swarsel/.dotfiles
1
0
Fork 0
mirror of https://github.com/Swarsel/.dotfiles.git synced 2025-12-06 09:07:21 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Compare commits

base: swarsel:64e6a9c1599004c002e4c12926898ba5232fb513
Branches Tags
swarsel:main
swarsel:feat/router
swarsel:feat/nixos-dns
swarsel:test-extra-modules
swarsel:feat/microvm-preparation
swarsel:v1.1.4
swarsel:v1.1.3
swarsel:v1.1.2
swarsel:v1.1.1
swarsel:v1.1.0
swarsel:v1.0.0
swarsel:v0.1.0
swarsel:v1.0.0-1
..
compare: swarsel:35f108e3fcc6ee620db080ee74cb30b7c6c59117
Branches Tags
swarsel:feat/router
swarsel:main
swarsel:feat/nixos-dns
swarsel:test-extra-modules
swarsel:feat/microvm-preparation
swarsel:v1.1.4
swarsel:v1.1.3
swarsel:v1.1.2
swarsel:v1.1.1
swarsel:v1.1.0
swarsel:v1.0.0
swarsel:v0.1.0
swarsel:v1.0.0-1

No commits in common. "64e6a9c1599004c002e4c12926898ba5232fb513" and "35f108e3fcc6ee620db080ee74cb30b7c6c59117" have entirely different histories.
64e6a9c159 ... 35f108e3fc

21 changed files with 888 additions and 1089 deletions
Download patch file Download diff file Expand all files Collapse all files

985
SwarselSystems.org
View file

File diff suppressed because it is too large Load diff

6
flake.lock generated
View file

@ -6365,11 +6365,11 @@
}, },
"nixpkgs-dev": { "nixpkgs-dev": {
"locked": { "locked": {
"lastModified": 1761589965, "lastModified": 1759233809,
"narHash": "sha256-ZtypYmGwo7wUOo88UKVAdUZCYCpvFM8O0bEmI7+NW5k=", "narHash": "sha256-ww6JlKuclxzcBb+cb4GCnVw4PtI+7xd3J9/ctINWKeA=",
"owner": "Swarsel", "owner": "Swarsel",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "ed3254fbd834e5bfbf6bc9586d57307a92f1a269", "rev": "d3e334a2a4f9d50568bf03ec62cd445faac7ce9e",
"type": "github" "type": "github"
}, },
"original": { "original": {

4
hosts/home/treehouse/default.nix
View file

@ -2,8 +2,8 @@
{ {
imports = [ imports = [
inputs.stylix.homeModules.stylix inputs.stylix.homeManagerModules.stylix
# inputs.sops-nix.homeManagerModules.sops inputs.sops-nix.homeManagerModules.sops
inputs.nix-index-database.homeModules.nix-index inputs.nix-index-database.homeModules.nix-index
"${self}/modules/home" "${self}/modules/home"
"${self}/modules/nixos/common/pii.nix" "${self}/modules/nixos/common/pii.nix"

109
modules/home/common/anki.nix
View file

@ -1,66 +1,65 @@
{ lib, config, pkgs, globals, inputs, nixosConfig ? config, ... }: { lib, config, pkgs, globals, nixosConfig ? config, ... }:
let let
moduleName = "anki"; moduleName = "anki";
inherit (config.swarselsystems) isPublic isNixos; inherit (config.swarselsystems) isPublic isNixos;
in in
{ {
options.swarselmodules.${moduleName} = lib.mkEnableOption "enable ${moduleName} and settings"; options.swarselmodules.${moduleName} = lib.mkEnableOption "enable ${moduleName} and settings";
config = lib.mkIf config.swarselmodules.${moduleName} config = lib.mkIf config.swarselmodules.${moduleName} {
({
programs.anki = { sops = lib.mkIf (!isPublic && !isNixos) {
enable = true; secrets = {
# # package = pkgs.anki; anki-user = { };
hideBottomBar = true; anki-pw = { };
hideBottomBarMode = "always";
hideTopBar = true;
hideTopBarMode = "always";
reduceMotion = true;
spacebarRatesCard = true;
# videoDriver = "opengl";
sync = {
autoSync = false; # sync on profile close will delay system shutdown
syncMedia = true;
autoSyncMediaMinutes = 5;
url = "https://${globals.services.ankisync.domain}";
usernameFile = nixosConfig.sops.secrets.anki-user.path;
# this is not the password but the syncKey
# get it by logging in or out, saving preferences and then
# show details on the "settings wont be saved" dialog
keyFile = nixosConfig.sops.secrets.anki-pw.path;
};
addons =
let
minimize-to-tray = pkgs.anki-utils.buildAnkiAddon
(finalAttrs: {
pname = "minimize-to-tray";
version = "2.0.1";
src = pkgs.fetchFromGitHub {
owner = "simgunz";
repo = "anki21-addons_minimize-to-tray";
rev = finalAttrs.version;
sparseCheckout = [ "src" ];
hash = "sha256-xmvbIOfi9K0yEUtUNKtuvv2Vmqrkaa4Jie6J1s+FuqY=";
};
sourceRoot = "${finalAttrs.src.name}/src";
});
in
[
(minimize-to-tray.withConfig
{
config = {
hide_on_startup = "true";
};
})
];
}; };
} // lib.optionalAttrs (inputs ? sops) { };
sops = lib.mkIf (!isPublic && !isNixos) {
secrets = { programs.anki = {
anki-user = { }; enable = true;
anki-pw = { }; # # package = pkgs.anki;
}; hideBottomBar = true;
hideBottomBarMode = "always";
hideTopBar = true;
hideTopBarMode = "always";
reduceMotion = true;
spacebarRatesCard = true;
# videoDriver = "opengl";
sync = {
autoSync = false; # sync on profile close will delay system shutdown
syncMedia = true;
autoSyncMediaMinutes = 5;
url = "https://${globals.services.ankisync.domain}";
usernameFile = nixosConfig.sops.secrets.anki-user.path;
# this is not the password but the syncKey
# get it by logging in or out, saving preferences and then
# show details on the "settings wont be saved" dialog
keyFile = nixosConfig.sops.secrets.anki-pw.path;
}; };
}); addons =
let
minimize-to-tray = pkgs.anki-utils.buildAnkiAddon
(finalAttrs: {
pname = "minimize-to-tray";
version = "2.0.1";
src = pkgs.fetchFromGitHub {
owner = "simgunz";
repo = "anki21-addons_minimize-to-tray";
rev = finalAttrs.version;
sparseCheckout = [ "src" ];
hash = "sha256-xmvbIOfi9K0yEUtUNKtuvv2Vmqrkaa4Jie6J1s+FuqY=";
};
sourceRoot = "${finalAttrs.src.name}/src";
});
in
[
(minimize-to-tray.withConfig
{
config = {
hide_on_startup = "true";
};
})
];
};
};
} }

