diff --git a/SwarselSystems.org b/SwarselSystems.org index 10f1c9f..3150785 100644 --- a/SwarselSystems.org +++ b/SwarselSystems.org @@ -1,4 +1,4 @@ -#+title: SwarselSystems: NixOS + Emacs Configuration +#+title: SwarselSystems: NixOS + Emacs Configurationo #+PROPERTY: header-args:emacs-lisp :tangle files/emacs/init.el :mkdirp yes #+PROPERTY: header-args:nix :mkdirp yes #+PROPERTY: header-args:nix-ts :mkdirp yes @@ -479,6 +479,11 @@ A short overview over each input and what it does: url = "github:Gerg-l/spicetify-nix"; inputs.nixpkgs.follows = "nixpkgs"; }; + niri-flake = { + url = "github:sodiboo/niri-flake"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + }; outputs = inputs: @@ -792,6 +797,7 @@ Lastly, in order make this actually available to my configurations, i use the =i inherit (globalsSystem.config.globals) domains services + hosts user root ; @@ -844,6 +850,7 @@ The rest of the outputs either define or help define the actual configurations: inputs.stylix.nixosModules.stylix inputs.nswitch-rcm-nix.nixosModules.nswitch-rcm inputs.swarsel-modules.nixosModules.default + inputs.niri-flake.nixosModules.niri "${self}/hosts/nixos/${configName}" "${self}/profiles/nixos" "${self}/modules/nixos" @@ -1473,6 +1480,10 @@ On the structure of overlays: as you notice, all of the attributes within overla ]; }; + isync = prev.isync.override { + withCyrusSaslXoauth2 = true; + }; + mgba = final.swarsel-mgba; retroarch = prev.retroarch.withCores (cores: with cores; [ @@ -1535,6 +1546,7 @@ On the structure of overlays: as you notice, all of the attributes within overla // (nixpkgs-stable24_05 final prev) // (nixpkgs-stable24_11 final prev) // (zjstatus final prev) + // (inputs.niri-flake.overlays.niri final prev) // (inputs.vbc-nix.overlays.default final prev) // (inputs.nur.overlays.default final prev) // (inputs.emacs-overlay.overlay final prev) @@ -1905,7 +1917,8 @@ My work machine. Built for more security, this is the gold standard of my config }; monitors = { main = { - name = "BOE 0x0BC9 Unknown"; + # name = "BOE 0x0BC9 Unknown"; + name = "BOE 0x0BC9"; mode = "2560x1600"; # TEMPLATE scale = "1"; position = "2560,0"; @@ -2348,6 +2361,8 @@ This is my main server that I run at home. It handles most tasks that require bi loader.efi.canTouchEfiVariables = true; }; + globals.hosts.${config.node.name}.ipv4 = config.repo.secrets.local.ipv4; + networking = { inherit (config.repo.secrets.local) hostId; hostName = "winters"; @@ -2754,6 +2769,7 @@ This machine mainly acts as my proxy server to stand before my local machines. # defaultSopsFile = lib.mkForce "/home/swarsel/.dotfiles/secrets/moonside/secrets.yaml"; secrets = { wireguard-private-key = { inherit sopsFile; }; + wireguard-home-preshared-key = { inherit sopsFile; }; }; }; @@ -2789,16 +2805,23 @@ This machine mainly acts as my proxy server to stand before my local machines. interfaces = { home-vpn = { privateKeyFile = config.sops.secrets.wireguard-private-key.path; - ips = [ "192.168.3.4/32" ]; + # ips = [ "192.168.3.4/32" ]; + ips = [ "192.168.178.201/24" ]; peers = [ { - publicKey = "NNGvakADslOTCmN9HJOW/7qiM+oJ3jAlSZGoShg4ZWw="; + # publicKey = "NNGvakADslOTCmN9HJOW/7qiM+oJ3jAlSZGoShg4ZWw="; + publicKey = "PmeFInoEJcKx+7Kva4dNnjOEnJ8lbudSf1cbdo/tzgw="; + presharedKeyFile = config.sops.secrets.wireguard-home-preshared-key.path; name = "moonside"; persistentKeepalive = 25; - endpoint = "${config.repo.secrets.common.ipv4}:51820"; + # endpoint = "${config.repo.secrets.common.ipv4}:51820"; + endpoint = "${config.repo.secrets.common.wireguardEndpoint}"; + # allowedIPs = [ + # "192.168.3.0/24" + # "192.168.1.0/24" + # ]; allowedIPs = [ - "192.168.3.0/24" - "192.168.1.0/24" + "192.168.178.0/24" ]; } ]; @@ -2867,6 +2890,7 @@ This machine mainly acts as my proxy server to stand before my local machines. }; swarselsystems = { + flakePath = "/root/.dotfiles"; info = "VM.Standard.A1.Flex, 4 OCPUs, 24GB RAM"; isImpermanence = true; isSecureBoot = false; @@ -3856,6 +3880,18 @@ in ); }; + hosts = mkOption { + type = types.attrsOf ( + types.submodule { + options = { + ipv4 = mkOption { + type = types.str; + }; + }; + } + ); + }; + domains = { main = mkOption { type = types.str; @@ -3932,7 +3968,7 @@ in emacs-radicale-pw = { owner = mainUser; }; }); templates = { - authinfo = { + authinfo = lib.mkIf modules.emacs { path = "${homeDir}/.emacs.d/.authinfo"; content = '' machine ${globals.services.radicale.domain} login ${radicaleUser} password ${config.sops.placeholder.emacs-radicale-pw} @@ -4170,7 +4206,7 @@ For that reason, make sure that =sops-nix= is properly working before finishing users = { root = { inherit (globals.root) hashedPassword; - shell = pkgs.zsh; + # shell = pkgs.zsh; }; "${config.swarselsystems.mainUser}" = { isNormalUser = true; @@ -4555,7 +4591,6 @@ Mostly used to install some compilers and lsp's that I want to have available wh dbus swaylock-effects syncthingtray-minimal - wl-mirror swayosd # secure boot @@ -4580,8 +4615,6 @@ Mostly used to install some compilers and lsp's that I want to have available wh # better make for general tasks just - screenshare - fullscreen # keyboards qmk @@ -4593,6 +4626,7 @@ Mostly used to install some compilers and lsp's that I want to have available wh # kde-connect xdg-desktop-portal + xdg-desktop-portal-gtk xdg-desktop-portal-wlr # bluetooth @@ -4830,325 +4864,326 @@ Pipewire handles communication on Wayland. This enables several sound tools as w Here I only enable =networkmanager= and a few default networks. The rest of the network config is done separately in [[#h:88bf4b90-e94b-46fb-aaf1-a381a512860d][System specific configuration]]. #+begin_src nix-ts :tangle modules/nixos/client/network.nix - { self, lib, pkgs, config, ... }: - let - certsSopsFile = self + /secrets/certs/secrets.yaml; - clientSopsFile = self + /secrets/${config.node.name}/secrets.yaml; + { self, lib, pkgs, config, ... }: + let + certsSopsFile = self + /secrets/certs/secrets.yaml; + clientSopsFile = self + /secrets/${config.node.name}/secrets.yaml; - inherit (config.swarselsystems) mainUser; - inherit (config.repo.secrets.common.network) wlan1 wlan2 mobile1 vpn1-location vpn1-cipher vpn1-address eduroam-anon; + inherit (config.swarselsystems) mainUser; + inherit (config.repo.secrets.common.network) wlan1 wlan2 mobile1 vpn1-location vpn1-cipher vpn1-address eduroam-anon; - iwd = config.networking.networkmanager.wifi.backend == "iwd"; - in - { - options.swarselsystems = { - firewall = lib.swarselsystems.mkTrueOption; - }; - options.swarselmodules.network = lib.mkEnableOption "network config"; - config = lib.mkIf config.swarselmodules.network { - - sops = { - secrets = lib.mkIf (!config.swarselsystems.isPublic) { - wlan1-pw = { }; - wlan2-pw = { }; - laptop-hotspot-pw = { }; - mobile-hotspot-pw = { }; - eduroam-user = { }; - eduroam-pw = { }; - pia-vpn-user = { }; - pia-vpn-pw = { }; - home-wireguard-client-private-key = { sopsFile = clientSopsFile; }; - home-wireguard-server-public-key = { }; - home-wireguard-endpoint = { }; - pia-vpn1-crl-pem = { sopsFile = certsSopsFile; }; - pia-vpn1-ca-pem = { sopsFile = certsSopsFile; }; - }; - templates = lib.mkIf (!config.swarselsystems.isPublic) { - "network-manager.env".content = '' - WLAN1_PW=${config.sops.placeholder.wlan1-pw} - WLAN2_PW=${config.sops.placeholder.wlan2-pw} - LAPTOP_HOTSPOT_PW=${config.sops.placeholder.laptop-hotspot-pw} - MOBILE_HOTSPOT_PW=${config.sops.placeholder.mobile-hotspot-pw} - EDUROAM_USER=${config.sops.placeholder.eduroam-user} - EDUROAM_PW=${config.sops.placeholder.eduroam-pw} - PIA_VPN_USER=${config.sops.placeholder.pia-vpn-user} - PIA_VPN_PW=${config.sops.placeholder.pia-vpn-pw} - HOME_WIREGUARD_CLIENT_PRIVATE_KEY=${config.sops.placeholder.home-wireguard-client-private-key} - HOME_WIREGUARD_SERVER_PUBLIC_KEY=${config.sops.placeholder.home-wireguard-server-public-key} - HOME_WIREGUARD_ENDPOINT=${config.sops.placeholder.home-wireguard-endpoint} - ''; - }; + iwd = config.networking.networkmanager.wifi.backend == "iwd"; + in + { + options.swarselsystems = { + firewall = lib.swarselsystems.mkTrueOption; }; + options.swarselmodules.network = lib.mkEnableOption "network config"; + config = lib.mkIf config.swarselmodules.network { - networking = { - inherit (config.swarselsystems) hostName; - wireless.iwd = { - enable = true; - settings = { - IPv6 = { - Enabled = true; - }; - Settings = { - AutoConnect = true; - }; - # DriverQuirks = { - # UseDefaultInterface = true; - # }; + sops = { + secrets = lib.mkIf (!config.swarselsystems.isPublic) { + wlan1-pw = { }; + wlan2-pw = { }; + laptop-hotspot-pw = { }; + mobile-hotspot-pw = { }; + eduroam-user = { }; + eduroam-pw = { }; + pia-vpn-user = { }; + pia-vpn-pw = { }; + home-wireguard-client-private-key = { sopsFile = clientSopsFile; }; + home-wireguard-server-public-key = { }; + home-wireguard-endpoint = { }; + pia-vpn1-crl-pem = { sopsFile = certsSopsFile; }; + pia-vpn1-ca-pem = { sopsFile = certsSopsFile; }; + }; + templates = lib.mkIf (!config.swarselsystems.isPublic) { + "network-manager.env".content = '' + WLAN1_PW=${config.sops.placeholder.wlan1-pw} + WLAN2_PW=${config.sops.placeholder.wlan2-pw} + LAPTOP_HOTSPOT_PW=${config.sops.placeholder.laptop-hotspot-pw} + MOBILE_HOTSPOT_PW=${config.sops.placeholder.mobile-hotspot-pw} + EDUROAM_USER=${config.sops.placeholder.eduroam-user} + EDUROAM_PW=${config.sops.placeholder.eduroam-pw} + PIA_VPN_USER=${config.sops.placeholder.pia-vpn-user} + PIA_VPN_PW=${config.sops.placeholder.pia-vpn-pw} + HOME_WIREGUARD_CLIENT_PRIVATE_KEY=${config.sops.placeholder.home-wireguard-client-private-key} + HOME_WIREGUARD_SERVER_PUBLIC_KEY=${config.sops.placeholder.home-wireguard-server-public-key} + HOME_WIREGUARD_ENDPOINT=${config.sops.placeholder.home-wireguard-endpoint} + ''; }; }; - nftables.enable = lib.mkDefault true; - enableIPv6 = lib.mkDefault true; - firewall = { - enable = lib.swarselsystems.mkStrong config.swarselsystems.firewall; - checkReversePath = lib.mkDefault false; - allowedUDPPorts = [ 51820 ]; # 51820: wireguard - allowedTCPPortRanges = [ - { from = 1714; to = 1764; } # kde-connect - ]; - allowedUDPPortRanges = [ - { from = 1714; to = 1764; } # kde-connect - ]; - }; - networkmanager = { - enable = true; - wifi.backend = "iwd"; - plugins = [ - # list of plugins: https://search.nixos.org/packages?query=networkmanager- - # docs https://networkmanager.dev/docs/vpn/ - pkgs.networkmanager-openconnect - pkgs.networkmanager-openvpn - ]; - ensureProfiles = lib.mkIf (!config.swarselsystems.isPublic) { - environmentFiles = [ - "${config.sops.templates."network-manager.env".path}" + networking = { + inherit (config.swarselsystems) hostName; + wireless.iwd = { + enable = true; + settings = { + IPv6 = { + Enabled = true; + }; + Settings = { + AutoConnect = true; + }; + # DriverQuirks = { + # UseDefaultInterface = true; + # }; + }; + }; + nftables.enable = lib.mkDefault true; + enableIPv6 = lib.mkDefault true; + firewall = { + enable = lib.swarselsystems.mkStrong config.swarselsystems.firewall; + checkReversePath = lib.mkDefault false; + allowedUDPPorts = [ 51820 ]; # 51820: wireguard + allowedTCPPortRanges = [ + { from = 1714; to = 1764; } # kde-connect ]; - profiles = let - inherit (config.repo.secrets.local.network) home-wireguard-address home-wireguard-allowed-ips; - in - { - ${wlan1} = { - connection = { - id = wlan1; - permissions = ""; - type = "wifi"; - }; - ipv4 = { - dns-search = ""; - method = "auto"; - }; - ipv6 = { - addr-gen-mode = "stable-privacy"; - dns-search = ""; - method = "auto"; - }; - wifi = { - mac-address-blacklist = ""; - mode = "infrastructure"; - ssid = wlan1; - }; - wifi-security = { - auth-alg = "open"; - key-mgmt = "wpa-psk"; - psk = "$WLAN1_PW"; - }; - }; + allowedUDPPortRanges = [ + { from = 1714; to = 1764; } # kde-connect + ]; + }; - LAN-Party = { - connection = { - autoconnect = "false"; - id = "LAN-Party"; - type = "ethernet"; + networkmanager = { + enable = true; + wifi.backend = "iwd"; + plugins = [ + # list of plugins: https://search.nixos.org/packages?query=networkmanager- + # docs https://networkmanager.dev/docs/vpn/ + pkgs.networkmanager-openconnect + pkgs.networkmanager-openvpn + ]; + ensureProfiles = lib.mkIf (!config.swarselsystems.isPublic) { + environmentFiles = [ + "${config.sops.templates."network-manager.env".path}" + ]; + profiles = let + inherit (config.repo.secrets.local.network) home-wireguard-address home-wireguard-allowed-ips; + in + { + ${wlan1} = { + connection = { + id = wlan1; + # permissions = ""; + type = "wifi"; + }; + ipv4 = { + # dns-search = ""; + method = "auto"; + }; + ipv6 = { + addr-gen-mode = "stable-privacy"; + # dns-search = ""; + method = "auto"; + }; + wifi = { + # mac-address-blacklist = ""; + mode = "infrastructure"; + band = "a"; + ssid = wlan1; + }; + wifi-security = { + # auth-alg = "open"; + key-mgmt = "wpa-psk"; + psk = "$WLAN1_PW"; + }; }; - ethernet = { - auto-negotiate = "true"; - cloned-mac-address = "preserve"; - }; - ipv4 = { method = "shared"; }; - ipv6 = { - addr-gen-mode = "stable-privacy"; - method = "auto"; - }; - proxy = { }; - }; - eduroam = { - "802-1x" = { - eap = if (!iwd) then "ttls;" else "peap;"; - identity = "$EDUROAM_USER"; - password = "$EDUROAM_PW"; - phase2-auth = "mschapv2"; - anonymous-identity = lib.mkIf iwd eduroam-anon; + LAN-Party = { + connection = { + autoconnect = "false"; + id = "LAN-Party"; + type = "ethernet"; + }; + ethernet = { + auto-negotiate = "true"; + cloned-mac-address = "preserve"; + }; + ipv4 = { method = "shared"; }; + ipv6 = { + addr-gen-mode = "stable-privacy"; + method = "auto"; + }; + proxy = { }; }; - connection = { - id = "eduroam"; - type = "wifi"; - }; - ipv4 = { method = "auto"; }; - ipv6 = { - addr-gen-mode = "default"; - method = "auto"; - }; - proxy = { }; - wifi = { - mode = "infrastructure"; - ssid = "eduroam"; - }; - wifi-security = { - auth-alg = "open"; - key-mgmt = "wpa-eap"; - }; - }; - local = { - connection = { - autoconnect = "false"; - id = "local"; - type = "ethernet"; + eduroam = { + "802-1x" = { + eap = if (!iwd) then "ttls;" else "peap;"; + identity = "$EDUROAM_USER"; + password = "$EDUROAM_PW"; + phase2-auth = "mschapv2"; + anonymous-identity = lib.mkIf iwd eduroam-anon; + }; + connection = { + id = "eduroam"; + type = "wifi"; + }; + ipv4 = { method = "auto"; }; + ipv6 = { + addr-gen-mode = "default"; + method = "auto"; + }; + proxy = { }; + wifi = { + mode = "infrastructure"; + ssid = "eduroam"; + }; + wifi-security = { + auth-alg = "open"; + key-mgmt = "wpa-eap"; + }; }; - ethernet = { }; - ipv4 = { - address1 = "10.42.1.1/24"; - method = "shared"; - }; - ipv6 = { - addr-gen-mode = "stable-privacy"; - method = "auto"; - }; - proxy = { }; - }; - ${wlan2} = { - connection = { - id = wlan2; - type = "wifi"; + local = { + connection = { + autoconnect = "false"; + id = "local"; + type = "ethernet"; + }; + ethernet = { }; + ipv4 = { + address1 = "10.42.1.1/24"; + method = "shared"; + }; + ipv6 = { + addr-gen-mode = "stable-privacy"; + method = "auto"; + }; + proxy = { }; }; - ipv4 = { method = "auto"; }; - ipv6 = { - addr-gen-mode = "stable-privacy"; - method = "auto"; - }; - proxy = { }; - wifi = { - band = "bg"; - mode = "infrastructure"; - ssid = wlan2; - }; - wifi-security = { - key-mgmt = "wpa-psk"; - psk = "$WLAN2_PW"; - }; - }; - ${mobile1} = { - connection = { - id = mobile1; - type = "wifi"; + ${wlan2} = { + connection = { + id = wlan2; + type = "wifi"; + }; + ipv4 = { method = "auto"; }; + ipv6 = { + addr-gen-mode = "stable-privacy"; + method = "auto"; + }; + proxy = { }; + wifi = { + band = "bg"; + mode = "infrastructure"; + ssid = wlan2; + }; + wifi-security = { + key-mgmt = "wpa-psk"; + psk = "$WLAN2_PW"; + }; }; - ipv4 = { method = "auto"; }; - ipv6 = { - addr-gen-mode = "default"; - method = "auto"; - }; - proxy = { }; - wifi = { - mode = "infrastructure"; - ssid = mobile1; - }; - wifi-security = { - auth-alg = "open"; - key-mgmt = "wpa-psk"; - psk = "$MOBILE_HOTSPOT_PW"; - }; - }; - home-wireguard = { - connection = { - id = "HomeVPN"; - type = "wireguard"; - autoconnect = "false"; - interface-name = "wg1"; + ${mobile1} = { + connection = { + id = mobile1; + type = "wifi"; + }; + ipv4 = { method = "auto"; }; + ipv6 = { + addr-gen-mode = "default"; + method = "auto"; + }; + proxy = { }; + wifi = { + mode = "infrastructure"; + ssid = mobile1; + }; + wifi-security = { + auth-alg = "open"; + key-mgmt = "wpa-psk"; + psk = "$MOBILE_HOTSPOT_PW"; + }; }; - wireguard = { private-key = "$HOME_WIREGUARD_CLIENT_PRIVATE_KEY"; }; - "wireguard-peer.$HOME_WIREGURARD_SERVER_PUBLIC_KEY" = { - endpoint = "$HOME_WIREGUARD_ENDPOINT"; - allowed-ips = home-wireguard-allowed-ips; - }; - ipv4 = { - method = "ignore"; - address1 = home-wireguard-address; - }; - ipv6 = { - addr-gen-mode = "stable-privacy"; - method = "ignore"; - }; - proxy = { }; - }; - pia-vpn1 = { - connection = { - autoconnect = "false"; - id = "PIA ${vpn1-location}"; - type = "vpn"; + home-wireguard = { + connection = { + id = "HomeVPN"; + type = "wireguard"; + autoconnect = "false"; + interface-name = "wg1"; + }; + wireguard = { private-key = "$HOME_WIREGUARD_CLIENT_PRIVATE_KEY"; }; + "wireguard-peer.