swarsel/.dotfiles
1
0
Fork 0
mirror of https://github.com/Swarsel/.dotfiles.git synced 2025-12-06 09:07:21 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Compare commits

base: swarsel:64e6a9c1599004c002e4c12926898ba5232fb513
Branches Tags
swarsel:main
swarsel:feat/router
swarsel:feat/nixos-dns
swarsel:test-extra-modules
swarsel:feat/microvm-preparation
swarsel:v1.1.4
swarsel:v1.1.3
swarsel:v1.1.2
swarsel:v1.1.1
swarsel:v1.1.0
swarsel:v1.0.0
swarsel:v0.1.0
swarsel:v1.0.0-1
..
compare: swarsel:35f108e3fcc6ee620db080ee74cb30b7c6c59117
Branches Tags
swarsel:feat/router
swarsel:main
swarsel:feat/nixos-dns
swarsel:test-extra-modules
swarsel:feat/microvm-preparation
swarsel:v1.1.4
swarsel:v1.1.3
swarsel:v1.1.2
swarsel:v1.1.1
swarsel:v1.1.0
swarsel:v1.0.0
swarsel:v0.1.0
swarsel:v1.0.0-1

No commits in common. "64e6a9c1599004c002e4c12926898ba5232fb513" and "35f108e3fcc6ee620db080ee74cb30b7c6c59117" have entirely different histories.
64e6a9c159 ... 35f108e3fc

21 changed files with 888 additions and 1089 deletions
Download patch file Download diff file Expand all files Collapse all files

985
SwarselSystems.org
View file

File diff suppressed because it is too large Load diff

6
flake.lock generated
View file

@ -6365,11 +6365,11 @@
},
"nixpkgs-dev": {
"locked": {
"lastModified": 1761589965,
"narHash": "sha256-ZtypYmGwo7wUOo88UKVAdUZCYCpvFM8O0bEmI7+NW5k=",
"lastModified": 1759233809,
"narHash": "sha256-ww6JlKuclxzcBb+cb4GCnVw4PtI+7xd3J9/ctINWKeA=",
"owner": "Swarsel",
"repo": "nixpkgs",
"rev": "ed3254fbd834e5bfbf6bc9586d57307a92f1a269",
"rev": "d3e334a2a4f9d50568bf03ec62cd445faac7ce9e",
"type": "github"
},
"original": {

4
hosts/home/treehouse/default.nix
View file

@ -2,8 +2,8 @@
{
imports = [
inputs.stylix.homeModules.stylix
# inputs.sops-nix.homeManagerModules.sops
inputs.stylix.homeManagerModules.stylix
inputs.sops-nix.homeManagerModules.sops
inputs.nix-index-database.homeModules.nix-index
"${self}/modules/home"
"${self}/modules/nixos/common/pii.nix"

109
modules/home/common/anki.nix
View file

@ -1,66 +1,65 @@
{ lib, config, pkgs, globals, inputs, nixosConfig ? config, ... }:
{ lib, config, pkgs, globals, nixosConfig ? config, ... }:
let
moduleName = "anki";
inherit (config.swarselsystems) isPublic isNixos;
in
{
options.swarselmodules.${moduleName} = lib.mkEnableOption "enable ${moduleName} and settings";
config = lib.mkIf config.swarselmodules.${moduleName}
({
config = lib.mkIf config.swarselmodules.${moduleName} {
programs.anki = {
enable = true;
# # package = pkgs.anki;
hideBottomBar = true;
hideBottomBarMode = "always";
hideTopBar = true;
hideTopBarMode = "always";
reduceMotion = true;
spacebarRatesCard = true;
# videoDriver = "opengl";
sync = {
autoSync = false; # sync on profile close will delay system shutdown
syncMedia = true;
autoSyncMediaMinutes = 5;
url = "https://${globals.services.ankisync.domain}";
usernameFile = nixosConfig.sops.secrets.anki-user.path;
# this is not the password but the syncKey
# get it by logging in or out, saving preferences and then
# show details on the "settings wont be saved" dialog
keyFile = nixosConfig.sops.secrets.anki-pw.path;
};
addons =
let
minimize-to-tray = pkgs.anki-utils.buildAnkiAddon
(finalAttrs: {
pname = "minimize-to-tray";
version = "2.0.1";
src = pkgs.fetchFromGitHub {
owner = "simgunz";
repo = "anki21-addons_minimize-to-tray";
rev = finalAttrs.version;
sparseCheckout = [ "src" ];
hash = "sha256-xmvbIOfi9K0yEUtUNKtuvv2Vmqrkaa4Jie6J1s+FuqY=";
};
sourceRoot = "${finalAttrs.src.name}/src";
});
in
[
(minimize-to-tray.withConfig
{
config = {
hide_on_startup = "true";
};
})
];
sops = lib.mkIf (!isPublic && !isNixos) {
secrets = {
anki-user = { };
anki-pw = { };
};
} // lib.optionalAttrs (inputs ? sops) {
sops = lib.mkIf (!isPublic && !isNixos) {
secrets = {
anki-user = { };
anki-pw = { };
};
};
programs.anki = {
enable = true;
# # package = pkgs.anki;
hideBottomBar = true;
hideBottomBarMode = "always";
hideTopBar = true;
hideTopBarMode = "always";
reduceMotion = true;
spacebarRatesCard = true;
# videoDriver = "opengl";
sync = {
autoSync = false; # sync on profile close will delay system shutdown
syncMedia = true;
autoSyncMediaMinutes = 5;
url = "https://${globals.services.ankisync.domain}";
usernameFile = nixosConfig.sops.secrets.anki-user.path;
# this is not the password but the syncKey
# get it by logging in or out, saving preferences and then
# show details on the "settings wont be saved" dialog
keyFile = nixosConfig.sops.secrets.anki-pw.path;
};
});
addons =
let
minimize-to-tray = pkgs.anki-utils.buildAnkiAddon
(finalAttrs: {
pname = "minimize-to-tray";
version = "2.0.1";
src = pkgs.fetchFromGitHub {
owner = "simgunz";
repo = "anki21-addons_minimize-to-tray";
rev = finalAttrs.version;
sparseCheckout = [ "src" ];
hash = "sha256-xmvbIOfi9K0yEUtUNKtuvv2Vmqrkaa4Jie6J1s+FuqY=";
};
sourceRoot = "${finalAttrs.src.name}/src";
});
in
[
(minimize-to-tray.withConfig
{
config = {
hide_on_startup = "true";
};
})
];
};
};
}