37
modules/home/common/emacs.nix
View file

@ -5,8 +5,23 @@ let
in in
{ {
options.swarselmodules.emacs = lib.mkEnableOption "emacs settings"; options.swarselmodules.emacs = lib.mkEnableOption "emacs settings";
config = lib.mkIf config.swarselmodules.emacs ({ config = lib.mkIf config.swarselmodules.emacs {
# needed for elfeed # needed for elfeed
sops = lib.mkIf (!isPublic && !isNixos) {
secrets = {
fever-pw = { path = "${homeDir}/.emacs.d/.fever"; };
emacs-radicale-pw = { };
};
templates = {
authinfo = {
path = "${homeDir}/.emacs.d/.authinfo";
content = ''
machine ${globals.services.radicale.domain} login ${radicaleUser} password ${config.sops.placeholder.emacs-radicale-pw}
'';
};
};
};
# enable emacs overlay for bleeding edge features # enable emacs overlay for bleeding edge features
# also read init.el file and install use-package packages # also read init.el file and install use-package packages
programs.emacs = { programs.emacs = {
@ -76,23 +91,5 @@ in
socketActivation.enable = false; socketActivation.enable = false;
startWithUserSession = "graphical"; startWithUserSession = "graphical";
}; };
};
} // lib.optionalAttrs (inputs ? sops) {
sops = lib.mkIf (!isPublic && !isNixos) {
secrets = {
fever-pw = { path = "${homeDir}/.emacs.d/.fever"; };
emacs-radicale-pw = { };
};
templates = {
authinfo = {
path = "${homeDir}/.emacs.d/.authinfo";
content = ''
machine ${globals.services.radicale.domain} login ${radicaleUser} password ${config.sops.placeholder.emacs-radicale-pw}
'';
};
};
};
});
} }