$HOME_WIREGURARD_SERVER_PUBLIC_KEY" = { + endpoint = "$HOME_WIREGUARD_ENDPOINT"; + allowed-ips = home-wireguard-allowed-ips; + }; + ipv4 = { + method = "ignore"; + address1 = home-wireguard-address; + }; + ipv6 = { + addr-gen-mode = "stable-privacy"; + method = "ignore"; + }; + proxy = { }; }; - ipv4 = { method = "auto"; }; - ipv6 = { - addr-gen-mode = "stable-privacy"; - method = "auto"; - }; - proxy = { }; - vpn = { - auth = "sha1"; - ca = config.sops.secrets."pia-vpn1-ca-pem".path; - challenge-response-flags = "2"; - cipher = vpn1-cipher; - compress = "yes"; - connection-type = "password"; - crl-verify-file = config.sops.secrets."pia-vpn1-crl-pem".path; - dev = "tun"; - password-flags = "0"; - remote = vpn1-address; - remote-cert-tls = "server"; - reneg-seconds = "0"; - service-type = "org.freedesktop.NetworkManager.openvpn"; - username = "$PIA_VPN_USER"; - }; - vpn-secrets = { password = "$PIA_VPN_PW"; }; - }; - Hotspot = { - connection = { - autoconnect = "false"; - id = "Hotspot"; - type = "wifi"; + pia-vpn1 = { + connection = { + autoconnect = "false"; + id = "PIA ${vpn1-location}"; + type = "vpn"; + }; + ipv4 = { method = "auto"; }; + ipv6 = { + addr-gen-mode = "stable-privacy"; + method = "auto"; + }; + proxy = { }; + vpn = { + auth = "sha1"; + ca = config.sops.secrets."pia-vpn1-ca-pem".path; + challenge-response-flags = "2"; + cipher = vpn1-cipher; + compress = "yes"; + connection-type = "password"; + crl-verify-file = config.sops.secrets."pia-vpn1-crl-pem".path; + dev = "tun"; + password-flags = "0"; + remote = vpn1-address; + remote-cert-tls = "server"; + reneg-seconds = "0"; + service-type = "org.freedesktop.NetworkManager.openvpn"; + username = "$PIA_VPN_USER"; + }; + vpn-secrets = { password = "$PIA_VPN_PW"; }; }; - ipv4 = { method = "shared"; }; - ipv6 = { - addr-gen-mode = "default"; - method = "ignore"; - }; - proxy = { }; - wifi = { - mode = "ap"; - ssid = "Hotspot-${config.swarselsystems.mainUser}"; - }; - wifi-security = { - group = "ccmp;"; - key-mgmt = "wpa-psk"; - pairwise = "ccmp;"; - proto = "rsn;"; - psk = "$MOBILE_HOTSPOT_PW"; - }; - }; + Hotspot = { + connection = { + autoconnect = "false"; + id = "Hotspot"; + type = "wifi"; + }; + ipv4 = { method = "shared"; }; + ipv6 = { + addr-gen-mode = "default"; + method = "ignore"; + }; + proxy = { }; + wifi = { + mode = "ap"; + ssid = "Hotspot-${config.swarselsystems.mainUser}"; + }; + wifi-security = { + group = "ccmp;"; + key-mgmt = "wpa-psk"; + pairwise = "ccmp;"; + proto = "rsn;"; + psk = "$MOBILE_HOTSPOT_PW"; + }; + }; + + }; }; }; }; - }; - systemd.services.NetworkManager-ensure-profiles.after = [ "NetworkManager.service" ]; - }; - } + systemd.services.NetworkManager-ensure-profiles.after = [ "NetworkManager.service" ]; + }; + } #+end_src **** sops @@ -5180,7 +5215,7 @@ I use sops-nix to handle secrets that I want to have available on my machines at }; }; } -sh#+end_src +#+end_src **** Theme (stylix) :PROPERTIES: @@ -5443,6 +5478,35 @@ This is a super-convenient package that lets my remap my =CAPS= key to =ESC= if } #+end_src +***** keyd: remap SUPER + + +#+begin_src nix-ts :tangle modules/nixos/client/keyd.nix + { lib, config, ... }: + let + moduleName = "keyd"; + in + { + options.swarselmodules.${moduleName} = lib.mkEnableOption "${moduleName} tools config"; + config = lib.mkIf config.swarselmodules.${moduleName} { + services.keyd = { + enable = true; + keyboards = { + default = { + ids = [ "*" ]; + settings = { + main = { + leftmeta = "overload(meta, macro(rightmeta+z))"; + rightmeta = "overload(meta, macro(rightmeta+z))"; + }; + }; + }; + }; + }; + }; + } +#+end_src + ***** power-profiles-daemon :PROPERTIES: :CUSTOM_ID: h:82fbba41-3a46-4db7-aade-49e4c23fc475 @@ -5833,7 +5897,7 @@ This is used to better integrate Sway into the system on NixOS hosts. On the hom } #+end_src -**** xdg-portal +**** xdg-portal (Screensharing) :PROPERTIES: :CUSTOM_ID: h:872d5f46-2ffd-4076-9a2c-98783dd29434 :END: @@ -5847,11 +5911,11 @@ This allows me to use screen sharing on Wayland. The implementation is a bit cru config = lib.mkIf config.swarselmodules.xdg-portal { xdg.portal = { enable = true; - config = { - common = { - default = "wlr"; - }; - }; + # config = { + # common = { + # default = "wlr"; + # }; + # }; wlr.enable = true; wlr.settings.screencast = { output_name = "eDP-1"; @@ -6038,12 +6102,49 @@ Auto login for the initial session. comment = "Sway compositor managed by UWSM"; binPath = "/run/current-system/sw/bin/sway"; }; + niri = { + prettyName = "Niri"; + comment = "Niri compositor managed by UWSM"; + binPath = "/run/current-system/sw/bin/niri-session"; + }; }; }; }; } #+end_src +**** Niri + +Auto login for the initial session. + +#+begin_src nix-ts :tangle modules/nixos/client/niri.nix + { lib, config, pkgs, ... }: + let + moduleName = "niri"; + in + { + options.swarselmodules.${moduleName} = lib.mkEnableOption "${moduleName} settings"; + config = lib.mkIf config.swarselmodules.${moduleName} { + + environment.systemPackages = with pkgs; [ + wl-clipboard + wayland-utils + libsecret + cage + gamescope + xwayland-satellite-unstable + ]; + + niri-flake.cache.enable = true; + + programs.niri = { + enable = true; + package = pkgs.niri-unstable; # the actual niri that will be installed and used + }; + }; + } +#+end_src + *** Server :PROPERTIES: :CUSTOM_ID: h:e492c24a-83a0-4bcb-a084-706f49318651 @@ -6306,7 +6407,7 @@ Here I am forcing =startWhenNeeded= to false so that the value will not be set t :END: #+begin_src nix-ts :tangle modules/nixos/server/kavita.nix - { self, lib, config, pkgs, ... }: + { self, lib, config, pkgs, globals, ... }: let inherit (config.swarselsystems) sopsFile; @@ -6314,6 +6415,7 @@ Here I am forcing =startWhenNeeded= to false so that the value will not be set t serviceName = "kavita"; serviceUser = "kavita"; serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; + serviceAddress = globals.hosts.winters.ipv4; in { options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; @@ -6349,7 +6451,7 @@ Here I am forcing =startWhenNeeded= to false so that the value will not be set t upstreams = { ${serviceName} = { servers = { - "192.168.1.2:${builtins.toString servicePort}" = { }; + "${serviceAddress}:${builtins.toString servicePort}" = { }; }; }; }; @@ -6379,12 +6481,13 @@ Here I am forcing =startWhenNeeded= to false so that the value will not be set t :END: #+begin_src nix-ts :tangle modules/nixos/server/jellyfin.nix - { pkgs, lib, config, ... }: + { pkgs, lib, config, globals, ... }: let servicePort = 8096; serviceName = "jellyfin"; serviceUser = "jellyfin"; serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; + serviceAddress = globals.hosts.winters.ipv4; in { options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; @@ -6418,7 +6521,7 @@ Here I am forcing =startWhenNeeded= to false so that the value will not be set t upstreams = { ${serviceName} = { servers = { - "192.168.1.2:${builtins.toString servicePort}" = { }; + "${serviceAddress}:${builtins.toString servicePort}" = { }; }; }; }; @@ -6449,13 +6552,14 @@ Here I am forcing =startWhenNeeded= to false so that the value will not be set t :END: #+begin_src nix-ts :tangle modules/nixos/server/navidrome.nix - { pkgs, config, lib, ... }: + { pkgs, config, lib, globals, ... }: let servicePort = 4040; serviceName = "navidrome"; serviceUser = "navidrome"; serviceGroup = serviceUser; serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; + serviceAddress = globals.hosts.winters.ipv4; in { options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; @@ -6535,7 +6639,7 @@ Here I am forcing =startWhenNeeded= to false so that the value will not be set t upstreams = { ${serviceName} = { servers = { - "192.168.1.2:${builtins.toString servicePort}" = { }; + "${serviceAddress}:${builtins.toString servicePort}" = { }; }; }; }; @@ -6769,7 +6873,7 @@ Here I am forcing =startWhenNeeded= to false so that the value will not be set t :END: #+begin_src nix-ts :tangle modules/nixos/server/matrix.nix - { lib, config, pkgs, ... }: + { lib, config, pkgs, globals, ... }: let inherit (config.swarselsystems) sopsFile; @@ -6777,6 +6881,7 @@ Here I am forcing =startWhenNeeded= to false so that the value will not be set t serviceName = "matrix"; serviceDomain = config.repo.secrets.common.services.domains.matrix; serviceUser = "matrix-synapse"; + serviceAddress = globals.hosts.winters.ipv4; federationPort = 8448; whatsappPort = 29318; @@ -7064,7 +7169,7 @@ Here I am forcing =startWhenNeeded= to false so that the value will not be set t upstreams = { ${serviceName} = { servers = { - "192.168.1.2:${builtins.toString servicePort}" = { }; + "${serviceAddress}:${builtins.toString servicePort}" = { }; }; }; }; @@ -7124,7 +7229,7 @@ Here I am forcing =startWhenNeeded= to false so that the value will not be set t :END: #+begin_src nix-ts :tangle modules/nixos/server/nextcloud.nix - { pkgs, lib, config, ... }: + { pkgs, lib, config, globals, ... }: let inherit (config.repo.secrets.local.nextcloud) adminuser; inherit (config.swarselsystems) sopsFile; @@ -7134,6 +7239,7 @@ Here I am forcing =startWhenNeeded= to false so that the value will not be set t serviceGroup = serviceUser; serviceName = "nextcloud"; serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; + serviceAddress = globals.hosts.winters.ipv4; in { options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; @@ -7177,7 +7283,7 @@ Here I am forcing =startWhenNeeded= to false so that the value will not be set t upstreams = { ${serviceName} = { servers = { - "192.168.1.2:${builtins.toString servicePort}" = { }; + "${serviceAddress}:${builtins.toString servicePort}" = { }; }; }; }; @@ -7210,6 +7316,7 @@ Here I am forcing =startWhenNeeded= to false so that the value will not be set t serviceUser = "immich"; serviceName = "immich"; serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; + serviceAddress = globals.hosts.winters.ipv4; in { options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; @@ -7239,7 +7346,7 @@ Here I am forcing =startWhenNeeded= to false so that the value will not be set t upstreams = { ${serviceName} = { servers = { - "192.168.1.2:${builtins.toString servicePort}" = { }; + "${serviceAddress}:${builtins.toString servicePort}" = { }; }; }; }; @@ -7293,6 +7400,7 @@ Also I install Tika and Gotenberg, which are needed to create PDFs out of =.eml= serviceGroup = serviceUser; serviceName = "paperless"; serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; + serviceAddress = globals.hosts.winters.ipv4; tikaPort = 9998; gotenbergPort = 3002; @@ -7387,7 +7495,7 @@ Also I install Tika and Gotenberg, which are needed to create PDFs out of =.eml= upstreams = { ${serviceName} = { servers = { - "192.168.1.2:${builtins.toString servicePort}" = { }; + "${serviceAddress}:${builtins.toString servicePort}" = { }; }; }; }; @@ -7611,15 +7719,17 @@ Also I install Tika and Gotenberg, which are needed to create PDFs out of =.eml= :END: #+begin_src nix-ts :tangle modules/nixos/server/syncthing.nix - { lib, config, configName, ... }: + { lib, config, configName, globals, ... }: let + inherit (config.swarselsystems.syncthing) serviceDomain; + inherit (config.swarselsystems.syncthing) serviceIP; + servicePort = 8384; serviceUser = "syncthing"; serviceGroup = serviceUser; serviceName = "syncthing"; + serviceAddress = globals.hosts.winters.ipv4; specificServiceName = "syncthing-${configName}"; - inherit (config.swarselsystems.syncthing) serviceDomain; - inherit (config.swarselsystems.syncthing) serviceIP; cfg = config.services.${serviceName}; devices = config.swarselsystems.syncthing.syncDevices; @@ -7635,7 +7745,7 @@ Also I install Tika and Gotenberg, which are needed to create PDFs out of =.eml= }; serviceIP = lib.mkOption { type = lib.types.str; - default = "192.168.1.2"; + default = "${serviceAddress}"; }; syncDevices = lib.mkOption { type = lib.types.listOf lib.types.str; @@ -7844,6 +7954,7 @@ This section exposes several metrics that I use to check the health of my server serviceGroup = serviceUser; serviceName = "grafana"; serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; + serviceAddress = globals.hosts.winters.ipv4; prometheusPort = 9090; prometheusUser = "prometheus"; @@ -8048,12 +8159,12 @@ This section exposes several metrics that I use to check the health of my server upstreams = { "${grafanaUpstream}" = { servers = { - "192.168.1.2:${builtins.toString servicePort}" = { }; + "${serviceAddress}:${builtins.toString servicePort}" = { }; }; }; "${prometheusUpstream}" = { servers = { - "192.168.1.2:${builtins.toString prometheusPort}" = { }; + "${serviceAddress}:${builtins.toString prometheusPort}" = { }; }; }; }; @@ -8092,11 +8203,12 @@ This section exposes several metrics that I use to check the health of my server This is a WIP Jenkins instance. It is used to automatically build a new system when pushes to the main repository are detected. I have turned this service off for now however, as I actually prefer to start my builds manually. #+begin_src nix-ts :tangle modules/nixos/server/jenkins.nix - { pkgs, lib, config, ... }: + { pkgs, lib, config, globals, ... }: let servicePort = 8088; serviceName = "jenkins"; serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; + serviceAddress = globals.hosts.winters.ipv4; in { options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; @@ -8115,7 +8227,7 @@ This is a WIP Jenkins instance. It is used to automatically build a new system w upstreams = { ${serviceName} = { servers = { - "192.168.1.2:${builtins.toString servicePort}" = { }; + "${serviceAddress}:${builtins.toString servicePort}" = { }; }; }; }; @@ -8184,13 +8296,14 @@ I am using this with CapyReader on my phone, set it up as a FreshRSS account wit FreshRSS claims to support HTTP header auth, but at least it does not work with my oauth2-proxy setup. Until this is fixed, I resorted to the "form" login, since I mostly do not use the web version anyways. #+begin_src nix-ts :tangle modules/nixos/server/freshrss.nix - { self, lib, config, ... }: + { self, lib, config, globals, ... }: let servicePort = 80; serviceName = "freshrss"; serviceUser = "freshrss"; serviceGroup = serviceName; serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; + serviceAddress = globals.hosts.winters.ipv4; inherit (config.swarselsystems) sopsFile; in @@ -8263,7 +8376,7 @@ FreshRSS claims to support HTTP header auth, but at least it does not work with upstreams = { ${serviceName} = { servers = { - "192.168.1.2:${builtins.toString servicePort}" = { }; + "${serviceAddress}:${builtins.toString servicePort}" = { }; }; }; }; @@ -8306,6 +8419,7 @@ FreshRSS claims to support HTTP header auth, but at least it does not work with serviceGroup = serviceUser; serviceName = "forgejo"; serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; + serviceAddress = globals.hosts.winters.ipv4; kanidmDomain = globals.services.kanidm.domain; in @@ -8431,7 +8545,7 @@ FreshRSS claims to support HTTP header auth, but at least it does not work with upstreams = { ${serviceName} = { servers = { - "192.168.1.2:${builtins.toString servicePort}" = { }; + "${serviceAddress}:${builtins.toString servicePort}" = { }; }; }; }; @@ -8469,6 +8583,7 @@ FreshRSS claims to support HTTP header auth, but at least it does not work with servicePort = 27701; serviceName = "ankisync"; serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; + serviceAddress = globals.hosts.winters.ipv4; ankiUser = globals.user.name; in @@ -8505,7 +8620,7 @@ FreshRSS claims to support HTTP header auth, but at least it does not work with upstreams = { ${serviceName} = { servers = { - "192.168.1.2:${builtins.toString servicePort}" = { }; + "${serviceAddress}:${builtins.toString servicePort}" = { }; }; }; }; @@ -8553,6 +8668,7 @@ To get other URLs (token, etc.), use https:///oauth2/openid//oauth2/openid//oauth2/openid//oauth2/openid//oauth2/openid//oauth2/openid//oauth2/openid//oauth2/openid//oauth2/openid//oauth2/openid//oauth2/openid//oauth2/openid/{}"; }; + "niri/window" = { + format = "{title} ({app_id})"; + }; + modules-right = config.swarselsystems.waybarModules; "custom/pseudobat" = lib.mkIf (!config.swarselsystems.isLaptop) { @@ -12948,7 +13053,7 @@ I am currently using SwayFX, which adds some nice effects to sway, like rounded Currently, I am too lazy to explain every option here, but most of it is very self-explaining in any case. #+begin_src nix-ts :tangle modules/home/common/sway.nix - { self, config, lib, vars, ... }: + { config, lib, vars, ... }: let eachOutput = _: monitor: { inherit (monitor) name; @@ -13151,22 +13256,14 @@ Currently, I am too lazy to explain every option here, but most of it is very se "${modifier}+r" = "mode resize"; # "${modifier}+Return" = "exec kitty"; "${modifier}+Return" = "exec swarselzellij"; - "${modifier}+Print" = "exec screenshare"; - # exec swaymsg move workspace to "$(swaymsg -t get_outputs | jq '[.[] | select(.active == true)] | .[(map(.focused) | index(true) + 1) % length].name')" - # "XF86AudioRaiseVolume" = "exec pa 5%"; - # "XF86AudioRaiseVolume" = "exec pamixer -i 5"; "XF86AudioRaiseVolume" = "exec swayosd-client --output-volume raise"; - # "XF86AudioLowerVolume" = "exec pactl set-sink-volume @DEFAULT_SINK@ -5%"; - # "XF86AudioLowerVolume" = "exec pamixer -d 5"; "XF86AudioLowerVolume" = "exec swayosd-client --output-volume lower"; - # "XF86AudioMute" = "exec pactl set-sink-mute @DEFAULT_SINK@ toggle"; - # "XF86AudioMute" = "exec pamixer -t"; "XF86AudioMute" = "exec swayosd-client --output-volume mute-toggle"; - # "XF86MonBrightnessUp" = "exec brightnessctl set +5%"; "XF86MonBrightnessUp" = "exec swayosd-client --brightness raise"; - # "XF86MonBrightnessDown" = "exec brightnessctl set 5%-"; "XF86MonBrightnessDown" = "exec swayosd-client --brightness lower"; "XF86Display" = "exec wl-mirror eDP-1"; + # "--no-repeat Super_L" = "exec killall -SIGUSR1 .waybar-wrapped"; + # "${modifier}+z" = "exec killall -SIGUSR1 .waybar-wrapped"; } config.swarselsystems.keybindings; modes = { @@ -13181,14 +13278,14 @@ Currently, I am too lazy to explain every option here, but most of it is very se }; }; defaultWorkspace = "workspace 1:一"; - output = { - "${config.swarselsystems.sharescreen}" = { - bg = "${self}/files/wallpaper/lenovowp.png ${config.stylix.imageScalingMode}"; - }; - "Philips Consumer Electronics Company PHL BDM3270 AU11806002320" = { - bg = "${self}/files/wallpaper/standwp.png ${config.stylix.imageScalingMode}"; - }; - }; + # output = { + # "${config.swarselsystems.sharescreen}" = { + # bg = "${self}/files/wallpaper/lenovowp.png ${config.stylix.imageScalingMode}"; + # }; + # "Philips Consumer Electronics Company PHL BDM3270 AU11806002320" = { + # bg = "${self}/files/wallpaper/standwp.png ${config.stylix.imageScalingMode}"; + # }; + # }; input = config.swarselsystems.standardinputs; workspaceOutputAssign = let @@ -13384,6 +13481,215 @@ Currently, I am too lazy to explain every option here, but most of it is very se } #+end_src +**** Niri + +#+begin_src nix-ts :tangle modules/home/common/niri.nix + { config, pkgs, lib, vars, ... }: + { + options.swarselmodules.niri = lib.mkEnableOption "niri settings"; + config = lib.mkIf config.swarselmodules.niri { + + programs.niri = { + package = pkgs.niri-unstable; # which package to use for niri validation + settings = { + xwayland-satellite = { + enable = true; + path = "${lib.getExe pkgs.xwayland-satellite-unstable}"; + }; + prefer-no-csd = true; + layer-rules = [ + { matches = [ { namespace = "^notifications$"; }]; block-out-from = "screencast";} + { matches = [ { namespace = "^wallpaper$"; }]; place-within-backdrop = true;} + ]; + window-rules = [ + { + matches = [{ app-id = ".