From 30c7d8c1c246d615ba8717c06dfdee868b444e99 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leon=20Schwarz=C3=A4ugl?= Date: Wed, 25 Mar 2026 13:46:42 +0100 Subject: [PATCH 1/3] feat[work]: improve presentation mode --- SwarselSystems.org | 301 +++++++++++++++++++++++++++++++------------- files/emacs/init.el | 195 ++++++++++++++++++++++------ 2 files changed, 369 insertions(+), 127 deletions(-) diff --git a/SwarselSystems.org b/SwarselSystems.org index ea4c228..d7c3fc2 100644 --- a/SwarselSystems.org +++ b/SwarselSystems.org @@ -33620,104 +33620,225 @@ When holding presentations, I think it is important to not have too many distrac #+begin_src emacs-lisp - (use-package org-present - :bind (:map org-present-mode-keymap - ("q" . org-present-quit) - ("" . swarsel/org-present-prev) - ("" . 'ignore) - ("" . 'ignore) - ("" . swarsel/org-present-next)) - :hook ((org-present-mode . swarsel/org-present-start) - (org-present-mode-quit . swarsel/org-present-end)) - :config - (add-hook 'org-present-after-navigate-functions #'swarsel/org-present-slide) - ) + (use-package org-present + :bind (:map org-present-mode-keymap + ("q" . org-present-quit) + ("" . swarsel/org-present-prev) + ("<​up>" . 'ignore) + ("<​down>" . 'ignore) + ("" . swarsel/org-present-next)) + :hook ((org-present-mode . swarsel/org-present-start) + (org-present-mode-quit . swarsel/org-present-end)) + :config + (add-hook 'org-present-after-navigate-functions #'swarsel/org-present-slide) + (setq org-present-startup-folded t) + ) - (use-package hide-mode-line) + (use-package hide-mode-line) - (defun swarsel/org-present-start () - (setq-local face-remapping-alist '((default (:height 1.5) variable-pitch) - (header-line (:height 4.0) variable-pitch) - (org-document-title (:height 1.75) org-document-title) - (org-code (:height 1.2) org-code) - (org-verbatim (:height 1.0) org-verbatim) - (org-quote (:height 1.0) org-quote) - (org-verse (:height 1.0) org-verse) - (org-table (:height 0.8) org-table) - (org-block (:height 1.25) org-block) - (org-block-begin-line (:height 0.7) org-block) - )) - (dolist (face '((org-level-1 . 1.1) - (org-level-2 . 1.2) - (org-level-3 . 1.2) - (org-level-4 . 1.2) - (org-level-5 . 1.2) - (org-level-6 . 1.2) - (org-level-7 . 1.2) - (org-level-8 . 1.2))) - (set-face-attribute (car face) nil :font swarsel/variable-font :weight 'medium :height (cdr face))) + (defun swarsel/org-reveal-at-point () + "Reveal the org entry at point if it is a heading." + (when (and (derived-mode-p 'org-mode) + (org-at-heading-p)) + (org-show-entry) + (org-show-children))) - (setq header-line-format " ") - (setq visual-fill-column-width 90) - (setq indicate-buffer-boundaries nil) - (setq inhibit-message nil) - ;; (breadcrumb-mode 0) - (org-display-inline-images) - (global-hl-line-mode 0) - ;; (display-line-numbers-mode 0) - (org-modern-mode 0) - (evil-insert-state 1) - (beginning-of-buffer) - (org-present-read-only) - ;; (org-present-hide-cursor) - (swarsel/org-present-slide) - ) + (defun swarsel/org-present-maybe-read-only () + "Toggle read-only based on whether cursor is inside a src block." + (if (org-in-src-block-p) + (when buffer-read-only + (org-present-read-write) + (evil-insert-state 1)) + (unless buffer-read-only + (org-present-read-only) + (evil-insert-state 1)))) - (defun swarsel/org-present-end () - (setq-local face-remapping-alist '((default variable-pitch default))) - (dolist (face '((org-level-1 . 1.1) - (org-level-2 . 0.9) - (org-level-3 . 0.9) - (org-level-4 . 0.9) - (org-level-5 . 0.9) - (org-level-6 . 0.9) - (org-level-7 . 0.9) - (org-level-8 . 0.9))) - (set-face-attribute (car face) nil :font swarsel/variable-font :weight 'medium :height (cdr face))) - (setq header-line-format nil) - (setq visual-fill-column-width 150) - (setq indicate-buffer-boundaries t) - (setq inhibit-message nil) - ;; (breadcrumb-mode 1) - (global-hl-line-mode 1) - ;; (display-line-numbers-mode 1) - (org-remove-inline-images) - (org-modern-mode 1) - (evil-normal-state 1) - ;; (org-present-show-cursor) - ) - (defun swarsel/org-present-slide () - (org-overview) - (org-show-entry) - (org-show-children) - ) + (defun swarsel/org-present-narrow (orig-fn &rest args) + (cl-letf (((symbol-function 'show-all) #'ignore)) + (apply orig-fn args)) + (org-overview) + (org-show-entry)) - (defun swarsel/org-present-prev () - (interactive) - (org-present-prev) - (swarsel/org-present-slide)) + (advice-add 'org-present-narrow :around #'swarsel/org-present-narrow) - (defun swarsel/org-present-next () - (interactive) - (unless (eobp) - (org-next-visible-heading 1) - (org-fold-show-entry)) - (when (eobp) - (org-present-next) - (swarsel/org-present-slide) - )) + (defun swarsel/org-present-start () + (setq-local face-remapping-alist `((default (:height 1.5) variable-pitch) + (header-line (:height 4.0) variable-pitch) + (org-document-title (:height 1.75) org-document-title) + (org-code (:height 1.2) org-code) + (org-verbatim (:height 1.0) org-verbatim) + (org-quote (:height 1.0) org-quote) + (org-verse (:height 1.0) org-verse) + (org-table (:family ,swarsel/fixed-font :weight regular :height 1.2) org-table) + (org-block (:height 1.25) org-block) + (org-link (:underline nil) org-link) + (org-block-begin-line (:height 0.7) org-block) + )) + + (setq header-line-format " ") + (setq visual-fill-column-width 150) + (setq indicate-buffer-boundaries nil) + (setq inhibit-message nil) + (setq org-babel-eval-error-notify t) + ;; (breadcrumb-mode 0) + (org-display-inline-images) + (global-hl-line-mode 0) + ;; (display-line-numbers-mode 0) + ;; (org-modern-mode 0) + (evil-insert-state 1) + (org-present-read-only) + ;; (org-present-hide-cursor) + (org-overview) ; fold everything on start + (add-hook 'post-command-hook #'swarsel/org-reveal-at-point nil t) + (add-hook 'post-command-hook #'swarsel/org-present-maybe-read-only nil t) + ) + + (defun swarsel/org-present-end () + (setq-local face-remapping-alist `((org-verbatim (:family ,swarsel/fixed-font :weight regular) + org-verbatim) + (org-table (:family ,swarsel/fixed-font :weight regular) org-table) + (org-meta-line (:family ,swarsel/fixed-font :weight regular) org-meta-line) + (org-formula (:family ,swarsel/fixed-font :weight regular) org-formula) + (org-checkbox (:family ,swarsel/fixed-font :weight regular) org-checkbox) + (org-latex-and-related (:family ,swarsel/fixed-font :weight regular) + org-latex-and-related) + (org-indent (:family ,swarsel/fixed-font :weight regular) org-indent) + (org-code (:family ,swarsel/fixed-font :weight regular) org-code) + (org-document-info-keyword (:family ,swarsel/fixed-font :weight regular) + org-document-info-keyword) + (org-block-end-line (:family ,swarsel/fixed-font :weight