37
modules/home/common/emacs.nix
View file

@ -5,8 +5,23 @@ let
in
{
options.swarselmodules.emacs = lib.mkEnableOption "emacs settings";
config = lib.mkIf config.swarselmodules.emacs ({
config = lib.mkIf config.swarselmodules.emacs {
# needed for elfeed
sops = lib.mkIf (!isPublic && !isNixos) {
secrets = {
fever-pw = { path = "${homeDir}/.emacs.d/.fever"; };
emacs-radicale-pw = { };
};
templates = {
authinfo = {
path = "${homeDir}/.emacs.d/.authinfo";
content = ''
machine ${globals.services.radicale.domain} login ${radicaleUser} password ${config.sops.placeholder.emacs-radicale-pw}
'';
};
};
};
# enable emacs overlay for bleeding edge features
# also read init.el file and install use-package packages
programs.emacs = {
@ -76,23 +91,5 @@ in
socketActivation.enable = false;
startWithUserSession = "graphical";
};
} // lib.optionalAttrs (inputs ? sops) {
sops = lib.mkIf (!isPublic && !isNixos) {
secrets = {
fever-pw = { path = "${homeDir}/.emacs.d/.fever"; };
emacs-radicale-pw = { };
};
templates = {
authinfo = {
path = "${homeDir}/.emacs.d/.authinfo";
content = ''
machine ${globals.services.radicale.domain} login ${radicaleUser} password ${config.sops.placeholder.emacs-radicale-pw}
'';
};
};
};
});
};
}