311
modules/home/common/mail.nix
View file

@ -1,4 +1,4 @@
{ lib, config, inputs, nixosConfig ? config, ... }: { lib, config, nixosConfig ? config, ... }:
let let
inherit (nixosConfig.repo.secrets.common.mail) address1 address2 address2-name address3 address3-name address4 address4-user address4-host; inherit (nixosConfig.repo.secrets.common.mail) address1 address2 address2-name address3 address3-name address4 address4-user address4-host;
inherit (nixosConfig.repo.secrets.common) fullName; inherit (nixosConfig.repo.secrets.common) fullName;
@ -6,187 +6,186 @@ let
in in
{ {
options.swarselmodules.mail = lib.mkEnableOption "mail settings"; options.swarselmodules.mail = lib.mkEnableOption "mail settings";
config = lib.mkIf config.swarselmodules.mail config = lib.mkIf config.swarselmodules.mail {
({
programs = { sops.secrets = lib.mkIf (!config.swarselsystems.isPublic && !config.swarselsystems.isNixos) {
mbsync = { address1-token = { path = "${xdgDir}/secrets/address1-token"; };
enable = true; address2-token = { path = "${xdgDir}/secrets/address2-token"; };
}; address3-token = { path = "${xdgDir}/secrets/address3-token"; };
msmtp = { address4-token = { path = "${xdgDir}/secrets/address4-token"; };
enable = true; };
};
mu = {
enable = true;
};
};
services.mbsync = { programs = {
mbsync = {
enable = true; enable = true;
}; };
# this is needed so that mbsync can use the passwords from sops msmtp = {
systemd.user.services.mbsync.Unit.After = [ "sops-nix.service" ];
programs.thunderbird = {
enable = true; enable = true;
profiles.default = { };
isDefault = true; mu = {
withExternalGnupg = true; enable = true;
settings = { };
"mail.identity.default.archive_enabled" = true; };
"mail.identity.default.archive_keep_folder_structure" = true;
"mail.identity.default.compose_html" = false;
"mail.identity.default.protectSubject" = true;
"mail.identity.default.reply_on_top" = 1;
"mail.identity.default.sig_on_reply" = false;
"mail.identity.default.sig_bottom" = false;
"gfx.webrender.all" = true; services.mbsync = {
"gfx.webrender.enabled" = true; enable = true;
}; };
}; # this is needed so that mbsync can use the passwords from sops
systemd.user.services.mbsync.Unit.After = [ "sops-nix.service" ];
programs.thunderbird = {
enable = true;
profiles.default = {
isDefault = true;
withExternalGnupg = true;
settings = { settings = {
"mail.server.default.allow_utf8_accept" = true; "mail.identity.default.archive_enabled" = true;
"mail.server.default.max_articles" = 1000; "mail.identity.default.archive_keep_folder_structure" = true;
"mail.server.default.check_all_folders_for_new" = true; "mail.identity.default.compose_html" = false;
"mail.show_headers" = 1; "mail.identity.default.protectSubject" = true;
"mail.identity.default.auto_quote" = true; "mail.identity.default.reply_on_top" = 1;
"mail.identity.default.attachPgpKey" = true; "mail.identity.default.sig_on_reply" = false;
"mailnews.default_sort_order" = 2; "mail.identity.default.sig_bottom" = false;
"mailnews.default_sort_type" = 18;
"mailnews.default_view_flags" = 0; "gfx.webrender.all" = true;
"mailnews.sort_threads_by_root" = true; "gfx.webrender.enabled" = true;
"mailnews.headers.showMessageId" = true;
"mailnews.headers.showOrganization" = true;
"mailnews.headers.showReferences" = true;
"mailnews.headers.showUserAgent" = true;
"mail.imap.expunge_after_delete" = true;
"mail.server.default.delete_model" = 2;
"mail.warn_on_delete_from_trash" = false;
"mail.warn_on_shift_delete" = false;
"toolkit.telemetry.enabled" = false;
"toolkit.telemetry.rejected" = true;
"toolkit.telemetry.prompted" = 2;
"app.update.auto" = false;
"privacy.donottrackheader.enabled" = true;
}; };
}; };
xdg.mimeApps.defaultApplications = { settings = {
"x-scheme-handler/mailto" = [ "thunderbird.desktop" ]; "mail.server.default.allow_utf8_accept" = true;
"x-scheme-handler/mid" = [ "thunderbird.desktop" ]; "mail.server.default.max_articles" = 1000;
"message/rfc822" = [ "thunderbird.desktop" ]; "mail.server.default.check_all_folders_for_new" = true;
"mail.show_headers" = 1;
"mail.identity.default.auto_quote" = true;
"mail.identity.default.attachPgpKey" = true;
"mailnews.default_sort_order" = 2;
"mailnews.default_sort_type" = 18;
"mailnews.default_view_flags" = 0;
"mailnews.sort_threads_by_root" = true;
"mailnews.headers.showMessageId" = true;
"mailnews.headers.showOrganization" = true;
"mailnews.headers.showReferences" = true;
"mailnews.headers.showUserAgent" = true;
"mail.imap.expunge_after_delete" = true;
"mail.server.default.delete_model" = 2;
"mail.warn_on_delete_from_trash" = false;
"mail.warn_on_shift_delete" = false;
"toolkit.telemetry.enabled" = false;
"toolkit.telemetry.rejected" = true;
"toolkit.telemetry.prompted" = 2;
"app.update.auto" = false;
"privacy.donottrackheader.enabled" = true;
}; };
};
accounts = lib.mkIf (config.swarselsystems.isNixos && !config.swarselsystems.isPublic) { xdg.mimeApps.defaultApplications = {
email = "x-scheme-handler/mailto" = [ "thunderbird.desktop" ];
let "x-scheme-handler/mid" = [ "thunderbird.desktop" ];
defaultSettings = { "message/rfc822" = [ "thunderbird.desktop" ];
imap = { };
host = "imap.gmail.com";
port = 993; accounts = lib.mkIf (config.swarselsystems.isNixos && !config.swarselsystems.isPublic) {
tls.enable = true; # SSL/TLS email =
let
defaultSettings = {
imap = {
host = "imap.gmail.com";
port = 993;
tls.enable = true; # SSL/TLS
};
smtp = {
host = "smtp.gmail.com";
port = 465;
tls.enable = true; # SSL/TLS
};
thunderbird = {
enable = true;
profiles = [ "default" ];
};
mu.enable = true;
msmtp = {
enable = true;
};
mbsync = {
enable = true;
create = "maildir";
expunge = "both";
patterns = [ "*" "![Gmail]*" "[Gmail]/Sent Mail" "[Gmail]/Starred" "[Gmail]/All Mail" ];
extraConfig = {
channel = {
Sync = "All";
};
account = {
Timeout = 120;
PipelineDepth = 1;
AuthMechs = "LOGIN";
};
}; };
};
};
in
{
maildirBasePath = "Mail";
accounts = {
swarsel = {
address = address4;
userName = address4-user;
realName = fullName;
passwordCommand = "cat ${nixosConfig.sops.secrets.address4-token.path}";
smtp = { smtp = {
host = "smtp.gmail.com"; host = address4-host;
port = 465; port = 587;
tls.enable = true; # SSL/TLS tls = {
enable = true;
useStartTls = true;
};
}; };
thunderbird = { mu.enable = false;
enable = true;
profiles = [ "default" ];
};
mu.enable = true;
msmtp = { msmtp = {
enable = true; enable = true;
}; };
mbsync = { mbsync = {
enable = true; enable = false;
create = "maildir";
expunge = "both";
patterns = [ "*" "![Gmail]*" "[Gmail]/Sent Mail" "[Gmail]/Starred" "[Gmail]/All Mail" ];
extraConfig = {
channel = {
Sync = "All";
};
account = {
Timeout = 120;
PipelineDepth = 1;
AuthMechs = "LOGIN";
};
};
}; };
}; };
in
{ leon = lib.recursiveUpdate
maildirBasePath = "Mail"; {
accounts = { primary = true;
swarsel = { address = address1;
address = address4; userName = address1;
userName = address4-user;
realName = fullName; realName = fullName;
passwordCommand = "cat ${nixosConfig.sops.secrets.address4-token.path}"; passwordCommand = "cat ${nixosConfig.sops.secrets.address1-token.path}";
smtp = { gpg = {
host = address4-host; key = "0x76FD3810215AE097";
port = 587; signByDefault = true;
tls = {
enable = true;
useStartTls = true;
};
}; };
mu.enable = false; }
msmtp = { defaultSettings;
enable = true;
};
mbsync = {
enable = false;
};
};
leon = lib.recursiveUpdate nautilus = lib.recursiveUpdate
{ {
primary = true; primary = false;
address = address1; address = address2;
userName = address1; userName = address2;
realName = fullName; realName = address2-name;
passwordCommand = "cat ${nixosConfig.sops.secrets.address1-token.path}"; passwordCommand = "cat ${nixosConfig.sops.secrets.address2-token.path}";
gpg = { }
key = "0x76FD3810215AE097"; defaultSettings;
signByDefault = true;
};
}
defaultSettings;
nautilus = lib.recursiveUpdate mrswarsel = lib.recursiveUpdate
{ {
primary = false; primary = false;
address = address2; address = address3;
userName = address2; userName = address3;
realName = address2-name; realName = address3-name;
passwordCommand = "cat ${nixosConfig.sops.secrets.address2-token.path}"; passwordCommand = "cat ${nixosConfig.sops.secrets.address3-token.path}";
} }
defaultSettings; defaultSettings;
mrswarsel = lib.recursiveUpdate
{
primary = false;
address = address3;
userName = address3;
realName = address3-name;
passwordCommand = "cat ${nixosConfig.sops.secrets.address3-token.path}";
}
defaultSettings;
};
}; };
}; };
} // lib.optionalAttrs (inputs ? sops) { };
sops.secrets = lib.mkIf (!config.swarselsystems.isPublic && !config.swarselsystems.isNixos) { };
address1-token = { path = "${xdgDir}/secrets/address1-token"; };
address2-token = { path = "${xdgDir}/secrets/address2-token"; };
address3-token = { path = "${xdgDir}/secrets/address3-token"; };
address4-token = { path = "${xdgDir}/secrets/address4-token"; };
};
});
} }