regular) org-block-end-line) + (org-block-begin-line (:family ,swarsel/fixed-font :weight regular) + org-block-begin-line) + (org-block (:family ,swarsel/fixed-font :weight regular) org-block) + (mu4e-compose-header-face (:family ,swarsel/fixed-font :weight regular) + mu4e-compose-header-face) + (mu4e-compose-separator-face (:family ,swarsel/fixed-font :weight regular) + mu4e-compose-separator-face) + (mu4e-contact-face (:family ,swarsel/fixed-font :weight regular) mu4e-contact-face) + (mu4e-link-face (:family ,swarsel/fixed-font :weight regular) mu4e-link-face) + (mu4e-header-value-face (:family ,swarsel/fixed-font :weight regular) + mu4e-header-value-face) + (mu4e-header-key-face (:family ,swarsel/fixed-font :weight regular) + mu4e-header-key-face) + (message-header-other (:family ,swarsel/fixed-font :weight regular) + message-header-other) + (message-header-subject (:family ,swarsel/fixed-font :weight regular) + message-header-subject) + (message-header-xheader (:family ,swarsel/fixed-font :weight regular) + message-header-xheader) + (message-header-newsgroups (:family ,swarsel/fixed-font :weight regular) + message-header-newsgroups) + (message-header-cc (:family ,swarsel/fixed-font :weight regular) message-header-cc) + (message-header-to (:family ,swarsel/fixed-font :weight regular) message-header-to) + (message-header-name (:family ,swarsel/fixed-font :weight regular) + message-header-name) + (markdown-math-face (:family ,swarsel/fixed-font :weight regular) markdown-math-face) + (markdown-language-keyword-face (:family ,swarsel/fixed-font :weight regular) + markdown-language-keyword-face) + (markdown-language-info-face (:family ,swarsel/fixed-font :weight regular) + markdown-language-info-face) + (markdown-inline-code-face (:family ,swarsel/fixed-font :weight regular) + markdown-inline-code-face) + (markdown-gfm-checkbox-face (:family ,swarsel/fixed-font :weight regular) + markdown-gfm-checkbox-face) + (markdown-code-face (:family ,swarsel/fixed-font :weight regular) markdown-code-face) + (line-number-minor-tick (:family ,swarsel/fixed-font :weight regular) + line-number-minor-tick) + (line-number-major-tick (:family ,swarsel/fixed-font :weight regular) + line-number-major-tick) + (line-number-current-line (:family ,swarsel/fixed-font :weight regular) + line-number-current-line) + (line-number (:family ,swarsel/fixed-font :weight regular) line-number) + (font-lock-variable-name-face (:family ,swarsel/fixed-font :weight regular) + font-lock-variable-name-face) + (font-lock-type-face (:family ,swarsel/fixed-font :weight regular) + font-lock-type-face) + (font-lock-string-face (:family ,swarsel/fixed-font :weight regular) + font-lock-string-face) + (font-lock-regexp-grouping-construct (:family ,swarsel/fixed-font :weight regular) + font-lock-regexp-grouping-construct) + (font-lock-regexp-grouping-backslash (:family ,swarsel/fixed-font :weight regular) + font-lock-regexp-grouping-backslash) + (font-lock-preprocessor-face (:family ,swarsel/fixed-font :weight regular) + font-lock-preprocessor-face) + (font-lock-negation-char-face (:family ,swarsel/fixed-font :weight regular) + font-lock-negation-char-face) + (font-lock-keyword-face (:family ,swarsel/fixed-font :weight regular) + font-lock-keyword-face) + (font-lock-function-name-face (:family ,swarsel/fixed-font :weight regular) + font-lock-function-name-face) + (font-lock-doc-face (:family ,swarsel/fixed-font :weight regular) font-lock-doc-face) + (font-lock-constant-face (:family ,swarsel/fixed-font :weight regular) + font-lock-constant-face) + (font-lock-comment-delimiter-face (:family ,swarsel/fixed-font :weight regular) + font-lock-comment-delimiter-face) + (font-lock-builtin-face (:family ,swarsel/fixed-font :weight regular) + font-lock-builtin-face) + (font-latex-sectioning-5-face (:family ,swarsel/fixed-font :weight regular) + font-latex-sectioning-5-face) + (font-latex-warning-face (:family ,swarsel/fixed-font :weight regular) + font-latex-warning-face) + (font-latex-sedate-face (:family ,swarsel/fixed-font :weight regular) + font-latex-sedate-face) + (font-latex-math-face (:family ,swarsel/fixed-font :weight regular) + font-latex-math-face) + (diff-removed (:family ,swarsel/fixed-font :weight regular) diff-removed) + (diff-hunk-header (:family ,swarsel/fixed-font :weight regular) diff-hunk-header) + (diff-header (:family ,swarsel/fixed-font :weight regular) diff-header) + (diff-function (:family ,swarsel/fixed-font :weight regular) diff-function) + (diff-file-header (:family ,swarsel/fixed-font :weight regular) diff-file-header) + (diff-context (:family ,swarsel/fixed-font :weight regular) diff-context) + (diff-added (:family ,swarsel/fixed-font :weight regular) diff-added) + (default (:family "Sans Serif" :weight light) variable-pitch default) + )) + (setq header-line-format nil) + (setq visual-fill-column-width 150) + (setq indicate-buffer-boundaries t) + (setq inhibit-message nil) + (setq org-babel-no-eval-on-error nil) + ;; (breadcrumb-mode 1) + (global-hl-line-mode 1) + ;; (display-line-numbers-mode 1) + (org-remove-inline-images) + ;; (org-modern-mode 1) + (evil-normal-state 1) + ;; (org-present-show-cursor) + (remove-hook 'post-command-hook #'swarsel/org-reveal-at-point t) + (remove-hook 'post-command-hook #'swarsel/org-present-maybe-read-only t) + ) + + (defun swarsel/org-present-slide-open () + (org-overview) + (org-show-entry) + (org-show-children) + ) + + (defun swarsel/org-present-prev () + (interactive) + (beginning-of-buffer) + (org-present-prev) + (swarsel/org-present-slide-open) + ) + + (defun swarsel/org-present-next () + (interactive) + (let* ((next-heading (save-excursion + (when (outline-next-heading) (point)))) + (next-block (save-excursion + (when (re-search-forward "^#\\+begin_src" nil t) + (match-beginning 0)))) + (target (cond + ((and next-heading next-block) (min next-heading next-block)) + (next-heading next-heading) + (next-block next-block) + (t nil)))) + (if (and target (< target (point-max))) + (progn + (goto-char target) + (org-fold-show-entry)) + (org-present-next)))) #+end_src diff --git a/files/emacs/init.el b/files/emacs/init.el index b412785..9846b5b 100644 --- a/files/emacs/init.el +++ b/files/emacs/init.el @@ -1032,81 +1032,192 @@ create a new one." :bind (:map org-present-mode-keymap ("q" . org-present-quit) ("" . swarsel/org-present-prev) - ("" . 'ignore) - ("" . 'ignore) + ("<​up>" . 'ignore) + ("<​down>" . 