311
modules/home/common/mail.nix
View file

@ -1,4 +1,4 @@
{ lib, config, inputs, nixosConfig ? config, ... }:
{ lib, config, nixosConfig ? config, ... }:
let
inherit (nixosConfig.repo.secrets.common.mail) address1 address2 address2-name address3 address3-name address4 address4-user address4-host;
inherit (nixosConfig.repo.secrets.common) fullName;
@ -6,187 +6,186 @@ let
in
{
options.swarselmodules.mail = lib.mkEnableOption "mail settings";
config = lib.mkIf config.swarselmodules.mail
({
config = lib.mkIf config.swarselmodules.mail {
programs = {
mbsync = {
enable = true;
};
msmtp = {
enable = true;
};
mu = {
enable = true;
};
};
sops.secrets = lib.mkIf (!config.swarselsystems.isPublic && !config.swarselsystems.isNixos) {
address1-token = { path = "${xdgDir}/secrets/address1-token"; };
address2-token = { path = "${xdgDir}/secrets/address2-token"; };
address3-token = { path = "${xdgDir}/secrets/address3-token"; };
address4-token = { path = "${xdgDir}/secrets/address4-token"; };
};
services.mbsync = {
programs = {
mbsync = {
enable = true;
};
# this is needed so that mbsync can use the passwords from sops
systemd.user.services.mbsync.Unit.After = [ "sops-nix.service" ];
programs.thunderbird = {
msmtp = {
enable = true;
profiles.default = {
isDefault = true;
withExternalGnupg = true;
settings = {
"mail.identity.default.archive_enabled" = true;
"mail.identity.default.archive_keep_folder_structure" = true;
"mail.identity.default.compose_html" = false;
"mail.identity.default.protectSubject" = true;
"mail.identity.default.reply_on_top" = 1;
"mail.identity.default.sig_on_reply" = false;
"mail.identity.default.sig_bottom" = false;
};
mu = {
enable = true;
};
};
"gfx.webrender.all" = true;
"gfx.webrender.enabled" = true;
};
};
services.mbsync = {
enable = true;
};
# this is needed so that mbsync can use the passwords from sops
systemd.user.services.mbsync.Unit.After = [ "sops-nix.service" ];
programs.thunderbird = {
enable = true;
profiles.default = {
isDefault = true;
withExternalGnupg = true;
settings = {
"mail.server.default.allow_utf8_accept" = true;
"mail.server.default.max_articles" = 1000;
"mail.server.default.check_all_folders_for_new" = true;
"mail.show_headers" = 1;
"mail.identity.default.auto_quote" = true;
"mail.identity.default.attachPgpKey" = true;
"mailnews.default_sort_order" = 2;
"mailnews.default_sort_type" = 18;
"mailnews.default_view_flags" = 0;
"mailnews.sort_threads_by_root" = true;
"mailnews.headers.showMessageId" = true;
"mailnews.headers.showOrganization" = true;
"mailnews.headers.showReferences" = true;
"mailnews.headers.showUserAgent" = true;
"mail.imap.expunge_after_delete" = true;
"mail.server.default.delete_model" = 2;
"mail.warn_on_delete_from_trash" = false;
"mail.warn_on_shift_delete" = false;
"toolkit.telemetry.enabled" = false;
"toolkit.telemetry.rejected" = true;
"toolkit.telemetry.prompted" = 2;
"app.update.auto" = false;
"privacy.donottrackheader.enabled" = true;
"mail.identity.default.archive_enabled" = true;
"mail.identity.default.archive_keep_folder_structure" = true;
"mail.identity.default.compose_html" = false;
"mail.identity.default.protectSubject" = true;
"mail.identity.default.reply_on_top" = 1;
"mail.identity.default.sig_on_reply" = false;
"mail.identity.default.sig_bottom" = false;
"gfx.webrender.all" = true;
"gfx.webrender.enabled" = true;
};
};
xdg.mimeApps.defaultApplications = {
"x-scheme-handler/mailto" = [ "thunderbird.desktop" ];
"x-scheme-handler/mid" = [ "thunderbird.desktop" ];
"message/rfc822" = [ "thunderbird.desktop" ];
settings = {
"mail.server.default.allow_utf8_accept" = true;
"mail.server.default.max_articles" = 1000;
"mail.server.default.check_all_folders_for_new" = true;
"mail.show_headers" = 1;
"mail.identity.default.auto_quote" = true;
"mail.identity.default.attachPgpKey" = true;
"mailnews.default_sort_order" = 2;
"mailnews.default_sort_type" = 18;
"mailnews.default_view_flags" = 0;
"mailnews.sort_threads_by_root" = true;
"mailnews.headers.showMessageId" = true;
"mailnews.headers.showOrganization" = true;
"mailnews.headers.showReferences" = true;
"mailnews.headers.showUserAgent" = true;
"mail.imap.expunge_after_delete" = true;
"mail.server.default.delete_model" = 2;
