swarsel/.dotfiles
1
0
Fork 0
mirror of https://github.com/Swarsel/.dotfiles.git synced 2026-04-14 13:19:09 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Compare commits

base: swarsel:91f4393800382350ea44b4bddeebcba5bcb4655e
Branches Tags
swarsel:main
swarsel:migrate/den-dev
swarsel:dev
swarsel:topology-oci
swarsel:v1.1.4
swarsel:v1.1.3
swarsel:v1.1.2
swarsel:v1.1.1
swarsel:v1.1.0
swarsel:v1.0.0
swarsel:v0.1.0
swarsel:v1.0.0-1
..
compare: swarsel:b1b2fc68a340b615bb7cab5c2c6349c40aec26c2
Branches Tags
swarsel:migrate/den-dev
swarsel:main
swarsel:dev
swarsel:topology-oci
swarsel:v1.1.4
swarsel:v1.1.3
swarsel:v1.1.2
swarsel:v1.1.1
swarsel:v1.1.0
swarsel:v1.0.0
swarsel:v0.1.0
swarsel:v1.0.0-1

7 commits
91f4393800 ... b1b2fc68a3

Author SHA1 Message Date
Leon Schwarzäugl
b1b2fc68a3
chore[client]: improve emacs repolist
Some checks failed
Build and Deploy / build (push) Has been cancelled
Details
Flake check / Check flake (push) Has been cancelled
Details
Build and Deploy / deploy (push) Has been cancelled
Details
2026-03-05 23:14:13 +01:00
Leon Schwarzäugl
05548fdfcb
chore[client]: improve cdr 2026-03-05 23:13:42 +01:00
Leon Schwarzäugl
a0d3e701a5
feat: improve niri+noctalia 2026-03-05 23:13:26 +01:00
Leon Schwarzäugl
ec4e302f44
feat: add khal 2026-03-05 23:13:12 +01:00
Leon Schwarzäugl
2ea5b9c764
chore: update flake 2026-03-05 23:13:07 +01:00
Leon Schwarzäugl
c1a5cfa20c
docs: improve docs 2026-03-05 23:03:57 +01:00
Leon Schwarzäugl
130444f5d7
feat: overhaul overlays 2026-03-05 23:01:13 +01:00
51 changed files with 2562 additions and 1644 deletions
Download patch file Download diff file Expand all files Collapse all files

1982
SwarselSystems.org
View file

File diff suppressed because it is too large Load diff

28
files/emacs/init.el
View file

@ -162,16 +162,30 @@ create a new one."
(define-key minibuffer-local-filename-completion-map
[C-backspace] #'up-directory)
(declare-function consult--read "consult")
(defun swarsel/consult-magit-repos ()
(interactive)
(require 'magit)
(let* ((repos (magit-list-repos))
(repo (consult--read repos
:prompt "Magit repo: "
:require-match t
:history 'my/consult-magit-repos-history
:sort t)))
(magit-status repo)))
(let ((repos (magit-list-repos)))
(unless repos
(user-error "No repositories found in `magit-repository-directories'"))
(let ((repo
(if (or (fboundp 'consult--read)
(require 'consult nil t))
(consult--read repos
:prompt "Magit repo: "
:require-match t
:history 'my/consult-magit-repos-history
:sort t)
(completing-read "Magit repo: "
repos
nil
t
nil
'my/consult-magit-repos-history))))
(when (and repo (> (length repo) 0))
(magit-status repo)))))
(defun swarsel/org-mode-setup ()
(variable-pitch-mode 1)

1363
flake.lock generated
View file

File diff suppressed because it is too large Load diff

10
flake.nix
View file

@ -28,7 +28,9 @@
smallpkgs.url = "github:nixos/nixpkgs/08fcb0dcb59df0344652b38ea6326a2d8271baff?narHash=sha256-HXIQzULIG/MEUW2Q/Ss47oE3QrjxvpUX7gUl4Xp6lnc%3D&shallow=1";
nixpkgs-dev.url = "github:Swarsel/nixpkgs/main";
nixpkgs-bisect.url = "github:nixos/nixpkgs/master";
nixpkgs-kernel.url = "github:NixOS/nixpkgs/063f43f2dbdef86376cc29ad646c45c46e93234c?narHash=sha256-6m1Y3/4pVw1RWTsrkAK2VMYSzG4MMIj7sqUy7o8th1o%3D"; #specifically pinned for kernel version
nixpkgs-update.url = "github:r-ryantm/nixpkgs/auto-update/oauth2-proxy";
# nixpkgs-kernel.url = "github:NixOS/nixpkgs/063f43f2dbdef86376cc29ad646c45c46e93234c?narHash=sha256-6m1Y3/4pVw1RWTsrkAK2VMYSzG4MMIj7sqUy7o8th1o%3D"; #specifically pinned for kernel version
nixpkgs-kernel.url = "github:nixos/nixpkgs/dd9b079222d43e1943b6ebd802f04fd959dc8e61?narHash=sha256-I45esRSssFtJ8p/gLHUZ1OUaaTaVLluNkABkk6arQwE%3D"; #specifically pinned for kernel version
nixpkgs-stable.url = "github:NixOS/nixpkgs/nixos-25.11";
nixpkgs-oddlama.url = "github:oddlama/nixpkgs/update/firezone-server";
nixpkgs-stable24_05.url = "github:NixOS/nixpkgs/nixos-24.05";
@ -70,7 +72,8 @@
systems.url = "github:nix-systems/default";
nur.url = "github:nix-community/NUR";
nixgl.url = "github:guibou/nixGL";
stylix.url = "github:danth/stylix";
# stylix.url = "github:danth/stylix";
stylix.url = "github:Swarsel/stylix";
sops.url = "github:Mic92/sops-nix";
lanzaboote.url = "github:nix-community/lanzaboote";
nix-on-droid.url = "github:nix-community/nix-on-droid/release-24.05";
@ -87,6 +90,7 @@
flake-parts.url = "github:hercules-ci/flake-parts";
devshell.url = "github:numtide/devshell";
spicetify-nix.url = "github:Gerg-l/spicetify-nix";
# spicetify-nix.url = "github:Swarsel/spicetify-nix";
niri-flake.url = "github:sodiboo/niri-flake";
nixos-extra-modules.url = "github:oddlama/nixos-extra-modules/main";
microvm.url = "github:astro/microvm.nix";
@ -95,6 +99,8 @@
simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/master";
nixos-nftables-firewall.url = "github:thelegy/nixos-nftables-firewall";
pia.url = "github:Swarsel/pia.nix/custom";
niritiling.url = "github:Swarsel/niritiling";
noctoggle.url = "git+ssh://git@github.com/Swarsel/noctoggle.git?ref=main";
};
outputs =

3
hosts/nixos/x86_64-linux/pyramid/hardware-configuration.nix
View file

@ -22,7 +22,8 @@
# '';
boot = {
kernelPackages = lib.mkDefault pkgs.kernel.linuxPackages;
# kernelPackages = lib.mkDefault pkgs.kernel.linuxPackages;
kernelPackages = lib.mkDefault pkgs.kernel.linuxPackages_latest;
# kernelPackages = lib.mkDefault pkgs.linuxPackages_latest;
binfmt.emulatedSystems = [ "aarch64-linux" ];
initrd = {

4
modules/home/common/anki.nix
View file

@ -10,7 +10,7 @@ in
programs.anki = {
enable = true;
# # package = pkgs.anki;
package = pkgs.anki;
hideBottomBar = true;
hideBottomBarMode = "always";
hideTopBar = true;
@ -18,7 +18,7 @@ in
reduceMotion = true;
spacebarRatesCard = true;
# videoDriver = "opengl";
sync = {
profiles."User 1".sync = {
autoSync = false; # sync on profile close will delay system shutdown
syncMedia = true;
autoSyncMediaMinutes = 5;

14
modules/home/common/khal.nix Normal file
View file

@ -0,0 +1,14 @@
{ lib, config, pkgs, ... }:
let
moduleName = "khal";
in
{
options.swarselmodules.${moduleName} = lib.mkEnableOption "enable ${moduleName} and settings";
config = lib.mkIf config.swarselmodules.${moduleName} {
programs.${moduleName} = {
enable = true;
package = pkgs.khal;
};
};
}

