diff --git a/.sops.yaml b/.sops.yaml index 6723f2a..a6adc63 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -97,6 +97,7 @@ creation_rules: - *swarsel age: - *winters + - *moonside - path_regex: hosts/nixos/milkywell/secrets/pii.nix.enc key_groups: - pgp: diff --git a/SwarselSystems.org b/SwarselSystems.org index 10f1c9f..b724635 100644 --- a/SwarselSystems.org +++ b/SwarselSystems.org @@ -1,4 +1,4 @@ -#+title: SwarselSystems: NixOS + Emacs Configuration +#+title: SwarselSystems: NixOS + Emacs Configurationo #+PROPERTY: header-args:emacs-lisp :tangle files/emacs/init.el :mkdirp yes #+PROPERTY: header-args:nix :mkdirp yes #+PROPERTY: header-args:nix-ts :mkdirp yes @@ -479,6 +479,11 @@ A short overview over each input and what it does: url = "github:Gerg-l/spicetify-nix"; inputs.nixpkgs.follows = "nixpkgs"; }; + niri-flake = { + url = "github:sodiboo/niri-flake"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + }; outputs = inputs: @@ -792,6 +797,7 @@ Lastly, in order make this actually available to my configurations, i use the =i inherit (globalsSystem.config.globals) domains services + hosts user root ; @@ -844,6 +850,7 @@ The rest of the outputs either define or help define the actual configurations: inputs.stylix.nixosModules.stylix inputs.nswitch-rcm-nix.nixosModules.nswitch-rcm inputs.swarsel-modules.nixosModules.default + inputs.niri-flake.nixosModules.niri "${self}/hosts/nixos/${configName}" "${self}/profiles/nixos" "${self}/modules/nixos" @@ -1473,6 +1480,10 @@ On the structure of overlays: as you notice, all of the attributes within overla ]; }; + isync = prev.isync.override { + withCyrusSaslXoauth2 = true; + }; + mgba = final.swarsel-mgba; retroarch = prev.retroarch.withCores (cores: with cores; [ @@ -1535,6 +1546,7 @@ On the structure of overlays: as you notice, all of the attributes within overla // (nixpkgs-stable24_05 final prev) // (nixpkgs-stable24_11 final prev) // (zjstatus final prev) + // (inputs.niri-flake.overlays.niri final prev) // (inputs.vbc-nix.overlays.default final prev) // (inputs.nur.overlays.default final prev) // (inputs.emacs-overlay.overlay final prev) @@ -1905,7 +1917,8 @@ My work machine. Built for more security, this is the gold standard of my config }; monitors = { main = { - name = "BOE 0x0BC9 Unknown"; + # name = "BOE 0x0BC9 Unknown"; + name = "BOE 0x0BC9"; mode = "2560x1600"; # TEMPLATE scale = "1"; position = "2560,0"; @@ -2348,6 +2361,8 @@ This is my main server that I run at home. It handles most tasks that require bi loader.efi.canTouchEfiVariables = true; }; + globals.hosts.${config.node.name}.ipv4 = config.repo.secrets.local.ipv4; + networking = { inherit (config.repo.secrets.local) hostId; hostName = "winters"; @@ -2754,6 +2769,7 @@ This machine mainly acts as my proxy server to stand before my local machines. # defaultSopsFile = lib.mkForce "/home/swarsel/.dotfiles/secrets/moonside/secrets.yaml"; secrets = { wireguard-private-key = { inherit sopsFile; }; + wireguard-home-preshared-key = { inherit sopsFile; }; }; }; @@ -2789,16 +2805,23 @@ This machine mainly acts as my proxy server to stand before my local machines. interfaces = { home-vpn = { privateKeyFile = config.sops.secrets.wireguard-private-key.path; - ips = [ "192.168.3.4/32" ]; + # ips = [ "192.168.3.4/32" ]; + ips = [ "192.168.178.201/24" ]; peers = [ { - publicKey = "NNGvakADslOTCmN9HJOW/7qiM+oJ3jAlSZGoShg4ZWw="; + # publicKey = "NNGvakADslOTCmN9HJOW/7qiM+oJ3jAlSZGoShg4ZWw="; + publicKey = "PmeFInoEJcKx+7Kva4dNnjOEnJ8lbudSf1cbdo/tzgw="; + presharedKeyFile = config.sops.secrets.wireguard-home-preshared-key.path; name = "moonside"; persistentKeepalive = 25; - endpoint = "${config.repo.secrets.common.ipv4}:51820"; + # endpoint = "${config.repo.secrets.common.ipv4}:51820"; + endpoint = "${config.repo.secrets.common.wireguardEndpoint}"; + # allowedIPs = [ + # "192.168.3.0/24" + # "192.168.1.0/24" + # ]; allowedIPs = [ - "192.168.3.0/24" - "192.168.1.0/24" + "192.168.178.0/24" ]; } ]; @@ -2867,6 +2890,7 @@ This machine mainly acts as my proxy server to stand before my local machines. }; swarselsystems = { + flakePath = "/root/.dotfiles"; info = "VM.Standard.A1.Flex, 4 OCPUs, 24GB RAM"; isImpermanence = true; isSecureBoot = false; @@ -3856,6 +3880,18 @@ in ); }; + hosts = mkOption { + type = types.attrsOf ( + types.submodule { + options = { + ipv4 = mkOption { + type = types.str; + }; + }; + } + ); + }; + domains = { main = mkOption { type = types.str; @@ -3932,7 +3968,7 @@ in emacs-radicale-pw = { owner = mainUser; }; }); templates = { - authinfo = { + authinfo = lib.mkIf modules.emacs { path = "${homeDir}/.emacs.d/.authinfo"; content = '' machine ${globals.services.radicale.domain} login ${radicaleUser} password ${config.sops.placeholder.emacs-radicale-pw} @@ -4170,7 +4206,7 @@ For that reason, make sure that =sops-nix= is properly working before finishing users = { root = { inherit (globals.root) hashedPassword; - shell = pkgs.zsh; + # shell = pkgs.zsh; }; "${config.swarselsystems.mainUser}" = { isNormalUser = true; @@ -4555,7 +4591,6 @@ Mostly used to install some compilers and lsp's that I want to have available wh dbus swaylock-effects syncthingtray-minimal - wl-mirror swayosd # secure boot @@ -4580,8 +4615,6 @@ Mostly used to install some compilers and lsp's that I want to have available wh # better make for general tasks just - screenshare - fullscreen # keyboards qmk @@ -4593,6 +4626,7 @@ Mostly used to install some compilers and lsp's that I want to have available wh # kde-connect xdg-desktop-portal + xdg-desktop-portal-gtk xdg-desktop-portal-wlr # bluetooth @@ -4830,325 +4864,326 @@ Pipewire handles communication on Wayland. This enables several sound tools as w Here I only enable =networkmanager= and a few default networks. The rest of the network config is done separately in [[#h:88bf4b90-e94b-46fb-aaf1-a381a512860d][System specific configuration]]. #+begin_src nix-ts :tangle modules/nixos/client/network.nix - { self, lib, pkgs, config, ... }: - let - certsSopsFile = self + /secrets/certs/secrets.yaml; - clientSopsFile = self + /secrets/${config.node.name}/secrets.yaml; + { self, lib, pkgs, config, ... }: + let + certsSopsFile = self + /secrets/certs/secrets.yaml; + clientSopsFile = self + /secrets/${config.node.name}/secrets.yaml; - inherit (config.swarselsystems) mainUser; - inherit (config.repo.secrets.common.network) wlan1 wlan2 mobile1 vpn1-location vpn1-cipher vpn1-address eduroam-anon; + inherit (config.swarselsystems) mainUser; + inherit (config.repo.secrets.common.network) wlan1 wlan2 mobile1 vpn1-location vpn1-cipher vpn1-address eduroam-anon; - iwd = config.networking.networkmanager.wifi.backend == "iwd"; - in - { - options.swarselsystems = { - firewall = lib.swarselsystems.mkTrueOption; - }; - options.swarselmodules.network = lib.mkEnableOption "network config"; - config = lib.mkIf config.swarselmodules.network { - - sops = { - secrets = lib.mkIf (!config.swarselsystems.isPublic) { - wlan1-pw = { }; - wlan2-pw = { }; - laptop-hotspot-pw = { }; - mobile-hotspot-pw = { }; - eduroam-user = { }; - eduroam-pw = { }; - pia-vpn-user = { }; - pia-vpn-pw = { }; - home-wireguard-client-private-key = { sopsFile = clientSopsFile; }; - home-wireguard-server-public-key = { }; - home-wireguard-endpoint = { }; - pia-vpn1-crl-pem = { sopsFile = certsSopsFile; }; - pia-vpn1-ca-pem = { sopsFile = certsSopsFile; }; - }; - templates = lib.mkIf (!config.swarselsystems.isPublic) { - "network-manager.env".content = '' - WLAN1_PW=${config.sops.placeholder.wlan1-pw} - WLAN2_PW=${config.sops.placeholder.wlan2-pw} - LAPTOP_HOTSPOT_PW=${config.sops.placeholder.laptop-hotspot-pw} - MOBILE_HOTSPOT_PW=${config.sops.placeholder.mobile-hotspot-pw} - EDUROAM_USER=${config.sops.placeholder.eduroam-user} - EDUROAM_PW=${config.sops.placeholder.eduroam-pw} - PIA_VPN_USER=${config.sops.placeholder.pia-vpn-user} - PIA_VPN_PW=${config.sops.placeholder.pia-vpn-pw} - HOME_WIREGUARD_CLIENT_PRIVATE_KEY=${config.sops.placeholder.home-wireguard-client-private-key} - HOME_WIREGUARD_SERVER_PUBLIC_KEY=${config.sops.placeholder.home-wireguard-server-public-key} - HOME_WIREGUARD_ENDPOINT=${config.sops.placeholder.home-wireguard-endpoint} - ''; - }; + iwd = config.networking.networkmanager.wifi.backend == "iwd"; + in + { + options.swarselsystems = { + firewall = lib.swarselsystems.mkTrueOption; }; + options.swarselmodules.network = lib.mkEnableOption "network config"; + config = lib.mkIf config.swarselmodules.network { - networking = { - inherit (config.swarselsystems) hostName; - wireless.iwd = { - enable = true; - settings = { - IPv6 = { - Enabled = true; - }; - Settings = { - AutoConnect = true; - }; - # DriverQuirks = { - # UseDefaultInterface = true; - # }; + sops = { + secrets = lib.mkIf (!config.swarselsystems.isPublic) { + wlan1-pw = { }; + wlan2-pw = { }; + laptop-hotspot-pw = { }; + mobile-hotspot-pw = { }; + eduroam-user = { }; + eduroam-pw = { }; + pia-vpn-user = { }; + pia-vpn-pw = { }; + home-wireguard-client-private-key = { sopsFile = clientSopsFile; }; + home-wireguard-server-public-key = { }; + home-wireguard-endpoint = { }; + pia-vpn1-crl-pem = { sopsFile = certsSopsFile; }; + pia-vpn1-ca-pem = { sopsFile = certsSopsFile; }; + }; + templates = lib.mkIf (!config.swarselsystems.isPublic) { + "network-manager.env".content = '' + WLAN1_PW=${config.sops.placeholder.wlan1-pw} + WLAN2_PW=${config.sops.placeholder.wlan2-pw} + LAPTOP_HOTSPOT_PW=${config.sops.placeholder.laptop-hotspot-pw} + MOBILE_HOTSPOT_PW=${config.sops.placeholder.mobile-hotspot-pw} + EDUROAM_USER=${config.sops.placeholder.eduroam-user} + EDUROAM_PW=${config.sops.placeholder.eduroam-pw} + PIA_VPN_USER=${config.sops.placeholder.pia-vpn-user} + PIA_VPN_PW=${config.sops.placeholder.pia-vpn-pw} + HOME_WIREGUARD_CLIENT_PRIVATE_KEY=${config.sops.placeholder.home-wireguard-client-private-key} + HOME_WIREGUARD_SERVER_PUBLIC_KEY=${config.sops.placeholder.home-wireguard-server-public-key} + HOME_WIREGUARD_ENDPOINT=${config.sops.placeholder.home-wireguard-endpoint} + ''; }; }; - nftables.enable = lib.mkDefault true; - enableIPv6 = lib.mkDefault true; - firewall = { - enable = lib.swarselsystems.mkStrong config.swarselsystems.firewall; - checkReversePath = lib.mkDefault false; - allowedUDPPorts = [ 51820 ]; # 51820: wireguard - allowedTCPPortRanges = [ - { from = 1714; to = 1764; } # kde-connect - ]; - allowedUDPPortRanges = [ - { from = 1714; to = 1764; } # kde-connect - ]; - }; - networkmanager = { - enable = true; - wifi.backend = "iwd"; - plugins = [ - # list of plugins: https://search.nixos.org/packages?query=networkmanager- - # docs https://networkmanager.dev/docs/vpn/ - pkgs.networkmanager-openconnect - pkgs.networkmanager-openvpn - ]; - ensureProfiles = lib.mkIf (!config.swarselsystems.isPublic) { - environmentFiles = [ - "${config.sops.templates."network-manager.env".path}" + networking = { + inherit (config.swarselsystems) hostName; + wireless.iwd = { + enable = true; + settings = { + IPv6 = { + Enabled = true; + }; + Settings = { + AutoConnect = true; + }; + # DriverQuirks = { + # UseDefaultInterface = true; + # }; + }; + }; + nftables.enable = lib.mkDefault true; + enableIPv6 = lib.mkDefault true; + firewall = { + enable = lib.swarselsystems.mkStrong config.swarselsystems.firewall; + checkReversePath = lib.mkDefault false; + allowedUDPPorts = [ 51820 ]; # 51820: wireguard + allowedTCPPortRanges = [ + { from = 1714; to = 1764; } # kde-connect ]; - profiles = let - inherit (config.repo.secrets.local.network) home-wireguard-address