"mail.warn_on_delete_from_trash" = false;
"mail.warn_on_shift_delete" = false;
"toolkit.telemetry.enabled" = false;
"toolkit.telemetry.rejected" = true;
"toolkit.telemetry.prompted" = 2;
"app.update.auto" = false;
"privacy.donottrackheader.enabled" = true;
};
};
accounts = lib.mkIf (config.swarselsystems.isNixos && !config.swarselsystems.isPublic) {
email =
let
defaultSettings = {
imap = {
host = "imap.gmail.com";
port = 993;
tls.enable = true; # SSL/TLS
xdg.mimeApps.defaultApplications = {
"x-scheme-handler/mailto" = [ "thunderbird.desktop" ];
"x-scheme-handler/mid" = [ "thunderbird.desktop" ];
"message/rfc822" = [ "thunderbird.desktop" ];
};
accounts = lib.mkIf (config.swarselsystems.isNixos && !config.swarselsystems.isPublic) {
email =
let
defaultSettings = {
imap = {
host = "imap.gmail.com";
port = 993;
tls.enable = true; # SSL/TLS
};
smtp = {
host = "smtp.gmail.com";
port = 465;
tls.enable = true; # SSL/TLS
};
thunderbird = {
enable = true;
profiles = [ "default" ];
};
mu.enable = true;
msmtp = {
enable = true;
};
mbsync = {
enable = true;
create = "maildir";
expunge = "both";
patterns = [ "*" "![Gmail]*" "[Gmail]/Sent Mail" "[Gmail]/Starred" "[Gmail]/All Mail" ];
extraConfig = {
channel = {
Sync = "All";
};
account = {
Timeout = 120;
PipelineDepth = 1;
AuthMechs = "LOGIN";
};
};
};
};
in
{
maildirBasePath = "Mail";
accounts = {
swarsel = {
address = address4;
userName = address4-user;
realName = fullName;
passwordCommand = "cat ${nixosConfig.sops.secrets.address4-token.path}";
smtp = {
host = "smtp.gmail.com";
port = 465;
tls.enable = true; # SSL/TLS
host = address4-host;
port = 587;
tls = {
enable = true;
useStartTls = true;
};
};
thunderbird = {
enable = true;
profiles = [ "default" ];
};
mu.enable = true;
mu.enable = false;
msmtp = {
enable = true;
};
mbsync = {
enable = true;
create = "maildir";
expunge = "both";
patterns = [ "*" "![Gmail]*" "[Gmail]/Sent Mail" "[Gmail]/Starred" "[Gmail]/All Mail" ];
extraConfig = {
channel = {
Sync = "All";
};
account = {
Timeout = 120;
PipelineDepth = 1;
AuthMechs = "LOGIN";
};
};
enable = false;
};
};
in
{
maildirBasePath = "Mail";
accounts = {
swarsel = {
address = address4;
userName = address4-user;
leon = lib.recursiveUpdate
{
primary = true;
address = address1;
userName = address1;
realName = fullName;
passwordCommand = "cat ${nixosConfig.sops.secrets.address4-token.path}";
smtp = {
host = address4-host;
port = 587;
tls = {
enable = true;
useStartTls = true;
};
passwordCommand = "cat ${nixosConfig.sops.secrets.address1-token.path}";
gpg = {
key = "0x76FD3810215AE097";
signByDefault = true;
};
mu.enable = false;
msmtp = {
enable = true;
};
mbsync = {
enable = false;
};
};
}
defaultSettings;
leon = lib.recursiveUpdate
{
primary = true;
address = address1;
userName = address1;
realName = fullName;
passwordCommand = "cat ${nixosConfig.sops.secrets.address1-token.path}";
gpg = {
key = "0x76FD3810215AE097";
signByDefault = true;
};
}
defaultSettings;
nautilus = lib.recursiveUpdate
{
primary = false;
address = address2;
userName = address2;
realName = address2-name;
passwordCommand = "cat ${nixosConfig.sops.secrets.address2-token.path}";
}
defaultSettings;
nautilus = lib.recursiveUpdate
{
primary = false;
address = address2;
userName = address2;
realName = address2-name;
passwordCommand = "cat ${nixosConfig.sops.secrets.address2-token.path}";
}
defaultSettings;
mrswarsel = lib.recursiveUpdate
{
primary = false;
address = address3;
userName = address3;
realName = address3-name;
passwordCommand = "cat ${nixosConfig.sops.secrets.address3-token.path}";
}
defaultSettings;
mrswarsel = lib.recursiveUpdate
{
primary = false;
address = address3;
userName = address3;
realName = address3-name;
passwordCommand = "cat ${nixosConfig.sops.secrets.address3-token.path}";
}
defaultSettings;
};
};
};
} // lib.optionalAttrs (inputs ? sops) {
sops.secrets = lib.mkIf (!config.swarselsystems.isPublic && !config.swarselsystems.isNixos) {
address1-token = { path = "${xdgDir}/secrets/address1-token"; };
address2-token = { path = "${xdgDir}/secrets/address2-token"; };
address3-token = { path = "${xdgDir}/secrets/address3-token"; };
address4-token = { path = "${xdgDir}/secrets/address4-token"; };
};
});
};
};
};
}