'ignore) ("" . swarsel/org-present-next)) :hook ((org-present-mode . swarsel/org-present-start) (org-present-mode-quit . swarsel/org-present-end)) :config (add-hook 'org-present-after-navigate-functions #'swarsel/org-present-slide) + (setq org-present-startup-folded t) ) (use-package hide-mode-line) +(defun swarsel/org-reveal-at-point () + "Reveal the org entry at point if it is a heading." + (when (and (derived-mode-p 'org-mode) + (org-at-heading-p)) + (org-show-entry) + (org-show-children))) + +(defun swarsel/org-present-maybe-read-only () + "Toggle read-only based on whether cursor is inside a src block." + (if (org-in-src-block-p) + (when buffer-read-only + (org-present-read-write) + (evil-insert-state 1)) + (unless buffer-read-only + (org-present-read-only) + (evil-insert-state 1)))) + + +(defun swarsel/org-present-narrow (orig-fn &rest args) + (cl-letf (((symbol-function 'show-all) #'ignore)) + (apply orig-fn args)) + (org-overview) + (org-show-entry)) + +(advice-add 'org-present-narrow :around #'swarsel/org-present-narrow) + (defun swarsel/org-present-start () - (setq-local face-remapping-alist '((default (:height 1.5) variable-pitch) + (setq-local face-remapping-alist `((default (:height 1.5) variable-pitch) (header-line (:height 4.0) variable-pitch) (org-document-title (:height 1.75) org-document-title) (org-code (:height 1.2) org-code) (org-verbatim (:height 1.0) org-verbatim) (org-quote (:height 1.0) org-quote) (org-verse (:height 1.0) org-verse) - (org-table (:height 0.8) org-table) + (org-table (:family ,swarsel/fixed-font :weight regular :height 1.2) org-table) (org-block (:height 1.25) org-block) + (org-link (:underline nil) org-link) (org-block-begin-line (:height 0.7) org-block) )) - (dolist (face '((org-level-1 . 1.1) - (org-level-2 . 1.2) - (org-level-3 . 1.2) - (org-level-4 . 1.2) - (org-level-5 . 1.2) - (org-level-6 . 1.2) - (org-level-7 . 1.2) - (org-level-8 . 1.2))) - (set-face-attribute (car face) nil :font swarsel/variable-font :weight 'medium :height (cdr face))) (setq header-line-format " ") - (setq visual-fill-column-width 90) + (setq visual-fill-column-width 150) (setq indicate-buffer-boundaries nil) (setq inhibit-message nil) + (setq org-babel-eval-error-notify t) ;; (breadcrumb-mode 0) (org-display-inline-images) (global-hl-line-mode 0) ;; (display-line-numbers-mode 0) - (org-modern-mode 0) + ;; (org-modern-mode 0) (evil-insert-state 1) - (beginning-of-buffer) (org-present-read-only) ;; (org-present-hide-cursor) - (swarsel/org-present-slide) + (org-overview) ; fold everything on start + (add-hook 'post-command-hook #'swarsel/org-reveal-at-point nil t) + (add-hook 'post-command-hook #'swarsel/org-present-maybe-read-only nil t) ) (defun swarsel/org-present-end () - (setq-local face-remapping-alist '((default variable-pitch default))) - (dolist (face '((org-level-1 . 1.1) - (org-level-2 . 0.9) - (org-level-3 . 0.9) - (org-level-4 . 0.9) - (org-level-5 . 0.9) - (org-level-6 . 0.9) - (org-level-7 . 0.9) - (org-level-8 . 0.9))) - (set-face-attribute (car face) nil :font swarsel/variable-font :weight 'medium :height (cdr face))) + (setq-local face-remapping-alist `((org-verbatim (:family ,swarsel/fixed-font :weight regular) + org-verbatim) + (org-table (:family ,swarsel/fixed-font :weight regular) org-table) + (org-meta-line (:family ,swarsel/fixed-font :weight regular) org-meta-line) + (org-formula (:family ,swarsel/fixed-font :weight regular) org-formula) + (org-checkbox (:family ,swarsel/fixed-font :weight regular) org-checkbox) + (org-latex-and-related (:family ,swarsel/fixed-font :weight regular) + org-latex-and-related) + (org-indent (:family ,swarsel/fixed-font :weight regular) org-indent) + (org-code (:family ,swarsel/fixed-font :weight regular) org-code) + (org-document-info-keyword (:family ,swarsel/fixed-font :weight regular) + org-document-info-keyword) + (org-block-end-line (:family ,swarsel/fixed-font :weight regular) org-block-end-line) + (org-block-begin-line (:family ,swarsel/fixed-font :weight regular) + org-block-begin-line) + (org-block (:family ,swarsel/fixed-font :weight regular) org-block) + (mu4e-compose-header-face (:family ,swarsel/fixed-font :weight regular) + mu4e-compose-header-face) + (mu4e-compose-separator-face (:family ,swarsel/fixed-font :weight regular) + mu4e-compose-separator-face) + (mu4e-contact-face (:family ,swarsel/fixed-font :weight regular) mu4e-contact-face) + (mu4e-link-face (:family ,swarsel/fixed-font :weight regular) mu4e-link-face) + (mu4e-header-value-face (:family ,swarsel/fixed-font :weight regular) + mu4e-header-value-face) + (mu4e-header-key-face (:family ,swarsel/fixed-font :weight regular) + mu4e-header-key-face) + (message-header-other (:family ,swarsel/fixed-font :weight regular) + message-header-other) + (message-header-subject (:family ,swarsel/fixed-font :weight regular) + message-header-subject) + (message-header-xheader (:family ,swarsel/fixed-font :weight regular) + message-header-xheader) + (message-header-newsgroups (:family ,swarsel/fixed-font :weight regular) + message-header-newsgroups) + (message-header-cc (:family ,swarsel/fixed-font :weight regular) message-header-cc) + (message-header-to (:family ,swarsel/fixed-font :weight regular) message-header-to) + (message-header-name (:family ,swarsel/fixed-font :weight regular) + message-header-name) + (markdown-math-face (:family ,swarsel/fixed-font :weight regular) markdown-math-face) + (markdown-language-keyword-face (:family ,swarsel/fixed-font :weight regular) + markdown-language-keyword-face) + (markdown-language-info-face (:family ,swarsel/fixed-font :weight regular) + markdown-language-info-face) + (markdown-inline-code-face (:family ,swarsel/fixed-font :weight regular) + markdown-inline-code-face) + (markdown-gfm-checkbox-face (:family ,swarsel/fixed-font :weight regular) + markdown-gfm-checkbox-face) + (markdown-code-face (:family ,swarsel/fixed-font :weight regular) markdown-code-face) + (line-number-minor-tick (:family ,swarsel/fixed-font :weight regular) + line-number-minor-tick) + (line-number-major-tick (:family ,swarsel/fixed-font :weight regular) + line-number-major-tick) + (line-number-current-line (:family ,swarsel/fixed-font :weight regular) + line-number-current-line) + (line-number (:family ,swarsel/fixed-font :weight regular) line-number) + (font-lock-variable-name-face (:family ,swarsel/fixed-font :weight regular) + font-lock-variable-name-face) + (font-lock-type-face (:family ,swarsel/fixed-font :weight regular) + font-lock-type-face) + (font-lock-string-face (:family ,swarsel/fixed-font :weight regular) + font-lock-string-face) + (font-lock-regexp-grouping-construct (:family ,swarsel/fixed-font :weight regular) + font-lock-regexp-grouping-construct) + (font-lock-regexp-grouping-backslash (:family ,swarsel/fixed-font :weight regular) + font-lock-regexp-grouping-backslash) + (font-lock-preprocessor-face (:family ,swarsel/fixed-font :weight regular) + font-lock-preprocessor-face) + (font-lock-negation-char-face (:family ,swarsel/fixed-font :weight