*"; }]; + opacity = 0.95; + default-column-width = { proportion = 0.5; }; + shadow = { + enable = true; + draw-behind-window = true; + }; + geometry-corner-radius = { top-left = 2.0; top-right = 2.0; bottom-left = 2.0; bottom-right = 2.0; }; + } + { matches = [{ app-id = "at.yrlf.wl_mirror"; }]; opacity = 1.0; } + { matches = [{ app-id = "Gimp"; }]; opacity = 1.0; } + { matches = [{ app-id = "firefox"; }]; opacity = 0.99; } + { matches = [{ app-id = "^special.*"; }]; default-column-width = { proportion = 0.9; }; open-on-workspace = "Scratchpad"; } + { matches = [{ app-id = "chromium-browser"; }]; opacity = 0.99; } + { matches = [{ app-id = "^qalculate-gtk$"; }]; open-floating = true; } + { matches = [{ app-id = "^blueman$"; }]; open-floating = true; } + { matches = [{ app-id = "^pavucontrol$"; }]; open-floating = true; } + { matches = [{ app-id = "^syncthingtray$"; }]; open-floating = true; } + { matches = [{ app-id = "^Element$"; }]; open-floating = true; default-column-width = { proportion = 0.5; }; block-out-from = "screencast"; } + # { matches = [{ app-id = "^Element$"; }]; default-column-width = { proportion = 0.9; }; open-on-workspace = "Scratchpad"; block-out-from = "screencast"; } + { matches = [{ app-id = "^vesktop$"; }]; open-floating = true; default-column-width = { proportion = 0.5; }; block-out-from = "screencast"; } + # { matches = [{ app-id = "^vesktop$"; }]; default-column-width = { proportion = 0.9; }; open-on-workspace = "Scratchpad"; block-out-from = "screencast"; } + { matches = [{ app-id = "^com.nextcloud.desktopclient.nextcloud$"; }]; open-floating = true; } + { matches = [{ title = ".*1Password.*"; }]; excludes = [{ app-id = "^firefox$"; } { app-id = "^emacs$"; } { app-id = "^kitty$"; }]; open-floating = true; block-out-from = "screencast"; } + { matches = [{ title = "(?:Open|Save) (?:File|Folder|As)"; }]; open-floating = true; } + { matches = [{ title = "^Add$"; }]; open-floating = true; } + { matches = [{ title = "^Picture-in-Picture$"; }]; open-floating = true; } + { matches = [{ title = "Syncthing Tray"; }]; open-floating = true; } + { matches = [{ title = "^Emacs Popup Frame$"; }]; open-floating = true; } + { matches = [{ title = "^Emacs Popup Anchor$"; }]; open-floating = true; } + { matches = [{ app-id = "^spotifytui$"; }]; open-floating = true; default-column-width = { proportion = 0.5; }; } + { matches = [{ app-id = "^kittyterm$"; }]; open-floating = true; default-column-width = { proportion = 0.5; }; } + ]; + environment = { + DISPLAY = ":0"; + } // vars.waylandSessionVariables; + screenshot-path = "~/Pictures/Screenshots/screenshot_%Y-%m-%d-%H%M%S.png"; + input = { + mod-key = "Super"; + keyboard = { + xkb = { + layout = "us"; + variant = "altgr-intl"; + }; + }; + mouse = { + natural-scroll = false; + }; + touchpad = { + enable = true; + tap = true; + tap-button-map = "left-right-middle"; + natural-scroll = true; + scroll-method = "two-finger"; + click-method = "clickfinger"; + disabled-on-external-mouse = true; + drag = true; + drag-lock = false; + dwt = true; + dwtp = true; + }; + }; + cursor = { + hide-after-inactive-ms = 2000; + hide-when-typing = true; + }; + layout = { + background-color = "transparent"; + border = { + enable = true; + width = 1; + }; + focus-ring = { + enable = false; + }; + gaps = 5; + }; + binds = with config.lib.niri.actions; let + sh = spawn "sh" "-c"; + in + { + + # "Mod+Super_L" = spawn "killall -SIGUSR1 .waybar-wrapped"; + "Mod+z".action = spawn "killall -SIGUSR1 .waybar-wrapped"; + "Mod+Shift+t".action = toggle-window-rule-opacity; + # "Mod+Escape".action = "mode $exit"; + "Mod+m".action = focus-workspace-previous; + "Mod+Shift+Space".action = toggle-window-floating; + "Mod+Shift+f".action = toggle-windowed-fullscreen; + "Mod+q".action = close-window; + "Mod+f".action = spawn "firefox"; + "Mod+Space".action = spawn "fuzzel"; + "Mod+Shift+c".action = spawn "qalculate-gtk"; + "Mod+Ctrl+p".action = spawn "1password" "--quick-acces"; + "Mod+Shift+Escape".action = spawn "kitty" "-o" "confirm_os_window_close=0" "btm"; + "Mod+h".action = sh ''hyprpicker | wl-copy''; + # "Mod+s".action = spawn "grim" "-g" "\"$(slurp)\"" "-t" "png" "-" "|" "wl-copy" "-t" "image/png"; + "Mod+s".action = screenshot { show-pointer = false; }; + # "Mod+Shift+s".action = spawn "slurp" "|" "grim" "-g" "-" "Pictures/Screenshots/$(date +'screenshot_%Y-%m-%d-%H%M%S.png')"; + "Mod+Shift+s".action = screenshot-window { write-to-disk = true; }; + # "Mod+Shift+v".action = spawn "wf-recorder" "-g" "'$(slurp -f %o -or)'" "-f" "~/Videos/screenrecord_$(date +%Y-%m-%d-%H%M%S).mkv"; + + "Mod+e".action = sh "emacsclient -nquc -a emacs -e '(dashboard-open)'"; + "Mod+c".action = sh "emacsclient -ce '(org-capture)'"; + "Mod+t".action = sh "emacsclient -ce '(org-agenda)'"; + "Mod+Shift+m".action = sh "emacsclient -ce '(mu4e)'"; + "Mod+Shift+a".action = sh "emacsclient -ce '(swarsel/open-calendar)'"; + + "Mod+a".action = spawn "swarselcheck-niri" "-s"; + "Mod+x".action = spawn "swarselcheck-niri" "-k"; + "Mod+d".action = spawn "swarselcheck-niri" "-d"; + "Mod+w".action = spawn "swarselcheck-niri" "-e"; + + "Mod+p".action = spawn "pass-fuzzel"; + "Mod+o".action = spawn "pass-fuzzel" "--otp"; + "Mod+Shift+p".action = spawn "pass-fuzzel" "--type"; + "Mod+Shift+o".action = spawn "pass-fuzzel" "--otp" "--type"; + + "Mod+Left".action = focus-column-or-monitor-left; + "Mod+Right".action = focus-column-or-monitor-right; + "Mod+Down".action = focus-window-or-workspace-down; + "Mod+Up".action = focus-window-or-workspace-up; + "Mod+Shift+Left".action = move-column-left; + "Mod+Shift+Right".action = move-column-right; + "Mod+Shift+Down".action = move-window-down-or-to-workspace-down; + "Mod+Shift+Up".action = move-window-up-or-to-workspace-up; + # "Mod+Ctrl+Shift+c".action = "reload"; + # "Mod+Ctrl+Shift+r".action = "exec swarsel-displaypower"; + # "Mod+Shift+e".action = "exec swaynag -t warning -m 'You pressed the exit shortcut. Do you really want to exit sway? This will end your Wayland session.' -b 'Yes, exit sway' 'swaymsg exit'"; + # "Mod+r".action = "mode resize"; + # "Mod+Return".action = "exec kitty"; + "Mod+Return".action = spawn "swarselzellij"; + "XF86AudioRaiseVolume".action = spawn "swayosd-client" "--output-volume" "raise"; + "XF86AudioLowerVolume".action = spawn "swayosd-client" "--output-volume" "lower"; + "XF86AudioMute".action = spawn "swayosd-client" "--output-volume" "mute-toggle"; + "XF86MonBrightnessUp".action = spawn "swayosd-client" "--brightness raise"; + "XF86MonBrightnessDown".action = spawn "swayosd-client" "--brightness lower"; + "XF86Display".action = spawn "wl-mirror" "eDP-1"; + "Mod+Escape".action = spawn "wlogout"; + "Mod+Equal".action = set-column-width "+10%"; + "Mod+Minus".action = set-column-width "-10%"; + + "Mod+1".action = focus-workspace 1; + "Mod+2".action = focus-workspace 2; + "Mod+3".action = focus-workspace 3; + "Mod+4".action = focus-workspace 4; + "Mod+5".action = focus-workspace 5; + "Mod+6".action = focus-workspace 6; + "Mod+7".action = focus-workspace 7; + "Mod+8".action = focus-workspace 8; + "Mod+9".action = focus-workspace 9; + "Mod+0".action = focus-workspace 0; + + "Mod+Shift+1".action = move-column-to-index 1; + "Mod+Shift+2".action = move-column-to-index 2; + "Mod+Shift+3".action = move-column-to-index 3; + "Mod+Shift+4".action = move-column-to-index 4; + "Mod+Shift+5".action = move-column-to-index 5; + "Mod+Shift+6".action = move-column-to-index 6; + "Mod+Shift+7".action = move-column-to-index 7; + "Mod+Shift+8".action = move-column-to-index 8; + "Mod+Shift+9".action = move-column-to-index 9; + "Mod+Shift+0".action = move-column-to-index 0; + }; + spawn-at-startup = [ + { command = [ "vesktop" "--start-minimized" "--enable-speech-dispatcher" "--ozone-platform-hint=auto" "--enable-features=WaylandWindowDecorations" "--enable-wayland-ime" ]; } + { command = [ "element-desktop" "--hidden" "--enable-features=UseOzonePlatform" "--ozone-platform=wayland" "--disable-gpu-driver-bug-workarounds" ]; } + { command = [ "anki" ]; } + { command = [ "obsidian" ]; } + { command = [ "nm-applet" ]; } + { command = [ "niri" "msg" "action" "focus-workspace" "2" ]; } + ]; + workspaces = { + # "01-Main" = { + # name = "Scratchpad"; + # }; + "99-Scratchpad" = { + name = ""; + }; + }; + }; + }; + + }; + } +#+end_src + **** Kanshi :PROPERTIES: :CUSTOM_ID: h:eb94df98-2bcd-4555-9f88-e252f93b924f @@ -13391,19 +13697,19 @@ Currently, I am too lazy to explain every option here, but most of it is very se #+begin_src nix-ts :tangle modules/home/common/kanshi.nix - { lib, config, ... }: + { self, lib, pkgs, config, ... }: { options.swarselmodules.kanshi = lib.mkEnableOption "kanshi settings"; config = lib.mkIf config.swarselmodules.kanshi { swarselsystems = { monitors = { - homedesktop = { + homedesktop = rec { name = "Philips Consumer Electronics Company PHL BDM3270 AU11806002320"; mode = "2560x1440"; scale = "1"; position = "0,0"; - workspace = "1:一"; - output = "DP-11"; + workspace = "11:M"; + output = name; }; }; }; @@ -13429,6 +13735,7 @@ Currently, I am too lazy to explain every option here, but most of it is very se { profile = { name = "lidopen"; + exec = [ "${pkgs.swaybg}/bin/swaybg --output '${config.swarselsystems.sharescreen}' --image ${config.swarselsystems.wallpaper} --mode ${config.stylix.imageScalingMode}" ]; outputs = [ { criteria = "eDP-2"; @@ -13439,41 +13746,51 @@ Currently, I am too lazy to explain every option here, but most of it is very se }; } { - profile = { - name = "lidopen"; - outputs = [ - { - criteria = config.swarselsystems.sharescreen; - status = "enable"; - scale = 1.7; - position = "2560,0"; - } - { - criteria = "Philips Consumer Electronics Company PHL BDM3270 AU11806002320"; - scale = 1.0; - mode = "2560x1440"; - position = "0,0"; - } - ]; - }; + profile = + let + monitor = "Philips Consumer Electronics Company PHL BDM3270 AU11806002320"; + in + { + name = "lidopen"; + exec = [ "${pkgs.swaybg}/bin/swaybg --output '${monitor}' --image ${self}/files/wallpaper/standwp.png --mode ${config.stylix.imageScalingMode}" ]; + outputs = [ + { + criteria = config.swarselsystems.sharescreen; + status = "enable"; + scale = 1.7; + position = "2560,0"; + } + { + criteria = monitor; + scale = 1.0; + mode = "2560x1440"; + position = "0,0"; + } + ]; + }; } { - profile = { - name = "lidclosed"; - outputs = [ - { - criteria = config.swarselsystems.sharescreen; - status = "disable"; - position = "2560,0"; - } - { - criteria = "Philips Consumer Electronics Company PHL BDM3270 AU11806002320"; - scale = 1.0; - mode = "2560x1440"; - position = "0,0"; - } - ]; - }; + profile = + let + monitor = "Philips Consumer Electronics Company PHL BDM3270 AU11806002320"; + in + { + name = "lidclosed"; + exec = [ "${pkgs.swaybg}/bin/swaybg --output '${monitor}' --image ${self}/files/wallpaper/standwp.png --mode ${config.stylix.imageScalingMode}"] ; + outputs = [ + { + criteria = config.swarselsystems.sharescreen; + status = "disable"; + position = "2560,0"; + } + { + criteria = monitor; + scale = 1.0; + mode = "2560x1440"; + position = "0,0"; + } + ]; + }; } ]; }; @@ -13498,11 +13815,14 @@ Settinfs that are needed for the gpg-agent. Also we are enabling emacs support f config = lib.mkIf config.swarselmodules.gpgagent { services.gpg-agent = { enable = true; + verbose = true; enableZshIntegration = true; enableScDaemon = true; enableSshSupport = true; enableExtraSocket = true; - pinentry.package = pkgs.pinentry.gtk2; + pinentry.package = pkgs.wayprompt; + pinentry.program = "pinentry-wayprompt"; + # pinentry.package = pkgs.pinentry.gtk2; defaultCacheTtl = 600; maxCacheTtl = 7200; extraConfig = '' @@ -13801,9 +14121,8 @@ The rest of the settings is at [[#h:bbf2ecb6-c8ff-4462-b5d5-d45b28604ddf][work]] }; }; msmtp = { - enable = false; + enable = true; extraConfig = { - account = "work"; auth = "xoauth2"; host = "outlook.office365.com"; protocol = "smtp"; @@ -13815,10 +14134,11 @@ The rest of the settings is at [[#h:bbf2ecb6-c8ff-4462-b5d5-d45b28604ddf][work]] passwordeval = "pizauth show work"; }; }; - mu.enable = false; + mu.enable = true; mbsync = { - enable = false; + enable = true; expunge = "both"; + patterns = [ "INBOX" ]; extraConfig = { account = { AuthMechs = "XOAUTH2"; @@ -13827,19 +14147,19 @@ The rest of the settings is at [[#h:bbf2ecb6-c8ff-4462-b5d5-d45b28604ddf][work]] }; }; - wayland.windowManager.sway.config = { - output = { - "Applied Creative Technology Transmitter QUATTRO201811" = { - bg = "${self}/files/wallpaper/navidrome.png ${config.stylix.imageScalingMode}"; - }; - "Hewlett Packard HP Z24i CN44250RDT" = { - bg = "${self}/files/wallpaper/op6wp.png ${config.stylix.imageScalingMode}"; - }; - "HP Inc. HP 732pk CNC4080YL5" = { - bg = "${self}/files/wallpaper/botanicswp.png ${config.stylix.imageScalingMode}"; - }; - }; - }; + # wayland.windowManager.sway.config = { + # output = { + # "Applied Creative Technology Transmitter QUATTRO201811" = { + # bg = "${self}/files/wallpaper/navidrome.png ${config.stylix.imageScalingMode}"; + # }; + # "Hewlett Packard HP Z24i CN44250RDT" = { + # bg = "${self}/files/wallpaper/op6wp.png ${config.stylix.imageScalingMode}"; + # }; + # "HP Inc. HP 732pk CNC4080YL5" = { + # bg = "${self}/files/wallpaper/botanicswp.png ${config.stylix.imageScalingMode}"; + # }; + # }; + # }; stylix = { targets.firefox.profileNames = @@ -14020,6 +14340,10 @@ The rest of the settings is at [[#h:bbf2ecb6-c8ff-4462-b5d5-d45b28604ddf][work]] { profile = { name = "lidopen"; + exec = [ + "${pkgs.swaybg}/bin/swaybg --output 'HP Inc. HP 732pk CNC4080YL5' --image ${self}/files/wallpaper/botanicswp.png --mode ${config.stylix.imageScalingMode}" + "${pkgs.swaybg}/bin/swaybg --output 'Hewlett Packard HP Z24i CN44250RDT' --image ${self}/files/wallpaper/op6wp.png --mode ${config.stylix.imageScalingMode}" + ]; outputs = [ { criteria = config.swarselsystems.sharescreen; @@ -14044,8 +14368,14 @@ The rest of the settings is at [[#h:bbf2ecb6-c8ff-4462-b5d5-d45b28604ddf][work]] }; } { - profile = { + profile = let + monitor = "Applied Creative Technology Transmitter QUATTRO201811"; + in { name = "lidopen"; + exec = [ + "${pkgs.swaybg}/bin/swaybg --output '${monitor}' --image ${self}/files/wallpaper/navidrome.png --mode ${config.stylix.imageScalingMode}" + "${pkgs.kanshare}/bin/kanshare ${config.swarselsystems.sharescreen} '${monitor}'" + ]; outputs = [ { criteria = config.swarselsystems.sharescreen; @@ -14065,6 +14395,10 @@ The rest of the settings is at [[#h:bbf2ecb6-c8ff-4462-b5d5-d45b28604ddf][work]] { profile = { name = "lidclosed"; + exec = [ + "${pkgs.swaybg}/bin/swaybg --output 'HP Inc. HP 732pk CNC4080YL5' --image ${self}/files/wallpaper/botanicswp.png --mode ${config.stylix.imageScalingMode}" + "${pkgs.swaybg}/bin/swaybg --output 'Hewlett Packard HP Z24i CN44250RDT' --image ${self}/files/wallpaper/op6wp.png --mode ${config.stylix.imageScalingMode}" + ]; outputs = [ { criteria = config.swarselsystems.sharescreen; @@ -14087,8 +14421,13 @@ The rest of the settings is at [[#h:bbf2ecb6-c8ff-4462-b5d5-d45b28604ddf][work]] }; } { - profile = { + profile = let + monitor = "Applied Creative Technology Transmitter QUATTRO201811"; + in { name = "lidclosed"; + exec = [ + "${pkgs.swaybg}/bin/swaybg --output '${monitor}' --image ${self}/files/wallpaper/navidrome.png --mode ${config.stylix.imageScalingMode}" + ]; outputs = [ { criteria = config.swarselsystems.sharescreen; @@ -14107,8 +14446,20 @@ The rest of the settings is at [[#h:bbf2ecb6-c8ff-4462-b5d5-d45b28604ddf][work]] }; }; + systemd.user.services.pizauth.Service = { + ExecStartPost= [ + "${pkgs.toybox}/bin/sleep 1" + "//bin/sh -c '${lib.getExe pkgs.pizauth} restore < ${homeDir}/.pizauth.state'" + ]; + }; + swarselservices.pizauth = { enable = true; + extraConfig = '' + auth_notify_cmd = "if [[ \"$(notify-send -A \"Open $PIZAUTH_ACCOUNT\" -t 30000 'pizauth authorisation')\" == \"0\" ]]; then open \"$PIZAUTH_URL\"; fi"; + error_notify_cmd = "notify-send -t 90000 \"pizauth error for $PIZAUTH_ACCOUNT\" \"$PIZAUTH_MSG\""; + token_event_cmd = "pizauth dump > ${homeDir}/.pizauth.state"; + ''; accounts = { work = { authUri = "https://login.microsoftonline.com/common/oauth2/v2.0/authorize"; @@ -14186,70 +14537,60 @@ The rest of the settings is at [[#h:bbf2ecb6-c8ff-4462-b5d5-d45b28604ddf][work]] { command = "1password"; } ]; monitors = { - main = { - name = "BOE 0x0BC9 Unknown"; - mode = "2560x1600"; # TEMPLATE - scale = "1"; - position = "2560,0"; - workspace = "15:L"; - output = "eDP-2"; - }; - homedesktop = { - name = "Philips Consumer Electronics Company PHL BDM3270 AU11806002320"; - mode = "2560x1440"; - scale = "1"; - position = "0,0"; - workspace = "1:一"; - output = "DP-11"; - }; - work_back_middle = { + work_back_middle = rec { name = "LG Electronics LG Ultra HD 0x000305A6"; mode = "2560x1440"; scale = "1"; position = "5120,0"; workspace = "1:一"; - output = "DP-10"; + # output = "DP-10"; + output = name; }; - work_front_left = { + work_front_left = rec { name = "LG Electronics LG Ultra HD 0x0007AB45"; mode = "3840x2160"; scale = "1"; position = "5120,0"; workspace = "1:一"; - output = "DP-7"; + # output = "DP-7"; + output = name; }; - work_back_right = { + work_back_right = rec { name = "HP Inc. HP Z32 CN41212T55"; mode = "3840x2160"; scale = "1"; position = "5120,0"; workspace = "1:一"; - output = "DP-3"; + # output = "DP-3"; + output = name; }; - work_middle_middle_main = { + work_middle_middle_main = rec { name = "HP Inc. HP 732pk CNC4080YL5"; mode = "3840x2160"; scale = "1"; position = "-1280,0"; workspace = "11:M"; - output = "DP-8"; + # output = "DP-8"; + output = name; }; - work_middle_middle_side = { + work_middle_middle_side = rec { name = "Hewlett Packard HP Z24i CN44250RDT"; mode = "1920x1200"; transform = "270"; scale = "1"; position = "-2480,0"; workspace = "12:S"; - output = "DP-9"; + # output = "DP-9"; + output = name; }; - work_seminary = { + work_seminary = rec { name = "Applied Creative Technology Transmitter QUATTRO201811"; mode = "1280x720"; scale = "1"; position = "10000,10000"; # i.e. this screen is inaccessible by moving the mouse workspace = "14:T"; - output = "DP-4"; + # output = "DP-4"; + output = name; }; }; inputs = { @@ -14273,9 +14614,6 @@ The rest of the settings is at [[#h:bbf2ecb6-c8ff-4462-b5d5-d45b28604ddf][work]] xkb_variant = "altgr-intl"; }; }; - keybindings = { - "Mod4+Ctrl+Shift+p" = "exec screenshare"; - }; }; }; @@ -14983,7 +15321,7 @@ The normal =command-not-found.sh= uses the outdated =nix-shell= commands as sugg fi echo -n "searching nix-index..." - ATTRS=$(@nix-locate@ --minimal --no-group --type x --type s --top-level --whole-name --at-root "/bin/$1") + ATTRS=$(@nix-locate@ --minimal --no-group --type x --type s --whole-name --at-root "/bin/$1") case $(echo -n "$ATTRS" | grep -c "^") in 0) @@ -15092,6 +15430,57 @@ This app checks for different apps that I keep around in the scratchpad for quic #+end_src +*** swarselcheck-niri + +#+begin_src shell :tangle files/scripts/swarselcheck-niri.sh + while :; do + case ${1:-} in + -k | --kitty) + cmd=(sh -c 'kitty --app-id kittyterm -o confirm_os_window_close=0 zellij attach --create kittyterm' '&') + searchapp="kittyterm" + ;; + -e | --element) + cmd=(element-desktop) + searchapp="Element" + ;; + -d | --vesktop) + cmd=(vesktop) + searchapp="vesktop" + ;; + -s | --spotifyplayer) + cmd=(sh -c 'kitty --add-id spotifytui -o confirm_os_window_close=0 spotify_player' '&') + searchapp="spotifytui" + ;; + ,*) break ;; + esac + shift + done + + WIN_INFO=$(niri msg -j windows | jq --arg search "$searchapp" '.