3
modules/home/common/mako.nix
View file

@ -28,9 +28,6 @@
default-timeout = 2000;
group-by = "category";
};
"mode=do-not-disturb" = {
invisible = true;
};
};
};
};

8
modules/home/common/nixgl.nix
View file

@ -1,4 +1,4 @@
{ lib, config, inputs, ... }:
{ lib, config, nixgl, ... }:
{
options.swarselmodules.nixgl = lib.mkEnableOption "nixgl settings";
options.swarselsystems = {
@ -10,11 +10,11 @@
};
config = lib.mkIf config.swarselmodules.nixgl {
nixGL = lib.mkIf (!config.swarselsystems.isNixos) {
inherit (inputs.nixgl) packages;
inherit (nixgl) packages;
defaultWrapper = lib.mkDefault "mesa";
vulkan.enable = lib.mkDefault false;
prime = lib.mkIf config.swarselsystems.isSecondaryGpu {
card = config.swarselsystems.secondaryGpuCard;
prime = lib.mkIf config.swarselsystem.isSecondaryGpu {
card = config.swarselsystem.secondaryGpuCard;
installScript = "mesa";
};
offloadWrapper = lib.mkIf config.swarselsystem.isSecondaryGpu "mesaPrime";

127
modules/home/common/settings.nix
View file

@ -4,75 +4,68 @@ let
in
{
options.swarselmodules.general = lib.mkEnableOption "general nix settings";
config =
let
nix-version = "2_30";
in
lib.mkIf config.swarselmodules.general {
nix = lib.mkIf (!config.swarselsystems.isNixos) {
package = lib.mkForce pkgs.nixVersions."nix_${nix-version}";
# extraOptions = ''
# plugin-files = ${pkgs.dev.nix-plugins}/lib/nix/plugins
# extra-builtins-file = ${self + /nix/extra-builtins.nix}
# '';
extraOptions =
let
nix-plugins = pkgs.nix-plugins.override {
nixComponents = pkgs.nixVersions."nixComponents_${nix-version}";
};
in
''
plugin-files = ${nix-plugins}/lib/nix/plugins
extra-builtins-file = ${self + /nix/extra-builtins.nix}
'';
settings = {
experimental-features = [
"nix-command"
"flakes"
"ca-derivations"
"cgroups"
"pipe-operators"
];
trusted-users = [ "@wheel" "${mainUser}" ];
connect-timeout = 5;
bash-prompt-prefix = "$SHLVL:\\w ";
bash-prompt = "$(if [[ $? -gt 0 ]]; then printf \"\"; else printf \"\"; fi)λ ";
fallback = true;
min-free = 128000000;
max-free = 1000000000;
auto-optimise-store = true;
warn-dirty = false;
max-jobs = 1;
use-cgroups = lib.mkIf config.swarselsystems.isLinux true;
};
};
nixpkgs.overlays = lib.mkIf config.swarselsystems.isNixos (lib.mkForce null);
programs = {
home-manager.enable = lib.mkIf (!config.swarselsystems.isNixos) true;
man = {
enable = true;
generateCaches = true;
};
};
targets.genericLinux.enable = lib.mkIf (!config.swarselsystems.isNixos) true;
home = {
username = lib.mkDefault mainUser;
homeDirectory = lib.mkDefault "/home/${mainUser}";
stateVersion = lib.mkDefault "23.05";
keyboard.layout = "us";
sessionVariables = {
FLAKE = "/home/${mainUser}/.dotfiles";
};
extraOutputsToInstall = [
"doc"
"info"
"devdoc"
config = lib.mkIf config.swarselmodules.general {
nix = lib.mkIf (!config.swarselsystems.isNixos) {
package = lib.mkForce pkgs.nixVersions.nix_2_28;
# extraOptions = ''
# plugin-files = ${pkgs.dev.nix-plugins}/lib/nix/plugins
# extra-builtins-file = ${self + /nix/extra-builtins.nix}
# '';
extraOptions = ''
plugin-files = ${pkgs.nix-plugins.overrideAttrs (o: {
buildInputs = [config.nix.package pkgs.boost];
patches = o.patches or [];
})}/lib/nix/plugins
extra-builtins-file = ${self + /nix/extra-builtins.nix}
'';
settings = {
experimental-features = [
"nix-command"
"flakes"
"ca-derivations"
"cgroups"
"pipe-operators"
];
trusted-users = [ "@wheel" "${mainUser}" ];
connect-timeout = 5;
bash-prompt-prefix = "$SHLVL:\\w ";
bash-prompt = "$(if [[ $? -gt 0 ]]; then printf \"\"; else printf \"\"; fi)λ ";
fallback = true;
min-free = 128000000;
max-free = 1000000000;
auto-optimise-store = true;
warn-dirty = false;
max-jobs = 1;
use-cgroups = lib.mkIf config.swarselsystems.isLinux true;
};
};
nixpkgs.overlays = lib.mkIf config.swarselsystems.isNixos (lib.mkForce null);
programs = {
home-manager.enable = lib.mkIf (!config.swarselsystems.isNixos) true;
man = {
enable = true;
generateCaches = true;
};
};
targets.genericLinux.enable = lib.mkIf (!config.swarselsystems.isNixos) true;
home = {
username = lib.mkDefault mainUser;
homeDirectory = lib.mkDefault "/home/${mainUser}";
stateVersion = lib.mkDefault "23.05";
keyboard.layout = "us";
sessionVariables = {
FLAKE = "/home/${mainUser}/.dotfiles";
};
extraOutputsToInstall = [
"doc"
"info"
"devdoc"
];
};
};
}

4
modules/home/common/sops.nix
View file

@ -1,10 +1,10 @@
{ config, lib, inputs, ... }:
{ config, lib, ... }:
let
inherit (config.swarselsystems) homeDir;
in
{
options.swarselmodules.sops = lib.mkEnableOption "sops settings";
config = lib.optionalAttrs (inputs ? sops) {
config = lib.mkIf config.swarselmodules.sops {
sops = {
age.sshKeyPaths = [ "${homeDir}/.ssh/sops" "${homeDir}/.ssh/ssh_host_ed25519_key" ];
defaultSopsFile = "${homeDir}/.dotfiles/secrets/general/secrets.yaml";

4
modules/home/common/ssh.nix
View file

@ -30,10 +30,6 @@
hostname = "192.168.1.136";
user = "root";
};
"dgx" = {
hostname = "192.168.48.200";
user = "swarsel";
};
"winters" = {
hostname = "192.168.178.24";
user = "root";

3
modules/home/common/sway.nix
View file

@ -1,4 +1,4 @@
{ config, lib, vars, nixosConfig ? config, ... }:
{ config, lib, vars, ... }:
let
eachOutput = _: monitor: {
inherit (monitor) name;
@ -381,7 +381,6 @@ in
export XDG_CURRENT_DESKTOP=sway;
export XDG_SESSION_DESKTOP=sway;
export _JAVA_AWT_WM_NONREPARENTING=1;
export GITHUB_NOTIFICATION_TOKEN_PATH=${nixosConfig.sops.secrets.github-notifications-token.path};
'' + vars.waylandExports;
# extraConfigEarly = "
# exec systemctl --user import-environment DISPLAY WAYLAND_DISPLAY SWAYSOCK