regular) + font-lock-negation-char-face) + (font-lock-keyword-face (:family ,swarsel/fixed-font :weight regular) + font-lock-keyword-face) + (font-lock-function-name-face (:family ,swarsel/fixed-font :weight regular) + font-lock-function-name-face) + (font-lock-doc-face (:family ,swarsel/fixed-font :weight regular) font-lock-doc-face) + (font-lock-constant-face (:family ,swarsel/fixed-font :weight regular) + font-lock-constant-face) + (font-lock-comment-delimiter-face (:family ,swarsel/fixed-font :weight regular) + font-lock-comment-delimiter-face) + (font-lock-builtin-face (:family ,swarsel/fixed-font :weight regular) + font-lock-builtin-face) + (font-latex-sectioning-5-face (:family ,swarsel/fixed-font :weight regular) + font-latex-sectioning-5-face) + (font-latex-warning-face (:family ,swarsel/fixed-font :weight regular) + font-latex-warning-face) + (font-latex-sedate-face (:family ,swarsel/fixed-font :weight regular) + font-latex-sedate-face) + (font-latex-math-face (:family ,swarsel/fixed-font :weight regular) + font-latex-math-face) + (diff-removed (:family ,swarsel/fixed-font :weight regular) diff-removed) + (diff-hunk-header (:family ,swarsel/fixed-font :weight regular) diff-hunk-header) + (diff-header (:family ,swarsel/fixed-font :weight regular) diff-header) + (diff-function (:family ,swarsel/fixed-font :weight regular) diff-function) + (diff-file-header (:family ,swarsel/fixed-font :weight regular) diff-file-header) + (diff-context (:family ,swarsel/fixed-font :weight regular) diff-context) + (diff-added (:family ,swarsel/fixed-font :weight regular) diff-added) + (default (:family "Sans Serif" :weight light) variable-pitch default) + )) (setq header-line-format nil) (setq visual-fill-column-width 150) (setq indicate-buffer-boundaries t) (setq inhibit-message nil) + (setq org-babel-no-eval-on-error nil) ;; (breadcrumb-mode 1) (global-hl-line-mode 1) ;; (display-line-numbers-mode 1) (org-remove-inline-images) - (org-modern-mode 1) + ;; (org-modern-mode 1) (evil-normal-state 1) ;; (org-present-show-cursor) + (remove-hook 'post-command-hook #'swarsel/org-reveal-at-point t) + (remove-hook 'post-command-hook #'swarsel/org-present-maybe-read-only t) ) -(defun swarsel/org-present-slide () +(defun swarsel/org-present-slide-open () (org-overview) (org-show-entry) (org-show-children) @@ -1114,18 +1225,28 @@ create a new one." (defun swarsel/org-present-prev () (interactive) + (beginning-of-buffer) (org-present-prev) - (swarsel/org-present-slide)) + (swarsel/org-present-slide-open) + ) (defun swarsel/org-present-next () (interactive) - (unless (eobp) - (org-next-visible-heading 1) - (org-fold-show-entry)) - (when (eobp) - (org-present-next) - (swarsel/org-present-slide) - )) + (let* ((next-heading (save-excursion + (when (outline-next-heading) (point)))) + (next-block (save-excursion + (when (re-search-forward "^#\\+begin_src" nil t) + (match-beginning 0)))) + (target (cond + ((and next-heading next-block) (min next-heading next-block)) + (next-heading next-heading) + (next-block next-block) + (t nil)))) + (if (and target (< target (point-max))) + (progn + (goto-char target) + (org-fold-show-entry)) + (org-present-next)))) (defun org-babel-execute:markdown (body params) "Just return BODY unchanged, allowing noweb expansion." From a254a2712a1d59b0d8428d886e9e694ed1bcbb49 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leon=20Schwarz=C3=A4ugl?= Date: Wed, 25 Mar 2026 13:54:33 +0100 Subject: [PATCH 2/3] feat[work]: prepare for sk keys --- SwarselSystems.org | 72 +++++++------------ .../x86_64-linux/pyramid/secrets/pii.nix.enc | 8 +-- modules/home/common/ssh.nix | 2 +- modules/home/optional/work.nix | 41 ++--------- .../client/hardwarecompatibility-yubikey.nix | 20 ++++-- modules/nixos/common/home-manager-secrets.nix | 3 + modules/nixos/common/pii.nix | 4 +- secrets/work/secrets.yaml | 8 ++- 8 files changed, 62 insertions(+), 96 deletions(-) diff --git a/SwarselSystems.org b/SwarselSystems.org index d7c3fc2..8e8a375 100644 --- a/SwarselSystems.org +++ b/SwarselSystems.org @@ -8866,6 +8866,7 @@ In the respective modules that use home-manager secrets (for example [[#h:506d01 inherit (config.repo.secrets.common.emacs) radicaleUser; certsSopsFile = self + /secrets/repo/certs.yaml; + workSopsFile = self + /secrets/work/secrets.yaml; in { config = { } // lib.optionalAttrs withHomeManager { @@ -8891,6 +8892,8 @@ In the respective modules that use home-manager secrets (for example [[#h:506d01 github-forge-token = { owner = mainUser; }; }) // (lib.optionalAttrs (modules ? optional-work) { harica-root-ca = { sopsFile = certsSopsFile; path = "${homeDir}/.aws/certs/harica-root.pem"; owner = mainUser; }; + yubikey-1 = { sopsFile = workSopsFile; owner = mainUser; }; + ucKey = { sopsFile = workSopsFile; owner = mainUser; }; }) // (lib.optionalAttrs (modules ? optional-noctalia) { radicale-token = { owner = mainUser; }; }) // (lib.optionalAttrs modules.anki { @@ -9302,7 +9305,7 @@ This system, while highly pleasant to work with during everyday use, sometimes h #+begin_src nix-ts :tangle modules/nixos/common/pii.nix # largely based on https://github.com/oddlama/nix-config/blob/main/modules/secrets.nix - { config, inputs, lib, nodes, globals, ... }: + { config, inputs, lib, homeLib, nodes, globals, ... }: let # If the given expression is a bare set, it will be wrapped in a function, # so that the imported file can always be applied to the inputs, similar to @@ -9356,7 +9359,7 @@ This system, while highly pleasant to work with during everyday use, sometimes h secrets = lib.mkOption { readOnly = true; - default = lib.mapAttrs (_: x: importEncrypted x { inherit lib nodes globals inputs; inherit (inputs.topologyPrivate) topologyPrivate; }) config.repo.secretFiles; + default = lib.mapAttrs (_: x: importEncrypted x { inherit lib homeLib nodes globals inputs config; inherit (inputs.topologyPrivate) topologyPrivate; }) config.repo.secretFiles; type = lib.types.unspecified; description = "Exposes the loaded repo secrets. This option is read-only."; }; @@ -10736,9 +10739,20 @@ Also, since I use a GPG key in sops, it seems that scdaemon creates an instance { options.swarselmodules.yubikey = lib.mkEnableOption "yubikey config"; config = lib.mkIf config.swarselmodules.yubikey { - programs.ssh.startAgent = false; + programs.ssh = { + startAgent = false; # yes we want this to use FIDO2 keys + # enableAskPassword = true; + # askPassword = lib.getExe pkgs.kdePackages.ksshaskpass; + }; + services = { + gnome.gcr-ssh-agent.enable = false; + yubikey-agent.enable = false; + pcscd.enable = true; - services.pcscd.enable = true; + udev.packages = with pkgs; [ + yubikey-personalization + ]; + }; hardware.gpgSmartcards.enable = true; @@ -10757,13 +10771,12 @@ Also, since I use a GPG key in sops, it seems that scdaemon creates an instance }; }; - services.udev.packages = with pkgs; [ - yubikey-personalization + environment.systemPackages = with pkgs; [ + kdePackages.ksshaskpass ]; - }; } -#+end_src + #+end_src ***** Ledger :PROPERTIES: @@ -21179,7 +21192,7 @@ It is very convenient to have SSH aliases in place for machines that I use. This ''; matchBlocks = { "*" = { - forwardAgent = true; + forwardAgent = false; addKeysToAgent = "no"; compression = false; serverAliveInterval = 0; @@ -27494,6 +27507,7 @@ When setting up a new machine: inherit (confLib.getConfig.repo.secrets.local.mail) allMailAddresses; inherit (confLib.getConfig.repo.secrets.local.work) mailAddress; + sopsFile = self + /secrets/work/secrets.yaml; certsSopsFile = self + /secrets/repo/certs.yaml; in { @@ -27638,7 +27652,7 @@ When setting up a new machine: programs = let - inherit (confLib.getConfig.repo.secrets.local.work) user1 user1Long user2 user2Long user3 user3Long user4 path1 loc1 loc2 site1 site2 site3 site4 site5 site6 site7 lifecycle1 lifecycle2 domain1 domain2 clouds; + inherit (confLib.getConfig.repo.secrets.local.work) user1 user1Long user2 user2Long user3 user3Long path1 site1 site2 site3 site4 site5 site6 site7 clouds; in { openstackclient = { @@ -27693,41 +27707,7 @@ When setting up a new machine: }; }; - ssh = { - matchBlocks = { - "${loc1}" = { - hostname = "${loc1}.${domain2}"; - user = user4; - }; - "${loc1}.stg" = { - hostname = "${loc1}.${lifecycle1}.${domain2}"; - user = user4; - }; - "${loc1}.staging" = { - hostname = "${loc1}.${lifecycle1}.${domain2}"; - user = user4; - }; - "${loc1}.dev" = { - hostname = "${loc1}.${lifecycle2}.${domain2}"; - user = user4; - }; - "${loc2}" = { - hostname = "${loc2}.${domain1}"; - user = user1Long; - }; - "${loc2}.stg" = { - hostname = "${loc2}.${lifecycle1}.${domain2}"; - user = user1Long; - }; - "${loc2}.staging" = { - hostname = "${loc2}.${lifecycle1}.${domain2}"; - user = user1Long; - }; - "*.${domain1}" = { - user = user1Long; - }; - }; - }; + ssh.matchBlocks = confLib.getConfig.repo.secrets.local.work.sshConfig; firefox = { profiles = @@ -28254,6 +28234,8 @@ When setting up a new machine: path = "${homeDir}/.aws/certs/harica-root.pem"; owner = mainUser; }; + yubikey-1 = { inherit sopsFile; owner = mainUser; }; + ucKey = { inherit sopsFile; owner = mainUser; }; }; }; diff --git a/hosts/nixos/x86_64-linux/pyramid/secrets/pii.nix.enc b/hosts/nixos/x86_64-linux/pyramid/secrets/pii.nix.enc index beb5c3f..84a7b9f 100644 --- a/hosts/nixos/x86_64-linux/pyramid/secrets/pii.nix.enc +++ b/hosts/nixos/x86_64-linux/pyramid/secrets/pii.nix.enc @@ -1,5 +1,5 @@ { - "data": "ENC[AES256_GCM,data:8y8t7e8XhVy3lc+JcPnFFzI7DTpr+JlXfOKZJu7uX7DczTYQHIZQTrMcFjyBbB8SWJLWLUG8Yd5JGXk377CBX73cxGF+r895lxP+puoKRRzDapkg6y2uN0E3Gr1wnQFB4I8YX7n8UWnj18s3mTIohQHmhoxkuIqu2zvgEGBpMiz3oZIL4zmb8diLXh4PyB1qAI5U5RFWPpkwRWjXteD5m8mqcZ8k4A4l00IMgz2n9MJDQPMjYNITR3XbOlI1qNMYBVb3xuVLXBOBN6x5W4539kGAiHcAi8pOUvBjAXphOEGQ7uLoorAniHx2PPyqReDr5tx47h4RtKJGeGoJ6ZdaFS2LwD10Dkiac330ELLGpSuHoNn7cfw6P8xSyYfreIXbzgavZAlJ1t3fNjEwVtgz63bXL1IX326fP1WcFqBUgAMd8I+VZsxo15j92zZS8gUbdu4KdSMag4dlOa9rgJCLpZGw4UIifHn6RqbH8s/HdisWV2YA3p1/Oowp39Hnr1ZeUecHQCpC2Y/nVLZid9wy4NcIPDbkeb33vMzJ/G5o4EVeYcrnM4J7+KS7aJ4c2bbkRixc1w0bTYeQHFgvM9VBHHEO30t68AGEzju29XeMVi7bzamJZeApPEacMVzzCXlRiAWtPru9JtBYz17VXliMBiEc5Ffo12PXPV7VK/BimKBppJAGNSJiWg/fXawRJNs/fJkLywEL88cf3RYP0Wdy01umjU9tW7Y0W1zc46auKy8KPpCcT0e6kBGmlG2WJje3dNYDFUutFTllV+N7VeDOuZi4oaGrwF1Rz8cAKPrZWMyLX3bMc4EkP7t7h0DoTyXvl3CcA9/wgeCQrLIPLnUTBDTF6jsyt32IjxfiMMBTtR5hLJeM5BzybuYHI2Jbbnt2Ko+tCWOUNdRR7rOYT7o+xzm7g3apcrKIKaufc5YUxdD9asc8uAx+9w7tkg7O/2Ak9qPVgE7HIu9m5O4qaEQn8I1P1GbwiHZeIrfiRzcf6+KgjsLU7i+gCCb3EtMZJUS1CFmlyA+akgsFaunZFYLjg6vUmhQgTKhWooNj3DkdWXWN4bOB/lUyzsCezAD+HfPYyy2pYETRtS/XlpBktSYhP2yLZSxEyjsKBH8roZ/LpNwJV3RuvM+CPstj/pxf23Ayi8LrU1t88Q+/mje1OsMCr67Ltbl+7HXNcpM8zwLUfmTt72YZd1CnoAvbqM3pfecLM1AZEeR+p+xq8tsl1tRE2V0y/SH9kew4UOYRY/eZHmiy8P8Eyjj6/PL+/9+CLU9KGeK/28hGz1u1Ao03FxcPL1AeAeA1mlCNAErT/Q4GUKdDNa5uTHpU86VrMoELtvVaVn3V4AS5I+kTfvI9WF8oaI20U2ysAMpJSiPJyC5AVteyehXAEdGY7bgltvity8arU8efxwmrjbZ29ZWwRezqf1kZLb7pySCfsoqYwCFFDx4s7hD4RF1N4X9GQA5JupUO/+UZTcVX4aud+yf6uTb9yRC5LGjXJj5S03DQ+Vj35nZMUn6xhbPPnEj0uS9yug685mQm/bwUVHIEyoBZfPZquSSh1oolKsKnAPS2+fS13dr2sNuHktq40sJTTglz97ZexoIbZ7Ftx3tzFtqFMhh11EBV4eb0MCu9zwaq5DMoLugXECSkUy6Nfc9XGdRU/x3iIha36jg0wj9MwKNpztNFJzzWSVd8XU5rILbr9yWs4xZKBZq6PFx3NEXCIsJ0kkfc1FUBlnsiYG52A/zcFQZmUAPDy58M4rzLnWjC+qk7jU01Yw6aOcFqqE5kg9+AvYmF8JQ16s17d4o49I/fmL0MYVbSgdXrJZF9ejrkBkIMfu7UgbBlQdJCSW8BFx6zFmg2Y22bh52q8+//PK1rgUKs9RAsAasl8WKrKo+xNgai+1M9eMxg+wsBIP+j4WutMHXPv3AMeqt+JwIPiydPwny49820Z24h49pXPVK0EXTqZl46b7bUvyZqAbDTTDmjb/gOJII/ho6/EeaEUSk/r1NVUehq5S/e/UJagTDI3csmBgEcMYdk5CfoJt0cDeqHgrAo8U8xpURT5BAbeCHwWpI7sE47LZwHStf9WbHyacCGsob+ELvfMvunaY2YmqnlVaYulf0mgmn5YmBI8ouQ2Zc4eklzso+NN6e9j7ODhxPxF/MWKjoi/kpF8eBiEKEbPk0drOS4PcOFEDvbA7fFrwiwUnTqG2+FVBTgyidxDYX70jX5asox5wBc4WAgPXU0WNNb5I2bbenUoGKbDrZ989FblN5I3xnP5kxFq25evPtEvA5R9mwBYtBnd3UBBnDzcsI6gA7o73VW7Y25gfX5ODTRbMjxGYBU+xnNK+B9IOeMGTmFjuqchrlyaSOQ9T2Wx4kNyVUwWRMw/eZPkP6LtEQLVM8iotO6BNcPVqx6dCU4nh19IbjbfyrO0I5ZqSV/PVCRx2Pomceu0EfMpVReFvlIi/UyKROzLuOy6AY1RlthR8gM39l6a6l+WZeukkn+SoAEXeyw4U83K2H9WR6hYcgX0SPGVYfI3C83I0EChET30kiX/rb/fFtb8xdQogA4+R/vR3mPBaGMiWh0WDZVDhNy5/DlwYPYp1zDxtVjQffEhqWS5FqRdw5BsQJQc9glptU5QCgY/ITYwGlaW4OYWokFQWinH0JF9bcCjjjZMT9C52N9ZuZ0muxTT2/UxyhKhX7Eojxq6sz0HJ+TISa5FpUKx/W7I+XqT25n3PtKfnkRDDba+RxDy3bCYo60aOPfR9aCG0VbGLWgc4TQHCmC209rSSIlsD2DhBzFC2lCxasXHIgNAymGfbpOjvqdId9ev1XN0EEd0al4HBUvvGsq9FUeshAWMeWDKu1t0aDKJ6/c4bphThjoAqxtQaGPUFOhNw94PedCBgiRqXN02WZcrnqp/spj+uIfch1F/X5A3jTUev8vq/s7lge7h3CNWXNpBFrW5trdzE8N2Kw3AahsJfZCo/Qd9e6WHIDRgbZFEbKwkTIyeEW8rMv5Ls0Aq+kFvs76muJVnr+Pb7e/GabhgT3pPhYNLQWjPRQYkF2KDKrGUlrc2BkJqRLF3fhI7vQPFphWPl0Lj5idYglIn5v2P2HR9n3Z1+9oyIpmFsqjqILCdoMCDleQOb4DCzXnR5QE4LKg/jjJqqGyO4mAbpwdvN9Q4j1FOUsJNOgMNBUUdEr7n65ktKnJX5wX9cymosRUozgoteb2dblFJjY/pf8toH5kU+YIYmbQR0caw8tdpBl0ETcsaQpF3LbCsSfmN8tZyxS4R/0W782i08IsaN9uXEevlsyFgMg7I2q739fHqJ7kFeosXpKdUpOnmuoLu1A7,iv:9SAQXPwrhy5yjkNxn1lITD77MjqdrYOSlFpUBE8a/fY=,tag:tYApnwq2auUk+/N9alPX3w==,type:str]", + "data": "ENC[AES256_GCM,data:BicBnOKsCY0s4kAzlRdKKUCIKnxPTaTNg80nXJrXbdZWwBxy93EVpg7gOXq6rpdrPYfbjlo1Ac2OdkYC/G9mCDYxbeE/NqJmYQvRNbn5jzG176CoaBtC4tjvuT4UzrrZ3/6TI2l0QydTBfdLUUFf+PpacBxi3XY34EW0o8mZHScNeMTxrYFIIUaYCtAtYesW+LMxFFk/QMrl1ZKhC+hTGrMaDQYPJ6MqXcUrGDxG1Q/ByYPdo3AuuxXTA9bTAk4FznEKtye0AL9Cc0czwSG0dne7RDDGCWSIKNsTvFWJANyJQDo7akxYtPxMVDXIHRbyouVj2IOi/kIkoknQOHA0se3zW7BUV1eU794p5V4zMSUvcaHczldYIVYIhRXsPnNmWXIhNBwaf+CS0RehZBO+xpJsakkaHckr3YuJo01nENHj+sQNvPCSxacDsYIY/dSqJAVd3zQvZ7lXaJw5TMWP8jmG1DMxVkDNeNrsL3vvTlkdM9+ivydKNW8N2x0LDrkfJm/Xj1VCrnCAjEiufVq1+FDQRPlZlAt2TPCqo16qF4