[] | select (.app_id | test($search)) | { id, is_focused, workspace_id }') + ID=$(echo "$WIN_INFO" | jq -r '.id // empty') + IS_FOCUSED=$(echo "$WIN_INFO" | jq -r '.is_focused // empty') + TARGET_MONITOR=$(niri msg -j workspaces | jq --arg search "" '.[] | select (.name != null and (.name | test($search))) | { output }' | jq -r '.output // empty') + CURRENT_WORKSPACE=$(niri msg -j workspaces | jq -r '.[] | select (.is_active == true) | .output // empty') + + if [ -z "$ID" ]; then + niri msg action spawn -- "${cmd[@]}" + elif [ "$IS_FOCUSED" ]; then + niri msg action move-window-to-workspace "" --window-id "$ID" --focus false + else + niri msg action focus-monitor "$TARGET_MONITOR" && niri msg action move-window-to-workspace "$CURRENT_WORKSPACE" --window-id "$ID" && niri msg action focus-floating + fi +#+end_src + +#+begin_src nix-ts :tangle pkgs/swarselcheck-niri/default.nix + { self, name, writeShellApplication, kitty, element-desktop, vesktop, spotify-player, jq }: + writeShellApplication { + inherit name; + runtimeInputs = [ kitty element-desktop vesktop spotify-player jq ]; + text = builtins.readFile "${self}/files/scripts/${name}.sh"; + } + +#+end_src + *** swarselzellij :PROPERTIES: :CUSTOM_ID: h:564c102c-e335-4f17-a613-c5a436bb4864 @@ -15248,66 +15637,21 @@ This utility checks if there are updated packages in nixpkgs-unstable. It does s } #+end_src -*** fullscreen -:PROPERTIES: -:CUSTOM_ID: h:9d49531a-1d9b-4600-b200-18befb5e0f3a -:END: +*** kanshare -This application moves the wl-mirror app to the T workspace and makes it fullscreen there. - -#+begin_src nix-ts :tangle pkgs/fullscreen/default.nix - { name, writeShellApplication, sway, ... }: - - writeShellApplication { - inherit name; - runtimeInputs = [ sway ]; - text = '' - swaymsg '[app_id=at.yrlf.wl_mirror] move to workspace 14:T' - swaymsg '[app_id=at.yrlf.wl_mirror] fullscreen' - ''; - } -#+end_src -*** screenshare -:PROPERTIES: -:CUSTOM_ID: h:960e539c-2a5a-4e21-b3d4-bcdfc8be8fda -:END: +This utility checks if there are updated packages in nixpkgs-unstable. It does so by fully building the most recent configuration, which I do not love, but it has its merits once I am willing to switch to the newer version. -#+begin_src shell :tangle files/scripts/screenshare.sh +#+begin_src nix-ts :tangle pkgs/kanshare/default.nix + { name, writeShellApplication, wlr-randr, busybox, wl-mirror, ... }: - headless="false" - while [[ $# -gt 0 ]]; do - case "$1" in - -h) - headless="true" - ;; - ,*) - echo "Invalid option detected." - ;; - esac - shift - done - - SHARESCREEN="$(nix eval --raw ~/.dotfiles#nixosConfigurations."$(hostname)".config.home-manager.users."$(whoami)".swarselsystems.sharescreen)" - - if [[ $headless == "true" ]]; then - wl-mirror "$SHARESCREEN" - else - wl-mirror "$SHARESCREEN" & - sleep 0.1 - swaymsg '[app_id=at.yrlf.wl_mirror] move to workspace 14:T' - swaymsg '[app_id=at.yrlf.wl_mirror] fullscreen' - fi -#+end_src - - -#+begin_src nix-ts :tangle pkgs/screenshare/default.nix - { self, name, writeShellApplication, sway }: - writeShellApplication { - inherit name; - runtimeInputs = [ sway ]; - text = builtins.readFile "${self}/files/scripts/${name}.sh"; - } + writeShellApplication { + inherit name; + runtimeInputs = [ wlr-randr busybox wl-mirror]; + text = '' + wlr-randr | grep "$2" | cut -d" " -f1 | xargs -I{} wl-present mirror "$1" --fullscreen-output {} + ''; + } #+end_src *** swarsel-bootstrap @@ -16614,6 +16958,7 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a networkDevices = lib.mkDefault true; gvfs = lib.mkDefault true; interceptionTools = lib.mkDefault true; + # keyd = lib.mkDefault true; swayosd = lib.mkDefault true; ppd = lib.mkDefault true; yubikey = lib.mkDefault true; @@ -16626,6 +16971,7 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a gnome-keyring = lib.mkDefault true; uwsm = lib.mkDefault true; sway = lib.mkDefault true; + niri = lib.mkDefault true; xdg-portal = lib.mkDefault true; distrobox = lib.mkDefault true; appimage = lib.mkDefault true; @@ -17214,6 +17560,7 @@ This holds modules that are to be used on most hosts. These are also the most im swayosd = lib.mkDefault true; yubikeytouch = lib.mkDefault true; sway = lib.mkDefault true; + niri = lib.mkDefault true; kanshi = lib.mkDefault true; gpgagent = lib.mkDefault true; gammastep = lib.mkDefault true; @@ -20470,6 +20817,7 @@ The hook functions are defined here: [[#h:34506761-06b9-43b5-a818-506d9b3faf28][ '((:maildir "/leon/Inbox" :key ?1) (:maildir "/nautilus/Inbox" :key ?2) (:maildir "/mrswarsel/Inbox" :key ?3) + (:maildir "/work/Inbox" :key ?4) (:maildir "/Sent Mail" :key ?s) (:maildir "/Trash" :key ?t) (:maildir "/Drafts" :key ?d) @@ -20513,7 +20861,6 @@ This adds the simple utility of sending desktop notifications whenever a new mai This provides a beautiful calender to emacs. -Yes, I am aware that I am exposing my university-calendar to the public here. I can imagine worse things ;) if you however know how to obscure this, let me know! #+begin_src emacs-lisp @@ -22243,42 +22590,60 @@ before-sleep 'swaylock -f --screenshots --clock --effect-blur 7x5 --effect-vigne :CUSTOM_ID: h:2e9b84d7-cb18-4e74-83f8-65ada11a8911 :END: -#+begin_src css :tangle files/stylix/swarsel.yaml :mkdirp yes -# scheme: "better-contrast" -author: "Swarsel" -base00: "1D252C" # #1d252c passt -base01: "171D23" # #171d23 -base02: "5EC4FF" # #5EC4FF -base03: "566C7D" # #566C7D passt -base04: "5EC4FF" # #5EC4FF passt -base05: "A0B3C5" # #A0B3C5 passt -base06: "C06ECE" # #C06ECE passt -base07: "A0B3C5" # #A0B3C5 passt -base08: "D95468" # #D95468 passt -base09: "FFA880" # #ffA880 passt -base0A: "5EC4FF" # #5EC4FF -base0B: "8BD49C" # #8BD49C -base0C: "008B94" # #008B94 passt -base0D: "5EC4FF" # #5EC4FF passt -base0E: "C06ECE" # #C06ECE passt -base0F: "5EC4FF" # #5EC4FF passt +#+begin_src bash :tangle files/stylix/swarsel.yaml :mkdirp yes + # scheme: "better-contrast" + author: "Swarsel" + author: "Swarsel" + base00: "1d252c" #1d252c" + base01: "171d23" #171d23" + base02: "206a86" #206a86" + base03: "003a66" #003a66" + base04: "5ec4ff" #5ec4ff" + base05: "a0b3c5" #a0b3c5" + base06: "7ed4ff" #7ed4ff" + base07: "8ef4ff" #8ef4ff" + base08: "d95468" #d95468" + base09: "ffa880" #ffa880" + base0A: "6ed4ff" #6ed4ff" + base0B: "8bd49c" #8bd49c" + base0C: "008b94" #008b94" + base0D: "5ec4ff" #5ec4ff" + base0E: "c06ece" #c06ece" + base0F: "3c0044" #3c0044" -# base00 - Default Background -# base01 - Lighter Background (Used for status bars) -# base02 - Selection Background -# base03 - Comments, Invisibles, Line Highlighting -# base04 - Dark Foreground (Used for status bars) -# base05 - Default Foreground, Caret, Delimiters, Operators -# base06 - Light Foreground (Not often used) -# base07 - Light Background (Not often used) -# base08 - Variables, XML Tags, Markup Link Text, Markup Lists, Diff Deleted -# base09 - Integers, Boolean, Constants, XML Attributes, Markup Link Url -# base0A - Classes, Markup Bold, Search Text Background -# base0B - Strings, Inherited Class, Markup Code, Diff Inserted -# base0C - Support, Regular Expressions, Escape Characters, Markup Quotes -# base0D - Functions, Methods, Attribute IDs, Headings -# base0E - Keywords, Storage, Selector, Markup Italic, Diff Changed -# base0F - Deprecated, Opening/Closing Embedded Language Tags, e.g. + # base00: "1D252C" # #1d252c passt + # base01: "171D23" # #171d23 + # base02: "5EC4FF" # #5EC4FF + # base03: "566C7D" # #566C7D passt + # base04: "5EC4FF" # #5EC4FF passt + # base05: "A0B3C5" # #A0B3C5 passt + # base06: "C06ECE" # #C06ECE passt + # base07: "A0B3C5" # #A0B3C5 passt + # base08: "D95468" # #D95468 passt + # base09: "FFA880" # #ffA880 passt + # base0A: "5EC4FF" # #5EC4FF + # base0B: "8BD49C" # #8BD49C + # base0C: "008B94" # #008B94 passt + # base0D: "5EC4FF" # #5EC4FF passt + # base0E: "C06ECE" # #C06ECE passt + # base0F: "5EC4FF" # #5EC4FF passt + + # base00 - Default Background + # base01 - Lighter Background (Used for status bars) + # base02 - Selection Background + # base03 - Comments, Invisibles, Line Highlighting + # base04 - Dark Foreground (Used for status bars) + # base05 - Default Foreground, Caret, Delimiters, Operators + # base06 - Light Foreground (Not often used) + # base07 - Light Background (Not often used) + # base08 - Variables, XML Tags, Markup Link Text, Markup Lists, Diff Deleted + # base09 - Integers, Boolean, Constants, XML Attributes, Markup Link Url + # base0A - Classes, Markup Bold, Search Text Background + # base0B - Strings, Inherited Class, Markup Code, Diff Inserted + # base0C - Support, Regular Expressions, Escape Characters, Markup Quotes + # base0D - Functions, Methods, Attribute IDs, Headings + # base0E - Keywords, Storage, Selector, Markup Italic, Diff Changed + # base0F - Deprecated, Opening/Closing Embedded Language Tags, e.g. #+end_src ** .gitmessage :PROPERTIES: diff --git a/files/emacs/init.el b/files/emacs/init.el index 05a8905..7f8999a 100644 --- a/files/emacs/init.el +++ b/files/emacs/init.el @@ -1579,6 +1579,7 @@ create a new one." '((:maildir "/leon/Inbox" :key ?1) (:maildir "/nautilus/Inbox" :key ?2) (:maildir "/mrswarsel/Inbox" :key ?3) + (:maildir "/work/Inbox" :key ?4) (:maildir "/Sent Mail" :key ?s) (:maildir "/Trash" :key ?t) (:maildir "/Drafts" :key ?d) diff --git a/files/scripts/command-not-found.sh b/files/scripts/command-not-found.sh index 4cd0b87..c81cb7a 100644 --- a/files/scripts/command-not-found.sh +++ b/files/scripts/command-not-found.sh @@ -6,7 +6,7 @@ command_not_found_handle() { fi echo -n "searching nix-index..." - ATTRS=$(@nix-locate@ --minimal --no-group --type x --type s --top-level --whole-name --at-root "/bin/$1") + ATTRS=$(@nix-locate@ --minimal --no-group --type x --type s --whole-name --at-root "/bin/$1") case $(echo -n "$ATTRS" | grep -c "^") in 0) diff --git a/files/scripts/screenshare.sh b/files/scripts/screenshare.sh deleted file mode 100644 index e4d4f5f..0000000 --- a/files/scripts/screenshare.sh +++ /dev/null @@ -1,23 +0,0 @@ -headless="false" -while [[ $# -gt 0 ]]; do - case "$1" in - -h) - headless="true" - ;; - *) - echo "Invalid option detected." - ;; - esac - shift -done - -SHARESCREEN="$(nix eval --raw ~/.dotfiles#nixosConfigurations."$(hostname)".config.home-manager.users."$(whoami)".swarselsystems.sharescreen)" - -if [[ $headless == "true" ]]; then - wl-mirror "$SHARESCREEN" -else - wl-mirror "$SHARESCREEN" & - sleep 0.1 - swaymsg '[app_id=at.yrlf.wl_mirror] move to workspace 14:T' - swaymsg '[app_id=at.yrlf.wl_mirror] fullscreen' -fi diff --git a/files/scripts/swarselcheck-niri.sh b/files/scripts/swarselcheck-niri.sh new file mode 100644 index 0000000..f0b2143 --- /dev/null +++ b/files/scripts/swarselcheck-niri.sh @@ -0,0 +1,36 @@ +while :; do + case ${1:-} in + -k | --kitty) + cmd=(sh -c 'kitty --app-id kittyterm -o confirm_os_window_close=0 zellij attach --create kittyterm' '&') + searchapp="kittyterm" + ;; + -e | --element) + cmd=(element-desktop) + searchapp="Element" + ;; + -d | --vesktop) + cmd=(vesktop) + searchapp="vesktop" + ;; + -s | --spotifyplayer) + cmd=(sh -c 'kitty --add-id spotifytui -o confirm_os_window_close=0 spotify_player' '&') + searchapp="spotifytui" + ;; + *) break ;; + esac + shift +done + +WIN_INFO=$(niri msg -j windows | jq --arg search "$searchapp" '.[] | select (.app_id | test($search)) | { id, is_focused, workspace_id }') +ID=$(echo "$WIN_INFO" | jq -r '.id // empty') +IS_FOCUSED=$(echo "$WIN_INFO" | jq -r '.is_focused // empty') +TARGET_MONITOR=$(niri msg -j workspaces | jq --arg search "" '.[] | select (.name != null and (.name | test($search))) | { output }' | jq -r '.output // empty') +CURRENT_WORKSPACE=$(niri msg -j workspaces | jq -r '.[] | select (.is_active == true) | .output // empty') + +if [ -z "$ID" ]; then + niri msg action spawn -- "${cmd[@]}" +elif [ "$IS_FOCUSED" ]; then + niri msg action move-window-to-workspace "" --window-id "$ID" --focus false +else + niri msg action focus-monitor "$TARGET_MONITOR" && niri msg action move-window-to-workspace "$CURRENT_WORKSPACE" --window-id "$ID" && niri msg action focus-floating +fi diff --git a/files/stylix/swarsel.yaml b/files/stylix/swarsel.yaml index 772524b..155b93e 100644 --- a/files/stylix/swarsel.yaml +++ b/files/stylix/swarsel.yaml @@ -1,21 +1,39 @@ # scheme: "better-contrast" author: "Swarsel" -base00: "1D252C" # #1d252c passt -base01: "171D23" # #171d23 -base02: "5EC4FF" # #5EC4FF -base03: "566C7D" # #566C7D passt -base04: "5EC4FF" # #5EC4FF passt -base05: "A0B3C5" # #A0B3C5 passt -base06: "C06ECE" # #C06ECE passt -base07: "A0B3C5" # #A0B3C5 passt -base08: "D95468" # #D95468 passt -base09: "FFA880" # #ffA880 passt -base0A: "5EC4FF" # #5EC4FF -base0B: "8BD49C" # #8BD49C -base0C: "008B94" # #008B94 passt -base0D: "5EC4FF" # #5EC4FF passt -base0E: "C06ECE" # #C06ECE passt -base0F: "5EC4FF" # #5EC4FF passt +author: "Swarsel" +base00: "1d252c" #1d252c" +base01: "171d23" #171d23" +base02: "206a86" #206a86" +base03: "003a66" #003a66" +base04: "5ec4ff" #5ec4ff" +base05: "a0b3c5" #a0b3c5" +base06: "7ed4ff" #7ed4ff" +base07: "8ef4ff" #8ef4ff" +base08: "d95468" #d95468" +base09: "ffa880" #ffa880" +base0A: "6ed4ff" #6ed4ff" +base0B: "8bd49c" #8bd49c" +base0C: "008b94" #008b94" +base0D: "5ec4ff" #5ec4ff" +base0E: "c06ece" #c06ece" +base0F: "3c0044" #3c0044" + +# base00: "1D252C" # #1d252c passt +# base01: "171D23" # #171d23 +# base02: "5EC4FF" # #5EC4FF +# base03: "566C7D" # #566C7D passt +# base04: "5EC4FF" # #5EC4FF passt +# base05: "A0B3C5" # #A0B3C5 passt +# base06: "C06ECE" # #C06ECE passt +# base07: "A0B3C5" # #A0B3C5 passt +# base08: "D95468" # #D95468 passt +# base09: "FFA880" # #ffA880 passt +# base0A: "5EC4FF" # #5EC4FF +# base0B: "8BD49C" # #8BD49C +# base0C: "008B94" # #008B94 passt +# base0D: "5EC4FF" # #5EC4FF passt +# base0E: "C06ECE" # #C06ECE passt +# base0F: "5EC4FF" # #5EC4FF passt # base00 - Default Background # base01 - Lighter Background (Used for status bars) diff --git a/flake.lock b/flake.lock index 394265e..7275056 100644 --- a/flake.lock +++ b/flake.lock @@ -510,7 +510,7 @@ "swarsel", "nixpkgs" ], - "nixpkgs-stable": "nixpkgs-stable_3" + "nixpkgs-stable": "nixpkgs-stable_4" }, "locked": { "lastModified": 1751908357, @@ -533,7 +533,7 @@ "swarsel", "nixpkgs" ], - "nixpkgs-stable": "nixpkgs-stable_5" + "nixpkgs-stable": "nixpkgs-stable_6" }, "locked": { "lastModified": 1751908357, @@ -1887,6 +1887,64 @@ "type": "github" } }, + "niri-flake": { + "inputs": { + "niri-stable": "niri-stable", + "niri-unstable": "niri-unstable", + "nixpkgs": [ + "nixpkgs" + ], + "nixpkgs-stable": "nixpkgs-stable_2", + "xwayland-satellite-stable": "xwayland-satellite-stable", + "xwayland-satellite-unstable": "xwayland-satellite-unstable" + }, + "locked": { + "lastModified": 1754797984, + "narHash": "sha256-t2WFkdB2qUyZt5rdqmJ340kqhvQWWOCJBJIc1nQ/Hg4=", + "owner": "sodiboo", + "repo": "niri-flake", + "rev": "647a310f1eaa59abec8aa215ff69d8979195425e", + "type": "github" + }, + "original": { + "owner": "sodiboo", + "repo": "niri-flake", + "type": "github" + } + }, + "niri-stable": { + "flake": false, + "locked": { + "lastModified": 1748151941, + "narHash": "sha256-z4viQZLgC2bIJ3VrzQnR+q2F3gAOEQpU1H5xHtX/2fs=", + "owner": "YaLTeR", + "repo": "niri", + "rev": "8ba57fcf25d2fc9565131684a839d58703f1dae7", + "type": "github" + }, + "original": { + "owner": "YaLTeR", + "ref": "v25.05.1", + "repo": "niri", + "type": "github" + } + }, + "niri-unstable": { + "flake": false, + "locked": { + "lastModified": 1754742008, + "narHash": "sha256-Tp0FG7VpLudVEC622d91z2hbdfPLCXxw0Nv43iNN4O0=", + "owner": "YaLTeR", + "repo": "niri", + "rev": "67361f88fd01974ebee4cf80f0e29c87d805cc39", + "type": "github" + }, + "original": { + "owner": "YaLTeR", + "repo": "niri", + "type": "github" + } + }, "nix-darwin": { "inputs": { "nixpkgs": [ @@ -2463,11 +2521,11 @@ }, "nixpkgs-dev": { "locked": { - "lastModified": 1754384443, - "narHash": "sha256-sjSFVbQhMJ6c3x/DUWmactuR2sw1FtLzBMXMyicOQSU=", + "lastModified": 1755895490, + "narHash": "sha256-BIqIaeWsmrSxIs/oUg5hjo0/ZU0d5pf5RkPvcQGRilc=", "owner": "Swarsel", "repo": "nixpkgs", - "rev": "d078a753aa08f98a2aa11922f87ae2b11bf67ca9", + "rev": "526b9d738fc2af2eb010b996b9b5918b46e7cf92", "type": "github" }, "original": { @@ -2881,6 +2939,22 @@ } }, "nixpkgs-stable_3": { + "locked": { + "lastModified": 1754689972, + "narHash": "sha256-eogqv6FqZXHgqrbZzHnq43GalnRbLTkbBbFtEfm1RSc=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "fc756aa6f5d3e2e5666efcf865d190701fef150a", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-25.