home-wireguard-allowed-ips; - in - { - ${wlan1} = { - connection = { - id = wlan1; - permissions = ""; - type = "wifi"; - }; - ipv4 = { - dns-search = ""; - method = "auto"; - }; - ipv6 = { - addr-gen-mode = "stable-privacy"; - dns-search = ""; - method = "auto"; - }; - wifi = { - mac-address-blacklist = ""; - mode = "infrastructure"; - ssid = wlan1; - }; - wifi-security = { - auth-alg = "open"; - key-mgmt = "wpa-psk"; - psk = "$WLAN1_PW"; - }; - }; + allowedUDPPortRanges = [ + { from = 1714; to = 1764; } # kde-connect + ]; + }; - LAN-Party = { - connection = { - autoconnect = "false"; - id = "LAN-Party"; - type = "ethernet"; + networkmanager = { + enable = true; + wifi.backend = "iwd"; + plugins = [ + # list of plugins: https://search.nixos.org/packages?query=networkmanager- + # docs https://networkmanager.dev/docs/vpn/ + pkgs.networkmanager-openconnect + pkgs.networkmanager-openvpn + ]; + ensureProfiles = lib.mkIf (!config.swarselsystems.isPublic) { + environmentFiles = [ + "${config.sops.templates."network-manager.env".path}" + ]; + profiles = let + inherit (config.repo.secrets.local.network) home-wireguard-address home-wireguard-allowed-ips; + in + { + ${wlan1} = { + connection = { + id = wlan1; + # permissions = ""; + type = "wifi"; + }; + ipv4 = { + # dns-search = ""; + method = "auto"; + }; + ipv6 = { + addr-gen-mode = "stable-privacy"; + # dns-search = ""; + method = "auto"; + }; + wifi = { + # mac-address-blacklist = ""; + mode = "infrastructure"; + band = "a"; + ssid = wlan1; + }; + wifi-security = { + # auth-alg = "open"; + key-mgmt = "wpa-psk"; + psk = "$WLAN1_PW"; + }; }; - ethernet = { - auto-negotiate = "true"; - cloned-mac-address = "preserve"; - }; - ipv4 = { method = "shared"; }; - ipv6 = { - addr-gen-mode = "stable-privacy"; - method = "auto"; - }; - proxy = { }; - }; - eduroam = { - "802-1x" = { - eap = if (!iwd) then "ttls;" else "peap;"; - identity = "$EDUROAM_USER"; - password = "$EDUROAM_PW"; - phase2-auth = "mschapv2"; - anonymous-identity = lib.mkIf iwd eduroam-anon; + LAN-Party = { + connection = { + autoconnect = "false"; + id = "LAN-Party"; + type = "ethernet"; + }; + ethernet = { + auto-negotiate = "true"; + cloned-mac-address = "preserve"; + }; + ipv4 = { method = "shared"; }; + ipv6 = { + addr-gen-mode = "stable-privacy"; + method = "auto"; + }; + proxy = { }; }; - connection = { - id = "eduroam"; - type = "wifi"; - }; - ipv4 = { method = "auto"; }; - ipv6 = { - addr-gen-mode = "default"; - method = "auto"; - }; - proxy = { }; - wifi = { - mode = "infrastructure"; - ssid = "eduroam"; - }; - wifi-security = { - auth-alg = "open"; - key-mgmt = "wpa-eap"; - }; - }; - local = { - connection = { - autoconnect = "false"; - id = "local"; - type = "ethernet"; + eduroam = { + "802-1x" = { + eap = if (!iwd) then "ttls;" else "peap;"; + identity = "$EDUROAM_USER"; + password = "$EDUROAM_PW"; + phase2-auth = "mschapv2"; + anonymous-identity = lib.mkIf iwd eduroam-anon; + }; + connection = { + id = "eduroam"; + type = "wifi"; + }; + ipv4 = { method = "auto"; }; + ipv6 = { + addr-gen-mode = "default"; + method = "auto"; + }; + proxy = { }; + wifi = { + mode = "infrastructure"; + ssid = "eduroam"; + }; + wifi-security = { + auth-alg = "open"; + key-mgmt = "wpa-eap"; + }; }; - ethernet = { }; - ipv4 = { - address1 = "10.42.1.1/24"; - method = "shared"; - }; - ipv6 = { - addr-gen-mode = "stable-privacy"; - method = "auto"; - }; - proxy = { }; - }; - ${wlan2} = { - connection = { - id = wlan2; - type = "wifi"; + local = { + connection = { + autoconnect = "false"; + id = "local"; + type = "ethernet"; + }; + ethernet = { }; + ipv4 = { + address1 = "10.42.1.1/24"; + method = "shared"; + }; + ipv6 = { + addr-gen-mode = "stable-privacy"; + method = "auto"; + }; + proxy = { }; }; - ipv4 = { method = "auto"; }; - ipv6 = { - addr-gen-mode = "stable-privacy"; - method = "auto"; - }; - proxy = { }; - wifi = { - band = "bg"; - mode = "infrastructure"; - ssid = wlan2; - }; - wifi-security = { - key-mgmt = "wpa-psk"; - psk = "$WLAN2_PW"; - }; - }; - ${mobile1} = { - connection = { - id = mobile1; - type = "wifi"; + ${wlan2} = { + connection = { + id = wlan2; + type = "wifi"; + }; + ipv4 = { method = "auto"; }; + ipv6 = { + addr-gen-mode = "stable-privacy"; + method = "auto"; + }; + proxy = { }; + wifi = { + band = "bg"; + mode = "infrastructure"; + ssid = wlan2; + }; + wifi-security = { + key-mgmt = "wpa-psk"; + psk = "$WLAN2_PW"; + }; }; - ipv4 = { method = "auto"; }; - ipv6 = { - addr-gen-mode = "default"; - method = "auto"; - }; - proxy = { }; - wifi = { - mode = "infrastructure"; - ssid = mobile1; - }; - wifi-security = { - auth-alg = "open"; - key-mgmt = "wpa-psk"; - psk = "$MOBILE_HOTSPOT_PW"; - }; - }; - home-wireguard = { - connection = { - id = "HomeVPN"; - type = "wireguard"; - autoconnect = "false"; - interface-name = "wg1"; + ${mobile1} = { + connection = { + id = mobile1; + type = "wifi"; + }; + ipv4 = { method = "auto"; }; + ipv6 = { + addr-gen-mode = "default"; + method = "auto"; + }; + proxy = { }; + wifi = { + mode = "infrastructure"; + ssid = mobile1; + }; + wifi-security = { + auth-alg = "open"; + key-mgmt = "wpa-psk"; + psk = "$MOBILE_HOTSPOT_PW"; + }; }; - wireguard = { private-key = "$HOME_WIREGUARD_CLIENT_PRIVATE_KEY"; }; - "wireguard-peer.$HOME_WIREGURARD_SERVER_PUBLIC_KEY" = { - endpoint = "$HOME_WIREGUARD_ENDPOINT"; - allowed-ips = home-wireguard-allowed-ips; - }; - ipv4 = { - method = "ignore"; - address1 = home-wireguard-address; - }; - ipv6 = { - addr-gen-mode = "stable-privacy"; - method = "ignore"; - }; - proxy = { }; - }; - pia-vpn1 = { - connection = { - autoconnect = "false"; - id = "PIA ${vpn1-location}"; - type = "vpn"; + home-wireguard = { + connection = { + id = "HomeVPN"; + type = "wireguard"; + autoconnect = "false"; + interface-name = "wg1"; + }; + wireguard = { private-key = "$HOME_WIREGUARD_CLIENT_PRIVATE_KEY"; }; + "wireguard-peer.$HOME_WIREGURARD_SERVER_PUBLIC_KEY" = { + endpoint = "$HOME_WIREGUARD_ENDPOINT"; + allowed-ips = home-wireguard-allowed-ips; + }; + ipv4 = { + method = "ignore"; + address1 = home-wireguard-address; + }; + ipv6 = { + addr-gen-mode = "stable-privacy"; + method = "ignore"; + }; + proxy = { }; }; - ipv4 = { method = "auto"; }; - ipv6 = { - addr-gen-mode = "stable-privacy"; - method = "auto"; - }; - proxy = { }; - vpn = { - auth = "sha1"; - ca = config.sops.secrets."pia-vpn1-ca-pem".path; - challenge-response-flags = "2"; - cipher = vpn1-cipher; - compress = "yes"; - connection-type = "password"; - crl-verify-file = config.sops.secrets."pia-vpn1-crl-pem".path; - dev = "tun"; - password-flags = "0"; - remote = vpn1-address; - remote-cert-tls = "server"; - reneg-seconds = "0"; - service-type = "org.freedesktop.NetworkManager.openvpn"; - username = "$PIA_VPN_USER"; - }; - vpn-secrets = { password = "$PIA_VPN_PW"; }; - }; - Hotspot = { - connection = { - autoconnect = "false"; - id = "Hotspot"; - type = "wifi"; + pia-vpn1 = { + connection = { + autoconnect = "false"; + id = "PIA ${vpn1-location}"; + type = "vpn"; + }; + ipv4 = { method = "auto"; }; + ipv6 = { + addr-gen-mode = "stable-privacy"; + method = "auto"; + }; + proxy = { }; + vpn = { + auth = "sha1"; + ca = config.sops.secrets."pia-vpn1-ca-pem".path; + challenge-response-flags = "2"; + cipher = vpn1-cipher; + compress = "yes"; + connection-type = "password"; + crl-verify-file = config.sops.secrets."pia-vpn1-crl-pem".path; + dev = "tun"; + password-flags = "0"; + remote = vpn1-address; + remote-cert-tls = "server"; + reneg-seconds = "0"; + service-type = "org.freedesktop.NetworkManager.openvpn"; + username = "$PIA_VPN_USER"; + }; + vpn-secrets = { password = "$PIA_VPN_PW"; }; }; - ipv4 = { method = "shared"; }; - ipv6 = { - addr-gen-mode = "default"; - method = "ignore"; - }; - proxy = { }; - wifi = { - mode = "ap"; - ssid = "Hotspot-${config.swarselsystems.mainUser}"; - }; - wifi-security = { - group = "ccmp;"; - key-mgmt = "wpa-psk"; - pairwise = "ccmp;"; - proto = "rsn;"; - psk = "$MOBILE_HOTSPOT_PW"; - }; - }; + Hotspot = { + connection = { + autoconnect = "false"; + id = "Hotspot"; + type = "wifi"; + }; + ipv4 = { method = "shared"; }; + ipv6 = { + addr-gen-mode = "default"; + method = "ignore"; + }; + proxy = { }; + wifi = { + mode = "ap"; + ssid = "Hotspot-${config.swarselsystems.mainUser}"; + }; + wifi-security = { + group = "ccmp;"; + key-mgmt = "wpa-psk"; + pairwise = "ccmp;"; + proto = "rsn;"; + psk = "$MOBILE_HOTSPOT_PW"; + }; + }; + + }; }; }; }; - }; - systemd.services.NetworkManager-ensure-profiles.after = [ "NetworkManager.service" ]; - }; - } + systemd.services.NetworkManager-ensure-profiles.after = [ "NetworkManager.service" ]; + }; + } #+end_src **** sops @@ -5180,7 +5215,7 @@ I use sops-nix to handle secrets that I want to have available on my machines at }; }; } -sh#+end_src +#+end_src **** Theme (stylix) :PROPERTIES: @@ -5443,6 +5478,38 @@ This is a super-convenient package that lets my remap my =CAPS= key to =ESC= if } #+end_src +***** keyd: remap SUPER +:PROPERTIES: +:CUSTOM_ID: h:6a0fb66c-dfda-47e9-87b2-8b02d58dd68b +:END: + + +#+begin_src nix-ts :tangle modules/nixos/client/keyd.nix + { lib, config, ... }: + let + moduleName = "keyd"; + in + { + options.swarselmodules.${moduleName} = lib.mkEnableOption "${moduleName} tools config"; + config = lib.mkIf config.swarselmodules.${moduleName} { + services.keyd = { + enable = true; + keyboards = { + default = { + ids = [ "*" ]; + settings = { + main = { + leftmeta = "overload(meta, macro(rightmeta+z))"; + rightmeta = "overload(meta, macro(rightmeta+z))"; + }; + }; + }; + }; + }; + }; + } +#+end_src + ***** power-profiles-daemon :PROPERTIES: :CUSTOM_ID: h:82fbba41-3a46-4db7-aade-49e4c23fc475 @@ -5833,7 +5900,7 @@ This is used to better integrate Sway into the system on NixOS hosts. On the hom } #+end_src -**** xdg-portal +**** xdg-portal (Screensharing) :PROPERTIES: :CUSTOM_ID: h:872d5f46-2ffd-4076-9a2c-98783dd29434 :END: @@ -5847,11 +5914,11 @@ This allows me to use screen sharing on Wayland. The implementation is a bit cru config = lib.mkIf config.swarselmodules.xdg-portal { xdg.portal = { enable = true; - config = { - common = { - default = "wlr"; - }; - }; + # config = { + # common = { + # default = "wlr"; + # }; + # }; wlr.enable = true; wlr.settings.screencast = { output_name = "eDP-1"; @@ -6019,6 +6086,9 @@ Auto login for the initial session. #+end_src **** UWSM +:PROPERTIES: +:CUSTOM_ID: h:74f5961d-2881-4a42-b99f-94c8f70c8196 +:END: Auto login for the initial session. @@ -6038,12 +6108,52 @@ Auto login for the initial session. comment = "Sway compositor managed by UWSM"; binPath = "/run/current-system/sw/bin/sway"; }; + niri = { + prettyName = "Niri"; + comment = "Niri compositor managed by UWSM"; + binPath = "/run/current-system/sw/bin/niri-session"; + }; }; }; }; } #+end_src +**** Niri +:PROPERTIES: +:CUSTOM_ID: h:58162d08-3ded-441d-861e-2ebf30e32538 +:END: + +Auto login for the initial session. + +#+begin_src nix-ts :tangle modules/nixos/client/niri.nix + { lib, config, pkgs, ... }: + let + moduleName = "niri"; + in + { + options.swarselmodules.${moduleName} = lib.mkEnableOption "${moduleName} settings"; + config = lib.mkIf config.swarselmodules.