oFbxA6vZKtA3Vz+HMBUSGyRDvkY2SaQxQ2/Jb/28TDMRGeyQNbi0/nwSV3mUMaKa0HaVOGKZ+eX2sc7ryWmu1bioUXJKExaPMRYQI2bRL2tRgaJSkJA67xT5xThyJP1hpH5k5k68/eT7pM0B3TaZ5u8mAj//qAzuVDYkB76IBGbjtb7k4y5Ozv5utoQZSPagPiTRu29uzK7M33NJ679OmCwGqbTjNAjY0F7tfXXn8KH0jdW6J0DL1wyXvG/n56iJWx2K+SMF7IjXcf6grBHPPKR0qWy8flhBl/cpTTLnwWt85/UKyWB1+kegxUwZG/6p935nsZ1OpWux5TLfHnGylNUlHeJSPE3/n9hgcrS9KaarHkdE7agDx90R9jWAlZ/ZKNM+8gWj98owmSo4sQvXfmfo6jX9maH+f3y6AX4YCAyN3Ow9Nchc6AVdtfwsnb/BNXp1xsDtgJllDkjTLeVWZT6W7EKw4+qwo/jlAeVGfUhzPAfr6JzStvrRUwrj0AOV0Ugeh/dDRryrkdsQVjBPSXgtDHL8HVLrp1mqZyhOq68MN+PgSPD9jIV4+E2LnQfR4D+w/+U0btLtOjqn06oUhzVDrmWUetw/N2m/iYrVKR8n1zjRg794+BycJ+Hc/3zPWVhP60FEgOOlIBlrYKzJMn2Q/fdoaFtgRLgGgtLKOgLXDZo1tCy7B7mE7xCtB675JxeVYa+H2KCWuZ9lzD5RRS17aytn4T4jbtb09erg86KOE1g0veqmmY2eC9mXxMom80F8JMuSxiakSuc1P00EPqDNafgr4oiKbxK3Acv0D48ahpVwzzixqJACNGdDwkbhArQySlfAS2eM7DxnH6Nargdmnp5zZsGgIkVABLM3R/b36956dh1VcT3BhDRoUf+a8P8r4r20ybB6TB1LESG/IrjVXF5IBUSzrnVXgxdKBZu3Eyh/8Y8AYiIaQ7T5p257Y27zoL+I+EzekoeNzKy3zk/1r1/TJdqnB+Rv2NHLCo9MtyDeadYc1X1OReCewhkU14iCvZGtjPxKKd5j6qcSF8+5iUbpamt6m2Esef5yQIICZvywcFaBAxARIQMQ4sl20KqssfxuRIeenE/8FmoSs5XQmlQl5isKCJBPlGPN+xQChjaY076GuevPkCZ4oQU6C5WSanBlvdwtihqpGJcrqpUNKUjA6IAZEDATOksn/7urRkKuyJQVnUhxrp5MecrGVxvyQvLfRnKk8+6qBmROVvXiE3qFjePJ59Gdz7UJowX61R9c3xMTKNz4REFjv2VxSb4bESS8+dPDuXHinmJD9OrkhOHJjEltbZomSj63OzBVd2NOe9yI132gKPKrvL6vnRPUDFk4h74RjztcAn6aPvx3qbKw2kxqDTIxgF2y9jMGEYFK3v7vkh6vSGEv0d0jmTzEdkAsn4u0vQju5Wu1XuSXQr9X3LV5uRAeLGiv/KknjXs7SrX6QbJaD20zyDVKbzWyZglPgS9EyB7orPS6+aLTrOeu7es9RNzBXYUWYWEX1bLoWMTUpHHXqNLFSVv6ZG4+E50DCIzPiM86AxgslDvAEILXtrdgnxEQtA4j6Q5d/Tvuf3lCqa5Uubx6CXLGKaB17JMuAvRbnoTE3IqT9tWzddE4TIBlFtvogf8gQGOf3R/rC3PgO3nmEuLc/sFSPr0KxILygAPs3YXAALFtEB2wpzX5ZI9qWdJ4ieC2JyK2R1lwwzTufqwFWfM1o7N3OWThXzyMuUSWXJMiQOC+2iK2HejTC5KmV+7Bqx/oQl+wCk59UBif4Sf03y96nhJ+p32XqErKuBHTZR7v3os1c4Vieq1y4hT043lA406JSf8oFPEYTq7JgAzxzIbDv4l8N08jNiqR3Xrwn1nTIIBcGHehBMPTNp5voUn/FnkRN8jRsRV14IJzADUu0UVtBarEOeXws7kZjifUz4QNtIOAnkW5cOJFzqwDEo223nSoySdxGPuxIjkLQxuUc2OraK4O5ZGA4R9dftkhxCCtSOo4rbUFPTchb6L6fr3jgCSggiMTEvZUOZg4aUq1J+0H5rNZLwCrIr0DrmjOO7L9Zxz7mFh0njLkSlfDRLpbtODqQ9z1ucwU6XuZsQSkn3KmcjxDKA6/uCt+iiMF/EkGfqJmdDqqF9e9DQLoPadnHssE8atwP+UJJArrIWL95Ebzh5X8W4fyaI2oT/xjemVvLhA7t46KFgFel7doZfIM8MusqROi7x0FwFGvLV/j5ujgYMzo7QqVvuS/VPm0IHv8+JzDcixQ/tZ37UWO4xGqH6BAGdQms7qG1pDP6xPCAXXEJAmMm2fj0i9R2z1oajAg77dx5gX/9EN8xhfQknJl+/yTYEUIQPI/2BpQTGROWFM+VDj/43TNP63LU6wD8er5t6h7aYSM29APu1RSqFg8eNquLP6uxU1j3TaItOZhF7BKTtHmIOu1B5tMZsbNgZJpmpbSDX4ocPC+O4Uy2bVELkZmU2qeicq1KRRjXXQBw1edlz+pSf3X8hXl5DbCZu0WTl9s8qG4r4TUNJgDbmG8bbpE/rV9nFToYeihRX8fn7G5O35A9yniSAmVQdZQJ/z4ZvMHnFZ58w5j3BXg2szgBP4SWnDNJJ8Gi5Ijfd1igJNbMw11hVyQSMPxGwwJ3fJGemUDct1vzNgTKTrS7z9mxW3XJeJH9KcdjZjKmMYuOGb7m8r3haAjLjJqxYcelBrDt0ytVwtQPJgycWJMZpszs8qNGQ3Tdb4v4opgQK81j9Un1nWSRq7rq+7anre2yfNawd3uI0+U+u3amXVI8/6+tivwilj1LWn8MMTN46tfLCxYabAg3abY8VhvGhcp+ewh2+vPHrvXpB0STGm6Mda007MQ62nHdRu/jRVM6A4nr+em/PijF3idBpz72DN1jxFJ5ujYKQlvTqkYc0d2tZuckbbEsC3S5G4bxq3EckHgptbIhJIfWDYnS8EfbQEgw4A1WitR+G3Ci68t9d7NkNWsPkC3A2Bd4x4WzuI1qhHVaxS1jkLdwbL3/j9ibabpdwLq9SD0k7W4+9xfLoaQr25eZAGO3fbgfZVf5RKI8yEse+rQuVGew6coNj0zFQieHxTi+Kb4ReLrLizvYcM5C+h0WC5Gzr7vFjGaKutqgr+AxzhXJGf4IjSfKPdqnN2VvKH9KuS3hm+cityvj3svYGMCrHpi8Ntxc4e2tXiYJtM9Fuu3453FhFTrmHVTep6OIcYvbF1jCdl2BXy8mMzVyMwXWH874PIOwvkOev/ioVKpwTTd+5pXqKCOK2JzRV6cb/4sil/2aiAzDjq66Sg9NZYmLMLLtS2wtkTlUTI7yMkE56hTksEWGeANK76TrJUjMyDPiKrJqhWn3+PwXzQDyQjagm5YZwTVX9yxL7lB89+kEhzem8tsRCbcL7wk2EaVYzv7o7v+kKOOAIdCaKWboDoMklshs6YFx4bVLi3hG/Ch6tytlLGqKS1xm7D+kjQLCaE3CX70bu3LaXZJ9AM1QhKNul2AvPFliHRnfaaI+QdOXL8zbWA0WgFZbcRGV5ph50Kg8yHlIrK5KzVim6r/tJtWr7sO0I0f6hy5SbxWCcJztXvGmbXmlrG0QeJwXwvtXWtMn30Yvja5C5JqGpXhr31+fUcaYz6E9cTEt9UahoolUWAK8PlqfwzDiEOa2CUBYOzuB6gjf/Wo1+uM5D77eQaR9sXXrUIIQH4IoT2nVGM3zgt3CnL2KguNQYxP/S73oy0qz5RpB02hGoSOCjxaIN3F5mKj5TuL+FMGueDGmBrYtH4I5rTWZDe+xsbWmZWR3bZXy8CbVTx427jDl0p88VfbRG/gEzBYvzIT0IJNnOgcmlb0AO5nnjO5+kWrCpM0CEdnsjh+2d/PR51XIe4Z+2f4TaZfLecCpZT8rgYfOpW8akhvjUY9LCzwta1bMSyFogVm0I8kXTmYh3iGWECCakK2mjfowFzVLbBzhav0ZSerYDPXqjunmXaO2ByuPIBhCQLRJN3nvhQeVfX83poGtqolHmvJAk+z6EYSBvhvNoMFXPvbrGgEsIllA/hpUUZcstI0I3HwOCUp8pSU18h8naRbV/9KJFbeTHtdaj5tPcIP6LT894XzRBEbl7gbdkUk7lp4MEWKQuXtcMa56FEAqgRSvWwLQdZ4YoIlGbWBua6aPv/2iuL23rAfMSeVdw9gpo97UdKtSGly8s3XijbR3ITuyW6fCLaT6qhdeEXXUC1Hm8gzJ4qLNZ6yszPdEHuEzn9azaQuv2+7aSEQ6ZARsqUfSb7hLa2TCU/bc59WO3xIIaROhlCxTJHUuU6NEiyxvJLPGqqNudTt3cepdx0ZGhM95vLBzdhtVNebDHEZTtMpOiXd4WKEi0SzwufO/XYO+ov6yAp7mwQzR2J6HZbQxV5Op7zqfecXidQ9haytYHRlPNA9L4gj/X5/o8Sx8OIZR5fPX0T/AE2tv0kBwvjQF7ny3Oaq4=,iv:I5pCXGk/JXER4l9Jrqu7PfF1eKgD5OdKNvjA6HE5lfQ=,tag:u2gosk6uo6GN4+JxJsV9Ew==,type:str]", "sops": { "age": [ { @@ -7,8 +7,8 @@ "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsTXhHajBUQnY4MzJuTW5u\nME4vWHJrRCtQMWhWQ1pvU3h1UWVielFQSFFRCkl2RmpTRDh5Z3Q5UWcwS3RCVHds\nM05GNi8vNnpwS3FZcDBGWVdlZEdyVEUKLS0tIEM1SWdtZGV4QjhpaktRNkw0NDl1\neWlYN0tDMUhsWG1OSm9xWlM2VWJKcXcKa9aySsFOXPdwkmrmFc6X+WZT67vcuJf0\ndd1soIklu7xRuNpGKMuZbNKKgyRZnGrcUZUwwGIlJ2KRDag2risOXw==\n-----END AGE ENCRYPTED FILE-----\n" } ], - "lastmodified": "2025-10-21T19:32:24Z", - "mac": "ENC[AES256_GCM,data:wM862FQH/qX/abuD+krJOazli9Ci5GrpLtdcnzFgKCeNdjA2cfZ8M3DyzsBwMXjp6HxBHLyO7QXGcQkx3kIKGnRhEBuQzVOtrZhqcDi2Ho8iBV8Dh4xkhcpBYufw7xP8hGWg6ZVZ4JyM3P4NfAdxbfWTdc1VMStAafJ2SZ3pAYI=,iv:tDAKNe8LV40hRCqKzN6j6B71IV81SnrBgerxGPzU4Zk=,tag:7ZsST8pl9TjMog0dNKcUcA==,type:str]", + "lastmodified": "2026-03-24T18:37:56Z", + "mac": "ENC[AES256_GCM,data:0VwPHOcQi8uAzo7F+IKpMfs+UlcaKflC8xPYcT1ITY/PNwZD/mSh18oOjZ0J90UepMysHtYRnJ7BxZSYkBCp+GFcYWYdHrNhYdUOvI5wwTz3FCw4ybaZCmepPFIJl/7LOYX7lQnxegGWFyyVpjxGWh2pe3CIbs+g3ev+EPzqA9E=,iv:cTtBXjwJaUImChgTuPfiUqfXheD8QA402+8Fd0FWor8=,tag:WAdYeB690oI0ILqP05sTTQ==,type:str]", "pgp": [ { "created_at": "2025-12-02T14:58:23Z", @@ -17,6 +17,6 @@ } ], "unencrypted_suffix": "_unencrypted", - "version": "3.11.0" + "version": "3.12.1" } } diff --git a/modules/home/common/ssh.nix b/modules/home/common/ssh.nix index c4fc482..ea81f5e 100644 --- a/modules/home/common/ssh.nix +++ b/modules/home/common/ssh.nix @@ -11,7 +11,7 @@ ''; matchBlocks = { "*" = { - forwardAgent = true; + forwardAgent = false; addKeysToAgent = "no"; compression = false; serverAliveInterval = 0; diff --git a/modules/home/optional/work.nix b/modules/home/optional/work.nix index e1f24fe..c9f7640 100644 --- a/modules/home/optional/work.nix +++ b/modules/home/optional/work.nix @@ -4,6 +4,7 @@ let inherit (confLib.getConfig.repo.secrets.local.mail) allMailAddresses; inherit (confLib.getConfig.repo.secrets.local.work) mailAddress; + sopsFile = self + /secrets/work/secrets.yaml; certsSopsFile = self + /secrets/repo/certs.yaml; in { @@ -148,7 +149,7 @@ in programs = let - inherit (confLib.getConfig.repo.secrets.local.work) user1 user1Long user2 user2Long user3 user3Long user4 path1 loc1 loc2 site1 site2 site3 site4 site5 site6 site7 lifecycle1 lifecycle2 domain1 domain2 clouds; + inherit (confLib.getConfig.repo.secrets.local.work) user1 user1Long user2 user2Long user3 user3Long path1 site1 site2 site3 site4 site5 site6 site7 clouds; in { openstackclient = { @@ -203,41 +204,7 @@ in }; }; - ssh = { - matchBlocks = { - "${loc1}" = { - hostname = "${loc1}.