11
modules/home/common/packages.nix
View file

@ -14,7 +14,6 @@
picard-tools
audacity
sox
# stable.feishin # does not work with oauth2-proxy
calibre
# printing
@ -32,7 +31,7 @@
(aspellWithDicts (dicts: with dicts; [ de en en-computers en-science ]))
# browser
stable24_11.vieb
vieb
mgba
# utilities
@ -89,7 +88,7 @@
# element-desktop
nicotine-plus
stable25_05.transmission_3
transmission_3
mktorrent
hugo
@ -150,13 +149,7 @@
slurp
# the following packages are used (in some way) by waybar
# playerctl
pavucontrol
# stable.pamixer
# gnome.gnome-clocks
# wlogout
# jdiskreport
# monitor
#keychain
qalculate-gtk

7
modules/home/common/programs.nix
View file

@ -9,8 +9,7 @@
pkgs.bat-extras.batdiff
pkgs.bat-extras.batman
pkgs.bat-extras.batwatch
] ++ [
pkgs.stable.bat-extras.batgrep
pkgs.bat-extras.batgrep
];
# extraPackages = with pkgs.bat-extras; [ batdiff batman batgrep batwatch ];
};
@ -88,5 +87,9 @@
];
};
};
home.sessionVariables = {
_ZO_EXCLUDE_DIRS = "$HOME:$HOME/.ansible/*:$HOME/test/*:/persist";
};
};
}

2
modules/home/common/settings.nix
View file

@ -61,6 +61,8 @@ in
nixpkgs = lib.mkIf (!isNixos) {
overlays = [
outputs.overlays.default
outputs.overlays.stables
outputs.overlays.modifications
(final: prev:
let
additions = final: _: import "${self}/pkgs/config" {

2
modules/home/common/swayosd.nix
View file

@ -5,7 +5,7 @@
systemd.user.services.swayosd = confLib.overrideTarget "sway-session.target";
services.swayosd = {
enable = true;
package = pkgs.dev.swayosd;
package = pkgs.swayosd;
topMargin = 0.5;
};
};

2
modules/home/common/vesktop.nix
View file

@ -7,7 +7,7 @@ in
config = lib.mkIf config.swarselmodules.${moduleName} {
programs.${moduleName} = {
enable = true;
package = pkgs.stable.vesktop;
package = pkgs.vesktop;
settings = {
appBadge = false;
arRPC = false;

59
modules/home/optional/niri.nix
View file

@ -8,6 +8,7 @@
package = pkgs.niri-stable; # which package to use for niri validation
settings = {
gestures.hot-corners.enable = false;
hotkey-overlay.skip-at-startup = true;
debug = {
honor-xdg-activation-with-invalid-serial = [ ];
};
@ -105,17 +106,19 @@
};
binds = with config.lib.niri.actions; let
sh = spawn "sh" "-c";
resizer = "niri-resize & sleep 0.05";
in
{
"Mod+Shift+t".action = toggle-window-rule-opacity;
"Mod+m".action = focus-workspace-previous;
"Mod+Shift+Space".action = toggle-window-floating;
"Mod+Shift+f".action = fullscreen-window;
"Mod+q".action = sh "${resizer} && niri msg action close-window";
"Mod+f".action = sh "${resizer} && exec firefox";
# "Mod+q".action = sh "${resizer} && niri msg action close-window";
"Mod+q".action = sh "niri msg action close-window";
# "Mod+f".action = sh "${resizer} && exec firefox";
"Mod+f".action = sh "exec firefox";
# "Mod+Space".action = spawn "noctalia-shell" "ipc" "call" "launcher" "toggle";
"Mod+Space".action = sh "${resizer} && exec noctalia-shell ipc call launcher toggle";
# "Mod+Space".action = sh "${resizer} && exec noctalia-shell ipc call launcher toggle";
"Mod+Space".action = sh "exec noctalia-shell ipc call launcher toggle";
# "Mod+Space".action = sh "${resizer} & exec fuzzel";
"Mod+z".action = spawn "noctalia-shell" "ipc" "call" "bar" "toggle";
"Mod+Shift+c".action = spawn "qalculate-gtk";
@ -130,11 +133,16 @@
"Mod+Shift+s".action.screenshot-window = { write-to-disk = true; };
# "Mod+Shift+v".action = spawn "wf-recorder" "-g" "'$(slurp -f %o -or)'" "-f" "~/Videos/screenrecord_$(date +%Y-%m-%d-%H%M%S).mkv";
"Mod+e".action = sh "${resizer} && exec emacsclient -nquc -a emacs -e '(dashboard-open)'";
"Mod+c".action = sh "${resizer} && exec emacsclient -ce '(org-capture)'";
"Mod+t".action = sh "${resizer} && exec emacsclient -ce '(org-agenda)'";
"Mod+Shift+m".action = sh "${resizer} && exec emacsclient -ce '(mu4e)'";
"Mod+Shift+a".action = sh "${resizer} && exec emacsclient -ce '(swarsel/open-calendar)'";
# "Mod+e".action = sh "${resizer} && exec emacsclient -nquc -a emacs -e '(dashboard-open)'";
"Mod+e".action = sh "exec emacsclient -nquc -a emacs -e '(dashboard-open)'";
# "Mod+c".action = sh "${resizer} && exec emacsclient -ce '(org-capture)'";
"Mod+c".action = sh "exec emacsclient -ce '(org-capture)'";
# "Mod+t".action = sh "${resizer} && exec emacsclient -ce '(org-agenda)'";
"Mod+t".action = sh "exec emacsclient -ce '(org-agenda)'";
# "Mod+Shift+m".action = sh "${resizer} && exec emacsclient -ce '(mu4e)'";
"Mod+Shift+m".action = sh "exec emacsclient -ce '(mu4e)'";
# "Mod+Shift+a".action = sh "${resizer} && exec emacsclient -ce '(swarsel/open-calendar)'";
"Mod+Shift+a".action = sh "exec emacsclient -ce '(swarsel/open-calendar)'";
"Mod+a".action = spawn "swarselcheck-niri" "-s";
"Mod+x".action = spawn "swarselcheck-niri" "-k";
@ -159,7 +167,8 @@
# "Mod+Shift+e".action = "exec swaynag -t warning -m 'You pressed the exit shortcut. Do you really want to exit sway? This will end your Wayland session.' -b 'Yes, exit sway' 'swaymsg exit'";
# "Mod+r".action = "mode resize";
# "Mod+Return".action = "exec kitty";
"Mod+Return".action = sh "${resizer} && exec kitty -o confirm_os_window_close=0";
# "Mod+Return".action = sh "${resizer} && exec kitty -o confirm_os_window_close=0";
"Mod+Return".action = sh "exec kitty -o confirm_os_window_close=0";
"XF86AudioRaiseVolume".action = spawn "noctalia-shell" "ipc" "call" "volume" "increase";
"XF86AudioLowerVolume".action = spawn "noctalia-shell" "ipc" "call" "volume" "decrease";
"XF86AudioMute".action = spawn "noctalia-shell" "ipc" "call" "volume" "muteOutput";
@ -205,7 +214,7 @@
# { command = [ "niri" "msg" "action" "focus-workspace" "2" ]; }
# { command = [ "noctalia-shell" ]; }
# { argv = [ "pkill" "mako" ]; }
{ argv = [ "systemctl" "--user" "restart" "noctalia-shell.target" "tray.target" ]; }
{ argv = [ "systemctl" "--user" "restart" "noctalia-shell.target" ]; }
];
# workspaces = {
# "01-Main" = {
@ -218,5 +227,33 @@
};
};
xdg.portal = {
enable = true;
xdgOpenUsePortal = true;
config.niri = {
default = [
"gtk"
"gnome"
];
"org.freedesktop.impl.portal.Access" = [ "gtk" ];
"org.freedesktop.impl.portal.Notification" = [ "gtk" ];
"org.freedesktop.impl.portal.Secret" = [ "gnome-keyring" ];
"org.freedesktop.impl.portal.FileChooser" = [ "gtk" ];
"org.freedesktop.impl.portal.ScreenCast" = [ "xdg-desktop-portal-gnome" ];
"org.freedesktop.impl.portal.Screenshot" = [ "xdg-desktop-portal-gnome" ];
};
extraPortals = [
pkgs.gnome-keyring
pkgs.xdg-desktop-portal-gtk
pkgs.xdg-desktop-portal-gnome
];
};
swarselmodules.gnome-keyring = lib.swarselsystems.mkStrong true;
home.packages = [
pkgs.nirius
];
};
}