16
modules/home/common/waybar.nix
View file

@ -1,4 +1,4 @@
{ self, config, lib, inputs, pkgs, ... }:
{ self, config, lib, pkgs, ... }:
let
inherit (config.swarselsystems) xdgDir;
generateIcons = n: lib.concatStringsSep " " (builtins.map (x: "{icon" + toString x + "}") (lib.range 0 (n - 1)));
@ -52,7 +52,7 @@ in
internal = true;
};
};
config = lib.mkIf config.swarselmodules.waybar ({
config = lib.mkIf config.swarselmodules.waybar {
swarselsystems = {
waybarModules = lib.mkIf config.swarselsystems.isLaptop (modulesLeft ++ [
@ -60,12 +60,16 @@ in
] ++ modulesRight);
};
sops.secrets = lib.mkIf (!config.swarselsystems.isPublic && !config.swarselsystems.isNixos) {
github-notifications-token = { path = "${xdgDir}/secrets/github-notifications-token"; };
};
services.playerctld.enable = true;
programs.waybar = {
enable = true;
systemd = {
enable = false;
enable = true;
# target = "sway-session.target";
inherit (config.wayland.systemd) target;
};
@ -320,9 +324,5 @@ in
};
style = builtins.readFile (self + /files/waybar/style.css);
};
} // lib.optionalAttrs (inputs ? sops) {
sops.secrets = lib.mkIf (!config.swarselsystems.isPublic && !config.swarselsystems.isNixos) {
github-notifications-token = { path = "${xdgDir}/secrets/github-notifications-token"; };
};
});
};
}

14
modules/home/common/yubikey.nix
View file

@ -1,11 +1,15 @@
{ lib, config, inputs, nixosConfig ? config, ... }:
{ lib, config, nixosConfig ? config, ... }:
let
inherit (config.swarselsystems) homeDir;
in
{
options.swarselmodules.yubikey = lib.mkEnableOption "yubikey settings";
config = lib.mkIf config.swarselmodules.yubikey ({
config = lib.mkIf config.swarselmodules.yubikey {
sops.secrets = lib.mkIf (!config.swarselsystems.isPublic) {
u2f-keys = { path = "${homeDir}/.config/Yubico/u2f_keys"; };
};
pam.yubico.authorizedYubiKeys = lib.mkIf (config.swarselsystems.isNixos && !config.swarselsystems.isPublic) {
ids = [
@ -13,9 +17,5 @@ in
nixosConfig.repo.secrets.common.yubikeys.dev2
];
};
} // lib.optionalAttrs (inputs ? sops) {
sops.secrets = lib.mkIf (!config.swarselsystems.isPublic) {
u2f-keys = { path = "${homeDir}/.config/Yubico/u2f_keys"; };
};
});
};
}

22
modules/home/common/zsh.nix
View file

@ -1,4 +1,4 @@
{ config, pkgs, lib, minimal, inputs, globals, nixosConfig ? config, ... }:
{ config, pkgs, lib, minimal, globals, nixosConfig ? config, ... }:
let
inherit (config.swarselsystems) flakePath;
crocDomain = globals.services.croc.domain;
@ -12,7 +12,12 @@ in
};
};
config = lib.mkIf config.swarselmodules.zsh
({
{
sops.secrets = lib.mkIf (!config.swarselsystems.isPublic && !config.swarselsystems.isNixos) {
croc-password = { };
github-nixpkgs-review-token = { };
};
programs.zsh = {
enable = true;
@ -124,18 +129,11 @@ in
'';
sessionVariables = lib.mkIf (!config.swarselsystems.isPublic) {
CROC_RELAY = crocDomain;
CROC_PASS = "$(cat ${nixosConfig.sops.secrets.croc-password.path or ""})";
GITHUB_TOKEN = "$(cat ${nixosConfig.sops.secrets.github-nixpkgs-review-token.path or ""})";
CROC_PASS = "$(cat ${nixosConfig.sops.secrets.croc-password.path})";
GITHUB_TOKEN = "$(cat ${nixosConfig.sops.secrets.github-nixpkgs-review-token.path})";
QT_QPA_PLATFORM_PLUGIN_PATH = "${pkgs.libsForQt5.qt5.qtbase.bin}/lib/qt-${pkgs.libsForQt5.qt5.qtbase.version}/plugins";
# QTWEBENGINE_CHROMIUM_FLAGS = "--no-sandbox";
};
};
} // lib.optionalAttrs (inputs ? sops) {
sops.secrets = lib.mkIf (!config.swarselsystems.isPublic && !config.swarselsystems.isNixos) {
croc-password = { };
github-nixpkgs-review-token = { };
};
});
};
}

3
modules/nixos/client/login.nix
View file

@ -7,13 +7,12 @@
settings = {
# initial_session.command = "sway";
initial_session.command = "uwsm start -- sway-uwsm.desktop";
# --cmd sway
default_session.command = ''
${pkgs.tuigreet}/bin/tuigreet \
--time \
--asterisks \
--user-menu \
--cmd "uwsm start -- sway-uwsm.desktop"
--cmd sway
'';
};
};