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-stable_4": { "locked": { "lastModified": 1751274312, "narHash": "sha256-/bVBlRpECLVzjV19t5KMdMFWSwKLtb5RyXdjz3LJT+g=", @@ -2896,7 +2970,7 @@ "type": "github" } }, - "nixpkgs-stable_4": { + "nixpkgs-stable_5": { "locked": { "lastModified": 1751741127, "narHash": "sha256-t75Shs76NgxjZSgvvZZ9qOmz5zuBE8buUaYD28BMTxg=", @@ -2912,7 +2986,7 @@ "type": "github" } }, - "nixpkgs-stable_5": { + "nixpkgs-stable_6": { "locked": { "lastModified": 1751274312, "narHash": "sha256-/bVBlRpECLVzjV19t5KMdMFWSwKLtb5RyXdjz3LJT+g=", @@ -2928,7 +3002,7 @@ "type": "github" } }, - "nixpkgs-stable_6": { + "nixpkgs-stable_7": { "locked": { "lastModified": 1751741127, "narHash": "sha256-t75Shs76NgxjZSgvvZZ9qOmz5zuBE8buUaYD28BMTxg=", @@ -3985,6 +4059,7 @@ "home-manager": "home-manager", "impermanence": "impermanence", "lanzaboote": "lanzaboote", + "niri-flake": "niri-flake", "nix-darwin": "nix-darwin", "nix-index-database": "nix-index-database", "nix-on-droid": "nix-on-droid", @@ -3995,7 +4070,7 @@ "nixpkgs": "nixpkgs_4", "nixpkgs-dev": "nixpkgs-dev", "nixpkgs-kernel": "nixpkgs-kernel", - "nixpkgs-stable": "nixpkgs-stable_2", + "nixpkgs-stable": "nixpkgs-stable_3", "nixpkgs-stable24_05": "nixpkgs-stable24_05", "nixpkgs-stable24_11": "nixpkgs-stable24_11", "nswitch-rcm-nix": "nswitch-rcm-nix", @@ -4382,7 +4457,7 @@ "nixpkgs": "nixpkgs_12", "nixpkgs-dev": "nixpkgs-dev_2", "nixpkgs-kernel": "nixpkgs-kernel_2", - "nixpkgs-stable": "nixpkgs-stable_4", + "nixpkgs-stable": "nixpkgs-stable_5", "nixpkgs-stable24_05": "nixpkgs-stable24_05_2", "nixpkgs-stable24_11": "nixpkgs-stable24_11_2", "nswitch-rcm-nix": "nswitch-rcm-nix_2", @@ -4416,11 +4491,11 @@ "systems": "systems_17" }, "locked": { - "lastModified": 1754846369, - "narHash": "sha256-yT9Z1VS/i9ZkqdeMYjACd0xPmF/X0ZILt7YTlHfBD8k=", + "lastModified": 1754895103, + "narHash": "sha256-v8t5EjfbDurvTCBVHtFSRL+m5OfCPpTMmgzVC7h93sU=", "owner": "Swarsel", "repo": "swarsel-modules", - "rev": "60a2c35486f458e9ae95883801d8509840096d21", + "rev": "4e779044540278b93171d846c71d2bd7823fd806", "type": "github" }, "original": { @@ -4450,7 +4525,7 @@ "nixpkgs": "nixpkgs_20", "nixpkgs-dev": "nixpkgs-dev_3", "nixpkgs-kernel": "nixpkgs-kernel_3", - "nixpkgs-stable": "nixpkgs-stable_6", + "nixpkgs-stable": "nixpkgs-stable_7", "nixpkgs-stable24_05": "nixpkgs-stable24_05_3", "nixpkgs-stable24_11": "nixpkgs-stable24_11_3", "nswitch-rcm-nix": "nswitch-rcm-nix_3", @@ -5135,6 +5210,39 @@ "url": "ssh://git@github.com/vbc-it/vbc-nix.git" } }, + "xwayland-satellite-stable": { + "flake": false, + "locked": { + "lastModified": 1748488455, + "narHash": "sha256-IiLr1alzKFIy5tGGpDlabQbe6LV1c9ABvkH6T5WmyRI=", + "owner": "Supreeeme", + "repo": "xwayland-satellite", + "rev": "3ba30b149f9eb2bbf42cf4758d2158ca8cceef73", + "type": "github" + }, + "original": { + "owner": "Supreeeme", + "ref": "v0.6", + "repo": "xwayland-satellite", + "type": "github" + } + }, + "xwayland-satellite-unstable": { + "flake": false, + "locked": { + "lastModified": 1754533920, + "narHash": "sha256-fCZ68Yud1sUCq6UNXj0SDyiBgVA8gJUE+14ZFGsFJG8=", + "owner": "Supreeeme", + "repo": "xwayland-satellite", + "rev": "e0d1dad25a158551ab58547b2ece4b7d5a19929c", + "type": "github" + }, + "original": { + "owner": "Supreeeme", + "repo": "xwayland-satellite", + "type": "github" + } + }, "zjstatus": { "inputs": { "crane": "crane_4", diff --git a/flake.nix b/flake.nix index af2d912..d70ec01 100644 --- a/flake.nix +++ b/flake.nix @@ -87,6 +87,11 @@ url = "github:Gerg-l/spicetify-nix"; inputs.nixpkgs.follows = "nixpkgs"; }; + niri-flake = { + url = "github:sodiboo/niri-flake"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + }; outputs = inputs: diff --git a/hosts/nixos/moonside/default.nix b/hosts/nixos/moonside/default.nix index 86555e5..69d0afb 100644 --- a/hosts/nixos/moonside/default.nix +++ b/hosts/nixos/moonside/default.nix @@ -14,6 +14,7 @@ in # defaultSopsFile = lib.mkForce "/home/swarsel/.dotfiles/secrets/moonside/secrets.yaml"; secrets = { wireguard-private-key = { inherit sopsFile; }; + wireguard-home-preshared-key = { inherit sopsFile; }; }; }; @@ -49,16 +50,23 @@ in interfaces = { home-vpn = { privateKeyFile = config.sops.secrets.wireguard-private-key.path; - ips = [ "192.168.3.4/32" ]; + # ips = [ "192.168.3.4/32" ]; + ips = [ "192.168.178.201/24" ]; peers = [ { - publicKey = "NNGvakADslOTCmN9HJOW/7qiM+oJ3jAlSZGoShg4ZWw="; + # publicKey = "NNGvakADslOTCmN9HJOW/7qiM+oJ3jAlSZGoShg4ZWw="; + publicKey = "PmeFInoEJcKx+7Kva4dNnjOEnJ8lbudSf1cbdo/tzgw="; + presharedKeyFile = config.sops.secrets.wireguard-home-preshared-key.path; name = "moonside"; persistentKeepalive = 25; - endpoint = "${config.repo.secrets.common.ipv4}:51820"; + # endpoint = "${config.repo.secrets.common.ipv4}:51820"; + endpoint = "${config.repo.secrets.common.wireguardEndpoint}"; + # allowedIPs = [ + # "192.168.3.0/24" + # "192.168.1.0/24" + # ]; allowedIPs = [ - "192.168.3.0/24" - "192.168.1.0/24" + "192.168.178.0/24" ]; } ]; @@ -127,6 +135,7 @@ in }; swarselsystems = { + flakePath = "/root/.dotfiles"; info = "VM.Standard.A1.Flex, 4 OCPUs, 24GB RAM"; isImpermanence = true; isSecureBoot = false; diff --git a/hosts/nixos/pyramid/default.nix b/hosts/nixos/pyramid/default.nix index b89f44d..20054e5 100644 --- a/hosts/nixos/pyramid/default.nix +++ b/hosts/nixos/pyramid/default.nix @@ -56,7 +56,8 @@ in }; monitors = { main = { - name = "BOE 0x0BC9 Unknown"; + # name = "BOE 0x0BC9 Unknown"; + name = "BOE 0x0BC9"; mode = "2560x1600"; # TEMPLATE scale = "1"; position = "2560,0"; diff --git a/hosts/nixos/winters/default.nix b/hosts/nixos/winters/default.nix index 9e872ff..5345157 100644 --- a/hosts/nixos/winters/default.nix +++ b/hosts/nixos/winters/default.nix @@ -10,6 +10,8 @@ loader.efi.canTouchEfiVariables = true; }; + globals.hosts.${config.node.name}.ipv4 = config.repo.secrets.local.ipv4; + networking = { inherit (config.repo.secrets.local) hostId; hostName = "winters"; diff --git a/hosts/nixos/winters/secrets/pii.nix.enc b/hosts/nixos/winters/secrets/pii.nix.enc index 9c0e82b..448bd0a 100644 --- a/hosts/nixos/winters/secrets/pii.nix.enc +++ b/hosts/nixos/winters/secrets/pii.nix.enc @@ -1,5 +1,5 @@ { - "data": "ENC[AES256_GCM,data:Ow17QtITRfXk4BJGWb4jw1gX8HRIAdpBDpyGtif3Vb42cCqSWpLaIR1KecbU3OPkGesC/vh2tgmfE/xlm6nUR8kvRDZdhFr7UckeKFiD4hlfHBhGckaCXOiRZ3ACHrHfM/a2CbKDl14xLDMFDervdMRfB/4vjvnn9xvhjepZ1e7+Iopd9agL8r658AMFF3j2tRYZp7l5GLArs+7mUsFfXujkui1Xgh5+TRvYPh3zQ18RWyP4QMYP6HPHgHRH7S6uciUb6Qq1yEytOy3pCJTb+gZaa9xI1azzP7r83b7KeXdukupR+9fNWN52swDHXRugThMrh4kOrBdyaafJ1v2w4FTTPwj6JQvkxT+vMV4+WIclhD/FWtEHtUqsHDFnMzTIQfyTMt42HZKNdQDwp2fwuV1BP0qOUqRnheaTPiyZiZL8I27xDfwp5zfSqxA7KEzLL2uRbIPefdqNFlcte/xL9IkbTux+AmHaIjQeLkiPyMf2wc2NTIabWPk/ILC917vnancdAQuujB38SaWPrKeCEqDKsArvgjnmn47ctBND73G4PszieneCnuq4sNT9QrC81mk/AQv5TFG0i0fvPoXfpO4ul7MgaP+iPodb2CThHKDAwL+Gnq/6+tg+vJbTKxrsixHvYViA9p/ke1YaRFg2R8V7NwRDl68NI2yCaqj3qlS6Sa8Mx7IUQR6aCN4nkpcJs2GLVCEhWKFBsNXXhPa01C/81JGJ6+/zfHuGbY6gGtS7k3cZ9+dfizN29nBlp+A1U+Noxjl9arYOX4gjEnQhvo9Tp/gBCmrvXjoE6ja8XXUv78/Bfnvup52gdNunYRYv3Aj91F0u6fH6UqoWPXVTy6eznV727Pj9H1BPzMEfmf3EPc6Qcg7AR7vKORfH3U0PFXxFMY0kGEJdug5jmLuwUoRR9zOyHOqdS4Tk9BcMT02gRyQf6LZ3drDoqC35L5hop/gfbleUXXODn3cE1mEuAuZ08OSavZ24IHo1aMr50gjn32WSBKkjfC0dobBWzWwykxhu0vZZI3xYJx/59qqsodDGAJAhry5N6vrwM/PK/O73L2QBqkaT50eImIQ4+vpahcvFPRIkHLvQkzxlyH0dafuGyyF2gfig5Rq3vw02pT8z06LjmJ/ehvteyy1BE9CdiUvYHjaBXiWg2n5FvAe5e8EQxUx9+SwfwEpnucuocp7g+d3W3cXJOU6m9JxwvK7LX95MbpKOtdPq11yi35LLb1TikFLdFZyu+SeaNFD3AzQMOSem6Lwc7N7WHC5z3Ah7FvqqnL2J51hDfMLW78A7DCI9GNRVoyVjx++gRr+ftEf8UUAYmkJdT/D898wtLWmBXikY/2e36q3QJV0Hy3fGBjxLmN/Tdz62jgCaXrNdJqJTFZ5h+hjd03GT6utmPwp0D2lBSM0LXsZsql+jI54P8cFdu3S4mNIjHZqV1kmsk0MCCVJKnGODeLQLxJhp287N3+0HJEm4KicGWMchef/YeiLLtD7mz7ov/9OI,iv:KvoTnlj+f+eMsFEZP8F1v0r/xZ4aVBUWmO+zsQCvhS4=,tag:U1ziE2832QfNkP0yjIzBeA==,type:str]", + "data": "ENC[AES256_GCM,data:ehwByZT896X/hKe5CgolapiScCrPj9yhc99mWJ8HCDvK/p5JsZcq/fISfnhNDtXw2mk9DzdCAOkOqaJ2K/ZQTkTogqKbO/992K23hXe6xF/HhjjELJuRf5mnVT8Z9T27Co9w1FyGQnzIMEJcj7NVfnwjZjOSRFJG9u2tjRy09gO6cNnRF4fKZzqy3BRKWo/2CCib+nIFTrUX/tE9gUm0kIkX9lEDFH4lEXdNnVZTPeGM8OTAhiClWzqWInFqW9CrXaXuZrkfa0XyaXG4pWr+J8rYjBGqCHU4h43FqkUU0UKbapTbnY7yxlnwA61dueGYYpXGjRuyY8rVD9GWd7FgPO7SrgbvOb6nSGBOdDsBa2ME3ysG2+9tQwOvKbllpD3BlK0ettpcdpqBtpFUrpf8PUJsmWdzVZTP0ZVM0k3OdqLIPzgB5mLrcN5MvJ6MvWXWo1i/yWKGFVSGNfD8cieI7avIXm9zwSouDz06fmq9cWtZ4oG+z+h0fjsw7Ns5/mmH8r298JIQmJKg8LhShA0PCC4Yptv8RCDJMv6DRVMCqIEc10rpg0jDZWPImeHh4eCY6qyXoDsDRXVIEEYVawQJIN7PJfV3fN8X+wCJJatARIrFapJFLGNRCyFrIG5h5IhACwaBmawZrJf9WQVaKCLVQ+NDyC6PMmsmuV5b6JukrPruTfXYLFdIODEr8qVYfvwaCN1mqa/iVLO3T9zNUEed7bSuLj0KAQdEdoxhrB/hU7EO3q9VfjZXMlnDyDQNAPKwpnsk18kCgVWL3S2BKwQbfFvKi9Aqx0WtBkn6K9UJ0tZyOywz1RdhH/CL+FxOU4PsG8piNgrvWEqMDFPaefaj9BNKIY8Mhb1wDgb5etVbT7vvhIGTZfUVUAOcXmySqqiDdSNwImDZAMJmzAoArzyUswq/dVzNmCfm7Or9/KAZxp5nqM/DrfPw2wLWpOxxyY6R/irzT9KyhHHtv59IROIDtU0wm6gzU3j+oEJ2MgnpRzgqknDM1K8j9Wk/kzPcT9Hqp9N95NfLApQHaKuDtmqFoa09mIQa5pGFacArWA0P8PjEsj5vJLZ1n/+HG0odU3fv5z54Azd1MmHu1lIvIRlbvKDmtvFW53IyLnD1sqRMCkntsuuef8bIobS6An8wy08tP+bKaPX4pMLUD9TpSkYgPOJEx9MVpUyUSGiBnVoN/DJr3ZrDY6cB9d+nOD9euQLv0F+dXteArvuxe2uTvetnmta+fW0+fQhLOoD2tNehOq3jyn1/JJlIzhx4K6go1toNeUKcZX/niYhzYjSw6+q6kQPcz+t+LhqyWdlWnLEDMc2auiJRpImGMjGYYF+pK6tPkBftmR5h0DcG7EYgL2XGEGprKRIIUuZ4a+DGGqb1aL99WenwU+Wtz/kvohuLZd1jsym0lhgqxlenx54GIzMDCu6UF5vYd1dnqfpKH0HjlBFRCZk/WXCp6BFrgtmhbUhfCi4xCUniDsN2zeIzH7rF+uIdqsTtm2bbSLBZh3RqeswqFMSs7ZnQRjmT3CdXS7F45vX2pMyo,iv:AtYXO4kgmOsMys8DFNe7aCq1PJ9sBzsaAmaNGVNMq4A=,tag:2ovss2xLfW3GgcdLfltwcQ==,type:str]", "sops": { "age": [ { @@ -7,8 +7,8 @@ "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyK0w2RjJ5R1l2ay94QXRj\nekJwSlowcFVLc1cvWVFjNEVFUnFocEJHYlNnCnBnUEYvNWdNWE9BTjB5ODRuTlAw\nMUh4QmlTeVVYNHM0S1FwWG5qUG42VDgKLS0tIHh5VlU2dVZmUlRIMDRlVEJmNU55\ncFlXR1BzMkVnMkFWN3BBZWhHalltMlEKibdARxBcFqaXUhYp3KkrrvO9YgaBDacl\n8BEv4ph0f2baDN0dsymJjmdHStwKTjOwDspRtCTs5u75hR35a2xyFQ==\n-----END AGE ENCRYPTED FILE-----\n" } ], - "lastmodified": "2025-07-17T20:14:29Z", - "mac": "ENC[AES256_GCM,data:4YP1fp9Mcbx0pvS5l9Xzc5cbhFnBo5GkqyRvcEspNYQ3IW5LIWtPwItwLZH/ymfEkpwIVYOugnB12HJJo9jpudgfUMXtp43ImDUNVHs59qkNhJFmTSoEZMBHQjPtE/jE17OIAZzeA41EAItesrmExV1W8ePy7rTgHQl5BDooWME=,iv:vyZ0BGjMUDeoVMkDw6wLZK3KKIECK5caz/nQB3nXlGs=,tag:GAqKNcSf3Ny/WsB3tYM/og==,type:str]", + "lastmodified": "2025-08-12T18:21:56Z", + "mac": "ENC[AES256_GCM,data:6gxEKYRIefxE0DKWuc40wkOp/oCzKxg4jMz5WVqWHXUjOorz6A9TTLYo8UhYCVB8pwxC46iLCND3rDWudurz+2vl/tTDpuh04utB2f6GFy+g5f6Rs9x/KWWFR8pB/BwaG9tEW4UfF7bud6FYM9dY5fJADU6CPxpanOLdhzt7j8A=,iv:oxMFeIwbLFzvCZsmf/z5L3Wi4Quscx+zzD8dafEc66Y=,tag:hKfqVt2nZieQyqQAKexMiA==,type:str]", "pgp": [ { "created_at": "2025-06-11T11:42:23Z", diff --git a/modules/home/common/custom-packages.nix b/modules/home/common/custom-packages.nix index 5c66542..8ce08a2 100644 --- a/modules/home/common/custom-packages.nix +++ b/modules/home/common/custom-packages.nix @@ -11,6 +11,7 @@ timer e swarselcheck + swarselcheck-niri waybarupdate opacitytoggle fs-diff diff --git a/modules/home/common/emacs.nix b/modules/home/common/emacs.nix index 2a0d331..1535d63 100644 --- a/modules/home/common/emacs.nix +++ b/modules/home/common/emacs.nix @@ -1,4 +1,4 @@ -{ self, lib, config, pkgs, globals, ... }: +{ self, lib, config, pkgs, globals, inputs, ... }: let inherit (config.swarselsystems) homeDir isPublic isNixos; inherit (config.repo.secrets.common.emacs) radicaleUser; @@ -56,17 +56,19 @@ in packageRequires = [ epkgs.jsonrpc epkgs.eglot ]; }) - (epkgs.trivialBuild rec { - pname = "calfw"; - version = "1.0.0-20231002"; - src = pkgs.fetchFromGitHub { - owner = "haji-ali"; - repo = "emacs-calfw"; - rev = "bc99afee611690f85f0cd0bd33300f3385ddd3d3"; - hash = "sha256-0xMII1KJhTBgQ57tXJks0ZFYMXIanrOl9XyqVmu7a7Y="; - }; - packageRequires = [ epkgs.howm ]; - }) + (inputs.nixpkgs-dev.legacyPackages.${pkgs.system}.emacsPackagesFor pkgs.emacs-git-pgtk).calfw + # epkgs.calfw + # (epkgs.trivialBuild rec { + # pname = "calfw"; + # version = "1.0.0-20231002"; + # src = pkgs.fetchFromGitHub { + # owner = "haji-ali"; + # repo = "emacs-calfw"; + # rev = "bc99afee611690f85f0cd0bd33300f3385ddd3d3"; + # hash = "sha256-0xMII1KJhTBgQ57tXJks0ZFYMXIanrOl9XyqVmu7a7Y="; + # }; + # packageRequires = [ epkgs.howm ]; + # }) (epkgs.trivialBuild rec { pname = "fast-scroll"; diff --git a/modules/home/common/gpg-agent.nix b/modules/home/common/gpg-agent.nix index f8da000..e92711f 100644 --- a/modules/home/common/gpg-agent.nix +++ b/modules/home/common/gpg-agent.nix @@ -7,11 +7,14 @@ in config = lib.mkIf config.swarselmodules.gpgagent { services.gpg-agent = { enable = true; + verbose = true; enableZshIntegration = true; enableScDaemon = true; enableSshSupport = true; enableExtraSocket = true; - pinentry.package = pkgs.pinentry.gtk2; + pinentry.package = pkgs.wayprompt; + pinentry.program = "pinentry-wayprompt"; + # pinentry.package = pkgs.pinentry.gtk2; defaultCacheTtl = 600; maxCacheTtl = 7200; extraConfig = '' diff --git a/modules/home/common/kanshi.nix b/modules/home/common/kanshi.nix index 026450e..43b80b0 100644 --- a/modules/home/common/kanshi.nix +++ b/modules/home/common/kanshi.nix @@ -1,16 +1,16 @@ -{ lib, config, ... }: +{ self, lib, pkgs, config, ... }: { options.swarselmodules.kanshi = lib.mkEnableOption "kanshi settings"; config = lib.mkIf config.swarselmodules.kanshi { swarselsystems = { monitors = { - homedesktop = { + homedesktop = rec { name = "Philips Consumer Electronics Company PHL BDM3270 AU11806002320"; mode = "2560x1440"; scale = "1"; position = "0,0"; - workspace = "1:一"; - output = "DP-11"; + workspace = "11:M"; + output = name; }; }; }; @@ -36,6 +36,7 @@ { profile = { name = "lidopen"; + exec = [ "${pkgs.swaybg}/bin/swaybg --output '${config.swarselsystems.sharescreen}' --image ${config.swarselsystems.wallpaper} --mode ${config.stylix.imageScalingMode}" ]; outputs = [ { criteria = "eDP-2"; @@ -46,41 +47,51 @@ }; } { - profile = { - name = "lidopen"; - outputs = [ - { - criteria = config.swarselsystems.sharescreen; - status = "enable"; - scale = 1.7; - position = "2560,0"; - } - { - criteria = "Philips Consumer Electronics Company PHL BDM3270 AU11806002320"; - scale = 1.0; - mode = "2560x1440"; - position = "0,0"; - } - ]; - }; + profile = + let + monitor = "Philips Consumer Electronics Company PHL BDM3270 AU11806002320"; + in + { + name = "lidopen"; + exec = [ "${pkgs.swaybg}/bin/swaybg --output '${monitor}' --image ${self}/files/wallpaper/standwp.png --mode ${config.stylix.imageScalingMode}" ]; + outputs = [ + { + criteria = config.swarselsystems.sharescreen; + status = "enable"; + scale = 1.7; + position = "2560,0"; + } + { + criteria = monitor; + scale = 1.0; + mode = "2560x1440"; + position = "0,0"; + } + ]; + }; } { - profile = { - name = "lidclosed"; - outputs = [ - { - criteria = config.swarselsystems.sharescreen; - status = "disable"; - position = "2560,0"; - } - { - criteria = "Philips Consumer Electronics Company PHL BDM3270 AU11806002320"; - scale = 1.0; - mode = "2560x1440"; - position = "0,0"; - } - ]; - }; + profile = + let + monitor = "Philips Consumer Electronics Company PHL BDM3270 AU11806002320"; + in + { + name = "lidclosed"; + exec = [ "${pkgs.swaybg}/bin/swaybg --output '${monitor}' --image ${self}/files/wallpaper/standwp.png --mode ${config.stylix.imageScalingMode}" ]; + outputs = [ + { + criteria = config.swarselsystems.sharescreen; + status = "disable"; + position = "2560,0"; + } + { + criteria = monitor; + scale = 1.0; + mode = "2560x1440"; + position = "0,0"; + } + ]; + }; } ]; }; diff --git a/modules/home/common/mail.nix b/modules/home/common/mail.nix index f977d12..e86e03a 100644 --- a/modules/home/common/mail.nix +++ b/modules/home/common/mail.nix @@ -119,6 +119,7 @@ in account = { Timeout = 120; PipelineDepth = 1; + AuthMechs = "LOGIN"; }; }; }; diff --git a/modules/home/common/niri.nix b/modules/home/common/niri.nix new file mode 100644 index 0000000..16f173b --- /dev/null +++ b/modules/home/common/niri.nix @@ -0,0 +1,204 @@ +{ config, pkgs, lib, vars, ... }: +{ + options.swarselmodules.niri = lib.mkEnableOption "niri settings"; + config = lib.mkIf config.swarselmodules.niri { + + programs.niri = { + package = pkgs.niri-unstable; # which package to use for niri validation + settings = { + xwayland-satellite = { + enable = true; + path = "${lib.getExe pkgs.xwayland-satellite-unstable}"; + }; + prefer-no-csd = true; + layer-rules = [ + { matches = [{ namespace = "^notifications$"; }]; block-out-from = "screencast"; } + { matches = [{ namespace = "^wallpaper$"; }]; place-within-backdrop = true; } + ]; + window-rules = [ + { + matches = [{ app-id = ".*"; }]; + opacity = 0.95; + default-column-width = { proportion = 0.5; }; + shadow = { + enable = true; + draw-behind-window = true; + }; + geometry-corner-radius = { top-left = 2.0; top-right = 2.0; bottom-left = 2.0; bottom-right = 2.0; }; + } + { matches = [{ app-id = "at.yrlf.wl_mirror"; }]; opacity = 1.0; } + { matches = [{ app-id = "Gimp"; }]; opacity = 1.0; } + { matches = [{ app-id = "firefox"; }]; opacity = 0.99; } + { matches = [{ app-id = "^special.*"; }]; default-column-width = { proportion = 0.9; }; open-on-workspace = "Scratchpad"; } + { matches = [{ app-id = "chromium-browser"; }]; opacity = 0.99; } + { matches = [{ app-id = "^qalculate-gtk$"; }]; open-floating = true; } + { matches = [{ app-id = "^blueman$"; }]; open-floating = true; } + { matches = [{ app-id = "^pavucontrol$"; }]; open-floating = true; } + { matches = [{ app-id = "^syncthingtray$"; }]; open-floating = true; } + { matches = [{ app-id = "^Element$"; }]; open-floating = true; default-column-width = { proportion = 0.5; }; block-out-from = "screencast"; } + # { matches = [{ app-id = "^Element$"; }]; default-column-width = { proportion = 0.9; }; open-on-workspace = "Scratchpad"; block-out-from = "screencast"; } + { matches = [{ app-id = "^vesktop$"; }]; open-floating = true; default-column-width = { proportion = 0.5; }; block-out-from = "screencast"; } + # { matches = [{ app-id = "^vesktop$"; }]; default-column-width = { proportion = 0.9; }; open-on-workspace = "Scratchpad"; block-out-from = "screencast"; } + { matches = [{ app-id = "^com.nextcloud.desktopclient.nextcloud$"; }]; open-floating = true; } + { matches = [{ title = ".*1Password.