swarsel/.dotfiles
1
0
Fork 0
mirror of https://github.com/Swarsel/.dotfiles.git synced 2025-12-06 17:17:22 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Compare commits

base: swarsel:ae2126f363eb72a7c432934f4fb5c1bd1c577467
Branches Tags
swarsel:main
swarsel:feat/router
swarsel:feat/nixos-dns
swarsel:test-extra-modules
swarsel:feat/microvm-preparation
swarsel:v1.1.4
swarsel:v1.1.3
swarsel:v1.1.2
swarsel:v1.1.1
swarsel:v1.1.0
swarsel:v1.0.0
swarsel:v0.1.0
swarsel:v1.0.0-1
..
compare: swarsel:9577cdf243bee1062bb05ca378f7bcf834569baa
Branches Tags
swarsel:feat/router
swarsel:main
swarsel:feat/nixos-dns
swarsel:test-extra-modules
swarsel:feat/microvm-preparation
swarsel:v1.1.4
swarsel:v1.1.3
swarsel:v1.1.2
swarsel:v1.1.1
swarsel:v1.1.0
swarsel:v1.0.0
swarsel:v0.1.0
swarsel:v1.0.0-1

No commits in common. "ae2126f363eb72a7c432934f4fb5c1bd1c577467" and "9577cdf243bee1062bb05ca378f7bcf834569baa" have entirely different histories.
ae2126f363 ... 9577cdf243

19 changed files with 1803 additions and 4086 deletions
Download patch file Download diff file Expand all files Collapse all files