88
modules/home/optional/noctalia.nix
View file

@ -1,8 +1,13 @@
{ self, inputs, config, pkgs, lib, confLib, ... }:
{ self, inputs, config, pkgs, lib, confLib, type, ... }:
let
inherit (confLib.getConfig.repo.secrets.common) caldavTasksEndpoint;
inherit (config.swarselsystems) xdgDir;
in
{
imports = [
inputs.noctalia.homeModules.default
];
options.swarselmodules.optional-noctalia = lib.swarselsystems.mkTrueOption;
config = {
systemd.user = {
targets = {
@ -11,24 +16,35 @@
};
tray = {
Unit = {
After = [ "noctalia-init.service" ];
PartOf = [ "noctalia-shell.service" ];
Wants = [ "noctalia-init.service" ];
After = [
"noctalia-shell.service"
"noctalia-init.service"
];
};
Install.WantedBy = [ "noctalia-shell.target" ];
};
};
services = {
noctalia-shell = confLib.overrideTarget "noctalia-shell.target";
noctalia-shell = {
Unit.PartOf = [ "noctalia-shell.target" ];
Install.WantedBy = [ "noctalia-shell.target" ];
};
noctalia-init = {
Unit = {
Requires = [ "noctalia-shell.service" ];
After = [ "noctalia-shell.service" ];
};
Service = {
Type = "oneshot";
ExecStart = "${pkgs.coreutils}/bin/sleep 15";
ExecStart = "${pkgs.coreutils}/bin/sleep 3";
RemainAfterExit = true;
};
Install = {
WantedBy = [ "noctalia-shell.target" ];
WantedBy = [ "tray.target" ];
};
};
};
@ -38,7 +54,7 @@
fastfetch.enable = true;
noctalia-shell = {
enable = true;
package = pkgs.noctalia-shell.override { calendarSupport = true; };
package = pkgs.noctalia-shell;
systemd.enable = true;
settings = {
bar = {
@ -58,7 +74,7 @@
frameRadius = 12;
outerCorners = false;
hideOnOverview = false;
displayMode = "auto_hide";
displayMode = "non_exclusive";
autoHideDelay = 100;
autoShowDelay = 300;
screenOverrides = [ ];
@ -107,7 +123,7 @@
todos = [ ];
useCustomColors = false;
};
id = "plugin:todo";
id = "plugin:ba7043:todo";
}
];
center = [
@ -149,7 +165,7 @@
showUnreadBadge = true;
}
{
id = "plugin:ba7043:github-feed";
id = "plugin:github-feed";
}
{
id = "plugin:clipper";
@ -175,7 +191,7 @@
showPowerProfiles = true;
}
{
colorName = "primary";
iconColor = "none";
id = "SessionMenu";
}
{
@ -189,7 +205,7 @@
}
{
colorizeDistroLogo = false;
colorizeSystemIcon = "primary";
colorizeSystemIcon = "none";
customIconPath = "${self}/files/icons/swarsel.png";
enableColorization = true;
icon = "noctalia";
@ -322,9 +338,12 @@
viewMode = "list";
showCategories = false;
iconMode = "native";
density = "compact";
overviewLayer = false;
showIconBackground = false;
enableSettingsSearch = false;
enableWindowsSearch = false;
enableSessionSearch = false;
ignoreMouseInput = true;
screenshotAnnotationTool = "";
};
@ -434,36 +453,49 @@
command = "";
countdownEnabled = true;
enabled = true;
keybind = "L";
}
{
action = "suspend";
command = "";
countdownEnabled = true;
enabled = true;
keybind = "S";
}
{
action = "hibernate";
command = "";
countdownEnabled = true;
enabled = true;
keybind = "H";
}
{
action = "reboot";
command = "";
countdownEnabled = true;
enabled = true;
keybind = "R";
}
{
action = "logout";
command = "";
countdownEnabled = true;
enabled = true;
keybind = "U";
}
{
action = "shutdown";
command = "";
countdownEnabled = true;
enabled = true;
keybind = "P";
}
{
action = "rebootToUefi";
command = "";
countdownEnabled = true;
enabled = true;
keybind = "B";
}
];
};
@ -550,7 +582,7 @@
"unicode-picker"
"screen-recorder"
]) // {
github-feed = {
todo = {
enabled = true;
sourceUrl = "https://github.com/Swarsel/noctalia-plugins";
};
@ -561,6 +593,28 @@
enableTodoIntegration = false;
};
todo = {
caldavEnabled = true;
caldavUrl = caldavTasksEndpoint;
caldavUsername = config.swarselsystems.mainUser;
caldavPasswordType = "file";
caldavPasswordCmd = "";
caldavPasswordFile = confLib.getConfig.sops.secrets.radicale-token.path;
caldavSyncInterval = 300;
current_page_id = 1;
pages = [
{
id = 0;
name = "General";
}
{
id = 1;
name = "Work";
}
];
};
privacy-indicator = {
hideInactive = true;
iconSpacing = 4;
@ -598,8 +652,8 @@
# my fork:
showNotificationBadge = true;
colorizationEnabled = true;
colorizationIcon = "Primary";
colorizationBadge = "Tertiary";
colorizationIcon = "None";
colorizationBadge = "Primary";
colorizationBadgeText = "None";
defaultTab = 1;
enableSystemNotifications = true;
@ -615,5 +669,9 @@
};
};
};
} // lib.optionalAttrs (type != "nixos") {
sops.secrets = lib.mkIf (!config.swarselsystems.isPublic && !config.swarselsystems.isNixos) {
radicale-token = { path = "${xdgDir}/secrets/radicaleToken"; };
};
};
}

18
modules/home/optional/work.nix
View file

@ -11,7 +11,7 @@ in
config = {
home = {
packages = with pkgs; [
stable.teams-for-linux
teams-for-linux
shellcheck
dig
docker
@ -21,9 +21,12 @@ in
prometheus.cli
tigervnc
# openstackclient
step-cli
vscode-fhs
copilot-cli
antigravity
vscode
dev.antigravity
rustdesk-vbc
];
@ -145,7 +148,7 @@ in
programs =
let
inherit (confLib.getConfig.repo.secrets.local.work) user1 user1Long user2 user2Long user3 user3Long user4 path1 loc1 loc2 site1 site2 site3 site4 site5 site6 site7 lifecycle1 lifecycle2 domain1 domain2 gitMail clouds;
inherit (confLib.getConfig.repo.secrets.local.work) user1 user1Long user2 user2Long user3 user3Long user4 path1 loc1 loc2 site1 site2 site3 site4 site5 site6 site7 lifecycle1 lifecycle2 domain1 domain2 clouds;
in
{
openstackclient = {
@ -154,7 +157,7 @@ in
};
awscli = {
enable = true;
package = pkgs.stable24_05.awscli2;
package = pkgs.awscli2;
# settings = {
# "default" = { };
# "profile s3-imagebuilder-prod" = { };
@ -166,7 +169,8 @@ in
# };
# };
};
git.settings.user.email = lib.mkForce gitMail;
# this is no longer needed since moving away from bitbucket
# git.settings.user.email = lib.mkForce gitMail;
zsh = {
shellAliases = {
@ -552,7 +556,7 @@ in
};
Service = {
ExecStart = "${pkgs.stable.teams-for-linux}/bin/teams-for-linux --disableGpu=true --minimized=true --trayIconEnabled=true";
ExecStart = "${pkgs.teams-for-linux}/bin/teams-for-linux --disableGpu=true --minimized=true --trayIconEnabled=true";
};
};

2
modules/nixos/client/distrobox.nix
View file

@ -10,7 +10,7 @@
virtualisation.podman = {
enable = true;
dockerCompat = true;
package = pkgs.stable.podman;
package = pkgs.podman;
};
};
}

2
modules/nixos/client/hardware.nix
View file

@ -33,7 +33,7 @@
bluetooth = lib.mkIf config.swarselsystems.hasBluetooth {
enable = true;
package = pkgs.stable.bluez;
package = pkgs.bluez;
powerOnBoot = true;
settings = {
General = {