*"; }]; excludes = [{ app-id = "^firefox$"; } { app-id = "^emacs$"; } { app-id = "^kitty$"; }]; open-floating = true; block-out-from = "screencast"; } + { matches = [{ title = "(?:Open|Save) (?:File|Folder|As)"; }]; open-floating = true; } + { matches = [{ title = "^Add$"; }]; open-floating = true; } + { matches = [{ title = "^Picture-in-Picture$"; }]; open-floating = true; } + { matches = [{ title = "Syncthing Tray"; }]; open-floating = true; } + { matches = [{ title = "^Emacs Popup Frame$"; }]; open-floating = true; } + { matches = [{ title = "^Emacs Popup Anchor$"; }]; open-floating = true; } + { matches = [{ app-id = "^spotifytui$"; }]; open-floating = true; default-column-width = { proportion = 0.5; }; } + { matches = [{ app-id = "^kittyterm$"; }]; open-floating = true; default-column-width = { proportion = 0.5; }; } + ]; + environment = { + DISPLAY = ":0"; + } // vars.waylandSessionVariables; + screenshot-path = "~/Pictures/Screenshots/screenshot_%Y-%m-%d-%H%M%S.png"; + input = { + mod-key = "Super"; + keyboard = { + xkb = { + layout = "us"; + variant = "altgr-intl"; + }; + }; + mouse = { + natural-scroll = false; + }; + touchpad = { + enable = true; + tap = true; + tap-button-map = "left-right-middle"; + natural-scroll = true; + scroll-method = "two-finger"; + click-method = "clickfinger"; + disabled-on-external-mouse = true; + drag = true; + drag-lock = false; + dwt = true; + dwtp = true; + }; + }; + cursor = { + hide-after-inactive-ms = 2000; + hide-when-typing = true; + }; + layout = { + background-color = "transparent"; + border = { + enable = true; + width = 1; + }; + focus-ring = { + enable = false; + }; + gaps = 5; + }; + binds = with config.lib.niri.actions; let + sh = spawn "sh" "-c"; + in + { + + # "Mod+Super_L" = spawn "killall -SIGUSR1 .waybar-wrapped"; + "Mod+z".action = spawn "killall -SIGUSR1 .waybar-wrapped"; + "Mod+Shift+t".action = toggle-window-rule-opacity; + # "Mod+Escape".action = "mode $exit"; + "Mod+m".action = focus-workspace-previous; + "Mod+Shift+Space".action = toggle-window-floating; + "Mod+Shift+f".action = toggle-windowed-fullscreen; + "Mod+q".action = close-window; + "Mod+f".action = spawn "firefox"; + "Mod+Space".action = spawn "fuzzel"; + "Mod+Shift+c".action = spawn "qalculate-gtk"; + "Mod+Ctrl+p".action = spawn "1password" "--quick-acces"; + "Mod+Shift+Escape".action = spawn "kitty" "-o" "confirm_os_window_close=0" "btm"; + "Mod+h".action = sh ''hyprpicker | wl-copy''; + # "Mod+s".action = spawn "grim" "-g" "\"$(slurp)\"" "-t" "png" "-" "|" "wl-copy" "-t" "image/png"; + "Mod+s".action = screenshot { show-pointer = false; }; + # "Mod+Shift+s".action = spawn "slurp" "|" "grim" "-g" "-" "Pictures/Screenshots/$(date +'screenshot_%Y-%m-%d-%H%M%S.png')"; + "Mod+Shift+s".action = screenshot-window { write-to-disk = true; }; + # "Mod+Shift+v".action = spawn "wf-recorder" "-g" "'$(slurp -f %o -or)'" "-f" "~/Videos/screenrecord_$(date +%Y-%m-%d-%H%M%S).mkv"; + + "Mod+e".action = sh "emacsclient -nquc -a emacs -e '(dashboard-open)'"; + "Mod+c".action = sh "emacsclient -ce '(org-capture)'"; + "Mod+t".action = sh "emacsclient -ce '(org-agenda)'"; + "Mod+Shift+m".action = sh "emacsclient -ce '(mu4e)'"; + "Mod+Shift+a".action = sh "emacsclient -ce '(swarsel/open-calendar)'"; + + "Mod+a".action = spawn "swarselcheck-niri" "-s"; + "Mod+x".action = spawn "swarselcheck-niri" "-k"; + "Mod+d".action = spawn "swarselcheck-niri" "-d"; + "Mod+w".action = spawn "swarselcheck-niri" "-e"; + + "Mod+p".action = spawn "pass-fuzzel"; + "Mod+o".action = spawn "pass-fuzzel" "--otp"; + "Mod+Shift+p".action = spawn "pass-fuzzel" "--type"; + "Mod+Shift+o".action = spawn "pass-fuzzel" "--otp" "--type"; + + "Mod+Left".action = focus-column-or-monitor-left; + "Mod+Right".action = focus-column-or-monitor-right; + "Mod+Down".action = focus-window-or-workspace-down; + "Mod+Up".action = focus-window-or-workspace-up; + "Mod+Shift+Left".action = move-column-left; + "Mod+Shift+Right".action = move-column-right; + "Mod+Shift+Down".action = move-window-down-or-to-workspace-down; + "Mod+Shift+Up".action = move-window-up-or-to-workspace-up; + # "Mod+Ctrl+Shift+c".action = "reload"; + # "Mod+Ctrl+Shift+r".action = "exec swarsel-displaypower"; + # "Mod+Shift+e".action = "exec swaynag -t warning -m 'You pressed the exit shortcut. Do you really want to exit sway? This will end your Wayland session.' -b 'Yes, exit sway' 'swaymsg exit'"; + # "Mod+r".action = "mode resize"; + # "Mod+Return".action = "exec kitty"; + "Mod+Return".action = spawn "swarselzellij"; + "XF86AudioRaiseVolume".action = spawn "swayosd-client" "--output-volume" "raise"; + "XF86AudioLowerVolume".action = spawn "swayosd-client" "--output-volume" "lower"; + "XF86AudioMute".action = spawn "swayosd-client" "--output-volume" "mute-toggle"; + "XF86MonBrightnessUp".action = spawn "swayosd-client" "--brightness raise"; + "XF86MonBrightnessDown".action = spawn "swayosd-client" "--brightness lower"; + "XF86Display".action = spawn "wl-mirror" "eDP-1"; + "Mod+Escape".action = spawn "wlogout"; + "Mod+Equal".action = set-column-width "+10%"; + "Mod+Minus".action = set-column-width "-10%"; + + "Mod+1".action = focus-workspace 1; + "Mod+2".action = focus-workspace 2; + "Mod+3".action = focus-workspace 3; + "Mod+4".action = focus-workspace 4; + "Mod+5".action = focus-workspace 5; + "Mod+6".action = focus-workspace 6; + "Mod+7".action = focus-workspace 7; + "Mod+8".action = focus-workspace 8; + "Mod+9".action = focus-workspace 9; + "Mod+0".action = focus-workspace 0; + + "Mod+Shift+1".action = move-column-to-index 1; + "Mod+Shift+2".action = move-column-to-index 2; + "Mod+Shift+3".action = move-column-to-index 3; + "Mod+Shift+4".action = move-column-to-index 4; + "Mod+Shift+5".action = move-column-to-index 5; + "Mod+Shift+6".action = move-column-to-index 6; + "Mod+Shift+7".action = move-column-to-index 7; + "Mod+Shift+8".action = move-column-to-index 8; + "Mod+Shift+9".action = move-column-to-index 9; + "Mod+Shift+0".action = move-column-to-index 0; + }; + spawn-at-startup = [ + { command = [ "vesktop" "--start-minimized" "--enable-speech-dispatcher" "--ozone-platform-hint=auto" "--enable-features=WaylandWindowDecorations" "--enable-wayland-ime" ]; } + { command = [ "element-desktop" "--hidden" "--enable-features=UseOzonePlatform" "--ozone-platform=wayland" "--disable-gpu-driver-bug-workarounds" ]; } + { command = [ "anki" ]; } + { command = [ "obsidian" ]; } + { command = [ "nm-applet" ]; } + { command = [ "niri" "msg" "action" "focus-workspace" "2" ]; } + ]; + workspaces = { + # "01-Main" = { + # name = "Scratchpad"; + # }; + "99-Scratchpad" = { + name = ""; + }; + }; + }; + }; + + }; +} diff --git a/modules/home/common/packages.nix b/modules/home/common/packages.nix index 0e066d8..f39bb61 100644 --- a/modules/home/common/packages.nix +++ b/modules/home/common/packages.nix @@ -70,6 +70,7 @@ restic # "big" programs + obs-studio gimp inkscape zoom-us @@ -80,7 +81,7 @@ # spotify vesktop # discord client # nextcloud-client # enables a systemd service that I do not want - spotify-player + stable.spotify-player element-desktop nicotine-plus stable.transmission_3 @@ -135,8 +136,8 @@ # wayland stuff wtype + wl-mirror wl-clipboard - stable.wl-mirror wf-recorder kanshi diff --git a/modules/home/common/ssh.nix b/modules/home/common/ssh.nix index 052e9a1..0124c15 100644 --- a/modules/home/common/ssh.nix +++ b/modules/home/common/ssh.nix @@ -19,7 +19,7 @@ user = "root"; }; "winters" = { - hostname = "192.168.1.2"; + hostname = "192.168.178.24"; user = "root"; }; "minecraft" = { diff --git a/modules/home/common/sway.nix b/modules/home/common/sway.nix index 5d1e5c3..f4e13de 100644 --- a/modules/home/common/sway.nix +++ b/modules/home/common/sway.nix @@ -1,4 +1,4 @@ -{ self, config, lib, vars, ... }: +{ config, lib, vars, ... }: let eachOutput = _: monitor: { inherit (monitor) name; @@ -201,22 +201,14 @@ in "${modifier}+r" = "mode resize"; # "${modifier}+Return" = "exec kitty"; "${modifier}+Return" = "exec swarselzellij"; - "${modifier}+Print" = "exec screenshare"; - # exec swaymsg move workspace to "$(swaymsg -t get_outputs | jq '[.[] | select(.active == true)] | .[(map(.focused) | index(true) + 1) % length].name')" - # "XF86AudioRaiseVolume" = "exec pa 5%"; - # "XF86AudioRaiseVolume" = "exec pamixer -i 5"; "XF86AudioRaiseVolume" = "exec swayosd-client --output-volume raise"; - # "XF86AudioLowerVolume" = "exec pactl set-sink-volume @DEFAULT_SINK@ -5%"; - # "XF86AudioLowerVolume" = "exec pamixer -d 5"; "XF86AudioLowerVolume" = "exec swayosd-client --output-volume lower"; - # "XF86AudioMute" = "exec pactl set-sink-mute @DEFAULT_SINK@ toggle"; - # "XF86AudioMute" = "exec pamixer -t"; "XF86AudioMute" = "exec swayosd-client --output-volume mute-toggle"; - # "XF86MonBrightnessUp" = "exec brightnessctl set +5%"; "XF86MonBrightnessUp" = "exec swayosd-client --brightness raise"; - # "XF86MonBrightnessDown" = "exec brightnessctl set 5%-"; "XF86MonBrightnessDown" = "exec swayosd-client --brightness lower"; "XF86Display" = "exec wl-mirror eDP-1"; + # "--no-repeat Super_L" = "exec killall -SIGUSR1 .waybar-wrapped"; + # "${modifier}+z" = "exec killall -SIGUSR1 .waybar-wrapped"; } config.swarselsystems.keybindings; modes = { @@ -231,14 +223,14 @@ in }; }; defaultWorkspace = "workspace 1:一"; - output = { - "${config.swarselsystems.sharescreen}" = { - bg = "${self}/files/wallpaper/lenovowp.png ${config.stylix.imageScalingMode}"; - }; - "Philips Consumer Electronics Company PHL BDM3270 AU11806002320" = { - bg = "${self}/files/wallpaper/standwp.png ${config.stylix.imageScalingMode}"; - }; - }; + # output = { + # "${config.swarselsystems.sharescreen}" = { + # bg = "${self}/files/wallpaper/lenovowp.png ${config.stylix.imageScalingMode}"; + # }; + # "Philips Consumer Electronics Company PHL BDM3270 AU11806002320" = { + # bg = "${self}/files/wallpaper/standwp.png ${config.stylix.imageScalingMode}"; + # }; + # }; input = config.swarselsystems.standardinputs; workspaceOutputAssign = let diff --git a/modules/home/common/waybar.nix b/modules/home/common/waybar.nix index f773ed2..fce5b2d 100644 --- a/modules/home/common/waybar.nix +++ b/modules/home/common/waybar.nix @@ -70,20 +70,29 @@ in enable = true; systemd = { enable = true; - target = "sway-session.target"; + # target = "sway-session.target"; + inherit (config.wayland.systemd) target; }; settings = { mainBar = { ipc = true; id = "bar-0"; + # mode = "hide"; + # mode = "overlay"; + # passthrough = false; + # start_hidden = true; layer = "top"; position = "top"; - modules-left = [ "sway/workspaces" "custom/outer-right-arrow-dark" "sway/window" ]; + modules-left = [ "sway/workspaces" "niri/workspaces" "custom/outer-right-arrow-dark" "niri/window" "sway/window" ]; modules-center = [ "sway/mode" "privacy" "custom/github" "custom/configwarn" "custom/nix-updates" ]; "sway/mode" = { format = "{}"; }; + "niri/window" = { + format = "{title} ({app_id})"; + }; + modules-right = config.swarselsystems.waybarModules; "custom/pseudobat" = lib.mkIf (!config.swarselsystems.isLaptop) { diff --git a/modules/home/optional/work.nix b/modules/home/optional/work.nix index 2ada5d5..ce6459e 100644 --- a/modules/home/optional/work.nix +++ b/modules/home/optional/work.nix @@ -59,9 +59,8 @@ in }; }; msmtp = { - enable = false; + enable = true; extraConfig = { - account = "work"; auth = "xoauth2"; host = "outlook.office365.com"; protocol = "smtp"; @@ -73,10 +72,11 @@ in passwordeval = "pizauth show work"; }; }; - mu.enable = false; + mu.enable = true; mbsync = { - enable = false; + enable = true; expunge = "both"; + patterns = [ "INBOX" ]; extraConfig = { account = { AuthMechs = "XOAUTH2"; @@ -85,19 +85,19 @@ in }; }; - wayland.windowManager.sway.config = { - output = { - "Applied Creative Technology Transmitter QUATTRO201811" = { - bg = "${self}/files/wallpaper/navidrome.png ${config.stylix.imageScalingMode}"; - }; - "Hewlett Packard HP Z24i CN44250RDT" = { - bg = "${self}/files/wallpaper/op6wp.png ${config.stylix.imageScalingMode}"; - }; - "HP Inc. HP 732pk CNC4080YL5" = { - bg = "${self}/files/wallpaper/botanicswp.png ${config.stylix.imageScalingMode}"; - }; - }; - }; + # wayland.windowManager.sway.config = { + # output = { + # "Applied Creative Technology Transmitter QUATTRO201811" = { + # bg = "${self}/files/wallpaper/navidrome.png ${config.stylix.imageScalingMode}"; + # }; + # "Hewlett Packard HP Z24i CN44250RDT" = { + # bg = "${self}/files/wallpaper/op6wp.png ${config.stylix.imageScalingMode}"; + # }; + # "HP Inc. HP 732pk CNC4080YL5" = { + # bg = "${self}/files/wallpaper/botanicswp.png ${config.stylix.imageScalingMode}"; + # }; + # }; + # }; stylix = { targets.firefox.profileNames = @@ -278,6 +278,10 @@ in { profile = { name = "lidopen"; + exec = [ + "${pkgs.swaybg}/bin/swaybg --output 'HP Inc. HP 732pk CNC4080YL5' --image ${self}/files/wallpaper/botanicswp.png --mode ${config.stylix.imageScalingMode}" + "${pkgs.swaybg}/bin/swaybg --output 'Hewlett Packard HP Z24i CN44250RDT' --image ${self}/files/wallpaper/op6wp.png --mode ${config.stylix.imageScalingMode}" + ]; outputs = [ { criteria = config.swarselsystems.sharescreen; @@ -302,27 +306,39 @@ in }; } { - profile = { - name = "lidopen"; - outputs = [ - { - criteria = config.swarselsystems.sharescreen; - status = "enable"; - scale = 1.7; - position = "2560,0"; - } - { - criteria = "Applied Creative Technology Transmitter QUATTRO201811"; - scale = 1.0; - mode = "1280x720"; - position = "10000,10000"; - } - ]; - }; + profile = + let + monitor = "Applied Creative Technology Transmitter QUATTRO201811"; + in + { + name = "lidopen"; + exec = [ + "${pkgs.swaybg}/bin/swaybg --output '${monitor}' --image ${self}/files/wallpaper/navidrome.png --mode ${config.stylix.imageScalingMode}" + "${pkgs.kanshare}/bin/kanshare ${config.swarselsystems.sharescreen} '${monitor}'" + ]; + outputs = [ + { + criteria = config.swarselsystems.sharescreen; + status = "enable"; + scale = 1.7; + position = "2560,0"; + } + { + criteria = "Applied Creative Technology Transmitter QUATTRO201811"; + scale = 1.0; + mode = "1280x720"; + position = "10000,10000"; + } + ]; + }; } { profile = { name = "lidclosed"; + exec = [ + "${pkgs.swaybg}/bin/swaybg --output 'HP Inc. HP 732pk CNC4080YL5' --image ${self}/files/wallpaper/botanicswp.png --mode ${config.stylix.imageScalingMode}" + "${pkgs.swaybg}/bin/swaybg --output 'Hewlett Packard HP Z24i CN44250RDT' --image ${self}/files/wallpaper/op6wp.png --mode ${config.stylix.imageScalingMode}" + ]; outputs = [ { criteria = config.swarselsystems.sharescreen; @@ -345,28 +361,47 @@ in }; } { - profile = { - name = "lidclosed"; - outputs = [ - { - criteria = config.swarselsystems.sharescreen; - status = "disable"; - } - { - criteria = "Applied Creative Technology Transmitter QUATTRO201811"; - scale = 1.0; - mode = "1280x720"; - position = "10000,10000"; - } - ]; - }; + profile = + let + monitor = "Applied Creative Technology Transmitter QUATTRO201811"; + in + { + name = "lidclosed"; + exec = [ + "${pkgs.swaybg}/bin/swaybg --output '${monitor}' --image ${self}/files/wallpaper/navidrome.png --mode ${config.stylix.imageScalingMode}" + ]; + outputs = [ + { + criteria = config.swarselsystems.sharescreen; + status = "disable"; + } + { + criteria = "Applied Creative Technology Transmitter QUATTRO201811"; + scale = 1.0; + mode = "1280x720"; + position = "10000,10000"; + } + ]; + }; } ]; }; }; + systemd.user.services.pizauth.Service = { + ExecStartPost = [ + "${pkgs.toybox}/bin/sleep 1" + "//bin/sh -c '${lib.getExe pkgs.pizauth} restore < ${homeDir}/.pizauth.state'" + ]; + }; + swarselservices.pizauth = { enable = true; + extraConfig = '' + auth_notify_cmd = "if [[ \"$(notify-send -A \"Open $PIZAUTH_ACCOUNT\" -t 30000 'pizauth authorisation')\" == \"0\" ]]; then open \"$PIZAUTH_URL\"; fi"; + error_notify_cmd = "notify-send -t 90000 \"pizauth error for $PIZAUTH_ACCOUNT\" \"$PIZAUTH_MSG\""; + token_event_cmd = "pizauth dump > ${homeDir}/.pizauth.state"; + ''; accounts = { work = { authUri = "https://login.microsoftonline.com/common/oauth2/v2.0/authorize"; @@ -444,70 +479,60 @@ in { command = "1password"; } ]; monitors = { - main = { - name = "BOE 0x0BC9 Unknown"; - mode = "2560x1600"; # TEMPLATE - scale = "1"; - position = "2560,0"; - workspace = "15:L"; - output = "eDP-2"; - }; - homedesktop = { - name = "Philips Consumer Electronics Company PHL BDM3270 AU11806002320"; - mode = "2560x1440"; - scale = "1"; - position = "0,0"; - workspace = "1:一"; - output = "DP-11"; - }; - work_back_middle = { + work_back_middle = rec { name = "LG Electronics LG Ultra HD 0x000305A6"; mode = "2560x1440"; scale = "1"; position = "5120,0"; workspace = "1:一"; - output = "DP-10"; + # output = "DP-10"; + output = name; }; - work_front_left = { + work_front_left = rec { name = "LG Electronics LG Ultra HD 0x0007AB45"; mode = "3840x2160"; scale = "1"; position = "5120,0"; workspace = "1:一"; - output = "DP-7"; + # output = "DP-7"; + output = name; }; - work_back_right = { + work_back_right = rec { name = "HP Inc. HP Z32 CN41212T55"; mode = "3840x2160"; scale = "1"; position = "5120,0"; workspace = "1:一"; - output = "DP-3"; + # output = "DP-3"; + output = name; }; - work_middle_middle_main = { + work_middle_middle_main = rec { name = "HP Inc. HP 732pk CNC4080YL5"; mode = "3840x2160"; scale = "1"; position = "-1280,0"; workspace = "11:M"; - output = "DP-8"; + # output = "DP-8"; + output = name; }; - work_middle_middle_side = { + work_middle_middle_side = rec { name = "Hewlett Packard HP Z24i CN44250RDT"; mode = "1920x1200"; transform = "270"; scale = "1"; position = "-2480,0"; workspace = "12:S"; - output = "DP-9"; + # output = "DP-9"; + output = name; }; - work_seminary = { + work_seminary = rec { name = "Applied Creative Technology Transmitter QUATTRO201811"; mode = "1280x720"; scale = "1"; position = "10000,10000"; # i.e. this screen is inaccessible by moving the mouse workspace = "14:T"; - output = "DP-4"; + # output = "DP-4"; + output = name; }; }; inputs = { @@ -531,9 +556,6 @@ in xkb_variant = "altgr-intl"; }; }; - keybindings = { - "Mod4+Ctrl+Shift+p" = "exec screenshare"; - }; }; }; diff --git a/modules/nixos/client/keyd.nix b/modules/nixos/client/keyd.nix new file mode 100644 index 0000000..486cac3 --- /dev/null +++ b/modules/nixos/client/keyd.nix @@ -0,0 +1,23 @@ +{ lib, config, ... }: +let + moduleName = "keyd"; +in +{ + options.swarselmodules.${moduleName} = lib.mkEnableOption "${moduleName} tools config"; + config = lib.mkIf config.swarselmodules.${moduleName} { + services.keyd = { + enable = true; + keyboards = { + default = { + ids = [ "*" ]; + settings = { + main = { + leftmeta = "overload(meta, macro(rightmeta+z))"; + rightmeta = "overload(meta, macro(rightmeta+z))"; + }; + }; + }; + }; + }; + }; +} diff --git a/modules/nixos/client/network.nix b/modules/nixos/client/network.nix index dc85817..c4246b0 100644 --- a/modules/nixos/client/network.nix +++ b/modules/nixos/client/network.nix @@ -99,25 +99,26 @@ in ${wlan1} = { connection = { id = wlan1; - permissions = ""; + # permissions = ""; type = "wifi"; }; ipv4 = { - dns-search = ""; + # dns-search = ""; method = "auto"; }; ipv6 = { addr-gen-mode = "stable-privacy"; - dns-search = ""; + # dns-search = ""; method = "auto"; }; wifi = { - mac-address-blacklist = ""; + # mac-address-blacklist = ""; mode = "infrastructure"; + band = "a"; ssid = wlan1; }; wifi-security = { - auth-alg = "open"; + # auth-alg = "open"; key-mgmt = "wpa-psk"; psk = "$WLAN1_PW"; }; diff --git a/modules/nixos/client/niri.nix b/modules/nixos/client/niri.nix new file mode 100644 index 0000000..2ea4472 --- /dev/null +++ b/modules/nixos/client/niri.nix @@ -0,0 +1,25 @@ +{ lib, config, pkgs, ... }: +let + moduleName = "niri"; +in +{ + options.swarselmodules.