3
modules/home/common/mako.nix
View file

@ -28,9 +28,6 @@
default-timeout = 2000; default-timeout = 2000;
group-by = "category"; group-by = "category";
}; };
"mode=do-not-disturb" = {
invisible = true;
};
}; };
}; };
}; };

8
modules/home/common/nixgl.nix
View file

@ -1,4 +1,4 @@
{ lib, config, inputs, ... }: { lib, config, nixgl, ... }:
{ {
options.swarselmodules.nixgl = lib.mkEnableOption "nixgl settings"; options.swarselmodules.nixgl = lib.mkEnableOption "nixgl settings";
options.swarselsystems = { options.swarselsystems = {
@ -10,11 +10,11 @@
}; };
config = lib.mkIf config.swarselmodules.nixgl { config = lib.mkIf config.swarselmodules.nixgl {
nixGL = lib.mkIf (!config.swarselsystems.isNixos) { nixGL = lib.mkIf (!config.swarselsystems.isNixos) {
inherit (inputs.nixgl) packages; inherit (nixgl) packages;
defaultWrapper = lib.mkDefault "mesa"; defaultWrapper = lib.mkDefault "mesa";
vulkan.enable = lib.mkDefault false; vulkan.enable = lib.mkDefault false;
prime = lib.mkIf config.swarselsystems.isSecondaryGpu { prime = lib.mkIf config.swarselsystem.isSecondaryGpu {
card = config.swarselsystems.secondaryGpuCard; card = config.swarselsystem.secondaryGpuCard;
installScript = "mesa"; installScript = "mesa";
}; };
offloadWrapper = lib.mkIf config.swarselsystem.isSecondaryGpu "mesaPrime"; offloadWrapper = lib.mkIf config.swarselsystem.isSecondaryGpu "mesaPrime";