${domain2}"; - user = user4; - }; - "${loc1}.stg" = { - hostname = "${loc1}.${lifecycle1}.${domain2}"; - user = user4; - }; - "${loc1}.staging" = { - hostname = "${loc1}.${lifecycle1}.${domain2}"; - user = user4; - }; - "${loc1}.dev" = { - hostname = "${loc1}.${lifecycle2}.${domain2}"; - user = user4; - }; - "${loc2}" = { - hostname = "${loc2}.${domain1}"; - user = user1Long; - }; - "${loc2}.stg" = { - hostname = "${loc2}.${lifecycle1}.${domain2}"; - user = user1Long; - }; - "${loc2}.staging" = { - hostname = "${loc2}.${lifecycle1}.${domain2}"; - user = user1Long; - }; - "*.${domain1}" = { - user = user1Long; - }; - }; - }; + ssh.matchBlocks = confLib.getConfig.repo.secrets.local.work.sshConfig; firefox = { profiles = @@ -764,6 +731,8 @@ in path = "${homeDir}/.aws/certs/harica-root.pem"; owner = mainUser; }; + yubikey-1 = { inherit sopsFile; owner = mainUser; }; + ucKey = { inherit sopsFile; owner = mainUser; }; }; }; diff --git a/modules/nixos/client/hardwarecompatibility-yubikey.nix b/modules/nixos/client/hardwarecompatibility-yubikey.nix index 58b0078..8c5e11e 100644 --- a/modules/nixos/client/hardwarecompatibility-yubikey.nix +++ b/modules/nixos/client/hardwarecompatibility-yubikey.nix @@ -6,9 +6,20 @@ in { options.swarselmodules.yubikey = lib.mkEnableOption "yubikey config"; config = lib.mkIf config.swarselmodules.yubikey { - programs.ssh.startAgent = false; + programs.ssh = { + startAgent = false; # yes we want this to use FIDO2 keys + # enableAskPassword = true; + # askPassword = lib.getExe pkgs.kdePackages.ksshaskpass; + }; + services = { + gnome.gcr-ssh-agent.enable = false; + yubikey-agent.enable = false; + pcscd.enable = true; - services.pcscd.enable = true; + udev.packages = with pkgs; [ + yubikey-personalization + ]; + }; hardware.gpgSmartcards.enable = true; @@ -27,9 +38,8 @@ in }; }; - services.udev.packages = with pkgs; [ - yubikey-personalization + environment.systemPackages = with pkgs; [ + kdePackages.ksshaskpass ]; - }; } diff --git a/modules/nixos/common/home-manager-secrets.nix b/modules/nixos/common/home-manager-secrets.nix index ef4d8a3..7d6e790 100644 --- a/modules/nixos/common/home-manager-secrets.nix +++ b/modules/nixos/common/home-manager-secrets.nix @@ -4,6 +4,7 @@ let inherit (config.repo.secrets.common.emacs) radicaleUser; certsSopsFile = self + /secrets/repo/certs.yaml; + workSopsFile = self + /secrets/work/secrets.yaml; in { config = { } // lib.optionalAttrs withHomeManager { @@ -29,6 +30,8 @@ in github-forge-token = { owner = mainUser; }; }) // (lib.optionalAttrs (modules ? optional-work) { harica-root-ca = { sopsFile = certsSopsFile; path = "${homeDir}/.aws/certs/harica-root.pem"; owner = mainUser; }; + yubikey-1 = { sopsFile = workSopsFile; owner = mainUser; }; + ucKey = { sopsFile = workSopsFile; owner = mainUser; }; }) // (lib.optionalAttrs (modules ? optional-noctalia) { radicale-token = { owner = mainUser; }; }) // (lib.optionalAttrs modules.anki { diff --git a/modules/nixos/common/pii.nix b/modules/nixos/common/pii.nix index d10ed18..49f0540 100644 --- a/modules/nixos/common/pii.nix +++ b/modules/nixos/common/pii.nix @@ -1,5 +1,5 @@ # largely based on https://github.com/oddlama/nix-config/blob/main/modules/secrets.nix -{ config, inputs, lib, nodes, globals, ... }: +{ config, inputs, lib, homeLib, nodes, globals, ... }: let # If the given expression is a bare set, it will be wrapped in a function, # so that the imported file can always be applied to the inputs, similar to @@ -53,7 +53,7 @@ in secrets = lib.mkOption { readOnly = true; - default = lib.mapAttrs (_: x: importEncrypted x { inherit lib nodes globals inputs; inherit (inputs.topologyPrivate) topologyPrivate; }) config.repo.secretFiles; + default = lib.mapAttrs (_: x: importEncrypted x { inherit lib homeLib nodes globals inputs config; inherit (inputs.topologyPrivate) topologyPrivate; }) config.repo.secretFiles; type = lib.types.unspecified; description = "Exposes the loaded repo secrets. This option is read-only."; }; diff --git a/secrets/work/secrets.yaml b/secrets/work/secrets.yaml index 6537a9b..d3b934b 100644 --- a/secrets/work/secrets.yaml +++ b/secrets/work/secrets.yaml @@ -10,6 +10,8 @@ govcds: ENC[AES256_GCM,data:X5R+N9A1ZkCMGJb4yNiAcfPxzQ==,iv:8Yx06B/R/9p6oTOnqPod govchost: ENC[AES256_GCM,data:l/5kcvUQkT/4TYl1j7Ws,iv:Lc+D4ukKkTrIIg8sKy/9NYX1D6xMgL8oEGWZ9DzJtFM=,tag:MuvEJEVYNchT1iDTRPwvbQ==,type:str] govcnetwork: ENC[AES256_GCM,data:Hevnb0fAMbXTrg1CCmAgwZbJ+sxaTUgJLRc=,iv:UoNyPYuKnACv/euoE5SGlsF4/0ni32+ysLc7nM/pCrQ=,tag:jSHYFecVUvmTKr6AmNLbgw==,type:str] govcpool: ENC[AES256_GCM,data:sfglbCi3,iv:UdvDgyI8AAFdfOxKD1sVYCof7rXFPavq8eYDaK6Kp2I=,tag:iMn7XPf0rmql2EiaqsAn8w==,type:str] +yubikey-1: ENC[AES256_GCM,data:iAdCdHCq7S7y7Br1AgTe9+swdPaG7lwI8mX1WbNRC+vobek8/5pjkCGN8cEVNFKkgQKjpKsSDTRHaA2xfEwENpF/7defvuQLzxEJohNJGbDbm8ofy1/y+ICsruylyGhmh9ACT98xfZRwMxT1vGPeYcDlhX6q4k1+sUeoZ17y0nuMJHLS/IRCYobuCbVSCWD5HRXBYIj+qIwS0w6cSiu2idM3P5cgdcvtvldLPOt6txGf2+fjWioaHF6mgQyS6sn4VyT1on8FwFTLqan+rFPldvNlgx+VakEhMKgyo+lMOGH8KrK5gMZyQaZIJ4JH7CvXS3Wyyofd598Q+kmkN/QIIDnAj3dAPiKNk/O5IMrANUHy3dDhb2SZAlYdws5kQaoe3sNwJiBI8FZY1dJxnsXnT2Ii9RFxlW4bt9hWvOElKvcH7esmtRDoO3vJo6oYVanhf1kQpQ6x+//9PM1GkdWZlgLy/3UPok0LnwABW+2/oKO/shafAo/rP11VADcmVBtv93SVkA8JVFbQHEhctKWr61RZGiSXGaWwXu1Jn32HMJw+eiC2gbW5OOFUHPVXpu+BI0tm5tOSFF19ze1Ks2VfN532qVTqIzLY+Y7OD3jHzP5mPr015SLGdg==,iv:etzqt2BFRzxXE32s2XBoTNE79k6jWCkoG+HsqnKLezE=,tag:L+SsPjqUC/vD8oFR5djnxw==,type:str] +ucKey: ENC[AES256_GCM,data:V07A8EsZcqNlggxehQ/RsYFZWkyce+RDUT01zweE2y972WtqX3cyWHI2ZrW0FoVxHdGMW2IEDptqERiBdnJZt9OpnDYkN88/ZGzXHRMPBIhDlxM9+ww9sDepfoA7TIxnkM68TjP4WswkHQejhR/+dQXd0Go7ej5k/83FvHvDJ+RNi7bBN9kwGtlv6O0DeqZwahzjGwlqzQBZD5RoWC+Hv6v50y8KA4tMFUgJmUKpUJKyN12W+Wd8g/aLNzRQWEqy8TadOlg3rOLEYJLiR4lkUUSVUMtRESI+1UKHQzpGgEboC2dcHJ5wwRYHntLtCXy9SuX9Uwbbs/iyehdAmvNp4h9pWocL7GzverAatl3JHznRfyI5HHAUcLwZcAc1yJ1w225PiWjudJGPUTDLyvq0DR8wzZQtiziv4agNqkqtZ53pCPKJvwB5wKvQvbJHB/4l6ZxFNSo20/1GT4HCrSP8Q+w+H25NAM90HFVKWBclv7ZG/hhnbcqCUrE37aWVl/nPVZMThg6ySH3iv51eV4jGUFctzFj0YClmePQH,iv:MhcRyy718AFpwfkUrY40sS5Ry1tFpexx/ck5EF5JRyo=,tag:EQWcodkt9RgKllE02L7yow==,type:str] sops: age: - recipient: age15cx90pnp54xp5gxlt02yn9j2pz968wp3l5ukdkx55xuecp34e5pszjku4m @@ -21,8 +23,8 @@ sops: VDhiYldnZ3piamFoUHBuU0ZVaGQvbk0K/n41+x2YL/rpaEAUbjvCtyUmw1uwCXVo jmH2cXi/GH4CSoLY6oekq1m9dY/Jxgl7BK+KdRwf79IwhpP98E0xzA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-07-03T13:26:17Z" - mac: ENC[AES256_GCM,data:35J6pbaTXcq8zW3wtLqBAHSTaWjCxx+BsOZlKWNwxEOCkGzXIIKFtakZJIaMktgPNLvYOlUEOP7dhjUc5IvJCM5beMSNOjBVJJNnLkKQv5sCJK+4p4uTzXo3Neht/Y3xan4DQItdm5lwwQpyNlCecGynVjqN+F44liyxsAR8gtQ=,iv:gaVY3PUn7NdmBNAvuvij990T5pRrAfqY1qgCPWxGBiA=,tag:CuOMqH34hlQX8WPikAL0qw==,type:str] + lastmodified: "2026-03-24T18:20:57Z" + mac: ENC[AES256_GCM,data:0pRVfuZN0rQqGIkOiq91LE0UPxNTY7Os+iR1uMISOyQ8UDdM5aN5LGGYIAOIkFiJBO8CZbXzu1BerywUA6vb3odGq/9J8aQSHOB39wxOssjarPqwLlutMnLzo/eJWdM8c0DJ3pGUUIJPjPcJr9EEblyY9+PYOPt4QgCx/6/JwoQ=,iv:xusha09BS0IX7qZoQXqP3K7EseDLsBA3LHJ8T1bbD0I=,tag:GJmjKk0P0pO9P2aVBAeYQw==,type:str] pgp: - created_at: "2025-12-02T15:00:16Z" enc: |- @@ -56,4 +58,4 @@ sops: -----END PGP MESSAGE----- fp: 4BE7925262289B476DBBC17B76FD3810215AE097 unencrypted_suffix: _unencrypted - version: 3.10.2 + version: 3.12.1 From 361f77a447d388d99a3856773ffbf5dd2b5772d5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leon=20Schwarz=C3=A4ugl?