43
modules/nixos/client/nix-ld.nix
View file

@ -82,31 +82,30 @@
pipewire
pixman
speex
# stable.cc.cc
stable25_05.steam-fhsenv-without-steam
steam-fhsenv-without-steam
systemd
tbb
vulkan-loader
xorg.libICE
xorg.libSM
xorg.libX11
xorg.libXScrnSaver
xorg.libXcomposite
xorg.libXcursor
xorg.libXdamage
xorg.libXext
xorg.libXfixes
xorg.libXft
xorg.libXi
xorg.libXinerama
xorg.libXmu
xorg.libXrandr
xorg.libXrender
xorg.libXt
xorg.libXtst
xorg.libXxf86vm
xorg.libxcb
xorg.libxshmfence
libice
libsm
libx11
libxscrnsaver
libxcomposite
libxcursor
libxdamage
libxext
libxfixes
libxft
libxi
libxinerama
libxmu
libxrandr
libxrender
libxt
libxtst
libxxf86vm
libxcb
libxshmfence
zlib
];
};

1
modules/nixos/client/packages.nix
View file

@ -16,6 +16,7 @@
pcsc-tools
pcscliteWithPolkit.out
# ledger packages
ledger-live-desktop

2
modules/nixos/client/pipewire.nix
View file

@ -6,7 +6,7 @@
services.pipewire = {
enable = true;
package = pkgs.stable.pipewire;
package = pkgs.pipewire;
pulse.enable = true;
jack.enable = true;
audio.enable = true;

6
modules/nixos/client/swayosd.nix
View file

@ -2,8 +2,8 @@
{
options.swarselmodules.swayosd = lib.mkEnableOption "swayosd settings";
config = lib.mkIf config.swarselmodules.swayosd {
environment.systemPackages = [ pkgs.dev.swayosd ];
services.udev.packages = [ pkgs.dev.swayosd ];
environment.systemPackages = [ pkgs.swayosd ];
services.udev.packages = [ pkgs.swayosd ];
systemd.services.swayosd-libinput-backend = {
description = "SwayOSD LibInput backend for listening to certain keys like CapsLock, ScrollLock, VolumeUp, etc.";
documentation = [ "https://github.com/ErikReider/SwayOSD" ];
@ -14,7 +14,7 @@
serviceConfig = {
Type = "dbus";
BusName = "org.erikreider.swayosd";
ExecStart = "${pkgs.dev.swayosd}/bin/swayosd-libinput-backend";
ExecStart = "${pkgs.swayosd}/bin/swayosd-libinput-backend";
Restart = "on-failure";
};
};

2
modules/nixos/common/home-manager-secrets.nix
View file

@ -29,6 +29,8 @@ in
github-forge-token = { owner = mainUser; };
}) // (lib.optionalAttrs (modules ? optional-work) {
harica-root-ca = { sopsFile = certsSopsFile; path = "${homeDir}/.aws/certs/harica-root.pem"; owner = mainUser; };
}) // (lib.optionalAttrs (modules ? optional-noctalia) {
radicale-token = { owner = mainUser; };
}) // (lib.optionalAttrs modules.anki {
anki-user = { owner = mainUser; };
anki-pw = { owner = mainUser; };

2
modules/nixos/common/settings.nix
View file

@ -122,6 +122,8 @@ in
nixpkgs = {
overlays = [
outputs.overlays.default
outputs.overlays.stables
outputs.overlays.modifications
] ++ lib.optionals withHomeManager [
(final: prev:
let

2
modules/nixos/common/users.nix
View file

@ -30,7 +30,7 @@
description = "Leon S";
password = lib.mkIf (minimal || config.swarselsystems.isPublic) "setup";
hashedPasswordFile = lib.mkIf (!minimal && !config.swarselsystems.isPublic) config.sops.secrets.main-user-hashed-pw.path;
extraGroups = [ "wheel" ] ++ lib.optionals (!minimal && !config.swarselsystems.isMicroVM) [ "networkmanager" "syncthing" "docker" "lp" "audio" "video" "vboxusers" "libvirtd" "scanner" ];
extraGroups = [ "wheel" ] ++ lib.optionals (!minimal && !config.swarselsystems.isMicroVM) [ "networkmanager" "input" "syncthing" "docker" "lp" "audio" "video" "vboxusers" "libvirtd" "scanner" ];
packages = with pkgs; [ ];
};
};

6
modules/nixos/darwin/default.nix
View file

@ -12,7 +12,11 @@ in
nix.settings.experimental-features = "nix-command flakes";
nixpkgs = {
hostPlatform = "x86_64-darwin";
overlays = [ outputs.overlays.default ];
overlays = [
outputs.overlays.default
outputs.overlays.stables
outputs.overlays.modifications
];
config = {
allowUnfree = true;
};

1
modules/nixos/optional/niri.nix
View file

@ -19,6 +19,7 @@
xwayland-satellite-unstable
];
services.niritiling.enable = true;
programs = {
niri = {

11
modules/nixos/optional/noctalia.nix
View file

@ -11,7 +11,16 @@
services = {
upower.enable = true; # needed for battery percentage
gnome.evolution-data-server.enable = true; # needed for calendar integration
noctoggle = {
enable = true;
# noctaliaPackage = pkgs.noctalia-shell;
};
};
programs = {
gpu-screen-recorder.enable = true;
evolution.enable = true;
};
programs.gpu-screen-recorder.enable = true;
};
}

2
modules/nixos/optional/virtualbox.nix
View file

@ -8,7 +8,7 @@
enable = true;
enableKvm = true;
addNetworkInterface = lib.mkIf config.virtualisation.virtualbox.host.enableKvm false;
package = pkgs.stable.virtualbox;
package = pkgs.virtualbox;
enableExtensionPack = true;
};
# leaving this here for future notice. setting guest.enable = true will make 'restarting sysinit-reactivation.target' take till timeout on nixos-rebuild switch

2
modules/nixos/optional/work.nix
View file

@ -160,7 +160,7 @@ in
environment.systemPackages = with pkgs; [
remmina
# gp-onsaml-gui
stable24_11.python39
python39
qemu
packer
gnumake

8
modules/nixos/server/firezone.nix
View file

@ -174,19 +174,19 @@ in
domain = {
settings.ERLANG_DISTRIBUTION_PORT = domainPort;
package = pkgs.dev.firezone-server-domain;
package = pkgs.firezone-server-domain;
};
api = {
externalUrl = "https://${serviceDomain}/api/";
address = "0.0.0.0";
port = apiPort;
package = pkgs.dev.firezone-server-api;
package = pkgs.firezone-server-api;
};
web = {
externalUrl = "https://${serviceDomain}/";
address = "0.0.0.0";
port = webPort;
package = pkgs.dev.firezone-server-web;
package = pkgs.firezone-server-web;
};
};
@ -199,7 +199,7 @@ in
publicIpv4 = proxyAddress4;
publicIpv6 = proxyAddress6;
openFirewall = lib.mkIf (!isProxied) true;
package = pkgs.dev.firezone-relay;
package = pkgs.firezone-relay;
};
};
# systemd.services.firezone-initialize =

40
modules/nixos/server/kanidm.nix
View file

@ -110,7 +110,7 @@ in
};
script = ''
set -eu
set -eu
${pkgs.coreutils}/bin/install -d -m 0755 ${certsDir}
${if config.swarselsystems.isImpermanence then "${pkgs.coreutils}/bin/install -d -m 0755 /persist${certsDir}" else ""}
@ -205,23 +205,27 @@ in
services = {
${serviceName} = {
package = pkgs.kanidmWithSecretProvisioning_1_8;
enableServer = true;
serverSettings = {
domain = serviceDomain;
origin = "https://${serviceDomain}";
# tls_chain = config.sops.secrets.kanidm-self-signed-crt.path;
tls_chain = certPathBase;
# tls_key = config.sops.secrets.kanidm-self-signed-key.path;
tls_key = keyPathBase;
bindaddress = "0.0.0.0:${toString servicePort}";
# trust_x_forward_for = true;
package = pkgs.kanidmWithSecretProvisioning_1_9;
server = {
enable = true;
settings = {
domain = serviceDomain;
origin = "https://${serviceDomain}";
# tls_chain = config.sops.secrets.kanidm-self-signed-crt.path;
tls_chain = certPathBase;
# tls_key = config.sops.secrets.kanidm-self-signed-key.path;
tls_key = keyPathBase;
bindaddress = "0.0.0.0:${toString servicePort}";
# trust_x_forward_for = true;
};
};
enableClient = true;
clientSettings = {
uri = config.services.kanidm.serverSettings.origin;
verify_ca = true;
verify_hostnames = true;
client = {
enable = true;
settings = {
uri = config.services.kanidm.server.settings.origin;
verify_ca = true;
verify_hostnames = true;
};
};
provision = {
enable = true;
@ -416,7 +420,7 @@ in
nodes =
let
extraConfig = ''
allow ${globals.networks.home-lan.vlans.services.cidrv4};
allow ${globals.networks.home-lan.vlans.services.cidrv4};
allow ${globals.networks.home-lan.vlans.services.cidrv6};
'';
in