127
modules/home/common/settings.nix
View file

@ -4,75 +4,68 @@ let
in in
{ {
options.swarselmodules.general = lib.mkEnableOption "general nix settings"; options.swarselmodules.general = lib.mkEnableOption "general nix settings";
config = config = lib.mkIf config.swarselmodules.general {
let nix = lib.mkIf (!config.swarselsystems.isNixos) {
nix-version = "2_30"; package = lib.mkForce pkgs.nixVersions.nix_2_28;
in # extraOptions = ''
lib.mkIf config.swarselmodules.general { # plugin-files = ${pkgs.dev.nix-plugins}/lib/nix/plugins
nix = lib.mkIf (!config.swarselsystems.isNixos) { # extra-builtins-file = ${self + /nix/extra-builtins.nix}
package = lib.mkForce pkgs.nixVersions."nix_${nix-version}"; # '';
# extraOptions = '' extraOptions = ''
# plugin-files = ${pkgs.dev.nix-plugins}/lib/nix/plugins plugin-files = ${pkgs.nix-plugins.overrideAttrs (o: {
# extra-builtins-file = ${self + /nix/extra-builtins.nix} buildInputs = [config.nix.package pkgs.boost];
# ''; patches = o.patches or [];
extraOptions = })}/lib/nix/plugins
let extra-builtins-file = ${self + /nix/extra-builtins.nix}
nix-plugins = pkgs.nix-plugins.override { '';
nixComponents = pkgs.nixVersions."nixComponents_${nix-version}"; settings = {
}; experimental-features = [
in "nix-command"
'' "flakes"
plugin-files = ${nix-plugins}/lib/nix/plugins "ca-derivations"
extra-builtins-file = ${self + /nix/extra-builtins.nix} "cgroups"
''; "pipe-operators"
settings = {
experimental-features = [
"nix-command"
"flakes"
"ca-derivations"
"cgroups"
"pipe-operators"
];
trusted-users = [ "@wheel" "${mainUser}" ];
connect-timeout = 5;
bash-prompt-prefix = "$SHLVL:\\w ";
bash-prompt = "$(if [[ $? -gt 0 ]]; then printf \"\"; else printf \"\"; fi)λ ";
fallback = true;
min-free = 128000000;
max-free = 1000000000;
auto-optimise-store = true;
warn-dirty = false;
max-jobs = 1;
use-cgroups = lib.mkIf config.swarselsystems.isLinux true;
};
};
nixpkgs.overlays = lib.mkIf config.swarselsystems.isNixos (lib.mkForce null);
programs = {
home-manager.enable = lib.mkIf (!config.swarselsystems.isNixos) true;
man = {
enable = true;
generateCaches = true;
};
};
targets.genericLinux.enable = lib.mkIf (!config.swarselsystems.isNixos) true;
home = {
username = lib.mkDefault mainUser;
homeDirectory = lib.mkDefault "/home/${mainUser}";
stateVersion = lib.mkDefault "23.05";
keyboard.layout = "us";
sessionVariables = {
FLAKE = "/home/${mainUser}/.dotfiles";
};
extraOutputsToInstall = [
"doc"
"info"
"devdoc"
]; ];
trusted-users = [ "@wheel" "${mainUser}" ];
connect-timeout = 5;
bash-prompt-prefix = "$SHLVL:\\w ";
bash-prompt = "$(if [[ $? -gt 0 ]]; then printf \"\"; else printf \"\"; fi)λ ";
fallback = true;
min-free = 128000000;
max-free = 1000000000;
auto-optimise-store = true;
warn-dirty = false;
max-jobs = 1;
use-cgroups = lib.mkIf config.swarselsystems.isLinux true;
}; };
}; };
nixpkgs.overlays = lib.mkIf config.swarselsystems.isNixos (lib.mkForce null);
programs = {
home-manager.enable = lib.mkIf (!config.swarselsystems.isNixos) true;
man = {
enable = true;
generateCaches = true;
};
};
targets.genericLinux.enable = lib.mkIf (!config.swarselsystems.isNixos) true;
home = {
username = lib.mkDefault mainUser;
homeDirectory = lib.mkDefault "/home/${mainUser}";
stateVersion = lib.mkDefault "23.05";
keyboard.layout = "us";
sessionVariables = {
FLAKE = "/home/${mainUser}/.dotfiles";
};
extraOutputsToInstall = [
"doc"
"info"
"devdoc"
];
};
};
} }

4
modules/home/common/sops.nix
View file

@ -1,10 +1,10 @@
{ config, lib, inputs, ... }: { config, lib, ... }:
let let
inherit (config.swarselsystems) homeDir; inherit (config.swarselsystems) homeDir;
in in
{ {
options.swarselmodules.sops = lib.mkEnableOption "sops settings"; options.swarselmodules.sops = lib.mkEnableOption "sops settings";
config = lib.optionalAttrs (inputs ? sops) { config = lib.mkIf config.swarselmodules.sops {
sops = { sops = {
age.sshKeyPaths = [ "${homeDir}/.ssh/sops" "${homeDir}/.ssh/ssh_host_ed25519_key" ]; age.sshKeyPaths = [ "${homeDir}/.ssh/sops" "${homeDir}/.ssh/ssh_host_ed25519_key" ];
defaultSopsFile = "${homeDir}/.dotfiles/secrets/general/secrets.yaml"; defaultSopsFile = "${homeDir}/.dotfiles/secrets/general/secrets.yaml";

4
modules/home/common/ssh.nix
View file

@ -30,10 +30,6 @@
hostname = "192.168.1.136"; hostname = "192.168.1.136";
user = "root"; user = "root";
}; };
"dgx" = {
hostname = "192.168.48.200";
user = "swarsel";
};
"winters" = { "winters" = {
hostname = "192.168.178.24"; hostname = "192.168.178.24";
user = "root"; user = "root";

3
modules/home/common/sway.nix
View file

@ -1,4 +1,4 @@
{ config, lib, vars, nixosConfig ? config, ... }: { config, lib, vars, ... }:
let let
eachOutput = _: monitor: { eachOutput = _: monitor: {
inherit (monitor) name; inherit (monitor) name;
@ -381,7 +381,6 @@ in
export XDG_CURRENT_DESKTOP=sway; export XDG_CURRENT_DESKTOP=sway;
export XDG_SESSION_DESKTOP=sway; export XDG_SESSION_DESKTOP=sway;
export _JAVA_AWT_WM_NONREPARENTING=1; export _JAVA_AWT_WM_NONREPARENTING=1;
export GITHUB_NOTIFICATION_TOKEN_PATH=${nixosConfig.sops.secrets.github-notifications-token.path};
'' + vars.waylandExports; '' + vars.waylandExports;
# extraConfigEarly = " # extraConfigEarly = "
# exec systemctl --user import-environment DISPLAY WAYLAND_DISPLAY SWAYSOCK # exec systemctl --user import-environment DISPLAY WAYLAND_DISPLAY SWAYSOCK