349
SwarselSystems.org
View file

@ -3415,7 +3415,7 @@ This is the "reference implementation" of a setup that runs without NixOS, only
imports = [ imports = [
inputs.stylix.homeManagerModules.stylix inputs.stylix.homeManagerModules.stylix
inputs.sops-nix.homeManagerModules.sops inputs.sops-nix.homeManagerModules.sops
inputs.nix-index-database.homeModules.nix-index inputs.nix-index-database.hmModules.nix-index
"${self}/modules/home" "${self}/modules/home"
"${self}/modules/nixos/common/pii.nix" "${self}/modules/nixos/common/pii.nix"
"${self}/modules/nixos/common/meta.nix" "${self}/modules/nixos/common/meta.nix"
@ -3889,7 +3889,7 @@ in
} }
#+end_src #+end_src
**** Expose home-manager sops secrets in NixOS (automatically active) **** Expose home-manager secrets in NixOS (automatically active)
#+begin_src nix-ts :tangle modules/nixos/common/home-manager-secrets.nix #+begin_src nix-ts :tangle modules/nixos/common/home-manager-secrets.nix
{ lib, config, globals, ... }: { lib, config, globals, ... }:
@ -3913,7 +3913,6 @@ in
fever-pw = { path = "${homeDir}/.emacs.d/.fever"; owner = mainUser; }; fever-pw = { path = "${homeDir}/.emacs.d/.fever"; owner = mainUser; };
}) // (lib.optionalAttrs modules.zsh { }) // (lib.optionalAttrs modules.zsh {
croc-password = { owner = mainUser; }; croc-password = { owner = mainUser; };
github-nixpkgs-review-token = { owner = mainUser; };
}) // (lib.optionalAttrs modules.emacs { }) // (lib.optionalAttrs modules.emacs {
emacs-radicale-pw = { owner = mainUser; }; emacs-radicale-pw = { owner = mainUser; };
}); });
@ -4105,7 +4104,7 @@ We enable the use of =home-manager= as a NixoS module. A nice trick here is the
useUserPackages = true; useUserPackages = true;
verbose = true; verbose = true;
users.${config.swarselsystems.mainUser}.imports = [ users.${config.swarselsystems.mainUser}.imports = [
inputs.nix-index-database.homeModules.nix-index inputs.nix-index-database.hmModules.nix-index
inputs.sops-nix.homeManagerModules.sops inputs.sops-nix.homeManagerModules.sops
# inputs.stylix.homeModules.stylix # inputs.stylix.homeModules.stylix
{ {
@ -4633,9 +4632,7 @@ Next, we will setup some environment variables that need to be set on the system
gst-plugins-ugly gst-plugins-ugly
gst-libav gst-libav
]); ]);
} // (lib.optionalAttrs (!config.swarselsystems.isPublic) { };
GITHUB_NOTIFICATION_TOKEN_PATH = config.sops.secrets.github-notifications-token.path;
});
}; };
}; };
} }
@ -4687,10 +4684,10 @@ There is a persistent bug over Linux kernels that makes the user wait 1m30s on s
options.swarselmodules.systemdTimeout = lib.mkEnableOption "systemd timeout config"; options.swarselmodules.systemdTimeout = lib.mkEnableOption "systemd timeout config";
config = lib.mkIf config.swarselmodules.systemdTimeout { config = lib.mkIf config.swarselmodules.systemdTimeout {
# systemd # systemd
systemd.settings.Manager = { systemd.extraConfig = ''
DefaultTimeoutStartSec = "60s"; DefaultTimeoutStartSec=60s
DefaultTimeoutStopSec = "15s"; DefaultTimeoutStopSec=15s
}; '';
}; };
} }
#+end_src #+end_src
@ -5592,7 +5589,7 @@ This section houses the greetd related settings. I do not really want to use a d
settings = { settings = {
initial_session.command = "sway"; initial_session.command = "sway";
default_session.command = '' default_session.command = ''
${pkgs.tuigreet}/bin/tuigreet \ ${pkgs.greetd.tuigreet}/bin/tuigreet \
--time \ --time \
--asterisks \ --asterisks \
--user-menu \ --user-menu \
@ -5704,7 +5701,7 @@ When a program does not work, start with =nix-ldd <program>=. This will tell you
pixman pixman
speex speex
stdenv.cc.cc stdenv.cc.cc
stable.steam-fhsenv-without-steam steam-fhsenv-without-steam
systemd systemd
tbb tbb
vulkan-loader vulkan-loader
@ -10386,6 +10383,7 @@ Options that I need specifically at work. There are more options at [[#h:f0b2ea9
gh gh
]; ];
services = { services = {
spice-vdagentd.enable = true; spice-vdagentd.enable = true;
openssh = { openssh = {
@ -11212,7 +11210,6 @@ Sets environment variables. Here I am only setting the EDITOR variable, most var
SWARSEL_CAL3NAME = source3-name; SWARSEL_CAL3NAME = source3-name;
SWARSEL_FULLNAME = fullName; SWARSEL_FULLNAME = fullName;
SWARSEL_MAIL_ALL = allMailAddresses; SWARSEL_MAIL_ALL = allMailAddresses;
GITHUB_NOTIFICATION_TOKEN_PATH = nixosConfig.sops.secrets.github-notifications-token.path;
}; };
}; };
} }
@ -11684,7 +11681,6 @@ Currently I only use it as before with =initExtra= though.
sops.secrets = lib.mkIf (!config.swarselsystems.isPublic && !config.swarselsystems.isNixos) { sops.secrets = lib.mkIf (!config.swarselsystems.isPublic && !config.swarselsystems.isNixos) {
croc-password = { }; croc-password = { };
github-nixpkgs-review-token = { };
}; };
programs.zsh = { programs.zsh = {
@ -11719,10 +11715,8 @@ Currently I only use it as before with =initExtra= though.
boot-diff = "nix store diff-closures /run/*-system"; boot-diff = "nix store diff-closures /run/*-system";
gen-diff = "nix profile diff-closures --profile /nix/var/nix/profiles/system"; gen-diff = "nix profile diff-closures --profile /nix/var/nix/profiles/system";
cc = "wl-copy"; cc = "wl-copy";
build-topology = "nix build .#topology.x86_64-linux.config.output"; topology = "nix build .#topology.x86_64-linux.config.output";
build-iso = "nix build --print-out-paths .#live-iso"; iso = "nix build --print-out-paths .#live-iso";
nix-review- = "nix run nixpkgs#nixpkgs-review -- rev HEAD";
nix-review-post = "nix run nixpkgs#nixpkgs-review -- pr --post-result --systems linux";
} }
config.swarselsystems.shellAliases; config.swarselsystems.shellAliases;
autosuggestion.enable = true; autosuggestion.enable = true;
@ -11796,7 +11790,6 @@ Currently I only use it as before with =initExtra= though.
bindkey '^H' my-backward-delete-word bindkey '^H' my-backward-delete-word
export CROC_PASS="$(cat ${nixosConfig.sops.secrets.croc-password.path})" export CROC_PASS="$(cat ${nixosConfig.sops.secrets.croc-password.path})"
export GITHUB_TOKEN="$(cat ${nixosConfig.sops.secrets.github-nixpkgs-review-token.path})"
''; '';
}; };
}; };
@ -11979,76 +11972,22 @@ Normally I use 4 mail accounts - here I set them all up. Three of them are Googl
# this is needed so that mbsync can use the passwords from sops # this is needed so that mbsync can use the passwords from sops
systemd.user.services.mbsync.Unit.After = [ "sops-nix.service" ]; systemd.user.services.mbsync.Unit.After = [ "sops-nix.service" ];
programs.thunderbird = {
enable = true;
profiles.default = {
isDefault = true;
withExternalGnupg = true;
settings = {
"mail.identity.default.archive_enabled" = true;
"mail.identity.default.archive_keep_folder_structure" = true;
"mail.identity.default.compose_html" = false;
"mail.identity.default.protectSubject" = true;
"mail.identity.default.reply_on_top" = 1;
"mail.identity.default.sig_on_reply" = false;
"mail.identity.default.sig_bottom" = false;
"gfx.webrender.all" = true;
"gfx.webrender.enabled" = true;
};
};
settings = {
"mail.server.default.allow_utf8_accept" = true;
"mail.server.default.max_articles" = 1000;
"mail.server.default.check_all_folders_for_new" = true;
"mail.show_headers" = 1;
"mail.identity.default.auto_quote" = true;
"mail.identity.default.attachPgpKey" = true;
"mailnews.default_sort_order" = 2;
"mailnews.default_sort_type" = 18;
"mailnews.default_view_flags" = 0;
"mailnews.sort_threads_by_root" = true;
"mailnews.headers.showMessageId" = true;
"mailnews.headers.showOrganization" = true;
"mailnews.headers.showReferences" = true;
"mailnews.headers.showUserAgent" = true;
"mail.imap.expunge_after_delete" = true;
"mail.server.default.delete_model" = 2;
"mail.warn_on_delete_from_trash" = false;
"mail.warn_on_shift_delete" = false;
"toolkit.telemetry.enabled" = false;
"toolkit.telemetry.rejected" = true;
"toolkit.telemetry.prompted" = 2;
"app.update.auto" = false;
"privacy.donottrackheader.enabled" = true;
};
};
xdg.mimeApps.defaultApplications = {
"x-scheme-handler/mailto" = [ "thunderbird.desktop" ];
"x-scheme-handler/mid" = [ "thunderbird.desktop" ];
"message/rfc822" = [ "thunderbird.desktop" ];
};
accounts = lib.mkIf (config.swarselsystems.isNixos && !config.swarselsystems.isPublic) { accounts = lib.mkIf (config.swarselsystems.isNixos && !config.swarselsystems.isPublic) {
email = email = {
let maildirBasePath = "Mail";
defaultSettings = { accounts = {
imap = { leon = {
host = "imap.gmail.com"; primary = true;
port = 993; address = address1;
tls.enable = true; # SSL/TLS userName = address1;
}; realName = fullName;
smtp = { passwordCommand = "cat ${nixosConfig.sops.secrets.address1-token.path}";
host = "smtp.gmail.com"; gpg = {
port = 465; key = "0x76FD3810215AE097";
tls.enable = true; # SSL/TLS signByDefault = true;
};
thunderbird = {
enable = true;
profiles = [ "default" ];
}; };
imap.host = "imap.gmail.com";
smtp.host = "smtp.gmail.com";
mu.enable = true; mu.enable = true;
msmtp = { msmtp = {
enable = true; enable = true;
@ -12069,10 +12008,7 @@ Normally I use 4 mail accounts - here I set them all up. Three of them are Googl
}; };
}; };
}; };
in
{
maildirBasePath = "Mail";
accounts = {
swarsel = { swarsel = {
address = address4; address = address4;
userName = address4-user; userName = address4-user;
@ -12095,39 +12031,59 @@ Normally I use 4 mail accounts - here I set them all up. Three of them are Googl
}; };
}; };
leon = lib.recursiveUpdate nautilus = {
{
primary = true;
address = address1;
userName = address1;
realName = fullName;
passwordCommand = "cat ${nixosConfig.sops.secrets.address1-token.path}";
gpg = {
key = "0x76FD3810215AE097";
signByDefault = true;
};
}
defaultSettings;
nautilus = lib.recursiveUpdate
{
primary = false; primary = false;
address = address2; address = address2;
userName = address2; userName = address2;
realName = address2-name; realName = address2-name;
passwordCommand = "cat ${nixosConfig.sops.secrets.address2-token.path}"; passwordCommand = "cat ${nixosConfig.sops.secrets.address2-token.path}";
} imap.host = "imap.gmail.com";
defaultSettings; smtp.host = "smtp.gmail.com";
msmtp.enable = true;
mu.enable = true;
mbsync = {
enable = true;
create = "maildir";
expunge = "both";
patterns = [ "*" "![Gmail]*" "[Gmail]/Sent Mail" "[Gmail]/Starred" "[Gmail]/All Mail" ];
extraConfig = {
channel = {
Sync = "All";
};
account = {
Timeout = 120;
PipelineDepth = 1;
};
};
};
};
mrswarsel = lib.recursiveUpdate mrswarsel = {
{
primary = false; primary = false;
address = address3; address = address3;
userName = address3; userName = address3;
realName = address3-name; realName = address3-name;
passwordCommand = "cat ${nixosConfig.sops.secrets.address3-token.path}"; passwordCommand = "cat ${nixosConfig.sops.secrets.address3-token.path}";
} imap.host = "imap.gmail.com";
defaultSettings; smtp.host = "smtp.gmail.com";
msmtp.enable = true;
mu.enable = true;
mbsync = {
enable = true;
create = "maildir";
expunge = "both";
patterns = [ "*" "![Gmail]*" "[Gmail]/Sent Mail" "[Gmail]/Starred" "[Gmail]/All Mail" ];
extraConfig = {
channel = {
Sync = "All";
};
account = {
Timeout = 120;
PipelineDepth = 1;
};
};
};
};
}; };
}; };
@ -13033,10 +12989,9 @@ Currently, I am too lazy to explain every option here, but most of it is very se
"${modifier}+Shift+F12" = "move scratchpad"; "${modifier}+Shift+F12" = "move scratchpad";
"${modifier}+F12" = "scratchpad show"; "${modifier}+F12" = "scratchpad show";
"${modifier}+Shift+c" = "exec qalculate-gtk"; "${modifier}+Shift+c" = "exec qalculate-gtk";
"${modifier}+c" = "exec emacsclient -cF '((name . \"Emacs Popup Anchor\"))' -e '(prot-window-popup-org-capture)'"; "${modifier}+c" = "emacsclient -e '(prot-window-popup-org-capture)'";
"${modifier}+t" = "exec emacsclient -cF '((name . \"Emacs Popup Anchor\"))' -e '(prot-window-popup-org-agenda)'"; "${modifier}+Shift+m" = "emacsclient -e '(prot-window-popup-mu4e)'";
"${modifier}+Shift+m" = "exec emacsclient -cF '((name . \"Emacs Popup Anchor\"))' -e '(prot-window-popup-mu4e)'"; "${modifier}+Shift+a" = "emacsclient -e '(prot-window-popup-swarsel/open-calendar)'";
"${modifier}+Shift+a" = "exec emacsclient -cF '((name . \"Emacs Popup Anchor\"))' -e '(prot-window-popup-swarsel/open-calendar)'";
"${modifier}+p" = "exec pass-fuzzel"; "${modifier}+p" = "exec pass-fuzzel";
"${modifier}+o" = "exec pass-fuzzel --otp"; "${modifier}+o" = "exec pass-fuzzel --otp";
"${modifier}+Shift+p" = "exec pass-fuzzel --type"; "${modifier}+Shift+p" = "exec pass-fuzzel --type";
@ -13169,8 +13124,7 @@ Currently, I am too lazy to explain every option here, but most of it is very se
{ title = "^Add$"; } { title = "^Add$"; }
{ title = "^Picture-in-Picture$"; } { title = "^Picture-in-Picture$"; }
{ title = "Syncthing Tray"; } { title = "Syncthing Tray"; }
{ title = "^Emacs Popup Frame$"; } { title = "Emacs Popup Frame"; }
{ title = "^Emacs Popup Anchor$"; }
{ title = "^spotifytui$"; } { title = "^spotifytui$"; }
{ title = "^kittyterm$"; } { title = "^kittyterm$"; }
{ app_id = "vesktop"; } { app_id = "vesktop"; }
@ -13221,18 +13175,6 @@ Currently, I am too lazy to explain every option here, but most of it is very se
title = "^Picture-in-Picture$"; title = "^Picture-in-Picture$";
}; };
} }
{
command = "resize set width 60 ppt height 60 ppt, opacity 0.99, sticky enable";
criteria = {
title = "^Emacs Popup Frame$";
};
}
{
command = "move container to scratchpad";
criteria = {
title = "^Emacs Popup Anchor$";
};
}
{ {
command = "resize set width 60 ppt height 60 ppt, opacity 0.8, sticky enable, border normal, move container to scratchpad"; command = "resize set width 60 ppt height 60 ppt, opacity 0.8, sticky enable, border normal, move container to scratchpad";
criteria = { criteria = {
@ -13664,8 +13606,7 @@ The rest of the settings is at [[#h:bbf2ecb6-c8ff-4462-b5d5-d45b28604ddf][work]]
in in
{ {
options.swarselmodules.optional.work = lib.mkEnableOption "optional work settings"; options.swarselmodules.optional.work = lib.mkEnableOption "optional work settings";
config = lib.mkIf config.swarselmodules.optional.work config = lib.mkIf config.swarselmodules.optional.work {
{
home.packages = with pkgs; [ home.packages = with pkgs; [
stable.teams-for-linux stable.teams-for-linux
shellcheck shellcheck
@ -13678,92 +13619,13 @@ The rest of the settings is at [[#h:bbf2ecb6-c8ff-4462-b5d5-d45b28604ddf][work]]
stable.prometheus.cli stable.prometheus.cli
tigervnc tigervnc
openstackclient openstackclient
pizauth
]; ];
systemd.user.services.pizauth = {
Unit = {
Description = "Pizauth OAuth2 token manager";
};
Service = {
Type = "simple";
ExecStart = "${pkgs.pizauth}/bin/pizauth server -vvvv -d";
ExecReload = "${pkgs.pizauth}/bin/pizauth reload";
ExecStop = "${pkgs.pizauth}/bin/pizauth shutdown";
};
Install = {
WantedBy = [ "default.target" ];
};
};
home.sessionVariables = { home.sessionVariables = {
DOCUMENT_DIR_PRIV = lib.mkForce "${homeDir}/Documents/Private"; DOCUMENT_DIR_PRIV = lib.mkForce "${homeDir}/Documents/Private";
DOCUMENT_DIR_WORK = lib.mkForce "${homeDir}/Documents/Work"; DOCUMENT_DIR_WORK = lib.mkForce "${homeDir}/Documents/Work";
}; };
accounts.email.accounts.work =
let
inherit (nixosConfig.repo.secrets.local.work) mailAddress mailName;
in
{
primary = false;
address = mailAddress;
userName = mailAddress;
realName = mailName;
passwordCommand = "pizauth show work";
imap = {
host = "outlook.office365.com";
port = 993;
tls.enable = true; # SSL/TLS
};
smtp = {
host = "outlook.office365.com";
port = 587;
tls = {
enable = true; # SSL/TLS
useStartTls = true;
};
};
thunderbird = {
enable = true;
profiles = [ "default" ];
settings = id: {
"mail.smtpserver.smtp_${id}.authMethod" = 10; # oauth
"mail.server.server_${id}.authMethod" = 10; # oauth
# "toolkit.telemetry.enabled" = false;
# "toolkit.telemetry.rejected" = true;
# "toolkit.telemetry.prompted" = 2;
};
};
msmtp = {
enable = false;
extraConfig = {
account = "work";
auth = "xoauth2";
host = "outlook.office365.com";
protocol = "smtp";
port = "587";
tls = "on";
tls_starttls = "on";
from = "${mailAddress}";
user = "${mailAddress}";
passwordeval = "pizauth show work";
};
};
mu.enable = false;
mbsync = {
enable = false;
expunge = "both";
extraConfig = {
account = {
AuthMechs = "XOAUTH2";
};
};
};
};
wayland.windowManager.sway.config = { wayland.windowManager.sway.config = {
output = { output = {
"Applied Creative Technology Transmitter QUATTRO201811" = { "Applied Creative Technology Transmitter QUATTRO201811" = {
@ -14036,23 +13898,6 @@ The rest of the settings is at [[#h:bbf2ecb6-c8ff-4462-b5d5-d45b28604ddf][work]]
inherit (nixosConfig.repo.secrets.local.work) user1 user2 user3; inherit (nixosConfig.repo.secrets.local.work) user1 user2 user3;
in in
{ {
configFile."pizauth.conf".text = ''
account "work" {
auth_uri = "https://login.microsoftonline.com/common/oauth2/v2.0/authorize";
token_uri = "https://login.microsoftonline.com/common/oauth2/v2.0/token";
client_id = "08162f7c-0fd2-4200-a84a-f25a4db0b584";
client_secret = "TxRBilcHdC6WGBee]fs?QR:SJ8nI[g82";
scopes = [
"https://outlook.office365.com/IMAP.AccessAsUser.All",
"https://outlook.office365.com/SMTP.Send",
"offline_access"
];
// You don't have to specify login_hint, but it does make
// authentication a little easier.
login_hint = "${nixosConfig.repo.secrets.local.work.mailAddress}";
}
'';
mimeApps = { mimeApps = {
defaultApplications = { defaultApplications = {
"x-scheme-handler/msteams" = [ "teams-for-linux.desktop" ]; "x-scheme-handler/msteams" = [ "teams-for-linux.desktop" ];
@ -18718,12 +18563,9 @@ I set the annotation-mode of marginalia to =heavy=. This gives even more informa
#+begin_src emacs-lisp #+begin_src emacs-lisp
(use-package marginalia (use-package marginalia
:after vertico :after vertico
:bind (:map minibuffer-local-map
("M-A" . marginalia-cycle))
:init :init
(marginalia-mode) (marginalia-mode)
;; (setq marginalia-annotators '(marginalia-annotators-heavy marginalia-annotators-light nil)) (setq marginalia-annotators '(marginalia-annotators-heavy marginalia-annotators-light nil)))
)
#+end_src #+end_src
***** nerd-icons-completion ***** nerd-icons-completion
@ -18902,22 +18744,6 @@ This part of the configuration mostly makes some aesthetic changes, enables neat
#+begin_src emacs-lisp #+begin_src emacs-lisp
(defun swarsel/org-agenda-done-and-archive ()
"Mark TODO at point as DONE, archive it, and save all agenda files."
(interactive)
(let ((org-archive-location "~/Nextcloud/Org/Archive.org::Archive"))
(org-agenda-todo "DONE")
(org-agenda-archive)
(dolist (buf (buffer-list))
(with-current-buffer buf
(when (and buffer-file-name
(string-prefix-p (expand-file-name "~/Nextcloud/Org/") (file-truename buffer-file-name))
(derived-mode-p 'org-mode))
(save-buffer))))))
(with-eval-after-load 'org-agenda
(define-key org-agenda-mode-map (kbd "C-a") #'swarsel/org-agenda-done-and-archive))
(use-package org (use-package org
;;:diminish (org-indent-mode) ;;:diminish (org-indent-mode)
:hook (org-mode . swarsel/org-mode-setup) :hook (org-mode . swarsel/org-mode-setup)
@ -18944,18 +18770,11 @@ This part of the configuration mostly makes some aesthetic changes, enables neat
"/home/swarsel/Nextcloud/Org/Archive.org" "/home/swarsel/Nextcloud/Org/Archive.org"
)) ))
(setq org-capture-templates
'(("t" "Todo" entry (file+headline "~/Nextcloud/Org/Tasks.org" "Inbox")
"* TODO %?\n %i\n %a")
("j" "Journal" entry (file+datetree "~/Nextcloud/Org/Journal.org")
"* %?\nEntered on %U\n %i\n %a")))
(setq org-refile-targets (setq org-refile-targets
'((swarsel-archive-org-file :maxlevel . 1) '((swarsel-archive-org-file :maxlevel . 1)
(swarsel-tasks-org-file :maxlevel . 1))) (swarsel-tasks-org-file :maxlevel . 1)))
) )
#+end_src #+end_src
**** org-appear **** org-appear
:PROPERTIES: :PROPERTIES:
@ -20505,7 +20324,6 @@ This sets up the =dashboard=, which is really quite useless. But, it looks cool
(add-hook 'comint-output-filter-functions 'comint-truncate-buffer) (add-hook 'comint-output-filter-functions 'comint-truncate-buffer)
#+end_src #+end_src
*** Popup frames *** Popup frames
#+begin_src emacs-lisp #+begin_src emacs-lisp
@ -20522,19 +20340,14 @@ This sets up the =dashboard=, which is really quite useless. But, it looks cool
,(format "Run `%s' in a popup frame with `prot-window-popup-frame' parameter. ,(format "Run `%s' in a popup frame with `prot-window-popup-frame' parameter.
Also see `prot-window-delete-popup-frame'." command) Also see `prot-window-delete-popup-frame'." command)
(interactive) (interactive)
(let ((frame (make-frame '((prot-window-popup-frame . t) (let ((frame (make-frame '((prot-window-popup-frame . t)))))
(title . "Emacs Popup Frame")))))
(unwind-protect
(progn
(select-frame frame) (select-frame frame)
(modify-frame-parameters nil '((title . "Emacs Popup Frame")))
(switch-to-buffer " prot-window-hidden-buffer-for-popup-frame") (switch-to-buffer " prot-window-hidden-buffer-for-popup-frame")
(condition-case nil (condition-case nil
(call-interactively ',command) (call-interactively ',command)
((quit error user-error) ((quit error user-error)
(delete-frame frame)))) (delete-frame frame))))))
(dolist (fr (frame-list))
(when (string= (frame-parameter fr 'name) "Emacs Popup Anchor")
(delete-frame fr)))))))
(declare-function org-capture "org-capture" (&optional goto keys)) (declare-function org-capture "org-capture" (&optional goto keys))
(defvar org-capture-after-finalize-hook) (defvar org-capture-after-finalize-hook)
@ -20552,10 +20365,6 @@ This sets up the =dashboard=, which is really quite useless. But, it looks cool
(prot-window-define-with-popup-frame swarsel/open-calendar) (prot-window-define-with-popup-frame swarsel/open-calendar)
(advice-add 'bury-buffer :after #'prot-window-delete-popup-frame) (advice-add 'bury-buffer :after #'prot-window-delete-popup-frame)
(declare-function org-agenda "org-agenda" (&optional goto keys))
;;;###autoload (autoload 'prot-window-popup-org-agenda "prot-window")
(prot-window-define-with-popup-frame org-agenda)
#+end_src #+end_src
* Appendix A: Noweb-Ref blocks * Appendix A: Noweb-Ref blocks