${moduleName} { + + environment.systemPackages = with pkgs; [ + wl-clipboard + wayland-utils + libsecret + cage + gamescope + xwayland-satellite-unstable + ]; + + niri-flake.cache.enable = true; + + programs.niri = { + enable = true; + package = pkgs.niri-unstable; # the actual niri that will be installed and used + }; + }; + } +#+end_src + *** Server :PROPERTIES: :CUSTOM_ID: h:e492c24a-83a0-4bcb-a084-706f49318651 @@ -6163,7 +6273,8 @@ Here we just define some aliases for rebuilding the system, and we allow some in services = { # add a user with sudo smbpasswd -a samba = { - package = pkgs.samba4Full; + # package = pkgs.samba4Full; + package = pkgs.samba4; # extraConfig = '' # workgroup = WORKGROUP # server role = standalone server @@ -6306,7 +6417,7 @@ Here I am forcing =startWhenNeeded= to false so that the value will not be set t :END: #+begin_src nix-ts :tangle modules/nixos/server/kavita.nix - { self, lib, config, pkgs, ... }: + { self, lib, config, pkgs, globals, ... }: let inherit (config.swarselsystems) sopsFile; @@ -6314,6 +6425,7 @@ Here I am forcing =startWhenNeeded= to false so that the value will not be set t serviceName = "kavita"; serviceUser = "kavita"; serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; + serviceAddress = globals.hosts.winters.ipv4; in { options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; @@ -6349,7 +6461,7 @@ Here I am forcing =startWhenNeeded= to false so that the value will not be set t upstreams = { ${serviceName} = { servers = { - "192.168.1.2:${builtins.toString servicePort}" = { }; + "${serviceAddress}:${builtins.toString servicePort}" = { }; }; }; }; @@ -6379,12 +6491,13 @@ Here I am forcing =startWhenNeeded= to false so that the value will not be set t :END: #+begin_src nix-ts :tangle modules/nixos/server/jellyfin.nix - { pkgs, lib, config, ... }: + { pkgs, lib, config, globals, ... }: let servicePort = 8096; serviceName = "jellyfin"; serviceUser = "jellyfin"; serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; + serviceAddress = globals.hosts.winters.ipv4; in { options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; @@ -6418,7 +6531,7 @@ Here I am forcing =startWhenNeeded= to false so that the value will not be set t upstreams = { ${serviceName} = { servers = { - "192.168.1.2:${builtins.toString servicePort}" = { }; + "${serviceAddress}:${builtins.toString servicePort}" = { }; }; }; }; @@ -6449,13 +6562,14 @@ Here I am forcing =startWhenNeeded= to false so that the value will not be set t :END: #+begin_src nix-ts :tangle modules/nixos/server/navidrome.nix - { pkgs, config, lib, ... }: + { pkgs, config, lib, globals, ... }: let servicePort = 4040; serviceName = "navidrome"; serviceUser = "navidrome"; serviceGroup = serviceUser; serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; + serviceAddress = globals.hosts.winters.ipv4; in { options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; @@ -6535,7 +6649,7 @@ Here I am forcing =startWhenNeeded= to false so that the value will not be set t upstreams = { ${serviceName} = { servers = { - "192.168.1.2:${builtins.toString servicePort}" = { }; + "${serviceAddress}:${builtins.toString servicePort}" = { }; }; }; }; @@ -6769,7 +6883,7 @@ Here I am forcing =startWhenNeeded= to false so that the value will not be set t :END: #+begin_src nix-ts :tangle modules/nixos/server/matrix.nix - { lib, config, pkgs, ... }: + { lib, config, pkgs, globals, ... }: let inherit (config.swarselsystems) sopsFile; @@ -6777,6 +6891,7 @@ Here I am forcing =startWhenNeeded= to false so that the value will not be set t serviceName = "matrix"; serviceDomain = config.repo.secrets.common.services.domains.matrix; serviceUser = "matrix-synapse"; + serviceAddress = globals.hosts.winters.ipv4; federationPort = 8448; whatsappPort = 29318; @@ -7064,7 +7179,7 @@ Here I am forcing =startWhenNeeded= to false so that the value will not be set t upstreams = { ${serviceName} = { servers = { - "192.168.1.2:${builtins.toString servicePort}" = { }; + "${serviceAddress}:${builtins.toString servicePort}" = { }; }; }; }; @@ -7124,7 +7239,7 @@ Here I am forcing =startWhenNeeded= to false so that the value will not be set t :END: #+begin_src nix-ts :tangle modules/nixos/server/nextcloud.nix - { pkgs, lib, config, ... }: + { pkgs, lib, config, globals, ... }: let inherit (config.repo.secrets.local.nextcloud) adminuser; inherit (config.swarselsystems) sopsFile; @@ -7134,6 +7249,7 @@ Here I am forcing =startWhenNeeded= to false so that the value will not be set t serviceGroup = serviceUser; serviceName = "nextcloud"; serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; + serviceAddress = globals.hosts.winters.ipv4; in { options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; @@ -7177,7 +7293,7 @@ Here I am forcing =startWhenNeeded= to false so that the value will not be set t upstreams = { ${serviceName} = { servers = { - "192.168.1.2:${builtins.toString servicePort}" = { }; + "${serviceAddress}:${builtins.toString servicePort}" = { }; }; }; }; @@ -7210,6 +7326,7 @@ Here I am forcing =startWhenNeeded= to false so that the value will not be set t serviceUser = "immich"; serviceName = "immich"; serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; + serviceAddress = globals.hosts.winters.ipv4; in { options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; @@ -7239,7 +7356,7 @@ Here I am forcing =startWhenNeeded= to false so that the value will not be set t upstreams = { ${serviceName} = { servers = { - "192.168.1.2:${builtins.toString servicePort}" = { }; + "${serviceAddress}:${builtins.toString servicePort}" = { }; }; }; }; @@ -7293,6 +7410,7 @@ Also I install Tika and Gotenberg, which are needed to create PDFs out of =.eml= serviceGroup = serviceUser; serviceName = "paperless"; serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; + serviceAddress = globals.hosts.winters.ipv4; tikaPort = 9998; gotenbergPort = 3002; @@ -7387,7 +7505,7 @@ Also I install Tika and Gotenberg, which are needed to create PDFs out of =.eml= upstreams = { ${serviceName} = { servers = { - "192.168.1.2:${builtins.toString servicePort}" = { }; + "${serviceAddress}:${builtins.toString servicePort}" = { }; }; }; }; @@ -7611,15 +7729,17 @@ Also I install Tika and Gotenberg, which are needed to create PDFs out of =.eml= :END: #+begin_src nix-ts :tangle modules/nixos/server/syncthing.nix - { lib, config, configName, ... }: + { lib, config, configName, globals, ... }: let + inherit (config.swarselsystems.syncthing) serviceDomain; + inherit (config.swarselsystems.syncthing) serviceIP; + servicePort = 8384; serviceUser = "syncthing"; serviceGroup = serviceUser; serviceName = "syncthing"; + serviceAddress = globals.hosts.winters.ipv4; specificServiceName = "syncthing-${configName}"; - inherit (config.swarselsystems.syncthing) serviceDomain; - inherit (config.swarselsystems.syncthing) serviceIP; cfg = config.services.${serviceName}; devices = config.swarselsystems.syncthing.syncDevices; @@ -7635,7 +7755,7 @@ Also I install Tika and Gotenberg, which are needed to create PDFs out of =.eml= }; serviceIP = lib.mkOption { type = lib.types.str; - default = "192.168.1.2"; + default = "${serviceAddress}"; }; syncDevices = lib.mkOption { type = lib.types.listOf lib.types.str; @@ -7844,6 +7964,7 @@ This section exposes several metrics that I use to check the health of my server serviceGroup = serviceUser; serviceName = "grafana"; serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; + serviceAddress = globals.hosts.winters.ipv4; prometheusPort = 9090; prometheusUser = "prometheus"; @@ -8048,12 +8169,12 @@ This section exposes several metrics that I use to check the health of my server upstreams = { "${grafanaUpstream}" = { servers = { - "192.168.1.2:${builtins.toString servicePort}" = { }; + "${serviceAddress}:${builtins.toString servicePort}" = { }; }; }; "${prometheusUpstream}" = { servers = { - "192.168.1.2:${builtins.toString prometheusPort}" = { }; + "${serviceAddress}:${builtins.toString prometheusPort}" = { }; }; }; }; @@ -8092,11 +8213,12 @@ This section exposes several metrics that I use to check the health of my server This is a WIP Jenkins instance. It is used to automatically build a new system when pushes to the main repository are detected. I have turned this service off for now however, as I actually prefer to start my builds manually. #+begin_src nix-ts :tangle modules/nixos/server/jenkins.nix - { pkgs, lib, config, ... }: + { pkgs, lib, config, globals, ... }: let servicePort = 8088; serviceName = "jenkins"; serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; + serviceAddress = globals.hosts.winters.ipv4; in { options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; @@ -8115,7 +8237,7 @@ This is a WIP Jenkins instance. It is used to automatically build a new system w upstreams = { ${serviceName} = { servers = { - "192.168.1.2:${builtins.toString servicePort}" = { }; + "${serviceAddress}:${builtins.toString servicePort}" = { }; }; }; }; @@ -8184,13 +8306,14 @@ I am using this with CapyReader on my phone, set it up as a FreshRSS account wit FreshRSS claims to support HTTP header auth, but at least it does not work with my oauth2-proxy setup. Until this is fixed, I resorted to the "form" login, since I mostly do not use the web version anyways. #+begin_src nix-ts :tangle modules/nixos/server/freshrss.nix - { self, lib, config, ... }: + { self, lib, config, globals, ... }: let servicePort = 80; serviceName = "freshrss"; serviceUser = "freshrss"; serviceGroup = serviceName; serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; + serviceAddress = globals.hosts.winters.ipv4; inherit (config.swarselsystems) sopsFile; in @@ -8263,7 +8386,7 @@ FreshRSS claims to support HTTP header auth, but at least it does not work with upstreams = { ${serviceName} = { servers = { - "192.168.1.2:${builtins.toString servicePort}" = { }; + "${serviceAddress}:${builtins.toString servicePort}" = { }; }; }; }; @@ -8306,6 +8429,7 @@ FreshRSS claims to support HTTP header auth, but at least it does not work with serviceGroup = serviceUser; serviceName = "forgejo"; serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; + serviceAddress = globals.hosts.winters.ipv4; kanidmDomain = globals.services.kanidm.domain; in @@ -8431,7 +8555,7 @@ FreshRSS claims to support HTTP header auth, but at least it does not work with upstreams = { ${serviceName} = { servers = { - "192.168.1.2:${builtins.toString servicePort}" = { }; + "${serviceAddress}:${builtins.toString servicePort}" = { }; }; }; }; @@ -8469,6 +8593,7 @@ FreshRSS claims to support HTTP header auth, but at least it does not work with servicePort = 27701; serviceName = "ankisync"; serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; + serviceAddress = globals.hosts.winters.ipv4; ankiUser = globals.user.name; in @@ -8505,7 +8630,7 @@ FreshRSS claims to support HTTP header auth, but at least it does not work with upstreams = { ${serviceName} = { servers = { - "192.168.1.2:${builtins.toString servicePort}" = { }; + "${serviceAddress}:${builtins.toString servicePort}" = { }; }; }; }; @@ -8553,6 +8678,7 @@ To get other URLs (token, etc.), use https:///oauth2/openid//oauth2/openid//oauth2/openid//oauth2/openid//oauth2/openid//oauth2/openid//oauth2/openid//oauth2/openid//oauth2/openid//oauth2/openid//oauth2/openid//oauth2/openid/{}"; }; + "niri/window" = { + format = "{title} ({app_id})"; + }; + modules-right = config.swarselsystems.waybarModules; "custom/pseudobat" = lib.mkIf (!config.swarselsystems.isLaptop) { @@ -12948,7 +13202,7 @@ I am currently using SwayFX, which adds some nice effects to sway, like rounded Currently, I am too lazy to explain every option here, but most of it is very self-explaining in any case. #+begin_src nix-ts :tangle modules/home/common/sway.nix - { self, config, lib, vars, ... }: + { config, lib, vars, ... }: let eachOutput = _: monitor: { inherit (monitor) name; @@ -13151,22 +13405,14 @@ Currently, I am too lazy to explain every option here, but most of it is very se "${modifier}+r" = "mode resize"; # "${modifier}+Return" = "exec kitty"; "${modifier}+Return" = "exec swarselzellij"; - "${modifier}+Print" = "exec screenshare"; - # exec swaymsg move workspace to "$(swaymsg -t get_outputs | jq '[.