${moduleName} = lib.mkEnableOption "${moduleName} settings"; + config = lib.mkIf config.swarselmodules.${moduleName} { + + environment.systemPackages = with pkgs; [ + wl-clipboard + wayland-utils + libsecret + cage + gamescope + xwayland-satellite-unstable + ]; + + niri-flake.cache.enable = true; + + programs.niri = { + enable = true; + package = pkgs.niri-unstable; # the actual niri that will be installed and used + }; + }; +} diff --git a/modules/nixos/client/packages.nix b/modules/nixos/client/packages.nix index d44c15c..ce4d934 100644 --- a/modules/nixos/client/packages.nix +++ b/modules/nixos/client/packages.nix @@ -23,7 +23,6 @@ dbus swaylock-effects syncthingtray-minimal - wl-mirror swayosd # secure boot @@ -48,8 +47,6 @@ # better make for general tasks just - screenshare - fullscreen # keyboards qmk @@ -61,6 +58,7 @@ # kde-connect xdg-desktop-portal + xdg-desktop-portal-gtk xdg-desktop-portal-wlr # bluetooth diff --git a/modules/nixos/client/uwsm.nix b/modules/nixos/client/uwsm.nix index f3138d8..28888f0 100644 --- a/modules/nixos/client/uwsm.nix +++ b/modules/nixos/client/uwsm.nix @@ -13,6 +13,11 @@ in comment = "Sway compositor managed by UWSM"; binPath = "/run/current-system/sw/bin/sway"; }; + niri = { + prettyName = "Niri"; + comment = "Niri compositor managed by UWSM"; + binPath = "/run/current-system/sw/bin/niri-session"; + }; }; }; }; diff --git a/modules/nixos/client/xdg-portal.nix b/modules/nixos/client/xdg-portal.nix index 9da6946..da04970 100644 --- a/modules/nixos/client/xdg-portal.nix +++ b/modules/nixos/client/xdg-portal.nix @@ -4,11 +4,11 @@ config = lib.mkIf config.swarselmodules.xdg-portal { xdg.portal = { enable = true; - config = { - common = { - default = "wlr"; - }; - }; + # config = { + # common = { + # default = "wlr"; + # }; + # }; wlr.enable = true; wlr.settings.screencast = { output_name = "eDP-1"; diff --git a/modules/nixos/common/globals.nix b/modules/nixos/common/globals.nix index 24e3793..c42e7ae 100644 --- a/modules/nixos/common/globals.nix +++ b/modules/nixos/common/globals.nix @@ -39,6 +39,18 @@ in ); }; + hosts = mkOption { + type = types.attrsOf ( + types.submodule { + options = { + ipv4 = mkOption { + type = types.str; + }; + }; + } + ); + }; + domains = { main = mkOption { type = types.str; diff --git a/modules/nixos/common/home-manager-secrets.nix b/modules/nixos/common/home-manager-secrets.nix index 3be77fa..f6299ef 100644 --- a/modules/nixos/common/home-manager-secrets.nix +++ b/modules/nixos/common/home-manager-secrets.nix @@ -24,7 +24,7 @@ in emacs-radicale-pw = { owner = mainUser; }; }); templates = { - authinfo = { + authinfo = lib.mkIf modules.emacs { path = "${homeDir}/.emacs.d/.authinfo"; content = '' machine ${globals.services.radicale.domain} login ${radicaleUser} password ${config.sops.placeholder.emacs-radicale-pw} diff --git a/modules/nixos/common/users.nix b/modules/nixos/common/users.nix index 29d3afb..b04ffd2 100644 --- a/modules/nixos/common/users.nix +++ b/modules/nixos/common/users.nix @@ -12,7 +12,7 @@ in users = { root = { inherit (globals.root) hashedPassword; - shell = pkgs.zsh; + # shell = pkgs.zsh; }; "${config.swarselsystems.mainUser}" = { isNormalUser = true; diff --git a/modules/nixos/optional/work.nix b/modules/nixos/optional/work.nix index 2a1ef16..cd9eebf 100644 --- a/modules/nixos/optional/work.nix +++ b/modules/nixos/optional/work.nix @@ -1,28 +1,9 @@ { self, lib, pkgs, config, configName, ... }: let - inherit (config.swarselsystems) mainUser homeDir xdgDir; + inherit (config.swarselsystems) mainUser homeDir; iwd = config.networking.networkmanager.wifi.backend == "iwd"; owner = mainUser; sopsFile = self + /secrets/work/secrets.yaml; - swarselService = name: description: execStart: { - "${name}" = { - enable = true; - inherit description; - serviceConfig = { - ExecStart = execStart; - User = mainUser; - Group = "users"; - Environment = [ - "PATH=/run/current-system/sw/bin:/etc/profiles/per-user/${mainUser}/bin" - "XDG_RUNTIME_DIR=${xdgDir}" - "WAYLAND_DISPLAY=wayland-1" - ]; - Type = "oneshot"; - StandardOutput = "journal"; - StandardError = "journal"; - }; - }; - }; in { options.swarselmodules.optional.work = lib.mkEnableOption "optional work settings"; @@ -124,6 +105,7 @@ in mac-address = "E8:65:38:52:63:FF"; mac-address-randomization = "1"; mode = "infrastructure"; + band = "a"; ssid = "VBC"; }; wifi-security = { @@ -171,10 +153,6 @@ in }; environment.systemPackages = with pkgs; [ - # (python39.withPackages (ps: with ps; [ - # cryptography - # ])) - # docker stable24_11.python39 qemu packer @@ -228,19 +206,12 @@ in }; udev.extraRules = '' - # share screen when dongle detected - SUBSYSTEM=="usb", ACTION=="add", ATTRS{idVendor}=="343c", ATTRS{idProduct}=="0000", TAG+="systemd", ENV{SYSTEMD_WANTS}="swarsel-screenshare.service" - # lock screen when yubikey removed ACTION=="remove", ENV{PRODUCT}=="3/1050/407/110", RUN+="${pkgs.systemd}/bin/systemctl suspend" ''; }; - systemd.services = lib.mkMerge [ - (swarselService "swarsel-screenshare" "Start screensharing after HDMI dongle is detected" "${pkgs.screenshare}/bin/screenshare -h") - ]; - # cgroups v1 is required for centos7 dockers # specialisation = { # cgroup_v1.configuration = { diff --git a/modules/nixos/server/ankisync.nix b/modules/nixos/server/ankisync.nix index 8f03d14..0447dea 100644 --- a/modules/nixos/server/ankisync.nix +++ b/modules/nixos/server/ankisync.nix @@ -5,6 +5,7 @@ let servicePort = 27701; serviceName = "ankisync"; serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; + serviceAddress = globals.hosts.winters.ipv4; ankiUser = globals.user.name; in @@ -41,7 +42,7 @@ in upstreams = { ${serviceName} = { servers = { - "192.168.1.2:${builtins.toString servicePort}" = { }; + "${serviceAddress}:${builtins.toString servicePort}" = { }; }; }; }; diff --git a/modules/nixos/server/atuin.nix b/modules/nixos/server/atuin.nix index 59714f6..38fe352 100644 --- a/modules/nixos/server/atuin.nix +++ b/modules/nixos/server/atuin.nix @@ -1,8 +1,9 @@ -{ lib, config, ... }: +{ lib, config, globals, ... }: let servicePort = 8888; serviceName = "atuin"; serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; + serviceAddress = globals.hosts.winters.ipv4; in { options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; @@ -23,7 +24,7 @@ in upstreams = { ${serviceName} = { servers = { - "192.168.1.2:${builtins.toString servicePort}" = { }; + "${serviceAddress}:${builtins.toString servicePort}" = { }; }; }; }; diff --git a/modules/nixos/server/firefly-iii.nix b/modules/nixos/server/firefly-iii.nix index 781da1a..37aa48a 100644 --- a/modules/nixos/server/firefly-iii.nix +++ b/modules/nixos/server/firefly-iii.nix @@ -1,10 +1,11 @@ -{ self, lib, config, ... }: +{ self, lib, config, globals, ... }: let servicePort = 80; serviceUser = "firefly-iii"; serviceGroup = serviceUser; serviceName = "firefly-iii"; serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; + serviceAddress = globals.hosts.winters.ipv4; nginxGroup = "nginx"; @@ -81,7 +82,7 @@ in upstreams = { ${serviceName} = { servers = { - "192.168.1.2:${builtins.toString servicePort}" = { }; + "${serviceAddress}:${builtins.toString servicePort}" = { }; }; }; }; diff --git a/modules/nixos/server/forgejo.nix b/modules/nixos/server/forgejo.nix index 949c2e7..886c6aa 100644 --- a/modules/nixos/server/forgejo.nix +++ b/modules/nixos/server/forgejo.nix @@ -7,6 +7,7 @@ let serviceGroup = serviceUser; serviceName = "forgejo"; serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; + serviceAddress = globals.hosts.winters.ipv4; kanidmDomain = globals.services.kanidm.domain; in @@ -132,7 +133,7 @@ in upstreams = { ${serviceName} = { servers = { - "192.168.1.2:${builtins.toString servicePort}" = { }; + "${serviceAddress}:${builtins.toString servicePort}" = { }; }; }; }; diff --git a/modules/nixos/server/freshrss.nix b/modules/nixos/server/freshrss.nix index 7f9362c..8e94add 100644 --- a/modules/nixos/server/freshrss.nix +++ b/modules/nixos/server/freshrss.nix @@ -1,10 +1,11 @@ -{ self, lib, config, ... }: +{ self, lib, config, globals, ... }: let servicePort = 80; serviceName = "freshrss"; serviceUser = "freshrss"; serviceGroup = serviceName; serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; + serviceAddress = globals.hosts.winters.ipv4; inherit (config.swarselsystems) sopsFile; in @@ -77,7 +78,7 @@ in upstreams = { ${serviceName} = { servers = { - "192.168.1.2:${builtins.toString servicePort}" = { }; + "${serviceAddress}:${builtins.toString servicePort}" = { }; }; }; }; diff --git a/modules/nixos/server/immich.nix b/modules/nixos/server/immich.nix index a3e9eee..4a17a23 100644 --- a/modules/nixos/server/immich.nix +++ b/modules/nixos/server/immich.nix @@ -4,6 +4,7 @@ let serviceUser = "immich"; serviceName = "immich"; serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; + serviceAddress = globals.hosts.winters.ipv4; in { options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; @@ -33,7 +34,7 @@ in upstreams = { ${serviceName} = { servers = { - "192.168.1.2:${builtins.toString servicePort}" = { }; + "${serviceAddress}:${builtins.toString servicePort}" = { }; }; }; }; diff --git a/modules/nixos/server/jellyfin.nix b/modules/nixos/server/jellyfin.nix index 296fa76..1b80a0e 100644 --- a/modules/nixos/server/jellyfin.nix +++ b/modules/nixos/server/jellyfin.nix @@ -1,9 +1,10 @@ -{ pkgs, lib, config, ... }: +{ pkgs, lib, config, globals, ... }: let servicePort = 8096; serviceName = "jellyfin"; serviceUser = "jellyfin"; serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; + serviceAddress = globals.hosts.winters.ipv4; in { options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; @@ -37,7 +38,7 @@ in upstreams = { ${serviceName} = { servers = { - "192.168.1.2:${builtins.toString servicePort}" = { }; + "${serviceAddress}:${builtins.toString servicePort}" = { }; }; }; }; diff --git a/modules/nixos/server/jenkins.nix b/modules/nixos/server/jenkins.nix index c9a587e..91d94f0 100644 --- a/modules/nixos/server/jenkins.nix +++ b/modules/nixos/server/jenkins.nix @@ -1,8 +1,9 @@ -{ pkgs, lib, config, ... }: +{ pkgs, lib, config, globals, ... }: let servicePort = 8088; serviceName = "jenkins"; serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; + serviceAddress = globals.hosts.winters.ipv4; in { options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; @@ -21,7 +22,7 @@ in upstreams = { ${serviceName} = { servers = { - "192.168.1.2:${builtins.toString servicePort}" = { }; + "${serviceAddress}:${builtins.toString servicePort}" = { }; }; }; }; diff --git a/modules/nixos/server/kanidm.nix b/modules/nixos/server/kanidm.nix index e9b97cb..3ed5546 100644 --- a/modules/nixos/server/kanidm.nix +++ b/modules/nixos/server/kanidm.nix @@ -8,6 +8,7 @@ let serviceGroup = serviceUser; serviceName = "kanidm"; serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; + serviceAddress = globals.hosts.winters.ipv4; oauth2ProxyDomain = globals.services.oauth2Proxy.domain; immichDomain = globals.services.immich.domain; @@ -237,7 +238,7 @@ in upstreams = { ${serviceName} = { servers = { - "192.168.1.2:${builtins.toString servicePort}" = { }; + "${serviceAddress}:${builtins.toString servicePort}" = { }; }; }; }; diff --git a/modules/nixos/server/kavita.nix b/modules/nixos/server/kavita.nix index e278037..c93be62 100644 --- a/modules/nixos/server/kavita.nix +++ b/modules/nixos/server/kavita.nix @@ -1,4 +1,4 @@ -{ self, lib, config, pkgs, ... }: +{ self, lib, config, pkgs, globals, ... }: let inherit (config.swarselsystems) sopsFile; @@ -6,6 +6,7 @@ let serviceName = "kavita"; serviceUser = "kavita"; serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; + serviceAddress = globals.hosts.winters.ipv4; in { options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; @@ -41,7 +42,7 @@ in upstreams = { ${serviceName} = { servers = { - "192.168.1.2:${builtins.toString servicePort}" = { }; + "${serviceAddress}:${builtins.toString servicePort}" = { }; }; }; }; diff --git a/modules/nixos/server/koillection.nix b/modules/nixos/server/koillection.nix index 3ebb23b..08da2d1 100644 --- a/modules/nixos/server/koillection.nix +++ b/modules/nixos/server/koillection.nix @@ -1,4 +1,4 @@ -{ self, lib, config, ... }: +{ self, lib, config, globals, ... }: let serviceUser = "koillection"; serviceDB = "koillection"; @@ -6,6 +6,7 @@ let servicePort = 2282; serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; serviceDir = "/Vault/data/koillection"; + serviceAddress = globals.hosts.winters.ipv4; postgresUser = config.systemd.services.postgresql.serviceConfig.User; # postgres postgresPort = config.services.postgresql.settings.port; # 5432 @@ -107,7 +108,7 @@ in upstreams = { ${serviceName} = { servers = { - "192.168.1.2:${builtins.toString servicePort}" = { }; + "${serviceAddress}:${builtins.toString servicePort}" = { }; }; }; }; diff --git a/modules/nixos/server/matrix.nix b/modules/nixos/server/matrix.nix index 4f88707..1544331 100644 --- a/modules/nixos/server/matrix.nix +++ b/modules/nixos/server/matrix.nix @@ -1,4 +1,4 @@ -{ lib, config, pkgs, ... }: +{ lib, config, pkgs, globals, ... }: let inherit (config.swarselsystems) sopsFile; @@ -6,6 +6,7 @@ let serviceName = "matrix"; serviceDomain = config.repo.secrets.common.services.domains.matrix; serviceUser = "matrix-synapse"; + serviceAddress = globals.hosts.winters.ipv4; federationPort = 8448; whatsappPort = 29318; @@ -293,7 +294,7 @@ in upstreams = { ${serviceName} = { servers = { - "192.168.1.2:${builtins.toString servicePort}" = { }; + "${serviceAddress}:${builtins.toString servicePort}" = { }; }; }; }; diff --git a/modules/nixos/server/monitoring.nix b/modules/nixos/server/monitoring.nix index 6a35c5c..758e63d 100644 --- a/modules/nixos/server/monitoring.nix +++ b/modules/nixos/server/monitoring.nix @@ -5,6 +5,7 @@ let serviceGroup = serviceUser; serviceName = "grafana"; serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; + serviceAddress = globals.hosts.winters.ipv4; prometheusPort = 9090; prometheusUser = "prometheus"; @@ -209,12 +210,12 @@ in upstreams = { "${grafanaUpstream}" = { servers = { - "192.168.1.2:${builtins.toString servicePort}" = { }; + "${serviceAddress}:${builtins.toString servicePort}" = { }; }; }; "${prometheusUpstream}" = { servers = { - "192.168.1.2:${builtins.toString prometheusPort}" = { }; + "${serviceAddress}:${builtins.toString prometheusPort}" = { }; }; }; }; diff --git a/modules/nixos/server/navidrome.nix b/modules/nixos/server/navidrome.nix index 3d6df90..f66fa14 100644 --- a/modules/nixos/server/navidrome.nix +++ b/modules/nixos/server/navidrome.nix @@ -1,10 +1,11 @@ -{ pkgs, config, lib, ... }: +{ pkgs, config, lib, globals, ... }: let servicePort = 4040; serviceName = "navidrome"; serviceUser = "navidrome"; serviceGroup = serviceUser; serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; + serviceAddress = globals.hosts.winters.ipv4; in { options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; @@ -84,7 +85,7 @@ in upstreams = { ${serviceName} = { servers = { - "192.168.1.2:${builtins.toString servicePort}" = { }; + "${serviceAddress}:${builtins.toString servicePort}" = { }; }; }; }; diff --git a/modules/nixos/server/nextcloud.nix b/modules/nixos/server/nextcloud.nix index 1deeb81..13d671d 100644 --- a/modules/nixos/server/nextcloud.nix +++ b/modules/nixos/server/nextcloud.nix @@ -1,4 +1,4 @@ -{ pkgs, lib, config, ... }: +{ pkgs, lib, config, globals, ... }: let inherit (config.repo.secrets.local.nextcloud) adminuser; inherit (config.swarselsystems) sopsFile; @@ -8,6 +8,7 @@ let serviceGroup = serviceUser; serviceName = "nextcloud"; serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; + serviceAddress = globals.hosts.winters.ipv4; in { options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; @@ -51,7 +52,7 @@ in upstreams = { ${serviceName} = { servers = { - "192.168.1.2:${builtins.toString servicePort}" = { }; + "${serviceAddress}:${builtins.toString servicePort}" = { }; }; }; }; diff --git a/modules/nixos/server/paperless.nix b/modules/nixos/server/paperless.nix index 3172fd9..ca813b1 100644 --- a/modules/nixos/server/paperless.nix +++ b/modules/nixos/server/paperless.nix @@ -7,6 +7,7 @@ let serviceGroup = serviceUser; serviceName = "paperless"; serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; + serviceAddress = globals.hosts.winters.ipv4; tikaPort = 9998; gotenbergPort = 3002; @@ -101,7 +102,7 @@ in upstreams = { ${serviceName} = { servers = { - "192.168.1.2:${builtins.toString servicePort}" = { }; + "${serviceAddress}:${builtins.toString servicePort}" = { }; }; }; }; diff --git a/modules/nixos/server/radicale.nix b/modules/nixos/server/radicale.nix index 2917064..68a940b 100644 --- a/modules/nixos/server/radicale.nix +++ b/modules/nixos/server/radicale.nix @@ -1,4 +1,4 @@ -{ self, lib, config, ... }: +{ self, lib, config, globals, ... }: let sopsFile = self + /secrets/winters/secrets2.yaml; @@ -7,6 +7,7 @@ let serviceUser = "radicale"; serviceGroup = serviceUser; serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; + serviceAddress = globals.hosts.winters.ipv4; cfg = config.services.${serviceName}; in @@ -85,7 +86,7 @@ in upstreams = { ${serviceName} = { servers = { - "192.168.1.2:${builtins.toString servicePort}" = { }; + "${serviceAddress}:${builtins.toString servicePort}" = { }; }; }; }; diff --git a/modules/nixos/server/syncthing.nix b/modules/nixos/server/syncthing.nix index 4bde68b..6d1ac78 100644 --- a/modules/nixos/server/syncthing.nix +++ b/modules/nixos/server/syncthing.nix @@ -1,12 +1,14 @@ -{ lib, config, configName, ... }: +{ lib, config, configName, globals, ... }: let + inherit (config.swarselsystems.syncthing) serviceDomain; + inherit (config.swarselsystems.syncthing) serviceIP; + servicePort = 8384; serviceUser = "syncthing"; serviceGroup = serviceUser; serviceName = "syncthing"; + serviceAddress = globals.hosts.winters.ipv4; specificServiceName = "syncthing-${configName}"; - inherit (config.swarselsystems.syncthing) serviceDomain; - inherit (config.swarselsystems.syncthing) serviceIP; cfg = config.services.