50
files/emacs/init.el
View file

@ -713,12 +713,9 @@ create a new one."
(use-package marginalia (use-package marginalia
:after vertico :after vertico
:bind (:map minibuffer-local-map
("M-A" . marginalia-cycle))
:init :init
(marginalia-mode) (marginalia-mode)
;; (setq marginalia-annotators '(marginalia-annotators-heavy marginalia-annotators-light nil)) (setq marginalia-annotators '(marginalia-annotators-heavy marginalia-annotators-light nil)))
)
(use-package nerd-icons-completion (use-package nerd-icons-completion
:after (marginalia nerd-icons) :after (marginalia nerd-icons)
@ -804,22 +801,6 @@ create a new one."
(setq auth-sources '( "~/.emacs.d/.authinfo") (setq auth-sources '( "~/.emacs.d/.authinfo")
auth-source-cache-expiry nil) auth-source-cache-expiry nil)
(defun swarsel/org-agenda-done-and-archive ()
"Mark TODO at point as DONE, archive it, and save all agenda files."
(interactive)
(let ((org-archive-location "~/Nextcloud/Org/Archive.org::Archive"))
(org-agenda-todo "DONE")
(org-agenda-archive)
(dolist (buf (buffer-list))
(with-current-buffer buf
(when (and buffer-file-name
(string-prefix-p (expand-file-name "~/Nextcloud/Org/") (file-truename buffer-file-name))
(derived-mode-p 'org-mode))
(save-buffer))))))
(with-eval-after-load 'org-agenda
(define-key org-agenda-mode-map (kbd "C-a") #'swarsel/org-agenda-done-and-archive))
(use-package org (use-package org
;;:diminish (org-indent-mode) ;;:diminish (org-indent-mode)
:hook (org-mode . swarsel/org-mode-setup) :hook (org-mode . swarsel/org-mode-setup)
@ -846,12 +827,6 @@ create a new one."
"/home/swarsel/Nextcloud/Org/Archive.org" "/home/swarsel/Nextcloud/Org/Archive.org"
)) ))
(setq org-capture-templates
'(("t" "Todo" entry (file+headline "~/Nextcloud/Org/Tasks.org" "Inbox")
"* TODO %?\n %i\n %a")
("j" "Journal" entry (file+datetree "~/Nextcloud/Org/Journal.org")
"* %?\nEntered on %U\n %i\n %a")))
(setq org-refile-targets (setq org-refile-targets
'((swarsel-archive-org-file :maxlevel . 1) '((swarsel-archive-org-file :maxlevel . 1)
(swarsel-tasks-org-file :maxlevel . 1))) (swarsel-tasks-org-file :maxlevel . 1)))
@ -1737,7 +1712,7 @@ create a new one."
(defun prot-window-delete-popup-frame (&rest _) (defun prot-window-delete-popup-frame (&rest _)
"Kill selected selected frame if it has parameter `prot-window-popup-frame'. "Kill selected selected frame if it has parameter `prot-window-popup-frame'.
Use this function via a hook." Use this function via a hook."
(when (frame-parameter nil 'prot-window-popup-frame) (when (frame-parameter nil 'prot-window-popup-frame)
(delete-frame))) (delete-frame)))
@ -1748,36 +1723,27 @@ Make the new frame have the `prot-window-popup-frame' parameter."
,(format "Run `%s' in a popup frame with `prot-window-popup-frame' parameter. ,(format "Run `%s' in a popup frame with `prot-window-popup-frame' parameter.
Also see `prot-window-delete-popup-frame'." command) Also see `prot-window-delete-popup-frame'." command)
(interactive) (interactive)
(let ((frame (make-frame '((prot-window-popup-frame . t) (let ((frame (make-frame '((prot-window-popup-frame . t)))))
(title . "Emacs Popup Frame")))))
(unwind-protect
(progn
(select-frame frame) (select-frame frame)
(modify-frame-parameters nil '((title . "Emacs Popup Frame")))
(switch-to-buffer " prot-window-hidden-buffer-for-popup-frame") (switch-to-buffer " prot-window-hidden-buffer-for-popup-frame")
(condition-case nil (condition-case nil
(call-interactively ',command) (call-interactively ',command)
((quit error user-error) ((quit error user-error)
(delete-frame frame)))) (delete-frame frame))))))
(dolist (fr (frame-list))
(when (string= (frame-parameter fr 'name) "Emacs Popup Anchor")
(delete-frame fr)))))))
(declare-function org-capture "org-capture" (&optional goto keys)) (declare-function org-capture "org-capture" (&optional goto keys))
(defvar org-capture-after-finalize-hook) (defvar org-capture-after-finalize-hook)
;;;###autoload (autoload 'prot-window-popup-org-capture "prot-window") ;;;###autoload (autoload 'prot-window-popup-org-capture "prot-window")
(prot-window-define-with-popup-frame org-capture) (prot-window-define-with-popup-frame org-capture)
(add-hook 'org-capture-after-finalize-hook #'prot-window-delete-popup-frame) (add-hook 'org-capture-after-finalize-hook #'prot-window-delete-popup-frame)
(declare-function mu4e "mu4e" (&optional goto keys)) (declare-function mu4e "mu4e" (&optional goto keys))
;;;###autoload (autoload 'prot-window-popup-mu4e "prot-window") ;;;###autoload (autoload 'prot-window-popup-mu4e "prot-window")
(prot-window-define-with-popup-frame mu4e) (prot-window-define-with-popup-frame mu4e)
(advice-add 'mu4e-quit :after #'prot-window-delete-popup-frame) (advice-add 'mu4e-quit :after #'prot-window-delete-popup-frame)
(declare-function swarsel/open-calendar "swarsel/open-calendar" (&optional goto keys)) (declare-function swarsel/open-calendar "swarsel/open-calendar" (&optional goto keys))
;;;###autoload (autoload 'prot-window-popup-swarsel/open-calendar "prot-window") ;;;###autoload (autoload 'prot-window-popup-swarsel/open-calendar "prot-window")
(prot-window-define-with-popup-frame swarsel/open-calendar) (prot-window-define-with-popup-frame swarsel/open-calendar)
(advice-add 'bury-buffer :after #'prot-window-delete-popup-frame) (advice-add 'bury-buffer :after #'prot-window-delete-popup-frame)
(declare-function org-agenda "org-agenda" (&optional goto keys))
;;;###autoload (autoload 'prot-window-popup-org-agenda "prot-window")
(prot-window-define-with-popup-frame org-agenda)

1945
flake.lock generated
View file

File diff suppressed because it is too large Load diff

2
hosts/home/treehouse/default.nix
View file

@ -4,7 +4,7 @@
imports = [ imports = [
inputs.stylix.homeManagerModules.stylix inputs.stylix.homeManagerModules.stylix
inputs.sops-nix.homeManagerModules.sops inputs.sops-nix.homeManagerModules.sops
inputs.nix-index-database.homeModules.nix-index inputs.nix-index-database.hmModules.nix-index
"${self}/modules/home" "${self}/modules/home"
"${self}/modules/nixos/common/pii.nix" "${self}/modules/nixos/common/pii.nix"
"${self}/modules/nixos/common/meta.nix" "${self}/modules/nixos/common/meta.nix"

6
hosts/nixos/pyramid/secrets/pii.nix.enc
View file

@ -1,5 +1,5 @@
{ {
"data": "ENC[AES256_GCM,data:kkwEMOzab5JK9G+rSfYygcAI6Y+b1tXkUFPdxN8e2Rnz2Uv4bDfITu8bmKqJ1q5kmHxQjQukioZkdQkabqBR8cx/CG3dRJfPAjEwMz4v8UYGSNSf8blJvdb4YKSizeOEALCuawBIm5hmvwuskXlol6UfkK66h9UnP94wwdh0KKemWinANxbIUX+cl6kK4X1eZrWRGr5Ts2HmjcowIbA+SmA8yVAwqoP6L1DuavilLGPfWhBI4Kj7ZTI3LRlvu4DZZ+DCAea3FgrrjbTWiWZfFW0YX2fDgNQkIxpp3N203zDu23HebZcmCrVBkfvFS7awBr5iVnwfsqOJR0LH92lIlUb8YoFShlJU/Day80i9uyYDCTHc4l2NBvjIH8NlpiYaA2A+rCW3VkVX3WzCGxBfi/kIqoNE3RdLJAYrIimsYaHSmk4o6jslR3xIRyQzDcNtWa92kINdCwBuJXc0UYe/HnR8tFlmOrlixMlVINTy45PRNYJoy7cuoJPd+aNIPQ2V31TB/CjUSZhEptVJSnQnKDui1xuV7vqcyPv06xftJGZRk/LL2cl3+HDLflkZYE7NVlLaOWMBOkX99W/WokF3NGBWuVeUp9bLCwpuEmzFafpCjKhGrQSDGkw17jmYWCULN9v3q6OvyylwqVuDDQZNSxGZFsSPr7qOxeENwTDQvRwpydthPRMMHh/wf3t5pyV/jW79SBuxIWvn4JbO8TBsd9TmVgXMgpd97+Zg3CnTqZApVVRzM8NzF25fMYHJv12YvkEmyOm0otFU84COhgNkpBRTJhyJdjKWVOTJFJyQviwy6BTBF6jqHyS+YP7BEZO2UID/9ODKVrSACCatSQlNtLQRrXOiE9h3g43uAJc/TyJ+A0IceUJ3BM+6PEJiqDWUfO5ucP3pLDdb4IDOAi/YeV9HQdyCdEVRf6a0CHmPcnkb+X+fxxcmZQCvuzQjOZQZw8UUwfhdJms6jTWqaN9leb3z4u8RPxOM1T+Qsu5dL5ouady7xVSO4c1Fw+EiiL9yOh42DTa4OyBlcTJiz5iigqmkaiQOwdwn+FlOYNraOd24h8+x7dDVQBbHjnV7xF7I1rmpOfA/lUbfovLU5SrIxLPT64J25ucudJWBTCDiYADUwhv+QmfJJsdt11+NWPkS3ymFbbWPtpZvhCaawrNKb3s/ohOEi8JIAyY9dtfRGuRoTsCcsJ4xjeSLehX4TgR0cl31Jmm+0kO2uuP7veDrqyUg1Swqsq4+BKfimprh/QzwSoB9lOdEPu0bdQza9sk+D5+H2ooXsVXA2YJscBZ/Kv+YYW57LlfwEvfpJDx5XiQtAYYlUeN8SPx72i9QzYugm339gj+eB8gtbX3W8Sl+D9Vs0P+GZ4G7K03JvzEExtA=,iv:Go3U5S9ZxtPawFoVjknH8j8WDg2TJLIU6mp5DQDj9BE=,tag:0QPJYyQsuZ4hz8xZZ2V4xw==,type:str]", "data": "ENC[AES256_GCM,data:SEQIHMS8xUj6vsC1+1zTRG+h5BbqL0miA77UEh0UbiFOP7RgqhUlZgq+LmO7BRiIf4RHO13BZ5PXdKiZ96lgGcaquVnaEEQqv2NvkstXpwm3eLjUTJryMxfVupeir5g/FNXHETzhN425KD93EyMr4g7INJW4N4mHXmDnHJOJgS8rlKnSLG64cpgrlef8GAsGfp+i3ky2dig4jNQG8Ijdc46qtiyH9bs7k0d/YuNNmcZSaSIukNyyIMVTqlt6MV+9iUQ4Lj5h0pxgDLfjM1TNQAHRkWW4eozt7SO17U9td1DxvBF9TUdj3xbFCVo4c1OGw4hrjahvUAF8u1TEXBhhJfLqApDUBddRMxybk8Dy98jOHcb6Qwu3qUcgRt9XgkOktwgovS/B2WWAIWMTIZhyKm5ENriaTZWSp6n7hzkw1C1wXyCaP6YT0A4SSPPJt/DuTcBZ5BOFM10237NNgZA0Q7B5J5C57W88bhtzZ2aJZexyQYqQPrr5c38RwR00OAVGJeCgcq70JqeA5EpTuud20rBE0/dHHEPeVUBkrq8pjBHh4SYeMOh8g85CnlF31cxAcnrVJbO14hQQ8sQd4ZmkRNcY3EL981ruDy6Okd3K5AifmF/E9IEZwbvCSLY8EYANA+NV97ZsL4zJOWC6tnA1QHFDoqCR/POsupvGQetYpembrUY0WoB5XkfAvMicQCeLJe2H7S6pOVMDOIIZLx57vcO855LlIJiCpMw2ytqbBXRZolM2WXEBZDEL6BnrEydUnoiUCxqsUrdvQE3HTzktXKQww9jc6HLfBV1MvfScWq2fisGDlkrC2rI5VcWamm8Xbke4uTVcdbKlDpgbpC8NaWmmgNhFe50VNf7M/L5etnvuWWbY68epLZo7dsaaWVE584pdVFT+2K2GwWmGnMHKW+KKA6O9hFfdPUOsJj+eJiF9JX7OwLPAJILTjesWfHXivILBwjDyY5CBCHg91fsrPF37222O/HPPukveY/u6WBOt+co3Ch9mq9usdD7fhieo59IZ7aOJb7dxHSa99nBD8NZbwn6nJkgn3hpLfP9q/2TWcF/zSD1oGY7f1GVbEKEHj2hHv+OHMhFzgRhi5NtvGOO4l0aa1QE1eyRJgHLeqS5aL119Fh1+PSSN9/+v1q6l2JjYuQAV1BqzVdG2GS64J4PBxVqmZ3M9Qv2ZvH0Zwjs64M3MDUMNa5+HZAkPpThvrUWSCEFivIfiOi4Bt/h+HmyQb04LB5QuNFSiRpuF+fQcA+MmMQ==,iv:PL7Z5mKqbNbPfptREw9xFTiOQ1qiVkyxLPvDSoPvbbY=,tag:OPlhVLtN5IDdL/nkkj8+CQ==,type:str]",
"sops": { "sops": {
"age": [ "age": [
{ {
@ -11,8 +11,8 @@
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0Z2tONmQxTUhZUW12Z2Jm\nUnoxSnpYcnZDNGNzSko1ckl2RDh3NG1VS2dFCmIwUXhmSk1OUk02S0JPVDR5UWJ4\na0gwWlg0V005ZWxYa29PZ0laS2VqM0kKLS0tIHN5SU9pQ090eHljeXJGWm5hRFQ4\nZ001Nzkyb29RYkNUMDNDNlo4YnVQeTQK34bNIBgxId2+DHKQNVV3Iro3KGkE03Sp\niB1+dADT6nRvGvoyPqnLq/NYfw7eQ6XqYt55zkdCta8v6L1UNUkw8g==\n-----END AGE ENCRYPTED FILE-----\n" "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0Z2tONmQxTUhZUW12Z2Jm\nUnoxSnpYcnZDNGNzSko1ckl2RDh3NG1VS2dFCmIwUXhmSk1OUk02S0JPVDR5UWJ4\na0gwWlg0V005ZWxYa29PZ0laS2VqM0kKLS0tIHN5SU9pQ090eHljeXJGWm5hRFQ4\nZ001Nzkyb29RYkNUMDNDNlo4YnVQeTQK34bNIBgxId2+DHKQNVV3Iro3KGkE03Sp\niB1+dADT6nRvGvoyPqnLq/NYfw7eQ6XqYt55zkdCta8v6L1UNUkw8g==\n-----END AGE ENCRYPTED FILE-----\n"
} }
], ],
"lastmodified": "2025-08-07T12:21:20Z", "lastmodified": "2025-07-13T23:20:32Z",
"mac": "ENC[AES256_GCM,data:JxNvTsW6D7IbaczGsdgfTJcACm5VLrOw6Ep+RU9PoXn2LJZeJ9U8KIlnNdODtxMpiIpZ+ZPeJgQk+EXlUVd5n2dJQEr6vqfs4o85givDWE29Pki12Zb7jMhiW8/z9GYQ/TcskkWUfA0Brz9fKVKXLARvQdL1/9Rlw+F1VwWWBOo=,iv:V31hoIpUgq6X47D0B+MtBMsdD0oDpPkh2kvQWRJtS3w=,tag:dsW9SUIdGipX5rKyLAvCvQ==,type:str]", "mac": "ENC[AES256_GCM,data:ibG9NVwVLf4UgdxnHbAToq5n12v4PPgPmnTn8PYg0LZfU2x6GaxRtNvWoFxDa9bEWMRzrlC5oV+hXsTxzJdYliafNTOxWjtOI/ME/HgEE8cU17HuJViWkR+CL+kzCelgFjCD3XajbTRzdTBtcI9icsUvnaManjlSvsgWmqNP36Y=,iv:uCy8Mv5HM611Qd4cvvEiDovnv1uuLZVSN7p7SV10zRA=,tag:fRjfyRkIIh5L97WVyNyxSQ==,type:str]",
"pgp": [ "pgp": [
{ {
"created_at": "2025-06-14T22:31:01Z", "created_at": "2025-06-14T22:31:01Z",