5
modules/nixos/server/kavita.nix
View file

@ -1,4 +1,4 @@
{ self, lib, config, pkgs, globals, dns, confLib, ... }:
{ lib, config, globals, dns, confLib, ... }:
let
inherit (config.swarselsystems) sopsFile;
@ -8,9 +8,6 @@ in
{
options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
config = lib.mkIf config.swarselmodules.server.${serviceName} {
environment.systemPackages = with pkgs; [
calibre
];
users = {
persistentIds.kavita = confLib.mkIds 995;

8
modules/nixos/server/mailserver.nix
View file

@ -1,7 +1,7 @@
{ self, lib, config, globals, dns, confLib, ... }:
let
inherit (config.swarselsystems) sopsFile;
inherit (confLib.gen { name = "mailserver"; dir = "/var/lib/dovecot"; user = "virtualMail"; group = "virtualMail"; port = 80; }) serviceName serviceDir servicePort serviceUser serviceGroup serviceAddress serviceDomain proxyAddress4 proxyAddress6;
inherit (confLib.gen { name = "mailserver"; dir = "/var/lib/dovecot"; user = "virtualMail"; group = "virtualMail"; port = 443; }) serviceName serviceDir servicePort serviceUser serviceGroup serviceAddress serviceDomain proxyAddress4 proxyAddress6;
inherit (confLib.static) isHome webProxy homeWebProxy dnsServer homeServiceAddress nginxAccessRules;
inherit (config.repo.secrets.local.mailserver) user1 alias1_1 alias1_2 alias1_3 alias1_4 user2 alias2_1 alias2_2 alias2_3 user3;
baseDomain = globals.domains.main;
@ -127,7 +127,7 @@ in
};
# the rest of the ports are managed by snm
networking.firewall.allowedTCPPorts = [ 80 servicePort ];
networking.firewall.allowedTCPPorts = [ 80 443 ];
services.nginx = {
virtualHosts = {
@ -158,8 +158,8 @@ in
"${globals.services.${serviceName}.subDomain}" = dns.lib.combinators.host endpointAddress4 endpointAddress6;
"${globals.services.roundcube.subDomain}" = dns.lib.combinators.host proxyAddress4 proxyAddress6;
};
${webProxy}.services.nginx = confLib.genNginx { inherit serviceAddress servicePort serviceName extraConfigLoc; serviceDomain = roundcubeDomain; maxBody = 0; };
${homeWebProxy}.services.nginx = lib.mkIf isHome (confLib.genNginx { inherit servicePort serviceName extraConfigLoc; serviceDomain = roundcubeDomain; maxBody = 0; extraConfig = nginxAccessRules; serviceAddress = homeServiceAddress; });
${webProxy}.services.nginx = confLib.genNginx { inherit serviceAddress servicePort serviceName extraConfigLoc; serviceDomain = roundcubeDomain; protocol = "https"; maxBody = 0; };
${homeWebProxy}.services.nginx = lib.mkIf isHome (confLib.genNginx { inherit servicePort serviceName extraConfigLoc; serviceDomain = roundcubeDomain; protocol = "https"; maxBody = 0; extraConfig = nginxAccessRules; serviceAddress = homeServiceAddress; });
};
};

4
modules/nixos/server/monitoring.nix
View file

@ -124,7 +124,9 @@ in
analytics.reporting_enabled = false;
users.allow_sign_up = false;
security = {
admin_password = "$__file{/run/secrets/grafana-admin-pw}";
# admin_password = "$__file{/run/secrets/grafana-admin-pw}";
disable_initial_admin_creation = true;
secret_key = "$__file{${config.sops.secrets.grafana-admin-pw.path}}";
cookie_secure = true;
disable_gravatar = true;
};

1
modules/nixos/server/navidrome.nix
View file

@ -82,7 +82,6 @@ in
services.${serviceName} = {
enable = true;
# openFirewall = true;
settings = {
LogLevel = "debug";
Address = "0.0.0.0";

2
modules/nixos/server/nextcloud.nix
View file

@ -5,7 +5,7 @@ let
inherit (confLib.gen { name = "nextcloud"; port = 80; }) servicePort serviceName serviceUser serviceGroup serviceDomain serviceAddress proxyAddress4 proxyAddress6;
inherit (confLib.static) isHome dnsServer webProxy homeWebProxy homeServiceAddress nginxAccessRules;
nextcloudVersion = "32";
nextcloudVersion = "33";
in
{
options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";

6
modules/nixos/server/oauth2-proxy.nix
View file

@ -165,14 +165,14 @@ in
services = {
${serviceName} = {
enable = true;
package = pkgs.dev.oauth2-proxy;
package = pkgs.update.oauth2-proxy;
cookie = {
domain = ".${mainDomain}";
secure = true;
expire = "900m";
secret = null; # set by service EnvironmentFile
secretFile = null;
};
clientSecret = null; # set by service EnvironmentFile
clientSecretFile = null;
reverseProxy = true;
httpAddress = "0.0.0.0:${builtins.toString servicePort}";
redirectURL = "https://${serviceDomain}/oauth2/callback";

9
modules/nixos/server/paperless.nix
View file

@ -103,18 +103,19 @@ in
gotenberg = {
enable = true;
package = pkgs.stable.gotenberg;
package = pkgs.gotenberg;
libreoffice.package = pkgs.libreoffice;
port = gotenbergPort;
bindIP = "127.0.0.1";
timeout = "600s";
chromium.package = pkgs.stable.chromium;
chromium.package = pkgs.chromium;
};
};
# Add secret to PAPERLESS_SOCIALACCOUNT_PROVIDERS
systemd.services.paperless-web.script = lib.mkBefore ''
oidcSecret=$(< ${config.sops.secrets.kanidm-paperless-client.path})
oidcSecret=$(< ${config.sops.secrets.kanidm-paperless-client.path})
export PAPERLESS_SOCIALACCOUNT_PROVIDERS=$(
${pkgs.jq}/bin/jq <<< "$PAPERLESS_SOCIALACCOUNT_PROVIDERS" \
--compact-output \
@ -125,7 +126,7 @@ in
nodes =
let
extraConfigLoc = ''
proxy_connect_timeout 300;
proxy_connect_timeout 300;
proxy_send_timeout 300;
proxy_read_timeout 300;
send_timeout 300;