[] | select(.active == true)] | .[(map(.focused) | index(true) + 1) % length].name')" - # "XF86AudioRaiseVolume" = "exec pa 5%"; - # "XF86AudioRaiseVolume" = "exec pamixer -i 5"; "XF86AudioRaiseVolume" = "exec swayosd-client --output-volume raise"; - # "XF86AudioLowerVolume" = "exec pactl set-sink-volume @DEFAULT_SINK@ -5%"; - # "XF86AudioLowerVolume" = "exec pamixer -d 5"; "XF86AudioLowerVolume" = "exec swayosd-client --output-volume lower"; - # "XF86AudioMute" = "exec pactl set-sink-mute @DEFAULT_SINK@ toggle"; - # "XF86AudioMute" = "exec pamixer -t"; "XF86AudioMute" = "exec swayosd-client --output-volume mute-toggle"; - # "XF86MonBrightnessUp" = "exec brightnessctl set +5%"; "XF86MonBrightnessUp" = "exec swayosd-client --brightness raise"; - # "XF86MonBrightnessDown" = "exec brightnessctl set 5%-"; "XF86MonBrightnessDown" = "exec swayosd-client --brightness lower"; "XF86Display" = "exec wl-mirror eDP-1"; + # "--no-repeat Super_L" = "exec killall -SIGUSR1 .waybar-wrapped"; + # "${modifier}+z" = "exec killall -SIGUSR1 .waybar-wrapped"; } config.swarselsystems.keybindings; modes = { @@ -13181,14 +13427,14 @@ Currently, I am too lazy to explain every option here, but most of it is very se }; }; defaultWorkspace = "workspace 1:一"; - output = { - "${config.swarselsystems.sharescreen}" = { - bg = "${self}/files/wallpaper/lenovowp.png ${config.stylix.imageScalingMode}"; - }; - "Philips Consumer Electronics Company PHL BDM3270 AU11806002320" = { - bg = "${self}/files/wallpaper/standwp.png ${config.stylix.imageScalingMode}"; - }; - }; + # output = { + # "${config.swarselsystems.sharescreen}" = { + # bg = "${self}/files/wallpaper/lenovowp.png ${config.stylix.imageScalingMode}"; + # }; + # "Philips Consumer Electronics Company PHL BDM3270 AU11806002320" = { + # bg = "${self}/files/wallpaper/standwp.png ${config.stylix.imageScalingMode}"; + # }; + # }; input = config.swarselsystems.standardinputs; workspaceOutputAssign = let @@ -13384,6 +13630,218 @@ Currently, I am too lazy to explain every option here, but most of it is very se } #+end_src +**** Niri +:PROPERTIES: +:CUSTOM_ID: h:06e77ca4-28ff-4cfd-bc60-b7fd848bfedb +:END: + +#+begin_src nix-ts :tangle modules/home/common/niri.nix + { config, pkgs, lib, vars, ... }: + { + options.swarselmodules.niri = lib.mkEnableOption "niri settings"; + config = lib.mkIf config.swarselmodules.niri { + + programs.niri = { + package = pkgs.niri-unstable; # which package to use for niri validation + settings = { + xwayland-satellite = { + enable = true; + path = "${lib.getExe pkgs.xwayland-satellite-unstable}"; + }; + prefer-no-csd = true; + layer-rules = [ + { matches = [ { namespace = "^notifications$"; }]; block-out-from = "screencast";} + { matches = [ { namespace = "^wallpaper$"; }]; place-within-backdrop = true;} + ]; + window-rules = [ + { + matches = [{ app-id = ".*"; }]; + opacity = 0.95; + default-column-width = { proportion = 0.5; }; + shadow = { + enable = true; + draw-behind-window = true; + }; + geometry-corner-radius = { top-left = 2.0; top-right = 2.0; bottom-left = 2.0; bottom-right = 2.0; }; + } + { matches = [{ app-id = "at.yrlf.wl_mirror"; }]; opacity = 1.0; } + { matches = [{ app-id = "Gimp"; }]; opacity = 1.0; } + { matches = [{ app-id = "firefox"; }]; opacity = 0.99; } + { matches = [{ app-id = "^special.*"; }]; default-column-width = { proportion = 0.9; }; open-on-workspace = "Scratchpad"; } + { matches = [{ app-id = "chromium-browser"; }]; opacity = 0.99; } + { matches = [{ app-id = "^qalculate-gtk$"; }]; open-floating = true; } + { matches = [{ app-id = "^blueman$"; }]; open-floating = true; } + { matches = [{ app-id = "^pavucontrol$"; }]; open-floating = true; } + { matches = [{ app-id = "^syncthingtray$"; }]; open-floating = true; } + { matches = [{ app-id = "^Element$"; }]; open-floating = true; default-column-width = { proportion = 0.5; }; block-out-from = "screencast"; } + # { matches = [{ app-id = "^Element$"; }]; default-column-width = { proportion = 0.9; }; open-on-workspace = "Scratchpad"; block-out-from = "screencast"; } + { matches = [{ app-id = "^vesktop$"; }]; open-floating = true; default-column-width = { proportion = 0.5; }; block-out-from = "screencast"; } + # { matches = [{ app-id = "^vesktop$"; }]; default-column-width = { proportion = 0.9; }; open-on-workspace = "Scratchpad"; block-out-from = "screencast"; } + { matches = [{ app-id = "^com.nextcloud.desktopclient.nextcloud$"; }]; open-floating = true; } + { matches = [{ title = ".*1Password.*"; }]; excludes = [{ app-id = "^firefox$"; } { app-id = "^emacs$"; } { app-id = "^kitty$"; }]; open-floating = true; block-out-from = "screencast"; } + { matches = [{ title = "(?:Open|Save) (?:File|Folder|As)"; }]; open-floating = true; } + { matches = [{ title = "^Add$"; }]; open-floating = true; } + { matches = [{ title = "^Picture-in-Picture$"; }]; open-floating = true; } + { matches = [{ title = "Syncthing Tray"; }]; open-floating = true; } + { matches = [{ title = "^Emacs Popup Frame$"; }]; open-floating = true; } + { matches = [{ title = "^Emacs Popup Anchor$"; }]; open-floating = true; } + { matches = [{ app-id = "^spotifytui$"; }]; open-floating = true; default-column-width = { proportion = 0.5; }; } + { matches = [{ app-id = "^kittyterm$"; }]; open-floating = true; default-column-width = { proportion = 0.5; }; } + ]; + environment = { + DISPLAY = ":0"; + } // vars.waylandSessionVariables; + screenshot-path = "~/Pictures/Screenshots/screenshot_%Y-%m-%d-%H%M%S.png"; + input = { + mod-key = "Super"; + keyboard = { + xkb = { + layout = "us"; + variant = "altgr-intl"; + }; + }; + mouse = { + natural-scroll = false; + }; + touchpad = { + enable = true; + tap = true; + tap-button-map = "left-right-middle"; + natural-scroll = true; + scroll-method = "two-finger"; + click-method = "clickfinger"; + disabled-on-external-mouse = true; + drag = true; + drag-lock = false; + dwt = true; + dwtp = true; + }; + }; + cursor = { + hide-after-inactive-ms = 2000; + hide-when-typing = true; + }; + layout = { + background-color = "transparent"; + border = { + enable = true; + width = 1; + }; + focus-ring = { + enable = false; + }; + gaps = 5; + }; + binds = with config.lib.niri.actions; let + sh = spawn "sh" "-c"; + in + { + + # "Mod+Super_L" = spawn "killall -SIGUSR1 .waybar-wrapped"; + "Mod+z".action = spawn "killall -SIGUSR1 .waybar-wrapped"; + "Mod+Shift+t".action = toggle-window-rule-opacity; + # "Mod+Escape".action = "mode $exit"; + "Mod+m".action = focus-workspace-previous; + "Mod+Shift+Space".action = toggle-window-floating; + "Mod+Shift+f".action = toggle-windowed-fullscreen; + "Mod+q".action = close-window; + "Mod+f".action = spawn "firefox"; + "Mod+Space".action = spawn "fuzzel"; + "Mod+Shift+c".action = spawn "qalculate-gtk"; + "Mod+Ctrl+p".action = spawn "1password" "--quick-acces"; + "Mod+Shift+Escape".action = spawn "kitty" "-o" "confirm_os_window_close=0" "btm"; + "Mod+h".action = sh ''hyprpicker | wl-copy''; + # "Mod+s".action = spawn "grim" "-g" "\"$(slurp)\"" "-t" "png" "-" "|" "wl-copy" "-t" "image/png"; + "Mod+s".action = screenshot { show-pointer = false; }; + # "Mod+Shift+s".action = spawn "slurp" "|" "grim" "-g" "-" "Pictures/Screenshots/$(date +'screenshot_%Y-%m-%d-%H%M%S.png')"; + "Mod+Shift+s".action = screenshot-window { write-to-disk = true; }; + # "Mod+Shift+v".action = spawn "wf-recorder" "-g" "'$(slurp -f %o -or)'" "-f" "~/Videos/screenrecord_$(date +%Y-%m-%d-%H%M%S).mkv"; + + "Mod+e".action = sh "emacsclient -nquc -a emacs -e '(dashboard-open)'"; + "Mod+c".action = sh "emacsclient -ce '(org-capture)'"; + "Mod+t".action = sh "emacsclient -ce '(org-agenda)'"; + "Mod+Shift+m".action = sh "emacsclient -ce '(mu4e)'"; + "Mod+Shift+a".action = sh "emacsclient -ce '(swarsel/open-calendar)'"; + + "Mod+a".action = spawn "swarselcheck-niri" "-s"; + "Mod+x".action = spawn "swarselcheck-niri" "-k"; + "Mod+d".action = spawn "swarselcheck-niri" "-d"; + "Mod+w".action = spawn "swarselcheck-niri" "-e"; + + "Mod+p".action = spawn "pass-fuzzel"; + "Mod+o".action = spawn "pass-fuzzel" "--otp"; + "Mod+Shift+p".action = spawn "pass-fuzzel" "--type"; + "Mod+Shift+o".action = spawn "pass-fuzzel" "--otp" "--type"; + + "Mod+Left".action = focus-column-or-monitor-left; + "Mod+Right".action = focus-column-or-monitor-right; + "Mod+Down".action = focus-window-or-workspace-down; + "Mod+Up".action = focus-window-or-workspace-up; + "Mod+Shift+Left".action = move-column-left; + "Mod+Shift+Right".action = move-column-right; + "Mod+Shift+Down".action = move-window-down-or-to-workspace-down; + "Mod+Shift+Up".action = move-window-up-or-to-workspace-up; + # "Mod+Ctrl+Shift+c".action = "reload"; + # "Mod+Ctrl+Shift+r".action = "exec swarsel-displaypower"; + # "Mod+Shift+e".action = "exec swaynag -t warning -m 'You pressed the exit shortcut. Do you really want to exit sway? This will end your Wayland session.' -b 'Yes, exit sway' 'swaymsg exit'"; + # "Mod+r".action = "mode resize"; + # "Mod+Return".action = "exec kitty"; + "Mod+Return".action = spawn "swarselzellij"; + "XF86AudioRaiseVolume".action = spawn "swayosd-client" "--output-volume" "raise"; + "XF86AudioLowerVolume".action = spawn "swayosd-client" "--output-volume" "lower"; + "XF86AudioMute".action = spawn "swayosd-client" "--output-volume" "mute-toggle"; + "XF86MonBrightnessUp".action = spawn "swayosd-client" "--brightness raise"; + "XF86MonBrightnessDown".action = spawn "swayosd-client" "--brightness lower"; + "XF86Display".action = spawn "wl-mirror" "eDP-1"; + "Mod+Escape".action = spawn "wlogout"; + "Mod+Equal".action = set-column-width "+10%"; + "Mod+Minus".action = set-column-width "-10%"; + + "Mod+1".action = focus-workspace 1; + "Mod+2".action = focus-workspace 2; + "Mod+3".action = focus-workspace 3; + "Mod+4".action = focus-workspace 4; + "Mod+5".action = focus-workspace 5; + "Mod+6".action = focus-workspace 6; + "Mod+7".action = focus-workspace 7; + "Mod+8".action = focus-workspace 8; + "Mod+9".action = focus-workspace 9; + "Mod+0".action = focus-workspace 0; + + "Mod+Shift+1".action = move-column-to-index 1; + "Mod+Shift+2".action = move-column-to-index 2; + "Mod+Shift+3".action = move-column-to-index 3; + "Mod+Shift+4".action = move-column-to-index 4; + "Mod+Shift+5".action = move-column-to-index 5; + "Mod+Shift+6".action = move-column-to-index 6; + "Mod+Shift+7".action = move-column-to-index 7; + "Mod+Shift+8".action = move-column-to-index 8; + "Mod+Shift+9".action = move-column-to-index 9; + "Mod+Shift+0".action = move-column-to-index 0; + }; + spawn-at-startup = [ + { command = [ "vesktop" "--start-minimized" "--enable-speech-dispatcher" "--ozone-platform-hint=auto" "--enable-features=WaylandWindowDecorations" "--enable-wayland-ime" ]; } + { command = [ "element-desktop" "--hidden" "--enable-features=UseOzonePlatform" "--ozone-platform=wayland" "--disable-gpu-driver-bug-workarounds" ]; } + { command = [ "anki" ]; } + { command = [ "obsidian" ]; } + { command = [ "nm-applet" ]; } + { command = [ "niri" "msg" "action" "focus-workspace" "2" ]; } + ]; + workspaces = { + # "01-Main" = { + # name = "Scratchpad"; + # }; + "99-Scratchpad" = { + name = ""; + }; + }; + }; + }; + + }; + } +#+end_src + **** Kanshi :PROPERTIES: :CUSTOM_ID: h:eb94df98-2bcd-4555-9f88-e252f93b924f @@ -13391,19 +13849,19 @@ Currently, I am too lazy to explain every option here, but most of it is very se #+begin_src nix-ts :tangle modules/home/common/kanshi.nix - { lib, config, ... }: + { self, lib, pkgs, config, ... }: { options.swarselmodules.kanshi = lib.mkEnableOption "kanshi settings"; config = lib.mkIf config.swarselmodules.kanshi { swarselsystems = { monitors = { - homedesktop = { + homedesktop = rec { name = "Philips Consumer Electronics Company PHL BDM3270 AU11806002320"; mode = "2560x1440"; scale = "1"; position = "0,0"; - workspace = "1:一"; - output = "DP-11"; + workspace = "11:M"; + output = name; }; }; }; @@ -13429,6 +13887,7 @@ Currently, I am too lazy to explain every option here, but most of it is very se { profile = { name = "lidopen"; + exec = [ "${pkgs.swaybg}/bin/swaybg --output '${config.swarselsystems.sharescreen}' --image ${config.swarselsystems.wallpaper} --mode ${config.stylix.imageScalingMode}" ]; outputs = [ { criteria = "eDP-2"; @@ -13439,41 +13898,51 @@ Currently, I am too lazy to explain every option here, but most of it is very se }; } { - profile = { - name = "lidopen"; - outputs = [ - { - criteria = config.swarselsystems.sharescreen; - status = "enable"; - scale = 1.7; - position = "2560,0"; - } - { - criteria = "Philips Consumer Electronics Company PHL BDM3270 AU11806002320"; - scale = 1.0; - mode = "2560x1440"; - position = "0,0"; - } - ]; - }; + profile = + let + monitor = "Philips Consumer Electronics Company PHL BDM3270 AU11806002320"; + in + { + name = "lidopen"; + exec = [ "${pkgs.swaybg}/bin/swaybg --output '${monitor}' --image ${self}/files/wallpaper/standwp.png --mode ${config.stylix.imageScalingMode}" ]; + outputs = [ + { + criteria = config.swarselsystems.sharescreen; + status = "enable"; + scale = 1.7; + position = "2560,0"; + } + { + criteria = monitor; + scale = 1.0; + mode = "2560x1440"; + position = "0,0"; + } + ]; + }; } { - profile = { - name = "lidclosed"; - outputs = [ - { - criteria = config.swarselsystems.sharescreen; - status = "disable"; - position = "2560,0"; - } - { - criteria = "Philips Consumer Electronics Company PHL BDM3270 AU11806002320"; - scale = 1.0; - mode = "2560x1440"; - position = "0,0"; - } - ]; - }; + profile = + let + monitor = "Philips Consumer Electronics Company PHL BDM3270 AU11806002320"; + in + { + name = "lidclosed"; + exec = [ "${pkgs.swaybg}/bin/swaybg --output '${monitor}' --image ${self}/files/wallpaper/standwp.png --mode ${config.stylix.imageScalingMode}"] ; + outputs = [ + { + criteria = config.swarselsystems.sharescreen; + status = "disable"; + position = "2560,0"; + } + { + criteria = monitor; + scale = 1.0; + mode = "2560x1440"; + position = "0,0"; + } + ]; + }; } ]; }; @@ -13498,11 +13967,14 @@ Settinfs that are needed for the gpg-agent. Also we are enabling emacs support f config = lib.mkIf config.swarselmodules.gpgagent { services.gpg-agent = { enable = true; + verbose = true; enableZshIntegration = true; enableScDaemon = true; enableSshSupport = true; enableExtraSocket = true; - pinentry.package = pkgs.pinentry.gtk2; + pinentry.package = pkgs.wayprompt; + pinentry.program = "pinentry-wayprompt"; + # pinentry.package = pkgs.pinentry.gtk2; defaultCacheTtl = 600; maxCacheTtl = 7200; extraConfig = '' @@ -13801,9 +14273,8 @@ The rest of the settings is at [[#h:bbf2ecb6-c8ff-4462-b5d5-d45b28604ddf][work]] }; }; msmtp = { - enable = false; + enable = true; extraConfig = { - account = "work"; auth = "xoauth2"; host = "outlook.office365.com"; protocol = "smtp"; @@ -13815,10 +14286,11 @@ The rest of the settings is at [[#h:bbf2ecb6-c8ff-4462-b5d5-d45b28604ddf][work]] passwordeval = "pizauth show work"; }; }; - mu.enable = false; + mu.enable = true; mbsync = { - enable = false; + enable = true; expunge = "both"; + patterns = [ "INBOX" ]; extraConfig = { account = { AuthMechs = "XOAUTH2"; @@ -13827,19 +14299,19 @@ The rest of the settings is at [[#h:bbf2ecb6-c8ff-4462-b5d5-d45b28604ddf][work]] }; }; - wayland.windowManager.sway.config = { - output = { - "Applied Creative Technology Transmitter QUATTRO201811" = { - bg = "${self}/files/wallpaper/navidrome.png ${config.stylix.imageScalingMode}"; - }; - "Hewlett Packard HP Z24i CN44250RDT" = { - bg = "${self}/files/wallpaper/op6wp.png ${config.stylix.imageScalingMode}"; - }; - "HP Inc. HP 732pk CNC4080YL5" = { - bg = "${self}/files/wallpaper/botanicswp.png ${config.stylix.imageScalingMode}"; - }; - }; - }; + # wayland.windowManager.sway.config = { + # output = { + # "Applied Creative Technology Transmitter QUATTRO201811" = { + # bg = "${self}/files/wallpaper/navidrome.png ${config.stylix.imageScalingMode}"; + # }; + # "Hewlett Packard HP Z24i CN44250RDT" = { + # bg = "${self}/files/wallpaper/op6wp.png ${config.stylix.imageScalingMode}"; + # }; + # "HP Inc. HP 732pk CNC4080YL5" = { + # bg = "${self}/files/wallpaper/botanicswp.png ${config.stylix.imageScalingMode}"; + # }; + # }; + # }; stylix = { targets.firefox.profileNames = @@ -14020,6 +14492,10 @@ The rest of the settings is at [[#h:bbf2ecb6-c8ff-4462-b5d5-d45b28604ddf][work]] { profile = { name = "lidopen"; + exec = [ + "${pkgs.swaybg}/bin/swaybg --output 'HP Inc. HP 732pk CNC4080YL5' --image ${self}/files/wallpaper/botanicswp.png --mode ${config.stylix.imageScalingMode}" + "${pkgs.swaybg}/bin/swaybg --output 'Hewlett Packard HP Z24i CN44250RDT' --image ${self}/files/wallpaper/op6wp.png --mode ${config.stylix.imageScalingMode}" + ]; outputs = [ { criteria = config.swarselsystems.sharescreen; @@ -14044,8 +14520,14 @@ The rest of the settings is at [[#h:bbf2ecb6-c8ff-4462-b5d5-d45b28604ddf][work]] }; } { - profile = { + profile = let + monitor = "Applied Creative Technology Transmitter QUATTRO201811"; + in { name = "lidopen"; + exec = [ + "${pkgs.swaybg}/bin/swaybg --output '${monitor}' --image ${self}/files/wallpaper/navidrome.png --mode ${config.stylix.imageScalingMode}" + "${pkgs.kanshare}/bin/kanshare ${config.swarselsystems.sharescreen} '${monitor}'" + ]; outputs = [ { criteria = config.swarselsystems.sharescreen; @@ -14065,6 +14547,10 @@ The rest of the settings is at [[#h:bbf2ecb6-c8ff-4462-b5d5-d45b28604ddf][work]] { profile = { name = "lidclosed"; + exec = [ + "${pkgs.swaybg}/bin/swaybg --output 'HP Inc. HP 732pk CNC4080YL5' --image ${self}/files/wallpaper/botanicswp.png --mode ${config.stylix.imageScalingMode}" + "${pkgs.swaybg}/bin/swaybg --output 'Hewlett Packard HP Z24i CN44250RDT' --image ${self}/files/wallpaper/op6wp.png --mode ${config.stylix.imageScalingMode}" + ]; outputs = [ { criteria = config.swarselsystems.sharescreen; @@ -14087,8 +14573,13 @@ The rest of the settings is at [[#h:bbf2ecb6-c8ff-4462-b5d5-d45b28604ddf][work]] }; } { - profile = { + profile = let + monitor = "Applied Creative Technology Transmitter QUATTRO201811"; + in { name = "lidclosed"; + exec = [ + "${pkgs.swaybg}/bin/swaybg --output '${monitor}' --image ${self}/files/wallpaper/navidrome.png --mode ${config.stylix.imageScalingMode}" + ]; outputs = [ { criteria = config.swarselsystems.sharescreen; @@ -14107,8 +14598,20 @@ The rest of the settings is at [[#h:bbf2ecb6-c8ff-4462-b5d5-d45b28604ddf][work]] }; }; + systemd.user.services.pizauth.Service = { + ExecStartPost= [ + "${pkgs.toybox}/bin/sleep 1" + "//bin/sh -c '${lib.getExe pkgs.pizauth} restore < ${homeDir}/.pizauth.state'" + ]; + }; + swarselservices.pizauth = { enable = true; + extraConfig = '' + auth_notify_cmd = "if [[ \"$(notify-send -A \"Open $PIZAUTH_ACCOUNT\" -t 30000 'pizauth authorisation')\" == \"0\" ]]; then open \"$PIZAUTH_URL\"; fi"; + error_notify_cmd = "notify-send -t 90000 \"pizauth error for $PIZAUTH_ACCOUNT\" \"$PIZAUTH_MSG\""; + token_event_cmd = "pizauth dump > ${homeDir}/.pizauth.state"; + ''; accounts = { work = { authUri = "https://login.microsoftonline.com/common/oauth2/v2.0/authorize"; @@ -14186,70 +14689,60 @@ The rest of the settings is at [[#h:bbf2ecb6-c8ff-4462-b5d5-d45b28604ddf][work]] { command = "1password"; } ]; monitors = { - main = { - name = "BOE 0x0BC9 Unknown"; - mode = "2560x1600"; # TEMPLATE - scale = "1"; - position = "2560,0"; - workspace = "15:L"; - output = "eDP-2"; - }; - homedesktop = { - name = "Philips Consumer Electronics Company PHL BDM3270 AU11806002320"; - mode = "2560x1440"; - scale = "1"; - position = "0,0"; - workspace = "1:一"; - output = "DP-11"; - }; - work_back_middle = { + work_back_middle = rec { name = "LG Electronics LG Ultra HD 0x000305A6"; mode = "2560x1440"; scale = "1"; position = "5120,0"; workspace = "1:一"; - output = "DP-10"; + # output = "DP-10"; + output = name; }; - work_front_left = { + work_front_left = rec { name = "LG Electronics LG Ultra HD 0x0007AB45"; mode = "3840x2160"; scale = "1"; position = "5120,0"; workspace = "1:一"; - output = "DP-7"; + # output = "DP-7"; + output = name; }; - work_back_right = { + work_back_right = rec { name = "HP Inc. HP Z32 CN41212T55"; mode = "3840x2160"; scale = "1"; position = "5120,0"; workspace = "1:一"; - output = "DP-3"; + # output = "DP-3"; + output = name; }; - work_middle_middle_main = { + work_middle_middle_main = rec { name = "HP Inc. HP 732pk CNC4080YL5"; mode = "3840x2160"; scale = "1"; position = "-1280,0"; workspace = "11:M"; - output = "DP-8"; + # output = "DP-8"; + output = name; }; - work_middle_middle_side = { + work_middle_middle_side = rec { name = "Hewlett Packard HP Z24i CN44250RDT"; mode = "1920x1200"; transform = "270"; scale = "1"; position = "-2480,0"; workspace = "12:S"; - output = "DP-9"; + # output = "DP-9"; + output = name; }; - work_seminary = { + work_seminary = rec { name = "Applied Creative Technology Transmitter QUATTRO201811"; mode = "1280x720"; scale = "1"; position = "10000,10000"; # i.e. this screen is inaccessible by moving the mouse workspace = "14:T"; - output = "DP-4"; + # output = "DP-4"; + output = name; }; }; inputs = { @@ -14273,9 +14766,6 @@ The rest of the settings is at [[#h:bbf2ecb6-c8ff-4462-b5d5-d45b28604ddf][work]] xkb_variant = "altgr-intl"; }; }; - keybindings = { - "Mod4+Ctrl+Shift+p" = "exec screenshare"; - }; }; }; @@ -14983,7 +15473,7 @@ The normal =command-not-found.sh= uses the outdated =nix-shell= commands as sugg fi echo -n "searching nix-index..." - ATTRS=$(@nix-locate@ --minimal --no-group --type x --type s --top-level --whole-name --at-root "/bin/$1") + ATTRS=$(@nix-locate@ --minimal --no-group --type x --type s --whole-name --at-root "/bin/$1") case $(echo -n "$ATTRS" | grep -c "^") in 0) @@ -15045,7 +15535,7 @@ This app checks for different apps that I keep around in the scratchpad for quic STR=$(swaymsg -t get_tree | jq -r 'recurse(.nodes[]) | select(.name == "__i3_scratch")' | grep kittyterm || true) CHECK=$(swaymsg -t get_tree | grep kittyterm || true) if [ "$CHECK" == "" ]; then - exec kitty -T kittyterm -o confirm_os_window_close=0 zellij attach --create kittyterm & + exec kitty --app-id kittyterm -T kittyterm -o confirm_os_window_close=0 zellij attach --create kittyterm & sleep 1 fi if [ "$STR" == "" ]; then @@ -15071,7 +15561,7 @@ This app checks for different apps that I keep around in the scratchpad for quic STR=$(swaymsg -t get_tree | jq -r 'recurse(.nodes[]) | select(.name == "__i3_scratch")' | grep spotifytui || true) CHECK=$(swaymsg -t get_tree | grep spotifytui || true) if [ "$CHECK" == "" ]; then - exec kitty -T spotifytui -o confirm_os_window_close=0 spotify_player & + exec kitty --add-id spotifytui -T spotifytui -o confirm_os_window_close=0 spotify_player & sleep 1 fi if [ "$STR" == "" ]; then @@ -15092,6 +15582,60 @@ This app checks for different apps that I keep around in the scratchpad for quic #+end_src +*** swarselcheck-niri +:PROPERTIES: +:CUSTOM_ID: h:96da8360-2d23-4e86-9602-415fbdb972af +:END: + +#+begin_src shell :tangle files/scripts/swarselcheck-niri.sh + while :; do + case ${1:-} in + -k | --kitty) + cmd=(sh -c 'kitty --app-id kittyterm -T kittyterm -o confirm_os_window_close=0 zellij attach --create kittyterm' '&') + searchapp="kittyterm" + ;; + -e | --element) + cmd=(element-desktop) + searchapp="Element" + ;; + -d | --vesktop) + cmd=(vesktop) + searchapp="vesktop" + ;; + -s | --spotifyplayer) + cmd=(sh -c 'kitty --add-id spotifytui -T spotifytui -o confirm_os_window_close=0 spotify_player' '&') + searchapp="spotifytui" + ;; + ,*) break ;; + esac + shift + done + + WIN_INFO=$(niri msg -j windows | jq --arg search "$searchapp" '.