408
index.html
View file

@ -3,7 +3,7 @@
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"> <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head> <head>
<!-- 2025-08-09 Sa 14:31 --> <!-- 2025-08-05 Di 01:22 -->
<meta http-equiv="Content-Type" content="text/html;charset=utf-8" /> <meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1" /> <meta name="viewport" content="width=device-width, initial-scale=1" />
<title>SwarselSystems: NixOS + Emacs Configuration</title> <title>SwarselSystems: NixOS + Emacs Configuration</title>
@ -203,7 +203,7 @@
<ul> <ul>
<li><a href="#h:a86fe971-f169-4052-aacf-15e0f267c6cd">1. Introduction (no code)</a> <li><a href="#h:a86fe971-f169-4052-aacf-15e0f267c6cd">1. Introduction (no code)</a>
<ul> <ul>
<li><a href="#org95f3948">1.1. How to use this document</a></li> <li><a href="#org9caf49d">1.1. How to use this document</a></li>
<li><a href="#h:bcc3ebbe-df8a-46bd-b42d-73aad6fc66e5">1.2. Structure of this file</a></li> <li><a href="#h:bcc3ebbe-df8a-46bd-b42d-73aad6fc66e5">1.2. Structure of this file</a></li>
<li><a href="#h:2c5529ed-e6d9-44b6-b0d3-5bf96a6bed64">1.3. <span class="todo TODO">TODO</span> Structure of this flake</a></li> <li><a href="#h:2c5529ed-e6d9-44b6-b0d3-5bf96a6bed64">1.3. <span class="todo TODO">TODO</span> Structure of this flake</a></li>
<li><a href="#h:48e0cb2c-e412-4ae3-a244-80a8c09dbb02">1.4. Hosts</a></li> <li><a href="#h:48e0cb2c-e412-4ae3-a244-80a8c09dbb02">1.4. Hosts</a></li>
@ -319,7 +319,7 @@
<li><a href="#h:5c3027b4-ba66-445e-9c5f-c27e332c90e5">3.2.1.2. Share configuration between nodes (automatically active)</a></li> <li><a href="#h:5c3027b4-ba66-445e-9c5f-c27e332c90e5">3.2.1.2. Share configuration between nodes (automatically active)</a></li>
<li><a href="#h:85c9b83f-40c3-4558-bb28-a37b6f8597b9">3.2.1.3. Global options (automatically active)</a></li> <li><a href="#h:85c9b83f-40c3-4558-bb28-a37b6f8597b9">3.2.1.3. Global options (automatically active)</a></li>
<li><a href="#h:30b81bf9-1e69-4ce8-88af-5592896bcee4">3.2.1.4. Meta options (options only)</a></li> <li><a href="#h:30b81bf9-1e69-4ce8-88af-5592896bcee4">3.2.1.4. Meta options (options only)</a></li>
<li><a href="#org102ae59">3.2.1.5. Expose home-manager sops secrets in NixOS (automatically active)</a></li> <li><a href="#org15130d1">3.2.1.5. Expose home-manager secrets in NixOS (automatically active)</a></li>
<li><a href="#h:e2e7444b-cb85-4719-b154-e5f37274d02d">3.2.1.6. Topology (automatically active)</a></li> <li><a href="#h:e2e7444b-cb85-4719-b154-e5f37274d02d">3.2.1.6. Topology (automatically active)</a></li>
<li><a href="#h:24c9146f-2147-4fd5-bafc-d5853e15cf12">3.2.1.7. General NixOS settings (nix, stateVersion)</a></li> <li><a href="#h:24c9146f-2147-4fd5-bafc-d5853e15cf12">3.2.1.7. General NixOS settings (nix, stateVersion)</a></li>
<li><a href="#h:7f6d6908-4d02-4907-9c70-f802f4358520">3.2.1.8. Setup home-manager base</a></li> <li><a href="#h:7f6d6908-4d02-4907-9c70-f802f4358520">3.2.1.8. Setup home-manager base</a></li>
@ -328,7 +328,7 @@
<li><a href="#h:852d59ab-63c3-4831-993d-b5e23b877796">3.2.1.11. Time, locale settings</a></li> <li><a href="#h:852d59ab-63c3-4831-993d-b5e23b877796">3.2.1.11. Time, locale settings</a></li>
<li><a href="#h:82b8ede2-02d8-4c43-8952-7200ebd4dc23">3.2.1.12. PII management</a></li> <li><a href="#h:82b8ede2-02d8-4c43-8952-7200ebd4dc23">3.2.1.12. PII management</a></li>
<li><a href="#h:d9a89071-b3ba-44d1-b5e0-e9ca6270d377">3.2.1.13. Lanzaboote (secure boot)</a></li> <li><a href="#h:d9a89071-b3ba-44d1-b5e0-e9ca6270d377">3.2.1.13. Lanzaboote (secure boot)</a></li>
<li><a href="#org895e59b">3.2.1.14. Boot</a></li> <li><a href="#org7b2302c">3.2.1.14. Boot</a></li>
<li><a href="#h:e7668594-fa8b-4d36-a695-a58222478988">3.2.1.15. Impermanence</a></li> <li><a href="#h:e7668594-fa8b-4d36-a695-a58222478988">3.2.1.15. Impermanence</a></li>
</ul> </ul>
</li> </li>
@ -418,7 +418,7 @@
<li><a href="#h:f922e8d6-f6e8-4779-a7ad-4037229c9bf0">3.2.3.33. croc</a></li> <li><a href="#h:f922e8d6-f6e8-4779-a7ad-4037229c9bf0">3.2.3.33. croc</a></li>
<li><a href="#h:13071cc3-5cba-44b5-8b5b-2a27be22e021">3.2.3.34. microbin</a></li> <li><a href="#h:13071cc3-5cba-44b5-8b5b-2a27be22e021">3.2.3.34. microbin</a></li>
<li><a href="#h:4ccdcd5c-a4dd-49e4-94e7-d81db970059c">3.2.3.35. shlink</a></li> <li><a href="#h:4ccdcd5c-a4dd-49e4-94e7-d81db970059c">3.2.3.35. shlink</a></li>
<li><a href="#orgb7ca62f">3.2.3.36. slink</a></li> <li><a href="#org7d3bf84">3.2.3.36. slink</a></li>
</ul> </ul>
</li> </li>
<li><a href="#h:ac0cd8b3-06cf-4dca-ba73-6100c8fedb47">3.2.4. Darwin</a> <li><a href="#h:ac0cd8b3-06cf-4dca-ba73-6100c8fedb47">3.2.4. Darwin</a>
@ -515,10 +515,10 @@
</li> </li>
</ul> </ul>
</li> </li>
<li><a href="#org7f776e3">3.4. Shared</a> <li><a href="#orgb2d6f3a">3.4. Shared</a>
<ul> <ul>
<li><a href="#h:79f7150f-b162-4f57-abdf-07f40dffd932">3.4.1. <span class="todo TODO">TODO</span> Configuration options</a></li> <li><a href="#h:79f7150f-b162-4f57-abdf-07f40dffd932">3.4.1. <span class="todo TODO">TODO</span> Configuration options</a></li>
<li><a href="#org6e2eee2">3.4.2. Variables (vars; holds firefox &amp; stylix config parts)</a></li> <li><a href="#orgbb0bc3c">3.4.2. Variables (vars; holds firefox &amp; stylix config parts)</a></li>
</ul> </ul>
</li> </li>
<li><a href="#h:64a5cc16-6b16-4802-b421-c67ccef853e1">3.5. Packages</a> <li><a href="#h:64a5cc16-6b16-4802-b421-c67ccef853e1">3.5. Packages</a>
@ -757,7 +757,7 @@
<li><a href="#h:a81fb9de-6b6b-4a4a-b758-5107c6e7f0cb">4.4.42. vterm</a></li> <li><a href="#h:a81fb9de-6b6b-4a4a-b758-5107c6e7f0cb">4.4.42. vterm</a></li>
<li><a href="#h:1f4d32a0-c1ed-4409-aec4-7b5c96aa21dd">4.4.43. multiple cursors</a></li> <li><a href="#h:1f4d32a0-c1ed-4409-aec4-7b5c96aa21dd">4.4.43. multiple cursors</a></li>
<li><a href="#h:438d928f-77a8-477a-ac8b-ca54ec673f91">4.4.44. Less logging</a></li> <li><a href="#h:438d928f-77a8-477a-ac8b-ca54ec673f91">4.4.44. Less logging</a></li>
<li><a href="#org9515b19">4.4.45. Popup frames</a></li> <li><a href="#org8f4e81b">4.4.45. Popup frames</a></li>
</ul> </ul>
</li> </li>
</ul> </ul>
@ -812,7 +812,7 @@
</div> </div>
</div> </div>
<p> <p>
<b>This file has 91224 words spanning 23377 lines and was last revised on 2025-08-09 14:31:36 +0200.</b> <b>This file has 90489 words spanning 23186 lines and was last revised on 2025-08-05 01:22:51 +0200.</b>
</p> </p>
<p> <p>
@ -842,8 +842,8 @@ This configuration is part of a NixOS system that is (nearly) fully declarative
This literate configuration lets me explain my choices to my future self as well as you, the reader. I go to great lengths to explain the choices for all configuration steps that I take in order for me to pay due diligence in crafting my setup, and not simply copying big chunks of other peoples code. Also, the literate configuration approach is very convenient to me as I only need to keep of (ideally) a single file to manage all of my configuration. I hope that this documentation will make it easier for beginners to get into Emacs and NixOS as I know it can be a struggle in the beginning. This literate configuration lets me explain my choices to my future self as well as you, the reader. I go to great lengths to explain the choices for all configuration steps that I take in order for me to pay due diligence in crafting my setup, and not simply copying big chunks of other peoples code. Also, the literate configuration approach is very convenient to me as I only need to keep of (ideally) a single file to manage all of my configuration. I hope that this documentation will make it easier for beginners to get into Emacs and NixOS as I know it can be a struggle in the beginning.
</p> </p>
</div> </div>
<div id="outline-container-org95f3948" class="outline-3"> <div id="outline-container-org9caf49d" class="outline-3">
<h3 id="org95f3948"><span class="section-number-3">1.1.</span> How to use this document</h3> <h3 id="org9caf49d"><span class="section-number-3">1.1.</span> How to use this document</h3>
<div class="outline-text-3" id="text-1-1"> <div class="outline-text-3" id="text-1-1">
<p> <p>
When I started out with nix, it was a painful time. For a beginner, the available resources tend to be too detailed or assume too much prior knowledge. Also, it is a (sad) fact that using nix requires the user to understand it pretty well before most things start to make sense. When I started out with nix, it was a painful time. For a beginner, the available resources tend to be too detailed or assume too much prior knowledge. Also, it is a (sad) fact that using nix requires the user to understand it pretty well before most things start to make sense.
@ -881,7 +881,7 @@ This section defines my Emacs configuration. For a while, I considered to use ry
</p> </p>
<p> <p>
My emacs is built using the emacs-overlay nix flake, which builds a bleeding edge emacs on wayland (pgtk) with utilities like treesitter support. By executing the below source block, the current build setting can be updated at any time, and you can see my most up-to-date build options (last updated: 2025-08-09 14:31:36 +0200) My emacs is built using the emacs-overlay nix flake, which builds a bleeding edge emacs on wayland (pgtk) with utilities like treesitter support. By executing the below source block, the current build setting can be updated at any time, and you can see my most up-to-date build options (last updated: 2025-08-05 01:22:51 +0200)
</p></li> </p></li>
</ul> </ul>
@ -893,7 +893,7 @@ system-configuration-options
</div> </div>
<pre class="example"> <pre class="example">
--prefix=/nix/store/6gy60bnwvzbvvmg10vqcnhrjnnrpi4y8-emacs-git-pgtk-20250808.0 --disable-build-details --with-modules --with-pgtk --with-compress-install --with-toolkit-scroll-bars --with-native-compilation --without-imagemagick --with-mailutils --without-small-ja-dic --with-tree-sitter --without-xinput2 --without-xwidgets --with-dbus --with-selinux --prefix=/nix/store/sjapaaf7z48pzml6dw2njyfdgvpp1nn7-emacs-git-pgtk-20250707.0 --disable-build-details --with-modules --with-pgtk --with-compress-install --with-toolkit-scroll-bars --with-native-compilation --without-imagemagick --with-mailutils --without-small-ja-dic --with-tree-sitter --without-xinput2 --without-xwidgets --with-dbus --with-selinux
</pre> </pre>
@ -4519,7 +4519,7 @@ This is the "reference implementation" of a setup that runs without NixOS, only
imports = [ imports = [
inputs.stylix.homeManagerModules.stylix inputs.stylix.homeManagerModules.stylix
inputs.sops-nix.homeManagerModules.sops inputs.sops-nix.homeManagerModules.sops
inputs.nix-index-database.homeModules.nix-index inputs.nix-index-database.hmModules.nix-index
"${self}/modules/home" "${self}/modules/home"
"${self}/modules/nixos/common/pii.nix" "${self}/modules/nixos/common/pii.nix"
"${self}/modules/nixos/common/meta.nix" "${self}/modules/nixos/common/meta.nix"
@ -5003,8 +5003,8 @@ in
</div> </div>
</div> </div>
</div> </div>
<div id="outline-container-org102ae59" class="outline-5"> <div id="outline-container-org15130d1" class="outline-5">
<h5 id="org102ae59"><span class="section-number-5">3.2.1.5.</span> Expose home-manager sops secrets in NixOS (automatically active)</h5> <h5 id="org15130d1"><span class="section-number-5">3.2.1.5.</span> Expose home-manager secrets in NixOS (automatically active)</h5>
<div class="outline-text-5" id="text-3-2-1-5"> <div class="outline-text-5" id="text-3-2-1-5">
<div class="org-src-container"> <div class="org-src-container">
<pre class="src src-nix-ts">{ lib, config, globals, ... }: <pre class="src src-nix-ts">{ lib, config, globals, ... }:
@ -5028,7 +5028,6 @@ in
fever-pw = { path = "${homeDir}/.emacs.d/.fever"; owner = mainUser; }; fever-pw = { path = "${homeDir}/.emacs.d/.fever"; owner = mainUser; };
}) // (lib.optionalAttrs modules.zsh { }) // (lib.optionalAttrs modules.zsh {
croc-password = { owner = mainUser; }; croc-password = { owner = mainUser; };
github-nixpkgs-review-token = { owner = mainUser; };
}) // (lib.optionalAttrs modules.emacs { }) // (lib.optionalAttrs modules.emacs {
emacs-radicale-pw = { owner = mainUser; }; emacs-radicale-pw = { owner = mainUser; };
}); });
@ -5234,7 +5233,7 @@ We enable the use of <code>home-manager</code> as a NixoS module. A nice trick h
useUserPackages = true; useUserPackages = true;
verbose = true; verbose = true;
users.${config.swarselsystems.mainUser}.imports = [ users.${config.swarselsystems.mainUser}.imports = [
inputs.nix-index-database.homeModules.nix-index inputs.nix-index-database.hmModules.nix-index
inputs.sops-nix.homeManagerModules.sops inputs.sops-nix.homeManagerModules.sops
# inputs.stylix.homeModules.stylix # inputs.stylix.homeModules.stylix
{ {
