAvjCSsMHveWrbBwS00hGIpgGX5EaCaeTE/6UYZ0DF56M8/pa4L3khyDs/sXUCsJEoxQcvMkt2IFAnoKXpkWPND8iLFt0DSq7ov9+rKjXpgeH0K/DIj0Qfkwk66EusEUtwux4EYTofwcyorlpgA5RXzAZB5jroqmcL5I79uZ/oLyoBjulS4nEcKQihcSEozRVSSiQlKHsb0DWOKovUlwdBossAQUXcrShAhkfddc3iqIonpFDJYw6np9HwZ+QSOXNaEkRtucW+J0I6YSTHnRF64GARGpvF9DXlpbhfONm96mgTpkCkO2NekNP2nuvWnIs+MDmD8BZd2o2hLPo1Hmr+2n0Gkvd5DJAemfggTrEZ8YuaMnQbhwOKJ79Vu4N7mmhghDjuHi55hnzZDEUXgeyJ/rQTsiD4V29kOnPvoMBNRGSD74LPptOceXw1HqoOyMI+wDXHTj00Elr33rTEJ0lfcFvtW8EgvU85mCHP1/TC5Ms2jKAUvVBGSC7CGkwx7O0mSCujU+BYTD/1r1a2KdGyhvU5xVcMp0RMm7y25I+5ckWJUzrN2A3wO3ANJZ0PE6qk49316/XDyK0xn2C1EvFxT7nl/e/KTmCUBm/8Bx0suiAand4PhCbuMT8IcENCBEglwg0aEYTo2HkKmJFOkPzVjW0VAyXR4/NYjt0lAIGN7AsBVo+Wp2N3O+67eqA+wjMFV/6pAc8u0Pla7NfzCiM9hcgWH0+fKD+DJSiRU536gucBA0vXMWzjEzy6Hy2cn3j7fm6Q6B1MjVHzAmZqElPm3frGxv7eOTJzKS+YhqzPkBuF5wa0MUskmFd4aHt/zchSlMD183A3CmPxV7lwM+d0q0O7OoB8uH4AyM4DnkTvBP+jDxlEaVP85dbX0EHexmTLGweH2QL5W2stLNxGGPjROIMJRUz1yc=,iv:sTMh997U5saMDn6pvEmSjEv9czye1NhMPJOwrcb/JHs=,tag:56yLcBmZ0bu89cBTYHEFuw==,type:str]", "sops": { "age": [ { @@ -27,8 +27,8 @@ "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtU240VjVRZmJ5TGsrclJF\nRXRLbTRCZURtR0Z3d2E2eDNNeGRDODlXVEY4CllTeVFYbDJQWlRSS1RFLzAxSnlM\nZi9NU1c3cWo3YWRLcUJ2U2ZFWFBBVEEKLS0tIGtmZU9qSWdBT3RDeStaaFFDSWtk\ndkUzZXJwZUl4LzVxYXdidmxXRnNnclUKyAMZqCKSY/RQvTR4bbjLaPnGKwdBcHXc\nvtiVSrLdIdzMa6id/J07TJH5UesUmcp0wjU41MDa4aMBLy+cXhuBHA==\n-----END AGE ENCRYPTED FILE-----\n" } ], - "lastmodified": "2025-07-21T20:19:47Z", - "mac": "ENC[AES256_GCM,data:vInt6XxnE3LhpOS/Q9gKI9We9PhC5hWcDDUTQ8LjGbLeXmC3wZb3E1gk8xZZRSCHr87Mb5tFG4fuMYLBLF9TGzbW5fYE6QgyshtszQZTh6CrbxrIQT2AWPPnUkBn46bOT1NEcIi3/oMUPUlDm5DxM2VUX5WnbzNTjif1g/khhtg=,iv:vAK5b2WB+ly48b92/Nd+6JjkPSikVYOuGN2KdF0W1Q0=,tag:xBS8uvcoh1D89qIcXSuy6A==,type:str]", + "lastmodified": "2025-07-22T05:18:26Z", + "mac": "ENC[AES256_GCM,data:lxQFZ8hWrBepjVzeaBrHS4SpkwQzXyEvJu6fclWAvEby1w+eG7kMR3quHzD/F6zPoT3jLdFM3fSIhjVOSslSnut0pTtselvco23YtbYzEz1JK/mTGW6IytGQvZVH1HGM3lwHJ9G7jLPRUq5CBQr4zULtqZBO4rK+f9YnFChhPyY=,iv:DsgxvDPHWv8qHqYB3RXiVmZcZfdxI6iUFABHj2iE0Bg=,tag:KK0RYpLgyzVSQPYIr4DLTQ==,type:str]", "pgp": [ { "created_at": "2025-06-13T20:13:06Z", From a9218189150521687b72c37ff27ed3e4956e6194 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leon=20Schwarz=C3=A4ugl?= Date: Tue, 22 Jul 2025 08:49:31 +0200 Subject: [PATCH 15/16] feat: add popup frame from emacs --- SwarselSystems.org | 51 +++++++++++++++++++++++++++++++++--- files/emacs/init.el | 38 +++++++++++++++++++++++++++ modules/home/common/sway.nix | 8 +++--- 3 files changed, 91 insertions(+), 6 deletions(-) diff --git a/SwarselSystems.org b/SwarselSystems.org index 364adfa..de8a276 100644 --- a/SwarselSystems.org +++ b/SwarselSystems.org @@ -12851,8 +12851,6 @@ Currently, I am too lazy to explain every option here, but most of it is very se "${modifier}+Space" = "exec fuzzel"; "${modifier}+Shift+Space" = "floating toggle"; "${modifier}+e" = "exec emacsclient -nquc -a emacs -e \"(dashboard-open)\""; - "${modifier}+Shift+m" = "exec emacsclient -nquc -a emacs -e \"(mu4e)\""; - "${modifier}+Shift+c" = "exec emacsclient -nquc -a emacs -e \"(swarsel/open-calendar)\""; "${modifier}+m" = "exec swaymsg workspace back_and_forth"; "${modifier}+a" = "exec swarselcheck -s"; "${modifier}+x" = "exec swarselcheck -k"; @@ -12861,7 +12859,10 @@ Currently, I am too lazy to explain every option here, but most of it is very se "${modifier}+Shift+t" = "exec opacitytoggle"; "${modifier}+Shift+F12" = "move scratchpad"; "${modifier}+F12" = "scratchpad show"; - "${modifier}+c" = "exec qalculate-gtk"; + "${modifier}+Shift+c" = "exec qalculate-gtk"; + "${modifier}+c" = "emacsclient -e '(prot-window-popup-org-capture)'"; + "${modifier}+Shift+m" = "emacsclient -e '(prot-window-popup-mu4e)'"; + "${modifier}+Shift+a" = "emacsclient -e '(prot-window-popup-swarsel/open-calendar)'"; "${modifier}+p" = "exec pass-fuzzel"; "${modifier}+o" = "exec pass-fuzzel --otp"; "${modifier}+Shift+p" = "exec pass-fuzzel --type"; @@ -12994,6 +12995,7 @@ Currently, I am too lazy to explain every option here, but most of it is very se { title = "^Add$"; } { title = "^Picture-in-Picture$"; } { title = "Syncthing Tray"; } + { title = "Emacs Popup Frame"; } { title = "^spotifytui$"; } { title = "^kittyterm$"; } { app_id = "vesktop"; } @@ -20174,6 +20176,49 @@ This sets up the =dashboard=, which is really quite useless. But, it looks cool (add-hook 'comint-output-filter-functions 'comint-truncate-buffer) #+end_src +*** Popup frames + +#+begin_src emacs-lisp + (defun prot-window-delete-popup-frame (&rest _) + "Kill selected selected frame if it has parameter `prot-window-popup-frame'. + Use this function via a hook." + (when (frame-parameter nil 'prot-window-popup-frame) + (delete-frame))) + + (defmacro prot-window-define-with-popup-frame (command) + "Define interactive function which calls COMMAND in a new frame. + Make the new frame have the `prot-window-popup-frame' parameter." + `(defun ,(intern (format "prot-window-popup-%s" command)) () + ,(format "Run `%s' in a popup frame with `prot-window-popup-frame' parameter. + Also see `prot-window-delete-popup-frame'." command) + (interactive) + (let ((frame (make-frame '((prot-window-popup-frame . t))))) + (select-frame frame) + (modify-frame-parameters nil '((title . "Emacs Popup Frame"))) + (switch-to-buffer " prot-window-hidden-buffer-for-popup-frame") + (condition-case nil + (call-interactively ',command) + ((quit error user-error) + (delete-frame frame)))))) + + (declare-function org-capture "org-capture" (&optional goto keys)) + (defvar org-capture-after-finalize-hook) + ;;;###autoload (autoload 'prot-window-popup-org-capture "prot-window") + (prot-window-define-with-popup-frame org-capture) + (add-hook 'org-capture-after-finalize-hook #'prot-window-delete-popup-frame) + + (declare-function mu4e "mu4e" (&optional goto keys)) + ;;;###autoload (autoload 'prot-window-popup-mu4e "prot-window") + (prot-window-define-with-popup-frame mu4e) + (advice-add 'mu4e-quit :after #'prot-window-delete-popup-frame) + + (declare-function swarsel/open-calendar "swarsel/open-calendar" (&optional goto keys)) + ;;;###autoload (autoload 'prot-window-popup-swarsel/open-calendar "prot-window") + (prot-window-define-with-popup-frame swarsel/open-calendar) + (advice-add 'bury-buffer :after #'prot-window-delete-popup-frame) + +#+end_src + * Appendix A: Noweb-Ref blocks :PROPERTIES: :CUSTOM_ID: h:dae0c5bb-edb7-4fe4-ae31-9f8f064cc53c diff --git a/files/emacs/init.el b/files/emacs/init.el index 4c024ee..d9c090a 100644 --- a/files/emacs/init.el +++ b/files/emacs/init.el @@ -1709,3 +1709,41 @@ create a new one." (setq message-log-max 30) (setq comint-buffer-maximum-size 50) (add-hook 'comint-output-filter-functions 'comint-truncate-buffer) + +(defun prot-window-delete-popup-frame (&rest _) + "Kill selected selected frame if it has parameter `prot-window-popup-frame'. +Use this function via a hook." + (when (frame-parameter nil 'prot-window-popup-frame) + (delete-frame))) + +(defmacro prot-window-define-with-popup-frame (command) + "Define interactive function which calls COMMAND in a new frame. +Make the new frame have the `prot-window-popup-frame' parameter." + `(defun ,(intern (format "prot-window-popup-%s" command)) () + ,(format "Run `%s' in a popup frame with `prot-window-popup-frame' parameter. +Also see `prot-window-delete-popup-frame'." command) + (interactive) + (let ((frame (make-frame '((prot-window-popup-frame . t))))) + (select-frame frame) + (modify-frame-parameters nil '((title . "Emacs Popup Frame"))) + (switch-to-buffer " prot-window-hidden-buffer-for-popup-frame") + (condition-case nil + (call-interactively ',command) + ((quit error user-error) + (delete-frame frame)))))) + +(declare-function org-capture "org-capture" (&optional goto keys)) +(defvar org-capture-after-finalize-hook) +;;;###autoload (autoload 'prot-window-popup-org-capture "prot-window") +(prot-window-define-with-popup-frame org-capture) +(add-hook 'org-capture-after-finalize-hook #'prot-window-delete-popup-frame) + +(declare-function mu4e "mu4e" (&optional goto keys)) +;;;###autoload (autoload 'prot-window-popup-mu4e "prot-window") +(prot-window-define-with-popup-frame mu4e) +(advice-add 'mu4e-quit :after #'prot-window-delete-popup-frame) + +(declare-function swarsel/open-calendar "swarsel/open-calendar" (&optional goto keys)) +;;;###autoload (autoload 'prot-window-popup-swarsel/open-calendar "prot-window") +(prot-window-define-with-popup-frame swarsel/open-calendar) +(advice-add 'bury-buffer :after #'prot-window-delete-popup-frame) diff --git a/modules/home/common/sway.nix b/modules/home/common/sway.nix index 3dd5363..bb429dc 100644 --- a/modules/home/common/sway.nix +++ b/modules/home/common/sway.nix @@ -117,8 +117,6 @@ in "${modifier}+Space" = "exec fuzzel"; "${modifier}+Shift+Space" = "floating toggle"; "${modifier}+e" = "exec emacsclient -nquc -a