69
modules/nixos/common/settings.nix
View file

@ -60,49 +60,34 @@ in
sopsFile = "${config.swarselsystems.flakePath}/secrets/general/secrets.yaml";
};
nix =
let
nix-version = "2_30";
in
{
package = pkgs.nixVersions."nix_${nix-version}";
settings = {
experimental-features = [
"nix-command"
"flakes"
"ca-derivations"
"cgroups"
"pipe-operators"
];
trusted-users = [ "@wheel" "${config.swarselsystems.mainUser}" ];
};
# extraOptions = ''
# plugin-files = ${pkgs.dev.nix-plugins}/lib/nix/plugins
# extra-builtins-file = ${self + /nix/extra-builtins.nix}
# '' + lib.optionalString (!minimal) ''
# !include ${config.sops.secrets.github-api-token.path}
# '';
# extraOptions = ''
# plugin-files = ${pkgs.nix-plugins.overrideAttrs (o: {
# buildInputs = [config.nix.package pkgs.boost];
# patches = o.patches or [];
# })}/lib/nix/plugins
# extra-builtins-file = ${self + /nix/extra-builtins.nix}
# '';
extraOptions =
let
nix-plugins = pkgs.nix-plugins.override {
nixComponents = pkgs.nixVersions."nixComponents_${nix-version}";
};
in
''
plugin-files = ${nix-plugins}/lib/nix/plugins
extra-builtins-file = ${self + /nix/extra-builtins.nix}
'' + lib.optionalString (!minimal) ''
!include ${config.sops.secrets.github-api-token.path}
'';
nix = {
package = pkgs.nixVersions.nix_2_28;
settings = {
experimental-features = [
"nix-command"
"flakes"
"ca-derivations"
"cgroups"
"pipe-operators"
];
trusted-users = [ "@wheel" "${config.swarselsystems.mainUser}" ];
};
# extraOptions = ''
# plugin-files = ${pkgs.dev.nix-plugins}/lib/nix/plugins
# extra-builtins-file = ${self + /nix/extra-builtins.nix}
# '' + lib.optionalString (!minimal) ''
# !include ${config.sops.secrets.github-api-token.path}
# '';
extraOptions = ''
plugin-files = ${pkgs.nix-plugins.overrideAttrs (o: {
buildInputs = [config.nix.package pkgs.boost];
patches = o.patches or [];
})}/lib/nix/plugins
extra-builtins-file = ${self + /nix/extra-builtins.nix}
'' + lib.optionalString (!minimal) ''
!include ${config.sops.secrets.github-api-token.path}
'';
};
system.stateVersion = lib.mkDefault "23.05";

186
nix/devshell.nix
View file

@ -46,106 +46,96 @@
};
};
devshells.default =
let
nix-version = "2_30";
in
{
packages = [
(builtins.trace "alarm: pinned nix_${nix-version}" pkgs.nixVersions."nix_${nix-version}")
pkgs.git
pkgs.just
pkgs.age
pkgs.ssh-to-age
pkgs.sops
pkgs.home-manager
pkgs.nixpkgs-fmt
self.packages.${system}.swarsel-build
self.packages.${system}.swarsel-deploy
];
devshells.default = {
packages = [
(builtins.trace "alarm: we pinned nix_2_28 because of https://github.com/shlevy/nix-plugins/issues/20" pkgs.nixVersions.nix_2_28) # Always use the nix version from this flake's nixpkgs version, so that nix-plugins (below) doesn't fail because of different nix versions.
pkgs.git
pkgs.just
pkgs.age
pkgs.ssh-to-age
pkgs.sops
pkgs.home-manager
pkgs.nixpkgs-fmt
self.packages.${system}.swarsel-build
self.packages.${system}.swarsel-deploy
];
commands = [
{
package = pkgs.statix;
help = "Lint flake";
}
{
package = pkgs.deadnix;
help = "Check flake for dead code";
}
{
package = pkgs.nix-tree;
help = "Interactively browse dependency graphs of Nix derivations";
}
{
package = pkgs.nvd;
help = "Diff two nix toplevels and show which packages were upgraded";
}
{
package = pkgs.nix-diff;
help = "Explain why two Nix derivations differ";
}
{
package = pkgs.nix-output-monitor;
help = "Nix Output Monitor (a drop-in alternative for `nix` which shows a build graph)";
name = "nom \"$@\"";
}
{
name = "hm";
help = "Manage home-manager config";
command = "home-manager \"$@\"";
}
{
name = "fmt";
help = "Format flake";
command = "nixpkgs-fmt --check \"$FLAKE\"";
}
{
name = "sd";
help = "Build and deploy this nix config to nodes";
command = "swarsel-deploy \"$@\"";
}
{
name = "sl";
help = "Build and deploy a config to nodes";
command = "swarsel-deploy \${1} switch";
}
{
name = "sw";
help = "Build and switch to the host's config locally";
command = "swarsel-deploy $(hostname) switch";
}
{
name = "bld";
help = "Build a number of configurations";
command = "swarsel-build \"$@\"";
}
{
name = "c";
help = "Work with the flake git repository";
command = "git --git-dir=$FLAKE/.git --work-tree=$FLAKE/ \"$@\"";
}
];
commands = [
{
package = pkgs.statix;
help = "Lint flake";
}
{
package = pkgs.deadnix;
help = "Check flake for dead code";
}
{
package = pkgs.nix-tree;
help = "Interactively browse dependency graphs of Nix derivations";
}
{
package = pkgs.nvd;
help = "Diff two nix toplevels and show which packages were upgraded";
}
{
package = pkgs.nix-diff;
help = "Explain why two Nix derivations differ";
}
{
package = pkgs.nix-output-monitor;
help = "Nix Output Monitor (a drop-in alternative for `nix` which shows a build graph)";
name = "nom";
}
{
name = "hm";
help = "Manage home-manager config";
command = "home-manager";
}
{
name = "fmt";
help = "Format flake";
command = "nixpkgs-fmt --check \"$FLAKE\"";
}
{
name = "sd";
help = "Build and deploy this nix config to nodes";
command = "swarsel-deploy \"$@\"";
}
{
name = "sl";
help = "Build and deploy a config to nodes";
command = "swarsel-deploy \${1} switch";
}
{
name = "sw";
help = "Build and switch to the host's config locally";
command = "swarsel-deploy $(hostname) switch";
}
{
name = "bld";
help = "Build a number of configurations";
command = "swarel-build \"$@\"";
}
{
name = "c";
help = "Work with the flake git repository";
command = "git --git-dir=$FLAKE/.git --work-tree=$FLAKE/ \"$@\"";
}
];
devshell.startup.pre-commit-install.text = "pre-commit install";
devshell.startup.pre-commit-install.text = "pre-commit install";
env =
let
nix-plugins = pkgs.nix-plugins.override {
nixComponents = pkgs.nixVersions."nixComponents_${nix-version}";
};
in
[
{
# Additionally configure nix-plugins with our extra builtins file.
# We need this for our repo secrets.
name = "NIX_CONFIG";
value = ''
plugin-files = ${nix-plugins}/lib/nix/plugins
extra-builtins-file = ${self + /nix/extra-builtins.nix}
'';
}
];
};
env = [
{
# Additionally configure nix-plugins with our extra builtins file.
# We need this for our repo secrets.
name = "NIX_CONFIG";
value = ''
plugin-files = ${pkgs.nix-plugins}/lib/nix/plugins
extra-builtins-file = ${self + /nix/extra-builtins.nix}
'';
}
];
};
};
}