57
modules/shared/vars.nix
View file

@ -1,14 +1,17 @@
{ self, lib, pkgs, ... }:
{ self, pkgs, ... }:
{
_module.args = {
vars = rec {
waylandSessionVariables = {
SDL_VIDEODRIVER = "wayland";
QT_WAYLAND_DISABLE_WINDOWDECORATION = "1";
QT_QPA_PLATFORM = "wayland-egl";
ANKI_WAYLAND = "1";
OBSIDIAN_USE_WAYLAND = "1";
MOZ_ENABLE_WAYLAND = "1";
MOZ_WEBRENDER = "1";
NIXOS_OZONE_WL = "1";
OBSIDIAN_USE_WAYLAND = "1";
QT_QPA_PLATFORM = "wayland-egl";
QT_WAYLAND_DISABLE_WINDOWDECORATION = "1";
SDL_VIDEODRIVER = "wayland";
_JAVA_AWT_WM_NONREPARENTING = "1";
};
waylandExports =
@ -94,28 +97,28 @@
noscript
# configure a shortcut 'ctrl+shift+c' with behaviour 'do nothing' in order to disable the dev console shortcut
(buildFirefoxXpiAddon {
pname = "shortkeys";
version = "4.0.2";
addonId = "Shortkeys@Shortkeys.com";
url = "https://addons.mozilla.org/firefox/downloads/file/3673761/shortkeys-4.0.2.xpi";
sha256 = "c6fe12efdd7a871787ac4526eea79ecc1acda8a99724aa2a2a55c88a9acf467c";
meta = with lib;
{
description = "Easily customizable custom keyboard shortcuts for Firefox. To configure this addon go to Addons (ctrl+shift+a) ->Shortkeys ->Options. Report issues here (please specify that the issue is found in Firefox): https://github.com/mikecrittenden/shortkeys";
mozPermissions = [
"tabs"
"downloads"
"clipboardWrite"
"browsingData"
"storage"
"bookmarks"
"sessions"
"<all_urls>"
];
platforms = platforms.all;
};
})
# (buildFirefoxXpiAddon {
# pname = "shortkeys";
# version = "4.0.2";
# addonId = "Shortkeys@Shortkeys.com";
# url = "https://addons.mozilla.org/firefox/downloads/file/3673761/shortkeys-4.0.2.xpi";
# sha256 = "c6fe12efdd7a871787ac4526eea79ecc1acda8a99724aa2a2a55c88a9acf467c";
# meta = with lib;
# {
# description = "Easily customizable custom keyboard shortcuts for Firefox. To configure this addon go to Addons (ctrl+shift+a) ->Shortkeys ->Options. Report issues here (please specify that the issue is found in Firefox): https://github.com/mikecrittenden/shortkeys";
# mozPermissions = [
# "tabs"
# "downloads"
# "clipboardWrite"
# "browsingData"
# "storage"
# "bookmarks"
# "sessions"
# "<all_urls>"
# ];
# platforms = platforms.all;
# };
# })
];
};

2
nix/hosts.nix
View file

@ -34,6 +34,8 @@
inputs.swarsel-nix.nixosModules.default
inputs.nixos-nftables-firewall.nixosModules.default
inputs.pia.nixosModules.default
inputs.niritiling.nixosModules.default
inputs.noctoggle.nixosModules.default
(inputs.nixos-extra-modules + "/modules/guests")
(inputs.nixos-extra-modules + "/modules/interface-naming.nix")
"${self}/hosts/nixos/${arch}/${configName}"

2
nix/iso.nix
View file

@ -5,7 +5,7 @@
packages = {
# nix build --print-out-paths --no-link .#live-iso
live-iso = inputs.nixos-generators.nixosGenerate {
inherit pkgs;
inherit pkgs system;
specialArgs = { inherit self; };
modules = [
inputs.home-manager.nixosModules.home-manager

6
nix/lib.nix
View file

@ -49,7 +49,11 @@ let
pkgsFor = lib.genAttrs (import systems) (system:
import inputs.nixpkgs {
inherit system;
overlays = [ self.overlays.default ];
overlays = [
self.overlays.default
self.overlays.stables
self.overlays.modifications
];
config.allowUnfree = true;
}
);

235
nix/overlays.nix
View file

@ -6,93 +6,162 @@ in
{
flake = _:
{
overlays = {
default = final: prev:
let
additions = final: _: import "${self}/pkgs/flake" { pkgs = final; inherit self lib; }
// {
swarsel-nix = import inputs.swarsel-nix {
pkgs = prev;
};
zjstatus = inputs.zjstatus.packages.${prev.system}.default;
};
overlays =
let
nixpkgs-stable-versions = final: _:
let
nixpkgsInputs =
lib.filterAttrs
(name: _v: builtins.match "^nixpkgs-.*" name != null)
inputs;
modifications = final: prev: {
# vesktop = prev.vesktop.override {
# withSystemVencord = true;
# };
rename = name: builtins.replaceStrings [ "nixpkgs-" ] [ "" ] name;
lib = prev.lib // {
swarselsystems = self.outputs.swarselsystemsLib;
hm = self.outputs.homeLib;
mkPkgs = src:
import src {
inherit (final.stdenv.hostPlatform) system;
config.allowUnfree = true;
};
in
builtins.listToAttrs (map
(name: {
name = rename name;
value = mkPkgs nixpkgsInputs.${name};
})
(builtins.attrNames nixpkgsInputs));
in
rec {
default = additions;
additions = final: prev:
let
additions = final: _: import "${self}/pkgs/flake" { pkgs = final; inherit self lib; }
// {
swarsel-nix = import inputs.swarsel-nix {
pkgs = prev;
};
zjstatus = inputs.zjstatus.packages.${prev.stdenv.hostPlatform.system}.default;
};
firefox = prev.firefox.override {
nativeMessagingHosts = [
prev.tridactyl-native
prev.browserpass
# prev.plasma5Packages.plasma-browser-integration
];
in
(additions final prev)
// (nixpkgs-stable-versions final prev)
// (inputs.niri-flake.overlays.niri final prev)
// (inputs.noctalia.overlays.default final prev)
// (inputs.vbc-nix.overlays.default final prev)
// (inputs.nur.overlays.default final prev)
// (inputs.emacs-overlay.overlay final prev)
// (inputs.nix-topology.overlays.default final prev)
// (inputs.nix-index-database.overlays.nix-index final prev)
// (inputs.nixgl.overlay final prev)
// (inputs.nix-minecraft.overlay final prev)
// (inputs.nixos-extra-modules.overlays.default final prev);
stables = final: prev:
let
mkUsePkgsFrom = pkgsFrom: names:
builtins.listToAttrs (map
(name: {
inherit name;
value = pkgsFrom.${name};
})
names);
from =
let
stablePackages = nixpkgs-stable-versions final prev;
in
key:
stablePackages.${key} or (throw "Missing nixpkgs input nixpkgs-${key}");
in
(mkUsePkgsFrom (from "dev") [
# "swayosd"
"firezone-relay"
"firezone-server-web"
"firezone-server-api"
"firezone-server-domain"
])
// (mkUsePkgsFrom (from "stable24_05") [
"awscli2"
])
// (mkUsePkgsFrom (from "stable24_11") [
"python39"
"spotify"
"vieb"
])
// (mkUsePkgsFrom (from "stable25_05") [
"steam-fhsenv-without-steam"
"transmission_3"
])
// (mkUsePkgsFrom (from "stable") [
# "anki"
"azure-cli"
# "bat-extras.batgrep"
# "bluez"
"calibre"
# "chromium"
"dwarfs"
"gotenberg"
"khal"
"libreoffice"
"libreoffice-qt"
"nerd-fonts-symbols-only"
"noto-fonts"
"noto-fonts-cjk-sans"
"noto-fonts-color-emoji"
# "pipewire"
"podman"
"teams-for-linux"
# "vesktop"
"virtualbox"
]);
modifications = final: prev:
let
modifications = final: prev: {
# vesktop = prev.vesktop.override {
# withSystemVencord = true;
# };
lib = prev.lib // {
swarselsystems = self.outputs.swarselsystemsLib;
hm = self.outputs.homeLib;
};
firefox = prev.firefox.override {
nativeMessagingHosts = [
prev.tridactyl-native
prev.browserpass
# prev.plasma5Packages.plasma-browser-integration
];
};
isync = prev.isync.override {
withCyrusSaslXoauth2 = true;
};
mgba = final.swarsel-mgba;
noctalia-shell = prev.noctalia-shell.override {
calendarSupport = true;
};
retroarch = prev.retroarch.withCores (cores: with cores; [
snes9x # snes
nestopia # nes
dosbox # dos
scummvm # scumm
vba-m # gb/a
mgba # gb/a
melonds # ds
dolphin # gc/wii
]);
};
isync = prev.isync.override {
withCyrusSaslXoauth2 = true;
};
mgba = final.swarsel-mgba;
retroarch = prev.retroarch.withCores (cores: with cores; [
snes9x # snes
nestopia # nes
dosbox # dos
scummvm # scumm
vba-m # gb/a
mgba # gb/a
melonds # ds
dolphin # gc/wii
]);
};
nixpkgs-stable-versions = final: _:
let
nixpkgsInputs =
lib.filterAttrs
(name: _v: builtins.match "^nixpkgs-.*" name != null)
inputs;
rename = name: builtins.replaceStrings [ "nixpkgs-" ] [ "" ] name;
mkPkgs = src:
import src {
inherit (final) system;
config.allowUnfree = true;
};
in
builtins.listToAttrs (map
(name: {
name = rename name;
value = mkPkgs nixpkgsInputs.${name};
})
(builtins.attrNames nixpkgsInputs));
in
lib.recursiveUpdate
(
(additions final prev)
// (nixpkgs-stable-versions final prev)
// (inputs.niri-flake.overlays.niri final prev)
// (inputs.noctalia.overlays.default final prev)
// (inputs.vbc-nix.overlays.default final prev)
// (inputs.nur.overlays.default final prev)
// (inputs.emacs-overlay.overlay final prev)
// (inputs.nix-topology.overlays.default final prev)
// (inputs.nix-index-database.overlays.nix-index final prev)
// (inputs.nixgl.overlay final prev)
// (inputs.nix-minecraft.overlay final prev)
// (inputs.nixos-extra-modules.overlays.default final prev)
)
(modifications final prev);
};
in
modifications final prev;
};
};
}