emacs -e \"(dashboard-open)\""; - "${modifier}+Shift+m" = "exec emacsclient -nquc -a emacs -e \"(mu4e)\""; - "${modifier}+Shift+c" = "exec emacsclient -nquc -a emacs -e \"(swarsel/open-calendar)\""; "${modifier}+m" = "exec swaymsg workspace back_and_forth"; "${modifier}+a" = "exec swarselcheck -s"; "${modifier}+x" = "exec swarselcheck -k"; @@ -127,7 +125,10 @@ in "${modifier}+Shift+t" = "exec opacitytoggle"; "${modifier}+Shift+F12" = "move scratchpad"; "${modifier}+F12" = "scratchpad show"; - "${modifier}+c" = "exec qalculate-gtk"; + "${modifier}+Shift+c" = "exec qalculate-gtk"; + "${modifier}+c" = "emacsclient -e '(prot-window-popup-org-capture)'"; + "${modifier}+Shift+m" = "emacsclient -e '(prot-window-popup-mu4e)'"; + "${modifier}+Shift+a" = "emacsclient -e '(prot-window-popup-swarsel/open-calendar)'"; "${modifier}+p" = "exec pass-fuzzel"; "${modifier}+o" = "exec pass-fuzzel --otp"; "${modifier}+Shift+p" = "exec pass-fuzzel --type"; @@ -260,6 +261,7 @@ in { title = "^Add$"; } { title = "^Picture-in-Picture$"; } { title = "Syncthing Tray"; } + { title = "Emacs Popup Frame"; } { title = "^spotifytui$"; } { title = "^kittyterm$"; } { app_id = "vesktop"; } From 06ec1df09a1f313ce543380feeab3d8651e63a8f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leon=20Schwarz=C3=A4ugl?= Date: Tue, 22 Jul 2025 21:27:13 +0200 Subject: [PATCH 16/16] feat: improve emergency access --- SwarselSystems.org | 125 +++++++++++++++++-------- modules/nixos/common/boot.nix | 25 +++++ modules/nixos/common/globals.nix | 6 ++ modules/nixos/common/users.nix | 22 +++-- nix/globals.nix | 1 + profiles/nixos/localserver/default.nix | 1 + profiles/nixos/minimal/default.nix | 1 + profiles/nixos/moonside/default.nix | 1 + profiles/nixos/personal/default.nix | 1 + profiles/nixos/reduced/default.nix | 1 + profiles/nixos/syncserver/default.nix | 1 + secrets/repo/globals.nix.enc | 6 +- 12 files changed, 142 insertions(+), 49 deletions(-) create mode 100644 modules/nixos/common/boot.nix diff --git a/SwarselSystems.org b/SwarselSystems.org index de8a276..282c040 100644 --- a/SwarselSystems.org +++ b/SwarselSystems.org @@ -782,6 +782,7 @@ Lastly, in order make this actually available to my configurations, i use the =i domains services user + root ; }; }; @@ -3740,53 +3741,59 @@ in inherit (lib) mkOption types - ; + ; in { - options = { - globals = mkOption { - default = { }; - type = types.submodule { - options = { - user = { - name = mkOption { - type = types.str; - }; - work = mkOption { - type = types.str; - }; + options = { + globals = mkOption { + default = { }; + type = types.submodule { + options = { + root = { + hashedPassword = mkOption { + type = types.str; }; + }; + + user = { + name = mkOption { + type = types.str; + }; + work = mkOption { + type = types.str; + }; + }; - services = mkOption { - type = types.attrsOf ( - types.submodule { - options = { - domain = mkOption { - type = types.str; - }; + services = mkOption { + type = types.attrsOf ( + types.submodule { + options = { + domain = mkOption { + type = types.str; }; - } - ); - }; + }; + } + ); + }; - domains = { - main = mkOption { - type = types.str; - }; + domains = { + main = mkOption { + type = types.str; }; }; }; }; - - _globalsDefs = mkOption { - type = types.unspecified; - default = options.globals.definitions; - readOnly = true; - internal = true; - }; }; - } + + _globalsDefs = mkOption { + type = types.unspecified; + default = options.globals.definitions; + readOnly = true; + internal = true; + }; + }; + } #+end_src **** Meta options (options only) @@ -4065,7 +4072,7 @@ In case of using a fully setup system, this makes also sure that no further user For that reason, make sure that =sops-nix= is properly working before finishing the minimal setup, otherwise we might lose user access. The bootstrapping script takes care of this. #+begin_src nix-ts :tangle modules/nixos/common/users.nix - { self, pkgs, config, lib, minimal, ... }: + { self, pkgs, config, lib, globals, minimal, ... }: let sopsFile = self + /secrets/general/secrets.yaml; in @@ -4076,13 +4083,19 @@ For that reason, make sure that =sops-nix= is properly working before finishing users = { mutableUsers = lib.mkIf (!minimal) false; - users."${config.swarselsystems.mainUser}" = { + users = { + root = { + inherit (globals.root) hashedPassword; + shell = pkgs.zsh; + }; + "${config.swarselsystems.mainUser}" = { isNormalUser = true; description = "Leon S"; password = lib.mkIf (minimal || config.swarselsystems.isPublic) "setup"; hashedPasswordFile = lib.mkIf (!minimal && !config.swarselsystems.isPublic) config.sops.secrets.main-user-hashed-pw.path; extraGroups = [ "wheel" ] ++ lib.optionals (!minimal) [ "networkmanager" "syncthing" "docker" "lp" "audio" "video" "vboxusers" "libvirtd" "scanner" ]; packages = with pkgs; [ ]; + }; }; }; }; @@ -4261,6 +4274,36 @@ This dynamically uses systemd boot or Lanzaboote depending on the minimal system } #+end_src +**** Boot + +#+begin_src nix-ts :tangle modules/nixos/common/boot.nix + { lib, pkgs, config, globals, ... }: + { + options.swarselmodules.boot = lib.mkEnableOption "boot config"; + config = lib.mkIf config.swarselmodules.boot { + boot = { + initrd.systemd = { + enable = true; + emergencyAccess = globals.root.hashedPassword; + users.root.shell = "${pkgs.bashInteractive}/bin/bash"; + storePaths = [ "${pkgs.bashInteractive}/bin/bash" ]; + extraBin = { + ip = "${pkgs.iproute2}/bin/ip"; + ping = "${pkgs.iputils}/bin/ping"; + cryptsetup = "${pkgs.cryptsetup}/bin/cryptsetup"; + }; + }; + kernelParams = [ "log_buf_len=16M" ]; + tmp.useTmpfs = true; + loader.timeout = lib.mkDefault 2; + }; + + console.earlySetup = true; + + }; + } +#+end_src + **** Impermanence :PROPERTIES: :CUSTOM_ID: h:e7668594-fa8b-4d36-a695-a58222478988 @@ -5730,7 +5773,7 @@ This allows me to use screen sharing on Wayland. The implementation is a bit cru } #+end_src -**** Podmam (distrobox) +**** Podman (distrobox) :PROPERTIES: :CUSTOM_ID: h:1bef3914-a258-4585-b232-e0fbe9e7a9b5 :END: @@ -16204,6 +16247,7 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a lowBattery = lib.mkDefault true; lanzaboote = lib.mkDefault true; autologin = lib.mkDefault true; + boot = lib.mkDefault true; optional = { gaming = lib.mkDefault true; @@ -16279,6 +16323,7 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a lowBattery = lib.mkDefault true; lanzaboote = lib.mkDefault true; autologin = lib.mkDefault true; + boot = lib.mkDefault true; server = { ssh = lib.mkDefault true; @@ -16320,6 +16365,7 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a zsh = lib.mkDefault true; yubikey = lib.mkDefault true; autologin = lib.mkDefault true; + boot = lib.mkDefault true; server = { ssh = lib.mkDefault true; @@ -16583,6 +16629,7 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a time = lib.mkDefault true; users = lib.mkDefault true; sops = lib.mkDefault true; + boot = lib.mkDefault true; server = { general = lib.mkDefault true; packages = lib.mkDefault true; @@ -16639,6 +16686,7 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a time = lib.mkDefault true; users = lib.mkDefault true; sops = lib.mkDefault true; + boot = lib.mkDefault true; server = { general = lib.mkDefault true; packages = lib.mkDefault true; @@ -16672,6 +16720,7 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a users = lib.mkDefault true; impermanence = lib.mkDefault true; sops = lib.mkDefault true; + boot = lib.mkDefault true; server = { general = lib.mkDefault true; packages = lib.mkDefault true; diff --git a/modules/nixos/common/boot.nix b/modules/nixos/common/boot.nix new file mode 100644 index 0000000..758f29c --- /dev/null +++ b/modules/nixos/common/boot.nix @@ -0,0 +1,25 @@ +{ lib, pkgs, config, globals, ... }: +{ + options.swarselmodules.boot = lib.mkEnableOption "boot config"; + config = lib.mkIf config.swarselmodules.boot { + boot = { + initrd.systemd = { + enable = true; + emergencyAccess = globals.root.hashedPassword; + users.root.shell = "${pkgs.bashInteractive}/bin/bash"; + storePaths = [ "${pkgs.bashInteractive}/bin/bash" ]; + extraBin = { + ip = "${pkgs.iproute2}/bin/ip"; + ping = "${pkgs.iputils}/bin/ping"; + cryptsetup = "${pkgs.cryptsetup}/bin/cryptsetup"; + }; + }; + kernelParams = [ "log_buf_len=16M" ]; + tmp.useTmpfs = true; + loader.timeout = lib.mkDefault 2; + }; + + console.earlySetup = true; + + }; +} diff --git a/modules/nixos/common/globals.nix b/modules/nixos/common/globals.nix index 74fcf6a..24e3793 100644 --- a/modules/nixos/common/globals.nix +++ b/modules/nixos/common/globals.nix @@ -11,6 +11,12 @@ in default = { }; type = types.submodule { options = { + root = { + hashedPassword = mkOption { + type = types.str; + }; + }; + user = { name = mkOption { type = types.str; diff --git a/modules/nixos/common/users.nix b/modules/nixos/common/users.nix index de19aa6..29d3afb 100644 --- a/modules/nixos/common/users.nix +++ b/modules/nixos/common/users.nix @@ -1,4 +1,4 @@ -{ self, pkgs, config, lib, minimal, ... }: +{ self, pkgs, config, lib, globals, minimal, ... }: let sopsFile = self + /secrets/general/secrets.yaml; in @@ -9,13 +9,19 @@ in users = { mutableUsers = lib.mkIf (!minimal) false; - users."