@ -5486,8 +5485,8 @@ This dynamically uses systemd boot or Lanzaboote depending on the minimal system
</div> </div>
</div> </div>
</div> </div>
<div id="outline-container-org895e59b" class="outline-5"> <div id="outline-container-org7b2302c" class="outline-5">
<h5 id="org895e59b"><span class="section-number-5">3.2.1.14.</span> Boot</h5> <h5 id="org7b2302c"><span class="section-number-5">3.2.1.14.</span> Boot</h5>
<div class="outline-text-5" id="text-3-2-1-14"> <div class="outline-text-5" id="text-3-2-1-14">
<div class="org-src-container"> <div class="org-src-container">
<pre class="src src-nix-ts">{ lib, pkgs, config, globals, ... }: <pre class="src src-nix-ts">{ lib, pkgs, config, globals, ... }:
@ -5788,9 +5787,7 @@ Next, we will setup some environment variables that need to be set on the system
gst-plugins-ugly gst-plugins-ugly
gst-libav gst-libav
]); ]);
} // (lib.optionalAttrs (!config.swarselsystems.isPublic) { };
GITHUB_NOTIFICATION_TOKEN_PATH = config.sops.secrets.github-notifications-token.path;
});
}; };
}; };
} }
@ -5846,10 +5843,10 @@ There is a persistent bug over Linux kernels that makes the user wait 1m30s on s
options.swarselmodules.systemdTimeout = lib.mkEnableOption "systemd timeout config"; options.swarselmodules.systemdTimeout = lib.mkEnableOption "systemd timeout config";
config = lib.mkIf config.swarselmodules.systemdTimeout { config = lib.mkIf config.swarselmodules.systemdTimeout {
# systemd # systemd
systemd.settings.Manager = { systemd.extraConfig = ''
DefaultTimeoutStartSec = "60s"; DefaultTimeoutStartSec=60s
DefaultTimeoutStopSec = "15s"; DefaultTimeoutStopSec=15s
}; '';
}; };
} }
</pre> </pre>
@ -6813,7 +6810,7 @@ This section houses the greetd related settings. I do not really want to use a d
settings = { settings = {
initial_session.command = "sway"; initial_session.command = "sway";
default_session.command = '' default_session.command = ''
${pkgs.tuigreet}/bin/tuigreet \ ${pkgs.greetd.tuigreet}/bin/tuigreet \
--time \ --time \
--asterisks \ --asterisks \
--user-menu \ --user-menu \
@ -6931,7 +6928,7 @@ When a program does not work, start with <code>nix-ldd &lt;program&gt;</code>. T
pixman pixman
speex speex
stdenv.cc.cc stdenv.cc.cc
stable.steam-fhsenv-without-steam steam-fhsenv-without-steam
systemd systemd
tbb tbb
vulkan-loader vulkan-loader
@ -11025,8 +11022,8 @@ in
</div> </div>
</div> </div>
</div> </div>
<div id="outline-container-orgb7ca62f" class="outline-5"> <div id="outline-container-org7d3bf84" class="outline-5">
<h5 id="orgb7ca62f"><span class="section-number-5">3.2.3.36.</span> slink</h5> <h5 id="org7d3bf84"><span class="section-number-5">3.2.3.36.</span> slink</h5>
<div class="outline-text-5" id="text-3-2-3-36"> <div class="outline-text-5" id="text-3-2-3-36">
<p> <p>
Deployment notes: Deployment notes:
@ -11693,6 +11690,7 @@ in
gh gh
]; ];
services = { services = {
spice-vdagentd.enable = true; spice-vdagentd.enable = true;
openssh = { openssh = {
@ -12568,7 +12566,6 @@ in
SWARSEL_CAL3NAME = source3-name; SWARSEL_CAL3NAME = source3-name;
SWARSEL_FULLNAME = fullName; SWARSEL_FULLNAME = fullName;
SWARSEL_MAIL_ALL = allMailAddresses; SWARSEL_MAIL_ALL = allMailAddresses;
GITHUB_NOTIFICATION_TOKEN_PATH = nixosConfig.sops.secrets.github-notifications-token.path;
}; };
}; };
} }
@ -13075,7 +13072,6 @@ in
sops.secrets = lib.mkIf (!config.swarselsystems.isPublic &amp;&amp; !config.swarselsystems.isNixos) { sops.secrets = lib.mkIf (!config.swarselsystems.isPublic &amp;&amp; !config.swarselsystems.isNixos) {
croc-password = { }; croc-password = { };
github-nixpkgs-review-token = { };
}; };
programs.zsh = { programs.zsh = {
@ -13110,10 +13106,8 @@ in
boot-diff = "nix store diff-closures /run/*-system"; boot-diff = "nix store diff-closures /run/*-system";
gen-diff = "nix profile diff-closures --profile /nix/var/nix/profiles/system"; gen-diff = "nix profile diff-closures --profile /nix/var/nix/profiles/system";
cc = "wl-copy"; cc = "wl-copy";
build-topology = "nix build .#topology.x86_64-linux.config.output"; topology = "nix build .#topology.x86_64-linux.config.output";
build-iso = "nix build --print-out-paths .#live-iso"; iso = "nix build --print-out-paths .#live-iso";
nix-review- = "nix run nixpkgs#nixpkgs-review -- rev HEAD";
nix-review-post = "nix run nixpkgs#nixpkgs-review -- pr --post-result --systems linux";
} }
config.swarselsystems.shellAliases; config.swarselsystems.shellAliases;
autosuggestion.enable = true; autosuggestion.enable = true;
@ -13187,7 +13181,6 @@ in
bindkey '^H' my-backward-delete-word bindkey '^H' my-backward-delete-word
export CROC_PASS="$(cat ${nixosConfig.sops.secrets.croc-password.path})" export CROC_PASS="$(cat ${nixosConfig.sops.secrets.croc-password.path})"
export GITHUB_TOKEN="$(cat ${nixosConfig.sops.secrets.github-nixpkgs-review-token.path})"
''; '';
}; };
}; };
@ -13376,76 +13369,22 @@ in
# this is needed so that mbsync can use the passwords from sops # this is needed so that mbsync can use the passwords from sops
systemd.user.services.mbsync.Unit.After = [ "sops-nix.service" ]; systemd.user.services.mbsync.Unit.After = [ "sops-nix.service" ];
programs.thunderbird = {
enable = true;
profiles.default = {
isDefault = true;
withExternalGnupg = true;
settings = {
"mail.identity.default.archive_enabled" = true;
"mail.identity.default.archive_keep_folder_structure" = true;
"mail.identity.default.compose_html" = false;
"mail.identity.default.protectSubject" = true;
"mail.identity.default.reply_on_top" = 1;
"mail.identity.default.sig_on_reply" = false;
"mail.identity.default.sig_bottom" = false;
"gfx.webrender.all" = true;
"gfx.webrender.enabled" = true;
};
};
settings = {
"mail.server.default.allow_utf8_accept" = true;
"mail.server.default.max_articles" = 1000;
"mail.server.default.check_all_folders_for_new" = true;
"mail.show_headers" = 1;
"mail.identity.default.auto_quote" = true;
"mail.identity.default.attachPgpKey" = true;
"mailnews.default_sort_order" = 2;
"mailnews.default_sort_type" = 18;
"mailnews.default_view_flags" = 0;
"mailnews.sort_threads_by_root" = true;
"mailnews.headers.showMessageId" = true;
"mailnews.headers.showOrganization" = true;
"mailnews.headers.showReferences" = true;
"mailnews.headers.showUserAgent" = true;
"mail.imap.expunge_after_delete" = true;
"mail.server.default.delete_model" = 2;
"mail.warn_on_delete_from_trash" = false;
"mail.warn_on_shift_delete" = false;
"toolkit.telemetry.enabled" = false;
"toolkit.telemetry.rejected" = true;
"toolkit.telemetry.prompted" = 2;
"app.update.auto" = false;
"privacy.donottrackheader.enabled" = true;
};
};
xdg.mimeApps.defaultApplications = {
"x-scheme-handler/mailto" = [ "thunderbird.desktop" ];
"x-scheme-handler/mid" = [ "thunderbird.desktop" ];
"message/rfc822" = [ "thunderbird.desktop" ];
};
accounts = lib.mkIf (config.swarselsystems.isNixos &amp;&amp; !config.swarselsystems.isPublic) { accounts = lib.mkIf (config.swarselsystems.isNixos &amp;&amp; !config.swarselsystems.isPublic) {
email = email = {
let maildirBasePath = "Mail";
defaultSettings = { accounts = {
imap = { leon = {
host = "imap.gmail.com"; primary = true;
port = 993; address = address1;
tls.enable = true; # SSL/TLS userName = address1;
}; realName = fullName;
smtp = { passwordCommand = "cat ${nixosConfig.sops.secrets.address1-token.path}";
host = "smtp.gmail.com"; gpg = {
port = 465; key = "0x76FD3810215AE097";
tls.enable = true; # SSL/TLS signByDefault = true;
};
thunderbird = {
enable = true;
profiles = [ "default" ];
}; };
imap.host = "imap.gmail.com";
smtp.host = "smtp.gmail.com";
mu.enable = true; mu.enable = true;
msmtp = { msmtp = {
enable = true; enable = true;
@ -13466,10 +13405,7 @@ in
}; };
}; };
}; };
in
{
maildirBasePath = "Mail";
accounts = {
swarsel = { swarsel = {
address = address4; address = address4;
userName = address4-user; userName = address4-user;
@ -13492,39 +13428,59 @@ in
}; };
}; };
leon = lib.recursiveUpdate nautilus = {
{
primary = true;
address = address1;
userName = address1;
realName = fullName;
passwordCommand = "cat ${nixosConfig.sops.secrets.address1-token.path}";
gpg = {
key = "0x76FD3810215AE097";
signByDefault = true;
};
}
defaultSettings;
nautilus = lib.recursiveUpdate
{
primary = false; primary = false;
address = address2; address = address2;
userName = address2; userName = address2;
realName = address2-name; realName = address2-name;
passwordCommand = "cat ${nixosConfig.sops.secrets.address2-token.path}"; passwordCommand = "cat ${nixosConfig.sops.secrets.address2-token.path}";
} imap.host = "imap.gmail.com";
defaultSettings; smtp.host = "smtp.gmail.com";
msmtp.enable = true;
mu.enable = true;
mbsync = {
enable = true;
create = "maildir";
expunge = "both";
patterns = [ "*" "![Gmail]*" "[Gmail]/Sent Mail" "[Gmail]/Starred" "[Gmail]/All Mail" ];
extraConfig = {
channel = {
Sync = "All";
};
account = {
Timeout = 120;
PipelineDepth = 1;
};
};
};
};
mrswarsel = lib.recursiveUpdate mrswarsel = {
{
primary = false; primary = false;
address = address3; address = address3;
userName = address3; userName = address3;
realName = address3-name; realName = address3-name;
passwordCommand = "cat ${nixosConfig.sops.secrets.address3-token.path}"; passwordCommand = "cat ${nixosConfig.sops.secrets.address3-token.path}";
} imap.host = "imap.gmail.com";
defaultSettings; smtp.host = "smtp.gmail.com";
msmtp.enable = true;
mu.enable = true;
mbsync = {
enable = true;
create = "maildir";
expunge = "both";
patterns = [ "*" "![Gmail]*" "[Gmail]/Sent Mail" "[Gmail]/Starred" "[Gmail]/All Mail" ];
extraConfig = {
channel = {
Sync = "All";
};
account = {
Timeout = 120;
PipelineDepth = 1;
};
};
};
};
}; };
}; };
@ -14465,10 +14421,9 @@ in
"${modifier}+Shift+F12" = "move scratchpad"; "${modifier}+Shift+F12" = "move scratchpad";
"${modifier}+F12" = "scratchpad show"; "${modifier}+F12" = "scratchpad show";
"${modifier}+Shift+c" = "exec qalculate-gtk"; "${modifier}+Shift+c" = "exec qalculate-gtk";
"${modifier}+c" = "exec emacsclient -cF '((name . \"Emacs Popup Anchor\"))' -e '(prot-window-popup-org-capture)'"; "${modifier}+c" = "emacsclient -e '(prot-window-popup-org-capture)'";
"${modifier}+t" = "exec emacsclient -cF '((name . \"Emacs Popup Anchor\"))' -e '(prot-window-popup-org-agenda)'"; "${modifier}+Shift+m" = "emacsclient -e '(prot-window-popup-mu4e)'";
"${modifier}+Shift+m" = "exec emacsclient -cF '((name . \"Emacs Popup Anchor\"))' -e '(prot-window-popup-mu4e)'"; "${modifier}+Shift+a" = "emacsclient -e '(prot-window-popup-swarsel/open-calendar)'";
"${modifier}+Shift+a" = "exec emacsclient -cF '((name . \"Emacs Popup Anchor\"))' -e '(prot-window-popup-swarsel/open-calendar)'";
"${modifier}+p" = "exec pass-fuzzel"; "${modifier}+p" = "exec pass-fuzzel";
"${modifier}+o" = "exec pass-fuzzel --otp"; "${modifier}+o" = "exec pass-fuzzel --otp";
"${modifier}+Shift+p" = "exec pass-fuzzel --type"; "${modifier}+Shift+p" = "exec pass-fuzzel --type";
@ -14601,8 +14556,7 @@ in
{ title = "^Add$"; } { title = "^Add$"; }
{ title = "^Picture-in-Picture$"; } { title = "^Picture-in-Picture$"; }
{ title = "Syncthing Tray"; } { title = "Syncthing Tray"; }
{ title = "^Emacs Popup Frame$"; } { title = "Emacs Popup Frame"; }
{ title = "^Emacs Popup Anchor$"; }
{ title = "^spotifytui$"; } { title = "^spotifytui$"; }
{ title = "^kittyterm$"; } { title = "^kittyterm$"; }
{ app_id = "vesktop"; } { app_id = "vesktop"; }
@ -14653,18 +14607,6 @@ in
title = "^Picture-in-Picture$"; title = "^Picture-in-Picture$";
}; };
} }
{
command = "resize set width 60 ppt height 60 ppt, opacity 0.99, sticky enable";
criteria = {
title = "^Emacs Popup Frame$";
};
}
{
command = "move container to scratchpad";
criteria = {
title = "^Emacs Popup Anchor$";
};
}
{ {
command = "resize set width 60 ppt height 60 ppt, opacity 0.8, sticky enable, border normal, move container to scratchpad"; command = "resize set width 60 ppt height 60 ppt, opacity 0.8, sticky enable, border normal, move container to scratchpad";
criteria = { criteria = {
@ -15115,8 +15057,7 @@ let
in in
{ {
options.swarselmodules.optional.work = lib.mkEnableOption "optional work settings"; options.swarselmodules.optional.work = lib.mkEnableOption "optional work settings";
config = lib.mkIf config.swarselmodules.optional.work config = lib.mkIf config.swarselmodules.optional.work {
{
home.packages = with pkgs; [ home.packages = with pkgs; [
stable.teams-for-linux stable.teams-for-linux
shellcheck shellcheck
@ -15129,92 +15070,13 @@ in
stable.prometheus.cli stable.prometheus.cli
tigervnc tigervnc
openstackclient openstackclient
pizauth
]; ];
systemd.user.services.pizauth = {
Unit = {
Description = "Pizauth OAuth2 token manager";
};
Service = {
Type = "simple";
ExecStart = "${pkgs.pizauth}/bin/pizauth server -vvvv -d";
ExecReload = "${pkgs.pizauth}/bin/pizauth reload";
ExecStop = "${pkgs.pizauth}/bin/pizauth shutdown";