[] | select (.app_id | test($search)) | { id, is_focused, workspace_id }') + ID=$(echo "$WIN_INFO" | jq -r '.id // empty') + IS_FOCUSED=$(echo "$WIN_INFO" | jq -r '.is_focused // empty') + TARGET_MONITOR=$(niri msg -j workspaces | jq --arg search "" '.[] | select (.name != null and (.name | test($search))) | { output }' | jq -r '.output // empty') + CURRENT_WORKSPACE=$(niri msg -j workspaces | jq -r '.[] | select (.is_active == true) | .output // empty') + + if [ -z "$ID" ]; then + niri msg action spawn -- "${cmd[@]}" + elif [ "$IS_FOCUSED" ]; then + niri msg action move-window-to-workspace "" --window-id "$ID" --focus false + else + niri msg action focus-monitor "$TARGET_MONITOR" && niri msg action move-window-to-workspace "$CURRENT_WORKSPACE" --window-id "$ID" && niri msg action focus-floating + fi +#+end_src + +#+begin_src nix-ts :tangle pkgs/swarselcheck-niri/default.nix + { self, name, writeShellApplication, kitty, element-desktop, vesktop, spotify-player, jq }: + writeShellApplication { + inherit name; + runtimeInputs = [ kitty element-desktop vesktop spotify-player jq ]; + text = builtins.readFile "${self}/files/scripts/${name}.sh"; + } + +#+end_src + *** swarselzellij :PROPERTIES: :CUSTOM_ID: h:564c102c-e335-4f17-a613-c5a436bb4864 @@ -15248,66 +15792,24 @@ This utility checks if there are updated packages in nixpkgs-unstable. It does s } #+end_src -*** fullscreen +*** kanshare :PROPERTIES: -:CUSTOM_ID: h:9d49531a-1d9b-4600-b200-18befb5e0f3a +:CUSTOM_ID: h:3981cd16-00c0-4ea8-95e2-c6d8c04ec4e5 :END: -This application moves the wl-mirror app to the T workspace and makes it fullscreen there. - -#+begin_src nix-ts :tangle pkgs/fullscreen/default.nix - { name, writeShellApplication, sway, ... }: - - writeShellApplication { - inherit name; - runtimeInputs = [ sway ]; - text = '' - swaymsg '[app_id=at.yrlf.wl_mirror] move to workspace 14:T' - swaymsg '[app_id=at.yrlf.wl_mirror] fullscreen' - ''; - } -#+end_src -*** screenshare -:PROPERTIES: -:CUSTOM_ID: h:960e539c-2a5a-4e21-b3d4-bcdfc8be8fda -:END: +This utility checks if there are updated packages in nixpkgs-unstable. It does so by fully building the most recent configuration, which I do not love, but it has its merits once I am willing to switch to the newer version. -#+begin_src shell :tangle files/scripts/screenshare.sh +#+begin_src nix-ts :tangle pkgs/kanshare/default.nix + { name, writeShellApplication, wlr-randr, busybox, wl-mirror, ... }: - headless="false" - while [[ $# -gt 0 ]]; do - case "$1" in - -h) - headless="true" - ;; - ,*) - echo "Invalid option detected." - ;; - esac - shift - done - - SHARESCREEN="$(nix eval --raw ~/.dotfiles#nixosConfigurations."$(hostname)".config.home-manager.users."$(whoami)".swarselsystems.sharescreen)" - - if [[ $headless == "true" ]]; then - wl-mirror "$SHARESCREEN" - else - wl-mirror "$SHARESCREEN" & - sleep 0.1 - swaymsg '[app_id=at.yrlf.wl_mirror] move to workspace 14:T' - swaymsg '[app_id=at.yrlf.wl_mirror] fullscreen' - fi -#+end_src - - -#+begin_src nix-ts :tangle pkgs/screenshare/default.nix - { self, name, writeShellApplication, sway }: - writeShellApplication { - inherit name; - runtimeInputs = [ sway ]; - text = builtins.readFile "${self}/files/scripts/${name}.sh"; - } + writeShellApplication { + inherit name; + runtimeInputs = [ wlr-randr busybox wl-mirror]; + text = '' + wlr-randr | grep "$2" | cut -d" " -f1 | xargs -I{} wl-present mirror "$1" --fullscreen-output {} + ''; + } #+end_src *** swarsel-bootstrap @@ -16614,6 +17116,7 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a networkDevices = lib.mkDefault true; gvfs = lib.mkDefault true; interceptionTools = lib.mkDefault true; + # keyd = lib.mkDefault true; swayosd = lib.mkDefault true; ppd = lib.mkDefault true; yubikey = lib.mkDefault true; @@ -16626,6 +17129,7 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a gnome-keyring = lib.mkDefault true; uwsm = lib.mkDefault true; sway = lib.mkDefault true; + niri = lib.mkDefault true; xdg-portal = lib.mkDefault true; distrobox = lib.mkDefault true; appimage = lib.mkDefault true; @@ -17073,6 +17577,8 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a atuin = lib.mkDefault true; forgejo = lib.mkDefault true; ankisync = lib.mkDefault true; + # snipeit = lib.mkDefault false; + homebox = lib.mkDefault true; }; }; }; @@ -17214,6 +17720,7 @@ This holds modules that are to be used on most hosts. These are also the most im swayosd = lib.mkDefault true; yubikeytouch = lib.mkDefault true; sway = lib.mkDefault true; + niri = lib.mkDefault true; kanshi = lib.mkDefault true; gpgagent = lib.mkDefault true; gammastep = lib.mkDefault true; @@ -20470,6 +20977,7 @@ The hook functions are defined here: [[#h:34506761-06b9-43b5-a818-506d9b3faf28][ '((:maildir "/leon/Inbox" :key ?1) (:maildir "/nautilus/Inbox" :key ?2) (:maildir "/mrswarsel/Inbox" :key ?3) + (:maildir "/work/Inbox" :key ?4) (:maildir "/Sent Mail" :key ?s) (:maildir "/Trash" :key ?t) (:maildir "/Drafts" :key ?d) @@ -20513,7 +21021,6 @@ This adds the simple utility of sending desktop notifications whenever a new mai This provides a beautiful calender to emacs. -Yes, I am aware that I am exposing my university-calendar to the public here. I can imagine worse things ;) if you however know how to obscure this, let me know! #+begin_src emacs-lisp @@ -22243,42 +22750,60 @@ before-sleep 'swaylock -f --screenshots --clock --effect-blur 7x5 --effect-vigne :CUSTOM_ID: h:2e9b84d7-cb18-4e74-83f8-65ada11a8911 :END: -#+begin_src css :tangle files/stylix/swarsel.yaml :mkdirp yes -# scheme: "better-contrast" -author: "Swarsel" -base00: "1D252C" # #1d252c passt -base01: "171D23" # #171d23 -base02: "5EC4FF" # #5EC4FF -base03: "566C7D" # #566C7D passt -base04: "5EC4FF" # #5EC4FF passt -base05: "A0B3C5" # #A0B3C5 passt -base06: "C06ECE" # #C06ECE passt -base07: "A0B3C5" # #A0B3C5 passt -base08: "D95468" # #D95468 passt -base09: "FFA880" # #ffA880 passt -base0A: "5EC4FF" # #5EC4FF -base0B: "8BD49C" # #8BD49C -base0C: "008B94" # #008B94 passt -base0D: "5EC4FF" # #5EC4FF passt -base0E: "C06ECE" # #C06ECE passt -base0F: "5EC4FF" # #5EC4FF passt +#+begin_src bash :tangle files/stylix/swarsel.yaml :mkdirp yes + # scheme: "better-contrast" + author: "Swarsel" + author: "Swarsel" + base00: "1d252c" #1d252c" + base01: "171d23" #171d23" + base02: "206a86" #206a86" + base03: "003a66" #003a66" + base04: "5ec4ff" #5ec4ff" + base05: "a0b3c5" #a0b3c5" + base06: "7ed4ff" #7ed4ff" + base07: "8ef4ff" #8ef4ff" + base08: "d95468" #d95468" + base09: "ffa880" #ffa880" + base0A: "6ed4ff" #6ed4ff" + base0B: "8bd49c" #8bd49c" + base0C: "008b94" #008b94" + base0D: "5ec4ff" #5ec4ff" + base0E: "c06ece" #c06ece" + base0F: "3c0044" #3c0044" -# base00 - Default Background -# base01 - Lighter Background (Used for status bars) -# base02 - Selection Background -# base03 - Comments, Invisibles, Line Highlighting -# base04 - Dark Foreground (Used for status bars) -# base05 - Default Foreground, Caret, Delimiters, Operators -# base06 - Light Foreground (Not often used) -# base07 - Light Background (Not often used) -# base08 - Variables, XML Tags, Markup Link Text, Markup Lists, Diff Deleted -# base09 - Integers, Boolean, Constants, XML Attributes, Markup Link Url -# base0A - Classes, Markup Bold, Search Text Background -# base0B - Strings, Inherited Class, Markup Code, Diff Inserted -# base0C - Support, Regular Expressions, Escape Characters, Markup Quotes -# base0D - Functions, Methods, Attribute IDs, Headings -# base0E - Keywords, Storage, Selector, Markup Italic, Diff Changed -# base0F - Deprecated, Opening/Closing Embedded Language Tags, e.g. + # base00: "1D252C" # #1d252c passt + # base01: "171D23" # #171d23 + # base02: "5EC4FF" # #5EC4FF + # base03: "566C7D" # #566C7D passt + # base04: "5EC4FF" # #5EC4FF passt + # base05: "A0B3C5" # #A0B3C5 passt + # base06: "C06ECE" # #C06ECE passt + # base07: "A0B3C5" # #A0B3C5 passt + # base08: "D95468" # #D95468 passt + # base09: "FFA880" # #ffA880 passt + # base0A: "5EC4FF" # #5EC4FF + # base0B: "8BD49C" # #8BD49C + # base0C: "008B94" # #008B94 passt + # base0D: "5EC4FF" # #5EC4FF passt + # base0E: "C06ECE" # #C06ECE passt + # base0F: "5EC4FF" # #5EC4FF passt + + # base00 - Default Background + # base01 - Lighter Background (Used for status bars) + # base02 - Selection Background + # base03 - Comments, Invisibles, Line Highlighting + # base04 - Dark Foreground (Used for status bars) + # base05 - Default Foreground, Caret, Delimiters, Operators + # base06 - Light Foreground (Not often used) + # base07 - Light Background (Not often used) + # base08 - Variables, XML Tags, Markup Link Text, Markup Lists, Diff Deleted + # base09 - Integers, Boolean, Constants, XML Attributes, Markup Link Url + # base0A - Classes, Markup Bold, Search Text Background + # base0B - Strings, Inherited Class, Markup Code, Diff Inserted + # base0C - Support, Regular Expressions, Escape Characters, Markup Quotes + # base0D - Functions, Methods, Attribute IDs, Headings + # base0E - Keywords, Storage, Selector, Markup Italic, Diff Changed + # base0F - Deprecated, Opening/Closing Embedded Language Tags, e.g. #+end_src ** .gitmessage :PROPERTIES: diff --git a/files/emacs/init.el b/files/emacs/init.el index 05a8905..7f8999a 100644 --- a/files/emacs/init.el +++ b/files/emacs/init.el @@ -1579,6 +1579,7 @@ create a new one." '((:maildir "/leon/Inbox" :key ?1) (:maildir "/nautilus/Inbox" :key ?2) (:maildir "/mrswarsel/Inbox" :key ?3) + (:maildir "/work/Inbox" :key ?4) (:maildir "/Sent Mail" :key ?s) (:maildir "/Trash" :key ?t) (:maildir "/Drafts" :key ?d) diff --git a/files/scripts/command-not-found.sh b/files/scripts/command-not-found.sh index 4cd0b87..c81cb7a 100644 --- a/files/scripts/command-not-found.sh +++ b/files/scripts/command-not-found.sh @@ -6,7 +6,7 @@ command_not_found_handle() { fi echo -n "searching nix-index..." - ATTRS=$(@nix-locate@ --minimal --no-group --type x --type s --top-level --whole-name --at-root "/bin/$1") + ATTRS=$(@nix-locate@ --minimal --no-group --type x --type s --whole-name --at-root "/bin/$1") case $(echo -n "$ATTRS" | grep -c "^") in 0) diff --git a/files/scripts/screenshare.sh b/files/scripts/screenshare.sh deleted file mode 100644 index e4d4f5f..0000000 --- a/files/scripts/screenshare.sh +++ /dev/null @@ -1,23 +0,0 @@ -headless="false" -while [[ $# -gt 0 ]]; do - case "$1" in - -h) - headless="true" - ;; - *) - echo "Invalid option detected." - ;; - esac - shift -done - -SHARESCREEN="$(nix eval --raw ~/.dotfiles#nixosConfigurations."$(hostname)".config.home-manager.users."