16
modules/home/common/waybar.nix
View file

@ -1,4 +1,4 @@
{ self, config, lib, inputs, pkgs, ... }: { self, config, lib, pkgs, ... }:
let let
inherit (config.swarselsystems) xdgDir; inherit (config.swarselsystems) xdgDir;
generateIcons = n: lib.concatStringsSep " " (builtins.map (x: "{icon" + toString x + "}") (lib.range 0 (n - 1))); generateIcons = n: lib.concatStringsSep " " (builtins.map (x: "{icon" + toString x + "}") (lib.range 0 (n - 1)));
@ -52,7 +52,7 @@ in
internal = true; internal = true;
}; };
}; };
config = lib.mkIf config.swarselmodules.waybar ({ config = lib.mkIf config.swarselmodules.waybar {
swarselsystems = { swarselsystems = {
waybarModules = lib.mkIf config.swarselsystems.isLaptop (modulesLeft ++ [ waybarModules = lib.mkIf config.swarselsystems.isLaptop (modulesLeft ++ [
@ -60,12 +60,16 @@ in
] ++ modulesRight); ] ++ modulesRight);
}; };
sops.secrets = lib.mkIf (!config.swarselsystems.isPublic && !config.swarselsystems.isNixos) {
github-notifications-token = { path = "${xdgDir}/secrets/github-notifications-token"; };
};
services.playerctld.enable = true; services.playerctld.enable = true;
programs.waybar = { programs.waybar = {
enable = true; enable = true;
systemd = { systemd = {
enable = false; enable = true;
# target = "sway-session.target"; # target = "sway-session.target";
inherit (config.wayland.systemd) target; inherit (config.wayland.systemd) target;
}; };
@ -320,9 +324,5 @@ in
}; };
style = builtins.readFile (self + /files/waybar/style.css); style = builtins.readFile (self + /files/waybar/style.css);
}; };
} // lib.optionalAttrs (inputs ? sops) { };
sops.secrets = lib.mkIf (!config.swarselsystems.isPublic && !config.swarselsystems.isNixos) {
github-notifications-token = { path = "${xdgDir}/secrets/github-notifications-token"; };
};
});
} }

14
modules/home/common/yubikey.nix
View file

@ -1,11 +1,15 @@
{ lib, config, inputs, nixosConfig ? config, ... }: { lib, config, nixosConfig ? config, ... }:
let let
inherit (config.swarselsystems) homeDir; inherit (config.swarselsystems) homeDir;
in in
{ {
options.swarselmodules.yubikey = lib.mkEnableOption "yubikey settings"; options.swarselmodules.yubikey = lib.mkEnableOption "yubikey settings";
config = lib.mkIf config.swarselmodules.yubikey ({ config = lib.mkIf config.swarselmodules.yubikey {
sops.secrets = lib.mkIf (!config.swarselsystems.isPublic) {
u2f-keys = { path = "${homeDir}/.config/Yubico/u2f_keys"; };
};
pam.yubico.authorizedYubiKeys = lib.mkIf (config.swarselsystems.isNixos && !config.swarselsystems.isPublic) { pam.yubico.authorizedYubiKeys = lib.mkIf (config.swarselsystems.isNixos && !config.swarselsystems.isPublic) {
ids = [ ids = [
@ -13,9 +17,5 @@ in
nixosConfig.repo.secrets.common.yubikeys.dev2 nixosConfig.repo.secrets.common.yubikeys.dev2
]; ];
}; };
} // lib.optionalAttrs (inputs ? sops) { };
sops.secrets = lib.mkIf (!config.swarselsystems.isPublic) {
u2f-keys = { path = "${homeDir}/.config/Yubico/u2f_keys"; };
};
});
} }

22
modules/home/common/zsh.nix
View file

@ -1,4 +1,4 @@
{ config, pkgs, lib, minimal, inputs, globals, nixosConfig ? config, ... }: { config, pkgs, lib, minimal, globals, nixosConfig ? config, ... }:
let let
inherit (config.swarselsystems) flakePath; inherit (config.swarselsystems) flakePath;
crocDomain = globals.services.croc.domain; crocDomain = globals.services.croc.domain;
@ -12,7 +12,12 @@ in
}; };
}; };
config = lib.mkIf config.swarselmodules.zsh config = lib.mkIf config.swarselmodules.zsh
({ {
sops.secrets = lib.mkIf (!config.swarselsystems.isPublic && !config.swarselsystems.isNixos) {
croc-password = { };
github-nixpkgs-review-token = { };
};
programs.zsh = { programs.zsh = {
enable = true; enable = true;
@ -124,18 +129,11 @@ in
''; '';
sessionVariables = lib.mkIf (!config.swarselsystems.isPublic) { sessionVariables = lib.mkIf (!config.swarselsystems.isPublic) {
CROC_RELAY = crocDomain; CROC_RELAY = crocDomain;
CROC_PASS = "$(cat ${nixosConfig.sops.secrets.croc-password.path or ""})"; CROC_PASS = "$(cat ${nixosConfig.sops.secrets.croc-password.path})";
GITHUB_TOKEN = "$(cat ${nixosConfig.sops.secrets.github-nixpkgs-review-token.path or ""})"; GITHUB_TOKEN = "$(cat ${nixosConfig.sops.secrets.github-nixpkgs-review-token.path})";
QT_QPA_PLATFORM_PLUGIN_PATH = "${pkgs.libsForQt5.qt5.qtbase.bin}/lib/qt-${pkgs.libsForQt5.qt5.qtbase.version}/plugins"; QT_QPA_PLATFORM_PLUGIN_PATH = "${pkgs.libsForQt5.qt5.qtbase.bin}/lib/qt-${pkgs.libsForQt5.qt5.qtbase.version}/plugins";
# QTWEBENGINE_CHROMIUM_FLAGS = "--no-sandbox"; # QTWEBENGINE_CHROMIUM_FLAGS = "--no-sandbox";
}; };
}; };
} // lib.optionalAttrs (inputs ? sops) { };
sops.secrets = lib.mkIf (!config.swarselsystems.isPublic && !config.swarselsystems.isNixos) {
croc-password = { };
github-nixpkgs-review-token = { };
};
});
} }