};
Install = {
WantedBy = [ "default.target" ];
};
};
home.sessionVariables = { home.sessionVariables = {
DOCUMENT_DIR_PRIV = lib.mkForce "${homeDir}/Documents/Private"; DOCUMENT_DIR_PRIV = lib.mkForce "${homeDir}/Documents/Private";
DOCUMENT_DIR_WORK = lib.mkForce "${homeDir}/Documents/Work"; DOCUMENT_DIR_WORK = lib.mkForce "${homeDir}/Documents/Work";
}; };
accounts.email.accounts.work =
let
inherit (nixosConfig.repo.secrets.local.work) mailAddress mailName;
in
{
primary = false;
address = mailAddress;
userName = mailAddress;
realName = mailName;
passwordCommand = "pizauth show work";
imap = {
host = "outlook.office365.com";
port = 993;
tls.enable = true; # SSL/TLS
};
smtp = {
host = "outlook.office365.com";
port = 587;
tls = {
enable = true; # SSL/TLS
useStartTls = true;
};
};
thunderbird = {
enable = true;
profiles = [ "default" ];
settings = id: {
"mail.smtpserver.smtp_${id}.authMethod" = 10; # oauth
"mail.server.server_${id}.authMethod" = 10; # oauth
# "toolkit.telemetry.enabled" = false;
# "toolkit.telemetry.rejected" = true;
# "toolkit.telemetry.prompted" = 2;
};
};
msmtp = {
enable = false;
extraConfig = {
account = "work";
auth = "xoauth2";
host = "outlook.office365.com";
protocol = "smtp";
port = "587";
tls = "on";
tls_starttls = "on";
from = "${mailAddress}";
user = "${mailAddress}";
passwordeval = "pizauth show work";
};
};
mu.enable = false;
mbsync = {
enable = false;
expunge = "both";
extraConfig = {
account = {
AuthMechs = "XOAUTH2";
};
};
};
};
wayland.windowManager.sway.config = { wayland.windowManager.sway.config = {
output = { output = {
"Applied Creative Technology Transmitter QUATTRO201811" = { "Applied Creative Technology Transmitter QUATTRO201811" = {
@ -15487,23 +15349,6 @@ in
inherit (nixosConfig.repo.secrets.local.work) user1 user2 user3; inherit (nixosConfig.repo.secrets.local.work) user1 user2 user3;
in in
{ {
configFile."pizauth.conf".text = ''
account "work" {
auth_uri = "https://login.microsoftonline.com/common/oauth2/v2.0/authorize";
token_uri = "https://login.microsoftonline.com/common/oauth2/v2.0/token";
client_id = "08162f7c-0fd2-4200-a84a-f25a4db0b584";
client_secret = "TxRBilcHdC6WGBee]fs?QR:SJ8nI[g82";
scopes = [
"https://outlook.office365.com/IMAP.AccessAsUser.All",
"https://outlook.office365.com/SMTP.Send",
"offline_access"
];
// You don't have to specify login_hint, but it does make
// authentication a little easier.
login_hint = "${nixosConfig.repo.secrets.local.work.mailAddress}";
}
'';
mimeApps = { mimeApps = {
defaultApplications = { defaultApplications = {
"x-scheme-handler/msteams" = [ "teams-for-linux.desktop" ]; "x-scheme-handler/msteams" = [ "teams-for-linux.desktop" ];
@ -15687,8 +15532,8 @@ This holds configuration that is specific to framework laptops.
</div> </div>
</div> </div>
</div> </div>
<div id="outline-container-org7f776e3" class="outline-3"> <div id="outline-container-orgb2d6f3a" class="outline-3">
<h3 id="org7f776e3"><span class="section-number-3">3.4.</span> Shared</h3> <h3 id="orgb2d6f3a"><span class="section-number-3">3.4.</span> Shared</h3>
<div class="outline-text-3" id="text-3-4"> <div class="outline-text-3" id="text-3-4">
<p> <p>
This section is for modules that are to be used on <code>NixOS</code> and <code>home-manager</code> scopes alike. This is for example needed in order to allow me to define and set my own custom functions only once in the <code>NixOS</code> config and then mirror them into the corresponding <code>home-manager</code> option. This section is for modules that are to be used on <code>NixOS</code> and <code>home-manager</code> scopes alike. This is for example needed in order to allow me to define and set my own custom functions only once in the <code>NixOS</code> config and then mirror them into the corresponding <code>home-manager</code> option.
@ -15777,8 +15622,8 @@ TODO: check which of these can be replaced but builtin functions.
</div> </div>
</div> </div>
</div> </div>
<div id="outline-container-org6e2eee2" class="outline-4"> <div id="outline-container-orgbb0bc3c" class="outline-4">
<h4 id="org6e2eee2"><span class="section-number-4">3.4.2.</span> Variables (vars; holds firefox &amp; stylix config parts)</h4> <h4 id="orgbb0bc3c"><span class="section-number-4">3.4.2.</span> Variables (vars; holds firefox &amp; stylix config parts)</h4>
<div class="outline-text-4" id="text-3-4-2"> <div class="outline-text-4" id="text-3-4-2">
<p> <p>
At work I am using several services that are using SSO login - however, as I am using four different accounts at work, this becomes a chore here. Hence, I have defined multiple profiles in <a href="#h:f0b2ea93-94c8-48d8-8d47-6fe58f58e0e6">Work</a> that are all practically using the same configuration. To save screen space, I template that profile here. At work I am using several services that are using SSO login - however, as I am using four different accounts at work, this becomes a chore here. Hence, I have defined multiple profiles in <a href="#h:f0b2ea93-94c8-48d8-8d47-6fe58f58e0e6">Work</a> that are all practically using the same configuration. To save screen space, I template that profile here.
@ -20451,12 +20296,9 @@ I set the annotation-mode of marginalia to <code>heavy</code>. This gives even m
<div class="org-src-container"> <div class="org-src-container">
<pre class="src src-emacs-lisp">(use-package marginalia <pre class="src src-emacs-lisp">(use-package marginalia
:after vertico :after vertico
:bind (:map minibuffer-local-map
("M-A" . marginalia-cycle))
:init :init
(marginalia-mode) (marginalia-mode)
;; (setq marginalia-annotators '(marginalia-annotators-heavy marginalia-annotators-light nil)) (setq marginalia-annotators '(marginalia-annotators-heavy marginalia-annotators-light nil)))
)
</pre> </pre>
</div> </div>
@ -20662,22 +20504,6 @@ This part of the configuration mostly makes some aesthetic changes, enables neat
<div class="org-src-container"> <div class="org-src-container">
<pre class="src src-emacs-lisp"> <pre class="src src-emacs-lisp">
(defun swarsel/org-agenda-done-and-archive ()
"Mark TODO at point as DONE, archive it, and save all agenda files."
(interactive)
(let ((org-archive-location "~/Nextcloud/Org/Archive.org::Archive"))
(org-agenda-todo "DONE")
(org-agenda-archive)
(dolist (buf (buffer-list))
(with-current-buffer buf
(when (and buffer-file-name
(string-prefix-p (expand-file-name "~/Nextcloud/Org/") (file-truename buffer-file-name))
(derived-mode-p 'org-mode))
(save-buffer))))))
(with-eval-after-load 'org-agenda
(define-key org-agenda-mode-map (kbd "C-a") #'swarsel/org-agenda-done-and-archive))
(use-package org (use-package org
;;:diminish (org-indent-mode) ;;:diminish (org-indent-mode)
:hook (org-mode . swarsel/org-mode-setup) :hook (org-mode . swarsel/org-mode-setup)
@ -20704,18 +20530,11 @@ This part of the configuration mostly makes some aesthetic changes, enables neat
"/home/swarsel/Nextcloud/Org/Archive.org" "/home/swarsel/Nextcloud/Org/Archive.org"
)) ))
(setq org-capture-templates
'(("t" "Todo" entry (file+headline "~/Nextcloud/Org/Tasks.org" "Inbox")
"* TODO %?\n %i\n %a")
("j" "Journal" entry (file+datetree "~/Nextcloud/Org/Journal.org")
"* %?\nEntered on %U\n %i\n %a")))
(setq org-refile-targets (setq org-refile-targets
'((swarsel-archive-org-file :maxlevel . 1) '((swarsel-archive-org-file :maxlevel . 1)
(swarsel-tasks-org-file :maxlevel . 1))) (swarsel-tasks-org-file :maxlevel . 1)))
) )
</pre> </pre>
</div> </div>
</div> </div>
@ -22428,13 +22247,13 @@ This sets up the <code>dashboard</code>, which is really quite useless. But, it
</div> </div>
</div> </div>
</div> </div>
<div id="outline-container-org9515b19" class="outline-4"> <div id="outline-container-org8f4e81b" class="outline-4">
<h4 id="org9515b19"><span class="section-number-4">4.4.45.</span> Popup frames</h4> <h4 id="org8f4e81b"><span class="section-number-4">4.4.45.</span> Popup frames</h4>
<div class="outline-text-4" id="text-4-4-45"> <div class="outline-text-4" id="text-4-4-45">
<div class="org-src-container"> <div class="org-src-container">
<pre class="src src-emacs-lisp">(defun prot-window-delete-popup-frame (&amp;rest _) <pre class="src src-emacs-lisp">(defun prot-window-delete-popup-frame (&amp;rest _)
"Kill selected selected frame if it has parameter `prot-window-popup-frame'. "Kill selected selected frame if it has parameter `prot-window-popup-frame'.
Use this function via a hook." Use this function via a hook."
(when (frame-parameter nil 'prot-window-popup-frame) (when (frame-parameter nil 'prot-window-popup-frame)
(delete-frame))) (delete-frame)))
@ -22445,40 +22264,31 @@ Make the new frame have the `prot-window-popup-frame' parameter."
,(format "Run `%s' in a popup frame with `prot-window-popup-frame' parameter. ,(format "Run `%s' in a popup frame with `prot-window-popup-frame' parameter.
Also see `prot-window-delete-popup-frame'." command) Also see `prot-window-delete-popup-frame'." command)
(interactive) (interactive)
(let ((frame (make-frame '((prot-window-popup-frame . t) (let ((frame (make-frame '((prot-window-popup-frame . t)))))
(title . "Emacs Popup Frame")))))
(unwind-protect
(progn
(select-frame frame) (select-frame frame)
(modify-frame-parameters nil '((title . "Emacs Popup Frame")))
(switch-to-buffer " prot-window-hidden-buffer-for-popup-frame") (switch-to-buffer " prot-window-hidden-buffer-for-popup-frame")
(condition-case nil (condition-case nil
(call-interactively ',command) (call-interactively ',command)
((quit error user-error) ((quit error user-error)
(delete-frame frame)))) (delete-frame frame))))))
(dolist (fr (frame-list))
(when (string= (frame-parameter fr 'name) "Emacs Popup Anchor")
(delete-frame fr)))))))
(declare-function org-capture "org-capture" (&amp;optional goto keys)) (declare-function org-capture "org-capture" (&amp;optional goto keys))
(defvar org-capture-after-finalize-hook) (defvar org-capture-after-finalize-hook)
;;;###autoload (autoload 'prot-window-popup-org-capture "prot-window") ;;;###autoload (autoload 'prot-window-popup-org-capture "prot-window")
(prot-window-define-with-popup-frame org-capture) (prot-window-define-with-popup-frame org-capture)
(add-hook 'org-capture-after-finalize-hook #'prot-window-delete-popup-frame) (add-hook 'org-capture-after-finalize-hook #'prot-window-delete-popup-frame)
(declare-function mu4e "mu4e" (&amp;optional goto keys)) (declare-function mu4e "mu4e" (&amp;optional goto keys))
;;;###autoload (autoload 'prot-window-popup-mu4e "prot-window") ;;;###autoload (autoload 'prot-window-popup-mu4e "prot-window")
(prot-window-define-with-popup-frame mu4e) (prot-window-define-with-popup-frame mu4e)
(advice-add 'mu4e-quit :after #'prot-window-delete-popup-frame) (advice-add 'mu4e-quit :after #'prot-window-delete-popup-frame)
(declare-function swarsel/open-calendar "swarsel/open-calendar" (&amp;optional goto keys)) (declare-function swarsel/open-calendar "swarsel/open-calendar" (&amp;optional goto keys))
;;;###autoload (autoload 'prot-window-popup-swarsel/open-calendar "prot-window") ;;;###autoload (autoload 'prot-window-popup-swarsel/open-calendar "prot-window")
(prot-window-define-with-popup-frame swarsel/open-calendar) (prot-window-define-with-popup-frame swarsel/open-calendar)
(advice-add 'bury-buffer :after #'prot-window-delete-popup-frame) (advice-add 'bury-buffer :after #'prot-window-delete-popup-frame)
(declare-function org-agenda "org-agenda" (&amp;optional goto keys))
;;;###autoload (autoload 'prot-window-popup-org-agenda "prot-window")
(prot-window-define-with-popup-frame org-agenda)
</pre> </pre>
</div> </div>
</div> </div>
@ -25213,7 +25023,7 @@ builtins.listToAttrs converts a list of name-value pairs into an attribute set.
</div> </div>
<pre class="example"> <pre class="example">
{ bakery = "directory"; chaostheatre = "directory"; milkywell = "directory"; moonside = "directory"; pyramid = "directory"; toto = "directory"; winters = "directory"; } { bakery = "directory"; chaostheatre = "directory"; milkywell = "directory"; moonside = "directory"; pyramid = "directory"; sync = "directory"; toto = "directory"; winters = "directory"; }
</pre> </pre>
</div> </div>
</div> </div>
@ -25461,7 +25271,7 @@ similarly, there exists an version that starts from the right.
</div> </div>
<div id="postamble" class="status"> <div id="postamble" class="status">
<p class="author">Author: Leon Schwarzäugl</p> <p class="author">Author: Leon Schwarzäugl</p>
<p class="date">Created: 2025-08-09 Sa 14:31</p> <p class="date">Created: 2025-08-05 Di 01:22</p>
<p class="validation"><a href="https://validator.w3.org/check?uri=referer">Validate</a></p> <p class="validation"><a href="https://validator.w3.org/check?uri=referer">Validate</a></p>
</div> </div>
</body> </body>