$(whoami)".swarselsystems.sharescreen)" - -if [[ $headless == "true" ]]; then - wl-mirror "$SHARESCREEN" -else - wl-mirror "$SHARESCREEN" & - sleep 0.1 - swaymsg '[app_id=at.yrlf.wl_mirror] move to workspace 14:T' - swaymsg '[app_id=at.yrlf.wl_mirror] fullscreen' -fi diff --git a/files/scripts/swarselcheck-niri.sh b/files/scripts/swarselcheck-niri.sh new file mode 100644 index 0000000..6bfb966 --- /dev/null +++ b/files/scripts/swarselcheck-niri.sh @@ -0,0 +1,36 @@ +while :; do + case ${1:-} in + -k | --kitty) + cmd=(sh -c 'kitty --app-id kittyterm -T kittyterm -o confirm_os_window_close=0 zellij attach --create kittyterm' '&') + searchapp="kittyterm" + ;; + -e | --element) + cmd=(element-desktop) + searchapp="Element" + ;; + -d | --vesktop) + cmd=(vesktop) + searchapp="vesktop" + ;; + -s | --spotifyplayer) + cmd=(sh -c 'kitty --add-id spotifytui -T spotifytui -o confirm_os_window_close=0 spotify_player' '&') + searchapp="spotifytui" + ;; + *) break ;; + esac + shift +done + +WIN_INFO=$(niri msg -j windows | jq --arg search "$searchapp" '.[] | select (.app_id | test($search)) | { id, is_focused, workspace_id }') +ID=$(echo "$WIN_INFO" | jq -r '.id // empty') +IS_FOCUSED=$(echo "$WIN_INFO" | jq -r '.is_focused // empty') +TARGET_MONITOR=$(niri msg -j workspaces | jq --arg search "" '.[] | select (.name != null and (.name | test($search))) | { output }' | jq -r '.output // empty') +CURRENT_WORKSPACE=$(niri msg -j workspaces | jq -r '.[] | select (.is_active == true) | .output // empty') + +if [ -z "$ID" ]; then + niri msg action spawn -- "${cmd[@]}" +elif [ "$IS_FOCUSED" ]; then + niri msg action move-window-to-workspace "" --window-id "$ID" --focus false +else + niri msg action focus-monitor "$TARGET_MONITOR" && niri msg action move-window-to-workspace "$CURRENT_WORKSPACE" --window-id "$ID" && niri msg action focus-floating +fi diff --git a/files/scripts/swarselcheck.sh b/files/scripts/swarselcheck.sh index e941f1b..b581068 100644 --- a/files/scripts/swarselcheck.sh +++ b/files/scripts/swarselcheck.sh @@ -25,7 +25,7 @@ if [[ $kitty -eq 1 ]]; then STR=$(swaymsg -t get_tree | jq -r 'recurse(.nodes[]) | select(.name == "__i3_scratch")' | grep kittyterm || true) CHECK=$(swaymsg -t get_tree | grep kittyterm || true) if [ "$CHECK" == "" ]; then - exec kitty -T kittyterm -o confirm_os_window_close=0 zellij attach --create kittyterm & + exec kitty --app-id kittyterm -T kittyterm -o confirm_os_window_close=0 zellij attach --create kittyterm & sleep 1 fi if [ "$STR" == "" ]; then @@ -51,7 +51,7 @@ elif [[ $spotifyplayer -eq 1 ]]; then STR=$(swaymsg -t get_tree | jq -r 'recurse(.nodes[]) | select(.name == "__i3_scratch")' | grep spotifytui || true) CHECK=$(swaymsg -t get_tree | grep spotifytui || true) if [ "$CHECK" == "" ]; then - exec kitty -T spotifytui -o confirm_os_window_close=0 spotify_player & + exec kitty --add-id spotifytui -T spotifytui -o confirm_os_window_close=0 spotify_player & sleep 1 fi if [ "$STR" == "" ]; then diff --git a/files/stylix/swarsel.yaml b/files/stylix/swarsel.yaml index 772524b..155b93e 100644 --- a/files/stylix/swarsel.yaml +++ b/files/stylix/swarsel.yaml @@ -1,21 +1,39 @@ # scheme: "better-contrast" author: "Swarsel" -base00: "1D252C" # #1d252c passt -base01: "171D23" # #171d23 -base02: "5EC4FF" # #5EC4FF -base03: "566C7D" # #566C7D passt -base04: "5EC4FF" # #5EC4FF passt -base05: "A0B3C5" # #A0B3C5 passt -base06: "C06ECE" # #C06ECE passt -base07: "A0B3C5" # #A0B3C5 passt -base08: "D95468" # #D95468 passt -base09: "FFA880" # #ffA880 passt -base0A: "5EC4FF" # #5EC4FF -base0B: "8BD49C" # #8BD49C -base0C: "008B94" # #008B94 passt -base0D: "5EC4FF" # #5EC4FF passt -base0E: "C06ECE" # #C06ECE passt -base0F: "5EC4FF" # #5EC4FF passt +author: "Swarsel" +base00: "1d252c" #1d252c" +base01: "171d23" #171d23" +base02: "206a86" #206a86" +base03: "003a66" #003a66" +base04: "5ec4ff" #5ec4ff" +base05: "a0b3c5" #a0b3c5" +base06: "7ed4ff" #7ed4ff" +base07: "8ef4ff" #8ef4ff" +base08: "d95468" #d95468" +base09: "ffa880" #ffa880" +base0A: "6ed4ff" #6ed4ff" +base0B: "8bd49c" #8bd49c" +base0C: "008b94" #008b94" +base0D: "5ec4ff" #5ec4ff" +base0E: "c06ece" #c06ece" +base0F: "3c0044" #3c0044" + +# base00: "1D252C" # #1d252c passt +# base01: "171D23" # #171d23 +# base02: "5EC4FF" # #5EC4FF +# base03: "566C7D" # #566C7D passt +# base04: "5EC4FF" # #5EC4FF passt +# base05: "A0B3C5" # #A0B3C5 passt +# base06: "C06ECE" # #C06ECE passt +# base07: "A0B3C5" # #A0B3C5 passt +# base08: "D95468" # #D95468 passt +# base09: "FFA880" # #ffA880 passt +# base0A: "5EC4FF" # #5EC4FF +# base0B: "8BD49C" # #8BD49C +# base0C: "008B94" # #008B94 passt +# base0D: "5EC4FF" # #5EC4FF passt +# base0E: "C06ECE" # #C06ECE passt +# base0F: "5EC4FF" # #5EC4FF passt # base00 - Default Background # base01 - Lighter Background (Used for status bars) diff --git a/flake.lock b/flake.lock index 394265e..feca779 100644 --- a/flake.lock +++ b/flake.lock @@ -510,7 +510,7 @@ "swarsel", "nixpkgs" ], - "nixpkgs-stable": "nixpkgs-stable_3" + "nixpkgs-stable": "nixpkgs-stable_4" }, "locked": { "lastModified": 1751908357, @@ -533,7 +533,7 @@ "swarsel", "nixpkgs" ], - "nixpkgs-stable": "nixpkgs-stable_5" + "nixpkgs-stable": "nixpkgs-stable_6" }, "locked": { "lastModified": 1751908357, @@ -1887,6 +1887,64 @@ "type": "github" } }, + "niri-flake": { + "inputs": { + "niri-stable": "niri-stable", + "niri-unstable": "niri-unstable", + "nixpkgs": [ + "nixpkgs" + ], + "nixpkgs-stable": "nixpkgs-stable_2", + "xwayland-satellite-stable": "xwayland-satellite-stable", + "xwayland-satellite-unstable": "xwayland-satellite-unstable" + }, + "locked": { + "lastModified": 1754797984, + "narHash": "sha256-t2WFkdB2qUyZt5rdqmJ340kqhvQWWOCJBJIc1nQ/Hg4=", + "owner": "sodiboo", + "repo": "niri-flake", + "rev": "647a310f1eaa59abec8aa215ff69d8979195425e", + "type": "github" + }, + "original": { + "owner": "sodiboo", + "repo": "niri-flake", + "type": "github" + } + }, + "niri-stable": { + "flake": false, + "locked": { + "lastModified": 1748151941, + "narHash": "sha256-z4viQZLgC2bIJ3VrzQnR+q2F3gAOEQpU1H5xHtX/2fs=", + "owner": "YaLTeR", + "repo": "niri", + "rev": "8ba57fcf25d2fc9565131684a839d58703f1dae7", + "type": "github" + }, + "original": { + "owner": "YaLTeR", + "ref": "v25.05.1", + "repo": "niri", + "type": "github" + } + }, + "niri-unstable": { + "flake": false, + "locked": { + "lastModified": 1754742008, + "narHash": "sha256-Tp0FG7VpLudVEC622d91z2hbdfPLCXxw0Nv43iNN4O0=", + "owner": "YaLTeR", + "repo": "niri", + "rev": "67361f88fd01974ebee4cf80f0e29c87d805cc39", + "type": "github" + }, + "original": { + "owner": "YaLTeR", + "repo": "niri", + "type": "github" + } + }, "nix-darwin": { "inputs": { "nixpkgs": [ @@ -2463,11 +2521,11 @@ }, "nixpkgs-dev": { "locked": { - "lastModified": 1754384443, - "narHash": "sha256-sjSFVbQhMJ6c3x/DUWmactuR2sw1FtLzBMXMyicOQSU=", + "lastModified": 1756088794, + "narHash": "sha256-aBaRmk3lNNUm/1H1Jf6hA8miLg3HsYEhcuxUXTGa2gw=", "owner": "Swarsel", "repo": "nixpkgs", - "rev": "d078a753aa08f98a2aa11922f87ae2b11bf67ca9", + "rev": "2d9f8b36adb25667fbc313f141444dea4d496850", "type": "github" }, "original": { @@ -2881,6 +2939,22 @@ } }, "nixpkgs-stable_3": { + "locked": { + "lastModified": 1754689972, + "narHash": "sha256-eogqv6FqZXHgqrbZzHnq43GalnRbLTkbBbFtEfm1RSc=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "fc756aa6f5d3e2e5666efcf865d190701fef150a", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-25.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-stable_4": { "locked": { "lastModified": 1751274312, "narHash": "sha256-/bVBlRpECLVzjV19t5KMdMFWSwKLtb5RyXdjz3LJT+g=", @@ -2896,7 +2970,7 @@ "type": "github" } }, - "nixpkgs-stable_4": { + "nixpkgs-stable_5": { "locked": { "lastModified": 1751741127, "narHash": "sha256-t75Shs76NgxjZSgvvZZ9qOmz5zuBE8buUaYD28BMTxg=", @@ -2912,7 +2986,7 @@ "type": "github" } }, - "nixpkgs-stable_5": { + "nixpkgs-stable_6": { "locked": { "lastModified": 1751274312, "narHash": "sha256-/bVBlRpECLVzjV19t5KMdMFWSwKLtb5RyXdjz3LJT+g=", @@ -2928,7 +3002,7 @@ "type": "github" } }, - "nixpkgs-stable_6": { + "nixpkgs-stable_7": { "locked": { "lastModified": 1751741127, "narHash": "sha256-t75Shs76NgxjZSgvvZZ9qOmz5zuBE8buUaYD28BMTxg=", @@ -3232,11 +3306,11 @@ }, "nixpkgs_27": { "locked": { - "lastModified": 1754725699, - "narHash": "sha256-iAcj9T/Y+3DBy2J0N+yF9XQQQ8IEb5swLFzs23CdP88=", + "lastModified": 1755615617, + "narHash": "sha256-HMwfAJBdrr8wXAkbGhtcby1zGFvs+StOp19xNsbqdOg=", "owner": "nixos", "repo": "nixpkgs", - "rev": "85dbfc7aaf52ecb755f87e577ddbe6dbbdbc1054", + "rev": "20075955deac2583bb12f07151c2df830ef346b4", "type": "github" }, "original": { @@ -3985,6 +4059,7 @@ "home-manager": "home-manager", "impermanence": "impermanence", "lanzaboote": "lanzaboote", + "niri-flake": "niri-flake", "nix-darwin": "nix-darwin", "nix-index-database": "nix-index-database", "nix-on-droid": "nix-on-droid", @@ -3995,7 +4070,7 @@ "nixpkgs": "nixpkgs_4", "nixpkgs-dev": "nixpkgs-dev", "nixpkgs-kernel": "nixpkgs-kernel", - "nixpkgs-stable": "nixpkgs-stable_2", + "nixpkgs-stable": "nixpkgs-stable_3", "nixpkgs-stable24_05": "nixpkgs-stable24_05", "nixpkgs-stable24_11": "nixpkgs-stable24_11", "nswitch-rcm-nix": "nswitch-rcm-nix", @@ -4382,7 +4457,7 @@ "nixpkgs": "nixpkgs_12", "nixpkgs-dev": "nixpkgs-dev_2", "nixpkgs-kernel": "nixpkgs-kernel_2", - "nixpkgs-stable": "nixpkgs-stable_4", + "nixpkgs-stable": "nixpkgs-stable_5", "nixpkgs-stable24_05": "nixpkgs-stable24_05_2", "nixpkgs-stable24_11": "nixpkgs-stable24_11_2", "nswitch-rcm-nix": "nswitch-rcm-nix_2", @@ -4416,11 +4491,11 @@ "systems": "systems_17" }, "locked": { - "lastModified": 1754846369, - "narHash": "sha256-yT9Z1VS/i9ZkqdeMYjACd0xPmF/X0ZILt7YTlHfBD8k=", + "lastModified": 1756088962, + "narHash": "sha256-YkCFGvVfT3TcXTIhnzctUCft5Do8NIwTGqwToKUMY3Y=", "owner": "Swarsel", "repo": "swarsel-modules", - "rev": "60a2c35486f458e9ae95883801d8509840096d21", + "rev": "f1ceec3b17ed4b009ee9bac92c14308f57bcedb7", "type": "github" }, "original": { @@ -4450,7 +4525,7 @@ "nixpkgs": "nixpkgs_20", "nixpkgs-dev": "nixpkgs-dev_3", "nixpkgs-kernel": "nixpkgs-kernel_3", - "nixpkgs-stable": "nixpkgs-stable_6", + "nixpkgs-stable": "nixpkgs-stable_7", "nixpkgs-stable24_05": "nixpkgs-stable24_05_3", "nixpkgs-stable24_11": "nixpkgs-stable24_11_3", "nswitch-rcm-nix": "nswitch-rcm-nix_3", @@ -5135,6 +5210,39 @@ "url": "ssh://git@github.com/vbc-it/vbc-nix.git" } }, + "xwayland-satellite-stable": { + "flake": false, + "locked": { + "lastModified": 1748488455, + "narHash": "sha256-IiLr1alzKFIy5tGGpDlabQbe6LV1c9ABvkH6T5WmyRI=", + "owner": "Supreeeme", + "repo": "xwayland-satellite", + "rev": "3ba30b149f9eb2bbf42cf4758d2158ca8cceef73", + "type": "github" + }, + "original": { + "owner": "Supreeeme", + "ref": "v0.6", + "repo": "xwayland-satellite", + "type": "github" + } + }, + "xwayland-satellite-unstable": { + "flake": false, + "locked": { + "lastModified": 1754533920, + "narHash": "sha256-fCZ68Yud1sUCq6UNXj0SDyiBgVA8gJUE+14ZFGsFJG8=", + "owner": "Supreeeme", + "repo": "xwayland-satellite", + "rev": "e0d1dad25a158551ab58547b2ece4b7d5a19929c", + "type": "github" + }, + "original": { + "owner": "Supreeeme", + "repo": "xwayland-satellite", + "type": "github" + } + }, "zjstatus": { "inputs": { "crane": "crane_4", diff --git a/flake.nix b/flake.nix index af2d912..d70ec01 100644 --- a/flake.nix +++ b/flake.nix @@ -87,6 +87,11 @@ url = "github:Gerg-l/spicetify-nix"; inputs.nixpkgs.follows = "nixpkgs"; }; + niri-flake = { + url = "github:sodiboo/niri-flake"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + }; outputs = inputs: diff --git a/hosts/nixos/moonside/default.nix b/hosts/nixos/moonside/default.nix index 86555e5..69d0afb 100644 --- a/hosts/nixos/moonside/default.nix +++ b/hosts/nixos/moonside/default.nix @@ -14,6 +14,7 @@ in # defaultSopsFile = lib.mkForce "/home/swarsel/.dotfiles/secrets/moonside/secrets.yaml"; secrets = { wireguard-private-key = { inherit sopsFile; }; + wireguard-home-preshared-key = { inherit sopsFile; }; }; }; @@ -49,16 +50,23 @@ in interfaces = { home-vpn = { privateKeyFile = config.sops.secrets.wireguard-private-key.path; - ips = [ "192.168.3.4/32" ]; + # ips = [ "192.168.3.4/32" ]; + ips = [ "192.168.178.201/24" ]; peers = [ { - publicKey = "NNGvakADslOTCmN9HJOW/7qiM+oJ3jAlSZGoShg4ZWw="; + # publicKey = "NNGvakADslOTCmN9HJOW/7qiM+oJ3jAlSZGoShg4ZWw="; + publicKey = "PmeFInoEJcKx+7Kva4dNnjOEnJ8lbudSf1cbdo/tzgw="; + presharedKeyFile = config.sops.secrets.wireguard-home-preshared-key.path; name = "moonside"; persistentKeepalive = 25; - endpoint = "${config.repo.secrets.common.ipv4}:51820"; + # endpoint = "${config.repo.secrets.common.ipv4}:51820"; + endpoint = "${config.repo.secrets.common.wireguardEndpoint}"; + # allowedIPs = [ + # "192.168.3.0/24" + # "192.168.1.0/24" + # ]; allowedIPs = [ - "192.168.3.0/24" - "192.168.1.0/24" + "192.168.178.0/24" ]; } ]; @@ -127,6 +135,7 @@ in }; swarselsystems = { + flakePath = "/root/.dotfiles"; info = "VM.Standard.A1.Flex, 4 OCPUs, 24GB RAM"; isImpermanence = true; isSecureBoot = false; diff --git a/hosts/nixos/pyramid/default.nix b/hosts/nixos/pyramid/default.nix index b89f44d..20054e5 100644 --- a/hosts/nixos/pyramid/default.nix +++ b/hosts/nixos/pyramid/default.nix @@ -56,7 +56,8 @@ in }; monitors = { main = { - name = "BOE 0x0BC9 Unknown"; + # name = "BOE 0x0BC9 Unknown"; + name = "BOE 0x0BC9"; mode = "2560x1600"; # TEMPLATE scale = "1"; position = "2560,0"; diff --git a/hosts/nixos/winters/default.nix b/hosts/nixos/winters/default.nix index 9e872ff..5345157 100644 --- a/hosts/nixos/winters/default.nix +++ b/hosts/nixos/winters/default.nix @@ -10,6 +10,8 @@ loader.efi.canTouchEfiVariables = true; }; + globals.hosts.${config.node.name}.ipv4 = config.repo.secrets.local.ipv4; + networking = { inherit (config.repo.secrets.local) hostId; hostName = "winters"; diff --git a/hosts/nixos/winters/secrets/pii.nix.enc b/hosts/nixos/winters/secrets/pii.nix.enc index 9c0e82b..96c8140 100644 --- a/hosts/nixos/winters/secrets/pii.nix.enc +++ b/hosts/nixos/winters/secrets/pii.nix.enc @@ -1,18 +1,22 @@ { - "data": "ENC[AES256_GCM,data:Ow17QtITRfXk4BJGWb4jw1gX8HRIAdpBDpyGtif3Vb42cCqSWpLaIR1KecbU3OPkGesC/vh2tgmfE/xlm6nUR8kvRDZdhFr7UckeKFiD4hlfHBhGckaCXOiRZ3ACHrHfM/a2CbKDl14xLDMFDervdMRfB/4vjvnn9xvhjepZ1e7+Iopd9agL8r658AMFF3j2tRYZp7l5GLArs+7mUsFfXujkui1Xgh5+TRvYPh3zQ18RWyP4QMYP6HPHgHRH7S6uciUb6Qq1yEytOy3pCJTb+gZaa9xI1azzP7r83b7KeXdukupR+9fNWN52swDHXRugThMrh4kOrBdyaafJ1v2w4FTTPwj6JQvkxT+vMV4+WIclhD/FWtEHtUqsHDFnMzTIQfyTMt42HZKNdQDwp2fwuV1BP0qOUqRnheaTPiyZiZL8I27xDfwp5zfSqxA7KEzLL2uRbIPefdqNFlcte/xL9IkbTux+AmHaIjQeLkiPyMf2wc2NTIabWPk/ILC917vnancdAQuujB38SaWPrKeCEqDKsArvgjnmn47ctBND73G4PszieneCnuq4sNT9QrC81mk/AQv5TFG0i0fvPoXfpO4ul7MgaP+iPodb2CThHKDAwL+Gnq/6+tg+vJbTKxrsixHvYViA9p/ke1YaRFg2R8V7NwRDl68NI2yCaqj3qlS6Sa8Mx7IUQR6aCN4nkpcJs2GLVCEhWKFBsNXXhPa01C/81JGJ6+/zfHuGbY6gGtS7k3cZ9+dfizN29nBlp+A1U+Noxjl9arYOX4gjEnQhvo9Tp/gBCmrvXjoE6ja8XXUv78/Bfnvup52gdNunYRYv3Aj91F0u6fH6UqoWPXVTy6eznV727Pj9H1BPzMEfmf3EPc6Qcg7AR7vKORfH3U0PFXxFMY0kGEJdug5jmLuwUoRR9zOyHOqdS4Tk9BcMT02gRyQf6LZ3drDoqC35L5hop/gfbleUXXODn3cE1mEuAuZ08OSavZ24IHo1aMr50gjn32WSBKkjfC0dobBWzWwykxhu0vZZI3xYJx/59qqsodDGAJAhry5N6vrwM/PK/O73L2QBqkaT50eImIQ4+vpahcvFPRIkHLvQkzxlyH0dafuGyyF2gfig5Rq3vw02pT8z06LjmJ/ehvteyy1BE9CdiUvYHjaBXiWg2n5FvAe5e8EQxUx9+SwfwEpnucuocp7g+d3W3cXJOU6m9JxwvK7LX95MbpKOtdPq11yi35LLb1TikFLdFZyu+SeaNFD3AzQMOSem6Lwc7N7WHC5z3Ah7FvqqnL2J51hDfMLW78A7DCI9GNRVoyVjx++gRr+ftEf8UUAYmkJdT/D898wtLWmBXikY/2e36q3QJV0Hy3fGBjxLmN/Tdz62jgCaXrNdJqJTFZ5h+hjd03GT6utmPwp0D2lBSM0LXsZsql+jI54P8cFdu3S4mNIjHZqV1kmsk0MCCVJKnGODeLQLxJhp287N3+0HJEm4KicGWMchef/YeiLLtD7mz7ov/9OI,iv:KvoTnlj+f+eMsFEZP8F1v0r/xZ4aVBUWmO+zsQCvhS4=,tag:U1ziE2832QfNkP0yjIzBeA==,type:str]", + "data": "ENC[AES256_GCM,data:ehwByZT896X/hKe5CgolapiScCrPj9yhc99mWJ8HCDvK/p5JsZcq/fISfnhNDtXw2mk9DzdCAOkOqaJ2K/ZQTkTogqKbO/992K23hXe6xF/HhjjELJuRf5mnVT8Z9T27Co9w1FyGQnzIMEJcj7NVfnwjZjOSRFJG9u2tjRy09gO6cNnRF4fKZzqy3BRKWo/2CCib+nIFTrUX/tE9gUm0kIkX9lEDFH4lEXdNnVZTPeGM8OTAhiClWzqWInFqW9CrXaXuZrkfa0XyaXG4pWr+J8rYjBGqCHU4h43FqkUU0UKbapTbnY7yxlnwA61dueGYYpXGjRuyY8rVD9GWd7FgPO7SrgbvOb6nSGBOdDsBa2ME3ysG2+9tQwOvKbllpD3BlK0ettpcdpqBtpFUrpf8PUJsmWdzVZTP0ZVM0k3OdqLIPzgB5mLrcN5MvJ6MvWXWo1i/yWKGFVSGNfD8cieI7avIXm9zwSouDz06fmq9cWtZ4oG+z+h0fjsw7Ns5/mmH8r298JIQmJKg8LhShA0PCC4Yptv8RCDJMv6DRVMCqIEc10rpg0jDZWPImeHh4eCY6qyXoDsDRXVIEEYVawQJIN7PJfV3fN8X+wCJJatARIrFapJFLGNRCyFrIG5h5IhACwaBmawZrJf9WQVaKCLVQ+NDyC6PMmsmuV5b6JukrPruTfXYLFdIODEr8qVYfvwaCN1mqa/iVLO3T9zNUEed7bSuLj0KAQdEdoxhrB/hU7EO3q9VfjZXMlnDyDQNAPKwpnsk18kCgVWL3S2BKwQbfFvKi9Aqx0WtBkn6K9UJ0tZyOywz1RdhH/CL+FxOU4PsG8piNgrvWEqMDFPaefaj9BNKIY8Mhb1wDgb5etVbT7vvhIGTZfUVUAOcXmySqqiDdSNwImDZAMJmzAoArzyUswq/dVzNmCfm7Or9/KAZxp5nqM/DrfPw2wLWpOxxyY6R/irzT9KyhHHtv59IROIDtU0wm6gzU3j+oEJ2MgnpRzgqknDM1K8j9Wk/kzPcT9Hqp9N95NfLApQHaKuDtmqFoa09mIQa5pGFacArWA0P8PjEsj5vJLZ1n/+HG0odU3fv5z54Azd1MmHu1lIvIRlbvKDmtvFW53IyLnD1sqRMCkntsuuef8bIobS6An8wy08tP+bKaPX4pMLUD9TpSkYgPOJEx9MVpUyUSGiBnVoN/DJr3ZrDY6cB9d+nOD9euQLv0F+dXteArvuxe2uTvetnmta+fW0+fQhLOoD2tNehOq3jyn1/JJlIzhx4K6go1toNeUKcZX/niYhzYjSw6+q6kQPcz+t+LhqyWdlWnLEDMc2auiJRpImGMjGYYF+pK6tPkBftmR5h0DcG7EYgL2XGEGprKRIIUuZ4a+DGGqb1aL99WenwU+Wtz/kvohuLZd1jsym0lhgqxlenx54GIzMDCu6UF5vYd1dnqfpKH0HjlBFRCZk/WXCp6BFrgtmhbUhfCi4xCUniDsN2zeIzH7rF+uIdqsTtm2bbSLBZh3RqeswqFMSs7ZnQRjmT3CdXS7F45vX2pMyo,iv:AtYXO4kgmOsMys8DFNe7aCq1PJ9sBzsaAmaNGVNMq4A=,tag:2ovss2xLfW3GgcdLfltwcQ==,type:str]", "sops": { "age": [ { "recipient": "age1h72072slm2pthn9m2qwjsyy2dsazc6hz97kpzh4gksvv0r2jqecqul8w63", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyK0w2RjJ5R1l2ay94QXRj\nekJwSlowcFVLc1cvWVFjNEVFUnFocEJHYlNnCnBnUEYvNWdNWE9BTjB5ODRuTlAw\nMUh4QmlTeVVYNHM0S1FwWG5qUG42VDgKLS0tIHh5VlU2dVZmUlRIMDRlVEJmNU55\ncFlXR1BzMkVnMkFWN3BBZWhHalltMlEKibdARxBcFqaXUhYp3KkrrvO9YgaBDacl\n8BEv4ph0f2baDN0dsymJjmdHStwKTjOwDspRtCTs5u75hR35a2xyFQ==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBET1RmRTM5OUxJMGNyWUZK\nMXFqUWF2ZHhOZ1pxa0RDbkNzWnVzVFFCbTJrCm1oU25haDl5eFg5T1VzOXByai84\ndTR6TGREVnBHNlV4S254dzh2Z1lvK2sKLS0tIGFLaWJFQ2VwaWtxaURqNDU2ekRQ\na09Hbm4vNnVQaEV1aGtqTTVOUWN2b28KQaoPc/UKaeQ72GdlbtWFdALywHcUkewf\nK5pEz41pzDKOjatypm9X8ZEIEarjOHIZgMpazVM4i1PRUUefSE0phw==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age18quey88vge7xytclg2nuq4ncme86dg04lxwczqxczmdchnjg3p0saehsnh", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNeGtTZ0ZSV0trWlQrS2dV\nSFo0dytGYXhRTjl6cDZrUU0wZ1IybDVRaFZrCmZmRmxJNmdwS0xodHdEOGU4bldU\nR1JScHAvZHhlVTBJbWExb0VpR0h2MXMKLS0tIDYwQmZpMjdYRmpBeXFNOXArN0h5\nVGN1THljeCtVV0hXenMyRVJkMjlHNEEKm+yZTT48nYr3H0Bd1OKw/CYk1kwnrBzk\nTgSQHsGXhmOyDag9cSZ4wAOmqtqSjA9bouFBuhl2lSbgpjnarvFaXQ==\n-----END AGE ENCRYPTED FILE-----\n" } ], - "lastmodified": "2025-07-17T20:14:29Z", - "mac": "ENC[AES256_GCM,data:4YP1fp9Mcbx0pvS5l9Xzc5cbhFnBo5GkqyRvcEspNYQ3IW5LIWtPwItwLZH/ymfEkpwIVYOugnB12HJJo9jpudgfUMXtp43ImDUNVHs59qkNhJFmTSoEZMBHQjPtE/jE17OIAZzeA41EAItesrmExV1W8ePy7rTgHQl5BDooWME=,iv:vyZ0BGjMUDeoVMkDw6wLZK3KKIECK5caz/nQB3nXlGs=,tag:GAqKNcSf3Ny/WsB3tYM/og==,type:str]", + "lastmodified": "2025-08-12T18:21:56Z", + "mac": "ENC[AES256_GCM,data:6gxEKYRIefxE0DKWuc40wkOp/oCzKxg4jMz5WVqWHXUjOorz6A9TTLYo8UhYCVB8pwxC46iLCND3rDWudurz+2vl/tTDpuh04utB2f6GFy+g5f6Rs9x/KWWFR8pB/BwaG9tEW4UfF7bud6FYM9dY5fJADU6CPxpanOLdhzt7j8A=,iv:oxMFeIwbLFzvCZsmf/z5L3Wi4Quscx+zzD8dafEc66Y=,tag:hKfqVt2nZieQyqQAKexMiA==,type:str]", "pgp": [ { - "created_at": "2025-06-11T11:42:23Z", - "enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMAwDh3VI7VctTARAAnyYWn0oJCbksEr9jIZOTWwnFLVO5zZ1E7tuFahemk6RZ\ncxgYfM+w68PtZ+/2ixCecwrL6k3dVdlEq6eePifweWLFyexUjxxha/AKrCAjNkSa\n4gK/GYE/jPalcc8cfP6R/uXhWo/le+nB5XU92SZ0rtihD5yvHCYBdhOKq29F1hEk\nZCVIfkElwra72PO4pHMN0sBqca3iT4ryUrYZ/qwZa/7xKFBIGW2yaaAmgYDU1an8\nWeyk3h1JMshPtR++hpojKFuhnqSnUBOyOvM7BCwNyKsEGXfVdypFz7dF+lJejADb\nLeFH/XfLCgLIJ8npedBEUFfzo5VSTnbtX8VOEfzxgKaZZN7uK0aZQShBjUK+tc7D\nQRDUK0WUV+68Wk+4mzZsLfMWUP4sM8X4w8Z1mNmyyzntPHt9x8aZ/uCHdZnKs55c\nRKzcGEncI3qxen7JiI+tsKbIf+i1rPGTshy+T3YBg+HnuOl9J2sOin3UE1i88uxd\nOMwzDx5/X3VExxaoI3HP4k+cLHhrl6mbuzEuMDV2Penn+gCFuMiiIM+4WB7BZY6G\n9Tm5eX6muaIGxAK9IRA1uHwdLC28JnJQyrvgHE31axcFb+0MG2TkxlNOlOt0gQAp\n9+vN0meOJEfWB3bUjWSYvrboSOR7oNK7lZYob4YureWUAWfLg8KSsUyjNV4zlzGF\nAgwDC9FRLmchgYQBD/9NGOJqsqESVWL37cpkybyh9xKo45bHcGGSMOHQaqqcntyo\nqCmMS9y6uIBypmd/qKK8csLYAask4UQm8/8GDtUDn0IbE7p5eJ73iHJ3wtkEojig\nXroCV3a8rgaVtSueRGzYuR9UHRU5GgDkW76aAtdiT6lecBs+Mu8rs0++kw8hD7tN\ntSuGeImbwSvR4ow1sSsN2XQLPptgYRjDJ86fvjK6CWQrnKCwJa+R6GN7V+K+kQIK\nTfpJhDtL7JQdz0t/zS5NsnMLhfVHeL9WLjEeOp4VTPflBfAMPLxnC3iVnferCehI\nY8rLWsPfJDDij3nf2QHMTeSMgiminR2gDoNVJ/j5Ac88zNxReQpFh0YAoYtzs27O\nKoDZc8xVxnesx6Yyq+f2d79RqM2swyuP1go5RnrrHdOP25mJLb2yhPCv5765fPRr\ni+9iTSTJn5XNwybvRBYp0l4zTeSSRdVky/8sWXDnJo23uvRXdW1lqJTgsWvseSLD\nugJP5QpCg4mynViWUlQvHpYS0E1xi4lSA0y6HFA6SyIUqupLBtazaOJGUv1MMUBp\n3nLviBtbyWn/9mSlXvzpjKKneNc6jKft1lsUczYfXU7ErMrDHYpHULL0+HbYfFss\nqe2QYzWfWB0yW4FxOiqf2nFkUhoADDbUoBOlRJycZR589MCnKonMYlqtCdf87tJe\nAVJDXU2PQebZ8ef2O5S/zoP6bryOwLJ+6FciXimxHFK+b5PWRAiBvw3epsvohkYd\ny776qjx+U8nWKCR54H/i6pZlfnRM3XnSvUBKKnWlhfEB8CeDcG250AZUfp2T4w==\n=Aj1y\n-----END PGP MESSAGE-----", + "created_at": "2025-08-24T23:36:17Z", + "enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMAwDh3VI7VctTARAAwf7TLx0TR1HBhh57CyIQLw8ztc9oblKAW/V7bSlQM/wR\nIwQTcTi3azdI9yewDRO30rIr++FEapdGVdpXoqQ8zcl49VjwDux6wzF3bsmR5Goc\nlTkDd0bmz8RBfsK+6efXiRqo3C0yP2ZTOh3PSOvsXKbYS6wY3TvNBdGnAYrfOvEw\nmBFRhn6uakw3zjVUngB1di07DH3y0wEb/r6+Mzoswzg4DqT1SAdDkfS9dpn9h3MW\n3NBesYlOukLrNA5Toi6x/fmE2lrPHt5QxPdvfvKe5ye4myZ/gBn1mdejB6U9nOsk\nRCJFMosjBH7jIpwokTjUT6Vs+zs8yrF+gbP82H4RVfZymMfdZoU/pTfYe1Mwg6Yi\ntlHyiRBgSPBY8Doa2hM8/yvmfHVMqSQf8uXltz2VC7JUGD6P0QbDLpqY3URmHg/q\nwN3zYJLlSIkU6Z7oivTjfg0dR32Z80lCdZDQf+OQsRtCUi169Fgxr7+HhdxJyj49\nFIb6CR0DHW4vsEj1GPAa0Q4uMfCxLiSZfesY8myoCtlVo7oeqx787KicJB5PryHr\nyZweKd7tXO9g8LNJtECTZ81y2/sCfSZPBia6M4oz56pIFK4jhYCY3iPnWIS77axu\n5MmqZNOP06obp87nt1ea51BmXkaYxmSPoQ5R29CeYU+m9q+kKvizncgsCl/O7U6F\nAgwDC9FRLmchgYQBEADJo2kPzrxLHptsr6aoIxfYNrQ7JJM3FAZ7do5YvAbQsl5t\ny45qZ4+qWIEMRXwji2TvgSg8/ylnZfN2+rTHdtNJkDdJ2sX+RDr8pm7L3VS2Zhjf\nIp1SdPd5cm/3QupegzUR+kcPa+gPM4asGSytIkAnnpev/DCnLsrqiejdosTDj9dn\nFtPKJKSUBzJSNRxBSpM9L+cTU1qyMT024D5Qvq6vBOjFI1YV3LSfVXQe7OZxxxVX\naChkGR1v3UjndQ4Yv9hamJJ81lRLeIcVEOpOPxLHJX76AJUqP3fR/+m2Poah8bFF\n+yIdSp2jyWOoU60We72fvlEwxsTLl8Zani+xX2ckkUCe+wsiGJLch4Df1pepxpef\nb95wZ9L0msRdHY8vRQYapde/ju8CUHgywVX7+YH3EF1bJSnUOBmyOA76v9ir09am\n49g+VomkWUuzPJ2VYQXXH6d/qn/sm9Z9yxy7e1eh5m+9cd42b4sMdW6ZCTMAtGJF\nPX0SiOMR6S0hjKVBcfcyNoT/wo7wqEl4mYDpoCy10K0nYRn+ggJnIZEJzBWibMYH\nDWUDyuQIYLjOBAchFatXyMtbc8qDorYelLX7amPRDSiDhhj6Y5nYMJtUSwfTLwkN\nrI0Q4bjE+fgNACCqPoq/BDFZotcr1b664ZUJqgnTBPKZ5OnmW/iFkOfzu4fF9tJe\nAcekEPwsFbugu2bZ0Hs5Rl/Dh9p4L9gceuMiwJ3oYGA5cwXFCeVZLNqSDLy4upVX\nnXRaMzBNGgWo4geDq5JL10Mh7/1d4GGVxdts8RGdI8zUFTPV3GOaPEHeNyIO+g==\n=2UMI\n-----END PGP MESSAGE-----", "fp": "4BE7925262289B476DBBC17B76FD3810215AE097" } ], diff --git a/index.html b/index.html index 5801476..c915d7b 100644 --- a/index.html +++ b/index.html @@ -3,10 +3,10 @@ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> - + -SwarselSystems: NixOS + Emacs Configuration +SwarselSystems: NixOS + Emacs Configurationo