${serviceName}; devices = config.swarselsystems.syncthing.syncDevices; @@ -22,7 +24,7 @@ in }; serviceIP = lib.mkOption { type = lib.types.str; - default = "192.168.1.2"; + default = "${serviceAddress}"; }; syncDevices = lib.mkOption { type = lib.types.listOf lib.types.str; diff --git a/nix/globals.nix b/nix/globals.nix index 77d5e01..1b534d3 100644 --- a/nix/globals.nix +++ b/nix/globals.nix @@ -54,6 +54,7 @@ inherit (globalsSystem.config.globals) domains services + hosts user root ; diff --git a/nix/hosts.nix b/nix/hosts.nix index 243219a..7d00c6e 100644 --- a/nix/hosts.nix +++ b/nix/hosts.nix @@ -19,6 +19,7 @@ inputs.stylix.nixosModules.stylix inputs.nswitch-rcm-nix.nixosModules.nswitch-rcm inputs.swarsel-modules.nixosModules.default + inputs.niri-flake.nixosModules.niri "${self}/hosts/nixos/${configName}" "${self}/profiles/nixos" "${self}/modules/nixos" diff --git a/nix/overlays.nix b/nix/overlays.nix index 5559021..5a0fbc4 100644 --- a/nix/overlays.nix +++ b/nix/overlays.nix @@ -24,6 +24,10 @@ in ]; }; + isync = prev.isync.override { + withCyrusSaslXoauth2 = true; + }; + mgba = final.swarsel-mgba; retroarch = prev.retroarch.withCores (cores: with cores; [ @@ -86,6 +90,7 @@ in // (nixpkgs-stable24_05 final prev) // (nixpkgs-stable24_11 final prev) // (zjstatus final prev) + // (inputs.niri-flake.overlays.niri final prev) // (inputs.vbc-nix.overlays.default final prev) // (inputs.nur.overlays.default final prev) // (inputs.emacs-overlay.overlay final prev) diff --git a/pkgs/kanshare/default.nix b/pkgs/kanshare/default.nix new file mode 100644 index 0000000..946ab35 --- /dev/null +++ b/pkgs/kanshare/default.nix @@ -0,0 +1,9 @@ +{ name, writeShellApplication, wlr-randr, busybox, wl-mirror, ... }: + +writeShellApplication { + inherit name; + runtimeInputs = [ wlr-randr busybox wl-mirror ]; + text = '' + wlr-randr | grep "$2" | cut -d" " -f1 | xargs -I{} wl-present mirror "$1" --fullscreen-output {} + ''; +} diff --git a/pkgs/swarselcheck-niri/default.nix b/pkgs/swarselcheck-niri/default.nix new file mode 100644 index 0000000..7504de3 --- /dev/null +++ b/pkgs/swarselcheck-niri/default.nix @@ -0,0 +1,6 @@ +{ self, name, writeShellApplication, kitty, element-desktop, vesktop, spotify-player, jq }: +writeShellApplication { + inherit name; + runtimeInputs = [ kitty element-desktop vesktop spotify-player jq ]; + text = builtins.readFile "${self}/files/scripts/${name}.sh"; +} diff --git a/profiles/home/personal/default.nix b/profiles/home/personal/default.nix index 87dbc5c..8ced7fa 100644 --- a/profiles/home/personal/default.nix +++ b/profiles/home/personal/default.nix @@ -37,6 +37,7 @@ swayosd = lib.mkDefault true; yubikeytouch = lib.mkDefault true; sway = lib.mkDefault true; + niri = lib.mkDefault true; kanshi = lib.mkDefault true; gpgagent = lib.mkDefault true; gammastep = lib.mkDefault true; diff --git a/profiles/nixos/personal/default.nix b/profiles/nixos/personal/default.nix index 3c44f55..08032d1 100644 --- a/profiles/nixos/personal/default.nix +++ b/profiles/nixos/personal/default.nix @@ -26,6 +26,7 @@ networkDevices = lib.mkDefault true; gvfs = lib.mkDefault true; interceptionTools = lib.mkDefault true; + # keyd = lib.mkDefault true; swayosd = lib.mkDefault true; ppd = lib.mkDefault true; yubikey = lib.mkDefault true; @@ -38,6 +39,7 @@ gnome-keyring = lib.mkDefault true; uwsm = lib.mkDefault true; sway = lib.mkDefault true; + niri = lib.mkDefault true; xdg-portal = lib.mkDefault true; distrobox = lib.mkDefault true; appimage = lib.mkDefault true; diff --git a/secrets/general/secrets.yaml b/secrets/general/secrets.yaml index 412f4aa..5e3cd83 100644 --- a/secrets/general/secrets.yaml +++ b/secrets/general/secrets.yaml @@ -4,7 +4,8 @@ address3-token: ENC[AES256_GCM,data:9rotZe4tdPJpdWZMN8UMjksqlA==,iv:gVzLlM6h/+YX address4-token: ENC[AES256_GCM,data:q1z9P0zo8/66HZOVYv2sT1bxGsIrKSQKGcM3ouX8DaE=,iv:KJFPnQoGObsiLGH1WZFdhrg6cuasLBgbZ8sQ2jiFzEc=,tag:koqwVXnA+i27IkGSeEawkQ==,type:str] fever-pw: ENC[AES256_GCM,data:62cQ/mUFMTb63OY=,iv:RCqzwKEi7LdIegibpVe/WlTsREECy4xrqPFNini49Z8=,tag:bfmBEFj3zzmzfk4T7CfPAw==,type:str] main-user-hashed-pw: ENC[AES256_GCM,data:RbXaVuCd8+MTFwwRGK2aJ07clDOOt5msCsEK+384WLdeJz8fjxKJcwIsIUfqlsjKG1Ands9GINlFiCHXPFBRTjnN1ih20t6InA==,iv:pLas4FuJXz5ORvKqZmXyOp9RzKse/vUFOMbw3S1B+Wk=,tag:gkZ2C/Krf53nQiPBVnZ/rw==,type:str] -wlan1-pw: ENC[AES256_GCM,data:UMKfdycQBa8=,iv:w1Cx+Tf4D/e0bXDrV55JieuF1P0fxGYyZVaaULaIfN0=,tag:Bf8mHZC0lpt4petFzgDVMg==,type:str] +#ENC[AES256_GCM,data:O/ceQ4r5sc3YS86n1yQYH40l,iv:Ak2QK9MCIrrT7TRGpyCTEo9e2VsyaeATWjCITqYI+7g=,tag:kcIDdMujWfs2IZIheA82ZQ==,type:comment] +wlan1-pw: ENC[AES256_GCM,data:j6bzXwqUMrZcHV+4ttQE+oZjlC0H0ZWCwGbyRHKZ/DCxsLdtcdeSpQ==,iv:KX+A9xG/FEZW6vHsUvPolwGFvbD+Lhz+G54sbuCQGcc=,tag:r7Pss5DyOa2D4FIks7oz2w==,type:str] wlan2-pw: ENC[AES256_GCM,data:jAcBIgg7HjA=,iv:yPYC1rVeGQPEDuYthba93zz3D1+cypmayNqOiTEx7eI=,tag:vPji0mZwR7rfexDwxww8WQ==,type:str] laptop-hotspot-pw: ENC[AES256_GCM,data:cxWByDxQups=,iv:VyM9lZDbxu95ycpZNjjWEgyBtPbEVlESZPEiIg3G/7U=,tag:nQNRdeNmgplUr2SKzXaECA==,type:str] mobile-hotspot-pw: ENC[AES256_GCM,data:gwIK/rhU/lA=,iv:y9G5haF3w85pdCG8r/jrGGQ3+p6fTS1ugdsF3gVzyog=,tag:3x9LTZzsRsOmxlqnGFyw0g==,type:str] @@ -89,8 +90,8 @@ sops: SjV6L3crUkdLWTlsNFgyRHBla2FFam8KILYsNbLdCirfoC/Vex8yEYpS2G4O0EQP wa1xzPk3Ue0/g67dv5UZFhUn0ZB2XGFC3kEPWpptTj0VL+9Z/r0zKA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-08-05T09:33:50Z" - mac: ENC[AES256_GCM,data:rMtrDQtYsDyNqqVYKY9vg7fDGJjO2zQ+boN3j0dmYKyr5zzbbJAeCxAs3H/rNkgc3ril7sCfyAvP8n9KtYO6xmQuvu3Qgj2oqBiyvolfmYCArT0l7n+ImnNUGnFOfeugYPEIxvhDcEDK6dKiBMlEuyhtJ0hbVfvE4POQZi/jvMM=,iv:imWVUiFAbgzhPN/RNecx2LzCC5MJFg5nAIvGDCN2k0I=,tag:z0P180ZKj5p/g/E38CUjAQ==,type:str] + lastmodified: "2025-08-13T07:33:50Z" + mac: ENC[AES256_GCM,data:7RjYDh/n+j9lU6Sz3NRDi5tWX/7QL+HK43hOImCQkiHbBaO4n/Gms6hAAzkWfHpfbW9cm02mcPsmQLE85xlzD0DaJz2x4CVQ1wT26D5Sth6RP/rWGiVeoN4shncxuR0Ro0gTFFkTLYftJT2v/4LocPxIeEuOyQrX/J45UXUnhh4=,iv:309gb4TVc/uf6DOfPmSuqWTDt2Newi5rrFmBM2O0e+0=,tag:aVU9bVNTiSdeo4DkvUeJpA==,type:str] pgp: - created_at: "2025-07-10T23:51:26Z" enc: |- diff --git a/secrets/moonside/secrets.yaml b/secrets/moonside/secrets.yaml index cc08428..493716d 100644 --- a/secrets/moonside/secrets.yaml +++ b/secrets/moonside/secrets.yaml @@ -1,7 +1,8 @@ #ENC[AES256_GCM,data:HCHFN2Q=,iv:Z3tD7Hn5eudPR9DuX6etamkpNnYB/NRYGppWdyuUDuM=,tag:tbuWEFDmh4HAyksOZOihLw==,type:comment] acme-dns-token: ENC[AES256_GCM,data:lW/XJCHwApvIofSZHL5h7AUPISjARfmDnpSnprDBHQYzj0u5ZlZS5A==,iv:/y3gjgC9AEU3r+l8Uq6P7DAU2C8i+qTQ9DP4t0g8ZhE=,tag:v24WRudw8NB84b3XBFupHQ==,type:str] #ENC[AES256_GCM,data:XdLlonkGBN0b,iv:wimLW/7+a4MJCVg4zazY0ogakxXjdyPNZmZt0CzpXao=,tag:rg7FEi1qaYMkCXX+dwjFLA==,type:comment] -wireguard-private-key: ENC[AES256_GCM,data:GCi+otqW06yoBKnG0WCIN4Wu9VKDsOUv8WRm240cHBnSAoW/ycd2WgDWsYY=,iv:TYj38C00fMIhg8LEGz6HPWxg11xUdwGgnxOmy+1SG9k=,tag:CQr9phCmU5it2EYjzqhAlA==,type:str] +wireguard-private-key: ENC[AES256_GCM,data:aBQSwDyASfVPhU+5/yT9P99DCEfgt4SvhVq/aLe+AUcXwSqMiI2DkM5THO4=,iv:iAW/OUihMXHoQpX8pX+f/mz2nclj+n/ygwYxx7PVxnQ=,tag:zhlxjoIkfa237RoFNblszw==,type:str] +wireguard-home-preshared-key: ENC[AES256_GCM,data:yr4vO9Bn+3PJheJHbeNRHu0ozCkgxCGuKBJnb/3zzHVQAsI7GonXXQxFjBM=,iv:1r9QgfdLkXCtrRS+/2+f251FjHiAm9nf/Zfzu+CYuws=,tag:kWiXCTfj4Rrzhx+SpSp/dg==,type:str] #ENC[AES256_GCM,data:u/O2rHXqOoTNpOSm,iv:hqhZC9R76P3sPkpQMximrvcTC15IM99QaRZErC9AIc4=,tag:wc2w7iwtfazlwWpnQJV63w==,type:comment] oauth2-cookie-secret: ENC[AES256_GCM,data:cbNVAkBAWJCN4fLmkYUFhy8v9iE5fB30hFI3nTpZuVIFCnmXPBtlftI58Zg=,iv:q9xjUDOH9M4pW+9YB9dEYSqEu9gpsezbxcGbpORNljU=,tag:KoGNcssD608huewmHeJOxw==,type:str] kanidm-oauth2-proxy-client: ENC[AES256_GCM,data:wUTfb0r9d7nRb1wmQEOjXwDTM8V56DmOGw==,iv:OMXiObgt4AbKmovT62+P99r0UzGELj37FX+lqW38F0g=,tag:lksIWm0cSLydTZvlxliXgA==,type:str] @@ -24,8 +25,8 @@ sops: bURRem1aY203VW0ya0tZWUY3WTJLQ3MKonflaevgNP91G1cVgzoE6/K800kyG6BK Goe81HCYFfm86pzv5wV3/38j7fTZNeZnKwPFkMgEUueF1kA8J9V5CA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-07-09T13:40:12Z" - mac: ENC[AES256_GCM,data:B1pkubTJuLU1pCprTHtANC58sfgbvjgnDtztF4g7M4cIgj4pasrPGjOXLw5hrRwpYKffuciOogDOJx1/DekpFG0rydc5+R46saCtzGYVBEXWpH+SuaiHGBokTq0zIwnNEDpMpQ2xKTDiv3yKJBNUXOPugEYgDuvmg1wRyZ9iWBY=,iv:ZUij0KY74PEYo2IcCQoFiHFB/uOF6CxyHIpL4yJyFlg=,tag:srWW114VV3oCMjSLG9lVwA==,type:str] + lastmodified: "2025-08-12T09:24:55Z" + mac: ENC[AES256_GCM,data:qeBiuiK/On/NeMpjiCKeIvbQCRH0JcPFldJaTD+nHLtwNU+qpHX4y+dL/jTQrdSWxHV9+E3KmxnakEP91qZnycrSXhwSIIavNtXUP1veuv/JmHOxW6UxpJBJVDeMNe9k2AFQ3gwYEnXrisjvLDkYyqa+E+GsE7b82i3iyerpskY=,iv:jbw0OIJM3vr9SXkdAObc6JS6v4r11s6MPkg33x1sCvU=,tag:/BAMuCJgh78UgOXkTVkN7Q==,type:str] pgp: - created_at: "2025-06-13T21:18:31Z" enc: |- diff --git a/secrets/repo/pii.nix.enc b/secrets/repo/pii.nix.enc index 4a55990..7b97c4e 100644 --- a/secrets/repo/pii.nix.enc +++ b/secrets/repo/pii.nix.enc @@ -1,5 +1,5 @@ { - "data": "ENC[AES256_GCM,data:93ubLQUuSE0QMWwXadiH4HGCTMXFj25AbstjRt7Cvwh/jwpsmNcsnJfv7zBE2bl33ystKzMRHVjbp/IPKI0VSBbPbX5joKr0U9tMOXo+9Nc6Z6wFVSO8x5WjxZnj/8WxJMCmON+8lFvadegPxT1gy8aPtK1HKMDYzZp4wEiKzuJNrmwAA7Ofy5nWj1HVVCL7C2PDC7JUJZWVoNx4PITUIJYzc6F5nSCOz8SmIyHewAyUovFLmdnnRYsmyJOYpe3chXxgO60huQEhvJw0lt+OxGNONhGsYUeMFIsA84hfaqosXCXXVC7R8Z8Xr7EvyKoUiQnTr1iSCXFN4FO6PhhM8KO17BXREAmrqlcA74a+csLLj2iAmJ1mMMT2EuIaC3W5XJO6YsVxb8hCNjP2tUg/RxwhiRXN/elhhmsPyk2Csxx9yYOFR3q7BXgRKLvGHQIQZ+HS/vy4m0qsZyKInsDHahcgqggKxsLeGUzOSKEXmznM9Hu058Mn0+i5NoDitZfZ41JZuEaz6bvP6AqLz7mVMiHzfnR9JuuoqpQyHxlq3OQyQGQHJpl6Wmc1lG/QOgHchHxgDJYkGxUNPiC5Y5hV9XxFaVQ8QzArt/nScC7r4ZI2vcMBWAgb5tPJZkltPzuymmJXe5N3T4y7dKb1PaJnWO1rN1A/qYtB31K+bCsguFuo8S7P4mkdHIhJ0f1+dykHmDIlmeN5wJWZHO+Zg47KH1X8pqOFCiZcE0hFkqzlSiuKWNOMFN8WuVqw/JjUf59AD2WPKsuyshaKxjkCoZXKH89mO/9qOpx7R7vAybJHit6X4PeyKUizEl5lCWSW7HmnQPVy2Z8yc2o/rnO3G1lThqeGwqG4uVrEdQvH8oRCDDm9LjRN7TTo77cdZgVnc2bT8UyFOqLg9r0Ux4+0TuQse2ibiGHERNYU/UKZQBVvz28yG5o7LkpIfqHuo4JHpbF20MLoOzYWDj2A+s0pEWlPT7P0EF9POiuK5TKxPCcjCWtd2IgHiPhatNIMD9ygpvfw8f9wkPBTuPN0yJaXa+JlyXf73K+cmigTOhAyoGRB40QzxeZP2/hexUinNBPwy8r+D07bSP9EJi245yKmaZyNn9fEKjGCY4xJeroPY5jTgs8T74k+6onISXzv37XbqTRLfykdjJ3ttk6R2McnS2h1YwTvlTbw0Wsf9ocWc8qjPz4mggxiDalxemKCabM9pRcepGmbkXdtXQi7G17VxT8Ur8Y0zy/M8bVfwYCmhOq0JqHqJuRbo2nMX0kSXFKwZDeNiwmWF77YJscCW3ZU/k0p6yHzWXwk7jTmUD60Ht+kR0uQSt5LNqNty7i9uo783kMXmHoX7Q3UVPf3wtjRDgOxLPMaTFHWeHWoSpHHmCuxvKRBDt0mg3rvtmeRrTgFXCNIBBwgks65TpMrzj/0Pw7GyqZOHvC7GKJY8kwGssS6X8XRD6gxQqPfNl5REv4yT+Oa+6tG6rD6zkFv0pkJIRm0EXRZ+w0gqUzduTE1n64IS/yBJexgVjkJfJKbRinWk50yzymZYeMEIsutpRAiZZ0nBiGRngl0KzvvUA8ranyRUkKD7m5lS+vfwtsKSI6OixK8hBwypUGqR9vD2qWvQVUjkvltPFMiONoLEC6bt/mNuhQGscFGi6tIkra0PUovk0msJ5SnjFpj1hFTs/QEL2xNHx+9q+7XqddzAn6j4t3UjYhyuf3B2QuZ7au2q+NRdzoGDaXM5eJyvCYSMDmZq0vZ0LK60h44b7T5JnstuO59pr6fGKCoQRYfT0eTp86cWRcPugIh05I0CF82080vQhNXvjYxzzLwjkx9zYBCJk5KDE4Q9nZSLzDRl5IwGysOqqwO5t//CAF4tpsyTE81OSgi1ca/+hbl+ro6wQiWVlMhXObuFf/4+6UtsRouY35tXGlgclpvLMsQfpE5Y7HcLQ3+tlsZncXjG2PGNeGyWHZqsWmJjT5p1D9UVRMFwGxQpQiCE6NaVbHN4rIuD5jEDkM6Z/l8nPFSesU2ddQGi8Xtg3gdP+AFXWiIGEqIKSlG7drJ3WMK2FAgkaYk/zgvFYTK8jMjJBm25baJa0LLKGv3v5mU+w/bXr6CmGM+1GbhM0jnb3LSCsDIFJFpeILWsI7Ej62w/knwNzaHw251fquecbUEUkXkGeBq/izATp6TXHB07RL9BIMDaOlrSI3Pb/ej77MjcNkvZMfSJdDL+O/Ob5JgPQYp+tyubipLNaAxnlNlKvEzm5KSacHIXyDHUpYzsx84J6x65i2AbrtmJ1O2ontwOY2vlrSEQgduDuTZm48D2BBCZZ7TTAP2E+yD1GllGlSZY69TQSKF08gFbrSf+Jj+AXKOrQQerXc47hFAMPFScTH0rtN1zsM9pV0d/5zhkFePatL8Ztoa8uJUCVpJxu2z+h8BedIDfhXtijCxEmOKc+9iLokTyWupk/uCQyLqJO+cqYqf6T4Rf4S9XmlkPELGPSRwpOjSDhlKyWf72sbvokgIQ6G/TRQIGlOMlmTn60j0Mf6kWmL3hx6LWVN7kH4TpHmryWy2s0pgKEiqNihvoM3IR9NhM4cv2RTbY6NG3x5ql3Y8A9Aoor9tuS4IDCDb8n/TZ63CxSui+c7qGLCdg0znUlWv2XvTOTjleCHgukMbUqDqXphE3/vwMePJ/uXA3PBZ8gWCuOhsa5FU9ABi17h37XKhZG6Vys6iw2EWN3VbIEsdjjVPBDNCluy7eoEJGNKATS4Y6/5bhXUBtYOYI2WvoJCdR35WR0grkDsV7AaGdKGg/slKByWXmyOw2Rrj0siz0SC/42DhwDB46dL+0EZpL+pnBv/pT/PcMJ/hrp1blgdgXgRSH56cLHQhmX6SdZT55DSCW6BKfSDSAH9fVuSAVzdqBgjMhzQ3ar94UjTCkSXVu0NspZm2BKQprsgnAbUz192/phZ+jrVkcIb+iq6+HgJ3BYT+ByKR3e4AoBN6HvANYjXOgLe3iExeo7QIgdDWyXZH8mxOz4j/BPN8EjsHrk7FazgrID5oJSHDDBJ36hKoAvjCSsMHveWrbBwS00hGIpgGX5EaCaeTE/6UYZ0DF56M8/pa4L3khyDs/sXUCsJEoxQcvMkt2IFAnoKXpkWPND8iLFt0DSq7ov9+rKjXpgeH0K/DIj0Qfkwk66EusEUtwux4EYTofwcyorlpgA5RXzAZB5jroqmcL5I79uZ/oLyoBjulS4nEcKQihcSEozRVSSiQlKHsb0DWOKovUlwdBossAQUXcrShAhkfddc3iqIonpFDJYw6np9HwZ+QSOXNaEkRtucW+J0I6YSTHnRF64GARGpvF9DXlpbhfONm96mgTpkCkO2NekNP2nuvWnIs+MDmD8BZd2o2hLPo1Hmr+2n0Gkvd5DJAemfggTrEZ8YuaMnQbhwOKJ79Vu4N7mmhghDjuHi55hnzZDEUXgeyJ/rQTsiD4V29kOnPvoMBNRGSD74LPptOceXw1HqoOyMI+wDXHTj00Elr33rTEJ0lfcFvtW8EgvU85mCHP1/TC5Ms2jKAUvVBGSC7CGkwx7O0mSCujU+BYTD/1r1a2KdGyhvU5xVcMp0RMm7y25I+5ckWJUzrN2A3wO3ANJZ0PE6qk49316/XDyK0xn2C1EvFxT7nl/e/KTmCUBm/8Bx0suiAand4PhCbuMT8IcENCBEglwg0aEYTo2HkKmJFOkPzVjW0VAyXR4/NYjt0lAIGN7AsBVo+Wp2N3O+67eqA+wjMFV/6pAc8u0Pla7NfzCiM9hcgWH0+fKD+DJSiRU536gucBA0vXMWzjEzy6Hy2cn3j7fm6Q6B1MjVHzAmZqElPm3frGxv7eOTJzKS+YhqzPkBuF5wa0MUskmFd4aHt/zchSlMD183A3CmPxV7lwM+d0q0O7OoB8uH4AyM4DnkTvBP+jDxlEaVP85dbX0EHexmTLGweH2QL5W2stLNxGGPjROIMJRUz1yc=,iv:sTMh997U5saMDn6pvEmSjEv9czye1NhMPJOwrcb/JHs=,tag:56yLcBmZ0bu89cBTYHEFuw==,type:str]", + "data": "ENC[AES256_GCM,data:FhYNSJHNQXIEH0R0mf0ZNV5Tqz8PydVeYyf5aLMSobSjw59UxY1Hqa9nLd851Ma28TiM+deXbqPfB960XtsLlI3YfV+LP3ZD8sWyQXIyv5Tty0ed46Q5hCa5DRPlviYtHcjMTjXvJWxjy+UpAQd4JKCMb+pafUEpgfCHalqUyuDyZ/WV9A9nDoz3b0YpMiynflXUBuXOAUq2ccQvR1Od1h3iWk/RiN774HlIH+10VH3vNb1UqWd/dgRR3aYUeMfnN+zu/L+RXrVokxo0LLP9JEN6Qqp6iwIAddw3CKXmM1xR14+6UO2WNkYdr/wWadgdMVjFkFFtcGAfWWBuAkcuXjUURzL4tXpLoUjQFNwlBGdw7JrMd14zs1L68daJGBpB/8SY2i3+axsz2JsUXea+S1/V0Dz0fCQVA66j6WrqgeJrpLF1nd/9OUQyWDvzz6q73t16bZMiODUGQ2pxOaiC9/kv76b+KkpIvHBYJDynijOVmrTIs5bLnrNzHB1UWxBzXJFyI5ytcYS+HjLB667PwCTN780sDoJIpbU5EY8Xlm6cv4VO0dgAnipwWbBeakTyCf4kecfH/QplyxzqcVI3aYjrOvbTpTzIaUjBepcKfmB62WtZlWrxiVKgFN/PNhoeYIWa0b0ataRNX3OA9U0qADBG737uAgogOk9VLhVIuAPe6RVbQiZBqYV55Rs78I0RHkVn7FjqoZVr0KLo5fRiDcQjQwnd2dEHfyhrYKh0Avch5tfU5auyi8VHJ+DCFaaIHS0wY25cAbAakgMxaw92X9/s376VwVL284ffXJNLxP09nDl1EIFb+9qGCjOaBo0RArLeQ5IN4BI46y+7Trifgz77A8x7lohZJiNsAqdWFOPWTQtdDnXMbtR6PFBLuaKQzAuJzHO69ymfd8LwaftkhKfh0ej9LH+OrjX31ce8hoczTltMkoVmOCq3t0npMg8+mGfKtqnmi5aHWPX0ziPA186DYm01EdCcqpT2Nm8C9sEVuvQyCbQd2tEEXRMIAUcr6DQvK9M6sV6dWjURQXqhtPLftkIhO5GsuuOU4HQYraUfhZAhCGvI46EaO0fPwTgkP8HS16tcDUg23uiEzoIc/Oh3c8aEepXH3rEXZmp10Murv6zrhjZjMqt/ZuQchgivbzmOhw5s1BT4wEk5nJ6C070AJPpPq48Zpu6imb5qsm3NLfwmg/BkVv+tqakBTg6GD4abxsi2e2jeEGObyc5OnIgvlCSRG8xA5b8mjV17oOV5/yHmU9jbeul3yVaF2qcieuZ5YZz6qXEAgla2hxZ1dzyv6BHMj0hbQfF+utA40zuODu5XhzCKdYx5RPMqFe7zIDLHQeAb9jpcpgljMgrkcO6uLrZwZpaoUi8S2AmW/y5+8E/f/TTucit1cSo8QLa8W7ISj363wpsy80Emm3YdtJVnJVquLkLq5SllXmrzwQDMST7O4XmCVGkVP2W18lFDIfdYEikOGdQ13wYSkS/vksZ/2CkOhOAFBpydTZ1nVwryxsSwUQs9602u632Mw0JaspYTHwF1AHqXY/vu4TTamnU+UxngbI6HMQyFk9YXgh9yqR1E4nzWi+FRjYs8o/IU1Yyg0LUnQV44NJaUT7g1QU7V2oBMM7zBQhbum9MB4qgo4X5YcnZRBilfQ5qVc+GvGYbBNLizUe12+Jia3OAjE6LJh8ibp8NtxNmbIFsIyYOR6I3WhAhhVG0qzD9IMKy0gqFqebY3Ht2s5C+OaTrFp+VWW9nm90PxqZWkuvjQmfrPrykIX5C6NlMzQfehSHyIpz//pAvL7HkJRLE71QsqKjqDxx70Ar/aPf0+jRawW+QuYiH1DYpIk20oQdOq3QckYnA2ElfLNVYmpQSmVNAUmqIduJ2Swf4MXrPecbmuq+iCzvVaEUvlwkzxQEGPbykudqYSRbrFVuf8c3DX5oVeA7A3Pvd2AOvZn9VNdsnO10ppuYVe2CU/a+spj7hp4wt9+ofJoOULSDKb4sUU//63SW23grgueU4RyGsEzFJhq96QY6s/Xa/aqCifFrBhuHRWWpvccH59FmDI1tKC0yFqAhTav/tjO9mGT//7/Y+KBeYIKl4rcu6uqhMvC0/Mq+TaGLJBWY2ElsptJxiLhHigu2lmnIDFTLV3wJHmx3ngWKnzFeDtW0f27BieUCnhpK1BNLoI8hLR5aUJ0/jE4YdjCU2Ff4BxmxRBxNiLTpVtfhSyKAJtzNsc+VsK3ZETL4VpW09I3sFTebgjLv7fcMD0WlwXq9gcV/qrsJKS5v8iUBLQ4TVUqT9XoLpFzHFfTd4VdZZcj+zeUMVkSfGFKt96fxpy2XVzlGKg0fZ3xXQC2uAz3jqHWkTcK3nu2fX1Aj7UjNxSpmjRRKf3N8tm3rjK+XR8ekr24/KSTYpyFftUlKQ6L9Mv1RB67mU4cr2eaRRHxuwwMzRluAjnkkiN/B6j0Rmm/yi/pri7qfqzodY5EUnaSQYlOg0peG2mIpGnY/+Wz8XeIYxN4ocpk/0J4AQ7XyCU8GBY34TKRg5PO/dm+4pDI+rNDtV8kXjDV6+qmek/NmBGz2/oZIg0EQ4+MrQQ6TokclAIgsA8b4wq0efQLNF45zngdhdgsV+OI17Dgmu4NeNZYSGB+CRNWSVg5rcyj+oZdw8AKPvkZwE/A/20oGjC9QrhhsSOI/KH5fqttyHXjXkmk5BpDevCCRf7MRZDpY6FtUo+ce7nA11MIKez5aIlo+cekJAGjZlOV4n+ACkjEIRv6a7nVAVEMiQMEKmB+BPEZUN/iMPUc807SoDzFNcxPXyrAExDYS/Jjo7syBC409laFHO2AQ9h1hsaxcKIChRF2brNjVT6M05WeihBb/1G0MYcX94h8IV2ipqRUaQ3eSc2fI/5UoNV2vlPkXcsOT2pWADdDc6hctf4Fk0Rg6zzuZtIeod3bSEpGkIZkKz2S1wrSW+yttEntX/vhKKCb0kV3nVt+ez0TIRRbYfQPgPdJ0Ly31oap6DdhTcILrTXjDmwMVsmF0WQcQkBy+nI+2aI3HxISXS/D9asUp3zQ/eysx7t+cTjtCePvK/654EGDCFSY5P7YBjUr5ylzqIa5HHfb51eRM2xxEz8PLIQeO76NMFMGEbkYtDWEEgznvMM4J9nVoWte2WhiBX507f6O8RhYILqfZvoosw61LfMryTn1jCJ36GJZfuFwvX2UPRV3ORcBVDokhlxrrdFvetg53RgdFpu6vu0mitpk730LbQ3Y+V/9NCe7X8vXo0VV2Pw2M/x4n22cJN34K7Y7FC/dyQsaHm74bZBiFqGfZxhMl0vGa/TK9YMx396SSbtJuCwsVdHg7zqeehA5rkmZPnpsVMYWejOVyEUjac6ydDbd3xvAjWZWPnyBYd3yGWiOvU3AuMBVjtkocVKw+d8Z9hzGQdVricg8bPOc6SeN67MiVPtmwHFuZNxYL60AhmKyQ3jdnFDjlH1ByBTIjqlXdHHUX+0UG9mlUBnyQ3HVOTEoS7JiWuEl9nxWr2OqAbafHCx2+tJcw+ulvDXtcQKuNspxbP0g+VCTsNDQBRLQ2RdB7RZi10BH24nlplonVtC26w/3SkGMTTk7qFbDSYsemmJ4Kzm4gp7ecrRua/1AoW9kQyFB6WL0pe2YJyknlLnesltmKgUAHV8FKEH+0QRHgUdEwlufZTUwgy/ctsDpnDSVwtv38oxyIg3F/NwgTfQIIyiwd/+TVHRIP+9BPhsB2fRFI4/6X8QzU67iWJne6sMACwSGZriwvzzFpJxKwhgzFMLmB1GApNb1dy910v03LJh30lOkUVnUi6daVZvrYBSgd3R8sovibaBXXg3RvjkWRLuRrnl3sxTiqXQzHKI4ovfZdFGX/Hs6zl00XBcYesug2xCxvcHNtgQYNXF7ZG5Iu9zTbpa7zd/60cf/wduxfHxkbQWEMBGSqYq0aMqfoS+YrBVYKyqn48Zduxc1+nGeeWHoiDWzodo0mH6HFQyrU77mqbKu/BZOidEyS6AnWBHNA2+dw/ch8CTGIlT7OGpluPaa3KwumPuGxM=,iv:BSs/FJQlMeQMcZjWmwAB8gSLAXp4iCvLcm1m5lm0L+o=,tag:0FuDBrYNlpA+55lccvkdsA==,type:str]", "sops": { "age": [ { @@ -27,8 +27,8 @@ "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtU240VjVRZmJ5TGsrclJF\nRXRLbTRCZURtR0Z3d2E2eDNNeGRDODlXVEY4CllTeVFYbDJQWlRSS1RFLzAxSnlM\nZi9NU1c3cWo3YWRLcUJ2U2ZFWFBBVEEKLS0tIGtmZU9qSWdBT3RDeStaaFFDSWtk\ndkUzZXJwZUl4LzVxYXdidmxXRnNnclUKyAMZqCKSY/RQvTR4bbjLaPnGKwdBcHXc\nvtiVSrLdIdzMa6id/J07TJH5UesUmcp0wjU41MDa4aMBLy+cXhuBHA==\n-----END AGE ENCRYPTED FILE-----\n" } ], - "lastmodified": "2025-07-22T05:18:26Z", - "mac": "ENC[AES256_GCM,data:lxQFZ8hWrBepjVzeaBrHS4SpkwQzXyEvJu6fclWAvEby1w+eG7kMR3quHzD/F6zPoT3jLdFM3fSIhjVOSslSnut0pTtselvco23YtbYzEz1JK/mTGW6IytGQvZVH1HGM3lwHJ9G7jLPRUq5CBQr4zULtqZBO4rK+f9YnFChhPyY=,iv:DsgxvDPHWv8qHqYB3RXiVmZcZfdxI6iUFABHj2iE0Bg=,tag:KK0RYpLgyzVSQPYIr4DLTQ==,type:str]", + "lastmodified": "2025-08-12T08:32:44Z", + "mac": "ENC[AES256_GCM,data:dSoqNCOKIhI8EdM6p+fCqNvmJorGQBmHDqXq04oHAg4q2pxoD2+C/HoNdp0+Bqo9jAqpb2oZ9ipjMIGzLbmJByaocYICsA5VnG4HjLoFbH9J1eNMjdId2411zmzTWH/afibhMIugZSsd4iEG+l2iq9r4yVgu27DOoT3haa0p7wg=,iv:Kte/K25/oVGOnT0a/0PZzrDwekgeItalyDJQvirez7g=,tag:z6PH9NaQ5PaxW5tD1f4wGw==,type:str]", "pgp": [ { "created_at": "2025-06-13T20:13:06Z",