2
nix/hosts.nix
View file

@ -93,7 +93,7 @@
modules = [
inputs.niri-flake.homeModules.niri
inputs.nix-index-database.homeModules.nix-index
# inputs.sops-nix.homeManagerModules.sops
inputs.sops-nix.homeManagerModules.sops
inputs.spicetify-nix.homeManagerModules.default
inputs.swarsel-nix.homeModules.default
"${self}/hosts/${type}/${configName}"

58
pkgs/git-replace/default.nix
View file

@ -4,60 +4,6 @@ writeShellApplication {
inherit name;
runtimeInputs = [ git gnugrep findutils ];
text = ''
function help_and_exit() {
echo
echo "Remotely installs SwarselSystem on a target machine including secret deployment."
echo
echo "USAGE: $0 [-f/-t} <from> <to>"
echo
echo "ARGS:"
echo " -f | --filenames Replace in filenames."
echo " -d | --directory Replace text in files within this directory."
echo " -r | --repo Replace text in files in the entire git repo."
echo " -h | --help Print this help."
exit 0
}
target_files=false
target_repo=false
target_dirs=false
while [[ $# -gt 0 ]]; do
case "$1" in
-f | --filenames)
shift
target_files=true
;;
-r | --repo)
shift
target_repo=rue
;;
-d | --directory)
shift
target_dirs=rue
;;
-h | --help) help_and_exit ;;
*)
echo "Invalid option detected."
help_and_exit
;;
esac
shift
done
if [[ $target_files == "true" ]]; then
for file in $(git ls-files | grep "$1" | sed -e "s/\($1[^/]*\).*/\1/" | uniq); do
git mv "$file" "''${file//$1/$2}"
done
fi
if [[ $target_repo == "true" ]]; then
git grep -l "$1" | xargs sed -i "s/$1/$2/g"
fi
if [[ $target_dirs == "true" ]]; then
grep -rl "$1" . | xargs sed -i "s/$1/$2/g"
fi
'';
git grep -l "$1" | xargs sed -i "s/$1/$2/g"
'';
}

6
pkgs/kanshare/default.nix
View file

@ -1,11 +1,9 @@
{ name, writeShellApplication, wlr-randr, busybox, wl-mirror, mako, ... }:
{ name, writeShellApplication, wlr-randr, busybox, wl-mirror, ... }:
writeShellApplication {
inherit name;
runtimeInputs = [ wlr-randr busybox wl-mirror mako ];
runtimeInputs = [ wlr-randr busybox wl-mirror ];
text = ''
makoctl mode -a do-not-disturb
wlr-randr | grep "$2" | cut -d" " -f1 | xargs -I{} wl-present mirror "$1" --fullscreen-output {}
makoctl mode -r do-not-disturb
'';
}