3
modules/nixos/client/login.nix
View file

@ -7,13 +7,12 @@
settings = { settings = {
# initial_session.command = "sway"; # initial_session.command = "sway";
initial_session.command = "uwsm start -- sway-uwsm.desktop"; initial_session.command = "uwsm start -- sway-uwsm.desktop";
# --cmd sway
default_session.command = '' default_session.command = ''
${pkgs.tuigreet}/bin/tuigreet \ ${pkgs.tuigreet}/bin/tuigreet \
--time \ --time \
--asterisks \ --asterisks \
--user-menu \ --user-menu \
--cmd "uwsm start -- sway-uwsm.desktop" --cmd sway
''; '';
}; };
}; };

69
modules/nixos/common/settings.nix
View file

@ -60,49 +60,34 @@ in
sopsFile = "${config.swarselsystems.flakePath}/secrets/general/secrets.yaml"; sopsFile = "${config.swarselsystems.flakePath}/secrets/general/secrets.yaml";
}; };
nix = nix = {
let package = pkgs.nixVersions.nix_2_28;
nix-version = "2_30"; settings = {
in experimental-features = [
{ "nix-command"
package = pkgs.nixVersions."nix_${nix-version}"; "flakes"
settings = { "ca-derivations"
experimental-features = [ "cgroups"
"nix-command" "pipe-operators"
"flakes" ];
"ca-derivations" trusted-users = [ "@wheel" "${config.swarselsystems.mainUser}" ];
"cgroups"
"pipe-operators"
];
trusted-users = [ "@wheel" "${config.swarselsystems.mainUser}" ];
};
# extraOptions = ''
# plugin-files = ${pkgs.dev.nix-plugins}/lib/nix/plugins
# extra-builtins-file = ${self + /nix/extra-builtins.nix}
# '' + lib.optionalString (!minimal) ''
# !include ${config.sops.secrets.github-api-token.path}
# '';
# extraOptions = ''
# plugin-files = ${pkgs.nix-plugins.overrideAttrs (o: {
# buildInputs = [config.nix.package pkgs.boost];
# patches = o.patches or [];
# })}/lib/nix/plugins
# extra-builtins-file = ${self + /nix/extra-builtins.nix}
# '';
extraOptions =
let
nix-plugins = pkgs.nix-plugins.override {
nixComponents = pkgs.nixVersions."nixComponents_${nix-version}";
};
in
''
plugin-files = ${nix-plugins}/lib/nix/plugins
extra-builtins-file = ${self + /nix/extra-builtins.nix}
'' + lib.optionalString (!minimal) ''
!include ${config.sops.secrets.github-api-token.path}
'';
}; };
# extraOptions = ''
# plugin-files = ${pkgs.dev.nix-plugins}/lib/nix/plugins
# extra-builtins-file = ${self + /nix/extra-builtins.nix}
# '' + lib.optionalString (!minimal) ''
# !include ${config.sops.secrets.github-api-token.path}
# '';
extraOptions = ''
plugin-files = ${pkgs.nix-plugins.overrideAttrs (o: {
buildInputs = [config.nix.package pkgs.boost];
patches = o.patches or [];
})}/lib/nix/plugins
extra-builtins-file = ${self + /nix/extra-builtins.nix}
'' + lib.optionalString (!minimal) ''
!include ${config.sops.secrets.github-api-token.path}
'';
};
system.stateVersion = lib.mkDefault "23.05"; system.stateVersion = lib.mkDefault "23.05";