1
modules/home/common/env.nix
View file

@ -31,7 +31,6 @@ in
SWARSEL_CAL3NAME = source3-name; SWARSEL_CAL3NAME = source3-name;
SWARSEL_FULLNAME = fullName; SWARSEL_FULLNAME = fullName;
SWARSEL_MAIL_ALL = allMailAddresses; SWARSEL_MAIL_ALL = allMailAddresses;
GITHUB_NOTIFICATION_TOKEN_PATH = nixosConfig.sops.secrets.github-notifications-token.path;
}; };
}; };
} }

151
modules/home/common/mail.nix
View file

@ -33,76 +33,22 @@ in
# this is needed so that mbsync can use the passwords from sops # this is needed so that mbsync can use the passwords from sops
systemd.user.services.mbsync.Unit.After = [ "sops-nix.service" ]; systemd.user.services.mbsync.Unit.After = [ "sops-nix.service" ];
programs.thunderbird = {
enable = true;
profiles.default = {
isDefault = true;
withExternalGnupg = true;
settings = {
"mail.identity.default.archive_enabled" = true;
"mail.identity.default.archive_keep_folder_structure" = true;
"mail.identity.default.compose_html" = false;
"mail.identity.default.protectSubject" = true;
"mail.identity.default.reply_on_top" = 1;
"mail.identity.default.sig_on_reply" = false;
"mail.identity.default.sig_bottom" = false;
"gfx.webrender.all" = true;
"gfx.webrender.enabled" = true;
};
};
settings = {
"mail.server.default.allow_utf8_accept" = true;
"mail.server.default.max_articles" = 1000;
"mail.server.default.check_all_folders_for_new" = true;
"mail.show_headers" = 1;
"mail.identity.default.auto_quote" = true;
"mail.identity.default.attachPgpKey" = true;
"mailnews.default_sort_order" = 2;
"mailnews.default_sort_type" = 18;
"mailnews.default_view_flags" = 0;
"mailnews.sort_threads_by_root" = true;
"mailnews.headers.showMessageId" = true;
"mailnews.headers.showOrganization" = true;
"mailnews.headers.showReferences" = true;
"mailnews.headers.showUserAgent" = true;
"mail.imap.expunge_after_delete" = true;
"mail.server.default.delete_model" = 2;
"mail.warn_on_delete_from_trash" = false;
"mail.warn_on_shift_delete" = false;
"toolkit.telemetry.enabled" = false;
"toolkit.telemetry.rejected" = true;
"toolkit.telemetry.prompted" = 2;
"app.update.auto" = false;
"privacy.donottrackheader.enabled" = true;
};
};
xdg.mimeApps.defaultApplications = {
"x-scheme-handler/mailto" = [ "thunderbird.desktop" ];
"x-scheme-handler/mid" = [ "thunderbird.desktop" ];
"message/rfc822" = [ "thunderbird.desktop" ];
};
accounts = lib.mkIf (config.swarselsystems.isNixos && !config.swarselsystems.isPublic) { accounts = lib.mkIf (config.swarselsystems.isNixos && !config.swarselsystems.isPublic) {
email = email = {
let maildirBasePath = "Mail";
defaultSettings = { accounts = {
imap = { leon = {
host = "imap.gmail.com"; primary = true;
port = 993; address = address1;
tls.enable = true; # SSL/TLS userName = address1;
}; realName = fullName;
smtp = { passwordCommand = "cat ${nixosConfig.sops.secrets.address1-token.path}";
host = "smtp.gmail.com"; gpg = {
port = 465; key = "0x76FD3810215AE097";
tls.enable = true; # SSL/TLS signByDefault = true;
};
thunderbird = {
enable = true;
profiles = [ "default" ];
}; };
imap.host = "imap.gmail.com";
smtp.host = "smtp.gmail.com";
mu.enable = true; mu.enable = true;
msmtp = { msmtp = {
enable = true; enable = true;
@ -123,10 +69,7 @@ in
}; };
}; };
}; };
in
{
maildirBasePath = "Mail";
accounts = {
swarsel = { swarsel = {
address = address4; address = address4;
userName = address4-user; userName = address4-user;
@ -149,39 +92,59 @@ in
}; };
}; };
leon = lib.recursiveUpdate nautilus = {
{
primary = true;
address = address1;
userName = address1;
realName = fullName;
passwordCommand = "cat ${nixosConfig.sops.secrets.address1-token.path}";
gpg = {
key = "0x76FD3810215AE097";
signByDefault = true;
};
}
defaultSettings;
nautilus = lib.recursiveUpdate
{
primary = false; primary = false;
address = address2; address = address2;
userName = address2; userName = address2;
realName = address2-name; realName = address2-name;
passwordCommand = "cat ${nixosConfig.sops.secrets.address2-token.path}"; passwordCommand = "cat ${nixosConfig.sops.secrets.address2-token.path}";
} imap.host = "imap.gmail.com";
defaultSettings; smtp.host = "smtp.gmail.com";
msmtp.enable = true;
mu.enable = true;
mbsync = {
enable = true;
create = "maildir";
expunge = "both";
patterns = [ "*" "![Gmail]*" "[Gmail]/Sent Mail" "[Gmail]/Starred" "[Gmail]/All Mail" ];
extraConfig = {
channel = {
Sync = "All";
};
account = {
Timeout = 120;
PipelineDepth = 1;
};
};
};
};
mrswarsel = lib.recursiveUpdate mrswarsel = {
{
primary = false; primary = false;
address = address3; address = address3;
userName = address3; userName = address3;
realName = address3-name; realName = address3-name;
passwordCommand = "cat ${nixosConfig.sops.secrets.address3-token.path}"; passwordCommand = "cat ${nixosConfig.sops.secrets.address3-token.path}";
} imap.host = "imap.gmail.com";
defaultSettings; smtp.host = "smtp.gmail.com";
msmtp.enable = true;
mu.enable = true;
mbsync = {
enable = true;
create = "maildir";
expunge = "both";
patterns = [ "*" "![Gmail]*" "[Gmail]/Sent Mail" "[Gmail]/Starred" "[Gmail]/All Mail" ];
extraConfig = {
channel = {
Sync = "All";
};
account = {
Timeout = 120;
PipelineDepth = 1;
};
};
};
};
}; };
}; };

22
modules/home/common/sway.nix
View file

@ -126,10 +126,9 @@ in
"${modifier}+Shift+F12" = "move scratchpad"; "${modifier}+Shift+F12" = "move scratchpad";
"${modifier}+F12" = "scratchpad show"; "${modifier}+F12" = "scratchpad show";
"${modifier}+Shift+c" = "exec qalculate-gtk"; "${modifier}+Shift+c" = "exec qalculate-gtk";
"${modifier}+c" = "exec emacsclient -cF '((name . \"Emacs Popup Anchor\"))' -e '(prot-window-popup-org-capture)'"; "${modifier}+c" = "emacsclient -e '(prot-window-popup-org-capture)'";
"${modifier}+t" = "exec emacsclient -cF '((name . \"Emacs Popup Anchor\"))' -e '(prot-window-popup-org-agenda)'"; "${modifier}+Shift+m" = "emacsclient -e '(prot-window-popup-mu4e)'";
"${modifier}+Shift+m" = "exec emacsclient -cF '((name . \"Emacs Popup Anchor\"))' -e '(prot-window-popup-mu4e)'"; "${modifier}+Shift+a" = "emacsclient -e '(prot-window-popup-swarsel/open-calendar)'";
"${modifier}+Shift+a" = "exec emacsclient -cF '((name . \"Emacs Popup Anchor\"))' -e '(prot-window-popup-swarsel/open-calendar)'";
"${modifier}+p" = "exec pass-fuzzel"; "${modifier}+p" = "exec pass-fuzzel";
"${modifier}+o" = "exec pass-fuzzel --otp"; "${modifier}+o" = "exec pass-fuzzel --otp";
"${modifier}+Shift+p" = "exec pass-fuzzel --type"; "${modifier}+Shift+p" = "exec pass-fuzzel --type";
@ -262,8 +261,7 @@ in
{ title = "^Add$"; } { title = "^Add$"; }
{ title = "^Picture-in-Picture$"; } { title = "^Picture-in-Picture$"; }
{ title = "Syncthing Tray"; } { title = "Syncthing Tray"; }
{ title = "^Emacs Popup Frame$"; } { title = "Emacs Popup Frame"; }
{ title = "^Emacs Popup Anchor$"; }
{ title = "^spotifytui$"; } { title = "^spotifytui$"; }
{ title = "^kittyterm$"; } { title = "^kittyterm$"; }
{ app_id = "vesktop"; } { app_id = "vesktop"; }
@ -314,18 +312,6 @@ in
title = "^Picture-in-Picture$"; title = "^Picture-in-Picture$";
}; };
} }
{
command = "resize set width 60 ppt height 60 ppt, opacity 0.99, sticky enable";
criteria = {
title = "^Emacs Popup Frame$";
};
}
{
command = "move container to scratchpad";
criteria = {
title = "^Emacs Popup Anchor$";
};
}
{ {
command = "resize set width 60 ppt height 60 ppt, opacity 0.8, sticky enable, border normal, move container to scratchpad"; command = "resize set width 60 ppt height 60 ppt, opacity 0.8, sticky enable, border normal, move container to scratchpad";
criteria = { criteria = {

8
modules/home/common/zsh.nix
View file

@ -15,7 +15,6 @@ in
sops.secrets = lib.mkIf (!config.swarselsystems.isPublic && !config.swarselsystems.isNixos) { sops.secrets = lib.mkIf (!config.swarselsystems.isPublic && !config.swarselsystems.isNixos) {
croc-password = { }; croc-password = { };
github-nixpkgs-review-token = { };
}; };
programs.zsh = { programs.zsh = {
@ -50,10 +49,8 @@ in
boot-diff = "nix store diff-closures /run/*-system"; boot-diff = "nix store diff-closures /run/*-system";
gen-diff = "nix profile diff-closures --profile /nix/var/nix/profiles/system"; gen-diff = "nix profile diff-closures --profile /nix/var/nix/profiles/system";
cc = "wl-copy"; cc = "wl-copy";
build-topology = "nix build .#topology.x86_64-linux.config.output"; topology = "nix build .#topology.x86_64-linux.config.output";
build-iso = "nix build --print-out-paths .#live-iso"; iso = "nix build --print-out-paths .#live-iso";
nix-review- = "nix run nixpkgs#nixpkgs-review -- rev HEAD";
nix-review-post = "nix run nixpkgs#nixpkgs-review -- pr --post-result --systems linux";
} }
config.swarselsystems.shellAliases; config.swarselsystems.shellAliases;
autosuggestion.enable = true; autosuggestion.enable = true;
@ -127,7 +124,6 @@ in
bindkey '^H' my-backward-delete-word bindkey '^H' my-backward-delete-word
export CROC_PASS="$(cat ${nixosConfig.sops.secrets.croc-password.path})" export CROC_PASS="$(cat ${nixosConfig.sops.secrets.croc-password.path})"
export GITHUB_TOKEN="$(cat ${nixosConfig.sops.secrets.github-nixpkgs-review-token.path})"
''; '';
}; };
}; };