2
nix/packages.nix
View file

@ -42,6 +42,8 @@
};
overlays = [
self.overlays.default
self.overlays.stables
self.overlays.modifications
];
};
inherit pkgs;

30
pkgs/config/cdr/default.nix
View file

@ -4,10 +4,38 @@ writeShellApplication {
inherit name;
runtimeInputs = [ fzf ];
text = ''
cdr_had_errexit=0
cdr_had_nounset=0
cdr_had_pipefail=0
case $- in
*e*) cdr_had_errexit=1 ;;
esac
case $- in
*u*) cdr_had_nounset=1 ;;
esac
if set -o 2>/dev/null | grep -q '^pipefail[[:space:]]*on'; then
cdr_had_pipefail=1
fi
set +e
set +u
set +o pipefail 2>/dev/null || true
DOCUMENT_DIR_WORK=${homeConfig.systemd.user.sessionVariables.DOCUMENT_DIR_WORK or ""}
DOCUMENT_DIR_PRIV=${homeConfig.systemd.user.sessionVariables.DOCUMENT_DIR_PRIV}
FLAKE=${homeConfig.home.sessionVariables.FLAKE}
cd "$( (find "$DOCUMENT_DIR_WORK" "$DOCUMENT_DIR_PRIV" -maxdepth 1 && echo "$FLAKE") | fzf )"
cdr_target="$( (find "$DOCUMENT_DIR_WORK" "$DOCUMENT_DIR_PRIV" -maxdepth 1 && echo "$FLAKE") | fzf )"
if [ -n "$cdr_target" ]; then
cd "$cdr_target" || true
fi
if [ "$cdr_had_errexit" -eq 1 ]; then set -e; else set +e; fi
if [ "$cdr_had_nounset" -eq 1 ]; then set -u; else set +u; fi
if [ "$cdr_had_pipefail" -eq 1 ]; then set -o pipefail; else set +o pipefail 2>/dev/null || true; fi
'';
}

34
profiles/home/hotel/default.nix
View file

@ -2,41 +2,15 @@
{
options.swarselprofiles.hotel = lib.mkEnableOption "is this a hotel host";
config = lib.mkIf config.swarselprofiles.hotel {
swarselprofiles.personal = true;
swarselmodules = {
packages = lib.mkForce true;
ownpackages = lib.mkForce true;
general = lib.mkForce true;
nixgl = lib.mkForce true;
sops = lib.mkForce true;
yubikey = lib.mkForce false;
ssh = lib.mkForce true;
stylix = lib.mkForce true;
desktop = lib.mkForce true;
symlink = lib.mkForce true;
ssh = lib.mkForce false;
env = lib.mkForce false;
programs = lib.mkForce true;
nix-index = lib.mkForce true;
direnv = lib.mkForce true;
eza = lib.mkForce true;
git = lib.mkForce false;
fuzzel = lib.mkForce true;
starship = lib.mkForce true;
kitty = lib.mkForce true;
zsh = lib.mkForce true;
zellij = lib.mkForce true;
tmux = lib.mkForce true;
mail = lib.mkForce false;
emacs = lib.mkForce true;
waybar = lib.mkForce true;
firefox = lib.mkForce true;
gnome-keyring = lib.mkForce true;
kdeconnect = lib.mkForce true;
mako = lib.mkForce true;
swayosd = lib.mkForce true;
yubikeytouch = lib.mkForce true;
sway = lib.mkForce true;
kanshi = lib.mkForce true;
gpgagent = lib.mkForce true;
emacs = lib.mkForce false;
obsidian = lib.mkForce false;
gammastep = lib.mkForce false;
};
};

15
profiles/home/personal/default.nix
View file

@ -7,8 +7,8 @@
anki-tray = lib.mkDefault true;
attic-store-push = lib.mkDefault true;
atuin = lib.mkDefault true;
autotiling = lib.mkDefault true;
batsignal = lib.mkDefault true;
autotiling = lib.mkDefault false; # niri
batsignal = lib.mkDefault false; # niri
blueman-applet = lib.mkDefault true;
desktop = lib.mkDefault true;
direnv = lib.mkDefault true;
@ -20,17 +20,18 @@
firefox = lib.mkDefault true;
firezone-tray = lib.mkDefault true;
fuzzel = lib.mkDefault true;
gammastep = lib.mkDefault true;
gammastep = lib.mkDefault false; # niri
general = lib.mkDefault true;
git = lib.mkDefault true;
gnome-keyring = lib.mkDefault true;
gpgagent = lib.mkDefault true;
hexchat = lib.mkDefault true;
kanshi = lib.mkDefault true;
kanshi = lib.mkDefault false; # niri
kdeconnect = lib.mkDefault true;
kitty = lib.mkDefault true;
khal = lib.mkDefault true;
mail = lib.mkDefault true;
mako = lib.mkDefault true;
mako = lib.mkDefault false; # niri
nix-index = lib.mkDefault true;
nixgl = lib.mkDefault true;
nix-your-shell = lib.mkDefault true;
@ -49,9 +50,9 @@
ssh = lib.mkDefault true;
starship = lib.mkDefault true;
stylix = lib.mkDefault true;
sway = lib.mkDefault true;
sway = lib.mkDefault false; # niri
swayidle = lib.mkDefault true;
swaylock = lib.mkDefault true;
swaylock = lib.mkDefault false; # niri
swayosd = lib.mkDefault true;
symlink = lib.mkDefault true;
tmux = lib.mkDefault true;

43
profiles/nixos/hotel/default.nix
View file

@ -2,48 +2,9 @@
{
options.swarselprofiles.hotel = lib.mkEnableOption "is this a hotel host";
config = lib.mkIf config.swarselprofiles.hotel {
swarselprofiles.personal = true;
swarselmodules = {
packages = lib.mkForce true;
general = lib.mkForce true;
home-manager = lib.mkForce true;
xserver = lib.mkForce true;
users = lib.mkForce true;
sops = lib.mkForce true;
env = lib.mkForce true;
security = lib.mkForce true;
systemdTimeout = lib.mkForce true;
hardware = lib.mkForce true;
pulseaudio = lib.mkForce true;
pipewire = lib.mkForce true;
network = lib.mkForce true;
time = lib.mkForce true;
stylix = lib.mkForce true;
programs = lib.mkForce true;
zsh = lib.mkForce true;
syncthing = lib.mkForce true;
blueman = lib.mkForce true;
networkDevices = lib.mkForce true;
gvfs = lib.mkForce true;
interceptionTools = lib.mkForce true;
swayosd = lib.mkForce true;
ppd = lib.mkForce true;
yubikey = lib.mkForce false;
ledger = lib.mkForce true;
keyboards = lib.mkForce true;
login = lib.mkForce true;
nix-ld = lib.mkForce true;
impermanence = lib.mkForce true;
nvd = lib.mkForce true;
gnome-keyring = lib.mkForce true;
sway = lib.mkForce true;
xdg-portal = lib.mkForce true;
distrobox = lib.mkForce true;
appimage = lib.mkForce true;
lid = lib.mkForce true;
lowBattery = lib.mkForce true;
lanzaboote = lib.mkForce true;
autologin = lib.mkForce true;
nftables = lib.mkDefault true;
yubikey = false;
};
};