186
nix/devshell.nix
View file

@ -46,106 +46,96 @@
}; };
}; };
devshells.default = devshells.default = {
let packages = [
nix-version = "2_30"; (builtins.trace "alarm: we pinned nix_2_28 because of https://github.com/shlevy/nix-plugins/issues/20" pkgs.nixVersions.nix_2_28) # Always use the nix version from this flake's nixpkgs version, so that nix-plugins (below) doesn't fail because of different nix versions.
in pkgs.git
{ pkgs.just
packages = [ pkgs.age
(builtins.trace "alarm: pinned nix_${nix-version}" pkgs.nixVersions."nix_${nix-version}") pkgs.ssh-to-age
pkgs.git pkgs.sops
pkgs.just pkgs.home-manager
pkgs.age pkgs.nixpkgs-fmt
pkgs.ssh-to-age self.packages.${system}.swarsel-build
pkgs.sops self.packages.${system}.swarsel-deploy
pkgs.home-manager ];
pkgs.nixpkgs-fmt
self.packages.${system}.swarsel-build
self.packages.${system}.swarsel-deploy
];
commands = [ commands = [
{ {
package = pkgs.statix; package = pkgs.statix;
help = "Lint flake"; help = "Lint flake";
} }
{ {
package = pkgs.deadnix; package = pkgs.deadnix;
help = "Check flake for dead code"; help = "Check flake for dead code";
} }
{ {
package = pkgs.nix-tree; package = pkgs.nix-tree;
help = "Interactively browse dependency graphs of Nix derivations"; help = "Interactively browse dependency graphs of Nix derivations";
} }
{ {
package = pkgs.nvd; package = pkgs.nvd;
help = "Diff two nix toplevels and show which packages were upgraded"; help = "Diff two nix toplevels and show which packages were upgraded";
} }
{ {
package = pkgs.nix-diff; package = pkgs.nix-diff;
help = "Explain why two Nix derivations differ"; help = "Explain why two Nix derivations differ";
} }
{ {
package = pkgs.nix-output-monitor; package = pkgs.nix-output-monitor;
help = "Nix Output Monitor (a drop-in alternative for `nix` which shows a build graph)"; help = "Nix Output Monitor (a drop-in alternative for `nix` which shows a build graph)";
name = "nom \"$@\""; name = "nom";
} }
{ {
name = "hm"; name = "hm";
help = "Manage home-manager config"; help = "Manage home-manager config";
command = "home-manager \"$@\""; command = "home-manager";
} }
{ {
name = "fmt"; name = "fmt";
help = "Format flake"; help = "Format flake";
command = "nixpkgs-fmt --check \"$FLAKE\""; command = "nixpkgs-fmt --check \"$FLAKE\"";
} }
{ {
name = "sd"; name = "sd";
help = "Build and deploy this nix config to nodes"; help = "Build and deploy this nix config to nodes";
command = "swarsel-deploy \"$@\""; command = "swarsel-deploy \"$@\"";
} }
{ {
name = "sl"; name = "sl";
help = "Build and deploy a config to nodes"; help = "Build and deploy a config to nodes";
command = "swarsel-deploy \${1} switch"; command = "swarsel-deploy \${1} switch";
} }
{ {
name = "sw"; name = "sw";
help = "Build and switch to the host's config locally"; help = "Build and switch to the host's config locally";
command = "swarsel-deploy $(hostname) switch"; command = "swarsel-deploy $(hostname) switch";
} }
{ {
name = "bld"; name = "bld";
help = "Build a number of configurations"; help = "Build a number of configurations";
command = "swarsel-build \"$@\""; command = "swarel-build \"$@\"";
} }
{ {
name = "c"; name = "c";
help = "Work with the flake git repository"; help = "Work with the flake git repository";
command = "git --git-dir=$FLAKE/.git --work-tree=$FLAKE/ \"$@\""; command = "git --git-dir=$FLAKE/.git --work-tree=$FLAKE/ \"$@\"";
} }
]; ];
devshell.startup.pre-commit-install.text = "pre-commit install"; devshell.startup.pre-commit-install.text = "pre-commit install";
env = env = [
let {
nix-plugins = pkgs.nix-plugins.override { # Additionally configure nix-plugins with our extra builtins file.
nixComponents = pkgs.nixVersions."nixComponents_${nix-version}"; # We need this for our repo secrets.
}; name = "NIX_CONFIG";
in value = ''
[ plugin-files = ${pkgs.nix-plugins}/lib/nix/plugins
{ extra-builtins-file = ${self + /nix/extra-builtins.nix}
# Additionally configure nix-plugins with our extra builtins file. '';
# We need this for our repo secrets. }
name = "NIX_CONFIG"; ];
value = '' };
plugin-files = ${nix-plugins}/lib/nix/plugins
extra-builtins-file = ${self + /nix/extra-builtins.nix}
'';
}
];
};
}; };
} }

2
nix/hosts.nix
View file

@ -93,7 +93,7 @@
modules = [ modules = [
inputs.niri-flake.homeModules.niri inputs.niri-flake.homeModules.niri
inputs.nix-index-database.homeModules.nix-index inputs.nix-index-database.homeModules.nix-index
# inputs.sops-nix.homeManagerModules.sops inputs.sops-nix.homeManagerModules.sops
inputs.spicetify-nix.homeManagerModules.default inputs.spicetify-nix.homeManagerModules.default
inputs.swarsel-nix.homeModules.default inputs.swarsel-nix.homeModules.default
"${self}/hosts/${type}/${configName}" "${self}/hosts/${type}/${configName}"

58
pkgs/git-replace/default.nix
View file

@ -4,60 +4,6 @@ writeShellApplication {
inherit name; inherit name;
runtimeInputs = [ git gnugrep findutils ]; runtimeInputs = [ git gnugrep findutils ];
text = '' text = ''
git grep -l "$1" | xargs sed -i "s/$1/$2/g"
function help_and_exit() { '';
echo
echo "Remotely installs SwarselSystem on a target machine including secret deployment."
echo
echo "USAGE: $0 [-f/-t} <from> <to>"
echo
echo "ARGS:"
echo " -f | --filenames Replace in filenames."
echo " -d | --directory Replace text in files within this directory."
echo " -r | --repo Replace text in files in the entire git repo."
echo " -h | --help Print this help."
exit 0
}
target_files=false
target_repo=false
target_dirs=false
while [[ $# -gt 0 ]]; do
case "$1" in
-f | --filenames)
shift
target_files=true
;;
-r | --repo)
shift
target_repo=rue
;;
-d | --directory)
shift
target_dirs=rue
;;
-h | --help) help_and_exit ;;
*)
echo "Invalid option detected."
help_and_exit
;;
esac
shift
done
if [[ $target_files == "true" ]]; then
for file in $(git ls-files | grep "$1" | sed -e "s/\($1[^/]*\).*/\1/" | uniq); do
git mv "$file" "''${file//$1/$2}"
done
fi
if [[ $target_repo == "true" ]]; then
git grep -l "$1" | xargs sed -i "s/$1/$2/g"
fi
if [[ $target_dirs == "true" ]]; then
grep -rl "$1" . | xargs sed -i "s/$1/$2/g"
fi
'';
} }

6
pkgs/kanshare/default.nix
View file

@ -1,11 +1,9 @@
{ name, writeShellApplication, wlr-randr, busybox, wl-mirror, mako, ... }: { name, writeShellApplication, wlr-randr, busybox, wl-mirror, ... }:
writeShellApplication { writeShellApplication {
inherit name; inherit name;
runtimeInputs = [ wlr-randr busybox wl-mirror mako ]; runtimeInputs = [ wlr-randr busybox wl-mirror ];
text = '' text = ''
makoctl mode -a do-not-disturb
wlr-randr | grep "$2" | cut -d" " -f1 | xargs -I{} wl-present mirror "$1" --fullscreen-output {} wlr-randr | grep "$2" | cut -d" " -f1 | xargs -I{} wl-present mirror "$1" --fullscreen-output {}
makoctl mode -r do-not-disturb
''; '';
} }