${config.swarselsystems.mainUser}" = { - isNormalUser = true; - description = "Leon S"; - password = lib.mkIf (minimal || config.swarselsystems.isPublic) "setup"; - hashedPasswordFile = lib.mkIf (!minimal && !config.swarselsystems.isPublic) config.sops.secrets.main-user-hashed-pw.path; - extraGroups = [ "wheel" ] ++ lib.optionals (!minimal) [ "networkmanager" "syncthing" "docker" "lp" "audio" "video" "vboxusers" "libvirtd" "scanner" ]; - packages = with pkgs; [ ]; + users = { + root = { + inherit (globals.root) hashedPassword; + shell = pkgs.zsh; + }; + "${config.swarselsystems.mainUser}" = { + isNormalUser = true; + description = "Leon S"; + password = lib.mkIf (minimal || config.swarselsystems.isPublic) "setup"; + hashedPasswordFile = lib.mkIf (!minimal && !config.swarselsystems.isPublic) config.sops.secrets.main-user-hashed-pw.path; + extraGroups = [ "wheel" ] ++ lib.optionals (!minimal) [ "networkmanager" "syncthing" "docker" "lp" "audio" "video" "vboxusers" "libvirtd" "scanner" ]; + packages = with pkgs; [ ]; + }; }; }; }; diff --git a/nix/globals.nix b/nix/globals.nix index d1f0c77..77d5e01 100644 --- a/nix/globals.nix +++ b/nix/globals.nix @@ -55,6 +55,7 @@ domains services user + root ; }; }; diff --git a/profiles/nixos/localserver/default.nix b/profiles/nixos/localserver/default.nix index e3577e5..ada2738 100644 --- a/profiles/nixos/localserver/default.nix +++ b/profiles/nixos/localserver/default.nix @@ -10,6 +10,7 @@ time = lib.mkDefault true; users = lib.mkDefault true; sops = lib.mkDefault true; + boot = lib.mkDefault true; server = { general = lib.mkDefault true; packages = lib.mkDefault true; diff --git a/profiles/nixos/minimal/default.nix b/profiles/nixos/minimal/default.nix index d7afc1e..9929e27 100644 --- a/profiles/nixos/minimal/default.nix +++ b/profiles/nixos/minimal/default.nix @@ -16,6 +16,7 @@ zsh = lib.mkDefault true; yubikey = lib.mkDefault true; autologin = lib.mkDefault true; + boot = lib.mkDefault true; server = { ssh = lib.mkDefault true; diff --git a/profiles/nixos/moonside/default.nix b/profiles/nixos/moonside/default.nix index d365d4c..cf80ece 100644 --- a/profiles/nixos/moonside/default.nix +++ b/profiles/nixos/moonside/default.nix @@ -11,6 +11,7 @@ users = lib.mkDefault true; impermanence = lib.mkDefault true; sops = lib.mkDefault true; + boot = lib.mkDefault true; server = { general = lib.mkDefault true; packages = lib.mkDefault true; diff --git a/profiles/nixos/personal/default.nix b/profiles/nixos/personal/default.nix index 580f2af..c34af54 100644 --- a/profiles/nixos/personal/default.nix +++ b/profiles/nixos/personal/default.nix @@ -44,6 +44,7 @@ lowBattery = lib.mkDefault true; lanzaboote = lib.mkDefault true; autologin = lib.mkDefault true; + boot = lib.mkDefault true; optional = { gaming = lib.mkDefault true; diff --git a/profiles/nixos/reduced/default.nix b/profiles/nixos/reduced/default.nix index 0a64002..71bce91 100644 --- a/profiles/nixos/reduced/default.nix +++ b/profiles/nixos/reduced/default.nix @@ -44,6 +44,7 @@ lowBattery = lib.mkDefault true; lanzaboote = lib.mkDefault true; autologin = lib.mkDefault true; + boot = lib.mkDefault true; server = { ssh = lib.mkDefault true; diff --git a/profiles/nixos/syncserver/default.nix b/profiles/nixos/syncserver/default.nix index 7c28a4b..b511dd5 100644 --- a/profiles/nixos/syncserver/default.nix +++ b/profiles/nixos/syncserver/default.nix @@ -11,6 +11,7 @@ time = lib.mkDefault true; users = lib.mkDefault true; sops = lib.mkDefault true; + boot = lib.mkDefault true; server = { general = lib.mkDefault true; packages = lib.mkDefault true; diff --git a/secrets/repo/globals.nix.enc b/secrets/repo/globals.nix.enc index 00450be..64a35db 100644 --- a/secrets/repo/globals.nix.enc +++ b/secrets/repo/globals.nix.enc @@ -1,5 +1,5 @@ { - "data": "ENC[AES256_GCM,data:PW4DwwvVLuaUtuvJr/h+Zx+8V1i1D3hVlATFr5yI5nykn7T/ZLf7lJFYJGqms9DHExxiGmYNWCXkFrRqOnKpBajxUuuljaE0Yd4bxIga4hF5KC+nJS5BGT9tVOQfp/sopJvp7QjxLKBcZcZ9uya2+DhxJdhmtRUj5A04ze68PsQMl4zuU7Y=,iv:1rblF4XnYDHpwz0Sl6E/3Xd9ITP5KWC8Qm5Ghf+TaTI=,tag:JmxpswTJZO7y9D4hQEn1Gw==,type:str]", + "data": "ENC[AES256_GCM,data:8qexHpKJg6o1Fb9H50I3H25UOpNFs2sQl2hd3B2hdJRTjc96aVgTgI838Fnn7G6mFBpHqP0SFCU0/CP6SKqbhJ6SucrfpQN/RqZlSCxmuZi3sqv3voNd7/5JzY0D/5XUTfzHkeEA34HS0GcNLLY7m+QskfJdqGSMB5P++88xCNETqv+sRPVegm1ZGttj+tttesLkAcIU0556WiQhyIcpR4ZiO75NWRFerOmb4LxADR+bwBfesfGUfjflsqOSJll17N9SECSWE7o75Ojn+yde/EznK+zQlsCYvPp90d2xU6dpdRNtp9jrjvXvEVCmcwjIqIKXqurc2CU=,iv:xBYgbmjHwhbH+7WR5MLVysrChxr6rERo6WZuu07sUS0=,tag:vMoMu9mrrGRTA3oO2wsnWw==,type:str]", "sops": { "age": [ { @@ -27,8 +27,8 @@ "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBibGlMSU4vUEF5UlNVZzlr\nMTMyOFY2Zi8rZFdZT1JrelZEUUZkZHFvOFdzCjVPbVovaU9nZklJQWNZeDJZNm0r\nMXBIK2hsZEY0NElxTVVMWmN6WU1Ld28KLS0tIENaallkK05SMllia3prV25hZDR2\nZDBNU0dYYnJESG1JZGpvSGp1WW9UMVEKJgfdLp7BRXvyAekecNJiaBXmxSj1qNxx\nZeHceqEkfWV/PzX+RP4LHjXTQCLEOJijbKxDmxSsYq49hC9xjZASuw==\n-----END AGE ENCRYPTED FILE-----\n" } ], - "lastmodified": "2025-07-03T16:55:42Z", - "mac": "ENC[AES256_GCM,data:+k6CeK5XiwsJJtvqr/NnRQvERqsV46tQoDnY6L5ptKQLyhMC8HPhrfn/LTJmRNqA8VXaDwSqm8zn+l8mJK55P/kZeeuLSmsvSYIgKlbp6naAbhyWM/q7IsT1fOAmFGKuG5nKaOy+ufxaXwIWWRPejmi9i+gmEw2FOTNimwyOqwc=,iv:q6P6QuipKMGc5i5oZ7XoU/qkbgo4X/SejfJUorAGb1M=,tag:sGfym1AaYAYHEzwDC5Dgsg==,type:str]", + "lastmodified": "2025-07-22T17:19:04Z", + "mac": "ENC[AES256_GCM,data:r1h9ouXb8o8Vk3/l3SX6hxbPApMn4BcCIs52Jhv9s9RYURMGb9qqPipbX7yFIYDBMka2qJJ0BneJz2EI60nTxx+QqATImR2oot2U6iONrelgs+AL3We//xpHOVHSxQ9XMmeEOcVqXEU3u843jV1RElxarRCwB9yM6IWTPx2qNzA=,iv:bS571Ddgz6Fbhyxy2bL/087ZTD7egcvPoLXD9uF8aN0=,tag:HJBI6G6ivRHhJMXYrNhIKw==,type:str]", "pgp": [ { "created_at": "2025-07-02T12:10:18Z",