= Date: Wed, 25 Mar 2026 13:56:15 +0100 Subject: [PATCH 3/3] fix[work]: update libvirtd config for vagrant --- SwarselSystems.org | 73 +++++++++++++++----- hosts/nixos/x86_64-linux/pyramid/default.nix | 1 + modules/nixos/optional/work.nix | 72 ++++++++++++++----- 3 files changed, 112 insertions(+), 34 deletions(-) diff --git a/SwarselSystems.org b/SwarselSystems.org index 8e8a375..e97076e 100644 --- a/SwarselSystems.org +++ b/SwarselSystems.org @@ -3872,6 +3872,7 @@ My work machine. Built for more security, this is the gold standard of my config personal = true; }; + networking.nftables.firewall.zones.untrusted.interfaces = [ "wlan*" "enp*" ]; # networking.nftables = { # enable = lib.mkForce false; # firewall.enable = lib.mkForce false; @@ -20033,10 +20034,42 @@ When setting up a new machine: }; - firewall = { - enable = lib.mkDefault true; - trustedInterfaces = [ "virbr0" ]; + nftables = { + firewall = { + zones = { + virbr = { + interfaces = [ "virbr*" ]; + }; + }; + rules = { + virbr-dns-dhcp = { + from = [ "virbr" ]; + to = [ "local" ]; + allowedTCPPorts = [ 53 ]; + allowedUDPPorts = [ 53 67 547 ]; + }; + virbr-forward = { + from = [ "virbr" ]; + to = [ "untrusted" ]; + verdict = "accept"; + }; + virbr-forward-return = { + from = [ "untrusted" ]; + to = [ "virbr" ]; + extraLines = [ + "ct state { established, related } accept" + ]; + }; + }; + }; + chains.postrouting.libvirt-masq = { + after = [ "dnat" ]; + rules = [ + "iifname \"virbr*\" masquerade" + ]; + }; }; + search = [ "vbc.ac.at" "clip.vbc.ac.at" @@ -20044,6 +20077,24 @@ When setting up a new machine: ]; }; + systemd.services = { + virtqemud.path = with pkgs; [ + qemu_kvm + libvirt + ]; + + virtstoraged.path = with pkgs; [ + qemu_kvm + libvirt + ]; + + virtnetworkd.path = with pkgs; [ + dnsmasq + iproute2 + nftables + ]; + }; + virtualisation = { docker.enable = lib.mkIf (!config.virtualisation.podman.dockerCompat) true; spiceUSBRedirection.enable = true; @@ -20054,22 +20105,12 @@ When setting up a new machine: runAsRoot = true; swtpm.enable = true; vhostUserPackages = with pkgs; [ virtiofsd ]; - # ovmf = { - # enable = true; - # packages = [ - # (pkgs.OVMFFull.override { - # secureBoot = true; - # tpmSupport = true; - # }).fd - # ]; - # }; }; }; }; environment.systemPackages = with pkgs; [ remmina - # gp-onsaml-gui python39 qemu packer @@ -20078,7 +20119,6 @@ When setting up a new machine: govc terraform opentofu - # dev.terragrunt terragrunt graphviz azure-cli @@ -20102,7 +20142,7 @@ When setting up a new machine: openssh = { enable = true; extraConfig = '' - ''; + ''; }; syncthing = { @@ -20123,10 +20163,9 @@ When setting up a new machine: }; }; - # ACTION=="remove", ENV{PRODUCT}=="3/1050/407/110", RUN+="${pkgs.kanshi}/bin/kanshictl switch laptoponly" udev.extraRules = '' # lock screen when yubikey removed - ACTION=="remove", ENV{PRODUCT}=="3/1050/407/110", RUN+="${pkgs.systemd}/bin/systemctl suspend" + ACTION=="remove", ENV{PRODUCT}=="3/1050/407/110", RUN+="${pkgs.systemd}/bin/systemctl suspend" ''; }; diff --git a/hosts/nixos/x86_64-linux/pyramid/default.nix b/hosts/nixos/x86_64-linux/pyramid/default.nix index 60d2522..25f8485 100644 --- a/hosts/nixos/x86_64-linux/pyramid/default.nix +++ b/hosts/nixos/x86_64-linux/pyramid/default.nix @@ -79,6 +79,7 @@ in personal = true; }; + networking.nftables.firewall.zones.untrusted.interfaces = [ "wlan*" "enp*" ]; # networking.nftables = { # enable = lib.mkForce false; # firewall.enable = lib.mkForce false; diff --git a/modules/nixos/optional/work.nix b/modules/nixos/optional/work.nix index b75c41e..2cec98f 100644 --- a/modules/nixos/optional/work.nix +++ b/modules/nixos/optional/work.nix @@ -123,10 +123,42 @@ in }; - firewall = { - enable = lib.mkDefault true; - trustedInterfaces = [ "virbr0" ]; + nftables = { + firewall = { + zones = { + virbr = { + interfaces = [ "virbr*" ]; + }; + }; + rules = { + virbr-dns-dhcp = { + from = [ "virbr" ]; + to = [ "local" ]; + allowedTCPPorts = [ 53 ]; + allowedUDPPorts = [ 53 67 547 ]; + }; + virbr-forward = { + from = [ "virbr" ]; + to = [ "untrusted" ]; + verdict = "accept"; + }; + virbr-forward-return = { + from = [ "untrusted" ]; + to = [ "virbr" ]; + extraLines = [ + "ct state { established, related } accept" + ]; + }; + }; + }; + chains.postrouting.libvirt-masq = { + after = [ "dnat" ]; + rules = [ + "iifname \"virbr*\" masquerade" + ]; + }; }; + search = [ "vbc.ac.at" "clip.vbc.ac.at" @@ -134,6 +166,24 @@ in ]; }; + systemd.services = { + virtqemud.path = with pkgs; [ + qemu_kvm + libvirt + ]; + + virtstoraged.path = with pkgs; [ + qemu_kvm + libvirt + ]; + + virtnetworkd.path = with pkgs; [ + dnsmasq + iproute2 + nftables + ]; + }; + virtualisation = { docker.enable = lib.mkIf (!config.virtualisation.podman.dockerCompat) true; spiceUSBRedirection.enable = true; @@ -144,22 +194,12 @@ in runAsRoot = true; swtpm.enable = true; vhostUserPackages = with pkgs; [ virtiofsd ]; - # ovmf = { - # enable = true; - # packages = [ - # (pkgs.OVMFFull.override { - # secureBoot = true; - # tpmSupport = true; - # }).fd - # ]; - # }; }; }; }; environment.systemPackages = with pkgs; [ remmina - # gp-onsaml-gui python39 qemu packer @@ -168,7 +208,6 @@ in govc terraform opentofu - # dev.terragrunt terragrunt graphviz azure-cli @@ -192,7 +231,7 @@ in openssh = { enable = true; extraConfig = '' - ''; + ''; }; syncthing = { @@ -213,10 +252,9 @@ in }; }; - # ACTION=="remove", ENV{PRODUCT}=="3/1050/407/110", RUN+="${pkgs.kanshi}/bin/kanshictl switch laptoponly" udev.extraRules = '' # lock screen when yubikey removed - ACTION=="remove", ENV{PRODUCT}=="3/1050/407/110", RUN+="${pkgs.systemd}/bin/systemctl suspend" + ACTION=="remove", ENV{PRODUCT}=="3/1050/407/110", RUN+="${pkgs.systemd}/bin/systemctl suspend" ''; };