4
profiles/nixos/personal/default.nix
View file

@ -41,8 +41,8 @@
security = lib.mkDefault true;
sops = lib.mkDefault true;
stylix = lib.mkDefault true;
sway = lib.mkDefault true;
swayosd = lib.mkDefault true;
sway = lib.mkDefault false; # niri
swayosd = lib.mkDefault false; # niri
syncthing = lib.mkDefault true;
systemdTimeout = lib.mkDefault true;
time = lib.mkDefault true;

8
secrets/repo/common.yaml
View file

@ -31,6 +31,8 @@ github-nixpkgs-review-token: ENC[AES256_GCM,data:/4ssZAEwEc9fZeR69GCvLMm4eRv4uab
#ENC[AES256_GCM,data:PI5MX6PgK1y0lqyoYA0=,iv:25UAvFaANHFD04GRafGlCzOc5h+15YPtSES2z2tmpXw=,tag:+XLwQ01+AtGWjtsSQhQ1AQ==,type:comment]
anki-user: ENC[AES256_GCM,data:WoGaNDAHFw==,iv:ZSjHfKMIjlgOuvGl7hVxJc1fE80nfxxXYLgsKangBCs=,tag:UP8ZI7gzOrJJjNDHovIkyg==,type:str]
anki-pw: ENC[AES256_GCM,data:z2SCsSvZIqN2/2VK1EdmcAnl42x5A15PAiK932k3n50Vj1jczGRoSw==,iv:keQCutY4vizVzu5YzPBJLgDLveYDb2VGeEnYmO7CeQw=,tag:KGplFfC5xktNAOTbIlt+Tg==,type:str]
#ENC[AES256_GCM,data:mjwlHRe0Rx9p83eK/LGR,iv:KclQ4xwJMH5HJ9AcmglOCvFIBP6WyEJLyencUdDpzt0=,tag:nRhwhIRPUNmhSZM7ZzUfFA==,type:comment]
radicale-token: ENC[AES256_GCM,data:WEL8Z3gOs/7MAQQ=,iv:osgMVisr/03I+IHI+3jLIn8p5dnZwyja3lQUi+wcH5g=,tag:F1yzI0rZS4sON6T9TuuG9A==,type:str]
#ENC[AES256_GCM,data:veUC1sj6BSqHBA==,iv:L36lv9aQ38/WEaIccQDgOw2PB9U9k/t8x00wIw2Y858=,tag:3s2LBCwGzYpUk8WBj70UGQ==,type:comment]
attic-cache-key: ENC[AES256_GCM,data:2Xw8YX6wiQg2yb2pbZ/UowmzUdhtb2iRTVZZD2ypGaiwhI3mteG3qUgQm1oCz0bp+5jip6+kVzt576qVbUGim/m+dUZYU6mqm64/78bfuTvd/UBlJnmjNtWE2ILjnP+M4EodzbYlBlxwGhFS28wrVOHo77rzbcrPJEwZiqIzSgGIWKdNzzo5AXL2b1lKAngXO6Bi5Jc9W4lkTVFJ/Ixh6aOoHpq9TzsHHx2Aak22969pnxmFFpXKof4eiNGnoGBZDAr8pC7oSwVqDYbZwxH1ulRq863KVQkve+HBR2JJLAQjYHHUJJGhJG9jWYT03WjBNHwIDMTTvC9Fiw9Cr0TG0B8Bxwm3dhgLirjUyLOiST2CbDxxld1M8DJFkBwrih6hMJXmJw8Dlqy/D+3EZXT947BI8ythYjuL3jIHHQhUjfEf+sLdqPSngHolAAKqKE84Xv2FDn2wXGwe8UY3NMmIeaWYZsyDu77KnQR2R+6TuJTOw6vOdDoUJ55YRPdb9UR186b+TiSrP0SZOujoSYGs9dattEvN3XKlm3cQztB9UygmdEk/stDZ/CJIRUNXsu46o1nR5FWPkgoW91Fzxs00QgQMpYlnXM2CWknYMSHL45t0BYA7yuFwq9MYNUK/vrdCr3mtHxA6R28HajDUWoZA6uS+DF/i1nF79sYfam7SdKNCqu2r/1CGLblHQwKT27HmrTCXdjeLqe+Yv7sJzlEbV+sKD+ccW8jI4NZRjCbVJVKydK23YWj94NEt/M2rtxzV30XKw8GClqsdEF+v4nu48oB894RPZCy9qQjaFHnqYpiqSa0oXluiQQmRfA0jtQLRTXN5ri7U/GtfH1za179MFWwMorRMK6qdTt3pi8Fie4UgzGyGq6CugN8HxeMNl70pPVIKjGNO8Npezk6T3YDUpB3/OGY56jhSYxIEadBvW9CqDS7al7zEKgD1wx1gzT2mQh60H2B/InWg9p96qOqVEQxOFDklxlcnygLu3z7Y0mAds/HXOJJnJbagjfxVi+qROOtVrR5y/kySR0pM9Syk8GvqdtRct7qorONAV/yonarEgz+eEFj10kderSsPdz1sgiYe93VLmPp07cdVsUsaDtLW8gXafc3aWOZ8JIkSUhYDbR49pf2bTeoMDoyi9d6pgLr+cJGQbJC/1LmsAIqOQ7WPiTeAZG2lStNf3bwClpUuL0t78UabZyNzJJN5TFDZqGkwXlaJmQ==,iv:6sa44WnyrXW3KQHdGIKuiGWwqp3qtQu4Q9RSXA45PYs=,tag:MbtS4Xx5K8O3mFAlriuuIA==,type:str]
#ENC[AES256_GCM,data:KCqwghIJ8tlGFxMt94svo6285cA1YRbYoeivx6A=,iv:qlZCGrCn5fU1xPQF9wfOMarU6Z7oa3mLtd1LzVzMbuI=,tag:Qq5lBtUsd3lQMx6ffk+kzQ==,type:comment]
@ -353,8 +355,8 @@ sops:
OVRuazF6YzBRckJQdVlJZWZrbThyZGsKxMDtLfQDPiHN934xE98if3cFHLwFpNdm
/RGFLObFn2saTI86D83xmmjgjeosxPX47JvGHyzCHSVeA8Hd+Qp93A==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-12-23T01:11:36Z"
mac: ENC[AES256_GCM,data:e0WoFBQSR5q3GOQ+GMJGBd4lNBAMqlnVjtUq3snxrdvcytb9YvKnoYQH+GjbdGIiqrND8pOVnZt34AjkR8YfpWe+VrkP3Vj/3l+1GjF1XIHbzBNKOQHdYPSVsH2NZwftcAdphbStf3GTlb+b+cpTn4a9Y4pTNGVoOaOA1tBr8bM=,iv:sPXktitTNMkBhHr6E/QRZCVKrgyED9/o9hiivbObACI=,tag:tTNr4UEf92UrtI0Jvi5o3g==,type:str]
lastmodified: "2026-02-26T10:38:07Z"
mac: ENC[AES256_GCM,data:pxaR0X3f5oiCwnrr8jjs8mQDWbjuUkNpFoyQxaC61rRnoLvbkEzxSxmI0zDv2VEcua4Eqfoj7Q4H+qcsR5tM3SjPc0KuYE5eFW4RDv+FIr+XA9om3B4uMy+bIleSvSXroBD+1bLhzJsacudjBpVA6r+INrZKvtjO+L16nNylTSc=,iv:CgOc3ht5zwZGEoxJF6d9ZMwiiNQ2fcnLVFxUxJs6pHY=,tag:4JZgLJlyTbqacIHryciPFg==,type:str]
pgp:
- created_at: "2026-01-12T22:05:05Z"
enc: |-
@ -388,4 +390,4 @@ sops:
-----END PGP MESSAGE-----
fp: 4BE7925262289B476DBBC17B76FD3810215AE097
unencrypted_suffix: _unencrypted
version: 3.11.0
version: 3.12.0

8
secrets/repo/pii.nix.enc
View file

File diff suppressed because one or more lines are too long