99
modules/home/optional/work.nix
View file

@ -4,8 +4,7 @@ let
in in
{ {
options.swarselmodules.optional.work = lib.mkEnableOption "optional work settings"; options.swarselmodules.optional.work = lib.mkEnableOption "optional work settings";
config = lib.mkIf config.swarselmodules.optional.work config = lib.mkIf config.swarselmodules.optional.work {
{
home.packages = with pkgs; [ home.packages = with pkgs; [
stable.teams-for-linux stable.teams-for-linux
shellcheck shellcheck
@ -18,92 +17,13 @@ in
stable.prometheus.cli stable.prometheus.cli
tigervnc tigervnc
openstackclient openstackclient
pizauth
]; ];
systemd.user.services.pizauth = {
Unit = {
Description = "Pizauth OAuth2 token manager";
};
Service = {
Type = "simple";
ExecStart = "${pkgs.pizauth}/bin/pizauth server -vvvv -d";
ExecReload = "${pkgs.pizauth}/bin/pizauth reload";
ExecStop = "${pkgs.pizauth}/bin/pizauth shutdown";
};
Install = {
WantedBy = [ "default.target" ];
};
};
home.sessionVariables = { home.sessionVariables = {
DOCUMENT_DIR_PRIV = lib.mkForce "${homeDir}/Documents/Private"; DOCUMENT_DIR_PRIV = lib.mkForce "${homeDir}/Documents/Private";
DOCUMENT_DIR_WORK = lib.mkForce "${homeDir}/Documents/Work"; DOCUMENT_DIR_WORK = lib.mkForce "${homeDir}/Documents/Work";
}; };
accounts.email.accounts.work =
let
inherit (nixosConfig.repo.secrets.local.work) mailAddress mailName;
in
{
primary = false;
address = mailAddress;
userName = mailAddress;
realName = mailName;
passwordCommand = "pizauth show work";
imap = {
host = "outlook.office365.com";
port = 993;
tls.enable = true; # SSL/TLS
};
smtp = {
host = "outlook.office365.com";
port = 587;
tls = {
enable = true; # SSL/TLS
useStartTls = true;
};
};
thunderbird = {
enable = true;
profiles = [ "default" ];
settings = id: {
"mail.smtpserver.smtp_${id}.authMethod" = 10; # oauth
"mail.server.server_${id}.authMethod" = 10; # oauth
# "toolkit.telemetry.enabled" = false;
# "toolkit.telemetry.rejected" = true;
# "toolkit.telemetry.prompted" = 2;
};
};
msmtp = {
enable = false;
extraConfig = {
account = "work";
auth = "xoauth2";
host = "outlook.office365.com";
protocol = "smtp";
port = "587";
tls = "on";
tls_starttls = "on";
from = "${mailAddress}";
user = "${mailAddress}";
passwordeval = "pizauth show work";
};
};
mu.enable = false;
mbsync = {
enable = false;
expunge = "both";
extraConfig = {
account = {
AuthMechs = "XOAUTH2";
};
};
};
};
wayland.windowManager.sway.config = { wayland.windowManager.sway.config = {
output = { output = {
"Applied Creative Technology Transmitter QUATTRO201811" = { "Applied Creative Technology Transmitter QUATTRO201811" = {
@ -376,23 +296,6 @@ in
inherit (nixosConfig.repo.secrets.local.work) user1 user2 user3; inherit (nixosConfig.repo.secrets.local.work) user1 user2 user3;
in in
{ {
configFile."pizauth.conf".text = ''
account "work" {
auth_uri = "https://login.microsoftonline.com/common/oauth2/v2.0/authorize";
token_uri = "https://login.microsoftonline.com/common/oauth2/v2.0/token";
client_id = "08162f7c-0fd2-4200-a84a-f25a4db0b584";
client_secret = "TxRBilcHdC6WGBee]fs?QR:SJ8nI[g82";
scopes = [
"https://outlook.office365.com/IMAP.AccessAsUser.All",
"https://outlook.office365.com/SMTP.Send",
"offline_access"
];
// You don't have to specify login_hint, but it does make
// authentication a little easier.
login_hint = "${nixosConfig.repo.secrets.local.work.mailAddress}";
}
'';
mimeApps = { mimeApps = {
defaultApplications = { defaultApplications = {
"x-scheme-handler/msteams" = [ "teams-for-linux.desktop" ]; "x-scheme-handler/msteams" = [ "teams-for-linux.desktop" ];

4
modules/nixos/client/env.nix
View file

@ -13,9 +13,7 @@
gst-plugins-ugly gst-plugins-ugly
gst-libav gst-libav
]); ]);
} // (lib.optionalAttrs (!config.swarselsystems.isPublic) { };
GITHUB_NOTIFICATION_TOKEN_PATH = config.sops.secrets.github-notifications-token.path;
});
}; };
}; };
} }

2
modules/nixos/client/login.nix
View file

@ -7,7 +7,7 @@
settings = { settings = {
initial_session.command = "sway"; initial_session.command = "sway";
default_session.command = '' default_session.command = ''
${pkgs.tuigreet}/bin/tuigreet \ ${pkgs.greetd.tuigreet}/bin/tuigreet \
--time \ --time \
--asterisks \ --asterisks \
--user-menu \ --user-menu \

2
modules/nixos/client/nix-ld.nix
View file

@ -82,7 +82,7 @@
pixman pixman
speex speex
stdenv.cc.cc stdenv.cc.cc
stable.steam-fhsenv-without-steam steam-fhsenv-without-steam
systemd systemd
tbb tbb
vulkan-loader vulkan-loader

8
modules/nixos/client/systemd.nix
View file

@ -3,9 +3,9 @@
options.swarselmodules.systemdTimeout = lib.mkEnableOption "systemd timeout config"; options.swarselmodules.systemdTimeout = lib.mkEnableOption "systemd timeout config";
config = lib.mkIf config.swarselmodules.systemdTimeout { config = lib.mkIf config.swarselmodules.systemdTimeout {
# systemd # systemd
systemd.settings.Manager = { systemd.extraConfig = ''
DefaultTimeoutStartSec = "60s"; DefaultTimeoutStartSec=60s
DefaultTimeoutStopSec = "15s"; DefaultTimeoutStopSec=15s
}; '';
}; };
} }

1
modules/nixos/common/home-manager-secrets.nix
View file

@ -19,7 +19,6 @@ in
fever-pw = { path = "${homeDir}/.emacs.d/.fever"; owner = mainUser; }; fever-pw = { path = "${homeDir}/.emacs.d/.fever"; owner = mainUser; };
}) // (lib.optionalAttrs modules.zsh { }) // (lib.optionalAttrs modules.zsh {
croc-password = { owner = mainUser; }; croc-password = { owner = mainUser; };
github-nixpkgs-review-token = { owner = mainUser; };
}) // (lib.optionalAttrs modules.emacs { }) // (lib.optionalAttrs modules.emacs {
emacs-radicale-pw = { owner = mainUser; }; emacs-radicale-pw = { owner = mainUser; };
}); });

2
modules/nixos/common/home-manager.nix
View file

@ -7,7 +7,7 @@
useUserPackages = true; useUserPackages = true;
verbose = true; verbose = true;
users.${config.swarselsystems.mainUser}.imports = [ users.${config.swarselsystems.mainUser}.imports = [
inputs.nix-index-database.homeModules.nix-index inputs.nix-index-database.hmModules.nix-index
inputs.sops-nix.homeManagerModules.sops inputs.sops-nix.homeManagerModules.sops
# inputs.stylix.homeModules.stylix # inputs.stylix.homeModules.stylix
{ {

1
modules/nixos/optional/work.nix
View file

@ -213,6 +213,7 @@ in
gh gh
]; ];
services = { services = {
spice-vdagentd.enable = true; spice-vdagentd.enable = true;
openssh = { openssh = {

6
secrets/general/secrets.yaml
View file

@ -22,8 +22,6 @@ croc-password: ENC[AES256_GCM,data:uz7vI2rrPi1uTKEks4IPnWOt/R6ydlp/cQ==,iv:ZE01X
github-api-token: ENC[AES256_GCM,data:9AhHkmv4JUjmir77INYflGvjNWW/E17FmfoXs5IUnAlL7B/l8s7UlVob0Az4lOUnm3+R0RWJz0HKMvOdZVZjd3RakdoWqvBHFqOVNF1MNthg2izIiaERsnDXcxj54qJfpD505xFSBWmnTKWVwRZlW5WEsFPuvaVy,iv:wzXT+qsn4VG+R8tGU33EWoaMKs4c/BB5W7f2JvuX2eY=,tag:EEhbktsmWHBwh0iBtfaXlA==,type:str] github-api-token: ENC[AES256_GCM,data:9AhHkmv4JUjmir77INYflGvjNWW/E17FmfoXs5IUnAlL7B/l8s7UlVob0Az4lOUnm3+R0RWJz0HKMvOdZVZjd3RakdoWqvBHFqOVNF1MNthg2izIiaERsnDXcxj54qJfpD505xFSBWmnTKWVwRZlW5WEsFPuvaVy,iv:wzXT+qsn4VG+R8tGU33EWoaMKs4c/BB5W7f2JvuX2eY=,tag:EEhbktsmWHBwh0iBtfaXlA==,type:str]
#ENC[AES256_GCM,data:vQF1i7rtfz/MBElKIN9j8N0=,iv:jf2SZpulx85yx2sHcnA3iwkiXJcHq4x1fdBUcSRuiK0=,tag:WpUNpH6/8jDvQA8zRGrdKg==,type:comment] #ENC[AES256_GCM,data:vQF1i7rtfz/MBElKIN9j8N0=,iv:jf2SZpulx85yx2sHcnA3iwkiXJcHq4x1fdBUcSRuiK0=,tag:WpUNpH6/8jDvQA8zRGrdKg==,type:comment]
emacs-radicale-pw: ENC[AES256_GCM,data:BIORG0geX8s1WOA=,iv:SeoVn8xHlqQGxZzHrm5I5LITMoutRnz3OygswDc96ew=,tag:C3S4a8IEvCjHgAyRrCaaRw==,type:str] emacs-radicale-pw: ENC[AES256_GCM,data:BIORG0geX8s1WOA=,iv:SeoVn8xHlqQGxZzHrm5I5LITMoutRnz3OygswDc96ew=,tag:C3S4a8IEvCjHgAyRrCaaRw==,type:str]
#ENC[AES256_GCM,data:qsBNKxd3Ng==,iv:1fNMDJt7vgKFSdghYBZsuDoZ1sWvzj1Zu8NmkjX6Zh8=,tag:0D7EsgN8B1z7/y4iZS/PtQ==,type:comment]
github-nixpkgs-review-token: ENC[AES256_GCM,data:/4ssZAEwEc9fZeR69GCvLMm4eRv4uabyDbGDGqfRUllO5DVSbZxO+A==,iv:mcARvAyPAB9pyCGFy2A/6qeZbSepHyWVNyusaQ5ze3I=,tag:o7AP6g8XHkPUaCnXK3CFig==,type:str]
sops: sops:
age: age:
- recipient: age1h72072slm2pthn9m2qwjsyy2dsazc6hz97kpzh4gksvv0r2jqecqul8w63 - recipient: age1h72072slm2pthn9m2qwjsyy2dsazc6hz97kpzh4gksvv0r2jqecqul8w63
@ -89,8 +87,8 @@ sops:
SjV6L3crUkdLWTlsNFgyRHBla2FFam8KILYsNbLdCirfoC/Vex8yEYpS2G4O0EQP SjV6L3crUkdLWTlsNFgyRHBla2FFam8KILYsNbLdCirfoC/Vex8yEYpS2G4O0EQP
wa1xzPk3Ue0/g67dv5UZFhUn0ZB2XGFC3kEPWpptTj0VL+9Z/r0zKA== wa1xzPk3Ue0/g67dv5UZFhUn0ZB2XGFC3kEPWpptTj0VL+9Z/r0zKA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2025-08-05T09:33:50Z" lastmodified: "2025-07-22T05:16:03Z"
mac: ENC[AES256_GCM,data:rMtrDQtYsDyNqqVYKY9vg7fDGJjO2zQ+boN3j0dmYKyr5zzbbJAeCxAs3H/rNkgc3ril7sCfyAvP8n9KtYO6xmQuvu3Qgj2oqBiyvolfmYCArT0l7n+ImnNUGnFOfeugYPEIxvhDcEDK6dKiBMlEuyhtJ0hbVfvE4POQZi/jvMM=,iv:imWVUiFAbgzhPN/RNecx2LzCC5MJFg5nAIvGDCN2k0I=,tag:z0P180ZKj5p/g/E38CUjAQ==,type:str] mac: ENC[AES256_GCM,data:CoOd5ki9DoSBzwTeTw3JDGPReJD4th+v20AItwIZBLX15eLb1KXANdz5ekHeFZ6ntHq4ij0FUH63W6ojpBdvzJS7GgboQyAThkyJSmqtr7lN9rTa3XZSIKDTZCKm4wrG60q17vUIZXPLxM+NN1Fp2oEyCwt1s7SHM11xJ3JdyBk=,iv:ofyAhu4pjzNAJguU5Z5H9Capqcky/mTMXHEYS/qhvNs=,tag:L9tZRzd5VgbB7lyCkT6yTA==,type:str]
pgp: pgp:
- created_at: "2025-07-10T23:51:26Z" - created_at: "2025-07-10T23:51:26Z"
enc: |- enc: |-